From f0e912da7e62b638bf30c4d17bef3e127ee5db99 Mon Sep 17 00:00:00 2001 From: Rob Ostensen Date: Mon, 30 Jan 2012 21:18:10 -0600 Subject: [PATCH] iSchedule changes: fix signed domain, better error handling, cleanups --- config/example-config.php | 9 +++++++++ inc/caldav-POST.php | 5 +++++ inc/iSchedule-POST.php | 2 +- inc/iSchedule.php | 19 +++++++++++++++---- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/config/example-config.php b/config/example-config.php index ce8fc64f..0f2a3a6e 100644 --- a/config/example-config.php +++ b/config/example-config.php @@ -171,6 +171,15 @@ $c->collections_always_exist = false; */ //$c->enable_scheduling = true; +/** +* Domain Key domain to use when signing outbound scheduling requests, this +* is the domain with the public key in a TXT record as shown above. +* +* TODO: enable domain/signing by per user keys, patches welcome. +* Default: none +*/ +//$c->scheduling_dkim_domain = ''; + /** * Domain Key selector to use when signing outbound scheduling requests. * diff --git a/inc/caldav-POST.php b/inc/caldav-POST.php index 22c054c0..feb96c2d 100644 --- a/inc/caldav-POST.php +++ b/inc/caldav-POST.php @@ -80,6 +80,11 @@ function handle_freebusy_request( $ic ) { if ( $qry->rows() == 0 ) { $remote = new iSchedule (); $answer = $remote->sendRequest ( $attendee->Value(), 'VFREEBUSY/REQUEST', $ical->Render() ); + if ( $a === false ) { + $reply->CalDAVElement($response, "request-status", "3.7;Invalid Calendar User" ); + $reply->CalDAVElement($response, "calendar-data" ); + continue; + } foreach ( $answer as $a ) { if ( $a === false ) { diff --git a/inc/iSchedule-POST.php b/inc/iSchedule-POST.php index 631b7909..d4b9602f 100644 --- a/inc/iSchedule-POST.php +++ b/inc/iSchedule-POST.php @@ -130,7 +130,7 @@ function ischedule_freebusy_request( $ic, $attendees, $attendees_fail) { foreach( $attendees AS $k => $attendee ) { $response = $reply->NewXMLElement("response", false, false, 'urn:ietf:params:xml:ns:ischedule'); - $fb = get_freebusy( $attendee->dav_name, $range_start, $range_end ); + $fb = get_freebusy( '^'.$attendee->dav_name, $range_start, $range_end ); $fb->AddProperty( 'UID', $ical->GetPValue('UID') ); $fb->SetProperties( $ic->GetProperties('ORGANIZER'), 'ORGANIZER'); diff --git a/inc/iSchedule.php b/inc/iSchedule.php index 09348e83..4e6dce34 100644 --- a/inc/iSchedule.php +++ b/inc/iSchedule.php @@ -53,6 +53,7 @@ class iSchedule $this->selector = 'cal'; if ( is_object ( $c ) && isset ( $c->scheduling_dkim_selector ) ) { + $this->scheduling_dkim_domain = $c->scheduling_dkim_domain ; $this->scheduling_dkim_selector = $c->scheduling_dkim_selector ; $this->schedule_private_key = $c->schedule_private_key ; if ( ! preg_match ( '/BEGIN RSA PRIVATE KEY/', $this->schedule_private_key ) ) @@ -344,6 +345,8 @@ class iSchedule */ function signDKIM ( $headers, $body ) { + if ( $this->scheduling_dkim_domain == null ) + return false; $b = ''; if ( is_array ( $headers ) !== true ) return false; @@ -354,7 +357,7 @@ class iSchedule $dk['v'] = '1'; $dk['a'] = 'rsa-' . $this->scheduling_dkim_algo; $dk['s'] = $this->selector; - $dk['d'] = $this->domain; + $dk['d'] = $this->scheduling_dkim_domain; $dk['c'] = 'simple-http'; // implied canonicalization of simple-http/simple from rfc4871 Section-3.5 if ( isset ( $_SERVER['SERVER_NAME'] ) && strstr ( $_SERVER['SERVER_NAME'], $this->domain ) !== false ) // don't use when testing $dk['i'] = '@' . $_SERVER['SERVER_NAME']; //optional @@ -385,6 +388,8 @@ class iSchedule function sendRequest ( $address, $type, $data ) { global $session; + if ( $this->scheduling_dkim_domain == null ) + return false; if ( is_array ( $address ) ) list ( $user, $domain ) = explode ( '@', $address[0] ); else @@ -410,13 +415,13 @@ class iSchedule if ( $method ) $headers['Content-Type'] .= '; method=' . $method; $headers['DKIM-Signature'] = $this->signDKIM ( $headers, $body ); - //$Signature = $this->signDKIM ( $headers, $data ); + if ( $headers['DKIM-Signature'] == false ) + return false; $request_headers = array ( ); foreach ( $headers as $k => $v ) $request_headers[] = $k . ': ' . $v; $curl = curl_init ( $this->remote_url ); curl_setopt ( $curl, CURLOPT_RETURNTRANSFER, true ); - //curl_setopt ( $curl, CURLOPT_HEADER, true ); curl_setopt ( $curl, CURLOPT_HTTPHEADER, array() ); // start with no headers set curl_setopt ( $curl, CURLOPT_HTTPHEADER, $request_headers ); curl_setopt ( $curl, CURLOPT_SSL_VERIFYPEER, false); @@ -426,8 +431,14 @@ class iSchedule curl_setopt ( $curl, CURLOPT_CUSTOMREQUEST, 'POST' ); $xmlresponse = curl_exec ( $curl ); $info = curl_getinfo ( $curl ); - //error_log ( print_r ( $request_headers , true ) . print_r ( $data , true ) . ' -- ' ); curl_close ( $curl ); + if ( $info['http_code'] >= 400 ) + { + dbg_error_log ( 'ischedule', 'remote server returned error (%s)', $info['http_code'] ); + return false; + } + + error_log ( 'remote response '. $xmlresponse . print_r ( $info, true ) ); $xml_parser = xml_parser_create_ns('UTF-8'); $xml_tags = array(); xml_parser_set_option ( $xml_parser, XML_OPTION_SKIP_WHITE, 1 );