BUG REPORT: MAIL-CRYPT plugin: doveadm mailbox cryptokey -O option
Aki:
I have identified a bug in the "*-O*" option of "*doveadm mailbox cryptokey password*" plugin command -- it is expecting an argument, but it is supposed to be a boolean option. I have also identified the (simple) fix to the source on github...
/I am a dovecot community noob, so please forgive me if this has already been identified... (if so, I hope it gets fixed soon)... / The "-O" option in *struct doveadm_cmd_mcp_key_password* is set to expect a *STR* parameter, but it should be *BOOL*. See line 1027 in plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
Currently: ***DOVEADM_CMD_PARAM**(**'O'**, **"ask-old-password"**, CMD_PARAM_STR, **0**)
*Should be: ***DOVEADM_CMD_PARAM**(**'O'**, **"ask-old-password"**, CMD_PARAM_BOOL, **0**)*
Workaround is to specify *-O* last on command line with a dummy argument, like this: *doveadm mailbox cryptokey password -N -O ""*
Also, a quick question and suggestion -- Why does the *doveadm mailbox cryptokey password* command not ask for a new password twice, with a check that both entries must match before the password is changed? The last thing we would want is to type something wrong accidentally, and change the new password to something unknown -- rendering encrypted email unrecoverable. I would like to suggest that the code in *cmd_mcp_key_password_run* be amended to include verifying password entry twice.
(I am writing a simple addition to postfixadmin that changes the user's mail-crypt password whenever they use postfixadmin to change their login password. It calls *doveadm* to change the keys. I came across this bug while working through this.)
Thanks for all your help! Eric **
On 26/12/2020 10:41 ean365 ean365@verizon.net wrote:
Aki:
I have identified a bug in the "-O" option of "doveadm mailbox cryptokey password" plugin command -- it is expecting an argument, but it is supposed to be a boolean option. I have also identified the (simple) fix to the source on github...
I am a dovecot community noob, so please forgive me if this has already been identified... (if so, I hope it gets fixed soon)...
The "-O" option in struct doveadm_cmd_mcp_key_password is set to expect a STR parameter, but it should be BOOL. See line 1027 in plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
Currently: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_STR,0)
Should be: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_BOOL,0)
Workaround is to specify -O last on command line with a dummy argument, like this: doveadm mailbox cryptokey password -N -O ""
Also, a quick question and suggestion -- Why does the doveadm mailbox cryptokey password command not ask for a new password twice, with a check that both entries must match before the password is changed? The last thing we would want is to type something wrong accidentally, and change the new password to something unknown -- rendering encrypted email unrecoverable. I would like to suggest that the code in cmd_mcp_key_password_run be amended to include verifying password entry twice.
(I am writing a simple addition to postfixadmin that changes the user's mail-crypt password whenever they use postfixadmin to change their login password. It calls doveadm to change the keys. I came across this bug while working through this.)
Thanks for all your help! Eric
Thank you for reporting this, we'll take a look.
Aki
Hi, Aki: Just resending below bug report. I notice that it has not been fixed, yet. Am I correct that this is a bug, albeit a small one? Best Regards, Eric
On 12/27/2020 11:02 AM, Aki Tuomi wrote:
On 26/12/2020 10:41 ean365 ean365@verizon.net wrote:
Aki:
I have identified a bug in the "-O" option of "doveadm mailbox cryptokey password" plugin command -- it is expecting an argument, but it is supposed to be a boolean option. I have also identified the (simple) fix to the source on github...
I am a dovecot community noob, so please forgive me if this has already been identified... (if so, I hope it gets fixed soon)...
The "-O" option in struct doveadm_cmd_mcp_key_password is set to expect a STR parameter, but it should be BOOL. See line 1027 in plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
Currently: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_STR,0)
Should be: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_BOOL,0)
Workaround is to specify -O last on command line with a dummy argument, like this: doveadm mailbox cryptokey password -N -O ""
Also, a quick question and suggestion -- Why does the doveadm mailbox cryptokey password command not ask for a new password twice, with a check that both entries must match before the password is changed? The last thing we would want is to type something wrong accidentally, and change the new password to something unknown -- rendering encrypted email unrecoverable. I would like to suggest that the code in cmd_mcp_key_password_run be amended to include verifying password entry twice.
(I am writing a simple addition to postfixadmin that changes the user's mail-crypt password whenever they use postfixadmin to change their login password. It calls doveadm to change the keys. I came across this bug while working through this.)
Thanks for all your help! Eric
Thank you for reporting this, we'll take a look.
Aki
Yes, it's a bug. It's being tracked by us.
Aki
On 28/07/2021 07:56 ean365 ean365@verizon.net wrote:
Hi, Aki: Just resending below bug report. I notice that it has not been fixed, yet. Am I correct that this is a bug, albeit a small one? Best Regards, Eric
On 12/27/2020 11:02 AM, Aki Tuomi wrote:
On 26/12/2020 10:41 ean365 ean365@verizon.net wrote:
Aki:
I have identified a bug in the "-O" option of "doveadm mailbox cryptokey password" plugin command -- it is expecting an argument, but it is supposed to be a boolean option. I have also identified the (simple) fix to the source on github...
I am a dovecot community noob, so please forgive me if this has already been identified... (if so, I hope it gets fixed soon)...
The "-O" option in struct doveadm_cmd_mcp_key_password is set to expect a STR parameter, but it should be BOOL. See line 1027 in plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
Currently: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_STR,0)
Should be: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_BOOL,0)
Workaround is to specify -O last on command line with a dummy argument, like this: doveadm mailbox cryptokey password -N -O ""
Also, a quick question and suggestion -- Why does the doveadm mailbox cryptokey password command not ask for a new password twice, with a check that both entries must match before the password is changed? The last thing we would want is to type something wrong accidentally, and change the new password to something unknown -- rendering encrypted email unrecoverable. I would like to suggest that the code in cmd_mcp_key_password_run be amended to include verifying password entry twice.
(I am writing a simple addition to postfixadmin that changes the user's mail-crypt password whenever they use postfixadmin to change their login password. It calls doveadm to change the keys. I came across this bug while working through this.)
Thanks for all your help! Eric
Thank you for reporting this, we'll take a look.
Aki
And now it's fixed. See https://github.com/dovecot/core/commit/13830767a0e3bf29ad421ed656a89345346d6...
Aki
On 09/08/2021 07:53 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Yes, it's a bug. It's being tracked by us.
Aki
On 28/07/2021 07:56 ean365 ean365@verizon.net wrote:
Hi, Aki: Just resending below bug report. I notice that it has not been fixed, yet. Am I correct that this is a bug, albeit a small one? Best Regards, Eric
On 12/27/2020 11:02 AM, Aki Tuomi wrote:
On 26/12/2020 10:41 ean365 ean365@verizon.net wrote:
Aki:
I have identified a bug in the "-O" option of "doveadm mailbox cryptokey password" plugin command -- it is expecting an argument, but it is supposed to be a boolean option. I have also identified the (simple) fix to the source on github...
I am a dovecot community noob, so please forgive me if this has already been identified... (if so, I hope it gets fixed soon)...
The "-O" option in struct doveadm_cmd_mcp_key_password is set to expect a STR parameter, but it should be BOOL. See line 1027 in plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
Currently: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_STR,0)
Should be: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_BOOL,0)
Workaround is to specify -O last on command line with a dummy argument, like this: doveadm mailbox cryptokey password -N -O ""
Also, a quick question and suggestion -- Why does the doveadm mailbox cryptokey password command not ask for a new password twice, with a check that both entries must match before the password is changed? The last thing we would want is to type something wrong accidentally, and change the new password to something unknown -- rendering encrypted email unrecoverable. I would like to suggest that the code in cmd_mcp_key_password_run be amended to include verifying password entry twice.
(I am writing a simple addition to postfixadmin that changes the user's mail-crypt password whenever they use postfixadmin to change their login password. It calls doveadm to change the keys. I came across this bug while working through this.)
Thanks for all your help! Eric
Thank you for reporting this, we'll take a look.
Aki
Thanks for letting me know!
On 8/12/2021 5:29 AM, Aki Tuomi wrote:
And now it's fixed. See https://github.com/dovecot/core/commit/13830767a0e3bf29ad421ed656a89345346d6...
Aki
On 09/08/2021 07:53 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Yes, it's a bug. It's being tracked by us.
Aki
On 28/07/2021 07:56 ean365 ean365@verizon.net wrote:
Hi, Aki: Just resending below bug report. I notice that it has not been fixed, yet. Am I correct that this is a bug, albeit a small one? Best Regards, Eric
On 12/27/2020 11:02 AM, Aki Tuomi wrote:
On 26/12/2020 10:41 ean365 ean365@verizon.net wrote:
Aki:
I have identified a bug in the "-O" option of "doveadm mailbox cryptokey password" plugin command -- it is expecting an argument, but it is supposed to be a boolean option. I have also identified the (simple) fix to the source on github...
I am a dovecot community noob, so please forgive me if this has already been identified... (if so, I hope it gets fixed soon)...
The "-O" option in struct doveadm_cmd_mcp_key_password is set to expect a STR parameter, but it should be BOOL. See line 1027 in plugins/mail-crypt/doveadm-mail-crypt.c of master branch...
Currently: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_STR,0)
Should be: DOVEADM_CMD_PARAM('O',"ask-old-password", CMD_PARAM_BOOL,0)
Workaround is to specify -O last on command line with a dummy argument, like this: doveadm mailbox cryptokey password -N -O ""
Also, a quick question and suggestion -- Why does the doveadm mailbox cryptokey password command not ask for a new password twice, with a check that both entries must match before the password is changed? The last thing we would want is to type something wrong accidentally, and change the new password to something unknown -- rendering encrypted email unrecoverable. I would like to suggest that the code in cmd_mcp_key_password_run be amended to include verifying password entry twice.
(I am writing a simple addition to postfixadmin that changes the user's mail-crypt password whenever they use postfixadmin to change their login password. It calls doveadm to change the keys. I came across this bug while working through this.)
Thanks for all your help! Eric
Thank you for reporting this, we'll take a look.
Aki
participants (2)
-
Aki Tuomi
-
ean365