Hi,
It may be useful for testing purpose to know if a generated password
hash correspond to a given clear password. This can be useful to check
if a hash generated by another program can be verified by Dovecot
without any errors.
This patch adds the ability the verify a password hash using `doveadm
pw` via the `-V` option.
$ doveadm pw -s SSHA.hex
Enter new password:
Retype new password:
{SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c
$ doveadm pw -s SSHA.hex
-V{SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c
Enter new password:
Retype new password:
{SSHA.HEX}4fdf801f57870fb624bee60895c2308187837dfb3987ca06 (verified)
When the user specify a hash, it is checked in place of the usual
verification process. This works with all schemes. Just be sure to
escape special characters or use simple quotes.
$ doveadm pw -s MD5-CRYPT -V'{MD5-CRYPT}$1$R7thDyN.$E0G0czPE/h4S0Hn/b5oVW1'
Enter new password:
Retype new password:
{MD5-CRYPT}$1$rp8nVSqq$gDAPM5iqv1yhBoDZIWsQ4/ (verified)
Lets print a failed check:
doveadm pw -s CRYPT -V{CRYPT}/uuE/AAAAAAAA
Enter new password:
Retype new password:
reverse password verification check failed
FYI the word used for those test cases was "password".
Regards,
___
Jimmy Thrasibule <[email protected]>
# HG changeset patch
# Parent 60f3d0b8900d667a8f8c360d3f1e5e9b4eeeb07a
Allow user hash verification in doveadm-pw
diff -r 60f3d0b8900d -r 2a28902f1975 src/doveadm/doveadm-pw.c
--- a/src/doveadm/doveadm-pw.c Tue Aug 30 09:57:08 2011 +0300
+++ b/src/doveadm/doveadm-pw.c Wed Aug 31 23:36:33 2011 +0200
@@ -19,6 +19,7 @@
{
const char *hash = NULL;
const char *user = NULL;
+ const char *Vhash = NULL;
const char *scheme = NULL;
const char *plaintext = NULL;
int ch, lflag = 0, Vflag = 0;
@@ -27,7 +28,7 @@
random_init();
password_schemes_init();
- while ((ch = getopt(argc, argv, "lp:r:s:u:V")) != -1) {
+ while ((ch = getopt(argc, argv, "lp:r:s:u:V::")) != -1) {
switch (ch) {
case 'l':
lflag = 1;
@@ -47,6 +48,7 @@
break;
case 'V':
Vflag = 1;
+ Vhash = optarg;
break;
case '?':
default:
@@ -95,9 +97,20 @@
size_t size;
const char *error;
- if (password_decode(hash, scheme, &raw_password, &size) <= 0) {
- fprintf(stderr, "reverse decode check failed\n");
- exit(2);
+ if (Vhash != NULL) {
+ const char *Vscheme;
+
+ if (Vscheme = password_get_scheme(&Vhash)) {
+ if (password_decode(Vhash, Vscheme, &raw_password, &size) <= 0) {
+ fprintf(stderr, "reverse decode check failed\n");
+ exit(2);
+ }
+ }
+ } else {
+ if (password_decode(hash, scheme, &raw_password, &size) <= 0) {
+ fprintf(stderr, "reverse decode check failed\n");
+ exit(2);
+ }
}
if (password_verify(plaintext, user, scheme,
@@ -117,5 +130,5 @@
struct doveadm_cmd doveadm_cmd_pw = {
cmd_pw, "pw",
- "[-l] [-p plaintext] [-r rounds] [-s scheme] [-u user] [-V]"
+ "[-l] [-p plaintext] [-r rounds] [-s scheme] [-u user] [-V[hash]]"
};
