From 5e9b40a0d5d6c0d0205c761cee0991417cc78451 Mon Sep 17 00:00:00 2001
From: defa <defa@so36.net>
Date: Mon, 27 Aug 2012 17:57:45 +0200
Subject: added more digest-support to crypt-function

---
 plugins/password/drivers/sql.php | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

(limited to 'plugins')

diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index 449e2df5b..ec04048f6 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -40,13 +40,33 @@ class rcube_sql_password
         // crypted password
         if (strpos($sql, '%c') !== FALSE) {
             $salt = '';
-            if (CRYPT_MD5) {
-                // Always use eight salt characters for MD5 (#1488136)
-    	        $len = 8;
-            } else if (CRYPT_STD_DES) {
-        	    $len = 2;
-            } else {
-        	    return PASSWORD_CRYPT_ERROR;
+
+            if (!($crypt_digest = $rcmail->config->get('password_crypt_digest')))
+                $crypt_digest = CRYPT_MD5;
+            
+            switch ($crypt_digest)
+            {
+            case CRYPT_MD5:
+                $len = 8;
+                $salt_digest = '$1$';
+                break;
+            case CRYPT_STD_DES:
+                $len = 2;
+                break;
+            case CRYPT_BLOWFISH:
+                $len = 22;
+                $salt_digest = '$2a$';
+                break;
+            case CRYPT_SHA256:
+                $len = 16;
+                $salt_digest = '$5$';
+                break;
+            case CRYPT_SHA512:
+                $len = 16;
+                $salt_digest = '$6$';
+                break;
+            default:
+                return PASSWORD_CRYPT_ERROR;
             }
 
             //Restrict the character set used as salt (#1488136)
@@ -55,7 +75,7 @@ class rcube_sql_password
     	        $salt .= $seedchars[rand(0, 63)];
             }
 
-            $sql = str_replace('%c',  $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
+            $sql = str_replace('%c',  $db->quote(crypt($passwd, $salt_digest ? $salt_digest .$salt.'$' : $salt)), $sql);
         }
 
         // dovecotpw
-- 
cgit v1.2.3


From 5c603c4032bf71792e7accd80e2b7d0e78d445f8 Mon Sep 17 00:00:00 2001
From: defa <defa@so36.net>
Date: Tue, 28 Aug 2012 16:11:49 +0200
Subject: fixed the patch after some testing, works productive

---
 plugins/password/drivers/sql.php | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

(limited to 'plugins')

diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index ec04048f6..8bdcabf83 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -41,29 +41,34 @@ class rcube_sql_password
         if (strpos($sql, '%c') !== FALSE) {
             $salt = '';
 
-            if (!($crypt_digest = $rcmail->config->get('password_crypt_digest')))
-                $crypt_digest = CRYPT_MD5;
+            if (!($crypt_hash = $rcmail->config->get('password_crypt_hash')))
+            {
+                if (CRYPT_MD5)
+                    $crypt_hash = 'md5';
+                else if (CRYPT_STD_DES)
+                    $crypt_hash = 'des';
+            }
             
-            switch ($crypt_digest)
+            switch ($crypt_hash)
             {
-            case CRYPT_MD5:
+            case 'md5':
                 $len = 8;
-                $salt_digest = '$1$';
+                $salt_hashindicator = '$1$';
                 break;
-            case CRYPT_STD_DES:
+            case 'des':
                 $len = 2;
                 break;
-            case CRYPT_BLOWFISH:
+            case 'blowfish':
                 $len = 22;
-                $salt_digest = '$2a$';
+                $salt_hashindicator = '$2a$';
                 break;
-            case CRYPT_SHA256:
+            case 'sha256':
                 $len = 16;
-                $salt_digest = '$5$';
+                $salt_hashindicator = '$5$';
                 break;
-            case CRYPT_SHA512:
+            case 'sha512':
                 $len = 16;
-                $salt_digest = '$6$';
+                $salt_hashindicator = '$6$';
                 break;
             default:
                 return PASSWORD_CRYPT_ERROR;
@@ -75,7 +80,7 @@ class rcube_sql_password
     	        $salt .= $seedchars[rand(0, 63)];
             }
 
-            $sql = str_replace('%c',  $db->quote(crypt($passwd, $salt_digest ? $salt_digest .$salt.'$' : $salt)), $sql);
+            $sql = str_replace('%c',  $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt)), $sql);
         }
 
         // dovecotpw
-- 
cgit v1.2.3


From a0f006748f6127e1e8cca23ffd7fabe1c75d5336 Mon Sep 17 00:00:00 2001
From: "GDR\\!" <gdr@go2.pl>
Date: Thu, 24 May 2012 11:56:39 +0200
Subject: Password plugin made compatible with modern Virtualmin

Added a new username format in Virtualmin driver,
which works for default Virtualmin settings where
username is user.postfix and domain is taken from
email address.

Example:
email - info@goodcoffee.com
login - info.goodcof
---
 plugins/password/drivers/virtualmin.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'plugins')

diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php
index b2547e07f..f6b9bd412 100644
--- a/plugins/password/drivers/virtualmin.php
+++ b/plugins/password/drivers/virtualmin.php
@@ -48,6 +48,10 @@ class rcube_virtualmin_password
             $pieces = explode("_", $username);
             $domain = $pieces[0];
             break;
+		case 8: // domain taken from alias, username left as it was
+			$email = $rcmail->user->data['alias'];
+			$domain = substr(strrchr($email, "@"), 1);
+			break
         default: // username@domain
             $domain = substr(strrchr($username, "@"), 1);
         }
-- 
cgit v1.2.3


From 145503a32d6a3afb013ba165231cd2192bb2a7fe Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 4 Sep 2012 11:01:03 +0200
Subject: Fix parse error in virtualmin driver (#1488668)

---
 plugins/password/drivers/virtualmin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php
index f6b9bd412..f9eca9633 100644
--- a/plugins/password/drivers/virtualmin.php
+++ b/plugins/password/drivers/virtualmin.php
@@ -51,7 +51,7 @@ class rcube_virtualmin_password
 		case 8: // domain taken from alias, username left as it was
 			$email = $rcmail->user->data['alias'];
 			$domain = substr(strrchr($email, "@"), 1);
-			break
+			break;
         default: // username@domain
             $domain = substr(strrchr($username, "@"), 1);
         }
-- 
cgit v1.2.3


From 1d8e8634450f84eff6c47c84e78c05fd356fd31b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 4 Sep 2012 15:33:16 +0200
Subject: Fix parser_kep14 test

---
 plugins/managesieve/tests/Parser.php           | 2 +-
 plugins/managesieve/tests/src/parser_kep14.out | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 plugins/managesieve/tests/src/parser_kep14.out

(limited to 'plugins')

diff --git a/plugins/managesieve/tests/Parser.php b/plugins/managesieve/tests/Parser.php
index 06b644b34..00915cc20 100644
--- a/plugins/managesieve/tests/Parser.php
+++ b/plugins/managesieve/tests/Parser.php
@@ -31,7 +31,7 @@ class Parser extends PHPUnit_Framework_TestCase
         $result   = array();
 
         while ($file = readdir($dir)) {
-            if (preg_match('/^[a-z_]+$/', $file)) {
+            if (preg_match('/^[a-z0-9_]+$/', $file)) {
                 $input = file_get_contents($dir_path . '/' . $file);
 
                 if (file_exists($dir_path . '/' . $file . '.out')) {
diff --git a/plugins/managesieve/tests/src/parser_kep14.out b/plugins/managesieve/tests/src/parser_kep14.out
new file mode 100644
index 000000000..cb7faa7f8
--- /dev/null
+++ b/plugins/managesieve/tests/src/parser_kep14.out
@@ -0,0 +1,3 @@
+require ["variables"];
+set "EDITOR" "Roundcube";
+set "EDITOR_VERSION" "123";
-- 
cgit v1.2.3


From 5ba07a429a9651d574abc48ba17d487094cae340 Mon Sep 17 00:00:00 2001
From: defa <defa@so36.net>
Date: Wed, 5 Sep 2012 14:53:55 +0200
Subject: added sample configuration

---
 plugins/password/config.inc.php.dist | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 37c79315d..8d7b433af 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -36,7 +36,8 @@ $rcmail_config['password_db_dsn'] = '';
 // The query can contain the following macros that will be expanded as follows:
 //      %p is replaced with the plaintext new password
 //      %c is replaced with the crypt version of the new password, MD5 if available
-//         otherwise DES.
+//         otherwise DES. More hash function can be enabled using the password_crypt_hash 
+//         configuration parameter.
 //      %D is replaced with the dovecotpw-crypted version of the new password
 //      %o is replaced with the password before the change
 //      %n is replaced with the hashed version of the new password
@@ -51,6 +52,13 @@ $rcmail_config['password_db_dsn'] = '';
 // Default: "SELECT update_passwd(%c, %u)"
 $rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';
 
+// By default the crypt() function which is used to create the '%c' 
+// parameter uses the md5 algorithm. To use different algorithms 
+// you can choose between: des, md5, blowfish, sha256, sha512.
+// Before using other hash functions than des or md5 please make sure
+// your operating system supports the other hash functions.
+$rcmail_config['password_crypt_hash'] = 'md5';
+
 // By default domains in variables are using unicode.
 // Enable this option to use punycoded names
 $rcmail_config['password_idn_ascii'] = false;
-- 
cgit v1.2.3