X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=functions%2Fauth.php;h=53b96d9f717e27ee90ef326bc99bb62dfe9fa452;hb=b00dce9befb0755283ff90d262b4f89db0b2b6e8;hp=493ddcd9b8b95c7fad2de4631886f3ff1c1d45a4;hpb=f7948940260e78389f28f703d79fe0d1e160e5fe;p=squirrelmail.git

diff --git a/functions/auth.php b/functions/auth.php
index 493ddcd9..53b96d9f 100644
--- a/functions/auth.php
+++ b/functions/auth.php
@@ -3,85 +3,28 @@
 /**
  * auth.php
  *
- * Contains functions used to do authentication. Library depends on 
- * functions from functions/global.php, functions/i18n.php and 
- * functions/strings.php.
+ * Contains functions used to do authentication.
+ * 
+ * Dependencies:
+ *  functions/global.php
+ *  functions/strings.php.
  *
- * @copyright &copy; 1999-2005 The SquirrelMail Project Team
+ * @copyright &copy; 1999-2007 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  */
 
-/** Put in a safety net here, in case a naughty admin didn't run conf.pl when they upgraded */
-
-if (! isset($smtp_auth_mech)) {
-    $smtp_auth_mech = 'none';
-}
-
-if (! isset($imap_auth_mech)) {
-    $imap_auth_mech = 'login';
-}
-
-if (! isset($use_imap_tls)) {
-    $use_imap_tls = false;
-}
-
-if (! isset($use_smtp_tls)) {
-    $use_smtp_tls = false;
-}
 
 /**
- * Check if user has previously logged in to the SquirrelMail session.  If user
- * has not logged in, execution will stop inside this function.
+ * Detect whether user is logged in
  *
- * @return int A positive value is returned if user has previously logged in
- * successfully.
- * @since 1.0
- */
-function is_logged_in() {
-
-    if ( sqsession_is_registered('user_is_logged_in') ) {
-        return;
-    } else {
-        global $PHP_SELF, $session_expired_post,
-               $session_expired_location, $squirrelmail_language;
-
-        //  First we store some information in the new session to prevent
-        //  information-loss.
-        //
-        $session_expired_post = $_POST;
-        $session_expired_location = $PHP_SELF;
-        if (!sqsession_is_registered('session_expired_post')) {
-            sqsession_register($session_expired_post,'session_expired_post');
-        }
-        if (!sqsession_is_registered('session_expired_location')) {
-            sqsession_register($session_expired_location,'session_expired_location');
-        }
-
-        // signout page will deal with users who aren't logged
-        // in on its own; don't show error here
-        //
-        if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
-           return;
-        }
-
-        include_once( SM_PATH . 'functions/display_messages.php' );
-        set_up_language($squirrelmail_language, true);
-        logout_error( _("You must be logged in to access this page.") );
-        exit;
-    }
-}
-
-/**
- * Detect logged user
- * 
- * Function is similar to is_logged_in() function. If user is logged in, function 
+ * Function is similar to is_logged_in() function. If user is logged in, function
  * returns true. If user is not logged in or session is expired, function saves $_POST
- * and $PHP_SELF in session and returns false. POST information is saved in 
- * 'session_expired_post' variable, PHP_SELF is saved in 'session_expired_location'.
+ * and PAGE_NAME in session and returns false. POST information is saved in
+ * 'session_expired_post' variable, PAGE_NAME is saved in 'session_expired_location'.
  *
- * Script that uses this function instead of is_logged_in() function, must handle user 
+ * Script that uses this function instead of is_logged_in() function, must handle user
  * level messages.
  * @return boolean
  * @since 1.5.1
@@ -89,23 +32,26 @@ function is_logged_in() {
 function sqauth_is_logged_in() {
     if ( sqsession_is_registered('user_is_logged_in') ) {
         return true;
-    } else {
-        global $PHP_SELF, $session_expired_post, $session_expired_location;
+    }
 
-        //  First we store some information in the new session to prevent
-        //  information-loss.
-        //
-        $session_expired_post = $_POST;
-        $session_expired_location = $PHP_SELF;
-        if (!sqsession_is_registered('session_expired_post')) {
-            sqsession_register($session_expired_post,'session_expired_post');
-        }
-        if (!sqsession_is_registered('session_expired_location')) {
-            sqsession_register($session_expired_location,'session_expired_location');
-        }
+    //  First we store some information in the new session to prevent
+    //  information-loss.
+    $session_expired_post = $_POST;
+    if (defined('PAGE_NAME'))
+        $session_expired_location = PAGE_NAME;
+    else
+        $session_expired_location = '';
 
-        return false;
-     }
+    if (!sqsession_is_registered('session_expired_post')) {
+        sqsession_register($session_expired_post,'session_expired_post');
+    }
+    if (!sqsession_is_registered('session_expired_location')) {
+        sqsession_register($session_expired_location,'session_expired_location');
+    }
+
+    session_write_close();
+
+    return false;
 }
 
 /**
@@ -124,15 +70,19 @@ function sqauth_read_password() {
 
 /**
  * Saves or updates user password information
- * 
+ *
  * This function is used to update password information that SquirrelMail
- * stores during existing web session. It does not modify password stored 
+ * stores during existing web session. It does not modify password stored
  * in authentication system used by IMAP server.
  *
- * Function must be called before any html output started. Direct access 
- * to password information is deprecated.
+ * Function must be called before any html output started. Direct access
+ * to password information is deprecated. Saved password information is
+ * available only to next executed SquirrelMail script. If your script needs
+ * access to saved password after sqauth_save_password() call, use returned
+ * OTP encrypted key.
  * @param string $pass password
- * @return void
+ * @return string password encrypted with OTP. In case script wants to access
+ *  password information before reloading page.
  * @since 1.5.1
  */
 function sqauth_save_password($pass) {
@@ -141,7 +91,8 @@ function sqauth_save_password($pass) {
     $onetimepad = OneTimePadCreate(strlen($pass));
     sqsession_register($onetimepad,'onetimepad');
     $key = OneTimePadEncrypt($pass, $onetimepad);
-    setcookie('key', $key, 0, $base_uri);
+    sqsetcookie('key', $key, false, $base_uri);
+    return $key;
 }
 
 /**
@@ -174,10 +125,11 @@ function cram_md5_response ($username,$password,$challenge) {
  *   define the digest-uri.
  * @param string $host The host name, usually the server's FQDN; it is used to
  *   define the digest-uri.
+ * @param string $authz Authorization ID (since 1.5.2)
  * @return string The response to be sent to the IMAP server
  * @since 1.4.0
  */
-function digest_md5_response ($username,$password,$challenge,$service,$host) {
+function digest_md5_response ($username,$password,$challenge,$service,$host,$authz='') {
     $result=digest_md5_parse_challenge($challenge);
 
     // verify server supports qop=auth
@@ -203,6 +155,9 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) {
     $string_a1 .= utf8_encode($password);
     $string_a1 = hmac_md5($string_a1);
     $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce;
+    if(!empty($authz)) {
+        $A1 .= ":" . utf8_encode($authz);
+    }
     $A1 = bin2hex(hmac_md5($A1));
     $A2 = "AUTHENTICATE:$digest_uri_value";
     // If qop is auth-int or auth-conf, A2 gets a little extra
@@ -218,6 +173,9 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) {
     $reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",';
     $reply .= "digest-uri=\"$digest_uri_value\",response=$response_value";
     $reply .= ',qop=' . $qop_value;
+    if(!empty($authz)) {
+        $reply .= ',authzid=' . $authz;
+    }
     $reply = base64_encode($reply);
     return $reply . "\r\n";
 
@@ -307,7 +265,7 @@ function hmac_md5($data, $key='') {
  *
  * @param string $user Reference to SMTP username
  * @param string $pass Reference to SMTP password (unencrypted)
- * @since 1.5.0
+ * @since 1.4.11
  */
 function get_smtp_user(&$user, &$pass) {
     global $username, $smtp_auth_mech,
@@ -316,13 +274,19 @@ function get_smtp_user(&$user, &$pass) {
     if ($smtp_auth_mech == 'none') {
         $user = '';
         $pass = '';
-    } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) ) {
+    } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) &&
+               !empty($smtp_sitewide_user)) {
         $user = $smtp_sitewide_user;
         $pass = $smtp_sitewide_pass;
     } else {
         $user = $username;
         $pass = sqauth_read_password();
     }
-}
 
-?>
\ No newline at end of file
+    // plugin authors note: override $user or $pass by
+    // directly changing the arguments array contents 
+    // in your plugin e.g., $args[0] = 'new_username';
+    //
+    $temp = array(&$user, &$pass);
+    do_hook('smtp_auth', $temp);
+}