Authentifier Apache vers IMAP

Authentifier Apache vers IMAP

Pour avoir une DB user unique, je suis parti sur ma source d’utilisateur et dans mon cas c’est postfixadmin pour les mails.
Du coup; je me suis amusé à écrire un petit bout perl qui permet à apache de s’auth vers un serveur IMAP.

  • Installer les dépendances
    apt-get install libnet-imap-simple-ssl-perl
    apt-get install libunix-syslog-perl
    apt-get install libapache2-mod-authnz-external
    
  • Protéger les pages Xymon avec l’auth IMAP
     cat /etc/apache2/conf-enabled/xymon.conf
    DefineExternalAuth dovecotpw pipe /etc/apache2/auth/dovecotpw.pl
    
    ScriptAlias /xymon-cgi "/usr/lib/xymon/cgi-bin"
    Directory "/usr/lib/xymon/cgi-bin"
        AllowOverride None
        Options ExecCGI Includes
    
        
    
            AuthType Basic
            AuthName "Xymon Administration"
            Require valid-user
            AuthBasicProvider external
            AuthExternal dovecotpw
    
        
    
  • Ensuite le code perl
     cat /etc/apache2/auth/dovecotpw.pl
    
    #!/usr/bin/perl
    use strict;
    use warnings;
    use Unix::Syslog qw(:macros :subs);
    use Net::IMAP::Simple::SSL;
    
    my $VERSION = '1.0';
    
    my $server = 'imap.distran.org';
    my $port = 993;
    my $use_ssl = 1;
    
    syslog LOG_INFO,"imap-auth: waiting for packet";
    chomp(my $user = );
    chomp(my $password = );
    my $result;
    #print "checking [$user] and [$password]\n";
    syslog(LOG_INFO,"imap-auth: request ('auth', \"$user\", '****')");
    
    # successful authentication
    if (is_valid($user, $password)){
          	$result = 0;
           	syslog(LOG_INFO,"imap-auth: -> +OK");
    } else {
             $result = 1;
    }
    
    closelog;
    exit $result;
    
    sub is_valid
    {
    	my ($user, $password) = @_;
    	my $is_valid = 0;
    
    	# Create the object
    	my $imap = Net::IMAP::Simple->new($server,
    		(
    			port => $port,
    			use_ssl => $use_ssl
    		) ) ||
    
    	die "Unable to connect to IMAP: $Net::IMAP::Simple::errstr\n";
    
    	$imap->starttls;
         	if ( $imap->login("$user", $password) ) {
    		$is_valid = 1;
           	         syslog(LOG_INFO,"imap-auth: -> +OK imap server says you're cool. Welcome.");
    	} else {
           	         syslog(LOG_INFO,"imap-auth: -> -ERR imap server has a problem with you: $! $_ $/ " . $imap->errstr);
    	}
    
    	$imap->quit;
    
    	return ($is_valid);
    }
    
    
  • Check des logs
     tail /var/log/syslog
    
    Nov 24 13:01:05 xymon-server01 perl: imap-auth: waiting for packet
    Nov 24 13:01:05 xymon-server01 perl: imap-auth: request ('auth', "user@domain.com", '****')
    Nov 24 13:01:05 xymon-server01 perl: imap-auth: -> +OK imap server says you're cool. Welcome.
    Nov 24 13:01:05 xymon-server01 perl: imap-auth: -> +OK
    
    
  • Si le serveur IMAP est local sur la meme machine
     cat /etc/apache2/auth/dovecotpw.sh
    #!/bin/bash
    read DCUSER
    read DCPASS
    /usr/bin/doveadm auth ${DCUSER} ${DCPASS}
    exit $?