ssmtp_gmail_auth.rb

#!/usr/bin/env ruby

# author: Cies Breijs (cies on the kde.nl domain), 2009/jan, with ruby-1.8.7

# a simple authentication script to be used with some like mod_authnz_external
# auths a login/password pair against google's pop3 service

# many organizations use google (gmail) apps lately...
# why organize authentication for people if they can just use their
# google account credentials?

# #   # authentication, done with an external script (authing against gmail)
# #   AddExternalAuth googlepop /srv/ssmtp_gmail_auth/ssmtp_gmail_auth.rb
# #   SetExternalAuthMethod googlepop pipe
# #   <Location />
# #     AuthType Basic
# #     AuthName "Welcome to the authenticated domain"
# #     AuthBasicProvider external
# #     AuthExternal googlepop
# #     Require valid-user
# #   </Location>

# make sure you use SSL on the particular website you are securing
# otherwise your login info if flying plain text over the net

require 'rubygems'
require 'tlsmail'  # install this:  sudo gem install tlsmail 

WHITELIST = [['cies', 'password']]
ACCEPTED_DOMAINS = ["blabla.net", "someotherdomain.co.com"]


# Get the login/password from the stdin
@login = STDIN.readline.strip.downcase
@pass  = STDIN.readline.strip

# proper dieing with a message, from can be :success or :failed
def die(from, msg)
  STDERR.puts "[#{Time.now.to_s}] #{$0} #{(from == :success ? 'SUCCESS':'FAILED')} (#{@login}), #{msg}"
  exit 0 if from == :success  # strange to have 0 for success, but ok
  exit 1
end

die(:success, 'whitelisted') if WHITELIST.include? [@login, @pass]

die(:failed, 'invalid domain') unless /(@#{ACCEPTED_DOMAINS.join('$|@')}$)/ =~ @login

begin
  Net::SMTP.enable_tls(OpenSSL::SSL::VERIFY_NONE)
  if s = Net::SMTP.start('smtp.gmail.com', 587, 'gmail.com', @login, @pass, :login)
    s.finish
    die(:success, 'authenticated against gmail')
  end
rescue  # login errors always throw an exception
  die(:failed, "#{$!.class} -- #{$!.to_str[0..44]}")
end

die(:failed, 'UNDEFINED ERROR, should not happen...')