2012-04-29 10:35:59 +02:00
|
|
|
#!perl -w
|
2005-03-30 22:50:34 +02:00
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
auth_flat_file - simple CRAM MD5 auth plugin using a flat password file
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
in config/plugins:
|
|
|
|
|
|
|
|
auth/auth_flat_file
|
|
|
|
|
|
|
|
in config/flat_auth_pw
|
|
|
|
|
|
|
|
username1:password1
|
|
|
|
username2:password2
|
|
|
|
...
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This plugin implements a very simple authentication plugin using a flat password
|
|
|
|
file containing username and password separated by colons.
|
|
|
|
|
|
|
|
Note that this plugin enforces the use of a full email address (including
|
|
|
|
@domain) as the username. There's no particular reason for this so feel free
|
|
|
|
to modify the code to suit your setup.
|
|
|
|
|
|
|
|
The password is stored on disk unencrypted, however authentication uses a HMAC
|
|
|
|
algorithm so no password is transfered in the clear.
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
2012-05-09 00:04:10 +02:00
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
use Qpsmtpd::Auth;
|
|
|
|
use Qpsmtpd::Constants;
|
2005-03-30 22:50:34 +02:00
|
|
|
|
|
|
|
sub register {
|
|
|
|
my ( $self, $qp ) = @_;
|
|
|
|
|
2012-05-04 21:20:48 +02:00
|
|
|
$self->register_hook('auth-plain', 'auth_flat_file');
|
|
|
|
$self->register_hook('auth-login', 'auth_flat_file');
|
|
|
|
$self->register_hook('auth-cram-md5', 'auth_flat_file');
|
2005-03-30 22:50:34 +02:00
|
|
|
}
|
|
|
|
|
2010-05-11 07:16:54 +02:00
|
|
|
sub auth_flat_file {
|
2005-03-30 22:50:34 +02:00
|
|
|
my ( $self, $transaction, $method, $user, $passClear, $passHash, $ticket ) =
|
|
|
|
@_;
|
|
|
|
|
2012-05-04 21:20:48 +02:00
|
|
|
if ( ! defined $passClear && ! defined $passHash ) {
|
2012-05-09 00:04:10 +02:00
|
|
|
$self->log(LOGINFO, "fail: missing password");
|
2012-05-04 21:20:48 +02:00
|
|
|
return ( DENY, "authflat - missing password" );
|
|
|
|
}
|
|
|
|
|
|
|
|
my ( $pw_name, $pw_domain ) = split '@', lc($user);
|
2005-03-30 22:50:34 +02:00
|
|
|
|
|
|
|
unless ( defined $pw_domain ) {
|
2012-05-09 00:04:10 +02:00
|
|
|
$self->log(LOGINFO, "fail: missing domain");
|
2005-03-30 22:50:34 +02:00
|
|
|
return DECLINED;
|
|
|
|
}
|
|
|
|
|
|
|
|
my ($auth_line) = grep {/^$pw_name\@$pw_domain:/} $self->qp->config('flat_auth_pw');
|
2012-05-09 00:04:10 +02:00
|
|
|
|
2012-05-04 21:20:48 +02:00
|
|
|
if ( ! defined $auth_line) {
|
2012-05-09 00:04:10 +02:00
|
|
|
$self->log(LOGINFO, "fail: no such user: $user");
|
2005-03-30 22:50:34 +02:00
|
|
|
return DECLINED;
|
|
|
|
}
|
2012-05-04 21:20:48 +02:00
|
|
|
|
2005-03-30 22:50:34 +02:00
|
|
|
my ($auth_user, $auth_pass) = split(/:/, $auth_line, 2);
|
2012-05-04 21:20:48 +02:00
|
|
|
|
2012-05-09 00:04:10 +02:00
|
|
|
# at this point we can assume the user name matched
|
|
|
|
return Qpsmtpd::Auth::validate_password( $self,
|
|
|
|
src_clear => $auth_pass,
|
|
|
|
src_crypt => undef,
|
|
|
|
attempt_clear => $passClear,
|
|
|
|
attempt_hash => $passHash,
|
|
|
|
method => $method,
|
|
|
|
ticket => $ticket,
|
|
|
|
deny => DENY,
|
|
|
|
);
|
2005-03-30 22:50:34 +02:00
|
|
|
}
|
|
|
|
|