1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-12 10:45:14 +02:00

[Dovecot, Web] Fix remaining issues of app password enhancements from #4296

This commit is contained in:
andryyy 2021-10-30 14:34:33 +02:00
parent 644b1f85d1
commit f0aae22f77
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
3 changed files with 7 additions and 3 deletions

View File

@ -177,7 +177,11 @@ function auth_password_verify(req, pass)
while row do
if req.password_verify(req, row.password, pass) == 1 then
-- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed
if tostring(req.real_ip) == "__IPV4_SOGO__" or row.has_prot_access == "1" then
if tostring(req.real_rip) == "__IPV4_SOGO__" then
cur:close()
con:close()
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
if row.has_prot_access == "1" then
con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
cur:close()

View File

@ -944,7 +944,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
':service' => $service,
':app_id' => $row['app_passwd_id'],
':username' => $user,
':remote_addr' => $_SERVER['REMOTE_ADDR']
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
));
}
return "user";

View File

@ -57,7 +57,7 @@ elseif (isset($_GET['login'])) {
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)");
$stmt->execute(array(
':username' => $login,
':remote_addr' => $_SERVER['REMOTE_ADDR']
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
));
// redirect to sogo (sogo will get the correct credentials via nginx auth_request
header("Location: /SOGo/so/${login}");