Today I wrote a small script to allow mrbs [1] to authenticate with the sympa[2] database. mrbs has a nice feature to use an external command to do authentication. This is a simple script that query the sympa db.
#! /usr/bin/perl
use lib '/usr/lib/sympa/bin';
use wwslib;
unless (require Crypt::CipherSaber) {
die "Crypt::CipherSaber not installed ; cannot crypt passwords";
}
require 'tools.pl';
use List;
## Load sympa config
&Conf::load('/etc/sympa/sympa.conf') || die 'config_error';
chdir $Conf::Conf{'home'};
($email,$password) = ($ARGV[0],$ARGV[1]);
&List::db_connect() || die "Can't connect to database";
my $dbh = &List::db_get_handler();
my $sql = "SELECT password_user FROM user_table WHERE email_user = '$email'";
my $sth = $dbh->prepare($sql) || die "Can't prepare SQL statement";
$sth->execute || die "Unable to execute SQL statement";
my $user = $sth->fetchrow_hashref;
$sth->finish();
&List::db_disconnect();
my $dbpass = &tools::decrypt_password($user->{'password_user'});
if ($dbpass eq $password) {
print "auth succeeded\n";
exit;
} else {
print "auth failed\n";
exit(1);
}
and this is the snippet to add in the mrbs config file. Of course is necessary to configure sudo.
# 'auth_ext' configuration settings
$auth["prog"] = "sudo -u sympa /usr/local/bin/sympa_pass.pl";
$auth["params"] = "#USERNAME# #PASSWORD#";
Working on this small script I discovered that sympa doesn’t really encrypt passwords, but use this ciphersaber perl library to do a strange base64 encoding of the password. For me this is particularly brain-dead as it add nothing to security and make the tool less interoperable.
If you want to decrypt all sympa password in db db, you just need to use the function below:
&tools::decrypt_password($user->{'password_user'});
[1] http://mrbs.sourceforge.net/ [2] http://www.sympa.org/