<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
Hi Tobi,
</div>
<div>
<br>
</div>
<div>
you need to process lt.attrs in a loop. It's not a real Lua table, it's a user data pretending to be a table, so # doesn't work.
</div>
<div>
<br>
</div>
<div>
For example:
</div>
<div>
<br>
</div>
<div>
<div>
for k, v in pairs(lt.attrs) do
</div>
<div>
<br>
</div>
<div>
if ((k == "accountStatus") and (v == "blocked"))
</div>
<div>
<br>
</div>
<div>
then
</div>
<div>
<br>
</div>
<div>
return -1, "accountStatus blocked", "accountStatus blocked", {}
</div>
<div>
<br>
</div>
<div>
end
</div>
<div>
<br>
</div>
<div>
end
</div>
<div>
<br>
</div>
<div>
For examples of almost anything you can do in wforce.conf, including the above, please read the wforce.conf man page. It's really very thorough.
</div>
<div>
<br>
</div>
<div>
Neil
</div>
</div>
<blockquote type="cite">
<div>
On 22 May 2019 13:53 Tobi <
<a href="mailto:tobisworld@gmail.com">tobisworld@gmail.com</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Hi Neil
</div>
<div>
<br>
</div>
<div>
thanks for the hint with the dovecot config, adding this and I can see that
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
... attrs={local_ip="XX.XX.XX.XX"} ...
</div>
</blockquote>
<div>
is now logged by wforce daemon. Then I tried to access that value from
</div>
<div>
wforce with the following testcode
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
if (#lt.attrs > 0)
</div>
<div>
then
</div>
<div>
return 7, "ip_local", "ip_local", { test=test }
</div>
<div>
end
</div>
</blockquote>
<div>
but even if attrs are set (according to wforce logs), the code above
</div>
<div>
does not go into if condition. What is the proper way to access the attrs?
</div>
<div>
<br>
</div>
<div>
Thanks for your help and have a good one
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
<br>
</div>
<div>
tobi
</div>
<div>
Am 22.05.19 um 11:53 schrieb Neil Cook:
</div>
<blockquote type="cite">
<div>
From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g.
</div>
<div>
<br>
</div>
<div>
By default in 2.3.1 this looks like:
</div>
<div>
<br>
</div>
<div>
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
</div>
<div>
<br>
</div>
<div>
But you can add additional parameters:
</div>
<div>
<br>
</div>
<div>
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip}
</div>
<div>
<br>
</div>
<div>
The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy,
</div>
<div>
<br>
</div>
<div>
Neil
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 22 May 2019, at 07:56, Tobi via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
</blockquote>
</blockquote>
<div>
>> Hi
</div>
<div>
>>
</div>
<div>
>> I wonder if the information about the origin of report or allow can be
</div>
<div>
>> accessed somehow. lt.remote gives the IP of the client trying to login
</div>
<div>
>> but is there anything in lt which gives the ip of the system that
</div>
<div>
>> connects to wforced?
</div>
<div>
>>
</div>
<div>
>> Thanks and have a good one
</div>
<div>
>>
</div>
<div>
>> --
</div>
<div>
>>
</div>
<div>
>> tobi
</div>
<blockquote type="cite">
<div>
<br>
</div>
<div>
Neil Cook
</div>
<div>
<a href="mailto:neil.cook@open-xchange.com">neil.cook@open-xchange.com</a>
</div>
<div>
<br>
</div>
<div>
-------------------------------------------------------------------------------------
</div>
<div>
Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738
</div>
<div>
Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin
</div>
<div>
Chairman of the Board: Richard Seibt
</div>
<div>
<br>
</div>
<div>
European Office:
</div>
<div>
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718
</div>
<div>
Managing Director: Frank Hoberg
</div>
<div>
<br>
</div>
<div>
US Office:
</div>
<div>
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
</div>
<div>
-------------------------------------------------------------------------------------
</div>
<div>
<br>
</div>
</blockquote>
</blockquote>
<div>
<br>
</div>
<div class="io-ox-signature">
<p> <br></p>
<pre>-- <br><br>kind regards,<br>Neil Cook<br>Chief Security Architect<br><br>Phone: +44 774 7012545<br>Email: neil.cook@open-xchange.com<br>-------------------------------------------------------------------------------------<br>Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738<br>Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin <br>Chairman of the Board: Richard Seibt<br><br>European Office: <br>Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 <br>Managing Director: Frank Hoberg<br><br>US Office: <br>Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA <br>-------------------------------------------------------------------------------------<br><br></pre>
<p> <br></p>
</div>
</body>
</html>