parent
2dbc2d787a
commit
6bd74d8d51
@ -0,0 +1,159 @@
|
|||||||
|
-----------------------------------------------------------------------
|
||||||
|
Password Plugin for Roundcube
|
||||||
|
-----------------------------------------------------------------------
|
||||||
|
|
||||||
|
Plugin that adds a possibility to change user password using many
|
||||||
|
methods (drivers) via Settings/Password tab.
|
||||||
|
|
||||||
|
-----------------------------------------------------------------------
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License version 2
|
||||||
|
as published by the Free Software Foundation.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along
|
||||||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
|
||||||
|
@version 1.2
|
||||||
|
@author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
|
||||||
|
@author <see driver files for driver authors>
|
||||||
|
-----------------------------------------------------------------------
|
||||||
|
|
||||||
|
1. Configuration
|
||||||
|
2. Drivers
|
||||||
|
2.1. Database (sql)
|
||||||
|
2.2. Cyrus/SASL (sasl)
|
||||||
|
3. Driver API
|
||||||
|
|
||||||
|
|
||||||
|
1. Configuration
|
||||||
|
----------------
|
||||||
|
|
||||||
|
* See config.inc.php file.
|
||||||
|
|
||||||
|
|
||||||
|
2. Drivers
|
||||||
|
----------
|
||||||
|
|
||||||
|
Password plugin supports many password change mechanisms which are
|
||||||
|
handled by included drivers. Just pass driver name in 'password_driver' option.
|
||||||
|
|
||||||
|
|
||||||
|
2.1. Database (sql)
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
You can specify which database to connect by 'password_db_dsn' option and
|
||||||
|
what SQL query to execute by 'password_query'. See main.inc.php file for
|
||||||
|
more info.
|
||||||
|
|
||||||
|
Example implementations of an update_passwd function:
|
||||||
|
|
||||||
|
- This is for use with LMS (http://lms.org.pl) database and postgres:
|
||||||
|
|
||||||
|
CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
|
||||||
|
DECLARE
|
||||||
|
res integer;
|
||||||
|
BEGIN
|
||||||
|
UPDATE passwd SET password = hash
|
||||||
|
WHERE login = split_part(account, '@', 1)
|
||||||
|
AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
|
||||||
|
RETURNING id INTO res;
|
||||||
|
RETURN res;
|
||||||
|
END;
|
||||||
|
$$ LANGUAGE plpgsql SECURITY DEFINER;
|
||||||
|
|
||||||
|
- This is for use with a SELECT update_passwd(%o,%c,%u) query
|
||||||
|
Updates the password only when the old password matches the MD5 password
|
||||||
|
in the database
|
||||||
|
|
||||||
|
CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
|
||||||
|
MODIFIES SQL DATA
|
||||||
|
BEGIN
|
||||||
|
DECLARE currentsalt varchar(20);
|
||||||
|
DECLARE error text;
|
||||||
|
SET error = 'incorrect current password';
|
||||||
|
SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
|
||||||
|
SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
|
||||||
|
UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
|
||||||
|
RETURN error;
|
||||||
|
END
|
||||||
|
|
||||||
|
Example SQL UPDATEs:
|
||||||
|
|
||||||
|
- Plain text passwords:
|
||||||
|
UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1
|
||||||
|
|
||||||
|
- Crypt text passwords:
|
||||||
|
UPDATE users SET password=%c WHERE username=%u LIMIT 1
|
||||||
|
|
||||||
|
- Use a MYSQL crypt function (*nix only) with random 8 character salt
|
||||||
|
UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1
|
||||||
|
|
||||||
|
- MD5 stored passwords:
|
||||||
|
UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1
|
||||||
|
|
||||||
|
|
||||||
|
2.2. Cyrus/SASL (sasl)
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
Cyrus SASL database authentication allows your Cyrus+RoundCube
|
||||||
|
installation to host mail users without requiring a Unix Shell account!
|
||||||
|
|
||||||
|
This driver only covers the "sasldb" case when using Cyrus SASL. Kerberos
|
||||||
|
and PAM authentication mechanisms will require other techniques to enable
|
||||||
|
user password manipulations.
|
||||||
|
|
||||||
|
Cyrus SASL includes a shell utility called "saslpasswd" for manipulating
|
||||||
|
user passwords in the "sasldb" database. This plugin attempts to use
|
||||||
|
this utility to perform password manipulations required by your webmail
|
||||||
|
users without any administrative interaction. Unfortunately, this
|
||||||
|
scheme requires that the "saslpasswd" utility be run as the "cyrus"
|
||||||
|
user - kind of a security problem since we have chosen to SUID a small
|
||||||
|
script which will allow this to happen.
|
||||||
|
|
||||||
|
This driver is based on the Squirrelmail Change SASL Password Plugin.
|
||||||
|
See http://www.squirrelmail.org/plugin_view.php?id=107 for details.
|
||||||
|
|
||||||
|
Installation:
|
||||||
|
|
||||||
|
Edit the chgsaslpasswd.c and chgsaslpasswd.sh files as is documented
|
||||||
|
within them.
|
||||||
|
|
||||||
|
Compile the wrapper program:
|
||||||
|
gcc -o chgsaslpasswd chgsaslpasswd.c
|
||||||
|
|
||||||
|
Chown the chgsaslpasswd and chgsaslpasswd.sh to the cyrus user and group
|
||||||
|
that your browser runs as, then chmod them to 4550.
|
||||||
|
|
||||||
|
For example, if your cyrus user is 'cyrus' and the apache server group is
|
||||||
|
'nobody' (I've been told Redhat runs Apache as user 'apache'):
|
||||||
|
|
||||||
|
chown cyrus:nobody chgsaslpasswd
|
||||||
|
chmod 4550 chgsaslpasswd
|
||||||
|
|
||||||
|
Stephen Carr has suggested users should try to run the scripts on a test
|
||||||
|
account as the cyrus user eg;
|
||||||
|
|
||||||
|
su cyrus -c "./chgsaslpasswd -p test_account"
|
||||||
|
|
||||||
|
This will allow you to make sure that the script will work for your setup.
|
||||||
|
Should the script not work, make sure that:
|
||||||
|
1) the user the script runs as has access to the saslpasswd|saslpasswd2
|
||||||
|
file and proper permissions
|
||||||
|
2) make sure the user in the chgsaslpasswd.c file is set correctly.
|
||||||
|
This could save you some headaches if you are the paranoid type.
|
||||||
|
|
||||||
|
|
||||||
|
3. Driver API
|
||||||
|
-------------
|
||||||
|
|
||||||
|
Driver file (<driver_name>.php) must define 'password_save' function with
|
||||||
|
two arguments. First - current password, second - new password. Function
|
||||||
|
may return PASSWORD_SUCCESS on success or PASSWORD_ERROR on any error.
|
||||||
|
See existing drivers in drivers/ directory for examples.
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
// Password Plugin options
|
||||||
|
// -----------------------
|
||||||
|
// A driver to use for password change. Default: "sql".
|
||||||
|
$rcmail_config['password_driver'] = 'sql';
|
||||||
|
|
||||||
|
// Determine whether current password is required to change password.
|
||||||
|
// Default: false.
|
||||||
|
$rcmail_config['password_confirm_current'] = false;
|
||||||
|
|
||||||
|
|
||||||
|
// SQL Driver options
|
||||||
|
// ------------------
|
||||||
|
// PEAR database DSN for performing the query. By default
|
||||||
|
// Roundcube DB settings are used.
|
||||||
|
$rcmail_config['password_db_dsn'] = '';
|
||||||
|
|
||||||
|
// The SQL query used to change the password.
|
||||||
|
// The query can contain the following macros that will be expanded as follows:
|
||||||
|
// %p is replaced with the plaintext new password
|
||||||
|
// %c is replaced with the crypt version of the new password, MD5 if available
|
||||||
|
// otherwise DES.
|
||||||
|
// %u is replaced with the username (from the session info)
|
||||||
|
// %o is replaced with the password before the change
|
||||||
|
// %h is replaced with the imap host (from the session info)
|
||||||
|
// Escaping of macros is handled by this module.
|
||||||
|
// Default: "SELECT update_passwd(%c, %u)"
|
||||||
|
$rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';
|
||||||
|
|
||||||
|
?>
|
@ -0,0 +1,41 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SASL Password Driver
|
||||||
|
*
|
||||||
|
* Driver that adds functionality to change the users Cyrus/SASL password.
|
||||||
|
* The code is derrived from the Squirrelmail "Change SASL Password" Plugin
|
||||||
|
* by Galen Johnson.
|
||||||
|
*
|
||||||
|
* It only works with saslpasswd2 on the same host where RoundCube runs
|
||||||
|
* and requires shell access and gcc in order to compile the binary.
|
||||||
|
*
|
||||||
|
* For installation instructions please read the README file.
|
||||||
|
*
|
||||||
|
* @version 1.0
|
||||||
|
* @author Thomas Bruederli
|
||||||
|
*/
|
||||||
|
|
||||||
|
function password_save($currpass, $newpass)
|
||||||
|
{
|
||||||
|
$curdir = realpath(dirname(__FILE__));
|
||||||
|
$username = escapeshellcmd($_SESSION['username']);
|
||||||
|
|
||||||
|
if ($fh = popen("$curdir/chgsaslpasswd -p $username", 'w')) {
|
||||||
|
fwrite($fh, $newpass."\n");
|
||||||
|
$code = pclose($fh);
|
||||||
|
|
||||||
|
if($code == 0)
|
||||||
|
return PASSWORD_SUCCESS;
|
||||||
|
} else
|
||||||
|
raise_error(array(
|
||||||
|
'code' => 600,
|
||||||
|
'type' => 'php',
|
||||||
|
'file' = __FILE__,
|
||||||
|
'message' => "Password plugin: Unable to execute $curdir/chgsaslpasswd"
|
||||||
|
), true, false);
|
||||||
|
|
||||||
|
return PASSWORD_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
@ -0,0 +1,66 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SQL Password Driver
|
||||||
|
*
|
||||||
|
* Driver for passwords stored in SQL database
|
||||||
|
*
|
||||||
|
* @version 1.0
|
||||||
|
* @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
function password_save($curpass, $passwd)
|
||||||
|
{
|
||||||
|
$rcmail = rcmail::get_instance();
|
||||||
|
|
||||||
|
if (!($sql = $rcmail->config->get('password_query')))
|
||||||
|
$sql = 'SELECT update_passwd(%c, %u)';
|
||||||
|
|
||||||
|
if ($dsn = $rcmail->config->get('password_db_dsn')) {
|
||||||
|
$db = new rcube_mdb2($dsn, '', FALSE);
|
||||||
|
$db->set_debug((bool)$rcmail->config->get('sql_debug'));
|
||||||
|
$db->db_connect('w');
|
||||||
|
} else {
|
||||||
|
$db = $rcmail->get_dbh();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($err = $db->is_error())
|
||||||
|
return PASSWORD_ERROR;
|
||||||
|
|
||||||
|
if (strpos($sql, '%c') !== FALSE) {
|
||||||
|
$salt = '';
|
||||||
|
if (CRYPT_MD5) {
|
||||||
|
$len = rand(3, CRYPT_SALT_LENGTH);
|
||||||
|
} else if (CRYPT_STD_DES) {
|
||||||
|
$len = 2;
|
||||||
|
} else {
|
||||||
|
return PASSWORD_CRYPT_ERROR;
|
||||||
|
}
|
||||||
|
for ($i = 0; $i < $len ; $i++) {
|
||||||
|
$salt .= chr(rand(ord('.'), ord('z')));
|
||||||
|
}
|
||||||
|
$sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
|
||||||
|
}
|
||||||
|
|
||||||
|
$sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql);
|
||||||
|
$sql = str_replace('%p', $db->quote($passwd,'text'), $sql);
|
||||||
|
$sql = str_replace('%o', $db->quote($curpass,'text'), $sql);
|
||||||
|
$sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql);
|
||||||
|
|
||||||
|
$res = $db->query($sql);
|
||||||
|
|
||||||
|
if (!$db->is_error()) {
|
||||||
|
if (strtolower(substr(trim($query),0,6))=='select') {
|
||||||
|
if ($result = $db->fetch_array($res))
|
||||||
|
return PASSWORD_SUCCESS;
|
||||||
|
} else {
|
||||||
|
if ($db->affected_rows($res) == 1)
|
||||||
|
return PASSWORD_SUCCESS; // This is the good case: 1 row updated
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return PASSWORD_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
@ -1,65 +0,0 @@
|
|||||||
+-------------------------------------------------------------------------+
|
|
||||||
|
|
|
||||||
| Author: Thomas Bruederli
|
|
||||||
| Source: Squirrelmail Change SASL Password Plugin by Galen Johnson
|
|
||||||
| Program: sasl_password
|
|
||||||
| Version: 1.0
|
|
||||||
| Purpose: Change Cyrus Account Passwords
|
|
||||||
|
|
|
||||||
+-------------------------------------------------------------------------+
|
|
||||||
|
|
||||||
|
|
||||||
Purpose
|
|
||||||
-------
|
|
||||||
Cyrus SASL database authentication allows your Cyrus+RoundCube
|
|
||||||
installation to host mail users without requiring a Unix Shell account!
|
|
||||||
|
|
||||||
This plugin only covers the "sasldb" case when using Cyrus SASL. Kerberos
|
|
||||||
and PAM authentication mechanisms will require other techniques to enable
|
|
||||||
user password manipulations.
|
|
||||||
|
|
||||||
Cyrus SASL includes a shell utility called "saslpasswd" for manipulating
|
|
||||||
user passwords in the "sasldb" database. This patch attempts to use
|
|
||||||
this utility to perform password manipulations required by your webmail
|
|
||||||
users without any administrative interaction. Unfortunately, this
|
|
||||||
scheme requires that the "saslpasswd" utility be run as the "cyrus"
|
|
||||||
user - kind of a security problem since we have chosen to SUID a small
|
|
||||||
script which will allow this to happen.
|
|
||||||
|
|
||||||
This plugin is based on the Squirrelmail Change SASL Password Plugin.
|
|
||||||
See http://www.squirrelmail.org/plugin_view.php?id=107 for details.
|
|
||||||
|
|
||||||
|
|
||||||
Installation
|
|
||||||
------------
|
|
||||||
Install just like any other plugin, just put it in the plugin directory
|
|
||||||
and activate it by adding 'sasl_password' to the list of active plugins
|
|
||||||
in config/main.inc.php
|
|
||||||
|
|
||||||
Edit the chgsaslpasswd.c and chgsaslpasswd.sh files as is documented
|
|
||||||
within them.
|
|
||||||
|
|
||||||
Compile the wrapper program:
|
|
||||||
gcc -o chgsaslpasswd chgsaslpasswd.c
|
|
||||||
|
|
||||||
Chown the chgsaslpasswd and chgsaslpasswd.sh to the cyrus user and group
|
|
||||||
that your browser runs as, then chmod them to 4550.
|
|
||||||
|
|
||||||
For example, if your cyrus user is 'cyrus' and the apache server group is
|
|
||||||
'nobody' (I've been told Redhat runs Apache as user 'apache'):
|
|
||||||
|
|
||||||
chown cyrus:nobody chgsaslpasswd
|
|
||||||
chmod 4550 chgsaslpasswd
|
|
||||||
|
|
||||||
Stephen Carr has suggested users should try to run the scripts on a test
|
|
||||||
account as the cyrus user eg;
|
|
||||||
|
|
||||||
su cyrus -c "./chgsaslpasswd -p test_account"
|
|
||||||
|
|
||||||
This will allow you to make sure that the script will work for your setup.
|
|
||||||
Should the script not work, make sure that:
|
|
||||||
1) the user the script runs as has access to the saslpasswd|saslpasswd2
|
|
||||||
file and proper permissions
|
|
||||||
2) make sure the user in the chgsaslpasswd.c file is set correctly.
|
|
||||||
This could save you some headaches if you are the paranoid type.
|
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
#include <stdio.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
// set the UID this script will run as (cyrus user)
|
|
||||||
#define UID 96
|
|
||||||
// set the path to saslpasswd or saslpasswd2
|
|
||||||
#define CMD "/usr/sbin/saslpasswd2"
|
|
||||||
|
|
||||||
/* INSTALLING:
|
|
||||||
gcc -o chgsaslpasswd chgsaslpasswd.c
|
|
||||||
chown root.apache chgsaslpasswd
|
|
||||||
strip chgsaslpasswd
|
|
||||||
chmod 4550 chgsaslpasswd
|
|
||||||
*/
|
|
||||||
|
|
||||||
main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
int rc,cc;
|
|
||||||
|
|
||||||
cc = setuid(UID);
|
|
||||||
rc = execvp(CMD, argv);
|
|
||||||
if ((rc != 0) || (cc != 0))
|
|
||||||
{
|
|
||||||
fprintf(stderr,"__ %s: failed %d %d\n",argv[0],rc,cc);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,16 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$labels = array();
|
|
||||||
$labels['changepasswd'] = 'Passwort ändern';
|
|
||||||
$labels['curpasswd'] = 'Aktuelles Passwort';
|
|
||||||
$labels['newpasswd'] = 'Neues Passwort';
|
|
||||||
$labels['confpasswd'] = 'Passwort Wiederholung';
|
|
||||||
|
|
||||||
$messages = array();
|
|
||||||
$messages['nopassword'] = "Bitte geben Sie ein neues Passwort ein";
|
|
||||||
$messages['nocurpassword'] = "Bitte geben Sie Ihr aktuelles Passwort an";
|
|
||||||
$messages['passwordincorrect'] = "Das aktuelle Passwort ist nicht korrekt";
|
|
||||||
$messages['passwordinconsistency'] = "Das neue Passwort und dessen Wiederholung stimmen nicht überein";
|
|
||||||
$messages['successfullysaved'] = "Ihr Passwort wurde erfolgreich geändert";
|
|
||||||
|
|
||||||
?>
|
|
@ -1,16 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$labels = array();
|
|
||||||
$labels['changepasswd'] = 'Change Password';
|
|
||||||
$labels['curpasswd'] = 'Current Password:';
|
|
||||||
$labels['newpasswd'] = 'New Password:';
|
|
||||||
$labels['confpasswd'] = 'Confirm New Password:';
|
|
||||||
|
|
||||||
$messages = array();
|
|
||||||
$messages['nopassword'] = "Please enter the new password";
|
|
||||||
$messages['nocurpassword'] = "Please enter your current password";
|
|
||||||
$messages['passwordincorrect'] = "Current password is incorrect";
|
|
||||||
$messages['passwordinconsistency'] = "The new password and it's confirmation do not match";
|
|
||||||
$messages['successfullysaved'] = "Successfully changed password";
|
|
||||||
|
|
||||||
?>
|
|
@ -1,16 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$labels = array();
|
|
||||||
$labels['changepasswd'] = 'Zmiana hasła';
|
|
||||||
$labels['curpasswd'] = 'Aktualne hasło:';
|
|
||||||
$labels['newpasswd'] = 'Nowe hasło:';
|
|
||||||
$labels['confpasswd'] = 'Potwierdź hasło:';
|
|
||||||
|
|
||||||
$messages = array();
|
|
||||||
$messages['nopassword'] = "Wprowadź nowe hasło";
|
|
||||||
$messages['nocurpassword'] = "Wprowadź aktualne hasło";
|
|
||||||
$messages['passwordincorrect'] = 'Błędne aktualne hasło, spróbuj ponownie.';
|
|
||||||
$messages['passwordinconsistency'] = 'Hasła nie pasują, spróbuj ponownie.';
|
|
||||||
$messages['successfullysaved'] = "Zapisano.";
|
|
||||||
|
|
||||||
?>
|
|
@ -1,43 +0,0 @@
|
|||||||
/* SASL pssword change interface (tab) */
|
|
||||||
|
|
||||||
function sasl_password_save()
|
|
||||||
{
|
|
||||||
var input_curpasswd = $('#saslcurpasswd')[0];
|
|
||||||
var input_newpasswd = $('#saslnewpasswd')[0];
|
|
||||||
var input_confpasswd = $('#saslconfpasswd')[0];
|
|
||||||
|
|
||||||
if (input_curpasswd && input_curpasswd.value=='') {
|
|
||||||
alert(rcmail.gettext('nocurpassword', 'sasl_password'));
|
|
||||||
input_curpasswd.focus();
|
|
||||||
}
|
|
||||||
else if (input_newpasswd && input_newpasswd.value=='') {
|
|
||||||
alert(rcmail.gettext('nopassword', 'sasl_password'));
|
|
||||||
input_newpasswd.focus();
|
|
||||||
}
|
|
||||||
else if (input_confpasswd && input_confpasswd.value=='') {
|
|
||||||
alert(rcmail.gettext('nopassword', 'sasl_password'));
|
|
||||||
input_confpasswd.focus();
|
|
||||||
}
|
|
||||||
else if ((input_newpasswd && input_confpasswd) && (input_newpasswd.value != input_confpasswd.value)) {
|
|
||||||
alert(rcmail.gettext('passwordinconsistency', 'sasl_password'));
|
|
||||||
input_newpasswd.focus();
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
rcmail.gui_objects.passform.submit();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (window.rcmail) {
|
|
||||||
rcmail.addEventListener('init', function(evt) {
|
|
||||||
// <span id="settingstabdefault" class="tablink"><roundcube:button command="preferences" type="link" label="preferences" title="editpreferences" /></span>
|
|
||||||
var tab = $('<span>').attr('id', 'settingstabpluginsaslpassword').addClass('tablink');
|
|
||||||
|
|
||||||
var button = $('<a>').attr('href', rcmail.env.comm_path+'&_action=plugin.saslpassword').html(rcmail.gettext('password')).appendTo(tab);
|
|
||||||
button.bind('click', function(e){ return rcmail.command('plugin.saslpassword', this) });
|
|
||||||
|
|
||||||
// add button and register commands
|
|
||||||
rcmail.add_element(tab, 'tabs');
|
|
||||||
rcmail.register_command('plugin.saslpassword', function() { rcmail.goto_url('plugin.saslpassword') }, true);
|
|
||||||
rcmail.register_command('plugin.saslpassword-save', sasl_password_save, true);
|
|
||||||
});
|
|
||||||
}
|
|
@ -1,146 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Change SASL Password
|
|
||||||
*
|
|
||||||
* Plugin that adds functionality ty to change the users Cyrus/SASL password.
|
|
||||||
* The code is derrived from the Squirrelmail "Change SASL Password" Plugin
|
|
||||||
* by Galen Johnson.
|
|
||||||
*
|
|
||||||
* It only works with saslpasswd2 on the same host where RoundCube runs
|
|
||||||
* and requires shell access and gcc in order to compile the binary.
|
|
||||||
*
|
|
||||||
* For installation instructions please read the README file.
|
|
||||||
*
|
|
||||||
* @version 1.0
|
|
||||||
* @author Thomas Bruederli
|
|
||||||
*/
|
|
||||||
class sasl_password extends rcube_plugin
|
|
||||||
{
|
|
||||||
public $task = 'settings';
|
|
||||||
|
|
||||||
function init()
|
|
||||||
{
|
|
||||||
$rcmail = rcmail::get_instance();
|
|
||||||
// add Tab label
|
|
||||||
$rcmail->output->add_label('password');
|
|
||||||
$this->register_action('plugin.saslpassword', array($this, 'password_init'));
|
|
||||||
$this->register_action('plugin.saslpassword-save', array($this, 'password_save'));
|
|
||||||
$this->include_script('sasl_password.js');
|
|
||||||
}
|
|
||||||
|
|
||||||
function password_init()
|
|
||||||
{
|
|
||||||
$this->add_texts('locale/');
|
|
||||||
$this->register_handler('plugin.body', array($this, 'password_form'));
|
|
||||||
|
|
||||||
$rcmail = rcmail::get_instance();
|
|
||||||
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
|
|
||||||
$rcmail->output->send('plugin');
|
|
||||||
}
|
|
||||||
|
|
||||||
function password_save()
|
|
||||||
{
|
|
||||||
$rcmail = rcmail::get_instance();
|
|
||||||
|
|
||||||
$this->add_texts('locale/');
|
|
||||||
$this->register_handler('plugin.body', array($this, 'password_form'));
|
|
||||||
|
|
||||||
if (!isset($_POST['_curpasswd']) || !isset($_POST['_newpasswd'])) {
|
|
||||||
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
|
|
||||||
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
|
|
||||||
|
|
||||||
if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
|
|
||||||
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
|
|
||||||
}
|
|
||||||
else if ($this->_save($newpwd)) {
|
|
||||||
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
|
|
||||||
$_SESSION['password'] = $rcmail->encrypt($newpwd);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
rcmail_overwrite_action('plugin.saslpassword');
|
|
||||||
rcmail::get_instance()->output->send('plugin');
|
|
||||||
}
|
|
||||||
|
|
||||||
function password_form()
|
|
||||||
{
|
|
||||||
$rcmail = rcmail::get_instance();
|
|
||||||
|
|
||||||
// add some labels to client
|
|
||||||
$rcmail->output->add_label(
|
|
||||||
'sasl_password.nopassword',
|
|
||||||
'sasl_password.nocurpassword',
|
|
||||||
'sasl_password.passwordinconsistency',
|
|
||||||
'sasl_password.changepasswd'
|
|
||||||
);
|
|
||||||
|
|
||||||
$table = new html_table(array('cols' => 2));
|
|
||||||
|
|
||||||
// show current password selection
|
|
||||||
$field_id = 'saslcurpasswd';
|
|
||||||
$input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, 'size' => 25));
|
|
||||||
|
|
||||||
$table->add('title', html::label($field_id, Q($this->gettext('curpasswd'))));
|
|
||||||
$table->add(null, $input_newpasswd->show());
|
|
||||||
|
|
||||||
// show new password selection
|
|
||||||
$field_id = 'saslnewpasswd';
|
|
||||||
$input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, 'size' => 25));
|
|
||||||
|
|
||||||
$table->add('title', html::label($field_id, Q($this->gettext('newpasswd'))));
|
|
||||||
$table->add(null, $input_newpasswd->show());
|
|
||||||
|
|
||||||
// show confirm password selection
|
|
||||||
$field_id = 'saslconfpasswd';
|
|
||||||
$input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, 'size' => 25));
|
|
||||||
|
|
||||||
$table->add('title', html::label($field_id, Q($this->gettext('confpasswd'))));
|
|
||||||
$table->add(null, $input_confpasswd->show());
|
|
||||||
|
|
||||||
$out = html::div(array('class' => "settingsbox", 'style' => "margin:0"),
|
|
||||||
html::div(array('id' => "userprefs-title"), $this->gettext('changepasswd')) .
|
|
||||||
html::div(array('style' => "padding:15px"), $table->show() .
|
|
||||||
html::p(null,
|
|
||||||
$rcmail->output->button(array(
|
|
||||||
'command' => 'plugin.saslpassword-save',
|
|
||||||
'type' => 'input',
|
|
||||||
'class' => 'button mainaction',
|
|
||||||
'label' => 'save'
|
|
||||||
)))
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
$rcmail->output->add_gui_object('passform', 'password-form');
|
|
||||||
|
|
||||||
return $rcmail->output->form_tag(array(
|
|
||||||
'id' => 'password-form',
|
|
||||||
'name' => 'password-form',
|
|
||||||
'method' => 'post',
|
|
||||||
'action' => './?_task=settings&_action=plugin.saslpassword-save',
|
|
||||||
), $out);
|
|
||||||
}
|
|
||||||
|
|
||||||
private function _save($passwd)
|
|
||||||
{
|
|
||||||
$curdir = realpath(dirname(__FILE__));
|
|
||||||
$username = escapeshellcmd($_SESSION['username']);
|
|
||||||
$code = 1;
|
|
||||||
|
|
||||||
if ($fh = popen("$curdir/chgsaslpasswd -p $username", 'w')) {
|
|
||||||
fwrite($fh, $passwd."\n");
|
|
||||||
$code = pclose($fh);
|
|
||||||
}
|
|
||||||
|
|
||||||
return ($code == 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
Loading…
Reference in New Issue