Froxlor / Roundcube Passwort ändern

[Anachon]

Hallo,

 

ich habe ein neues Froxlor aufgesetzt und auch roundcube. Alles rennt soweit. Nur das Plugin password macht nicht das, was es soll.

Wenn ich nach dem https://github.com/Froxlor/Froxlor/tree/extras/roundcube_plugins/password alles mache, kommt : konnte Passwort nicht ändern. 

Idee?

 

Beste Grüße

[d00p]

Log-Einträge von roundcube? Irgendwas hilfreiches?

[Anachon]

==> errors.log <==
[12-Dec-2023 12:07:59 +0000]: <n7rq34rc> DB Error: [1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB s                                                       erver version for the right syntax to use near '%c WHERE `username` = 'info@XXX.com'' at line 1 (SQL Query: UPDATE `mail_users` SET `password                                                       _enc` = %c WHERE `username` = 'info@XXX.com') in /var/customers/webs/webmailer/program/lib/Roundcube/rcube_db.php on line 567 (POST /?_task=s                                                       ettings&_action=plugin.password-save)
 

 

In der config:

 

// Froxlor:
// If you do not want to have plaintext-passwords in your database (AND you know what
// it means to turn this off, remove "`password` = %p," from the query.
//
$config['password_query'] = 'UPDATE `mail_users` SET `password_enc` = %c WHERE `username` = %u';

// By default the crypt() function which is used to create the '%c'
// parameter uses the md5 algorithm. To use different algorithms
// you can choose between: des, md5, blowfish, sha256, sha512.
// Before using other hash functions than des or md5 please make sure
// your operating system supports the other hash functions.
$config['password_crypt_hash'] = 'sha256';

// By default domains in variables are using unicode.
// Enable this option to use punycoded names
$config['password_idn_ascii'] = false;

[d00p]

Looks like they've changed the replacers.

// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
//      %p is replaced with the plaintext new password
//      %P is replaced with the crypted/hashed new password
//         according to configured password_algorithm
//      %o is replaced with the old (current) password
//      %O is replaced with the crypted/hashed old (current) password
//         according to configured password_algorithm
//      %h is replaced with the imap host (from the session info)
//      %u is replaced with the username (from the session info)
//      %l is replaced with the local part of the username
//         (in case the username is an email address)
//      %d is replaced with the domain part of the username
//         (in case the username is an email address)

So you'd have to use %P instead of %c

[Anachon]

Dann kommt Fehler 600:

 

[12-Dec-2023 12:18:54 +0000]: <n7rq34rc> PHP Error: Password plugin: Hash method not supported. in /var/customers/webs/webmailer/plugins/password/password.php on line 787 (POST /?_task=settings&_action=plugin.password-save)
[12-Dec-2023 12:20:41 +0000]: <n7rq34rc> PHP Error: Password plugin: Hash method not supported. in /var/customers/webs/webmailer/plugins/password/password.php on line 787 (POST /?_task=settings&_action=plugin.password-save)
 

 

In der DB sieht es so für das Passwort aus:

 

{BLF-CRYPT}$2y$10$c5n2r5TJZ10Ughfh0LcJz.L ....

[d00p]

welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben?

[Anachon]

die config Zeile war nicht da. Ich habe das jetzt mit blowfish gemacht.

 

In der DB ist das Passwort jetzt so: $2y$12$1jeiKJv0EAQdgVaAS5kO

Und Anmelden geht nicht mehr.

[d00p]

dann hast du sicher die template config von uns 1:1 komplett kopiert. Roundcube hat da wohl einiges mehr angepasst. Nimm am besten immer die config.inc.php.dist und passe nur das nötigste an, siehe https://github.com/Froxlor/Froxlor/blob/extras/roundcube_plugins/password/README.md

[Anachon]

Habe ich. Gleiches Problem. Setze ich das Passwort händisch über froxlor steht da: 

{BLF-CRYPT}$2y$10$niy3z/XiCf1ZeFJnlSV6oOdl.HFN

 

nach dem Plugin

$2y$10$niy3z/XiCf1ZeFJn

 

Und: wieder kein login

Edited December 12, 2023 by Anachon
Fehler

[d00p]

logs vom dovecot/postfix? Welches OS? 

[d00p]

When setting passwords via froxlor ,they should be prefixed with the hash-algorithm, e.g. 

{ARGON2ID}$argon2id$v=19$m=65536,t=4,p=1$.....

or 

{SHA256-CRYPT}$5$jUc6fv4qb.....

or similar

[Anachon]

Ubuntu 22.04.

 

Log von roundcube [12-Dec-2023 12:37:43 +0000]: <tfoftrd8> IMAP Error: Login failed for info@XXX.com against localhost from cccccccccccc. AUTHENTICATE PLAIN: Authentication failed. in /var/customers/webs/webmailer/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)

[d00p]

nicht roundcube log, mail.log von deinem OS...dovecot/postfix ...

[d00p]

24 minutes ago, d00p said:

welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben?

das ist auch immernoch relevant...wenn ich mir den plugin code anschaue setzt er die prefixe genau wie froxlor wenn entsprechender Algorithmus angegeben ist...

[Anachon]

Lösung, dank deiner Hilfe!

$config['password_algorithm'] = 'blowfish-crypt';

// Additional options for password hashing function(s).
// For password_hash()-based passwords see https://www.php.net/manual/en/function.password-hash.php
// It can be used to set the Blowfish algorithm cost, e.g. ['cost' => 12]
$config['password_algorithm_options'] = [];

// Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated
// using password_algorithm above. Default: empty.
$config['password_algorithm_prefix'] = '{BLF-CRYPT}';
 

Das unten musste zwingend rein!

[Anachon]

Dir ein dickes Danke!