From fe0b18b3923506dadf13f34d85ec78275d230ba0 Mon Sep 17 00:00:00 2001 From: tassium Date: Sat, 4 Jan 2003 06:01:26 +0000 Subject: [PATCH] Ok, I screwed up. When I put in cram-md5 and digest-md5, I left the alternative as being "plain", which is a misnomer. There really IS a mechanism called "plain", and what we're doing isn't it. So I've renamed our "plain" to "login". For IMAP, it uses the IMAP4rev1 "LOGIN " syntax. For SMTP, it uses the AUTH LOGIN (two-step) method. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4376 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- class/deliver/Deliver_SMTP.class.php | 4 +-- config/conf.pl | 42 +++++++++++++++++----------- config/config_default.php | 4 +-- functions/auth.php | 2 +- functions/imap_general.php | 10 ++++--- plugins/administrator/defines.php | 7 +++-- 6 files changed, 41 insertions(+), 28 deletions(-) diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php index 07061051..09a6bf93 100644 --- a/class/deliver/Deliver_SMTP.class.php +++ b/class/deliver/Deliver_SMTP.class.php @@ -104,8 +104,8 @@ class Deliver_SMTP extends Deliver { if ($this->errorCheck($tmp, $stream)) { return(0); } - } elseif ($smtp_auth_mech == 'plain') { - // The plain LOGIN method + } elseif ($smtp_auth_mech == 'login') { + // The LOGIN method fputs($stream, "EHLO $domain\r\n"); $tmp = fgets($stream, 1024); if ($this->errorCheck($tmp, $stream)) { diff --git a/config/conf.pl b/config/conf.pl index 7502fb98..92daefc1 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -346,7 +346,7 @@ if ( !$use_imap_tls ) { } if ( !$imap_auth_mech ) { - $imap_auth_mech = 'plain'; + $imap_auth_mech = 'login'; } if (!$session_name ) { @@ -1130,14 +1130,14 @@ sub command111 { return $new_optional_delimiter; } # IMAP authentication type -# Possible values: plain, cram-md5, digest-md5 +# Possible values: login, cram-md5, digest-md5 # Now offers to detect supported mechs, assuming server & port are set correctly sub command112a { print "If you have already set the hostname and port number, I can try to\n"; print "detect the mechanisms your IMAP server supports.\n"; print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n"; - print "for \"plain\" without knowing a username and password.\n"; + print "for \"login\" without knowing a username and password.\n"; print "Auto-detecting is optional - you can safely say \"n\" here.\n"; print "\nTry to detect supported mechanisms? [y/N]: "; $inval=; @@ -1172,15 +1172,15 @@ sub command112a { } print "\nWhat authentication mechanism do you want to use for IMAP connections?\n\n"; - print $WHT . "plain" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; - print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n"; + print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; + print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext methods.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; print "\n*** YOUR IMAP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n"; - print "If you don't understand or are unsure, you probably want \"plain\"\n\n"; - print "plain, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT"; + print "If you don't understand or are unsure, you probably want \"login\"\n\n"; + print "login, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT"; $inval=; chomp($inval); - if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^plain\b/i)) { + if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i)) { return lc($inval); } else { # user entered garbage or default value so nothing needs to be set @@ -1203,7 +1203,7 @@ sub command112b { print "Trying to detect supported methods (SMTP)...\n"; # Special case! - # Check none by trying to relay to junk@birdbrained.org + # Check none by trying to relay to junk@microsoft.com $host = $smtpServerAddress . ':' . $smtpPort; use IO::Socket; my $sock = IO::Socket::INET->new($host); @@ -1214,7 +1214,7 @@ sub command112b { } else { print $sock "mail from: tester\@squirrelmail.org\n"; $got = <$sock>; # Discard - print $sock "rcpt to: junk\@birdbrained.org\n"; + print $sock "rcpt to: junk\@microsoft.com\n"; $got = <$sock>; # This is the important line if ($got =~ /^250\b/) { # SMTP will relay without auth print "SUPPORTED$NRM\n"; @@ -1225,8 +1225,8 @@ sub command112b { print $sock "quit\n"; close $sock; } - # Try plain (SquirrelMail default) - print "Testing plain:\t\t"; + # Try login (SquirrelMail default) + print "Testing login:\t\t"; $tmp=detect_auth_support('SMTP',$host,'LOGIN'); if (defined($tmp)) { if ($tmp eq 'YES') { @@ -1266,12 +1266,12 @@ sub command112b { } print "\tWhat authentication mechanism do you want to use for SMTP connections?\n"; print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n"; - print $WHT . "plain" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; + print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; - print "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n"; + print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM; print "If you don't understand or are unsure, you probably want \"none\"\n\n"; - print "none, plain, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT"; + print "none, login, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT"; $inval=; chomp($inval); if ($inval =~ /^none\b/i) { @@ -1279,7 +1279,7 @@ sub command112b { return "none"; } if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || - ($inval =~ /^plain\b/i)) { + ($inval =~ /^login\b/i)) { return lc($inval); } else { # user entered garbage, or default value so nothing needs to be set @@ -3076,9 +3076,16 @@ sub detect_auth_support { return undef; } my $discard = <$sock>; # Server greeting/banner - who cares.. + + if ($service eq 'SMTP') { + # Say hello first.. + print $sock "helo $domain\n"; + $discard = <$sock>; # Yeah yeah, you're happy to see me.. + } print $sock $cmd; my $response = <$sock>; + chomp($response); if (!defined($response)) { return undef; } @@ -3089,6 +3096,9 @@ sub detect_auth_support { # Not supported close $sock; return 'NO'; + } elsif ($response =~ /^503/) { + #Something went wrong + return undef; } } elsif ($service eq 'IMAP') { if ($response =~ /^A01/) { diff --git a/config/config_default.php b/config/config_default.php index dab7f24c..9a2cb31b 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -521,13 +521,13 @@ global $use_smtp_tls; $use_imap_tls = false; $use_smtp_tls = false; -/* auth_mech can be either 'plain', 'cram-md5', or 'digest-md5' +/* auth_mech can be either 'login','plain', 'cram-md5', or 'digest-md5' SMTP can also be 'none' */ global $smtp_auth_mech; global $imap_auth_mech; $smtp_auth_mech = 'none'; -$imap_auth_mech = 'plain'; +$imap_auth_mech = 'login'; /* PHP session name. Leave this alone unless you know what you are doing. */ global $session_name; diff --git a/functions/auth.php b/functions/auth.php index 3bd8f86f..85eb8ff3 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -18,7 +18,7 @@ if (! isset($smtp_auth_mech)) { } if (! isset($imap_auth_mech)) { - $imap_auth_mech = 'plain'; + $imap_auth_mech = 'login'; } if (! isset($use_imap_tls)) { diff --git a/functions/imap_general.php b/functions/imap_general.php index e36046f5..bcf9b9f8 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -238,7 +238,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $password = OneTimePadDecrypt($password, $onetimepad); if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) { - // We're using some sort of authentication OTHER than plain + // We're using some sort of authentication OTHER than plain or login $tag=sqimap_session_id(false); if ($imap_auth_mech == 'digest-md5') { $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n"; @@ -275,11 +275,13 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $message='IMAP server does not appear to support the authentication method selected.'; $message .= ' Please contact your system administrator.'; } - } else { - // Original PLAIN login code + } elseif ($imap_auth_mech == 'login') { + // Original IMAP login code $query = 'LOGIN "' . quoteIMAP($username) . '" "' . quoteIMAP($password) . '"'; $read = sqimap_run_command ($imap_stream, $query, false, $response, $message); - } + } else { + // Insert SASL PLAIN code here, if it ever gets implemented + } /* If the connection was not successful, lets see why */ if ($response != 'OK') { diff --git a/plugins/administrator/defines.php b/plugins/administrator/defines.php index 24660287..1b9a8674 100644 --- a/plugins/administrator/defines.php +++ b/plugins/administrator/defines.php @@ -120,9 +120,10 @@ $defcfg = array( '$config_version' => array( 'name' => _("Config File Version"), 'default' => false ), '$imap_auth_mech' => array( 'name' => _("IMAP Authentication Type"), 'type' => SMOPT_TYPE_STRLIST, - 'posvals' => array('plain' => 'Plaintext', + 'posvals' => array('login' => 'IMAP LOGIN', 'cram-md5' => 'CRAM-MD5', - 'digest-md5' => 'DIGEST-MD5') ), + 'digest-md5' => 'DIGEST-MD5'), + 'default' => 'login' ), '$useSendmail' => array( 'name' => _("Use Sendmail Binary"), 'type' => SMOPT_TYPE_BOOLEAN, 'comment' => "Say 'no' for SMTP" ), @@ -141,7 +142,7 @@ $defcfg = array( '$config_version' => array( 'name' => _("Config File Version"), '$smtp_auth_mech' => array( 'name' => _("SMTP Authentication Type"), 'type' => SMOPT_TYPE_STRLIST, 'posvals' => array('none' => 'No SMTP auth', - 'plain' => 'Plaintext', + 'login' => 'Login (Plaintext)', 'cram-md5' => 'CRAM-MD5', 'digest-md5' => 'DIGEST-MD5'), 'default' => 'none'), -- 2.25.1