diff --git a/conf/autodiscover.conf.php b/conf/autodiscover.conf.php new file mode 100644 index 0000000..2816a1f --- /dev/null +++ b/conf/autodiscover.conf.php @@ -0,0 +1,110 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + + // Replace zpush.example.com with your z-push's host name and uncomment the line below. + // define('ZPUSH_HOST', 'zpush.example.com'); + + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', '__TIMEZONE__'); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * Possible values: + * false - use the username only (default). + * true - use the complete email address. + */ + define('USE_FULLEMAIL_FOR_LOGIN', false); + + /* + * AutoDiscover requires the username to match either the email address + * or the local part of the email address. + * This is not always possible as the username might have a different + * schema than email address. Configure this parameter to match your + * username settings. + * @see https://wiki.z-hub.io/display/ZP/Configuring+Z-Push+Autodiscover#ConfiguringZ-PushAutodiscover-Configuration + * @see https://jira.z-hub.io/browse/ZP-1209 + * + * Possible values: + * AUTODISCOVER_LOGIN_EMAIL - uses the email address as provided when setting up the account + * AUTODISCOVER_LOGIN_NO_DOT - removes the '.' from email address: + * email: first.last@domain.com -> resulting username: firstlast + * AUTODISCOVER_LOGIN_F_NO_DOT_LAST - cuts the first part before '.' after the first letter and + * removes the '.' from email address: + * email: first.last@domain.com -> resulting username: flast + * AUTODISCOVER_LOGIN_F_DOT_LAST - cuts the part before '.' after the first letter and + * leaves the part after '.' as is: + * email: first.last@domain.com -> resulting username: f.last + */ + define('AUTODISCOVER_LOGIN_TYPE', AUTODISCOVER_LOGIN_EMAIL); + +/********************************************************************************** + * Logging settings + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + */ + + define('LOGBACKEND', 'filelog'); + + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'autodiscover.log'); + define('LOGERRORFILE', LOGFILEDIR . 'autodiscover-error.log'); + define('LOGLEVEL', LOGLEVEL_INFO); + define('LOGUSERLEVEL', LOGLEVEL); + $specialLogUsers = array(); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push-autodiscover'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); +/********************************************************************************** + * Backend settings + */ + // the backend data provider + define('BACKEND_PROVIDER', '__BACKEND_PROVIDER__'); diff --git a/conf/caldav.conf.php b/conf/caldav.conf.php new file mode 100644 index 0000000..89af03a --- /dev/null +++ b/conf/caldav.conf.php @@ -0,0 +1,57 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendCalDAV settings +// ************************ + +// Server protocol: http or https +define('CALDAV_PROTOCOL', 'https'); + +// Server name +define('CALDAV_SERVER', '__DOMAIN__'); + +// Server port +define('CALDAV_PORT', '443'); + +// Path +//define('CALDAV_PATH', '/caldav.php/%u/'); +define('CALDAV_PATH', '__CALDAV_PATH__'); + +// Default CalDAV folder (calendar folder/principal). This will be marked as the default calendar in the mobile +define('CALDAV_PERSONAL', 'PRINCIPAL'); + +// If the CalDAV server supports the sync-collection operation +// DAViCal, SOGo and SabreDav support it +// SabreDav version must be at least 1.9.0, otherwise set this to false +// Setting this to false will work with most servers, but it will be slower +define('CALDAV_SUPPORTS_SYNC', false); + + +// Maximum period to sync. +// Some servers don't support more than 10 years so you will need to change this +define('CALDAV_MAX_SYNC_PERIOD', 2147483647); \ No newline at end of file diff --git a/conf/carddav.conf.php b/conf/carddav.conf.php new file mode 100644 index 0000000..e183f60 --- /dev/null +++ b/conf/carddav.conf.php @@ -0,0 +1,93 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendCardDAV settings +// ************************ + +// Server protocol: http or https +define('CARDDAV_PROTOCOL', 'https'); + +// Server name +define('CARDDAV_SERVER', '__DOMAIN__'); + +// Server port +define('CARDDAV_PORT', '443'); + +// Server path to the addressbook, or the principal with the addressbooks +// If your user has more than 1 addressbook point it to the principal. +// Example: user test@domain.com will have 2 addressbooks +// http://localhost/caldav.php/test@domain.com/addresses/personal +// http://localhost/caldav.php/test@domain.com/addresses/work +// You set the CARDDAV_PATH to '/caldav.php/%u/addresses/' and personal and work will be autodiscovered +// %u: replaced with the username +// %d: replaced with the domain +// Add the trailing / +//define('CARDDAV_PATH', '/caldav.php/%u/'); +define('CARDDAV_PATH', '__CARDDAV_PATH__'); + + +// Server path to the default addressbook +// Mobile device will create new contacts here. It must be under CARDDAV_PATH +// %u: replaced with the username +// %d: replaced with the domain +// Add the trailing / +//define('CARDDAV_DEFAULT_PATH', '/caldav.php/%u/addresses/'); +define('CARDDAV_DEFAULT_PATH', '__CARDDAV_DEFAULT_PATH__'); + +// Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced. +// If you don't want GAL, comment it +// %u: replaced with the username +// %d: replaced with the domain +// Add the trailing / +define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/'); + +// Minimal length for the search pattern to do the real search. +define('CARDDAV_GAL_MIN_LENGTH', 5); + +// Addressbook display name, the name showed in the mobile device +// %u: replaced with the username +// %d: replaced with the domain +define('CARDDAV_CONTACTS_FOLDER_NAME', '%u Addressbook'); + + +// If the CardDAV server supports the sync-collection operation +// DAViCal and SabreDav support it, but Owncloud, SOGo don't +// SabreDav version must be at least 1.9.0, otherwise set this to false +// Setting this to false will work with most servers, but it will be slower: 1 petition for the href of vcards, and 1 petition for each vcard +define('CARDDAV_SUPPORTS_SYNC', false); + + +// If the CardDAV server supports the FN attribute for searches +// DAViCal supports it, but SabreDav, Owncloud and SOGo don't +// Setting this to true will search by FN. If false will search by sn, givenName and email +// It's safe to leave it as false +define('CARDDAV_SUPPORTS_FN_SEARCH', false); + + +// If your carddav server needs to use file extension to recover a vcard. +// Davical needs it +// SOGo official demo online needs it, but some SOGo installation don't need it, so test it +define('CARDDAV_URL_VCARD_EXTENSION', '.vcf'); \ No newline at end of file diff --git a/conf/combined.conf.php b/conf/combined.conf.php new file mode 100644 index 0000000..24a3de7 --- /dev/null +++ b/conf/combined.conf.php @@ -0,0 +1,96 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +class BackendCombinedConfig { + + // ************************* + // BackendCombined settings + // ************************* + /** + * Returns the configuration of the combined backend + * + * @access public + * @return array + * + */ + public static function GetBackendCombinedConfig() { + //use a function for it because php does not allow + //assigning variables to the class members (expecting T_STRING) + return array( + //the order in which the backends are loaded. + //login only succeeds if all backend return true on login + //sending mail: the mail is sent with first backend that is able to send the mail + 'backends' => array( + 'i' => array( + 'name' => 'BackendIMAP', + ), + 'z' => array( + 'name' => 'BackendKopano', + ), + 'm' => array( + 'name' => 'BackendMaildir', + ), + 'v' => array( + 'name' => 'BackendVCardDir', + ), + 'l' => array( + 'name' => 'BackendLDAP', + ), + 'd' => array( + 'name' => 'BackendCardDAV', + ), + 'c' => array( + 'name' => 'BackendCalDAV', + ), + ), + 'delimiter' => '/', + //force one type of folder to one backend + //it must match one of the above defined backends + 'folderbackend' => array( + SYNC_FOLDER_TYPE_INBOX => 'i', + SYNC_FOLDER_TYPE_DRAFTS => 'i', + SYNC_FOLDER_TYPE_WASTEBASKET => 'i', + SYNC_FOLDER_TYPE_SENTMAIL => 'i', + SYNC_FOLDER_TYPE_OUTBOX => 'i', + SYNC_FOLDER_TYPE_TASK => 'c', + SYNC_FOLDER_TYPE_APPOINTMENT => 'c', + SYNC_FOLDER_TYPE_CONTACT => 'd', + SYNC_FOLDER_TYPE_NOTE => 'c', + SYNC_FOLDER_TYPE_JOURNAL => 'c', + SYNC_FOLDER_TYPE_OTHER => 'i', + SYNC_FOLDER_TYPE_USER_MAIL => 'i', + SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c', + SYNC_FOLDER_TYPE_USER_CONTACT => 'd', + SYNC_FOLDER_TYPE_USER_TASK => 'c', + SYNC_FOLDER_TYPE_USER_JOURNAL => 'c', + SYNC_FOLDER_TYPE_USER_NOTE => 'c', + SYNC_FOLDER_TYPE_UNKNOWN => 'i', + ), + //creating a new folder in the root folder should create a folder in one backend + 'rootcreatefolderbackend' => 'i', + ); + } +} diff --git a/conf/etc/z-push/ldap.conf.php b/conf/etc/z-push/ldap.conf.php new file mode 100644 index 0000000..35a3c26 --- /dev/null +++ b/conf/etc/z-push/ldap.conf.php @@ -0,0 +1,40 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ********************** +// BackendLDAP settings +// ********************** + +// Server address +define('LDAP_SERVER', 'localhost'); + +// Server Port +define('LDAP_SERVER_PORT', '389'); + +// LDAP USER DN +define('LDAP_USER_DN', 'uid=%u,ou=mailaccount,dc=phppush,dc=com'); + +// LDAP BASE DNS +define('LDAP_BASE_DNS', 'Contacts:ou=addressbook,uid=%u,ou=mailaccount,dc=phppush,dc=com'); //Multiple values separator is | diff --git a/conf/galsearch-ldap.conf.php b/conf/galsearch-ldap.conf.php new file mode 100644 index 0000000..a0d36b6 --- /dev/null +++ b/conf/galsearch-ldap.conf.php @@ -0,0 +1,56 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// LDAP host and port +define("LDAP_HOST", "ldap://127.0.0.1/"); +define("LDAP_PORT", "389"); + +// Set USER and PASSWORD if not using anonymous bind +define("ANONYMOUS_BIND", true); +define("LDAP_BIND_USER", "cn=searchuser,dc=test,dc=net"); +define("LDAP_BIND_PASSWORD", ""); + +// Search base & filter +// the SEARCHVALUE string is substituded by the value inserted into the search field +define("LDAP_SEARCH_BASE", "ou=users,dc=yunohost,dc=org"); +define("LDAP_SEARCH_FILTER", "(|(cn=*SEARCHVALUE*)(mail=*SEARCHVALUE*))"); + +// LDAP field mapping. +// values correspond to an inetOrgPerson class +global $ldap_field_map; +$ldap_field_map = array( + SYNC_GAL_DISPLAYNAME => 'cn', + SYNC_GAL_PHONE => 'telephonenumber', + SYNC_GAL_OFFICE => '', + SYNC_GAL_TITLE => 'title', + SYNC_GAL_COMPANY => 'ou', + SYNC_GAL_ALIAS => 'uid', + SYNC_GAL_FIRSTNAME => 'givenname', + SYNC_GAL_LASTNAME => 'sn', + SYNC_GAL_HOMEPHONE => 'homephone', + SYNC_GAL_MOBILEPHONE => 'mobile', + SYNC_GAL_EMAILADDRESS => 'mail', + ); diff --git a/conf/imap.conf.php b/conf/imap.conf.php new file mode 100644 index 0000000..a4aece4 --- /dev/null +++ b/conf/imap.conf.php @@ -0,0 +1,218 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendIMAP settings +// ************************ + +// Defines the server to which we want to connect +define('IMAP_SERVER', 'localhost'); + +// connecting to default port (143) +define('IMAP_PORT', 993); + +// best cross-platform compatibility (see http://php.net/imap_open for options) +define('IMAP_OPTIONS', '/ssl/novalidate-cert'); + + +// Mark messages as read when moving to Trash. +// BE AWARE that you will lose the unread flag, but some mail clients do this so the Trash folder doesn't get boldened +define('IMAP_AUTOSEEN_ON_DELETE', false); + + +// IMPORTANT: BASIC IMAP FOLDERS [ask your mail admin] + // We can have diferent cases (case insensitive): + // 1. + // inbox + // sent + // drafts + // trash + // 2. + // inbox + // common.sent + // common.drafts + // common.trash + // 3. + // common.inbox + // common.sent + // common.drafts + // common.trash + // 4. + // common + // common.sent + // common.drafts + // common.trash + // + // gmail is a special case, where the default folders are under the [gmail] prefix and the folders defined by the user are under INBOX. + // This configuration seems to work: + // define('IMAP_FOLDER_PREFIX', ''); + // define('IMAP_FOLDER_PREFIX_IN_INBOX', false); + // define('IMAP_FOLDER_INBOX', 'INBOX'); + // define('IMAP_FOLDER_SENT', '[Gmail]/Sent'); + // define('IMAP_FOLDER_DRAFT', '[Gmail]/Drafts'); + // define('IMAP_FOLDER_TRASH', '[Gmail]/Trash'); + // define('IMAP_FOLDER_SPAM', '[Gmail]/Spam'); + // define('IMAP_FOLDER_ARCHIVE', '[Gmail]/All Mail'); + +// Since I know you won't configure this, I will raise an error unless you do. +// When configured set this to true to remove the error +define('IMAP_FOLDER_CONFIGURED', true); + +// Folder prefix is the common part in your names (3, 4) +define('IMAP_FOLDER_PREFIX', ''); + +// Inbox will have the preffix preppend (3 & 4 to true) +define('IMAP_FOLDER_PREFIX_IN_INBOX', false); + +// Inbox folder name (case doesn't matter) - (empty in 4) +define('IMAP_FOLDER_INBOX', 'INBOX'); + +// Sent folder name (case doesn't matter) +define('IMAP_FOLDER_SENT', 'SENT'); + +// Draft folder name (case doesn't matter) +define('IMAP_FOLDER_DRAFT', 'DRAFTS'); + +// Trash folder name (case doesn't matter) +define('IMAP_FOLDER_TRASH', 'TRASH'); + +// Spam folder name (case doesn't matter). Only showed as special by iOS devices +define('IMAP_FOLDER_SPAM', 'SPAM'); + +// Archive folder name (case doesn't matter). Only showed as special by iOS devices +define('IMAP_FOLDER_ARCHIVE', 'ARCHIVE'); + + + +// forward messages inline (default true - inlined) +define('IMAP_INLINE_FORWARD', true); + +// list of folders we want to exclude from sync. Names, or part of it, separated by | +// example: dovecot.sieve|archive|spam +define('IMAP_EXCLUDED_FOLDERS', ''); + + + +// overwrite the "from" header with some value +// options: +// '' - do nothing, use the From header +// 'username' - the username will be set (usefull if your login is equal to your emailaddress) +// 'domain' - the value of the "domain" field is used +// 'sql' - the username will be the result of a sql query. REMEMBER TO INSTALL PHP-PDO AND PHP-DATABASE +// 'ldap' - the username will be the result of a ldap query. REMEMBER TO INSTALL PHP-LDAP!! +// '@mydomain.com' - the username is used and the given string will be appended +define('IMAP_DEFAULTFROM', ''); + +// DSN: formatted PDO connection string +// mysql:host=xxx;port=xxx;dbname=xxx +// USER: username to DB +// PASSWORD: password to DB +// OPTIONS: array with options needed +// QUERY: query to execute +// FIELDS: columns in the query +// FROM: string that will be the from, replacing the column names with the values +//define('IMAP_FROM_SQL_DSN', ''); +//define('IMAP_FROM_SQL_USER', ''); +//define('IMAP_FROM_SQL_PASSWORD', ''); +//define('IMAP_FROM_SQL_OPTIONS', serialize(array(PDO::ATTR_PERSISTENT => true))); +//define('IMAP_FROM_SQL_QUERY', "select first_name, last_name, mail_address from users where mail_address = '#username@#domain'"); +//define('IMAP_FROM_SQL_FIELDS', serialize(array('first_name', 'last_name', 'mail_address'))); +//define('IMAP_FROM_SQL_EMAIL', '#mail_address'); +//define('IMAP_FROM_SQL_FROM', '#first_name #last_name <#mail_address>'); +//define('IMAP_FROM_SQL_FULLNAME', '#first_name #last_name'); + +// SERVER: ldap server +// SERVER_PORT: ldap port +// USER: dn to use for connecting +// PASSWORD: password +// QUERY: query to execute +// FIELDS: columns in the query +// FROM: string that will be the from, replacing the field names with the values +//define('IMAP_FROM_LDAP_SERVER', 'localhost'); +//define('IMAP_FROM_LDAP_SERVER_PORT', '389'); +//define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org'); +//define('IMAP_FROM_LDAP_PASSWORD', 'password'); +//define('IMAP_FROM_LDAP_BASE', 'dc=zpush,dc=org'); +//define('IMAP_FROM_LDAP_QUERY', '(mail=#username@#domain)'); +//define('IMAP_FROM_LDAP_FIELDS', serialize(array('givenname', 'sn', 'mail'))); +//define('IMAP_FROM_LDAP_EMAIL', '#mail'); +//define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>'); +//define('IMAP_FROM_LDAP_FULLNAME', '#givenname #sn'); + + + +// Method used for sending mail +// mail => mail() php function +// sendmail => sendmail executable +// smtp => direct connection against SMTP +define('IMAP_SMTP_METHOD', 'smtp'); + +global $imap_smtp_params; +// SMTP Parameters +// mail : no params +//$imap_smtp_params = array(); +// sendmail +//$imap_smtp_params = array('sendmail_path' => '/usr/bin/sendmail', 'sendmail_args' => '-i'); +// smtp +// "host" - The server to connect. Default is localhost. +// "port" - The port to connect. Default is 25. +// "auth" - Whether or not to use SMTP authentication. Default is FALSE. +// "username" - The username to use for SMTP authentication. "imap_username" for using the same username as the imap server +// "password" - The password to use for SMTP authentication. "imap_password" for using the same password as the imap server +// "localhost" - The value to give when sending EHLO or HELO. Default is localhost +// "timeout" - The SMTP connection timeout. Default is NULL (no timeout). +// "verp" - Whether to use VERP or not. Default is FALSE. +// "debug" - Whether to enable SMTP debug mode or not. Default is FALSE. +// "persist" - Indicates whether or not the SMTP connection should persist over multiple calls to the send() method. +// "pipelining" - Indicates whether or not the SMTP commands pipelining should be used. +// "verify_peer" - Require verification of SSL certificate used. Default is TRUE. +// "verify_peer_name" - Require verification of peer name. Default is TRUE. +// "allow_self_signed" - Allow self-signed certificates. Requires verify_peer. Default is FALSE. +//$imap_smtp_params = array('host' => 'localhost', 'port' => 25, 'auth' => false); +// If you want to use SSL with port 25 or port 465 you must preppend "ssl://" before the hostname or IP of your SMTP server +// IMPORTANT: To use SSL you must use PHP 5.1 or later, install openssl libs and use ssl:// within the host variable +// IMPORTANT: To use SSL with PHP 5.6 you should set verify_peer, verify_peer_name and allow_self_signed +//$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); +$imap_smtp_params = array('host' => 'tcp://__DOMAIN__', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password', 'localhost' => '__DOMAIN__', 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + + +// If you are using IMAP_SMTP_METHOD = mail or sendmail and your sent messages are not correctly displayed you can change this to "\n". +// BUT, it doesn't comply with RFC 2822 and will break if using smtp method +define('MAIL_MIMEPART_CRLF', "\r\n"); + + +// A file containing file mime types->extension mappings. +// SELINUX users: make sure the file has a security context accesible by your apache/php-fpm process +define('SYSTEM_MIME_TYPES_MAPPING', '/etc/mime.types'); + + +// Use BackendCalDAV for Meetings. You cannot hope to get that functionality working without a caldav backend. +//define('IMAP_MEETING_USE_CALDAV', false); +define('IMAP_MEETING_USE_CALDAV', __IMAP_MEETING_USE_CALDAV__); + +// If your IMAP server allows authenticating via GSSAPI, php-imap will not fall back properly to other authentication +// methods and you will be unable to log in. Uncomment the following line to disable that authentication method. +// Multiple methods can be specified as a comma-separated string. +// define('IMAP_DISABLE_AUTHENTICATOR', 'GSSAPI'); diff --git a/conf/nginx.conf b/conf/nginx.conf index 71922c7..92a8bf7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -42,18 +42,18 @@ location /Microsoft-Server-ActiveSync { - location /AutoDiscover/AutoDiscover.xml { - alias /usr/share/z-push/autodiscover/autodiscover.php; - #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; - } - location /Autodiscover/Autodiscover.xml { - alias /usr/share/z-push/autodiscover/autodiscover.php; - #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; - } - location /autodiscover/autodiscover.xml { - alias /usr/share/z-push/autodiscover/autodiscover.php; - #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; - } \ No newline at end of file +location /AutoDiscover/AutoDiscover.xml { + alias /usr/share/z-push/autodiscover/autodiscover.php; + #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; +} +location /Autodiscover/Autodiscover.xml { + alias /usr/share/z-push/autodiscover/autodiscover.php; + #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; +} +location /autodiscover/autodiscover.xml { + alias /usr/share/z-push/autodiscover/autodiscover.php; + #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; +} \ No newline at end of file diff --git a/conf/backend/config-caldav.php b/conf/old-backend/config-caldav.php similarity index 97% rename from conf/backend/config-caldav.php rename to conf/old-backend/config-caldav.php index 8a8d627..a6491cd 100644 --- a/conf/backend/config-caldav.php +++ b/conf/old-backend/config-caldav.php @@ -33,7 +33,7 @@ define('CALDAV_PROTOCOL', 'https'); // Server name -define('CALDAV_SERVER', 'BAIKALDOMAIN'); +define('CALDAV_SERVER', '__DOMAIN__'); // Server port define('CALDAV_PORT', '443'); diff --git a/conf/backend/config-carddav.php b/conf/old-backend/config-carddav.php similarity index 100% rename from conf/backend/config-carddav.php rename to conf/old-backend/config-carddav.php diff --git a/conf/backend/config-combined.php b/conf/old-backend/config-combined.php similarity index 100% rename from conf/backend/config-combined.php rename to conf/old-backend/config-combined.php diff --git a/conf/backend/config-imap.php b/conf/old-backend/config-imap.php similarity index 100% rename from conf/backend/config-imap.php rename to conf/old-backend/config-imap.php diff --git a/conf/config.php b/conf/old-backend/config.php similarity index 100% rename from conf/config.php rename to conf/old-backend/config.php diff --git a/conf/old-backend/z-push.conf b/conf/old-backend/z-push.conf new file mode 100644 index 0000000..a9bf5a5 --- /dev/null +++ b/conf/old-backend/z-push.conf @@ -0,0 +1,47 @@ +server { + server_name localhost; # Put your server name + + # Uncomment the following lines to enable SSL support if not configured yet + #listen 443 ssl; + #listen [::]:443 ssl; + #ssl on; + #ssl_certificate /path/to/ssl.crt; # Put in the correct path + #ssl_certificate_key /path/to/ssl.key; # Put in the correct path + + # If you're using PHP-FPM uncomment the following lines. + #include fastcgi_params; + #fastcgi_index index.php; + #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + #fastcgi_param REQUEST_URI $1; + #fastcgi_param PHP_FLAG "magic_quotes_gpc=off \n register_globals=off \n magic_quotes_runtime=off \n short_open_tag=on"; + #fastcgi_param PHP_VALUE "post_max_size=20M \n upload_max_filesize=20M \n max_execution_time=3660"; + #fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities + #fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe + + location /Microsoft-Server-ActiveSync { + alias /usr/share/z-push/index.php; + + access_log /var/log/nginx/z-push-access.log; + error_log /var/log/nginx/z-push-error.log; + + # Attachments ca 15MB max (since binary data needs to be base64 encoded in mine, which results in in about 33% overhead) + client_max_body_size 20m; + client_body_buffer_size 128k; + + # Select one of the fastcgi_pass values or adapt to your configuration + include snippets/z-push-php.conf; + } + + location /AutoDiscover/AutoDiscover.xml { + include snippets/z-push-autodiscover.conf; + include snippets/z-push-php.conf; + } + location /Autodiscover/Autodiscover.xml { + include snippets/z-push-autodiscover.conf; + include snippets/z-push-php.conf; + } + location /autodiscover/autodiscover.xml { + include snippets/z-push-autodiscover.conf; + include snippets/z-push-php.conf; + } +} diff --git a/conf/policies.ini b/conf/policies.ini new file mode 100644 index 0000000..cbd99f9 --- /dev/null +++ b/conf/policies.ini @@ -0,0 +1,234 @@ +;;;;;;;;;;;;;;;;;;;;;;;; +; About policies.ini ; +;;;;;;;;;;;;;;;;;;;;;;;; + +; Z-Push policies' file holds the configuration to be applied +; during the provisioning of a mobile device. +; Check Z-Push wiki page regarding the provisioning policies: +; https://wiki.z-hub.io/x/eYAa +; For more information see the ActiveSync documentation at: +; https://msdn.microsoft.com/en-us/library/dd299443.aspx + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; The default ActiveSync policy. Do not change its name. +[default] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Policies for ActiveSync version 12.0 and higher +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; Specifies if a device requires a password to unlock it. +; 0 - Password not required. +; 1 - Password is required. +devpwenabled = 0 + +; Specifies if a device requires an alphanumeric password to unlock it. +; 0 - Alphanumeric password not required. +; 1 - Alphanumeric password required. +alphanumpwreq = 0 + +; Deprecated. Specifies if the device encrypts the content of the storage card. +; 0 - Storage card encryption not enabled. +; 1 - Storage card encryption enabled. +devencenabled = 0 + +; Specifies if the server supports storing a recovery password which could be +; sent by the client using the Settings command. +; This policy is currently not supported by Z-Push. +; 0 - Password recovery not enabled on the server. +; 1 - Password recovery enabled on the server. +; pwrecoveryenabled = 0 + +; Deprecated. +docbrowseenabled = + +; Specifies if email attachments are enabled for download. +; 0 - Attachments not allowed for download. +; 1 - Attachments allowed for download. +attenabled = 1 + +; Specifies the minimum client password length to unlock it. +; The mindevpwlenngth can be empty or have a value between 1 and 16. +; If the value is empty or 1, there is no minimum length for the device password. +mindevpwlenngth = 4 + +; The maximum number of seconds of inactivity before the device locks itself. +; If this value is greater than or equal to 9999, the client interprets it as unlimited. +maxinacttimedevlock = 900 + +; The maximum number of failed password attempts to unlock the device. +; The client SHOULD perform a local wipe or enter a timed lock out mode if the maximum +; number of failed password attempts is reached. +; The maxdevpwfailedattempts can be empty or have a value between 4 and 16. +; If the value is empty, the client interprets this as no maximum number of +; failed password attempts has been set by the security policy. +maxdevpwfailedattempts = 8 + +; The maximum attachment size in bytes as determined by security policy. +maxattsize = '' + +; Specifies if the device allows simple passwords. A simple password contains +; repeated ("0000") or sequential ("xyz") characters only. +allowsimpledevpw = 1 + +; The maximum number of days until a password expires. +; Empty or 0 devpwexpiration value indicates that the password will not expire. +devpwexpiration = 0 + +; The minimum number of previously used passwords stored to prevent reuse by the device. +; 0 - Do not store previously used passwords. +; >0 - Store the minimum number of previously used passwords. +devpwhistory = 0 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Policies for ActiveSync version 12.1 and higher +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; The device allows to use a storage card. +; 0 - SD card not allowed. +; 1 - SD card allowed. +allowstoragecard = 1 + +; The device allows to use the built-in camera. +; 0 - Usage of the built-in camera not allowed. +; 1 - Usage of built-in the camera allowed. +allowcam = 1 + +; Specifies if the client uses encryption. +; 0 - Encryption not required. +; 1 - Encryption required. +reqdevenc = 0 + +; Specifies if the device allows unsigned applications to execute. +; 0 - Unsigned applications not allowed to execute. +; 1 - Unsigned applications allowed to execute. +allowunsignedapps = 1 + +; The required complexity level of the device password. +; Valid values for mindevcomplexchars are between 1 and 4. The value specifies +; the number of character groups to be contained in the password. +; The character groups are: +; - Lower case alphabetical characters +; - Upper case alphabetical characters +; - Numbers +; - Non-alphanumeric characters +; For example, if the value of mindevcomplexchars is 2, a password may contain +; lower case and upper case characters. A password with numbers and non-alphanumeric +; characters would be also valid. +mindevcomplexchars = 3 + +; The device allows the use of Wi-Fi connections. +; 0 - The use of Wi-Fi connections not allowed. +; 1 - The use of Wi-Fi connections allowed. +allowwifi = 1 + +; The device allows the use of SMS or text messaging. +; 0 - SMS or text messaging not allowed. +; 1 - SMS or text messaging allowed. +allowtextmessaging = 1 + +; The device allows access to POP or IMAP email. +; 0 - POP or IMAP email access not allowed. +; 1 - POP or IMAP email access allowed. +allowpopimapemail = 1 + +; The use of Bluetooth on the device. +; 0 - Disable Bluetooth. +; 1 - Disable Bluetooth, but allow the configuration of hands-free profiles. +; 2 - Allow Bluetooth. +allowbluetooth = 2 + +; The device allows the use of IrDA (infrared) connections. +; 0 - Disable IrDA. +; 1 - Allow IrDA. +allowirda = 1 + +; The device requires manual synchronization when the device is roaming. +; 0 - Do not require manual sync; allow direct push when roaming. +; 1 - Require manual sync when roaming. +reqmansyncroam = 0 + +; The maximum number of calendar days that can be synchronized. +; 0 - All days +; 4 - 2 weeks +; 5 - 1 month +; 6 - 3 months +; 7 - 6 months +maxcalagefilter = 0 + +; Specifies if the client uses HTML-formatted email. +; 0 - HTML-formatted email not allowed. +; 1 - HTML-formatted email allowed. +allowhtmlemail = 1 + +; The email age limit for synchronization. +; 0 - Sync all +; 1 - 1 day +; 2 - 3 days +; 3 - 1 week +; 4 - 2 weeks +; 5 - 1 month +maxemailagefilter = 0 + +; The maximum truncation size for plain text–formatted email. +; -1 - No truncation. +; 0 - Truncate only the header. +; >0 - Truncate the email body to the specified size. +maxemailbodytruncsize = -1 + +; The maximum truncation size for HTML-formatted email. +; -1 - No truncation. +; 0 - Truncate only the header. +; >0 - Truncate the email body to the specified size. +maxemailhtmlbodytruncsize = -1 + +; Specifies if the client sends signed S/MIME messages. +; 0 - Signed S/MIME messages not required. +; 1 - Signed S/MIME messages required. +reqsignedsmimemessages = 0 + +; Specifies if the client sends encrypted email messages. +; 0 - Encrypted email messages not required. +; 1 - Email messages required to be encrypted. +reqencsmimemessages = 0 + +; The algorithm used to sign S/MIME messages. +; 0 - Use SHA1. +; 1 - Use MD5. +reqsignedsmimealgorithm = 0 + +; The algorithm used to encrypt S/MIME messages. +; 0 - TripleDES algorithm +; 1 - DES algorithm +; 2 - RC2128bit +; 3 - RC264bit +; 4 - RC240bit +reqencsmimealgorithm = 0 + +; Controls negotiation of the encryption algorithm. +; 0 - Do not negotiate. +; 1 - Negotiate a strong algorithm. +; 2 - Negotiate any algorithm. +allowsmimeencalgneg = 2 + +; Specifies if the client can use soft certificates to sign outgoing messages. +; 0 - Soft certificates are not allowed. +; 1 - Soft certificates are allowed. +allowsmimesoftcerts = 1 + +; Specifies if the device allows the use of a web browser. +; 0 - Do not allow the use of a web browser. +; 1 - Allow the use of a web browser. +allowbrowser = 1 + +; Specifies if the device allows the user to configure a personal email account. +; 0 - Do not allow the user to configure a personal email account. +; 1 - Allow the user to configure a personal email account. +allowconsumeremail = 1 + +; Specifies if the device allows the use of Internet Sharing. +; 0 - Do not allow the use of Internet Sharing. +; 1 - Allow the use of Internet Sharing. +allowinternetsharing = 1 \ No newline at end of file diff --git a/conf/z-push.conf.php b/conf/z-push.conf.php new file mode 100644 index 0000000..1c4c02f --- /dev/null +++ b/conf/z-push.conf.php @@ -0,0 +1,389 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', '__TIMEZONE__'); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + // Try to set unlimited timeout + define('SCRIPT_TIMEOUT', 0); + + // Use a custom header to determinate the remote IP of a client. + // By default, the server provided REMOTE_ADDR is used. If the header here set + // is available, the provided value will be used, else REMOTE_ADDR is maintained. + // set to false to disable this behaviour. + // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored) + define('USE_CUSTOM_REMOTE_IP_HEADER', false); + + // When using client certificates, we can check if the login sent matches the owner of the certificate. + // This setting specifies the owner parameter in the certificate to look at. + define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN"); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * This is required for Z-Push to work properly after autodiscover. + * Possible values: + * false - use the username only. + * true - string the mobile sends as username, e.g. full email address (default). + */ + define('USE_FULLEMAIL_FOR_LOGIN', true); + +/********************************************************************************** + * StateMachine setting + * + * These StateMachines can be used: + * FILE - FileStateMachine (default). Needs STATE_DIR set as well. + * SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored. + * State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa + */ + define('STATE_MACHINE', 'FILE'); + define('STATE_DIR', '/var/lib/z-push/'); + +/********************************************************************************** + * IPC - InterProcessCommunication + * + * Is either provided by using shared memory on a single host or + * using the memcache provider for multi-host environments. + * When another implementation should be used, the class can be set here explicitly. + * If empty Z-Push will try to use available providers. + */ + define('IPC_PROVIDER', ''); + +/********************************************************************************** + * Logging settings + * + * The LOGBACKEND specifies where the logs are sent to. + * Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass. + * filelog and syslog have several options that can be set below. + * For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT + + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + * + * LOGAUTHFAIL is logged to the LOGBACKEND. + */ + define('LOGBACKEND', 'filelog'); + define('LOGLEVEL', LOGLEVEL_INFO); + define('LOGAUTHFAIL', false); + + // To save e.g. WBXML data only for selected users, add the usernames to the array + // The data will be saved into a dedicated file per user in the LOGFILEDIR + // Users have to be encapusulated in quotes, several users are comma separated, like: + // $specialLogUsers = array('info@domain.com', 'myusername'); + define('LOGUSERLEVEL', LOGLEVEL_DEVICEID); + $specialLogUsers = array(); + + // Filelog settings + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'z-push.log'); + define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log'); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); + + // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem' + // Uncomment and modify the following line if the validation of the certificates fails. + // define('CAINFO', '/etc/ssl/certs/EmailCA.pem'); + +/********************************************************************************** + * Mobile settings + */ + // Device Provisioning + define('PROVISIONING', true); + + // This option allows the 'loose enforcement' of the provisioning policies for older + // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution + // false (default) - Enforce provisioning for all devices + // true - allow older devices, but enforce policies on devices which support it + define('LOOSE_PROVISIONING', false); + + // The file containing the policies' settings. + // Set a full path or relative to the z-push main directory + define('PROVISIONING_POLICYFILE', 'policies.ini'); + + // Default conflict preference + // Some devices allow to set if the server or PIM (mobile) + // should win in case of a synchronization conflict + // SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins + // SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default) + define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM); + + // Global limitation of items to be synchronized + // The mobile can define a sync back period for calendar and email items + // For large stores with many items the time period could be limited to a max value + // If the mobile transmits a wider time period, the defined max value is used + // Applicable values: + // SYNC_FILTERTYPE_ALL (default, no limitation) + // SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS, + // SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS + define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL); + + // Interval in seconds before checking if there are changes on the server when in Ping. + // It means the highest time span before a change is pushed to a mobile. Set it to + // a higher value if you have a high load on the server. + define('PING_INTERVAL', 30); + + // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook. + // It will only affect new/modified contacts on the mobile which then are synced to the server. + // Possible values are: + // SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname" + // SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename" + // SYNC_FILEAS_COMPANYONLY - fileas will be "Company" + // SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)" + // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)" + // SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)" + // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)" + // The company-fileas will only be set if a contact has a company set. If one of + // company-fileas is selected and a contact doesn't have a company set, it will default + // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first + // option is selected for company). + // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set + // SYNC_FILEAS_LASTFIRST will be used + define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST); + + // Maximum amount of items to be synchronized per request. + // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100. + // Exporting too much items can cause mobile timeout on busy systems. + // Z-Push will use the lowest provided value, either set here or by the mobile. + // MS Outlook 2013+ request up to 512 items to accelerate the sync process. + // If you detect high load (also on subsystems) you could try a lower setting. + // max: 512 - value used if mobile does not limit amount of items + define('SYNC_MAX_ITEMS', 512); + + // The devices usually send a list of supported properties for calendar and contact + // items. If a device does not includes such a supported property in Sync request, + // it means the property's value will be deleted on the server. + // However some devices do not send a list of supported properties. It is then impossible + // to tell if a property was deleted or it was not set at all if it does not appear in Sync. + // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with + // supported properties. + // See also https://jira.z-hub.io/browse/ZP-302. + // Possible values: + // false - do not unset properties which are not sent during Sync (default) + // true - unset properties which are not sent during Sync + define('UNSET_UNDEFINED_PROPERTIES', false); + + // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked + // in the semantic sanity checks and contacts with larger photos are not synchronized. + // This limitation is not being followed by the ActiveSync clients which set much bigger + // contact photos. You can override the default value of the max photo size. + // default: 5242880 - 5 MB default max photo size in bytes + define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880); + + // Over the WebserviceUsers command it is possible to retrieve a list of all + // known devices and users on this Z-Push system. The authenticated user needs to have + // admin rights and a public folder must exist. + // In multicompany environments this enable an admin user of any company to retrieve + // this full list, so this feature is disabled by default. Enable with care. + define('ALLOW_WEBSERVICE_USERS_ACCESS', false); + + // Users with many folders can use the 'partial foldersync' feature, where the server + // actively stops processing the folder list if it takes too long. Other requests are + // then redirected to the FolderSync to synchronize the remaining items. + // Device compatibility for this procedure is not fully understood. + // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING. + define('USE_PARTIAL_FOLDERSYNC', false); + + // The minimum accepted time in second that a ping command should last. + // It is strongly advised to keep this config to false. Some device + // might not be able to send a higher value than the one specificied here and thus + // unable to start a push connection. + // If set to false, there will be no lower bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_LOWER_BOUND_LIFETIME', false); + + // The maximum accepted time in second that a ping command should last. + // If set to false, there will be no higher bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_HIGHER_BOUND_LIFETIME', false); + + // Maximum response time + // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example + // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe, + // the answer will not be recieved and the device will send a new one overloading the server. + // There are three categories + // - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types + // - Medium timeout - server has up to 90 seconds to respond + // - Long timeout - server has up to 4 minutes to respond + // If a timeout is almost reached the server will break and sent the results it has until this + // point. You can add DeviceType strings to the categories. + // In general longer timeouts are better, because more data can be streamed at once. + define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI"); + define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail"); + + // Time in seconds the device should wait whenever the service is unavailable, + // e.g. when a backend service is unavailable. + // Z-Push sends a "Retry-After" header in the response with the here defined value. + // It is up to the device to respect or not this directive so even if this option is set, + // the device might not wait requested time frame. + // Number of seconds before retry, to disable set to: false + define('RETRY_AFTER_DELAY', 300); + +/********************************************************************************** + * Backend settings + */ + // the backend data provider + define('BACKEND_PROVIDER', '__BACKEND_PROVIDER__'); + +/********************************************************************************** + * Search provider settings + * + * Alternative backend to perform SEARCH requests (GAL search) + * By default the main Backend defines the preferred search functionality. + * If set, the Search Provider will always be preferred. + * Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php) + */ + define('SEARCH_PROVIDER', 'BackendSearchLDAP'); + // Time in seconds for the server search. Setting it too high might result in timeout. + // Setting it too low might not return all results. Default is 10. + define('SEARCH_WAIT', 10); + // The maximum number of results to send to the client. Setting it too high + // might result in timeout. Default is 10. + define('SEARCH_MAXRESULTS', 10); + +/********************************************************************************** + * Kopano Outlook Extension - Settings + * + * The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with + * functionality not provided by ActiveSync or not implemented by Outlook. + * For more information, see: https://wiki.z-hub.io/x/z4Aa + */ + // Global Address Book functionality + define('KOE_CAPABILITY_GAB', true); + // Synchronize mail flags from the server to Outlook/KOE + define('KOE_CAPABILITY_RECEIVEFLAGS', true); + // Encode flags when sending from Outlook/KOE + define('KOE_CAPABILITY_SENDFLAGS', true); + // Out-of-office support + define('KOE_CAPABILITY_OOF', true); + // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF) + define('KOE_CAPABILITY_OOFTIMES', true); + // Notes support + define('KOE_CAPABILITY_NOTES', true); + // Shared folder support + define('KOE_CAPABILITY_SHAREDFOLDER', true); + // Send-As support for Outlook/KOE and mobiles + define('KOE_CAPABILITY_SENDAS', true); + // Secondary Contact folders (own and shared) + define('KOE_CAPABILITY_SECONDARYCONTACTS', true); + // Copy WebApp signature into KOE + define('KOE_CAPABILITY_SIGNATURES', true); + // Delivery receipt requests + define('KOE_CAPABILITY_RECEIPTS', true); + // Impersonate other users + define('KOE_CAPABILITY_IMPERSONATE', true); + + // To synchronize the GAB KOE, the GAB store and folderid need to be specified. + // Use the gab-sync script to generate this data. The name needs to + // match the config of the gab-sync script. + // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script) + define('KOE_GAB_STORE', 'SYSTEM'); + define('KOE_GAB_FOLDERID', ''); + define('KOE_GAB_NAME', 'Z-Push-KOE-GAB'); + +/********************************************************************************** + * Synchronize additional folders to all mobiles + * + * With this feature, special folders can be synchronized to all mobiles. + * This is useful for e.g. global company contacts. + * + * This feature is supported only by certain devices, like iPhones. + * Check the compatibility list for supported devices: + * http://z-push.org/compatibility + * + * To synchronize a folder, add a section setting all parameters as below: + * store: the ressource where the folder is located. + * Kopano users use 'SYSTEM' for the 'Public Folder' + * folderid: folder id of the folder to be synchronized + * name: name to be displayed on the mobile device + * type: supported types are: + * SYNC_FOLDER_TYPE_USER_CONTACT + * SYNC_FOLDER_TYPE_USER_APPOINTMENT + * SYNC_FOLDER_TYPE_USER_TASK + * SYNC_FOLDER_TYPE_USER_MAIL + * SYNC_FOLDER_TYPE_USER_NOTE + * flags: sets additional options on the shared folder. Supported are: + * DeviceManager::FLD_FLAGS_NONE + * No flags configured, default flag to be set + * DeviceManager::FLD_FLAGS_SENDASOWNER + * When replying in this folder, automatically do Send-As + * DeviceManager::FLD_FLAGS_CALENDARREMINDERS + * If set, Outlook shows reminders for these shares with KOE + * + * Additional notes: + * - on Kopano systems use backend/kopano/listfolders.php script to get a list + * of available folders + * + * - all Z-Push users must have at least reading permissions so the configured + * folders can be synchronized to the mobile. Else they are ignored. + * + * - this feature is only partly suitable for multi-tenancy environments, + * as ALL users from ALL tenents need access to the configured store & folder. + * When configuring a public folder, this will cause problems, as each user has + * a different public folder in his tenant, so the folder are not available. + + * - changing this configuration could cause HIGH LOAD on the system, as all + * connected devices will be updated and load the data contained in the + * added/modified folders. + */ + + $additionalFolders = array( + // demo entry for the synchronization of contacts from the public folder. + // uncomment (remove '/*' '*/') and fill in the folderid +/* + array( + 'store' => "SYSTEM", + 'folderid' => "", + 'name' => "Public Contacts", + 'type' => SYNC_FOLDER_TYPE_USER_CONTACT, + 'flags' => DeviceManager::FLD_FLAGS_NONE, + ), +*/ + ); diff --git a/scripts/install b/scripts/install index 35799b8..c1562f9 100755 --- a/scripts/install +++ b/scripts/install @@ -25,12 +25,18 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url="/Microsoft-Server-ActiveSync" +path_url="/" #admin=$YNH_APP_ARG_ADMIN is_public="1" #language=$YNH_APP_ARG_LANGUAGE #password=$YNH_APP_ARG_PASSWORD +path_url_activesync="/Microsoft-Server-ActiveSync" +path_url_autodiscover1="/AutoDiscover" +path_url_autodiscover2="/Autodiscover" +path_url_autodiscover3="/autodiscover" + + ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID ### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) @@ -50,6 +56,8 @@ app=$YNH_APP_INSTANCE_NAME ### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/usr/share/z-push +config_path=/etc/z-push/ +state_path=/var/lib/z-push/ #test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax @@ -57,6 +65,10 @@ path_url=$(ynh_normalize_url_path $path_url) # Register (book) web path ynh_webpath_register $app $domain $path_url +ynh_webpath_register $app $domain $path_url_activesync +ynh_webpath_register $app $domain $path_url_autodiscover1 +ynh_webpath_register $app $domain $path_url_autodiscover2 +ynh_webpath_register $app $domain $path_url_autodiscover3 #================================================= # STORE SETTINGS FROM MANIFEST @@ -65,7 +77,7 @@ ynh_webpath_register $app $domain $path_url ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url #ynh_app_setting_set $app admin $admin -#ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app is_public $is_public #ynh_app_setting_set $app language $language #================================================= @@ -128,6 +140,8 @@ ynh_install_app_dependencies php-memcached php-cli php-soap ### `ynh_setup_source` use the file conf/app.src ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set $app config_path $config_path +ynh_app_setting_set $app state_path $state_path # Download, check integrity, uncompress and patch the source from app.src #ynh_setup_source "$final_path" @@ -227,10 +241,14 @@ ynh_add_fpm_config #ynh_replace_string "match_string" "replace_string" "$final_path/conf/config.php" -# Configuration -#sed -i "s^define('TIMEZONE', .*^define('TIMEZONE', '$(cat /etc/timezone)');^" /etc/z-push/z-push.conf.php -ynh_replace_string "define('TIMEZONE', '');" "define('TIMEZONE', '$(cat /etc/timezone)');" /etc/z-push/z-push.conf.php +sudo cp ../conf/policies.ini $config_path/policies.ini +sudo cp ../conf/z-push.conf.php $config_path/z-push.conf.php +sudo cp ../conf/galsearch-ldap.conf.php $config_path/galsearch-ldap.conf.php +sudo cp ../conf/autodiscover.conf.php $config_path/autodiscover.conf.php +# Configuration of timezone +ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" "$config_path/z-push.conf.php" +ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" "$config_path/autodiscover.conf.php" # Enable caldav carddav support @@ -239,45 +257,49 @@ if sudo yunohost app list --installed -f baikal | grep -q id ; then baikaldomain=$(ynh_app_setting_get baikal domain) baikalpath=$(ynh_app_setting_get baikal path) baikalpath=${baikalpath%/} - - # Configuration of backend - #sed -i "s@BACKENDTOCHANGE@BackendCombined@g" /etc/z-push/z-push.conf.php - ynh_replace_string "define('BACKEND_PROVIDER', '');" "define('BACKEND_PROVIDER', 'BackendCombined');" /etc/z-push/z-push.conf.php - - # Configuration baikal - #sed -i "s@BAIKALDOMAIN@$caldavdomain@g" /etc/z-push/caldav.conf.php - ynh_replace_string "caldavserver.domain.com" $baikaldomain /etc/z-push/caldav.conf.php - #sed -i "s@BAIKALPATH@$caldavpath@g" /etc/z-push/caldav.conf.php - ynh_replace_string "define('CALDAV_PATH', '/caldav.php/%u/');" "define('CALDAV_PATH', '$baikalpath/cal.php/calendars/%u/');" /etc/z-push/caldav.conf.php - #sed -i "s@BAIKALDOMAIN@$caldavdomain@g" /etc/z-push/carddav.conf.php - ynh_replace_string "define('CARDDAV_SERVER', 'localhost');" "define('CARDDAV_SERVER', '$baikaldomain');" /etc/z-push/carddav.conf.php - #sed -i "s@BAIKALPATH@$caldavpath@g" /etc/z-push/carddav.conf.php - ynh_replace_string "define('CARDDAV_PATH', '/caldav.php/%u/');" "define('CARDDAV_PATH', '$baikalpath/card.php/addressbooks/%u/');" /etc/z-push/carddav.conf.php - #sed -i "s@DOMAINTOCHANGE@$domain@g" /etc/z-push/imap.conf.php - ynh_replace_string "//\$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');" "\$imap_smtp_params = array('host' => 'tcp://$domain', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password', 'localhost' => '$domain', 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true);" /etc/z-push/imap.conf.php - #sed -i "s@FLAGTOCHANGE@true@g" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_MEETING_USE_CALDAV', false);" "define('IMAP_MEETING_USE_CALDAV', true);" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_PORT', 143);" "define('IMAP_PORT', 993);" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_OPTIONS', '/notls/norsh');" "define('IMAP_OPTIONS', '/ssl/novalidate-cert');" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_FOLDER_CONFIGURED', false);" "define('IMAP_FOLDER_CONFIGURED', true);" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_SMTP_METHOD', 'mail');" "define('IMAP_SMTP_METHOD', 'smtp');" /etc/z-push/imap.conf.php - ynh_store_file_checksum "/etc/z-push/caldav.conf.php" - ynh_store_file_checksum "/etc/z-push/carddav.conf.php" - ynh_store_file_checksum "/etc/z-push/combined.conf.php" + # Configuration of backend + ynh_replace_string "__BACKEND_PROVIDER__" "BackendCombined" "$config_path/z-push.conf.php" + ynh_replace_string "__BACKEND_PROVIDER__" "BackendCombined" "$config_path/autodiscover.conf.php" + sudo cp ../conf/combined.conf.php $config_path/combined.conf.php + + # Configuration of caldav + sudo cp ../conf/caldav.conf.php $config_path/caldav.conf.php + ynh_replace_string "__DOMAIN__" "$baikaldomain" "$config_path/caldav.conf.php" + ynh_replace_string "__CALDAV_PATH__" "$baikalpath/cal.php/calendars/%u/" "$config_path/caldav.conf.php" + + # Configuration of carddav + sudo cp ../conf/carddav.conf.php $config_path/carddav.conf.php + ynh_replace_string "__DOMAIN__" "$baikaldomain" "$config_path/carddav.conf.php" + ynh_replace_string "__CARDDAV_PATH_" "baikalpath/card.php/addressbooks/%u/" "$config_path/carddav.conf.php" + ynh_replace_string "__CARDDAV_DEFAULT_PATH__" "baikalpath/card.php/addressbooks/%u/default" "$config_path/carddav.conf.php" + + # Configuration of imap + sudo cp ../conf/imap.conf.php $config_path/imap.conf.php + ynh_replace_string "__DOMAIN__" "$baikaldomain" "$config_path/imap.conf.php" + ynh_replace_string "__IMAP_MEETING_USE_CALDAV__" "true" "$config_path/imap.conf.php" + + # Checksum of config files + + ynh_store_file_checksum "$config_path/combined.conf.php" + ynh_store_file_checksum "$config_path/caldav.conf.php" + ynh_store_file_checksum "$config_path/carddav.conf.php" + ynh_store_file_checksum "$config_path/imap.conf.php" else # Configuration of backend - #sed -i "s@BACKENDTOCHANGE@BackendIMAP@g" /etc/z-push/z-push.conf.php - ynh_replace_string "define('BACKEND_PROVIDER', '');" "define('BACKEND_PROVIDER', 'BackendIMAP');" /etc/z-push/z-push.conf.php + # Configuration of backend + ynh_replace_string "__BACKEND_PROVIDER__" "BackendIMAP" "$config_path/z-push.conf.php" + ynh_replace_string "__BACKEND_PROVIDER__" "BackendIMAP" "$config_path/autodiscover.conf.php" + + # Configuration of imap + sudo cp ../conf/imap.conf.php $config_path/imap.conf.php + ynh_replace_string "__DOMAIN__" "$domainn" "$config_path/imap.conf.php" + ynh_replace_string "__IMAP_MEETING_USE_CALDAV__" "false" "$config_path/imap.conf.php" + + # Checksum of config files + ynh_store_file_checksum "$config_path/imap.conf.php" - # Copy config - #sed -i "s@DOMAINTOCHANGE@$domain@g" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_PORT', 143);" "define('IMAP_PORT', 993);" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_OPTIONS', '/notls/norsh');" "define('IMAP_OPTIONS', '/ssl/novalidate-cert');" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_FOLDER_CONFIGURED', false);" "define('IMAP_FOLDER_CONFIGURED', true);" /etc/z-push/imap.conf.php - ynh_replace_string "define('IMAP_SMTP_METHOD', 'mail');" "define('IMAP_SMTP_METHOD', 'smtp');" /etc/z-push/imap.conf.php - ynh_replace_string "//\$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');" "\$imap_smtp_params = array('host' => 'tcp://$domain', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password', 'localhost' => '$domain', 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true);" /etc/z-push/imap.conf.php fi @@ -290,8 +312,10 @@ fi ### you can make a backup of this file before modifying it again if the admin had modified it. # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum "/etc/z-push/z-push.conf.php" -ynh_store_file_checksum "/etc/z-push/imap.conf.php" +ynh_store_file_checksum "$config_path/policies.ini" +ynh_store_file_checksum "$config_path/z-push.conf.php" +ynh_store_file_checksum "$config_path/galsearch-ldap.conf.php" +ynh_store_file_checksum "$config_path/autodiscover.conf.php" #================================================= # GENERIC FINALIZATION @@ -337,7 +361,7 @@ ynh_use_logrotate #yunohost service add $app --log "/var/log/$app/APP.log" # if using yunohost version 3.2 or more in the 'manifest.json', a description can be added -#yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/APP.log" +yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/$app.log" #================================================= # SETUP SSOWAT @@ -348,9 +372,10 @@ if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set $app unprotected_uris "/" - ynh_app_setting_set $app unprotected_uris "/AutoDiscover" - ynh_app_setting_set $app unprotected_uris "/Autodiscover" - ynh_app_setting_set $app unprotected_uris "/autodiscover" + ynh_app_setting_set $app unprotected_uris $path_url_activesync + ynh_app_setting_set $app unprotected_uris $path_url_autodiscover1 + ynh_app_setting_set $app unprotected_uris $path_url_autodiscover2 + ynh_app_setting_set $app unprotected_uris $path_url_autodiscover3 fi #================================================= diff --git a/scripts/remove b/scripts/remove index 80ee074..849d4c8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -20,7 +20,8 @@ domain=$(ynh_app_setting_get $app domain) #db_name=$(ynh_app_setting_get $app db_name) #db_user=$db_name final_path=$(ynh_app_setting_get $app final_path) -statedir=$(ynh_app_setting_get $app statedir) +config_path=$(ynh_app_setting_get $app config_path) +state_path=$(ynh_app_setting_get $app state_path) #================================================= # STANDARD REMOVE @@ -103,16 +104,14 @@ ynh_remove_logrotate #ynh_secure_remove "/etc/cron.d/$app" # Remove a directory securely -rm -rf /etc/z-push/ -rm -rf /var/log/z-push/ -rm -rf /var/lib/z-push/ ynh_secure_remove "/etc/$app/" # Remove the log files ynh_secure_remove "/var/log/$app/" # Remove the statedir -ynh_secure_remove "$statedir" +ynh_secure_remove "$state_path" +ynh_secure_remove "$config_path" ynh_secure_remove /etc/apt/sources.list.d/z-push.list #=================================================