diff options
| author | Andy Wermke <andy@dev.next-step-software.com> | 2013-04-04 16:10:23 +0200 |
|---|---|---|
| committer | Andy Wermke <andy@dev.next-step-software.com> | 2013-04-04 16:10:23 +0200 |
| commit | 92cd7f34b07e86062f2c024039e3309768b48ce6 (patch) | |
| tree | 63b9f39280ebcab80742d9f2b4db6a139c1791e1 /plugins/password/drivers | |
| parent | 029d18f13bcf01aa2f1f08dbdfc6400c081bf7cb (diff) | |
| parent | 443b92a7ee19e321b350750240e0fc54ec5be357 (diff) | |
Merge branch 'master' of https://github.com/roundcube/roundcubemail
Diffstat (limited to 'plugins/password/drivers')
| -rw-r--r-- | plugins/password/drivers/chpasswd.php | 2 | ||||
| -rw-r--r-- | plugins/password/drivers/cpanel.php | 128 | ||||
| -rw-r--r-- | plugins/password/drivers/dbmail.php | 2 | ||||
| -rw-r--r-- | plugins/password/drivers/directadmin.php | 22 | ||||
| -rw-r--r-- | plugins/password/drivers/expect.php | 2 | ||||
| -rw-r--r-- | plugins/password/drivers/hmail.php | 12 | ||||
| -rw-r--r-- | plugins/password/drivers/ldap.php | 8 | ||||
| -rw-r--r-- | plugins/password/drivers/ldap_simple.php | 350 | ||||
| -rw-r--r-- | plugins/password/drivers/pam.php | 6 | ||||
| -rw-r--r-- | plugins/password/drivers/pw_usermod.php | 2 | ||||
| -rw-r--r-- | plugins/password/drivers/sasl.php | 2 | ||||
| -rw-r--r-- | plugins/password/drivers/smb.php | 15 | ||||
| -rw-r--r-- | plugins/password/drivers/sql.php | 72 | ||||
| -rw-r--r-- | plugins/password/drivers/virtualmin.php | 10 | ||||
| -rw-r--r-- | plugins/password/drivers/vpopmaild.php | 2 | ||||
| -rw-r--r-- | plugins/password/drivers/xmail.php | 4 |
16 files changed, 295 insertions, 344 deletions
diff --git a/plugins/password/drivers/chpasswd.php b/plugins/password/drivers/chpasswd.php index 3ea10159c..137275e69 100644 --- a/plugins/password/drivers/chpasswd.php +++ b/plugins/password/drivers/chpasswd.php @@ -26,7 +26,7 @@ class rcube_chpasswd_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/cpanel.php b/plugins/password/drivers/cpanel.php index 58351143b..b71c33ec1 100644 --- a/plugins/password/drivers/cpanel.php +++ b/plugins/password/drivers/cpanel.php @@ -4,99 +4,43 @@ * cPanel Password Driver * * Driver that adds functionality to change the users cPanel password. - * The cPanel PHP API code has been taken from: http://www.phpclasses.org/browse/package/3534.html + * Originally written by Fulvio Venturelli <fulvio@venturelli.org> * - * This driver has been tested with Hostmonster hosting and seems to work fine. + * Completely rewritten using the cPanel API2 call Email::passwdpop + * as opposed to the original coding against the UI, which is a fragile method that + * makes the driver to always return a failure message for any language other than English + * see http://trac.roundcube.net/ticket/1487015 * - * @version 2.0 - * @author Fulvio Venturelli <fulvio@venturelli.org> + * This driver has been tested with o2switch hosting and seems to work fine. + * + * @version 3.0 + * @author Christian Chech <christian@chech.fr> */ class rcube_cpanel_password { public function save($curpas, $newpass) { + require_once 'xmlapi.php'; + $rcmail = rcmail::get_instance(); - // Create a cPanel email object - $cPanel = new emailAccount($rcmail->config->get('password_cpanel_host'), - $rcmail->config->get('password_cpanel_username'), - $rcmail->config->get('password_cpanel_password'), - $rcmail->config->get('password_cpanel_port'), - $rcmail->config->get('password_cpanel_ssl'), - $rcmail->config->get('password_cpanel_theme'), - $_SESSION['username'] ); + $this->cuser = $rcmail->config->get('password_cpanel_username'); + + // Setup the xmlapi connection + $this->xmlapi = new xmlapi($rcmail->config->get('password_cpanel_host')); + $this->xmlapi->set_port($rcmail->config->get('password_cpanel_port')); + $this->xmlapi->password_auth($this->cuser, $rcmail->config->get('password_cpanel_password')); + $this->xmlapi->set_output('json'); + $this->xmlapi->set_debug(0); - if ($cPanel->setPassword($newpass)){ + if ($this->setPassword($_SESSION['username'], $newpass)) { return PASSWORD_SUCCESS; } else { return PASSWORD_ERROR; } } -} - - -class HTTP -{ - function HTTP($host, $username, $password, $port, $ssl, $theme) - { - $this->ssl = $ssl ? 'ssl://' : ''; - $this->username = $username; - $this->password = $password; - $this->theme = $theme; - $this->auth = base64_encode($username . ':' . $password); - $this->port = $port; - $this->host = $host; - $this->path = '/frontend/' . $theme . '/'; - } - - function getData($url, $data = '') - { - $url = $this->path . $url; - if(is_array($data)) - { - $url = $url . '?'; - foreach($data as $key=>$value) - { - $url .= urlencode($key) . '=' . urlencode($value) . '&'; - } - $url = substr($url, 0, -1); - } - $response = ''; - $fp = fsockopen($this->ssl . $this->host, $this->port); - if(!$fp) - { - return false; - } - $out = 'GET ' . $url . ' HTTP/1.0' . "\r\n"; - $out .= 'Authorization: Basic ' . $this->auth . "\r\n"; - $out .= 'Connection: Close' . "\r\n\r\n"; - fwrite($fp, $out); - while (!feof($fp)) - { - $response .= @fgets($fp); - } - fclose($fp); - return $response; - } -} - - -class emailAccount -{ - function emailAccount($host, $username, $password, $port, $ssl, $theme, $address) - { - $this->HTTP = new HTTP($host, $username, $password, $port, $ssl, $theme); - if(strpos($address, '@')) - { - list($this->email, $this->domain) = explode('@', $address); - } - else - { - list($this->email, $this->domain) = array($address, ''); - } - } /** * Change email account password @@ -105,16 +49,24 @@ class emailAccount * @param string $password email account password * @return bool */ - function setPassword($password) - { - $data['email'] = $this->email; - $data['domain'] = $this->domain; - $data['password'] = $password; - $response = $this->HTTP->getData('mail/dopasswdpop.html', $data); - if(strpos($response, 'success') && !strpos($response, 'failure')) - { - return true; - } - return false; - } + function setPassword($address, $password) + { + if (strpos($address, '@')) { + list($data['email'], $data['domain']) = explode('@', $address); + } + else { + list($data['email'], $data['domain']) = array($address, ''); + } + + $data['password'] = $password; + + $query = $this->xmlapi->api2_query($this->cuser, 'Email', 'passwdpop', $data); + $query = json_decode($query, true); + + if ($query['cpanelresult']['data'][0]['result'] == 1) { + return true; + } + + return false; + } } diff --git a/plugins/password/drivers/dbmail.php b/plugins/password/drivers/dbmail.php index e4c0d52e3..529027b8d 100644 --- a/plugins/password/drivers/dbmail.php +++ b/plugins/password/drivers/dbmail.php @@ -29,7 +29,7 @@ class rcube_dbmail_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php index 657c21eb4..8bf0dc613 100644 --- a/plugins/password/drivers/directadmin.php +++ b/plugins/password/drivers/directadmin.php @@ -34,16 +34,16 @@ class rcube_directadmin_password $Socket->set_method('POST'); $Socket->query('/CMD_CHANGE_EMAIL_PASSWORD', array( - 'email' => $da_user, - 'oldpassword' => $da_curpass, - 'password1' => $da_newpass, - 'password2' => $da_newpass, - 'api' => '1' + 'email' => $da_user, + 'oldpassword' => $da_curpass, + 'password1' => $da_newpass, + 'password2' => $da_newpass, + 'api' => '1' )); $response = $Socket->fetch_parsed_body(); //DEBUG - //console("Password Plugin: [USER: $da_user] [HOST: $da_host] - Response: [SOCKET: ".$Socket->result_status_code."] [DA ERROR: ".strip_tags($response['error'])."] [TEXT: ".$response[text]."]"); + //rcube::console("Password Plugin: [USER: $da_user] [HOST: $da_host] - Response: [SOCKET: ".$Socket->result_status_code."] [DA ERROR: ".strip_tags($response['error'])."] [TEXT: ".$response[text]."]"); if($Socket->result_status_code != 200) return array('code' => PASSWORD_CONNECT_ERROR, 'message' => $Socket->error[0]); @@ -72,7 +72,7 @@ class rcube_directadmin_password class HTTPSocket { var $version = '2.8'; - + /* all vars are private except $error, $query_cache, and $doFollowLocationHeader */ var $method = 'GET'; @@ -173,7 +173,7 @@ class HTTPSocket { $location = parse_url($request); $this->connect($location['host'],$location['port']); $this->set_login($location['user'],$location['pass']); - + $request = $location['path']; $content = $location['query']; @@ -326,7 +326,7 @@ class HTTPSocket { } } - + list($this->result_header,$this->result_body) = preg_split("/\r\n\r\n/",$this->result,2); if ($this->bind_host) @@ -365,7 +365,6 @@ class HTTPSocket { $this->query($headers['location']); } } - } function getTransferSpeed() @@ -449,8 +448,7 @@ class HTTPSocket { function fetch_header( $header = '' ) { $array_headers = preg_split("/\r\n/",$this->result_header); - - $array_return = array( 0 => $array_headers[0] ); + $array_return = array( 0 => $array_headers[0] ); unset($array_headers[0]); foreach ( $array_headers as $pair ) diff --git a/plugins/password/drivers/expect.php b/plugins/password/drivers/expect.php index 7a191e254..1f68924df 100644 --- a/plugins/password/drivers/expect.php +++ b/plugins/password/drivers/expect.php @@ -45,7 +45,7 @@ class rcube_expect_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/hmail.php b/plugins/password/drivers/hmail.php index 104c851ae..a8f07a23b 100644 --- a/plugins/password/drivers/hmail.php +++ b/plugins/password/drivers/hmail.php @@ -26,8 +26,8 @@ class rcube_hmail_password $obApp = new COM("hMailServer.Application"); } catch (Exception $e) { - write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); - write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); + rcube::write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); + rcube::write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); return PASSWORD_ERROR; } @@ -39,8 +39,8 @@ class rcube_hmail_password else { $domain = $rcmail->config->get('username_domain',false); if (!$domain) { - write_log('errors','Plugin password (hmail driver): $rcmail_config[\'username_domain\'] is not defined.'); - write_log('errors','Plugin password (hmail driver): Hint: Use hmail_login plugin (http://myroundcube.googlecode.com'); + rcube::write_log('errors','Plugin password (hmail driver): $rcmail_config[\'username_domain\'] is not defined.'); + rcube::write_log('errors','Plugin password (hmail driver): Hint: Use hmail_login plugin (http://myroundcube.googlecode.com'); return PASSWORD_ERROR; } $username = $username . "@" . $domain; @@ -55,8 +55,8 @@ class rcube_hmail_password return PASSWORD_SUCCESS; } catch (Exception $e) { - write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); - write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); + rcube::write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); + rcube::write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); return PASSWORD_ERROR; } } diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index def07a175..548d327e1 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -85,7 +85,7 @@ class rcube_ldap_password // Crypt new samba password if ($smbpwattr && !($samba_pass = $this->hashPassword($passwd, 'samba'))) { - return PASSWORD_CRYPT_ERROR; + return PASSWORD_CRYPT_ERROR; } // Writing new crypted password to LDAP @@ -271,11 +271,11 @@ class rcube_ldap_password case 'samba': if (function_exists('hash')) { - $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE')); + $cryptedPassword = hash('md4', rcube_charset::convert($passwordClear, RCUBE_CHARSET, 'UTF-16LE')); $cryptedPassword = strtoupper($cryptedPassword); } else { - /* Your PHP install does not have the hash() function */ - return false; + /* Your PHP install does not have the hash() function */ + return false; } break; diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php index e1daed9f3..d47e14492 100644 --- a/plugins/password/drivers/ldap_simple.php +++ b/plugins/password/drivers/ldap_simple.php @@ -15,57 +15,57 @@ class rcube_ldap_simple_password { function save($curpass, $passwd) { - $rcmail = rcmail::get_instance(); - - // Connect - if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } - - // Set protocol version - if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } - - // Start TLS - if ($rcmail->config->get('password_ldap_starttls')) { - if (!ldap_start_tls($ds)) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } - } - - // Build user DN - if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) { - $user_dn = $this->substitute_vars($user_dn); - } - else { - $user_dn = $this->search_userdn($rcmail, $ds); - } - - if (empty($user_dn)) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } - - // Connection method - switch ($rcmail->config->get('password_ldap_method')) { - case 'admin': - $binddn = $rcmail->config->get('password_ldap_adminDN'); - $bindpw = $rcmail->config->get('password_ldap_adminPW'); - break; - case 'user': - default: - $binddn = $user_dn; - $bindpw = $curpass; - break; - } - - $crypted_pass = $this->hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); - $lchattr = $rcmail->config->get('password_ldap_lchattr'); - $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $rcmail = rcmail::get_instance(); + + // Connect + if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } + + // Set protocol version + if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } + + // Start TLS + if ($rcmail->config->get('password_ldap_starttls')) { + if (!ldap_start_tls($ds)) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } + } + + // Build user DN + if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) { + $user_dn = $this->substitute_vars($user_dn); + } + else { + $user_dn = $this->search_userdn($rcmail, $ds); + } + + if (empty($user_dn)) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } + + // Connection method + switch ($rcmail->config->get('password_ldap_method')) { + case 'admin': + $binddn = $rcmail->config->get('password_ldap_adminDN'); + $bindpw = $rcmail->config->get('password_ldap_adminPW'); + break; + case 'user': + default: + $binddn = $user_dn; + $bindpw = $curpass; + break; + } + + $crypted_pass = $this->hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); $samba = $rcmail->config->get('password_ldap_samba'); @@ -76,28 +76,28 @@ class rcube_ldap_simple_password $smblchattr = 'sambaPwdLastSet'; } - // Crypt new password - if (!$crypted_pass) { - return PASSWORD_CRYPT_ERROR; - } + // Crypt new password + if (!$crypted_pass) { + return PASSWORD_CRYPT_ERROR; + } // Crypt new Samba password if ($smbpwattr && !($samba_pass = $this->hash_password($passwd, 'samba'))) { - return PASSWORD_CRYPT_ERROR; + return PASSWORD_CRYPT_ERROR; } - // Bind - if (!ldap_bind($ds, $binddn, $bindpw)) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } + // Bind + if (!ldap_bind($ds, $binddn, $bindpw)) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } - $entree[$pwattr] = $crypted_pass; + $entree[$pwattr] = $crypted_pass; - // Update PasswordLastChange Attribute if desired - if ($lchattr) { - $entree[$lchattr] = (int)(time() / 86400); - } + // Update PasswordLastChange Attribute if desired + if ($lchattr) { + $entree[$lchattr] = (int)(time() / 86400); + } // Update Samba password if ($smbpwattr) { @@ -109,14 +109,14 @@ class rcube_ldap_simple_password $entree[$smblchattr] = time(); } - if (!ldap_modify($ds, $user_dn, $entree)) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } + if (!ldap_modify($ds, $user_dn, $entree)) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } - // All done, no error - ldap_unbind($ds); - return PASSWORD_SUCCESS; + // All done, no error + ldap_unbind($ds); + return PASSWORD_SUCCESS; } /** @@ -126,22 +126,22 @@ class rcube_ldap_simple_password */ function search_userdn($rcmail, $ds) { - /* Bind */ - if (!ldap_bind($ds, $rcmail->config->get('password_ldap_searchDN'), $rcmail->config->get('password_ldap_searchPW'))) { - return false; - } - - /* Search for the DN */ - if (!$sr = ldap_search($ds, $rcmail->config->get('password_ldap_search_base'), $this->substitute_vars($rcmail->config->get('password_ldap_search_filter')))) { - return false; - } - - /* If no or more entries were found, return false */ - if (ldap_count_entries($ds, $sr) != 1) { - return false; - } - - return ldap_get_dn($ds, ldap_first_entry($ds, $sr)); + /* Bind */ + if (!ldap_bind($ds, $rcmail->config->get('password_ldap_searchDN'), $rcmail->config->get('password_ldap_searchPW'))) { + return false; + } + + /* Search for the DN */ + if (!$sr = ldap_search($ds, $rcmail->config->get('password_ldap_search_base'), $this->substitute_vars($rcmail->config->get('password_ldap_search_filter')))) { + return false; + } + + /* If no or more entries were found, return false */ + if (ldap_count_entries($ds, $sr) != 1) { + return false; + } + + return ldap_get_dn($ds, ldap_first_entry($ds, $sr)); } /** @@ -150,22 +150,22 @@ class rcube_ldap_simple_password */ function substitute_vars($str) { - $str = str_replace('%login', $_SESSION['username'], $str); - $str = str_replace('%l', $_SESSION['username'], $str); + $str = str_replace('%login', $_SESSION['username'], $str); + $str = str_replace('%l', $_SESSION['username'], $str); - $parts = explode('@', $_SESSION['username']); + $parts = explode('@', $_SESSION['username']); - if (count($parts) == 2) { + if (count($parts) == 2) { $dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string - $str = str_replace('%name', $parts[0], $str); + $str = str_replace('%name', $parts[0], $str); $str = str_replace('%n', $parts[0], $str); $str = str_replace('%dc', $dc, $str); - $str = str_replace('%domain', $parts[1], $str); - $str = str_replace('%d', $parts[1], $str); - } + $str = str_replace('%domain', $parts[1], $str); + $str = str_replace('%d', $parts[1], $str); + } - return $str; + return $str; } /** @@ -176,83 +176,83 @@ class rcube_ldap_simple_password */ function hash_password($password_clear, $encodage_type) { - $encodage_type = strtolower($encodage_type); - switch ($encodage_type) { - case 'crypt': - $crypted_password = '{CRYPT}' . crypt($password_clear, $this->random_salt(2)); - break; - case 'ext_des': - /* Extended DES crypt. see OpenBSD crypt man page */ - if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) { - /* Your system crypt library does not support extended DES encryption */ - return false; - } - $crypted_password = '{CRYPT}' . crypt($password_clear, '_' . $this->random_salt(8)); - break; - case 'md5crypt': - if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) { - /* Your system crypt library does not support md5crypt encryption */ - return false; - } - $crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . $this->random_salt(9)); - break; - case 'blowfish': - if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) { - /* Your system crypt library does not support blowfish encryption */ - return false; - } - /* Hardcoded to second blowfish version and set number of rounds */ - $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . $this->random_salt(13)); - break; - case 'md5': - $crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear))); - break; - case 'sha': - if (function_exists('sha1')) { - /* Use PHP 4.3.0+ sha1 function, if it is available */ - $crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear))); - } else if (function_exists('mhash')) { - $crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear)); - } else { - /* Your PHP install does not have the mhash() function */ - return false; - } - break; - case 'ssha': - if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { - mt_srand((double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); - $crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt); - } else { - /* Your PHP install does not have the mhash() function */ - return false; - } - break; - case 'smd5': - if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { - mt_srand((double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); - $crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt); - } else { - /* Your PHP install does not have the mhash() function */ - return false; - } - break; + $encodage_type = strtolower($encodage_type); + switch ($encodage_type) { + case 'crypt': + $crypted_password = '{CRYPT}' . crypt($password_clear, $this->random_salt(2)); + break; + case 'ext_des': + /* Extended DES crypt. see OpenBSD crypt man page */ + if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) { + /* Your system crypt library does not support extended DES encryption */ + return false; + } + $crypted_password = '{CRYPT}' . crypt($password_clear, '_' . $this->random_salt(8)); + break; + case 'md5crypt': + if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) { + /* Your system crypt library does not support md5crypt encryption */ + return false; + } + $crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . $this->random_salt(9)); + break; + case 'blowfish': + if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) { + /* Your system crypt library does not support blowfish encryption */ + return false; + } + /* Hardcoded to second blowfish version and set number of rounds */ + $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . $this->random_salt(13)); + break; + case 'md5': + $crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear))); + break; + case 'sha': + if (function_exists('sha1')) { + /* Use PHP 4.3.0+ sha1 function, if it is available */ + $crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear))); + } else if (function_exists('mhash')) { + $crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear)); + } else { + /* Your PHP install does not have the mhash() function */ + return false; + } + break; + case 'ssha': + if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { + mt_srand((double) microtime() * 1000000 ); + $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); + $crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt); + } else { + /* Your PHP install does not have the mhash() function */ + return false; + } + break; + case 'smd5': + if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { + mt_srand((double) microtime() * 1000000 ); + $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); + $crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt); + } else { + /* Your PHP install does not have the mhash() function */ + return false; + } + break; case 'samba': if (function_exists('hash')) { - $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); + $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE')); $crypted_password = strtoupper($crypted_password); } else { - /* Your PHP install does not have the hash() function */ - return false; + /* Your PHP install does not have the hash() function */ + return false; } break; - case 'clear': - default: - $crypted_password = $password_clear; - } + case 'clear': + default: + $crypted_password = $password_clear; + } - return $crypted_password; + return $crypted_password; } /** @@ -263,14 +263,14 @@ class rcube_ldap_simple_password */ function random_salt($length) { - $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './'; - $str = ''; - // mt_srand((double)microtime() * 1000000); + $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './'; + $str = ''; + // mt_srand((double)microtime() * 1000000); - while (strlen($str) < $length) { - $str .= substr($possible, (rand() % strlen($possible)), 1); - } + while (strlen($str) < $length) { + $str .= substr($possible, (rand() % strlen($possible)), 1); + } - return $str; + return $str; } } diff --git a/plugins/password/drivers/pam.php b/plugins/password/drivers/pam.php index ed60bd841..8cd94c737 100644 --- a/plugins/password/drivers/pam.php +++ b/plugins/password/drivers/pam.php @@ -13,14 +13,14 @@ class rcube_pam_password { $user = $_SESSION['username']; - if (extension_loaded('pam')) { + if (extension_loaded('pam') || extension_loaded('pam_auth')) { if (pam_auth($user, $currpass, $error, false)) { if (pam_chpass($user, $currpass, $newpass)) { return PASSWORD_SUCCESS; } } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -29,7 +29,7 @@ class rcube_pam_password } } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/pw_usermod.php b/plugins/password/drivers/pw_usermod.php index 5b92fcbfb..237e275a7 100644 --- a/plugins/password/drivers/pw_usermod.php +++ b/plugins/password/drivers/pw_usermod.php @@ -28,7 +28,7 @@ class rcube_pw_usermod_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php index 9380cf838..8776eff2e 100644 --- a/plugins/password/drivers/sasl.php +++ b/plugins/password/drivers/sasl.php @@ -32,7 +32,7 @@ class rcube_sasl_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/smb.php b/plugins/password/drivers/smb.php index 138313be8..9f2b96afa 100644 --- a/plugins/password/drivers/smb.php +++ b/plugins/password/drivers/smb.php @@ -26,13 +26,15 @@ class rcube_smb_password public function save($currpass, $newpass) { - $host = rcmail::get_instance()->config->get('password_smb_host','localhost'); - $bin = rcmail::get_instance()->config->get('password_smb_cmd','/usr/bin/smbpasswd'); + $host = rcmail::get_instance()->config->get('password_smb_host','localhost'); + $bin = rcmail::get_instance()->config->get('password_smb_cmd','/usr/bin/smbpasswd'); $username = $_SESSION['username']; - $tmpfile = tempnam(sys_get_temp_dir(),'smb'); - $cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1'; - $handle = @popen($cmd, 'w'); + $host = rcube_utils::parse_host($host); + $tmpfile = tempnam(sys_get_temp_dir(),'smb'); + $cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1'; + $handle = @popen($cmd, 'w'); + fputs($handle, $currpass."\n"); fputs($handle, $newpass."\n"); fputs($handle, $newpass."\n"); @@ -44,7 +46,7 @@ class rcube_smb_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -56,4 +58,3 @@ class rcube_smb_password } } -?> diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 8bdcabf83..e02bff146 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -20,11 +20,11 @@ class rcube_sql_password $sql = 'SELECT update_passwd(%c, %u)'; if ($dsn = $rcmail->config->get('password_db_dsn')) { - // #1486067: enable new_link option - if (is_array($dsn) && empty($dsn['new_link'])) - $dsn['new_link'] = true; - else if (!is_array($dsn) && !preg_match('/\?new_link=true/', $dsn)) - $dsn .= '?new_link=true'; + // #1486067: enable new_link option + if (is_array($dsn) && empty($dsn['new_link'])) + $dsn['new_link'] = true; + else if (!is_array($dsn) && !preg_match('/\?new_link=true/', $dsn)) + $dsn .= '?new_link=true'; $db = rcube_db::factory($dsn, '', false); $db->set_debug((bool)$rcmail->config->get('sql_debug')); @@ -48,7 +48,7 @@ class rcube_sql_password else if (CRYPT_STD_DES) $crypt_hash = 'des'; } - + switch ($crypt_hash) { case 'md5': @@ -77,7 +77,7 @@ class rcube_sql_password //Restrict the character set used as salt (#1488136) $seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; for ($i = 0; $i < $len ; $i++) { - $salt .= $seedchars[rand(0, 63)]; + $salt .= $seedchars[rand(0, 63)]; } $sql = str_replace('%c', $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt)), $sql); @@ -116,30 +116,30 @@ class rcube_sql_password // hashed passwords if (preg_match('/%[n|q]/', $sql)) { - if (!extension_loaded('hash')) { - raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => __FILE__, 'line' => __LINE__, - 'message' => "Password plugin: 'hash' extension not loaded!" - ), true, false); - - return PASSWORD_ERROR; - } - - if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) + if (!extension_loaded('hash')) { + rcube::raise_error(array( + 'code' => 600, + 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Password plugin: 'hash' extension not loaded!" + ), true, false); + + return PASSWORD_ERROR; + } + + if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) $hash_algo = 'sha1'; - $hash_passwd = hash($hash_algo, $passwd); + $hash_passwd = hash($hash_algo, $passwd); $hash_curpass = hash($hash_algo, $curpass); - if ($rcmail->config->get('password_hash_base64')) { + if ($rcmail->config->get('password_hash_base64')) { $hash_passwd = base64_encode(pack('H*', $hash_passwd)); $hash_curpass = base64_encode(pack('H*', $hash_curpass)); } - $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); - $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); + $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); + $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); } // Handle clear text passwords securely (#1487034) @@ -164,14 +164,14 @@ class rcube_sql_password // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { - $domain_part = rcube_idn_to_ascii($domain_part); - $username = rcube_idn_to_ascii($username); - $host = rcube_idn_to_ascii($host); + $domain_part = rcube_utils::idn_to_ascii($domain_part); + $username = rcube_utils::idn_to_ascii($username); + $host = rcube_utils::idn_to_ascii($host); } else { - $domain_part = rcube_idn_to_utf8($domain_part); - $username = rcube_idn_to_utf8($username); - $host = rcube_idn_to_utf8($host); + $domain_part = rcube_utils::idn_to_utf8($domain_part); + $username = rcube_utils::idn_to_utf8($username); + $host = rcube_utils::idn_to_utf8($host); } // at least we should always have the local part @@ -183,16 +183,16 @@ class rcube_sql_password $res = $db->query($sql, $sql_vars); if (!$db->is_error()) { - if (strtolower(substr(trim($query),0,6))=='select') { - if ($result = $db->fetch_array($res)) - return PASSWORD_SUCCESS; - } else { + if (strtolower(substr(trim($query),0,6))=='select') { + if ($result = $db->fetch_array($res)) + return PASSWORD_SUCCESS; + } else { // This is the good case: 1 row updated - if ($db->affected_rows($res) == 1) - return PASSWORD_SUCCESS; + if ($db->affected_rows($res) == 1) + return PASSWORD_SUCCESS; // @TODO: Some queries don't affect any rows // Should we assume a success if there was no error? - } + } } return PASSWORD_ERROR; diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php index 69f1475d4..2c7aee617 100644 --- a/plugins/password/drivers/virtualmin.php +++ b/plugins/password/drivers/virtualmin.php @@ -48,10 +48,10 @@ class rcube_virtualmin_password $pieces = explode("_", $username); $domain = $pieces[0]; break; - case 8: // domain taken from alias, username left as it was - $email = $rcmail->user->data['alias']; - $domain = substr(strrchr($email, "@"), 1); - break; + case 8: // domain taken from alias, username left as it was + $email = $rcmail->user->data['alias']; + $domain = substr(strrchr($email, "@"), 1); + break; default: // username@domain $domain = substr(strrchr($username, "@"), 1); } @@ -67,7 +67,7 @@ class rcube_virtualmin_password return PASSWORD_SUCCESS; } else { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/vpopmaild.php b/plugins/password/drivers/vpopmaild.php index 510cf3338..6c1a9ee9d 100644 --- a/plugins/password/drivers/vpopmaild.php +++ b/plugins/password/drivers/vpopmaild.php @@ -19,7 +19,7 @@ class rcube_vpopmaild_password $vpopmaild = new Net_Socket(); if (PEAR::isError($vpopmaild->connect($rcmail->config->get('password_vpopmaild_host'), - $rcmail->config->get('password_vpopmaild_port'), null))) { + $rcmail->config->get('password_vpopmaild_port'), null))) { return PASSWORD_CONNECT_ERROR; } diff --git a/plugins/password/drivers/xmail.php b/plugins/password/drivers/xmail.php index 33a49ffe3..37abc3001 100644 --- a/plugins/password/drivers/xmail.php +++ b/plugins/password/drivers/xmail.php @@ -32,7 +32,7 @@ class rcube_xmail_password $xmail->port = $rcmail->config->get('xmail_port'); if (!$xmail->connect()) { - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -42,7 +42,7 @@ class rcube_xmail_password } else if (!$xmail->send("userpasswd\t".$domain."\t".$user."\t".$newpass."\n")) { $xmail->close(); - raise_error(array( + rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, |