mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-23 02:04:46 +02:00
[Dovecot] move sogo sso to mailcowauth.php
This commit is contained in:
parent
010d898786
commit
6928eb632e
@ -200,13 +200,6 @@ EOF
|
|||||||
# Create random master Password for SOGo SSO
|
# Create random master Password for SOGo SSO
|
||||||
RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
|
RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
|
||||||
echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
|
echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
|
||||||
cat <<EOF > /etc/dovecot/sogo-sso.conf
|
|
||||||
# Autogenerated by mailcow
|
|
||||||
passdb {
|
|
||||||
driver = static
|
|
||||||
args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then
|
if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then
|
||||||
# Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated
|
# Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated
|
||||||
|
@ -45,20 +45,30 @@ require_once 'functions.auth.inc.php';
|
|||||||
require_once 'sessions.inc.php';
|
require_once 'sessions.inc.php';
|
||||||
require_once 'functions.mailbox.inc.php';
|
require_once 'functions.mailbox.inc.php';
|
||||||
|
|
||||||
// Init provider
|
|
||||||
$iam_provider = identity_provider('init');
|
|
||||||
|
|
||||||
|
|
||||||
|
$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
|
||||||
|
$result = false;
|
||||||
$protocol = $post['protocol'];
|
$protocol = $post['protocol'];
|
||||||
if ($post['real_rip'] == getenv('IPV4_NETWORK') . '.248') {
|
if ($isSOGoRequest) {
|
||||||
$protocol = null;
|
$protocol = null;
|
||||||
|
// This is a SOGo Auth request. First check for SSO password.
|
||||||
|
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||||
|
if ($sogo_sso_pass === $post['password']){
|
||||||
|
error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
|
||||||
|
$result = true;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
|
|
||||||
if ($result === false){
|
if ($result === false){
|
||||||
$result = apppass_login($post['username'], $post['password'], $protocol, array(
|
$result = apppass_login($post['username'], $post['password'], $protocol, array(
|
||||||
'is_internal' => true,
|
'is_internal' => true,
|
||||||
'remote_addr' => $post['real_rip']
|
'remote_addr' => $post['real_rip']
|
||||||
));
|
));
|
||||||
|
if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
|
||||||
|
}
|
||||||
|
if ($result === false){
|
||||||
|
$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
|
||||||
|
if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($result) {
|
if ($result) {
|
||||||
|
@ -303,7 +303,6 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
|
|||||||
!include_try /etc/dovecot/sni.conf
|
!include_try /etc/dovecot/sni.conf
|
||||||
!include_try /etc/dovecot/sogo_trusted_ip.conf
|
!include_try /etc/dovecot/sogo_trusted_ip.conf
|
||||||
!include_try /etc/dovecot/extra.conf
|
!include_try /etc/dovecot/extra.conf
|
||||||
!include_try /etc/dovecot/sogo-sso.conf
|
|
||||||
!include_try /etc/dovecot/shared_namespace.conf
|
!include_try /etc/dovecot/shared_namespace.conf
|
||||||
# </Includes>
|
# </Includes>
|
||||||
default_client_limit = 10400
|
default_client_limit = 10400
|
||||||
|
@ -237,7 +237,7 @@ services:
|
|||||||
- sogo
|
- sogo
|
||||||
|
|
||||||
dovecot-mailcow:
|
dovecot-mailcow:
|
||||||
image: mailcow/dovecot:nightly-20240208
|
image: mailcow/dovecot:nightly-20240226
|
||||||
depends_on:
|
depends_on:
|
||||||
- mysql-mailcow
|
- mysql-mailcow
|
||||||
- netfilter-mailcow
|
- netfilter-mailcow
|
||||||
|
Loading…
Reference in New Issue
Block a user