Hello qpsmtpd email list!
I made some very minor changes to the auth_vpopmail_sql auth plugin for
using vpopmail with encrypted passwords. I did not see a straightforward
approach to integrating these changes into auth_vpopmail_sql, as it is
supporting cram-md5 based as well as plain text auth right now/
So I'm inlining my diff to the cvs head auth_vpopmail_sql in this email.
Perhaps the current plugin should be split into three files under
auth/vpopmail/ for cram-md5, vpopmail plain, and vpopmail crypt? Just a
thought, it would get end users up and running quickly at the expense of
more files and code to manage, but some conditionals in the plugin could
be dropped.
Comments welcome. Thanks for this great software which keeps my inbox
spam free!
--- auth_vpopmail_sql 2004-12-07 21:17:42.565030608 -0800
+++ auth_vpopmail_sql_crypt 2004-12-07 21:38:02.352594712 -0800
@@ -82,19 +82,19 @@
"Authentication to vpopmail via mysql: [EMAIL PROTECTED]");
my $sth = $dbh->prepare(<<SQL);
-select pw_clear_passwd
+select pw_passwd
from vpopmail
where pw_name = ? and pw_domain = ?
SQL
$sth->execute( $pw_name, $pw_domain );
- my ($pw_clear_passwd) = $sth->fetchrow_array;
+ my ($pw_passwd) = $sth->fetchrow_array;
$sth->finish;
$dbh->disconnect;
- unless ( defined $pw_clear_passwd ) {
+ unless ( defined $pw_passwd ) {
# if this isn't defined then the user doesn't exist here
# or the administrator forgot to build with --enable-clear-passwd=y
@@ -104,9 +104,9 @@
# at this point we can assume the user name matched
if (
( defined $passClear
- and $pw_clear_passwd eq $passClear ) or
+ and $pw_passwd eq crypt($passClear, $pw_passwd) ) or
( defined $passHash
- and $passHash eq hmac_md5_hex( $ticket, $pw_clear_passwd ) )
+ and $passHash eq hmac_md5_hex( $ticket, $pw_passwd ) )
)
{
