1<?php
2/***********************************************
3* File      :   config.php
4* Project   :   Z-Push
5* Descr     :   Main configuration file
6*
7* Created   :   01.10.2007
8*
9* Copyright 2007 - 2016 Zarafa Deutschland GmbH
10*
11* This program is free software: you can redistribute it and/or modify
12* it under the terms of the GNU Affero General Public License, version 3,
13* as published by the Free Software Foundation.
14*
15* This program is distributed in the hope that it will be useful,
16* but WITHOUT ANY WARRANTY; without even the implied warranty of
17* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18* GNU Affero General Public License for more details.
19*
20* You should have received a copy of the GNU Affero General Public License
21* along with this program.  If not, see <http://www.gnu.org/licenses/>.
22*
23* Consult LICENSE file for details
24************************************************/
25define("GO_NO_SESSION", true);
26//require Group-Office framework
27if(!class_exists('GO'))
28	require_once(dirname(dirname(__DIR__)) . "/GO.php");
29
30/**********************************************************************************
31 *  Default settings
32 */
33    // Defines the default time zone, change e.g. to "Europe/London" if necessary
34    define('TIMEZONE', '');
35
36    // Defines the base path on the server
37//    define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/');
38		define('BASE_PATH', \GO::config()->root_path. 'modules/z-push/vendor/z-push/');
39
40    // Try to set unlimited timeout
41    define('SCRIPT_TIMEOUT', 0);
42
43    // Use a custom header to determinate the remote IP of a client.
44    // By default, the server provided REMOTE_ADDR is used. If the header here set
45    // is available, the provided value will be used, else REMOTE_ADDR is maintained.
46    // set to false to disable this behaviour.
47    // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)
48    define('USE_CUSTOM_REMOTE_IP_HEADER', false);
49
50    // When using client certificates, we can check if the login sent matches the owner of the certificate.
51    // This setting specifies the owner parameter in the certificate to look at.
52    define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN");
53
54    /*
55     * Whether to use the complete email address as a login name
56     * (e.g. user@company.com) or the username only (user).
57     * This is required for Z-Push to work properly after autodiscover.
58     * Possible values:
59     *   false - use the username only.
60     *   true  - string the mobile sends as username, e.g. full email address (default).
61     */
62    define('USE_FULLEMAIL_FOR_LOGIN', true);
63
64	/**********************************************************************************
65	 * StateMachine setting
66	 *
67	 * These StateMachines can be used:
68	 *   FILE  - FileStateMachine (default). Needs STATE_DIR set as well.
69	 *   SQL   - SqlStateMachine has own configuration file. STATE_DIR is ignored.
70	 *           State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa
71	 */
72		$folder = new \GO\Base\Fs\Folder(\GO::config()->file_storage_path.'zpush21state/');
73		$folder->create();
74    define('STATE_MACHINE', 'FILE');
75    define('STATE_DIR', $folder->path().'/');
76
77		/**********************************************************************************
78		 *  IPC - InterProcessCommunication
79		 *
80		 *  Is either provided by using shared memory on a single host or
81		 *  using the memcache provider for multi-host environments.
82		 *  When another implementation should be used, the class can be set here explicitly.
83		 *  If empty Z-Push will try to use available providers.
84
85		 *  Possible values:
86		 *  IpcSharedMemoryProvider - default. Requires z-push-ipc-sharedmemory package.
87		 *  IpcMemcachedProvider    - requires z-push-ipc-memcached package. It is necessary to set up
88		 *                            memcached server before (it won't be installed by z-push-ipc-memcached).
89		 *  IpcWincacheProvider     - for windows systems.
90		 */
91    define('IPC_PROVIDER', '');
92
93/**********************************************************************************
94 *  Logging settings
95 *
96 *  The LOGBACKEND specifies where the logs are sent to.
97 *  Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass.
98 *  filelog and syslog have several options that can be set below.
99 *  For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT
100
101 *  Possible LOGLEVEL and LOGUSERLEVEL values are:
102 *  LOGLEVEL_OFF            - no logging
103 *  LOGLEVEL_FATAL          - log only critical errors
104 *  LOGLEVEL_ERROR          - logs events which might require corrective actions
105 *  LOGLEVEL_WARN           - might lead to an error or require corrective actions in the future
106 *  LOGLEVEL_INFO           - usually completed actions
107 *  LOGLEVEL_DEBUG          - debugging information, typically only meaningful to developers
108 *  LOGLEVEL_WBXML          - also prints the WBXML sent to/from the device
109 *  LOGLEVEL_DEVICEID       - also prints the device id for every log entry
110 *  LOGLEVEL_WBXMLSTACK     - also prints the contents of WBXML stack
111 *
112 *  The verbosity increases from top to bottom. More verbose levels include less verbose
113 *  ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
114 *  LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
115 *
116 *  LOGAUTHFAIL is logged to the LOGBACKEND.
117 */
118		//note: you can't use z-push constants in the GO config file!
119		//use 16 for debug or 32 for wbxml
120		if(!isset(\GO::config()->zpush2_loglevel)){
121			\GO::config()->zpush2_loglevel = \GO::config()->debug ? LOGLEVEL_WBXML : LOGLEVEL_OFF;
122		}
123
124		define('LOGBACKEND', 'filelog');
125		define('LOGLEVEL', \GO::config()->zpush2_loglevel);
126		define('LOGAUTHFAIL', false);
127
128    // To save e.g. WBXML data only for selected users, add the usernames to the array
129    // The data will be saved into a dedicated file per user in the LOGFILEDIR
130    // Users have to be encapusulated in quotes, several users are comma separated, like:
131    //   $specialLogUsers = array('info@domain.com', 'myusername');
132    define('LOGUSERLEVEL', LOGLEVEL_DEVICEID);
133    $GLOBALS['specialLogUsers'] = isset(\GO::config()->zpush2_special_log_users) ?  \GO::config()->zpush2_special_log_users : array();
134
135		$folder = new \GO\Base\Fs\Folder(\GO::config()->file_storage_path.'log/z-push/');
136		$folder->create();
137
138		define('LOGFILEDIR', $folder->path().'/');
139    define('LOGFILE', LOGFILEDIR . 'z-push.log');
140    define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log');
141
142    // Syslog settings
143    // false will log to local syslog, otherwise put the remote syslog IP here
144    define('LOG_SYSLOG_HOST', false);
145    // Syslog port
146    define('LOG_SYSLOG_PORT', 514);
147    // Program showed in the syslog. Useful if you have more than one instance login to the same syslog
148    define('LOG_SYSLOG_PROGRAM', 'z-push');
149    // Syslog facility - use LOG_USER when running on Windows
150    define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);
151
152    // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem'
153    // Uncomment and modify the following line if the validation of the certificates fails.
154    // define('CAINFO', '/etc/ssl/certs/EmailCA.pem');
155
156/**********************************************************************************
157 *  Mobile settings
158 */
159    // Device Provisioning (for remote wipe possible)
160    define('PROVISIONING', isset(\GO::config()->zpush2_provisioning)?\GO::config()->zpush2_provisioning:false);
161
162    // This option allows the 'loose enforcement' of the provisioning policies for older
163    // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution
164    // false (default) - Enforce provisioning for all devices
165    // true - allow older devices, but enforce policies on devices which support it
166    define('LOOSE_PROVISIONING', isset(\GO::config()->zpush2_loose_provisioning)?\GO::config()->zpush2_loose_provisioning:false);
167
168    // The file containing the policies' settings.
169    // Set a full path or relative to the z-push main directory
170    define('PROVISIONING_POLICYFILE', 'policies.ini');
171
172    // Default conflict preference
173    // Some devices allow to set if the server or PIM (mobile)
174    // should win in case of a synchronization conflict
175    //   SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins
176    //   SYNC_CONFLICT_OVERWRITE_PIM    - PIM is overwritten, Server wins (default)
177    define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM);
178
179    // Global limitation of items to be synchronized
180    // The mobile can define a sync back period for calendar and email items
181    // For large stores with many items the time period could be limited to a max value
182    // If the mobile transmits a wider time period, the defined max value is used
183    // Applicable values:
184    //   SYNC_FILTERTYPE_ALL (default, no limitation)
185    //   SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS,
186    //   SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS
187    define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL);
188
189    // Interval in seconds before checking if there are changes on the server when in Ping.
190    // It means the highest time span before a change is pushed to a mobile. Set it to
191    // a higher value if you have a high load on the server.
192    define('PING_INTERVAL', GO::config()->debug ? 5 : 120);
193
194    // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook.
195    // It will only affect new/modified contacts on the mobile which then are synced to the server.
196    // Possible values are:
197    // SYNC_FILEAS_FIRSTLAST    - fileas will be "Firstname Middlename Lastname"
198    // SYNC_FILEAS_LASTFIRST    - fileas will be "Lastname, Firstname Middlename"
199    // SYNC_FILEAS_COMPANYONLY  - fileas will be "Company"
200    // SYNC_FILEAS_COMPANYLAST  - fileas will be "Company (Lastname, Firstname Middlename)"
201    // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)"
202    // SYNC_FILEAS_LASTCOMPANY  - fileas will be "Lastname, Firstname Middlename (Company)"
203    // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)"
204    // The company-fileas will only be set if a contact has a company set. If one of
205    // company-fileas is selected and a contact doesn't have a company set, it will default
206    // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first
207    // option is selected for company).
208    // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set
209    // SYNC_FILEAS_LASTFIRST will be used
210    define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST);
211
212    // Maximum amount of items to be synchronized per request.
213    // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100.
214    // Exporting too much items can cause mobile timeout on busy systems.
215    // Z-Push will use the lowest provided value, either set here or by the mobile.
216    // MS Outlook 2013+ request up to 512 items to accelerate the sync process.
217    // If you detect high load (also on subsystems) you could try a lower setting.
218    // max: 512 - value used if mobile does not limit amount of items
219    define('SYNC_MAX_ITEMS', 512);
220
221    // The devices usually send a list of supported properties for calendar and contact
222    // items. If a device does not includes such a supported property in Sync request,
223    // it means the property's value will be deleted on the server.
224    // However some devices do not send a list of supported properties. It is then impossible
225    // to tell if a property was deleted or it was not set at all if it does not appear in Sync.
226    // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with
227    // supported properties.
228    // See also https://jira.z-hub.io/browse/ZP-302.
229    // Possible values:
230    // false - do not unset properties which are not sent during Sync (default)
231    // true  - unset properties which are not sent during Sync
232    define('UNSET_UNDEFINED_PROPERTIES', false);
233
234    // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked
235    // in the semantic sanity checks and contacts with larger photos are not synchronized.
236    // This limitation is not being followed by the ActiveSync clients which set much bigger
237    // contact photos. You can override the default value of the max photo size.
238    // default: 5242880 - 5 MB default max photo size in bytes
239    define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880);
240
241    // Over the WebserviceUsers command it is possible to retrieve a list of all
242    // known devices and users on this Z-Push system. The authenticated user needs to have
243    // admin rights and a public folder must exist.
244    // In multicompany environments this enable an admin user of any company to retrieve
245    // this full list, so this feature is disabled by default. Enable with care.
246    define('ALLOW_WEBSERVICE_USERS_ACCESS', false);
247
248    // Users with many folders can use the 'partial foldersync' feature, where the server
249    // actively stops processing the folder list if it takes too long. Other requests are
250    // then redirected to the FolderSync to synchronize the remaining items.
251    // Device compatibility for this procedure is not fully understood.
252    // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING.
253    define('USE_PARTIAL_FOLDERSYNC', false);
254
255    // The minimum accepted time in second that a ping command should last.
256    // It is strongly advised to keep this config to false. Some device
257    // might not be able to send a higher value than the one specificied here and thus
258    // unable to start a push connection.
259    // If set to false, there will be no lower bound to the ping lifetime.
260    // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes).
261    define('PING_LOWER_BOUND_LIFETIME', false);
262
263    // The maximum accepted time in second that a ping command should last.
264    // If set to false, there will be no higher bound to the ping lifetime.
265    // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes).
266    define('PING_HIGHER_BOUND_LIFETIME', false);
267
268    // Maximum response time
269    // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example
270    // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe,
271    // the answer will not be recieved and the device will send a new one overloading the server.
272    // There are three categories
273    //   - Short timeout  - server has up within 30 seconds - is automatically applied for not categorized types
274    //   - Medium timeout - server has up to 90 seconds to respond
275    //   - Long timeout   - server has up to 4 minutes to respond
276    // If a timeout is almost reached the server will break and sent the results it has until this
277    // point. You can add DeviceType strings to the categories.
278    // In general longer timeouts are better, because more data can be streamed at once.
279    define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI");
280    define('SYNC_TIMEOUT_LONG_DEVICETYPES',   "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail");
281
282    // Time in seconds the device should wait whenever the service is unavailable,
283    // e.g. when a backend service is unavailable.
284    // Z-Push sends a "Retry-After" header in the response with the here defined value.
285    // It is up to the device to respect or not this directive so even if this option is set,
286    // the device might not wait requested time frame.
287    // Number of seconds before retry, to disable set to: false
288    define('RETRY_AFTER_DELAY', 300);
289
290/**********************************************************************************
291 *  Backend settings
292 */
293    // The data providers that we are using (see configuration below)
294		define('BACKEND_PROVIDER', "BackendGO");
295
296/**********************************************************************************
297 *  Search provider settings
298 *
299 *  Alternative backend to perform SEARCH requests (GAL search)
300 *  By default the main Backend defines the preferred search functionality.
301 *  If set, the Search Provider will always be preferred.
302 *  Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php)
303 */
304    define('SEARCH_PROVIDER', '');
305    // Time in seconds for the server search. Setting it too high might result in timeout.
306    // Setting it too low might not return all results. Default is 10.
307    define('SEARCH_WAIT', 10);
308    // The maximum number of results to send to the client. Setting it too high
309    // might result in timeout. Default is 10.
310    define('SEARCH_MAXRESULTS', 10);
311
312/**********************************************************************************
313 *  Kopano Outlook Extension - Settings
314 *
315 *  The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with
316 *  functionality not provided by ActiveSync or not implemented by Outlook.
317 *  For more information, see: https://wiki.z-hub.io/x/z4Aa
318 */
319    // Global Address Book functionality
320    define('KOE_CAPABILITY_GAB', true);
321    // Synchronize mail flags from the server to Outlook/KOE
322    define('KOE_CAPABILITY_RECEIVEFLAGS', true);
323    // Encode flags when sending from Outlook/KOE
324    define('KOE_CAPABILITY_SENDFLAGS', true);
325    // Out-of-office support
326    define('KOE_CAPABILITY_OOF', true);
327    // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF)
328    define('KOE_CAPABILITY_OOFTIMES', true);
329    // Notes support
330    define('KOE_CAPABILITY_NOTES', true);
331    // Shared folder support
332    define('KOE_CAPABILITY_SHAREDFOLDER', true);
333    // Send-As support for Outlook/KOE and mobiles
334    define('KOE_CAPABILITY_SENDAS', true);
335    // Secondary Contact folders (own and shared)
336    define('KOE_CAPABILITY_SECONDARYCONTACTS', true);
337    // Copy WebApp signature into KOE
338    define('KOE_CAPABILITY_SIGNATURES', true);
339    // Delivery receipt requests
340    define('KOE_CAPABILITY_RECEIPTS', true);
341    // Impersonate other users
342    define('KOE_CAPABILITY_IMPERSONATE', true);
343
344    // To synchronize the GAB KOE, the GAB store and folderid need to be specified.
345    // Use the gab-sync script to generate this data. The name needs to
346    // match the config of the gab-sync script.
347    // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script)
348    define('KOE_GAB_STORE', 'SYSTEM');
349    define('KOE_GAB_FOLDERID', '');
350    define('KOE_GAB_NAME', 'Z-Push-KOE-GAB');
351
352/**********************************************************************************
353 *  Synchronize additional folders to all mobiles
354 *
355 *  With this feature, special folders can be synchronized to all mobiles.
356 *  This is useful for e.g. global company contacts.
357 *
358 *  This feature is supported only by certain devices, like iPhones.
359 *  Check the compatibility list for supported devices:
360 *      http://z-push.org/compatibility
361 *
362 *  To synchronize a folder, add a section setting all parameters as below:
363 *      store:      the ressource where the folder is located.
364 *                  Kopano users use 'SYSTEM' for the 'Public Folder'
365 *      folderid:   folder id of the folder to be synchronized
366 *      name:       name to be displayed on the mobile device
367 *      type:       supported types are:
368 *                      SYNC_FOLDER_TYPE_USER_CONTACT
369 *                      SYNC_FOLDER_TYPE_USER_APPOINTMENT
370 *                      SYNC_FOLDER_TYPE_USER_TASK
371 *                      SYNC_FOLDER_TYPE_USER_MAIL
372 *                      SYNC_FOLDER_TYPE_USER_NOTE
373 *      flags:      sets additional options on the shared folder. Supported are:
374 *                      DeviceManager::FLD_FLAGS_NONE
375 *                          No flags configured, default flag to be set
376 *                      DeviceManager::FLD_FLAGS_SENDASOWNER
377 *                          When replying in this folder, automatically do Send-As
378 *                      DeviceManager::FLD_FLAGS_CALENDARREMINDERS
379 *                          If set, Outlook shows reminders for these shares with KOE
380 *                      DeviceManager::FLD_FLAGS_NOREADONLYNOTIFY
381 *                          If set, Z-Push won't send notification emails for changes
382 *                          if the folder is read-only
383 *
384 *  Additional notes:
385 *  - on Kopano systems use backend/kopano/listfolders.php script to get a list
386 *    of available folders
387 *
388 *  - all Z-Push users must have at least reading permissions so the configured
389 *    folders can be synchronized to the mobile. Else they are ignored.
390 *
391 *  - this feature is only partly suitable for multi-tenancy environments,
392 *    as ALL users from ALL tenents need access to the configured store & folder.
393 *    When configuring a public folder, this will cause problems, as each user has
394 *    a different public folder in his tenant, so the folder are not available.
395
396 *  - changing this configuration could cause HIGH LOAD on the system, as all
397 *    connected devices will be updated and load the data contained in the
398 *    added/modified folders.
399 */
400
401    $additionalFolders = array(
402        // demo entry for the synchronization of contacts from the public folder.
403        // uncomment (remove '/*' '*/') and fill in the folderid
404/*
405        array(
406            'store'     => "SYSTEM",
407            'folderid'  => "",
408            'name'      => "Public Contacts",
409            'type'      => SYNC_FOLDER_TYPE_USER_CONTACT,
410            'flags'     => DeviceManager::FLD_FLAGS_NONE,
411        ),
412*/
413    );
414