$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
"</b></font>\n";
- error_box($string,$color);
+ error_box($string);
return false;
}
}
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
"</b></font>\n";
- error_box($string,$color);
+ error_box($string);
return false;
}
}
*/
function sqimap_read_data_list($imap_stream, $tag, $handle_errors,
&$response, &$message, $query = '') {
- global $color, $squirrelmail_language;
+ global $color, $oTemplate, $squirrelmail_language;
set_up_language($squirrelmail_language);
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: Bad function call.") .
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
htmlspecialchars($query) . '<br />' . "</font><br />\n";
- error_box($string,$color);
- echo '</body></html>';
+ error_box($string);
+ $oTemplate->display('footer.tpl');
exit;
}
$string .= "</font><br />\n";
if ($link != '')
$string .= $link;
- error_box($string,$color);
+ error_box($string);
}
/**
if ($s === "}\r\n") {
$j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3);
- $data[] = $read;
- $sLiteral = fread($imap_stream,$iLit);
- if ($sLiteral === false) { /* error */
- $read = false;
- break 3; /* while switch while */
+ // check for numeric value to avoid that untagged responses like:
+ // * OK [PARSE] Unexpected characters at end of address: {SET:debug=51}
+ // will trigger literal fetching ({SET:debug=51} !== int )
+ if (is_numeric($iLit)) {
+ $data[] = $read;
+ $sLiteral = fread($imap_stream,$iLit);
+ if ($sLiteral === false) { /* error */
+ $read = false;
+ break 3; /* while switch while */
+ }
+ $data[] = $sLiteral;
+ $data[] = sqimap_fgets($imap_stream);
+ } else {
+ $data[] = $read;
}
- $data[] = $sLiteral;
- $data[] = sqimap_fgets($imap_stream);
} else {
$data[] = $read;
}
* Logs the user into the IMAP server. If $hide is set, no error messages
* will be displayed. This function returns the IMAP connection handle.
* @param string $username user name
- * @param string $password password encrypted with onetimepad. Since 1.5.2
- * function can use internal password functions, if parameter is set to
- * boolean false.
+ * @param string $password password encrypted with onetimepad. Since 1.5.2
+ * function can use internal password functions, if parameter is set to
+ * boolean false.
* @param string $imap_server_address address of imap server
* @param integer $imap_port port of imap server
* @param boolean $hide controls display connection errors
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
$imap_auth_mech, $sqimap_capabilities;
+ // Note/TODO: This hack grabs the $authz argument from the session. In the short future,
+ // a new argument in function sqimap_login() will be used instead.
+ $authz = '';
+ global $authz;
+ sqgetglobalvar('authz' , $authz , SQ_SESSION);
+
+ if(!empty($authz)) {
+ /* authz plugin - specific:
+ * Get proxy login parameters from authz plugin configuration. If they
+ * exist, they will override the current ones.
+ * This is useful if we want to use different SASL authentication mechanism
+ * and/or different TLS settings for proxy logins. */
+ global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls;
+ $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech;
+ $use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls;
+ $imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port;
+
+ if($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') {
+ logout_error("Misconfigured Plugin (authz or equivalent):<br/>".
+ "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login.");
+ exit;
+ }
+ }
+
/* get imap login password */
if ($password===false) {
/* standard functions */
}
if (!isset($sqimap_capabilities)) {
- sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION );
+ sqgetglobalvar('sqimap_capabilities' , $sqimap_capabilities , SQ_SESSION );
}
$host = $imap_server_address;
// Got a challenge back
$challenge=$response[1];
if ($imap_auth_mech == 'digest-md5') {
- $reply = digest_md5_response($username,$password,$challenge,'imap',$host);
+ $reply = digest_md5_response($username,$password,$challenge,'imap',$host,$authz);
} elseif ($imap_auth_mech == 'cram-md5') {
$reply = cram_md5_response($username,$password,$challenge);
}
$read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
} elseif ($imap_auth_mech == 'plain') {
/***
- * SASL PLAIN
+ * SASL PLAIN, RFC 4616 (updates 2595)
*
- * RFC 2595 Chapter 6
- *
- * The mechanism consists of a single message from the client to the
- * server. The client sends the authorization identity (identity to
- * login as), followed by a US-ASCII NUL character, followed by the
- * authentication identity (identity whose password will be used),
- * followed by a US-ASCII NUL character, followed by the clear-text
- * password. The client may leave the authorization identity empty to
- * indicate that it is the same as the authentication identity.
- *
- **/
+ * The mechanism consists of a single message, a string of [UTF-8]
+ * encoded [Unicode] characters, from the client to the server. The
+ * client presents the authorization identity (identity to act as),
+ * followed by a NUL (U+0000) character, followed by the authentication
+ * identity (identity whose password will be used), followed by a NUL
+ * (U+0000) character, followed by the clear-text password. As with
+ * other SASL mechanisms, the client does not provide an authorization
+ * identity when it wishes the server to derive an identity from the
+ * credentials and use that as the authorization identity.
+ */
$tag=sqimap_session_id(false);
- $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false;
- $auth = base64_encode("$username\0$username\0$password");
+ $sasl = (isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR']) ? true : false;
+ if(!empty($authz)) {
+ $auth = base64_encode("$username\0$authz\0$password");
+ } else {
+ $auth = base64_encode("$username\0$username\0$password");
+ }
if ($sasl) {
// IMAP Extension for SASL Initial Client Response
// <draft-siemborski-imap-sasl-initial-response-01b.txt>
$results=explode(" ",$read,3);
$response=$results[1];
$message=$results[2];
+
} else {
$response="BAD";
$message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers.";
$string .= htmlspecialchars($line) . "<br />\n";
}
}
- error_box($string,$color);
+ error_box($string);
exit;
} else {
/*
for ($i=2; $i < count($c); $i++) {
$cap_list = explode('=', $c[$i]);
if (isset($cap_list[1])) {
+ if(isset($sqimap_capabilities[trim($cap_list[0])]) &&
+ !is_array($sqimap_capabilities[trim($cap_list[0])])) {
+ // Remove array key that was added in 'else' block below
+ // This is to accomodate for capabilities like:
+ // SORT SORT=MODSEQ
+ unset($sqimap_capabilities[trim($cap_list[0])]);
+ }
$sqimap_capabilities[trim($cap_list[0])][] = $cap_list[1];
} else {
- $sqimap_capabilities[trim($cap_list[0])] = TRUE;
+ if(!isset($sqimap_capabilities[trim($cap_list[0])])) {
+ $sqimap_capabilities[trim($cap_list[0])] = TRUE;
+ }
}
}
}
$yp = `ypmatch $username aliases`;
return chop(substr($yp, strlen($username)+1));
}
-
-?>
\ No newline at end of file
projects / squirrelmail.git / blobdiff