Password changing must be explicitly enabled now.

Push to 1.1
This commit is contained in:
Andreas Boehler 2014-12-29 10:56:36 +01:00
parent 80ce4728eb
commit 3aa9c2020f
6 changed files with 24 additions and 4 deletions

View File

@ -9,6 +9,10 @@ Enable it in your Admin -> Apps section and configure your server's details.
Currently, it supports most of postfixadmin's encryption options, except dovecot and saslauthd.
It was tested and developed for a postfixadmin database.
Password changing is disabled by default, but can be enabled in the Admin area.
Caution: user_sql does not recreate password salts, which imposes a security risk.
Password salts should be newly generated whenever the password changes.
Credits
* Johan Hendriks provided his user_postfixadmin

View File

@ -14,7 +14,7 @@ $l = new OC_L10N('use_sql');
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password',
'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type',
'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type',
'sql_column_displayname', 'domain_settings', 'map_array', 'domain_array');
'sql_column_displayname', 'domain_settings', 'map_array', 'domain_array', 'allow_password_change');
if(isset($_POST['appname']) && $_POST['appname'] == "user_sql")
{
@ -25,7 +25,12 @@ if(isset($_POST['appname']) && $_POST['appname'] == "user_sql")
if($param === 'strip_domain')
{
OCP\Config::setAppValue('user_sql', 'strip_domain', true);
} else
}
elseif($param ==='allow_password_change')
{
OCP\Config::setAppValue('user_sql', 'allow_password_change', true);
}
else
{
OCP\Config::setAppValue('user_sql', $param, $_POST[$param]);
}
@ -35,6 +40,10 @@ if(isset($_POST['appname']) && $_POST['appname'] == "user_sql")
{
OCP\Config::setAppValue('user_sql', 'strip_domain', false);
}
elseif($param === 'allow_password_change')
{
OCP\Config::setAppValue('user_sql', 'allow_password_change', false);
}
}
}
} else

View File

@ -1 +1 @@
1.0
1.1

View File

@ -53,6 +53,7 @@ $tmpl -> assign('sql_column_displayname', OCP\Config::getAppValue('user_sql', 's
$tmpl -> assign('map_array', OCP\Config::getAppValue('user_sql', 'map_array', ''));
$tmpl -> assign('domain_array', OCP\Config::getAppValue('user_sql', 'domain_array', ''));
$tmpl -> assign('domain_settings', OCP\Config::getAppValue('user_sql', 'domain_settings', ''));
$tmpl -> assign('allow_password_change', OCP\Config::getAppValue('user_sql', 'allow_password_change', 0));
// workaround to detect OC version
$ocVersion = @reset(OCP\Util::getVersion());
$tmpl -> assign('ocVersion', $ocVersion);

View File

@ -42,6 +42,10 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
<table>
<tr><td><label for="sql_column_username"><?php echo $l -> t('Username Column'); ?></label></td><td><input type="text" id="sql_column_username" name="sql_column_username" value="<?php echo $_['sql_column_username']; ?>" /></td></tr>
<tr><td><label for="sql_column_password"><?php echo $l -> t('Password Column'); ?></label></td><td><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></td></tr>
<tr><td><label for="sql_allow_password_change"><?php echo $l -> t('Allow password changing (read README!)'); ?></label></td><td><input type="checkbox" id="allow_password_change" name="allow_password_change" value="1"<?php
if($_['allow_password_change'])
echo ' checked';
?> title="Allow changing passwords. Imposes a security risk as password salts are not recreated"></td></tr>
<tr><td><label for="sql_column_displayname"><?php echo $l -> t('Real Name Column'); ?></label></td><td><input type="text" id="sql_column_displayname" name="sql_column_displayname" value="<?php echo $_['sql_column_displayname']; ?>" /></td></tr>
<tr><td><label for="crypt_type"><?php echo $l -> t('Encryption Type'); ?></label></td>
<?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256'); ?>

View File

@ -48,6 +48,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
protected $domain_settings;
protected $domain_array;
protected $map_array;
protected $allow_password_change;
public function __construct()
{
@ -65,6 +66,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
$this -> sql_type = OCP\Config::getAppValue('user_sql', 'sql_type', '');
$this -> default_domain = OCP\Config::getAppValue('user_sql', 'default_domain', '');
$this -> strip_domain = OCP\Config::getAppValue('user_sql', 'strip_domain', 0);
$this -> allow_password_change = OCP\Config::getAppValue('user_sql', 'allow_password_change', 0);
$this -> crypt_type = OCP\Config::getAppValue('user_sql', 'crypt_type', 'md5crypt');
$this -> domain_settings = OCP\Config::getAppValue('user_sql', 'domain_settings', 'none');
$this -> domain_array = explode(",", OCP\Config::getAppValue('user_sql', 'domain_array', ''));
@ -153,7 +155,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
// Update the user's password - this might affect other services, that
// use the same database, as well
OC_Log::write('OC_USER_SQL', "Entering setPassword for UID: $uid", OC_Log::DEBUG);
if(!$this -> db_conn)
if(!$this -> db_conn || !$this->allow_password_change)
{
return false;
}