Minor changes.

* renamed auth.php/hmac() to hmac_md5()
* polished descriptions and helper text in conf.pl
* fixed minor bug with smtp auth mech default value in conf.pl
* minor documentation additions to authentication.txt
* added myself to AUTHORS.

AUTHORS

@@ -25,6 +25,7 @@
    Thijs Kinkhorst  <thijs@jaze.nl>
    Tyler Akins
    Wouter Teepe     <wouter@teepe.com>
+   Chris Hilts		<chilts@birdbrained.org> http://www.birdbrained.org
 
  Translations: 
  -------------

config/conf.pl

@@ -1115,10 +1115,11 @@ sub command111 {
 
 sub command112a {
 	print "If you have already set the hostname and port number, I can try to\n";
-	print "detect the methods your IMAP server supports.\n";
+	print "detect the mechanisms your IMAP server supports.\n";
 	print "I will try to detect CRAM-MD5 and DIGEST-MD5 support.  I can't test\n";
 	print "for \"plain\" without knowing a username and password.\n";
-	print "\nTry to detect auth methods? [y/N]: ";
+	print "Auto-detecting is optional - you can safely say \"n\" here.\n";
+	print "\nTry to detect supported mechanisms? [y/N]: ";
 	$inval=<STDIN>;
 	chomp($inval);
 	if ($inval =~ /^y\b/i) {
@@ -1172,13 +1173,14 @@ sub command112a {
 # Possible choices: none, plain, cram-md5, digest-md5
 sub command112b {
     print "If you have already set the hostname and port number, I can try to\n";
-    print "detect the methods your SMTP server supports.\n";
-    print "\nTry to detect auth methods? [y/N]: ";
+    print "automatically detect the mechanisms your SMTP server supports.\n";
+	print "Auto-detection is *optional* - you can safely say \"n\" here.\n";
+    print "\nTry to detect auth mechanisms? [y/N]: ";
     $inval=<STDIN>;
     chomp($inval);
     if ($inval =~ /^y\b/i) {
 		# Yes, let's try to detect.
-		print "Detecting supported methods...\n";
+		print "Trying to detect supported methods (SMTP)...\n";
 		
 		# Special case!
 		# Check none by trying to relay to junk@birdbrained.org
@@ -1261,7 +1263,7 @@ sub command112b {
       return lc($inval);
     } else {
       # user entered garbage, or default value so nothing needs to be set
-	  return;
+	  return $smtp_auth_mech;
     }
 }
 

doc/authentication.txt

@@ -33,6 +33,14 @@ CONFIGURATION
 
 All configuration is done using conf.pl, under main menu option #2.
 
+conf.pl can now attempt to detect which mechanisms your servers support.
+You must have set the host and port before attempting to detect, or you
+may get inaccurate results, or a long wait while the connection times out.
+
+If you get results that you know are wrong when you use auto-detection, I
+need to know about it. Please send me the results you got, the results you
+expected, and server type, name, and version (eg. "imap, Cyrus, v2.1.9").
+
 KNOWN ISSUES
 ------------
 

functions/auth.php

@@ -61,7 +61,7 @@ function cram_md5_response ($username,$password,$challenge) {
    cram-md5 (See RFC 2195 for details)
 */
 $challenge=base64_decode($challenge);
-$hash=bin2hex(hmac($challenge,$password));
+$hash=bin2hex(hmac_md5($challenge,$password));
 $response=base64_encode($username . " " . $hash) . "\r\n";
 return $response;
 }
@@ -77,7 +77,7 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) {
     // rfc2831: client MUST fail if no qop methods supported
    // return false;
   //}
-  $cnonce = base64_encode(bin2hex(hmac(microtime())));
+  $cnonce = base64_encode(bin2hex(hmac_md5(microtime())));
   $ncount = "00000001";
 
   /* This can be auth (authentication only), auth-int (integrity protection), or
@@ -92,18 +92,18 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) {
   $string_a1 = utf8_encode($username).":";
   $string_a1 .= utf8_encode($result['realm']).":";
   $string_a1 .= utf8_encode($password);
-  $string_a1 = hmac($string_a1);
+  $string_a1 = hmac_md5($string_a1);
   $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce;
-  $A1 = bin2hex(hmac($A1));
+  $A1 = bin2hex(hmac_md5($A1));
   $A2 = "AUTHENTICATE:$digest_uri_value";
   // If qop is auth-int or auth-conf, A2 gets a little extra
   if ($qop_value != 'auth') {
     $A2 .= ':00000000000000000000000000000000';
   }
-  $A2 = bin2hex(hmac($A2));
+  $A2 = bin2hex(hmac_md5($A2));
 
   $string_response = $result['nonce'] . ':' . $ncount . ':' . $cnonce . ':' . $qop_value;
-  $response_value = bin2hex(hmac($A1.":".$string_response.":".$A2));
+  $response_value = bin2hex(hmac_md5($A1.":".$string_response.":".$A2));
 
   $reply = 'charset=utf-8,username="' . $username . '",realm="' . $result["realm"] . '",';
   $reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",';
@@ -153,7 +153,7 @@ function digest_md5_parse_challenge($challenge) {
   return $parsed;
 }
 
-function hmac($data, $key='') {
+function hmac_md5($data, $key='') {
     // Creates a HMAC digest that can be used for auth purposes
     // See RFCs 2104, 2617, 2831
     // Uses mhash() extension if available
@@ -174,8 +174,8 @@ function hmac($data, $key='') {
     }
     $k_ipad =  $key ^ str_repeat(chr(0x36), 64) ;
     $k_opad =  $key ^ str_repeat(chr(0x5c), 64) ;
-    /* Heh, let's get re-entrant. PHP is so kinky */
-    $hmac=hmac($k_opad . pack("H*",md5($k_ipad . $data)) );
+    /* Heh, let's get recursive. */
+    $hmac=hmac_md5($k_opad . pack("H*",md5($k_ipad . $data)) );
     return $hmac;
 }