[Dovecot] Patch Adding BASE64-PLAIN Password Scheme (was: APOP Clear Text)

imacat imacat at mail.imacat.idv.tw
Sat May 12 19:34:17 EEST 2007 

On Sat, 12 May 2007 01:25:45 +0800
imacat <imacat at mail.imacat.idv.tw> wrote:
> > >      2. I would like to use APOP in addition to SSL/TLS.  Currently
> > > Dovecot saves APOP passwords as clear text.  I understand this.  But is
> > > it possible to have some sort of encoding, for example, Base64?  Just to
> > If you really need this now you could also modify the sources yourself.
> > It should be pretty easy to add a new plain.b64 scheme to
> > src/auth/password-scheme.c (could also be implemented as a plugin)

    Hi.  Here is a simple patch that adds the BASE64-PLAIN password
scheme.  It may not be very clean.

     1. I do not know if adding base64_decode() in
passwd_file_save_results() in src/auth/passdb-passwd-file.c is
appropriate.

     2. It only work with the Passwd-file password database.  Other
password databases (like SQL) is not tested.

    However, it works fine.  Hope that it helps.  Please tell me if you
need any more information.  Thank you.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

diff -u -r dovecot-1.0.0.orig/src/auth/passdb.c dovecot-1.0.0/src/auth/passdb.c
- --- dovecot-1.0.0.orig/src/auth/passdb.c	2007-02-15 19:48:37.000000000 +0800
+++ dovecot-1.0.0/src/auth/passdb.c	2007-05-13 00:04:15.000000000 +0800
@@ -63,6 +63,8 @@
 	case PASSDB_CREDENTIALS_PLAINTEXT:
 		if (strcasecmp(wanted_scheme, "CLEARTEXT") == 0)
 			return wanted_scheme;
+		if (strcasecmp(wanted_scheme, "BASE64-PLAIN") == 0)
+			return wanted_scheme;
 		return "PLAIN";
 	case PASSDB_CREDENTIALS_CRYPT:
 		return "CRYPT";
@@ -98,7 +100,8 @@
 						  scheme);
 	if (strcasecmp(scheme, wanted_scheme) != 0) {
 		if (strcasecmp(scheme, "PLAIN") != 0 &&
- -		    strcasecmp(scheme, "CLEARTEXT") != 0) {
+		    strcasecmp(scheme, "CLEARTEXT") != 0 &&
+		    strcasecmp(scheme, "BASE64-PLAIN") != 0) {
 			auth_request_log_info(auth_request, "password",
 				"Requested %s scheme, but we have only %s",
 				wanted_scheme, scheme);
diff -u -r dovecot-1.0.0.orig/src/auth/passdb-passwd-file.c dovecot-1.0.0/src/auth/passdb-passwd-file.c
- --- dovecot-1.0.0.orig/src/auth/passdb-passwd-file.c	2007-03-25 01:10:24.000000000 +0800
+++ dovecot-1.0.0/src/auth/passdb-passwd-file.c	2007-05-13 00:04:41.000000000 +0800
@@ -10,6 +10,8 @@
 #include "passdb.h"
 #include "password-scheme.h"
 #include "db-passwd-file.h"
+#include "base64.h"
+#include "buffer.h"
 
 #define PASSWD_FILE_CACHE_KEY "%u"
 #define PASSWD_FILE_DEFAULT_SCHEME "CRYPT"
@@ -30,9 +32,18 @@
 	const char *key, *value;
 	string_t *str;
 	char **p;
+	buffer_t *buf;
+	size_t size, password_len;
 
 	*crypted_pass_r = pu->password;
 	*scheme_r = password_get_scheme(crypted_pass_r);
+	if (*scheme_r != NULL && *crypted_pass_r != NULL && strcasecmp(*scheme_r, "BASE64-PLAIN") == 0) {
+		password_len = strlen(*crypted_pass_r);
+		buf = buffer_create_static_hard(pool_datastack_create(),
+						MAX_BASE64_DECODED_SIZE(password_len));
+		base64_decode(*crypted_pass_r, password_len, NULL, buf);
+		*crypted_pass_r = buffer_get_data(buf, &size);
+	}
 	if (*scheme_r == NULL)
 		*scheme_r = request->passdb->passdb->default_pass_scheme;
 
diff -u -r dovecot-1.0.0.orig/src/auth/password-scheme.c dovecot-1.0.0/src/auth/password-scheme.c
- --- dovecot-1.0.0.orig/src/auth/password-scheme.c	2007-02-22 22:32:11.000000000 +0800
+++ dovecot-1.0.0/src/auth/password-scheme.c	2007-05-13 00:04:15.000000000 +0800
@@ -312,6 +312,26 @@
 	return plaintext;
 }
 
+static bool base64_plain_verify(const char *plaintext, const char *password,
+			 const char *user __attr_unused__)
+{
+	string_t *str;
+
+	str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(password)+1));
+	base64_encode(password, strlen(password), str);
+	return strcmp(plaintext, str_c(str)) == 0;
+}
+
+static const char *base64_plain_generate(const char *plaintext,
+				  const char *user __attr_unused__)
+{
+	string_t *str;
+
+	str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(plaintext)+1));
+	base64_encode(plaintext, strlen(plaintext), str);
+	return str_c(str);
+}
+
 static bool cram_md5_verify(const char *plaintext, const char *password,
 			    const char *user __attr_unused__)
 {
@@ -469,6 +489,7 @@
 	{ "SMD5", smd5_verify, smd5_generate },
 	{ "SSHA", ssha_verify, ssha_generate },
 	{ "PLAIN", plain_verify, plain_generate },
+	{ "BASE64-PLAIN", base64_plain_verify, base64_plain_generate },
 	{ "CLEARTEXT", plain_verify, plain_generate },
 	{ "CRAM-MD5", cram_md5_verify, cram_md5_generate },
 	{ "HMAC-MD5", cram_md5_verify, cram_md5_generate },
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGRef6i9gubzC5S1wRArvCAJ992XKUOk0tbiSlmMTlEAZN9YFXbgCfSDXG
fBuR00ppfcX1sBy20cCnmG0=
=l5z1
-----END PGP SIGNATURE-----

--
Best regards,
imacat ^_*' <imacat at mail.imacat.idv.tw>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20070513/a2343a59/attachment.pgp

More information about the dovecot mailing list