From 14a62c3e14fc75141278dff62768d886ebf0da01 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Wed, 29 Jul 2009 11:32:08 +0000
Subject: - Updated PEAR::Net_Sieve to 1.1.7

---
 plugins/managesieve/lib/Net/Sieve.php | 67 +++++++++++++++++++++++++----------
 1 file changed, 48 insertions(+), 19 deletions(-)

(limited to 'plugins/managesieve/lib/Net/Sieve.php')

diff --git a/plugins/managesieve/lib/Net/Sieve.php b/plugins/managesieve/lib/Net/Sieve.php
index bc0bcc8f2..072905d68 100644
--- a/plugins/managesieve/lib/Net/Sieve.php
+++ b/plugins/managesieve/lib/Net/Sieve.php
@@ -1,7 +1,7 @@
 <?php
 // +-----------------------------------------------------------------------+
 // | Copyright (c) 2002-2003, Richard Heyes                                |
-// | Copyright (c) 2006, Anish Mistry                                      |
+// | Copyright (c) 2006,2008 Anish Mistry                                  |
 // | All rights reserved.                                                  |
 // |                                                                       |
 // | Redistribution and use in source and binary forms, with or without    |
@@ -120,11 +120,17 @@ class Net_Sieve
     */
     var $_useTLS = true;
 
+    /**
+    * Additional options for stream_context_create()
+    * @var array
+    */
+    var $_options = null;
+
     /**
     * The auth methods this class support
     * @var array
     */
-    var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'PLAIN' , 'LOGIN');
+    var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'EXTERNAL', 'PLAIN' , 'LOGIN');
     //if you have problems using DIGEST-MD5 authentication  please comment the line above and uncomment the following line
     //var $supportedAuthMethods=array( 'CRAM-MD5', 'PLAIN' , 'LOGIN');
 
@@ -157,8 +163,9 @@ class Net_Sieve
     * @param  string $bypassAuth Skip the authentication phase.  Useful if the socket
                                   is already open.
     * @param  boolean $useTLS Use TLS if available
+    * @param  array  $options   options for stream_context_create()
     */
-    function Net_Sieve($user = null , $pass  = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true)
+    function Net_Sieve($user = null , $pass  = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true, $options = null)
     {
         $this->_state = NET_SIEVE_STATE_DISCONNECTED;
         $this->_data['user'] = $user;
@@ -171,6 +178,7 @@ class Net_Sieve
         $this->_debug = $debug;
         $this->_bypassAuth = $bypassAuth;
         $this->_useTLS = $useTLS;
+        $this->_options = $options;
         /*
         * Include the Auth_SASL package.  If the package is not available,
         * we disable the authentication methods that depend upon it.
@@ -216,7 +224,7 @@ class Net_Sieve
     */
     function _handleConnectAndLogin()
     {
-        if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], null, $this->_useTLS ))) {
+        if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], $this->_options, $this->_useTLS ))) {
             return $res;
         }
         if($this->_bypassAuth === false) {
@@ -364,9 +372,6 @@ class Net_Sieve
             return $this->_raiseError($msg,$code);
         }
 
-        // Get logon greeting/capability and parse
-        $this->_parseCapability($res);
-
         if($useTLS === true) {
             // check if we can enable TLS via STARTTLS
             if(isset($this->_capability['starttls']) && function_exists('stream_socket_enable_crypto') === true) {
@@ -438,6 +443,9 @@ class Net_Sieve
             case 'PLAIN':
                 $result = $this->_authPLAIN( $uid , $pwd , $euser );
                 break;
+            case 'EXTERNAL':
+                $result = $this->_authEXTERNAL( $uid , $pwd , $euser );
+                break;
             default :
                 $result = new PEAR_Error( "$method is not a supported authentication method" );
                 break;
@@ -577,6 +585,28 @@ class Net_Sieve
         }
     }
 
+     /**
+     * Authenticates the user using the EXTERNAL method.
+     *
+     * @param string $user The userid to authenticate as.
+     * @param string $pass The password to authenticate with.
+     * @param string $euser The effective uid to authenticate as.
+     *
+     * @return array Returns an array containing the response
+     *
+     * @access private
+     * @since  1.1.7
+     */
+    function _authEXTERNAL($user, $pass, $euser)
+    {
+        if ($euser != '') {
+            $cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($euser) ) ;
+        } else {
+            $cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($user) );
+        }
+        return $this->_sendCmd( $cmd ) ;
+    }
+
     /**
     * Removes a script from the server
     *
@@ -785,6 +815,9 @@ class Net_Sieve
     */
     function _parseCapability($data)
     {
+        // clear the cached capabilities
+        $this->_capability = array();
+
         $data = preg_split('/\r?\n/', $data, -1, PREG_SPLIT_NO_EMPTY);
 
         for ($i = 0; $i < count($data); $i++) {
@@ -1118,7 +1151,7 @@ class Net_Sieve
         if (PEAR::isError($res = $this->_doCmd("STARTTLS"))) {
             return $res;
         }
-	
+
         if(stream_socket_enable_crypto($this->_sock->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) {
             $msg='Failed to establish TLS connection';
             $code=2;
@@ -1128,23 +1161,19 @@ class Net_Sieve
         if($this->_debug === true) {
             echo "STARTTLS Negotiation Successful\n";
         }
-	
-	// skip capability strings received after AUTHENTICATE
-	// wait for OK "TLS negotiation successful." 
-	if(PEAR::isError($ret = $this->_doCmd() )) {
-            $msg='Failed to establish TLS connection, server said: ' . $res->getMessage();
-            $code=2;
-            return $this->_raiseError($msg,$code);
-        }
 
-        // RFC says we need to query the server capabilities again
-	// @TODO: don;'t call for capabilities if they are returned
-	// in tls negotiation result above
+        // The server should be sending a CAPABILITY response after
+        // negotiating TLS. Read it, and ignore if it doesn't.
+        $this->_doCmd();
+
+        // RFC says we need to query the server capabilities again now that
+        // we are under encryption
         if(PEAR::isError($res = $this->_cmdCapability() )) {
             $msg='Failed to connect, server said: ' . $res->getMessage();
             $code=2;
             return $this->_raiseError($msg,$code);
         }
+
         return true;
     }
 
-- 
cgit v1.2.3