AUTH via Perl routines.
Ing. Felipe Zipitria - INCO
fzipi at fing.edu.uy
Tue Dec 26 22:05:05 UTC 2000
Hello. I'm sending you what I think could be a bug.
Software: INN-2.3.0
Compiled with: "/configure --prefix=/opt/innd/actual \
--exec-prefix=/opt/inn/actual \
--with-db-dir=/news/db \
--with-spool-dir=/news/spool \
--with-perl --with-syslog-facility=LOG_NEWS \
--with-berkeleydb=/opt/db/actual \
--with-openssl=/opt/openssl/actual \
--with-sendmail=/usr/lib/sendmail \
--with-tmp-path=/news/tmp"
Operating System & Hardware:
Solaris 7/Ultra Enterprise 250
I've been trying to get perl auth working, and I suceeded doing it with
my own simple program (which checks users and groups with a file).
Well, I've read carefully the perl documentation, and, as I mentioned
before, authentication is working good.
The problem arises when I tried to post articles after authentication.
First of all, if I don't allow users to read&post when they are
connecting at first time (response from the server is AUTHNEEDED). But
in Netscape I couldn't post after I'm authenticated (button for posting
to groups is "shadowed"), and with Pine postings seems also not to work.
I corrected this strange behaviour by always sending read/post = 1/1.
After I send AUTHINFO, with user & pass, if I send a POST command, the
'nnrpd' daemon dies.
I made some debugging with 'gdb' and this is what I found:
...
(gdb) break misc.c:649
(gdb) p *PERMaccessconf
(Case PERL AUTH working...)
$1 = {name = 0x1f1938 "", key = 0x1a6e0c "3e", read = 0x1a6e10 "3e",
post = 0x0, users = 0x1 <Address 0x1 out of bounds>, allownewnews = 1,
locpost = 0, used = 0, localtime = 0, strippath = 0, nnrpdperlfilter =
1, nnrpdpythonfilter = 1, fromhost = 0x2191a0 "lulu.fing.edu.uy",
pathhost = 0x219188 "lulu.fing.edu.uy",
organization = 0x2191e8 "Facultad de Ingenieria.", moderatormailer =
0x9c200000 <Address 0x9c200000 out of bounds>, domain = 0x201dfc
"fing.edu.uy", complaints = 0x12f0098 <Address 0x12f0098 out of bounds>,
spoolfirst = 0, checkincludedtext = 0, clienttimeout = 600,
localmaxartsize = 1000000, readertrack = 1, strippostcc = 0,
addnntppostinghost = 1, addnntppostingdate = 1, nnrpdposthost = 0x0,
nnrpdpostport = 119, nnrpdoverstats = 0,
backoff_auth = 0, backoff_db = 0xde000000 <Address 0xde000000 out of
bounds>, backoff_k = 1, backoff_postfast = 0, backoff_postslow = 1,
backoff_trigger = 10000, nnrpdcheckart = 1, nnrpdauthsender = 0,
virtualhost = 0, newsmaster = 0x0}
(Case normal readers.conf & nnrpdperlauth set to false)
$1 = {name = 0x19ea70 "local", key = 0x0, read = 0x1c1a78
"*,!control*,!junk*", post = 0x1c1a90 "*,!control*,!junk*", users = 0x0,
allownewnews = 1, locpost = 0, used = 1, localtime = 0, strippath = 0,
nnrpdperlfilter = 1, nnrpdpythonfilter = 1, fromhost = 0x1c1a18
"lulu.fing.edu.uy", pathhost = 0x1c1a30 "lulu.fing.edu.uy",
organization = 0x1c1a48 "Facultad de Ingenieria.", moderatormailer =
0x0, domain = 0x1a5c58 "fing.edu.uy",
complaints = 0x0, spoolfirst = 0, checkincludedtext = 0, clienttimeout =
600, localmaxartsize = 1000000, readertrack = 1, strippostcc = 0,
addnntppostinghost = 1, addnntppostingdate = 1, nnrpdposthost = 0x0,
nnrpdpostport = 119, nnrpdoverstats = 0, backoff_auth = 0, backoff_db =
0x0, backoff_k = 1, backoff_postfast = 0, backoff_postslow = 1,
backoff_trigger = 10000, nnrpdcheckart = 1, nnrpdauthsender = 0,
virtualhost = 0, newsmaster = 0x0}
so, when in (misc.c:649)
648 /* Need this database for backing off */
649 (void)strncpy(postrec_dir,PERMaccessconf->backoff_db,SMBUF);
PERMaccessconf->backoff_db == <Hell out of bounds>
...there dies with SIGSEGV (segmentation fault).
I really hadn't time to mess with the code.
Thanks for all your excelent work.
Felipe Zipitria
System Administration Group
Faculty of Engineering
University of the Republic
---- BEGIN PERL CODE --------
#
# $Id: nnrpd_auth.pl.in,v 1.2 1999/01/05 22:30:22 kondou Exp $
#
# Sample authentication code for nnrpd hook.
#
# Modifications by Felipe Zipitria for FING
#
# This file is loaded when nnrpd starts up. If it defines a sub named
# `authenticate', then that function will be called during processing of
a
# connect, auth request or disconnect. Attributes about the connection
are
# passed to the program in the %attributes global variable. It should
return
# an array with 4 elements:
#
# 1) NNTP response code. Should be one of the codes from %connectcodes
or %authcodes
# 2) Reading Allowed. Should be a boolean value.
# 3) Posting Allowed. Should be a boolean value.
# 4) Wildmat expression that says what groups to provide access to.
# 5) MAx Bandwidth
#
# All four (five!) of these are required. If there is a problem with
them then nnrpd
# will die and syslog the exact reason.
#
# Sample Auth program
#
use vars qw(@readerconfig);
use User::pwent qw(:FIELDS);
$authfile = "/opt/innd/actual/etc/db/groups.access";
$defaultgroups = "*,!control*,!junk*,!fing*,fing.general";
require "/opt/innd/actual/lib/innshellvars.pl";
my (%connectcodes) = ("read/post" => 200, "read" => 201, "authneeded" =>
480, "permdenied" => 502);
my (%authcodes) = ("allowed" => 281, "denied" => 502);
my (%groups) = ();
my (@DENY) = ($authcodes{'denied'}, undef, undef, undef, undef);
sub loadnnrp {
my($file) = shift(@_);
my($group, $perm, $newsgroups);
open(F, $file);
while (<F>) {
chomp;
s/\#.*//g;
($name, $perm, $group, $newsgroups) = split(/:/);
$groups{$group} = "$perm:$newsgroups";
}
close(F);
}
# This is called by nnrpd when it first starts up.
sub auth_init {
&loadnnrp($authfile);
}
# This is called when a user connects or authenticates
sub authenticate {
my $key;
foreach $key (keys %attributes) {
}
if ($attributes{type} eq "connect") {
my (@results) = checkhost();
return @results;
} elsif ($attributes{type} eq "authenticate") {
my (@res) = checkuser();
return @res;
}
sub checkuser {
my $user = $attributes{'username'};
my $pass = $attributes{'password'};
if (!defined(getpwnam($user))) {
return @DENY;
}
my ($salt) = substr($pw_passwd, 0, 2);
if (crypt($pass, $salt) ne $pw_passwd) {
return @DENY;
}
($news_post, $subscription) = split(/:/,$groups{$pw_gid});
$news_post = ($news_post eq 'p') ? 1 : 0;
if (!defined($subscription)) {
$subscription = $defaultgroups;
}
return ($authcodes{'allowed'}, 1, "$news_post" , "$subscription",
undef);
}
sub checkhost {
return ($connectcodes{'authneeded'}, 1, 1, undef, undef);
}
----- END PERL HACK -------
More information about the inn-bugs
mailing list