From d9b0f9d8937451a7f4e1e1041a17eaccf0d044d9 Mon Sep 17 00:00:00 2001 From: Andrej Kacian Date: Sat, 3 Jan 2015 03:42:30 +0100 Subject: [PATCH] Add support for SCRAM-SHA-1 authentication mechanism (via libetpan) to IMAP. --- src/etpan/imap-thread.c | 11 ++++++++++- src/imap.c | 13 +++++++++++++ src/imap.h | 3 ++- src/prefs_account.c | 1 + 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c index 5f79cdb00..f1c555d3e 100644 --- a/src/etpan/imap-thread.c +++ b/src/etpan/imap-thread.c @@ -902,7 +902,16 @@ static void login_run(struct etpan_thread_op * op) param->type, param->server, NULL, NULL, param->login, param->login, param->password, NULL); - else + else if (!strcmp(param->type, "SCRAM-SHA-1")) + /* 7th argument has to be NULL here, to stop libetpan sending the + * a= attribute in its initial SCRAM-SHA-1 message to server. At least + * Dovecot 2.2 doesn't seem to like that, and will not authenticate + * succesfully. */ + r = mailimap_authenticate(param->imap, + param->type, NULL, NULL, NULL, + NULL, param->login, + param->password, NULL); + else r = mailimap_authenticate(param->imap, param->type, NULL, NULL, NULL, param->login, param->login, diff --git a/src/imap.c b/src/imap.c index 35fb47f78..6a3e1ce30 100644 --- a/src/imap.c +++ b/src/imap.c @@ -898,6 +898,9 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass case IMAP_AUTH_DIGEST_MD5: ok = imap_cmd_login(session, user, pass, "DIGEST-MD5"); break; + case IMAP_AUTH_SCRAM_SHA1: + ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1"); + break; case IMAP_AUTH_LOGIN: ok = imap_cmd_login(session, user, pass, "LOGIN"); break; @@ -909,17 +912,21 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass "\t ANONYMOUS %d\n" "\t CRAM-MD5 %d\n" "\t DIGEST-MD5 %d\n" + "\t SCRAM-SHA-1 %d\n" "\t LOGIN %d\n" "\t GSSAPI %d\n", imap_has_capability(session, "ANONYMOUS"), imap_has_capability(session, "CRAM-MD5"), imap_has_capability(session, "DIGEST-MD5"), + imap_has_capability(session, "SCRAM-SHA-1"), imap_has_capability(session, "LOGIN"), imap_has_capability(session, "GSSAPI")); if (imap_has_capability(session, "CRAM-MD5")) ok = imap_cmd_login(session, user, pass, "CRAM-MD5"); if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "DIGEST-MD5")) ok = imap_cmd_login(session, user, pass, "DIGEST-MD5"); + if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-1")) + ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1"); if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "GSSAPI")) ok = imap_cmd_login(session, user, pass, "GSSAPI"); if (ok == MAILIMAP_ERROR_LOGIN) /* we always try LOGIN before giving up */ @@ -941,6 +948,12 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass "DIGEST-MD5 SASL plugin is installed."); } + if (type == IMAP_AUTH_SCRAM_SHA1) { + ext_info = _("\n\nSCRAM-SHA-1 logins only work if libetpan has been " + "compiled with SASL support and the " + "SCRAM SASL plugin is installed."); + } + if (time(NULL) - last_login_err > 10) { if (!prefs_common.no_recv_err_panel) { alertpanel_error_log(_("Connection to %s failed: " diff --git a/src/imap.h b/src/imap.h index 3c84eef47..a77686797 100644 --- a/src/imap.h +++ b/src/imap.h @@ -28,7 +28,8 @@ typedef enum IMAP_AUTH_CRAM_MD5 = 1 << 1, IMAP_AUTH_ANON = 1 << 2, IMAP_AUTH_GSSAPI = 1 << 3, - IMAP_AUTH_DIGEST_MD5 = 1 << 4 + IMAP_AUTH_DIGEST_MD5 = 1 << 4, + IMAP_AUTH_SCRAM_SHA1 = 1 << 5 } IMAPAuthType; FolderClass *imap_get_class (void); diff --git a/src/prefs_account.c b/src/prefs_account.c index 181be457e..934a1cf6d 100644 --- a/src/prefs_account.c +++ b/src/prefs_account.c @@ -1583,6 +1583,7 @@ static void receive_create_widget_func(PrefsPage * _page, COMBOBOX_ADD (menu, "ANONYMOUS", IMAP_AUTH_ANON); COMBOBOX_ADD (menu, "GSSAPI", IMAP_AUTH_GSSAPI); COMBOBOX_ADD (menu, "DIGEST-MD5", IMAP_AUTH_DIGEST_MD5); + COMBOBOX_ADD (menu, "SCRAM-SHA-1", IMAP_AUTH_SCRAM_SHA1); hbox1 = gtk_hbox_new (FALSE, 8); gtk_widget_show (hbox1); -- 2.25.1