Merge pull request #6450 from mailcow/fix/sasl_logs

Fix sasl_logs
2026-01-30 00:57:15 +00:00 · 2025-04-03 12:38:13 +02:00
parent e65478076b 6794e6ff43
commit 3758135dc3
7 changed files with 81 additions and 43 deletions
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -69,29 +69,34 @@ require_once 'functions.acl.inc.php';

 $isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
 $result = false;
-$protocol = $post['protocol'];
 if ($isSOGoRequest) {
-  $protocol = null;
  // This is a SOGo Auth request. First check for SSO password.
  $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
  if ($sogo_sso_pass === $post['password']){
    error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
+    set_sasl_log($post['username'], $post['real_rip'], "SOGO");
    $result = true;
  }
 }
 if ($result === false){
-  $result = apppass_login($post['username'], $post['password'], $protocol, array(
+  $result = apppass_login($post['username'], $post['password'], array($post['service'] => true), array(
    'is_internal' => true,
    'remote_addr' => $post['real_rip']
  ));
-  if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
+  if ($result) {
+    error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
+    set_sasl_log($post['username'], $post['real_rip'], $post['service']);
+  }
 }
 if ($result === false){
  // Init Identity Provider
  $iam_provider = identity_provider('init');
  $iam_settings = identity_provider('get');
  $result = user_login($post['username'], $post['password'], array('is_internal' => true));
-  if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
+  if ($result) {
+    error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
+    set_sasl_log($post['username'], $post['real_rip'], $post['service']);
+  }
 }

 if ($result) {
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -12,12 +12,11 @@ function auth_password_verify(request, password)
    username = request.user,
    password = password,
    real_rip = request.real_rip,
-    protocol = {}
+    service = request.service
  }
-  req.protocol[request.service] = true
  local req_json = json.encode(req)
-  local res = {} 
-  
+  local res = {}
+
  local b, c = https.request {
    method = "POST",
    url = "https://nginx:9082",
@@ -33,7 +32,7 @@ function auth_password_verify(request, password)
  if api_response.success == true then
    return dovecot.auth.PASSDB_RESULT_OK, ""
  end
-  
+
  return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
 end

--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -53,7 +53,7 @@ mail_shared_explicit_inbox = yes
 mail_prefetch_count = 30
 passdb {
  driver = lua
-  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%u:%w
+  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%s:%u:%w
  result_success = return-ok
  result_failure = continue
  result_internalfail = continue