From: Evan Prodromou Date: Wed, 9 Feb 2011 16:03:44 +0000 (-0500) Subject: include Auth_SASL from PEAR in extlib X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=9c4294fb507fb613ce5e07c00d0e36d9e966deed;p=quix0rs-gnu-social.git include Auth_SASL from PEAR in extlib --- diff --git a/extlib/Auth/SASL.php b/extlib/Auth/SASL.php new file mode 100755 index 0000000000..e70f0146bc --- /dev/null +++ b/extlib/Auth/SASL.php @@ -0,0 +1,104 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: SASL.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* Client implementation of various SASL mechanisms +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +require_once('PEAR.php'); + +class Auth_SASL +{ + /** + * Factory class. Returns an object of the request + * type. + * + * @param string $type One of: Anonymous + * Plain + * CramMD5 + * DigestMD5 + * Types are not case sensitive + */ + function &factory($type) + { + switch (strtolower($type)) { + case 'anonymous': + $filename = 'Auth/SASL/Anonymous.php'; + $classname = 'Auth_SASL_Anonymous'; + break; + + case 'login': + $filename = 'Auth/SASL/Login.php'; + $classname = 'Auth_SASL_Login'; + break; + + case 'plain': + $filename = 'Auth/SASL/Plain.php'; + $classname = 'Auth_SASL_Plain'; + break; + + case 'external': + $filename = 'Auth/SASL/External.php'; + $classname = 'Auth_SASL_External'; + break; + + case 'crammd5': + $filename = 'Auth/SASL/CramMD5.php'; + $classname = 'Auth_SASL_CramMD5'; + break; + + case 'digestmd5': + $filename = 'Auth/SASL/DigestMD5.php'; + $classname = 'Auth_SASL_DigestMD5'; + break; + + default: + return PEAR::raiseError('Invalid SASL mechanism type'); + break; + } + + require_once($filename); + $obj = new $classname(); + return $obj; + } +} + +?> diff --git a/extlib/Auth/SASL/Anonymous.php b/extlib/Auth/SASL/Anonymous.php new file mode 100755 index 0000000000..4eaaa399e6 --- /dev/null +++ b/extlib/Auth/SASL/Anonymous.php @@ -0,0 +1,71 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: Anonymous.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* Implmentation of ANONYMOUS SASL mechanism +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +require_once('Auth/SASL/Common.php'); + +class Auth_SASL_Anonymous extends Auth_SASL_Common +{ + /** + * Not much to do here except return the token supplied. + * No encoding, hashing or encryption takes place for this + * mechanism, simply one of: + * o An email address + * o An opaque string not containing "@" that can be interpreted + * by the sysadmin + * o Nothing + * + * We could have some logic here for the second option, but this + * would by no means create something interpretable. + * + * @param string $token Optional email address or string to provide + * as trace information. + * @return string The unaltered input token + */ + function getResponse($token = '') + { + return $token; + } +} +?> \ No newline at end of file diff --git a/extlib/Auth/SASL/Common.php b/extlib/Auth/SASL/Common.php new file mode 100755 index 0000000000..44181645c4 --- /dev/null +++ b/extlib/Auth/SASL/Common.php @@ -0,0 +1,74 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: Common.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* Common functionality to SASL mechanisms +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +class Auth_SASL_Common +{ + /** + * Function which implements HMAC MD5 digest + * + * @param string $key The secret key + * @param string $data The data to protect + * @return string The HMAC MD5 digest + */ + function _HMAC_MD5($key, $data) + { + if (strlen($key) > 64) { + $key = pack('H32', md5($key)); + } + + if (strlen($key) < 64) { + $key = str_pad($key, 64, chr(0)); + } + + $k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64); + $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64); + + $inner = pack('H32', md5($k_ipad . $data)); + $digest = md5($k_opad . $inner); + + return $digest; + } +} +?> diff --git a/extlib/Auth/SASL/CramMD5.php b/extlib/Auth/SASL/CramMD5.php new file mode 100755 index 0000000000..177279c06b --- /dev/null +++ b/extlib/Auth/SASL/CramMD5.php @@ -0,0 +1,68 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: CramMD5.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* Implmentation of CRAM-MD5 SASL mechanism +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +require_once('Auth/SASL/Common.php'); + +class Auth_SASL_CramMD5 extends Auth_SASL_Common +{ + /** + * Implements the CRAM-MD5 SASL mechanism + * This DOES NOT base64 encode the return value, + * you will need to do that yourself. + * + * @param string $user Username + * @param string $pass Password + * @param string $challenge The challenge supplied by the server. + * this should be already base64_decoded. + * + * @return string The string to pass back to the server, of the form + * " ". This is NOT base64_encoded. + */ + function getResponse($user, $pass, $challenge) + { + return $user . ' ' . $this->_HMAC_MD5($pass, $challenge); + } +} +?> \ No newline at end of file diff --git a/extlib/Auth/SASL/DigestMD5.php b/extlib/Auth/SASL/DigestMD5.php new file mode 100755 index 0000000000..8c58787dfe --- /dev/null +++ b/extlib/Auth/SASL/DigestMD5.php @@ -0,0 +1,197 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: DigestMD5.php 294702 2010-02-07 16:03:55Z cweiske $ + +/** +* Implmentation of DIGEST-MD5 SASL mechanism +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +require_once('Auth/SASL/Common.php'); + +class Auth_SASL_DigestMD5 extends Auth_SASL_Common +{ + /** + * Provides the (main) client response for DIGEST-MD5 + * requires a few extra parameters than the other + * mechanisms, which are unavoidable. + * + * @param string $authcid Authentication id (username) + * @param string $pass Password + * @param string $challenge The digest challenge sent by the server + * @param string $hostname The hostname of the machine you're connecting to + * @param string $service The servicename (eg. imap, pop, acap etc) + * @param string $authzid Authorization id (username to proxy as) + * @return string The digest response (NOT base64 encoded) + * @access public + */ + function getResponse($authcid, $pass, $challenge, $hostname, $service, $authzid = '') + { + $challenge = $this->_parseChallenge($challenge); + $authzid_string = ''; + if ($authzid != '') { + $authzid_string = ',authzid="' . $authzid . '"'; + } + + if (!empty($challenge)) { + $cnonce = $this->_getCnonce(); + $digest_uri = sprintf('%s/%s', $service, $hostname); + $response_value = $this->_getResponseValue($authcid, $pass, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $authzid); + + if ($challenge['realm']) { + return sprintf('username="%s",realm="%s"' . $authzid_string . +',nonce="%s",cnonce="%s",nc=00000001,qop=auth,digest-uri="%s",response=%s,maxbuf=%d', $authcid, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $response_value, $challenge['maxbuf']); + } else { + return sprintf('username="%s"' . $authzid_string . ',nonce="%s",cnonce="%s",nc=00000001,qop=auth,digest-uri="%s",response=%s,maxbuf=%d', $authcid, $challenge['nonce'], $cnonce, $digest_uri, $response_value, $challenge['maxbuf']); + } + } else { + return PEAR::raiseError('Invalid digest challenge'); + } + } + + /** + * Parses and verifies the digest challenge* + * + * @param string $challenge The digest challenge + * @return array The parsed challenge as an assoc + * array in the form "directive => value". + * @access private + */ + function _parseChallenge($challenge) + { + $tokens = array(); + while (preg_match('/^([a-z-]+)=("[^"]+(? diff --git a/extlib/Auth/SASL/External.php b/extlib/Auth/SASL/External.php new file mode 100644 index 0000000000..86a17cb7ab --- /dev/null +++ b/extlib/Auth/SASL/External.php @@ -0,0 +1,63 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: External.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* Implmentation of EXTERNAL SASL mechanism +* +* @author Christoph Schulz +* @access public +* @version 1.0.3 +* @package Auth_SASL +*/ + +require_once('Auth/SASL/Common.php'); + +class Auth_SASL_External extends Auth_SASL_Common +{ + /** + * Returns EXTERNAL response + * + * @param string $authcid Authentication id (username) + * @param string $pass Password + * @param string $authzid Autorization id + * @return string EXTERNAL Response + */ + function getResponse($authcid, $pass, $authzid = '') + { + return $authzid; + } +} +?> diff --git a/extlib/Auth/SASL/Login.php b/extlib/Auth/SASL/Login.php new file mode 100755 index 0000000000..a925f53a79 --- /dev/null +++ b/extlib/Auth/SASL/Login.php @@ -0,0 +1,65 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: Login.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* This is technically not a SASL mechanism, however +* it's used by Net_Sieve, Net_Cyrus and potentially +* other protocols , so here is a good place to abstract +* it. +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +require_once('Auth/SASL/Common.php'); + +class Auth_SASL_Login extends Auth_SASL_Common +{ + /** + * Pseudo SASL LOGIN mechanism + * + * @param string $user Username + * @param string $pass Password + * @return string LOGIN string + */ + function getResponse($user, $pass) + { + return sprintf('LOGIN %s %s', $user, $pass); + } +} +?> \ No newline at end of file diff --git a/extlib/Auth/SASL/Plain.php b/extlib/Auth/SASL/Plain.php new file mode 100755 index 0000000000..912710169e --- /dev/null +++ b/extlib/Auth/SASL/Plain.php @@ -0,0 +1,63 @@ + | +// +-----------------------------------------------------------------------+ +// +// $Id: Plain.php 286825 2009-08-05 06:23:42Z cweiske $ + +/** +* Implmentation of PLAIN SASL mechanism +* +* @author Richard Heyes +* @access public +* @version 1.0 +* @package Auth_SASL +*/ + +require_once('Auth/SASL/Common.php'); + +class Auth_SASL_Plain extends Auth_SASL_Common +{ + /** + * Returns PLAIN response + * + * @param string $authcid Authentication id (username) + * @param string $pass Password + * @param string $authzid Autorization id + * @return string PLAIN Response + */ + function getResponse($authcid, $pass, $authzid = '') + { + return $authzid . chr(0) . $authcid . chr(0) . $pass; + } +} +?>