BUG REPORT: MAIL-CRYPT plugin: doveadm mailbox cryptokey -O option

ean365 ean365 at verizon.net
Sat Dec 26 10:41:22 EET 2020


I have identified a bug in the "*-O*" option of "*doveadm mailbox 
cryptokey password*" plugin command -- it is expecting an argument, but 
it is supposed to be a boolean option.  I have also identified the 
(simple) fix to the source on github...

/I am a dovecot community noob, so please forgive me if this has already 
been identified...  (if so, I hope it gets fixed soon)...
The "-O" option in *struct doveadm_cmd_mcp_key_password* is set to 
expect a *STR* parameter, but it should be *BOOL*. See line 1027 in 
plugins/mail-crypt/doveadm-mail-crypt.c of master branch...

***DOVEADM_CMD_PARAM**(**'O'**, **"ask-old-password"**, CMD_PARAM_STR, 

*Should be:
***DOVEADM_CMD_PARAM**(**'O'**, **"ask-old-password"**, CMD_PARAM_BOOL, 

Workaround is to specify *-O* last on command line with a dummy 
argument, like this:
*doveadm mailbox cryptokey password -N -O ""*

Also, a quick question and suggestion -- Why does the *doveadm mailbox 
cryptokey password* command not ask for a new password twice, with a 
check that both entries must match before the password is changed?  The 
last thing we would want is to type something wrong accidentally, and 
change the new password to something unknown -- rendering encrypted 
email unrecoverable.  I would like to suggest that the code in 
*cmd_mcp_key_password_run* be amended to include verifying password 
entry twice.

(I am writing a simple addition to postfixadmin that changes the user's 
mail-crypt password whenever they use postfixadmin to change their login 
password.  It calls *doveadm* to change the keys. I came across this bug 
while working through this.)

Thanks for all your help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201226/b99c043a/attachment.html>

More information about the dovecot mailing list