webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-07-31 10:04:20 +03:00
Code Activity

Now password expiration is managed through Postfix Admin GUI

Browse Source
This commit is contained in:
Damien Martins
2018-08-20 15:32:53 +02:00
parent ab10c9b49a
commit ce60b9fa59
4 changed files with 40 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.password_expiration
View File

@ -2,6 +2,8 @@
This extension adds support for password expiration. This extension adds support for password expiration.
It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days. It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
Expiration unit is day
Expiration value for domain is set through Postfix Admin GUI
*Installation *Installation
Perform the following changes: Perform the following changes:
@ -9,15 +11,12 @@ Perform the following changes:
**Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php): **Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php):
You are invited to backup your DB first, and ensure the table name is correct. You are invited to backup your DB first, and ensure the table name is correct.
Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit the last line in the script and replace 90 by the required value. Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit line 2 in the script and replace 90 by the required value.
**Changes in Postfix Admin : **Changes in Postfix Admin :
To enable password expiration, add the following to your config.inc.php file: To enable password expiration, add the following to your config.inc.php file:
$CONF['password_expiration_enabled'] = 'YES'; $CONF['password_expiration_enabled'] = 'YES';
Do not forget to set the expiration value (in days)
$CONF['password_expiration_value'] = '90';
All my tests are performed using $CONF['encrypt'] = 'md5crypt'; All my tests are performed using $CONF['encrypt'] = 'md5crypt';
**If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value. **If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value.
@ -29,8 +28,9 @@ All my tests are performed using $config['password_algorithm'] = 'md5-crypt';
**Changes in Dovecot (adapt if you use another LDA) **Changes in Dovecot (adapt if you use another LDA)
Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query: Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query:
user_query = SELECT concat('/var/vmail/', maildir) as home, concat('maildir:/var/vmail/', maildir) as mail, 20001 AS uid, 20001 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' AND pw_expires_on > now() user_query = SELECT concat('/var/vmail/', m.maildir) as home, concat('maildir:/var/vmail/', m.maildir) as mail, 20001 AS uid, 20001 AS gid, concat('dirsize:storage=', m.quota) AS quota, m.domain FROM mailbox m ,domain d WHERE d.domain = m.domain and m.username = 'tutu@eyetech-software.com' AND m.active = '1' and (m.pw_expires_on > now() or d.password_expiration_value = 0)
if course you may require to adapt the uid, gid, maildir and table to your setup
Of course you may require to adapt the uid, gid, maildir and table to your setup
**Changes in system **Changes in system
You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh). You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh).

48
functions.inc.php
View File

@ -260,6 +260,20 @@ function check_domain($domain) {
return ''; return '';
} }
/**
* get_password_expiration_value
* Get password expiration value for a domain
* @param String $domain - a string that may be a domain
* @return password expiration value for this domain
* TODO: return specific value for invalid (not existing) domain
*/
function get_password_expiration_value ($domain) {
$table_domain = table_by_key('domain');
$query = "SELECT password_expiration_value FROM $table_domain WHERE domain='$domain'";
$result = db_query ($query);
$password_expiration_value = db_array ($result['result']);
return $password_expiration_value[0];
}
/** /**
* check_email * check_email
@ -1879,15 +1893,15 @@ function db_insert ($table, $values, $timestamp = array('created', 'modified'),
$values[$key] = "now()"; $values[$key] = "now()";
} }
} }
if ($table == 'mailbox') {
global $CONF; global $CONF;
if ($CONF['password_expiration_enabled'] == 'YES') { if ($CONF['password_expiration_enabled'] == 'YES') {
$expires_warning_values = array('thirty', 'fourteen', 'seven'); if ($table == 'mailbox') {
foreach($expires_warning_values as $key) { $domain_dirty = $values['domain'];
$values[$key] = escape_string($key) . "=0"; $domain = substr($domain_dirty, 1, -1);
} $password_expiration_value = get_password_expiration_value($domain);
foreach($timestamp_expiration as $key) { foreach($timestamp_expiration as $key) {
$values[$key] = "now() + interval " . $CONF['password_expiration_value'] . " day"; $values[$key] = "now() + interval " . $password_expiration_value . " day";
} }
} }
} }
@ -1939,15 +1953,17 @@ function db_update_q($table, $where, $values, $timestamp = array('modified')) {
$sql_values[$key] = escape_string($key) . "=now()"; $sql_values[$key] = escape_string($key) . "=now()";
} }
} }
if ($table == 'mailbox') {
global $CONF; global $CONF;
if ($CONF['password_expiration_enabled'] == 'YES') { if ($CONF['password_expiration_enabled'] == 'YES') {
$where_type = explode('=',$where);
$email = ($where_type[1]);
$domain_dirty = explode('@',$email)[1]; //Please do it nicer
$domain = substr($domain_dirty, 0, -1);
if ($table == 'mailbox') {
$password_expiration_value = get_password_expiration_value($domain);
$key = 'pw_expires_on'; $key = 'pw_expires_on';
$sql_values[$key] = escape_string($key) . "=now() + interval " . $CONF['password_expiration_value'] . " day"; $sql_values[$key] = escape_string($key) . "=now() + interval " . $password_expiration_value . " day";
$expires_warning_values = array('thirty', 'fourteen', 'seven');
foreach($expires_warning_values as $key) {
$sql_values[$key] = escape_string($key) . "=0";
}
} }
} }

1
model/DomainHandler.php
View File

@ -94,6 +94,7 @@ class DomainHandler extends PFAHandler {
'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,'', /*not in db*/ 1 ), 'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,'', /*not in db*/ 1 ),
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ), 'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ), 'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ),
'password_expiration_value' => pacol($super,$super,$super,'num','password_expiration', 'password_expiration_desc', ''),
'_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 , '_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
/*options*/ '', /*options*/ '',
/*not_in_db*/ 0, /*not_in_db*/ 0,

2
password_expiration.sql
View File

@ -1,3 +1,3 @@
ALTER TABLE mailbox ADD COLUMN pw_expires_on TIMESTAMP DEFAULT now() not null; ALTER TABLE mailbox ADD COLUMN pw_expires_on TIMESTAMP DEFAULT now() not null;
UPDATE mailbox set pw_expires_on = now() + interval 90 day; UPDATE mailbox set pw_expires_on = now() + interval 90 day;
ALTER TABLE domain ADD COLUMN password_expiration_value int DEFAULT null; ALTER TABLE domain ADD COLUMN password_expiration_value int DEFAULT 0;