Zhang Huangbin | 14 Sep 11:48 2014
Picon

[RCD] Possible bug in Roundcube password plugin: cannot generate correct bcrypt hash

Dear developers,

I'm running Roundcubemail-1.0.2 on OpenBSD 5.5, i tried to generate bcrypt password hash with
ldap_simple password driver, it generates password hash with prefix '{crypt}$2a$' which identities
it's a blowfish/bcrypt hash, but Dovecot cannot verify it.

Dovecot works fine if i generated password hash with Dovecot command 'doveadm pw -s BLF-CRYPT' or Python
bcrypt module. So i think there might be something wrong in Roundcube password driver. Could you help
inspect it?

Thank you very much.

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Dima Dorfman | 3 Sep 12:05 2014
Picon

[RCD] [PATCH] password plugin driver for ldappasswd(1)

Hello,

I wrote a backend for the password plugin that uses OpenLDAP's
ldappasswd(1). My motivation for this was to remove the requirement to
retrieve the user's full LDAP record, which our policy does not allow,
but this method is also easier to configure, obviates the need for php
to be able to produce the password hash, and supports a more complete
range of password storage and authentication options (e.g. SASL binds)

In particular, this might satisfy New Feature Request #1486349:
password plugin: using LDAP EXOP for changing passwords (RFC3062)

From the comments:

* Advantages of this method:
*  - No extra configuration if OpenLDAP/ldappasswd are already configured
*  - Indifferent to password storage (attribute) and hashing details
*  - Future-proof: supports everything ldappasswd(1) can do now, and later
*  - TLS/SSF verification is done by OpenLDAP according to system settings
*  - Uses PASSMOD extended operation; no need to retrieve full user record

Please review. If possible, I would like to see this in the main tree so
I don't have to maintain it locally

Patch attached

Cheers,

--

-- 
Dima
(Continue reading)

Michael Heydekamp | 28 Aug 20:37 2014
Picon

[RCD] Login to git-master not working

Any idea why we can't login to git-master anymore...? After login, I'm
seeing ... nothing. RC attempts to load the page ****/?_task=login rather
than ****/?_task=mail (which would be the correct one).

We reverted back to the stage of Aug 26th, and everything is working again.

Win7/64, FF 27.0.1.

Cheers,
--

-- 
Michael Heydekamp
Co-Admin freexp.de
Düsseldorf/Germany
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Robert Bilbrey | 28 Aug 18:58 2014

[RCD] Feature Request


To be able to store PGP keys in the roundmail client,encrypt and
decrypt messages automatically.
Thanks, Bob

-- 
Robert Bilbrey, CISSP,PMP
Ph:931.879.8248
Cell:530.526.8605

If you wish to send me a private email,Please use the following key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFPftloBCADTYqqFvxl1EZdx/LDJLxYHgqavpWI+2i1qs20XKAFsGwVgMOi6
aUMVffPC3cItheBn7ZsTD5FVEJF3y53W9b45MLO+CzDFQpgYvwOvCyUDAGpg8J8D
LV5c4XuVa9fT4Mo8txgvEGOc6ff/kd1i/D9CXGARYKVM2ik5HRJiv41rgC83OhFM
+FulGtMHM4aGNzhRXTPl94pQVSaL1FGcBEv3MDQJCu9LVqNq0Q/dKoA6tZ5RAkwq
ImdBDZj7JyxDUX9Ri69WFN+fXSxAbn6gUKr59Efd3brEChgb9fIZagmOUPrrw4YZ
2E8hTGyXot7Fki7iZdWZplUS+2mp+IMmKGrPABEBAAG0MlJvYmVydCBCaWxicmV5
IChubyBwYXNzd29yZCkgPHJiaWxicmV5QHJ1bmJveC5jb20+iQE4BBMBAgAiBQJT
37ZaAhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAr7glej7v7ym4xCACi
rOQp/6VGpQxSpEnLbQQkB3gesbnsdyDJ9CYeoDkTgcMfimM/Ey1e24Yp1NzqjLYV
GoEgjqdJf2zR8ebbZ0IcEGdftirnWpwEhbvQ9u8ad01cQ5PQC6h5I2de8AWE7xbW
+8fQxqqV2+cNAag+cjdT63Rn600G9TW4tizljy4Gv41s5pT12U9D0ja8QM8ubjku
UHavGDPCifZ2Do6WyM8jXYjeBpxD4MRzxsDffgz+PQnlOMJT9fDTkgdNGl3OUA1p
OLSVCh5l6NBMlanieb9NEW896VpJ7J8APcMyMqgkHUHLI1VP2DoLgB9ptl2gUExw
KV/pwdWqESe8KRfcl1pruQENBFPftloBCADhhaio3imhzZhIV9vzzLLQalOeXM62
WiYyOVXzbYL8NDmwu24ZIieHFS7X35O+jjWHmo3NlWhsYTrItdYPlc7r7MDkTNzC
kB4421P3HQjrwaY6SnuQ/4E9M/FbsNdUSCVY26faqzVvzN+5kjBKjMEq4huUgr3W
(Continue reading)

Admin DC | 22 Aug 02:37 2014

[RCD] Error on Moving/Copying messages from INBOX to nested folders within INBOX; works from INBOX to other Top_Level folders

Hello,

I first tried posting this with my gmail and didn't see it showing up on 
the archive. So I wanted to make sure this went through so I used a 
non-free email domain.

If I created a duplicate thread I apologize.

Now on to the issue at hand.

We just oddly started experiencing this issue. We've spent quite a bit 
of time troubleshooting with logging increased on both our IMAP servers 
(Debian Wheezy 7.6 64bit with dovecot vers 2.1.7-7+deb7u1 )

I am absolutely able to reproduce this on numerous accts, even with 
logging up to 8 we do not see any "ERROR" or any reason why the copy and 
expunge would fail.

Our production copy of webmail was older (0.9-rc), so I suspected 
possibly it was a bug or something wrong with that version, so we 
created a "ourwebmail-new.foo.com" domain and do an inplace upgrade on 
our database (to preserve our address book and other client info), with 
no issues on upgrade to v 1.0.2

Currently we have been diffing a successful copy/move and an 
unsuccessful copy/move and just cant figure out what's going on

To sum up:

INBOX to SOME_RANDOM_FOLDER has copy/move WORKING
(Continue reading)

Thomas Bruederli | 20 Aug 09:14 2014
Picon

[RCD] Message compose Zen mode

Hello folks

We have a pending ticket [1] for the upcoming Roundcube 1.1 release
which asks for more space when composing messages. My proposition was
to add a Zen mode as some of you might know from github. I have now
implemented this in a separate branch 'dev-zenmode' in the Roundcube
git repository and I'd like to hear your comments on this. So if you
have a git checkout somewhere, please quickly switch to the
'dev-zenmode' branch and have a look.

Thanks!
Thomas

[1] http://trac.roundcube.net/ticket/1489198
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Cor Bosman | 17 Aug 16:47 2014
Picon
Picon

[RCD] searching

Hey all, im playing with searching and an FTS enabled mail server (dovecot) with 1.2 million emails. This
works very well. But i wish there was a way to allow the full power of imap searching in roundcube. Roundcube
only seems to allow a very limited set.

For instance, in dovecot I can do:   SEARCH FROM COR TO ROUNDCUBE BODY FOOBAR 

This will give me all emails matching From:*cor* , To:*roundcube* where anywhere in the body it says
foobar. And with FTS lucene engine this is fast :)

Would it be an idea to allow the keyword raw, so you could say in the roundcube search box:  raw:FROM COR TO
ROUNDCUBE BODY FOOBAR  , which passes that search string unaltered to the backend imap server?

Cor

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Cor Bosman | 15 Aug 11:33 2014
Picon
Picon

[RCD] prefs hostname revisited

Hey all, every so often we have this discussion about the hostname in the preferences db. It is quite a hassle
for us to have the imap hostname be part of the preferences. For instance, we allow some customer service
people to impersonate customers, and only 1 specific imap server allows impersonation, which is only
accessible through internal networks. But then we cant have these customer service people actually
interact with settings..

I went into the code a bit, and maybe this is a workable solution. There seems to be only 2 times when the
hostname is used to interact with the db. One in rcube_user::query(), and one in rcube_user::create().

Interestingly, create() has a plugin hook, which allows you to modify the hostname. But query() does not.

The code that calls query() is in rcmail.php.

>         $host     = rcube_utils::idn_to_ascii($host);
>         $username = rcube_utils::idn_to_ascii($username);
> 
>         // user already registered -> overwrite username
>         if ($user = rcube_user::query($username, $host)) {
>             $username = $user->data['username'];
>         }

What if we add a plugin hook there (or actually in query()), so you can modify the created hostname during
login? That way, this can all be done using plugins and people that want to can set a static hostname for preferences.

Cor

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
(Continue reading)

Rosali | 15 Aug 07:50 2014
Picon

Re: [RCD] Plugin API register task

Am 2014-08-14 18:28, schrieb Thomas Bruederli:
> On Thu, Aug 14, 2014 at 3:52 PM, Rosali <myroundcube <at> mail4us.net> 
> wrote:
>> Hello Devs,
>> 
>> I don't understand how I should handle $this->register_task.
>> 
>> I have noticed if a plugin is running on its own task then it behaves
>> strange.
>> 
>> I think it is best to give an example:
>> 
>> [...]
>> 
>> So, what am I doing wrong? How do I have to register the action in a 
>> plugin
>> so that they are properly recognized while staying on a task which is
>> registered/owned by another plugin?
> 
> I guess looking at the request dispatching routine [1] clarifies the
> situation. First it checks is_plugin_task() and only if it isn't, the
> 'plugin.' prefix is checked. We might change the order of these checks
> and give precedence to 'plugin.*' actions but I can't imagine the
> side-effects such a change might have.
> 
> A work-around for your particular situation could be to execute
> rcmail.http_post('mail/plugin.carddav-addressbook-sync') or
> rcmail.http_post('foo/plugin.carddav-addressbook-sync') in order to
> not hit a task that is registered by a plugin.

(Continue reading)

Rosali | 14 Aug 15:52 2014
Picon

[RCD] Plugin API register task

Hello Devs,

I don't understand how I should handle $this->register_task.

I have noticed if a plugin is running on its own task then it behaves 
strange.

I think it is best to give an example:

I inlude a javascript file into each task which triggers an AJAX sync 
request as follows:

{{{
         rcmail.http_post(
           'plugin.carddav-addressbook-sync',
           '',
           rcmail.env.task == 'addressbook' ? 
rcmail.display_message(rcmail.gettext('addressbook_sync_loading', 
'carddav'), 'loading') : false
         );
}}}

If this request is executed f.e. in Kolab's calendar task I get an 
error:

PHP Error: No handler found for action 
calendar.plugin.carddav-addressbook-sync in 
C:\xxxx\program\lib\Roundcube\rcube_plugin_api.php on line 462 (POST 
/?_task=calendar&_action=plugin.carddav-addressbook-sync?_task=&_action=)

(Continue reading)

Lorenzo Petracchi | 13 Aug 09:27 2014
Picon

[RCD] adding transparent managesieve-vacation tests

Let managesieve-vacation plugin insert default tests in every users sieve
script, without the users see them on UI? Or do I need to modify the code
for this?

default tests to insert:
if allof (not exists
["list-help","list-unsubscribe","list-subscribe","list-owner","list-post","l
ist-archive","list-id","Mailing-List"], not header :is "Precedence"
["list","bulk","junk"], not header :matches "To" "Multiple recipients of*")

so I need to have something like this:

require ["vacation"];
# rule:[Vacanze]
if allof (not exists
["list-help","list-unsubscribe","list-subscribe","list-owner","list-post","l
ist-archive","list-id","Mailing-List"], not header :is "Precedence"
["list","bulk","junk"], not header :matches "To" "Multiple recipients of*")
{
    vacation :days 7 :addresses
["roundcube-test <at> unifi.it","rc-test <at> unifi.it"] :subject "assenza" text:
-- risposta automatica --

Sono assente. ciao
.
;
}

_______________________________________________
Roundcube Development discussion mailing list
(Continue reading)


Gmane