From 7ff783c87038c4536173471efcea6970b6b4a91f Mon Sep 17 00:00:00 2001
From: mlan <mlan@circuit-factory.com>
Date: Wed, 16 Dec 2020 17:41:13 +0100
Subject: [PATCH] - [docker](Dockerfile) Install the smime webapp plugin
 providing [S/MIME](https://kopano.com/blog/s-mime-plugin-description/). -
 [docker](Dockerfile) Install the mdm webapp plugin providing [Mobile Device
 Management](https://documentation.kopano.io/webapp_mdm_manual/). -
 [demo](demo) Add [S/MIME](https://kopano.com/blog/s-mime-plugin-description/)
 cert generation. - [kopano](src/kopano/entry.d/10-kopano-common) Fix bug in
 `kopano_apply_envvars_php()`.

---
 CHANGELOG.md                        |  7 +++++
 Dockerfile                          |  8 ++++++
 README.md                           | 19 +++++++++++++-
 ROADMAP.md                          | 11 --------
 demo/.gitignore                     |  1 +
 demo/Makefile                       | 40 +++++++++++++++++++++++++++--
 demo/docker-compose.yml             |  1 +
 src/docker/bin/docker-runfunc.sh    |  3 ++-
 src/kopano/entry.d/10-kopano-common | 13 +++++++---
 test/Makefile                       |  1 -
 10 files changed, 84 insertions(+), 20 deletions(-)
 create mode 100644 demo/.gitignore

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1d73331..09054c5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# 1.2.5
+
+- [docker](Dockerfile) Install the smime webapp plugin providing [S/MIME](https://kopano.com/blog/s-mime-plugin-description/).
+- [docker](Dockerfile) Install the mdm webapp plugin providing [Mobile Device Management](https://documentation.kopano.io/webapp_mdm_manual/).
+- [demo](demo) Add [S/MIME](https://kopano.com/blog/s-mime-plugin-description/) cert generation.
+- [kopano](src/kopano/entry.d/10-kopano-common) Fix bug in `kopano_apply_envvars_php()`.
+
 # 1.2.4
 
 - [kopano](src/kopano) Now, use man pages and sample config files to find valid keys to match envvar.
diff --git a/Dockerfile b/Dockerfile
index 9091509..7b34dcb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -164,6 +164,14 @@ RUN	apt-get install --yes --no-install-recommends apache2 libapache2-mod-php \
 	https://download.kopano.io/community ${DIST} ${REL} all) \
 	&& echo "$webaddr<->${DIST} ${REL} all<-" \
 	&& curl $webaddr | tar -xzC $DOCKER_BUILD_DEB_DIR \
+	&& webaddr=$(kopano-webaddr.sh mdm \
+	https://download.kopano.io/community ${DIST} ${REL} all) \
+	&& echo "$webaddr<->${DIST} ${REL} all<-" \
+	&& curl $webaddr | tar -xzC $DOCKER_BUILD_DEB_DIR \
+	&& webaddr=$(kopano-webaddr.sh smime \
+	https://download.kopano.io/community ${DIST} ${REL} ${ARCH}) \
+	&& echo "$webaddr<->${DIST} ${REL} all<-" \
+	&& curl $webaddr | tar -xzC $DOCKER_BUILD_DEB_DIR \
 	&& apt-get update \
 	&& for i in $(seq ${DOCKER_BUILD_PASSES}); do echo "\033[1;36mKOPANO WEBAPP INSTALL PASS: $i\033[0m" \
 	&& dpkg --install --force-depends --skip-same-version --recursive $DOCKER_BUILD_DEB_DIR \
diff --git a/README.md b/README.md
index bf82228..614ea53 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,7 @@ services:
       - backend
     ports:
       - "127.0.0.1:25:25"      # SMTP
+      - "127.0.0.1:465:465"    # SMTPS authentication required
     depends_on:
       - auth
     environment: # Virgin config, ignored on restarts unless FORCE_CONFIG given.
@@ -391,7 +392,7 @@ Separately, `LOG_LEVEL` controls the logging level of the Kopano services. `LOG_
 | ---- | ---- | ---- | ------- | ------ | ---- | ----- |
 | 0    | 1    | 2    | **3**   | 4      | 5    | 6     |
 
-## Custom themes
+## WebApp custom themes
 
 You can easily customize the Kopano WebApp see [New! JSON themes in Kopano WebApp](https://kopano.com/blog/new-json-themes-in-kopano-webapp/). Once you have the files you can install them in your docker container using the receipt below, where we assume that the container name is `mail-app` and that the directory `mytheme` contains the `theme.json` and the other file defining the theme.
 
@@ -403,6 +404,22 @@ docker exec -it mail-app run dc_replace /etc/kopano/webapp/config.php 'define("T
 
 Please note that it is not possible to rename the directory `/etc/kopano/theme/Custom` within the container without further modifications.
 
+## WebApp plugins
+
+### S/MIME
+
+[S/MIME](https://en.wikipedia.org/wiki/S/MIME) provides [email encryption](https://en.wikipedia.org/wiki/Email_encryption) guaranteeing the confidentiality and non-repudiation of email. The [S/MIME](https://documentation.kopano.io/webapp_smime_manual/) WebApp plugin is pre-installed.
+
+Using the [demo](#demo) you can easily create a S/MIME certificate you can try out using WebApp.
+
+```sh
+make app-create_smime
+```
+
+### Mobile device management
+
+The [Mobile Device Management](https://documentation.kopano.io/webapp_mdm_manual/) WebApp plugin comes pre-installed. With it you can resync, remove, refresh and even wipe your devices, connected via [Exchange ActiveSync (EAS)](https://en.wikipedia.org/wiki/Exchange_ActiveSync).
+
 ## Mail transfer agent interaction
 
 Environment variables can be used to configure where Kopano find the Mail Transfer Agent, such as Postfix. Likewise the Mail Transfer Agent need to know where to forward emails to.
diff --git a/ROADMAP.md b/ROADMAP.md
index ece6369..c491ee4 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -17,17 +17,6 @@ Consider to also consolidating it under /srv to simplify making it persistent?
 
 Integrate [webapp-passwd](https://github.com/silentsakky/zarafa-webapp-passwd)?
 
-## S/MIME
-
-Install and configure [S/MIME](https://kopano.com/blog/s-mime-plugin-description/)?
-
-[S/MIME manual](https://documentation.kopano.io/webapp_smime_manual/).
-
-## MDM
-
-Install and configure [MDM](https://documentation.kopano.io/webapp_mdm_manual/)?
-With the MDM plugin you can resync, remove, refresh and even wipe your device.
-
 ## Improve Health Check?
 
 Verify the user anonymously.
diff --git a/demo/.gitignore b/demo/.gitignore
new file mode 100644
index 0000000..a2647ce
--- /dev/null
+++ b/demo/.gitignore
@@ -0,0 +1 @@
+ssl
diff --git a/demo/Makefile b/demo/Makefile
index 34f2179..5f2c12b 100644
--- a/demo/Makefile
+++ b/demo/Makefile
@@ -24,7 +24,7 @@ up:
 down:
 	docker-compose down
 
-destroy: auth-gui-down
+destroy: auth-gui-down all-destroy_smime
 	docker-compose down -v
 
 config:
@@ -249,7 +249,7 @@ db-init:
 db-test:
 	docker-compose exec db mysqlshow -u $(MYSQL_USER) $(MYSQL_DATABASE) -p$(MYSQL_PASSWORD)
 
-app-init: wait_12 app-public_store
+app-init: #wait_21 app-public_store
 
 app-debugtools:
 	docker-compose exec app apt-get update
@@ -311,8 +311,44 @@ app-create_store:
 app-public_store:
 	docker-compose exec app kopano-storeadm -h default: -P
 
+app-create_smime: all-create_smime ssl/ca.crt
+	docker cp ssl/ca.crt $$(docker-compose ps -q app):/usr/local/share/ca-certificates/$(MAIL_DOMAIN)_CA.crt
+	docker-compose exec app update-ca-certificates
+
 all-test_quiet:
 	$(eval curl_dbg := -s -S )
 
 all-test_muted:
 	$(eval curl_dbg := -s -S >/dev/null || true)
+
+all-create_smime: ssl/$(LDAP_TEST_USER).smime.p12
+
+all-destroy_smime:
+	rm -rf ssl
+
+#.PRECIOUS: %.key %.crt %.smime.crt
+
+%.p12: %.crt
+	openssl pkcs12 -export -in $< -inkey $*.key -out $@ \
+	-passout pass:$(LDAP_TEST_PASSWD)
+
+%.csr: %.key
+	openssl req -new -key $< -out $@ \
+	-subj "/O=$(MAIL_DOMAIN)/CN=$(LDAP_TEST_USER)/emailAddress=$(LDAP_TEST_USER)@$(MAIL_DOMAIN)"
+
+%.smime.crt: %.smime.csr ssl/ca.crt
+	openssl x509 -req -in $< -CA $(@D)/ca.crt -CAkey $(@D)/ca.key -out $@ \
+	-setalias "Self Signed SMIME" -addtrust emailProtection \
+	-addreject clientAuth -addreject serverAuth -trustout \
+	-CAcreateserial
+
+%.crt: %.key
+	openssl req -x509 -batch -key $< -out $@ \
+	-subj "/O=$(MAIL_DOMAIN)"
+
+%.key: ssl
+	openssl genrsa -out $@
+	chmod a+r $@
+
+ssl:
+	mkdir -p $@
diff --git a/demo/docker-compose.yml b/demo/docker-compose.yml
index 7c27db7..7a1b3fc 100644
--- a/demo/docker-compose.yml
+++ b/demo/docker-compose.yml
@@ -36,6 +36,7 @@ services:
       - IMAPS_LISTEN=*:993                      # enable TLS
       - POP3S_LISTEN=*:995                      # enable TLS
       - ICALS_LISTEN=*:8443                     # enable TLS
+      - PLUGIN_SMIME_USER_DEFAULT_ENABLE_SMIME=true
       - SYSLOG_LEVEL=${SYSLOG_LEVEL-3}
       - LOG_LEVEL=${LOG_LEVEL-3}
     volumes:
diff --git a/src/docker/bin/docker-runfunc.sh b/src/docker/bin/docker-runfunc.sh
index ae37abc..b02167e 100755
--- a/src/docker/bin/docker-runfunc.sh
+++ b/src/docker/bin/docker-runfunc.sh
@@ -2,13 +2,14 @@
 #
 # docker-runfunc.sh
 #
-# Allow functions to be accessed from the commandline.
+# Allow functions to be accessed from the command line.
 #
 
 #
 # Source common functions.
 #
 . docker-common.sh
+. docker-config.sh
 
 #
 # dr_docker_call_func "$@"
diff --git a/src/kopano/entry.d/10-kopano-common b/src/kopano/entry.d/10-kopano-common
index 33f4867..b79405c 100755
--- a/src/kopano/entry.d/10-kopano-common
+++ b/src/kopano/entry.d/10-kopano-common
@@ -21,6 +21,8 @@ DOCKER_LDAP_PMAP_FILE=${DOCKER_LDAP_PMAP_FILE-/usr/share/kopano/ldap.propmap.cfg
 sqlstate_cfg_file=$DOCKER_CONF_DIR2/backend/sqlstatemachine/config.php
 zpush_cfg_file=$DOCKER_CONF_DIR2/config.php
 webapp_cfg_file=$DOCKER_CONF_DIR1/webapp/config.php
+webapp_mdm_cfg_file=$DOCKER_CONF_DIR1/webapp/config-mdm.php
+webapp_smime_cfg_file=$DOCKER_CONF_DIR1/webapp/config-smime.php
 
 #
 # Apply environment variables to configuration files.
@@ -37,6 +39,8 @@ kopano_apply_envvars_core() {
 
 kopano_apply_envvars_webapp() {
 	kopano_apply_envvars_php $webapp_cfg_file
+	kopano_apply_envvars_php $webapp_mdm_cfg_file
+	kopano_apply_envvars_php $webapp_smime_cfg_file
 }
 
 kopano_apply_envvars_zpush() {
@@ -50,7 +54,7 @@ kopano_apply_envvars_cfg() {
 	if [ -f $man_file ]; then
 		local env_vars="$(kopano_get_envvars_man $man_file)"
 		if [ -e $cfg_file ]; then
-			mv -f $cfg_file $cfg_file.orig
+			mv -f $cfg_file $cfg_file.bak
 		fi
 		for env_var in $env_vars; do
 			kopano_set_envvars_cfg $cfg_file $env_var
@@ -64,11 +68,12 @@ kopano_apply_envvars_php() {
 	local cfg_file=$1
 	if [ -e $cfg_file ]; then
 		local env_vars="$(kopano_get_envvars_php $cfg_file)"
-		cp -f $cfg_file $cfg_file.orig
 		for env_var in $env_vars; do
 			if [ -n "${!env_var}" ]; then
+				[ -z "${changed+x}" ] && cp -f $cfg_file $cfg_file.bak
 				dc_log 5 "Setting ${env_var} = ${!env_var} in $cfg_file"
-				sed -ri "s/(\s*define).+${env_var}.+/\1\(\x27${env_var}\x27, \x27${!env_var}\x27\);/g" $cfg_file
+				sed -ri "s/(\s*define[('\"]+${env_var}['\",]+).+/\1 ${!env_var});/Ig" $cfg_file
+				local changed
 			fi
 		done
 	fi
@@ -93,7 +98,7 @@ kopano_set_envvars_cfg() {
 kopano_gen_filename_man() { echo $DOCKER_MAN5_DIR/kopano-$1.cfg.5.gz ;}
 kopano_gen_filename_cfg() { echo $DOCKER_CONF_DIR1/$1.cfg ;}
 kopano_get_envvars_man() { zcat $1 | sed -r "/^\.SS/!d;{s/^\.SS (.*)/\U\1/g;s/,//g}" | sort -u ;}
-kopano_get_envvars_php() { sed -nr "/define\(/s/.*define\(['\"](.*)['\"], .*/\1/p" $1 | sort -u ;}
+kopano_get_envvars_php() { sed -nr "/define\(/Is/.*define\(['\"](.*)['\"], .*/\1/Ip" $1 | sort -u ;}
 
 #
 # Update SSL_CERTIFICATE_FILE and SSL_PRIVATE_KEY_FILE.
diff --git a/test/Makefile b/test/Makefile
index a252fc0..d3093ad 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -242,7 +242,6 @@ test-lmtp_%:
 
 test-cfg_%:
 	$(eval cfg_s := $(shell [ $* -ge 2 ] && echo s))
-	$(eval cfg_s := $(shell [ $* -ge 2 ] && echo s))
 
 # Note: cannot use prereq also in a proper target since it will change the
 # prereq order, eg. avoid the "3" in test-imaps: test-imap_3