ZP-77 Added policies.ini containing the default policies. On the

Provisioning load policies from the policies.ini. Added check if default policies exist. Extended backend to load custom policies. Released under the Affero GNU General Public License (AGPL) version 3.

ZP-77 Added policies.ini containing the default policies. On the
Provisioning load policies from the policies.ini. Added check if default policies exist. Extended backend to load custom policies. Released under the Affero GNU General Public License (AGPL) version 3.
d0edb066 · Manfred Kutas · 3f1f999e · d0edb066 · d0edb066 · d0edb066
Commit d0edb066 authored Mar 02, 2016 by Manfred Kutas
9 changed files
--- a/src/backend/zarafa/zarafa.php
+++ b/src/backend/zarafa/zarafa.php
@@ -10,7 +10,7 @@
 *
 * Created   :   01.10.2011
 *
-* Copyright 2007 - 2015 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -1007,6 +1007,16 @@ class BackendZarafa implements IBackend, ISearchProvider {
        return $r;
    }

+    /**
+     * Returns the policy name for the user.
+     *
+     * @access public
+     * @return string|boolean
+     */
+    public function GetUserPolicyName() {
+        return false;
+    }
+

    /**----------------------------------------------------------------------------------------------------------
     * Implementation of the ISearchProvider interface

--- a/src/config.php
+++ b/src/config.php
@@ -143,6 +143,9 @@
    // true - allow older devices, but enforce policies on devices which support it
    define('LOOSE_PROVISIONING', false);

+    // The file containing the policies' settings.
+    define('PROVISIONING_POLICYFILE', '/etc/z-push/policies.ini');
+
    // Default conflict preference
    // Some devices allow to set if the server or PIM (mobile)
    // should win in case of a synchronization conflict

--- a/src/lib/core/asdevice.php
+++ b/src/lib/core/asdevice.php
@@ -7,7 +7,7 @@
 *
 * Created   :   11.04.2011
 *
-* Copyright 2007 - 2015 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -61,7 +61,7 @@ class ASDevice extends StateObject {
                                    'wipeactionon' => false,
                                    'lastupdatetime' => 0,
                                    'conversationmode' => false,
-                                    'policies' => array(),
+                                    'policies' => false,
                                    'policykey' => self::UNDEFINED,
                                    'forcesave' => false,
                                    'asversion' => false,

--- a/src/lib/core/devicemanager.php
+++ b/src/lib/core/devicemanager.php
@@ -10,7 +10,7 @@
 *
 * Created   :   11.04.2011
 *
-* Copyright 2007 - 2015 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -267,8 +267,24 @@ class DeviceManager {
     */
    public function GetProvisioningObject() {
        $p = new SyncProvisioning();
+        $policyName = ZPush::GetBackend()->GetUserPolicyName();
+        if ($policyName === false) {
+            // get the policy name from device data
+            $policyName = $this->device->GetPolicies();
+        }
        // TODO load systemwide Policies
-        $p->Load($this->device->GetPolicies());
+        $policies = parse_ini_file(PROVISIONING_POLICYFILE, true);
+        if ($policyName !== false && isset($policies[$policyName])) {
+            $policies = $policies[$policyName];
+            ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->GetProvisioningObject(): load %s policy.", $policyName));
+        }
+        else {
+            $policies = $policies['default'];
+            ZLog::Write(LOGLEVEL_DEBUG, "DeviceManager->GetProvisioningObject(): load default policy.");
+        }
+
+        $p->Load($policies);
+        unset($policies);
        return $p;
    }


--- a/src/lib/core/zpush.php
+++ b/src/lib/core/zpush.php
@@ -6,7 +6,7 @@
 *
 * Created   :   12.04.2011
 *
-* Copyright 2007 - 2015 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -285,6 +285,13 @@ class ZPush {
            date_default_timezone_set('Europe/Amsterdam');
        }

+        // check if Provisioning is enabled and the default policies are available
+        if (PROVISIONING) {
+            $policies = parse_ini_file(PROVISIONING_POLICYFILE, true);
+            if (!isset($policies['default'])) {
+                throw new FatalMisconfigurationException(sprintf("Your policies' configuration file doesn't contain the required [default] section. Please check the %s file.", constant('PROVISIONING_POLICYFILE')));
+            }
+        }
        return true;
    }


--- a/src/lib/default/backend.php
+++ b/src/lib/default/backend.php
@@ -20,7 +20,7 @@
 *
 * Created   :   01.10.2007
 *
-* Copyright 2007 - 2015 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -352,4 +352,14 @@ abstract class Backend implements IBackend {
        }
    }

+    /**
+     * Returns the policy name for the user.
+     *
+     * @access public
+     * @return string|boolean
+     */
+    public function GetUserPolicyName() {
+        return false;
+    }
+
 }
--- a/src/lib/interface/ibackend.php
+++ b/src/lib/interface/ibackend.php
@@ -10,7 +10,7 @@
 *
 * Created   :   02.01.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -328,4 +328,12 @@ interface IBackend {
     * @return string
     */
    public function GetFolderStat($store, $folderid);
+
+    /**
+     * Returns the policy name for the user.
+     *
+     * @access public
+     * @return string|boolean
+     */
+    public function GetUserPolicyName();
 }
--- a/src/lib/syncobjects/syncprovisioning.php
+++ b/src/lib/syncobjects/syncprovisioning.php
@@ -10,7 +10,7 @@
 *
 * Created   :   05.09.2011
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -236,18 +236,18 @@ class SyncProvisioning extends SyncObject {
    }

    public function Load($policies = array()) {
-        if (empty($policies)) {
-            $this->LoadDefaultPolicies();
-        }
-        else foreach ($policies as $p=>$v) {
-            if (!isset($this->mapping[$p])) {
-                ZLog::Write(LOGLEVEL_INFO, sprintf("Policy '%s' not supported by the device, ignoring", substr($p, strpos($p,':')+1)));
-                continue;
+        // always load default policies because there might be some policy missing in the policies.ini
+        $this->LoadDefaultPolicies();
+        if (!empty($policies)) {
+            $objectsVars = get_object_vars($this);
+            foreach ($policies as $p=>$v) {
+                if (!in_array($p, $objectsVars)) {
+                    ZLog::Write(LOGLEVEL_INFO, sprintf("Policy '%s' not supported by the device, ignoring", $p));
+                    continue;
+                }
+                ZLog::Write(LOGLEVEL_DEBUG, sprintf("Policy '%s' enforced with: %s (%s)", $p, (is_array($v)) ? Utils::PrintAsString(implode(',', $v)) : Utils::PrintAsString($v), gettype($v)));
+                $this->$p = (is_array($v) && empty($v)) ? array() : $v;
            }
-            ZLog::Write(LOGLEVEL_INFO, sprintf("Policy '%s' enforced with: %s", substr($p, strpos($p,':')+1), Utils::PrintAsString($v)));
-
-            $var = $this->mapping[$p][self::STREAMER_VAR];
-            $this->$var = $v;
        }
    }


--- a/src/policies.ini
+++ b/src/policies.ini
+;;;;;;;;;;;;;;;;;;;;;;;;
+; About policies.ini   ;
+;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Z-Push policies' file holds the configuration to be applied
+; during the provisioning of a mobile device.
+
+; The default ActiveSync policy. Do not change its name.
+[default]
+
+; AS 12.0, 12.1 and 14.0 props
+devpwenabled = 0
+alphanumpwreq = 0
+devencenabled = 0
+pwrecoveryenabled = 0
+docbrowseenabled =
+attenabled = 1
+mindevpwlenngth = 4
+maxinacttimedevlock = 900
+maxdevpwfailedattempts = 8
+maxattsize = ''
+allowsimpledevpw = 1
+devpwexpiration = 0
+devpwhistory = 0
+
+; AS 12.1 and 14.0 props
+allostoragecard = 1
+allowcam = 1
+reqdevenc = 0
+allowunsignedapps = 1
+allowunsigninstallpacks = 1
+mindevcomplexchars = 3
+allowwifi = 1
+allowtextmessaging = 1
+allowpopimapemail = 1
+allowbluetooth = 2
+allowirda = 1
+reqmansyncroam = 0
+allowdesktopsync = 1
+maxcalagefilter = 0
+allowhtmlemail = 1
+maxemailagefilter = 0
+maxemailbodytruncsize = -1
+maxemailhtmlbodytruncsize = -1
+reqsignedsmimemessages = 0
+reqencsmimemessages = 0
+reqsignedsmimealgorithm = 0
+reqencsmimealgorithm = 0
+allowsmimeencalgneg = 2
+allowsmimesoftcerts = 1
+allowbrowser = 1
+allowconsumeremail = 1
+allowremotedesk = 1
+allowinternetsharing = 1
+
+; in order to have a multivalue policies, add a line for
+; every app you want to enable or disable, e.g.
+; unapprovedinromapplist[] = app1
+; unapprovedinromapplist[] = app2
+; unapprovedinromapplist[] = app3
+
+; in order to have a multivalue policies, add a line for
+; every app you want to enable or disable, e.g.
+; approvedapplist[] = hash1
+; approvedapplist[] = hash2
+; approvedapplist[] = hash3