File Coverage

blib/lib/Net/POP3S.pm

Criterion	Covered	Total	%
statement	15	116	12.9
branch	0	56	0.0
condition	0	38	0.0
subroutine	5	8	62.5
pod	2	3	66.6
total	22	221	9.9

line	stmt	bran	cond	sub	pod	time	code
1							# ====
2							# SSL/STARTTLS extention for Graham Barr's Net::POP3.
3							# plus, enable arbitrary POP auth mechanism selection.
4							# IO::Socket::SSL (also Net::SSLeay openssl),
5							# Authen::SASL, MIME::Base64 should be installed.
6							#
7							package Net::POP3S;
8
9	1			1		38666	use vars qw ( $VERSION @ISA );
	1					3
	1					69
10
11							$VERSION = "0.04";
12
13	1			1		6	use base qw ( Net::POP3 );
	1					2
	1					977
14	1			1		479810	use Net::Cmd; # import CMD_OK, CMD_MORE, ...
	1					8
	1					66
15	1			1		5	use Net::Config;
	1					2
	1					112
16
17							eval {
18							require IO::Socket::INET6
19							and unshift @ISA, 'IO::Socket::INET6';
20							} or do {
21							require IO::Socket::INET
22							and unshift @ISA, 'IO::Socket::INET';
23							};
24
25	1			1		7	use strict;
	1					2
	1					1628
26
27							# Override to support SSL/TLS.
28							sub new {
29	0			0	1		my $self = shift;
30	0		0				my $type = ref($self) \|\| $self;
31	0						my ($host, %arg);
32	0	0					if (@_ % 2) {
33	0						$host = shift;
34	0						%arg = @_;
35							}
36							else {
37	0						%arg = @_;
38	0						$host = delete $arg{Host};
39							}
40	0						my $ssl = delete $arg{doSSL};
41
42	0	0					my $hosts = defined $host ? $host : $NetConfig{pop3_hosts};
43	0						my $obj;
44	0	0					my @localport = exists $arg{ResvPort} ? (LocalPort => $arg{ResvPort}) : ();
45
46							# eliminate IO::Socket::SSL from @ISA for multiple call of new.
47	0						@ISA = grep { !/IO::Socket::SSL/ } @ISA;
	0
48
49	0						my $h;
50	0	0					foreach $h (@{ref($hosts) ? $hosts : [$hosts]}) {
	0
51	0	0	0				$obj = $type->SUPER::new(
		0
52							PeerAddr => ($host = $h),
53							PeerPort => $arg{Port} \|\| 'pop3(110)',
54							Proto => 'tcp',
55							@localport,
56							Timeout => defined $arg{Timeout}
57							? $arg{Timeout}
58							: 120
59							)
60							and last;
61							}
62
63							return undef
64	0	0					unless defined $obj;
65
66	0						${*$obj}{'net_pop3_host'} = $host;
	0
67
68	0						$obj->autoflush(1);
69	0	0					$obj->debug(exists $arg{Debug} ? $arg{Debug} : undef);
70
71							# common in SSL
72	0						my %ssl_args;
73	0	0					if ($ssl) {
74							eval {
75	0						require IO::Socket::SSL;
76	0	0					} or do {
77	0						$obj->set_status(500, ["Need working IO::Socket::SSL"]);
78	0						$obj->close;
79	0						return undef;
80							};
81	0						%ssl_args = map { +"$_" => $arg{$_} } grep {/^SSL/} keys %arg;
	0
	0
82	0	0					$IO::Socket::SSL::DEBUG = (exists $arg{Debug} ? $arg{Debug} : undef);
83							}
84
85							# OverSSL
86	0	0	0				if (defined($ssl) && $ssl =~ /ssl/i) {
87							$obj->ssl_start(\%ssl_args)
88	0	0					or do {
89	0						$obj->set_status(500, ["Cannot start SSL"]);
90	0						$obj->close;
91	0						return undef;
92							};
93							}
94
95	0	0					unless ($obj->response() == CMD_OK) {
96	0						$obj->close();
97	0						return undef;
98							}
99
100	0						${*$obj}{'net_pop3_banner'} = $obj->message;
	0
101
102							# STARTTLS
103	0	0	0				if (defined($ssl) && $ssl =~ /starttls\|stls/i ) {
104	0						my $capa;
105							($capa = $obj->capa
106							and exists $capa->{STLS}
107							and ($obj->command('STLS')->response() == CMD_OK)
108							and $obj->ssl_start(\%ssl_args))
109	0	0	0				or do {
			0
			0
110	0						$obj->set_status(500, ["Cannot start SSL session"]);
111	0						$obj->close();
112	0						return undef;
113							};
114							}
115
116	0						$obj;
117							}
118
119							sub ssl_start {
120	0			0	0		my ($self, $args) = @_;
121	0						my $type = ref($self);
122
123	0	0	0				(unshift @ISA, 'IO::Socket::SSL'
			0
			0
124							and IO::Socket::SSL->start_SSL($self, %$args)
125							and $self->isa('IO::Socket::SSL')
126							and bless $self, $type # re-bless 'cause IO::Socket::SSL blesses himself.
127							) or return undef;
128							}
129
130							# Override to specify a certain auth mechanism.
131							sub auth {
132	0			0	1		my ($self, $username, $password, $mechs) = @_;
133
134	0	0					eval {
135	0						require MIME::Base64;
136	0						require Authen::SASL;
137							} or $self->set_status(500, ["Need MIME::Base64 and Authen::SASL todo auth"]), return 0;
138
139	0						my $mechanisms = undef;
140	0	0					if ($mechs) {
141	0						$mechanisms = $mechs;
142							} else {
143	0						my $capa = $self->capa;
144	0		0				$mechanisms = $capa->{SASL} \|\| 'CRAM-MD5';
145							}
146
147	0						my $sasl;
148
149	0	0	0				if (ref($username) and UNIVERSAL::isa($username, 'Authen::SASL')) {
150	0						$sasl = $username;
151	0		0				my $user_mech = $sasl->mechanism \|\| '';
152	0						my @user_mech = split(/\s+/, $user_mech);
153	0						my %user_mech;
154	0						@user_mech{@user_mech} = ();
155
156	0						my @server_mech = split(/\s+/, $mechanisms);
157	0						my @mech = @user_mech
158	0	0					? grep { exists $user_mech{$_} } @server_mech
159							: @server_mech;
160	0	0					unless (@mech) {
161	0						$self->set_status(
162							500,
163							[ 'Client SASL mechanisms (',
164							join(', ', @user_mech),
165							') do not match the SASL mechnism the server announces (',
166							join(', ', @server_mech), ')',
167							]
168							);
169	0						return 0;
170							}
171
172	0						$sasl->mechanism(join(" ", @mech));
173
174	0						$sasl->mechanism($mechanisms);
175							}
176							else {
177	0	0					die "auth(username, password)" if not length $username;
178	0						$sasl = Authen::SASL->new(
179							mechanism => $mechanisms,
180							callback => {
181							user => $username,
182							pass => $password,
183							authname => $username,
184							}
185							);
186							}
187
188							# We should probably allow the user to pass the host, but I don't
189							# currently know and SASL mechanisms that are used by smtp that need it
190	0						my ($hostname) = split /:/, ${*$self}{'net_pop3_host'}; # /
	0
191	0						my $client = eval { $sasl->client_new('pop', $hostname, 0) };
	0
192
193	0	0					unless ($client) {
194	0						my $mech = $sasl->mechanism;
195	0						$self->set_status(
196							500,
197							[ " Authen::SASL failure: $@",
198							'(please check if your local Authen::SASL installation',
199							"supports mechanism '$mech'"
200							]
201							);
202	0						return 0;
203							}
204
205							my ($token) = $client->client_start
206	0	0					or do {
207	0						my $mech = $client->mechanism;
208	0						$self->set_status(
209							500,
210							[ ' Authen::SASL failure: $client->client_start ',
211							"mechanism '$mech' hostname #$hostname#",
212							$client->error
213							]
214							);
215	0						return 0;
216							};
217
218							# We dont support sasl mechanisms that encrypt the socket traffic.
219							# todo that we would really need to change the ISA hierarchy
220							# so we dont inherit from IO::Socket, but instead hold it in an attribute
221
222	0						my @cmd = ("AUTH", $client->mechanism);
223	0						my $code;
224
225	0	0	0				push @cmd, MIME::Base64::encode_base64($token, '')
226							if defined $token and length $token;
227
228	0						while (($code = $self->command(@cmd)->response()) == CMD_MORE) {
229
230	0	0					my ($token) = $client->client_step(MIME::Base64::decode_base64(($self->message)[0])) or do {
231	0						$self->set_status(
232							500,
233							[ ' Authen::SASL failure: $client->client_step ',
234							"mechanism '", $client->mechanism, " hostname #$hostname#, ",
235							$client->error
236							]
237							);
238	0						return 0;
239							};
240
241	0	0					@cmd = (MIME::Base64::encode_base64(defined $token ? $token : '', ''));
242							}
243
244	0						$code == CMD_OK;
245
246							}
247
248							1;
249
250							__END__