File Coverage

blib/lib/Net/ManageSieve.pm
Criterion Covered Total %
statement 18 460 3.9
branch 0 272 0.0
condition 0 89 0.0
subroutine 6 48 12.5
pod 20 27 74.0
total 44 896 4.9


line stmt bran cond sub pod time code
1             package Net::ManageSieve;
2              
3             =head1 NAME
4              
5             Net::ManageSieve - ManageSieve Protocol Client
6              
7             =head1 SYNOPSIS
8              
9             use Net::ManageSieve;
10              
11             # Constructors
12             $sieve = Net::ManageSieve->new('localhost');
13             $sieve = Net::ManageSieve->new('localhost', Timeout => 60);
14              
15             =head1 DESCRIPTION
16              
17             This module implements a client interface to the ManageSieve protocol
18             (L). This
19             documentation assumes that you are familiar with the concepts of the
20             protocol.
21              
22             A new Net::ManageSieve object must be created with the I method. Once
23             this has been done, all ManageSieve commands are accessed through
24             this object.
25              
26             I: ManageSieve allows one to manipulate scripts on a host running a
27             ManageSieve service, this module does not perform, validate or something
28             like that Sieve scipts themselves.
29              
30             This module works in taint mode.
31              
32             =head1 EXAMPLES
33              
34             This example prints the capabilities of the server known as mailhost:
35              
36             #!/usr/local/bin/perl -w
37              
38             use Net::ManageSieve;
39              
40             $sieve = Net::ManageSieve->new('mailhost');
41             print "$k=$v\n" while ($k, $v) = each %{ $sieve->capabilities };
42             $sieve->logout;
43              
44             This example lists all storred scripts on the server and requires TLS:
45              
46             #!/usr/local/bin/perl -w
47              
48             use Net::ManageSieve;
49              
50             my $sieve = Net::ManageSieve->new('mailhost', tls => 'require')
51             or die "$@\n";
52             print "Cipher: ", $sieve->get_cipher(), "\n";
53             $sieve->login('user', 'password')
54             or die "Login: ".$sieve->error()."\n";
55             my $scripts = $sieve->listscripts
56             or die "List: ".$sieve->error()."\n";
57             my $activeScript = pop(@$scripts);
58             print "$_\n" for sort @$scripts;
59             print $activeScript
60             ? 'active script: ' . $activeScript
61             : 'no script active'
62             , "\n";
63             $sieve->logout;
64              
65             =head1 ERROR HANDLING
66              
67             By default all functions return C on failure and set an
68             error description into C<$@>, which can be retrieved with the
69             method C as well.
70              
71             The constructor accepts the setting C, which alters this
72             behaviour by changing the step to assign C<$@>:
73             If its value is:
74              
75             =over 4
76              
77             =item C
78              
79             the program carps the error description.
80              
81             If C is enabled, too, the description is printed twice.
82              
83             =item C
84              
85             the program croaks.
86              
87             =item is a CODE ref
88              
89             this subroutine is called with the arguments:
90              
91             &code_ref ( $object, $error_message )
92              
93             The return value controls, whether or not the error message will be
94             assigned to C<$@>. Private functions may just signal that an error
95             occurred, but keep C<$@> unchanged. In this case C<$@> remains unchanged,
96             if code_ref returns true.
97              
98             I: Even if the code ref returns false, C<$@> might bi clobberred
99             by called modules. This is especially true in the C constructor.
100              
101             =item otherwise
102              
103             the default behaviour is retained by setting C<$@>.
104              
105             =back
106              
107             =cut
108              
109             require 5.001;
110              
111 1     1   1400 use strict;
  1         2  
  1         41  
112 1     1   6 use vars qw($VERSION @ISA);
  1         2  
  1         66  
113 1     1   1126 use Socket 1.3;
  1         5313  
  1         723  
114 1     1   11 use Carp;
  1         2  
  1         61  
115 1     1   944 use IO::Socket;
  1         23416  
  1         5  
116 1     1   2967460 use Encode;
  1         1468111  
  1         7353  
117              
118             $VERSION = "0.13";
119              
120             @ISA = qw();
121              
122             =head1 CONSTRUCTOR
123              
124             =over 4
125              
126             =item new ( [ HOST ] [, OPTIONS ] )
127              
128             This is the constructor for a new Net::ManageSieve object. C is the
129             name of the remote host to which an ManageSieve connection is required.
130              
131             C is optional. If C is not given then it may instead be
132             passed as the C option described below. If neither is given then
133             C will be used.
134              
135             C are passed in a hash like fashion, using key and value pairs.
136             Possible options are:
137              
138             B - ManageSieve host to connect to. It may be a single scalar,
139             as defined for the C option in L, or a
140             reference to an array with hosts to try in turn. The L method
141             will return the value which was used to connect to the host.
142              
143             B and B - These parameters are passed directly
144             to IO::Socket to allow binding the socket to a local port.
145              
146             B - Maximum time, in seconds, to wait for a response from the
147             ManageSieve server (default: 120)
148              
149             B - Select a port on the remote host to connect to (default is 2000)
150              
151             B or B - enable debugging if true (default OFF)
152              
153             I: All of the above options are passed through to L.
154              
155             B - issue STARTTLS right after connect. If B is a HASH ref,
156             the mode is in member C, otherwise C itself is the mode and
157             an empty SSL option HASH is passed to L. The C may be
158             one of C to fail, if TLS negotiation fails, or C,
159             C or C, if TLS is to attempt, but a failure is ignored.
160             (Aliases: B, B)
161              
162             B - Changes the error handling of all functions that would
163             otherwise return undef and set C<$@>. See section ERROR HANDLING
164             (Aliases: B)
165              
166             Example:
167              
168             $sieve = Net::ManageSieve->new('mailhost',
169             Timeout => 30,
170             );
171              
172             use the first host one can connect to successfully C on port
173             C<2000>, the default port, then C on port C<2008>.
174              
175             $sieve = Net::ManageSieve->new(Host => [ 'mailhost', 'localhost:2008' ],
176             Timeout => 30,
177             tls => {
178             mode => require,
179             SSL_ca_path => '/usr/ssl/cert',
180             }
181             );
182              
183             =back
184              
185             =cut
186              
187             sub _decodeCap ($$) {
188 0     0     my $self = shift;
189 0           my $cap = shift;
190              
191 0 0         if(ref($cap) eq 'ARRAY') {
192 0           $self->{capabilities} = { };
193 0           while(my $c = shift(@$cap)) {
194 0 0         next if ref($c);
195 0           $c = lc($c); # capability-name
196 0           my @v;
197 0           while(my $v = shift(@$cap)) { # quaff even multiple tokens
198 0 0         last if ref($v);#CRLF # standard allows one
199 0           push(@v, $v); # optional value
200             } # lasr CRLF had been quaffed by ok() already
201 0 0         $self->{capabilities}->{$c}
202             = scalar(@v)? join(',', @v)
203             : '0 but true';
204             }
205             }
206              
207 0           return $self;
208             }
209              
210             sub new {
211 0     0 1   my $self = shift;
212 0   0       my $type = ref($self) || $self;
213 0           $self = bless {}, $type;
214              
215 0           my ($host,%arg);
216 0 0         if(@_ % 2) {
217 0           $host = shift ;
218 0           %arg = @_;
219             } else {
220 0           %arg = @_;
221 0           $host = delete $arg{Host};
222             }
223 0   0       $host ||= 'localhost';
224 0   0       $arg{Proto} ||= 'tcp';
225 0   0       $arg{Port} ||= 'managesieve(2000)';
226 0           $arg{PeerPort} = $arg{Port};
227 0 0         $arg{Timeout} = 120 unless defined $arg{Timeout};
228 0           $self->{timeout} = $arg{Timeout};
229 0           $self->{_last_response} = 'OK no response, yet';
230 0           $self->{_last_error} = '';
231 0           $self->{_last_command} = '';
232 0 0 0       $self->{_debug} = 1 if $arg{Debug} || $arg{debug};
233 0   0       $self->{_on_fail} = delete $arg{on_fail} || delete $arg{On_fail};
234 0   0       $self->{_tls} = delete $arg{tls} || delete $arg{Tls} || delete $arg{TLS};
235              
236 0 0         foreach my $h (@{ref($host) ? $host : [ $host ]}) {
  0            
237 0           $arg{PeerAddr} = $h;
238 0 0         if($self->{fh} = IO::Socket::INET->new(%arg)) {
239 0           $self->{host} = $h;
240 0           last;
241             }
242             }
243              
244 0 0         unless(defined $self->{host}) {
245 0           my $err = $@;
246 0 0         $err = 'failed to connect to host(s): '.$! unless defined $err;
247 0           $self->_set_error($err);
248 0           return undef;
249             }
250              
251 0           $self->{fh}->autoflush(1);
252              
253             # Read the capabilities
254 0           my $cap = $self->_response();
255 0 0         return undef unless $self->ok($cap);
256 0           $self->_decodeCap($cap);
257              
258 0 0         if(my $mode = $self->{_tls}) {
259 0           my $tls;
260 0 0         if(ref($mode) eq 'HASH') {
261 0           $tls = $mode;
262 0   0       $mode = delete $tls->{mode} || 'auto';
263             } else {
264 0           $tls = { }; # no arguments
265             }
266              
267 0 0 0       if($mode && $mode =~ /\A(?:require|auto|yes|on|y)\Z/) {
268 0           my $rc = $self->starttls(%$tls);
269 0 0 0       if(!$rc && $mode eq 'require') {
270 0           my $err = $@;
271 0 0         $err = 'unknown error' unless defined $err;
272 0           $self->_set_error('failed to enable TLS: '.$err);
273 0           return undef;
274             }
275             }
276             }
277              
278 0           return $self;
279             }
280              
281             =head1 METHODS
282              
283             Unless otherwise stated all methods return either a I or I
284             value, with I meaning that the operation was a success. When
285             a method states that it returns a value, failure will be returned as
286             I or an empty list. The error is specified in C<$@> and can be
287             returned with the L method. Please see section ERROR HANDLING
288             for an alternative error handling scheme.
289              
290             =over 4
291              
292             =item close ()
293              
294             Closes the connection to the server. Any already cached data is kept
295             active, though, there should be no pending data, if an user calls this
296             function.
297              
298             =cut
299              
300             sub close {
301 0     0 1   my $self = shift;
302 0 0         return undef unless $self->{fh};
303 0           my $rc = $self->{fh}->close();
304 0           delete $self->{fh};
305 0           return $rc; # we keep locally cached data intentionally
306             }
307              
308             =item starttls ( %SSL_opts )
309              
310             Initiates a TLS session, may be used only before any
311             authentication.
312              
313             The C is a HASH containing any options you can
314             pass to L<< IO::Socket::SSL->new() >>. No one is passed by default.
315              
316             In order to detect in the later run, if the connection is encrypted,
317             use the C function.
318              
319             Return: $self or C on failure - the socket is still
320             functioning, but is not encrypted.
321              
322             =cut
323              
324             sub starttls {
325 0     0 1   my $self = shift;
326 0 0         unless(scalar(@_) % 2 == 0) {
327 0           $@ = 'The argument list must be a HASH';
328 0           return undef;
329             }
330 0           my %opts = @_;
331              
332 0 0         return undef unless $self->ok($self->_command("STARTTLS"));
333              
334             # Initiate TLS
335 0 0         unless(defined &IO::Socket::SSL::new) {
336 0           eval { require IO::Socket::SSL };
  0            
337 0 0         if($@) {
338 0           $self->_set_error('cannot find module IO::Socket::SSL', 'skipAd');
339 0           return undef;
340             }
341             }
342              
343 0           IO::Socket::SSL->start_SSL($self->{fh} , %opts);
344             # In-place upgrade of socket
345 0 0         return undef unless ref($self->{fh}) eq 'IO::Socket::SSL';
346              
347             # success, state now is the same as right after connect
348 0           my $cap = $self->_response();
349 0 0         return undef unless $self->ok($cap);
350 0           $self->_decodeCap($cap);
351              
352 0           return $self;
353             }
354              
355             =item encrypted ()
356              
357             Returns C, if the connection is not encrypted, otherwise
358             C.
359              
360             =cut
361              
362             sub encrypted {
363 0     0 1   my $fh = $_[0]->{fh};
364 0   0       return $fh && ref($fh) && $fh->isa('IO::Socket::SSL');
365             }
366              
367              
368             =item get_cipher (), dump_peer_certificate (), peer_certificate ($field)
369              
370             Returns C, if the connection is not encrypted, otherwise
371             the functions directly calls the equally named function
372             of L.
373              
374             =cut
375              
376             sub _encrypted {
377 0     0     my $fh = $_[0]->{fh};
378 0 0         unless($fh) {
379 0           $_[0]->_set_error('no connection opened');
380 0           return undef;
381             }
382 0 0         unless(encrypted($_[0])) {
383 0           $_[0]->_set_error('connection not encrypted');
384 0           return undef;
385             }
386 0           return $fh;
387             }
388              
389             sub get_cipher {
390 0 0   0 1   return undef unless &_encrypted;
391 0           return $_[0]->{fh}->get_cipher();
392             }
393             sub dump_peer_certificate {
394 0 0   0 1   return undef unless &_encrypted;
395 0           return $_[0]->{fh}->dump_peer_certificate();
396             }
397             sub peer_certificate {
398 0 0   0 1   return undef unless &_encrypted;
399 0           shift;
400 0           return $_[0]->{fh}->peer_certificate(@_);
401             }
402              
403             =item auth (USER [, PASSWORD [, AUTHNAME ] ])
404              
405             Authentificates as C.
406              
407             If the module L is available, this module is tried first. In
408             this case, the C parameter may be a C object, that
409             is not furtherly modified. If C is no C object,
410             C is passed as C, C as C and C
411             as C to C<< Authen::SASL->new() >>. If C is
412             undefined, C is passed as C. This way you can
413             authentificate against Cyrus: C.
414              
415             If L is I available or the initialization of it fails,
416             this function attempts to authentificate via the C method.
417              
418             Aliases: C, C.
419              
420             =cut
421              
422             sub _encode_base64 {
423 0     0     my $self = shift;
424              
425 0 0         unless(defined &MIME::Base64::encode_base64) { # Automatically load it
426 0           eval { require MIME::Base64; };
  0            
427 0 0         if($@) {
428 0           $self->_set_error('failed to load MIME::Base64: ' . $@);
429 0           return undef;
430             }
431             }
432              
433 0           my $r = &MIME::Base64::encode_base64;
434 0 0         $r and $r =~ s/[\s\r\n]+$//s;
435 0           return $r;
436             }
437             sub auth {
438 0     0 1   my ($self, $username, $password, $authname) = @_;
439            
440 0 0         if(my $mech = $self->{capabilities}{sasl}) {
441             # If the server does not announce SASL, we try PLAIN anyway
442 0           my $doSASL = 1;
443 0 0         unless(defined &Authen::SASL::new) { # Automatically load it
444 0           eval { require Authen::SASL; };
  0            
445 0 0         if($@) {
446 0           $self->_set_error("failed to load Authen::SASL: $@\nFallback to PLAIN\n");
447 0           $doSASL = undef;
448             }
449             }
450 0 0         if($doSASL) {
451 0           my $sasl;
452 0 0 0       if(ref($username) && UNIVERSAL::isa($username, 'Authen::SASL')) {
453 0           $sasl = $username;
454             # $sasl->mechanism($mech);
455             } else {
456 0 0         unless(length $username) {
457 0           $self->_set_error("need username or Authen::SASL object");
458 0           return undef;
459             }
460 0 0         unless(defined $authname) {
461 0           $authname = $username;
462             }
463             # for unknown reason to pass in a space
464             # separated string leads to the problem
465             # that $client->mechnism returns the same
466             # string, but ought to return the _used_
467             # mechnism only therefore, we use the
468             # first one of the list
469             # 2008-04-25 ska
470 0           $mech =~ s/\s.*//;
471             # $mech = "LOGIN";
472 0           $sasl = Authen::SASL->new(mechanism=> "".$mech, # without "". the behaviour is funny
473             callback => { user => $username,
474             pass => $password,
475             password => $password, # needed it to work properly
476             authname => $authname,
477             }
478             );
479             }
480              
481             # draft-martin-managesieve-08: service := 'sieve'
482 0           my $client = $sasl->client_new('sieve', $self->{host}, 0);
483             # I did understood the documentation that way that
484             # 'undef' means error, this is wrong. client_start() returns
485             # undef for no initial client response.
486 0           my $msg = $client->client_start;
487 0 0         if($client->mechanism) {
488 0 0         if($msg) {
489             return undef
490 0 0         unless defined($msg = $self->_encode_base64($msg,''));
491 0           $msg = ' "' . $msg . '"';
492             } else {
493 0           $msg = ''; # Empty initial request
494             # Force to load MIME::Encode
495 0 0         return undef unless defined $self->_encode_base64('z');
496             }
497             # Initial response
498 0 0         $self->_send_command(
499             'Authenticate "'. $client->mechanism . '"' . $msg)
500             or return undef;
501 0           while($msg = $self->_token()) {
502 0 0         if(ref($msg)) { # end of command received OK|NO
503 0 0         next if $msg->[0] eq "\n"; #CRLF is a token
504 0           $msg = $self->ok([ $msg ]);
505 0           last;
506             }
507             # MIME::Base64 is definitely loaded here
508             $self->_write(
509 0           '"' . $self->_encode_base64(
510             $client->client_step(
511             MIME::Base64::decode_base64($msg)
512             ), ''
513             ) . "\"\r\n"
514             );
515             }
516              
517 0 0         return $msg if $msg;
518 0           $self->_set_error('SASL authentification failed');
519 0           return undef;
520             }
521 0           $self->_set_error("start of SASL failed");
522             # Circumvent SASL problems by falling back to plain PLAIN
523             }
524             }
525              
526 0           my $r = $self->_encode_base64(
527             join("\0", ($username, $username, $password))
528             , '');
529 0 0         return undef unless defined $r;
530 0           return $self->ok($self->_command('Authenticate "PLAIN" "'.$r.'"'));
531             }
532 0     0 0   sub login { goto &auth; }
533 0     0 0   sub authentificate { goto &auth; }
534              
535             =item logout ()
536              
537             Sends the C command to the server and closes the
538             connection to the server.
539              
540             Aliases: C, C.
541              
542             =cut
543              
544             sub logout {
545 0     0 1   my ($self) = @_;
546              
547 0 0         return 1 unless $self->{fh};
548 0           my $rc = $self->_command("LOGOUT");
549 0           $self->close();
550 0           return $self->ok($rc, 'bye');
551             }
552 0     0 0   sub quit { goto &logout; }
553 0     0 0   sub bye { goto &logout; }
554              
555             =item host ()
556              
557             Returns the remote host of the connection.
558              
559             =cut
560              
561             sub host {
562 0     0 1   my ($self) = @_;
563              
564 0           return $self->{host};
565             }
566              
567             =item capabilities ([reget])
568              
569             Returns the capabilities as HASH ref, e.g.:
570              
571             {
572             'starttls' => 1,
573             'sasl' => 'PLAIN LOGIN',
574             'implementation' => 'dovecot',
575             'sieve' => 'fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex'
576             };
577              
578             If the argument C is specified and is boolean C,
579             the capabilities are reaquired from the server using
580             the I command.
581             Note: The initial capabilities may be different from the set
582             acquired later.
583              
584             =cut
585              
586             sub capabilities {
587 0     0 1   my ($self, $reget) = @_;
588              
589 0 0         if($reget) {
590 0 0         my $cap = $self->_command("CAPABILITY") or return undef;
591 0 0         return undef unless $self->ok($cap);
592 0           $self->_decodeCap($cap);
593             }
594 0           return $self->{capabilities};
595             }
596              
597             =item havespace (NAME, SIZE)
598              
599             Return whether or not a script with the specified size (and name)
600             might fit into the space of the user on the server.
601              
602             Due to various reasons, the result of this function is not very
603             reliable, because in the meantime lots of changes may take place
604             on the server.
605              
606             =cut
607              
608             sub havespace {
609 0     0 1   my ($self, $name, $size) = @_;
610              
611 0 0         unless($size =~ /\A\d+\Z/) {
612 0           $self->_set_error("size is not numeric: $size");
613 0           return undef;
614             }
615 0 0         return undef unless $name = $self->_chkName($name);
616 0           return $self->ok($self->_command("HAVESPACE $name $size"));
617             }
618              
619             =item putscript (NAME, SCRIPT)
620              
621             Stores the C