From bbec3e9f0e7eeb846410316170bae28236814aa4 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Thu, 20 Oct 2016 20:15:15 +0000
Subject: [PATCH] pacrypt(): allow switching between dovecot:* password schemes

Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.

This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.

Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
---
 CHANGELOG.TXT     | 7 +++++++
 functions.inc.php | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index 60df8eac..1c7820ab 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -9,6 +9,13 @@
 # Last update:
 # $Id$
 
+Changes since the 3.0.1 release
+-------------------------------------------------
+
+  - allow switching between dovecot:* password schemes while still accepting
+    passwords hashed using the previous dovecot:* scheme
+  - FetchmailHandler: use a valid date as default for 'date'
+
 Version 3.0.1 - 2016/09/19 - SVN r1870
 -------------------------------------------------
 
diff --git a/functions.inc.php b/functions.inc.php
index c06dba6c..5ff4ab32 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -933,7 +933,9 @@ function pacrypt ($pw, $pw_db="") {
     
     elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
         $split_method = preg_split ('/:/', $CONF['encrypt']);
-        $method       = strtoupper($split_method[1]); # TODO: if $pw_db starts with {method}, change $method accordingly
+        $method       = strtoupper($split_method[1]);
+        # If $pw_db starts with {method}, change $method accordingly
+        if (!empty($pw_db) && preg_match('/^\{([A-Z0-9.-]+)\}.+/', $pw_db, $method_matches)) { $method = $method_matches[1]; }
         if (! preg_match("/^[A-Z0-9.-]+$/", $method)) { die("invalid dovecot encryption method"); }  # TODO: check against a fixed list?
         # if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); 
         # $crypt_method = preg_match ("/.*-CRYPT$/", $method);