functions.inc.php - pacrypt():

- if dovecotpw does not give the expected output, read stderr and write it to error_log() - backported from SVN trunk r1071 git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1159 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago · ac3eadc17c
parent 3be1184a9b
commit ac3eadc17c
2 changed files with 13 additions and 3 deletions
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@ -19,6 +19,7 @@ Changes after 2.3.3 release (postfixadmin-2.3 branch)
  - create-domain: force domain name to lowercase to avoid problems with PgSQL
    foreign keys
  - fix vacation.pl to log to "mail" syslog facility
+  - error_log() dovecotpw error messages

 Version 2.3.3 - 2011/03/14 - SVN r1010 (postfixadmin-2.3 branch)
 ---------------------------------------------------------------
--- a/functions.inc.php
+++ b/functions.inc.php
@ -1234,7 +1234,8 @@ function pacrypt ($pw, $pw_db="")
        # Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
        $spec = array(
            0 => array("pipe", "r"), // stdin
-            1 => array("pipe", "w") // stdout
+            1 => array("pipe", "w"), // stdout
+            2 => array("pipe", "w"), // stderr
        );

        $pipe = proc_open("$dovecotpw '-s' $method", $spec, $pipes);
@ -1250,10 +1251,18 @@ function pacrypt ($pw, $pw_db="")

            // Read hash from pipe stdout
            $password = fread($pipes[1], "200");
-    		fclose($pipes[1]);
+
+            if ( !preg_match('/^\{' . $method . '\}/', $password)) {
+                $stderr_output = stream_get_contents($pipes[2]);
+                error_log('dovecotpw password encryption failed.');
+                error_log('STDERR output: ' . $stderr_output);
+                die("can't encrypt password with dovecotpw, see error log for details"); 
+            }
+
+            fclose($pipes[1]);
+            fclose($pipes[2]);
            proc_close($pipe);

-            if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); }
            $password = trim(str_replace('{' . $method . '}', '', $password));
        }
    }