Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Dovecot] Check protocol access in LUA API, remove postlogin script

andryyy 4 years ago
parent
3ffd39dae5
commit
f7bbbde8c9
3 changed files with 8 additions and 9 deletions
Split View Show Diff Stats
  1. 0 1
      data/Dockerfiles/dovecot/Dockerfile
  2. 8 5
      data/Dockerfiles/dovecot/docker-entrypoint.sh
  3. 0 3
      data/Dockerfiles/dovecot/postlogin.sh

+ 0 - 1
data/Dockerfiles/dovecot/Dockerfile
View File 

@@ -113,7 +113,6 @@ COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
 
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
 COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
 
 COPY imapsync /usr/local/bin/imapsync
 
-COPY postlogin.sh /usr/local/bin/postlogin.sh
 
 COPY imapsync_runner.pl /usr/local/bin/imapsync_runner.pl
 
 COPY report-spam.sieve /usr/lib/dovecot/sieve/report-spam.sieve
 
 COPY report-ham.sieve /usr/lib/dovecot/sieve/report-ham.sieve

+ 8 - 5
data/Dockerfiles/dovecot/docker-entrypoint.sh
View File 

@@ -158,7 +158,8 @@ function auth_password_verify(req, pass)
 
   local cur,errorString = con:execute(string.format([[SELECT password FROM mailbox
 
     WHERE username = '%s'
 
       AND active = '1'
 
-      AND domain IN (SELECT domain FROM domain WHERE domain='%s' AND active='1')]], con:escape(req.user), con:escape(req.domain)))
 
+      AND domain IN (SELECT domain FROM domain WHERE domain='%s' AND active='1')
 
+      AND IFNULL(JSON_UNQUOTE(JSON_VALUE(attributes, '$.%s_access')), 1) = '1']], con:escape(req.user), con:escape(req.domain), con:escape(req.service)))
 
   local row = cur:fetch ({}, "a")
 
   while row do
 
     if req.password_verify(req, row.password, pass) == 1 then
 
@@ -171,10 +172,13 @@ function auth_password_verify(req, pass)
 
   end
 
 
   -- check against app passwds
 
-  local cur,errorString = con:execute(string.format([[SELECT id, password FROM app_passwd
 
+  local cur,errorString = con:execute(string.format([[SELECT app_passwd.id, app_passwd.password FROM app_passwd
 
+    INNER JOIN mailbox ON mailbox.username = app_passwd.mailbox
 
     WHERE mailbox = '%s'
 
-      AND active = '1'
 
-      AND domain IN (SELECT domain FROM domain WHERE domain='%s' AND active='1')]], con:escape(req.user), con:escape(req.domain)))
 
+      AND IFNULL(JSON_UNQUOTE(JSON_VALUE(mailbox.attributes, '$.%s_access')), 1) = '1'
 
+      AND app_passwd.active = '1'
 
+      AND mailbox.active = '1'
 
+      AND app_passwd.domain IN (SELECT domain FROM domain WHERE domain='%s' AND active='1')]], con:escape(req.user), con:escape(req.service), con:escape(req.domain)))
 
   local row = cur:fetch ({}, "a")
 
   while row do
 
     if req.password_verify(req, row.password, pass) == 1 then
 
@@ -360,7 +364,6 @@ chown root:tty /dev/console
 
 chmod +x /usr/lib/dovecot/sieve/rspamd-pipe-ham \
 
   /usr/lib/dovecot/sieve/rspamd-pipe-spam \
 
   /usr/local/bin/imapsync_runner.pl \
 
-  /usr/local/bin/postlogin.sh \
 
   /usr/local/bin/imapsync \
 
   /usr/local/bin/trim_logs.sh \
 
   /usr/local/bin/sa-rules.sh \

+ 0 - 3
data/Dockerfiles/dovecot/postlogin.sh
View File 

@@ -1,3 +0,0 @@
 
-#!/bin/sh
 
-export MASTER_USER=$USER
 
-exec "$@"