- Password: Support dovecotpw encryption

git-svn-id: https://svn.roundcube.net/trunk@3404 208e9e7b-5314-0410-a742-e7e81cd9613c

2 files changed, 34 insertions, 1 deletions

diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index b9e3b9102..304b8904a 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -13,7 +13,7 @@ $rcmail_config['password_confirm_current'] = true;
 // Require the new password to be a certain length.
 // set to blank to allow passwords of any length
 $rcmail_config['password_minimum_length'] = 0;
- 
+
 // Require the new password to contain a letter and punctuation character
 // Change to false to remove this check.
 $rcmail_config['password_require_nonalpha'] = false;
@@ -30,6 +30,7 @@ $rcmail_config['password_db_dsn'] = '';
 //      %p is replaced with the plaintext new password
 //      %c is replaced with the crypt version of the new password, MD5 if available
 //         otherwise DES.
+//      %D is replaced with dovecotpw crypt method
 //      %o is replaced with the password before the change
 //      %n is replaced with the hashed version of the new password
 //      %q is replaced with the hashed password before the change
@@ -43,6 +44,12 @@ $rcmail_config['password_db_dsn'] = '';
 // Default: "SELECT update_passwd(%c, %u)"
 $rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';
 
+// Path for dovecotpw (if not in $PATH)
+// $rcmail_config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw';
+
+// Dovecot method (dovecotpw -s 'method')
+$rcmail_config['password_dovecotpw_method'] = 'CRAM-MD5';
+
 // Using a password hash for %n and %q variables.
 // Determine which hashing algorithm should be used to generate
 // the hashed new and current password for using them within the
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index 1e737f233..9337a6754 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -49,6 +49,32 @@ function password_save($curpass, $passwd)
         }
         $sql = str_replace('%c',  $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
     }
+
+    // dovecotpw
+    if (strpos($sql, '%D') !== FALSE) {
+        if (!($dovecotpw = $rcmail->config->get('dovecotpw')))
+            $dovecotpw = 'dovecotpw';
+        if (!($method = $rcmail->config->get('dovecotmethod')))
+            $method = 'CRAM-MD5';
+        $tmpfile = tempnam('/tmp', 'rouncdube-');
+        $pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", "w");
+        if (!$pipe) {
+            unlink($tmpfile);
+            return PASSWORD_CRYPT_ERROR;
+        }
+        else {
+            fwrite($pipe, $passwd . "\n", 1+strlen($passwd)); usleep(1000);
+            fwrite($pipe, $passwd . "\n", 1+strlen($passwd));
+            pclose($pipe);
+            $newpass = file_get_contents($tmpfile);
+            if (!preg_match('/^\{' . $method . '\}/', $newpass)) {
+                return PASSWORD_CRYPT_ERROR;
+            }
+            $newpass = trim(str_replace('{' . $method . '}', '', $newpass));
+            unlink($tmpfile);
+        }
+        $sql = str_replace('%D', $db->quote($newpass), $sql);
+    }
     
     // hashed passwords
     if (preg_match('/%[n|q]/', $sql)) {