"j.emerlik" <j.emerlik at gmail.com> writes:> I would like to prepare postlogin a script that allow imap connection to > roundcube for all but restrict imap access for selected users."from" roundcube?> Is possible in condition IF use IP addresses as range or with mask (because > I've more than one web servers) ?Of course -- many ways to skin this cat. If you have only a handful of IPs case "$IP" in 12.34.56.78) exec "$@";; 23.45.67.89) exec "$@";; ... esac If you have CIDR that align neatly on octet boundaries case "$IP" in 12.34.56.*) exec "$@";; 23.45.67.*) exec "$@";; ... esac The toughest situation (using script techniques) is for CIDR ranges just shy of a full octet boundary e.g. /25. You can use "cut -d .", "IFS=." or "expr" to break the IP into octets, then test the components. e.g. 12.34.56.0/25 # Example 1 PART1=`echo $IP | cut -d. -f1,2,3` PART2=`echo $IP | cut -d. -f4` [ "$PART1" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && exec "$@" # Example 2 PART2=`expr "$IP" : '.*\.\([0-9]*\)' expr "$IP" : "12.34.56." && [ "$PART2" -ge 0 -a "$PART2" -le 127 ] && exec "$@" # Example 3 (dodgy, I haven't fully thought this through) `echo "$IP" | { IFS=. read a b c PART2; [ "$a.$b.$c" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && echo "exec $@"; }` If you have a busy IMAP server, you'll probably want to use Aki's passdb solution instead, rather than incurring the execution overhead for each and every authentication. Joseph Tam <jtam.home at gmail.com>
On 11/10/2017 11:03 PM, Joseph Tam wrote:> > The?toughest?situation?(using?script?techniques)?is?for > CIDR?ranges?just?shy?of?a?full?octet?boundary?e.g.?/25.?Actually there is a great tool for that, grepcidr $ echo 10.11.12.127 | grepcidr 10.11.12.0/25 && echo OK 10.11.12.127 OK $ echo 10.11.12.128 | grepcidr 10.11.12.0/25 && echo OK $ But in your case you really probably should use postgres for the userdb and just return everything from there in user fields / extra fields, and if the logic doesn't fit in a simple query you can put it in a stored procedure. That will likely be more efficient.
Awesome, thanks! Sent from my mobile device please excuse. 11.11.2017 2:48 PM "Gedalya" <gedalya at gedalya.net> napisa?(a):> On 11/10/2017 11:03 PM, Joseph Tam wrote: > > > > The toughest situation (using script techniques) is for > > CIDR ranges just shy of a full octet boundary e.g. /25. > > Actually there is a great tool for that, grepcidr > > $ echo 10.11.12.127 | grepcidr 10.11.12.0/25 && echo OK > 10.11.12.127 > OK > $ echo 10.11.12.128 | grepcidr 10.11.12.0/25 && echo OK > $ > > But in your case you really probably should use postgres for the userdb > and just return everything from there in user fields / extra fields, and if > the logic doesn't fit in a simple query you can put it in a stored > procedure. That will likely be more efficient. > > >
I finally used it like this: case $IP in 10.120.12[0-7].*) exec "$@" ;; 111.111.11.4[0-9]) exec "$@" ;; esac Thanks a lot Regards, Jacek case $IP in 10.120.12[0-7].*) exec "$@" ;; 195.150.13.4[0-9]) exec "$@" ;; esac 2017-11-10 23:03 GMT+01:00 Joseph Tam <jtam.home at gmail.com>:> "j.emerlik" <j.emerlik at gmail.com> writes: > > I would like to prepare postlogin a script that allow imap connection to >> roundcube for all but restrict imap access for selected users. >> > > "from" roundcube? > > Is possible in condition IF use IP addresses as range or with mask (because >> I've more than one web servers) ? >> > > Of course -- many ways to skin this cat. > > If you have only a handful of IPs > > case "$IP" in > 12.34.56.78) exec "$@";; > 23.45.67.89) exec "$@";; > ... > esac > > If you have CIDR that align neatly on octet boundaries > > case "$IP" in > 12.34.56.*) exec "$@";; > 23.45.67.*) exec "$@";; > ... > esac > > The toughest situation (using script techniques) is for > CIDR ranges just shy of a full octet boundary e.g. /25. You can use > "cut -d .", "IFS=." or "expr" to break the IP into octets, > then test the components. e.g. 12.34.56.0/25 > > # Example 1 > PART1=`echo $IP | cut -d. -f1,2,3` > PART2=`echo $IP | cut -d. -f4` > [ "$PART1" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && > exec "$@" > > # Example 2 > PART2=`expr "$IP" : '.*\.\([0-9]*\)' > expr "$IP" : "12.34.56." && [ "$PART2" -ge 0 -a "$PART2" -le 127 ] > && exec "$@" > > # Example 3 (dodgy, I haven't fully thought this through) > `echo "$IP" | { IFS=. read a b c PART2; [ "$a.$b.$c" = "12.34.56" > -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && echo "exec $@"; }` > > If you have a busy IMAP server, you'll probably want to use Aki's passdb > solution instead, rather than incurring the execution overhead for each > and every authentication. > > Joseph Tam <jtam.home at gmail.com> >