2021-08-23 17:00:27 +00:00
|
|
|
local rapidjson = require('rapidjson')
|
|
|
|
|
2021-08-23 17:04:43 +00:00
|
|
|
local clientId = "{{ getenv "CLIENT_ID" }}"
|
|
|
|
local clientSecret = "{{ getenv "CLIENT_SECRET" }}"
|
|
|
|
local username = "{{ getenv "OAUTH_ADMIN_USER" }}"
|
|
|
|
local password = "{{ getenv "OAUTH_ADMIN_PASSWORD" }}"
|
|
|
|
local tokenUrl = "{{ getenv "GRANT_URL" }}"
|
|
|
|
local userUrl = "{{ getenv "USER_URL" }}"
|
2021-08-23 17:00:27 +00:00
|
|
|
|
|
|
|
function os.capture(cmd, raw)
|
|
|
|
local f = assert(io.popen(cmd, 'r'))
|
|
|
|
local s = assert(f:read('*a'))
|
|
|
|
f:close()
|
|
|
|
|
|
|
|
return s
|
|
|
|
end
|
|
|
|
|
|
|
|
function auth_userdb_lookup(req)
|
|
|
|
local tokenCmd = "curl -L --silent -X POST -d \"grant_type=password\""
|
|
|
|
tokenCmd = tokenCmd .. " -d \"client_id=" .. clientId .. "\""
|
|
|
|
tokenCmd = tokenCmd .. " -d \"client_secret=" .. clientSecret .. "\""
|
|
|
|
tokenCmd = tokenCmd .. " -d \"username=" .. username .. "\""
|
|
|
|
tokenCmd = tokenCmd .. " -d \"password=" .. password .. "\""
|
|
|
|
tokenCmd = tokenCmd .. " \"" .. tokenUrl .. "\""
|
|
|
|
|
|
|
|
local tokenRaw = os.capture(tokenCmd)
|
|
|
|
local tokenJson = rapidjson.decode(tokenRaw)
|
|
|
|
local accessToken = tokenJson.access_token
|
|
|
|
|
|
|
|
local userCmd = "curl -L --silent -H \"Authorization: Bearer " .. accessToken .. "\" \"" .. userUrl .. req.username .. "\""
|
|
|
|
local userRaw = os.capture(userCmd)
|
|
|
|
local userJson = rapidjson.decode(userRaw)
|
|
|
|
|
|
|
|
if #userJson == 0 then
|
|
|
|
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
|
|
|
|
end
|
|
|
|
|
|
|
|
if userJson[1].username == req.username then
|
|
|
|
return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n"
|
|
|
|
end
|
|
|
|
|
|
|
|
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
|
|
|
|
end
|
|
|
|
|