On Sat, 12 May 2007 01:25:45 +0800 imacat <imacat@mail.imacat.idv.tw> wrote:
2. I would like to use APOP in addition to SSL/TLS. Currently Dovecot saves APOP passwords as clear text. I understand this. But is it possible to have some sort of encoding, for example, Base64? Just to
If you really need this now you could also modify the sources yourself. It should be pretty easy to add a new plain.b64 scheme to src/auth/password-scheme.c (could also be implemented as a plugin)
Hi. Here is a simple patch that adds the BASE64-PLAIN password scheme. It may not be very clean. 1. I do not know if adding base64_decode() in passwd_file_save_results() in src/auth/passdb-passwd-file.c is appropriate. 2. It only work with the Passwd-file password database. Other password databases (like SQL) is not tested. However, it works fine. Hope that it helps. Please tell me if you need any more information. Thank you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 diff -u -r dovecot-1.0.0.orig/src/auth/passdb.c dovecot-1.0.0/src/auth/passdb.c - --- dovecot-1.0.0.orig/src/auth/passdb.c 2007-02-15 19:48:37.000000000 +0800 +++ dovecot-1.0.0/src/auth/passdb.c 2007-05-13 00:04:15.000000000 +0800 @@ -63,6 +63,8 @@ case PASSDB_CREDENTIALS_PLAINTEXT: if (strcasecmp(wanted_scheme, "CLEARTEXT") == 0) return wanted_scheme; + if (strcasecmp(wanted_scheme, "BASE64-PLAIN") == 0) + return wanted_scheme; return "PLAIN"; case PASSDB_CREDENTIALS_CRYPT: return "CRYPT"; @@ -98,7 +100,8 @@ scheme); if (strcasecmp(scheme, wanted_scheme) != 0) { if (strcasecmp(scheme, "PLAIN") != 0 && - - strcasecmp(scheme, "CLEARTEXT") != 0) { + strcasecmp(scheme, "CLEARTEXT") != 0 && + strcasecmp(scheme, "BASE64-PLAIN") != 0) { auth_request_log_info(auth_request, "password", "Requested %s scheme, but we have only %s", wanted_scheme, scheme); diff -u -r dovecot-1.0.0.orig/src/auth/passdb-passwd-file.c dovecot-1.0.0/src/auth/passdb-passwd-file.c - --- dovecot-1.0.0.orig/src/auth/passdb-passwd-file.c 2007-03-25 01:10:24.000000000 +0800 +++ dovecot-1.0.0/src/auth/passdb-passwd-file.c 2007-05-13 00:04:41.000000000 +0800 @@ -10,6 +10,8 @@ #include "passdb.h" #include "password-scheme.h" #include "db-passwd-file.h" +#include "base64.h" +#include "buffer.h" #define PASSWD_FILE_CACHE_KEY "%u" #define PASSWD_FILE_DEFAULT_SCHEME "CRYPT" @@ -30,9 +32,18 @@ const char *key, *value; string_t *str; char **p; + buffer_t *buf; + size_t size, password_len; *crypted_pass_r = pu->password; *scheme_r = password_get_scheme(crypted_pass_r); + if (*scheme_r != NULL && *crypted_pass_r != NULL && strcasecmp(*scheme_r, "BASE64-PLAIN") == 0) { + password_len = strlen(*crypted_pass_r); + buf = buffer_create_static_hard(pool_datastack_create(), + MAX_BASE64_DECODED_SIZE(password_len)); + base64_decode(*crypted_pass_r, password_len, NULL, buf); + *crypted_pass_r = buffer_get_data(buf, &size); + } if (*scheme_r == NULL) *scheme_r = request->passdb->passdb->default_pass_scheme; diff -u -r dovecot-1.0.0.orig/src/auth/password-scheme.c dovecot-1.0.0/src/auth/password-scheme.c - --- dovecot-1.0.0.orig/src/auth/password-scheme.c 2007-02-22 22:32:11.000000000 +0800 +++ dovecot-1.0.0/src/auth/password-scheme.c 2007-05-13 00:04:15.000000000 +0800 @@ -312,6 +312,26 @@ return plaintext; } +static bool base64_plain_verify(const char *plaintext, const char *password, + const char *user __attr_unused__) +{ + string_t *str; + + str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(password)+1)); + base64_encode(password, strlen(password), str); + return strcmp(plaintext, str_c(str)) == 0; +} + +static const char *base64_plain_generate(const char *plaintext, + const char *user __attr_unused__) +{ + string_t *str; + + str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(plaintext)+1)); + base64_encode(plaintext, strlen(plaintext), str); + return str_c(str); +} + static bool cram_md5_verify(const char *plaintext, const char *password, const char *user __attr_unused__) { @@ -469,6 +489,7 @@ { "SMD5", smd5_verify, smd5_generate }, { "SSHA", ssha_verify, ssha_generate }, { "PLAIN", plain_verify, plain_generate }, + { "BASE64-PLAIN", base64_plain_verify, base64_plain_generate }, { "CLEARTEXT", plain_verify, plain_generate }, { "CRAM-MD5", cram_md5_verify, cram_md5_generate }, { "HMAC-MD5", cram_md5_verify, cram_md5_generate }, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGRef6i9gubzC5S1wRArvCAJ992XKUOk0tbiSlmMTlEAZN9YFXbgCfSDXG fBuR00ppfcX1sBy20cCnmG0= =l5z1 -----END PGP SIGNATURE----- -- Best regards, imacat ^_*' <imacat@mail.imacat.idv.tw> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt <<Woman's Voice>> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug