webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-08-13 14:22:22 +03:00
Code Activity

functions.inc.php:

Browse Source 
- pacrypt(), dovecot:* method:
  - allow "." in dovecot method (to allow a suffix like ".b64")
  - blacklist SCRAM-SHA-1 (needs -u)
  - check against list of non-salted methods to be backward compatible
    with dovecot < 2.1 again
  Thanks to Szilagyi Jozsef <szjozsef AT yahoo DOT com> for providing
  the list of non-salted methods etc.

functions.inc.php, scripts/postfixadmin-cli.php:
- drop unused global variables $table_admin and $table_alias_domain



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1529 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
Christian Boltz
2013-10-07 18:42:59 +00:00
parent 6ea8b370c0
commit f444de402b
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
functions.inc.php
View File

@@ -910,12 +910,14 @@ function pacrypt ($pw, $pw_db="") {
elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) { elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
$split_method = preg_split ('/:/', $CONF['encrypt']); $split_method = preg_split ('/:/', $CONF['encrypt']);
$method = strtoupper($split_method[1]); $method = strtoupper($split_method[1]);
if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list? if (! preg_match("/^[A-Z0-9.-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
# if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); # if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead.");
# $crypt_method = preg_match ("/.*-CRYPT$/", $method); # $crypt_method = preg_match ("/.*-CRYPT$/", $method);
# digest-md5 hashes include the username - until someone implements it, let's declare it as unsupported # digest-md5 and SCRAM-SHA-1 hashes include the username - until someone implements it, let's declare it as unsupported
if (strtolower($method) == 'digest-md5') die("Sorry, \$CONF['encrypt'] = 'dovecot:digest-md5' is not supported by PostfixAdmin."); if (strtolower($method) == 'digest-md5') die("Sorry, \$CONF['encrypt'] = 'dovecot:digest-md5' is not supported by PostfixAdmin.");
if (strtoupper($method) == 'SCRAM-SHA-1') die("Sorry, \$CONF['encrypt'] = 'dovecot:scram-sha-1' is not supported by PostfixAdmin.");
# TODO: add -u option for those hashes, or for everything that is salted (-u was available before dovecot 2.1 -> no problem with backward compability)
$dovecotpw = "doveadm pw"; $dovecotpw = "doveadm pw";
if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw']; if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
@@ -927,9 +929,12 @@ function pacrypt ($pw, $pw_db="") {
2 => array("pipe", "w"), // stderr 2 => array("pipe", "w"), // stderr
); );
$nonsaltedtypes = "SHA|SHA1|SHA256|SHA512|CLEAR|CLEARTEXT|PLAIN|PLAIN-TRUNC|CRAM-MD5|HMAC-MD5|PLAIN-MD4|PLAIN-MD5|LDAP-MD5|LANMAN|NTLM|RPA";
$salted = ! preg_match("/^($nonsaltedtypes)(\.B64|\.BASE64|\.HEX)?$/", strtoupper($method) );
$dovepasstest = ''; $dovepasstest = '';
if (!empty($pw_db)) { if ( $salted && (!empty($pw_db)) ) {
# TODO: only use -t for salted passwords to be backward compatible with dovecot < 2.1 again # only use -t for salted passwords to be backward compatible with dovecot < 2.1
$dovepasstest = " -t " . escapeshellarg($pw_db); $dovepasstest = " -t " . escapeshellarg($pw_db);
} }
$pipe = proc_open("$dovecotpw '-s' $method$dovepasstest", $spec, $pipes); $pipe = proc_open("$dovecotpw '-s' $method$dovepasstest", $spec, $pipes);
@@ -1850,9 +1855,9 @@ function boolconf($setting) {
return Config::bool($setting); return Config::bool($setting);
} }
$table_admin = table_by_key ('admin'); #$table_admin = table_by_key ('admin');
$table_alias = table_by_key ('alias'); $table_alias = table_by_key ('alias');
$table_alias_domain = table_by_key ('alias_domain'); #$table_alias_domain = table_by_key ('alias_domain');
$table_domain = table_by_key ('domain'); $table_domain = table_by_key ('domain');
$table_domain_admins = table_by_key ('domain_admins'); $table_domain_admins = table_by_key ('domain_admins');
$table_log = table_by_key ('log'); $table_log = table_by_key ('log');

4
scripts/postfixadmin-cli.php
View File

@@ -550,9 +550,9 @@ $CONF = Config::read('all');
//bugfix shitty globals and OOP..... //bugfix shitty globals and OOP.....
$table_admin = table_by_key ('admin'); #$table_admin = table_by_key ('admin');
$table_alias = table_by_key ('alias'); $table_alias = table_by_key ('alias');
$table_alias_domain = table_by_key ('alias_domain'); #$table_alias_domain = table_by_key ('alias_domain');
$table_domain = table_by_key ('domain'); $table_domain = table_by_key ('domain');
$table_domain_admins = table_by_key ('domain_admins'); $table_domain_admins = table_by_key ('domain_admins');
$table_log = table_by_key ('log'); $table_log = table_by_key ('log');