> On 26/12/2020 10:41 ean365 <ean...@verizon.net> wrote:
>
>
> Aki:
>
> I have identified a bug in the "-O" option of "doveadm mailbox cryptokey
> password" plugin command -- it is expecting an argument, but it is supposed
> to be a boolean option. I have also identified the (simple) fix to the source
> on github...
>
> I am a dovecot community noob, so please forgive me if this has already been
> identified... (if so, I hope it gets fixed soon)...
>
> The "-O" option in struct doveadm_cmd_mcp_key_password is set to expect a
> STR parameter, but it should be BOOL. See line 1027 in
> plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
>
> Currently:
> DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_STR,0)
>
> Should be:
> DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_BOOL,0)
>
> Workaround is to specify -O last on command line with a dummy argument, like
> this:
> doveadm mailbox cryptokey password -N -O ""
>
> Also, a quick question and suggestion -- Why does the doveadm mailbox
> cryptokey password command not ask for a new password twice, with a check
> that both entries must match before the password is changed? The last thing
> we would want is to type something wrong accidentally, and change the new
> password to something unknown -- rendering encrypted email unrecoverable. I
> would like to suggest that the code in cmd_mcp_key_password_run be amended to
> include verifying password entry twice.
>
> (I am writing a simple addition to postfixadmin that changes the user's
> mail-crypt password whenever they use postfixadmin to change their login
> password. It calls doveadm to change the keys. I came across this bug while
> working through this.)
>
> Thanks for all your help!
> Eric
>
Thank you for reporting this, we'll take a look.
Aki
