mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
SCRAM-SHA3-512
https://github.com/the-djmaze/snappymail/issues/182#issuecomment-1008832715
This commit is contained in:
parent
99d7e5f0f1
commit
9bfbd755c2
3 changed files with 33 additions and 20 deletions
|
|
@ -123,18 +123,32 @@ class ManageSieveClient extends \MailSo\Net\NetClient
|
||||||
$bAuth = false;
|
$bAuth = false;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type)
|
if (0 === \strpos($type, 'SCRAM-'))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
$sAuthzid = $this->getResponseValue($this->SendRequestGetResponse('AUTHENTICATE', array($type)), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION);
|
||||||
|
$this->sendRaw($SASL->authenticate($sLogin, $sPassword/*, $sAuthzid* /), true);
|
||||||
|
$sChallenge = $SASL->challenge($this->getResponseValue($this->getResponse(), \MailSo\Imap\Enumerations\ResponseType::CONTINUATION));
|
||||||
|
if ($this->oLogger) {
|
||||||
|
$this->oLogger->AddSecret($sChallenge);
|
||||||
|
}
|
||||||
|
$this->sendRaw($sChallenge, true, '*******');
|
||||||
|
$oResponse = $this->getResponse();
|
||||||
|
$SASL->verify($this->getResponseValue($oResponse));
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
else if ('PLAIN' === $type || 'OAUTHBEARER' === $type || 'XOAUTH2' === $type)
|
||||||
{
|
{
|
||||||
$sAuth = $SASL->authenticate($sLogin, $sPassword, $sLoginAuthKey);
|
$sAuth = $SASL->authenticate($sLogin, $sPassword, $sLoginAuthKey);
|
||||||
|
|
||||||
if ($aCredentials['InitialAuthPlain'])
|
if ($aCredentials['InitialAuthPlain'])
|
||||||
{
|
{
|
||||||
$this->sendRequest("AUTHENTICATE \"{$type}\" \"{$sAuth}\"");
|
$this->sendRaw("AUTHENTICATE \"{$type}\" \"{$sAuth}\"");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$this->sendRequest("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}');
|
$this->sendRaw("AUTHENTICATE \"{$type}\" {".\strlen($sAuth).'+}');
|
||||||
$this->sendRequest($sAuth);
|
$this->sendRaw($sAuth);
|
||||||
}
|
}
|
||||||
|
|
||||||
$aResponse = $this->parseResponse();
|
$aResponse = $this->parseResponse();
|
||||||
|
|
@ -147,11 +161,11 @@ class ManageSieveClient extends \MailSo\Net\NetClient
|
||||||
$sLogin = $SASL->authenticate($sLogin, $sPassword);
|
$sLogin = $SASL->authenticate($sLogin, $sPassword);
|
||||||
$sPassword = $SASL->challenge('');
|
$sPassword = $SASL->challenge('');
|
||||||
|
|
||||||
$this->sendRequest('AUTHENTICATE "LOGIN"');
|
$this->sendRaw('AUTHENTICATE "LOGIN"');
|
||||||
$this->sendRequest('{'.\strlen($sLogin).'+}');
|
$this->sendRaw('{'.\strlen($sLogin).'+}');
|
||||||
$this->sendRequest($sLogin);
|
$this->sendRaw($sLogin);
|
||||||
$this->sendRequest('{'.\strlen($sPassword).'+}');
|
$this->sendRaw('{'.\strlen($sPassword).'+}');
|
||||||
$this->sendRequest($sPassword);
|
$this->sendRaw($sPassword);
|
||||||
|
|
||||||
$aResponse = $this->parseResponse();
|
$aResponse = $this->parseResponse();
|
||||||
$this->validateResponse($aResponse);
|
$this->validateResponse($aResponse);
|
||||||
|
|
|
||||||
|
|
@ -156,8 +156,12 @@ class SmtpClient extends \MailSo\Net\NetClient
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
switch ($type)
|
if (0 === \strpos($type, 'SCRAM-')) {
|
||||||
{
|
// RFC 5802
|
||||||
|
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
|
||||||
|
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
||||||
|
$SASL->verify($sResult);
|
||||||
|
} else switch ($type) {
|
||||||
// RFC 4616
|
// RFC 4616
|
||||||
case 'PLAIN':
|
case 'PLAIN':
|
||||||
case 'XOAUTH2':
|
case 'XOAUTH2':
|
||||||
|
|
@ -180,14 +184,6 @@ class SmtpClient extends \MailSo\Net\NetClient
|
||||||
}
|
}
|
||||||
$this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 235, '', true);
|
$this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 235, '', true);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
// RFC 5802
|
|
||||||
case 'SCRAM-SHA-1':
|
|
||||||
case 'SCRAM-SHA-256':
|
|
||||||
$sResult = $this->sendRequestWithCheck($SASL->authenticate($sLogin, $sPassword, $sResult), 234, '');
|
|
||||||
$sResult = $this->sendRequestWithCheck($SASL->challenge($sResult), 235, '', true);
|
|
||||||
$SASL->verify($sResult);
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (\MailSo\Smtp\Exceptions\NegativeResponseException $oException)
|
catch (\MailSo\Smtp\Exceptions\NegativeResponseException $oException)
|
||||||
|
|
|
||||||
|
|
@ -293,11 +293,14 @@ abstract class Account implements \JsonSerializable
|
||||||
[cipher_bits] => 256
|
[cipher_bits] => 256
|
||||||
[cipher_version] => TLSv1.3
|
[cipher_version] => TLSv1.3
|
||||||
)
|
)
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* TODO: move these to Admin -> Domains -> per Domain management?
|
||||||
*/
|
*/
|
||||||
$aSASLMechanisms = [];
|
$aSASLMechanisms = [];
|
||||||
if ($oConfig->Get('labs', 'sasl_allow_scram_sha', false)) {
|
if ($oConfig->Get('labs', 'sasl_allow_scram_sha', false)) {
|
||||||
// https://github.com/the-djmaze/snappymail/issues/182
|
// https://github.com/the-djmaze/snappymail/issues/182
|
||||||
\array_push($aSASLMechanisms, 'SCRAM-SHA-512'. 'SCRAM-SHA-256', 'SCRAM-SHA-1');
|
\array_push($aSASLMechanisms, 'SCRAM-SHA3-512', 'SCRAM-SHA-512', 'SCRAM-SHA-256', 'SCRAM-SHA-1');
|
||||||
}
|
}
|
||||||
if ($oConfig->Get('labs', 'sasl_allow_cram_md5', false)) {
|
if ($oConfig->Get('labs', 'sasl_allow_cram_md5', false)) {
|
||||||
$aSASLMechanisms[] = 'CRAM-MD5';
|
$aSASLMechanisms[] = 'CRAM-MD5';
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue