[Dovecot] Re-add listescape...

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -110,13 +110,13 @@ EOF
 echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone
 
 if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify replication' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify replication mail_log' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 else
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr replication' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr listescape replication' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi
 chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
 

data/conf/dovecot/dovecot.conf

@@ -220,6 +220,7 @@ plugin {
   sieve_max_actions = 101
   sieve_quota_max_scripts = 0
   sieve_quota_max_storage = 0
+  listescape_char = "\\"
   sieve_vacation_min_period = 5s
   sieve_vacation_max_period = 0
   sieve_vacation_default_period = 60s

data/web/lang/lang.de.json

@@ -1069,6 +1069,7 @@
         "no_active_filter": "Kein aktiver Filter vorhanden",
         "no_last_login": "Keine letzte UI-Anmeldung gespeichert",
         "no_record": "Kein Eintrag",
+        "open_webmail_sso": "In Webmail einloggen",
         "password": "Passwort",
         "password_now": "Aktuelles Passwort (Änderungen bestätigen)",
         "password_repeat": "Passwort (Wiederholung)",

data/web/lang/lang.en.json

@@ -1067,6 +1067,7 @@
         "no_active_filter": "No active filter available",
         "no_last_login": "No last UI login information",
         "no_record": "No record",
+        "open_webmail_sso": "Login to webmail",
         "password": "Password",
         "password_now": "Current password (confirm changes)",
         "password_repeat": "Password (repeat)",

data/web/sogo-auth.php

@@ -1,21 +1,10 @@
 <?php
 
-$ALLOW_ADMIN_EMAIL_LOGIN = (preg_match(
-  "/^([yY][eE][sS]|[yY])+$/",
-  $_ENV["ALLOW_ADMIN_EMAIL_LOGIN"]
-));
-
 $session_var_user_allowed = 'sogo-sso-user-allowed';
 $session_var_pass = 'sogo-sso-pass';
 
-// prevent if feature is disabled
-if (!$ALLOW_ADMIN_EMAIL_LOGIN) {
-  header('HTTP/1.0 403 Forbidden');
-  echo "this feature is disabled";
-  exit;
-}
 // validate credentials for basic auth requests
-elseif (isset($_SERVER['PHP_AUTH_USER'])) {
+if (isset($_SERVER['PHP_AUTH_USER'])) {
   // load prerequisites only when required
   require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
   $username = $_SERVER['PHP_AUTH_USER'];
@@ -36,11 +25,14 @@ elseif (isset($_SERVER['PHP_AUTH_USER'])) {
 elseif (isset($_GET['login'])) {
   // load prerequisites only when required
   require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
-  // check permissions
-  if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['acl']['login_as'] == "1") {
-    $login = html_entity_decode(rawurldecode($_GET["login"]));
+  // check if dual_login is active
+  $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+  // check permissions (if dual_login is active, deny sso when acl is not given)
+  $login = html_entity_decode(rawurldecode($_GET["login"]));
+  if (isset($_SESSION['mailcow_cc_role']) &&
+    ($_SESSION['acl']['login_as'] == "1" || ($is_dual === false && $login == $_SESSION['mailcow_cc_username']))) {
     if (filter_var($login, FILTER_VALIDATE_EMAIL)) {
-      if (!empty(mailbox('get', 'mailbox_details', $login))) {
+      if (user_get_alias_details($login) !== false) {
         // load master password
         $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
         // register username and password in session
@@ -53,6 +45,7 @@ elseif (isset($_GET['login'])) {
     }
   }
   header('HTTP/1.0 403 Forbidden');
+  echo "Access is forbidden";
   exit;
 }
 // only check for admin-login on sogo GUI requests

data/web/user.php

@@ -178,6 +178,15 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
     <div class="panel panel-default">
       <div class="panel-heading"><?=$lang['user']['mailbox_general'];?></div>
       <div class="panel-body">
+        <div class="row">
+          <div class="col-md-3 col-xs-5 text-right"></div>
+          <div class="col-md-3 col-xs-7">
+            <a target="_blank" href="/sogo-auth.php?login=<?=$username;?>" role="button" class="btn btn-default btn-block">
+              <i class="bi bi-inbox-fill"></i> <?=$lang['user']['open_webmail_sso'];?>
+            </a>
+          </div>
+        </div>
+        <hr>
         <div class="row">
           <div class="col-md-3 col-xs-5 text-right"><?=$lang['user']['in_use'];?>:</div>
           <div class="col-md-5 col-xs-7">