sub command112a {
print "If you have already set the hostname and port number, I can try to\n";
- print "detect the methods your IMAP server supports.\n";
+ print "detect the mechanisms your IMAP server supports.\n";
print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n";
print "for \"plain\" without knowing a username and password.\n";
- print "\nTry to detect auth methods? [y/N]: ";
+ print "Auto-detecting is optional - you can safely say \"n\" here.\n";
+ print "\nTry to detect supported mechanisms? [y/N]: ";
$inval=<STDIN>;
chomp($inval);
if ($inval =~ /^y\b/i) {
# Possible choices: none, plain, cram-md5, digest-md5
sub command112b {
print "If you have already set the hostname and port number, I can try to\n";
- print "detect the methods your SMTP server supports.\n";
- print "\nTry to detect auth methods? [y/N]: ";
+ print "automatically detect the mechanisms your SMTP server supports.\n";
+ print "Auto-detection is *optional* - you can safely say \"n\" here.\n";
+ print "\nTry to detect auth mechanisms? [y/N]: ";
$inval=<STDIN>;
chomp($inval);
if ($inval =~ /^y\b/i) {
# Yes, let's try to detect.
- print "Detecting supported methods...\n";
+ print "Trying to detect supported methods (SMTP)...\n";
# Special case!
# Check none by trying to relay to junk@birdbrained.org
return lc($inval);
} else {
# user entered garbage, or default value so nothing needs to be set
- return;
+ return $smtp_auth_mech;
}
}
All configuration is done using conf.pl, under main menu option #2.
+conf.pl can now attempt to detect which mechanisms your servers support.
+You must have set the host and port before attempting to detect, or you
+may get inaccurate results, or a long wait while the connection times out.
+
+If you get results that you know are wrong when you use auto-detection, I
+need to know about it. Please send me the results you got, the results you
+expected, and server type, name, and version (eg. "imap, Cyrus, v2.1.9").
+
KNOWN ISSUES
------------
cram-md5 (See RFC 2195 for details)
*/
$challenge=base64_decode($challenge);
-$hash=bin2hex(hmac($challenge,$password));
+$hash=bin2hex(hmac_md5($challenge,$password));
$response=base64_encode($username . " " . $hash) . "\r\n";
return $response;
}
// rfc2831: client MUST fail if no qop methods supported
// return false;
//}
- $cnonce = base64_encode(bin2hex(hmac(microtime())));
+ $cnonce = base64_encode(bin2hex(hmac_md5(microtime())));
$ncount = "00000001";
/* This can be auth (authentication only), auth-int (integrity protection), or
$string_a1 = utf8_encode($username).":";
$string_a1 .= utf8_encode($result['realm']).":";
$string_a1 .= utf8_encode($password);
- $string_a1 = hmac($string_a1);
+ $string_a1 = hmac_md5($string_a1);
$A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce;
- $A1 = bin2hex(hmac($A1));
+ $A1 = bin2hex(hmac_md5($A1));
$A2 = "AUTHENTICATE:$digest_uri_value";
// If qop is auth-int or auth-conf, A2 gets a little extra
if ($qop_value != 'auth') {
$A2 .= ':00000000000000000000000000000000';
}
- $A2 = bin2hex(hmac($A2));
+ $A2 = bin2hex(hmac_md5($A2));
$string_response = $result['nonce'] . ':' . $ncount . ':' . $cnonce . ':' . $qop_value;
- $response_value = bin2hex(hmac($A1.":".$string_response.":".$A2));
+ $response_value = bin2hex(hmac_md5($A1.":".$string_response.":".$A2));
$reply = 'charset=utf-8,username="' . $username . '",realm="' . $result["realm"] . '",';
$reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",';
return $parsed;
}
-function hmac($data, $key='') {
+function hmac_md5($data, $key='') {
// Creates a HMAC digest that can be used for auth purposes
// See RFCs 2104, 2617, 2831
// Uses mhash() extension if available
}
$k_ipad = $key ^ str_repeat(chr(0x36), 64) ;
$k_opad = $key ^ str_repeat(chr(0x5c), 64) ;
- /* Heh, let's get re-entrant. PHP is so kinky */
- $hmac=hmac($k_opad . pack("H*",md5($k_ipad . $data)) );
+ /* Heh, let's get recursive. */
+ $hmac=hmac_md5($k_opad . pack("H*",md5($k_ipad . $data)) );
return $hmac;
}
projects / squirrelmail.git / commitdiff