Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Refactor support for pre-hashed passwords (#4024)

Shea Ramage 4 years ago
parent
43146b23c9
commit
4feceb08da
2 changed files with 24 additions and 24 deletions
Split View Show Diff Stats
  1. 23 17
      data/web/inc/functions.inc.php
  2. 1 7
      data/web/inc/functions.mailbox.inc.php

+ 23 - 17
data/web/inc/functions.inc.php
View File 

@@ -88,23 +88,29 @@ function hash_password($password) {
 
   // in case default pass scheme is not defined, falling back to BLF-CRYPT.

   global $default_pass_scheme;

   $pw_hash = NULL;

-  switch (strtoupper($default_pass_scheme)) {

-    case "SSHA":

-      $salt_str = bin2hex(openssl_random_pseudo_bytes(8));

-      $pw_hash = "{SSHA}".base64_encode(hash('sha1', $password . $salt_str, true) . $salt_str);

-      break;

-    case "SSHA256":

-      $salt_str = bin2hex(openssl_random_pseudo_bytes(8));

-      $pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);

-      break;

-    case "SSHA512":

-      $salt_str = bin2hex(openssl_random_pseudo_bytes(8));

-      $pw_hash = "{SSHA512}".base64_encode(hash('sha512', $password . $salt_str, true) . $salt_str);

-      break;

-    case "BLF-CRYPT":

-    default:

-      $pw_hash = "{BLF-CRYPT}" . password_hash($password, PASSWORD_BCRYPT);

-      break;

+  // support pre-hashed passwords

+  if (preg_match('/^{(ARGON2I|ARGON2ID|BLF-CRYPT|CLEAR|CLEARTEXT|CRYPT|DES-CRYPT|LDAP-MD5|MD5|MD5-CRYPT|PBKDF2|PLAIN|PLAIN-MD4|PLAIN-MD5|PLAIN-TRUNC|PLAIN-TRUNC|SHA|SHA1|SHA256|SHA256-CRYPT|SHA512|SHA512-CRYPT|SMD5|SSHA|SSHA256|SSHA512)}/i', $password)) {

+    $pw_hash = $password;

+  }

+  else {

+    switch (strtoupper($default_pass_scheme)) {

+      case "SSHA":

+        $salt_str = bin2hex(openssl_random_pseudo_bytes(8));

+        $pw_hash = "{SSHA}".base64_encode(hash('sha1', $password . $salt_str, true) . $salt_str);

+        break;

+      case "SSHA256":

+        $salt_str = bin2hex(openssl_random_pseudo_bytes(8));

+        $pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);

+        break;

+      case "SSHA512":

+        $salt_str = bin2hex(openssl_random_pseudo_bytes(8));

+        $pw_hash = "{SSHA512}".base64_encode(hash('sha512', $password . $salt_str, true) . $salt_str);

+        break;

+      case "BLF-CRYPT":

+      default:

+        $pw_hash = "{BLF-CRYPT}" . password_hash($password, PASSWORD_BCRYPT);

+        break;

+    }

   }

   return $pw_hash;

 }

+ 1 - 7
data/web/inc/functions.mailbox.inc.php
View File 

@@ -1062,13 +1062,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
               );

               return false;

             }

-            // support pre hashed passwords

-            if (preg_match('/^{(ARGON2I|ARGON2ID|BLF-CRYPT|CLEAR|CLEARTEXT|CRYPT|DES-CRYPT|LDAP-MD5|MD5|MD5-CRYPT|PBKDF2|PLAIN|PLAIN-MD4|PLAIN-MD5|PLAIN-TRUNC|PLAIN-TRUNC|SHA|SHA1|SHA256|SHA256-CRYPT|SHA512|SHA512-CRYPT|SMD5|SSHA|SSHA256|SSHA512)}/i', $password)) {

-              $password_hashed = $password;

-            }

-            else {

-              $password_hashed = hash_password($password);

-            }

+            $password_hashed = hash_password($password);

           }

           else {

             $_SESSION['return'][] = array(