diff options
Diffstat (limited to 'plugins/managesieve/lib/Net/Sieve.php')
-rw-r--r-- | plugins/managesieve/lib/Net/Sieve.php | 67 |
1 files changed, 48 insertions, 19 deletions
diff --git a/plugins/managesieve/lib/Net/Sieve.php b/plugins/managesieve/lib/Net/Sieve.php index bc0bcc8f2..072905d68 100644 --- a/plugins/managesieve/lib/Net/Sieve.php +++ b/plugins/managesieve/lib/Net/Sieve.php @@ -1,7 +1,7 @@ <?php // +-----------------------------------------------------------------------+ // | Copyright (c) 2002-2003, Richard Heyes | -// | Copyright (c) 2006, Anish Mistry | +// | Copyright (c) 2006,2008 Anish Mistry | // | All rights reserved. | // | | // | Redistribution and use in source and binary forms, with or without | @@ -121,10 +121,16 @@ class Net_Sieve var $_useTLS = true; /** + * Additional options for stream_context_create() + * @var array + */ + var $_options = null; + + /** * The auth methods this class support * @var array */ - var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'PLAIN' , 'LOGIN'); + var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'EXTERNAL', 'PLAIN' , 'LOGIN'); //if you have problems using DIGEST-MD5 authentication please comment the line above and uncomment the following line //var $supportedAuthMethods=array( 'CRAM-MD5', 'PLAIN' , 'LOGIN'); @@ -157,8 +163,9 @@ class Net_Sieve * @param string $bypassAuth Skip the authentication phase. Useful if the socket is already open. * @param boolean $useTLS Use TLS if available + * @param array $options options for stream_context_create() */ - function Net_Sieve($user = null , $pass = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true) + function Net_Sieve($user = null , $pass = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true, $options = null) { $this->_state = NET_SIEVE_STATE_DISCONNECTED; $this->_data['user'] = $user; @@ -171,6 +178,7 @@ class Net_Sieve $this->_debug = $debug; $this->_bypassAuth = $bypassAuth; $this->_useTLS = $useTLS; + $this->_options = $options; /* * Include the Auth_SASL package. If the package is not available, * we disable the authentication methods that depend upon it. @@ -216,7 +224,7 @@ class Net_Sieve */ function _handleConnectAndLogin() { - if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], null, $this->_useTLS ))) { + if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], $this->_options, $this->_useTLS ))) { return $res; } if($this->_bypassAuth === false) { @@ -364,9 +372,6 @@ class Net_Sieve return $this->_raiseError($msg,$code); } - // Get logon greeting/capability and parse - $this->_parseCapability($res); - if($useTLS === true) { // check if we can enable TLS via STARTTLS if(isset($this->_capability['starttls']) && function_exists('stream_socket_enable_crypto') === true) { @@ -438,6 +443,9 @@ class Net_Sieve case 'PLAIN': $result = $this->_authPLAIN( $uid , $pwd , $euser ); break; + case 'EXTERNAL': + $result = $this->_authEXTERNAL( $uid , $pwd , $euser ); + break; default : $result = new PEAR_Error( "$method is not a supported authentication method" ); break; @@ -577,6 +585,28 @@ class Net_Sieve } } + /** + * Authenticates the user using the EXTERNAL method. + * + * @param string $user The userid to authenticate as. + * @param string $pass The password to authenticate with. + * @param string $euser The effective uid to authenticate as. + * + * @return array Returns an array containing the response + * + * @access private + * @since 1.1.7 + */ + function _authEXTERNAL($user, $pass, $euser) + { + if ($euser != '') { + $cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($euser) ) ; + } else { + $cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($user) ); + } + return $this->_sendCmd( $cmd ) ; + } + /** * Removes a script from the server * @@ -785,6 +815,9 @@ class Net_Sieve */ function _parseCapability($data) { + // clear the cached capabilities + $this->_capability = array(); + $data = preg_split('/\r?\n/', $data, -1, PREG_SPLIT_NO_EMPTY); for ($i = 0; $i < count($data); $i++) { @@ -1118,7 +1151,7 @@ class Net_Sieve if (PEAR::isError($res = $this->_doCmd("STARTTLS"))) { return $res; } - + if(stream_socket_enable_crypto($this->_sock->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) { $msg='Failed to establish TLS connection'; $code=2; @@ -1128,23 +1161,19 @@ class Net_Sieve if($this->_debug === true) { echo "STARTTLS Negotiation Successful\n"; } - - // skip capability strings received after AUTHENTICATE - // wait for OK "TLS negotiation successful." - if(PEAR::isError($ret = $this->_doCmd() )) { - $msg='Failed to establish TLS connection, server said: ' . $res->getMessage(); - $code=2; - return $this->_raiseError($msg,$code); - } - // RFC says we need to query the server capabilities again - // @TODO: don;'t call for capabilities if they are returned - // in tls negotiation result above + // The server should be sending a CAPABILITY response after + // negotiating TLS. Read it, and ignore if it doesn't. + $this->_doCmd(); + + // RFC says we need to query the server capabilities again now that + // we are under encryption if(PEAR::isError($res = $this->_cmdCapability() )) { $msg='Failed to connect, server said: ' . $res->getMessage(); $code=2; return $this->_raiseError($msg,$code); } + return true; } |