Skip to content

Instantly share code, notes, and snippets.

@wrossmann
Created November 28, 2013 00:47
Show Gist options
  • Save wrossmann/7685647 to your computer and use it in GitHub Desktop.
Save wrossmann/7685647 to your computer and use it in GitHub Desktop.
Quick, dirty, simple PHP to use `doveadm auth` to validate a user's plaintext password against the stored hash without exposing the password through shell commands. Note: This assumes that you already have dovecot's auth backend set up and working. Also, there does not appear to be a simple way to feed in a pre-computed hash, it will only use th…
<?php
class DoveadmAuth {
public static function auth($username, $password) {
$descriptors = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w'),
);
$cwd = sys_get_temp_dir();
$proc = proc_open(
'doveadm auth ' . escapeshellarg($username),
$descriptors, $pipes, $cwd
);
if( ! is_resource($proc) ) { throw new Exception('failed to create auth process'); }
fwrite($pipes[0], $password);
fclose($pipes[0]);
$stdout = stream_get_contents($pipes[1]);
$stderr = stream_get_contents($pipes[2]);
fclose($pipes[1]);
fclose($pipes[2]);
$rval = proc_close($proc);
return array($rval, $stdout, $stderr);
}
} // -- end class DoveadmAuth
/* Example Call
print_r(DoveadmAuth::auth('user@domain.com', 'P@ssw0rd'));
*/
/* Example output:
// Successful Auth
Array
(
[0] => 0
[1] => passdb: user@domain.com auth succeeded
extra fields:
user=user@domain.com
[2] =>
)
// Unsuccessful Auth due to bad password
Array
(
[0] => 1
[1] => passdb: user@domain.com auth failed
extra fields:
user=user@domain.com
[2] =>
)
// Unsuccessful Auth due to an error [spurios flag introduced]
Array
(
[0] => 1
[1] => doveadm auth [-a <auth socket path>] [-x <auth info>] <user> [<password>]
[2] => auth: invalid option -- 'u'
)
*/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment