/**
* Authenticate to the POP3 server.
*
* @param string $method POP3 login method.
*
* @throws Horde_Imap_Client_Exception
*/
protected function _tryLogin($method)
{
$username = $this->getParam('username');
$password = $this->getParam('password');
switch ($method) {
case 'CRAM-MD5':
case 'CRAM-SHA1':
case 'CRAM-SHA256':
// RFC 5034: CRAM-MD5
// CRAM-SHA1 & CRAM-SHA256 supported by Courier SASL library
$challenge = $this->_sendLine('AUTH ' . $method);
$response = base64_encode($username . ' ' . hash_hmac(Horde_String::lower(substr($method, 5)), base64_decode(substr($challenge['resp'], 2)), $password, true));
$this->_sendLine($response, array('debug' => sprintf('[AUTH Response (username: %s)]', $username)));
break;
case 'DIGEST-MD5':
// RFC 2831; Obsoleted by RFC 6331
$challenge = $this->_sendLine('AUTH DIGEST-MD5');
$response = base64_encode(new Horde_Imap_Client_Auth_DigestMD5($username, $password, base64_decode(substr($challenge['resp'], 2)), $this->getParam('hostspec'), 'pop3'));
$sresponse = $this->_sendLine($response, array('debug' => sprintf('[AUTH Response (username: %s)]', $username)));
if (stripos(base64_decode(substr($sresponse['resp'], 2)), 'rspauth=') === false) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Unexpected response from server when authenticating."), Horde_Imap_Client_Exception::SERVER_CONNECT);
}
/* POP3 doesn't use protocol's third step. */
$this->_sendLine('');
break;
case 'LOGIN':
// RFC 4616 (AUTH=PLAIN) & 5034 (POP3 SASL)
$this->_sendLine('AUTH LOGIN');
$this->_sendLine(base64_encode($username));
$this->_sendLine(base64_encode($password), array('debug' => sprintf('[AUTH Password (username: %s)]', $username)));
break;
case 'PLAIN':
// RFC 5034
$this->_sendLine('AUTH PLAIN ' . base64_encode(implode("", array($username, $username, $password))), array('debug' => sprintf('AUTH PLAIN [Auth Response (username: %s)]', $username)));
break;
case 'APOP':
/* If UTF8 (+ USER) is active, and non-ASCII exists, need to apply
* SASLprep to username/password. RFC 6856[2.2]. Reject if
* UTF8 (+ USER) is not supported and 8-bit characters exist. */
if (Horde_Mime::is8bit($username) || Horde_Mime::is8bit($password)) {
if (empty($this->_temp['utf8']) || !$this->_capability('UTF8', 'USER') || !class_exists('Horde_Stringprep')) {
$error = true;
} else {
Horde_Stringprep::autoload();
$saslprep = new Znerol\Component\Stringprep\Profile\SASLprep();
try {
$username = $saslprep->apply($username, 'UTF-8', Znerol\Compnonent\Stringprep\Profile::MODE_QUERY);
$password = $saslprep->apply($password, 'UTF-8', Znerol\Compnonent\Stringprep\Profile::MODE_STORE);
$error = false;
} catch (Znerol\Component\Stringprep\ProfileException $e) {
$error = true;
}
}
if ($error) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Authentication failed."), Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED);
}
}
// RFC 1939 [7]
$this->_sendLine('APOP ' . $username . ' ' . hash('md5', $this->_temp['pop3timestamp'] . $password));
break;
case 'USER':
/* POP3 servers without UTF8 (+ USER) does not accept non-ASCII
* in USER/PASS. RFC 6856[2.2] */
if ((empty($this->_temp['utf8']) || !$this->_capability('UTF8', 'USER')) && (Horde_Mime::is8bit($username) || Horde_Mime::is8bit($password))) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Authentication failed."), Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED);
}
// RFC 1939 [7]
$this->_sendLine('USER ' . $username);
$this->_sendLine('PASS ' . $password, array('debug' => 'PASS [Password]'));
break;
case 'SCRAM-SHA-1':
$scram = new Horde_Imap_Client_Auth_Scram($username, $password, 'SHA1');
$c1 = $this->_sendLine('AUTH ' . $method . ' ' . base64_encode($scram->getClientFirstMessage()));
$sr1 = base64_decode(substr($c1['resp'], 2));
if (!$scram->parseServerFirstMessage($sr1)) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Authentication failed."), Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED);
}
$c2 = $this->_sendLine(base64_encode($scram->getClientFinalMessage()));
$sr2 = base64_decode(substr($c2['resp'], 2));
if (!$scram->parseServerFirstMessage($sr)) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Authentication failed."), Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED);
/* This means authentication passed, according to the server,
* but the server signature is incorrect. This indicates that
* server verification has failed. Immediately disconnect from
* the server, since this is a possible security issue. */
$this->logout();
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Server failed verification check."), Horde_Imap_Client_Exception::LOGIN_SERVER_VERIFICATION_FAILED);
}
$this->_sendLine('');
break;
default:
$e = new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Unknown authentication method: %s"), Horde_Imap_Client_Exception::SERVER_CONNECT);
$e->messagePrintf(array($method));
throw $e;
}
}
/**
* Constructor.
*
* @param string $user Username.
* @param string $pass Password.
* @param string $hash Hash name.
*
* @throws Horde_Imap_Client_Exception
*/
public function __construct($user, $pass, $hash = 'SHA1')
{
$error = false;
$this->_hash = $hash;
try {
if (!class_exists('Horde_Stringprep') || !class_exists('Horde_Crypt_Blowfish_Pbkdf2')) {
throw new Exception();
}
Horde_Stringprep::autoload();
$saslprep = new Znerol\Component\Stringprep\Profile\SASLprep();
$this->_user = $saslprep->apply($user, 'UTF-8', Znerol\Component\Stringprep\Profile::MODE_QUERY);
$this->_pass = $saslprep->apply($pass, 'UTF-8', Znerol\Component\Stringprep\Profile::MODE_STORE);
} catch (Znerol\Component\Stringprep\ProfileException $e) {
$error = true;
} catch (Exception $e) {
$error = true;
}
if ($error) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Authentication failure."), Horde_Imap_Client_Exception::LOGIN_AUTHORIZATIONFAILED);
}
/* Generate nonce. (Done here so this can be overwritten for
* testing purposes.) */
$this->_nonce = strval(new Horde_Support_Randomid());
}