Support of different default pass schemes + support of BLF-CRYPT (#3832)

* Introduce MAILCOW_PASS_SCHEME in order to support blowfish (cf. mailcow/mailcow-dockerized#1019) * Furthermore added dovecot to support new environment varible for MAILCOW_PASS_SCHEME defaulted to SSHA256 * Revert changes regarding gitignore. * Added fallback to SSHA256 if environment is not proper prepared. * No fallback within management frontend, as it must match to other components. * Unified and corrected alignment; implemented support of SSHA512 * Currently, password_hash of PHP is using by default bcrypt (BLF). As this might change later, we must ensure, that BLF is still used after PHP changes its default. * Switched to BLF-CRYPT by default (even on update) * Switched to BLF-CRYPT by default (even on update) * Adding information in config generation / update with link to supported hash algorithm * Bump sogo version to 1.92 * Fallback to BLF-CRYPT in case password scheme is not proper defined for Mailcow administration.
2020-11-15 20:22:35 +01:00
parent 6d4555eb38
commit d96bf91a0d
7 changed files with 46 additions and 5 deletions
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -141,7 +141,7 @@ cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-passdb.conf
 # Autogenerated by mailcow
 driver = mysql
 connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
-default_pass_scheme = SSHA256
+default_pass_scheme = ${MAILCOW_PASS_SCHEME}
 password_query = SELECT password FROM mailbox WHERE active = '1' AND username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) != '1' AND (JSON_UNQUOTE(JSON_VALUE(attributes, '$.%s_access')) = '1' OR ('%s' != 'imap' AND '%s' != 'pop3'))
 EOF

--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -204,7 +204,7 @@ while read -r line gal
                    <key>type</key>
                    <string>sql</string>
                    <key>userPasswordAlgorithm</key>
-                    <string>ssha256</string>
+                    <string>${MAILCOW_PASS_SCHEME}</string>
                    <key>prependPasswordScheme</key>
                    <string>YES</string>
                    <key>viewURL</key>