diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-07-23 08:52:23 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-07-23 08:52:23 +0200 |
| commit | 114cf1281b1546f1efb8f78f92b179dd6afcaaa9 (patch) | |
| tree | f97b2629dadc1282de790eb93de34931edb4c5cf /program/lib/Auth/SASL.php | |
| parent | 7938312aaa802122e7740bcd789b8469919bc875 (diff) | |
Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571)
Diffstat (limited to 'program/lib/Auth/SASL.php')
| -rw-r--r-- | program/lib/Auth/SASL.php | 91 |
1 files changed, 56 insertions, 35 deletions
diff --git a/program/lib/Auth/SASL.php b/program/lib/Auth/SASL.php index b2be93cc8..5bd6eb096 100644 --- a/program/lib/Auth/SASL.php +++ b/program/lib/Auth/SASL.php @@ -1,41 +1,41 @@ <?php -// +-----------------------------------------------------------------------+ -// | Copyright (c) 2002-2003 Richard Heyes | -// | All rights reserved. | -// | | -// | Redistribution and use in source and binary forms, with or without | -// | modification, are permitted provided that the following conditions | -// | are met: | -// | | -// | o Redistributions of source code must retain the above copyright | -// | notice, this list of conditions and the following disclaimer. | -// | o Redistributions in binary form must reproduce the above copyright | -// | notice, this list of conditions and the following disclaimer in the | -// | documentation and/or other materials provided with the distribution.| -// | o The names of the authors may not be used to endorse or promote | -// | products derived from this software without specific prior written | -// | permission. | -// | | -// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | -// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | -// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | -// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | -// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | -// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | -// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | -// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | -// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | -// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | -// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | -// | | -// +-----------------------------------------------------------------------+ -// | Author: Richard Heyes <richard@php.net> | -// +-----------------------------------------------------------------------+ -// +// +-----------------------------------------------------------------------+ +// | Copyright (c) 2002-2003 Richard Heyes | +// | All rights reserved. | +// | | +// | Redistribution and use in source and binary forms, with or without | +// | modification, are permitted provided that the following conditions | +// | are met: | +// | | +// | o Redistributions of source code must retain the above copyright | +// | notice, this list of conditions and the following disclaimer. | +// | o Redistributions in binary form must reproduce the above copyright | +// | notice, this list of conditions and the following disclaimer in the | +// | documentation and/or other materials provided with the distribution.| +// | o The names of the authors may not be used to endorse or promote | +// | products derived from this software without specific prior written | +// | permission. | +// | | +// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | +// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | +// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | +// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | +// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | +// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | +// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | +// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | +// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | +// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | +// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | +// | | +// +-----------------------------------------------------------------------+ +// | Author: Richard Heyes <richard@php.net> | +// +-----------------------------------------------------------------------+ +// // $Id$ /** -* Client implementation of various SASL mechanisms +* Client implementation of various SASL mechanisms * * @author Richard Heyes <richard@php.net> * @access public @@ -55,6 +55,7 @@ class Auth_SASL * Plain * CramMD5 * DigestMD5 + * SCRAM-* (any mechanism of the SCRAM family) * Types are not case sensitive */ function &factory($type) @@ -81,22 +82,42 @@ class Auth_SASL break; case 'crammd5': + // $msg = 'Deprecated mechanism name. Use IANA-registered name: CRAM-MD5.'; + // trigger_error($msg, E_USER_DEPRECATED); + case 'cram-md5': $filename = 'Auth/SASL/CramMD5.php'; $classname = 'Auth_SASL_CramMD5'; break; case 'digestmd5': + // $msg = 'Deprecated mechanism name. Use IANA-registered name: DIGEST-MD5.'; + // trigger_error($msg, E_USER_DEPRECATED); + case 'digest-md5': + // $msg = 'DIGEST-MD5 is a deprecated SASL mechanism as per RFC-6331. Using it could be a security risk.'; + // trigger_error($msg, E_USER_NOTICE); $filename = 'Auth/SASL/DigestMD5.php'; $classname = 'Auth_SASL_DigestMD5'; break; default: + $scram = '/^SCRAM-(.{1,9})$/i'; + if (preg_match($scram, $type, $matches)) + { + $hash = $matches[1]; + $filename = dirname(__FILE__) .'/SASL/SCRAM.php'; + $classname = 'Auth_SASL_SCRAM'; + $parameter = $hash; + break; + } return PEAR::raiseError('Invalid SASL mechanism type'); break; } require_once($filename); - $obj = new $classname(); + if (isset($parameter)) + $obj = new $classname($parameter); + else + $obj = new $classname(); return $obj; } } |