Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Tree: e2cf22ff9e
Branches Tags
mailcow-dockeri...
/
data
/
conf
/
dovecot
/
auth
/
mailcowauth.php

mailcowauth.php 3.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 
  1. <?php
    2. 

  2. ini_set('error_reporting', 0);
    3. 

  3. header('Content-Type: application/json');
    4. 

  4. 

  5. $post = trim(file_get_contents('php://input'));
    6. 

  6. if ($post) {
    7. 

  7.   $post = json_decode($post, true);
    8. 

  8. }
    9. 

  9. 

  10. 

  11. $return = array("success" => false);
    12. 

  12. if(!isset($post['username']) || !isset($post['password']) || !isset($post['real_rip'])){
    13. 

  13.   error_log("MAILCOWAUTH: Bad Request");
    14. 

  14.   http_response_code(400); // Bad Request
    15. 

  15.   echo json_encode($return);
    16. 

  16.   exit();
    17. 

  17. }
    18. 

  18. 

  19. require_once('../../../web/inc/vars.inc.php');
    20. 

  20. if (file_exists('../../../web/inc/vars.local.inc.php')) {
    21. 

  21.   include_once('../../../web/inc/vars.local.inc.php');
    22. 

  22. }
    23. 

  23. require_once '../../../web/inc/lib/vendor/autoload.php';
    24. 

  24. 

  25. 

  26. // Init Redis
    27. 

  27. $redis = new Redis();
    28. 

  28. try {
    29. 

  29.   if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
    30. 

  30.     $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
    31. 

  31.   }
    32. 

  32.   else {
    33. 

  33.     $redis->connect('redis-mailcow', 6379);
    34. 

  34.   }
    35. 

  35.   $redis->auth(getenv("REDISPASS"));
    36. 

  36. }
    37. 

  37. catch (Exception $e) {
    38. 

  38.   error_log("MAILCOWAUTH: " . $e . PHP_EOL);
    39. 

  39.   http_response_code(500); // Internal Server Error
    40. 

  40.   echo json_encode($return);
    41. 

  41.   exit;
    42. 

  42. }
    43. 

  43. 

  44. // Init database
    45. 

  45. $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
    46. 

  46. $opt = [
    47. 

  47.     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    48. 

  48.     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    49. 

  49.     PDO::ATTR_EMULATE_PREPARES   => false,
    50. 

  50. ];
    51. 

  51. try {
    52. 

  52.   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
    53. 

  53. }
    54. 

  54. catch (PDOException $e) {
    55. 

  55.   error_log("MAILCOWAUTH: " . $e . PHP_EOL);
    56. 

  56.   http_response_code(500); // Internal Server Error
    57. 

  57.   echo json_encode($return);
    58. 

  58.   exit;
    59. 

  59. }
    60. 

  60. 

  61. // Load core functions first
    62. 

  62. require_once 'functions.inc.php';
    63. 

  63. require_once 'functions.auth.inc.php';
    64. 

  64. require_once 'sessions.inc.php';
    65. 

  65. require_once 'functions.mailbox.inc.php';
    66. 

  66. require_once 'functions.ratelimit.inc.php';
    67. 

  67. require_once 'functions.acl.inc.php';
    68. 

  68. 

  69. 

  70. $isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
    71. 

  71. $result = false;
    72. 

  72. $protocol = $post['protocol'];
    73. 

  73. if ($isSOGoRequest) {
    74. 

  74.   $protocol = null;
    75. 

  75.   // This is a SOGo Auth request. First check for SSO password.
    76. 

  76.   $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
    77. 

  77.   if ($sogo_sso_pass === $post['password']){
    78. 

  78.     error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
    79. 

  79.     $result = true;
    80. 

  80.   }
    81. 

  81. }
    82. 

  82. if ($result === false){
    83. 

  83.   $result = apppass_login($post['username'], $post['password'], $protocol, array(
    84. 

  84.     'is_internal' => true,
    85. 

  85.     'remote_addr' => $post['real_rip']
    86. 

  86.   ));
    87. 

  87.   if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
    88. 

  88. }
    89. 

  89. if ($result === false){
    90. 

  90.   // Init Identity Provider
    91. 

  91.   $iam_provider = identity_provider('init');
    92. 

  92.   $iam_settings = identity_provider('get');
    93. 

  93.   $result = user_login($post['username'], $post['password'], array('is_internal' => true));
    94. 

  94.   if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
    95. 

  95. }
    96. 

  96. 

  97. if ($result) {
    98. 

  98.   http_response_code(200); // OK
    99. 

  99.   $return['success'] = true;
    100. 

  100. } else {
    101. 

  101.   error_log("MAILCOWAUTH: Login failed for user " . $post['username']);
    102. 

  102.   http_response_code(401); // Unauthorized
    103. 

  103. }
    104. 

  104. 

  105. 

  106. echo json_encode($return);
    107. 

  107. session_destroy();
    108. 

  108. exit;
    109.