From f1f2fd9e9a489c5edcc5da8d4295428afae72c90 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
Date: Mon, 12 Sep 2022 16:27:21 -0700
Subject: [PATCH] change password encryption from doveadm to openssl, avoids
 potential permissions issues with doveadm

---
 bin/vmail-mboxes-add.sh | 3 ++-
 bin/vmail-mboxes-mod.sh | 3 ++-
 install.sh              | 1 -
 update.sh               | 2 --
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/bin/vmail-mboxes-add.sh b/bin/vmail-mboxes-add.sh
index 4891674..de82db5 100755
--- a/bin/vmail-mboxes-add.sh
+++ b/bin/vmail-mboxes-add.sh
@@ -51,7 +51,8 @@ rowcount=`mysql --defaults-extra-file=$MYSQL_CONNECTION_INFO_FILE -s -r -N -e "S
 if [ "$rowcount" -eq '0' ] ; then
   # mbox does not exist, build SQL
   # first encrypt password
-  passwd=`doveadm -o stats_writer_socket_path= pw -s sha512-crypt -p "$password"`
+  passwd=`/usr/bin/openssl passwd -6 "$password"`
+  passwd="{SHA512-CRYPT}$passwd"
   dbcmd="mysql --defaults-extra-file=$MYSQL_CONNECTION_INFO_FILE -e 'INSERT INTO vm_mboxes SET domain_id=\"$domain_id\", mbox=\"$mbox\", passwd=\"$passwd\""
   if [[ -n $status ]] ; then
     dbcmd="$dbcmd, status=\"$status\""
diff --git a/bin/vmail-mboxes-mod.sh b/bin/vmail-mboxes-mod.sh
index 3313a01..28383df 100755
--- a/bin/vmail-mboxes-mod.sh
+++ b/bin/vmail-mboxes-mod.sh
@@ -71,7 +71,8 @@ fi
 
 # check for password update
 if [ ! -z "$password" ]; then
-  passwd=`doveadm -o stats_writer_socket_path= pw -s sha512-crypt -p "$password"`
+  passwd=`/usr/bin/openssl passwd -6 "$password"`
+  passwd="{SHA512-CRYPT}$passwd"
   if [ ! -z "$dbset" ]; then
     dbset="$dbset,"
   fi
diff --git a/install.sh b/install.sh
index 31485d2..3a5d45f 100755
--- a/install.sh
+++ b/install.sh
@@ -131,7 +131,6 @@ cp -a etc/dovecot/* /etc/dovecot/
 chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext
 chmod 640 /etc/dovecot/dovecot-sql.conf.ext
 sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext
-chown -R vmail /etc/dovecot/conf.d/
 if ! [ -d "/usr/local/libexec" ]; then
   mkdir /usr/local/libexec
 fi
diff --git a/update.sh b/update.sh
index 025638f..42a1abb 100755
--- a/update.sh
+++ b/update.sh
@@ -58,8 +58,6 @@ for etc_config in "${etc_configs_array[@]}"; do
     echo
   fi
 done
-# make sure /etc/dovecot/conf.d/ is readable by vmail (needed for encrypting passwords with 'doveadm pw')
-chown -R vmail /etc/dovecot/conf.d/
 
 # update libexec script
 if ! diff -q libexec/vmail-quota-warning.sh /usr/local/libexec/vmail-quota-warning.sh ; then