summaryrefslogtreecommitdiff
path: root/plugins/managesieve/lib
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/managesieve/lib')
-rw-r--r--plugins/managesieve/lib/Net/Sieve.php67
1 files changed, 48 insertions, 19 deletions
diff --git a/plugins/managesieve/lib/Net/Sieve.php b/plugins/managesieve/lib/Net/Sieve.php
index bc0bcc8f2..072905d68 100644
--- a/plugins/managesieve/lib/Net/Sieve.php
+++ b/plugins/managesieve/lib/Net/Sieve.php
@@ -1,7 +1,7 @@
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003, Richard Heyes |
-// | Copyright (c) 2006, Anish Mistry |
+// | Copyright (c) 2006,2008 Anish Mistry |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
@@ -121,10 +121,16 @@ class Net_Sieve
var $_useTLS = true;
/**
+ * Additional options for stream_context_create()
+ * @var array
+ */
+ var $_options = null;
+
+ /**
* The auth methods this class support
* @var array
*/
- var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'PLAIN' , 'LOGIN');
+ var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'EXTERNAL', 'PLAIN' , 'LOGIN');
//if you have problems using DIGEST-MD5 authentication please comment the line above and uncomment the following line
//var $supportedAuthMethods=array( 'CRAM-MD5', 'PLAIN' , 'LOGIN');
@@ -157,8 +163,9 @@ class Net_Sieve
* @param string $bypassAuth Skip the authentication phase. Useful if the socket
is already open.
* @param boolean $useTLS Use TLS if available
+ * @param array $options options for stream_context_create()
*/
- function Net_Sieve($user = null , $pass = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true)
+ function Net_Sieve($user = null , $pass = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true, $options = null)
{
$this->_state = NET_SIEVE_STATE_DISCONNECTED;
$this->_data['user'] = $user;
@@ -171,6 +178,7 @@ class Net_Sieve
$this->_debug = $debug;
$this->_bypassAuth = $bypassAuth;
$this->_useTLS = $useTLS;
+ $this->_options = $options;
/*
* Include the Auth_SASL package. If the package is not available,
* we disable the authentication methods that depend upon it.
@@ -216,7 +224,7 @@ class Net_Sieve
*/
function _handleConnectAndLogin()
{
- if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], null, $this->_useTLS ))) {
+ if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], $this->_options, $this->_useTLS ))) {
return $res;
}
if($this->_bypassAuth === false) {
@@ -364,9 +372,6 @@ class Net_Sieve
return $this->_raiseError($msg,$code);
}
- // Get logon greeting/capability and parse
- $this->_parseCapability($res);
-
if($useTLS === true) {
// check if we can enable TLS via STARTTLS
if(isset($this->_capability['starttls']) && function_exists('stream_socket_enable_crypto') === true) {
@@ -438,6 +443,9 @@ class Net_Sieve
case 'PLAIN':
$result = $this->_authPLAIN( $uid , $pwd , $euser );
break;
+ case 'EXTERNAL':
+ $result = $this->_authEXTERNAL( $uid , $pwd , $euser );
+ break;
default :
$result = new PEAR_Error( "$method is not a supported authentication method" );
break;
@@ -577,6 +585,28 @@ class Net_Sieve
}
}
+ /**
+ * Authenticates the user using the EXTERNAL method.
+ *
+ * @param string $user The userid to authenticate as.
+ * @param string $pass The password to authenticate with.
+ * @param string $euser The effective uid to authenticate as.
+ *
+ * @return array Returns an array containing the response
+ *
+ * @access private
+ * @since 1.1.7
+ */
+ function _authEXTERNAL($user, $pass, $euser)
+ {
+ if ($euser != '') {
+ $cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($euser) ) ;
+ } else {
+ $cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($user) );
+ }
+ return $this->_sendCmd( $cmd ) ;
+ }
+
/**
* Removes a script from the server
*
@@ -785,6 +815,9 @@ class Net_Sieve
*/
function _parseCapability($data)
{
+ // clear the cached capabilities
+ $this->_capability = array();
+
$data = preg_split('/\r?\n/', $data, -1, PREG_SPLIT_NO_EMPTY);
for ($i = 0; $i < count($data); $i++) {
@@ -1118,7 +1151,7 @@ class Net_Sieve
if (PEAR::isError($res = $this->_doCmd("STARTTLS"))) {
return $res;
}
-
+
if(stream_socket_enable_crypto($this->_sock->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) {
$msg='Failed to establish TLS connection';
$code=2;
@@ -1128,23 +1161,19 @@ class Net_Sieve
if($this->_debug === true) {
echo "STARTTLS Negotiation Successful\n";
}
-
- // skip capability strings received after AUTHENTICATE
- // wait for OK "TLS negotiation successful."
- if(PEAR::isError($ret = $this->_doCmd() )) {
- $msg='Failed to establish TLS connection, server said: ' . $res->getMessage();
- $code=2;
- return $this->_raiseError($msg,$code);
- }
- // RFC says we need to query the server capabilities again
- // @TODO: don;'t call for capabilities if they are returned
- // in tls negotiation result above
+ // The server should be sending a CAPABILITY response after
+ // negotiating TLS. Read it, and ignore if it doesn't.
+ $this->_doCmd();
+
+ // RFC says we need to query the server capabilities again now that
+ // we are under encryption
if(PEAR::isError($res = $this->_cmdCapability() )) {
$msg='Failed to connect, server said: ' . $res->getMessage();
$code=2;
return $this->_raiseError($msg,$code);
}
+
return true;
}