mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-10 06:58:27 +03:00
SCRAM-SHA3-512
https://github.com/the-djmaze/snappymail/issues/182#issuecomment-1008832715
This commit is contained in:
parent
99d7e5f0f1
commit
9bfbd755c2
3 changed files with 33 additions and 20 deletions
|
|
@ -123,18 +123,32 @@ class ManageSieveClient extends \MailSo\Net\NetClient
|
|||
$bAuth = false;
|
||||
try
|
||||
{
|
||||
if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type)
|
||||
if (0 === \strpos($type, 'SCRAM-'))
|
||||
{
|
||||
/*
|
||||
$sAuthzid = $this->getResponseValue($this->SendRequestGetResponse('AUTHENTICATE', array($type)), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION);
|
||||
$this->sendRaw($SASL->authenticate($sLogin, $sPassword/*, $sAuthzid* /), true);
|
||||
$sChallenge = $SASL->challenge($this->getResponseValue($this->getResponse(), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION));
|
||||
if ($this->oLogger) {
|
||||
$this->oLogger->AddSecret($sChallenge);
|
||||
}
|
||||
$this->sendRaw($sChallenge, true, '*******');
|
||||
$oResponse = $this->getResponse();
|
||||
$SASL->verify($this->getResponseValue($oResponse));
|
||||
*/
|
||||
}
|
||||
else if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type)
|
||||
{
|
||||
$sAuth = $SASL->authenticate($sLogin, $sPassword, $sLoginAuthKey);
|
||||
|
||||
if ($aCredentials['InitialAuthPlain'])
|
||||
{
|
||||
$this->sendRequest("AUTHENTICATE \"{$type}\" \"{$sAuth}\"");
|
||||
$this->sendRaw("AUTHENTICATE \"{$type}\" \"{$sAuth}\"");
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->sendRequest("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}');
|
||||
$this->sendRequest($sAuth);
|
||||
$this->sendRaw("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}');
|
||||
$this->sendRaw($sAuth);
|
||||
}
|
||||
|
||||
$aResponse = $this->parseResponse();
|
||||
|
|
@ -147,11 +161,11 @@ class ManageSieveClient extends \MailSo\Net\NetClient
|
|||
$sLogin = $SASL->authenticate($sLogin, $sPassword);
|
||||
$sPassword = $SASL->challenge('');
|
||||
|
||||
$this->sendRequest('AUTHENTICATE "LOGIN"');
|
||||
$this->sendRequest('{'.\strlen($sLogin).'+}');
|
||||
$this->sendRequest($sLogin);
|
||||
$this->sendRequest('{'.\strlen($sPassword).'+}');
|
||||
$this->sendRequest($sPassword);
|
||||
$this->sendRaw('AUTHENTICATE "LOGIN"');
|
||||
$this->sendRaw('{'.\strlen($sLogin).'+}');
|
||||
$this->sendRaw($sLogin);
|
||||
$this->sendRaw('{'.\strlen($sPassword).'+}');
|
||||
$this->sendRaw($sPassword);
|
||||
|
||||
$aResponse = $this->parseResponse();
|
||||
$this->validateResponse($aResponse);
|
||||
|
|
|
|||
|
|
@ -156,8 +156,12 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
|
||||
try
|
||||
{
|
||||
switch ($type)
|
||||
{
|
||||
if (0 === \strpos($type, 'SCRAM-')) {
|
||||
// RFC 5802
|
||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
|
||||
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||
$SASL->verify($sResult);
|
||||
} else switch ($type) {
|
||||
// RFC 4616
|
||||
case 'PLAIN':
|
||||
case 'XOAUTH2':
|
||||
|
|
@ -180,14 +184,6 @@ class SmtpClient extends \MailSo\Net\NetClient
|
|||
}
|
||||
$this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 235, '', true);
|
||||
break;
|
||||
|
||||
// RFC 5802
|
||||
case 'SCRAM-SHA-1':
|
||||
case 'SCRAM-SHA-256':
|
||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
|
||||
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||
$SASL->verify($sResult);
|
||||
break;
|
||||
}
|
||||
}
|
||||
catch (\MailSo\Smtp\Exceptions\NegativeResponseException $oException)
|
||||
|
|
|
|||
|
|
@ -294,10 +294,13 @@ abstract class Account implements \JsonSerializable
|
|||
[cipher_version] => TLSv1.3
|
||||
)
|
||||
*/
|
||||
/**
|
||||
* TODO: move these to Admin -> Domains -> per Domain management?
|
||||
*/
|
||||
$aSASLMechanisms = [];
|
||||
if ($oConfig->Get('labs', 'sasl_allow_scram_sha', false)) {
|
||||
// https://github.com/the-djmaze/snappymail/issues/182
|
||||
\array_push($aSASLMechanisms, 'SCRAM-SHA-512'. 'SCRAM-SHA-256', 'SCRAM-SHA-1');
|
||||
\array_push($aSASLMechanisms, 'SCRAM-SHA3-512', 'SCRAM-SHA-512', 'SCRAM-SHA-256', 'SCRAM-SHA-1');
|
||||
}
|
||||
if ($oConfig->Get('labs', 'sasl_allow_cram_md5', false)) {
|
||||
$aSASLMechanisms[] = 'CRAM-MD5';
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue