mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 11:12:15 +02:00
rename sql fields to just have mailbox.password_expiry and domain.password_expiry
This commit is contained in:
parent
27c2842cd2
commit
77d1b6c2e7
@ -1,4 +1,5 @@
|
|||||||
*Description
|
*Description
|
||||||
|
|
||||||
This extension adds support for password expiration.
|
This extension adds support for password expiration.
|
||||||
It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
|
It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
|
||||||
It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
|
It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
|
||||||
@ -6,33 +7,42 @@ Expiration unit is day
|
|||||||
Expiration value for domain is set through Postfix Admin GUI
|
Expiration value for domain is set through Postfix Admin GUI
|
||||||
|
|
||||||
*Installation
|
*Installation
|
||||||
|
|
||||||
Perform the following changes:
|
Perform the following changes:
|
||||||
|
|
||||||
**Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php):
|
**Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php):
|
||||||
|
|
||||||
You are invited to backup your DB first, and ensure the table name is correct.
|
You are invited to backup your DB first, and ensure the table name is correct.
|
||||||
|
|
||||||
Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit line 2 in the script and replace 90 by the required value.
|
Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit line 2 in the script and replace 90 by the required value.
|
||||||
|
|
||||||
**Changes in Postfix Admin :
|
**Changes in Postfix Admin :
|
||||||
|
|
||||||
To enable password expiration, add the following to your config.inc.php file:
|
To enable password expiration, add the following to your config.inc.php file:
|
||||||
$CONF['password_expiration_enabled'] = 'YES';
|
$CONF['password_expiration_enabled'] = 'YES';
|
||||||
|
|
||||||
All my tests are performed using $CONF['encrypt'] = 'md5crypt';
|
All my tests are performed using $CONF['encrypt'] = 'md5crypt';
|
||||||
|
|
||||||
**If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value.
|
**If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value.
|
||||||
|
|
||||||
I recommend to use:
|
I recommend to use:
|
||||||
$config['password_query'] = 'UPDATE mailbox SET password=%c, modified=now(),pw_expires_on=now() + interval 90 day';
|
|
||||||
|
$config['password_query'] = 'UPDATE mailbox SET password=%c, modified = now(), password_expiry = now() + interval 90 day';
|
||||||
|
|
||||||
of cource you may adapt to the expected expiration value
|
of cource you may adapt to the expected expiration value
|
||||||
|
|
||||||
All my tests are performed using $config['password_algorithm'] = 'md5-crypt';
|
All my tests are performed using $config['password_algorithm'] = 'md5-crypt';
|
||||||
|
|
||||||
**Changes in Dovecot (adapt if you use another LDA)
|
**Changes in Dovecot (adapt if you use another LDA)
|
||||||
|
|
||||||
Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query:
|
Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query:
|
||||||
user_query = SELECT concat('/var/vmail/', m.maildir) as home, concat('maildir:/var/vmail/', m.maildir) as mail, 20001 AS uid, 20001 AS gid, concat('dirsize:storage=', m.quota) AS quota, m.domain FROM mailbox m ,domain d WHERE d.domain = m.domain and m.username = 'tutu@eyetech-software.com' AND m.active = '1' and (m.pw_expires_on > now() or d.password_expiration_value = 0)
|
|
||||||
|
user_query = SELECT concat('/var/vmail/', m.maildir) as home, concat('maildir:/var/vmail/', m.maildir) as mail, 20001 AS uid, 20001 AS gid, concat('dirsize:storage=', m.quota) AS quota, m.domain FROM mailbox m ,domain d WHERE d.domain = m.domain and m.username = 'tutu@eyetech-software.com' AND m.active = '1' and (m.password_expiry > now() or d.password_expiry = 0)
|
||||||
|
|
||||||
Of course you may require to adapt the uid, gid, maildir and table to your setup
|
Of course you may require to adapt the uid, gid, maildir and table to your setup
|
||||||
|
|
||||||
**Changes in system
|
**Changes in system
|
||||||
|
|
||||||
You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh).
|
You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh).
|
||||||
Edit the script to adapt the variables to your setup.
|
Edit the script to adapt the variables to your setup.
|
||||||
This script is using postfixadmin.my.cnf to read credentials. Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
|
This script is using postfixadmin.my.cnf to read credentials. Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
|
||||||
|
@ -261,15 +261,13 @@ function check_domain($domain) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* get_password_expiration_value
|
|
||||||
* Get password expiration value for a domain
|
* Get password expiration value for a domain
|
||||||
* @param String $domain - a string that may be a domain
|
* @param string $domain - a string that may be a domain
|
||||||
* @return password expiration value for this domain
|
* @return int password expiration value for this domain (DAYS, or zero if not enabled)
|
||||||
* TODO: return specific value for invalid (not existing) domain
|
|
||||||
*/
|
*/
|
||||||
function get_password_expiration_value ($domain) {
|
function get_password_expiration_value ($domain) {
|
||||||
$table_domain = table_by_key('domain');
|
$table_domain = table_by_key('domain');
|
||||||
$query = "SELECT password_expiration_value FROM $table_domain WHERE domain='$domain'";
|
$query = "SELECT password_expiry FROM $table_domain WHERE domain='$domain'";
|
||||||
$result = db_query ($query);
|
$result = db_query ($query);
|
||||||
$password_expiration_value = db_array ($result['result']);
|
$password_expiration_value = db_array ($result['result']);
|
||||||
return $password_expiration_value[0];
|
return $password_expiration_value[0];
|
||||||
@ -1879,7 +1877,7 @@ function db_delete($table, $where, $delete, $additionalwhere='') {
|
|||||||
* @param array (optional) - array of fields to set to now() - default: array('created', 'modified')
|
* @param array (optional) - array of fields to set to now() - default: array('created', 'modified')
|
||||||
* @return int - number of inserted rows
|
* @return int - number of inserted rows
|
||||||
*/
|
*/
|
||||||
function db_insert ($table, $values, $timestamp = array('created', 'modified'), $timestamp_expiration = array('pw_expires_on') ) {
|
function db_insert ($table, $values, $timestamp = array('created', 'modified'), $timestamp_expiration = array('password_expiry') ) {
|
||||||
$table = table_by_key($table);
|
$table = table_by_key($table);
|
||||||
|
|
||||||
foreach (array_keys($values) as $key) {
|
foreach (array_keys($values) as $key) {
|
||||||
@ -1898,7 +1896,8 @@ function db_insert ($table, $values, $timestamp = array('created', 'modified'),
|
|||||||
if ($CONF['password_expiration_enabled'] == 'YES') {
|
if ($CONF['password_expiration_enabled'] == 'YES') {
|
||||||
if ($table == 'mailbox') {
|
if ($table == 'mailbox') {
|
||||||
$domain_dirty = $values['domain'];
|
$domain_dirty = $values['domain'];
|
||||||
$domain = substr($domain_dirty, 1, -1);
|
$domain = substr($domain_dirty, 1, -1); // really the update to the mailbox password_expiry should be based on a trigger, or a query like :
|
||||||
|
// .... NOW() + INTERVAL domain.password_expiry DAY
|
||||||
$password_expiration_value = get_password_expiration_value($domain);
|
$password_expiration_value = get_password_expiration_value($domain);
|
||||||
foreach($timestamp_expiration as $key) {
|
foreach($timestamp_expiration as $key) {
|
||||||
$values[$key] = "now() + interval " . $password_expiration_value . " day";
|
$values[$key] = "now() + interval " . $password_expiration_value . " day";
|
||||||
@ -1962,8 +1961,8 @@ function db_update_q($table, $where, $values, $timestamp = array('modified')) {
|
|||||||
$domain = substr($domain_dirty, 0, -1);
|
$domain = substr($domain_dirty, 0, -1);
|
||||||
if ($table == 'mailbox') {
|
if ($table == 'mailbox') {
|
||||||
$password_expiration_value = get_password_expiration_value($domain);
|
$password_expiration_value = get_password_expiration_value($domain);
|
||||||
$key = 'pw_expires_on';
|
$key = 'password_expiry';
|
||||||
$sql_values[$key] = escape_string($key) . "=now() + interval " . $password_expiration_value . " day";
|
$sql_values[$key] = $key . " = now() + interval " . $password_expiration_value . " day";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2219,10 +2218,9 @@ function gen_show_status($show_alias) {
|
|||||||
|
|
||||||
// Vacation CHECK
|
// Vacation CHECK
|
||||||
if ( $CONF['show_vacation'] == 'YES' ) {
|
if ( $CONF['show_vacation'] == 'YES' ) {
|
||||||
$stat_result = db_query ("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = '" . $show_alias . "' AND active = 1");
|
$stat_result = db_query ("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = '" . $show_alias . "' AND active = 1");
|
||||||
if ($stat_result['rows'] == 1) {
|
if ($stat_result['rows'] == 1) {
|
||||||
$stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] .
|
$stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] . "'>" . $CONF['show_status_text'] . "</span> ";
|
||||||
"'>" . $CONF['show_status_text'] . "</span> ";
|
|
||||||
} else {
|
} else {
|
||||||
$stat_string .= $CONF['show_status_text'] . " ";
|
$stat_string .= $CONF['show_status_text'] . " ";
|
||||||
}
|
}
|
||||||
@ -2230,10 +2228,9 @@ function gen_show_status($show_alias) {
|
|||||||
|
|
||||||
// Disabled CHECK
|
// Disabled CHECK
|
||||||
if ( $CONF['show_disabled'] == 'YES' ) {
|
if ( $CONF['show_disabled'] == 'YES' ) {
|
||||||
$stat_result = db_query ("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = '" . $show_alias . "' AND active = 0");
|
$stat_result = db_query ("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = '" . $show_alias . "' AND active = 0");
|
||||||
if ($stat_result['rows'] == 1) {
|
if ($stat_result['rows'] == 1) {
|
||||||
$stat_string .= "<span style='background-color:" . $CONF['show_disabled_color'] .
|
$stat_string .= "<span style='background-color:" . $CONF['show_disabled_color'] . "'>" . $CONF['show_status_text'] . "</span> ";
|
||||||
"'>" . $CONF['show_status_text'] . "</span> ";
|
|
||||||
} else {
|
} else {
|
||||||
$stat_string .= $CONF['show_status_text'] . " ";
|
$stat_string .= $CONF['show_status_text'] . " ";
|
||||||
}
|
}
|
||||||
@ -2241,10 +2238,9 @@ function gen_show_status($show_alias) {
|
|||||||
|
|
||||||
// Expired CHECK
|
// Expired CHECK
|
||||||
if ( $CONF['show_expired'] == 'YES' ) {
|
if ( $CONF['show_expired'] == 'YES' ) {
|
||||||
$stat_result = db_query ("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = '" . $show_alias . "' AND pw_expires_on <= now()");
|
$stat_result = db_query ("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = '" . $show_alias . "' AND password_expiry <= now()");
|
||||||
if ($stat_result['rows'] == 1) {
|
if ($stat_result['rows'] == 1) {
|
||||||
$stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] .
|
$stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] . "'>" . $CONF['show_status_text'] . "</span> ";
|
||||||
"'>" . $CONF['show_status_text'] . "</span> ";
|
|
||||||
} else {
|
} else {
|
||||||
$stat_string .= $CONF['show_status_text'] . " ";
|
$stat_string .= $CONF['show_status_text'] . " ";
|
||||||
}
|
}
|
||||||
|
@ -94,7 +94,7 @@ class DomainHandler extends PFAHandler {
|
|||||||
'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,'', /*not in db*/ 1 ),
|
'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,'', /*not in db*/ 1 ),
|
||||||
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
|
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
|
||||||
'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ),
|
'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ),
|
||||||
'password_expiration_value' => pacol($super,$super,$super,'num','password_expiration', 'password_expiration_desc', ''),
|
'password_expiry' => pacol($super, $super, $super, 'num', 'password_expiration' , 'password_expiration_desc', ''),
|
||||||
'_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
|
'_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
|
||||||
/*options*/ '',
|
/*options*/ '',
|
||||||
/*not_in_db*/ 0,
|
/*not_in_db*/ 0,
|
||||||
|
@ -49,7 +49,7 @@ class MailboxHandler extends PFAHandler {
|
|||||||
'token_validity' => pacol(1, 0, 0, 'ts', '' , '', date("Y-m-d H:i:s",time())),
|
'token_validity' => pacol(1, 0, 0, 'ts', '' , '', date("Y-m-d H:i:s",time())),
|
||||||
'created' => pacol(0, 0, 1, 'ts', 'created' , '' ),
|
'created' => pacol(0, 0, 1, 'ts', 'created' , '' ),
|
||||||
'modified' => pacol(0, 0, 1, 'ts', 'last_modified' , '' ),
|
'modified' => pacol(0, 0, 1, 'ts', 'last_modified' , '' ),
|
||||||
'pw_expires_on' => pacol( 0, 0, 1, 'ts', 'password_expiration' , '' ),
|
'password_expiry' => pacol(0, 0, 1, 'ts', 'password_expiration' , '' ),
|
||||||
# TODO: add virtual 'notified' column and allow to display who received a vacation response?
|
# TODO: add virtual 'notified' column and allow to display who received a vacation response?
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
ALTER TABLE mailbox ADD COLUMN pw_expires_on TIMESTAMP DEFAULT now() not null;
|
ALTER TABLE mailbox ADD COLUMN password_expiry TIMESTAMP DEFAULT now() not null;
|
||||||
UPDATE mailbox set pw_expires_on = now() + interval 90 day;
|
UPDATE mailbox set password_expiry = now() + interval 90 day;
|
||||||
ALTER TABLE domain ADD COLUMN password_expiration_value int DEFAULT 0;
|
ALTER TABLE domain ADD COLUMN password_expiry int DEFAULT 0;
|
||||||
|
@ -192,7 +192,7 @@ if ($display_mailbox_aliases) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($password_expiration) {
|
if ($password_expiration) {
|
||||||
$sql_select .= ", $table_mailbox.pw_expires_on as password_expiration ";
|
$sql_select .= ", $table_mailbox.password_expiry as password_expiration ";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Config::bool('vacation_control_admin')) {
|
if (Config::bool('vacation_control_admin')) {
|
||||||
|
Loading…
Reference in New Issue
Block a user