Net::IMAP::Server::DefaultAuth - Encapsulates per-connection

Net-IMAP-Server documentation Contained in the Net-IMAP-Server distribution.

Index

Code Index:

NAME

Top

Net::IMAP::Server::DefaultAuth - Encapsulates per-connection authorization information for an IMAP user.

DESCRIPTION

Top

IMAP credentials are passed in one of two ways: using the LOGIN command, or the AUTHENTICATE command. LOGIN sends the password unencrypted; note, however, that Net::IMAP::Server will not allow the LOGIN command unless the connection is protected by either SSL or TLS. Thus, even when the LOGIN command is used, the password is not sent in the clear.

The default implementation accepts any username and password. Most subclasses will simply want to override auth_plain, unless they need to implement other forms of authorization than LOGIN or AUTHENTICATE PLAIN.

METHODS

Top

user [VALUE]

Gets or sets the plaintext username of the authenticated user.

provides_plain

If provides_plain returns true (the default), LOGIN capability will be advertised when under a layer, and auth_plain will be called if the user sends the LOGIN command.

auth_plain USER, PASSWORD

Returns true if the given USER is allowed to log in using the provided PASSWORD. This should also set user to the username if login was successful. This path is used by both LOGIN and AUTHENTICATE PLAIN commands.

sasl_provides

The AUTHENTICATE command checks that the provided SASL authentication type is in the list that sasl_provides returns. It defaults to only PLAIN.

sasl_plain

Called when the client requests PLAIN SASL authentication. This parses the SASL protocol, and defers to auth_plain to determine if the username and password is actually allowed to log in.

IMPLEMENTING NEW SASL METHODS

Top

The sasl_plain method is a simple example of implementing a SASL protocol, albeit a very simple one. SASL authentication methods should expect to be called with no arguments, and should return an anonymous function, which will be called each time the client transmits more information.

Each time it is called, it will be passed the client data, which will already have been base-64 decoded (the exception being the first time it is called, when it will be called with the empty string).

If the function returns a scalar reference, the scalar will be base-64 encoded and transmitted to the client. Anything which is not a scalar reference will be interpreted as a boolean, as to whether the authentication was successful. Successful authentications should be sure to set user themselves.

Net-IMAP-Server documentation Contained in the Net-IMAP-Server distribution. 
package Net::IMAP::Server::DefaultAuth;

use warnings;
use strict;

use base 'Class::Accessor';
__PACKAGE__->mk_accessors(qw(user));


sub provides_plain { return 1; }


sub auth_plain {
    my $self = shift;
    my ( $user, $pass ) = @_;
    $self->user($user);
    return 1;
}


sub sasl_provides {
    my $self = shift;
    return ("PLAIN");
}


sub sasl_plain {
    my $self = shift;
    return sub {
        my $line = shift;
        return \"" unless $line;

        my ( $authz, $user, $pass ) = split /\x{0}/, $line, 3;
        return $self->auth_plain( $user, $pass );
    };
}


1;