On Sun, 2007-05-13 at 00:34 +0800, imacat wrote:
Hi. Here is a simple patch that adds the BASE64-PLAIN password scheme. It may not be very clean.
1. I do not know if adding base64_decode() in passwd_file_save_results() in src/auth/passdb-passwd-file.c is appropriate.
This isn't needed. The generic scheme handling code should have made it work everywhere.
@@ -98,7 +100,8 @@ scheme); if (strcasecmp(scheme, wanted_scheme) != 0) { if (strcasecmp(scheme, "PLAIN") != 0 && - - strcasecmp(scheme, "CLEARTEXT") != 0) { + strcasecmp(scheme, "CLEARTEXT") != 0 && + strcasecmp(scheme, "BASE64-PLAIN") != 0) {
This is ok, although it makes me think if there should be some kind of a password_scheme_is_plaintext() function.
+static bool base64_plain_verify(const char *plaintext, const char *password, + const char *user __attr_unused__) +{ + string_t *str; + + str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(password)+1)); + base64_encode(password, strlen(password), str); + return strcmp(plaintext, str_c(str)) == 0; +}
This is a bit wrong. plaintext is in the user-given password in plaintext, and password is the base64 encoded password. Here you're base64ing a password that's already base64d. That's probably why you added the code to passdb-passwd-file.c, the code in there is working right.
+ { "BASE64-PLAIN", base64_plain_verify, base64_plain_generate },
I'm going to use PLAIN.B64 and PLAIN.BASE64 in Dovecot v1.1, so if you might want to use that name already for your passwords so one day you don't have to patch Dovecot anymore. :)