user mailbox password encryption from CRYPT to CRAM-MD5

Discussion in 'Tips/Tricks/Mods' started by MrWolf, Aug 22, 2013.

  1. MrWolf

    MrWolf New Member

    Hi,

    I use ISPConfig 3.0.5.3

    I want to change the user mailbox password encryption from crypt to cram-md5.

    I already change the dovecot
    default_pass_scheme = CRAM-MD5

    and if I insert a "cram-md5" password in the db the authentication is successful but if I create the password from ispconfig, it put it back to crypt.

    I find many place where crypt is used in the ispconfig file but I just want to change those for email.

    one of the file I think might help me is this one:
    /interface/web/mail/form/mail_user.tform.php
    with the line:
    Code:
    'password' => array (
                            'datatype'      => 'VARCHAR',
                            'formtype'      => 'PASSWORD',
                            'encryption'=> 'CRYPT',
    
    do anyone know if I can just change 'CRYPT' to 'CRAM-MD5' or do I need to change it elsewhere?

    am I on the right track or not?

    Thank you
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig des not support CRAM-MD5. So if you would want to use that, you will have to implement the encryption mechanism in the ispconfig tform library and remote API first.
     
  3. MrWolf

    MrWolf New Member

    Thank you till,

    do you have any hint on how to do it?
    if you can just point me the file used to do this, I'll try to find how by myself.

    Thank you
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The tform library is in the folder /usr/local/ispconfig/interface/lib/classes/
     
  5. MrWolf

    MrWolf New Member

    I have a Debian 7 with ISPConfig 3.0.5.3
    I use Postfix and Dovecot
    this setting is working for my setup but I can't guarantee it will work for yours.

    I edited this file
    /usr/local/ispconfig/interface/web/mailuser/form/mail_user_password.tform.php
    From:
    Code:
    'password' => array (
                            'datatype'      => 'VARCHAR',
                            'formtype'      => 'PASSWORD',
                            'encryption'    => 'CRYPT',
                            'default'       => '',
                            'value'         => '',
                            'width'         => '30',
                            'maxlength'     => '255'
                    ),
    
    To:
    Code:
    'password' => array (
                            'datatype'      => 'VARCHAR',
                            'formtype'      => 'PASSWORD',
                            'encryption'    => 'CRAM-MD5',
                            'default'       => '',
                            'value'         => '',
                            'width'         => '30',
                            'maxlength'     => '255'
                    ),
    This file
    /usr/local/ispconfig/interface/web/mail/form/mail_user.tform.php
    From:
    Code:
    'password' => array (
                            'datatype'      => 'VARCHAR',
                            'formtype'      => 'PASSWORD',
                            'encryption'=> 'CRYPT',
                            'default'       => '',
                            'value'         => '',
                            'width'         => '30',
                            'maxlength'     => '255'
                    ),
    To:
    Code:
    'password' => array (
                            'datatype'      => 'VARCHAR',
                            'formtype'      => 'PASSWORD',
                            'encryption'=> 'CRAM-MD5',
                            'default'       => '',
                            'value'         => '',
                            'width'         => '30',
                            'maxlength'     => '255'
                    ),
    this file
    /usr/local/ispconfig/interface/lib/classes/tform.inc.php
    From:
    Code:
    // go trough all fields of the tab
    if(is_array($record)) {
    	foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
    		// Wenn es kein leeres Passwortfeld ist
    		if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
    		// Erzeuge Insert oder Update Quelltext
    			if($action == "INSERT") {
    				if($field['formtype'] == 'PASSWORD') {
    					$sql_insert_key .= "`$key`, ";
    					if($field['encryption'] == 'CRYPT') {
    						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} elseif ($field['encryption'] == 'MYSQL') {
    						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
    						$record[$key] = $tmp['crypted'];
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} elseif ($field['encryption'] == 'CLEARTEXT') {
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} else {
    						$record[$key] = md5(stripslashes($record[$key]));
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					}
    
    				} elseif ($field['formtype'] == 'CHECKBOX') {
    					$sql_insert_key .= "`$key`, ";
    					if($record[$key] == '') {
    						// if a checkbox is not set, we set it to the unchecked value
    						$sql_insert_val .= "'".$field['value'][0]."', ";
    						$record[$key] = $field['value'][0];
    					} else {
    						$sql_insert_val .= "'".$record[$key]."', ";
    					}
    				} else {
    					$sql_insert_key .= "`$key`, ";
    					$sql_insert_val .= "'".$record[$key]."', ";
    				}
    			} else {
    				if($field['formtype'] == 'PASSWORD') {
    					if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
    						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
    						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
    						$record[$key] = $tmp['crypted'];
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} else {
    						$record[$key] = md5(stripslashes($record[$key]));
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					}
    				} elseif ($field['formtype'] == 'CHECKBOX') {
    					if($record[$key] == '') {
    					// if a checkbox is not set, we set it to the unchecked value
    						$sql_update .= "`$key` = '".$field['value'][0]."', ";
    						$record[$key] = $field['value'][0];
    					} else {
    						$sql_update .= "`$key` = '".$record[$key]."', ";
    					}
    				} else {
    					$sql_update .= "`$key` = '".$record[$key]."', ";
    				}
    			}
    		} else {
    			// we unset the password filed, if empty to tell the datalog function
    			// that the password has not been changed
    			unset($record[$key]);
    		}
    	}
    }
    
    To:
    Code:
    // go trough all fields of the tab
    if(is_array($record)) {
    	foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
    		// Wenn es kein leeres Passwortfeld ist
    		if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
    		// Erzeuge Insert oder Update Quelltext
    			if($action == "INSERT") {
    				if($field['formtype'] == 'PASSWORD') {
    					$sql_insert_key .= "`$key`, ";
    					if($field['encryption'] == 'CRYPT') {
    						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} elseif($field['encryption'] == 'CRAM-MD5') {
    						$record[$key] = $app->auth->crammd5_password(stripslashes($record[$key]));
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} elseif ($field['encryption'] == 'MYSQL') {
    						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
    						$record[$key] = $tmp['crypted'];
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} elseif ($field['encryption'] == 'CLEARTEXT') {
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					} else {
    						$record[$key] = md5(stripslashes($record[$key]));
    						$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
    					}
    
    				} elseif ($field['formtype'] == 'CHECKBOX') {
    					$sql_insert_key .= "`$key`, ";
    					if($record[$key] == '') {
    						// if a checkbox is not set, we set it to the unchecked value
    						$sql_insert_val .= "'".$field['value'][0]."', ";
    						$record[$key] = $field['value'][0];
    					} else {
    						$sql_insert_val .= "'".$record[$key]."', ";
    					}
    				} else {
    					$sql_insert_key .= "`$key`, ";
    					$sql_insert_val .= "'".$record[$key]."', ";
    				}
    			} else {
    				if($field['formtype'] == 'PASSWORD') {
    					if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
    						$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} elseif($field['encryption'] == 'CRAM-MD5') {
    						$record[$key] = $app->auth->crammd5_password(stripslashes($record[$key]));
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
    						$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
    						$record[$key] = $tmp['crypted'];
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					} else {
    						$record[$key] = md5(stripslashes($record[$key]));
    						$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
    					}
    				} elseif ($field['formtype'] == 'CHECKBOX') {
    					if($record[$key] == '') {
    					// if a checkbox is not set, we set it to the unchecked value
    						$sql_update .= "`$key` = '".$field['value'][0]."', ";
    						$record[$key] = $field['value'][0];
    					} else {
    						$sql_update .= "`$key` = '".$record[$key]."', ";
    					}
    				} else {
    					$sql_update .= "`$key` = '".$record[$key]."', ";
    				}
    			}
    		} else {
    			// we unset the password filed, if empty to tell the datalog function
    			// that the password has not been changed
    			unset($record[$key]);
    		}
    	}
    }
    
    and this file
    /usr/local/ispconfig/interface/lib/classes/auth.inc.php
    I added:
    Code:
    public function crammd5_password($cleartext_password) {
    	$crypted_password = rtrim(shell_exec(escapeshellcmd("/usr/bin/doveadm pw -s CRAM-MD5 -p $cleartext_password")));
    	return str_replace("{CRAM-MD5}","",$crypted_password);
    }
    
    then, when I create or edit user mailbox, the password is in CRAM-MD5 format from Dovecot

    :)
     

Share This Page