qpsmtpd Wiki

[[plugins:auth:authpam]]

You are here: start » plugins » auth » authpam

Login

You are currently not logged in! Enter your authentication credentials below to log in. You need to have cookies enabled to log in.

Login

You don't have an account yet? Just get one: Register

Forgotten your password? Get a new one: Set new password

=head1 NAME
 
auth/auth_pam
 
=head1 DESCRIPTION
 
This plugin checks the auth login / auth simple with a pam module.
It needs the perl module Authen::PAM installed
 
=head1 CONFIG
 
The following parameters can be passed to auth/auth_pam
 
=over 4
 
=item service <servicename>
Default: smtpauth-login 
 
=back
 
=head1 AUTHOR
 
Written by Leonardo Helman <lhelman@pert(punto)com(punto)ar>.
Pert Consultores SRL
Argentina
 
=head1 COPYRIGHT AND LICENSE
 
Copyright (c) 2005 Leonardo Helman. Pert Consultores SRL Argentina
 
This plugin is licensed under the same terms as the qpsmtpd package itself.
Please see the LICENSE file included with qpsmtpd for details.
 
=head1 VERSION
 
$Id: auth_pam,v 1.7 2006/05/16 14:12:34 leoh Exp $
 
=cut
 
 
 
sub register {
  my ( $self, $qp, %args ) = @_;
 
  my $config= { service=>"smtpauth-login",
              };
 
  if (my @bad = grep { ! exists $config->{$_} } sort keys %args) {
    $self->log(LOGALERT, "invalid parameter(s): " . join(',',@bad));
  }
  $config= {%$config, %args};
 
 
  $self->{_auth_pam_config} = $config;
 
  $self->register_hook( "auth-plain", "authpam" );
  $self->register_hook( "auth-login", "authpam" );
 
}
 
 
sub authpam {
  use Qpsmtpd::Constants;
 
  my ($self, $transaction, $method, $user, $passClear, $passHash, $ticket)=@_;
 
  my $service= $self->{_auth_pam_config}->{service};
 
  my $pamh;
 
  PAM_MY_FUNCS::set_vars( $user, $passClear );
  $self->log(LOGINFO, "Authenticating $user" );
  if ( ref($pamh = new Authen::PAM($service, $user,
					\&PAM_MY_FUNCS::checkpwd_conv_func)) ) {
     if ($pamh->pam_authenticate()==0) {
  	PAM_MY_FUNCS::set_vars( "", "" );
        $pamh = 0;  # force Destructor (per docs) (invokes pam_close())
        $self->log( LOGINFO, "authpam/$method - $user auth success" );
        return ( OK, "authpam/$method" );
     }
  }
  else {
  	PAM_MY_FUNCS::set_vars( "", "" );
        $self->log( LOGCRIT, "authpam/$method - $user Authen::PAM FAILED" );
        return ( OK, "authpam/$method" );
  }
  PAM_MY_FUNCS::set_vars( "", "" );
 
 
  $self->log(LOGALERT, "authpam/$method - user not found" ) &&
  return ( DENY, "authpam/$method - wrong username or password" );
}
 
 
 
package PAM_MY_FUNCS;
use Authen::PAM;
use strict;
 
my $user;
my $passClear;
 
sub set_vars {
   $user=shift;
   $passClear=shift;
}
 
# This function is not mod_perl safe, we need to do something about the
# nested sub
sub checkpwd_conv_func {
    my @res;
    while ( @_ ) {
       my $code = shift;
       my $msg = shift;
       my $ans = "";
 
       $ans = $user if ($code == PAM_PROMPT_ECHO_ON() );
       $ans = $passClear if ($code == PAM_PROMPT_ECHO_OFF() );
 
       push @res, PAM_SUCCESS(), $ans;
     }
     push @res, PAM_SUCCESS();
     return @res;
}
 
 
# vim:ft=perl: