[Dovecot, Web] Fix remaining issues of app password enhancements from #4296

master
andryyy 2021-10-30 14:34:33 +02:00
parent 644b1f85d1
commit f0aae22f77
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
3 changed files with 7 additions and 3 deletions

View File

@ -177,7 +177,11 @@ function auth_password_verify(req, pass)
while row do while row do
if req.password_verify(req, row.password, pass) == 1 then if req.password_verify(req, row.password, pass) == 1 then
-- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed -- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed
if tostring(req.real_ip) == "__IPV4_SOGO__" or row.has_prot_access == "1" then if tostring(req.real_rip) == "__IPV4_SOGO__" then
cur:close()
con:close()
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
if row.has_prot_access == "1" then
con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip) con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip))) VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
cur:close() cur:close()

View File

@ -944,7 +944,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
':service' => $service, ':service' => $service,
':app_id' => $row['app_passwd_id'], ':app_id' => $row['app_passwd_id'],
':username' => $user, ':username' => $user,
':remote_addr' => $_SERVER['REMOTE_ADDR'] ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
)); ));
} }
return "user"; return "user";

View File

@ -57,7 +57,7 @@ elseif (isset($_GET['login'])) {
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)"); $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)");
$stmt->execute(array( $stmt->execute(array(
':username' => $login, ':username' => $login,
':remote_addr' => $_SERVER['REMOTE_ADDR'] ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
)); ));
// redirect to sogo (sogo will get the correct credentials via nginx auth_request // redirect to sogo (sogo will get the correct credentials via nginx auth_request
header("Location: /SOGo/so/${login}"); header("Location: /SOGo/so/${login}");