Add auth_imap plugin.
This commit is contained in:
Graham Todd
parent
1abfd152f2
commit
ceb7419578
99
plugins/auth/auth_imap
Normal file
99
plugins/auth/auth_imap
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
|
||||||
|
=head1 NAME auth_imap - Authenticate to an IMAP server
|
||||||
|
|
||||||
|
=head1 DESCRIPTION This plugin authenticates against any IMAP server you wish (it also supports SSL).
|
||||||
|
You need to specify the IMAP server and port number in the plugins configuration file like so:
|
||||||
|
|
||||||
|
auth/auth_imap 192.168.0.1 143
|
||||||
|
|
||||||
|
Without any options, it defaults to connecting to the IMAP server on localhost on port 143.
|
||||||
|
|
||||||
|
This plugin requires the Net::IMAP::Simple::SSL CPAN module. Options from that module can be
|
||||||
|
added to the $server->() constructor below if your IMAP server requires older versions of SSL
|
||||||
|
rather than TLS, or for connection debugging ( debug => 1, ssl_version => "SSLv3", etc.).
|
||||||
|
While you can adjust these settings, the plugin should work as is for a typical IMAP server.
|
||||||
|
|
||||||
|
See the Net::IMAP::Simple POD for details on how tune the constructor parameters.
|
||||||
|
|
||||||
|
Note that auth_imap requires that you use AUTH PLAIN or AUTH LOGIN mechanisms which means
|
||||||
|
that communication between your e-mail client and Qpsmtpd - and between Qpsmtpd and your IMAP server -
|
||||||
|
should be encrypted. There are several approaches to enabling encrypted password storage
|
||||||
|
on the IMAP server as well. For dovecot2 see: http://wiki2.dovecot.org/HowTo/CRAM-MD5
|
||||||
|
|
||||||
|
This plugin is suited for authorizing user connections to a Qpsmtp SMTP server acting as a
|
||||||
|
relay or a primary mail server. The principal benefit is ease of adminstration when
|
||||||
|
an existing IMAP service is already established.
|
||||||
|
|
||||||
|
head1 AUTHOR Christopher Heschong
|
||||||
|
|
||||||
|
Edits to add SSL support and updated for latest qpsmtpd version - James Turnbull <james@lovedthanlost.net>
|
||||||
|
|
||||||
|
=head1 COPYRIGHT AND LICENSE Copyright (c) 2004 Christopher Heschong
|
||||||
|
This plugin is licensed under the same terms as the qpsmtpd package itself.
|
||||||
|
Please see the LICENSE file included with qpsmtpd for details.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
|
||||||
|
sub register {
|
||||||
|
my ($self, $qp, @args) = @_;
|
||||||
|
|
||||||
|
if (@args > 0) {
|
||||||
|
if ($args[0] =~ /^([\.\w_-]+)$/) {
|
||||||
|
$self->{_imap_server} = $1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
die "Bad data in imap server: $args[0]";
|
||||||
|
}
|
||||||
|
$self->{_imap_port} = 143;
|
||||||
|
if (@args > 1 and $args[1] =~ /^(\d+)$/) {
|
||||||
|
$self->{_imap_port} = $1;
|
||||||
|
}
|
||||||
|
$self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 2);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
die("No IMAP server specified in plugins file.");
|
||||||
|
}
|
||||||
|
|
||||||
|
# set any values that are not already
|
||||||
|
$self->{_imap_server} ||= "127.0.0.1";
|
||||||
|
$self->{_imap_port} ||= 143;
|
||||||
|
|
||||||
|
$self->register_hook( "auth-login", "auth_imap" );
|
||||||
|
$self->register_hook( "auth-plain", "auth_imap" );
|
||||||
|
}
|
||||||
|
|
||||||
|
sub auth_imap {
|
||||||
|
|
||||||
|
use Net::IMAP::Simple::SSL;
|
||||||
|
|
||||||
|
my ($self, $transaction, $mechanism, $user, $clearPassword, $hashPassword, $ticket) = @_;
|
||||||
|
my ($imaphost, $imapport, $imapserver);
|
||||||
|
|
||||||
|
# pull values in from config
|
||||||
|
$imaphost = $self->{_imap_server};
|
||||||
|
$imapport = $self->{_imap_port};
|
||||||
|
$imapserver = "$imaphost:$imapport";
|
||||||
|
|
||||||
|
$self->log(LOGINFO, "SMTP server requires IMAP authentication before sending");
|
||||||
|
|
||||||
|
# connect to IMAP server
|
||||||
|
my $server = Net::IMAP::Simple->new( $imapserver, ssl_version => "TLSv1", );
|
||||||
|
|
||||||
|
if ( $server ) {
|
||||||
|
$self->log(LOGINFO, "Using $mechanism mechanism with server: $imapserver");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return ( DENY, "auth_imap - could not connect to $imapserver" );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $server->login( $user, $clearPassword, ) ) {
|
||||||
|
$self->log(LOGINFO, "Authenticating user: $user with IMAP");
|
||||||
|
return OK, "auth_imap/$mechanism" ;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return ( DENY, "auth_imap - invalid password for $user at $imapserver" );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
25
t/plugin_tests/auth/auth_imap
Normal file
25
t/plugin_tests/auth/auth_imap
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#!perl -w
|
||||||
|
use Test::More tests => 2;
|
||||||
|
use strict;
|
||||||
|
use lib 't';
|
||||||
|
|
||||||
|
|
||||||
|
use_ok('Net::IMAP::Simple');
|
||||||
|
|
||||||
|
sub auth_imap {
|
||||||
|
|
||||||
|
use Net::IMAP::Simple::SSL;
|
||||||
|
|
||||||
|
my ($imaphost, $imapport, $imapserver);
|
||||||
|
|
||||||
|
$imaphost = "imap.gmail.com";
|
||||||
|
$imapport = "993";
|
||||||
|
$imapserver = "$imaphost:$imapport";
|
||||||
|
|
||||||
|
my $server = Net::IMAP::Simple->new($imapserver, use_ssl => 1,)
|
||||||
|
or return ("auth_imap - could not connect to $imapserver");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
ok(auth_imap, "auth_imap, connected to imap.gmail.com");
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user