self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-02 03:38:23 +02:00
Code Issues Releases Activity

Fix mailcowauth

Browse Source
This commit is contained in:
FreddleSpl0it 2024-12-02 14:16:43 +01:00
parent 83e53eb524
commit 896a9638d6
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
3 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
data/conf/dovecot/auth/mailcowauth.php
View File

@ -22,6 +22,24 @@ if (file_exists('../../../web/inc/vars.local.inc.php')) {
} }
require_once '../../../web/inc/lib/vendor/autoload.php'; require_once '../../../web/inc/lib/vendor/autoload.php';
// Init Redis
$redis = new Redis();
try {
if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
$redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
}
else {
$redis->connect('redis-mailcow', 6379);
}
}
catch (Exception $e) {
error_log("MAILCOWAUTH: " . $e . PHP_EOL);
http_response_code(500); // Internal Server Error
echo json_encode($return);
exit;
}
// Init database // Init database
$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name; $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
$opt = [ $opt = [
@ -44,6 +62,8 @@ require_once 'functions.inc.php';
require_once 'functions.auth.inc.php'; require_once 'functions.auth.inc.php';
require_once 'sessions.inc.php'; require_once 'sessions.inc.php';
require_once 'functions.mailbox.inc.php'; require_once 'functions.mailbox.inc.php';
require_once 'functions.ratelimit.inc.php';
require_once 'functions.acl.inc.php';
$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248'; $isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
@ -69,8 +89,7 @@ if ($result === false){
// Init Identity Provider // Init Identity Provider
$iam_provider = identity_provider('init'); $iam_provider = identity_provider('init');
$iam_settings = identity_provider('get'); $iam_settings = identity_provider('get');
error_log('MAILCOWAUTH Try: User auth for user ' . $post['username']); $result = user_login($post['username'], $post['password'], array('is_internal' => true));
$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']); if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
} }

8
data/web/inc/functions.ratelimit.inc.php
View File

@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
); );
continue; continue;
} }
if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) if (((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
|| ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['hasAccess']) { || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin'))) && !$_extra['hasAccess']) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
@ -139,7 +139,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
case 'get': case 'get':
switch ($_scope) { switch ($_scope) {
case 'domain': case 'domain':
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data) && !$_extra['hasAccess']) {
return false; return false;
} }
try { try {
@ -164,7 +164,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
return false; return false;
break; break;
case 'mailbox': case 'mailbox':
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data) if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data && !$_extra['hasAccess'])
|| ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) { || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
return false; return false;
} }

1
docker-compose.yml
View File

@ -127,6 +127,7 @@ services:
- ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
- ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z - ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
- ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
- ./data/web/inc/functions.acl.inc.php:/mailcowauth/functions.acl.inc.php:z
- rspamd-vol-1:/var/lib/rspamd - rspamd-vol-1:/var/lib/rspamd
- mysql-socket-vol-1:/var/run/mysqld/ - mysql-socket-vol-1:/var/run/mysqld/
- ./data/conf/sogo/:/etc/sogo/:z - ./data/conf/sogo/:/etc/sogo/:z