Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added notification option #4

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added notification option #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a086c3
Run a script everytime the impersonate facility is used
Oct 9, 2014
7b28208
Added a notification section in the README.md file
Oct 9, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ Password: password_of_master

The plugin then strips the master info from the form, so all preferences are correctly fetched for the user. (else it would try to find preferences for user*master). If you use any other plugins that use the authenticate hook, you might want to make this plugin the first plugin.

CUSTOM NOTIFICATIONS
--------------------

You can also run a custom script everytime the impersonate is run, for instance to notify administrator accounts, or send alerts to another email address. See the notify-example folder. To avoid the script being called every time the user refresh the session - and keep the session opened, use imapproxy.

OLD VERSIONS
------------
Expand Down
5 changes: 4 additions & 1 deletion config.inc.php.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,7 @@

$rcmail_config['dovecot_impersonate_seperator'] = '*';

?>
// call a script everytime an account is impersonated
$rcmail_config['dovecot_impersonate_notify'] =
'/usr/local/bin/master-user-report.pl --remote-ip={{REMOTE_ADDR}} --server-ip={{SERVER_ADDR}} --master="{{MASTER}}" --account="{{ACCOUNT}}"';

44 changes: 27 additions & 17 deletions dovecot_impersonate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,52 +2,62 @@

/**
* This plugin lets you impersonate another user using a master login. Only works with dovecot.
*
*
* http://wiki.dovecot.org/Authentication/MasterUsers
*
*
* @author Cor Bosman (roundcube@wa.ter.net)
*/

class dovecot_impersonate extends rcube_plugin {
public function init()
{

public function init()
{
$this->add_hook('storage_connect', array($this, 'impersonate'));
$this->add_hook('managesieve_connect', array($this, 'impersonate'));
$this->add_hook('authenticate', array($this, 'login'));
$this->add_hook('sieverules_connect', array($this, 'impersonate_sieve'));
$this->add_hook('authenticate', array($this, 'login'));
$this->add_hook('sieverules_connect', array($this, 'impersonate_sieve'));
}

function login($data) {
// find the seperator character
$rcmail = rcmail::get_instance();
$this->load_config();

$seperator = $rcmail->config->get('dovecot_impersonate_seperator', '*');

if(strpos($data['user'], $seperator)) {
$arr = explode($seperator, $data['user']);
if(count($arr) == 2) {
$data['user'] = $arr[0];
$_SESSION['plugin.dovecot_impersonate_master'] = $seperator . $arr[1];

// should we notify someone ?
$notify = $rcmail->config->get('dovecot_impersonate_notify');
if ( !empty($notify) ) {
$notify = str_replace('{{REMOTE_ADDR}}', $_SERVER['REMOTE_ADDR'], $notify);
$notify = str_replace('{{SERVER_ADDR}}', $_SERVER['SERVER_ADDR'], $notify);
$notify = str_replace('{{ACCOUNT}}', $arr[0], $notify);
$notify = str_replace('{{MASTER}}', $arr[1], $notify);
system($notify);
}
}

}
return($data);
}

function impersonate($data) {
if(isset($_SESSION['plugin.dovecot_impersonate_master'])) {
$data['user'] = $data['user'] . $_SESSION['plugin.dovecot_impersonate_master'];
$data['user'] = $data['user'] . $_SESSION['plugin.dovecot_impersonate_master'];
}
return($data);
}

function impersonate_sieve($data) {
if(isset($_SESSION['plugin.dovecot_impersonate_master'])) {
$data['username'] = $data['username'] . $_SESSION['plugin.dovecot_impersonate_master'];
$data['username'] = $data['username'] . $_SESSION['plugin.dovecot_impersonate_master'];
}
return($data);
}

}
?>
6 changes: 6 additions & 0 deletions notify-example/login-report.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
[Email]
Dest=administrator@example.com
From=postmaster@example.com
Server=smtp.example.com
Bcc=administrator2@example.com

55 changes: 55 additions & 0 deletions notify-example/master-user-report.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/perl

use strict;
use warnings;
use Getopt::Long;
use Config::Tiny;
use MIME::Lite;

# Get from command lineenvironmen
my $remoteAddress;
my $serverAddress;
my $account;
my $master;

GetOptions(
'remote-ip=s' => \$remoteAddress,
'server-ip=s' => \$serverAddress,
'master=s' => \$master,
'account=s' => \$account);

# Get variables from config files
my $Config = Config::Tiny->new;
$Config = Config::Tiny->read('/etc/dovecot/login-report.ini');

my $emailDest = $Config->{Email}->{Dest};
my $emailFrom = $Config->{Email}->{From};
my $emailCc = $Config->{Email}->{Cc} || '';
my $emailBcc = $Config->{Email}->{Bcc} || '';
my $smtpServer = $Config->{Email}->{Server} || 'localhost';

# be sure that the emails are correctly handled
$account =~ s/ /./g;
$master =~ s/ /./g;

# Send a message to whom is concerned
my $emailSubject = 'Master login facility used';
my $emailBody = "The master login facility has been used:\n\n";
$emailBody .= "- Server address : $serverAddress\n";
$emailBody .= "- Remote address : $remoteAddress\n";
$emailBody .= "- Account accessed : $account\n";
$emailBody .= "- Master account : $master\n";
$emailBody .= "\n\n";

# print $emailBody;
my $msg = MIME::Lite->new(
From => $emailFrom,
To => $emailDest,
Cc => $emailCc,
Bcc => $emailBcc,
Subject => $emailSubject,
Data => $emailBody);
$msg->send('smtp', $smtpServer);

# $msg->send('smtp', $smtpServer, AuthUser => $mailUser, AuthPass => $mailPassword);

12 changes: 12 additions & 0 deletions notify-example/post-login.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh

# Check if it is a master user login
if [ "$MASTER_USER" != "" ]; then
/usr/local/bin/master-user-report.pl --remote-ip=$IP --server-ip=$LOCAL_IP --master=$MASTER_USER --account="$USER"
fi

# Assign the master user to allow him to read all mailboxes
export MASTER_USER="$USER"

exec "$@"

22 changes: 22 additions & 0 deletions notify-example/readme.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
This folder contains a set of files you can use to notify people when the dovecot's impersonate facility has been used.

- login-report.ini : to be placed in /etc/dovecot/, contains initialisation variable for emails,
- master-user-report.pl : a script to be placed in /usr/local/bin, for instance.
- post-login.sh : to be placed for instance in /etc/dovecot/scripts


In dovecot, you need to specify the post login script, if not done already:

# The service name below doesn't actually matter.
service imap-postlogin {
# all post-login scripts are executed via script-login binary
executable = script-login /etc/dovecot/scripts/post-login.sh

# the script process runs as the user specified here (v2.0.14+):
user = $default_internal_user
# this UNIX socket listener must use the same name as given to imap executable
unix_listener imap-postlogin {
}
}