On Sat, 12 May 2007 01:25:45 +0800 imacat <[EMAIL PROTECTED]> wrote: > > > 2. I would like to use APOP in addition to SSL/TLS. Currently > > > Dovecot saves APOP passwords as clear text. I understand this. But is > > > it possible to have some sort of encoding, for example, Base64? Just to > > If you really need this now you could also modify the sources yourself. > > It should be pretty easy to add a new plain.b64 scheme to > > src/auth/password-scheme.c (could also be implemented as a plugin)
Hi. Here is a simple patch that adds the BASE64-PLAIN password
scheme. It may not be very clean.
1. I do not know if adding base64_decode() in
passwd_file_save_results() in src/auth/passdb-passwd-file.c is
appropriate.
2. It only work with the Passwd-file password database. Other
password databases (like SQL) is not tested.
However, it works fine. Hope that it helps. Please tell me if you
need any more information. Thank you.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
diff -u -r dovecot-1.0.0.orig/src/auth/passdb.c dovecot-1.0.0/src/auth/passdb.c
- --- dovecot-1.0.0.orig/src/auth/passdb.c 2007-02-15 19:48:37.000000000
+0800
+++ dovecot-1.0.0/src/auth/passdb.c 2007-05-13 00:04:15.000000000 +0800
@@ -63,6 +63,8 @@
case PASSDB_CREDENTIALS_PLAINTEXT:
if (strcasecmp(wanted_scheme, "CLEARTEXT") == 0)
return wanted_scheme;
+ if (strcasecmp(wanted_scheme, "BASE64-PLAIN") == 0)
+ return wanted_scheme;
return "PLAIN";
case PASSDB_CREDENTIALS_CRYPT:
return "CRYPT";
@@ -98,7 +100,8 @@
scheme);
if (strcasecmp(scheme, wanted_scheme) != 0) {
if (strcasecmp(scheme, "PLAIN") != 0 &&
- - strcasecmp(scheme, "CLEARTEXT") != 0) {
+ strcasecmp(scheme, "CLEARTEXT") != 0 &&
+ strcasecmp(scheme, "BASE64-PLAIN") != 0) {
auth_request_log_info(auth_request, "password",
"Requested %s scheme, but we have only %s",
wanted_scheme, scheme);
diff -u -r dovecot-1.0.0.orig/src/auth/passdb-passwd-file.c
dovecot-1.0.0/src/auth/passdb-passwd-file.c
- --- dovecot-1.0.0.orig/src/auth/passdb-passwd-file.c 2007-03-25
01:10:24.000000000 +0800
+++ dovecot-1.0.0/src/auth/passdb-passwd-file.c 2007-05-13 00:04:41.000000000
+0800
@@ -10,6 +10,8 @@
#include "passdb.h"
#include "password-scheme.h"
#include "db-passwd-file.h"
+#include "base64.h"
+#include "buffer.h"
#define PASSWD_FILE_CACHE_KEY "%u"
#define PASSWD_FILE_DEFAULT_SCHEME "CRYPT"
@@ -30,9 +32,18 @@
const char *key, *value;
string_t *str;
char **p;
+ buffer_t *buf;
+ size_t size, password_len;
*crypted_pass_r = pu->password;
*scheme_r = password_get_scheme(crypted_pass_r);
+ if (*scheme_r != NULL && *crypted_pass_r != NULL &&
strcasecmp(*scheme_r, "BASE64-PLAIN") == 0) {
+ password_len = strlen(*crypted_pass_r);
+ buf = buffer_create_static_hard(pool_datastack_create(),
+
MAX_BASE64_DECODED_SIZE(password_len));
+ base64_decode(*crypted_pass_r, password_len, NULL, buf);
+ *crypted_pass_r = buffer_get_data(buf, &size);
+ }
if (*scheme_r == NULL)
*scheme_r = request->passdb->passdb->default_pass_scheme;
diff -u -r dovecot-1.0.0.orig/src/auth/password-scheme.c
dovecot-1.0.0/src/auth/password-scheme.c
- --- dovecot-1.0.0.orig/src/auth/password-scheme.c 2007-02-22
22:32:11.000000000 +0800
+++ dovecot-1.0.0/src/auth/password-scheme.c 2007-05-13 00:04:15.000000000
+0800
@@ -312,6 +312,26 @@
return plaintext;
}
+static bool base64_plain_verify(const char *plaintext, const char *password,
+ const char *user __attr_unused__)
+{
+ string_t *str;
+
+ str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(password)+1));
+ base64_encode(password, strlen(password), str);
+ return strcmp(plaintext, str_c(str)) == 0;
+}
+
+static const char *base64_plain_generate(const char *plaintext,
+ const char *user __attr_unused__)
+{
+ string_t *str;
+
+ str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(plaintext)+1));
+ base64_encode(plaintext, strlen(plaintext), str);
+ return str_c(str);
+}
+
static bool cram_md5_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
@@ -469,6 +489,7 @@
{ "SMD5", smd5_verify, smd5_generate },
{ "SSHA", ssha_verify, ssha_generate },
{ "PLAIN", plain_verify, plain_generate },
+ { "BASE64-PLAIN", base64_plain_verify, base64_plain_generate },
{ "CLEARTEXT", plain_verify, plain_generate },
{ "CRAM-MD5", cram_md5_verify, cram_md5_generate },
{ "HMAC-MD5", cram_md5_verify, cram_md5_generate },
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGRef6i9gubzC5S1wRArvCAJ992XKUOk0tbiSlmMTlEAZN9YFXbgCfSDXG
fBuR00ppfcX1sBy20cCnmG0=
=l5z1
-----END PGP SIGNATURE-----
--
Best regards,
imacat ^_*' <[EMAIL PROTECTED]>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
pgpJCcrq7AqBD.pgp
Description: PGP signature
