From 9bd3b1e61b35fd25ed9d724571004a80b9f8ab2c Mon Sep 17 00:00:00 2001 From: ebullient Date: Sun, 4 Jan 2004 06:11:15 +0000 Subject: [PATCH] Some tweaks to SMTP auth to allow a site-wide user/pass override (for those of us with a home installation that want to go out using the ISP's SMTP server because people arbitrarily block our dynamic IP addresses). new function in auth.php assigns the correct user/pass values based on the auth mechanism. For some reason the initStream method in Deliver_SMTP was not using the passed in user name, it was using the global $username, and had the key and onetimepad declared, though it always used the passed in parameter pass instead - cleaned that up so it used the user/pass values passed in instead. read_body and compose were updated to use the new function in auth.php to get the correct username and password for SMTP auth, and pass these values to initStream. Works for me. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6369 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- class/deliver/Deliver_SMTP.class.php | 16 ++++++++-------- functions/auth.php | 24 ++++++++++++++++++++++++ src/compose.php | 10 +--------- src/read_body.php | 9 +-------- 4 files changed, 34 insertions(+), 25 deletions(-) diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php index 13f9b0ba..a5f657cd 100644 --- a/class/deliver/Deliver_SMTP.class.php +++ b/class/deliver/Deliver_SMTP.class.php @@ -28,12 +28,12 @@ class Deliver_SMTP extends Deliver { } function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false) { - global $use_smtp_tls,$smtp_auth_mech,$username,$key,$onetimepad; - + global $use_smtp_tls,$smtp_auth_mech; + if ($authpop) { - $this->authPop($host, '', $username, $pass); + $this->authPop($host, '', $user, $pass); } - + $rfc822_header = $message->rfc822_header; $from = $rfc822_header->from[0]; $to = $rfc822_header->to; @@ -95,9 +95,9 @@ class Deliver_SMTP extends Deliver { $chall = substr($tmp,4); // Depending on mechanism, generate response string if ($smtp_auth_mech == 'cram-md5') { - $response = cram_md5_response($username,$pass,$chall); + $response = cram_md5_response($user,$pass,$chall); } elseif ($smtp_auth_mech == 'digest-md5') { - $response = digest_md5_response($username,$pass,$chall,'smtp',$host); + $response = digest_md5_response($user,$pass,$chall,'smtp',$host); } fputs($stream, $response); @@ -130,7 +130,7 @@ class Deliver_SMTP extends Deliver { if ($this->errorCheck($tmp, $stream)) { return(0); } - fputs($stream, base64_encode ($username) . "\r\n"); + fputs($stream, base64_encode ($user) . "\r\n"); $tmp = fgets($stream, 1024); if ($this->errorCheck($tmp, $stream)) { return(0); @@ -143,7 +143,7 @@ class Deliver_SMTP extends Deliver { } } elseif ($smtp_auth_mech == "plain") { /* SASL Plain */ - $auth = base64_encode("$username\0$username\0$pass"); + $auth = base64_encode("$user\0$user\0$pass"); $query = "AUTH PLAIN\r\n"; fputs($stream, $query); diff --git a/functions/auth.php b/functions/auth.php index 5f939ccc..802efced 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -218,4 +218,28 @@ function hmac_md5($data, $key='') { return $hmac; } +/** + * Fillin user and password based on SMTP auth settings. + * + * @global + * @param string $user Reference to SMTP username + * @param string $pass Reference to SMTP password (unencrypted) + */ +function get_smtp_user(&$user, &$pass) { + global $username, $smtp_auth_mech, + $smtp_sitewide_user, $smtp_sitewide_pass; + + if ($smtp_auth_mech == 'none') { + $user = ''; + $pass = ''; + } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) ) { + $user = $smtp_sitewide_user; + $pass = $smtp_sitewide_pass; + } else { + global $key, $onetimepad; + $user = $username; + $pass = OneTimePadDecrypt($key, $onetimepad); + } +} + ?> diff --git a/src/compose.php b/src/compose.php index b9bda84d..2c5317f4 100644 --- a/src/compose.php +++ b/src/compose.php @@ -1462,16 +1462,8 @@ function deliverMessage($composeMessage, $draft=false) { $deliver = new Deliver_SMTP(); global $smtpServerAddress, $smtpPort, $pop_before_smtp, $smtp_auth_mech; - if ($smtp_auth_mech == 'none') { - $user = ''; - $pass = ''; - } else { - global $key, $onetimepad; - $user = $username; - $pass = OneTimePadDecrypt($key, $onetimepad); - } - $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false; + get_smtp_user($user, $pass); $stream = $deliver->initStream($composeMessage,$domain,0, $smtpServerAddress, $smtpPort, $user, $pass, $authPop); } elseif (!$draft) { diff --git a/src/read_body.php b/src/read_body.php index bc267c6b..d8019b33 100644 --- a/src/read_body.php +++ b/src/read_body.php @@ -278,15 +278,8 @@ function SendMDN ( $mailbox, $passed_id, $sender, $message, $imapConnection) { require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php'); $deliver = new Deliver_SMTP(); global $smtpServerAddress, $smtpPort, $smtp_auth_mech, $pop_before_smtp; - if ($smtp_auth_mech == 'none') { - $user = ''; - $pass = ''; - } else { - global $key, $onetimepad; - $user = $username; - $pass = OneTimePadDecrypt($key, $onetimepad); - } $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false; + get_smtp_user($user, $pass); $stream = $deliver->initStream($composeMessage,$domain,0, $smtpServerAddress, $smtpPort, $user, $pass, $authPop); } -- 2.25.1