#!/usr/bin/python # Copyright (C) 2004 Thomas Mangin # This code is placed in the public domain import os import sys import base64 import vmailmgr import ldap # Error codes RTN_OK = 0 RTN_FAIL = 2 RTN_ERROR = 3 RTN_BADVAL = 7 RTN_NEEDED = 9 RTN_BADPASS = 10 ldap_server = "82.219.4.199" ldap_port = "389" ldap_user = "cn=root,dc=firm" # or whatever your ldap user is ldap_password = "" # the password for that user ldap_dn='cn=%s,ou=%s,ou=clients,ou=people' # or whatever you store your users def exit_error (code): os.write(1,'Z') sys.exit(code) def exit_failed (): os.write(1,'D') sys.exit(RTN_OK) def exit_success (email): os.write(1,'K'+email+'\0') sys.exit(RTN_OK) def valid_vmailmgr (domain,username,password): try: vmailmgr.commands.lookup(domain,username,password) return True except: return False def valid_ldap (domain,username,password): try: l = ldap.initialize('ldap://%s:%s' % (ldap_server, ldap_port)) l.simple_bind_s(ldap_user, ldap_password) dn=ldap_dn % (username,domain) search='(objectclass=*)' r = l.search_s(dn, ldap.SCOPE_SUBTREE, search) if r[0][1]['userPassword'][0] == password: return True return False except: exit_error(RTN_ERROR) if len(sys.argv) == 1: try: # The maximum is 512, so in BASE64 it can not be bigger than 1024 data_ldap = os.read(0,1024)[:-1] except: exit_error(RTN_FAIL) try: parts = data_ldap.split('\0') login = parts[0] email = base64.decodestring(parts[1]) password = base64.decodestring(parts[2]) parts = email.split('@') username = parts[0] domain = parts[1] except: exit_error(RTN_BADVAL) else: exit_error(RTN_NEEDED) if login != 'login': exit_error(RTN_AUTH_TYPE) if valid_vmailmgr(domain,username,password): exit_success(email) if valid_ldap(domain,username,password): exit_success(email) exit_failed() test_me_with_this_script=""" #data_chkpw = email + '\0' + password + '\0' + 'Y12345' + '\0' #data_vmail = domain + '\0' + username + '\0' + password + '\0' #data_ldap += '\0' #!/bin/sh U="user@domain" P="thepassword" echo -n $U > username echo -n $P > password U5=`uuencode -m username username5 | head -2 | tail -1` P5=`uuencode -m password password5 | head -2 | tail -1` #echo -e "AUTH LOGIN\n$U5\n$P5\nquit" | mconnect 127.0.0.1 printf "%s\0%s\0%s\0" login $U5 $P5 | /var/qmail/bin/auth_smtp """