Merge 1c8328d7cf
into e9c592a6e8
commit
fa55b0cef4
@ -0,0 +1,196 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Dovecot passwdfile Password Driver
|
||||
*
|
||||
* Driver that adds functionality to change the passwords in dovecot 2 passwd-file files.
|
||||
* The code is derrived from the Plugin examples by The Roundcube Dev Team
|
||||
*
|
||||
* Intentionally written for hostnet.de Managed-Root Server Systems, it determines
|
||||
* the hostBSD System to preset any needed settings. hostNET Managed-Root Customers only need to set
|
||||
*
|
||||
* $config['password_driver'] = 'dovecot_passwdfile'
|
||||
*
|
||||
* in roundcubes plugins/password/config.inc.php to have all set.
|
||||
* (But don't forget to enable the 'password' plugin at all...)
|
||||
*
|
||||
* On vanilla dovecot 2 environments, use the correct values for these config settings, too:
|
||||
*
|
||||
* $config['password_dovecot_passwdfile_path']: The path of your dovecot passwd-file '/path/to/filename' as set in dovecot/conf.d/auth-passwdfile.conf.ext
|
||||
* $config['password_dovecotpw']: Full path and 'pw' command of doveadm binary - like '/usr/local/bin/doveadm pw'
|
||||
* $config['password_dovecotpw_method']: Dovecot hashing algo (http://wiki2.dovecot.org/Authentication/PasswordSchemes)
|
||||
* $config['password_dovecotpw_with_method']: True if you want the hashing algo as prefix in your passwd-file
|
||||
*
|
||||
* @version 1.0; Jimmy Koerting
|
||||
*
|
||||
* Copyright (C) 2017, hostNET Medien GmbH, www.hostnet.de
|
||||
*
|
||||
*
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
*/
|
||||
|
||||
|
||||
class rcube_dovecot_passwdfile_password
|
||||
{
|
||||
public function save($currpass, $newpass)
|
||||
{
|
||||
$rcmail = rcmail::get_instance();
|
||||
$username = escapeshellcmd($_SESSION['username']);
|
||||
$password = $newpass;
|
||||
$mailuserfile = $rcmail->config->get('password_dovecot_passwdfile_path', '/etc/mail/mailuser');
|
||||
$dovecotpw = $rcmail->config->get('password_dovecotpw', '/usr/local/bin/doveadm pw');
|
||||
$method = $rcmail->config->get('password_dovecotpw_method', 'SHA512-CRYPT');
|
||||
$with_method = $rcmail->config->get('password_dovecotpw_with_method', false);
|
||||
|
||||
// BEGIN hostNET.de specific code - ignored elsewhere
|
||||
$uname_call = "/usr/bin/uname -v";
|
||||
exec($uname_call, $systemname, $return_value);
|
||||
$systemname = implode($systemname);
|
||||
if (strncmp ($systemname, 'hostBSD', 7) === 0) {
|
||||
$mailuserfile = '/etc/mail/mailuser';
|
||||
$dovecotpw = '/usr/iports/bin/doveadm pw';
|
||||
$method = 'SHA512-CRYPT';
|
||||
$with_method = false;
|
||||
}
|
||||
// END hostNET.de specific code
|
||||
|
||||
|
||||
// simplified version from password::hash_password
|
||||
$tmp_dir = $rcmail->config->get('temp_dir');
|
||||
$tmpfile = tempnam($tmp_dir, 'roundcube-');
|
||||
|
||||
$pipe = popen("$dovecotpw -s '$method' > '$tmpfile'", "w");
|
||||
if (!$pipe) {
|
||||
unlink($tmpfile);
|
||||
rcube::raise_error(array(
|
||||
'code' => 600,
|
||||
'type' => 'php',
|
||||
'file' => __FILE__, 'line' => __LINE__,
|
||||
'message' => "Password plugin: Can't create tempfile $tmpfile"
|
||||
), true, false);
|
||||
return PASSWORD_CRYPT_ERROR;
|
||||
}
|
||||
else {
|
||||
fwrite($pipe, $password . "\n", 1+strlen($password)); usleep(1000);
|
||||
fwrite($pipe, $password . "\n", 1+strlen($password));
|
||||
pclose($pipe);
|
||||
|
||||
$newhash = trim(file_get_contents($tmpfile), "\n");
|
||||
unlink($tmpfile);
|
||||
|
||||
if (!preg_match('/^\{' . $method . '\}/', $newhash)) {
|
||||
rcube::raise_error(array(
|
||||
'code' => 600,
|
||||
'type' => 'php',
|
||||
'file' => __FILE__, 'line' => __LINE__,
|
||||
'message' => "Password plugin: Password hashing failed -> $newhash"
|
||||
), true, false);
|
||||
return PASSWORD_CRYPT_ERROR;
|
||||
}
|
||||
|
||||
if(!$with_method) {
|
||||
$newhash = trim(str_replace('{' . $method . '}', '', $newhash));
|
||||
}
|
||||
}
|
||||
|
||||
$newhash = escapeshellcmd($newhash);
|
||||
|
||||
// read the entire mailuser file
|
||||
$mailusercontent = file_get_contents($mailuserfile);
|
||||
|
||||
if (empty($mailusercontent)) {
|
||||
// Error if the mailuserfile is empty/not accessible.
|
||||
rcube::raise_error(array(
|
||||
'code' => 600,
|
||||
'type' => 'php',
|
||||
'file' => __FILE__, 'line' => __LINE__,
|
||||
'message' => "Password plugin: Unable to get old password file - $mailuserfile."
|
||||
), true, false);
|
||||
return PASSWORD_CONNECT_ERROR;
|
||||
}
|
||||
|
||||
// build the search/replace pattern.
|
||||
$pattern = "/$username:[^:]+:/i";
|
||||
$replace = "$username:$newhash:";
|
||||
|
||||
// replace
|
||||
$mailusercontent = preg_replace($pattern, $replace, $mailusercontent);
|
||||
|
||||
if (preg_last_error()){
|
||||
$error = $this->preg_error_message(preg_last_error());
|
||||
rcube::raise_error(array(
|
||||
'code' => 600,
|
||||
'type' => 'php',
|
||||
'file' => __FILE__, 'line' => __LINE__,
|
||||
'message' => "Password plugin: Unable to replace the old password: $error."
|
||||
), true, false);
|
||||
return PASSWORD_ERROR;
|
||||
}
|
||||
|
||||
// write back the entire file
|
||||
if (file_put_contents($mailuserfile, $mailusercontent)) {
|
||||
return PASSWORD_SUCCESS;
|
||||
}
|
||||
else {
|
||||
rcube::raise_error(array(
|
||||
'code' => 600,
|
||||
'type' => 'php',
|
||||
'file' => __FILE__, 'line' => __LINE__,
|
||||
'message' => "Password plugin: Unable to save new password."
|
||||
), true, false);
|
||||
}
|
||||
|
||||
return PASSWORD_ERROR;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Fire TEXT errors
|
||||
* Derrived from
|
||||
* @author Ivan Tcholakov, 2016
|
||||
* @license MIT
|
||||
*/
|
||||
function preg_error_message($code = null)
|
||||
{
|
||||
$code = (int) $code;
|
||||
switch ($code) {
|
||||
case PREG_NO_ERROR:
|
||||
$result = 'No error, probably invalid regular expression?';
|
||||
break;
|
||||
case PREG_INTERNAL_ERROR:
|
||||
$result = 'PCRE: Internal error.';
|
||||
break;
|
||||
case PREG_BACKTRACK_LIMIT_ERROR:
|
||||
$result = 'PCRE: Backtrack limit has been exhausted.';
|
||||
break;
|
||||
case PREG_RECURSION_LIMIT_ERROR:
|
||||
$result = 'PCRE: Recursion limit has been exhausted.';
|
||||
break;
|
||||
case PREG_BAD_UTF8_ERROR:
|
||||
$result = 'PCRE: Malformed UTF-8 data.';
|
||||
break;
|
||||
default:
|
||||
if (is_php('5.3') && $code == PREG_BAD_UTF8_OFFSET_ERROR) {
|
||||
$result = 'PCRE: Did not end at a valid UTF-8 codepoint.';
|
||||
} elseif (is_php('7') && $code == PREG_JIT_STACKLIMIT_ERROR) {
|
||||
$result = 'PCRE: Failed because of limited JIT stack space.';
|
||||
} else {
|
||||
$result = 'PCRE: Error ' . $code . '.';
|
||||
}
|
||||
break;
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue