Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd August 2013, 02:55
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 8 Times in 5 Posts
Question user mailbox password encryption from CRYPT to CRAM-MD5

Hi,

I use ISPConfig 3.0.5.3

I want to change the user mailbox password encryption from crypt to cram-md5.

I already change the dovecot
default_pass_scheme = CRAM-MD5

and if I insert a "cram-md5" password in the db the authentication is successful but if I create the password from ispconfig, it put it back to crypt.

I find many place where crypt is used in the ispconfig file but I just want to change those for email.

one of the file I think might help me is this one:
/interface/web/mail/form/mail_user.tform.php
with the line:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'=> 'CRYPT',
do anyone know if I can just change 'CRYPT' to 'CRAM-MD5' or do I need to change it elsewhere?

am I on the right track or not?

Thank you
Reply With Quote
Sponsored Links
  #2  
Old 22nd August 2013, 09:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,678
Thanks: 819
Thanked 5,318 Times in 4,171 Posts
Default

ISPConfig des not support CRAM-MD5. So if you would want to use that, you will have to implement the encryption mechanism in the ispconfig tform library and remote API first.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 22nd August 2013, 12:21
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 8 Times in 5 Posts
Default

Thank you till,

do you have any hint on how to do it?
if you can just point me the file used to do this, I'll try to find how by myself.

Thank you
Reply With Quote
The Following User Says Thank You to MrWolf For This Useful Post:
Weegreerogs (27th August 2013)
  #4  
Old 22nd August 2013, 12:29
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,678
Thanks: 819
Thanked 5,318 Times in 4,171 Posts
Default

The tform library is in the folder /usr/local/ispconfig/interface/lib/classes/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 23rd August 2013, 18:10
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 8 Times in 5 Posts
 
Default

I have a Debian 7 with ISPConfig 3.0.5.3
I use Postfix and Dovecot
this setting is working for my setup but I can't guarantee it will work for yours.

I edited this file
/usr/local/ispconfig/interface/web/mailuser/form/mail_user_password.tform.php
From:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'    => 'CRYPT',
                        'default'       => '',
                        'value'         => '',
                        'width'         => '30',
                        'maxlength'     => '255'
                ),
To:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'    => 'CRAM-MD5',
                        'default'       => '',
                        'value'         => '',
                        'width'         => '30',
                        'maxlength'     => '255'
                ),
This file
/usr/local/ispconfig/interface/web/mail/form/mail_user.tform.php
From:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'=> 'CRYPT',
                        'default'       => '',
                        'value'         => '',
                        'width'         => '30',
                        'maxlength'     => '255'
                ),
To:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'=> 'CRAM-MD5',
                        'default'       => '',
                        'value'         => '',
                        'width'         => '30',
                        'maxlength'     => '255'
                ),
this file
/usr/local/ispconfig/interface/lib/classes/tform.inc.php
From:
Code:
// go trough all fields of the tab
if(is_array($record)) {
	foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
		// Wenn es kein leeres Passwortfeld ist
		if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
		// Erzeuge Insert oder Update Quelltext
			if($action == "INSERT") {
				if($field['formtype'] == 'PASSWORD') {
					$sql_insert_key .= "`$key`, ";
					if($field['encryption'] == 'CRYPT') {
						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} elseif ($field['encryption'] == 'MYSQL') {
						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
						$record[$key] = $tmp['crypted'];
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} elseif ($field['encryption'] == 'CLEARTEXT') {
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} else {
						$record[$key] = md5(stripslashes($record[$key]));
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					}

				} elseif ($field['formtype'] == 'CHECKBOX') {
					$sql_insert_key .= "`$key`, ";
					if($record[$key] == '') {
						// if a checkbox is not set, we set it to the unchecked value
						$sql_insert_val .= "'".$field['value'][0]."', ";
						$record[$key] = $field['value'][0];
					} else {
						$sql_insert_val .= "'".$record[$key]."', ";
					}
				} else {
					$sql_insert_key .= "`$key`, ";
					$sql_insert_val .= "'".$record[$key]."', ";
				}
			} else {
				if($field['formtype'] == 'PASSWORD') {
					if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
						$record[$key] = $tmp['crypted'];
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} else {
						$record[$key] = md5(stripslashes($record[$key]));
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					}
				} elseif ($field['formtype'] == 'CHECKBOX') {
					if($record[$key] == '') {
					// if a checkbox is not set, we set it to the unchecked value
						$sql_update .= "`$key` = '".$field['value'][0]."', ";
						$record[$key] = $field['value'][0];
					} else {
						$sql_update .= "`$key` = '".$record[$key]."', ";
					}
				} else {
					$sql_update .= "`$key` = '".$record[$key]."', ";
				}
			}
		} else {
			// we unset the password filed, if empty to tell the datalog function
			// that the password has not been changed
			unset($record[$key]);
		}
	}
}
To:
Code:
// go trough all fields of the tab
if(is_array($record)) {
	foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
		// Wenn es kein leeres Passwortfeld ist
		if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
		// Erzeuge Insert oder Update Quelltext
			if($action == "INSERT") {
				if($field['formtype'] == 'PASSWORD') {
					$sql_insert_key .= "`$key`, ";
					if($field['encryption'] == 'CRYPT') {
						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} elseif($field['encryption'] == 'CRAM-MD5') {
						$record[$key] = $app->auth->crammd5_password(stripslashes($record[$key]));
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} elseif ($field['encryption'] == 'MYSQL') {
						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
						$record[$key] = $tmp['crypted'];
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} elseif ($field['encryption'] == 'CLEARTEXT') {
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					} else {
						$record[$key] = md5(stripslashes($record[$key]));
						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
					}

				} elseif ($field['formtype'] == 'CHECKBOX') {
					$sql_insert_key .= "`$key`, ";
					if($record[$key] == '') {
						// if a checkbox is not set, we set it to the unchecked value
						$sql_insert_val .= "'".$field['value'][0]."', ";
						$record[$key] = $field['value'][0];
					} else {
						$sql_insert_val .= "'".$record[$key]."', ";
					}
				} else {
					$sql_insert_key .= "`$key`, ";
					$sql_insert_val .= "'".$record[$key]."', ";
				}
			} else {
				if($field['formtype'] == 'PASSWORD') {
					if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} elseif($field['encryption'] == 'CRAM-MD5') {
						$record[$key] = $app->auth->crammd5_password(stripslashes($record[$key]));
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
						$record[$key] = $tmp['crypted'];
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					} else {
						$record[$key] = md5(stripslashes($record[$key]));
						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
					}
				} elseif ($field['formtype'] == 'CHECKBOX') {
					if($record[$key] == '') {
					// if a checkbox is not set, we set it to the unchecked value
						$sql_update .= "`$key` = '".$field['value'][0]."', ";
						$record[$key] = $field['value'][0];
					} else {
						$sql_update .= "`$key` = '".$record[$key]."', ";
					}
				} else {
					$sql_update .= "`$key` = '".$record[$key]."', ";
				}
			}
		} else {
			// we unset the password filed, if empty to tell the datalog function
			// that the password has not been changed
			unset($record[$key]);
		}
	}
}
and this file
/usr/local/ispconfig/interface/lib/classes/auth.inc.php
I added:
Code:
public function crammd5_password($cleartext_password) {
	$crypted_password = rtrim(shell_exec(escapeshellcmd("/usr/bin/doveadm pw -s CRAM-MD5 -p $cleartext_password")));
	return str_replace("{CRAM-MD5}","",$crypted_password);
}
then, when I create or edit user mailbox, the password is in CRAM-MD5 format from Dovecot

Reply With Quote
The Following User Says Thank You to MrWolf For This Useful Post:
till (24th August 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dovecot v2 with ISPConfig 3 CSsab Installation/Configuration 13 13th September 2012 19:01
My Server Is Sending Spam. How Do I Block This? LordJ Server Operation 1 7th July 2011 19:34
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
squirrelmail user login error wiewioor Installation/Configuration 17 31st July 2009 11:03
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 08:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.