php_mapi: add mapi_logon_np PHP function

jengelh · jengelh · commit 18d961b51713 · 2025-10-08T21:10:23.000+02:00
Restore ability to use ZRPC without proper credentials, just for
submit.php. It's still a crappy design to rely on zcore.

References: GXL-487, GXH-129, DESK-1731, DESK-2542, DESK-3393, DESK-3799
diff --git a/php_mapi/mapi.cpp b/php_mapi/mapi.cpp
@@ -23,6 +23,7 @@
 #include <gromox/zcore_client.hpp>
 #include <gromox/zcore_rpc.hpp>
 #include "php.h"
+#include "SAPI.h"
 #include "ext/standard/info.h"
 #include "Zend/zend_exceptions.h"
 #include "Zend/zend_builtin_functions.h"
@@ -753,6 +754,44 @@ static ZEND_FUNCTION(mapi_logon_ex)
 	MAPI_G(hr) = ecSuccess;
 }
 
+static ZEND_FUNCTION(mapi_logon_np)
+{
+	ZCL_MEMORY;
+	zend_long flags = 0;
+	char *username;
+	size_t username_len = 0;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl", &username,
+	    &username_len, &flags) == FAILURE ||
+	    username == nullptr || *username == '\0')
+		pthrow(ecInvalidParam);
+
+	/* enforce CLI mode */
+	if (sapi_module.name != nullptr) {
+		if (strcasecmp(sapi_module.name, "cli") != 0)
+			pthrow(ecAccessDenied);
+	} else {
+		zstrplus str_server(zend_string_init(ZEND_STRL("_SERVER"), 0));
+		auto server_vars = zend_hash_find(&EG(symbol_table), str_server.get());
+		zstrplus str_reqm(zend_string_init(ZEND_STRL("REQUEST_METHOD"), 0));
+		if (server_vars != nullptr && Z_TYPE_P(server_vars) == IS_ARRAY) {
+			auto method = zend_hash_find(Z_ARRVAL_P(server_vars), str_reqm.get());
+			if (method != nullptr)
+				pthrow(ecAccessDenied);
+		}
+	}
+	auto res = st_malloc<MAPI_RESOURCE>();
+	if (res == nullptr)
+		pthrow(ecMAPIOOM);
+	auto result = zclient_logon_np(username, "", "", flags, &res->hsession);
+	if (result != ecSuccess)
+		pthrow(result);
+	res->type = zs_objtype::session;
+	res->hobject = 0;
+	RETVAL_RG(res, le_mapi_session);
+	MAPI_G(hr) = ecSuccess;
+}
+
 static ZEND_FUNCTION(mapi_logon_token)
 {
 	ZCL_MEMORY;
@@ -4157,6 +4196,7 @@ static zend_function_entry mapi_functions[] = {
 	F(mapi_logon_token)
 	F(mapi_logon_zarafa)
 	F(mapi_logon_ex)
+	F(mapi_logon_np)
 	F(mapi_getmsgstorestable)
 	F(mapi_openmsgstore)
 	F(mapi_openprofilesection)
diff --git a/php_mapi/mapi.stub.php b/php_mapi/mapi.stub.php
@@ -10,6 +10,7 @@ function mapi_createoneoff(?string $displayname, string $type, string $address,
 function mapi_parseoneoff(string $entryid) : array|bool {}
 function mapi_logon_zarafa(string $username, string $password, ?string $server = null, ?string $sslcert = null, ?string $sslpass = null, ?int $flags = 0, ?string $wa_version = null, ?string $misc_version = null) : resource|bool {}
 function mapi_logon_ex(string $username, string $password, int $flags) : resource|bool {}
+function mapi_logon_np(string $username, int $flags) : resource|bool {}
 function mapi_logon_token(string $token) : resource|bool {}
 function mapi_getmsgstorestable(resource $session) : resource|bool {}
 function mapi_openmsgstore(resource $ses, string $entryid) : resource|bool {}
diff --git a/php_mapi/mapi_arginfo.hpp b/php_mapi/mapi_arginfo.hpp
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 871b0416d0d4e8a11806aab29816729eb43e5d6b */
+ * Stub hash: 8185b8356317dda89e8676a5b9e87d3392d23d49 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_mapi_load_mapidefs, 0, 1, IS_VOID, 0)
 	ZEND_ARG_TYPE_INFO(0, level, IS_LONG, 1)
@@ -56,6 +56,11 @@ ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_mapi_logon_ex, 0, 3, resourc
 	ZEND_ARG_TYPE_INFO(0, flags, IS_LONG, 0)
 ZEND_END_ARG_INFO()
 
+ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_mapi_logon_np, 0, 2, resource, MAY_BE_BOOL)
+	ZEND_ARG_TYPE_INFO(0, username, IS_STRING, 0)
+	ZEND_ARG_TYPE_INFO(0, flags, IS_LONG, 0)
+ZEND_END_ARG_INFO()
+
 ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_mapi_logon_token, 0, 1, resource, MAY_BE_BOOL)
 	ZEND_ARG_TYPE_INFO(0, token, IS_STRING, 0)
 ZEND_END_ARG_INFO()
@@ -621,3 +626,4 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_mapi_strerror, 0, 1, IS_STRING, 0)
 	ZEND_ARG_TYPE_INFO(0, code, IS_LONG, 0)
 ZEND_END_ARG_INFO()
+
diff --git a/php_mapi/rpc_ext.cpp b/php_mapi/rpc_ext.cpp
@@ -1224,6 +1224,7 @@ pack_result rpc_ext_push_request(const zcreq *prequest, BINARY *pbin_out)
 	E(logon_token)
 	E(getuserfreebusy)
 	E(getuserfreebusyical)
+	E(logon_np)
 #undef E
 	default:
 		return pack_result::bad_switch;
@@ -1338,6 +1339,7 @@ pack_result rpc_ext_pull_response(const BINARY *pbin_in, zcresp *presponse)
 	E(logon_token)
 	E(getuserfreebusy)
 	E(getuserfreebusyical)
+	E(logon_np)
 #undef E
 	default:
 		return pack_result::bad_switch;
diff --git a/tools/submit.php b/tools/submit.php
@@ -20,7 +20,7 @@
 	$loc_string .= hex2bin('00');
 	$_SERVER['REMOTE_USER'] = $argv[1];
 	try {
-		$session = mapi_logon_ex($argv[1], null, 0);
+		$session = mapi_logon_np($argv[1], 0);
 	} catch (Exception  $e) {
 		die("fail to log on the " . $argv[1] . "'s store");
 	}

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`$loc_string .= hex2bin('00');`
`21`	`21`	`$_SERVER['REMOTE_USER'] = $argv[1];`
`22`	`22`	`try {`
`23`		`- $session = mapi_logon_ex($argv[1], null, 0);`
	`23`	`+ $session = mapi_logon_np($argv[1], 0);`
`24`	`24`	`} catch (Exception $e) {`
`25`	`25`	`die("fail to log on the " . $argv[1] . "'s store");`
`26`	`26`	`}`