summaryrefslogtreecommitdiff
path: root/plugins/password/README
diff options
context:
space:
mode:
authorHugues Hiegel <root@paranoid>2014-08-05 16:46:22 +0200
committerHugues Hiegel <root@paranoid>2014-08-05 16:46:22 +0200
commit59478e06c25303a790a0840ab2ac30662c4ef781 (patch)
tree8d5e964a8f94adaef41efebb0597629f11495c42 /plugins/password/README
parent7c494b677f9e470ee0d32e62cfa8dc709f39e748 (diff)
c'est la merde..working
Diffstat (limited to 'plugins/password/README')
-rw-r--r--plugins/password/README116
1 files changed, 53 insertions, 63 deletions
diff --git a/plugins/password/README b/plugins/password/README
index 262ebfd86..ef6f5b428 100644
--- a/plugins/password/README
+++ b/plugins/password/README
@@ -1,29 +1,31 @@
-----------------------------------------------------------------------
Password Plugin for Roundcube
-----------------------------------------------------------------------
+
Plugin that adds a possibility to change user password using many
methods (drivers) via Settings/Password tab.
+
-----------------------------------------------------------------------
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2
+ as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see http://www.gnu.org/licenses/.
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
@version @package_version@
- @author Aleksander Machniak <alec@alec.pl>
+ @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
@author <see driver files for driver authors>
-----------------------------------------------------------------------
- 1. Configuration
- 2. Drivers
+ 1. Configuration
+ 2. Drivers
2.1. Database (sql)
2.2. Cyrus/SASL (sasl)
2.3. Poppassd/Courierpassd (poppassd)
@@ -42,8 +44,7 @@
2.16. DBMail (dbmail)
2.17. Expect (expect)
2.18. Samba (smb)
- 2.19. Vpopmail daemon (vpopmaild)
- 3. Driver API
+ 3. Driver API
1. Configuration
@@ -64,40 +65,40 @@
-------------------
You can specify which database to connect by 'password_db_dsn' option and
- what SQL query to execute by 'password_query'. See config.inc.php.dist file for
+ what SQL query to execute by 'password_query'. See main.inc.php.dist file for
more info.
Example implementations of an update_passwd function:
- This is for use with LMS (http://lms.org.pl) database and postgres:
- CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
- DECLARE
- res integer;
- BEGIN
- UPDATE passwd SET password = hash
- WHERE login = split_part(account, '@', 1)
- AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
- RETURNING id INTO res;
- RETURN res;
- END;
- $$ LANGUAGE plpgsql SECURITY DEFINER;
+ CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
+ DECLARE
+ res integer;
+ BEGIN
+ UPDATE passwd SET password = hash
+ WHERE login = split_part(account, '@', 1)
+ AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
+ RETURNING id INTO res;
+ RETURN res;
+ END;
+ $$ LANGUAGE plpgsql SECURITY DEFINER;
- This is for use with a SELECT update_passwd(%o,%c,%u) query
- Updates the password only when the old password matches the MD5 password
- in the database
-
- CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
- MODIFIES SQL DATA
- BEGIN
- DECLARE currentsalt varchar(20);
- DECLARE error text;
- SET error = 'incorrect current password';
- SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
- SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
- UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
- RETURN error;
- END
+ Updates the password only when the old password matches the MD5 password
+ in the database
+
+ CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
+ MODIFIES SQL DATA
+ BEGIN
+ DECLARE currentsalt varchar(20);
+ DECLARE error text;
+ SET error = 'incorrect current password';
+ SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
+ SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
+ UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
+ RETURN error;
+ END
Example SQL UPDATEs:
@@ -137,11 +138,12 @@
Installation:
- Change into the helpers directory. Edit the chgsaslpasswd.c file as is
+ Change into the helpers directory. Copy and edit
+ /usr/share/roundcube-plugins/examples/chgsaslpasswd.c as is
documented within it.
Compile the wrapper program:
- gcc -o chgsaslpasswd chgsaslpasswd.c
+ gcc -o chgsaslpasswd chgsaslpasswd.c
Chown the compiled chgsaslpasswd binary to the cyrus user and group
that your browser runs as, then chmod them to 4550.
@@ -149,13 +151,13 @@
For example, if your cyrus user is 'cyrus' and the apache server group is
'nobody' (I've been told Redhat runs Apache as user 'apache'):
- chown cyrus:nobody chgsaslpasswd
- chmod 4550 chgsaslpasswd
+ chown cyrus:nobody chgsaslpasswd
+ chmod 4550 chgsaslpasswd
Stephen Carr has suggested users should try to run the scripts on a test
account as the cyrus user eg;
- su cyrus -c "./chgsaslpasswd -p test_account"
+ su cyrus -c "./chgsaslpasswd -p test_account"
This will allow you to make sure that the script will work for your setup.
Should the script not work, make sure that:
@@ -191,12 +193,8 @@
2.6. cPanel (cpanel)
--------------------
- Install cPanel XMLAPI Client Class into Roundcube program/lib directory
- or any other place in PHP include path. You can get the class from
- https://raw.github.com/CpanelInc/xmlapi-php/master/xmlapi.php
-
- You can configure parameters for connection to cPanel's API interface.
- See config.inc.php.dist file for more info.
+ You can specify parameters for HTTP connection to cPanel's admin
+ interface. See config.inc.php.dist file for more info.
2.7. XIMSS/Communigate (ximms)
@@ -210,7 +208,8 @@
----------------------------
As in sasl driver this one allows to change password using shell
- utility called "virtualmin". See helpers/chgvirtualminpasswd.c for
+ utility called "virtualmin". See
+ /usr/share/doc/roundcube-plugins/examples/chgvirtualminpasswd.c for
installation instructions. See also config.inc.php.dist file.
@@ -235,8 +234,9 @@
Driver that adds functionality to change the systems user password via
the 'chpasswd' command. See config.inc.php.dist file.
- Attached wrapper script (helpers/chpass-wrapper.py) restricts password changes
- to uids >= 1000 and can deny requests based on a blacklist.
+ Attached wrapper script
+ (/usr/share/doc/roundcube-plugins/examples/chpass-wrapper.py) restricts
+ password changes to uids >= 1000 and can deny requests based on a blacklist.
2.12. LDAP - no PEAR (ldap_simple)
@@ -247,7 +247,7 @@
This driver is fully compatible with the ldap driver, but
does not require (or uses) the
- $config['password_ldap_force_replace'] variable.
+ $rcmail_config['password_ldap_force_replace'] variable.
Other advantages:
* Connects only once with the LDAP server when using the search user.
* Does not read the DN, but only replaces the password within (that is
@@ -300,16 +300,6 @@
Driver to change Samba user password via the 'smbpasswd' command.
See config.inc.php.dist file for configuration description.
- 2.19. Vpopmail daemon (vpopmaild)
- -----------------------------------
-
- Driver for the daemon of vpopmail. Vpopmail is used with qmail to
- enable virtual users that are saved in a database and not in /etc/passwd.
-
- Set $config['password_vpopmaild_host'] to the host where vpopmaild runs.
-
- Set $config['password_vpopmaild_port'] to the port of vpopmaild.
-
3. Driver API
-------------