[Postfixadmin-devel] Supporting courier-authlib authentication flavors

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello List,

I'm using courier-authlib together with postfix with user metadata 
stored in a mysql database.

courier-authlib uses authentication flavors. Some examples:

{md5}MDbtZsfdyqbY0o7eDlJjKrQ==
{md5raw}be623121af8f94d0ddc1e052d17831d6
{crypt}AhlkDUpVER6dQ

I added support for such authetication flavors to postfixadmin and it 
works in my setup. I attached a first patch which should clarify how I 
would like to support this.

May I add this to trunk?

Best regards Jan

Index: config.inc.php
===================================================================

--- config.inc.php	(revision 530)
+++ config.inc.php	(working copy)
@@ -89,8 +89,15 @@
  // system = whatever you have set as your PHP system default
  // cleartext = clear text passwords (ouch!)
  // mysql_encrypt = useful for PAM integration
+// authlib = support for courier-authlib style passwords
  $CONF['encrypt'] = 'md5crypt';

+// In what flavor should courier-authlib style passwords be enrypted?
+// md5 = {md5} + base64 encoded md5 hash
+// md5raw = {md5raw} + plain encoded md5 hash
+// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
+$CONF['authlib_default_flavor'] = 'md5raw';
+
  // Minimum length required for passwords. Postfixadmin will not
  // allow users to set passwords which are shorter than this value.
  $CONF['min_password_length'] = 5;
Index: functions.inc.php
===================================================================
--- functions.inc.php	(revision 548)
+++ functions.inc.php	(working copy)
@@ -256,7 +256,7 @@
              flash_error("emailcheck_resolve_domain is enabled, but 
function (checkdnsrr) missing!");
          }
      }
-
+
      return true;
  }

@@ -1160,6 +1160,27 @@
          $l = db_row($res["result"]);
          $password = $l[0];
      }
+
+    if ($CONF['encrypt'] == 'authlib') {
+    	$flavor = $CONF['authlib_default_flavor'];
+    	$salt = '  ';
+    	if(ereg('^{.*}', $pw_db)) {
+    		// we have a flavor in the db -> use it instead of default flavor
+    		$result = split('{|}', $pw_db, 3);
+    		$flavor = $result[1];
+    		$salt = substr($result[2], 0, 2);  		
+    	}
+    	    	
+      	if(stripos($flavor, 'md5raw') === 0) {
+         	$password = '{' . $flavor . '}' . md5($pw);
+      	} else if(stripos($flavor, 'md5') === 0) {
+      		$password = '{' . $flavor . '}' . base64_encode(md5($pw, TRUE));
+      	} else if(stripos($flavor, 'crypt') === 0) {
+      		$password = '{' . $flavor . '}' . crypt($pw, $salt);
+      	}
+   	}
+
+
      $password = escape_string ($password);
      return $password;
  }


-- 
Jan Röhrich
Kleinglattbacher Str. 12
D-75428 Illingen
Tel.: +49 7042 120351
Mobil: +49 1638463295
eMail: ja...@ro...


