From: John Graham-C. <jgr...@us...> - 2004-04-20 18:55:24
|
Update of /cvsroot/popfile/engine/Proxy In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29164/Proxy Modified Files: POP3.pm Proxy.pm Log Message: Added SSL support for POP3 over SSL (and other proxies if needed). Proxy/Proxy.pm: verify_connected_ can now establish SSL connections if the $ssl parameter is set to 1. Proxy/POP3.pm: Take Sam's syntax for doing APOP on the USER command and expand it to be a generic "options" syntax so that the USER settings in the POP3 client are not in the form host:port:username:options where port and options are optional. Valid options are now apop Require APOP authentication ssl Require SSL connection from POPFile to server it's possible to use both as follows: host:port:username:apop,ssl Index: POP3.pm =================================================================== RCS file: /cvsroot/popfile/engine/Proxy/POP3.pm,v retrieving revision 1.93 retrieving revision 1.94 diff -C2 -d -r1.93 -r1.94 *** POP3.pm 16 Apr 2004 20:25:20 -0000 1.93 --- POP3.pm 20 Apr 2004 18:54:55 -0000 1.94 *************** *** 197,201 **** my $user_command = 'USER ([^:]+)(:(\d+))?' . $self->config_( 'separator' ) . '([^:]+)(:([^:]+))?'; - my $apop_command = 'APOP ([^:]+)(:(\d+))?' . $self->config_( 'separator' ) . '([^:]+) (.*?)'; --- 197,200 ---- *************** *** 220,230 **** # will pull email from. Doing this means we can act as a proxy for multiple mail clients # and mail accounts # When the client issues the command "USER host:username:apop" POPFile must acknowledge # the command and be prepared to compute the md5 digest of the user's password and the # real pop server's banner upon receipt of a PASS command. if ( $command =~ /$user_command/io ) { if ( $1 ne '' ) { ! my ($host, $port, $user, $is_apop_user) = ($1, $3, $4, $6); print $pipe "LOGIN:$user$eol"; --- 219,234 ---- # will pull email from. Doing this means we can act as a proxy for multiple mail clients # and mail accounts + # # When the client issues the command "USER host:username:apop" POPFile must acknowledge # the command and be prepared to compute the md5 digest of the user's password and the # real pop server's banner upon receipt of a PASS command. + # + # When the client issues the command "USER host:username:ssl" POPFile will use SSL for + # the connection to the remote, note that the user can say host:username:ssl,apop if both + # are needed if ( $command =~ /$user_command/io ) { if ( $1 ne '' ) { ! my ( $host, $port, $user, $options ) = ($1, $3, $4, $6); print $pipe "LOGIN:$user$eol"; *************** *** 232,238 **** $self->yield_( $ppipe, $pid ); ! if ( $mail = $self->verify_connected_( $mail, $client, $host, $port || 110 ) ) { ! if ( defined($is_apop_user) && $is_apop_user =~ /apop/i ) { # We want to make sure the server sent a real APOP banner, containing <>'s --- 236,245 ---- $self->yield_( $ppipe, $pid ); ! my $ssl = defined( $options ) && ( $options =~ /ssl/i ); ! $port = 110 if ( !defined( $port ) ); ! if ( $mail = $self->verify_connected_( $mail, $client, $host, $port, $ssl ) ) { ! ! if ( defined( $options ) && ( $options =~ /apop/i ) ) { # We want to make sure the server sent a real APOP banner, containing <>'s *************** *** 247,254 **** $self->log_( "auth APOP" ); $self->{apop_user__} = $user; # tell the client that username was accepted $self->tee_( $client, "+OK hello $user$eol" ); ! next; # don't flush_extra, we didn't send anything to the real server } else { # If the client asked for APOP, and the server doesn't have the correct # banner, give a meaningful error instead of whatever error the server --- 254,265 ---- $self->log_( "auth APOP" ); $self->{apop_user__} = $user; + # tell the client that username was accepted + # don't flush_extra, we didn't send anything to the real server + $self->tee_( $client, "+OK hello $user$eol" ); ! next; } else { + # If the client asked for APOP, and the server doesn't have the correct # banner, give a meaningful error instead of whatever error the server *************** *** 260,265 **** --- 271,278 ---- } } else { + # Pass through the USER command with the actual user name for this server, # and send the reply straight to the client + $self->log_( "auth plaintext" ); $self->{use_apop__} = 0; # signifies a non-apop connection Index: Proxy.pm =================================================================== RCS file: /cvsroot/popfile/engine/Proxy/Proxy.pm,v retrieving revision 1.46 retrieving revision 1.47 diff -C2 -d -r1.46 -r1.47 *** Proxy.pm 19 Apr 2004 14:25:07 -0000 1.46 --- Proxy.pm 20 Apr 2004 18:54:57 -0000 1.47 *************** *** 34,37 **** --- 34,38 ---- use IO::Select; use IO::Socket::Socks; + use IO::Socket::SSL; # A handy variable containing the value of an EOL for networks *************** *** 635,638 **** --- 636,640 ---- # $hostname The host name of the remote server # $port The port + # $ssl If set to 1 then the connection to the remote is established using SSL # # Check that we are connected to $hostname on port $port putting the open handle in $mail. *************** *** 642,646 **** sub verify_connected_ { ! my ( $self, $mail, $client, $hostname, $port ) = @_; # Check to see if we are already connected --- 644,650 ---- sub verify_connected_ { ! my ( $self, $mail, $client, $hostname, $port, $ssl ) = @_; ! ! $ssl = 0 if ( !defined( $ssl ) ); # Check to see if we are already connected *************** *** 657,664 **** ConnectPort => $port ); # PROFILE BLOCK STOP } else { ! $mail = IO::Socket::INET->new( # PROFILE BLOCK START ! Proto => "tcp", ! PeerAddr => $hostname, ! PeerPort => $port ); # PROFILE BLOCK STOP } --- 661,675 ---- ConnectPort => $port ); # PROFILE BLOCK STOP } else { ! if ( $ssl ) { ! $mail = IO::Socket::SSL->new( # PROFILE BLOCK START ! Proto => "tcp", ! PeerAddr => $hostname, ! PeerPort => $port ); # PROFILE BLOCK STOP ! } else { ! $mail = IO::Socket::INET->new( # PROFILE BLOCK START ! Proto => "tcp", ! PeerAddr => $hostname, ! PeerPort => $port ); # PROFILE BLOCK STOP ! } } *************** *** 672,676 **** # occurs ! binmode( $mail ); # Wait 10 seconds for a response from the remote server and if --- 683,689 ---- # occurs ! if ( !$ssl ) { ! binmode( $mail ); ! } # Wait 10 seconds for a response from the remote server and if |