Update pull request with suggested changes from feedback.
This commit is contained in:
Graham Todd
parent
ceb7419578
commit
fc50cc2629
@ -1,5 +1,5 @@
|
|||||||
#!/usr/bin/perl -w
|
#!perl -w
|
||||||
|
|
||||||
=head1 NAME auth_imap - Authenticate to an IMAP server
|
=head1 NAME auth_imap - Authenticate to an IMAP server
|
||||||
|
|
||||||
=head1 DESCRIPTION This plugin authenticates against any IMAP server you wish (it also supports SSL).
|
=head1 DESCRIPTION This plugin authenticates against any IMAP server you wish (it also supports SSL).
|
||||||
@ -11,7 +11,7 @@ Without any options, it defaults to connecting to the IMAP server on localhost o
|
|||||||
|
|
||||||
This plugin requires the Net::IMAP::Simple::SSL CPAN module. Options from that module can be
|
This plugin requires the Net::IMAP::Simple::SSL CPAN module. Options from that module can be
|
||||||
added to the $server->() constructor below if your IMAP server requires older versions of SSL
|
added to the $server->() constructor below if your IMAP server requires older versions of SSL
|
||||||
rather than TLS, or for connection debugging ( debug => 1, ssl_version => "SSLv3", etc.).
|
rather than TLS or for connection debugging ( debug => 1, ssl_version => "SSLv3", etc.).
|
||||||
While you can adjust these settings, the plugin should work as is for a typical IMAP server.
|
While you can adjust these settings, the plugin should work as is for a typical IMAP server.
|
||||||
|
|
||||||
See the Net::IMAP::Simple POD for details on how tune the constructor parameters.
|
See the Net::IMAP::Simple POD for details on how tune the constructor parameters.
|
||||||
@ -19,7 +19,7 @@ See the Net::IMAP::Simple POD for details on how tune the constructor parameters
|
|||||||
Note that auth_imap requires that you use AUTH PLAIN or AUTH LOGIN mechanisms which means
|
Note that auth_imap requires that you use AUTH PLAIN or AUTH LOGIN mechanisms which means
|
||||||
that communication between your e-mail client and Qpsmtpd - and between Qpsmtpd and your IMAP server -
|
that communication between your e-mail client and Qpsmtpd - and between Qpsmtpd and your IMAP server -
|
||||||
should be encrypted. There are several approaches to enabling encrypted password storage
|
should be encrypted. There are several approaches to enabling encrypted password storage
|
||||||
on the IMAP server as well. For dovecot2 see: http://wiki2.dovecot.org/HowTo/CRAM-MD5
|
on the IMAP server. For dovecot2 see: http://wiki2.dovecot.org/HowTo/CRAM-MD5
|
||||||
|
|
||||||
This plugin is suited for authorizing user connections to a Qpsmtp SMTP server acting as a
|
This plugin is suited for authorizing user connections to a Qpsmtp SMTP server acting as a
|
||||||
relay or a primary mail server. The principal benefit is ease of adminstration when
|
relay or a primary mail server. The principal benefit is ease of adminstration when
|
||||||
@ -35,65 +35,69 @@ Please see the LICENSE file included with qpsmtpd for details.
|
|||||||
|
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
|
use Net::IMAP::Simple;
|
||||||
sub register {
|
|
||||||
my ($self, $qp, @args) = @_;
|
sub register {
|
||||||
|
my ($self, $qp, @args) = @_;
|
||||||
|
|
||||||
if (@args > 0) {
|
if (@args > 0) {
|
||||||
if ($args[0] =~ /^([\.\w_-]+)$/) {
|
if ($args[0] =~ /^([\.\w_-]+)$/) {
|
||||||
$self->{_imap_server} = $1;
|
$self->{_imap_server} = $1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
die "Bad data in imap server: $args[0]";
|
||||||
|
}
|
||||||
|
$self->{_imap_port} = 143;
|
||||||
|
if (@args > 1 and $args[1] =~ /^(\d+)$/) {
|
||||||
|
$self->{_imap_port} = $1;
|
||||||
|
}
|
||||||
|
$self->log(LOGWARN, "WARNING: Ignoring additional arguments.")
|
||||||
|
if (@args > 2);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
die "Bad data in imap server: $args[0]";
|
die("No IMAP server specified in plugins file.");
|
||||||
}
|
}
|
||||||
$self->{_imap_port} = 143;
|
|
||||||
if (@args > 1 and $args[1] =~ /^(\d+)$/) {
|
# set any values that are not already
|
||||||
$self->{_imap_port} = $1;
|
|
||||||
}
|
|
||||||
$self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 2);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
die("No IMAP server specified in plugins file.");
|
|
||||||
}
|
|
||||||
|
|
||||||
# set any values that are not already
|
|
||||||
$self->{_imap_server} ||= "127.0.0.1";
|
$self->{_imap_server} ||= "127.0.0.1";
|
||||||
$self->{_imap_port} ||= 143;
|
$self->{_imap_port} ||= 143;
|
||||||
|
|
||||||
$self->register_hook( "auth-login", "auth_imap" );
|
$self->register_hook("auth-login", "auth_imap");
|
||||||
$self->register_hook( "auth-plain", "auth_imap" );
|
$self->register_hook("auth-plain", "auth_imap");
|
||||||
}
|
|
||||||
|
|
||||||
sub auth_imap {
|
|
||||||
|
|
||||||
use Net::IMAP::Simple::SSL;
|
|
||||||
|
|
||||||
my ($self, $transaction, $mechanism, $user, $clearPassword, $hashPassword, $ticket) = @_;
|
|
||||||
my ($imaphost, $imapport, $imapserver);
|
|
||||||
|
|
||||||
# pull values in from config
|
|
||||||
$imaphost = $self->{_imap_server};
|
|
||||||
$imapport = $self->{_imap_port};
|
|
||||||
$imapserver = "$imaphost:$imapport";
|
|
||||||
|
|
||||||
$self->log(LOGINFO, "SMTP server requires IMAP authentication before sending");
|
|
||||||
|
|
||||||
# connect to IMAP server
|
|
||||||
my $server = Net::IMAP::Simple->new( $imapserver, ssl_version => "TLSv1", );
|
|
||||||
|
|
||||||
if ( $server ) {
|
|
||||||
$self->log(LOGINFO, "Using $mechanism mechanism with server: $imapserver");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return ( DENY, "auth_imap - could not connect to $imapserver" );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $server->login( $user, $clearPassword, ) ) {
|
sub auth_imap {
|
||||||
$self->log(LOGINFO, "Authenticating user: $user with IMAP");
|
|
||||||
return OK, "auth_imap/$mechanism" ;
|
my ($self, $transaction, $mechanism, $user, $clearPassword, $hashPassword,
|
||||||
}
|
$ticket)
|
||||||
else {
|
= @_;
|
||||||
return ( DENY, "auth_imap - invalid password for $user at $imapserver" );
|
my ($imaphost, $imapport, $imapserver);
|
||||||
}
|
|
||||||
|
# pull values in from config
|
||||||
|
$imaphost = $self->{_imap_server};
|
||||||
|
$imapport = $self->{_imap_port};
|
||||||
|
$imapserver = "$imaphost:$imapport";
|
||||||
|
|
||||||
|
$self->log(LOGINFO,
|
||||||
|
"SMTP server requires IMAP authentication before sending");
|
||||||
|
|
||||||
|
# connect to IMAP server
|
||||||
|
my $server = Net::IMAP::Simple->new($imapserver, ssl_version => "TLSv1",);
|
||||||
|
|
||||||
|
if ($server) {
|
||||||
|
$self->log(LOGINFO,
|
||||||
|
"Using $mechanism mechanism with server: $imapserver");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return (DENY, "auth_imap - could not connect to $imapserver");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($server->login($user, $clearPassword,)) {
|
||||||
|
$self->log(LOGINFO, "Authenticating user: $user with IMAP");
|
||||||
|
return OK, "auth_imap/$mechanism";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return (DENY, "auth_imap - invalid password for $user at $imapserver");
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,8 +18,9 @@ sub auth_imap {
|
|||||||
|
|
||||||
my $server = Net::IMAP::Simple->new($imapserver, use_ssl => 1,)
|
my $server = Net::IMAP::Simple->new($imapserver, use_ssl => 1,)
|
||||||
or return ("auth_imap - could not connect to $imapserver");
|
or return ("auth_imap - could not connect to $imapserver");
|
||||||
|
sleep 1;
|
||||||
|
$server->quit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
ok(auth_imap, "auth_imap, connected to imap.gmail.com");
|
ok(auth_imap, "auth_imap, connected to imap.gmail.com for a sec");
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user