pacrypt(): allow switching between dovecot:* password schemes

Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.

This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.

Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802

CHANGELOG.TXT

@@ -9,6 +9,13 @@
 # Last update:
 # $Id$
 
+Changes since the 3.0.1 release
+-------------------------------------------------
+
+  - allow switching between dovecot:* password schemes while still accepting
+    passwords hashed using the previous dovecot:* scheme
+  - FetchmailHandler: use a valid date as default for 'date'
+
 Version 3.0.1 - 2016/09/19 - SVN r1870
 -------------------------------------------------
 

functions.inc.php

@@ -933,7 +933,9 @@ function pacrypt ($pw, $pw_db="") {
     
     elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
         $split_method = preg_split ('/:/', $CONF['encrypt']);
-        $method       = strtoupper($split_method[1]); # TODO: if $pw_db starts with {method}, change $method accordingly
+        $method       = strtoupper($split_method[1]);
+        # If $pw_db starts with {method}, change $method accordingly
+        if (!empty($pw_db) && preg_match('/^\{([A-Z0-9.-]+)\}.+/', $pw_db, $method_matches)) { $method = $method_matches[1]; }
         if (! preg_match("/^[A-Z0-9.-]+$/", $method)) { die("invalid dovecot encryption method"); }  # TODO: check against a fixed list?
         # if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); 
         # $crypt_method = preg_match ("/.*-CRYPT$/", $method);