[Commits] [SCM] claws branch, master, updated. 4.1.1-67-g4c6844370

paul at claws-mail.org paul at claws-mail.org
Sun Jul 9 13:32:13 UTC 2023 

The branch, master has been updated
       via  4c6844370c37cf9a88f2baadd1e844bb072c1b62 (commit)
      from  b63e9ce422a818f5f6b60bb24aa4c30e994d7c75 (commit)

Summary of changes:
 src/etpan/imap-thread.c |  2 +-
 src/imap.c              | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
 src/imap.h              |  6 +++++-
 src/prefs_account.c     |  4 ++++
 4 files changed, 62 insertions(+), 2 deletions(-)


- Log -----------------------------------------------------------------
commit 4c6844370c37cf9a88f2baadd1e844bb072c1b62
Author: Andreas Oberritter <obi at saftware.de>
Date:   Sun Jul 9 12:12:44 2023 +0200

    Add support for SCRAM-SHA-{224,256,384,512} authentication mechanism (via libetpan) to IMAP.
    
    They are supported by Cyrus IMAP. Dovecot supports SCRAM-SHA-256.

diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c
index 973656cdc..86168d74d 100644
--- a/src/etpan/imap-thread.c
+++ b/src/etpan/imap-thread.c
@@ -992,7 +992,7 @@ static void login_run(struct etpan_thread_op * op)
 			param->type, param->server, NULL, NULL,
 			param->login, param->login,
 			param->password, NULL);
-	else if (!strcmp(param->type, "SCRAM-SHA-1"))
+	else if (!strncmp(param->type, "SCRAM-SHA-", 10))
 		/* 7th argument has to be NULL here, to stop libetpan sending the
 		 * a= attribute in its initial SCRAM-SHA-1 message to server. At least
 		 * Dovecot 2.2 doesn't seem to like that, and will not authenticate
diff --git a/src/imap.c b/src/imap.c
index ff418908a..c373a3aed 100644
--- a/src/imap.c
+++ b/src/imap.c
@@ -912,6 +912,18 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 	case IMAP_AUTH_SCRAM_SHA1:
 		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1");
 		break;
+	case IMAP_AUTH_SCRAM_SHA224:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-224");
+		break;
+	case IMAP_AUTH_SCRAM_SHA256:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-256");
+		break;
+	case IMAP_AUTH_SCRAM_SHA384:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-384");
+		break;
+	case IMAP_AUTH_SCRAM_SHA512:
+		ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-512");
+		break;
 	case IMAP_AUTH_PLAIN:
 		ok = imap_cmd_login(session, user, pass, "PLAIN");
 		break;
@@ -935,6 +947,10 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 				"\t CRAM-MD5 %d\n"
 				"\t DIGEST-MD5 %d\n"
 				"\t SCRAM-SHA-1 %d\n"
+				"\t SCRAM-SHA-224 %d\n"
+				"\t SCRAM-SHA-256 %d\n"
+				"\t SCRAM-SHA-384 %d\n"
+				"\t SCRAM-SHA-512 %d\n"
 				"\t PLAIN %d\n"
 #ifdef USE_GNUTLS
 				"\t OAUTH2 %d\n"
@@ -945,6 +961,10 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 			imap_has_capability(session, "CRAM-MD5"),
 			imap_has_capability(session, "DIGEST-MD5"),
 			imap_has_capability(session, "SCRAM-SHA-1"),
+			imap_has_capability(session, "SCRAM-SHA-224"),
+			imap_has_capability(session, "SCRAM-SHA-256"),
+			imap_has_capability(session, "SCRAM-SHA-384"),
+			imap_has_capability(session, "SCRAM-SHA-512"),
 			imap_has_capability(session, "PLAIN"),
 #ifdef USE_GNUTLS
 			imap_has_capability(session, "XOAUTH2"),
@@ -955,6 +975,14 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 			ok = imap_cmd_login(session, user, pass, "CRAM-MD5");
 		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "DIGEST-MD5"))
 			ok = imap_cmd_login(session, user, pass, "DIGEST-MD5");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-512"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-512");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-384"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-384");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-256"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-256");
+		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-224"))
+			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-224");
 		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "SCRAM-SHA-1"))
 			ok = imap_cmd_login(session, user, pass, "SCRAM-SHA-1");
 		if (ok == MAILIMAP_ERROR_LOGIN && imap_has_capability(session, "PLAIN"))
@@ -992,6 +1020,30 @@ static gint imap_auth(IMAPSession *session, const gchar *user, const gchar *pass
 				     "SCRAM SASL plugin is installed.");
 		}
 
+		if (type == IMAP_AUTH_SCRAM_SHA224) {
+			ext_info = _("\n\nSCRAM-SHA-224 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
+		if (type == IMAP_AUTH_SCRAM_SHA256) {
+			ext_info = _("\n\nSCRAM-SHA-256 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
+		if (type == IMAP_AUTH_SCRAM_SHA384) {
+			ext_info = _("\n\nSCRAM-SHA-384 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
+		if (type == IMAP_AUTH_SCRAM_SHA512) {
+			ext_info = _("\n\nSCRAM-SHA-512 logins only work if libetpan has been "
+				     "compiled with SASL support and the "
+				     "SCRAM SASL plugin is installed.");
+		}
+
 		if (type == IMAP_AUTH_PLAIN) {
 			ext_info = _("\n\nPLAIN logins only work if libetpan has been "
 				     "compiled with SASL support and the "
diff --git a/src/imap.h b/src/imap.h
index 3870b1a86..e2fa71cc5 100644
--- a/src/imap.h
+++ b/src/imap.h
@@ -32,7 +32,11 @@ typedef enum
 	IMAP_AUTH_SCRAM_SHA1	= 1 << 5,
 	IMAP_AUTH_PLAIN   = 1 << 6,
 	IMAP_AUTH_LOGIN   = 1 << 7,
-	IMAP_AUTH_OAUTH2   = 1 << 8
+	IMAP_AUTH_OAUTH2   = 1 << 8,
+	IMAP_AUTH_SCRAM_SHA224	= 1 << 9,
+	IMAP_AUTH_SCRAM_SHA256	= 1 << 10,
+	IMAP_AUTH_SCRAM_SHA384	= 1 << 11,
+	IMAP_AUTH_SCRAM_SHA512	= 1 << 12,
 } IMAPAuthType;
 
 FolderClass *imap_get_class		(void);
diff --git a/src/prefs_account.c b/src/prefs_account.c
index 8d8be280c..6d5a37e25 100644
--- a/src/prefs_account.c
+++ b/src/prefs_account.c
@@ -1790,6 +1790,10 @@ static void receive_create_widget_func(PrefsPage * _page,
 	COMBOBOX_ADD (menu, "GSSAPI", IMAP_AUTH_GSSAPI);
 	COMBOBOX_ADD (menu, "DIGEST-MD5", IMAP_AUTH_DIGEST_MD5);
 	COMBOBOX_ADD (menu, "SCRAM-SHA-1", IMAP_AUTH_SCRAM_SHA1);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-224", IMAP_AUTH_SCRAM_SHA224);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-256", IMAP_AUTH_SCRAM_SHA256);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-384", IMAP_AUTH_SCRAM_SHA384);
+	COMBOBOX_ADD (menu, "SCRAM-SHA-512", IMAP_AUTH_SCRAM_SHA512);
 	COMBOBOX_ADD (menu, "PLAIN", IMAP_AUTH_PLAIN);
 	COMBOBOX_ADD (menu, "LOGIN", IMAP_AUTH_LOGIN);
 	COMBOBOX_ADD (menu, "OAUTH2", IMAP_AUTH_OAUTH2);

-----------------------------------------------------------------------


hooks/post-receive
-- 
Claws Mail

More information about the Commits mailing list