Using ExternalAuth to authenticate against POP3
Jump to navigation
Jump to search
I have a need to tie RT to email authentication so that users can authenticate regardless of what the email platform is. Here is a patch I wrote against RT::Authen::ExternalAuth that may help someone:
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm 2011-04-25 07:57:20.000000000 -0800
+++ RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm 2012-01-11 10:44:45.000000000 -0900
@@ -38,6 +38,16 @@
# Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
+ 'POP3' => {
+ # pop3 type
+ 'type' => 'pop3',
+ # pop3 server
+ 'host' => 'mail.domain.com',
+ # if you want to use SSL or not
+ 'ssl' => 1,
+ # auth mode passed to Mail::POP3Client ('BEST', 'PASS', 'APOP' and 'CRAM-MD5')
+ 'authmode' => 'PASS'
+ },
'My_MySQL' => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'db',
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm 1969-12-31 14:00:00.000000000 -1000
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm 2012-01-11 10:37:54.000000000 -0900
@@ -0,0 +1,74 @@
+package RT::Authen::ExternalAuth::POP3;
+
+use Mail::POP3Client;
+
+use strict;
+
+sub GetAuth {
+
+ my ($service, $username, $password) = @_;
+
+ my $config = $RT::ExternalSettings->{$service};
+ $RT::Logger->debug( "Trying external auth service:",$service);
+
+ my $host = $config->{'host'};
+ my $ssl = $config->{'ssl'};
+ my $mode = $config->{'authmode'};
+
+ if( $ssl ){
+ $ssl = 1;
+ } else {
+ $ssl = 0;
+ }
+
+ my $pop = new Mail::POP3Client( USER => $username,
+ PASSWORD => $password,
+ HOST => $host,
+ USESSL => $ssl,
+ AUTH_MODE => $mode,
+ );
+
+ $RT::Logger->debug( "POP3 Autentication as", $username, "@", $host );
+
+ if( $pop->State eq 'TRANSACTION' ){
+ $RT::Logger->info( "External Auth OK (", $service, "):", $username);
+ return 1;
+ } else {
+ $RT::Logger->info( "External Auth FAILED (", $service, "):", $username);
+ return 0;
+ }
+}
+
+
+sub CanonicalizeUserInfo {
+
+ my ($service, $key, $value) = @_;
+
+ my $found = 1;
+ my %params = (Name => undef,
+ EmailAddress => undef,
+ RealName => undef);
+
+ return ($found, %params);
+}
+
+sub UserExists {
+ my ($username,$service) = @_;
+ $RT::Logger->debug("UserExists params:\nusername: $username , service: $service");
+ my $config = $RT::ExternalSettings->{$service};
+
+ my $base = $config->{'base'};
+ my $filter = $config->{'filter'};
+
+ return 1;
+
+}
+
+sub UserDisabled {
+
+ my ($username,$service) = @_;
+
+ return 0;
+}
+
+1;
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 2011-05-06 13:07:37.000000000 -0800
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 2012-01-11 09:04:33.000000000 -0900
@@ -25,6 +25,7 @@
use RT::Authen::ExternalAuth::LDAP;
use RT::Authen::ExternalAuth::DBI;
+use RT::Authen::ExternalAuth::POP3;
use strict;
@@ -320,6 +321,8 @@
my ($service,$username,$password) = @_;
my $success = 0;
+
+`echo $service,$username,$password > /tmp/test`;
# Get the full configuration for that service as a hashref
my $config = $RT::ExternalSettings->{$service};
@@ -332,6 +335,9 @@
} elsif ($config->{'type'} eq 'ldap') {
$success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password);
$RT::Logger->debug("LDAP password validation result:",$success);
+ } elsif ($config->{'type'} eq 'pop3') {
+ $success = RT::Authen::ExternalAuth::POP3::GetAuth($service,$username,$password);
+ $RT::Logger->debug("POP3 password validation result:",$success);
} else {
$RT::Logger->error("Invalid service type for GetAuth:",$service);
}
@@ -357,6 +363,8 @@
$success = RT::Authen::ExternalAuth::DBI::UserExists($username,$service);
} elsif ($config->{'type'} eq 'ldap') {
$success = RT::Authen::ExternalAuth::LDAP::UserExists($username,$service);
+ } elsif ($config->{'type'} eq 'pop3') {
+ $success = RT::Authen::ExternalAuth::POP3::UserExists($username,$service);
} else {
$RT::Logger->debug("Invalid service type for UserExists:",$service);
}
@@ -413,7 +421,19 @@
next;
}
$user_disabled = RT::Authen::ExternalAuth::LDAP::UserDisabled($username,$service);
-
+
+ } elsif ($config->{'type'} eq 'pop3') {
+
+ unless(RT::Authen::ExternalAuth::POP3::UserExists($username,$service)) {
+ $RT::Logger->debug("User (",
+ $username,
+ ") doesn't exist in service (",
+ $service,
+ ") - Cannot update information - Skipping...");
+ next;
+ }
+ $user_disabled = RT::Authen::ExternalAuth::POP3::UserDisabled($username,$service);
+
} elsif ($config->{'type'} eq 'cookie') {
RT::Logger->error("You cannot use SSO Cookies as an information service.");
next;
@@ -507,6 +527,8 @@
($found, %params) = RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
} elsif ($config->{'type'} eq 'db') {
($found, %params) = RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo($service,$key,$value);
+ } elsif ($config->{'type'} eq 'pop3') {
+ ($found, %params) = RT::Authen::ExternalAuth::POP3::CanonicalizeUserInfo($service,$key,$value);
} else {
$RT::Logger->debug( (caller(0))[3],
"does not consider",
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod RT-Authen-ExternalAuth/lib/perllocal.pod
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod 2012-01-11 10:38:38.000000000 -0900
+++ RT-Authen-ExternalAuth/lib/perllocal.pod 2012-01-06 00:47:41.000000000 -0900
@@ -1,4 +1,4 @@
-=head2 Wed Jan 11 10:38:38 2012: C L
+=head2 Fri Jan 6 00:47:41 2012: C L
=over 4