mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-10 06:58:27 +03:00
Improved support for SCRAM-SHA-1 & SCRAM-SHA-256
This commit is contained in:
parent
68d103b3c1
commit
389e473e22
2 changed files with 29 additions and 10 deletions
|
|
@ -162,21 +162,40 @@ class ImapClient extends \MailSo\Net\NetClient
|
|||
|
||||
$this->sLogginedUser = $sLogin;
|
||||
|
||||
// $encrypted = !empty(\stream_get_meta_data($this->rConnect)['crypto']);
|
||||
$type = '';
|
||||
$types = [
|
||||
// 'SCRAM-SHA-256' => 1, // !$encrypted
|
||||
// 'SCRAM-SHA-1' => 1, // !$encrypted
|
||||
'CRAM-MD5' => $bUseAuthCramMd5IfSupported,
|
||||
'PLAIN' => $bUseAuthPlainIfSupported,
|
||||
'LOGIN' => 1 // $encrypted
|
||||
];
|
||||
foreach ($types as $sasl_type => $active) {
|
||||
if ($active && $this->IsSupported("AUTH={$sasl_type}") && \SnappyMail\SASL::isSupported($sasl_type)) {
|
||||
$type = $sasl_type;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$SASL = \SnappyMail\SASL::factory($type);
|
||||
$SASL->base64 = true;
|
||||
|
||||
try
|
||||
{
|
||||
if ($bUseAuthCramMd5IfSupported && $this->IsSupported('AUTH=CRAM-MD5'))
|
||||
if ('CRAM-MD5' === $type)
|
||||
{
|
||||
$oContinuationResponse = $this->SendRequestGetResponse('AUTHENTICATE', array('CRAM-MD5'))->getLast();
|
||||
$oContinuationResponse = $this->SendRequestGetResponse('AUTHENTICATE', array($type))->getLast();
|
||||
if ($oContinuationResponse && Enumerations\ResponseType::CONTINUATION === $oContinuationResponse->ResponseType)
|
||||
{
|
||||
$sTicket = $oContinuationResponse->ResponseList[1] ?? null;
|
||||
if ($sTicket)
|
||||
{
|
||||
$sToken = $SASL->authenticate($sLogin, $sPassword, $sTicket)
|
||||
|
||||
$sTicket = \base64_decode($sTicket);
|
||||
$this->oLogger->Write('ticket: '.$sTicket);
|
||||
|
||||
$sToken = \base64_encode($sLogin.' '.\hash_hmac('md5', $sTicket, $sPassword));
|
||||
|
||||
if ($this->oLogger)
|
||||
{
|
||||
$this->oLogger->AddSecret($sToken);
|
||||
|
|
@ -199,9 +218,9 @@ class ImapClient extends \MailSo\Net\NetClient
|
|||
\MailSo\Log\Enumerations\Type::NOTICE, true);
|
||||
}
|
||||
}
|
||||
else if ($bUseAuthPlainIfSupported && $this->IsSupported('AUTH=PLAIN'))
|
||||
else if ('PLAIN' === $type)
|
||||
{
|
||||
$sToken = \base64_encode("\0".$sLogin."\0".$sPassword);
|
||||
$sToken = $SASL->authenticate($sLogin, $sPassword);
|
||||
if ($this->oLogger)
|
||||
{
|
||||
$this->oLogger->AddSecret($sToken);
|
||||
|
|
|
|||
|
|
@ -189,11 +189,11 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
{
|
||||
// RFC 4616
|
||||
case 'PLAIN':
|
||||
$this->sendRequestWithCheck($SASL->authenticate($username, $passphrase), 235, '', true);
|
||||
$this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword), 235, '', true);
|
||||
break;
|
||||
|
||||
case 'LOGIN':
|
||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase, $sResult), 334, '');
|
||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 334, '');
|
||||
$this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||
break;
|
||||
|
||||
|
|
@ -211,7 +211,7 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
// RFC 5802
|
||||
case 'SCRAM-SHA-1':
|
||||
case 'SCRAM-SHA-256':
|
||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase, $sResult), 234, '');
|
||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
|
||||
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||
$SASL->verify($sResult);
|
||||
break;
|
||||
|
|
@ -509,7 +509,7 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
{
|
||||
$this->sendRequest($sCommand, $sAddToCommand, $bSecureLog);
|
||||
$this->validateResponse($mExpectCode, $sErrorPrefix);
|
||||
return empty($this->aResults[0]) ? '' : \substr($this->aResults[0], 4);
|
||||
return empty($this->aResults[0]) ? '' : \trim(\substr($this->aResults[0], 4));
|
||||
}
|
||||
|
||||
private function ehloOrHelo(string $sHost) : void
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue