INN commit: branches/2.5 (7 files)

Mon Feb 8 21:06:43 UTC 2010

Date: Monday, February 8, 2010 @ 13:06:43
  Author: iulius
Revision: 8968

Use Perl and Python filters on message-ID when articles
are given to innd via TAKETHIS.  The new RFC-3977 structure
of the TAKETHIS command easily allows such a check.

Modified:
  branches/2.5/doc/pod/hook-perl.pod
  branches/2.5/doc/pod/hook-python.pod
  branches/2.5/doc/pod/news.pod
  branches/2.5/innd/nc.c
  branches/2.5/innd/perl.c
  branches/2.5/innd/python.c
  branches/2.5/samples/filter_innd.py

-------------------------+
 doc/pod/hook-perl.pod   |   37 ++++++++++++++++---------------------
 doc/pod/hook-python.pod |    6 ++----
 doc/pod/news.pod        |    6 ++++++
 innd/nc.c               |   26 ++++++++++++++++++++++++--
 innd/perl.c             |    3 ++-
 innd/python.c           |    3 ++-
 samples/filter_innd.py  |   12 +++++-------
 7 files changed, 57 insertions(+), 36 deletions(-)

Modified: doc/pod/hook-perl.pod
===================================================================

--- doc/pod/hook-perl.pod	2010-02-08 21:06:11 UTC (rev 8967)
+++ doc/pod/hook-perl.pod	2010-02-08 21:06:43 UTC (rev 8968)
@@ -150,28 +150,23 @@
 by the Perl filter and include a count of how many articles were rejected
 with each reason string.)
 
-One other type of filtering is also supported.  If Perl filtering is
-turned on and the Perl function filter_messageid() is defined, that
-function will be called for each message ID received from a peer (via
-either CHECK or IHAVE).  The function receives a single argument, the
-message ID, and like filter_art() should return an empty string to accept
-the article or an error string to refuse the article (make sure that
-such a message is properly encoded in UTF-8 so as to comply with the
-NNTP protocol).  This function is called before any history lookups and
-for every article offered to innd with CHECK or IHAVE (before the actual
-article is sent).  Accordingly, the message ID is the only information
-it has about the article (the %hdr hash will be empty).  This code would
-sit in a performance-critical hot path in a typical server, and therefore
-should be as fast as possible, but it can do things like refuse articles
-from certain hosts or cancels for already rejected articles (if they
-follow the $alz convention) without having to take the network bandwidth
-hit of accepting the entire article first.
+One other type of filtering is also supported.  If Perl filtering is turned
+on and the Perl function filter_messageid() is defined, that function will
+be called for each message-ID received from a peer (via either CHECK, IHAVE
+or TAKETHIS).  The function receives a single argument, the message-ID,
+and like filter_art() should return an empty string to accept the article
+or an error string to refuse the article (make sure that such a message
+is properly encoded in UTF-8 so as to comply with the NNTP protocol).
+This function is called before any history lookups and for every article
+offered to B<innd> with CHECK or IHAVE (before the actual article is sent),
+or with TAKETHIS (after the actual article is sent).  Accordingly, the
+message-ID is the only information it has about the article (the %hdr hash
+will be empty).  This code would sit in a performance-critical hot path in
+a typical server, and therefore should be as fast as possible, but it can
+do things like refuse articles from certain hosts or cancels for already
+rejected articles (if they follow the $alz convention) without having to
+take the network bandwidth hit of accepting the entire article first.
 
-Note that you cannot rely on filter_messageid() being called for every
-incoming article; articles sent via TAKETHIS without an earlier CHECK will
-never pass through filter_messageid() and will only go through
-filter_art().
-
 Finally, whenever ctlinnd throttle, ctlinnd pause, or ctlinnd go is run,
 the Perl function filter_mode() is called if it exists.  It receives no
 arguments and returns no value, but it has access to a global hash %mode

Modified: doc/pod/hook-python.pod
===================================================================
--- doc/pod/hook-python.pod	2010-02-08 21:06:11 UTC (rev 8967)
+++ doc/pod/hook-python.pod	2010-02-08 21:06:43 UTC (rev 8968)
@@ -126,11 +126,9 @@
 =item filter_messageid(I<self>, I<msgid>)
 
 I<msgid> is a buffer object containing the ID of an article being offered by
-IHAVE or CHECK.  Like with C<filter_art>, the message will be refused if
+CHECK, IHAVE or TAKETHIS.  Like with C<filter_art>, the message will be refused if
 you return a non-empty string.  If you use this feature, keep it light
-because it is called at a rather busy place in B<innd>'s main loop.  Also, do
-not rely on this function alone to reject by ID; you should repeat the
-tests in C<filter_art> to catch articles sent with TAKETHIS but no CHECK.
+because it is called at a rather busy place in B<innd>'s main loop.
 
 =item filter_mode(I<self>, I<oldmode>, I<newmode>, I<reason>)
 

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2010-02-08 21:06:11 UTC (rev 8967)
+++ doc/pod/news.pod	2010-02-08 21:06:43 UTC (rev 8968)
@@ -64,6 +64,12 @@
 
 =item *
 
+The Perl and Python filters for B<innd> now check the message-ID of articles
+arriving through TAKETHIS.  Only CHECK and IHAVE commands previously
+used them.
+
+=item *
+
 Case-insensitive matches are now used for distributions, path identities,
 IMAP commands, header names, and control commands.  (Newsgroups are still
 matched case-sensitively.)  Message-IDs are case-sensitively matched,

Modified: innd/nc.c
===================================================================
--- innd/nc.c	2010-02-08 21:06:11 UTC (rev 8967)
+++ innd/nc.c	2010-02-08 21:06:43 UTC (rev 8968)
@@ -1850,8 +1850,11 @@
     static char empty[] = "";
     int     returncode; /* Will *not* be changed in NCpostit()
                            if it does *not* start with '2'. */
-    size_t  msglen;
+    size_t  idlen, msglen;
     WIP     *wp;
+#if defined(DO_PERL) || defined(DO_PYTHON)
+    char    *filterrc;
+#endif /* DO_PERL || DO_PYTHON */
 
     cp->Takethis++;
     cp->Start = cp->Next;
@@ -1866,10 +1869,30 @@
         mid = cp->av[1];
         returncode = NNTP_OK_TAKETHIS; /* Default code. */
     }
+
+    idlen = strlen(mid);
+    msglen = idlen + 5; /* 3 digits + space + id + null. */
+
     if (!IsValidMessageID(mid, false)) {
         syslog(L_NOTICE, "%s bad_messageid %s", CHANname(cp),
                MaxLength(mid, mid));
         returncode = NNTP_FAIL_TAKETHIS_REJECT;
+    } else {
+#if defined(DO_PERL)
+        /* Invoke a Perl message filter on the message-ID. */
+        filterrc = PLmidfilter(mid);
+        if (filterrc) {
+            returncode = NNTP_FAIL_TAKETHIS_REJECT;
+        }
+#endif /* defined(DO_PERL) */
+
+#if defined(DO_PYTHON)
+        /* Invoke a Python message filter on the message-ID. */
+        filterrc = PYmidfilter(mid, idlen);
+        if (filterrc) {
+            returncode = NNTP_FAIL_TAKETHIS_REJECT;
+        }
+#endif /* defined(DO_PYTHON) */
     }
 
     /* Check authentication after everything else. */
@@ -1878,7 +1901,6 @@
             NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS;
     }
 
-    msglen = strlen(mid) + 5; /* 3 digits + space + id + null. */
     if (cp->Sendid.size < msglen) {
         if (cp->Sendid.size > 0)
             free(cp->Sendid.data);

Modified: innd/perl.c
===================================================================
--- innd/perl.c	2010-02-08 21:06:11 UTC (rev 8967)
+++ innd/perl.c	2010-02-08 21:06:43 UTC (rev 8968)
@@ -132,7 +132,8 @@
 
 
 /*
-**  Run an incoming message ID from CHECK or IHAVE through the Perl filter.
+**  Run an incoming message-ID from CHECK, IHAVE or TAKETHIS through
+**  the Perl filter.
 **  Returns NULL to accept the article or a rejection message to reject it.
 */
 char *

Modified: innd/python.c
===================================================================
--- innd/python.c	2010-02-08 21:06:11 UTC (rev 8967)
+++ innd/python.c	2010-02-08 21:06:43 UTC (rev 8968)
@@ -154,7 +154,8 @@
 
 
 /*
-**  Refuse Message-IDs offered through CHECK or IHAVE that we don't like.
+**  Refuse message-IDs offered through CHECK, IHAVE or TAKETHIS that
+**  we don't like.
 */
 char *
 PYmidfilter(char *messageID, int msglen)

Modified: samples/filter_innd.py
===================================================================
--- samples/filter_innd.py	2010-02-08 21:06:11 UTC (rev 8967)
+++ samples/filter_innd.py	2010-02-08 21:06:43 UTC (rev 8968)
@@ -146,15 +146,13 @@
     def filter_messageid(self, msgid):
         """Filter articles just by their Message-IDs.
 
-        This method interacts with the IHAVE and CHECK NNTP commands.
+        This method interacts with the CHECK, IHAVE and TAKETHIS
+        NNTP commands.
         If you return a non-empty string here, the offered article
         will be refused before you ever have to waste any bandwidth
-        looking at it (make sure that such a message is properly
-        encoded in UTF-8 so as to comply with the NNTP protocol).
-        This is not foolproof, so you should do your ID checks both
-        here and in filter_art.  (TAKETHIS does not offer the ID
-        for examination, and a TAKETHIS isn't always preceded
-        by a CHECK.)
+        looking at it (unless TAKETHIS is used before an earlier CHECK).
+        Make sure that such a message is properly encoded in UTF-8
+        so as to comply with the NNTP protocol.
         """
         return ""               # Deactivate the samples.
 


