1 日前 · 08aea7fb26
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -86,7 +86,7 @@ if ($result === false){
 
				     'remote_addr' => $post['real_rip']
			
 
				   ));
			
 
				   if ($result) {
			
 
				-    error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
			
 
				+    error_log('MAILCOWAUTH: App auth for user ' . $post['username'] . " with service " . $post['service'] . " from IP " . $post['real_rip']);
			
 
				     set_sasl_log($post['username'], $post['real_rip'], $post['service']);
			
 
				   }
			
 
				 }
			
@@ -94,9 +94,9 @@ if ($result === false){
 
				   // Init Identity Provider
			
 
				   $iam_provider = identity_provider('init');
			
 
				   $iam_settings = identity_provider('get');
			
 
				-  $result = user_login($post['username'], $post['password'], array('is_internal' => true));
			
 
				+  $result = user_login($post['username'], $post['password'], array('is_internal' => true, 'service' => $post['service']));
			
 
				   if ($result) {
			
 
				-    error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
			
 
				+    error_log('MAILCOWAUTH: User auth for user ' . $post['username'] . " with service " . $post['service'] . " from IP " . $post['real_rip']);
			
 
				     set_sasl_log($post['username'], $post['real_rip'], $post['service']);
			
 
				   }
			
 
				 }
			
@@ -105,7 +105,7 @@ if ($result) {
 
				   http_response_code(200); // OK
			
 
				   $return['success'] = true;
			
 
				 } else {
			
 
				-  error_log("MAILCOWAUTH: Login failed for user " . $post['username']);
			
 
				+  error_log("MAILCOWAUTH: Login failed for user " . $post['username'] . " with service " . $post['service'] . " from IP " . $post['real_rip']);
			
 
				   http_response_code(401); // Unauthorized
			
 
				 }
			
 
				 
			
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -193,6 +193,7 @@ function user_login($user, $pass, $extra = null){
 
				   global $iam_settings;
			
 
				 
			
 
				   $is_internal = $extra['is_internal'];
			
 
				+  $service = $extra['service'];
			
 
				 
			
 
				   if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
			
 
				     if (!$is_internal){
			
@@ -235,6 +236,14 @@ function user_login($user, $pass, $extra = null){
 
				       $row = $stmt->fetch(PDO::FETCH_ASSOC);
			
 
				 
			
 
				       if (!empty($row)) {
			
 
				+        // check if user has access to service (imap, smtp, pop3, sieve) if service is set
			
 
				+        $row['attributes'] = json_decode($row['attributes'], true);
			
 
				+        if (isset($service)) {
			
 
				+          $key = strtolower($service) . "_access";
			
 
				+          if (isset($row['attributes'][$key]) && $row['attributes'][$key] != '1') {
			
 
				+            return false;
			
 
				+          }
			
 
				+        }
			
 
				         return true;
			
 
				       }
			
 
				     }
			
@@ -242,7 +251,14 @@ function user_login($user, $pass, $extra = null){
 
				     return false;
			
 
				   }
			
 
				 
			
 
				+  // check if user has access to service (imap, smtp, pop3, sieve) if service is set
			
 
				   $row['attributes'] = json_decode($row['attributes'], true);
			
 
				+  if (isset($service)) {
			
 
				+    $key = strtolower($service) . "_access";
			
 
				+    if (isset($row['attributes'][$key]) && $row['attributes'][$key] != '1') {
			
 
				+      return false;
			
 
				+    }
			
 
				+  }
			
 
				   switch ($row['authsource']) {
			
 
				     case 'keycloak':
			
 
				       // user authsource is keycloak, try using via rest flow