|
From: SourceForge.net <no...@so...> - 2010-03-17 23:34:27
|
Feature Requests item #2972260, was opened at 2010-03-17 23:19 Message generated for change (Comment added) made by You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2972260&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Valkum () Assigned to: Nobody/Anonymous (nobody) Summary: Password column with prefix should work also. Initial Comment: When use dovecot one can use {CRAM-MD5}u7das2737dasd20das4721das8765da8s7d6ad but then the login doesnt work. Postfixadmin should find the {...} string and use this hash function for auth. ---------------------------------------------------------------------- >Comment By: Valkum () Date: 2010-03-18 00:34 Message: Here is what you have to change in functions.inc.php @ elseif (preg_match("/^do...:Line 1193 elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) { $split_method = preg_split ('/:/', $CONF['encrypt']); $method = strtoupper($split_method[1]); $is_scheme = false; if(preg_match('/^{.*}/', $pw_db)) { // we have a flavor in the db -> use it instead of default flavor $result = split('{|}', $pw_db, 3); $method = $result[1]; $is_scheme = true; } if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list? $dovecotpw = "dovecotpw"; if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw']; // prevent showing plain password in process table $prefix = "postfixadmin-"; $tmpfile = tempnam('/tmp', $prefix); $pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call if (!$pipe) { unlink($tmpfile); } else { // use dovecot's stdin, it uses getpass() twice fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000); fwrite($pipe, $pw . "\n", 1+strlen($pw)); pclose($pipe); $password = file_get_contents($tmpfile); if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); } if ($is_scheme) { $password = '{' . $method . '}' . trim(str_replace('{' . $method . '}', '', $password)); } else { $password = trim(str_replace('{' . $method . '}', '', $password)); } unlink($tmpfile); } } in create-mailbox change the if clause with POST @ if ($error != 1):Line 158 to if ($error != 1) { $password = pacrypt ($fPassword); if ( preg_match("/^dovecot:/", $CONF['encrypt']) ) { $split_method = preg_split ('/:/', $CONF['encrypt']); $method = strtoupper($split_method[1]); $password = '{' . $method . '}' . $password; } if ($CONF['domain_path'] == "YES") { if ($CONF['domain_in_mailbox'] == "YES") { $maildir = $fDomain . "/" . $fUsername . "/"; } else { $maildir = $fDomain . "/" . escape_string (strtolower($_POST['fUsername'])) . "/"; } } else { $maildir = $fUsername . "/"; } When you create a new mailbox it stores the password with {METHOD} this is Dovecot conform. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2972260&group_id=191583 |
