Today Cyrus 2.2.2-BETA with SASL Initial Client response was released so it
authorstekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 28 Oct 2003 21:13:28 +0000 (21:13 +0000)
committerstekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 28 Oct 2003 21:13:28 +0000 (21:13 +0000)
was a good moment to implement the SASL imap extension.
See also <draft-siemborski-imap-sasl-initial-response-00.txt>

NB: The code is untested and I like to know if it works. Volunteers to test
(Rob Siemborski maybe) ?

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6039 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/imap_general.php

index 7c89d9e..adad934 100755 (executable)
@@ -569,16 +569,21 @@ function sqimap_create_stream($server,$port,$tls=false) {
  * will be displayed.  This function returns the imap connection handle.
  */
 function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
-    global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech;
+    global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
+           $imap_auth_mech, $sqimap_capabilities;
 
     if (!isset($onetimepad) || empty($onetimepad)) {
         sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION );
     }
+    if (!isset($sqimap_capabilities)) {
+        sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION );
+    }
+
     $host = $imap_server_address;
     $imap_server_address = sqimap_get_user_server($imap_server_address, $username);
-    
+
     $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
+
     /* Decrypt the password */
     $password = OneTimePadDecrypt($password, $onetimepad);
 
@@ -625,19 +630,38 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $
         $query = 'LOGIN "' . quoteimap($username) .  '" "' . quoteimap($password) . '"';
         $read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
     } elseif ($imap_auth_mech == 'plain') {
-        /* SASL PLAIN */
+        /***
+         * SASL PLAIN
+         *
+         *  RFC 2595 Chapter 6
+         *
+         *  The mechanism consists of a single message from the client to the
+         *  server.  The client sends the authorization identity (identity to
+         *  login as), followed by a US-ASCII NUL character, followed by the
+         *  authentication identity (identity whose password will be used),
+         *  followed by a US-ASCII NUL character, followed by the clear-text
+         *  password.  The client may leave the authorization identity empty to
+         *  indicate that it is the same as the authentication identity.
+         *
+         **/
         $tag=sqimap_session_id(false);
+        $sasl = (isset($capability['SASL']) && $capability['SASL']) ? true : false;
         $auth = base64_encode("$username\0$username\0$password");
-                  
-        $query = $tag . " AUTHENTICATE PLAIN\r\n";
-        fputs($imap_stream, $query);
-        $read=sqimap_fgets($imap_stream);
-
-        if (substr($read,0,1) == '+') { // OK so far..
-            fputs($imap_stream, "$auth\r\n");
+        if ($sasl) {
+            // IMAP Extension for SASL Initial Client Response
+            // <draft-siemborski-imap-sasl-initial-response-00.txt>
+            $query = $tag . " AUTHENTICATE PLAIN $auth\r\n";
+            fputs($imap_stream, $query);
             $read = sqimap_fgets($imap_stream);
+        } else {
+            $query = $tag . " AUTHENTICATE PLAIN\r\n";
+            fputs($imap_stream, $query);
+            $read=sqimap_fgets($imap_stream);
+            if (substr($read,0,1) == '+') { // OK so far..
+                fputs($imap_stream, "$auth\r\n");
+                $read = sqimap_fgets($imap_stream);
+            }
         }
-                
         $results=explode(" ",$read,3);
         $response=$results[1];
         $message=$results[2];
@@ -645,7 +669,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $
         $response="BAD";
         $message="Internal SquirrelMail error - unknown IMAP authentication method chosen.  Please contact the developers.";
     }
-    
+
     /* If the connection was not successful, lets see why */
     if ($response != 'OK') {
         if (!$hide) {
@@ -678,7 +702,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $
                  * $squirrelmail_language is set by a cookie when
                  * the user selects language and logs out
                  */
-                
+
                 set_up_language($squirrelmail_language, true);
                 include_once(SM_PATH . 'functions/display_messages.php' );
                 sqsession_destroy();