if ($s === "}\r\n") {
$j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3);
- $data[] = $read;
- $sLiteral = fread($imap_stream,$iLit);
- if ($sLiteral === false) { /* error */
- $read = false;
- break 3; /* while switch while */
+ // check for numeric value to avoid that untagged responses like:
+ // * OK [PARSE] Unexpected characters at end of address: {SET:debug=51}
+ // will trigger literal fetching ({SET:debug=51} !== int )
+ if (is_numeric($iLit)) {
+ $data[] = $read;
+ $sLiteral = fread($imap_stream,$iLit);
+ if ($sLiteral === false) { /* error */
+ $read = false;
+ break 3; /* while switch while */
+ }
+ $data[] = $sLiteral;
+ $data[] = sqimap_fgets($imap_stream);
+ } else {
+ $data[] = $read;
}
- $data[] = $sLiteral;
- $data[] = sqimap_fgets($imap_stream);
} else {
$data[] = $read;
}
* Logs the user into the IMAP server. If $hide is set, no error messages
* will be displayed. This function returns the IMAP connection handle.
* @param string $username user name
- * @param string $password password encrypted with onetimepad. Since 1.5.2
- * function can use internal password functions, if parameter is set to
- * boolean false.
+ * @param string $password password encrypted with onetimepad. Since 1.5.2
+ * function can use internal password functions, if parameter is set to
+ * boolean false.
* @param string $imap_server_address address of imap server
* @param integer $imap_port port of imap server
* @param boolean $hide controls display connection errors
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
$imap_auth_mech, $sqimap_capabilities;
+ // Note/TODO: This hack grabs the $authz argument from the session. In the short future,
+ // a new argument in function sqimap_login() will be used instead.
+ $authz = '';
+ global $authz;
+ sqgetglobalvar('authz' , $authz , SQ_SESSION);
+
+ if(!empty($authz)) {
+ /* authz plugin - specific:
+ * Get proxy login parameters from authz plugin configuration. If they
+ * exist, they will override the current ones.
+ * This is useful if we want to use different SASL authentication mechanism
+ * and/or different TLS settings for proxy logins. */
+ global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls;
+ $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech;
+ $use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls;
+ $imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port;
+
+ if($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') {
+ logout_error("Misconfigured Plugin (authz or equivalent):<br/>".
+ "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login.");
+ exit;
+ }
+ }
+
/* get imap login password */
if ($password===false) {
/* standard functions */
}
if (!isset($sqimap_capabilities)) {
- sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION );
+ sqgetglobalvar('sqimap_capabilities' , $sqimap_capabilities , SQ_SESSION );
}
$host = $imap_server_address;
// Got a challenge back
$challenge=$response[1];
if ($imap_auth_mech == 'digest-md5') {
- $reply = digest_md5_response($username,$password,$challenge,'imap',$host);
+ $reply = digest_md5_response($username,$password,$challenge,'imap',$host,$authz);
} elseif ($imap_auth_mech == 'cram-md5') {
$reply = cram_md5_response($username,$password,$challenge);
}
$read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
} elseif ($imap_auth_mech == 'plain') {
/***
- * SASL PLAIN
- *
- * RFC 2595 Chapter 6
- *
- * The mechanism consists of a single message from the client to the
- * server. The client sends the authorization identity (identity to
- * login as), followed by a US-ASCII NUL character, followed by the
- * authentication identity (identity whose password will be used),
- * followed by a US-ASCII NUL character, followed by the clear-text
- * password. The client may leave the authorization identity empty to
- * indicate that it is the same as the authentication identity.
+ * SASL PLAIN, RFC 4616 (updates 2595)
*
- **/
+ * The mechanism consists of a single message, a string of [UTF-8]
+ * encoded [Unicode] characters, from the client to the server. The
+ * client presents the authorization identity (identity to act as),
+ * followed by a NUL (U+0000) character, followed by the authentication
+ * identity (identity whose password will be used), followed by a NUL
+ * (U+0000) character, followed by the clear-text password. As with
+ * other SASL mechanisms, the client does not provide an authorization
+ * identity when it wishes the server to derive an identity from the
+ * credentials and use that as the authorization identity.
+ */
$tag=sqimap_session_id(false);
- $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false;
- $auth = base64_encode("$username\0$username\0$password");
+ $sasl = (isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR']) ? true : false;
+ if(!empty($authz)) {
+ $auth = base64_encode("$username\0$authz\0$password");
+ } else {
+ $auth = base64_encode("$username\0$username\0$password");
+ }
if ($sasl) {
// IMAP Extension for SASL Initial Client Response
// <draft-siemborski-imap-sasl-initial-response-01b.txt>
$results=explode(" ",$read,3);
$response=$results[1];
$message=$results[2];
+
} else {
$response="BAD";
$message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers.";
for ($i=2; $i < count($c); $i++) {
$cap_list = explode('=', $c[$i]);
if (isset($cap_list[1])) {
+ if(isset($sqimap_capabilities[trim($cap_list[0])]) &&
+ !is_array($sqimap_capabilities[trim($cap_list[0])])) {
+ // Remove array key that was added in 'else' block below
+ // This is to accomodate for capabilities like:
+ // SORT SORT=MODSEQ
+ unset($sqimap_capabilities[trim($cap_list[0])]);
+ }
$sqimap_capabilities[trim($cap_list[0])][] = $cap_list[1];
} else {
- $sqimap_capabilities[trim($cap_list[0])] = TRUE;
+ if(!isset($sqimap_capabilities[trim($cap_list[0])])) {
+ $sqimap_capabilities[trim($cap_list[0])] = TRUE;
+ }
}
}
}
* OS: According to rfc2342 response from NAMESPACE command is:
* OS: * NAMESPACE (PERSONAL NAMESPACES) (OTHER_USERS NAMESPACE) (SHARED NAMESPACES)
* OS: We want to lookup all personal NAMESPACES...
+ *
+ * TODO: remove this in favour of the information from sqimap_get_namespace()
*/
$read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
if (eregi('\\* NAMESPACE +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL)', $read[0], $data)) {
return $sqimap_delimiter;
}
+/**
+ * Retrieves the namespaces from the IMAP server.
+ * NAMESPACE is an IMAP extension defined in RFC 2342.
+ *
+ * @param stream $imap_stream
+ * @return array
+ */
+function sqimap_get_namespace($imap_stream) {
+ $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
+ return sqimap_parse_namespace($read[0]);
+}
+
+/**
+ * Parses a NAMESPACE response and returns an array with the available
+ * personal, users and shared namespaces.
+ *
+ * @param string $input
+ * @return array The returned array has the following format:
+ * <pre>
+ * array(
+ * 'personal' => array(
+ * 0 => array('prefix'=>'INBOX.','delimiter' =>'.'),
+ * 1 => ...
+ * ),
+ * 'users' => array(..
+ * ),
+ * 'shared' => array( ..
+ * )
+ * )
+ * </pre>
+ * Note that if a namespace is not defined in the server, then the corresponding
+ * array will be empty.
+ */
+function sqimap_parse_namespace(&$input) {
+ $ns_strings = array(1=>'personal', 2=>'users', 3=>'shared');
+ $namespace = array();
+
+ if(ereg('NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)', $input, $regs) !== false) {
+ for($i=1; $i<=3; $i++) {
+ if($regs[$i] == 'NIL') {
+ $namespace[$ns_strings[$i]] = array();
+ } else {
+ // Pop-out the first ( and last ) for easier parsing
+ $ns = substr($regs[$i], 1, sizeof($regs[$i])-2);
+ if($c = preg_match_all('/\((?:(.*?)\s*?)\)/', $ns, $regs2)) {
+ $namespace[$ns_strings[$i]] = array();
+ for($j=0; $j<sizeof($regs2[1]); $j++) {
+ preg_match('/"(.*)"\s+("(.*)"|NIL)/', $regs2[1][$j], $regs3);
+ $namespace[$ns_strings[$i]][$j]['prefix'] = $regs3[1];
+ if($regs3[2] == 'NIL') {
+ $namespace[$ns_strings[$i]][$j]['delimiter'] = null;
+ } else {
+ // $regs[3] is $regs[2] without the quotes
+ $namespace[$ns_strings[$i]][$j]['delimiter'] = $regs3[3];
+ }
+ unset($regs3);
+ }
+ }
+ unset($ns);
+ }
+ }
+ }
+ return($namespace);
+}
+
/**
* This encodes a mailbox name for use in IMAP commands.
* @param string $what the mailbox to encode
$yp = `ypmatch $username aliases`;
return chop(substr($yp, strlen($username)+1));
}
-
-?>
\ No newline at end of file
projects / squirrelmail.git / blobdiff