Using ExternalAuth to authenticate against POP3
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
I have a need to tie RT to email authentication so that users can authenticate regardless of what the email platform is. Here is a patch I wrote against RT::Authen::ExternalAuth that may help someone:
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm 2011-04-25 07:57:20.000000000 -0800
+++ RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm 2012-01-11 10:44:45.000000000 -0900
@@ -38,6 +38,16 @@
# Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
+ 'POP3' => {
+ # pop3 type
+ 'type' => 'pop3',
+ # pop3 server
+ 'host' => 'mail.domain.com',
+ # if you want to use SSL or not
+ 'ssl' => 1,
+ # auth mode passed to Mail::POP3Client ('BEST', 'PASS', 'APOP' and 'CRAM-MD5')
+ 'authmode' => 'PASS'
+ },
'My_MySQL' => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'db',
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm 1969-12-31 14:00:00.000000000 -1000
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm 2012-01-11 10:37:54.000000000 -0900
@@ -0,0 +1,74 @@
+package RT::Authen::ExternalAuth::POP3;
+
+use Mail::POP3Client;
+
+use strict;
+
+sub GetAuth {
+
+ my ($service, $username, $password) = @_;
+
+ my $config = $RT::ExternalSettings->{$service};
+ $RT::Logger->debug( "Trying external auth service:",$service);
+
+ my $host = $config->{'host'};
+ my $ssl = $config->{'ssl'};
+ my $mode = $config->{'authmode'};
+
+ if( $ssl ){
+ $ssl = 1;
+ } else {
+ $ssl = 0;
+ }
+
+ my $pop = new Mail::POP3Client( USER => $username,
+ PASSWORD => $password,
+ HOST => $host,
+ USESSL => $ssl,
+ AUTH_MODE => $mode,
+ );
+
+ $RT::Logger->debug( "POP3 Autentication as", $username, "@", $host );
+
+ if( $pop->State eq 'TRANSACTION' ){
+ $RT::Logger->info( "External Auth OK (", $service, "):", $username);
+ return 1;
+ } else {
+ $RT::Logger->info( "External Auth FAILED (", $service, "):", $username);
+ return 0;
+ }
+}
+
+
+sub CanonicalizeUserInfo {
+
+ my ($service, $key, $value) = @_;
+
+ my $found = 1;
+ my %params = (Name => undef,
+ EmailAddress => undef,
+ RealName => undef);
+
+ return ($found, %params);
+}
+
+sub UserExists {
+ my ($username,$service) = @_;
+ $RT::Logger->debug("UserExists params:\nusername: $username , service: $service");
+ my $config = $RT::ExternalSettings->{$service};
+
+ my $base = $config->{'base'};
+ my $filter = $config->{'filter'};
+
+ return 1;
+
+}
+
+sub UserDisabled {
+
+ my ($username,$service) = @_;
+
+ return 0;
+}
+
+1;
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 2011-05-06 13:07:37.000000000 -0800
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 2012-01-11 09:04:33.000000000 -0900
@@ -25,6 +25,7 @@
use RT::Authen::ExternalAuth::LDAP;
use RT::Authen::ExternalAuth::DBI;
+use RT::Authen::ExternalAuth::POP3;
use strict;
@@ -320,6 +321,8 @@
my ($service,$username,$password) = @_;
my $success = 0;
+
+`echo $service,$username,$password > /tmp/test`;
# Get the full configuration for that service as a hashref
my $config = $RT::ExternalSettings->{$service};
@@ -332,6 +335,9 @@
} elsif ($config->{'type'} eq 'ldap') {
$success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password);
$RT::Logger->debug("LDAP password validation result:",$success);
+ } elsif ($config->{'type'} eq 'pop3') {
+ $success = RT::Authen::ExternalAuth::POP3::GetAuth($service,$username,$password);
+ $RT::Logger->debug("POP3 password validation result:",$success);
} else {
$RT::Logger->error("Invalid service type for GetAuth:",$service);
}
@@ -357,6 +363,8 @@
$success = RT::Authen::ExternalAuth::DBI::UserExists($username,$service);
} elsif ($config->{'type'} eq 'ldap') {
$success = RT::Authen::ExternalAuth::LDAP::UserExists($username,$service);
+ } elsif ($config->{'type'} eq 'pop3') {
+ $success = RT::Authen::ExternalAuth::POP3::UserExists($username,$service);
} else {
$RT::Logger->debug("Invalid service type for UserExists:",$service);
}
@@ -413,7 +421,19 @@
next;
}
$user_disabled = RT::Authen::ExternalAuth::LDAP::UserDisabled($username,$service);
-
+
+ } elsif ($config->{'type'} eq 'pop3') {
+
+ unless(RT::Authen::ExternalAuth::POP3::UserExists($username,$service)) {
+ $RT::Logger->debug("User (",
+ $username,
+ ") doesn't exist in service (",
+ $service,
+ ") - Cannot update information - Skipping...");
+ next;
+ }
+ $user_disabled = RT::Authen::ExternalAuth::POP3::UserDisabled($username,$service);
+
} elsif ($config->{'type'} eq 'cookie') {
RT::Logger->error("You cannot use SSO Cookies as an information service.");
next;
@@ -507,6 +527,8 @@
($found, %params) = RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
} elsif ($config->{'type'} eq 'db') {
($found, %params) = RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo($service,$key,$value);
+ } elsif ($config->{'type'} eq 'pop3') {
+ ($found, %params) = RT::Authen::ExternalAuth::POP3::CanonicalizeUserInfo($service,$key,$value);
} else {
$RT::Logger->debug( (caller(0))[3],
"does not consider",
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod RT-Authen-ExternalAuth/lib/perllocal.pod
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod 2012-01-11 10:38:38.000000000 -0900
+++ RT-Authen-ExternalAuth/lib/perllocal.pod 2012-01-06 00:47:41.000000000 -0900
@@ -1,4 +1,4 @@
-=head2 Wed Jan 11 10:38:38 2012: C L
+=head2 Fri Jan 6 00:47:41 2012: C L
=over 4