Improve default encoding dovecot with ARGON2ID (hestiacp#2421)

* Improve default encoding dovecot with ARGON2ID

Instead of insecure md5

* Fix issue when ARGONID is not supported

Author: jaapmarcus

bin/v-add-mail-account

@@ -58,9 +58,14 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Generating hashed password
-salt=$(generate_password "$PW_MATRIX" "8")
-md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
-
+if [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
+    set +H # disable ! style history substitution
+    md5="$(doveadm pw -s ARGON2ID -p $password)"
+else
+    # Fall back on MD5
+    salt=$(generate_password "$PW_MATRIX" "8")
+    md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
+fi
 # Adding account info into password file
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     if [ "$quota" = 'unlimited' ]; then

bin/v-change-mail-account-password

@@ -56,8 +56,13 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Generating hashed password
-salt=$(generate_password "$PW_MATRIX" "8")
-md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
+if [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
+    set +H # disable ! style history substitution
+    md5="$(doveadm pw -s ARGON2ID -p $password)"
+else
+    salt=$(generate_password "$PW_MATRIX" "8")
+    md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
+fi
 
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')

web/reset/mail/index.php

@@ -143,9 +143,18 @@ function to64 ($v, $n)
     // Compare hashes
     if (!empty($v_hash)) {
         $salt = explode('$', $v_hash);
+        if($salt[0] == "{MD5}"){
         $n_hash = md5crypt($v_password, $salt[2]);
         $n_hash = '{MD5}'.$n_hash;
-
+        }else{
+            $v_password = escapeshellarg($v_password);
+            exec("doveadm pw -s ARGON2ID -p $v_password -t '$v_hash'", $output, $return_var);
+            if ($return_var == 0) {
+                if (strpos($output, "(verified)") !== 0){
+                    $n_hash = $v_hash;
+                }
+            }
+        }
         // Change password
         if ( $v_hash == $n_hash ) {
             $v_new_password = tempnam("/tmp","vst");