On Sun, 2007-05-13 at 00:34 +0800, imacat wrote: > Hi. Here is a simple patch that adds the BASE64-PLAIN password > scheme. It may not be very clean. > > 1. I do not know if adding base64_decode() in > passwd_file_save_results() in src/auth/passdb-passwd-file.c is > appropriate.
This isn't needed. The generic scheme handling code should have made it
work everywhere.
> @@ -98,7 +100,8 @@
> scheme);
> if (strcasecmp(scheme, wanted_scheme) != 0) {
> if (strcasecmp(scheme, "PLAIN") != 0 &&
> - - strcasecmp(scheme, "CLEARTEXT") != 0) {
> + strcasecmp(scheme, "CLEARTEXT") != 0 &&
> + strcasecmp(scheme, "BASE64-PLAIN") != 0) {
This is ok, although it makes me think if there should be some kind of a
password_scheme_is_plaintext() function.
> +static bool base64_plain_verify(const char *plaintext, const char *password,
> + const char *user __attr_unused__)
> +{
> + string_t *str;
> +
> + str = t_str_new(MAX_BASE64_ENCODED_SIZE(strlen(password)+1));
> + base64_encode(password, strlen(password), str);
> + return strcmp(plaintext, str_c(str)) == 0;
> +}
This is a bit wrong. plaintext is in the user-given password in
plaintext, and password is the base64 encoded password. Here you're
base64ing a password that's already base64d. That's probably why you
added the code to passdb-passwd-file.c, the code in there is working
right.
> + { "BASE64-PLAIN", base64_plain_verify, base64_plain_generate },
I'm going to use PLAIN.B64 and PLAIN.BASE64 in Dovecot v1.1, so if you
might want to use that name already for your passwords so one day you
don't have to patch Dovecot anymore. :)
signature.asc
Description: This is a digitally signed message part
