line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
############################################## |
2
|
|
|
|
|
|
|
# Email::Auth::AddressHash |
3
|
|
|
|
|
|
|
# |
4
|
|
|
|
|
|
|
# Copyright 2004, Tara L Andrews |
5
|
|
|
|
|
|
|
# |
6
|
|
|
|
|
|
|
# |
7
|
|
|
|
|
|
|
# This program is distributed in the hope that it will be useful, |
8
|
|
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
9
|
|
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
10
|
|
|
|
|
|
|
# |
11
|
|
|
|
|
|
|
############################################## |
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
package Email::Auth::AddressHash; |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
=head1 NAME |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
Email::Auth::AddressHash - Authentication based on email address |
18
|
|
|
|
|
|
|
extension hash |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
=head1 SYNOPSIS |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
use Email::Auth::AddressHash; |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
my $auth = Email::Auth::AddressHash->new('hashlen' => 8, |
25
|
|
|
|
|
|
|
'secret' = 'My Secret'); |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
my $is_valid = $auth->check_hash('myuser@theirdomain.com', '83c3dac5'); |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
my $correct_answer = $auth->generate_hash('myuser@theirdomain.com'); |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
my $parts = $auth->split_address('myaddr+38274dc9@mydomain.com'); |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
my $passedhash = $parts->{'hash'}; |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
=head1 DESCRIPTION |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
This is a relatively simple module designed for applications which |
39
|
|
|
|
|
|
|
receive email. It provides a mechanism for authenticating email |
40
|
|
|
|
|
|
|
requests, by checking that the To: address, which should be in the |
41
|
|
|
|
|
|
|
form "username+hash@mydomain.com", contains the correct hash value for |
42
|
|
|
|
|
|
|
that particular sender. It uses the sender address and a locally-set |
43
|
|
|
|
|
|
|
secret string to determine the correct hash for the user. A single |
44
|
|
|
|
|
|
|
AddressHash object may be used for multiple authentication checks |
45
|
|
|
|
|
|
|
within the same system. |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
=head1 METHODS |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
=cut |
50
|
|
|
|
|
|
|
|
51
|
1
|
|
|
1
|
|
559
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
36
|
|
52
|
1
|
|
|
1
|
|
6
|
use vars qw($VERSION); |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
48
|
|
53
|
1
|
|
|
1
|
|
5
|
use Digest::MD5 qw(md5_hex); |
|
1
|
|
|
|
|
5
|
|
|
1
|
|
|
|
|
2806
|
|
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
$VERSION = "1.0"; |
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
=over 4 |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
=item Email::Auth::AddressHash->new($secret, $hashlen, $prefix, $hashtype) |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
Takes four arguments. They are listed with their defaults. They |
62
|
|
|
|
|
|
|
are described more fully in the ACCESSORS section. |
63
|
|
|
|
|
|
|
'secret' - PLEASE set this; the default is stupid on purpose. |
64
|
|
|
|
|
|
|
'hashlen' - Default is 6. |
65
|
|
|
|
|
|
|
'prefix' - Default is no prefix. |
66
|
|
|
|
|
|
|
'hashtype' - Default (and only supported type) is md5. |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
If you do use a hash prefix, you may skip setting the 'prefix' |
69
|
|
|
|
|
|
|
variable if you wish, just realize that you will have to strip the |
70
|
|
|
|
|
|
|
prefix yourself before passing your hash to check_auth, instead of |
71
|
|
|
|
|
|
|
letting the split_address method (see below) do it for you. |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
|
74
|
|
|
|
|
|
|
=cut |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
sub new { |
77
|
2
|
|
|
2
|
1
|
23
|
my ($class, $secret, $hashlen, $prefix, $hashtype) = @_; |
78
|
2
|
50
|
|
|
|
6
|
$secret = 'swordfish' unless $secret; |
79
|
2
|
50
|
|
|
|
6
|
$hashlen = 6 unless $hashlen; |
80
|
2
|
50
|
|
|
|
7
|
$hashtype = 'md5' unless $hashtype; |
81
|
|
|
|
|
|
|
|
82
|
2
|
|
|
|
|
8
|
my $self = {'secret' => $secret, |
83
|
|
|
|
|
|
|
'hashlen' => $hashlen, |
84
|
|
|
|
|
|
|
'prefix' => $prefix, |
85
|
|
|
|
|
|
|
'hashtype' => $hashtype |
86
|
|
|
|
|
|
|
}; |
87
|
|
|
|
|
|
|
|
88
|
2
|
|
|
|
|
5
|
bless ($self, $class); |
89
|
2
|
|
|
|
|
6
|
return($self); |
90
|
|
|
|
|
|
|
} |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
=item $authenticator->check_hash($sender_address, $hashstring) |
93
|
|
|
|
|
|
|
|
94
|
|
|
|
|
|
|
Takes two arguments, the sender's address and the email extension |
95
|
|
|
|
|
|
|
that the sender sent his/her request to. Returns true or false, |
96
|
|
|
|
|
|
|
indicating whether the given hash matches the calculated hash. |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
=cut |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
sub check_hash { |
101
|
4
|
|
|
4
|
1
|
13
|
my ($self, $address, $hash) = @_; |
102
|
4
|
100
|
|
|
|
9
|
return ($hash eq $self->generate_hash($address, 0)) ? 1 : 0; |
103
|
|
|
|
|
|
|
} |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
=item $authenticator->generate_hash($sender_address, $with_prefix) |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
Takes a single argument, the sender's address. Returns the correctly |
108
|
|
|
|
|
|
|
calculated hash for the given sender. If $with_prefix is set to a |
109
|
|
|
|
|
|
|
true value, the instance prefix (if any) is prepended. |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
=cut |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
sub generate_hash { |
114
|
6
|
|
|
6
|
1
|
12
|
my ($self, $user, $withpre) = @_; |
115
|
6
|
50
|
|
|
|
18
|
if ($self->{'hashtype'} eq 'md5') { |
116
|
6
|
|
|
|
|
10
|
my $key = $user . $self->{'secret'}; |
117
|
6
|
|
|
|
|
31
|
my $md5key = substr(md5_hex($key), 0, $self->{'hashlen'}); |
118
|
6
|
100
|
66
|
|
|
27
|
if ($withpre && $self->{'prefix'}) { |
119
|
1
|
|
|
|
|
5
|
$md5key = $self->{'prefix'} . $md5key; |
120
|
|
|
|
|
|
|
} |
121
|
6
|
|
|
|
|
31
|
return $md5key; |
122
|
|
|
|
|
|
|
} else { |
123
|
0
|
|
|
|
|
0
|
warn("Hash method " . $self->{'hashtype'} . " not recognized!"); |
124
|
0
|
|
|
|
|
0
|
return ''; |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
} |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
=item $partsref = $authenticator->split_address($address) |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
=item $rcvdhash = $authenticator->split_address($address)->{'extension'} |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
A convenience method. Takes an email address and returns a reference |
133
|
|
|
|
|
|
|
to a hash containing the keys 'username', 'extension', and 'domain'. |
134
|
|
|
|
|
|
|
Returns undef if parsing failed. This is a fine way to isolate the |
135
|
|
|
|
|
|
|
hash to test against. |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
=cut |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
sub split_address { |
140
|
4
|
|
|
4
|
1
|
1491
|
my ($self, $address) = @_; |
141
|
4
|
|
|
|
|
6
|
my $answer = {}; |
142
|
4
|
|
|
|
|
6
|
my ($lhs, $rhs); |
143
|
4
|
50
|
|
|
|
20
|
if ($address =~ /^([\w+-]+)@([\w.-]+)$/) { |
144
|
4
|
|
|
|
|
14
|
($lhs, $answer->{'domain'}) = ($1, $2); |
145
|
4
|
50
|
|
|
|
17
|
if ($lhs =~ /^([\w-]+)\+(\w+)$/) { |
146
|
4
|
|
|
|
|
12
|
($answer->{'user'}, $answer->{'extension'}) = ($1, $2); |
147
|
4
|
100
|
|
|
|
15
|
if ($self->{'prefix'}) { |
148
|
2
|
|
|
|
|
20
|
$answer->{'extension'} =~ s/^$self->{'prefix'}//; |
149
|
|
|
|
|
|
|
} |
150
|
|
|
|
|
|
|
} else { |
151
|
0
|
|
|
|
|
0
|
$answer->{'user'} = $lhs; |
152
|
|
|
|
|
|
|
} |
153
|
|
|
|
|
|
|
} else { |
154
|
0
|
|
|
|
|
0
|
warn('Could not parse address'); |
155
|
0
|
|
|
|
|
0
|
return undef; |
156
|
|
|
|
|
|
|
} |
157
|
4
|
|
|
|
|
13
|
return $answer; |
158
|
|
|
|
|
|
|
} |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
# Accessors. Don't worry, I won't use gratuitous one-liners |
161
|
|
|
|
|
|
|
# elsewhere. |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
=back |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
=head1 INSTANCE VARIABLES AND THEIR ACCESSORS |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
=over 4 |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
=item $authenticator->set_secret('My Secret') |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
=item $authenticator->get_secret() |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
The authenticator secret is a string that is used in the hashing |
174
|
|
|
|
|
|
|
algorithm. It should be set locally in your program. It should not |
175
|
|
|
|
|
|
|
change too often, unless you like annoying your users by changing the |
176
|
|
|
|
|
|
|
email address they should use for your program all the time. |
177
|
|
|
|
|
|
|
|
178
|
|
|
|
|
|
|
=cut |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
sub set_secret { |
181
|
0
|
|
|
0
|
1
|
|
$_[0]->secret = $_[1]; |
182
|
|
|
|
|
|
|
} |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
sub get_secret { |
185
|
0
|
|
|
0
|
1
|
|
return $_[0]->secret; |
186
|
|
|
|
|
|
|
} |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
=item $authenticator->set_prefix('ma') |
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
=item $authenticator->get_prefix() |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
The prefix is a fixed string that you expect to appear at the |
193
|
|
|
|
|
|
|
beginning of every email extension received by your application. You |
194
|
|
|
|
|
|
|
may not need this, but it is useful if you expect a single email |
195
|
|
|
|
|
|
|
account to be able to run several different programs, and want to |
196
|
|
|
|
|
|
|
differentiate the requests via something like procmail. In the above |
197
|
|
|
|
|
|
|
example, with the prefix set to 'ma', users should send all requests |
198
|
|
|
|
|
|
|
to an address like myprog+ma38c319@mydomain.com. |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
=cut |
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
sub set_prefix { |
203
|
0
|
|
|
0
|
1
|
|
$_[0]->prefix = $_[1]; |
204
|
|
|
|
|
|
|
} |
205
|
|
|
|
|
|
|
|
206
|
|
|
|
|
|
|
sub get_prefix { |
207
|
0
|
|
|
0
|
1
|
|
return $_[0]->prefix; |
208
|
|
|
|
|
|
|
} |
209
|
|
|
|
|
|
|
|
210
|
|
|
|
|
|
|
=item $authenticator->set_hashlen($length) |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
=item $authenticator->get_hashlen() |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
This is the length you expect your authentication hashes to be, not |
215
|
|
|
|
|
|
|
counting any prefix you have set. The default length is 6. |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
=cut |
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
sub set_hashlen { |
220
|
0
|
|
|
0
|
1
|
|
$_[0]->hashlen = $_[1]; |
221
|
|
|
|
|
|
|
} |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
sub get_hashlen { |
224
|
0
|
|
|
0
|
1
|
|
return $_[0]->hashlen; |
225
|
|
|
|
|
|
|
} |
226
|
|
|
|
|
|
|
|
227
|
|
|
|
|
|
|
=item $authenticator->set_hashtype($type) |
228
|
|
|
|
|
|
|
|
229
|
|
|
|
|
|
|
=item $authenticator->get_hashtype() |
230
|
|
|
|
|
|
|
|
231
|
|
|
|
|
|
|
This is the hashing algorithm that the module should use. Currently |
232
|
|
|
|
|
|
|
the only supported algorithm is md5. |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
=cut |
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
sub set_hashtype { |
237
|
0
|
|
|
0
|
1
|
|
$_[0]->hashtype = $_[1]; |
238
|
|
|
|
|
|
|
} |
239
|
|
|
|
|
|
|
|
240
|
|
|
|
|
|
|
sub get_hashtype { |
241
|
0
|
|
|
0
|
1
|
|
return $_[0]->hashtype; |
242
|
|
|
|
|
|
|
} |
243
|
|
|
|
|
|
|
|
244
|
|
|
|
|
|
|
1; |
245
|
|
|
|
|
|
|
|
246
|
|
|
|
|
|
|
=back |
247
|
|
|
|
|
|
|
|
248
|
|
|
|
|
|
|
=head1 AUTHOR |
249
|
|
|
|
|
|
|
|
250
|
|
|
|
|
|
|
Tara L Andrews |
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
=head1 SEE ALSO |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
L |
255
|
|
|
|
|
|
|
|
256
|
|
|
|
|
|
|
=cut |