1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-23 02:04:46 +02:00

[Dovecot] move sogo sso to mailcowauth.php

This commit is contained in:
FreddleSpl0it 2024-02-26 13:10:08 +01:00
parent 010d898786
commit 6928eb632e
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
4 changed files with 16 additions and 14 deletions

View File

@ -200,13 +200,6 @@ EOF
# Create random master Password for SOGo SSO # Create random master Password for SOGo SSO
RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1) RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
cat <<EOF > /etc/dovecot/sogo-sso.conf
# Autogenerated by mailcow
passdb {
driver = static
args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
}
EOF
if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then
# Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated # Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated

View File

@ -45,20 +45,30 @@ require_once 'functions.auth.inc.php';
require_once 'sessions.inc.php'; require_once 'sessions.inc.php';
require_once 'functions.mailbox.inc.php'; require_once 'functions.mailbox.inc.php';
// Init provider
$iam_provider = identity_provider('init');
$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
$result = false;
$protocol = $post['protocol']; $protocol = $post['protocol'];
if ($post['real_rip'] == getenv('IPV4_NETWORK') . '.248') { if ($isSOGoRequest) {
$protocol = null; $protocol = null;
// This is a SOGo Auth request. First check for SSO password.
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
if ($sogo_sso_pass === $post['password']){
error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
$result = true;
}
} }
$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
if ($result === false){ if ($result === false){
$result = apppass_login($post['username'], $post['password'], $protocol, array( $result = apppass_login($post['username'], $post['password'], $protocol, array(
'is_internal' => true, 'is_internal' => true,
'remote_addr' => $post['real_rip'] 'remote_addr' => $post['real_rip']
)); ));
if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
}
if ($result === false){
$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
} }
if ($result) { if ($result) {

View File

@ -303,7 +303,6 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
!include_try /etc/dovecot/sni.conf !include_try /etc/dovecot/sni.conf
!include_try /etc/dovecot/sogo_trusted_ip.conf !include_try /etc/dovecot/sogo_trusted_ip.conf
!include_try /etc/dovecot/extra.conf !include_try /etc/dovecot/extra.conf
!include_try /etc/dovecot/sogo-sso.conf
!include_try /etc/dovecot/shared_namespace.conf !include_try /etc/dovecot/shared_namespace.conf
# </Includes> # </Includes>
default_client_limit = 10400 default_client_limit = 10400

View File

@ -237,7 +237,7 @@ services:
- sogo - sogo
dovecot-mailcow: dovecot-mailcow:
image: mailcow/dovecot:nightly-20240208 image: mailcow/dovecot:nightly-20240226
depends_on: depends_on:
- mysql-mailcow - mysql-mailcow
- netfilter-mailcow - netfilter-mailcow