From: Tomas K. <to...@us...> - 2006-01-28 19:24:15
|
Update of /cvsroot/squirrelmail/squirrelmail/config In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28547/config Modified Files: conf.pl config_default.php Log Message: Added IMAP and SMTP STARTTLS extension support. Saved SMTP EHLO response in class parameters. Moved sanitizing of SMTP errors from delivery class to display scripts. Allowed to use configtest.php when client_ip matches server_ip. There is no 1.3.3 version. TLS was introduced in 1.4.0. Index: conf.pl =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/config/conf.pl,v retrieving revision 1.228 retrieving revision 1.229 diff -u -w -r1.228 -r1.229 --- conf.pl 28 Jan 2006 16:02:44 -0000 1.228 +++ conf.pl 28 Jan 2006 19:24:07 -0000 1.229 @@ -321,6 +321,7 @@ } close FILE; +# FIXME: unknown introduction date $useSendmail = 'false' if ( lc($useSendmail) ne 'true' ); $sendmail_path = "/usr/sbin/sendmail" if ( !$sendmail_path ); $pop_before_smtp = 'false' if ( !$pop_before_smtp ); @@ -349,13 +350,15 @@ $prefs_user_field = 'user' if ( !$prefs_user_field ); $prefs_key_field = 'prefkey' if ( !$prefs_key_field ); $prefs_val_field = 'prefval' if ( !$prefs_val_field ); +$session_name = 'SQMSESSID' if ( !$session_name ); +$skip_SM_header = 'false' if ( !$skip_SM_header ); +$default_use_javascript_addr_book = 'false' if (! $default_use_javascript_addr_book); + +# since 1.4.0 $use_smtp_tls= 'false' if ( !$use_smtp_tls); $smtp_auth_mech = 'none' if ( !$smtp_auth_mech ); $use_imap_tls = 'false' if ( !$use_imap_tls ); $imap_auth_mech = 'login' if ( !$imap_auth_mech ); -$session_name = 'SQMSESSID' if ( !$session_name ); -$skip_SM_header = 'false' if ( !$skip_SM_header ); -$default_use_javascript_addr_book = 'false' if (! $default_use_javascript_addr_book); # since 1.5.0 $show_alternative_names = 'false' if ( !$show_alternative_names ); @@ -402,6 +405,11 @@ 'verasans', 'bitstream vera sans,verdana,sans-serif'); } +# $use_imap_tls and $use_smtp_tls are switched to integer since 1.5.1 +$use_imap_tls = 0 if ( $use_imap_tls eq 'false'); +$use_imap_tls = 1 if ( $use_imap_tls eq 'true'); +$use_smtp_tls = 0 if ( $use_smtp_tls eq 'false'); +$use_smtp_tls = 1 if ( $use_smtp_tls eq 'true'); if ( $ARGV[0] eq '--install-plugin' ) { print "Activating plugin " . $ARGV[1] . "\n"; @@ -760,7 +768,7 @@ if ( $command == 4 ) { $imapServerAddress = command12(); } elsif ( $command == 5 ) { $imapPort = command13(); } elsif ( $command == 6 ) { $imap_auth_mech = command112a(); } - elsif ( $command == 7 ) { $use_imap_tls = command113("IMAP",$use_imap_tls); } + elsif ( $command == 7 ) { $use_imap_tls = command_use_tls("IMAP",$use_imap_tls); } elsif ( $command == 8 ) { $imap_server_type = command19(); } elsif ( $command == 9 ) { $optional_delimiter = command111(); } } elsif ( $show_smtp_settings && lc($useSendmail) eq 'true' ) { @@ -772,7 +780,7 @@ elsif ( $command == 5 ) { $smtpPort = command17(); } elsif ( $command == 6 ) { $pop_before_smtp = command18a(); } elsif ( $command == 7 ) { $smtp_auth_mech = command112b(); } - elsif ( $command == 8 ) { $use_smtp_tls = command113("SMTP",$use_smtp_tls); } + elsif ( $command == 8 ) { $use_smtp_tls = command_use_tls("SMTP",$use_smtp_tls); } elsif ( $command == 9 ) { $encode_header_key = command114(); } } } elsif ( $menu == 3 ) { @@ -1430,27 +1438,31 @@ # TLS # This sub is reused for IMAP and SMTP # Args: service name, default value -sub command113 { +sub command_use_tls { my($default_val,$service,$inval); $service=$_[0]; $default_val=$_[1]; print "TLS (Transport Layer Security) encrypts the traffic between server and client.\n"; - print "If you're familiar with SSL, you get the idea.\n"; - print "To use this feature, your " . $service . " server must offer TLS\n"; - print "capability, plus PHP 4.3.x with OpenSSL support.\n"; - print "\nIf your " . $service . " server is localhost, you can safely disable this.\n"; + print "STARTTLS extensions allow to start encryption on existing plain text connection.\n"; + print "These options add specific PHP and IMAP server configuration requirements.\n"; + print "See SquirrelMail documentation about connection security.\n"; + print "\n"; + print "If your " . $service . " server is localhost, you can safely disable this.\n"; print "If it is remote, you may wish to seriously consider enabling this.\n"; - print "Enable TLS (y/n) [$WHT"; - if ($default_val eq 'true') { - print "y"; - } else { - print "n"; - } - print "$NRM]: $WHT"; + $valid_input=0; + while ($valid_input eq 0) { + print "\nSelect connection security model:\n"; + print " 0 - Use plain text connection\n"; + print " 1 - Use TLS connection\n"; + print " 2 - Use STARTTLS extension\n"; + print "Select [$default_val]: "; $inval=<STDIN>; - $inval =~ tr/yn//cd; - return 'true' if ( $inval eq "y" ); - return 'false' if ( $inval eq "n" ); + $inval=trim($inval); + if ($inval =~ /^[012]$/ || $inval eq '') { + $valid_input = 1; + } + } + if ($inval ne '') {$default_val = $inval}; return $default_val; } Index: config_default.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/config/config_default.php,v retrieving revision 1.124 retrieving revision 1.125 diff -u -w -r1.124 -r1.125 --- config_default.php 28 Jan 2006 16:02:44 -0000 1.124 +++ config_default.php 28 Jan 2006 19:24:07 -0000 1.125 @@ -229,22 +229,30 @@ $imap_server_type = 'other'; /** - * Advanced IMAP authentication options control + * Secure IMAP connection controls * - * CRAM-MD5, DIGEST-MD5, Plain, and TLS - * Set reasonable defaults - you'd never know this was there unless you ask for it - * @global bool $use_imap_tls + * 0 - use plain text connection, + * 1 - use imaps (adds tls:// prefix to hostname), + * 2 - use IMAP STARTTLS extension (rfc2595). + * + * Was boolean before 1.5.1. + * @global integer $use_imap_tls + * @since 1.4.0 */ -$use_imap_tls = false; +$use_imap_tls = 0; /** - * Advanced SMTP authentication options control + * Secure SMTP connection controls + * + * 0 - use plain text connection, + * 1 - use ssmtp (adds tls:// prefix to hostname), + * 2 - use SMTP STARTTLS extension (rfc2487). * - * CRAM-MD5, DIGEST-MD5, Plain, and TLS - * Set reasonable defaults - you'd never know this was there unless you ask for it - * @global bool $use_smtp_tls + * Was boolean before 1.5.1. + * @global integer $use_smtp_tls + * @since 1.4.0 */ -$use_smtp_tls = false; +$use_smtp_tls = 0; /** * SMTP authentication mechanism |