View Issue Details

IDProjectCategoryView StatusLast Update
0017717mantisbtemailpublic2015-09-06 17:37
ReportercdijouxAssigned Todregad 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version1.2.17 
Target Version1.3.0-beta.3Fixed in Version1.3.0-beta.3 
Summary0017717: Update phpmailer to 5.2.9
Description

Update phpmailer to 5.2.9 to have the smtp authentication sasl available.

Steps To Reproduce
  • Copy the phpmailer 5.2.9 in library.
  • Go into core/email_api.php.
  • Change the "require_once...'class.phpmail.php');" to "require_once...'PHPMailerAutoload.php');".
  • Test it!
TagsNo tags attached.

Activities

dregad

dregad

2014-10-02 11:50

developer   ~0041333

Updating the library would most likely not be an issue.

On the other hand, I'm wondering if there should't be further changes required on the MantisBT side to effectively enable SASL, as I don't think we have any settings for this today. In fact, we do not even bundle PHPMailer's 'extras' directory, where the sasl client class resides.

Note that I do not use SASL, and don't have access to an environment where I could test it, so it would be helpful if you could provide additional information, e.g. clarify how you are (or plan to be) using this feature.

cdijoux

cdijoux

2014-10-17 11:17

reporter  

diff_ntlm_sasl_client.txt (1,201 bytes)
diff -r 76eb274011fd library/phpmailer/extras/ntlm_sasl_client.php
--- a/library/phpmailer/extras/ntlm_sasl_client.php	Wed Oct 01 14:29:58 2014 +0200
+++ b/library/phpmailer/extras/ntlm_sasl_client.php	Fri Oct 17 17:15:52 2014 +0200
@@ -23,12 +23,13 @@
 
 	Function Initialize(&$client)
 	{
+		if (!function_exists('hex2bin')) { function hex2bin($hex) { return pack('H*', $hex);} }
 		if(!function_exists($function="mcrypt_encrypt")
-		|| !function_exists($function="mhash"))
+		|| !function_exists($function="hash"))
 		{
 			$extensions=array(
 				"mcrypt_encrypt"=>"mcrypt",
-				"mhash"=>"mhash"
+				"hash"=>"hash"
 			);
 			$client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration";
 			return(0);
@@ -67,7 +68,7 @@
 	Function NTLMResponse($challenge,$password)
 	{
 		$unicode=$this->ASCIIToUnicode($password);
-		$md4=mhash(MHASH_MD4,$unicode);
+		$md4=hex2bin(hash('md4',$unicode));
 		$padded=$md4.str_repeat(chr(0),21-strlen($md4));
 		$iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB);
 		$iv=mcrypt_create_iv($iv_size,MCRYPT_RAND);
@@ -182,4 +183,4 @@
 	}
 };
 
-?>
\ No newline at end of file
+?>
cdijoux

cdijoux

2014-10-17 11:17

reporter  

diff_email_api.txt (848 bytes)
diff -r 1ef35abe7536 core/email_api.php
--- a/core/email_api.php	Fri Mar 21 17:25:42 2014 +0100
+++ b/core/email_api.php	Fri Oct 17 17:16:14 2014 +0200
@@ -53,7 +53,7 @@
 /**
  * requires PHPMailer library
  */
-require_once( 'phpmailer' . DIRECTORY_SEPARATOR . 'class.phpmailer.php' );
+require_once( 'phpmailer' . DIRECTORY_SEPARATOR . 'PHPMailerAutoload.php' );
 
 /**
  * reusable object of class SMTP
@@ -947,6 +947,11 @@
 				$mail->SMTPAuth = true;
 				$mail->Username = config_get( 'smtp_username' );
 				$mail->Password = config_get( 'smtp_password' );
+				$mail->AuthType = config_get( 'smtp_auth_type' );
+				if ($mail->AuthType=='NTLM'){
+				    $mail->Realm = config_get( 'smtp_realm' );
+				    $mail->Workstation = config_get( 'smtp_workstation' );
+				}
 			}
 
 			if ( !is_blank( config_get( 'smtp_connection_mode' ) ) ) {
diff_email_api.txt (848 bytes)
cdijoux

cdijoux

2014-10-17 11:17

reporter   ~0041604

Getting PHPMailer up to date, with 'extras' directory and the file "ntlm sasl client.php" is useful because you have SASL (and you can use the calendar of Outlook), but it's also usefull because you have a secure SMTP, thanks to NTLM.

I have attached a diff file to show you all changes that we have done in mantisBT core.
Also, PHPmailer use the "mhash" function, which is now obsoleted and replaced by "hash". So we have modified the file "ntlm_sasl_client.php" to use "hash" library functions instead of "mhash" functions. I have attached a diff file to show all changes we've done in this file.

We use the "NTLM" feature to have access to a secure authenticate Outlook server and we use "SASL" to have access to the outlook calendar.

dregad

dregad

2014-10-17 12:25

developer   ~0041606

I have attached a diff file to show you all changes that we have done in mantisBT core.

The attached patch 'diff_email_api.txt' is not complete:

  • you are adding a new Auth Type 'NTLM' which needs to be properly documented (in config_defaults_inc.php as well as in the manual).
  • there are 2 new config options 'smtp_realm' and 'smtp_workstation' which also need to be documented

If you are familiar with the process, I strongly recommend that you submit a Github pull request against our master branch for this, it will make review and eventual merge into core much easier for us.

Also, PHPmailer use the "mhash" function, which is now obsoleted and replaced
by "hash". So we have modified the file "ntlm_sasl_client.php" to use "hash"
library functions instead of "mhash" functions.

I would not apply this, because as a policy we do not patch 3rd party libraries, unless it is required to fix a critical bug or security issue.

I suggest you submitted this upstream to PHPMailer [1].

[1] https://github.com/PHPMailer/PHPMailer/issues

cdijoux

cdijoux

2014-10-20 09:20

reporter  

config.php (527 bytes)
<?php
/*
 * SMTP Configuration
 */
$g_phpMailer_method 	= PHPMAILER_METHOD_SMTP;
$g_smtp_host		= '<your_hostname_smtp>'; // Relative to your host
$g_smtp_auth_type	= 'NTLM';
$g_smtp_realm		= '<your_realm_smtp>'; // relative to your host
$g_smtp_username	= '<your_username_smtp>'; // relative to your host
$g_smtp_password	= '<your_password_smtp>'; // relative to your host
$g_smtp_port		= <you_port_number>; // relative to your host
$g_smtp_workstation	= '<your_workstation_name>'; // relative to your workstation and host

?>
config.php (527 bytes)
cdijoux

cdijoux

2014-10-20 09:23

reporter   ~0041616

It's true, i've forgot to provide you more explanation to configure the authentication with NTLM protocol.
I've attached a file to explain all config you have to do to use NTLM authentication protocol. I can't provide functionnal example, of course.

I'm not familiar with Github pull request so i prefer to give you all information that you need, if it's possible. Further, i haven't got Git on my desktop.

I've submitted the PHPMailer request on there website : https://github.com/PHPMailer/PHPMailer/issues/300

Related Changesets

MantisBT: master 4c3ce1a2

2015-02-03 17:45:21

dregad

Details Diff
Upgrade PHPMailer to 5.2.9

See changelog.md for full details

Fixes 0017717
mod - config_defaults_inc.php Diff File
mod - core/email_api.php Diff File
mod - docbook/Admin_Guide/en-US/config/email.xml Diff File
mod - library/README.libs Diff File
mod - library/phpmailer Diff File

Issue History

Date Modified Username Field Change
2014-10-02 07:07 cdijoux New Issue
2014-10-02 11:50 dregad Note Added: 0041333
2014-10-02 11:50 dregad Status new => feedback
2014-10-02 11:50 dregad Target Version => 1.3.0-beta.1
2014-10-17 11:17 cdijoux File Added: diff_ntlm_sasl_client.txt
2014-10-17 11:17 cdijoux File Added: diff_email_api.txt
2014-10-17 11:17 cdijoux Note Added: 0041604
2014-10-17 11:17 cdijoux Status feedback => new
2014-10-17 12:25 dregad Note Added: 0041606
2014-10-17 12:25 dregad Status new => feedback
2014-10-20 09:20 cdijoux File Added: config.php
2014-10-20 09:23 cdijoux Note Added: 0041616
2014-10-20 09:23 cdijoux Status feedback => new
2014-12-08 02:10 atrol Target Version 1.3.0-beta.1 => 1.3.0-beta.2
2015-03-15 19:59 dregad Target Version 1.3.0-beta.2 => 1.3.0-beta.3
2015-04-18 19:23 dregad Changeset attached => MantisBT master 4c3ce1a2
2015-04-18 19:23 dregad Assigned To => dregad
2015-04-18 19:23 dregad Status new => resolved
2015-04-18 19:23 dregad Resolution open => fixed
2015-04-18 19:23 dregad Fixed in Version => 1.3.0-beta.3
2015-09-06 17:37 vboctoradmin Status resolved => closed