Allow setting ACL_ANYONE in the configuration

master
Markus Heberling 2018-11-18 13:31:09 +01:00
parent d627934bd9
commit 4755bb323b
6 changed files with 30 additions and 4 deletions

1
.gitignore vendored
View File

@ -20,6 +20,7 @@ data/conf/rspamd/override.d/*
data/conf/nginx/*.conf data/conf/nginx/*.conf
data/conf/nginx/*.custom data/conf/nginx/*.custom
data/conf/nginx/*.bak data/conf/nginx/*.bak
data/conf/dovecot/acl_anyone
data/conf/dovecot/extra.conf data/conf/dovecot/extra.conf
data/conf/rspamd/custom/* data/conf/rspamd/custom/*
data/conf/portainer/ data/conf/portainer/

View File

@ -85,6 +85,7 @@ map {
} }
EOF EOF
echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone
# Create userdb dict for Dovecot # Create userdb dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf

View File

@ -204,9 +204,17 @@ sed -i \
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common/Common.app.js \ /usr/lib/GNUstep/SOGo/WebServerResources/js/Common/Common.app.js \
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common.js /usr/lib/GNUstep/SOGo/WebServerResources/js/Common.js
# Patch ACLs (comment this out to enable any or authenticated targets for ACL) # Patch ACLs
if [[ ${ACL_ANYONE} == 'allow' ]]; then
#enable any or authenticated targets for ACL
if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
fi
else
#disable any or authenticated targets for ACL
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff; patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
fi fi
fi
exec gosu sogo /usr/sbin/sogod exec gosu sogo /usr/sbin/sogod

View File

@ -275,7 +275,7 @@ protocol sieve {
} }
plugin { plugin {
# Allow "any" or "authenticated" to be used in ACLs # Allow "any" or "authenticated" to be used in ACLs
#acl_anyone = allow acl_anyone = </usr/local/etc/dovecot/acl_anyone
acl_shared_dict = file:/var/vmail/shared-mailboxes.db acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile acl = vfile
quota = dict:Userquota::proxy::sqlquota quota = dict:Userquota::proxy::sqlquota

View File

@ -147,6 +147,7 @@ services:
- TZ=${TZ} - TZ=${TZ}
- LOG_LINES=${LOG_LINES:-9999} - LOG_LINES=${LOG_LINES:-9999}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
- ACL_ANYONE=${ACL_ANYONE:-disallow}
volumes: volumes:
- ./data/conf/sogo/:/etc/sogo/ - ./data/conf/sogo/:/etc/sogo/
- ./data/web/inc/init_db.inc.php:/init_db.inc.php - ./data/web/inc/init_db.inc.php:/init_db.inc.php
@ -183,6 +184,7 @@ services:
- DBPASS=${DBPASS} - DBPASS=${DBPASS}
- TZ=${TZ} - TZ=${TZ}
- MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440} - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440}
- ACL_ANYONE=${ACL_ANYONE:-disallow}
ports: ports:
- "${DOVEADM_PORT:-127.0.0.1:19991}:12345" - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
- "${IMAP_PORT:-143}:143" - "${IMAP_PORT:-143}:143"

View File

@ -121,6 +121,7 @@ CONFIG_ARRAY=(
"API_KEY" "API_KEY"
"API_ALLOW_FROM" "API_ALLOW_FROM"
"MAILDIR_GC_TIME" "MAILDIR_GC_TIME"
"ACL_ANYONE"
) )
sed -i '$a\' mailcow.conf sed -i '$a\' mailcow.conf
@ -202,6 +203,19 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# Check interval is hourly' >> mailcow.conf echo '# Check interval is hourly' >> mailcow.conf
echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
fi fi
elif [[ ${option} == "ACL_ANYONE" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf"
echo '# Set this to allow to enable the anyone pseudo user. Disabled by default.
' >> mailcow.conf
echo '# When enabled, ACL can be created, that apply to "All authenticated users"
' >> mailcow.conf
echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
' >> mailcow.conf
echo '# Otherwise a user might share data with too many other users.
' >> mailcow.conf
echo 'ACL_ANYONE=disallow' >> mailcow.conf
fi
elif ! grep -q ${option} mailcow.conf; then elif ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf" echo "Adding new option \"${option}\" to mailcow.conf"
echo "${option}=n" >> mailcow.conf echo "${option}=n" >> mailcow.conf