|
|
|
@ -1,7 +1,7 @@
|
|
|
|
|
<?php
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
// | Copyright (c) 2002-2003, Richard Heyes |
|
|
|
|
|
// | Copyright (c) 2006, Anish Mistry |
|
|
|
|
|
// | Copyright (c) 2006,2008 Anish Mistry |
|
|
|
|
|
// | All rights reserved. |
|
|
|
|
|
// | |
|
|
|
|
|
// | Redistribution and use in source and binary forms, with or without |
|
|
|
|
@ -120,11 +120,17 @@ class Net_Sieve
|
|
|
|
|
*/
|
|
|
|
|
var $_useTLS = true;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Additional options for stream_context_create()
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
var $_options = null;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The auth methods this class support
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'PLAIN' , 'LOGIN');
|
|
|
|
|
var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'EXTERNAL', 'PLAIN' , 'LOGIN');
|
|
|
|
|
//if you have problems using DIGEST-MD5 authentication please comment the line above and uncomment the following line
|
|
|
|
|
//var $supportedAuthMethods=array( 'CRAM-MD5', 'PLAIN' , 'LOGIN');
|
|
|
|
|
|
|
|
|
@ -157,8 +163,9 @@ class Net_Sieve
|
|
|
|
|
* @param string $bypassAuth Skip the authentication phase. Useful if the socket
|
|
|
|
|
is already open.
|
|
|
|
|
* @param boolean $useTLS Use TLS if available
|
|
|
|
|
* @param array $options options for stream_context_create()
|
|
|
|
|
*/
|
|
|
|
|
function Net_Sieve($user = null , $pass = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true)
|
|
|
|
|
function Net_Sieve($user = null , $pass = null , $host = 'localhost', $port = 2000, $logintype = '', $euser = '', $debug = false, $bypassAuth = false, $useTLS = true, $options = null)
|
|
|
|
|
{
|
|
|
|
|
$this->_state = NET_SIEVE_STATE_DISCONNECTED;
|
|
|
|
|
$this->_data['user'] = $user;
|
|
|
|
@ -171,6 +178,7 @@ class Net_Sieve
|
|
|
|
|
$this->_debug = $debug;
|
|
|
|
|
$this->_bypassAuth = $bypassAuth;
|
|
|
|
|
$this->_useTLS = $useTLS;
|
|
|
|
|
$this->_options = $options;
|
|
|
|
|
/*
|
|
|
|
|
* Include the Auth_SASL package. If the package is not available,
|
|
|
|
|
* we disable the authentication methods that depend upon it.
|
|
|
|
@ -216,7 +224,7 @@ class Net_Sieve
|
|
|
|
|
*/
|
|
|
|
|
function _handleConnectAndLogin()
|
|
|
|
|
{
|
|
|
|
|
if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], null, $this->_useTLS ))) {
|
|
|
|
|
if (PEAR::isError($res = $this->connect($this->_data['host'] , $this->_data['port'], $this->_options, $this->_useTLS ))) {
|
|
|
|
|
return $res;
|
|
|
|
|
}
|
|
|
|
|
if($this->_bypassAuth === false) {
|
|
|
|
@ -364,9 +372,6 @@ class Net_Sieve
|
|
|
|
|
return $this->_raiseError($msg,$code);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get logon greeting/capability and parse
|
|
|
|
|
$this->_parseCapability($res);
|
|
|
|
|
|
|
|
|
|
if($useTLS === true) {
|
|
|
|
|
// check if we can enable TLS via STARTTLS
|
|
|
|
|
if(isset($this->_capability['starttls']) && function_exists('stream_socket_enable_crypto') === true) {
|
|
|
|
@ -438,6 +443,9 @@ class Net_Sieve
|
|
|
|
|
case 'PLAIN':
|
|
|
|
|
$result = $this->_authPLAIN( $uid , $pwd , $euser );
|
|
|
|
|
break;
|
|
|
|
|
case 'EXTERNAL':
|
|
|
|
|
$result = $this->_authEXTERNAL( $uid , $pwd , $euser );
|
|
|
|
|
break;
|
|
|
|
|
default :
|
|
|
|
|
$result = new PEAR_Error( "$method is not a supported authentication method" );
|
|
|
|
|
break;
|
|
|
|
@ -577,6 +585,28 @@ class Net_Sieve
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Authenticates the user using the EXTERNAL method.
|
|
|
|
|
*
|
|
|
|
|
* @param string $user The userid to authenticate as.
|
|
|
|
|
* @param string $pass The password to authenticate with.
|
|
|
|
|
* @param string $euser The effective uid to authenticate as.
|
|
|
|
|
*
|
|
|
|
|
* @return array Returns an array containing the response
|
|
|
|
|
*
|
|
|
|
|
* @access private
|
|
|
|
|
* @since 1.1.7
|
|
|
|
|
*/
|
|
|
|
|
function _authEXTERNAL($user, $pass, $euser)
|
|
|
|
|
{
|
|
|
|
|
if ($euser != '') {
|
|
|
|
|
$cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($euser) ) ;
|
|
|
|
|
} else {
|
|
|
|
|
$cmd=sprintf('AUTHENTICATE "EXTERNAL" "%s"', base64_encode($user) );
|
|
|
|
|
}
|
|
|
|
|
return $this->_sendCmd( $cmd ) ;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Removes a script from the server
|
|
|
|
|
*
|
|
|
|
@ -785,6 +815,9 @@ class Net_Sieve
|
|
|
|
|
*/
|
|
|
|
|
function _parseCapability($data)
|
|
|
|
|
{
|
|
|
|
|
// clear the cached capabilities
|
|
|
|
|
$this->_capability = array();
|
|
|
|
|
|
|
|
|
|
$data = preg_split('/\r?\n/', $data, -1, PREG_SPLIT_NO_EMPTY);
|
|
|
|
|
|
|
|
|
|
for ($i = 0; $i < count($data); $i++) {
|
|
|
|
@ -1129,22 +1162,18 @@ class Net_Sieve
|
|
|
|
|
echo "STARTTLS Negotiation Successful\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// skip capability strings received after AUTHENTICATE
|
|
|
|
|
// wait for OK "TLS negotiation successful."
|
|
|
|
|
if(PEAR::isError($ret = $this->_doCmd() )) {
|
|
|
|
|
$msg='Failed to establish TLS connection, server said: ' . $res->getMessage();
|
|
|
|
|
$code=2;
|
|
|
|
|
return $this->_raiseError($msg,$code);
|
|
|
|
|
}
|
|
|
|
|
// The server should be sending a CAPABILITY response after
|
|
|
|
|
// negotiating TLS. Read it, and ignore if it doesn't.
|
|
|
|
|
$this->_doCmd();
|
|
|
|
|
|
|
|
|
|
// RFC says we need to query the server capabilities again
|
|
|
|
|
// @TODO: don;'t call for capabilities if they are returned
|
|
|
|
|
// in tls negotiation result above
|
|
|
|
|
// RFC says we need to query the server capabilities again now that
|
|
|
|
|
// we are under encryption
|
|
|
|
|
if(PEAR::isError($res = $this->_cmdCapability() )) {
|
|
|
|
|
$msg='Failed to connect, server said: ' . $res->getMessage();
|
|
|
|
|
$code=2;
|
|
|
|
|
return $this->_raiseError($msg,$code);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|