Add support for SCRAM-SHA-{224,256,384,512} authentication mechanism (via libetpan) to IMAP.

They are supported by Cyrus IMAP. Dovecot supports SCRAM-SHA-256.

src/etpan/imap-thread.c

@@ -992,7 +992,7 @@ static void login_run(struct etpan_thread_op * op)
 			param->type, param->server, NULL, NULL,
 			param->login, param->login,
 			param->password, NULL);
-	else if (!strcmp(param->type, "SCRAM-SHA-1"))
+	else if (!strncmp(param->type, "SCRAM-SHA-", 10))
 		/* 7th argument has to be NULL here, to stop libetpan sending the
 		 * a= attribute in its initial SCRAM-SHA-1 message to server. At least
 		 * Dovecot 2.2 doesn't seem to like that, and will not authenticate

src/imap.c

@@ -912,6 +912,18 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 	case IMAP_AUTH_SCRAM_SHA1:
 		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1");
 		break;
+	case IMAP_AUTH_SCRAM_SHA224:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-224");
+		break;
+	case IMAP_AUTH_SCRAM_SHA256:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-256");
+		break;
+	case IMAP_AUTH_SCRAM_SHA384:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-384");
+		break;
+	case IMAP_AUTH_SCRAM_SHA512:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-512");
+		break;
 	case IMAP_AUTH_PLAIN:
 		ok = imap_cmd_login(session, user, pass, "PLAIN");
 		break;
@@ -935,6 +947,10 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 				"\t CRAM-MD5 %d\n"
 				"\t DIGEST-MD5 %d\n"
 				"\t SCRAM-SHA-1 %d\n"
+				"\t SCRAM-SHA-224 %d\n"
+				"\t SCRAM-SHA-256 %d\n"
+				"\t SCRAM-SHA-384 %d\n"
+				"\t SCRAM-SHA-512 %d\n"
 				"\t PLAIN %d\n"
 #ifdef USE_GNUTLS
 				"\t OAUTH2 %d\n"
@@ -945,6 +961,10 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 			imap_has_capability(session, "CRAM-MD5"),
 			imap_has_capability(session, "DIGEST-MD5"),
 			imap_has_capability(session, "SCRAM-SHA-1"),
+			imap_has_capability(session, "SCRAM-SHA-224"),
+			imap_has_capability(session, "SCRAM-SHA-256"),
+			imap_has_capability(session, "SCRAM-SHA-384"),
+			imap_has_capability(session, "SCRAM-SHA-512"),
 			imap_has_capability(session, "PLAIN"),
 #ifdef USE_GNUTLS
 			imap_has_capability(session, "XOAUTH2"),
@@ -955,6 +975,14 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 			ok = imap_cmd_login(session, user, pass, "CRAM-MD5");
 		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "DIGEST-MD5"))
 			ok = imap_cmd_login(session, user, pass, "DIGEST-MD5");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-512"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-512");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-384"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-384");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-256"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-256");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-224"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-224");
 		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-1"))
 			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1");
 		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "PLAIN"))
@@ -992,6 +1020,30 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 				     "SCRAM SASL plugin is installed.");
 		}
 
+		if (type == IMAP_AUTH_SCRAM_SHA224) {
+			ext_info = _("\n\nSCRAM-SHA-224 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
+		if (type == IMAP_AUTH_SCRAM_SHA256) {
+			ext_info = _("\n\nSCRAM-SHA-256 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
+		if (type == IMAP_AUTH_SCRAM_SHA384) {
+			ext_info = _("\n\nSCRAM-SHA-384 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
+		if (type == IMAP_AUTH_SCRAM_SHA512) {
+			ext_info = _("\n\nSCRAM-SHA-512 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
 		if (type == IMAP_AUTH_PLAIN) {
 			ext_info = _("\n\nPLAIN logins only work if libetpan has been "
 				     "compiled with SASL support and the "

src/imap.h

@@ -32,7 +32,11 @@ typedef enum
 	IMAP_AUTH_SCRAM_SHA1	= 1 << 5,
 	IMAP_AUTH_PLAIN   = 1 << 6,
 	IMAP_AUTH_LOGIN   = 1 << 7,
-	IMAP_AUTH_OAUTH2   = 1 << 8
+	IMAP_AUTH_OAUTH2   = 1 << 8,
+	IMAP_AUTH_SCRAM_SHA224	= 1 << 9,
+	IMAP_AUTH_SCRAM_SHA256	= 1 << 10,
+	IMAP_AUTH_SCRAM_SHA384	= 1 << 11,
+	IMAP_AUTH_SCRAM_SHA512	= 1 << 12,
 } IMAPAuthType;
 
 FolderClass *imap_get_class		(void);

src/prefs_account.c

@@ -1790,6 +1790,10 @@ static void receive_create_widget_func(PrefsPage * _page,
 	COMBOBOX_ADD (menu, "GSSAPI", IMAP_AUTH_GSSAPI);
 	COMBOBOX_ADD (menu, "DIGEST-MD5", IMAP_AUTH_DIGEST_MD5);
 	COMBOBOX_ADD (menu, "SCRAM-SHA-1", IMAP_AUTH_SCRAM_SHA1);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-224", IMAP_AUTH_SCRAM_SHA224);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-256", IMAP_AUTH_SCRAM_SHA256);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-384", IMAP_AUTH_SCRAM_SHA384);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-512", IMAP_AUTH_SCRAM_SHA512);
 	COMBOBOX_ADD (menu, "PLAIN", IMAP_AUTH_PLAIN);
 	COMBOBOX_ADD (menu, "LOGIN", IMAP_AUTH_LOGIN);
 	COMBOBOX_ADD (menu, "OAUTH2", IMAP_AUTH_OAUTH2);