diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index fef099cc6..1f6a7dc22 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -200,13 +200,6 @@ EOF # Create random master Password for SOGo SSO RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1) echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass -cat < /etc/dovecot/sogo-sso.conf -# Autogenerated by mailcow -passdb { - driver = static - args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS} -} -EOF if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then # Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php index d2da46598..2c3c01b30 100644 --- a/data/conf/dovecot/auth/mailcowauth.php +++ b/data/conf/dovecot/auth/mailcowauth.php @@ -45,20 +45,30 @@ require_once 'functions.auth.inc.php'; require_once 'sessions.inc.php'; require_once 'functions.mailbox.inc.php'; -// Init provider -$iam_provider = identity_provider('init'); - +$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248'; +$result = false; $protocol = $post['protocol']; -if ($post['real_rip'] == getenv('IPV4_NETWORK') . '.248') { +if ($isSOGoRequest) { $protocol = null; + // This is a SOGo Auth request. First check for SSO password. + $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass"); + if ($sogo_sso_pass === $post['password']){ + error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']); + $result = true; + } + } -$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true)); if ($result === false){ $result = apppass_login($post['username'], $post['password'], $protocol, array( 'is_internal' => true, 'remote_addr' => $post['real_rip'] )); + if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']); +} +if ($result === false){ + $result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true)); + if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']); } if ($result) { diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index c61d9a1b6..e14c445fd 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -303,7 +303,6 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX !include_try /etc/dovecot/sni.conf !include_try /etc/dovecot/sogo_trusted_ip.conf !include_try /etc/dovecot/extra.conf -!include_try /etc/dovecot/sogo-sso.conf !include_try /etc/dovecot/shared_namespace.conf # default_client_limit = 10400 diff --git a/docker-compose.yml b/docker-compose.yml index ea8f7feb7..f882d94a2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -237,7 +237,7 @@ services: - sogo dovecot-mailcow: - image: mailcow/dovecot:nightly-20240208 + image: mailcow/dovecot:nightly-20240226 depends_on: - mysql-mailcow - netfilter-mailcow