git subrepo commit mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "12e50b1e"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "e2b4b6f6"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: Idadbbb7aeef595f87975609dc807d3d90cd905ed
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/Dockerfile b/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/Dockerfile
deleted file mode 100644
index 7758df2..0000000
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/Dockerfile
+++ /dev/null
@@ -1,33 +0,0 @@
-FROM ejabberd/ecs:21.01
-
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
-
-ENV GOSU_VERSION 1.11
-
-# We need to copy cert files, dropping rights at a later point
-USER root
-
-RUN apk add --update --no-cache su-exec \
- bash \
- tini \
- jq \
- mariadb-client \
- redis \
- tzdata \
- curl \
- openssl \
- bind-tools \
- composer \
- php7-pdo \
- php7-pdo_mysql \
- php7-ctype
-
-RUN mkdir -p /var/www/authentication && \
- cd /var/www/authentication && \
- composer require leesherwood/ejabberd-php-auth monolog/monolog
-
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY authenticator /var/www/authentication/authenticator
-COPY mailcowCommandExecutor.php /var/www/authentication/vendor/leesherwood/ejabberd-php-auth/src/CommandExecutors/mailcowCommandExecutor.php
-
-ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/authenticator b/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/authenticator
deleted file mode 100755
index 96a6b8e..0000000
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/authenticator
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env php
-<?php
-require_once __DIR__."/vendor/autoload.php";
-
-use Monolog\Logger;
-use LeeSherwood\Ejabberd\AuthenticationService;
-use LeeSherwood\Ejabberd\CommandExecutors\mailcowCommandExecutor;
-
-$logger = new Logger('ejabberdAuth');
-
-$stdoutHandler = new Monolog\Handler\StreamHandler('/var/www/authentication/auth.log', Logger::INFO);
-
-$logger->pushHandler($stdoutHandler);
-
-$executor = new mailcowCommandExecutor();
-
-$application = new AuthenticationService($logger, $executor);
-
-$application->run();
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/docker-entrypoint.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/docker-entrypoint.sh
deleted file mode 100755
index 1777315..0000000
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/docker-entrypoint.sh
+++ /dev/null
@@ -1,100 +0,0 @@
-#!/bin/bash
-set -e
-
-until dig +short mailcow.email > /dev/null; do
- echo "Waiting for DNS..."
- sleep 1
-done
-
-until nc phpfpm 9001 -z; do
- echo "Waiting for PHP on port 9001..."
- sleep 3
-done
-
-until nc phpfpm 9002 -z; do
- echo "Waiting for PHP on port 9002..."
- sleep 3
-done
-
-# Wait for MySQL to warm-up
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
- echo "Waiting for database to come up..."
- sleep 2
-done
-
-# We dont want to give global write access to ejabberd in this directory
-chown -R root:root /var/www/authentication
-
-[ ! -f /sqlite/sqlite.db ] && cp /sqlite/sqlite_template.db /sqlite/sqlite.db
-
-[ ! -d /ejabberd_ssl ] && mkdir /ejabberd_ssl
-cp /ssl/cert.pem /ejabberd_ssl/cert.pem
-cp /ssl/key.pem /ejabberd_ssl/key.pem
-
-# Write access to upload directory and log file for authenticator
-touch /var/www/authentication/auth.log
-chown -R ejabberd:ejabberd /var/www/upload \
- /var/www/authentication/auth.log \
- /sqlite \
- /ejabberd_ssl
-
-# ACL file for vhosts, hosts file for vhosts
-touch /ejabberd/ejabberd_acl.yml \
- /ejabberd/ejabberd_hosts.yml \
- /ejabberd/ejabberd_macros.yml
-chmod 644 /ejabberd/ejabberd_acl.yml \
- /ejabberd/ejabberd_hosts.yml \
- /ejabberd/ejabberd_macros.yml
-chown 82:82 /ejabberd/ejabberd_acl.yml \
- /ejabberd/ejabberd_hosts.yml
-chown 82:82 /ejabberd
-
-cat <<EOF > /ejabberd/ejabberd_api.yml
-# Autogenerated by mailcow
-api_permissions:
- "Reload by mailcow":
- who:
- - ip: "${IPV4_NETWORK}.0/24"
- what:
- - "reload_config"
- - "restart"
- - "list_certificates"
- - "list_cluster"
- - "join_cluster"
- - "leave_cluster"
- - "backup"
- - "status"
- - "stats"
- - "muc_online_rooms"
-EOF
-
-cat <<EOF > /ejabberd/ejabberd_macros.yml
-# Autogenerated by mailcow
-define_macro:
- 'MAILCOW_HOSTNAME': "${MAILCOW_HOSTNAME}"
- 'EJABBERD_HTTPS': ${XMPP_HTTPS_PORT}
-EOF
-
-# Set open_basedir
-sed -i 's/;open_basedir =/open_basedir = \/var\/www\/authentication/g' /etc/php7/php.ini
-
-sed -i "s/__DBUSER__/${DBUSER}/g" /var/www/authentication/vendor/leesherwood/ejabberd-php-auth/src/CommandExecutors/mailcowCommandExecutor.php
-sed -i "s/__DBPASS__/${DBPASS}/g" /var/www/authentication/vendor/leesherwood/ejabberd-php-auth/src/CommandExecutors/mailcowCommandExecutor.php
-sed -i "s/__DBNAME__/${DBNAME}/g" /var/www/authentication/vendor/leesherwood/ejabberd-php-auth/src/CommandExecutors/mailcowCommandExecutor.php
-
-# Run hooks
-for file in /hooks/*; do
- if [ -x "${file}" ]; then
- echo "Running hook ${file}"
- "${file}"
- fi
-done
-
-alias ejabberdctl="su-exec ejabberd /home/ejabberd/bin/ejabberdctl --node ejabberd@${MAILCOW_HOSTNAME}"
-
-if [[ -z "$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e 'SELECT domain FROM domain WHERE xmpp = 1')" ]]; then
- echo "No XMPP host configured, sleeping the sleep of the righteous, waiting for someone to wake me up..."
- exec su-exec ejabberd tini -g -- sleep 365d
-fi
-
-exec su-exec ejabberd tini -g -- /home/ejabberd/bin/ejabberdctl --node ejabberd@${MAILCOW_HOSTNAME} foreground
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/mailcowCommandExecutor.php b/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/mailcowCommandExecutor.php
deleted file mode 100644
index 390783a..0000000
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/ejabberd/mailcowCommandExecutor.php
+++ /dev/null
@@ -1,229 +0,0 @@
-<?php namespace LeeSherwood\Ejabberd\CommandExecutors;
-
-/**
- * Dummy command executor for ejabberd
- *
- * This class implements the command executor interface and just returns some sane boolean values.
- * You may want to use this class to test your ejabberd external authentication module is set up correctly
- * before you start creating your custom code.
- *
- * @package LeeSherwood\Ejabberd
- * @author Lee Sherwood
- */
-
-use \PDO;
-
-class mailcowCommandExecutor implements CommandExecutorInterface {
-
- /**
- * Authenticate a user (login)
- *
- * @param string $username
- * @param string $servername
- * @param string $password
- *
- * @return bool
- */
-
- public static function verify_salted_hash($hash, $password, $algo, $salt_length) {
- // Decode hash
- $dhash = base64_decode($hash);
- // Get first n bytes of binary which equals a SSHA hash
- $ohash = substr($dhash, 0, $salt_length);
- // Remove SSHA hash from decoded hash to get original salt string
- $osalt = str_replace($ohash, '', $dhash);
- // Check single salted SSHA hash against extracted hash
- if (hash_equals(hash($algo, $password . $osalt, true), $ohash)) {
- return true;
- }
- return false;
- }
-
- public static function verify_hash($hash, $password) {
- if (preg_match('/^{(.+)}(.+)/i', $hash, $hash_array)) {
- $scheme = strtoupper($hash_array[1]);
- $hash = $hash_array[2];
- switch ($scheme) {
- case "ARGON2I":
- case "ARGON2ID":
- case "BLF-CRYPT":
- case "CRYPT":
- case "DES-CRYPT":
- case "MD5-CRYPT":
- case "MD5":
- case "SHA256-CRYPT":
- case "SHA512-CRYPT":
- return password_verify($password, $hash);
-
- case "CLEAR":
- case "CLEARTEXT":
- case "PLAIN":
- return $password == $hash;
-
- case "LDAP-MD5":
- $hash = base64_decode($hash);
- return hash_equals(hash('md5', $password, true), $hash);
-
- case "PBKDF2":
- $components = explode('$', $hash);
- $salt = $components[2];
- $rounds = $components[3];
- $hash = $components[4];
- return hash_equals(hash_pbkdf2('sha1', $password, $salt, $rounds), $hash);
-
- case "PLAIN-MD4":
- return hash_equals(hash('md4', $password), $hash);
-
- case "PLAIN-MD5":
- return md5($password) == $hash;
-
- case "PLAIN-TRUNC":
- $components = explode('-', $hash);
- if (count($components) > 1) {
- $trunc_len = $components[0];
- $trunc_password = $components[1];
-
- return substr($password, 0, $trunc_len) == $trunc_password;
- } else {
- return $password == $hash;
- }
-
- case "SHA":
- case "SHA1":
- case "SHA256":
- case "SHA512":
- // SHA is an alias for SHA1
- $scheme = $scheme == "SHA" ? "sha1" : strtolower($scheme);
- $hash = base64_decode($hash);
- return hash_equals(hash($scheme, $password, true), $hash);
-
- case "SMD5":
- return self::verify_salted_hash($hash, $password, 'md5', 16);
-
- case "SSHA":
- return self::verify_salted_hash($hash, $password, 'sha1', 20);
-
- case "SSHA256":
- return self::verify_salted_hash($hash, $password, 'sha256', 32);
-
- case "SSHA512":
- return self::verify_salted_hash($hash, $password, 'sha512', 64);
-
- default:
- return false;
- }
- }
- return false;
- }
-
- public function authenticate($username, $servername, $password)
- {
- $database_type = 'mysql';
- $database_sock = '/var/run/mysqld/mysqld.sock';
- $database_user = '__DBUSER__';
- $database_pass = '__DBPASS__';
- $database_name = '__DBNAME__';
-
- $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
- $opt = [
- PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
- PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
- PDO::ATTR_EMULATE_PREPARES => false
- ];
- try {
- $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
- }
- catch (PDOException $e) {
- return false;
- }
- if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
- return false;
- }
- $username = strtolower(trim($username));
- $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
- INNER JOIN domain on mailbox.domain = domain.domain
- WHERE `kind` NOT REGEXP 'location|thing|group'
- AND `mailbox`.`active`= '1'
- AND `domain`.`active`= '1'
- AND `domain`.`xmpp` = '1'
- AND JSON_UNQUOTE(JSON_VALUE(`mailbox`.`attributes`, '$.xmpp_access')) = '1'
- AND CONCAT(`domain`.`xmpp_prefix`, '.', `domain`.`domain`) = :servername
- AND `username` = CONCAT(:local_part, '@', `domain`.`domain`)");
- $stmt->execute(array(':local_part' => $username, ':servername' => $servername));
- $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
- foreach ($rows as $row) {
- if (self::verify_hash($row['password'], $password) !== false) {
- return true;
- }
- }
- return false;
- }
-
- /**
- * Check if a user exists
- *
- * @param string $username
- * @param string $servername
- *
- * @return bool
- */
- public function userExists($username, $servername)
- {
- return true;
- }
-
- /**
- * Set a password for a user
- *
- * @param string $username
- * @param string $servername
- * @param string $password
- *
- * @return bool
- */
- public function setPassword($username, $servername, $password)
- {
- return false;
- }
-
- /**
- * Register a user
- *
- * @param string $username
- * @param string $servername
- * @param string $password
- *
- * @return bool
- */
- public function register($username, $servername, $password)
- {
- return false;
- }
-
- /**
- * Delete a user
- *
- * @param string $username
- * @param string $servername
- *
- * @return bool
- */
- public function removeUser($username, $servername)
- {
- return false;
- }
-
- /**
- * Delete a user with password validation
- *
- * @param string $username
- * @param string $servername
- * @param string $password
- *
- * @return bool
- */
- public function removeUserWithPassword($username, $servername, $password)
- {
- return false;
- }
-}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml b/mailcow/src/mailcow-dockerized/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml
index 8b68783..74763bf 100644
--- a/mailcow/src/mailcow-dockerized/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml
+++ b/mailcow/src/mailcow-dockerized/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml
@@ -42,7 +42,3 @@
dockerapi-mailcow:
dns:
- my.resolvers.ip.addr
-
- ejabberd-mailcow:
- dns:
- - my.resolvers.ip.addr