X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fauth.php;h=0765e7e2b92a2b89fcbedf2034b5467acf874c77;hb=bb50b50818e1eb3b2ff8f8c49883c1a7f19707e5;hp=ba5c271fb4f03c7f630271f664380163696ad242;hpb=76911253eb850bacde3d86c8cb7b4af072e67ebe;p=squirrelmail.git diff --git a/functions/auth.php b/functions/auth.php index ba5c271f..0765e7e2 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -3,22 +3,23 @@ /** * auth.php * - * Copyright (c) 1999-2003 The SquirrelMail Project Team + * Copyright (c) 1999-2004 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * Contains functions used to do authentication. * * $Id$ + * @package squirrelmail */ -/* Put in a safety net here, in case a naughty admin didn't run conf.pl when they upgraded */ +/** Put in a safety net here, in case a naughty admin didn't run conf.pl when they upgraded */ if (! isset($smtp_auth_mech)) { $smtp_auth_mech = 'none'; } if (! isset($imap_auth_mech)) { - $imap_auth_mech = 'plain'; + $imap_auth_mech = 'login'; } if (! isset($use_imap_tls)) { @@ -29,6 +30,13 @@ if (! isset($use_smtp_tls)) { $use_smtp_tls = false; } +/** + * Check if user has previously logged in to the Squirrelmail session. If user + * has not logged in, execution will stop inside this function. + * + * @return int A positive value is returned if user has previously logged in + * successfully. + */ function is_logged_in() { if ( sqsession_is_registered('user_is_logged_in') ) { @@ -49,26 +57,45 @@ function is_logged_in() { if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location,'session_expired_location'); } - include_once( '../functions/display_messages.php' ); + include_once( SM_PATH . 'functions/display_messages.php' ); logout_error( _("You must be logged in to access this page.") ); exit; } } +/** + * Given the challenge from the server, supply the response using cram-md5 (See + * RFC 2195 for details) + * + * @param string $username User ID + * @param string $password User password supplied by User + * @param string $challenge The challenge supplied by the server + * @return string The response to be sent to the IMAP server + * + */ function cram_md5_response ($username,$password,$challenge) { - -/* Given the challenge from the server, supply the response using - cram-md5 (See RFC 2195 for details) -*/ -$challenge=base64_decode($challenge); -$hash=bin2hex(hmac_md5($challenge,$password)); -$response=base64_encode($username . " " . $hash) . "\r\n"; -return $response; + $challenge=base64_decode($challenge); + $hash=bin2hex(hmac_md5($challenge,$password)); + $response=base64_encode($username . " " . $hash) . "\r\n"; + return $response; } +/** + * Return Digest-MD5 response. + * Given the challenge from the server, calculate and return the + * response-string for digest-md5 authentication. (See RFC 2831 for more + * details) + * + * @param string $username User ID + * @param string $password User password supplied by User + * @param string $challenge The challenge supplied by the server + * @param string $service The service name, usually 'imap'; it is used to + * define the digest-uri. + * @param string $host The host name, usually the server's FQDN; it is used to + * define the digest-uri. + * @return string The response to be sent to the IMAP server + */ function digest_md5_response ($username,$password,$challenge,$service,$host) { -/* Given the challenge from the server, calculate and return the response-string - for digest-md5 authentication. (See RFC 2831 for more details) */ $result=digest_md5_parse_challenge($challenge); // verify server supports qop=auth @@ -114,10 +141,15 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) { } +/** + * Parse Digest-MD5 challenge. + * This function parses the challenge sent during DIGEST-MD5 authentication and + * returns an array. See the RFC for details on what's in the challenge string. + * + * @param string $challenge Digest-MD5 Challenge + * @return array Digest-MD5 challenge decoded data + */ function digest_md5_parse_challenge($challenge) { -/* This function parses the challenge sent during DIGEST-MD5 authentication and - returns an array. See the RFC for details on what's in the challenge string. -*/ $challenge=base64_decode($challenge); while (isset($challenge)) { if ($challenge{0} == ',') { // First char is a comma, must not be 1st time through loop @@ -153,10 +185,17 @@ function digest_md5_parse_challenge($challenge) { return $parsed; } +/** + * Creates a HMAC digest that can be used for auth purposes + * See RFCs 2104, 2617, 2831 + * Uses mhash() extension if available + * + * @param string $data Data to apply hash function to. + * @param string $key Optional key, which, if supplied, will be used to + * calculate data's HMAC. + * @return string HMAC Digest string + */ function hmac_md5($data, $key='') { - // Creates a HMAC digest that can be used for auth purposes - // See RFCs 2104, 2617, 2831 - // Uses mhash() extension if available if (extension_loaded('mhash')) { if ($key== '') { $mhash=mhash(MHASH_MD5,$data); @@ -179,4 +218,28 @@ function hmac_md5($data, $key='') { return $hmac; } +/** + * Fillin user and password based on SMTP auth settings. + * + * @global + * @param string $user Reference to SMTP username + * @param string $pass Reference to SMTP password (unencrypted) + */ +function get_smtp_user(&$user, &$pass) { + global $username, $smtp_auth_mech, + $smtp_sitewide_user, $smtp_sitewide_pass; + + if ($smtp_auth_mech == 'none') { + $user = ''; + $pass = ''; + } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) ) { + $user = $smtp_sitewide_user; + $pass = $smtp_sitewide_pass; + } else { + global $key, $onetimepad; + $user = $username; + $pass = OneTimePadDecrypt($key, $onetimepad); + } +} + ?>