RFC3501.
- Fix reply all address string in case the personal name contained a comma
(address separator).
+ - Added SASL PLAIN to IMAP and SMTP. Thanks to avel for the prodding and
+ code snippet.
**************************************
*** SquirrelMail Stable Series 1.4 ***
}
/* Lets introduce ourselves */
+ fputs($stream, "EHLO $helohost\r\n");
+ $tmp = fgets($stream,1024);
+ if ($this->errorCheck($tmp,$stream)) {
+ return(0);
+ }
+
if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
// Doing some form of non-plain auth
- fputs($stream, "EHLO $helohost\r\n");
- $tmp = fgets($stream,1024);
- if ($this->errorCheck($tmp,$stream)) {
- return(0);
- }
if ($smtp_auth_mech == 'cram-md5') {
fputs($stream, "AUTH CRAM-MD5\r\n");
} elseif ($smtp_auth_mech == 'digest-md5') {
}
} elseif ($smtp_auth_mech == 'login') {
// The LOGIN method
- fputs($stream, "EHLO $helohost\r\n");
- $tmp = fgets($stream, 1024);
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
fputs($stream, "AUTH LOGIN\r\n");
$tmp = fgets($stream, 1024);
if ($this->errorCheck($tmp, $stream)) {
return(0);
}
- } else {
+ } elseif ($smtp_auth_mech == "plain") {
+ /* SASL Plain */
+ $auth = base64_encode("$username\0$username\0$pass");
+
+ $query = "AUTH PLAIN\r\n";
+ fputs($stream, $query);
+ $read=fgets($stream, 1024);
+
+ if (substr($read,0,3) == '334') { // OK so far..
+ fputs($stream, "$auth\r\n");
+ $read = fgets($stream, 1024);
+ }
+
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];
+
+
+ } else {
/* Right here, they've reached an unsupported auth mechanism.
This is the ugliest hack I've ever done, but it'll do till I can fix
things up better tomorrow. So tired... */
return $new_optional_delimiter;
}
# IMAP authentication type
-# Possible values: login, cram-md5, digest-md5
+# Possible values: login, plain, cram-md5, digest-md5
# Now offers to detect supported mechs, assuming server & port are set correctly
sub command112a {
print "If you have already set the hostname and port number, I can try to\n";
print "detect the mechanisms your IMAP server supports.\n";
print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n";
- print "for \"login\" without knowing a username and password.\n";
+ print "for \"login\" or \"plain\" without knowing a username and password.\n";
print "Auto-detecting is optional - you can safely say \"n\" here.\n";
print "\nTry to detect supported mechanisms? [y/N]: ";
$inval=<STDIN>;
}
print "\nWhat authentication mechanism do you want to use for IMAP connections?\n\n";
print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
+ print $WHT . "plain" . $NRM . " - SASL PLAIN. If you need this, you already know it.\n";
print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext methods.\n";
print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
print "\n*** YOUR IMAP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n";
print "If you don't understand or are unsure, you probably want \"login\"\n\n";
- print "login, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT";
+ print "login, plain, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT";
$inval=<STDIN>;
chomp($inval);
- if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i)) {
+ if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i) || ($inval =~ /^plain\b/i)) {
return lc($inval);
} else {
# user entered garbage or default value so nothing needs to be set
# Possible choices: none, plain, cram-md5, digest-md5
sub command112b {
print "If you have already set the hostname and port number, I can try to\n";
- print "automatically detect the mechanisms your SMTP server supports.\n";
+ print "automatically detect some of the mechanisms your SMTP server supports.\n";
print "Auto-detection is *optional* - you can safely say \"n\" here.\n";
print "\nTry to detect auth mechanisms? [y/N]: ";
$inval=<STDIN>;
print "\tWhat authentication mechanism do you want to use for SMTP connections?\n";
print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n";
print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
+ print $WHT . "plain" . $NRM . " - SASL PLAIN. You already know it if you need this.\n";
print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n";
print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM;
return "none";
}
if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) ||
- ($inval =~ /^login\b/i)) {
+ ($inval =~ /^login\b/i) || ($inval =~/^plain\b/i)) {
return lc($inval);
} else {
# user entered garbage, or default value so nothing needs to be set
$query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"';
$read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
} elseif ($imap_auth_mech == 'plain') {
- /* Replace this with SASL PLAIN if it ever gets implemented */
- $response="BAD";
- $message='SquirrelMail does not support SASL PLAIN yet. Rerun conf.pl and use login instead.';
+ /* SASL PLAIN */
+ $tag=sqimap_session_id(false);
+ $auth = base64_encode("$username\0$username\0$password");
+
+ $query = $tag . " AUTHENTICATE PLAIN\r\n";
+ fputs($imap_stream, $query);
+ $read=sqimap_fgets($imap_stream);
+
+ if (substr($read,0,1) == '+') { // OK so far..
+ fputs($imap_stream, "$auth\r\n");
+ $read = sqimap_fgets($imap_stream);
+ }
+
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];
} else {
$response="BAD";
$message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers.";
projects / squirrelmail.git / commitdiff