Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
- $split_method = preg_split ('/:/', $CONF['encrypt']);
- $method = strtoupper($split_method[1]);
- if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
- if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead.");
- $dovecotpw = "dovecotpw";
- if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
- # Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
- $spec = array(
- 0 => array("pipe", "r"), // stdin
- 1 => array("pipe", "w"), // stdout
- 2 => array("pipe", "w"), // stderr
- );
- if (!empty($pw_db)) {
- $pipe = proc_open("$dovecotpw '-t' '{" . $method . "}$pw_db'", $spec, $pipes);
- } else {
- $pipe = proc_open("$dovecotpw '-s' $method", $spec, $pipes);
- }
- if (!$pipe) {
- die("can't proc_open $dovecotpw");
- } else {
- // use dovecot's stdin, it uses getpass() twice
- // Write pass in pipe stdin
- if (empty($pw_db)) {
- fwrite($pipes[0], $pw . "\n", 1+strlen($pw)); usleep(500);
- }
- fwrite($pipes[0], $pw . "\n", 3+strlen($pw));
- fclose($pipes[0]);
- // Read hash from pipe stdout
- $password = fread($pipes[1], "200");
- if ( !preg_match('/^\{' . $method . '\}/', $password) && empty($pw_db)) {
- $stderr_output = stream_get_contents($pipes[2]);
- error_log('dovecotpw password encryption failed.');
- error_log('STDERR output: ' . $stderr_output);
- die("$stderr_output\n $password\n $method\n can't encrypt password with dovecotpw, see error log for details");
- } elseif (preg_match('/^\{' . $method . '\}/', $password) && !empty($pw_db)){
- $password = $pw_db;
- } else {
- $password = trim(str_replace('{' . $method . '}', '', $password));
- }
- fclose($pipes[1]);
- fclose($pipes[2]);
- proc_close($pipe);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement