From 1939d4d45b9aefc44f87679c5db97f386dd61778 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Sat, 1 Apr 2023 23:20:57 +0200 Subject: [PATCH 01/11] SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports #57 --- Net/SMTP.php | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 1 deletion(-) diff --git a/Net/SMTP.php b/Net/SMTP.php index 24db1f1..c67c417 100644 --- a/Net/SMTP.php +++ b/Net/SMTP.php @@ -162,6 +162,13 @@ class Net_SMTP */ protected $gssapi_cname = null; + /** + * SCRAM SHA-Hash algorithm. + * + * @var string + */ + protected $scram_sha_hash_algorithm = null; + /** * Instantiates a new Net_SMTP object, overriding any defaults * with parameters that are passed in. @@ -215,6 +222,11 @@ public function __construct($host = null, $port = null, $localhost = null, if (@include_once 'Auth/SASL.php') { $this->setAuthMethod('CRAM-MD5', array($this, 'authCramMD5')); $this->setAuthMethod('DIGEST-MD5', array($this, 'authDigestMD5')); + $this->setAuthMethod('SCRAM-SHA-1', array($this, 'authScramSHA1')); + $this->setAuthMethod('SCRAM-SHA-224', array($this, 'authScramSHA224')); + $this->setAuthMethod('SCRAM-SHA-256', array($this, 'authScramSHA256')); + $this->setAuthMethod('SCRAM-SHA-384', array($this, 'authScramSHA384')); + $this->setAuthMethod('SCRAM-SHA-512', array($this, 'authScramSHA512')); } /* These standard authentication methods are always available. */ @@ -426,7 +438,7 @@ public function command($command, $valid) */ public function getResponse() { - return array($this->code, join("\n", $this->arguments)); + return array($this->code, implode("\n", $this->arguments)); } /** @@ -1021,6 +1033,7 @@ protected function authGSSAPI($uid, $pwd, $authz = '') * @param string $uid The userid to authenticate as. * @param string $token The access token to authenticate with. * @param string $authz The optional authorization proxy identifier. + * @param object $conn The current object * * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. @@ -1075,6 +1088,160 @@ public function authXOAuth2($uid, $token, $authz, $conn) return true; } + /** + * Authenticates the user using the SCRAM-SHA-1 method. + * + * @param string $uid The userid to authenticate as. + * @param string $pwd The password to authenticate with. + * @param string $authz The optional authorization proxy identifier. + * + * @return mixed Returns a PEAR_Error with an error message on any + * kind of failure, or true on success. + * @since 1.11.0 + */ + protected function authScramSHA1($uid, $pwd, $authz = '') + { + $this->scram_sha_hash_algorithm = 'SCRAM-SHA-1'; + return $this->authScramSHA($uid, $pwd, $authz); + } + + /** + * Authenticates the user using the SCRAM-SHA-224 method. + * + * @param string $uid The userid to authenticate as. + * @param string $pwd The password to authenticate with. + * @param string $authz The optional authorization proxy identifier. + * + * @return mixed Returns a PEAR_Error with an error message on any + * kind of failure, or true on success. + * @since 1.11.0 + */ + protected function authScramSHA224($uid, $pwd, $authz = '') + { + $this->scram_sha_hash_algorithm = 'SCRAM-SHA-224'; + return $this->authScramSHA($uid, $pwd, $authz); + } + + /** + * Authenticates the user using the SCRAM-SHA-256 method. + * + * @param string $uid The userid to authenticate as. + * @param string $pwd The password to authenticate with. + * @param string $authz The optional authorization proxy identifier. + * + * @return mixed Returns a PEAR_Error with an error message on any + * kind of failure, or true on success. + * @since 1.11.0 + */ + protected function authScramSHA256($uid, $pwd, $authz = '') + { + $this->scram_sha_hash_algorithm = 'SCRAM-SHA-256'; + return $this->authScramSHA($uid, $pwd, $authz); + } + + /** + * Authenticates the user using the SCRAM-SHA-384 method. + * + * @param string $uid The userid to authenticate as. + * @param string $pwd The password to authenticate with. + * @param string $authz The optional authorization proxy identifier. + * + * @return mixed Returns a PEAR_Error with an error message on any + * kind of failure, or true on success. + * @since 1.11.0 + */ + protected function authScramSHA384($uid, $pwd, $authz = '') + { + $this->scram_sha_hash_algorithm = 'SCRAM-SHA-384'; + return $this->authScramSHA($uid, $pwd, $authz); + } + + /** + * Authenticates the user using the SCRAM-SHA-512 method. + * + * @param string $uid The userid to authenticate as. + * @param string $pwd The password to authenticate with. + * @param string $authz The optional authorization proxy identifier. + * + * @return mixed Returns a PEAR_Error with an error message on any + * kind of failure, or true on success. + * @since 1.11.0 + */ + protected function authScramSHA512($uid, $pwd, $authz = '') + { + $this->scram_sha_hash_algorithm = 'SCRAM-SHA-512'; + return $this->authScramSHA($uid, $pwd, $authz); + } + + /** + * Authenticates the user using the SCRAM-SHA method. + * + * @param string $uid The userid to authenticate as. + * @param string $pwd The password to authenticate with. + * @param string $authz The optional authorization proxy identifier. + * + * @return mixed Returns a PEAR_Error with an error message on any + * kind of failure, or true on success. + * @since 1.11.0 + */ + protected function authScramSHA($uid, $pwd, $authz = '') + { + if (PEAR::isError($error = $this->put('AUTH', $this->scram_sha_hash_algorithm))) { + return $error; + } + /* 334: Continue authentication request */ + if (PEAR::isError($error = $this->parseResponse(334))) { + /* 503: Error: already authenticated */ + if ($this->code === 503) { + return true; + } + return $error; + } + + $auth_sasl = new Auth_SASL; + $cram = $auth_sasl->factory($this->scram_sha_hash_algorithm); + $auth_str = base64_encode($cram->getResponse($uid, $pwd)); + + /* Step 1: Send first authentication request */ + if (PEAR::isError($error = $this->put($auth_str))) { + return $error; + } + + /* 334: Continue authentication request with password salt */ + if (PEAR::isError($error = $this->parseResponse(334))) { + return $error; + } + + $challenge = base64_decode($this->arguments[0]); + $auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge)); + + /* Step 2: Send salted authentication request */ + if (PEAR::isError($error = $this->put($auth_str))) { + return $error; + } + + /* 334: Continue authentication request with password salt */ + if (PEAR::isError($error = $this->parseResponse(334))) { + return $error; + } + + /* Verify server signature */ + $verification = $cram->processOutcome(base64_decode($this->arguments[0])); + if ($verification == false) { + return PEAR::raiseError("SCRAM Server verification on step 3 not successful"); + } + + /* Step 3: Send a request to acknowledge verification */ + if (PEAR::isError($error = $this->put("NOOP"))) { + return $error; + } + + /* 235: Authentication successful */ + if (PEAR::isError($error = $this->parseResponse(235))) { + return $error; + } + } + /** * Send the HELO command. * From d6bdf5ba6bf558ac86139c0603049cef10414db2 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Wed, 2 Aug 2023 23:21:17 +0200 Subject: [PATCH 02/11] Update README.rst --- README.rst | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/README.rst b/README.rst index 3871fb9..2bc621c 100644 --- a/README.rst +++ b/README.rst @@ -6,8 +6,8 @@ User Documentation -------------------- -:Author: Jon Parise -:Contact: jon@php.net +:Author: Jon Parise, Armin Graefe +:Contact: jon@php.net, schengawegga@gmail.com .. contents:: Table of Contents .. section-numbering:: @@ -41,9 +41,9 @@ The ``Auth_SASL`` Package ------------------------- The `Auth_SASL`_ package is an optional dependency. If it is available, the -Net_SMTP package will be able to support the DIGEST-MD5_ and CRAM-MD5_ SMTP -authentication methods. Otherwise, only the LOGIN_ and PLAIN_ methods will -be available. +Net_SMTP package will be able to support the DIGEST-MD5_, CRAM-MD5_ and +SCRAM-SHA_ SMTP authentication methods. Otherwise, only the LOGIN_ and +PLAIN_ methods will be available. Error Handling ============== @@ -106,6 +106,19 @@ older SMTP servers that may not support the newer DIGEST-MD5 algorithm. **Note:** The CRAM-MD5 authentication method is only supported if the AUTH_SASL_ package is available. +SCRAM-SHA +-------- + +In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) +is a family of modern, password-based challenge–response authentication mechanisms +providing authentication to a server. + +Available mechanisms are SCRAM-SHA-1, SCRAM-SHA-224, SCRAM-SHA-256, SCRAM-SHA-384 +and SCRAM-SHA-512. + +**Note:** The SCRAM-SHA authentication method is only supported if the +AUTH_SASL_ package is available. + LOGIN ----- From 8501452db3d05a648fe4227c33be5f00603c3672 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Wed, 2 Aug 2023 23:22:37 +0200 Subject: [PATCH 03/11] Update README.rst --- README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 2bc621c..af31989 100644 --- a/README.rst +++ b/README.rst @@ -6,8 +6,8 @@ User Documentation -------------------- -:Author: Jon Parise, Armin Graefe -:Contact: jon@php.net, schengawegga@gmail.com +:Author: "Jon Parise", "Armin Graefe" +:Contact: "jon@php.net", "schengawegga@gmail.com" .. contents:: Table of Contents .. section-numbering:: From 76c18b2eb8b197d200ecd748f7ac0d45c7ed84af Mon Sep 17 00:00:00 2001 From: schengawegga Date: Wed, 2 Aug 2023 23:32:53 +0200 Subject: [PATCH 04/11] Update README.rst --- README.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index af31989..a5625bf 100644 --- a/README.rst +++ b/README.rst @@ -6,8 +6,11 @@ User Documentation -------------------- -:Author: "Jon Parise", "Armin Graefe" -:Contact: "jon@php.net", "schengawegga@gmail.com" ++--------+-----------+----------------------+ +|Author: |Jon Parise |Armin Graefe | ++--------+-----------+----------------------+ +|Contact:|jon@php.net|schengawegga@gmail.com| ++--------+-----------+----------------------+ .. contents:: Table of Contents .. section-numbering:: From cce50d2d095ea0cc56ed8ffd104c610c8c69b192 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Sat, 5 Aug 2023 22:46:53 +0200 Subject: [PATCH 05/11] Sort authentication methods alphabetical and mark CRAM-MD5 and DIGEST-MD5 as DEPRECATED --- README.rst | 70 +++++++++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 32 deletions(-) diff --git a/README.rst b/README.rst index a5625bf..af283e1 100644 --- a/README.rst +++ b/README.rst @@ -70,25 +70,25 @@ methods, in order of preference: .. _RFC-2554: https://www.ietf.org/rfc/rfc2554.txt -GSSAPI ------- +CRAM-MD5 (DEPRECATED) +-------- -The GSSAPI authentication method uses Kerberos 5 protocol (RFC-4120_). -Does not use user/password. -Requires Service Principal ``gssapi_principal`` parameter and -has an optional Credentials Cache ``gssapi_cname`` parameter. -Requires DNS and Key Distribution Center (KDC) setup. -It is considered the most secure method of SMTP authentication. +**DEPRECATED** +This authentication method is no longer secure. -**Note:** The GSSAPI authentication method is only supported -if the krb5_ php extension is available. +The CRAM-MD5 authentication method has been superseded by the DIGEST-MD5_ +method in terms of security. It is provided here for compatibility with +older SMTP servers that may not support the newer DIGEST-MD5 algorithm. -.. _RFC-4120: https://tools.ietf.org/html/rfc4120 -.. _krb5: https://pecl.php.net/package/krb5 +**Note:** The CRAM-MD5 authentication method is only supported if the +AUTH_SASL_ package is available. -DIGEST-MD5 +DIGEST-MD5 (DEPRECATED) ---------- +**DEPRECATED** +This authentication method is no longer secure. + The DIGEST-MD5 authentication method uses `RSA Data Security Inc.`_'s MD5 Message Digest algorithm. It is considered a more secure method of SMTP authentication than PLAIN or LOGIN, while still vulnerable to MitM attacks @@ -99,28 +99,21 @@ AUTH_SASL_ package is available. .. _RSA Data Security Inc.: https://www.rsasecurity.com/ -CRAM-MD5 --------- - -The CRAM-MD5 authentication method has been superseded by the DIGEST-MD5_ -method in terms of security. It is provided here for compatibility with -older SMTP servers that may not support the newer DIGEST-MD5 algorithm. - -**Note:** The CRAM-MD5 authentication method is only supported if the -AUTH_SASL_ package is available. - -SCRAM-SHA --------- +GSSAPI +------ -In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) -is a family of modern, password-based challenge–response authentication mechanisms -providing authentication to a server. +The GSSAPI authentication method uses Kerberos 5 protocol (RFC-4120_). +Does not use user/password. +Requires Service Principal ``gssapi_principal`` parameter and +has an optional Credentials Cache ``gssapi_cname`` parameter. +Requires DNS and Key Distribution Center (KDC) setup. +It is considered the most secure method of SMTP authentication. -Available mechanisms are SCRAM-SHA-1, SCRAM-SHA-224, SCRAM-SHA-256, SCRAM-SHA-384 -and SCRAM-SHA-512. +**Note:** The GSSAPI authentication method is only supported +if the krb5_ php extension is available. -**Note:** The SCRAM-SHA authentication method is only supported if the -AUTH_SASL_ package is available. +.. _RFC-4120: https://tools.ietf.org/html/rfc4120 +.. _krb5: https://pecl.php.net/package/krb5 LOGIN ----- @@ -138,6 +131,19 @@ PLAIN The PLAIN authentication method sends the user's password in plain text. This method of authentication is not secure and should be avoided. +SCRAM +-------- + +In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) +is a family of modern, password-based challenge–response authentication mechanisms +providing authentication to a server. + +Available mechanisms are SCRAM-SHA-1, SCRAM-SHA-224, SCRAM-SHA-256, SCRAM-SHA-384 +and SCRAM-SHA-512. + +**Note:** The SCRAM-SHA authentication method is only supported if the +AUTH_SASL_ package is available. + XOAUTH2 ------- From b7864771f9fbae6cec2e92a847d928c252e6be12 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Sat, 5 Aug 2023 22:50:44 +0200 Subject: [PATCH 06/11] Mark LOGIN and PLAIN as DEPRECATED --- README.rst | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index af283e1..60ccaa3 100644 --- a/README.rst +++ b/README.rst @@ -74,7 +74,7 @@ CRAM-MD5 (DEPRECATED) -------- **DEPRECATED** -This authentication method is no longer secure. +This authentication method is no longer secure and should be avoided. The CRAM-MD5 authentication method has been superseded by the DIGEST-MD5_ method in terms of security. It is provided here for compatibility with @@ -87,7 +87,7 @@ DIGEST-MD5 (DEPRECATED) ---------- **DEPRECATED** -This authentication method is no longer secure. +This authentication method is no longer secure and should be avoided. The DIGEST-MD5 authentication method uses `RSA Data Security Inc.`_'s MD5 Message Digest algorithm. It is considered a more secure method of SMTP @@ -115,21 +115,25 @@ if the krb5_ php extension is available. .. _RFC-4120: https://tools.ietf.org/html/rfc4120 .. _krb5: https://pecl.php.net/package/krb5 -LOGIN +LOGIN (DEPRECATED) ----- +**DEPRECATED** +This authentication method is no longer secure and should be avoided. + The LOGIN authentication method encrypts the user's password using the Base64_ encoding scheme. Because decrypting a Base64-encoded string is -trivial, LOGIN is not considered a secure authentication method and should -be avoided. +trivial. .. _Base64: https://www.php.net/manual/en/function.base64-encode.php -PLAIN +PLAIN (DEPRECATED) ----- +**DEPRECATED** +This authentication method is no longer secure and should be avoided. + The PLAIN authentication method sends the user's password in plain text. -This method of authentication is not secure and should be avoided. SCRAM -------- From 2ad63180f6d4164900049bf11f81313ea5c70431 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Sat, 5 Aug 2023 23:19:26 +0200 Subject: [PATCH 07/11] Mark CRAM-MD5, DIGEST-MD5, LOGIN and PLAIN as DEPRECATED in Sourcecode --- Net/SMTP.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Net/SMTP.php b/Net/SMTP.php index c67c417..648e56d 100644 --- a/Net/SMTP.php +++ b/Net/SMTP.php @@ -777,6 +777,7 @@ public function setAuthMethod($name, $callback, $prepend = true) * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @since 1.1.0 + * @deprecated 1.11.0 */ protected function authDigestMD5($uid, $pwd, $authz = '') { @@ -829,6 +830,7 @@ protected function authDigestMD5($uid, $pwd, $authz = '') * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @since 1.1.0 + * @deprecated 1.11.0 */ protected function authCRAMMD5($uid, $pwd, $authz = '') { @@ -869,6 +871,7 @@ protected function authCRAMMD5($uid, $pwd, $authz = '') * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @since 1.1.0 + * @deprecated 1.11.0 */ protected function authLogin($uid, $pwd, $authz = '') { @@ -914,6 +917,7 @@ protected function authLogin($uid, $pwd, $authz = '') * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @since 1.1.0 + * @deprecated 1.11.0 */ protected function authPlain($uid, $pwd, $authz = '') { From 183cc29dcff59d01e2215017c0950c4daf45550b Mon Sep 17 00:00:00 2001 From: schengawegga Date: Tue, 8 Aug 2023 21:57:15 +0200 Subject: [PATCH 08/11] Trigger deprecation warning for CRAM-MD5, DIGEST-MD5, LOGIN and PLAIN in error-log --- Net/SMTP.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Net/SMTP.php b/Net/SMTP.php index 648e56d..9a7e770 100644 --- a/Net/SMTP.php +++ b/Net/SMTP.php @@ -781,6 +781,8 @@ public function setAuthMethod($name, $callback, $prepend = true) */ protected function authDigestMD5($uid, $pwd, $authz = '') { + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method DIGEST-MD5 is no longer secure and should be avoided.', E_USER_DEPRECATED); + if (PEAR::isError($error = $this->put('AUTH', 'DIGEST-MD5'))) { return $error; } @@ -834,6 +836,8 @@ protected function authDigestMD5($uid, $pwd, $authz = '') */ protected function authCRAMMD5($uid, $pwd, $authz = '') { + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method CRAM-MD5 is no longer secure and should be avoided.', E_USER_DEPRECATED); + if (PEAR::isError($error = $this->put('AUTH', 'CRAM-MD5'))) { return $error; } @@ -875,6 +879,8 @@ protected function authCRAMMD5($uid, $pwd, $authz = '') */ protected function authLogin($uid, $pwd, $authz = '') { + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method LOGIN is no longer secure and should be avoided.', E_USER_DEPRECATED); + if (PEAR::isError($error = $this->put('AUTH', 'LOGIN'))) { return $error; } @@ -921,6 +927,8 @@ protected function authLogin($uid, $pwd, $authz = '') */ protected function authPlain($uid, $pwd, $authz = '') { + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method PLAIN is no longer secure and should be avoided.', E_USER_DEPRECATED); + if (PEAR::isError($error = $this->put('AUTH', 'PLAIN'))) { return $error; } From e03e64596713e61fb8588063def742d33a3e3ab8 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Tue, 8 Aug 2023 22:03:24 +0200 Subject: [PATCH 09/11] Split lines for deprecation warnings --- Net/SMTP.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Net/SMTP.php b/Net/SMTP.php index 9a7e770..dbf78dd 100644 --- a/Net/SMTP.php +++ b/Net/SMTP.php @@ -781,7 +781,8 @@ public function setAuthMethod($name, $callback, $prepend = true) */ protected function authDigestMD5($uid, $pwd, $authz = '') { - trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method DIGEST-MD5 is no longer secure and should be avoided.', E_USER_DEPRECATED); + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method DIGEST-MD5' . + ' is no longer secure and should be avoided.', E_USER_DEPRECATED); if (PEAR::isError($error = $this->put('AUTH', 'DIGEST-MD5'))) { return $error; @@ -836,7 +837,8 @@ protected function authDigestMD5($uid, $pwd, $authz = '') */ protected function authCRAMMD5($uid, $pwd, $authz = '') { - trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method CRAM-MD5 is no longer secure and should be avoided.', E_USER_DEPRECATED); + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method CRAM-MD5' . + ' is no longer secure and should be avoided.', E_USER_DEPRECATED); if (PEAR::isError($error = $this->put('AUTH', 'CRAM-MD5'))) { return $error; @@ -879,7 +881,8 @@ protected function authCRAMMD5($uid, $pwd, $authz = '') */ protected function authLogin($uid, $pwd, $authz = '') { - trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method LOGIN is no longer secure and should be avoided.', E_USER_DEPRECATED); + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method LOGIN' . + ' is no longer secure and should be avoided.', E_USER_DEPRECATED); if (PEAR::isError($error = $this->put('AUTH', 'LOGIN'))) { return $error; @@ -927,7 +930,8 @@ protected function authLogin($uid, $pwd, $authz = '') */ protected function authPlain($uid, $pwd, $authz = '') { - trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method PLAIN is no longer secure and should be avoided.', E_USER_DEPRECATED); + trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method PLAIN' . + ' is no longer secure and should be avoided.', E_USER_DEPRECATED); if (PEAR::isError($error = $this->put('AUTH', 'PLAIN'))) { return $error; From 000e6fcb807272e373fe51251aa1c062738c1a70 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Sat, 19 Aug 2023 01:12:35 +0200 Subject: [PATCH 10/11] SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports #57 --- Net/SMTP.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Net/SMTP.php b/Net/SMTP.php index dbf78dd..74d79ee 100644 --- a/Net/SMTP.php +++ b/Net/SMTP.php @@ -796,8 +796,7 @@ protected function authDigestMD5($uid, $pwd, $authz = '') return $error; } - $auth_sasl = new Auth_SASL; - $digest = $auth_sasl->factory('digest-md5'); + $digest = Auth_SASL::factory('digest-md5'); $challenge = base64_decode($this->arguments[0]); $auth_str = base64_encode( $digest->getResponse($uid, $pwd, $challenge, $this->host, "smtp", $authz) @@ -852,9 +851,8 @@ protected function authCRAMMD5($uid, $pwd, $authz = '') return $error; } - $auth_sasl = new Auth_SASL; $challenge = base64_decode($this->arguments[0]); - $cram = $auth_sasl->factory('cram-md5'); + $cram = Auth_SASL::factory('cram-md5'); $auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge)); if (PEAR::isError($error = $this->put($auth_str))) { @@ -1214,8 +1212,7 @@ protected function authScramSHA($uid, $pwd, $authz = '') return $error; } - $auth_sasl = new Auth_SASL; - $cram = $auth_sasl->factory($this->scram_sha_hash_algorithm); + $cram = Auth_SASL::factory($this->scram_sha_hash_algorithm); $auth_str = base64_encode($cram->getResponse($uid, $pwd)); /* Step 1: Send first authentication request */ From f2bb25913450052f895a2fa6240191f7bc42f2b4 Mon Sep 17 00:00:00 2001 From: schengawegga Date: Fri, 20 Oct 2023 23:48:13 +0200 Subject: [PATCH 11/11] Remove deprecation warning for PLAIN authentication method --- Net/SMTP.php | 4 ---- README.rst | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Net/SMTP.php b/Net/SMTP.php index 74d79ee..19d7efd 100644 --- a/Net/SMTP.php +++ b/Net/SMTP.php @@ -924,13 +924,9 @@ protected function authLogin($uid, $pwd, $authz = '') * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @since 1.1.0 - * @deprecated 1.11.0 */ protected function authPlain($uid, $pwd, $authz = '') { - trigger_error(__CLASS__ . ' (' . $this->host . '): Authentication method PLAIN' . - ' is no longer secure and should be avoided.', E_USER_DEPRECATED); - if (PEAR::isError($error = $this->put('AUTH', 'PLAIN'))) { return $error; } diff --git a/README.rst b/README.rst index 60ccaa3..8322a0b 100644 --- a/README.rst +++ b/README.rst @@ -127,11 +127,11 @@ trivial. .. _Base64: https://www.php.net/manual/en/function.base64-encode.php -PLAIN (DEPRECATED) +PLAIN ----- -**DEPRECATED** -This authentication method is no longer secure and should be avoided. +This authentication method is no longer secure and should only be used +local or via an TLS encrypted connection. The PLAIN authentication method sends the user's password in plain text.