From 33feaaecfb13a0b3345e234b2e4c70255df2eac6 Mon Sep 17 00:00:00 2001 From: tassium Date: Tue, 23 Sep 2003 18:06:12 +0000 Subject: [PATCH] By request, SASL PLAIN for IMAP and SMTP. I did not add detection to conf.pl, perhaps later.. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@5768 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 2 ++ class/deliver/Deliver_SMTP.class.php | 36 +++++++++++++++++++--------- config/conf.pl | 14 ++++++----- functions/imap_general.php | 19 ++++++++++++--- 4 files changed, 51 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 79ad2b9e..40bfba1f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -91,6 +91,8 @@ Version 1.5.0 -- CVS RFC3501. - Fix reply all address string in case the personal name contained a comma (address separator). + - Added SASL PLAIN to IMAP and SMTP. Thanks to avel for the prodding and + code snippet. ************************************** *** SquirrelMail Stable Series 1.4 *** diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php index 350c5cee..a70be716 100644 --- a/class/deliver/Deliver_SMTP.class.php +++ b/class/deliver/Deliver_SMTP.class.php @@ -65,13 +65,14 @@ class Deliver_SMTP extends Deliver { } /* Lets introduce ourselves */ + fputs($stream, "EHLO $helohost\r\n"); + $tmp = fgets($stream,1024); + if ($this->errorCheck($tmp,$stream)) { + return(0); + } + if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) { // Doing some form of non-plain auth - fputs($stream, "EHLO $helohost\r\n"); - $tmp = fgets($stream,1024); - if ($this->errorCheck($tmp,$stream)) { - return(0); - } if ($smtp_auth_mech == 'cram-md5') { fputs($stream, "AUTH CRAM-MD5\r\n"); } elseif ($smtp_auth_mech == 'digest-md5') { @@ -121,11 +122,6 @@ class Deliver_SMTP extends Deliver { } } elseif ($smtp_auth_mech == 'login') { // The LOGIN method - fputs($stream, "EHLO $helohost\r\n"); - $tmp = fgets($stream, 1024); - if ($this->errorCheck($tmp, $stream)) { - return(0); - } fputs($stream, "AUTH LOGIN\r\n"); $tmp = fgets($stream, 1024); @@ -143,7 +139,25 @@ class Deliver_SMTP extends Deliver { if ($this->errorCheck($tmp, $stream)) { return(0); } - } else { + } elseif ($smtp_auth_mech == "plain") { + /* SASL Plain */ + $auth = base64_encode("$username\0$username\0$pass"); + + $query = "AUTH PLAIN\r\n"; + fputs($stream, $query); + $read=fgets($stream, 1024); + + if (substr($read,0,3) == '334') { // OK so far.. + fputs($stream, "$auth\r\n"); + $read = fgets($stream, 1024); + } + + $results=explode(" ",$read,3); + $response=$results[1]; + $message=$results[2]; + + + } else { /* Right here, they've reached an unsupported auth mechanism. This is the ugliest hack I've ever done, but it'll do till I can fix things up better tomorrow. So tired... */ diff --git a/config/conf.pl b/config/conf.pl index 08d32234..14ccdc45 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -1133,14 +1133,14 @@ sub command111 { return $new_optional_delimiter; } # IMAP authentication type -# Possible values: login, cram-md5, digest-md5 +# Possible values: login, plain, cram-md5, digest-md5 # Now offers to detect supported mechs, assuming server & port are set correctly sub command112a { print "If you have already set the hostname and port number, I can try to\n"; print "detect the mechanisms your IMAP server supports.\n"; print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n"; - print "for \"login\" without knowing a username and password.\n"; + print "for \"login\" or \"plain\" without knowing a username and password.\n"; print "Auto-detecting is optional - you can safely say \"n\" here.\n"; print "\nTry to detect supported mechanisms? [y/N]: "; $inval=; @@ -1176,14 +1176,15 @@ sub command112a { } print "\nWhat authentication mechanism do you want to use for IMAP connections?\n\n"; print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; + print $WHT . "plain" . $NRM . " - SASL PLAIN. If you need this, you already know it.\n"; print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext methods.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; print "\n*** YOUR IMAP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n"; print "If you don't understand or are unsure, you probably want \"login\"\n\n"; - print "login, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT"; + print "login, plain, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT"; $inval=; chomp($inval); - if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i)) { + if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i) || ($inval =~ /^plain\b/i)) { return lc($inval); } else { # user entered garbage or default value so nothing needs to be set @@ -1196,7 +1197,7 @@ sub command112a { # Possible choices: none, plain, cram-md5, digest-md5 sub command112b { print "If you have already set the hostname and port number, I can try to\n"; - print "automatically detect the mechanisms your SMTP server supports.\n"; + print "automatically detect some of the mechanisms your SMTP server supports.\n"; print "Auto-detection is *optional* - you can safely say \"n\" here.\n"; print "\nTry to detect auth mechanisms? [y/N]: "; $inval=; @@ -1270,6 +1271,7 @@ sub command112b { print "\tWhat authentication mechanism do you want to use for SMTP connections?\n"; print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n"; print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; + print $WHT . "plain" . $NRM . " - SASL PLAIN. You already know it if you need this.\n"; print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM; @@ -1282,7 +1284,7 @@ sub command112b { return "none"; } if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || - ($inval =~ /^login\b/i)) { + ($inval =~ /^login\b/i) || ($inval =~/^plain\b/i)) { return lc($inval); } else { # user entered garbage, or default value so nothing needs to be set diff --git a/functions/imap_general.php b/functions/imap_general.php index 17671284..4a8b5576 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -639,9 +639,22 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"'; $read = sqimap_run_command ($imap_stream, $query, false, $response, $message); } elseif ($imap_auth_mech == 'plain') { - /* Replace this with SASL PLAIN if it ever gets implemented */ - $response="BAD"; - $message='SquirrelMail does not support SASL PLAIN yet. Rerun conf.pl and use login instead.'; + /* SASL PLAIN */ + $tag=sqimap_session_id(false); + $auth = base64_encode("$username\0$username\0$password"); + + $query = $tag . " AUTHENTICATE PLAIN\r\n"; + fputs($imap_stream, $query); + $read=sqimap_fgets($imap_stream); + + if (substr($read,0,1) == '+') { // OK so far.. + fputs($imap_stream, "$auth\r\n"); + $read = sqimap_fgets($imap_stream); + } + + $results=explode(" ",$read,3); + $response=$results[1]; + $message=$results[2]; } else { $response="BAD"; $message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers."; -- 2.25.1