View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0017717mantisbtemailpublic2014-10-02 07:072015-09-06 17:37
Reportercdijoux Assigned Todregad  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version1.2.17 
Target Version1.3.0-beta.3Fixed in Version1.3.0-beta.3 
Summary0017717: Update phpmailer to 5.2.9
Description

Update phpmailer to 5.2.9 to have the smtp authentication sasl available.

Steps To Reproduce
  • Copy the phpmailer 5.2.9 in library.
  • Go into core/email_api.php.
  • Change the "require_once...'class.phpmail.php');" to "require_once...'PHPMailerAutoload.php');".
  • Test it!
TagsNo tags attached.
Attached Files
diff_ntlm_sasl_client.txt (1,201 bytes)    
diff -r 76eb274011fd library/phpmailer/extras/ntlm_sasl_client.php
--- a/library/phpmailer/extras/ntlm_sasl_client.php	Wed Oct 01 14:29:58 2014 +0200
+++ b/library/phpmailer/extras/ntlm_sasl_client.php	Fri Oct 17 17:15:52 2014 +0200
@@ -23,12 +23,13 @@
 
 	Function Initialize(&$client)
 	{
+		if (!function_exists('hex2bin')) { function hex2bin($hex) { return pack('H*', $hex);} }
 		if(!function_exists($function="mcrypt_encrypt")
-		|| !function_exists($function="mhash"))
+		|| !function_exists($function="hash"))
 		{
 			$extensions=array(
 				"mcrypt_encrypt"=>"mcrypt",
-				"mhash"=>"mhash"
+				"hash"=>"hash"
 			);
 			$client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration";
 			return(0);
@@ -67,7 +68,7 @@
 	Function NTLMResponse($challenge,$password)
 	{
 		$unicode=$this->ASCIIToUnicode($password);
-		$md4=mhash(MHASH_MD4,$unicode);
+		$md4=hex2bin(hash('md4',$unicode));
 		$padded=$md4.str_repeat(chr(0),21-strlen($md4));
 		$iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB);
 		$iv=mcrypt_create_iv($iv_size,MCRYPT_RAND);
@@ -182,4 +183,4 @@
 	}
 };
 
-?>
\ No newline at end of file
+?>
diff_ntlm_sasl_client.txt (1,201 bytes)   
diff_email_api.txt (848 bytes)    
diff -r 1ef35abe7536 core/email_api.php
--- a/core/email_api.php	Fri Mar 21 17:25:42 2014 +0100
+++ b/core/email_api.php	Fri Oct 17 17:16:14 2014 +0200
@@ -53,7 +53,7 @@
 /**
  * requires PHPMailer library
  */
-require_once( 'phpmailer' . DIRECTORY_SEPARATOR . 'class.phpmailer.php' );
+require_once( 'phpmailer' . DIRECTORY_SEPARATOR . 'PHPMailerAutoload.php' );
 
 /**
  * reusable object of class SMTP
@@ -947,6 +947,11 @@
 				$mail->SMTPAuth = true;
 				$mail->Username = config_get( 'smtp_username' );
 				$mail->Password = config_get( 'smtp_password' );
+				$mail->AuthType = config_get( 'smtp_auth_type' );
+				if ($mail->AuthType=='NTLM'){
+				    $mail->Realm = config_get( 'smtp_realm' );
+				    $mail->Workstation = config_get( 'smtp_workstation' );
+				}
 			}
 
 			if ( !is_blank( config_get( 'smtp_connection_mode' ) ) ) {
diff_email_api.txt (848 bytes)   
config.php (527 bytes)    
<?php
/*
 * SMTP Configuration
 */
$g_phpMailer_method 	= PHPMAILER_METHOD_SMTP;
$g_smtp_host		= '<your_hostname_smtp>'; // Relative to your host
$g_smtp_auth_type	= 'NTLM';
$g_smtp_realm		= '<your_realm_smtp>'; // relative to your host
$g_smtp_username	= '<your_username_smtp>'; // relative to your host
$g_smtp_password	= '<your_password_smtp>'; // relative to your host
$g_smtp_port		= <you_port_number>; // relative to your host
$g_smtp_workstation	= '<your_workstation_name>'; // relative to your workstation and host

?>
config.php (527 bytes)   

Activities

dregad

dregad

2014-10-02 11:50

developer   ~0041333

Updating the library would most likely not be an issue.

On the other hand, I'm wondering if there should't be further changes required on the MantisBT side to effectively enable SASL, as I don't think we have any settings for this today. In fact, we do not even bundle PHPMailer's 'extras' directory, where the sasl client class resides.

Note that I do not use SASL, and don't have access to an environment where I could test it, so it would be helpful if you could provide additional information, e.g. clarify how you are (or plan to be) using this feature.
cdijoux

cdijoux

2014-10-17 11:17

reporter   ~0041604

Getting PHPMailer up to date, with 'extras' directory and the file "ntlm sasl client.php" is useful because you have SASL (and you can use the calendar of Outlook), but it's also usefull because you have a secure SMTP, thanks to NTLM.

I have attached a diff file to show you all changes that we have done in mantisBT core.
Also, PHPmailer use the "mhash" function, which is now obsoleted and replaced by "hash". So we have modified the file "ntlm_sasl_client.php" to use "hash" library functions instead of "mhash" functions. I have attached a diff file to show all changes we've done in this file.

We use the "NTLM" feature to have access to a secure authenticate Outlook server and we use "SASL" to have access to the outlook calendar.
dregad

dregad

2014-10-17 12:25

developer   ~0041606

I have attached a diff file to show you all changes that we have done in mantisBT core.

The attached patch 'diff_email_api.txt' is not complete:

  • you are adding a new Auth Type 'NTLM' which needs to be properly documented (in config_defaults_inc.php as well as in the manual).
  • there are 2 new config options 'smtp_realm' and 'smtp_workstation' which also need to be documented

If you are familiar with the process, I strongly recommend that you submit a Github pull request against our master branch for this, it will make review and eventual merge into core much easier for us.

Also, PHPmailer use the "mhash" function, which is now obsoleted and replaced
by "hash". So we have modified the file "ntlm_sasl_client.php" to use "hash"
library functions instead of "mhash" functions.

I would not apply this, because as a policy we do not patch 3rd party libraries, unless it is required to fix a critical bug or security issue.

I suggest you submitted this upstream to PHPMailer [1].

[1] https://github.com/PHPMailer/PHPMailer/issues
cdijoux

cdijoux

2014-10-20 09:23

reporter   ~0041616

It's true, i've forgot to provide you more explanation to configure the authentication with NTLM protocol.
I've attached a file to explain all config you have to do to use NTLM authentication protocol. I can't provide functionnal example, of course.

I'm not familiar with Github pull request so i prefer to give you all information that you need, if it's possible. Further, i haven't got Git on my desktop.

I've submitted the PHPMailer request on there website : https://github.com/PHPMailer/PHPMailer/issues/300

Related Changesets

MantisBT: master 4c3ce1a2

2015-02-03 12:45

dregad


Details Diff		 Upgrade PHPMailer to 5.2.9

See changelog.md for full details

Fixes 0017717		 Affected Issues
0017717
mod - config_defaults_inc.php Diff File
mod - core/email_api.php Diff File
mod - docbook/Admin_Guide/en-US/config/email.xml Diff File
mod - library/README.libs Diff File
mod - library/phpmailer Diff File