paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Dovecot] Remove logging of invalid sasl sessions

master
andryyy 2021-06-30 10:11:37 +02:00
parent 962e9a8be8
commit 13223245f2
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
data/Dockerfiles/dovecot/docker-entrypoint.sh
View File

@ -156,8 +156,8 @@ function auth_password_verify(req, pass)
while row do while row do
if req.password_verify(req, row.password, pass) == 1 then if req.password_verify(req, row.password, pass) == 1 then
cur:close() cur:close()
con:execute(string.format([[INSERT INTO sasl_logs (success, service, app_password, username, real_rip) con:execute(string.format([[INSERT INTO sasl_logs (service, app_password, username, real_rip)
VALUES (1, "%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip))) VALUES ("%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)))
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
end end
row = cur:fetch (row, "a") row = cur:fetch (row, "a")
@ -176,16 +176,13 @@ function auth_password_verify(req, pass)
while row do while row do
if req.password_verify(req, row.password, pass) == 1 then if req.password_verify(req, row.password, pass) == 1 then
cur:close() cur:close()
con:execute(string.format([[INSERT INTO sasl_logs (success, service, app_password, username, real_rip) con:execute(string.format([[INSERT INTO sasl_logs (service, app_password, username, real_rip)
VALUES (1, "%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip))) VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
end end
row = cur:fetch (row, "a") row = cur:fetch (row, "a")
end end
con:execute(string.format([[INSERT INTO sasl_logs (success, service, app_password, username, real_rip)
VALUES (0, "%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)))
return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate" return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
-- PoC -- PoC