By request, SASL PLAIN for IMAP and SMTP.

I did not add detection to conf.pl, perhaps later..

ChangeLog

@@ -91,6 +91,8 @@ Version 1.5.0 -- CVS
     RFC3501.
   - Fix reply all address string in case the personal name contained a comma 
     (address separator).
+  - Added SASL PLAIN to IMAP and SMTP. Thanks to avel for the prodding and
+    code snippet.
 
 **************************************
 *** SquirrelMail Stable Series 1.4 ***

class/deliver/Deliver_SMTP.class.php

@@ -65,13 +65,14 @@ class Deliver_SMTP extends Deliver {
 	}
 	
 	/* Lets introduce ourselves */
+    fputs($stream, "EHLO $helohost\r\n");
+    $tmp = fgets($stream,1024);
+    if ($this->errorCheck($tmp,$stream)) {
+        return(0);
+    }
+
 	if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
 	  // Doing some form of non-plain auth
-	  fputs($stream, "EHLO $helohost\r\n");
-	  $tmp = fgets($stream,1024);
-	  if ($this->errorCheck($tmp,$stream)) {
-	    return(0);
-	  }
 	  if ($smtp_auth_mech == 'cram-md5') {
 	    fputs($stream, "AUTH CRAM-MD5\r\n");
 	  } elseif ($smtp_auth_mech == 'digest-md5') {
@@ -121,11 +122,6 @@ class Deliver_SMTP extends Deliver {
 	  }
 	} elseif ($smtp_auth_mech == 'login') {
 	  // The LOGIN method
-      fputs($stream, "EHLO $helohost\r\n");
-      $tmp = fgets($stream, 1024);
-	  if ($this->errorCheck($tmp, $stream)) {
-    	return(0);
-	  }
       fputs($stream, "AUTH LOGIN\r\n");
       $tmp = fgets($stream, 1024);
 
@@ -143,7 +139,25 @@ class Deliver_SMTP extends Deliver {
 	  if ($this->errorCheck($tmp, $stream)) {
     	return(0);
 	  }
-	} else {
+	} elseif ($smtp_auth_mech == "plain") {
+      /* SASL Plain */
+      $auth = base64_encode("$username\0$username\0$pass");
+                  
+      $query = "AUTH PLAIN\r\n";
+      fputs($stream, $query);
+      $read=fgets($stream, 1024);
+
+      if (substr($read,0,3) == '334') { // OK so far..
+         fputs($stream, "$auth\r\n");
+         $read = fgets($stream, 1024);
+      }
+                
+      $results=explode(" ",$read,3);
+      $response=$results[1];
+      $message=$results[2];
+
+      
+    } else {
 		/* Right here, they've reached an unsupported auth mechanism.
 		   This is the ugliest hack I've ever done, but it'll do till I can fix
 		   things up better tomorrow.  So tired... */

config/conf.pl

@@ -1133,14 +1133,14 @@ sub command111 {
     return $new_optional_delimiter;
 }
 # IMAP authentication type
-# Possible values: login, cram-md5, digest-md5
+# Possible values: login, plain, cram-md5, digest-md5
 # Now offers to detect supported mechs, assuming server & port are set correctly
 
 sub command112a {
 	print "If you have already set the hostname and port number, I can try to\n";
 	print "detect the mechanisms your IMAP server supports.\n";
 	print "I will try to detect CRAM-MD5 and DIGEST-MD5 support.  I can't test\n";
-	print "for \"login\" without knowing a username and password.\n";
+	print "for \"login\" or \"plain\" without knowing a username and password.\n";
 	print "Auto-detecting is optional - you can safely say \"n\" here.\n";
 	print "\nTry to detect supported mechanisms? [y/N]: ";
 	$inval=<STDIN>;
@@ -1176,14 +1176,15 @@ sub command112a {
 	} 
 	  print "\nWhat authentication mechanism do you want to use for IMAP connections?\n\n";
 	  print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
+      print $WHT . "plain" . $NRM . " - SASL PLAIN. If you need this, you already know it.\n";
 	  print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext methods.\n";
 	  print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
 	  print "\n*** YOUR IMAP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n";
 	  print "If you don't understand or are unsure, you probably want \"login\"\n\n";
-	  print "login, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT";
+	  print "login, plain, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT";
       $inval=<STDIN>;
       chomp($inval);
-      if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i)) {
+      if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i) || ($inval =~ /^plain\b/i)) {
         return lc($inval);
       } else {
         # user entered garbage or default value so nothing needs to be set
@@ -1196,7 +1197,7 @@ sub command112a {
 # Possible choices: none, plain, cram-md5, digest-md5
 sub command112b {
     print "If you have already set the hostname and port number, I can try to\n";
-    print "automatically detect the mechanisms your SMTP server supports.\n";
+    print "automatically detect some of the mechanisms your SMTP server supports.\n";
 	print "Auto-detection is *optional* - you can safely say \"n\" here.\n";
     print "\nTry to detect auth mechanisms? [y/N]: ";
     $inval=<STDIN>;
@@ -1270,6 +1271,7 @@ sub command112b {
     print "\tWhat authentication mechanism do you want to use for SMTP connections?\n";
     print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n";
     print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
+    print $WHT . "plain" . $NRM . " - SASL PLAIN.  You already know it if you need this.\n";
     print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n";
     print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
     print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM;
@@ -1282,7 +1284,7 @@ sub command112b {
       return "none";
     }
     if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || 
-    ($inval =~ /^login\b/i)) {
+    ($inval =~ /^login\b/i) || ($inval =~/^plain\b/i)) {
       return lc($inval);
     } else {
       # user entered garbage, or default value so nothing needs to be set

functions/imap_general.php

@@ -639,9 +639,22 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $
       $query = 'LOGIN "' . quoteimap($username) .  '" "' . quoteimap($password) . '"';
       $read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
     } elseif ($imap_auth_mech == 'plain') {
-                /* Replace this with SASL PLAIN if it ever gets implemented */
-                $response="BAD";
-                $message='SquirrelMail does not support SASL PLAIN yet. Rerun conf.pl and use login instead.';
+                /* SASL PLAIN */
+                $tag=sqimap_session_id(false);
+                $auth = base64_encode("$username\0$username\0$password");
+                  
+                $query = $tag . " AUTHENTICATE PLAIN\r\n";
+                fputs($imap_stream, $query);
+                $read=sqimap_fgets($imap_stream);
+
+                if (substr($read,0,1) == '+') { // OK so far..
+                    fputs($imap_stream, "$auth\r\n");
+                    $read = sqimap_fgets($imap_stream);
+                }
+                
+                $results=explode(" ",$read,3);
+                $response=$results[1];
+                $message=$results[2];
         } else {
                 $response="BAD";
                 $message="Internal SquirrelMail error - unknown IMAP authentication method chosen.  Please contact the developers.";