diff --git a/README.md b/README.md index a63c43b..c6cf065 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,10 @@ Enable it in your Admin -> Apps section and configure your server's details. Currently, it supports most of postfixadmin's encryption options, except dovecot and saslauthd. It was tested and developed for a postfixadmin database. +Password changing is disabled by default, but can be enabled in the Admin area. +Caution: user_sql does not recreate password salts, which imposes a security risk. +Password salts should be newly generated whenever the password changes. + Credits * Johan Hendriks provided his user_postfixadmin diff --git a/ajax/settings.php b/ajax/settings.php index 707ed56..69b8e63 100644 --- a/ajax/settings.php +++ b/ajax/settings.php @@ -14,7 +14,7 @@ $l = new OC_L10N('use_sql'); $params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type', - 'sql_column_displayname', 'domain_settings', 'map_array', 'domain_array'); + 'sql_column_displayname', 'domain_settings', 'map_array', 'domain_array', 'allow_password_change'); if(isset($_POST['appname']) && $_POST['appname'] == "user_sql") { @@ -25,7 +25,12 @@ if(isset($_POST['appname']) && $_POST['appname'] == "user_sql") if($param === 'strip_domain') { OCP\Config::setAppValue('user_sql', 'strip_domain', true); - } else + } + elseif($param ==='allow_password_change') + { + OCP\Config::setAppValue('user_sql', 'allow_password_change', true); + } + else { OCP\Config::setAppValue('user_sql', $param, $_POST[$param]); } @@ -35,6 +40,10 @@ if(isset($_POST['appname']) && $_POST['appname'] == "user_sql") { OCP\Config::setAppValue('user_sql', 'strip_domain', false); } + elseif($param === 'allow_password_change') + { + OCP\Config::setAppValue('user_sql', 'allow_password_change', false); + } } } } else diff --git a/appinfo/version b/appinfo/version index d3827e7..9459d4b 100644 --- a/appinfo/version +++ b/appinfo/version @@ -1 +1 @@ -1.0 +1.1 diff --git a/settings.php b/settings.php index 2ae57fe..ce46d72 100644 --- a/settings.php +++ b/settings.php @@ -53,6 +53,7 @@ $tmpl -> assign('sql_column_displayname', OCP\Config::getAppValue('user_sql', 's $tmpl -> assign('map_array', OCP\Config::getAppValue('user_sql', 'map_array', '')); $tmpl -> assign('domain_array', OCP\Config::getAppValue('user_sql', 'domain_array', '')); $tmpl -> assign('domain_settings', OCP\Config::getAppValue('user_sql', 'domain_settings', '')); +$tmpl -> assign('allow_password_change', OCP\Config::getAppValue('user_sql', 'allow_password_change', 0)); // workaround to detect OC version $ocVersion = @reset(OCP\Util::getVersion()); $tmpl -> assign('ocVersion', $ocVersion); diff --git a/templates/settings.php b/templates/settings.php index d2b790c..e8e52ad 100644 --- a/templates/settings.php +++ b/templates/settings.php @@ -42,6 +42,10 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
title="Allow changing passwords. Imposes a security risk as password salts are not recreated"> | |
'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256'); ?> diff --git a/user_sql.php b/user_sql.php index 6d7faa1..fc1fc51 100644 --- a/user_sql.php +++ b/user_sql.php @@ -48,6 +48,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface protected $domain_settings; protected $domain_array; protected $map_array; + protected $allow_password_change; public function __construct() { @@ -65,6 +66,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $this -> sql_type = OCP\Config::getAppValue('user_sql', 'sql_type', ''); $this -> default_domain = OCP\Config::getAppValue('user_sql', 'default_domain', ''); $this -> strip_domain = OCP\Config::getAppValue('user_sql', 'strip_domain', 0); + $this -> allow_password_change = OCP\Config::getAppValue('user_sql', 'allow_password_change', 0); $this -> crypt_type = OCP\Config::getAppValue('user_sql', 'crypt_type', 'md5crypt'); $this -> domain_settings = OCP\Config::getAppValue('user_sql', 'domain_settings', 'none'); $this -> domain_array = explode(",", OCP\Config::getAppValue('user_sql', 'domain_array', '')); @@ -153,7 +155,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface // Update the user's password - this might affect other services, that // use the same database, as well OC_Log::write('OC_USER_SQL', "Entering setPassword for UID: $uid", OC_Log::DEBUG); - if(!$this -> db_conn) + if(!$this -> db_conn || !$this->allow_password_change) { return false; } |