File: auth_flat_file

package info (click to toggle)
qpsmtpd 0.94-8
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 2,340 kB
  • sloc: perl: 17,176; sh: 543; makefile: 186; sql: 100
file content (86 lines) | stat: -rw-r--r-- 2,412 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
#!perl -w

=head1 NAME

auth_flat_file - simple CRAM MD5 auth plugin using a flat password file

=head1 SYNOPSIS

in config/plugins:

  auth/auth_flat_file

in config/flat_auth_pw

  username1:password1
  username2:password2
  ...

=head1 DESCRIPTION

This plugin implements a very simple authentication plugin using a flat password
file containing username and password separated by colons.

Note that this plugin enforces the use of a full email address (including
@domain) as the username. There's no particular reason for this so feel free
to modify the code to suit your setup.

The password is stored on disk unencrypted, however authentication uses a HMAC
algorithm so no password is transfered in the clear.

=cut

use strict;
use warnings;

use Qpsmtpd::Auth;
use Qpsmtpd::Constants;

sub register {
    my ($self, $qp) = @_;

    $self->register_hook('auth-plain',    'auth_flat_file');
    $self->register_hook('auth-login',    'auth_flat_file');
    $self->register_hook('auth-cram-md5', 'auth_flat_file');
}

sub auth_flat_file {
    my ($self, $transaction, $method, $user, $passClear, $passHash, $ticket) =
      @_;

    if (!defined $passClear && !defined $passHash) {
        $self->log(LOGINFO, "fail: missing password");
        return (DENY, "authflat - missing password");
    }

    my ($pw_name, $pw_domain) = split /@/, lc($user);

    unless (defined $pw_domain) {
        $self->log(LOGINFO, "fail: missing domain");
        return DECLINED;
    }

    my ($auth_line) =
      grep { /^$pw_name\@$pw_domain:/ } $self->qp->config('flat_auth_pw');

    if (!defined $auth_line) {
        $self->log(LOGINFO, "fail: no such user: $user");
        return DECLINED;
    }

    my ($auth_user, $auth_pass) = split(/:/, $auth_line, 2);

    # at this point we can assume the user name matched
    return
      Qpsmtpd::Auth::validate_password(
                                       $self,
                                       src_clear     => $auth_pass,
                                       src_crypt     => undef,
                                       attempt_clear => $passClear,
                                       attempt_hash  => $passHash,
                                       method        => $method,
                                       ticket        => $ticket,
                                       deny          => DENY,
                                      );
}