Using ExternalAuth to authenticate against POP3

From Request Tracker Wiki
Jump to navigation Jump to search

I have a need to tie RT to email authentication so that users can authenticate regardless of what the email platform is. Here is a patch I wrote against RT::Authen::ExternalAuth that may help someone:

diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm    2011-04-25 07:57:20.000000000 -0800
+++ RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm    2012-01-11 10:44:45.000000000 -0900
@@ -38,6 +38,16 @@
 #   Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
 #
 Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
+                                'POP3'        => {
+                            # pop3 type
+                                                        'type' => 'pop3',
+                            # pop3 server
+                                                        'host' => 'mail.domain.com',
+                            # if you want to use SSL or not
+                                                        'ssl' => 1,
+                            # auth mode passed to Mail::POP3Client ('BEST', 'PASS', 'APOP' and 'CRAM-MD5')
+                                                        'authmode' => 'PASS'
+                                                 },
                                 'My_MySQL'   =>  {      ## GENERIC SECTION
                                                         # The type of service (db/ldap/cookie)
                                                         'type'                      =>  'db',
diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm
--- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm    1969-12-31 14:00:00.000000000 -1000
+++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/POP3.pm    2012-01-11 10:37:54.000000000 -0900
@@ -0,0 +1,74 @@
+package RT::Authen::ExternalAuth::POP3;
+
+use Mail::POP3Client;
+
+use strict;
+
+sub GetAuth {
+
+    my ($service, $username, $password) = @_;
+
+ my $config = $RT::ExternalSettings->{$service}; + $RT::Logger->debug( "Trying external auth service:",$service); + + my $host = $config->{'host'}; + my $ssl = $config->{'ssl'}; + my $mode = $config->{'authmode'}; + + if( $ssl ){ + $ssl = 1; + } else { + $ssl = 0; + } + + my $pop = new Mail::POP3Client( USER => $username, + PASSWORD => $password, + HOST => $host, + USESSL => $ssl, + AUTH_MODE => $mode, + ); + + $RT::Logger->debug( "POP3 Autentication as", $username, "@", $host ); + + if( $pop->State eq 'TRANSACTION' ){ + $RT::Logger->info( "External Auth OK (", $service, "):", $username); + return 1; + } else { + $RT::Logger->info( "External Auth FAILED (", $service, "):", $username); + return 0; + } +} + + +sub CanonicalizeUserInfo { +
+ my ($service, $key, $value) = @_; + + my $found = 1; + my %params = (Name => undef, + EmailAddress => undef, + RealName => undef); + + return ($found, %params); +} + +sub UserExists { + my ($username,$service) = @_; + $RT::Logger->debug("UserExists params:\nusername: $username , service: $service"); + my $config = $RT::ExternalSettings->{$service}; +
+ my $base = $config->{'base'}; + my $filter = $config->{'filter'}; + + return 1; + +} + +sub UserDisabled { + + my ($username,$service) = @_; + + return 0; +} + +1; diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm --- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 2011-05-06 13:07:37.000000000 -0800 +++ RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 2012-01-11 09:04:33.000000000 -0900 @@ -25,6 +25,7 @@

use RT::Authen::ExternalAuth::LDAP;

 use RT::Authen::ExternalAuth::DBI;
+use RT::Authen::ExternalAuth::POP3;

use strict;

@@ -320,6 +321,8 @@

     my ($service,$username,$password) = @_;
  my $success = 0;

+

+echo $service,$username,$password > /tmp/test;
  # Get the full configuration for that service as a hashref
  my $config = $RT::ExternalSettings->{$service};

@@ -332,6 +335,9 @@

     } elsif ($config->{'type'} eq 'ldap') {
         $success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password);
     $RT::Logger->debug("LDAP password validation result:",$success);
+    } elsif ($config->{'type'} eq 'pop3') {
+        $success = RT::Authen::ExternalAuth::POP3::GetAuth($service,$username,$password);
+        $RT::Logger->debug("POP3 password validation result:",$success);
     } else {
         $RT::Logger->error("Invalid service type for GetAuth:",$service);
     }
@@ -357,6 +363,8 @@
         $success = RT::Authen::ExternalAuth::DBI::UserExists($username,$service);
     } elsif ($config->{'type'} eq 'ldap') {
         $success = RT::Authen::ExternalAuth::LDAP::UserExists($username,$service);
+    } elsif ($config->{'type'} eq 'pop3') {
+        $success = RT::Authen::ExternalAuth::POP3::UserExists($username,$service);
     } else {
         $RT::Logger->debug("Invalid service type for UserExists:",$service);
     }
@@ -413,7 +421,19 @@
                 next;
             }
             $user_disabled = RT::Authen::ExternalAuth::LDAP::UserDisabled($username,$service);
-
+ + } elsif ($config->{'type'} eq 'pop3') { + + unless(RT::Authen::ExternalAuth::POP3::UserExists($username,$service)) { + $RT::Logger->debug("User (", + $username, + ") doesn't exist in service (", + $service, + ") - Cannot update information - Skipping..."); + next; + } + $user_disabled = RT::Authen::ExternalAuth::POP3::UserDisabled($username,$service); + } elsif ($config->{'type'} eq 'cookie') { RT::Logger->error("You cannot use SSO Cookies as an information service."); next; @@ -507,6 +527,8 @@ ($found, %params) = RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value); } elsif ($config->{'type'} eq 'db') { ($found, %params) = RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo($service,$key,$value); + } elsif ($config->{'type'} eq 'pop3') { + ($found, %params) = RT::Authen::ExternalAuth::POP3::CanonicalizeUserInfo($service,$key,$value); } else { $RT::Logger->debug( (caller(0))[3], "does not consider", diff -ruN /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod RT-Authen-ExternalAuth/lib/perllocal.pod --- /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/perllocal.pod 2012-01-11 10:38:38.000000000 -0900 +++ RT-Authen-ExternalAuth/lib/perllocal.pod 2012-01-06 00:47:41.000000000 -0900 @@ -1,4 +1,4 @@ -=head2 Wed Jan 11 10:38:38 2012: C L<RT::Authen::ExternalAuth|RT::Authen::ExternalAuth> +=head2 Fri Jan 6 00:47:41 2012: C L<RT::Authen::ExternalAuth|RT::Authen::ExternalAuth>

=over 4