/etc/news/filter/nnrpd_auth.pl is in inn2 2.5.2+20110413-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | #! /usr/bin/perl -w
use lib '/usr/share/perl5'; use INN::Config;
##
## Sample code for the nnrpd Perl authentication hooks.
##
## This file is loaded when a perl_auth: parameter is reached in
## readers.conf. If it defines a sub named authenticate, that
## function will be called during processing of a perl_auth:
## parameter. Attributes about the connection are passed to the
## program in the %attributes global variable. It should return an
## array with two elements:
##
## 1) NNTP response code. Should be one of the codes from %authcodes
## below to not risk violating the protocol.
## 2) An error string to be passed to the client (make sure that
## such a message is properly encoded in UTF-8 so as to comply with the
## NNTP protocol).
## Both elements are required. If there is a problem, nnrpd will die
## and syslog the exact error.
## The code below uses a user database based on CDB_File. It is
## provided here as an example of an authentication script.
## This file cannot be run as a standalone script, although it would be
## worthwhile to add some code so that it could so that one could test the
## results of various authentication and connection queries from the
## command line. The #! line at the top is just so that fixscript will
## work.
use strict;
use vars qw(%attributes %authcodes %users);
# These codes are a widely implemented de facto standard.
%authcodes = ('allowed' => 281, 'denied' => 481, 'error' => 403);
# This sub should perform any initialization work that the
# authentication stuff needs.
sub auth_init {
require CDB_File;
tie (%users, 'CDB_File', $INN::Config::pathdb . '/users.cdb')
or warn "Could not open $INN::Config::pathdb/users.cdb for users: $!\n";
}
# This function is called for authentication requests. For details on
# all the information passed to it, see ~news/doc/hook-perl.
sub authenticate {
return &checkuser();
}
# This function assumes that there's a database tied as %users that
# contains, keyed by users, a tab-separated list of the password (in
# crypt format), whether they can post, a wildmat matching what
# newsgroups they have access to, and the number of bytes per second
# they're allowed to use. This section of the code only accesses the
# username and password fields. See the file nnrpd_access.pl for
# access rights based on the other fields.
sub checkuser {
my $user = $attributes{'username'};
my $pass = $attributes{'password'};
return ($authcodes{denied}, "No username given.")
unless defined $users{$user};
my ($password, $post, $speed, $subscription) = split(/\t/, $users{$user});
return ($authcodes{denied}, "Incorrect password.")
if (crypt($pass, $password) ne $password);
return ($authcodes{allowed}, "");
}
|