sha-512 passwords func

serghey-rodin · serghey-rodin · commit 8a3f8592cc3b · 2015-04-04T16:49:10.000+03:00
diff --git a/bin/v-add-mail-account b/bin/v-add-mail-account
@@ -48,12 +48,11 @@ is_password_valid
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ -x '/usr/bin/doveadm' ]; then
-    md5=$(/usr/bin/doveadm pw -s md5 -p "$password")
-else
-    md5=$(/usr/sbin/dovecotpw -s md5 -p "$password")
-fi
+# Generating hashed password
+salt=$(gen_password "$PW_MATRIX" "8")
+md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 
+# Adding account info into password file
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
diff --git a/bin/v-change-mail-account-password b/bin/v-change-mail-account-password
@@ -47,11 +47,9 @@ is_password_valid
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ -x '/usr/bin/doveadm' ]; then
-    md5=$(/usr/bin/doveadm pw -s md5 -p "$password")
-else
-    md5=$(/usr/sbin/dovecotpw -s md5 -p "$password")
-fi
+# Generating hashed password
+salt=$(gen_password "$PW_MATRIX" "8")
+md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
diff --git a/bin/v-check-user-password b/bin/v-check-user-password
@@ -43,17 +43,6 @@ if [[ -z "$password" ]]; then
     exit 9
 fi
 
-# Checking mkpasswd command
-which mkpasswd >/dev/null 2>&1
-if [ $? -ne 0 ]; then
-    # Activating fallback procedure
-    if [ -e "/usr/bin/yum" ]; then
-        yum install -y expect >/dev/null 2>&1
-    else
-        apt-get install -y expect >/dev/null 2>&1
-    fi
-fi
-
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -68,7 +57,7 @@ if [[ -z "$salt" ]] || [[ "${#salt}" -gt 8 ]]; then
 fi
 
 # Generating SHA-512
-hash=$(mkpasswd -m sha-512 -S $salt -s <<< $password)
+hash=$($BIN/v-generate-password-hash sha-512 $salt <<< $password)
 if [[ -z "$hash" ]]; then
     echo "Error: password missmatch"
     echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
diff --git a/bin/v-generate-password-hash b/bin/v-generate-password-hash
@@ -0,0 +1,36 @@
+#!/usr/local/vesta/php/bin/php
+<?php
+//# info: generate password  hash
+//# options: HASH-METHOD SALT PASSWORD
+//
+//# The function generates password hash
+
+// Checking arguments
+if ((empty($argv[1])) || (empty($argv[2]))) {
+    echo "Error: not enought arguments\n";
+    echo "Usage: " . $argv[0] ." HASH-METHOD SALT PASSWORD\n";
+    exit(1);
+}
+
+$crypt = $argv[1];
+$salt = $argv[2];
+if (empty($argv[3])) {
+    $password = file_get_contents("php://stdin");
+    $password = str_replace("\n",'',$password);
+} else {
+    $password = $argv[3];
+}
+
+// Generating MD5 hash
+if ($crypt == 'md5' ) {
+    $hash = crypt($password,  '$1$'.$salt.'$');
+}
+
+// Generating SHA-512 hash
+if ($crypt == 'sha-512' ) {
+    $hash = crypt($password,  '$6$rounds=5000$'.$salt.'$');
+    $hash = str_replace('$rounds=5000','',$hash);
+}
+
+// Printing result
+echo $hash . "\n";
