Incorporate changes to the community RoundCube

- add dovecot_impersonate and twofactor_gauthenticator plugins
- ensure that email.cacert.org is setup in /etc/hosts with its internal
  IP address
- add certificate validation for smtp and imap

2 files changed, 71 insertions, 1 deletions

diff --git a/sitemodules/profiles/templates/roundcube/config.inc.php.epp b/sitemodules/profiles/templates/roundcube/config.inc.php.epp
index fe216d6..ec21a9e 100644
--- a/sitemodules/profiles/templates/roundcube/config.inc.php.epp
+++ b/sitemodules/profiles/templates/roundcube/config.inc.php.epp
@@ -4,6 +4,9 @@
       String $support_url,
       String $des_key,
       String $skin,
+      String $mail_domain,
+      String $debug,
+      String $cacert_certs,
 | -%>
 <?php
 
@@ -97,3 +100,63 @@ $config['skin'] = '<%= $skin %>';
 //         see defaults.inc.php for additional informations
 $config['enable_spellcheck'] = false;
 
+// This domain will be used to form e-mail addresses of new users
+// Specify an array with 'host' => 'domain' values to support multiple hosts
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['mail_domain'] = '<%= $mail_domain %>';
+
+// Set identities access level:
+// 0 - many identities with possibility to edit all params
+// 1 - many identities with possibility to edit all params but not email address
+// 2 - one identity with possibility to edit all params
+// 3 - one identity with possibility to edit all params but not email address
+// 4 - one identity with possibility to edit only signature
+$config['identities_level'] = 1;
+
+// Log IMAP conversation to <log_dir>/imap or to syslog
+$config['imap_debug'] = <%= $debug %>;
+
+// Log SMTP conversation to <log_dir>/smtp or to syslog
+$config['smtp_debug'] = <%= $debug %>;
+
+// IMAP socket context options
+// See http://php.net/manual/en/context.ssl.php
+// The example below enables server certificate validation
+//$config['imap_conn_options'] = array(
+//  'ssl'         => array(
+//     'verify_peer'  => true,
+//     'verify_depth' => 3,
+//     'cafile'       => '/etc/openssl/certs/ca.crt',
+//   ),
+// );
+// Note: These can be also specified as an array of options indexed by hostname
+$config['imap_conn_options'] = array(
+  'ssl' => array(
+    'verify_peer' => true,
+    'cafile'      => '<%= $cacert_certs %>',
+  ),
+);
+
+// SMTP socket context options
+// See http://php.net/manual/en/context.ssl.php
+// The example below enables server certificate validation, and
+// requires 'smtp_timeout' to be non zero.
+// $config['smtp_conn_options'] = array(
+//   'ssl'         => array(
+//     'verify_peer'  => true,
+//     'verify_depth' => 3,
+//     'cafile'       => '/etc/openssl/certs/ca.crt',
+//   ),
+// );
+// Note: These can be also specified as an array of options indexed by hostname
+$config['smtp_conn_options'] = array(
+  'ssl' => array(
+    'verify_peer' => true,
+    'cafile'      => '<%= $cacert_certs %>',
+  ),
+);
diff --git a/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp b/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp
index 6ea400a..5e529e0 100644
--- a/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp
+++ b/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp
@@ -1,3 +1,5 @@
+<%- | String $cacert_certs,
+| -%>
 <?php
 
 // THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN BY THE
@@ -42,7 +44,12 @@ $config['managesieve_usetls'] = true;
 //   ),
 // );
 // Note: These can be also specified as an array of options indexed by hostname
-$config['managesieve_conn_options'] = null;
+$config['managesieve_conn_options'] = array(
+  'ssl' => array(
+    'verify_peer' => true,
+    'cafile'      => '<%= $cacert_certs %>',
+  ),
+);
 
 
 // default contents of filters script (eg. default spam filter)