the-djmaze 2022-01-10 14:01:21 +01:00
parent 99d7e5f0f1
commit 9bfbd755c2
3 changed files with 33 additions and 20 deletions

View file

@ -123,18 +123,32 @@ class ManageSieveClient extends \MailSo\Net\NetClient
$bAuth = false;
try
{
if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type)
if (0 === \strpos($type, 'SCRAM-'))
{
/*
$sAuthzid = $this->getResponseValue($this->SendRequestGetResponse('AUTHENTICATE', array($type)), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION);
$this->sendRaw($SASL->authenticate($sLogin, $sPassword/*, $sAuthzid* /), true);
$sChallenge = $SASL->challenge($this->getResponseValue($this->getResponse(), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION));
if ($this->oLogger) {
$this->oLogger->AddSecret($sChallenge);
}
$this->sendRaw($sChallenge, true, '*******');
$oResponse = $this->getResponse();
$SASL->verify($this->getResponseValue($oResponse));
*/
}
else if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type)
{
$sAuth = $SASL->authenticate($sLogin, $sPassword, $sLoginAuthKey);
if ($aCredentials['InitialAuthPlain'])
{
$this->sendRequest("AUTHENTICATE \"{$type}\" \"{$sAuth}\"");
$this->sendRaw("AUTHENTICATE \"{$type}\" \"{$sAuth}\"");
}
else
{
$this->sendRequest("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}');
$this->sendRequest($sAuth);
$this->sendRaw("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}');
$this->sendRaw($sAuth);
}
$aResponse = $this->parseResponse();
@ -147,11 +161,11 @@ class ManageSieveClient extends \MailSo\Net\NetClient
$sLogin = $SASL->authenticate($sLogin, $sPassword);
$sPassword = $SASL->challenge('');
$this->sendRequest('AUTHENTICATE "LOGIN"');
$this->sendRequest('{'.\strlen($sLogin).'+}');
$this->sendRequest($sLogin);
$this->sendRequest('{'.\strlen($sPassword).'+}');
$this->sendRequest($sPassword);
$this->sendRaw('AUTHENTICATE "LOGIN"');
$this->sendRaw('{'.\strlen($sLogin).'+}');
$this->sendRaw($sLogin);
$this->sendRaw('{'.\strlen($sPassword).'+}');
$this->sendRaw($sPassword);
$aResponse = $this->parseResponse();
$this->validateResponse($aResponse);

View file

@ -156,8 +156,12 @@ class SmtpClient extends \MailSo\Net\NetClient
try
{
switch ($type)
{
if (0 === \strpos($type, 'SCRAM-')) {
// RFC 5802
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
$SASL->verify($sResult);
} else switch ($type) {
// RFC 4616
case 'PLAIN':
case 'XOAUTH2':
@ -180,14 +184,6 @@ class SmtpClient extends \MailSo\Net\NetClient
}
$this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 235, '', true);
break;
// RFC 5802
case 'SCRAM-SHA-1':
case 'SCRAM-SHA-256':
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
$SASL->verify($sResult);
break;
}
}
catch (\MailSo\Smtp\Exceptions\NegativeResponseException $oException)

View file

@ -294,10 +294,13 @@ abstract class Account implements \JsonSerializable
[cipher_version] => TLSv1.3
)
*/
/**
* TODO: move these to Admin -> Domains -> per Domain management?
*/
$aSASLMechanisms = [];
if ($oConfig->Get('labs', 'sasl_allow_scram_sha', false)) {
// https://github.com/the-djmaze/snappymail/issues/182
\array_push($aSASLMechanisms, 'SCRAM-SHA-512'. 'SCRAM-SHA-256', 'SCRAM-SHA-1');
\array_push($aSASLMechanisms, 'SCRAM-SHA3-512', 'SCRAM-SHA-512', 'SCRAM-SHA-256', 'SCRAM-SHA-1');
}
if ($oConfig->Get('labs', 'sasl_allow_cram_md5', false)) {
$aSASLMechanisms[] = 'CRAM-MD5';