diff options
| -rwxr-xr-x | private/dovecot/hash-passdb.py | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/private/dovecot/hash-passdb.py b/private/dovecot/hash-passdb.py deleted file mode 100755 index abb05a9..0000000 --- a/private/dovecot/hash-passdb.py +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (c) 2018 Aaron LI -# MIT License -# - -""" -Find and hash the plain passwords in "passdb.yml" used to generate -the "passwd" auth database for Dovecot. - -The given infile will be updated in place, and the already hashed -passwords are also kept. - -NOTE: The "SHA512-CRYPT" scheme is used. -""" - -import argparse -import crypt - -from ruamel.yaml import YAML - -SCHEME = "SHA512-CRYPT" -METHOD = crypt.METHOD_SHA512 -yaml = YAML() - - -def hashpass(word): - """ - Check the given word, and hash it if it's not hashed. - """ - if word.startswith("{%s}" % SCHEME): - # Already hashed - return word - - salt = crypt.mksalt(METHOD) - return "{%s}%s" % (SCHEME, crypt.crypt(word, salt)) - - -def main(): - parser = argparse.ArgumentParser( - description="Find and hash the plain passwords in a YAML file" - ) - parser.add_argument("infile", help="input passdb.yml") - args = parser.parse_args() - - data = yaml.load(open(args.infile)) - print("Loaded passdb from file: %s" % args.infile) - - for name, user in data["passdb"].items(): - if "pass" in user: - oldword = user["pass"] - user["pass"] = hashpass(oldword) - if user["pass"] == oldword: - status = "ok" - else: - status = "hashed" - print("* %s ... [%s]" % (name, status)) - if "devices" in user: - devices = user["devices"] - for dev, oldword in devices.items(): - devices[dev] = hashpass(oldword) - if devices[dev] == oldword: - status = "ok" - else: - status = "hashed" - print("* %s @ %s ... [%s]" % (name, dev, status)) - - yaml.dump(data, open(args.infile, "w")) - print("Dumped hashed passdb to file: %s" % args.infile) - - -if __name__ == "__main__": - main() |