functions.inc.php:

- handle dovecot passwords without any tempfile (to prevent safe_mode issues)
  Changed based on a patch from Aleksandr @SF,
  https://sourceforge.net/tracker/?func=detail&atid=937966&aid=2890471&group_id=191583


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@752 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
Christian Boltz 15 years ago
parent 6220b6d85c
commit 188aa2bd5c

@ -1199,22 +1199,30 @@ function pacrypt ($pw, $pw_db="")
$dovecotpw = "dovecotpw";
if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
// prevent showing plain password in process table
$prefix = "postfixadmin-";
$tmpfile = tempnam('/tmp', $prefix);
$pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call
# Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
$spec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w") // stdout
);
$pipe = proc_open("$dovecotpw '-s' $method", $spec, $pipes);
if (!$pipe) {
unlink($tmpfile);
die("can't proc_open $dovecotpw");
} else {
// use dovecot's stdin, it uses getpass() twice
fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000);
fwrite($pipe, $pw . "\n", 1+strlen($pw));
pclose($pipe);
$password = file_get_contents($tmpfile);
// Write pass in pipe stdin
fwrite($pipes[0], $pw . "\n", 1+strlen($pw)); usleep(1000);
fwrite($pipes[0], $pw . "\n", 1+strlen($pw));
fclose($pipes[0]);
// Read hash from pipe stdout
$password = fread($pipes[1], "200");
fclose($pipes[1]);
proc_close($pipe);
if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); }
$password = trim(str_replace('{' . $method . '}', '', $password));
unlink($tmpfile);
}
}

Loading…
Cancel
Save