Skip to content

Commit 14f0c76

Browse files
schengaweggaschengawegga
committed
SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports pear#57 
1 parent ebecdd2 commit 14f0c76

File tree

1 file changed

+30
-8
lines changed

1 file changed

+30
-8
lines changed

Net/SMTP.php

+30-8
Original file line numberDiff line numberDiff line change
@@ -1165,9 +1165,6 @@ public function authXOAuth2($uid, $token, $authz, $conn)
11651165
return true;
11661166
}
11671167

1168-
1169-
1170-
11711168
/**
11721169
* Authenticates the user using the SCRAM-SHA-1 method.
11731170
*
@@ -1279,23 +1276,48 @@ protected function authScramSHA($uid, $pwd, $authz = '')
12791276
}
12801277

12811278
$auth_sasl = new Auth_SASL;
1282-
$challenge = base64_decode($this->arguments[0]);
12831279
$cram = $auth_sasl->factory($this->scram_sha_hash_algorithm);
1284-
$auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));
1280+
$auth_str = base64_encode($cram->getResponse($uid, $pwd));
12851281

1282+
/* Step 1: Send first authentication request */
12861283
if (PEAR::isError($error = $this->put($auth_str))) {
12871284
return $error;
12881285
}
12891286

1290-
/* 235: Authentication successful */
1291-
if (PEAR::isError($error = $this->parseResponse(235))) {
1287+
/* 334: Continue authentication request with password salt */
1288+
if (PEAR::isError($error = $this->parseResponse(334))) {
12921289
return $error;
12931290
}
1294-
}
12951291

1292+
$challenge = base64_decode($this->arguments[0]);
1293+
$auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));
12961294

1295+
/* Step 2: Send salted authentication request */
1296+
if (PEAR::isError($error = $this->put($auth_str))) {
1297+
return $error;
1298+
}
12971299

1300+
/* 334: Continue authentication request with password salt */
1301+
if (PEAR::isError($error = $this->parseResponse(334))) {
1302+
return $error;
1303+
}
12981304

1305+
/* Verify server signature */
1306+
$verification = $cram->processOutcome(base64_decode($this->arguments[0]));
1307+
if ($verification == false) {
1308+
return PEAR::raiseError("SCRAM Server verification on step 3 not successful");
1309+
}
1310+
1311+
/* Step 3: Send a request to acknowledge verification */
1312+
if (PEAR::isError($error = $this->put("NOOP"))) {
1313+
return $error;
1314+
}
1315+
1316+
/* 235: Authentication successful */
1317+
if (PEAR::isError($error = $this->parseResponse(235))) {
1318+
return $error;
1319+
}
1320+
}
12991321

13001322
/**
13011323
* Send the HELO command.

0 commit comments

Comments
 (0)