API tools faq
paste
Advertisement
Guest User

Postfixadmin and dovecot SHA512-CRYPT

a guest
Sep 28th, 2013
735
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.41 KB | None | 0 0
raw download clone embed print report diff
  1.     elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
  2.         $split_method = preg_split ('/:/', $CONF['encrypt']);
  3.         $method       = strtoupper($split_method[1]);
  4.         if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); }  # TODO: check against a fixed list?
  5.        if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead.");
  6.  
  7.         $dovecotpw = "dovecotpw";
  8.         if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
  9.  
  10.         # Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
  11.        $spec = array(
  12.             0 => array("pipe", "r"), // stdin
  13.             1 => array("pipe", "w"), // stdout
  14.             2 => array("pipe", "w"), // stderr
  15.         );
  16.         if (!empty($pw_db)) {
  17.             $pipe = proc_open("$dovecotpw '-t' '{" . $method . "}$pw_db'", $spec, $pipes);
  18.         } else {        
  19.             $pipe = proc_open("$dovecotpw '-s' $method", $spec, $pipes);
  20.         }
  21.  
  22.         if (!$pipe) {
  23.             die("can't proc_open $dovecotpw");
  24.         } else {
  25.             // use dovecot's stdin, it uses getpass() twice
  26.             // Write pass in pipe stdin
  27.  
  28.             if (empty($pw_db)) {
  29.                 fwrite($pipes[0], $pw . "\n", 1+strlen($pw)); usleep(500);
  30.             }
  31.             fwrite($pipes[0], $pw . "\n", 3+strlen($pw));
  32.             fclose($pipes[0]);
  33.  
  34.             // Read hash from pipe stdout
  35.             $password = fread($pipes[1], "200");
  36.             if ( !preg_match('/^\{' . $method . '\}/', $password) && empty($pw_db)) {
  37.                 $stderr_output = stream_get_contents($pipes[2]);
  38.                 error_log('dovecotpw password encryption failed.');
  39.                 error_log('STDERR output: ' . $stderr_output);
  40.                 die("$stderr_output\n  $password\n  $method\n can't encrypt password with dovecotpw, see error log for details");
  41.             } elseif (preg_match('/^\{' . $method . '\}/', $password) && !empty($pw_db)){
  42.                 $password = $pw_db;
  43.             } else {
  44.                 $password = trim(str_replace('{' . $method . '}', '', $password));          
  45.             }
  46.             fclose($pipes[1]);
  47.             fclose($pipes[2]);
  48.             proc_close($pipe);
  49.         }
  50.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!