impl mailcow git support
This commit is contained in:
rnsrk
parent
385a7a5302
commit
4fd6bfddd6
23 changed files with 238 additions and 83 deletions
|
|
@ -69,29 +69,34 @@ require_once 'functions.acl.inc.php';
|
|||
|
||||
$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
|
||||
$result = false;
|
||||
$protocol = $post['protocol'];
|
||||
if ($isSOGoRequest) {
|
||||
$protocol = null;
|
||||
// This is a SOGo Auth request. First check for SSO password.
|
||||
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||
if ($sogo_sso_pass === $post['password']){
|
||||
error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
|
||||
set_sasl_log($post['username'], $post['real_rip'], "SOGO");
|
||||
$result = true;
|
||||
}
|
||||
}
|
||||
if ($result === false){
|
||||
$result = apppass_login($post['username'], $post['password'], $protocol, array(
|
||||
$result = apppass_login($post['username'], $post['password'], array($post['service'] => true), array(
|
||||
'is_internal' => true,
|
||||
'remote_addr' => $post['real_rip']
|
||||
));
|
||||
if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
|
||||
if ($result) {
|
||||
error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
|
||||
set_sasl_log($post['username'], $post['real_rip'], $post['service']);
|
||||
}
|
||||
}
|
||||
if ($result === false){
|
||||
// Init Identity Provider
|
||||
$iam_provider = identity_provider('init');
|
||||
$iam_settings = identity_provider('get');
|
||||
$result = user_login($post['username'], $post['password'], array('is_internal' => true));
|
||||
if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
|
||||
if ($result) {
|
||||
error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
|
||||
set_sasl_log($post['username'], $post['real_rip'], $post['service']);
|
||||
}
|
||||
}
|
||||
|
||||
if ($result) {
|
||||
|
|
|
|||
|
|
@ -3,21 +3,20 @@ function auth_password_verify(request, password)
|
|||
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
|
||||
end
|
||||
|
||||
json = require "cjson"
|
||||
ltn12 = require "ltn12"
|
||||
https = require "ssl.https"
|
||||
https.TIMEOUT = 5
|
||||
local json = require "cjson"
|
||||
local ltn12 = require "ltn12"
|
||||
local https = require "ssl.https"
|
||||
https.TIMEOUT = 30
|
||||
|
||||
local req = {
|
||||
username = request.user,
|
||||
password = password,
|
||||
real_rip = request.real_rip,
|
||||
protocol = {}
|
||||
service = request.service
|
||||
}
|
||||
req.protocol[request.service] = true
|
||||
local req_json = json.encode(req)
|
||||
local res = {}
|
||||
|
||||
local res = {}
|
||||
|
||||
local b, c = https.request {
|
||||
method = "POST",
|
||||
url = "https://nginx:9082",
|
||||
|
|
@ -29,11 +28,17 @@ function auth_password_verify(request, password)
|
|||
sink = ltn12.sink.table(res),
|
||||
insecure = true
|
||||
}
|
||||
|
||||
if c ~= 200 then
|
||||
dovecot.i_info("HTTP request failed with " .. c .. " for user " .. request.user)
|
||||
return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Upstream error"
|
||||
end
|
||||
|
||||
local api_response = json.decode(table.concat(res))
|
||||
if api_response.success == true then
|
||||
return dovecot.auth.PASSDB_RESULT_OK, ""
|
||||
end
|
||||
|
||||
|
||||
return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue