diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php index e6d243c6e..214efabd0 100644 --- a/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php +++ b/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php @@ -162,21 +162,40 @@ class ImapClient extends \MailSo\Net\NetClient $this->sLogginedUser = $sLogin; +// $encrypted = !empty(\stream_get_meta_data($this->rConnect)['crypto']); + $type = ''; + $types = [ +// 'SCRAM-SHA-256' => 1, // !$encrypted +// 'SCRAM-SHA-1' => 1, // !$encrypted + 'CRAM-MD5' => $bUseAuthCramMd5IfSupported, + 'PLAIN' => $bUseAuthPlainIfSupported, + 'LOGIN' => 1 // $encrypted + ]; + foreach ($types as $sasl_type => $active) { + if ($active && $this->IsSupported("AUTH={$sasl_type}") && \SnappyMail\SASL::isSupported($sasl_type)) { + $type = $sasl_type; + break; + } + } + + $SASL = \SnappyMail\SASL::factory($type); + $SASL->base64 = true; + try { - if ($bUseAuthCramMd5IfSupported && $this->IsSupported('AUTH=CRAM-MD5')) + if ('CRAM-MD5' === $type) { - $oContinuationResponse = $this->SendRequestGetResponse('AUTHENTICATE', array('CRAM-MD5'))->getLast(); + $oContinuationResponse = $this->SendRequestGetResponse('AUTHENTICATE', array($type))->getLast(); if ($oContinuationResponse && Enumerations\ResponseType::CONTINUATION === $oContinuationResponse->ResponseType) { $sTicket = $oContinuationResponse->ResponseList[1] ?? null; if ($sTicket) { + $sToken = $SASL->authenticate($sLogin, $sPassword, $sTicket) + $sTicket = \base64_decode($sTicket); $this->oLogger->Write('ticket: '.$sTicket); - $sToken = \base64_encode($sLogin.' '.\hash_hmac('md5', $sTicket, $sPassword)); - if ($this->oLogger) { $this->oLogger->AddSecret($sToken); @@ -199,9 +218,9 @@ class ImapClient extends \MailSo\Net\NetClient \MailSo\Log\Enumerations\Type::NOTICE, true); } } - else if ($bUseAuthPlainIfSupported && $this->IsSupported('AUTH=PLAIN')) + else if ('PLAIN' === $type) { - $sToken = \base64_encode("\0".$sLogin."\0".$sPassword); + $sToken = $SASL->authenticate($sLogin, $sPassword); if ($this->oLogger) { $this->oLogger->AddSecret($sToken); diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php index b9acd0787..78364724b 100644 --- a/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php +++ b/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php @@ -189,11 +189,11 @@ class SmtpClient extends \MailSo\Net\NetClient { // RFC 4616 case 'PLAIN': - $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase), 235, '', true); + $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword), 235, '', true); break; case 'LOGIN': - $sResult = $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase, $sResult), 334, ''); + $sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 334, ''); $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true); break; @@ -211,7 +211,7 @@ class SmtpClient extends \MailSo\Net\NetClient // RFC 5802 case 'SCRAM-SHA-1': case 'SCRAM-SHA-256': - $sResult = $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase, $sResult), 234, ''); + $sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, ''); $sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true); $SASL->verify($sResult); break; @@ -509,7 +509,7 @@ class SmtpClient extends \MailSo\Net\NetClient { $this->sendRequest($sCommand, $sAddToCommand, $bSecureLog); $this->validateResponse($mExpectCode, $sErrorPrefix); - return empty($this->aResults[0]) ? '' : \substr($this->aResults[0], 4); + return empty($this->aResults[0]) ? '' : \trim(\substr($this->aResults[0], 4)); } private function ehloOrHelo(string $sHost) : void