From 6a1cac63e88d3d7a512dc10a148ba787f66cf265 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Tue, 8 Aug 2023 10:13:14 +0200 Subject: [PATCH] [Dovecot] remove passwd-verify.lua generation --- .gitignore | 1 - data/Dockerfiles/dovecot/docker-entrypoint.sh | 46 ------------------- data/conf/dovecot/auth/passwd-verify.lua | 42 +++++++++++++++++ 3 files changed, 42 insertions(+), 47 deletions(-) create mode 100644 data/conf/dovecot/auth/passwd-verify.lua diff --git a/.gitignore b/.gitignore index 4b4e174c..c65ba8df 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,6 @@ data/conf/dovecot/extra.conf data/conf/dovecot/global_sieve_* data/conf/dovecot/last_login data/conf/dovecot/lua -data/conf/dovecot/auth/passwd-verify.lua data/conf/dovecot/mail_plugins* data/conf/dovecot/shared_namespace.conf data/conf/dovecot/sni.conf diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index 6bd18fed..d9e2d2a8 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -128,52 +128,6 @@ user_query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format iterate_query = SELECT username FROM mailbox WHERE active = '1' OR active = '2'; EOF -cat < /etc/dovecot/auth/passwd-verify.lua -function auth_password_verify(request, password) - if request.domain == nil then - return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user" - end - - json = require "json" - ltn12 = require "ltn12" - https = require "ssl.https" - https.TIMEOUT = 5 - - local req = { - username = request.user, - password = password, - real_rip = request.real_rip, - protocol = {} - } - req.protocol[request.service] = true - local req_json = json.encode(req) - local res = {} - - local b, c = https.request { - method = "POST", - url = "https://nginx:9082", - source = ltn12.source.string(req_json), - headers = { - ["content-type"] = "application/json", - ["content-length"] = tostring(#req_json) - }, - sink = ltn12.sink.table(res), - insecure = true - } - local api_response = json.decode(table.concat(res)) - if api_response.success == true then - return dovecot.auth.PASSDB_RESULT_OK, "" - end - - return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate" -end - -function auth_passdb_lookup(req) - return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "" -end -EOF - - # Migrate old sieve_after file [[ -f /etc/dovecot/sieve_after ]] && mv /etc/dovecot/sieve_after /etc/dovecot/global_sieve_after # Create global sieve scripts diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua new file mode 100644 index 00000000..cb2e928d --- /dev/null +++ b/data/conf/dovecot/auth/passwd-verify.lua @@ -0,0 +1,42 @@ +function auth_password_verify(request, password) + if request.domain == nil then + return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user" + end + + json = require "cjson" + ltn12 = require "ltn12" + https = require "ssl.https" + https.TIMEOUT = 5 + + local req = { + username = request.user, + password = password, + real_rip = request.real_rip, + protocol = {} + } + req.protocol[request.service] = true + local req_json = json.encode(req) + local res = {} + + local b, c = https.request { + method = "POST", + url = "https://nginx:9082", + source = ltn12.source.string(req_json), + headers = { + ["content-type"] = "application/json", + ["content-length"] = tostring(#req_json) + }, + sink = ltn12.sink.table(res), + insecure = true + } + local api_response = json.decode(table.concat(res)) + if api_response.success == true then + return dovecot.auth.PASSDB_RESULT_OK, "" + end + + return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate" +end + +function auth_passdb_lookup(req) + return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "" +end