View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017717 | mantisbt | public | 2014-10-02 07:07 | 2015-09-06 17:37 | |
Reporter | cdijoux | Assigned To | dregad | ||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.17 | ||||
Target Version | 1.3.0-beta.3 | Fixed in Version | 1.3.0-beta.3 | ||
Summary | 0017717: Update phpmailer to 5.2.9 | ||||
Description | Update phpmailer to 5.2.9 to have the smtp authentication sasl available. | ||||
Steps To Reproduce |
| ||||
Tags | No tags attached. | ||||
Attached Files | diff_ntlm_sasl_client.txt (1,201 bytes)
diff -r 76eb274011fd library/phpmailer/extras/ntlm_sasl_client.php --- a/library/phpmailer/extras/ntlm_sasl_client.php Wed Oct 01 14:29:58 2014 +0200 +++ b/library/phpmailer/extras/ntlm_sasl_client.php Fri Oct 17 17:15:52 2014 +0200 @@ -23,12 +23,13 @@ Function Initialize(&$client) { + if (!function_exists('hex2bin')) { function hex2bin($hex) { return pack('H*', $hex);} } if(!function_exists($function="mcrypt_encrypt") - || !function_exists($function="mhash")) + || !function_exists($function="hash")) { $extensions=array( "mcrypt_encrypt"=>"mcrypt", - "mhash"=>"mhash" + "hash"=>"hash" ); $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; return(0); @@ -67,7 +68,7 @@ Function NTLMResponse($challenge,$password) { $unicode=$this->ASCIIToUnicode($password); - $md4=mhash(MHASH_MD4,$unicode); + $md4=hex2bin(hash('md4',$unicode)); $padded=$md4.str_repeat(chr(0),21-strlen($md4)); $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); @@ -182,4 +183,4 @@ } }; -?> \ No newline at end of file +?> diff_email_api.txt (848 bytes)
diff -r 1ef35abe7536 core/email_api.php --- a/core/email_api.php Fri Mar 21 17:25:42 2014 +0100 +++ b/core/email_api.php Fri Oct 17 17:16:14 2014 +0200 @@ -53,7 +53,7 @@ /** * requires PHPMailer library */ -require_once( 'phpmailer' . DIRECTORY_SEPARATOR . 'class.phpmailer.php' ); +require_once( 'phpmailer' . DIRECTORY_SEPARATOR . 'PHPMailerAutoload.php' ); /** * reusable object of class SMTP @@ -947,6 +947,11 @@ $mail->SMTPAuth = true; $mail->Username = config_get( 'smtp_username' ); $mail->Password = config_get( 'smtp_password' ); + $mail->AuthType = config_get( 'smtp_auth_type' ); + if ($mail->AuthType=='NTLM'){ + $mail->Realm = config_get( 'smtp_realm' ); + $mail->Workstation = config_get( 'smtp_workstation' ); + } } if ( !is_blank( config_get( 'smtp_connection_mode' ) ) ) { config.php (527 bytes)
<?php /* * SMTP Configuration */ $g_phpMailer_method = PHPMAILER_METHOD_SMTP; $g_smtp_host = '<your_hostname_smtp>'; // Relative to your host $g_smtp_auth_type = 'NTLM'; $g_smtp_realm = '<your_realm_smtp>'; // relative to your host $g_smtp_username = '<your_username_smtp>'; // relative to your host $g_smtp_password = '<your_password_smtp>'; // relative to your host $g_smtp_port = <you_port_number>; // relative to your host $g_smtp_workstation = '<your_workstation_name>'; // relative to your workstation and host ?> | ||||
Updating the library would most likely not be an issue. On the other hand, I'm wondering if there should't be further changes required on the MantisBT side to effectively enable SASL, as I don't think we have any settings for this today. In fact, we do not even bundle PHPMailer's 'extras' directory, where the sasl client class resides. Note that I do not use SASL, and don't have access to an environment where I could test it, so it would be helpful if you could provide additional information, e.g. clarify how you are (or plan to be) using this feature. |
|
Getting PHPMailer up to date, with 'extras' directory and the file "ntlm sasl client.php" is useful because you have SASL (and you can use the calendar of Outlook), but it's also usefull because you have a secure SMTP, thanks to NTLM. I have attached a diff file to show you all changes that we have done in mantisBT core. We use the "NTLM" feature to have access to a secure authenticate Outlook server and we use "SASL" to have access to the outlook calendar. |
|
The attached patch 'diff_email_api.txt' is not complete:
If you are familiar with the process, I strongly recommend that you submit a Github pull request against our master branch for this, it will make review and eventual merge into core much easier for us.
I would not apply this, because as a policy we do not patch 3rd party libraries, unless it is required to fix a critical bug or security issue. I suggest you submitted this upstream to PHPMailer [1]. |
|
It's true, i've forgot to provide you more explanation to configure the authentication with NTLM protocol. I'm not familiar with Github pull request so i prefer to give you all information that you need, if it's possible. Further, i haven't got Git on my desktop. I've submitted the PHPMailer request on there website : https://github.com/PHPMailer/PHPMailer/issues/300 |
|
MantisBT: master 4c3ce1a2 2015-02-03 12:45 Details Diff |
Upgrade PHPMailer to 5.2.9 See changelog.md for full details Fixes 0017717 |
Affected Issues 0017717 |
|
mod - config_defaults_inc.php | Diff File | ||
mod - core/email_api.php | Diff File | ||
mod - docbook/Admin_Guide/en-US/config/email.xml | Diff File | ||
mod - library/README.libs | Diff File | ||
mod - library/phpmailer | Diff File |