[Web] Implement all supported dovecot password schemas (#3974)

When migrating from other Dovecot based installations it can be very
convenient to just copy over existing hashed passwords.
However, mailcow currently only supports a limited number of password
schemes.

This commit implements all password schemes that do not require
challenge/response or OTP mechanisms.

A convenient way to generate the regex with all supported schemas is
`docker-compose exec dovecot-mailcow doveadm pw -l | awk -F' ' '{printf
"/^{("; for(i=1;i<=NF-1;i++){printf "%s%s", sep, $i; sep="|"}; printf
")}/i\n"}'`

Note that this will also include unsupported challenge/response and OTP
schemas.

Furthermore this increases the vsz_limit for the dovecot auth service to
2G for the use of ARGON2I and ARGON2ID schemas.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>

data/conf/dovecot/dovecot.conf

@@ -382,6 +382,7 @@ service auth {
     mode = 0600
     user = vmail
   }
+  vsz_limit = 2G
 }
 service managesieve-login {
   inet_listener sieve {

data/web/inc/functions.inc.php

@@ -483,75 +483,94 @@ function alertbox_log_parser($_data){
   }
   return false;
 }
-function verify_hash($hash, $password) {
+function verify_salted_hash($hash, $password, $algo, $salt_length)
-  if (preg_match('/^{SSHA256}/i', $hash)) {
+{
-    // Remove tag if any
+  // Decode hash
-    $hash = preg_replace('/^{SSHA256}/i', '', $hash);
+  $dhash = base64_decode($hash);
-    // Decode hash
+  // Get first 20 bytes of binary which equals a SSHA hash
-    $dhash = base64_decode($hash);
+  $ohash = substr($dhash, 0, $salt_length);
-    // Get first 32 bytes of binary which equals a SHA256 hash
+  // Remove SSHA hash from decoded hash to get original salt string
-    $ohash = substr($dhash, 0, 32);
+  $osalt = str_replace($ohash, '', $dhash);
-    // Remove SHA256 hash from decoded hash to get original salt string
+  // Check single salted SSHA hash against extracted hash
-    $osalt = str_replace($ohash, '', $dhash);
+  if (hash_equals(hash($algo, $password . $osalt, true), $ohash)) {
-    // Check single salted SHA256 hash against extracted hash
+    return true;
-    if (hash_equals(hash('sha256', $password . $osalt, true), $ohash)) {
-      return true;
-    }
   }
-  elseif (preg_match('/^{SSHA}/i', $hash)) {
+  return false;
-    // Remove tag if any
+}
-    $hash = preg_replace('/^{SSHA}/i', '', $hash);
+
-    // Decode hash
+function verify_hash($hash, $password)
-    $dhash = base64_decode($hash);
+{
-    // Get first 20 bytes of binary which equals a SSHA hash
+  if (preg_match('/^{(.+)}(.+)/i', $hash, $hash_array)) {
-    $ohash = substr($dhash, 0, 20);
+    $scheme = strtoupper($hash_array[1]);
-    // Remove SSHA hash from decoded hash to get original salt string
+    $hash = $hash_array[2];
-    $osalt = str_replace($ohash, '', $dhash);
+    switch ($scheme) {
-    // Check single salted SSHA hash against extracted hash
+      case "ARGON2I":
-    if (hash_equals(hash('sha1', $password . $osalt, true), $ohash)) {
+      case "ARGON2ID":
-      return true;
+      case "BLF-CRYPT":
-    }
+      case "CRYPT":
-  }
+      case "DES-CRYPT":
-  elseif (preg_match('/^{PLAIN-MD5}/i', $hash)) {
+      case "MD5-CRYPT":
-    $hash = preg_replace('/^{PLAIN-MD5}/i', '', $hash);
+      case "MD5":
-    if (md5($password) == $hash) {
+      case "SHA256-CRYPT":
-      return true;
+      case "SHA512-CRYPT":
-    }
+        return password_verify($password, $hash);
-  }
+
-  elseif (preg_match('/^{SHA512-CRYPT}/i', $hash)) {
+      case "CLEAR":
-    // Remove tag if any
+      case "CLEARTEXT":
-    $hash = preg_replace('/^{SHA512-CRYPT}/i', '', $hash);
+      case "PLAIN":
-    // Decode hash
+        return $password == $hash;
-    preg_match('/\\$6\\$(.*)\\$(.*)/i', $hash, $hash_array);
+
-    $osalt = $hash_array[1];
+      case "LDAP-MD5":
-    $ohash = $hash_array[2];
+        $hash = base64_decode($hash);
-    if (hash_equals(crypt($password, '$6$' . $osalt . '$'), $hash)) {
+        return hash_equals(hash('md5', $password, true), $hash);
-      return true;
+
-    }
+      case "PBKDF2":
-  }
+        $components = explode('$', $hash);
-  elseif (preg_match('/^{SSHA512}/i', $hash)) {
+        $salt = $components[2];
-    $hash = preg_replace('/^{SSHA512}/i', '', $hash);
+        $rounds = $components[3];
-    // Decode hash
+        $hash = $components[4];
-    $dhash = base64_decode($hash);
+        return hash_equals(hash_pbkdf2('sha1', $password, $salt, $rounds), $hash);
-    // Get first 64 bytes of binary which equals a SHA512 hash
+
-    $ohash = substr($dhash, 0, 64);
+      case "PLAIN-MD4":
-    // Remove SHA512 hash from decoded hash to get original salt string
+        return hash_equals(hash('md4', $password), $hash);
-    $osalt = str_replace($ohash, '', $dhash);
+
-    // Check single salted SHA512 hash against extracted hash
+      case "PLAIN-MD5":
-    if (hash_equals(hash('sha512', $password . $osalt, true), $ohash)) {
+        return md5($password) == $hash;
-      return true;
+
-    }
+      case "PLAIN-TRUNC":
-  }
+        $components = explode('-', $hash);
-  elseif (preg_match('/^{MD5-CRYPT}/i', $hash)) {
+        if (count($components) > 1) {
-    $hash = preg_replace('/^{MD5-CRYPT}/i', '', $hash);
+          $trunc_len = $components[0];
-    if (password_verify($password, $hash)) {
+          $trunc_password = $components[1];
-      return true;
+
-    }
+          return substr($password, 0, $trunc_len) == $trunc_password;
-  } 
+        } else {
-  elseif (preg_match('/^{BLF-CRYPT}/i', $hash)) {
+          return $password == $hash;
-    $hash = preg_replace('/^{BLF-CRYPT}/i', '', $hash);
+        }
-    if (password_verify($password, $hash)) {
+
-      return true;
+      case "SHA":
+      case "SHA1":
+      case "SHA256":
+      case "SHA512":
+        // SHA is an alias for SHA1
+        $scheme = $scheme == "SHA" ? "sha1" : strtolower($scheme);
+        $hash = base64_decode($hash);
+        return hash_equals(hash($scheme, $password, true), $hash);
+
+      case "SMD5":
+        return verify_salted_hash($hash, $password, 'md5', 16);
+
+      case "SSHA":
+        return verify_salted_hash($hash, $password, 'sha1', 20);
+
+      case "SSHA256":
+        return verify_salted_hash($hash, $password, 'sha256', 32);
+
+      case "SSHA512":
+        return verify_salted_hash($hash, $password, 'sha512', 64);
+
+      default:
+        return false;
     }
   }
   return false;

data/web/inc/functions.mailbox.inc.php

@@ -1055,7 +1055,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               return false;
             }
             // support pre hashed passwords
-            if (preg_match('/^({SSHA256}|{SSHA}|{SHA512-CRYPT}|{SSHA512}|{MD5-CRYPT}|{PLAIN-MD5})/i', $password)) {
+            if (preg_match('/^{(ARGON2I|ARGON2ID|BLF-CRYPT|CLEAR|CLEARTEXT|CRYPT|DES-CRYPT|LDAP-MD5|MD5|MD5-CRYPT|PBKDF2|PLAIN|PLAIN-MD4|PLAIN-MD5|PLAIN-TRUNC|PLAIN-TRUNC|SHA|SHA1|SHA256|SHA256-CRYPT|SHA512|SHA512-CRYPT|SMD5|SSHA|SSHA256|SSHA512)}/i', $password)) {
               $password_hashed = $password;
             }
             else {
@@ -2557,7 +2557,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 continue;
               }
               // support pre hashed passwords
-              if (preg_match('/^({SSHA256}|{SSHA}|{SHA512-CRYPT}|{SSHA512}|{MD5-CRYPT}|{PLAIN-MD5})/i', $password)) {
+              if (preg_match('/^{(ARGON2I|ARGON2ID|BLF-CRYPT|CLEAR|CLEARTEXT|CRYPT|DES-CRYPT|LDAP-MD5|MD5|MD5-CRYPT|PBKDF2|PLAIN|PLAIN-MD4|PLAIN-MD5|PLAIN-TRUNC|PLAIN-TRUNC|SHA|SHA1|SHA256|SHA256-CRYPT|SHA512|SHA512-CRYPT|SMD5|SSHA|SSHA256|SSHA512)}/i', $password)) {
                 $password_hashed = $password;
               }
               else {