From eb40d641326e54793ee2637229a20006eed131f9 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 28 Dec 2012 11:39:01 +0200 Subject: [PATCH] password reset support for rouncube webmail --- bin/v-get-mail-account-value | 49 +++++++++++ bin/v-get-mail-domain-value | 47 +++++++++++ bin/v-search-domain-owner | 55 +++++++++++++ web/inc/main.php | 2 +- web/reset/mail/index.php | 154 +++++++++++++++++++++++++++++++++++ 5 files changed, 306 insertions(+), 1 deletion(-) create mode 100755 bin/v-get-mail-account-value create mode 100755 bin/v-get-mail-domain-value create mode 100755 bin/v-search-domain-owner create mode 100644 web/reset/mail/index.php diff --git a/bin/v-get-mail-account-value b/bin/v-get-mail-account-value new file mode 100755 index 000000000..067fcb6ba --- /dev/null +++ b/bin/v-get-mail-account-value @@ -0,0 +1,49 @@ +#!/bin/bash +# info: get mail account value +# options: user domain account key +# +# The function for getting a certain mail account parameter. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +user=$1 +domain=$(idn -t --quiet -u "$2" ) +domain_idn=$(idn -t --quiet -a "$domain") +account=$3 +key=$(echo "$4"| tr '[:lower:]' '[:upper:]'|sed -e "s/^/$/") + +# Includes +source $VESTA/func/main.sh + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'user domain key' +validate_format 'user' 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_valid 'mail' 'DOMAIN' "$domain" +is_object_valid "mail/$domain" 'ACCOUNT' "$account" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Print +get_object_value "mail/$domain" 'ACCOUNT' "$account" "$key" + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$EVENT" + +exit diff --git a/bin/v-get-mail-domain-value b/bin/v-get-mail-domain-value new file mode 100755 index 000000000..1fd54adce --- /dev/null +++ b/bin/v-get-mail-domain-value @@ -0,0 +1,47 @@ +#!/bin/bash +# info: get mail domain value +# options: user domain key +# +# The function for getting a certain mail domain parameter. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +user=$1 +domain=$(idn -t --quiet -u "$2" ) +domain_idn=$(idn -t --quiet -a "$domain") +key=$(echo "$3"| tr '[:lower:]' '[:upper:]'|sed -e "s/^/$/") + +# Includes +source $VESTA/func/main.sh + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'user domain key' +validate_format 'user' 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_valid 'mail' 'DOMAIN' "$domain" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Print +get_object_value 'mail' 'DOMAIN' "$domain" "$key" + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$EVENT" + +exit diff --git a/bin/v-search-domain-owner b/bin/v-search-domain-owner new file mode 100755 index 000000000..c09a1c945 --- /dev/null +++ b/bin/v-search-domain-owner @@ -0,0 +1,55 @@ +#!/bin/bash +# info: search domain owner +# options: domain [type] +# +# The function that allows to find user objects. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +domain=$(idn -t --quiet -u "$1" ) +type=${2-any} + +# Includes +source $VESTA/func/main.sh + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'domain [type]' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Define conf +case $type in + web) conf="$VESTA/data/users/*/web.conf" ;; + dns) conf="$VESTA/data/users/*/dns.conf" ;; + mail) conf="$VESTA/data/users/*/mail.conf" ;; + *) conf="$VESTA/data/users/*/*.conf" +esac + + +owner=$(grep "DOMAIN='$domain'" $conf | head -n 1 | cut -f7 -d '/') +if [ -z "$owner" ]; then + exit $E_NOTEXIST +fi + +echo $owner + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +#log_event "$OK" "$EVENT" + +exit diff --git a/web/inc/main.php b/web/inc/main.php index 5df9e1bd3..f48dc05b5 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -1,6 +1,6 @@ 0; $i-=16) + { + if ($i > 16) + { + $ctx .= substr ($final,0,16); + } + else + { + $ctx .= substr ($final,0,$i); + } + } + $i = strlen ($pw); + + while ($i > 0) + { + if ($i & 1) $ctx .= chr (0); + else $ctx .= $pw[0]; + $i = $i >> 1; + } + $final = hex2bin (md5 ($ctx)); + + for ($i=0;$i<1000;$i++) + { + $ctx1 = ""; + if ($i & 1) + { + $ctx1 .= $pw; + } + else + { + $ctx1 .= substr ($final,0,16); + } + if ($i % 3) $ctx1 .= $salt; + if ($i % 7) $ctx1 .= $pw; + if ($i & 1) + { + $ctx1 .= substr ($final,0,16); + } + else + { + $ctx1 .= $pw; + } + $final = hex2bin (md5 ($ctx1)); + } + $passwd = ""; + $passwd .= to64 (((ord ($final[0]) << 16) | (ord ($final[6]) << 8) | (ord ($final[12]))), 4); + $passwd .= to64 (((ord ($final[1]) << 16) | (ord ($final[7]) << 8) | (ord ($final[13]))), 4); + $passwd .= to64 (((ord ($final[2]) << 16) | (ord ($final[8]) << 8) | (ord ($final[14]))), 4); + $passwd .= to64 (((ord ($final[3]) << 16) | (ord ($final[9]) << 8) | (ord ($final[15]))), 4); + $passwd .= to64 (((ord ($final[4]) << 16) | (ord ($final[10]) << 8) | (ord ($final[5]))), 4); + $passwd .= to64 (ord ($final[11]), 2); + return "$magic$salt\$$passwd"; +} + + +// +// sourceforge.net/projects/postfixadmin/ +// to64 +// + +function to64 ($v, $n) +{ + $ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + $ret = ""; + while (($n - 1) >= 0) + { + $n--; + $ret .= $ITOA64[$v & 0x3f]; + $v = $v >> 6; + } + return $ret; +} + + +// Check arguments +if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) { + list($v_account, $v_domain) = explode('@', $_POST['email']); + $v_domain = escapeshellarg($v_domain); + $v_account = escapeshellarg($v_account); + $password = $_POST['password']; + $new = escapeshellarg($_POST['new']); + + // Get domain owner + exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var); + if ($return_var == 0) { + $v_user = $output[0]; + } + unset($output); + + // Get current md5 hash + if (!empty($v_user)) { + exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var); + if ($return_var == 0) { + $v_hash = $output[0]; + } + } + unset($output); + + // Compare hashes + if (!empty($v_hash)) { + $salt = explode('$', $v_hash); + $n_hash = md5crypt($password, $salt[2]); + $n_hash = '{MD5}'.$n_hash; + + // Change password + if ( $v_hash == $n_hash ) { + exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$new, $output, $return_var); + $fp = fopen('/tmp/vst.log', 'w'); + fwrite($fp, "Owner: ".$v_user."\n"); + fwrite($fp, "Hash: ".$v_hash."\n"); + fwrite($fp, "New: ".$n_hash."\n"); + fwrite($fp, "Salt : ".$salt[2]."\n"); + fwrite($fp, "Password: ".$password."\n"); + fwrite($fp, "Return: ".$return_var."\n"); + fclose($fp); + + if ($return_var == 0) { + echo "ok"; + exit; + } + } + } +} + +echo 'error'; + +exit;