auth_cvm_unix_local: AUTH module for Bruce Guenther's CVM

[Gordon Rowell]

Comments/suggestions on the attached AUTH module?

[...]
=head1 NAME

auth_cvm_unix_local - SMTP AUTH LOGIN module using
Bruce Guenther's Credential Validation Module (CVM)
    http://untroubled.org/cvm/
[...]

Thanks,

Gordon
--
 Gordon Rowell [EMAIL PROTECTED]  http://www.gormand.com.au
 Gormand Pty Ltd  PO Box 239 St Pauls NSW 2031 Australia
  "The test of our progress is not whether we add more to the abundance
  of those who have much; it is whether we provide enough for those who 
  have too little." Franklin D Roosevelt, Second Inaugural Address, 1937

#!/usr/bin/perl -w

=head1 NAME

auth_cvm_unix_local - SMTP AUTH LOGIN module using 
Bruce Guenther's Credential Validation Module (CVM) 
    http://untroubled.org/cvm/

=head1 SYNOPSIS

In config/plugins:

  auth/auth_cvm_unix_local cvm_socket /var/lib/cvm/cvm-unix-local.socket

=head1 BUGS

- Should probably handle auth-cram-md5 as well. However, this requires
access to the plain text password. We could store a separate database
of passwords purely for SMTP AUTH, for example as an optional 
SMTPAuthPassword property of an account in the esmith::AccountsDB;

- Returns DENY if AUTH fails - there should probably be an option of 
  DECLINE or DENY.

=head1 DESCRIPTION

This plugin implements an authentication plugin using Bruce Guenther's
Credential Validation Module (http://untroubled.org/cvm).

=head1 AUTHOR

Copyright 2005 Gordon Rowell <[EMAIL PROTECTED]>

This software is free software and may be distributed or modified
under the same terms as Perl itself.

=cut

use Socket;

my $VERSION = 0.04;

sub register 
{
    my ( $self, $qp, %arg ) = @_;

    unless ($arg{cvm_socket})
    {
        $self->log(LOGERROR, "authcvm - requires cvm_socket argument");
        return 0;
    }

    if ($arg{cvm_socket} =~ /^([\w\/.-]+)$/)
    {
        $self->{_cvm_socket} = $1;
    }

    unless (-S $self->{_cvm_socket})
    {
        $self->log(LOGERROR, "authcvm - cvm_socket missing or not usable");
        return 0;
    }

    $self->register_hook("auth-plain", "authcvm_plain");
    $self->register_hook("auth-login", "authcvm_plain");
#    $self->register_hook("auth-cram-md5", "authcvm_hash");
}

sub authcvm_plain
{
    my ( $self, $transaction, $method, $user, $passClear, $passHash, $ticket ) =
      @_;

    $self->log(LOGINFO, "authcvm/$method authentication attempt for: $user");

    socket(SOCK, PF_UNIX, SOCK_STREAM, 0) 
        or return (DENY, "authcvm/$method");

    connect(SOCK, sockaddr_un($self->{_cvm_socket}))
        or return (DENY, "authcvm/$method");

    my $o = select(SOCK); $| = 1; select($o);

    print SOCK "\001$user\000localhost\000$passClear\000\000";

    shutdown SOCK, 1;

    my $ret = <SOCK>;
    my ($s) = unpack ("C", $ret);
    return (($s ? DENY : OK), "authcvm/$method");
}