php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63126 DISABLE_AUTHENTICATOR ignores array
Submitted: 2012-09-21 06:33 UTC Modified: 2012-11-24 16:22 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: IMAP related
PHP Version: 5.4.7 OS: GNU/Linux (Fedora 18)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2012-09-21 06:33 UTC] remi@php.net 
Description:
------------
According to source code, DISABLE_AUTHENTICATOR could be a string or an array.

Works as expected:
imap_open($srv,$user,$pass,OP_HALF_OPEN,1,
   array('DISABLE_AUTHENTICATOR'=>'GSSAPI');

Doesn't works:
imap_open($srv,$user,$pass,OP_HALF_OPEN,1,
   array('DISABLE_AUTHENTICATOR'=>array('GSSAPI','NTLM'));


The trivial attached patch should fix this (but cannot test it)

Patches

imap.patch (last revision 2012-09-21 06:33 UTC by remi)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-21 06:42 UTC] remi@php.net 
This also affects php 5.3
 [2012-09-21 07:38 UTC] remi@php.net 
I can find a exchange server an test the fix.

Test script:
$inbox = imap_open($server,$userlogin,$password,OP_HALFOPEN,1,array('DISABLE_AUTHENTICATOR' => array('GSSAPI','NTLM')));
var_dump(imap_errors());

Without the patch:
array(2) {
  [0]=>
  string(148) "Kerberos error: Credentials cache file '/run/user/1000/krb5cc_ea1f24ead9d3199b715d4d57505d4335/t (try running kinit) for exchange2007.xxxx"
  [1]=>
  string(55) "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN"
}

With the patch:
array(1) {
  [0]=>
  string(55) "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN"
}
 [2012-09-21 07:55 UTC] remi@php.net 
I try to send my first pull request, I hope this is ok
https://github.com/php/php-src/pull/200
 [2012-11-24 13:39 UTC] remi@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: remi
 [2012-11-24 13:59 UTC] remi@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 13:59 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2012-11-24 14:02 UTC] remi@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 14:03 UTC] remi@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 14:04 UTC] remi@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2012-11-24 16:22 UTC] laruence@php.net 
@remi, please also commit your test script. thanks
 [2012-12-19 17:55 UTC] derick@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2014-10-07 23:21 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 [2014-10-07 23:32 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f55bed9dad0ffbec170b857c0b3b1b33426fe9d5
Log: Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 21:01:28 2024 UTC