banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

functions.inc.php, function pacrypt:

Browse Source 
- added dovecotpw encryption support (patch from cmuelle8 (trendypack) + some fixes 
  from me, see tracker for details)
  https://sourceforge.net/tracker2/?func=detail&aid=2607332&group_id=191583&atid=937966
- replaced most "if" with "elseif" to be able to check for invalid $CONF[encrypt] settings
- added error check/message for invalid $CONF[encrypt] settings

config.inc.php:
- $CONF[encrypt]: added description for dovecot:xy
- added new $CONF['dovecotpw'] setting (path to dovecotpw binary)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@580 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
Christian Boltz 16 years ago
parent 87461233d9
commit af702c05e1
2 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File

4
config.inc.php
Unescape Escape View File

@ -90,6 +90,7 @@ $CONF['smtp_port'] = '25';
// cleartext = clear text passwords (ouch!) // cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration // mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords // authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
$CONF['encrypt'] = 'md5crypt'; $CONF['encrypt'] = 'md5crypt';
// In what flavor should courier-authlib style passwords be enrypted? // In what flavor should courier-authlib style passwords be enrypted?
@ -98,6 +99,9 @@ $CONF['encrypt'] = 'md5crypt';
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt // crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
$CONF['authlib_default_flavor'] = 'md5raw'; $CONF['authlib_default_flavor'] = 'md5raw';
// If you use the dovecot encryption method: where is the dovecotpw binary located?
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
// Minimum length required for passwords. Postfixadmin will not // Minimum length required for passwords. Postfixadmin will not
// allow users to set passwords which are shorter than this value. // allow users to set passwords which are shorter than this value.
$CONF['min_password_length'] = 5; $CONF['min_password_length'] = 5;

40
functions.inc.php
Unescape Escape View File

@ -1151,11 +1151,11 @@ function pacrypt ($pw, $pw_db="")
$password = md5crypt ($pw, $salt); $password = md5crypt ($pw, $salt);
} }
if ($CONF['encrypt'] == 'md5') { elseif ($CONF['encrypt'] == 'md5') {
$password = md5($pw); $password = md5($pw);
} }
if ($CONF['encrypt'] == 'system') { elseif ($CONF['encrypt'] == 'system') {
if (ereg ("\$1\$", $pw_db)) { if (ereg ("\$1\$", $pw_db)) {
$split_salt = preg_split ('/\$/', $pw_db); $split_salt = preg_split ('/\$/', $pw_db);
$salt = $split_salt[2]; $salt = $split_salt[2];
@ -1171,13 +1171,13 @@ function pacrypt ($pw, $pw_db="")
$password = crypt ($pw, $salt); $password = crypt ($pw, $salt);
} }
if ($CONF['encrypt'] == 'cleartext') { elseif ($CONF['encrypt'] == 'cleartext') {
$password = $pw; $password = $pw;
} }
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583 // See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
// this is apparently useful for pam_mysql etc. // this is apparently useful for pam_mysql etc.
if ($CONF['encrypt'] == 'mysql_encrypt') elseif ($CONF['encrypt'] == 'mysql_encrypt')
{ {
if ($pw_db!="") { if ($pw_db!="") {
$salt=substr($pw_db,0,2); $salt=substr($pw_db,0,2);
@ -1189,7 +1189,7 @@ function pacrypt ($pw, $pw_db="")
$password = $l[0]; $password = $l[0];
} }
if ($CONF['encrypt'] == 'authlib') { elseif ($CONF['encrypt'] == 'authlib') {
$flavor = $CONF['authlib_default_flavor']; $flavor = $CONF['authlib_default_flavor'];
$salt = substr(create_salt(), 0, 2); # courier-authlib supports only two-character salts $salt = substr(create_salt(), 0, 2); # courier-authlib supports only two-character salts
if(ereg('^{.*}', $pw_db)) { if(ereg('^{.*}', $pw_db)) {
@ -1210,6 +1210,36 @@ function pacrypt ($pw, $pw_db="")
} }
} }
elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
$split_method = preg_split ('/:/', $CONF['encrypt']);
$method = strtoupper($split_method[1]);
if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
$dovecotpw = "dovecotpw";
if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
// prevent showing plain password in process table
$prefix = "postfixadmin-";
$tmpfile = tempnam('/tmp', $prefix);
$pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call
if (!$pipe) {
unlink($tmpfile);
} else {
// use dovecot's stdin, it uses getpass() twice
fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000);
fwrite($pipe, $pw . "\n", 1+strlen($pw));
pclose($pipe);
$password = file_get_contents($tmpfile);
if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); }
$password = trim(str_replace('{' . $method . '}', '', $password));
unlink($tmpfile);
}
}
else {
die ('unknown/invalid $CONF["encrypt"] setting: ' . $CONF['encrypt']);
}
$password = escape_string ($password); $password = escape_string ($password);
return $password; return $password;

Write Preview
Loading…
Cancel
Save