Mercurial > hg > rc1
changeset 36:a36beb7d3ea2
minor stuff left-over from january
| author | Charlie Root |
|---|---|
| date | Sat, 29 Dec 2018 05:10:28 -0500 |
| parents | 05c4c32948af |
| children | 96515de44ecf |
| files | .htaccess index.php plugins/password/config.inc.php plugins/thunderbird_labels/localization/en_CA.inc plugins/thunderbird_labels/localization/en_GB.inc |
| diffstat | 5 files changed, 487 insertions(+), 415 deletions(-) [+] |
line wrap: on
line diff
--- a/.htaccess Thu Aug 30 16:21:59 2018 -0400 +++ b/.htaccess Sat Dec 29 05:10:28 2018 -0500 @@ -1,89 +1,1 @@ -# WARNING: For PHP 7 the module name in the line below need to be modified! -<IfModule mod_php5.c> -php_flag display_errors Off -php_flag log_errors On -# php_value error_log logs/errors - -php_value upload_max_filesize 5M -php_value post_max_size 6M -php_value memory_limit 64M - -php_flag zlib.output_compression Off -php_flag suhosin.session.encrypt Off - -#php_value session.cookie_path / -#php_value session.hash_function sha256 -php_flag session.auto_start Off -php_value session.gc_maxlifetime 21600 -php_value session.gc_divisor 500 -php_value session.gc_probability 1 -</IfModule> - -<IfModule mod_rewrite.c> -Options +SymLinksIfOwnerMatch -RewriteEngine On -RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico - -# security rules: -# - deny access to files not containing a dot or starting with a dot -# in all locations except installer directory -RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F] -# - deny access to some locations -RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] -# - deny access to composer binaries -RewriteRule ^/vendor\/bin\/.* - [F] -# - deny access to some documentation files -RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|jsdeps.json|Dockerfile)$ - [F] -</IfModule> - -<IfModule mod_deflate.c> -SetOutputFilter DEFLATE -</IfModule> - -<IfModule mod_expires.c> -ExpiresActive On -ExpiresDefault "access plus 1 month" -</IfModule> - -FileETag MTime Size - -<IfModule mod_autoindex.c> -Options -Indexes -</ifModule> - -<IfModule mod_headers.c> -# Disable page indexing -Header set X-Robots-Tag "noindex, nofollow" - -# replace 'append' with 'merge' for Apache version 2.2.9 and later -#Header append Cache-Control public env=!NO_CACHE - -# Optional security header -# Only increased security if the browser support those features -# Be careful! Testing is required! They should be adusted to your intallation / user environment - -# HSTS - HTTP Strict Transport Security -#Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS - -# HPKP - HTTP Public Key Pinning -# Only template - fill with your values -#Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS - -# X-Xss-Protection -# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). -#Header set X-XSS-Protection "1; mode=block" - -# X-Frame-Options -# The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks -# Already set by php code! Do not activate both options -#Header set X-Frame-Options SAMEORIGIN - -# X-Content-Type-Options -# It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server. -#Header set X-Content-Type-Options: "nosniff" - -# CSP - Content Security Policy -# for better privacy/security ask browsers to not set the Referer -# more flags for script, stylesheets and images available, read RFC for more information -#Header set Content-Security-Policy "referrer no-referrer" -</IfModule> +/etc/roundcube/htaccess \ No newline at end of file
--- a/index.php Thu Aug 30 16:21:59 2018 -0400 +++ b/index.php Sat Dec 29 05:10:28 2018 -0500 @@ -1,326 +1,1 @@ -<?php -/** - +-------------------------------------------------------------------------+ - | Roundcube Webmail IMAP Client | - | Version 1.3.3 | - | | - | Copyright (C) 2005-2017, The Roundcube Dev Team | - | | - | This program is free software: you can redistribute it and/or modify | - | it under the terms of the GNU General Public License (with exceptions | - | for skins & plugins) as published by the Free Software Foundation, | - | either version 3 of the License, or (at your option) any later version. | - | | - | This file forms part of the Roundcube Webmail Software for which the | - | following exception is added: Plugins and Skins which merely make | - | function calls to the Roundcube Webmail Software, and for that purpose | - | include it by reference shall not be considered modifications of | - | the software. | - | | - | If you wish to use this file in another project or create a modified | - | version that will not be part of the Roundcube Webmail Software, you | - | may remove the exception above and use this source code under the | - | original version of the license. | - | | - | This program is distributed in the hope that it will be useful, | - | but WITHOUT ANY WARRANTY; without even the implied warranty of | - | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | - | GNU General Public License for more details. | - | | - | You should have received a copy of the GNU General Public License | - | along with this program. If not, see http://www.gnu.org/licenses/. | - | | - +-------------------------------------------------------------------------+ - | Author: Thomas Bruederli <roundcube@gmail.com> | - | Author: Aleksander Machniak <alec@alec.pl> | - +-------------------------------------------------------------------------+ -*/ - -// include environment -require_once 'program/include/iniset.php'; - -// init application, start session, init output class, etc. -$RCMAIL = rcmail::get_instance(0, $GLOBALS['env']); - -// Make the whole PHP output non-cacheable (#1487797) -$RCMAIL->output->nocacheing_headers(); -$RCMAIL->output->common_headers(); - -// turn on output buffering -ob_start(); - -// check if config files had errors -if ($err_str = $RCMAIL->config->get_error()) { - rcmail::raise_error(array( - 'code' => 601, - 'type' => 'php', - 'message' => $err_str), false, true); -} - -// check DB connections and exit on failure -if ($err_str = $RCMAIL->db->is_error()) { - rcmail::raise_error(array( - 'code' => 603, - 'type' => 'db', - 'message' => $err_str), false, true); -} - -// error steps -if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) { - rcmail::raise_error(array('code' => hexdec($_GET['_code'])), false, true); -} - -// check if https is required (for login) and redirect if necessary -if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { - // force_https can be true, <hostname>, <hostname>:<port>, <port> - if (!is_bool($force_https)) { - list($host, $port) = explode(':', $force_https); - - if (is_numeric($host) && empty($port)) { - $port = $host; - $host = ''; - } - } - - if (!rcube_utils::https_check($port ?: 443)) { - if (empty($host)) { - $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); - } - if ($port && $port != 443) { - $host .= ':' . $port; - } - - header('Location: https://' . $host . $_SERVER['REQUEST_URI']); - exit; - } -} - -// trigger startup plugin hook -$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); -$RCMAIL->set_task($startup['task']); -$RCMAIL->action = $startup['action']; - -// try to log in -if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { - $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(); - $pass_charset = $RCMAIL->config->get('password_charset', 'ISO-8859-1'); - - // purge the session in case of new login when a session already exists - $RCMAIL->kill_session(); - - $auth = $RCMAIL->plugins->exec_hook('authenticate', array( - 'host' => $RCMAIL->autoselect_host(), - 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)), - 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset), - 'valid' => $request_valid, - 'cookiecheck' => true, - )); - - // Login - if ($auth['valid'] && !$auth['abort'] - && $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck']) - ) { - // create new session ID, don't destroy the current session - // it was destroyed already by $RCMAIL->kill_session() above - $RCMAIL->session->remove('temp'); - $RCMAIL->session->regenerate_id(false); - - // send auth cookie if necessary - $RCMAIL->session->set_auth_cookie(); - - // log successful login - $RCMAIL->log_login(); - - // restore original request parameters - $query = array(); - if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) { - parse_str($url, $query); - - // prevent endless looping on login page - if ($query['_task'] == 'login') { - unset($query['_task']); - } - - // prevent redirect to compose with specified ID (#1488226) - if ($query['_action'] == 'compose' && !empty($query['_id'])) { - $query = array('_action' => 'compose'); - } - } - - // allow plugins to control the redirect url after login success - $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail')); - unset($redir['abort'], $redir['_err']); - - // send redirect - $OUTPUT->redirect($redir, 0, true); - } - else { - if (!$auth['valid']) { - $error_code = rcmail::ERROR_INVALID_REQUEST; - } - else { - $error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error(); - } - - $error_labels = array( - rcmail::ERROR_STORAGE => 'storageerror', - rcmail::ERROR_COOKIES_DISABLED => 'cookiesdisabled', - rcmail::ERROR_INVALID_REQUEST => 'invalidrequest', - rcmail::ERROR_INVALID_HOST => 'invalidhost', - rcmail::ERROR_RATE_LIMIT => 'accountlocked', - ); - - $error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed'); - - $OUTPUT->show_message($error_message, 'warning'); - - // log failed login - $RCMAIL->log_login($auth['user'], true, $error_code); - - $RCMAIL->plugins->exec_hook('login_failed', array( - 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); - - $RCMAIL->kill_session(); - } -} - -// end session -else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) { - $RCMAIL->request_security_check($mode = rcube_utils::INPUT_GET); - - $userdata = array( - 'user' => $_SESSION['username'], - 'host' => $_SESSION['storage_host'], - 'lang' => $RCMAIL->user->language, - ); - - $OUTPUT->show_message('loggedout'); - - $RCMAIL->logout_actions(); - $RCMAIL->kill_session(); - $RCMAIL->plugins->exec_hook('logout_after', $userdata); -} - -// check session and auth cookie -else if ($RCMAIL->task != 'login' && $_SESSION['user_id']) { - if (!$RCMAIL->session->check_auth()) { - $RCMAIL->kill_session(); - $session_error = true; - } -} - -// not logged in -> show login page -if (empty($RCMAIL->user->ID)) { - // log session failures - $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC); - - if ($task && !in_array($task, array('login','logout')) - && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')]) - ) { - $RCMAIL->session->log("Aborted session $sess_id; no valid session data found"); - $session_error = true; - } - - if ($session_error || $_REQUEST['_err'] == 'session') { - $OUTPUT->show_message('sessionerror', 'error', null, true, -1); - } - - if ($OUTPUT->ajax_call || $OUTPUT->get_env('framed')) { - $OUTPUT->command('session_error', $RCMAIL->url(array('_err' => 'session'))); - $OUTPUT->send('iframe'); - } - - // check if installer is still active - if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) { - $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"), - html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") . - html::p(null, "The install script of your Roundcube installation is still stored in its default location!") . - html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because - these files may expose sensitive configuration data like server passwords and encryption keys - to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.") - )); - } - - $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error)); - - $RCMAIL->set_task($plugin['task']); - - $OUTPUT->send($plugin['task']); -} -else { - // CSRF prevention - $RCMAIL->request_security_check(); - - // check access to disabled actions - $disabled_actions = (array) $RCMAIL->config->get('disabled_actions'); - if (in_array($RCMAIL->task . '.' . ($RCMAIL->action ?: 'index'), $disabled_actions)) { - rcube::raise_error(array( - 'code' => 404, 'type' => 'php', - 'message' => "Action disabled"), true, true); - } -} - -// we're ready, user is authenticated and the request is safe -$plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); -$RCMAIL->set_task($plugin['task']); -$RCMAIL->action = $plugin['action']; - -// handle special actions -if ($RCMAIL->action == 'keep-alive') { - $OUTPUT->reset(); - $RCMAIL->plugins->exec_hook('keep_alive', array()); - $OUTPUT->send(); -} -else if ($RCMAIL->action == 'save-pref') { - include INSTALL_PATH . 'program/steps/utils/save_pref.inc'; -} - - -// include task specific functions -if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc')) { - include_once $incfile; -} - -// allow 5 "redirects" to another action -$redirects = 0; $incstep = null; -while ($redirects < 5) { - // execute a plugin action - if (preg_match('/^plugin\./', $RCMAIL->action)) { - $RCMAIL->plugins->exec_action($RCMAIL->action); - break; - } - // execute action registered to a plugin task - else if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) { - if (!$RCMAIL->action) $RCMAIL->action = 'index'; - $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action); - break; - } - // try to include the step file - else if (($stepfile = $RCMAIL->get_action_file()) - && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile) - ) { - // include action file only once (in case it don't exit) - include_once $incfile; - $redirects++; - } - else { - #rcube::write_log('mail',$incfile." not found"); - break; - } -} - -if ($RCMAIL->action == 'refresh') { - $RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC)))); -} - -#rcube::write_log('mail',"task: ".$RCMAIL->task." action: ".$RCMAIL->action); -// parse main template (default) -$OUTPUT->send($RCMAIL->task); - -// if we arrive here, something went wrong -rcmail::raise_error(array( - 'code' => 404, - 'type' => 'php', - 'line' => __LINE__, - 'file' => __FILE__, - 'message' => "Invalid request"), true, true); +/usr/share/roundcube/index.php \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/password/config.inc.php Sat Dec 29 05:10:28 2018 -0500 @@ -0,0 +1,483 @@ +<?php + +// Password Plugin options +// ----------------------- +// A driver to use for password change. Default: "sql". +// See README file for list of supported driver names. +$config['password_driver'] = 'sql'; + +// Determine whether current password is required to change password. +// Default: false. +$config['password_confirm_current'] = true; + +// Require the new password to be a certain length. +// set to blank to allow passwords of any length +$config['password_minimum_length'] = 0; + +// Require the new password to contain a letter and punctuation character +// Change to false to remove this check. +$config['password_require_nonalpha'] = false; + +// Enables logging of password changes into logs/password +$config['password_log'] = false; + +// Comma-separated list of login exceptions for which password change +// will be not available (no Password tab in Settings) +$config['password_login_exceptions'] = null; + +// Array of hosts that support password changing. +// Listed hosts will feature a Password option in Settings; others will not. +// Example: array('mail.example.com', 'mail2.example.org'); +// Default is NULL (all hosts supported). +$config['password_hosts'] = null; + +// Enables saving the new password even if it matches the old password. Useful +// for upgrading the stored passwords after the encryption scheme has changed. +$config['password_force_save'] = false; + +// Enables forcing new users to change their password at their first login. +$config['password_force_new_user'] = false; + +// Default password hashing/crypting algorithm. +// Possible options: des-crypt, ext-des-crypt, md5-crypt, blowfish-crypt, +// sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, samba, ad, dovecot, clear. +// For details see password::hash_password() method. +$config['password_algorithm'] = 'clear'; + +// Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated +// using password_algorithm above. Default: empty. +$config['password_algorithm_prefix'] = ''; + +// Path for dovecotpw/doveadm-pw (if not in the $PATH). +// Used for password_algorithm = 'dovecot'. +$config['password_dovecotpw'] = '/usr/doveadm pw'; // for dovecot-2.x +//$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x + +// Dovecot password scheme. +// Used for password_algorithm = 'dovecot'. +$config['password_dovecotpw_method'] = 'CRAM-MD5'; + +// Enables use of password with method prefix, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/ +// when using password_algorithm=dovecot +$config['password_dovecotpw_with_method'] = false; + +// Iteration count parameter for Blowfish-based hashing algo. +// It must be between 4 and 31. Default: 12. +// Be aware, the higher the value, the longer it takes to generate the password hashes. +$config['password_blowfish_cost'] = 12; + +// Number of rounds for the sha256 and sha512 crypt hashing algorithms. +// Must be at least 1000. If not set, then the number of rounds is left up +// to the crypt() implementation. On glibc this defaults to 5000. +// Be aware, the higher the value, the longer it takes to generate the password hashes. +//$config['password_crypt_rounds'] = 50000; + +// This option temporarily disables the password change functionality. +// Use it when the users database server is in maintenance mode or sth like that. +// You can set it to TRUE/FALSE or a text describing the reason +// which will replace the default. +$config['password_disabled'] = false; + + +// SQL Driver options +// ------------------ +// PEAR database DSN for performing the query. By default +// Roundcube DB settings are used. +$config['password_db_dsn'] = ''; + +// The SQL query used to change the password. +// The query can contain the following macros that will be expanded as follows: +// %p is replaced with the plaintext new password +// %P is replaced with the crypted/hashed new password +// according to configured password_method +// %o is replaced with the old (current) password +// %O is replaced with the crypted/hashed old (current) password +// according to configured password_method +// %h is replaced with the imap host (from the session info) +// %u is replaced with the username (from the session info) +// %l is replaced with the local part of the username +// (in case the username is an email address) +// %d is replaced with the domain part of the username +// (in case the username is an email address) +// Deprecated macros: +// %c is replaced with the crypt version of the new password, MD5 if available +// otherwise DES. More hash function can be enabled using the password_crypt_hash +// configuration parameter. +// %D is replaced with the dovecotpw-crypted version of the new password +// %n is replaced with the hashed version of the new password +// %q is replaced with the hashed password before the change +// Escaping of macros is handled by this module. +// Default: "SELECT update_passwd(%c, %u)" +$config['password_query'] = 'SELECT update_passwd(%c, %u)'; + +// By default the crypt() function which is used to create the %c +// parameter uses the md5 algorithm (deprecated, use %P). +// You can choose between: des, md5, blowfish, sha256, sha512. +$config['password_crypt_hash'] = 'md5'; + +// By default domains in variables are using unicode. +// Enable this option to use punycoded names +$config['password_idn_ascii'] = false; + +// Using a password hash for %n and %q variables (deprecated, use %P). +// Determine which hashing algorithm should be used to generate +// the hashed new and current password for using them within the +// SQL query. Requires PHP's 'hash' extension. +$config['password_hash_algorithm'] = 'sha1'; + +// You can also decide whether the hash should be provided +// as hex string or in base64 encoded format. +$config['password_hash_base64'] = false; + + +// Poppassd Driver options +// ----------------------- +// The host which changes the password (default: localhost) +// Supported replacement variables: +// %n - hostname ($_SERVER['SERVER_NAME']) +// %t - hostname without the first part +// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) +// %h - IMAP host +// %z - IMAP domain without first part +// %s - domain name after the '@' from e-mail address provided at login screen +$config['password_pop_host'] = 'localhost'; + +// TCP port used for poppassd connections (default: 106) +$config['password_pop_port'] = 106; + + +// SASL Driver options +// ------------------- +// Additional arguments for the saslpasswd2 call +$config['password_saslpasswd_args'] = ''; + + +// LDAP and LDAP_SIMPLE Driver options +// ----------------------------------- +// LDAP server name to connect to. +// You can provide one or several hosts in an array in which case the hosts are tried from left to right. +// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com'); +// Default: 'localhost' +$config['password_ldap_host'] = 'localhost'; + +// LDAP server port to connect to +// Default: '389' +$config['password_ldap_port'] = '389'; + +// TLS is started after connecting +// Using TLS for password modification is recommended. +// Default: false +$config['password_ldap_starttls'] = false; + +// LDAP version +// Default: '3' +$config['password_ldap_version'] = '3'; + +// LDAP base name (root directory) +// Exemple: 'dc=exemple,dc=com' +$config['password_ldap_basedn'] = 'dc=exemple,dc=com'; + +// LDAP connection method +// There are two connection methods for changing a user's LDAP password. +// 'user': use user credential (recommended, require password_confirm_current=true) +// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW) +// Default: 'user' +$config['password_ldap_method'] = 'user'; + +// LDAP Admin DN +// Used only in admin connection mode +// Default: null +$config['password_ldap_adminDN'] = null; + +// LDAP Admin Password +// Used only in admin connection mode +// Default: null +$config['password_ldap_adminPW'] = null; + +// LDAP user DN mask +// The user's DN is mandatory and as we only have his login, +// we need to re-create his DN using a mask +// '%login' will be replaced by the current roundcube user's login +// '%name' will be replaced by the current roundcube user's name part +// '%domain' will be replaced by the current roundcube user's domain part +// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" +// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com' +$config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com'; + +// LDAP search DN +// The DN roundcube should bind with to find out user's DN +// based on his login. Note that you should comment out the default +// password_ldap_userDN_mask setting for this to take effect. +// Use this if you cannot specify a general template for user DN with +// password_ldap_userDN_mask. You need to perform a search based on +// users login to find his DN instead. A common reason might be that +// your users are placed under different ou's like engineering or +// sales which cannot be derived from their login only. +$config['password_ldap_searchDN'] = 'cn=roundcube,ou=services,dc=example,dc=com'; + +// LDAP search password +// If password_ldap_searchDN is set, the password to use for +// binding to search for user's DN. Note that you should comment out the default +// password_ldap_userDN_mask setting for this to take effect. +// Warning: Be sure to set approperiate permissions on this file so this password +// is only accesible to roundcube and don't forget to restrict roundcube's access to +// your directory as much as possible using ACLs. Should this password be compromised +// you want to minimize the damage. +$config['password_ldap_searchPW'] = 'secret'; + +// LDAP search base +// If password_ldap_searchDN is set, the base to search in using the filter below. +// Note that you should comment out the default password_ldap_userDN_mask setting +// for this to take effect. +$config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com'; + +// LDAP search filter +// If password_ldap_searchDN is set, the filter to use when +// searching for user's DN. Note that you should comment out the default +// password_ldap_userDN_mask setting for this to take effect. +// '%login' will be replaced by the current roundcube user's login +// '%name' will be replaced by the current roundcube user's name part +// '%domain' will be replaced by the current roundcube user's domain part +// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" +// Example: '(uid=%login)' +// Example: '(&(objectClass=posixAccount)(uid=%login))' +$config['password_ldap_search_filter'] = '(uid=%login)'; + +// LDAP password hash type +// Standard LDAP encryption type which must be one of: crypt, +// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, ad, cram-md5 (dovecot style) or clear. +// Set to 'default' if you want to use method specified in password_algorithm option above. +// Multiple password Values can be generated by concatenating encodings with a +. E.g. 'cram-md5+crypt' +// Default: 'crypt'. +$config['password_ldap_encodage'] = 'crypt'; + +// LDAP password attribute +// Name of the ldap's attribute used for storing user password +// Default: 'userPassword' +$config['password_ldap_pwattr'] = 'userPassword'; + +// LDAP password force replace +// Force LDAP replace in cases where ACL allows only replace not read +// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace +// Default: true +$config['password_ldap_force_replace'] = true; + +// LDAP Password Last Change Date +// Some places use an attribute to store the date of the last password change +// The date is meassured in "days since epoch" (an integer value) +// Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange) +$config['password_ldap_lchattr'] = ''; + +// LDAP Samba password attribute, e.g. sambaNTPassword +// Name of the LDAP's Samba attribute used for storing user password +$config['password_ldap_samba_pwattr'] = ''; + +// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet +// Some places use an attribute to store the date of the last password change +// The date is meassured in "seconds since epoch" (an integer value) +// Whenever the password is changed, the attribute will be updated if set +$config['password_ldap_samba_lchattr'] = ''; + +// LDAP PPolicy Driver options +// ----------------------------------- + +// LDAP Change password command - filename of the perl script +// Example: 'change_ldap_pass.pl' +$config['password_ldap_ppolicy_cmd'] = 'change_ldap_pass.pl'; + +// LDAP URI +// Example: 'ldap://ldap.example.com/ ldaps://ldap2.example.com:636/' +$config['password_ldap_ppolicy_uri'] = 'ldap://localhost/'; + +// LDAP base name (root directory) +// Exemple: 'dc=exemple,dc=com' +$config['password_ldap_ppolicy_basedn'] = 'dc=example,dc=com'; + +$config['password_ldap_ppolicy_searchDN'] = 'cn=someuser,dc=example,dc=com'; + +$config['password_ldap_ppolicy_searchPW'] = 'secret'; + +// LDAP search filter +// Example: '(uid=%login)' +// Example: '(&(objectClass=posixAccount)(uid=%login))' +$config['password_ldap_ppolicy_search_filter'] = '(uid=%login)'; + +// CA Certificate file if in URI is LDAPS connection +$config['password_ldap_ppolicy_cafile'] = '/etc/ssl/cacert.crt'; + + + +// DirectAdmin Driver options +// -------------------------- +// The host which changes the password +// Use 'ssl://host' instead of 'tcp://host' when running DirectAdmin over SSL. +// The host can contain the following macros that will be expanded as follows: +// %h is replaced with the imap host (from the session info) +// %d is replaced with the domain part of the username (if the username is an email) +$config['password_directadmin_host'] = 'tcp://localhost'; + +// TCP port used for DirectAdmin connections +$config['password_directadmin_port'] = 2222; + + +// vpopmaild Driver options +// ----------------------- +// The host which changes the password +$config['password_vpopmaild_host'] = 'localhost'; + +// TCP port used for vpopmaild connections +$config['password_vpopmaild_port'] = 89; + +// Timeout used for the connection to vpopmaild (in seconds) +$config['password_vpopmaild_timeout'] = 10; + + +// cPanel Driver options +// -------------------------- +// The cPanel Host name +$config['password_cpanel_host'] = 'host.domain.com'; + +// The cPanel admin username +$config['password_cpanel_username'] = 'username'; + +// The cPanel admin password +$config['password_cpanel_password'] = 'password'; + +// The cPanel admin hash +// If you prefer to use a hash (Remote Access Key) instead of plain password, enter it below. +// Hash takes precedence over password auth. +// You can generate a Remote Access Key in WHM -> Clusters -> Remote Access Key +$config['password_cpanel_hash'] = ''; + +// The cPanel port to use +$config['password_cpanel_port'] = 2087; + + +// cPanel Webmail Driver options +// ----------------------------- +// The cPanel Host name +$config['password_cpanel_webmail_host'] = 'host.domain.com'; + +// The cPanel port to use +$config['password_cpanel_webmail_port'] = 2096; + + +// XIMSS (Communigate server) Driver options +// ----------------------------------------- +// Host name of the Communigate server +$config['password_ximss_host'] = 'mail.example.com'; + +// XIMSS port on Communigate server +$config['password_ximss_port'] = 11024; + + +// chpasswd Driver options +// --------------------- +// Command to use (see "Sudo setup" in README) +$config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null'; + + +// XMail Driver options +// --------------------- +$config['xmail_host'] = 'localhost'; +$config['xmail_user'] = 'YourXmailControlUser'; +$config['xmail_pass'] = 'YourXmailControlPass'; +$config['xmail_port'] = 6017; + + +// hMail Driver options +// ----------------------- +// Remote hMailServer configuration +// true: HMailserver is on a remote box (php.ini: com.allow_dcom = true) +// false: Hmailserver is on same box as PHP +$config['hmailserver_remote_dcom'] = false; +// Windows credentials +$config['hmailserver_server'] = array( + 'Server' => 'localhost', // hostname or ip address + 'Username' => 'administrator', // windows username + 'Password' => 'password' // windows user password +); + + +// Virtualmin Driver options +// ------------------------- +// Username format: +// 0: username@domain +// 1: username%domain +// 2: username.domain +// 3: domain.username +// 4: username-domain +// 5: domain-username +// 6: username_domain +// 7: domain_username +$config['password_virtualmin_format'] = 0; + + +// pw_usermod Driver options +// -------------------------- +// Use comma delimited exlist to disable password change for users. +// See "Sudo setup" in README file. +$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n'; + + +// DBMail Driver options +// ------------------- +// Additional arguments for the dbmail-users call +$config['password_dbmail_args'] = '-p sha512'; + + +// Expect Driver options +// --------------------- +// Location of expect binary +$config['password_expect_bin'] = '/usr/bin/expect'; + +// Location of expect script (see helpers/passwd-expect) +$config['password_expect_script'] = ''; + +// Arguments for the expect script. See the helpers/passwd-expect file for details. +// This is probably a good starting default: +// -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log +$config['password_expect_params'] = ''; + + +// smb Driver options +// --------------------- +// Samba host (default: localhost) +// Supported replacement variables: +// %n - hostname ($_SERVER['SERVER_NAME']) +// %t - hostname without the first part +// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) +$config['password_smb_host'] = 'localhost'; +// Location of smbpasswd binary (default: /usr/bin/smbpasswd) +$config['password_smb_cmd'] = '/usr/bin/smbpasswd'; + +// gearman driver options +// --------------------- +// Gearman host (default: localhost) +$config['password_gearman_host'] = 'localhost'; + + +// Plesk/PPA Driver options +// -------------------- +// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel + +// Plesk RCP Host +$config['password_plesk_host'] = '10.0.0.5'; + +// Plesk RPC Username +$config['password_plesk_user'] = 'admin'; + +// Plesk RPC Password +$config['password_plesk_pass'] = 'password'; + +// Plesk RPC Port +$config['password_plesk_rpc_port'] = '8443'; + +// Plesk RPC Path +$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php'; + + +// kasswd Driver options +// --------------------- +// Command to use +$config['password_kpasswd_cmd'] = '/usr/bin/kpasswd';