Add support for SCRAM-SHA-{224,256,384,512} authentication mechanism (via libetpan) to IMAP.
They are supported by Cyrus IMAP. Dovecot supports SCRAM-SHA-256.
This commit is contained in:
parent
b63e9ce422
commit
4c6844370c
|
@ -992,7 +992,7 @@ static void login_run(struct etpan_thread_op * op)
|
|||
param->type, param->server, NULL, NULL,
|
||||
param->login, param->login,
|
||||
param->password, NULL);
|
||||
else if (!strcmp(param->type, "SCRAM-SHA-1"))
|
||||
else if (!strncmp(param->type, "SCRAM-SHA-", 10))
|
||||
/* 7th argument has to be NULL here, to stop libetpan sending the
|
||||
* a= attribute in its initial SCRAM-SHA-1 message to server. At least
|
||||
* Dovecot 2.2 doesn't seem to like that, and will not authenticate
|
||||
|
|
52
src/imap.c
52
src/imap.c
|
@ -912,6 +912,18 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
|
|||
case IMAP_AUTH_SCRAM_SHA1:
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1");
|
||||
break;
|
||||
case IMAP_AUTH_SCRAM_SHA224:
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-224");
|
||||
break;
|
||||
case IMAP_AUTH_SCRAM_SHA256:
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-256");
|
||||
break;
|
||||
case IMAP_AUTH_SCRAM_SHA384:
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-384");
|
||||
break;
|
||||
case IMAP_AUTH_SCRAM_SHA512:
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-512");
|
||||
break;
|
||||
case IMAP_AUTH_PLAIN:
|
||||
ok = imap_cmd_login(session, user, pass, "PLAIN");
|
||||
break;
|
||||
|
@ -935,6 +947,10 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
|
|||
"\t CRAM-MD5 %d\n"
|
||||
"\t DIGEST-MD5 %d\n"
|
||||
"\t SCRAM-SHA-1 %d\n"
|
||||
"\t SCRAM-SHA-224 %d\n"
|
||||
"\t SCRAM-SHA-256 %d\n"
|
||||
"\t SCRAM-SHA-384 %d\n"
|
||||
"\t SCRAM-SHA-512 %d\n"
|
||||
"\t PLAIN %d\n"
|
||||
#ifdef USE_GNUTLS
|
||||
"\t OAUTH2 %d\n"
|
||||
|
@ -945,6 +961,10 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
|
|||
imap_has_capability(session, "CRAM-MD5"),
|
||||
imap_has_capability(session, "DIGEST-MD5"),
|
||||
imap_has_capability(session, "SCRAM-SHA-1"),
|
||||
imap_has_capability(session, "SCRAM-SHA-224"),
|
||||
imap_has_capability(session, "SCRAM-SHA-256"),
|
||||
imap_has_capability(session, "SCRAM-SHA-384"),
|
||||
imap_has_capability(session, "SCRAM-SHA-512"),
|
||||
imap_has_capability(session, "PLAIN"),
|
||||
#ifdef USE_GNUTLS
|
||||
imap_has_capability(session, "XOAUTH2"),
|
||||
|
@ -955,6 +975,14 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
|
|||
ok = imap_cmd_login(session, user, pass, "CRAM-MD5");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "DIGEST-MD5"))
|
||||
ok = imap_cmd_login(session, user, pass, "DIGEST-MD5");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-512"))
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-512");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-384"))
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-384");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-256"))
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-256");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-224"))
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-224");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-1"))
|
||||
ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1");
|
||||
if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "PLAIN"))
|
||||
|
@ -992,6 +1020,30 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
|
|||
"SCRAM SASL plugin is installed.");
|
||||
}
|
||||
|
||||
if (type == IMAP_AUTH_SCRAM_SHA224) {
|
||||
ext_info = _("\n\nSCRAM-SHA-224 logins only work if libetpan has been "
|
||||
"compiled with SASL support and the "
|
||||
"SCRAM SASL plugin is installed.");
|
||||
}
|
||||
|
||||
if (type == IMAP_AUTH_SCRAM_SHA256) {
|
||||
ext_info = _("\n\nSCRAM-SHA-256 logins only work if libetpan has been "
|
||||
"compiled with SASL support and the "
|
||||
"SCRAM SASL plugin is installed.");
|
||||
}
|
||||
|
||||
if (type == IMAP_AUTH_SCRAM_SHA384) {
|
||||
ext_info = _("\n\nSCRAM-SHA-384 logins only work if libetpan has been "
|
||||
"compiled with SASL support and the "
|
||||
"SCRAM SASL plugin is installed.");
|
||||
}
|
||||
|
||||
if (type == IMAP_AUTH_SCRAM_SHA512) {
|
||||
ext_info = _("\n\nSCRAM-SHA-512 logins only work if libetpan has been "
|
||||
"compiled with SASL support and the "
|
||||
"SCRAM SASL plugin is installed.");
|
||||
}
|
||||
|
||||
if (type == IMAP_AUTH_PLAIN) {
|
||||
ext_info = _("\n\nPLAIN logins only work if libetpan has been "
|
||||
"compiled with SASL support and the "
|
||||
|
|
|
@ -32,7 +32,11 @@ typedef enum
|
|||
IMAP_AUTH_SCRAM_SHA1 = 1 << 5,
|
||||
IMAP_AUTH_PLAIN = 1 << 6,
|
||||
IMAP_AUTH_LOGIN = 1 << 7,
|
||||
IMAP_AUTH_OAUTH2 = 1 << 8
|
||||
IMAP_AUTH_OAUTH2 = 1 << 8,
|
||||
IMAP_AUTH_SCRAM_SHA224 = 1 << 9,
|
||||
IMAP_AUTH_SCRAM_SHA256 = 1 << 10,
|
||||
IMAP_AUTH_SCRAM_SHA384 = 1 << 11,
|
||||
IMAP_AUTH_SCRAM_SHA512 = 1 << 12,
|
||||
} IMAPAuthType;
|
||||
|
||||
FolderClass *imap_get_class (void);
|
||||
|
|
|
@ -1790,6 +1790,10 @@ static void receive_create_widget_func(PrefsPage * _page,
|
|||
COMBOBOX_ADD (menu, "GSSAPI", IMAP_AUTH_GSSAPI);
|
||||
COMBOBOX_ADD (menu, "DIGEST-MD5", IMAP_AUTH_DIGEST_MD5);
|
||||
COMBOBOX_ADD (menu, "SCRAM-SHA-1", IMAP_AUTH_SCRAM_SHA1);
|
||||
COMBOBOX_ADD (menu, "SCRAM-SHA-224", IMAP_AUTH_SCRAM_SHA224);
|
||||
COMBOBOX_ADD (menu, "SCRAM-SHA-256", IMAP_AUTH_SCRAM_SHA256);
|
||||
COMBOBOX_ADD (menu, "SCRAM-SHA-384", IMAP_AUTH_SCRAM_SHA384);
|
||||
COMBOBOX_ADD (menu, "SCRAM-SHA-512", IMAP_AUTH_SCRAM_SHA512);
|
||||
COMBOBOX_ADD (menu, "PLAIN", IMAP_AUTH_PLAIN);
|
||||
COMBOBOX_ADD (menu, "LOGIN", IMAP_AUTH_LOGIN);
|
||||
COMBOBOX_ADD (menu, "OAUTH2", IMAP_AUTH_OAUTH2);
|
||||
|
|
Loading…
Reference in a new issue