diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/ManageSieveClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/ManageSieveClient.php index 435847991..f4ff3375c 100644 --- a/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/ManageSieveClient.php +++ b/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/ManageSieveClient.php @@ -123,18 +123,32 @@ class ManageSieveClient extends \MailSo\Net\NetClient $bAuth = false; try { - if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type) + if (0 === \strpos($type, 'SCRAM-')) + { +/* + $sAuthzid = $this->getResponseValue($this->SendRequestGetResponse('AUTHENTICATE', array($type)), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION); + $this->sendRaw($SASL->authenticate($sLogin, $sPassword/*, $sAuthzid* /), true); + $sChallenge = $SASL->challenge($this->getResponseValue($this->getResponse(), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION)); + if ($this->oLogger) { + $this->oLogger->AddSecret($sChallenge); + } + $this->sendRaw($sChallenge, true, '*******'); + $oResponse = $this->getResponse(); + $SASL->verify($this->getResponseValue($oResponse)); +*/ + } + else if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type) { $sAuth = $SASL->authenticate($sLogin, $sPassword, $sLoginAuthKey); if ($aCredentials['InitialAuthPlain']) { - $this->sendRequest("AUTHENTICATE \"{$type}\" \"{$sAuth}\""); + $this->sendRaw("AUTHENTICATE \"{$type}\" \"{$sAuth}\""); } else { - $this->sendRequest("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}'); - $this->sendRequest($sAuth); + $this->sendRaw("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}'); + $this->sendRaw($sAuth); } $aResponse = $this->parseResponse(); @@ -147,11 +161,11 @@ class ManageSieveClient extends \MailSo\Net\NetClient $sLogin = $SASL->authenticate($sLogin, $sPassword); $sPassword = $SASL->challenge(''); - $this->sendRequest('AUTHENTICATE "LOGIN"'); - $this->sendRequest('{'.\strlen($sLogin).'+}'); - $this->sendRequest($sLogin); - $this->sendRequest('{'.\strlen($sPassword).'+}'); - $this->sendRequest($sPassword); + $this->sendRaw('AUTHENTICATE "LOGIN"'); + $this->sendRaw('{'.\strlen($sLogin).'+}'); + $this->sendRaw($sLogin); + $this->sendRaw('{'.\strlen($sPassword).'+}'); + $this->sendRaw($sPassword); $aResponse = $this->parseResponse(); $this->validateResponse($aResponse); diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php index fdaa8ef4b..2a17f6401 100644 --- a/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php +++ b/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php @@ -156,8 +156,12 @@ class SmtpClient extends \MailSo\Net\NetClient try { - switch ($type) - { + if (0 === \strpos($type, 'SCRAM-')) { + // RFC 5802 + $sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, ''); + $sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true); + $SASL->verify($sResult); + } else switch ($type) { // RFC 4616 case 'PLAIN': case 'XOAUTH2': @@ -180,14 +184,6 @@ class SmtpClient extends \MailSo\Net\NetClient } $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 235, '', true); break; - - // RFC 5802 - case 'SCRAM-SHA-1': - case 'SCRAM-SHA-256': - $sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, ''); - $sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true); - $SASL->verify($sResult); - break; } } catch (\MailSo\Smtp\Exceptions\NegativeResponseException $oException) diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Model/Account.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Model/Account.php index 9febcd728..d4ffc9347 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Model/Account.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Model/Account.php @@ -294,10 +294,13 @@ abstract class Account implements \JsonSerializable [cipher_version] => TLSv1.3 ) */ + /** + * TODO: move these to Admin -> Domains -> per Domain management? + */ $aSASLMechanisms = []; if ($oConfig->Get('labs', 'sasl_allow_scram_sha', false)) { // https://github.com/the-djmaze/snappymail/issues/182 - \array_push($aSASLMechanisms, 'SCRAM-SHA-512'. 'SCRAM-SHA-256', 'SCRAM-SHA-1'); + \array_push($aSASLMechanisms, 'SCRAM-SHA3-512', 'SCRAM-SHA-512', 'SCRAM-SHA-256', 'SCRAM-SHA-1'); } if ($oConfig->Get('labs', 'sasl_allow_cram_md5', false)) { $aSASLMechanisms[] = 'CRAM-MD5';