Md5 encryption vexim

From Veximwiki

== Patch your exim4.conf ==

If you do not like the clear password field you can use this workaround to use smpt auth with crypt-md5.

This will work if a) you're using md5 encryption in vexim b) crypt() on your server knows how to handle md5-encrypted passwords

The clue is to use crypteq() in Exim...

 plain_login:
      driver = plaintext
      public_name = PLAIN
      server_condition = "${if crypteq{$3}{${lookup mysql{ \
                          SELECT crypt FROM users \
                          WHERE username = '${quote_mysql:$2}' \
                          }}}{yes}{no}}"
      server_set_id = $2

 fixed_login:
      driver = plaintext
      public_name = LOGIN
      server_prompts = "Username:: : Password::"
      server_condition = "${if crypteq{$2}{${lookup mysql{ \
                          SELECT crypt FROM users \
                          WHERE username = '${quote_mysql:$1}' \
                          }}}{yes}{no}}"
      server_set_id = $1

(cram-md5 will not work)

and here is another untested way:

 plain_login:
       driver = plaintext
       public_name = PLAIN
       server_condition = ${lookup mysql{SELECT '1' FROM users \
                               WHERE username = '${quote_mysql:$2}' \
                               AND crypt = \ encrypt('${quote_mysql:$3}', substring(crypt, 1, 12))} {yes}{no}}
       server_set_id = $2

 fixed_login:
       driver = plaintext
       public_name = LOGIN
       server_prompts = "Username:: : Password::"
       server_condition = ${lookup mysql{SELECT '1' FROM users \
                               WHERE username = '${quote_mysql:$1}' \
                               AND crypt = \
encrypt('${quote_mysql:$2}', substring(crypt, 1, 12))} {yes}{no}}
       server_set_id = $1

1 How do I stop saving clear passwords ?
2 Fix userchangesubmit.php
3 Fix sitechangesubmit.php
4 Fix siteaddsubmit.php
5 Fix sitepasswordsubmit.php
6 Fix adminuserchangesubmit.php
7 Fix adminuseraddsubmit.php
8 Fix adminaliasaddsubmit.php
9 Fix adminaliaschangesubmit.php

How do I stop saving clear passwords ?

If you know that your imap pop3 whatever daemon is still working with md5-encrypted passwords you probably do not want to have the clear password-field anymore. You can fix this with delete the whole field and change all the *.php-files, or you do the following changes to get the crypted password copied to the clear-password field:

Fix userchangesubmit.php

search for the following lines

   if (validate_password($_POST['clear'], $_POST['vclear'])) {
   $cryptedpassword = crypt_password($_POST['clear']);
   $query = "UPDATE users SET crypt='$cryptedpassword',
               clear='{$_POST['clear']}'
               WHERE user_id={$_SESSION['user_id']}";

replace the "clear='{$_POST['clear']}'"-statement with the following:

               clear='$cryptedpassword'

Same procedure everywhere:

Fix sitechangesubmit.php

replace the following

   if (validate_password($_POST['clear'], $_POST['vclear'])) {
    $query = "UPDATE users SET crypt='" .
      crypt_password($_POST['clear']) . "',
              clear='{$_POST['clear']}'

with

   if (validate_password($_POST['clear'], $_POST['vclear'])) {
     $cryptedpassword = crypt_password($_POST['clear']);
     $query = "UPDATE users SET crypt='$cryptedpassword',
               clear='$cryptedpassword'

Fix siteaddsubmit.php

replace

 $query = "INSERT INTO users
           (domain_id, localpart, username, clear, crypt, uid, gid,
           smtp, pop, realname, type, admin)
           SELECT domain_id, '" . $_POST['localpart'] . "'," .
           "'{$_POST['localpart']}@{$_POST['domain']}'," .
           "'{$_POST['clear']}'," .
           "'". crypt_password($_POST['clear'],$salt) . "'," .

with

 $cryptedpassword = crypt_password($_POST['clear']);
 $query = "INSERT INTO users
           (domain_id, localpart, username, clear, crypt, uid, gid,
           smtp, pop, realname, type, admin)
           SELECT domain_id, '" . $_POST['localpart'] . "'," .
           "'{$_POST['localpart']}@{$_POST['domain']}'," .
           "'{$cryptedpassword}'," .
           "'{$cryptedpassword}'," .

Fix sitepasswordsubmit.php

replace

   $query = "UPDATE users SET crypt='$cryptedpassword',
               clear='{$_POST['clear']}' WHERE localpart='siteadmin' AND domain_id='1'";

with

   $query = "UPDATE users SET crypt='$cryptedpassword',
               clear='$cryptedpassword' WHERE localpart='siteadmin' AND domain_id='1'";

Fix adminuserchangesubmit.php

replace

 if (validate_password($_POST['clear'], $_POST['vclear'])) {
   $cryptedpassword = crypt_password($_POST['clear']);
   $query = "UPDATE users
     SET crypt='$cryptedpassword', clear='{$_POST['clear']}'

with

 if (validate_password($_POST['clear'], $_POST['vclear'])) {
   $cryptedpassword = crypt_password($_POST['clear']);
   $query = "UPDATE users
     SET crypt='$cryptedpassword', clear='$cryptedpassword'

Fix adminuseraddsubmit.php

replace

 if (validate_password($_POST['clear'], $_POST['vclear'])) {
   $query = "INSERT INTO users (localpart, username, domain_id, crypt, clear,
     smtp, pop, uid, gid, realname, type, admin, on_avscan, on_piped,
     on_spamassassin, sa_tag, sa_refuse, maxmsgsize, enabled, quota)
     VALUES ('{$_POST['localpart']}',
     '{$_POST['localpart']}@{$_SESSION['domain']}',
     {$_SESSION['domain_id']},
     '" . crypt_password($_POST['clear'],$salt) . "',
     '{$_POST['clear']}',

with

 if (validate_password($_POST['clear'], $_POST['vclear'])) {
   $cryptedpassword = crypt_password($_POST['clear']);
   $query = "INSERT INTO users (localpart, username, domain_id, crypt, clear,
     smtp, pop, uid, gid, realname, type, admin, on_avscan, on_piped,
     on_spamassassin, sa_tag, sa_refuse, maxmsgsize, enabled, quota)
     VALUES ('{$_POST['localpart']}',
     '{$_POST['localpart']}@{$_SESSION['domain']}',
     {$_SESSION['domain_id']},
     '{$cryptedpassword}',
     '{$cryptedpassword}',

Fix adminaliasaddsubmit.php

replace

 if (alias_validate_password($_POST['clear'], $_POST['vclear'])) {
   $query = "INSERT INTO users
     (localpart, username, domain_id, crypt, clear, smtp, pop, uid,
     gid, realname, type, admin, on_avscan, on_spamassassin, enabled)
     SELECT '{$_POST['localpart']}',
     '{$_POST['localpart']}@{$_SESSION['domain']}',
     '{$_SESSION['domain_id']}',
     "'". crypt_password($_POST['clear'],$salt) . "'," .
     '{$POST['clear']}',

with

 if (alias_validate_password($_POST['clear'], $_POST['vclear'])) {
   $cryptedpassword = crypt_password($_POST['clear']);
   $query = "INSERT INTO users
     (localpart, username, domain_id, crypt, clear, smtp, pop, uid,
     gid, realname, type, admin, on_avscan, on_spamassassin, enabled)
     SELECT '{$_POST['localpart']}',
     '{$_POST['localpart']}@{$_SESSION['domain']}',
     '{$_SESSION['domain_id']}',
     '{$cryptedpassword}',
     '{$cryptedpassword}',

Fix adminaliaschangesubmit.php

replace

 if (validate_password($_POST['password'], $_POST['vpassword'])) {
   $cryptedpassword = crypt_password($_POST['password']);
   $query = "UPDATE users SET crypt='{$cryptedpassword}',
     clear='{$_POST['crypt']}' WHERE user_id={$_POST['user_id']}";

with

 if (validate_password($_POST['password'], $_POST['vpassword'])) {
   $cryptedpassword = crypt_password($_POST['password']);
   $query = "UPDATE users SET crypt='{$cryptedpassword}',
     clear='{$cryptedpassword}' WHERE user_id={$_POST['user_id']}";

Retrieved from "http://veximwiki.silverwraith.com/index.php/Md5_encryption_vexim"

Md5 encryption vexim

From Veximwiki

Contents

How do I stop saving clear passwords ?

Fix userchangesubmit.php

Fix sitechangesubmit.php

Fix siteaddsubmit.php

Fix sitepasswordsubmit.php

Fix adminuserchangesubmit.php

Fix adminuseraddsubmit.php

Fix adminaliasaddsubmit.php

Fix adminaliaschangesubmit.php

Views

Personal tools

Navigation

Search

Toolbox