From 1c6d997a14fd0034cfb1160bbebe5b86ae534132 Mon Sep 17 00:00:00 2001 From: tassium Date: Mon, 9 Dec 2002 16:28:23 +0000 Subject: [PATCH] Minor changes. * renamed auth.php/hmac() to hmac_md5() * polished descriptions and helper text in conf.pl * fixed minor bug with smtp auth mech default value in conf.pl * minor documentation additions to authentication.txt * added myself to AUTHORS. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4245 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- AUTHORS | 1 + config/conf.pl | 14 ++++++++------ doc/authentication.txt | 8 ++++++++ functions/auth.php | 18 +++++++++--------- 4 files changed, 26 insertions(+), 15 deletions(-) diff --git a/AUTHORS b/AUTHORS index f148220d..58cc92b9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -25,6 +25,7 @@ Thijs Kinkhorst Tyler Akins Wouter Teepe + Chris Hilts http://www.birdbrained.org Translations: ------------- diff --git a/config/conf.pl b/config/conf.pl index ad1ff4f3..3a2db43a 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -1115,10 +1115,11 @@ sub command111 { sub command112a { print "If you have already set the hostname and port number, I can try to\n"; - print "detect the methods your IMAP server supports.\n"; + print "detect the mechanisms your IMAP server supports.\n"; print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n"; print "for \"plain\" without knowing a username and password.\n"; - print "\nTry to detect auth methods? [y/N]: "; + print "Auto-detecting is optional - you can safely say \"n\" here.\n"; + print "\nTry to detect supported mechanisms? [y/N]: "; $inval=; chomp($inval); if ($inval =~ /^y\b/i) { @@ -1172,13 +1173,14 @@ sub command112a { # Possible choices: none, plain, cram-md5, digest-md5 sub command112b { print "If you have already set the hostname and port number, I can try to\n"; - print "detect the methods your SMTP server supports.\n"; - print "\nTry to detect auth methods? [y/N]: "; + print "automatically detect the mechanisms your SMTP server supports.\n"; + print "Auto-detection is *optional* - you can safely say \"n\" here.\n"; + print "\nTry to detect auth mechanisms? [y/N]: "; $inval=; chomp($inval); if ($inval =~ /^y\b/i) { # Yes, let's try to detect. - print "Detecting supported methods...\n"; + print "Trying to detect supported methods (SMTP)...\n"; # Special case! # Check none by trying to relay to junk@birdbrained.org @@ -1261,7 +1263,7 @@ sub command112b { return lc($inval); } else { # user entered garbage, or default value so nothing needs to be set - return; + return $smtp_auth_mech; } } diff --git a/doc/authentication.txt b/doc/authentication.txt index 48d46a83..deff3059 100644 --- a/doc/authentication.txt +++ b/doc/authentication.txt @@ -33,6 +33,14 @@ CONFIGURATION All configuration is done using conf.pl, under main menu option #2. +conf.pl can now attempt to detect which mechanisms your servers support. +You must have set the host and port before attempting to detect, or you +may get inaccurate results, or a long wait while the connection times out. + +If you get results that you know are wrong when you use auto-detection, I +need to know about it. Please send me the results you got, the results you +expected, and server type, name, and version (eg. "imap, Cyrus, v2.1.9"). + KNOWN ISSUES ------------ diff --git a/functions/auth.php b/functions/auth.php index cb149dad..93f9b2d8 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -61,7 +61,7 @@ function cram_md5_response ($username,$password,$challenge) { cram-md5 (See RFC 2195 for details) */ $challenge=base64_decode($challenge); -$hash=bin2hex(hmac($challenge,$password)); +$hash=bin2hex(hmac_md5($challenge,$password)); $response=base64_encode($username . " " . $hash) . "\r\n"; return $response; } @@ -77,7 +77,7 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) { // rfc2831: client MUST fail if no qop methods supported // return false; //} - $cnonce = base64_encode(bin2hex(hmac(microtime()))); + $cnonce = base64_encode(bin2hex(hmac_md5(microtime()))); $ncount = "00000001"; /* This can be auth (authentication only), auth-int (integrity protection), or @@ -92,18 +92,18 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) { $string_a1 = utf8_encode($username).":"; $string_a1 .= utf8_encode($result['realm']).":"; $string_a1 .= utf8_encode($password); - $string_a1 = hmac($string_a1); + $string_a1 = hmac_md5($string_a1); $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce; - $A1 = bin2hex(hmac($A1)); + $A1 = bin2hex(hmac_md5($A1)); $A2 = "AUTHENTICATE:$digest_uri_value"; // If qop is auth-int or auth-conf, A2 gets a little extra if ($qop_value != 'auth') { $A2 .= ':00000000000000000000000000000000'; } - $A2 = bin2hex(hmac($A2)); + $A2 = bin2hex(hmac_md5($A2)); $string_response = $result['nonce'] . ':' . $ncount . ':' . $cnonce . ':' . $qop_value; - $response_value = bin2hex(hmac($A1.":".$string_response.":".$A2)); + $response_value = bin2hex(hmac_md5($A1.":".$string_response.":".$A2)); $reply = 'charset=utf-8,username="' . $username . '",realm="' . $result["realm"] . '",'; $reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",'; @@ -153,7 +153,7 @@ function digest_md5_parse_challenge($challenge) { return $parsed; } -function hmac($data, $key='') { +function hmac_md5($data, $key='') { // Creates a HMAC digest that can be used for auth purposes // See RFCs 2104, 2617, 2831 // Uses mhash() extension if available @@ -174,8 +174,8 @@ function hmac($data, $key='') { } $k_ipad = $key ^ str_repeat(chr(0x36), 64) ; $k_opad = $key ^ str_repeat(chr(0x5c), 64) ; - /* Heh, let's get re-entrant. PHP is so kinky */ - $hmac=hmac($k_opad . pack("H*",md5($k_ipad . $data)) ); + /* Heh, let's get recursive. */ + $hmac=hmac_md5($k_opad . pack("H*",md5($k_ipad . $data)) ); return $hmac; } -- 2.25.1