banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

functions.inc.php:

Browse Source 
- pacrypt(), dovecot:* method:
  - allow "." in dovecot method (to allow a suffix like ".b64")
  - blacklist SCRAM-SHA-1 (needs -u)
  - check against list of non-salted methods to be backward compatible
    with dovecot < 2.1 again
  Thanks to Szilagyi Jozsef <szjozsef AT yahoo DOT com> for providing
  the list of non-salted methods etc.

functions.inc.php, scripts/postfixadmin-cli.php:
- drop unused global variables $table_admin and $table_alias_domain



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1529 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
Christian Boltz 11 years ago
parent 6ea8b370c0
commit f444de402b
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File

17
functions.inc.php
Unescape Escape View File

@ -910,12 +910,14 @@ function pacrypt ($pw, $pw_db="") {
elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
$split_method = preg_split ('/:/', $CONF['encrypt']);
$method = strtoupper($split_method[1]);
if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
if (! preg_match("/^[A-Z0-9.-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
# if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead.");
# $crypt_method = preg_match ("/.*-CRYPT$/", $method);
# digest-md5 hashes include the username - until someone implements it, let's declare it as unsupported
# digest-md5 and SCRAM-SHA-1 hashes include the username - until someone implements it, let's declare it as unsupported
if (strtolower($method) == 'digest-md5') die("Sorry, \$CONF['encrypt'] = 'dovecot:digest-md5' is not supported by PostfixAdmin.");
if (strtoupper($method) == 'SCRAM-SHA-1') die("Sorry, \$CONF['encrypt'] = 'dovecot:scram-sha-1' is not supported by PostfixAdmin.");
# TODO: add -u option for those hashes, or for everything that is salted (-u was available before dovecot 2.1 -> no problem with backward compability)
$dovecotpw = "doveadm pw";
if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
@ -927,9 +929,12 @@ function pacrypt ($pw, $pw_db="") {
2 => array("pipe", "w"), // stderr
);
$nonsaltedtypes = "SHA|SHA1|SHA256|SHA512|CLEAR|CLEARTEXT|PLAIN|PLAIN-TRUNC|CRAM-MD5|HMAC-MD5|PLAIN-MD4|PLAIN-MD5|LDAP-MD5|LANMAN|NTLM|RPA";
$salted = ! preg_match("/^($nonsaltedtypes)(\.B64|\.BASE64|\.HEX)?$/", strtoupper($method) );
$dovepasstest = '';
if (!empty($pw_db)) {
# TODO: only use -t for salted passwords to be backward compatible with dovecot < 2.1 again
if ( $salted && (!empty($pw_db)) ) {
# only use -t for salted passwords to be backward compatible with dovecot < 2.1
$dovepasstest = " -t " . escapeshellarg($pw_db);
}
$pipe = proc_open("$dovecotpw '-s' $method$dovepasstest", $spec, $pipes);
@ -1850,9 +1855,9 @@ function boolconf($setting) {
return Config::bool($setting);
}
$table_admin = table_by_key ('admin');
#$table_admin = table_by_key ('admin');
$table_alias = table_by_key ('alias');
$table_alias_domain = table_by_key ('alias_domain');
#$table_alias_domain = table_by_key ('alias_domain');
$table_domain = table_by_key ('domain');
$table_domain_admins = table_by_key ('domain_admins');
$table_log = table_by_key ('log');

4
scripts/postfixadmin-cli.php
Unescape Escape View File

@ -550,9 +550,9 @@ $CONF = Config::read('all');
//bugfix shitty globals and OOP.....
$table_admin = table_by_key ('admin');
#$table_admin = table_by_key ('admin');
$table_alias = table_by_key ('alias');
$table_alias_domain = table_by_key ('alias_domain');
#$table_alias_domain = table_by_key ('alias_domain');
$table_domain = table_by_key ('domain');
$table_domain_admins = table_by_key ('domain_admins');
$table_log = table_by_key ('log');

Write Preview
Loading…
Cancel
Save