weakforced: Possible to access the ip address of report/allow?
Hi
I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced?
Thanks and have a good one
--
tobi
From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g.
By default in 2.3.1 this looks like:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
But you can add additional parameters:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip}
The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy,
Neil
On 22 May 2019, at 07:56, Tobi via dovecot dovecot@dovecot.org wrote:
Hi
I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced?
Thanks and have a good one
--
tobi
Neil Cook neil.cook@open-xchange.com
Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738 Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin Chairman of the Board: Richard Seibt
European Office: Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 Managing Director: Frank Hoberg
US Office: Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
Hi Neil
thanks for the hint with the dovecot config, adding this and I can see that
... attrs={local_ip="XX.XX.XX.XX"} ...
is now logged by wforce daemon. Then I tried to access that value from wforce with the following testcode
if (#lt.attrs > 0) then return 7, "ip_local", "ip_local", { test=test } end
but even if attrs are set (according to wforce logs), the code above does not go into if condition. What is the proper way to access the attrs?
Thanks for your help and have a good one
--
tobi Am 22.05.19 um 11:53 schrieb Neil Cook:
From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g.
By default in 2.3.1 this looks like:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
But you can add additional parameters:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip}
The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy,
Neil
On 22 May 2019, at 07:56, Tobi via dovecot dovecot@dovecot.org wrote:
Hi
I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced?
Thanks and have a good one
--
tobi
Neil Cook neil.cook@open-xchange.com
Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738 Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin Chairman of the Board: Richard Seibt
European Office: Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 Managing Director: Frank Hoberg
US Office: Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
participants (2)
-
Neil Cook
-
Tobi