Skip to content

Commit

Permalink
SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supp…
Browse files Browse the repository at this point in the history
…orts pear#57
  • Loading branch information
schengawegga committed Apr 1, 2023
1 parent ebecdd2 commit 14f0c76
Showing 1 changed file with 30 additions and 8 deletions.
38 changes: 30 additions & 8 deletions Net/SMTP.php
Original file line number Diff line number Diff line change
Expand Up @@ -1165,9 +1165,6 @@ public function authXOAuth2($uid, $token, $authz, $conn)
return true;
}




/**
* Authenticates the user using the SCRAM-SHA-1 method.
*
Expand Down Expand Up @@ -1279,23 +1276,48 @@ protected function authScramSHA($uid, $pwd, $authz = '')
}

$auth_sasl = new Auth_SASL;
$challenge = base64_decode($this->arguments[0]);
$cram = $auth_sasl->factory($this->scram_sha_hash_algorithm);
$auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));
$auth_str = base64_encode($cram->getResponse($uid, $pwd));

/* Step 1: Send first authentication request */
if (PEAR::isError($error = $this->put($auth_str))) {
return $error;
}

/* 235: Authentication successful */
if (PEAR::isError($error = $this->parseResponse(235))) {
/* 334: Continue authentication request with password salt */
if (PEAR::isError($error = $this->parseResponse(334))) {
return $error;
}
}

$challenge = base64_decode($this->arguments[0]);
$auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));

/* Step 2: Send salted authentication request */
if (PEAR::isError($error = $this->put($auth_str))) {
return $error;
}

/* 334: Continue authentication request with password salt */
if (PEAR::isError($error = $this->parseResponse(334))) {
return $error;
}

/* Verify server signature */
$verification = $cram->processOutcome(base64_decode($this->arguments[0]));
if ($verification == false) {
return PEAR::raiseError("SCRAM Server verification on step 3 not successful");
}

/* Step 3: Send a request to acknowledge verification */
if (PEAR::isError($error = $this->put("NOOP"))) {
return $error;
}

/* 235: Authentication successful */
if (PEAR::isError($error = $this->parseResponse(235))) {
return $error;
}
}

/**
* Send the HELO command.
Expand Down

0 comments on commit 14f0c76

Please sign in to comment.