Using ExternalAuth to authenticate against POP3

From Request Tracker Wiki
Revision as of 15:39, 6 April 2016 by Admin (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

I have a need to tie RT to email authentication so that users can authenticate regardless of what the email platform is. Here is a patch I wrote against RT::Authen::ExternalAuth that may help someone:


diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm    2011-04-25 07:57:20.000000000 -0800
+++ RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm    2012-01-11 10:44:45.000000000 -0900
@@ -38,6 +38,16 @@
 #   Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
 #
 Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
+                                'POP3'        => {
+                            # pop3 type
+                                                        'type' => 'pop3',
+                            # pop3 server
+                                                        'host' => 'mail.domain.com',
+                            # if you want to use SSL or not
+                                                        'ssl' => 1,
+                            # auth mode passed to Mail::POP3Client ('BEST', 'PASS', 'APOP' and 'CRAM-MD5')
+                                                        'authmode' => 'PASS'
+                                                 },
                                 'My_MySQL'   =>  {      ## GENERIC SECTION
                                                         # The type of service (db/ldap/cookie)
                                                         'type'                      =>  'db',
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm    1969-12-31 14:00:00.000000000 -1000
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm    2012-01-11 10:37:54.000000000 -0900
@@ -0,0 +1,74 @@
+package RT::Authen::ExternalAuth::POP3;
+
+use Mail::POP3Client;
+
+use strict;
+
+sub GetAuth {
+
+    my ($service, $username, $password) = @_;
+   
+    my $config = $RT::ExternalSettings->{$service};
+    $RT::Logger->debug( "Trying external auth service:",$service);
+
+    my $host    = $config->{'host'};
+    my $ssl     = $config->{'ssl'};
+    my $mode    = $config->{'authmode'};
+
+    if( $ssl ){
+      $ssl = 1;
+    } else {
+      $ssl = 0;
+    }
+
+    my $pop = new Mail::POP3Client( USER      => $username,
+                                    PASSWORD  => $password,
+                                    HOST      => $host,
+                                    USESSL    => $ssl,
+                                    AUTH_MODE => $mode,
+    );
+
+    $RT::Logger->debug( "POP3 Autentication as",  $username, "@", $host );
+
+    if( $pop->State eq 'TRANSACTION' ){
+      $RT::Logger->info( "External Auth OK (", $service, "):", $username);
+      return 1;
+    } else {
+      $RT::Logger->info( "External Auth FAILED (", $service, "):", $username);
+      return 0;
+    }
+}
+
+
+sub CanonicalizeUserInfo {
+   
+    my ($service, $key, $value) = @_;
+
+    my $found = 1;
+    my %params = (Name         => undef,
+                  EmailAddress => undef,
+                  RealName     => undef);
+
+    return ($found, %params);
+}
+
+sub UserExists {
+    my ($username,$service) = @_;
+   $RT::Logger->debug("UserExists params:\nusername: $username , service: $service");
+    my $config              = $RT::ExternalSettings->{$service};
+   
+    my $base                = $config->{'base'};
+    my $filter              = $config->{'filter'};
+
+    return 1; 
+
+}
+
+sub UserDisabled {
+
+    my ($username,$service) = @_;
+
+    return 0;
+}
+
+1;
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm    2011-05-06 13:07:37.000000000 -0800
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm    2012-01-11 09:04:33.000000000 -0900
@@ -25,6 +25,7 @@
 
 use RT::Authen::ExternalAuth::LDAP;
 use RT::Authen::ExternalAuth::DBI;
+use RT::Authen::ExternalAuth::POP3;
 
 use strict;
 
@@ -320,6 +321,8 @@
     my ($service,$username,$password) = @_;
    
     my $success = 0;
+
+`echo $service,$username,$password > /tmp/test`;
    
     # Get the full configuration for that service as a hashref
     my $config = $RT::ExternalSettings->{$service};
@@ -332,6 +335,9 @@
     } elsif ($config->{'type'} eq 'ldap') {
         $success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password);
     $RT::Logger->debug("LDAP password validation result:",$success);
+    } elsif ($config->{'type'} eq 'pop3') {
+        $success = RT::Authen::ExternalAuth::POP3::GetAuth($service,$username,$password);
+        $RT::Logger->debug("POP3 password validation result:",$success);
     } else {
         $RT::Logger->error("Invalid service type for GetAuth:",$service);
     }
@@ -357,6 +363,8 @@
         $success = RT::Authen::ExternalAuth::DBI::UserExists($username,$service);
     } elsif ($config->{'type'} eq 'ldap') {
         $success = RT::Authen::ExternalAuth::LDAP::UserExists($username,$service);
+    } elsif ($config->{'type'} eq 'pop3') {
+        $success = RT::Authen::ExternalAuth::POP3::UserExists($username,$service);
     } else {
         $RT::Logger->debug("Invalid service type for UserExists:",$service);
     }
@@ -413,7 +421,19 @@
                 next;
             }
             $user_disabled = RT::Authen::ExternalAuth::LDAP::UserDisabled($username,$service);
-                   
+
+        } elsif ($config->{'type'} eq 'pop3') {
+
+            unless(RT::Authen::ExternalAuth::POP3::UserExists($username,$service)) {
+                $RT::Logger->debug("User (",
+                                    $username,
+                                    ") doesn't exist in service (",
+                                    $service,
+                                    ") - Cannot update information - Skipping...");
+                next;
+            }
+            $user_disabled = RT::Authen::ExternalAuth::POP3::UserDisabled($username,$service);
+
         } elsif ($config->{'type'} eq 'cookie') {
             RT::Logger->error("You cannot use SSO Cookies as an information service.");
             next;
@@ -507,6 +527,8 @@
                 ($found, %params) = RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
             } elsif ($config->{'type'} eq 'db') {
                 ($found, %params) = RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo($service,$key,$value);
+            } elsif ($config->{'type'} eq 'pop3') {
+                ($found, %params) = RT::Authen::ExternalAuth::POP3::CanonicalizeUserInfo($service,$key,$value);
             } else {
                 $RT::Logger->debug( (caller(0))[3],
                                     "does not consider",
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod RT-Authen-ExternalAuth/lib/perllocal.pod
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod    2012-01-11 10:38:38.000000000 -0900
+++ RT-Authen-ExternalAuth/lib/perllocal.pod    2012-01-06 00:47:41.000000000 -0900
@@ -1,4 +1,4 @@
-=head2 Wed Jan 11 10:38:38 2012: C L
+=head2 Fri Jan  6 00:47:41 2012: C L
 
 =over 4