dbaa9dbd6c
on files in plugins dir:
fixed a number of POD errors
formatted some # comments into POD
removed bare 1; (these are plugins, not perl modules)
most instances of this were copy/pasted from a previous plugin that had it
removed instances of # vim ts=N ...
they weren't consistent, many didn't match .perltidyrc
on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'
Conflicts:
plugins/async/check_earlytalker
plugins/async/dns_whitelist_soft
plugins/async/dnsbl
plugins/async/queue/smtp-forward
plugins/async/require_resolvable_fromhost
plugins/async/rhsbl
plugins/async/uribl
plugins/auth/auth_checkpassword
plugins/auth/auth_cvm_unix_local
plugins/auth/auth_flat_file
plugins/auth/auth_ldap_bind
plugins/auth/auth_vpopmail
plugins/auth/auth_vpopmail_sql
plugins/auth/authdeny
plugins/check_badmailfromto
plugins/check_badrcptto_patterns
plugins/check_bogus_bounce
plugins/check_earlytalker
plugins/check_norelay
plugins/check_spamhelo
plugins/connection_time
plugins/dns_whitelist_soft
plugins/dnsbl
plugins/domainkeys
plugins/greylisting
plugins/hosts_allow
plugins/http_config
plugins/logging/adaptive
plugins/logging/apache
plugins/logging/connection_id
plugins/logging/transaction_id
plugins/logging/warn
plugins/milter
plugins/queue/exim-bsmtp
plugins/queue/maildir
plugins/queue/postfix-queue
plugins/queue/smtp-forward
plugins/quit_fortune
plugins/random_error
plugins/rcpt_map
plugins/rcpt_regexp
plugins/relay_only
plugins/require_resolvable_fromhost
plugins/rhsbl
plugins/sender_permitted_from
plugins/spamassassin
plugins/tls
plugins/tls_cert
plugins/uribl
plugins/virus/aveclient
plugins/virus/bitdefender
plugins/virus/clamav
plugins/virus/clamdscan
plugins/virus/hbedv
plugins/virus/kavscanner
plugins/virus/klez_filter
plugins/virus/sophie
plugins/virus/uvscan
121 lines
3.4 KiB
Perl
121 lines
3.4 KiB
Perl
#!perl -Tw
|
|
use strict;
|
|
|
|
=head1 NAME
|
|
|
|
auth_vpopmail - Authenticate against libvpopmail.a
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This plugin authenticates vpopmail users using p5-vpopmail.
|
|
Using CRAM-MD5 requires that vpopmail be built with the
|
|
'--enable-clear-passwd=y' option.
|
|
|
|
=head1 CONFIGURATION
|
|
|
|
This module will only work if qpsmtpd is running as the 'vpopmail' user.
|
|
|
|
CRAM-MD5 authentication will only work with p5-vpopmail 0.09 or higher.
|
|
http://github.com/sscanlon/vpopmail
|
|
|
|
Decide which authentication methods you are willing to support and uncomment
|
|
the lines in the register() sub. See the POD for Qspmtpd::Auth for more
|
|
details on the ramifications of supporting various authentication methods.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
For an overview of the vpopmail authentication plugins and their merits,
|
|
please read the VPOPMAIL section in docs/authentication.pod
|
|
|
|
=head1 AUTHOR
|
|
|
|
Matt Simerson <msimerson@cpan.org>
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
Copyright (c) 2010 Matt Simerson
|
|
|
|
This plugin is licensed under the same terms as the qpsmtpd package itself.
|
|
Please see the LICENSE file included with qpsmtpd for details.
|
|
|
|
=cut
|
|
|
|
use strict;
|
|
|
|
use Qpsmtpd::Constants;
|
|
|
|
sub register {
|
|
my ($self, $qp) = @_;
|
|
|
|
$self->register_hook("auth-plain", "auth_vpopmail" );
|
|
$self->register_hook("auth-login", "auth_vpopmail" );
|
|
$self->register_hook("auth-cram-md5", "auth_vpopmail");
|
|
}
|
|
|
|
sub auth_vpopmail {
|
|
use vpopmail;
|
|
use Digest::HMAC_MD5 qw(hmac_md5_hex);
|
|
|
|
my ($self, $transaction, $method, $user, $passClear, $passHash, $ticket) =
|
|
@_;
|
|
my ($pw_name, $pw_domain) = split "@", lc($user);
|
|
|
|
$self->log(LOGINFO, "Authenticating against vpopmail: $user");
|
|
|
|
return (DECLINED, "authvpopmail/$method - plugin not configured correctly")
|
|
if !test_vpopmail();
|
|
|
|
my $pw = vauth_getpw($pw_name, $pw_domain);
|
|
my $pw_clear_passwd = $pw->{pw_clear_passwd};
|
|
my $pw_passwd = $pw->{pw_passwd};
|
|
|
|
# make sure the user exists
|
|
if (!$pw || (!$pw_clear_passwd && !$pw_passwd)) {
|
|
return (DENY, "authvpopmail/$method - invalid user");
|
|
|
|
# change DENY to DECLINED to support multiple auth plugins
|
|
}
|
|
|
|
return (OK, "authvpopmail/$method")
|
|
if $pw_passwd eq crypt($passClear, $pw_passwd);
|
|
|
|
# simplest case: clear text passwords
|
|
if (defined $passClear && defined $pw_clear_passwd) {
|
|
return (DENY, "authvpopmail/$method - incorrect password")
|
|
if $passClear ne $pw_clear_passwd;
|
|
return (OK, "authvpopmail/$method");
|
|
}
|
|
|
|
if ($method =~ /CRAM-MD5/i) {
|
|
|
|
# clear_passwd isn't defined so we cannot support CRAM-MD5
|
|
return (DECLINED, "authvpopmail/$method") if !defined $pw_clear_passwd;
|
|
|
|
if (defined $passHash
|
|
and $passHash eq hmac_md5_hex($ticket, $pw_clear_passwd))
|
|
{
|
|
}
|
|
}
|
|
|
|
return (OK, "authvpopmail/$method")
|
|
if (defined $passHash
|
|
&& $passHash eq hmac_md5_hex($ticket, $pw_clear_passwd));
|
|
|
|
return (DENY, "authvpopmail/$method - unknown error");
|
|
}
|
|
|
|
sub test_vpopmail {
|
|
|
|
# vpopmail will not allow vauth_getpw to succeed unless the requesting user is vpopmail or root.
|
|
# by default, qpsmtpd runs as the user 'qpsmtpd' and does not have permission.
|
|
eval "use vpopmail";
|
|
if ( $@ ) {
|
|
warn "vpopmail perl module not installed.\n";
|
|
return;
|
|
};
|
|
my ($domain) = vpopmail::vlistdomains();
|
|
my $r = vauth_getpw('postmaster', $domain);
|
|
return if !$r;
|
|
return 1;
|
|
}
|