paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fix autodiscover triggering fail2ban implementation, fixes #1069

master
André Peters 2018-02-22 09:16:16 +01:00
parent 035b153445
commit eb4dd632ae
2 changed files with 74 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
data/conf/rspamd/override.d/worker-controller-password.inc 100644
View File

150
data/web/autodiscover.php
View File

@ -36,9 +36,8 @@ $opt = [
$pdo = new PDO($dsn, $database_user, $database_pass, $opt); $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
$login_user = strtolower(trim($_SERVER['PHP_AUTH_USER'])); $login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
$login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW'])); $login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
$login_role = check_login($login_user, $login_pass);
if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") { if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
try { try {
$json = json_encode( $json = json_encode(
array( array(
@ -62,35 +61,36 @@ if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") {
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
exit(0); exit(0);
} }
else {
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $login_role = check_login($login_user, $login_pass);
if ($login_role === "user") {
header("Content-Type: application/xml"); if ($login_role === "user") {
echo '<?xml version="1.0" encoding="utf-8" ?>' . PHP_EOL; header("Content-Type: application/xml");
echo '<?xml version="1.0" encoding="utf-8" ?>' . PHP_EOL;
?> ?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<?php <?php
if(!$data) { if(!$data) {
try { try {
$json = json_encode( $json = json_encode(
array( array(
"time" => time(), "time" => time(),
"ua" => $_SERVER['HTTP_USER_AGENT'], "ua" => $_SERVER['HTTP_USER_AGENT'],
"user" => $_SERVER['PHP_AUTH_USER'], "user" => $_SERVER['PHP_AUTH_USER'],
"service" => "Error: invalid or missing request data" "service" => "Error: invalid or missing request data"
) )
); );
$redis->lPush('AUTODISCOVER_LOG', $json); $redis->lPush('AUTODISCOVER_LOG', $json);
$redis->lTrim('AUTODISCOVER_LOG', 0, 100); $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
} }
catch (RedisException $e) { catch (RedisException $e) {
$_SESSION['return'] = array( $_SESSION['return'] = array(
'type' => 'danger', 'type' => 'danger',
'msg' => 'Redis: '.$e 'msg' => 'Redis: '.$e
); );
return false; return false;
} }
list($usec, $sec) = explode(' ', microtime()); list($usec, $sec) = explode(' ', microtime());
?> ?>
<Response> <Response>
<Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013"> <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013">
@ -101,50 +101,50 @@ else {
</Response> </Response>
</Autodiscover> </Autodiscover>
<?php <?php
exit(0); exit(0);
} }
try { try {
$discover = new SimpleXMLElement($data); $discover = new SimpleXMLElement($data);
$email = $discover->Request->EMailAddress; $email = $discover->Request->EMailAddress;
} catch (Exception $e) { } catch (Exception $e) {
$email = $_SERVER['PHP_AUTH_USER']; $email = $_SERVER['PHP_AUTH_USER'];
} }
$username = trim($email); $username = trim($email);
try { try {
$stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username"); $stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username");
$stmt->execute(array(':username' => $username)); $stmt->execute(array(':username' => $username));
$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
} }
catch(PDOException $e) { catch(PDOException $e) {
die("Failed to determine name from SQL"); die("Failed to determine name from SQL");
} }
if (!empty($MailboxData['name'])) { if (!empty($MailboxData['name'])) {
$displayname = $MailboxData['name']; $displayname = $MailboxData['name'];
} }
else { else {
$displayname = $email; $displayname = $email;
} }
try { try {
$json = json_encode( $json = json_encode(
array( array(
"time" => time(), "time" => time(),
"ua" => $_SERVER['HTTP_USER_AGENT'], "ua" => $_SERVER['HTTP_USER_AGENT'],
"user" => $_SERVER['PHP_AUTH_USER'], "user" => $_SERVER['PHP_AUTH_USER'],
"service" => $autodiscover_config['autodiscoverType'] "service" => $autodiscover_config['autodiscoverType']
) )
); );
$redis->lPush('AUTODISCOVER_LOG', $json); $redis->lPush('AUTODISCOVER_LOG', $json);
$redis->lTrim('AUTODISCOVER_LOG', 0, 100); $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
} }
catch (RedisException $e) { catch (RedisException $e) {
$_SESSION['return'] = array( $_SESSION['return'] = array(
'type' => 'danger', 'type' => 'danger',
'msg' => 'Redis: '.$e 'msg' => 'Redis: '.$e
); );
return false; return false;
} }
if ($autodiscover_config['autodiscoverType'] == 'imap') { if ($autodiscover_config['autodiscoverType'] == 'imap') {
?> ?>
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User> <User>
@ -190,8 +190,8 @@ else {
</Account> </Account>
</Response> </Response>
<?php <?php
} }
else if ($autodiscover_config['autodiscoverType'] == 'activesync') { else if ($autodiscover_config['autodiscoverType'] == 'activesync') {
?> ?>
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:en</Culture> <Culture>en:en</Culture>
@ -210,11 +210,9 @@ else {
</Action> </Action>
</Response> </Response>
<?php <?php
} }
?> ?>
</Autodiscover> </Autodiscover>
<?php <?php
}
}
} }
?> ?>