mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
functions.inc.php, function pacrypt:
- added dovecotpw encryption support (patch from cmuelle8 (trendypack) + some fixes from me, see tracker for details) https://sourceforge.net/tracker2/?func=detail&aid=2607332&group_id=191583&atid=937966 - replaced most "if" with "elseif" to be able to check for invalid $CONF[encrypt] settings - added error check/message for invalid $CONF[encrypt] settings config.inc.php: - $CONF[encrypt]: added description for dovecot:xy - added new $CONF['dovecotpw'] setting (path to dovecotpw binary) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@580 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
87461233d9
commit
af702c05e1
@ -90,6 +90,7 @@ $CONF['smtp_port'] = '25';
|
|||||||
// cleartext = clear text passwords (ouch!)
|
// cleartext = clear text passwords (ouch!)
|
||||||
// mysql_encrypt = useful for PAM integration
|
// mysql_encrypt = useful for PAM integration
|
||||||
// authlib = support for courier-authlib style passwords
|
// authlib = support for courier-authlib style passwords
|
||||||
|
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
|
||||||
$CONF['encrypt'] = 'md5crypt';
|
$CONF['encrypt'] = 'md5crypt';
|
||||||
|
|
||||||
// In what flavor should courier-authlib style passwords be enrypted?
|
// In what flavor should courier-authlib style passwords be enrypted?
|
||||||
@ -98,6 +99,9 @@ $CONF['encrypt'] = 'md5crypt';
|
|||||||
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
|
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
|
||||||
$CONF['authlib_default_flavor'] = 'md5raw';
|
$CONF['authlib_default_flavor'] = 'md5raw';
|
||||||
|
|
||||||
|
// If you use the dovecot encryption method: where is the dovecotpw binary located?
|
||||||
|
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
|
||||||
|
|
||||||
// Minimum length required for passwords. Postfixadmin will not
|
// Minimum length required for passwords. Postfixadmin will not
|
||||||
// allow users to set passwords which are shorter than this value.
|
// allow users to set passwords which are shorter than this value.
|
||||||
$CONF['min_password_length'] = 5;
|
$CONF['min_password_length'] = 5;
|
||||||
|
@ -1151,11 +1151,11 @@ function pacrypt ($pw, $pw_db="")
|
|||||||
$password = md5crypt ($pw, $salt);
|
$password = md5crypt ($pw, $salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($CONF['encrypt'] == 'md5') {
|
elseif ($CONF['encrypt'] == 'md5') {
|
||||||
$password = md5($pw);
|
$password = md5($pw);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($CONF['encrypt'] == 'system') {
|
elseif ($CONF['encrypt'] == 'system') {
|
||||||
if (ereg ("\$1\$", $pw_db)) {
|
if (ereg ("\$1\$", $pw_db)) {
|
||||||
$split_salt = preg_split ('/\$/', $pw_db);
|
$split_salt = preg_split ('/\$/', $pw_db);
|
||||||
$salt = $split_salt[2];
|
$salt = $split_salt[2];
|
||||||
@ -1171,13 +1171,13 @@ function pacrypt ($pw, $pw_db="")
|
|||||||
$password = crypt ($pw, $salt);
|
$password = crypt ($pw, $salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($CONF['encrypt'] == 'cleartext') {
|
elseif ($CONF['encrypt'] == 'cleartext') {
|
||||||
$password = $pw;
|
$password = $pw;
|
||||||
}
|
}
|
||||||
|
|
||||||
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
|
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
|
||||||
// this is apparently useful for pam_mysql etc.
|
// this is apparently useful for pam_mysql etc.
|
||||||
if ($CONF['encrypt'] == 'mysql_encrypt')
|
elseif ($CONF['encrypt'] == 'mysql_encrypt')
|
||||||
{
|
{
|
||||||
if ($pw_db!="") {
|
if ($pw_db!="") {
|
||||||
$salt=substr($pw_db,0,2);
|
$salt=substr($pw_db,0,2);
|
||||||
@ -1189,7 +1189,7 @@ function pacrypt ($pw, $pw_db="")
|
|||||||
$password = $l[0];
|
$password = $l[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($CONF['encrypt'] == 'authlib') {
|
elseif ($CONF['encrypt'] == 'authlib') {
|
||||||
$flavor = $CONF['authlib_default_flavor'];
|
$flavor = $CONF['authlib_default_flavor'];
|
||||||
$salt = substr(create_salt(), 0, 2); # courier-authlib supports only two-character salts
|
$salt = substr(create_salt(), 0, 2); # courier-authlib supports only two-character salts
|
||||||
if(ereg('^{.*}', $pw_db)) {
|
if(ereg('^{.*}', $pw_db)) {
|
||||||
@ -1210,6 +1210,36 @@ function pacrypt ($pw, $pw_db="")
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
|
||||||
|
$split_method = preg_split ('/:/', $CONF['encrypt']);
|
||||||
|
$method = strtoupper($split_method[1]);
|
||||||
|
if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
|
||||||
|
|
||||||
|
$dovecotpw = "dovecotpw";
|
||||||
|
if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
|
||||||
|
|
||||||
|
// prevent showing plain password in process table
|
||||||
|
$prefix = "postfixadmin-";
|
||||||
|
$tmpfile = tempnam('/tmp', $prefix);
|
||||||
|
$pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call
|
||||||
|
|
||||||
|
if (!$pipe) {
|
||||||
|
unlink($tmpfile);
|
||||||
|
} else {
|
||||||
|
// use dovecot's stdin, it uses getpass() twice
|
||||||
|
fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000);
|
||||||
|
fwrite($pipe, $pw . "\n", 1+strlen($pw));
|
||||||
|
pclose($pipe);
|
||||||
|
$password = file_get_contents($tmpfile);
|
||||||
|
if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); }
|
||||||
|
$password = trim(str_replace('{' . $method . '}', '', $password));
|
||||||
|
unlink($tmpfile);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
else {
|
||||||
|
die ('unknown/invalid $CONF["encrypt"] setting: ' . $CONF['encrypt']);
|
||||||
|
}
|
||||||
|
|
||||||
$password = escape_string ($password);
|
$password = escape_string ($password);
|
||||||
return $password;
|
return $password;
|
||||||
|
Loading…
Reference in New Issue
Block a user