INN commit: trunk (nnrpd/misc.c scripts/innreport_inn.pm)

Sat Sep 20 19:10:34 UTC 2008

Date: Saturday, September 20, 2008 @ 12:10:34
  Author: iulius
Revision: 8040

* STARTTLS is not allowed (502) after AUTHINFO.
* STARTTLS resets the current newsgroup and article number.

Modified:
  trunk/nnrpd/misc.c
  trunk/scripts/innreport_inn.pm

--------------------------+
 nnrpd/misc.c             |   27 +++++++++++++++++++++++++--
 scripts/innreport_inn.pm |    4 ++--
 2 files changed, 27 insertions(+), 4 deletions(-)

Modified: nnrpd/misc.c
===================================================================

--- nnrpd/misc.c	2008-09-20 19:09:35 UTC (rev 8039)
+++ nnrpd/misc.c	2008-09-20 19:10:34 UTC (rev 8040)
@@ -15,6 +15,9 @@
 #include "nnrpd.h"
 #include "tls.h"
 
+/* Outside the ifdef so that make depend works even ifndef HAVE_SSL. */
+#include "inn/ov.h"
+
 #ifdef HAVE_SSL
 extern SSL *tls_conn;
 extern int tls_cipher_usebits;
@@ -512,13 +515,19 @@
 CMDstarttls(int ac UNUSED, char *av[] UNUSED)
 {
     int result;
+    bool boolval;
 
     if (nnrpd_starttls_done == 1) {
-        Reply("%d Already using an active TLS layer\r\n",
-              NNTP_ERR_ACCESS);
+        Reply("%d Already using an active TLS layer\r\n", NNTP_ERR_ACCESS);
         return;
     }
 
+    /* If the client is already authenticated, STARTTLS is not possible. */
+    if (PERMauthorized && !PERMneedauth && !PERMcanauthenticate) {
+        Reply("%d Already authenticated\r\n", NNTP_ERR_ACCESS);
+        return;
+    }
+
     result = tls_init();
 
     if (result == -1) {
@@ -553,5 +562,19 @@
 #endif /* HAVE_SASL */
 
     nnrpd_starttls_done = 1;
+
+    /* Close out any existing article, report group stats.
+     * RFC 4642 requires the reset of any knowledge about the client. */
+    if (GRPcur) {
+        ARTclose();
+        GRPreport();
+        OVctl(OVCACHEFREE, &boolval);
+        free(GRPcur);
+        GRPcur = NULL;
+        if (ARTcount)
+            syslog(L_NOTICE, "%s exit for STARTTLS articles %ld groups %ld",
+                   Client.host, ARTcount, GRPcount);
+        GRPcount = 0;
+    }
 }
 #endif /* HAVE_SSL */

Modified: scripts/innreport_inn.pm
===================================================================
--- scripts/innreport_inn.pm	2008-09-20 19:09:35 UTC (rev 8039)
+++ scripts/innreport_inn.pm	2008-09-20 19:10:34 UTC (rev 8040)
@@ -1622,8 +1622,8 @@
       $nnrpd_unrecogn_cmd{$error}++;
       return 1;
     }
-    # exit
-    if ($left =~ /(\S+) exit articles (\d+) groups (\d+)$/o) {
+    # exit (also called when using STARTTLS)
+    if ($left =~ /(\S+) (?:exit|exit for STARTTLS) articles (\d+) groups (\d+)$/o) {
       my ($cust, $articles, $groups) = ($1, $2, $3);
       $cust = lc $cust unless $CASE_SENSITIVE;
       my $dom = &host2dom($cust);

