#!/usr/bin/perl
#
# poppassd - poppassd for vpopmail (using vuserinfo and vpasswd)
#
# (c) joakim mared <joakim@mared.com>
#
# 20051006 initial version

use warnings;
use strict;
use locale;

$| = 1;

## settings
my $GET_PASSWD  = '/home/vpopmail/bin/vuserinfo -C';
my $SET_PASSWD  = '/home/vpopmail/bin/vpasswd';

## vars
my $user;
my $current_pass;
my $challenge_pass;
my $new_pass;
my $line;
my $logged_in = 0;

print "200 popassd\r\n";
while($line = <>) {
    $line =~ s/\r?\n$//;

    if ($line =~ /^user\s(.+)/i) {
        $user = shell_escape($1);
        print "200 password please\r\n";
    } elsif ($line =~ /^pass\s(.+)/i) {
        $challenge_pass = shell_escape($1);
        $current_pass = `$GET_PASSWD '$user'`;
        chomp $current_pass;
        $current_pass = shell_escape($current_pass);

        if (!$challenge_pass || $current_pass =~ /^no\ssuch\suser/ || $current_pass ne $challenge_pass) {
            print "500 not ok\r\n";
            exit 0;
        }

        $logged_in = 1;
        print "200 ok\r\n";
    } elsif ($logged_in && $line =~ /^newpass\s(.+)/) {
        $new_pass = shell_escape($1);
        `$SET_PASSWD '$user' '$new_pass'`;

        $logged_in      = 0;
        $user           = '';
        $current_pass   = '';
        $challenge_pass = '';

        print "200 ok\r\n";
    } elsif ($line =~ /^quit/i) {
        exit 0;
    } else {
        print "400 invalid command\r\n";
    }
}

sub shell_escape {
    my $string = shift;
    
    $string =~ s/['\\]//g;

    return $string;
}