[Web] Log only latest datetime of a unique datetime, service and ip combination

master
andryyy 2021-07-01 06:44:37 +02:00
parent 9b8f5b7cc1
commit 78084c5e7b
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
5 changed files with 13 additions and 27 deletions

View File

@ -156,7 +156,7 @@ function auth_password_verify(req, pass)
while row do while row do
if req.password_verify(req, row.password, pass) == 1 then if req.password_verify(req, row.password, pass) == 1 then
cur:close() cur:close()
con:execute(string.format([[INSERT INTO sasl_logs (service, app_password, username, real_rip) con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
VALUES ("%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip))) VALUES ("%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)))
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
end end
@ -176,7 +176,7 @@ function auth_password_verify(req, pass)
while row do while row do
if req.password_verify(req, row.password, pass) == 1 then if req.password_verify(req, row.password, pass) == 1 then
cur:close() cur:close()
con:execute(string.format([[INSERT INTO sasl_logs (service, app_password, username, real_rip) con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip))) VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
end end
@ -195,7 +195,7 @@ function auth_password_verify(req, pass)
-- }]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)) -- }]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip))
-- http.request { -- http.request {
-- method = "POST", -- method = "POST",
-- url = "http://nginx:8081/sasl_logs.php", -- url = "http://nginx:8081/sasl_log.php",
-- source = ltn12.source.string(reqbody), -- source = ltn12.source.string(reqbody),
-- headers = { -- headers = {
-- ["content-type"] = "application/json", -- ["content-type"] = "application/json",

View File

@ -258,8 +258,8 @@ function last_login($action, $username, $sasl_limit_days = 7) {
switch ($action) { switch ($action) {
case 'get': case 'get':
if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
$stmt = $pdo->prepare('SELECT `real_rip`, MAX(`datetime`) as `datetime`, `service`, `app_password` FROM `sasl_logs` $stmt = $pdo->prepare('SELECT `real_rip`, MAX(`datetime`) as `datetime`, `service`, `app_password` FROM `sasl_log`
LEFT OUTER JOIN `app_passwd` on `sasl_logs`.`app_password` = `app_passwd`.`id` LEFT OUTER JOIN `app_passwd` on `sasl_log`.`app_password` = `app_passwd`.`id`
WHERE `username` = :username WHERE `username` = :username
AND HOUR(TIMEDIFF(NOW(), `datetime`)) < :sasl_limit_days AND HOUR(TIMEDIFF(NOW(), `datetime`)) < :sasl_limit_days
GROUP BY `real_rip`, `service`, `app_password` GROUP BY `real_rip`, `service`, `app_password`
@ -331,7 +331,7 @@ function last_login($action, $username, $sasl_limit_days = 7) {
break; break;
case 'reset': case 'reset':
if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
$stmt = $pdo->prepare('DELETE FROM `sasl_logs` $stmt = $pdo->prepare('DELETE FROM `sasl_log`
WHERE `username` = :username'); WHERE `username` = :username');
$stmt->execute(array(':username' => $username)); $stmt->execute(array(':username' => $username));
} }
@ -1938,7 +1938,7 @@ function get_logs($application, $lines = false) {
} }
if ($application == "sasl") { if ($application == "sasl") {
if (isset($from) && isset($to)) { if (isset($from) && isset($to)) {
$stmt = $pdo->prepare("SELECT * FROM `sasl_logs` ORDER BY `id` DESC LIMIT :from, :to"); $stmt = $pdo->prepare("SELECT * FROM `sasl_log` ORDER BY `datetime` DESC LIMIT :from, :to");
$stmt->execute(array( $stmt->execute(array(
':from' => $from - 1, ':from' => $from - 1,
':to' => $to ':to' => $to
@ -1946,7 +1946,7 @@ function get_logs($application, $lines = false) {
$data = $stmt->fetchAll(PDO::FETCH_ASSOC); $data = $stmt->fetchAll(PDO::FETCH_ASSOC);
} }
else { else {
$stmt = $pdo->prepare("SELECT * FROM `sasl_logs` ORDER BY `id` DESC LIMIT :lines"); $stmt = $pdo->prepare("SELECT * FROM `sasl_log` ORDER BY `datetime` DESC LIMIT :lines");
$stmt->execute(array( $stmt->execute(array(
':lines' => $lines + 1, ':lines' => $lines + 1,
)); ));

View File

@ -3547,7 +3547,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
} }
// Determine last logins // Determine last logins
$stmt = $pdo->prepare("SELECT MAX(`datetime`) AS `datetime`, `service` FROM `sasl_logs` $stmt = $pdo->prepare("SELECT MAX(`datetime`) AS `datetime`, `service` FROM `sasl_log`
WHERE `username` = :mailbox WHERE `username` = :mailbox
GROUP BY `service` DESC"); GROUP BY `service` DESC");
$stmt->execute(array(':mailbox' => $_data)); $stmt->execute(array(':mailbox' => $_data));

View File

@ -3,7 +3,7 @@ function init_db_schema() {
try { try {
global $pdo; global $pdo;
$db_version = "30062021_0910"; $db_version = "01072021_0630";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -508,9 +508,8 @@ function init_db_schema() {
), ),
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC" "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
), ),
"sasl_logs" => array( "sasl_log" => array(
"cols" => array( "cols" => array(
"id" => "INT NOT NULL AUTO_INCREMENT",
"service" => "VARCHAR(32) NOT NULL DEFAULT ''", "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
"app_password" => "INT", "app_password" => "INT",
"username" => "VARCHAR(255) NOT NULL", "username" => "VARCHAR(255) NOT NULL",
@ -519,7 +518,7 @@ function init_db_schema() {
), ),
"keys" => array( "keys" => array(
"primary" => array( "primary" => array(
"" => array("id") "" => array("service", "real_rip", "username")
), ),
"key" => array( "key" => array(
"username" => array("username"), "username" => array("username"),
@ -1017,19 +1016,6 @@ function init_db_schema() {
} }
} }
// Remove deprecated success = 0 entries before migrating sasl_logs
if ($table == 'sasl_logs') {
$stmt = $pdo->query("SHOW TABLES LIKE 'sasl_logs'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$stmt = $pdo->query("SHOW COLUMNS FROM `sasl_logs` LIKE '%success%'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$stmt = $pdo->query("DELETE FROM `sasl_logs` WHERE `success` = 0");
}
}
}
$stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) { if ($num_results != 0) {

View File

@ -207,7 +207,7 @@ services:
- sogo - sogo
dovecot-mailcow: dovecot-mailcow:
image: mailcow/dovecot:1.152 image: mailcow/dovecot:1.153
depends_on: depends_on:
- mysql-mailcow - mysql-mailcow
dns: dns: