Some last changes
This commit is contained in:
andryyy
0
data/assets/ssl/.empty
Normal file
0
data/assets/ssl/.empty
Normal file
@@ -1,8 +0,0 @@
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEAytfW/P+fV4BLTcJhlHG49Vq7hQrmyUPP+NZ/6MUIG8FNlFaXxbFl
|
||||
NtarS/gfOpj+Q5LhS91gToQOqJIij03Jr7t3PdUkkDuIs11y5Ux6zsEQdBhok+yY
|
||||
tYvdYT4lbex1dLX36u/tn2VnPdh2jLltRjWN2jiUxjh/O+vXtfej8u4Rc2oOOOFS
|
||||
f0e2Ye2WeWXvQlhkcGu87kKIqklxbjmqVtE1fx5Ydvrl1P/HQiCq4YQLIx5skgQn
|
||||
e4LyvBdiuA44v1WhXSa0Lb4PcXUQcGhesGJZ/A3M1K/h/ZO47oUyL93odyAO8x3e
|
||||
mLHHsOWAh5MGO0ID2jANwuziri5LEeW4+wIBAg==
|
||||
-----END DH PARAMETERS-----
|
||||
@@ -1,32 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFezCCA2OgAwIBAgIJALl64rYl1fjjMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV
|
||||
BAYTAkRFMQwwCgYDVQQIDANOUlcxCzAJBgNVBAcMAktSMRIwEAYDVQQKDAlTZXJ2
|
||||
ZXJjb3cxFjAUBgNVBAMMDW1haWxjb3cubG9jYWwwHhcNMTYxMjA4MjEzMDM2WhcN
|
||||
MjYxMjA2MjEzMDM2WjBUMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMQswCQYD
|
||||
VQQHDAJLUjESMBAGA1UECgwJU2VydmVyY293MRYwFAYDVQQDDA1tYWlsY293Lmxv
|
||||
Y2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvd/79BmtXZcgzwJw
|
||||
8i76C8e0waehYypibOkBqnFi4bF6Q7mhB1j/bA4LmXG4UpcX7ULlDozzaM7Hfi9Q
|
||||
v1STYR/S9ShXZNStwDYibOa1q/FG+b4qTjtFiWBW8wH/XxIv6JHX8/IjqwHIs/3B
|
||||
EVEl0LEs1RdNMKgSEJ9wbK3q+0pOvw9B6FnhCE2414SE1e7wYL50+NaKTHQcbft3
|
||||
ZcRGDTEh4euRKMmVTrBwmpYnNtiljJvHU4F9cdAFg8ZailwJerod1VXB93YX3Jtc
|
||||
qRQ9akNjFzLQ/6a4PhKAB8uaStEzri0yBdp+O0Qs/tbloAArAJW3dgE7Omxzso79
|
||||
Du4idDHyRmcLu5rsQzST+7kwaCHHWQ4c2mjlhibICGMUzwks39s1QI8CtjmU6AIy
|
||||
7F/XpYAJ70Fl7qy99ugrz8X50cPBFtLTYX18wZTUjl/s4qy+JPvUBt2MALPj/YnR
|
||||
fXck/emkwscmE1UhaycMW4U21/+5gOhWpFIBCKWnsvRn0SHi7lUzuWBnXvL5tmrA
|
||||
gsaFrm/L2JhW2WerZ61UpOVookYtUbk4Hr+Pq6yTgJShUw2i/B71Qr173PIxRV7u
|
||||
1qJeOWY3UMPLcfiAnEZFAo7cfLRvqZmHiNp6lALdmoiWllnVvzcRwR/DBvg4gaFt
|
||||
R6FeLDArhCdu04WENTd5E3XHRrUCAwEAAaNQME4wHQYDVR0OBBYEFFBMhsQlfxCI
|
||||
1GaT1ZGvGheUOGRkMB8GA1UdIwQYMBaAFFBMhsQlfxCI1GaT1ZGvGheUOGRkMAwG
|
||||
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADujbXk9XVhkF6/WVTxANXVB
|
||||
tpIojCPEsXYqEhvMGtDGfqd8sJlEWM0vmuUvM52G7ULMf8aVfiOhLUkEFWpadL9v
|
||||
/uZ8EPUc+ZWxxBOEnJbszqrxs94u7K9dxmQnL1rjrW1UtkrT0ptuzJBBQcjdicwe
|
||||
VIl5Cn/eq+mkKZRVlctGtD4r1z8u5rUHoOE4RCOU5mfSafu15zzwiglh9wLuuXHC
|
||||
bi7Onau9gB1EfmhZwUAL2xZZwvlNGRc6Dz1LG+OXVIOgRHeyfnZQa1ErC4FY5J0Y
|
||||
NR+KT7JQW9zivyu0MsV3E2J7GzRAywKyP0m/F/qHJFWxPymILAyWVUlwtJswR5sE
|
||||
bT19zPeajrVrbpUMtQv3FhFObtSyw/eI/yRWUuhBapkk95DWl7OkffkQ5OUHG+fs
|
||||
QWj1d2Mdhf+jkpgqyL1DyPILsG7ADT0dL/3kZoJf1wjeqNfW3dDo0Ex9DlbznP2h
|
||||
ldnMeIQYuyNBqzNfaZGW2WManwHWtASV2Hn76QMVrMfLDnf3RRdEUplW3fsIfLQ0
|
||||
f2YVunLJNvll+2QGdCkmJUbLEvvvWmz0Ve+RalGtKi+VTd2I3u4fvFsAXad48wwq
|
||||
oK5xd6Se0MsTkcOukaPEkggjffmITyg5Hpqmg1yBSoaH5D/wujTy9X3QcQA30fU/
|
||||
ttoPblK2hlItcK4hHnkK
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,51 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKAIBAAKCAgEAvd/79BmtXZcgzwJw8i76C8e0waehYypibOkBqnFi4bF6Q7mh
|
||||
B1j/bA4LmXG4UpcX7ULlDozzaM7Hfi9Qv1STYR/S9ShXZNStwDYibOa1q/FG+b4q
|
||||
TjtFiWBW8wH/XxIv6JHX8/IjqwHIs/3BEVEl0LEs1RdNMKgSEJ9wbK3q+0pOvw9B
|
||||
6FnhCE2414SE1e7wYL50+NaKTHQcbft3ZcRGDTEh4euRKMmVTrBwmpYnNtiljJvH
|
||||
U4F9cdAFg8ZailwJerod1VXB93YX3JtcqRQ9akNjFzLQ/6a4PhKAB8uaStEzri0y
|
||||
Bdp+O0Qs/tbloAArAJW3dgE7Omxzso79Du4idDHyRmcLu5rsQzST+7kwaCHHWQ4c
|
||||
2mjlhibICGMUzwks39s1QI8CtjmU6AIy7F/XpYAJ70Fl7qy99ugrz8X50cPBFtLT
|
||||
YX18wZTUjl/s4qy+JPvUBt2MALPj/YnRfXck/emkwscmE1UhaycMW4U21/+5gOhW
|
||||
pFIBCKWnsvRn0SHi7lUzuWBnXvL5tmrAgsaFrm/L2JhW2WerZ61UpOVookYtUbk4
|
||||
Hr+Pq6yTgJShUw2i/B71Qr173PIxRV7u1qJeOWY3UMPLcfiAnEZFAo7cfLRvqZmH
|
||||
iNp6lALdmoiWllnVvzcRwR/DBvg4gaFtR6FeLDArhCdu04WENTd5E3XHRrUCAwEA
|
||||
AQKCAgEArhCYOb8QX6wcN6pVQLAwKnx6CM5T9UT11kIFdOtdaun42/1g0guUnMqD
|
||||
d7f48j3xgWDB/ATbYEmwOM3HiJ9QPMmf63+AHr+aSYtXI96czXPzTSA4SF+t77KS
|
||||
A1Thd5aEtQB+qPRiHnMUO211gRqTQC4sm20xJlntta90sSz/Lj+A0UZ7dTZwRdx6
|
||||
h5jE7hqN4yK2uSh0wIHxTiIp4vF8Brv0A9igynOCnRDDKfRdHrqdibmFkdgz2BKL
|
||||
+7HrbsvRJOFaWCi2GNX6KhODbr1PUAtW2/2J+9QrMzxigsL0P4JpjlOAeD1FW6+0
|
||||
UCtRdsywn2ihN10JnxWtOxQ6iWVlzut52uDnwUa09GThSVnurJihV9mSWyk9lNuy
|
||||
0kILtSmYn6UbokOgmfjH0E2Ks1qbskD8GlI9g/wkhs5YC+ZYW2MP9FG39n4/QSnk
|
||||
boOTqht8JylWPVyzmvvcRf5nfEOZ5mF82L28Y/OfPn0gakYARxn1EnzpguF3ffFD
|
||||
NEn9lWzEAbldlnDslzi6YPOeyQwA6iLCesag5LSGdADrM7kAGHksJggeUb02BSd6
|
||||
Nmy6MVMF6tzQYdaqgKXoqKs5nRJLZR1k70ftju2UNWEN24aUd6U2lDOlkaYoucSk
|
||||
NohTUKXX0dibSGd9eU7hCNS75YoG1x2gCEOatVelG4EZQfIU/EECggEBAN6gBjv4
|
||||
kDuIZ1wk0BBt/ijARH8FAzHm0hr8oyWpq6Sdrq5y9iAbvFNwEXJ/ft6NNcCF9maT
|
||||
e5oG5NpoaV0FN5W8qQ8rGnESV/fZOxJEr1yJPEq4yDIspHEXkBjvTgYWjuXRve9n
|
||||
NtsSv1crRFxW5IizPkZklbJUZD7oH5iHB15UGfdpKr5Fx3JpsaXht3dMEJ4YQetF
|
||||
Mr9jcBGwYCYmlWgpKkD+HadgjbNdG4ztKTFEU7/ElEIIR86IDcqJsz0XsmZIjwUU
|
||||
3lsPhVo8Km8ohvGA/WqAaf6ebN9PXjiUFXfjHlveHPTtrd5MCutnxUk0kY4/srmB
|
||||
5avH3bxXbKiufiMCggEBANpXEGY9f020vHFUC0vNOeCym8XuXqFyvx6Cl6tTlj8S
|
||||
dZCWoHljnJg2HbbJcdh92rri9f+ahNNpZ9/0PQi9yBThWt9aP90Tw3+BhxUyvlPL
|
||||
FsFX5IdNq403Ls9iyZuj1Rf9lc65d9lr7TVC5CMI7+BN3CftjvOw3yGucJno+MLW
|
||||
AvENx3+NnZ2Hy9nNJp54lbDJe8anP57kvDIKcbmmvVW2ktQKcZqAyBUq0E8mOtkz
|
||||
66ZRV+/pSnwugb0Eols3s54OvtOoGBnq1r8GVhf/x23J0UvBoHqqURQFJ5oTKxQW
|
||||
zAJ7suGn3xUKBOatypXgg8ZL67rQqo0PxoNK0RcJuUcCggEAHWrf6ATMalF39wEW
|
||||
TVV7hD8DzhUHewyZLt+7XzqwZ6w+bObcBxojJJNmes7GIPpf4/TPvnY2mv/WNdYe
|
||||
NiB+W9b2L/7uG4rk/OdDmwJgecXYpbcNHTQw9pC6hdD5amyIrW2tv3jQEtrDVe1t
|
||||
txX0VOv6iqq37Tyhkn5xzmHpY1mRpNPMxh/KXyAATX8qEyWF/J4P99rI/elR4cSA
|
||||
sAnhLEZkQvpRSNDFaLIg9dpQ2yXAO1LqlF8rverUh7LycFw1QrbLz0wWpcnDQU05
|
||||
/j5Itpjo463cU7zzff6q4KcQvyrP1Cvhf6v4katSthCcTTQZF8brAwBbLPvYHQ8g
|
||||
WJnWKQKCAQAVJ8ZxAZhqIQ75NBl8GMB44xVw0i3dGs8l16V2djzik5lMjyuxV1N+
|
||||
9A9g/JfJUDh3TzJit8gS6+2ip3madTkDvOofJhF2DEou+o/qH+aNG+pyhV+hNIdg
|
||||
wW4Jrhq2t+MX1fxD8XiJWom7VWXhdyY255RjUgM93W9hRhOm9gnUZwQV8y3XUBNr
|
||||
hhLcYaJSTIDEhmE12FKzxJnvh0+Jm3xQ58XGQdTMEZpRYrqYUK33Ca7ViKAqoMIU
|
||||
0jTD6cUJbZY7xFX9EBZ1vGleTPDelmvuWVWsL3CrMgF1HSK/LQhJhAP0YaPtdWSK
|
||||
F1RuPXyZlQ1vkz+d9EXyMQsdAYzM3KZVAoIBAF0gvM4fY0EvSDKevWnZtLyINHZV
|
||||
TC2HhElAREmblbziQ1GO00nCw+RXYmA7fMHuMNnHMcB/QubpMQxEPetAbtcX9jXW
|
||||
iBNIpHTQwNWBe+IGd1I7n6FA6Cqis4tdNFmaWxXv1aMpzU7K/aVcO3sK3SsjSy6A
|
||||
4bDJ9mlGCnIv5zc1on3lpMARBUGRF8mAQ6ejMuUjubtPa8cSUhUv3hoH0xG9bLJh
|
||||
0VDZ6bZ7QFLpNxFUlX7muSj8DNsjR77TBuN+Buk+pI68GDl6177Gm6UkZRYx4yi5
|
||||
xFCP9932L2tufcQaRsiIHdNEFAGMMPe2M22DUmSI0cSNgx4xKuLGJI4PkTM=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -183,8 +183,8 @@ service lmtp {
|
||||
user = vmail
|
||||
}
|
||||
listen = *,[::]
|
||||
ssl_cert = </etc/ssl/mail/mail.crt
|
||||
ssl_key = </etc/ssl/mail/mail.key
|
||||
ssl_cert = </etc/ssl/mail/cert.pem
|
||||
ssl_key = </etc/ssl/mail/key.pem
|
||||
userdb {
|
||||
args = /etc/dovecot/sql/dovecot-mysql.conf
|
||||
driver = sql
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
server {
|
||||
listen 443;
|
||||
ssl on;
|
||||
ssl_certificate /etc/ssl/mail/mail.crt;
|
||||
ssl_certificate_key /etc/ssl/mail/mail.key;
|
||||
ssl_certificate /etc/ssl/mail/cert.pem;
|
||||
ssl_certificate_key /etc/ssl/mail/key.pem;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
allow-from=127.0.0.0/8 172.18.0.0/16
|
||||
allow-from=127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
|
||||
config-dir=/etc/powerdns
|
||||
daemon=no
|
||||
disable-syslog=yes
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
biff = no
|
||||
append_dot_mydomain = no
|
||||
smtpd_tls_cert_file = /etc/ssl/mail/mail.crt
|
||||
smtpd_tls_key_file = /etc/ssl/mail/mail.key
|
||||
smtpd_tls_cert_file = /etc/ssl/mail/cert.pem
|
||||
smtpd_tls_key_file = /etc/ssl/mail/key.pem
|
||||
smtpd_use_tls=yes
|
||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||
@@ -45,8 +45,8 @@ relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mxdomain_maps.cf
|
||||
relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
|
||||
sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_out_policy.cf
|
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
smtp_tls_cert_file = /etc/ssl/mail/mail.crt
|
||||
smtp_tls_key_file = /etc/ssl/mail/mail.key
|
||||
smtp_tls_cert_file = /etc/ssl/mail/cert.pem
|
||||
smtp_tls_key_file = /etc/ssl/mail/key.pem
|
||||
smtp_tls_loglevel = 1
|
||||
smtp_dns_support_level = dnssec
|
||||
smtp_tls_security_level = dane
|
||||
|
||||
@@ -1,12 +1,7 @@
|
||||
<?php
|
||||
function hash_password($password) {
|
||||
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
|
||||
if ($GLOBALS['HASHING'] == "SHA512-CRYPT") {
|
||||
return "{SHA512-CRYPT}".crypt($password, '$6$'.$salt_str.'$');
|
||||
}
|
||||
else {
|
||||
return "{SSHA256}".base64_encode(hash('sha256', $password.$salt_str, true).$salt_str);
|
||||
}
|
||||
return "{SSHA256}".base64_encode(hash('sha256', $password.$salt_str, true).$salt_str);
|
||||
}
|
||||
function hasDomainAccess($username, $role, $domain) {
|
||||
global $pdo;
|
||||
@@ -37,6 +32,23 @@ function hasDomainAccess($username, $role, $domain) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
function verify_ssha256($password, $hash) {
|
||||
// Remove tag if any
|
||||
$hash = ltrim($hash, '{SSHA256}');
|
||||
// Decode hash
|
||||
$dhash = base64_decode($hash);
|
||||
// Get first 32 bytes of binary which equals a SHA256 hash
|
||||
$ohash = substr($dhash, 0, 32);
|
||||
// Remove SHA256 hash from decoded hash to get original salt string
|
||||
$osalt = str_replace($ohash, '', $dhash);
|
||||
// Check single salted SHA256 hash against extracted hash
|
||||
if (hash('sha256', $password . $osalt, true) == $ohash) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
function doveadm_authenticate($hash, $algorithm, $password) {
|
||||
$descr = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
|
||||
$pipes = array();
|
||||
@@ -76,7 +88,7 @@ function check_login($user, $pass) {
|
||||
$stmt->execute(array(':user' => $user));
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($rows as $row) {
|
||||
if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) {
|
||||
if (verify_ssha256($row['password'], $pass) !== false) {
|
||||
unset($_SESSION['ldelay']);
|
||||
return "admin";
|
||||
}
|
||||
@@ -88,7 +100,7 @@ function check_login($user, $pass) {
|
||||
$stmt->execute(array(':user' => $user));
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($rows as $row) {
|
||||
if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) {
|
||||
if (doveadm_authenticate($row['password'], $pass) !== false) {
|
||||
unset($_SESSION['ldelay']);
|
||||
return "domainadmin";
|
||||
}
|
||||
@@ -99,7 +111,7 @@ function check_login($user, $pass) {
|
||||
$stmt->execute(array(':user' => $user));
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($rows as $row) {
|
||||
if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) {
|
||||
if (doveadm_authenticate($row['password'], $pass) !== false) {
|
||||
unset($_SESSION['ldelay']);
|
||||
return "user";
|
||||
}
|
||||
|
||||
@@ -31,6 +31,4 @@ $DEFAULT_LANG = "en";
|
||||
// See https://bootswatch.com/
|
||||
$DEFAULT_THEME = "lumen";
|
||||
|
||||
$HASHING = "SSHA256";
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user