On Sat, Jul 24, 2004 at 11:49:12AM +1000, Joshua Goodall wrote:
On Fri, Jul 23, 2004 at 09:06:05PM +0300, Timo Sirainen wrote:
So it seems. But how did you notice it? I don't think those functions are ever called by Dovecot itself? They're there just in case some day they would be useful..
They're useful now. Reason attached, a first draft of dovecotpw.c. Only tested on FreeBSD 5-CURRENT.
I fleshed this out a bit. OK, a lot, because this was done to improve interoperability with OpenLDAP. The attached diff:
- Provides two new schemes, {SMD5} and {SSHA} (salted strong password hashes, both available in OpenLDAP);
- Supports the {MD5} that OpenLDAP uses (which is actually more like the unsalted {PLAIN-MD5} only base64-encoded;
- Provides a BSD-licensed (non-advertising clause) SHA implementation so you don't have to rely on openssl for {SHA};
- Adds a password generation tool that hooks directly into Dovecot's password scheme code:
usage: dovecotpw [-l] [-p plaintext] [-s scheme] [-u user] [-V] -l List known password schemes -p plaintext New password -s scheme Password scheme -u user Username (if scheme uses it) -V Internally verify the hash
I originally wrote this for production of HMAC-MD5 contexts to support CRAM-MD5, and just generalised it.
Diff against cvs HEAD attached. Tested on FreeBSD 5-CURRENT and Debian GNU/Linux (unstable), both only on i386. You'll need to rerun automake & autoconf after patching.
- Joshua