5 files changed, 39 insertions, 118 deletions

diff --git a/plugins/password/composer.json b/plugins/password/composer.json
new file mode 100644
index 000000000..3aba2a2ba
--- /dev/null
+++ b/plugins/password/composer.json
@@ -0,0 +1,24 @@
+{
+    "name": "roundcube/password",
+    "type": "roundcube-plugin",
+    "description": "Password Change for Roundcube. Plugin adds a possibility to change user password using many methods (drivers) via Settings/Password tab.",
+    "license": "GPLv3+",
+    "version": "3.5",
+    "authors": [
+        {
+            "name": "Aleksander Machniak",
+            "email": "alec@alec.pl",
+            "role": "Lead"
+        }
+    ],
+    "repositories": [
+        {
+            "type": "composer",
+            "url": "http://plugins.roundcube.net"
+        }
+    ],
+    "require": {
+        "php": ">=5.3.0",
+        "roundcube/plugin-installer": ">=0.1.3"
+    }
+}
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 94c4368fe..cf021020f 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -95,6 +95,11 @@ $config['password_hash_algorithm'] = 'sha1';
 // as hex string or in base64 encoded format.
 $config['password_hash_base64'] = false;
 
+// Iteration count parameter for Blowfish-based hashing algo.
+// It must be between 4 and 31. Default: 12.
+// Be aware, the higher the value, the longer it takes to generate the password hashes.
+$config['password_blowfish_cost'] = 12;
+
 
 // Poppassd Driver options
 // -----------------------
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index ac2ea3bd3..c18ff0f06 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -259,8 +259,12 @@ class rcube_ldap_password
                 return false;
             }
 
-            /* Hardcoded to second blowfish version and set number of rounds */
-            $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . self::random_salt(13));
+            $rcmail = rcmail::get_instance();
+            $cost   = (int) $rcmail->config->get('password_blowfish_cost');
+            $cost   = $cost < 4 || $cost > 31 ? 12 : $cost;
+            $prefix = sprintf('$2a$%02d$', $cost);
+
+            $crypted_password = '{CRYPT}' . crypt($password_clear, $prefix . self::random_salt(22));
             break;
 
         case 'md5':
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index ab348ddac..37e162e22 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -66,8 +66,10 @@ class rcube_sql_password
                 $len = 2;
                 break;
             case 'blowfish':
-                $len = 22;
-                $salt_hashindicator = '$2a$';
+                $cost = (int) $rcmail->config->get('password_blowfish_cost');
+                $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
+                $len  = 22;
+                $salt_hashindicator = sprintf('$2a$%02d$', $cost);
                 break;
             case 'sha256':
                 $len = 16;
diff --git a/plugins/password/package.xml b/plugins/password/package.xml
deleted file mode 100644
index 4fa023c77..000000000
--- a/plugins/password/package.xml
+++ /dev/null
@@ -1,114 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<package xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" packagerversion="1.9.0" version="2.0" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0
-    http://pear.php.net/dtd/tasks-1.0.xsd
-    http://pear.php.net/dtd/package-2.0
-    http://pear.php.net/dtd/package-2.0.xsd">
-	<name>password</name>
-	<channel>pear.roundcube.net</channel>
-	<summary>Password Change for Roundcube</summary>
-	<description>Plugin that adds a possibility to change user password using many
-        methods (drivers) via Settings/Password tab.
-    </description>
-	<lead>
-		<name>Aleksander Machniak</name>
-		<user>alec</user>
-		<email>alec@alec.pl</email>
-		<active>yes</active>
-	</lead>
-	<date>2014-06-10</date>
-	<version>
-		<release>3.5</release>
-		<api>2.0</api>
-	</version>
-	<stability>
-		<release>stable</release>
-		<api>stable</api>
-	</stability>
-	<license uri="http://www.gnu.org/licenses/gpl.html">GNU GPLv3+</license>
-	<contents>
-		<dir baseinstalldir="/" name="/">
-			<file name="password.php" role="php">
-				<tasks:replace from="@name@" to="name" type="package-info"/>
-				<tasks:replace from="@package_version@" to="version" type="package-info"/>
-			</file>
-			<file name="password.js" role="data">
-				<tasks:replace from="@name@" to="name" type="package-info"/>
-				<tasks:replace from="@package_version@" to="version" type="package-info"/>
-			</file>
-            <file name="README" role="data">
-				<tasks:replace from="@name@" to="name" type="package-info"/>
-				<tasks:replace from="@package_version@" to="version" type="package-info"/>
-            </file>
-			<file name="localization/az_AZ.inc" role="data"></file>
-			<file name="localization/bg_BG.inc" role="data"></file>
-			<file name="localization/ca_ES.inc" role="data"></file>
-			<file name="localization/cs_CZ.inc" role="data"></file>
-			<file name="localization/da_DK.inc" role="data"></file>
-			<file name="localization/de_CH.inc" role="data"></file>
-			<file name="localization/de_DE.inc" role="data"></file>
-			<file name="localization/en_US.inc" role="data"></file>
-			<file name="localization/es_AR.inc" role="data"></file>
-			<file name="localization/es_ES.inc" role="data"></file>
-			<file name="localization/et_EE.inc" role="data"></file>
-			<file name="localization/fi_FI.inc" role="data"></file>
-			<file name="localization/fr_FR.inc" role="data"></file>
-			<file name="localization/gl_ES.inc" role="data"></file>
-			<file name="localization/hr_HR.inc" role="data"></file>
-			<file name="localization/hu_HU.inc" role="data"></file>
-			<file name="localization/it_IT.inc" role="data"></file>
-			<file name="localization/ja_JA.inc" role="data"></file>
-			<file name="localization/lt_LT.inc" role="data"></file>
-			<file name="localization/lv_LV.inc" role="data"></file>
-			<file name="localization/nl_NL.inc" role="data"></file>
-			<file name="localization/pl_PL.inc" role="data"></file>
-			<file name="localization/pt_BR.inc" role="data"></file>
-			<file name="localization/pt_PT.inc" role="data"></file>
-			<file name="localization/ru_RU.inc" role="data"></file>
-			<file name="localization/sk_SK.inc" role="data"></file>
-			<file name="localization/sl_SI.inc" role="data"></file>
-			<file name="localization/sv_SE.inc" role="data"></file>
-			<file name="localization/tr_TR.inc" role="data"></file>
-			<file name="localization/zh_TW.inc" role="data"></file>
-
-            <file name="drivers/chpasswd.php" role="php"></file>
-            <file name="drivers/dbmail.php" role="php"></file>
-            <file name="drivers/directadmin.php" role="php"></file>
-            <file name="drivers/domainfactory.php" role="php"></file>
-            <file name="drivers/expect.php" role="php"></file>
-            <file name="drivers/ldap.php" role="php"></file>
-            <file name="drivers/ldap_simple.php" role="php"></file>
-            <file name="drivers/poppassd.php" role="php"></file>
-            <file name="drivers/sql.php" role="php"></file>
-            <file name="drivers/vpopmaild.php" role="php"></file>
-            <file name="drivers/cpanel.php" role="php"></file>
-            <file name="drivers/hmail.php" role="php"></file>
-            <file name="drivers/pam.php" role="php"></file>
-            <file name="drivers/pw_usermod.php" role="php"></file>
-            <file name="drivers/sasl.php" role="php"></file>
-            <file name="drivers/smb.php" role="php"></file>
-            <file name="drivers/virtualmin.php" role="php"></file>
-            <file name="drivers/ximss.php" role="php"></file>
-            <file name="drivers/xmail.php" role="php"></file>
-
-			<file name="helpers/chgdbmailusers.c" role="data"></file>
-			<file name="helpers/chgsaslpasswd.c" role="data"></file>
-            <file name="helpers/chgvirtualminpasswd.c" role="data"></file>
-            <file name="helpers/chpass-wrapper.py" role="data"></file>
-            <file name="helpers/passwd-expect" role="data"></file>
-
-            <file name="config.inc.php.disc" role="data"></file>
-		</dir>
-		<!-- / -->
-	</contents>
-	<dependencies>
-		<required>
-			<php>
-				<min>5.2.1</min>
-			</php>
-			<pearinstaller>
-				<min>1.7.0</min>
-			</pearinstaller>
-		</required>
-	</dependencies>
-	<phprelease/>
-</package>