SF.net SVN: postfixadmin:[1529] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1529
          http://sourceforge.net/p/postfixadmin/code/1529
Author:   christian_boltz
Date:     2013-10-07 18:42:59 +0000 (Mon, 07 Oct 2013)
Log Message:
-----------
functions.inc.php:
- pacrypt(), dovecot:* method:
  - allow "." in dovecot method (to allow a suffix like ".b64")
  - blacklist SCRAM-SHA-1 (needs -u)
  - check against list of non-salted methods to be backward compatible
    with dovecot < 2.1 again
  Thanks to Szilagyi Jozsef <szjozsef AT yahoo DOT com> for providing
  the list of non-salted methods etc.

functions.inc.php, scripts/postfixadmin-cli.php:
- drop unused global variables $table_admin and $table_alias_domain

Modified Paths:
--------------
    trunk/functions.inc.php
    trunk/scripts/postfixadmin-cli.php

Modified: trunk/functions.inc.php
===================================================================

--- trunk/functions.inc.php	2013-10-06 22:35:02 UTC (rev 1528)
+++ trunk/functions.inc.php	2013-10-07 18:42:59 UTC (rev 1529)
@@ -910,12 +910,14 @@
     elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
         $split_method = preg_split ('/:/', $CONF['encrypt']);
         $method       = strtoupper($split_method[1]);
-        if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); }  # TODO: check against a fixed list?
+        if (! preg_match("/^[A-Z0-9.-]+$/", $method)) { die("invalid dovecot encryption method"); }  # TODO: check against a fixed list?
         # if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); 
         # $crypt_method = preg_match ("/.*-CRYPT$/", $method);
 
-        # digest-md5 hashes include the username - until someone implements it, let's declare it as unsupported
+        # digest-md5 and SCRAM-SHA-1 hashes include the username - until someone implements it, let's declare it as unsupported
         if (strtolower($method) == 'digest-md5') die("Sorry, \$CONF['encrypt'] = 'dovecot:digest-md5' is not supported by PostfixAdmin.");
+        if (strtoupper($method) == 'SCRAM-SHA-1') die("Sorry, \$CONF['encrypt'] = 'dovecot:scram-sha-1' is not supported by PostfixAdmin.");
+        # TODO: add -u option for those hashes, or for everything that is salted (-u was available before dovecot 2.1 -> no problem with backward compability)
 
         $dovecotpw = "doveadm pw";
         if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
@@ -927,9 +929,12 @@
 			2 => array("pipe", "w"), // stderr
 		);
 
+        $nonsaltedtypes = "SHA|SHA1|SHA256|SHA512|CLEAR|CLEARTEXT|PLAIN|PLAIN-TRUNC|CRAM-MD5|HMAC-MD5|PLAIN-MD4|PLAIN-MD5|LDAP-MD5|LANMAN|NTLM|RPA";
+        $salted = ! preg_match("/^($nonsaltedtypes)(\.B64|\.BASE64|\.HEX)?$/", strtoupper($method) );
+
         $dovepasstest = '';
-        if (!empty($pw_db)) {
-            # TODO: only use -t for salted passwords to be backward compatible with dovecot < 2.1 again
+        if ( $salted && (!empty($pw_db)) ) {
+            # only use -t for salted passwords to be backward compatible with dovecot < 2.1
             $dovepasstest = " -t " . escapeshellarg($pw_db);
         }
         $pipe = proc_open("$dovecotpw '-s' $method$dovepasstest", $spec, $pipes);
@@ -1850,9 +1855,9 @@
     return Config::bool($setting);    
 }
 
-$table_admin = table_by_key ('admin');
+#$table_admin = table_by_key ('admin');
 $table_alias = table_by_key ('alias');
-$table_alias_domain = table_by_key ('alias_domain');
+#$table_alias_domain = table_by_key ('alias_domain');
 $table_domain = table_by_key ('domain');
 $table_domain_admins = table_by_key ('domain_admins');
 $table_log = table_by_key ('log');

Modified: trunk/scripts/postfixadmin-cli.php
===================================================================
--- trunk/scripts/postfixadmin-cli.php	2013-10-06 22:35:02 UTC (rev 1528)
+++ trunk/scripts/postfixadmin-cli.php	2013-10-07 18:42:59 UTC (rev 1529)
@@ -550,9 +550,9 @@
 
 //bugfix shitty globals and OOP.....
 
-$table_admin = table_by_key ('admin');
+#$table_admin = table_by_key ('admin');
 $table_alias = table_by_key ('alias');
-$table_alias_domain = table_by_key ('alias_domain');
+#$table_alias_domain = table_by_key ('alias_domain');
 $table_domain = table_by_key ('domain');
 $table_domain_admins = table_by_key ('domain_admins');
 $table_log = table_by_key ('log');

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



