首頁 探索 說明
登入
mirrors
/
mailcow-dockerized
镜像来自 https://github.com/mailcow/mailcow-dockerized
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

Fix mailcowauth

FreddleSpl0it 9 月之前
父節點
83e53eb524
當前提交
896a9638d6
共有 3 個文件被更改,包括 26 次插入6 次删除
分割檢視 顯示文件統計
  1. 21 2
      data/conf/dovecot/auth/mailcowauth.php
  2. 4 4
      data/web/inc/functions.ratelimit.inc.php
  3. 1 0
      docker-compose.yml

+ 21 - 2
data/conf/dovecot/auth/mailcowauth.php
查看文件 

@@ -22,6 +22,24 @@ if (file_exists('../../../web/inc/vars.local.inc.php')) {
 
 }
 
 require_once '../../../web/inc/lib/vendor/autoload.php';
 
 
+
 
+// Init Redis
 
+$redis = new Redis();
 
+try {
 
+  if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
 
+    $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
 
+  }
 
+  else {
 
+    $redis->connect('redis-mailcow', 6379);
 
+  }
 
+}
 
+catch (Exception $e) {
 
+  error_log("MAILCOWAUTH: " . $e . PHP_EOL);
 
+  http_response_code(500); // Internal Server Error
 
+  echo json_encode($return);
 
+  exit;
 
+}
 
+
 
 // Init database
 
 $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
 
 $opt = [
 
@@ -44,6 +62,8 @@ require_once 'functions.inc.php';
 
 require_once 'functions.auth.inc.php';
 
 require_once 'sessions.inc.php';
 
 require_once 'functions.mailbox.inc.php';
 
+require_once 'functions.ratelimit.inc.php';
 
+require_once 'functions.acl.inc.php';
 
 
 
 $isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
 
@@ -69,8 +89,7 @@ if ($result === false){
 
   // Init Identity Provider
 
   $iam_provider = identity_provider('init');
 
   $iam_settings = identity_provider('get');
 
-  error_log('MAILCOWAUTH Try: User auth for user ' . $post['username']);
 
-  $result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
 
+  $result = user_login($post['username'], $post['password'], array('is_internal' => true));
 
   if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
 
 }

+ 4 - 4
data/web/inc/functions.ratelimit.inc.php
查看文件 

@@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
 
               );

               continue;

             }

-            if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)

-                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['hasAccess']) {

+            if (((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)

+                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin'))) && !$_extra['hasAccess']) {

               $_SESSION['return'][] = array(

                 'type' => 'danger',

                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

@@ -139,7 +139,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
 
     case 'get':

       switch ($_scope) {

         case 'domain':

-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {

+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data) && !$_extra['hasAccess']) {

             return false;

           }

           try {

@@ -164,7 +164,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
 
           return false;

         break;

         case 'mailbox':

-          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)

+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data && !$_extra['hasAccess'])

             || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {

             return false;

           }

+ 1 - 0
docker-compose.yml
查看文件 

@@ -127,6 +127,7 @@ services:
 
         - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
 
         - ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
 
         - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
 
+        - ./data/web/inc/functions.acl.inc.php:/mailcowauth/functions.acl.inc.php:z
 
         - rspamd-vol-1:/var/lib/rspamd
 
         - mysql-socket-vol-1:/var/run/mysqld/
 
         - ./data/conf/sogo/:/etc/sogo/:z