#73 Password column with prefix should work also.

closed-fixed
nobody
Core (30)
5
2014-10-05
2010-03-17
Valkum
No

When use dovecot one can use {CRAM-MD5}u7das2737dasd20das4721das8765da8s7d6ad but then the login doesnt work.
Postfixadmin should find the {...} string and use this hash function for auth.

Discussion

  • Valkum

    Valkum - 2010-03-17

    Here is what you have to change in functions.inc.php
    @ elseif (preg_match("/^do...:Line 1193
    elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
    $split_method = preg_split ('/:/', $CONF['encrypt']);
    $method = strtoupper($split_method[1]);
    $is_scheme = false;

    if(preg_match('/^{.*}/', $pw_db)) {
    // we have a flavor in the db -> use it instead of default flavor
    $result = split('{|}', $pw_db, 3);
    $method = $result[1];
    $is_scheme = true;
    }

    if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?

    $dovecotpw = "dovecotpw";
    if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];

    // prevent showing plain password in process table
    $prefix = "postfixadmin-";
    $tmpfile = tempnam('/tmp', $prefix);
    $pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call

    if (!$pipe) {
    unlink($tmpfile);
    } else {
    // use dovecot's stdin, it uses getpass() twice
    fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000);
    fwrite($pipe, $pw . "\n", 1+strlen($pw));
    pclose($pipe);
    $password = file_get_contents($tmpfile);
    if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); }
    if ($is_scheme) {
    $password = '{' . $method . '}' . trim(str_replace('{' . $method . '}', '', $password));
    } else {
    $password = trim(str_replace('{' . $method . '}', '', $password));
    }
    unlink($tmpfile);
    }
    }

    in create-mailbox change the if clause with POST

    @ if ($error != 1):Line 158 to

    if ($error != 1)
    {
    $password = pacrypt ($fPassword);

    if \( preg\_match\("/^dovecot:/", $CONF\['encrypt'\]\) \) \{
      $split\_method = preg\_split \('/:/', $CONF\['encrypt'\]\);
    

    $method = strtoupper($split_method[1]);
    $password = '{' . $method . '}' . $password;
    }

    if ($CONF['domain_path'] == "YES")
    {
    if ($CONF['domain_in_mailbox'] == "YES")
    {
    $maildir = $fDomain . "/" . $fUsername . "/";
    }
    else
    {
    $maildir = $fDomain . "/" . escape_string (strtolower($_POST['fUsername'])) . "/";
    }
    }
    else
    {
    $maildir = $fUsername . "/";
    }

    When you create a new mailbox it stores the password with {METHOD} this is Dovecot conform.

     
  • Christian Boltz

    Christian Boltz - 2013-10-03

    Can you please check with SVN trunk? r1523 introduced a change that no longer removes the {METHOD} for dovecot:* passwords.

     
  • Christian Boltz

    Christian Boltz - 2013-10-03
    • Group: --> SVN_(please_specify_revision!)
     
  • Christian Boltz

    Christian Boltz - 2014-10-05

    This is implemented since a year in SVN trunk (r1523) and seems to work - at least there aren't tons of bugreports ;-)

    Therefore I'm closing this ticket.

     
  • Christian Boltz

    Christian Boltz - 2014-10-05
    • status: open --> closed-fixed
     

Log in to post a comment.