INN commit: trunk/nnrpd (commands.c nnrpd.c nnrpd.h perl.c perm.c)
INN Commit
Russ_Allbery at isc.org
Sun Aug 31 09:55:51 UTC 2008
Date: Sunday, August 31, 2008 @ 02:55:50
Author: iulius
Revision: 7988
Return the "right" 200/201 code for the greeting. Well, we do our
best to find out whether posting will be allowed.
PERMcanpostgreeting is a new global variable (different from
PERMcanpost, which is for the current state).
200 if (the user can post right now) or (the user can authenticate
and there is an access group which provides posting facilities).
There is an access group which provides posting facilities
when (in an auth group, there is an access or dynamic Perl/Python
script) or (a newsgroups:/post: key is in an access group).
This check is too wide but at least we will return 201 only if
the user will never be able to post.
Modified:
trunk/nnrpd/commands.c
trunk/nnrpd/nnrpd.c
trunk/nnrpd/nnrpd.h
trunk/nnrpd/perl.c
trunk/nnrpd/perm.c
------------+
commands.c | 7 ++++---
nnrpd.c | 14 ++++++++------
nnrpd.h | 1 +
perl.c | 3 ++-
perm.c | 20 +++++++++++++++-----
5 files changed, 30 insertions(+), 15 deletions(-)
Modified: commands.c
===================================================================
--- commands.c 2008-08-31 07:08:07 UTC (rev 7987)
+++ commands.c 2008-08-31 09:55:50 UTC (rev 7988)
@@ -293,10 +293,11 @@
{
if (strcasecmp(av[1], "READER") == 0)
if (PERMcanauthenticate) {
- Reply("%d %s InterNetNews NNRP server %s ready (%s).\r\n",
- PERMcanpost ? NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST,
+ Reply("%d %s InterNetNews NNRP server %s ready (%s)\r\n",
+ (PERMcanpost || PERMcanpostgreeting) ?
+ NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST,
PERMaccessconf->pathhost, INN_VERSION_STRING,
- PERMcanpost ? "posting ok" : "no posting");
+ (!PERMneedauth && PERMcanpost) ? "posting ok" : "no posting");
} else {
/* AUTHINFO has already been successfully used. */
Reply("%d Permission denied\r\n", NNTP_ERR_ACCESS);
Modified: nnrpd.c
===================================================================
--- nnrpd.c 2008-08-31 07:08:07 UTC (rev 7987)
+++ nnrpd.c 2008-08-31 09:55:50 UTC (rev 7988)
@@ -1055,16 +1055,18 @@
#endif /* HAVE_SASL */
if (PERMaccessconf) {
- Reply("%d %s InterNetNews NNRP server %s ready (%s).\r\n",
- PERMcanpost ? NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST,
+ Reply("%d %s InterNetNews NNRP server %s ready (%s)\r\n",
+ (PERMcanpost || (PERMcanauthenticate && PERMcanpostgreeting)) ?
+ NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST,
PERMaccessconf->pathhost, INN_VERSION_STRING,
- PERMcanpost ? "posting ok" : "no posting");
+ (!PERMneedauth && PERMcanpost) ? "posting ok" : "no posting");
clienttimeout = PERMaccessconf->clienttimeout;
} else {
- Reply("%d %s InterNetNews NNRP server %s ready (%s).\r\n",
- PERMcanpost ? NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST,
+ Reply("%d %s InterNetNews NNRP server %s ready (%s)\r\n",
+ (PERMcanpost || (PERMcanauthenticate && PERMcanpostgreeting)) ?
+ NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST,
innconf->pathhost, INN_VERSION_STRING,
- PERMcanpost ? "posting ok" : "no posting");
+ (!PERMneedauth && PERMcanpost) ? "posting ok" : "no posting");
clienttimeout = innconf->clienttimeout;
}
Modified: nnrpd.h
===================================================================
--- nnrpd.h 2008-08-31 07:08:07 UTC (rev 7987)
+++ nnrpd.h 2008-08-31 09:55:50 UTC (rev 7988)
@@ -152,6 +152,7 @@
EXTERN bool PERMauthorized;
EXTERN bool PERMcanauthenticate;
EXTERN bool PERMcanpost;
+EXTERN bool PERMcanpostgreeting;
EXTERN bool PERMcanread;
EXTERN bool PERMneedauth;
EXTERN bool PERMspecified;
Modified: perl.c
===================================================================
--- perl.c 2008-08-31 07:08:07 UTC (rev 7987)
+++ perl.c 2008-08-31 09:55:50 UTC (rev 7988)
@@ -383,7 +383,8 @@
code = POPi;
if ((code == NNTP_OK_BANNER_POST) || (code == NNTP_OK_BANNER_NOPOST))
- code = PERMcanpost ? NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST;
+ code = (PERMcanpost || (PERMcanauthenticate && PERMcanpostgreeting)) ?
+ NNTP_OK_BANNER_POST : NNTP_OK_BANNER_NOPOST;
if (code == NNTP_FAIL_AUTH_NEEDED)
PERMneedauth = true;
Modified: perm.c
===================================================================
--- perm.c 2008-08-31 07:08:07 UTC (rev 7987)
+++ perm.c 2008-08-31 09:55:50 UTC (rev 7988)
@@ -1382,6 +1382,7 @@
success_auth = NULL;
PERMcanauthenticate = false;
+ PERMcanpostgreeting = false;
PERMcanread = PERMcanpost = false;
PERMreadlist = PERMpostlist = false;
PERMaccessconf = NULL;
@@ -1406,9 +1407,16 @@
}
/* auth_realms are all expected to match the user. */
- for (i = 0; auth_realms[i]; i++)
- if (auth_realms[i]->auth_methods)
+ for (i = 0; auth_realms[i]; i++) {
+ if (auth_realms[i]->auth_methods != NULL)
PERMcanauthenticate = true;
+ /* We assume that an access or dynamic script will allow
+ * the user to post when authenticated, so that a 200 greeting
+ * code can be sent. */
+ if (auth_realms[i]->access_script != NULL
+ || auth_realms[i]->dynamic_script != NULL)
+ PERMcanpostgreeting = true;
+ }
uname = 0;
while (!uname && i--) {
if ((uname = ResolveUser(auth_realms[i])) != NULL)
@@ -1438,16 +1446,18 @@
} else {
PERMneedauth = true;
}
- /* check maximum allowed permissions for any host that matches (for
- * the greeting string) */
+ /* Check maximum allowed permissions for any host that matches (for
+ * the greeting string). */
for (i = 0; access_realms[i]; i++) {
if (!PERMcanread)
PERMcanread = (access_realms[i]->read != NULL);
if (!PERMcanpost)
PERMcanpost = (access_realms[i]->post != NULL);
+ if (!PERMcanpostgreeting)
+ PERMcanpostgreeting = (access_realms[i]->post != NULL);
}
if (!i) {
- /* no applicable access groups. Zeroing all these makes INN
+ /* No applicable access groups. Zeroing all these makes INN
* return permission denied to client. */
PERMcanread = PERMcanpost = PERMneedauth = false;
}
More information about the inn-committers
mailing list