githubFork/roundcubemail.git

parent: 7938312a | patch | commit | ignore whitespace

Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authenticatio...

Aleksander Machniak

2012-07-23 114cf1281b1546f1efb8f78f92b179dd6afcaaa9

Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571)

6 files modified

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	INSTALL	2 ●●●●● patch \| view \| raw \| blame \| history
	program/lib/Auth/SASL.php	91 ●●●●● patch \| view \| raw \| blame \| history
	program/lib/Auth/SASL/Common.php	105 ●●●●● patch \| view \| raw \| blame \| history
	program/lib/Auth/SASL/External.php	2 ●●●●● patch \| view \| raw \| blame \| history
	program/lib/Net/SMTP.php	20 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================

- Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571)
- Don't add attachments content into reply/forward/draft message body (#1488557)
- Fix 'no connection' errors on page unloads (#1488547)
- Plugin API: Add 'unauthenticated' hook (#1488138)

 INSTALL

@@ -21,7 +21,7 @@
   - Mail_mimeDecode 1.5.5 or newer
   - Net_SMTP 1.4.2 or newer
   - Net_IDNA2 0.1.1 or newer
   - Auth_SASL 1.0.3 or newer
   - Auth_SASL 1.0.6 or newer
* php.ini options (see .htaccess file):
   - error_reporting E_ALL & ~E_NOTICE (or lower)
   - memory_limit > 16MB (increase as suitable to support large attachments)

 program/lib/Auth/SASL.php

@@ -1,41 +1,41 @@
<?php
// +-----------------------------------------------------------------------+ 
// | Copyright (c) 2002-2003 Richard Heyes                                 | 
// | All rights reserved.                                                  | 
// |                                                                       | 
// | Redistribution and use in source and binary forms, with or without    | 
// | modification, are permitted provided that the following conditions    | 
// | are met:                                                              | 
// |                                                                       | 
// | o Redistributions of source code must retain the above copyright      | 
// |   notice, this list of conditions and the following disclaimer.       | 
// | o Redistributions in binary form must reproduce the above copyright   | 
// |   notice, this list of conditions and the following disclaimer in the | 
// |   documentation and/or other materials provided with the distribution.| 
// | o The names of the authors may not be used to endorse or promote      | 
// |   products derived from this software without specific prior written  | 
// |   permission.                                                         | 
// |                                                                       | 
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   | 
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     | 
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | 
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  | 
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      | 
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   | 
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  | 
// |                                                                       | 
// +-----------------------------------------------------------------------+ 
// | Author: Richard Heyes <richard@php.net>                               | 
// +-----------------------------------------------------------------------+ 
// 
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes                                 |
// | All rights reserved.                                                  |
// |                                                                       |
// | Redistribution and use in source and binary forms, with or without    |
// | modification, are permitted provided that the following conditions    |
// | are met:                                                              |
// |                                                                       |
// | o Redistributions of source code must retain the above copyright      |
// |   notice, this list of conditions and the following disclaimer.       |
// | o Redistributions in binary form must reproduce the above copyright   |
// |   notice, this list of conditions and the following disclaimer in the |
// |   documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote      |
// |   products derived from this software without specific prior written  |
// |   permission.                                                         |
// |                                                                       |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  |
// |                                                                       |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net>                               |
// +-----------------------------------------------------------------------+
//
// $Id$

/**
* Client implementation of various SASL mechanisms 
* Client implementation of various SASL mechanisms
*
* @author  Richard Heyes <richard@php.net>
* @access  public
@@ -55,6 +55,7 @@
    *                             Plain
    *                             CramMD5
    *                             DigestMD5
    *                             SCRAM-* (any mechanism of the SCRAM family)
    *                     Types are not case sensitive
    */
    function &factory($type)
@@ -81,22 +82,42 @@
                break;

            case 'crammd5':
                // $msg = 'Deprecated mechanism name. Use IANA-registered name: CRAM-MD5.';
                // trigger_error($msg, E_USER_DEPRECATED);
            case 'cram-md5':
                $filename  = 'Auth/SASL/CramMD5.php';
                $classname = 'Auth_SASL_CramMD5';
                break;

            case 'digestmd5':
                // $msg = 'Deprecated mechanism name. Use IANA-registered name: DIGEST-MD5.';
                // trigger_error($msg, E_USER_DEPRECATED);
            case 'digest-md5':
                // $msg = 'DIGEST-MD5 is a deprecated SASL mechanism as per RFC-6331. Using it could be a security risk.';
                // trigger_error($msg, E_USER_NOTICE);
                $filename  = 'Auth/SASL/DigestMD5.php';
                $classname = 'Auth_SASL_DigestMD5';
                break;

            default:
                $scram = '/^SCRAM-(.{1,9})$/i';
                if (preg_match($scram, $type, $matches))
                {
                    $hash = $matches[1];
                    $filename = dirname(__FILE__) .'/SASL/SCRAM.php';
                    $classname = 'Auth_SASL_SCRAM';
                    $parameter = $hash;
                    break;
                }
                return PEAR::raiseError('Invalid SASL mechanism type');
                break;
        }

        require_once($filename);
        $obj = new $classname();
        if (isset($parameter))
            $obj = new $classname($parameter);
        else
            $obj = new $classname();
        return $obj;
    }
}

 program/lib/Auth/SASL/Common.php

@@ -1,37 +1,37 @@
<?php
// +-----------------------------------------------------------------------+ 
// | Copyright (c) 2002-2003 Richard Heyes                                 | 
// | All rights reserved.                                                  | 
// |                                                                       | 
// | Redistribution and use in source and binary forms, with or without    | 
// | modification, are permitted provided that the following conditions    | 
// | are met:                                                              | 
// |                                                                       | 
// | o Redistributions of source code must retain the above copyright      | 
// |   notice, this list of conditions and the following disclaimer.       | 
// | o Redistributions in binary form must reproduce the above copyright   | 
// |   notice, this list of conditions and the following disclaimer in the | 
// |   documentation and/or other materials provided with the distribution.| 
// | o The names of the authors may not be used to endorse or promote      | 
// |   products derived from this software without specific prior written  | 
// |   permission.                                                         | 
// |                                                                       | 
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   | 
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     | 
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | 
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  | 
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      | 
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   | 
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  | 
// |                                                                       | 
// +-----------------------------------------------------------------------+ 
// | Author: Richard Heyes <richard@php.net>                               | 
// +-----------------------------------------------------------------------+ 
// 
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes                                 |
// | All rights reserved.                                                  |
// |                                                                       |
// | Redistribution and use in source and binary forms, with or without    |
// | modification, are permitted provided that the following conditions    |
// | are met:                                                              |
// |                                                                       |
// | o Redistributions of source code must retain the above copyright      |
// |   notice, this list of conditions and the following disclaimer.       |
// | o Redistributions in binary form must reproduce the above copyright   |
// |   notice, this list of conditions and the following disclaimer in the |
// |   documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote      |
// |   products derived from this software without specific prior written  |
// |   permission.                                                         |
// |                                                                       |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  |
// |                                                                       |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net>                               |
// +-----------------------------------------------------------------------+
//
// $Id$

/**
@@ -49,10 +49,12 @@
    * Function which implements HMAC MD5 digest
    *
    * @param  string $key  The secret key
    * @param  string $data The data to protect
    * @return string       The HMAC MD5 digest
    * @param  string $data The data to hash
    * @param  bool $raw_output Whether the digest is returned in binary or hexadecimal format.
    *
    * @return string       The HMAC-MD5 digest
    */
    function _HMAC_MD5($key, $data)
    function _HMAC_MD5($key, $data, $raw_output = FALSE)
    {
        if (strlen($key) > 64) {
            $key = pack('H32', md5($key));
@@ -66,9 +68,38 @@
        $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);

        $inner  = pack('H32', md5($k_ipad . $data));
        $digest = md5($k_opad . $inner);
        $digest = md5($k_opad . $inner, $raw_output);

        return $digest;
    }

    /**
    * Function which implements HMAC-SHA-1 digest
    *
    * @param  string $key  The secret key
    * @param  string $data The data to hash
    * @param  bool $raw_output Whether the digest is returned in binary or hexadecimal format.
    * @return string       The HMAC-SHA-1 digest
    * @author Jehan <jehan.marmottard@gmail.com>
    * @access protected
    */
    protected function _HMAC_SHA1($key, $data, $raw_output = FALSE)
    {
        if (strlen($key) > 64) {
            $key = sha1($key, TRUE);
        }

        if (strlen($key) < 64) {
            $key = str_pad($key, 64, chr(0));
        }

        $k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64);
        $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);

        $inner  = pack('H40', sha1($k_ipad . $data));
        $digest = sha1($k_opad . $inner, $raw_output);

         return $digest;
     }
}
?>

 program/lib/Auth/SASL/External.php

@@ -32,7 +32,7 @@
// | Author: Christoph Schulz <develop@kristov.de>                         | 
// +-----------------------------------------------------------------------+ 
// 
// $Id: External.php 286825 2009-08-05 06:23:42Z cweiske $
// $Id$

/**
* Implmentation of EXTERNAL SASL mechanism

 program/lib/Net/SMTP.php

@@ -17,8 +17,6 @@
// |          Jon Parise <jon@php.net>                                    |
// |          Damian Alejandro Fernandez Sosa <damlists@cnba.uba.ar>      |
// +----------------------------------------------------------------------+
//
// $Id$

require_once 'PEAR.php';
require_once 'Net/Socket.php';
@@ -189,7 +187,7 @@

        /* Include the Auth_SASL package.  If the package is available, we 
         * enable the authentication methods that depend upon it. */
        if ((@include_once 'Auth/SASL.php') === true) {
        if (@include_once 'Auth/SASL.php') {
            $this->setAuthMethod('CRAM-MD5', array($this, '_authCram_MD5'));
            $this->setAuthMethod('DIGEST-MD5', array($this, '_authDigest_MD5'));
        }
@@ -727,7 +725,7 @@
        }

        $challenge = base64_decode($this->_arguments[0]);
        $digest = &Auth_SASL::factory('digestmd5');
        $digest = &Auth_SASL::factory('digest-md5');
        $auth_str = base64_encode($digest->getResponse($uid, $pwd, $challenge,
                                                       $this->host, "smtp",
                                                       $authz));
@@ -779,7 +777,7 @@
        }

        $challenge = base64_decode($this->_arguments[0]);
        $cram = &Auth_SASL::factory('crammd5');
        $cram = &Auth_SASL::factory('cram-md5');
        $auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));

        if (PEAR::isError($error = $this->_put($auth_str))) {
@@ -1004,14 +1002,12 @@
     */
    function quotedata(&$data)
    {
        /* Change Unix (\n) and Mac (\r) linefeeds into
         * Internet-standard CRLF (\r\n) linefeeds. */
        $data = preg_replace(array('/(?<!\r)\n/','/\r(?!\n)/'), "\r\n", $data);

        /* Because a single leading period (.) signifies an end to the
         * data, legitimate leading periods need to be "doubled"
         * (e.g. '..'). */
        $data = str_replace("\n.", "\n..", $data);
         * data, legitimate leading periods need to be "doubled" ('..'). */
        $data = preg_replace('/^\./m', '..', $data);

        /* Change Unix (\n) and Mac (\r) linefeeds into CRLF's (\r\n). */
        $data = preg_replace('/(?:\r\n|\n|\r(?!\n))/', "\r\n", $data);
    }

    /**

			@@ -1,6 +1,7 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571)
			- Don't add attachments content into reply/forward/draft message body (#1488557)
			- Fix 'no connection' errors on page unloads (#1488547)
			- Plugin API: Add 'unauthenticated' hook (#1488138)

			@@ -21,7 +21,7 @@
			- Mail_mimeDecode 1.5.5 or newer
			- Net_SMTP 1.4.2 or newer
			- Net_IDNA2 0.1.1 or newer
			- Auth_SASL 1.0.3 or newer
			- Auth_SASL 1.0.6 or newer
			* php.ini options (see .htaccess file):
			- error_reporting E_ALL & ~E_NOTICE (or lower)
			- memory_limit > 16MB (increase as suitable to support large attachments)

			@@ -1,41 +1,41 @@
			<?php
			// +-----------------------------------------------------------------------+
			// \| Copyright (c) 2002-2003 Richard Heyes \|
			// \| All rights reserved. \|
			// \| \|
			// \| Redistribution and use in source and binary forms, with or without \|
			// \| modification, are permitted provided that the following conditions \|
			// \| are met: \|
			// \| \|
			// \| o Redistributions of source code must retain the above copyright \|
			// \| notice, this list of conditions and the following disclaimer. \|
			// \| o Redistributions in binary form must reproduce the above copyright \|
			// \| notice, this list of conditions and the following disclaimer in the \|
			// \| documentation and/or other materials provided with the distribution.\|
			// \| o The names of the authors may not be used to endorse or promote \|
			// \| products derived from this software without specific prior written \|
			// \| permission. \|
			// \| \|
			// \| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
			// \| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
			// \| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR \|
			// \| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
			// \| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
			// \| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
			// \| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
			// \| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
			// \| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
			// \| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
			// \| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
			// \| \|
			// +-----------------------------------------------------------------------+
			// \| Author: Richard Heyes <richard@php.net> \|
			// +-----------------------------------------------------------------------+
			//
			// +-----------------------------------------------------------------------+
			// \| Copyright (c) 2002-2003 Richard Heyes \|
			// \| All rights reserved. \|
			// \| \|
			// \| Redistribution and use in source and binary forms, with or without \|
			// \| modification, are permitted provided that the following conditions \|
			// \| are met: \|
			// \| \|
			// \| o Redistributions of source code must retain the above copyright \|
			// \| notice, this list of conditions and the following disclaimer. \|
			// \| o Redistributions in binary form must reproduce the above copyright \|
			// \| notice, this list of conditions and the following disclaimer in the \|
			// \| documentation and/or other materials provided with the distribution.\|
			// \| o The names of the authors may not be used to endorse or promote \|
			// \| products derived from this software without specific prior written \|
			// \| permission. \|
			// \| \|
			// \| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
			// \| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
			// \| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR \|
			// \| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
			// \| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
			// \| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
			// \| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
			// \| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
			// \| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
			// \| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
			// \| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
			// \| \|
			// +-----------------------------------------------------------------------+
			// \| Author: Richard Heyes <richard@php.net> \|
			// +-----------------------------------------------------------------------+
			//
			// $Id$

			/**
			* Client implementation of various SASL mechanisms
			* Client implementation of various SASL mechanisms
			*
			* @author Richard Heyes <richard@php.net>
			* @access public
			@@ -55,6 +55,7 @@
			* Plain
			* CramMD5
			* DigestMD5
			* SCRAM-* (any mechanism of the SCRAM family)
			* Types are not case sensitive
			*/
			function &factory($type)
			@@ -81,22 +82,42 @@
			break;

			case 'crammd5':
			// $msg = 'Deprecated mechanism name. Use IANA-registered name: CRAM-MD5.';
			// trigger_error($msg, E_USER_DEPRECATED);
			case 'cram-md5':
			$filename = 'Auth/SASL/CramMD5.php';
			$classname = 'Auth_SASL_CramMD5';
			break;

			case 'digestmd5':
			// $msg = 'Deprecated mechanism name. Use IANA-registered name: DIGEST-MD5.';
			// trigger_error($msg, E_USER_DEPRECATED);
			case 'digest-md5':
			// $msg = 'DIGEST-MD5 is a deprecated SASL mechanism as per RFC-6331. Using it could be a security risk.';
			// trigger_error($msg, E_USER_NOTICE);
			$filename = 'Auth/SASL/DigestMD5.php';
			$classname = 'Auth_SASL_DigestMD5';
			break;

			default:
			$scram = '/^SCRAM-(.{1,9})$/i';
			if (preg_match($scram, $type, $matches))
			{
			$hash = $matches[1];
			$filename = dirname(__FILE__) .'/SASL/SCRAM.php';
			$classname = 'Auth_SASL_SCRAM';
			$parameter = $hash;
			break;
			}
			return PEAR::raiseError('Invalid SASL mechanism type');
			break;
			}

			require_once($filename);
			$obj = new $classname();
			if (isset($parameter))
			$obj = new $classname($parameter);
			else
			$obj = new $classname();
			return $obj;
			}
			}

			@@ -1,37 +1,37 @@
			<?php
			// +-----------------------------------------------------------------------+
			// \| Copyright (c) 2002-2003 Richard Heyes \|
			// \| All rights reserved. \|
			// \| \|
			// \| Redistribution and use in source and binary forms, with or without \|
			// \| modification, are permitted provided that the following conditions \|
			// \| are met: \|
			// \| \|
			// \| o Redistributions of source code must retain the above copyright \|
			// \| notice, this list of conditions and the following disclaimer. \|
			// \| o Redistributions in binary form must reproduce the above copyright \|
			// \| notice, this list of conditions and the following disclaimer in the \|
			// \| documentation and/or other materials provided with the distribution.\|
			// \| o The names of the authors may not be used to endorse or promote \|
			// \| products derived from this software without specific prior written \|
			// \| permission. \|
			// \| \|
			// \| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
			// \| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
			// \| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR \|
			// \| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
			// \| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
			// \| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
			// \| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
			// \| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
			// \| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
			// \| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
			// \| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
			// \| \|
			// +-----------------------------------------------------------------------+
			// \| Author: Richard Heyes <richard@php.net> \|
			// +-----------------------------------------------------------------------+
			//
			// +-----------------------------------------------------------------------+
			// \| Copyright (c) 2002-2003 Richard Heyes \|
			// \| All rights reserved. \|
			// \| \|
			// \| Redistribution and use in source and binary forms, with or without \|
			// \| modification, are permitted provided that the following conditions \|
			// \| are met: \|
			// \| \|
			// \| o Redistributions of source code must retain the above copyright \|
			// \| notice, this list of conditions and the following disclaimer. \|
			// \| o Redistributions in binary form must reproduce the above copyright \|
			// \| notice, this list of conditions and the following disclaimer in the \|
			// \| documentation and/or other materials provided with the distribution.\|
			// \| o The names of the authors may not be used to endorse or promote \|
			// \| products derived from this software without specific prior written \|
			// \| permission. \|
			// \| \|
			// \| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
			// \| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
			// \| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR \|
			// \| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
			// \| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
			// \| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
			// \| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
			// \| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
			// \| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
			// \| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
			// \| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
			// \| \|
			// +-----------------------------------------------------------------------+
			// \| Author: Richard Heyes <richard@php.net> \|
			// +-----------------------------------------------------------------------+
			//
			// $Id$

			/**
			@@ -49,10 +49,12 @@
			* Function which implements HMAC MD5 digest
			*
			* @param string $key The secret key
			* @param string $data The data to protect
			* @return string The HMAC MD5 digest
			* @param string $data The data to hash
			* @param bool $raw_output Whether the digest is returned in binary or hexadecimal format.
			*
			* @return string The HMAC-MD5 digest
			*/
			function _HMAC_MD5($key, $data)
			function _HMAC_MD5($key, $data, $raw_output = FALSE)
			{
			if (strlen($key) > 64) {
			$key = pack('H32', md5($key));
			@@ -66,9 +68,38 @@
			$k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);

			$inner = pack('H32', md5($k_ipad . $data));
			$digest = md5($k_opad . $inner);
			$digest = md5($k_opad . $inner, $raw_output);

			return $digest;
			}

			/**
			* Function which implements HMAC-SHA-1 digest
			*
			* @param string $key The secret key
			* @param string $data The data to hash
			* @param bool $raw_output Whether the digest is returned in binary or hexadecimal format.
			* @return string The HMAC-SHA-1 digest
			* @author Jehan <jehan.marmottard@gmail.com>
			* @access protected
			*/
			protected function _HMAC_SHA1($key, $data, $raw_output = FALSE)
			{
			if (strlen($key) > 64) {
			$key = sha1($key, TRUE);
			}

			if (strlen($key) < 64) {
			$key = str_pad($key, 64, chr(0));
			}

			$k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64);
			$k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);

			$inner = pack('H40', sha1($k_ipad . $data));
			$digest = sha1($k_opad . $inner, $raw_output);

			return $digest;
			}
			}
			?>

			@@ -32,7 +32,7 @@
			// \| Author: Christoph Schulz <develop@kristov.de> \|
			// +-----------------------------------------------------------------------+
			//
			// $Id: External.php 286825 2009-08-05 06:23:42Z cweiske $
			// $Id$

			/**
			* Implmentation of EXTERNAL SASL mechanism

			@@ -17,8 +17,6 @@
			// \| Jon Parise <jon@php.net> \|
			// \| Damian Alejandro Fernandez Sosa <damlists@cnba.uba.ar> \|
			// +----------------------------------------------------------------------+
			//
			// $Id$

			require_once 'PEAR.php';
			require_once 'Net/Socket.php';
			@@ -189,7 +187,7 @@

			/* Include the Auth_SASL package. If the package is available, we
			* enable the authentication methods that depend upon it. */
			if ((@include_once 'Auth/SASL.php') === true) {
			if (@include_once 'Auth/SASL.php') {
			$this->setAuthMethod('CRAM-MD5', array($this, '_authCram_MD5'));
			$this->setAuthMethod('DIGEST-MD5', array($this, '_authDigest_MD5'));
			}
			@@ -727,7 +725,7 @@
			}

			$challenge = base64_decode($this->_arguments[0]);
			$digest = &Auth_SASL::factory('digestmd5');
			$digest = &Auth_SASL::factory('digest-md5');
			$auth_str = base64_encode($digest->getResponse($uid, $pwd, $challenge,
			$this->host, "smtp",
			$authz));
			@@ -779,7 +777,7 @@
			}

			$challenge = base64_decode($this->_arguments[0]);
			$cram = &Auth_SASL::factory('crammd5');
			$cram = &Auth_SASL::factory('cram-md5');
			$auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));

			if (PEAR::isError($error = $this->_put($auth_str))) {
			@@ -1004,14 +1002,12 @@
			*/
			function quotedata(&$data)
			{
			/* Change Unix (\n) and Mac (\r) linefeeds into
			* Internet-standard CRLF (\r\n) linefeeds. */
			$data = preg_replace(array('/(?<!\r)\n/','/\r(?!\n)/'), "\r\n", $data);

			/* Because a single leading period (.) signifies an end to the
			* data, legitimate leading periods need to be "doubled"
			* (e.g. '..'). */
			$data = str_replace("\n.", "\n..", $data);
			* data, legitimate leading periods need to be "doubled" ('..'). */
			$data = preg_replace('/^\./m', '..', $data);

			/* Change Unix (\n) and Mac (\r) linefeeds into CRLF's (\r\n). */
			$data = preg_replace('/(?:\r\n\|\n\|\r(?!\n))/', "\r\n", $data);
			}

			/**