mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Improved support for SCRAM-SHA-1 & SCRAM-SHA-256
This commit is contained in:
parent
68d103b3c1
commit
389e473e22
2 changed files with 29 additions and 10 deletions
|
|
@ -162,21 +162,40 @@ class ImapClient extends \MailSo\Net\NetClient
|
||||||
|
|
||||||
$this->sLogginedUser = $sLogin;
|
$this->sLogginedUser = $sLogin;
|
||||||
|
|
||||||
|
// $encrypted = !empty(\stream_get_meta_data($this->rConnect)['crypto']);
|
||||||
|
$type = '';
|
||||||
|
$types = [
|
||||||
|
// 'SCRAM-SHA-256' => 1, // !$encrypted
|
||||||
|
// 'SCRAM-SHA-1' => 1, // !$encrypted
|
||||||
|
'CRAM-MD5' => $bUseAuthCramMd5IfSupported,
|
||||||
|
'PLAIN' => $bUseAuthPlainIfSupported,
|
||||||
|
'LOGIN' => 1 // $encrypted
|
||||||
|
];
|
||||||
|
foreach ($types as $sasl_type => $active) {
|
||||||
|
if ($active && $this->IsSupported("AUTH={$sasl_type}") && \SnappyMail\SASL::isSupported($sasl_type)) {
|
||||||
|
$type = $sasl_type;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$SASL = \SnappyMail\SASL::factory($type);
|
||||||
|
$SASL->base64 = true;
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if ($bUseAuthCramMd5IfSupported && $this->IsSupported('AUTH=CRAM-MD5'))
|
if ('CRAM-MD5' === $type)
|
||||||
{
|
{
|
||||||
$oContinuationResponse = $this->SendRequestGetResponse('AUTHENTICATE', array('CRAM-MD5'))->getLast();
|
$oContinuationResponse = $this->SendRequestGetResponse('AUTHENTICATE', array($type))->getLast();
|
||||||
if ($oContinuationResponse && Enumerations\ResponseType::CONTINUATION === $oContinuationResponse->ResponseType)
|
if ($oContinuationResponse && Enumerations\ResponseType::CONTINUATION === $oContinuationResponse->ResponseType)
|
||||||
{
|
{
|
||||||
$sTicket = $oContinuationResponse->ResponseList[1] ?? null;
|
$sTicket = $oContinuationResponse->ResponseList[1] ?? null;
|
||||||
if ($sTicket)
|
if ($sTicket)
|
||||||
{
|
{
|
||||||
|
$sToken = $SASL->authenticate($sLogin, $sPassword, $sTicket)
|
||||||
|
|
||||||
$sTicket = \base64_decode($sTicket);
|
$sTicket = \base64_decode($sTicket);
|
||||||
$this->oLogger->Write('ticket: '.$sTicket);
|
$this->oLogger->Write('ticket: '.$sTicket);
|
||||||
|
|
||||||
$sToken = \base64_encode($sLogin.' '.\hash_hmac('md5', $sTicket, $sPassword));
|
|
||||||
|
|
||||||
if ($this->oLogger)
|
if ($this->oLogger)
|
||||||
{
|
{
|
||||||
$this->oLogger->AddSecret($sToken);
|
$this->oLogger->AddSecret($sToken);
|
||||||
|
|
@ -199,9 +218,9 @@ class ImapClient extends \MailSo\Net\NetClient
|
||||||
\MailSo\Log\Enumerations\Type::NOTICE, true);
|
\MailSo\Log\Enumerations\Type::NOTICE, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if ($bUseAuthPlainIfSupported && $this->IsSupported('AUTH=PLAIN'))
|
else if ('PLAIN' === $type)
|
||||||
{
|
{
|
||||||
$sToken = \base64_encode("\0".$sLogin."\0".$sPassword);
|
$sToken = $SASL->authenticate($sLogin, $sPassword);
|
||||||
if ($this->oLogger)
|
if ($this->oLogger)
|
||||||
{
|
{
|
||||||
$this->oLogger->AddSecret($sToken);
|
$this->oLogger->AddSecret($sToken);
|
||||||
|
|
|
||||||
|
|
@ -189,11 +189,11 @@ class SmtpClient extends \MailSo\Net\NetClient
|
||||||
{
|
{
|
||||||
// RFC 4616
|
// RFC 4616
|
||||||
case 'PLAIN':
|
case 'PLAIN':
|
||||||
$this->sendRequestWithCheck($SASL->authenticate($username, $passphrase), 235, '', true);
|
$this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword), 235, '', true);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'LOGIN':
|
case 'LOGIN':
|
||||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase, $sResult), 334, '');
|
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 334, '');
|
||||||
$this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
$this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
@ -211,7 +211,7 @@ class SmtpClient extends \MailSo\Net\NetClient
|
||||||
// RFC 5802
|
// RFC 5802
|
||||||
case 'SCRAM-SHA-1':
|
case 'SCRAM-SHA-1':
|
||||||
case 'SCRAM-SHA-256':
|
case 'SCRAM-SHA-256':
|
||||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($username, $passphrase, $sResult), 234, '');
|
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
|
||||||
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||||
$SASL->verify($sResult);
|
$SASL->verify($sResult);
|
||||||
break;
|
break;
|
||||||
|
|
@ -509,7 +509,7 @@ class SmtpClient extends \MailSo\Net\NetClient
|
||||||
{
|
{
|
||||||
$this->sendRequest($sCommand, $sAddToCommand, $bSecureLog);
|
$this->sendRequest($sCommand, $sAddToCommand, $bSecureLog);
|
||||||
$this->validateResponse($mExpectCode, $sErrorPrefix);
|
$this->validateResponse($mExpectCode, $sErrorPrefix);
|
||||||
return empty($this->aResults[0]) ? '' : \substr($this->aResults[0], 4);
|
return empty($this->aResults[0]) ? '' : \trim(\substr($this->aResults[0], 4));
|
||||||
}
|
}
|
||||||
|
|
||||||
private function ehloOrHelo(string $sHost) : void
|
private function ehloOrHelo(string $sHost) : void
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue