1 Topic by Lotusdew (edited by Lotusdew 2022-08-21 20:01:42)

  • Lotusdew
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 5

Topic: Cannot change default password in Roundcube

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.0 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
ERROR
"Could not save password. Encryption Function Missing"

I have seen that this was an issue with previous versions but the fixes are in place in

/opt/www/roundcubemail/plugins/password

The config.inc.php

has

$config['password_algorithm'] = "dovecot";

// Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated
// using password_algorithm above. Default: empty.
$config['password_algorithm_prefix'] = "dovecot";

// Path for dovecotpw/doveadm-pw (if not in the $PATH).
// Used for password_algorithm = "dovecot";
$config['password_dovecotpw'] = "/usr/bin/doveadm pw";
//$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x

// Dovecot password scheme.
// Used for password_algorithm = "dovecot";
$config['password_dovecotpw_method'] = "SSHA512";

// Enables use of password with method prefix, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
// when using password_algorithm= "dovecot";
$config['password_dovecotpw_with_method'] = true;

Which seemed to the fixes that previous versions had. This seems like a regression bug or a bug related specifically to MariaDB sql driver.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by haveagoodtime (edited by haveagoodtime 2022-08-22 01:31:11)

  • haveagoodtime
  • Member
  • Offline
  • Registered: 2021-09-30
  • Posts: 20

Re: Cannot change default password in Roundcube

I'm on Debian and had the same issue but what worked for me was:
go into your roundcube directory then /plugins/password/config.inc.php

Change:
config['password_algorithm'] = 'clear';
to
config['password_algorithm'] = 'ssha512';

and

config['password_algorithm_prefix'] = '';
to
config['password_algorithm_prefix'] = '{SSHA512}';

and
config['password_query'] = "UPDATE mailbox SET password=%D,passwordlastchange=NOW() WHERE username=%u";
to
%P instead of %D

I saw this fix here and it worked for me: https://forum.iredmail.org/topic18494-r … ssing.html

3 Reply by Lotusdew (edited by Lotusdew 2022-08-22 03:05:44)

  • Lotusdew
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 5

Re: Cannot change default password in Roundcube

Yes this would work too - but I ran into a knowledge issue.

The file config.inc.php for password plugin was owned by www-data and I didnt know what should be the right way to edit it. I am logged into the box as root. The permissions are read-only for www-data for this file and I didnt know what permissions I need to set.

SoI decided to masquerade the ssha512 case in
/opt/www/roundcubemail/plugins/password


In the file password.php I replaced the function as below - so I set the case for 'ssh512' to be 'dovecot' and added $prefixed =true; in the end of this case.

case 'dovecot': #'ssha512':
            $salt = rcube_utils::random_bytes(8);

            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                $salt    = mhash_keygen_s2k(MHASH_SHA512, $password, $salt, 4);
                $crypted = mhash(MHASH_SHA512, $password . $salt);
            }
            else if (function_exists('hash')) {
                $salt    = substr(pack("H*", hash('sha512', $salt . $password)), 0, 4);
                $crypted = hash('sha512', $password . $salt, true);
            }
            else {
                rcube::raise_error([
                        'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
                        'message' => "Password plugin: Your PHP install does not have the mhash()/hash() function"
                    ], true, true
                );
            }

            $crypted = base64_encode($crypted . $salt);
            $prefix  = '{SSHA512}';
            $prefixed = true;
            break;
Basically I overrode ssha512 case as dovecot. Since this occurs before the actual dovecot, this will get used. I also added

$prefixed = true ; so that the prefix is added.

That said - the issue is with permissions of using doveadm from

$pipe = proc_open("$dovecotpw -s '$method'", $spec, $pipes);

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Cannot change default password in Roundcube

Lotusdew wrote:

That said - the issue is with permissions of using doveadm from

$pipe = proc_open("$dovecotpw -s '$method'", $spec, $pipes);

Did you successfully grab the error message of this proc_open() call? Let's see whether it's easy to fix it.

5 Reply by Lotusdew

  • Lotusdew
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 5

Re: Cannot change default password in Roundcube

ZhangHuangbin wrote:
Lotusdew wrote:

That said - the issue is with permissions of using doveadm from

$pipe = proc_open("$dovecotpw -s '$method'", $spec, $pipes);

Did you successfully grab the error message of this proc_open() call? Let's see whether it's easy to fix it.

No I couldnt get anything in the log. If you can tell me what to log and and which file, I will replicate the issue for you and provide the log here.

6 Reply by aadsi

  • aadsi
  • Member
  • Offline
  • Registered: 2014-11-06
  • Posts: 8

Re: Cannot change default password in Roundcube

I can confirm as well that a fresh install running only the iRedMail setup scripts on a Debian 11 system renders the above problem.

I added debugging for roundcube in roundcubemail/config/config.inc.php.

// system error reporting, sum of: 1 = log; 4 = show
$config['debug_level'] = 4;

// Log SQL queries
$config['sql_debug'] = true;

// Log IMAP conversation
$config['imap_debug'] = true;

// Log SMTP conversation
$config['smtp_debug'] = true;

What additional logging would you like enabled to capture why a stock install gives the error "Could not save password. Encryption Function Missing" when attempting to change a password through roundcube? Changing it from the iredmail works just fine.

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Cannot change default password in Roundcube

aadsi wrote:

What additional logging would you like enabled to capture why a stock install gives the error "Could not save password. Encryption Function Missing" when attempting to change a password through roundcube? Changing it from the iredmail works just fine.

It's confirmed by Dovecot developers in its own mailing list and fixed in newer Dovecot, but i guess linux distributions don't have the new Dovecot yet.