예제 #1
0
 /**
  * Creates a DigestChallenge object from a string
  *
  * Example input string:
  * <pre>
  *   realm="example.com",nonce="GMybUaOM4lpMlJbeRwxOLzTalYDwLAxv/sLf8de4DPA=",
  *   qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4",charset=utf-8,
  *   algorithm=md5-sess    
  * </pre>
  *
  * @param   string s
  * @return  security.sasl.DigestChallenge
  * @throws  lang.FormatException
  */
 public static function fromString($s)
 {
     with($challenge = new DigestChallenge());
     $s .= ',';
     while ($p = strpos($s, '=')) {
         $key = substr($s, 0, $p);
         $t = '"' == $s[$p + 1] ? strpos($s, '"', $p + 2) + 1 : strpos($s, ',', $p + 1);
         $value = trim(substr($s, $p + 1, $t - $p - 1), '"');
         switch ($key) {
             case 'realm':
                 $challenge->setRealm($value);
                 break;
             case 'domain':
                 $challenge->setDomain($value);
                 break;
             case 'nonce':
                 $challenge->setNonce($value);
                 break;
             case 'qop':
                 $challenge->setQop(explode(',', strtolower($value)));
                 break;
             case 'cipher':
                 $challenge->setCipher(explode(',', strtolower($value)));
                 break;
             case 'charset':
                 $challenge->setCharset($value);
                 break;
             case 'algorithm':
                 $challenge->setAlgorithm($value);
                 break;
             case 'stale':
                 $challenge->setStale(0 == strcasecmp($value, 'true'));
                 break;
             case 'opaque':
                 $challenge->setOpaque($value);
                 break;
             case 'maxbuf':
                 $challenge->setMaxbuf(intval($value));
                 break;
             default:
                 throw new FormatException('Unrecognized key "' . $key . '"');
         }
         $s = substr($s, $t + 1);
     }
     return $challenge;
 }
예제 #2
0
 /**
  * Authenticate
  *
  * Supported methods:
  * <ul>
  *   <li>PLAIN</li>
  *   <li>LOGIN</li>
  *   <li>DIGEST-MD5</li>
  *   <li>CRAM-MD5</li>
  * </ul>
  *
  * @param   string method one of the SIEVE_SASL_* constants
  * @param   string user
  * @param   string pass
  * @param   string auth default NULL
  * @return  bool success
  * @throws  lang.IllegalArgumentException when the specified method is not supported
  */
 public function authenticate($method, $user, $pass, $auth = NULL)
 {
     if (!$this->hasAuthenticationMethod($method)) {
         throw new IllegalArgumentException('Authentication method ' . $method . ' not supported');
     }
     // Check whether we want to impersonate
     if (NULL === $auth) {
         $auth = $user;
     }
     // Send auth request depending on specified authentication method
     switch ($method) {
         case SIEVE_SASL_PLAIN:
             $e = base64_encode($auth . "" . $user . "" . $pass);
             $this->_sendcmd('AUTHENTICATE "PLAIN" {%d+}', strlen($e));
             $this->_sendcmd($e);
             break;
         case SIEVE_SASL_LOGIN:
             $this->_sendcmd('AUTHENTICATE "LOGIN"');
             $ue = base64_encode($user);
             $this->_sendcmd('{%d+}', strlen($ue));
             $this->_sendcmd($ue);
             $pe = base64_encode($pass);
             $this->_sendcmd('{%d+}', strlen($pe));
             $this->_sendcmd($pe);
             break;
         case SIEVE_SASL_DIGEST_MD5:
             $this->_sendcmd('AUTHENTICATE "DIGEST-MD5"');
             // Read server challenge. Example (decoded):
             //
             // realm="example.com",nonce="GMybUaOM4lpMlJbeRwxOLzTalYDwLAxv/sLf8de4DPA=",
             // qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4",charset=utf-8,
             // algorithm=md5-sess
             //
             // See also xp://security.sasl.DigestChallenge
             $len = $this->_sock->readLine(0x400);
             $str = base64_decode($this->_sock->readLine());
             $this->cat && $this->cat->debug('Challenge (length ' . $len . '):', $str);
             $challenge = DigestChallenge::fromString($str);
             $response = $challenge->responseFor(DC_QOP_AUTH, $user, $pass, $auth);
             $this->cat && $this->cat->debug($challenge, $response);
             // Build and send challenge response
             $response->setDigestUri('sieve/' . $this->_sock->host);
             $cmd = $response->getString();
             $this->cat && $this->cat->debug('Sending challenge response', $cmd);
             $this->_sendcmd('"%s"', base64_encode($cmd));
             // Finally, read the response auth
             $len = $this->_sock->readLine();
             $str = base64_decode($this->_sock->readLine());
             $this->cat && $this->cat->debug('Response auth (length ' . $len . '):', $str);
             return TRUE;
         case SIEVE_SASL_CRAM_MD5:
             $this->_sendcmd('AUTHENTICATE "CRAM-MD5"');
             // Read server challenge. Example (decoded):
             //
             // <*****@*****.**>
             //
             // See also rfc://2195
             $len = $this->_sock->readLine(0x400);
             $challenge = base64_decode($this->_sock->readLine());
             $this->cat && $this->cat->debug('Challenge (length ' . $len . '):', $challenge);
             // Build response and send it
             $response = sprintf('%s %s', $user, bin2hex(HMAC_MD5::hash($challenge, $pass)));
             $this->cat && $this->cat->debug('Sending challenge response', $response);
             $this->_sendcmd('"%s"', base64_encode($response));
             break;
         default:
             throw new IllegalArgumentException('Authentication method ' . $method . ' not implemented');
     }
     // Read the response. Examples:
     //
     // - OK
     // - NO ("SASL" "authentication failure") "Authentication error"
     return $this->_response(TRUE);
 }