rework auth - move dovecot sasl log to php

2023-07-30 10:07:56 +02:00
parent 35d384d32d
commit 00e3339c0e
3 changed files with 236 additions and 223 deletions
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -1,4 +1,5 @@
 <?php
+ini_set('error_reporting', 0);
 header('Content-Type: application/json');

 $post = trim(file_get_contents('php://input'));
@@ -6,8 +7,11 @@ if ($post) {
  $post = json_decode($post, true);
 }

-$return = array("success" => false, "role" => false);
-if(!isset($post['username']) || !isset($post['password'])){
+
+$return = array("success" => false);
+if(!isset($post['username']) || !isset($post['password']) || !isset($post['real_rip'])){
+  error_log("MAILCOWAUTH: Bad Request");
+  http_response_code(400); // Bad Request
  echo json_encode($return); 
  exit();
 }
@@ -18,9 +22,7 @@ if (file_exists('../../../web/inc/vars.local.inc.php')) {
 }
 require_once '../../../web/inc/lib/vendor/autoload.php';

-ini_set('error_reporting', 0);
 // Init database
-//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
 $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
 $opt = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
@@ -31,7 +33,8 @@ try {
  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 }
 catch (PDOException $e) {
-  $return = array("success" => false, "role" => '');
+  error_log("MAILCOWAUTH: " . $e . PHP_EOL);
+  http_response_code(500); // Internal Server Error
  echo json_encode($return); 
  exit;
 }
@@ -44,12 +47,28 @@ require_once 'sessions.inc.php';
 // Init provider
 $iam_provider = identity_provider('init');

-$result = check_login($post['username'], $post['password'], $post['protocol'], true);
-if ($result) {
-  $return = array("success" => true, "role" => $result);
-} else {
-  $return = array("success" => false, "role" => '');
+
+$protocol = $post['protocol'];
+if ($post['real_rip'] == getenv('IPV4_NETWORK') . '.248') {
+  $protocol = null;
+}
+$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
+if ($result === false){
+  $result = apppass_login($post['username'], $post['password'], $protocol, array(
+    'is_internal' => true,
+    'remote_addr' => $post['real_rip']
+  ));
 }

+if ($result) {
+  http_response_code(200); // OK
+  $return['success'] = true;
+} else {
+  error_log("MAILCOWAUTH: Login failed for user " . $post['username']);
+  http_response_code(401); // Unauthorized
+}
+
+
 echo json_encode($return); 
+session_destroy();
 exit;