INN commit: branches/2.5 (7 files)
INN Commit
rra at isc.org
Mon Feb 8 21:06:43 UTC 2010
Date: Monday, February 8, 2010 @ 13:06:43
Author: iulius
Revision: 8968
Use Perl and Python filters on message-ID when articles
are given to innd via TAKETHIS. The new RFC-3977 structure
of the TAKETHIS command easily allows such a check.
Modified:
branches/2.5/doc/pod/hook-perl.pod
branches/2.5/doc/pod/hook-python.pod
branches/2.5/doc/pod/news.pod
branches/2.5/innd/nc.c
branches/2.5/innd/perl.c
branches/2.5/innd/python.c
branches/2.5/samples/filter_innd.py
-------------------------+
doc/pod/hook-perl.pod | 37 ++++++++++++++++---------------------
doc/pod/hook-python.pod | 6 ++----
doc/pod/news.pod | 6 ++++++
innd/nc.c | 26 ++++++++++++++++++++++++--
innd/perl.c | 3 ++-
innd/python.c | 3 ++-
samples/filter_innd.py | 12 +++++-------
7 files changed, 57 insertions(+), 36 deletions(-)
Modified: doc/pod/hook-perl.pod
===================================================================
--- doc/pod/hook-perl.pod 2010-02-08 21:06:11 UTC (rev 8967)
+++ doc/pod/hook-perl.pod 2010-02-08 21:06:43 UTC (rev 8968)
@@ -150,28 +150,23 @@
by the Perl filter and include a count of how many articles were rejected
with each reason string.)
-One other type of filtering is also supported. If Perl filtering is
-turned on and the Perl function filter_messageid() is defined, that
-function will be called for each message ID received from a peer (via
-either CHECK or IHAVE). The function receives a single argument, the
-message ID, and like filter_art() should return an empty string to accept
-the article or an error string to refuse the article (make sure that
-such a message is properly encoded in UTF-8 so as to comply with the
-NNTP protocol). This function is called before any history lookups and
-for every article offered to innd with CHECK or IHAVE (before the actual
-article is sent). Accordingly, the message ID is the only information
-it has about the article (the %hdr hash will be empty). This code would
-sit in a performance-critical hot path in a typical server, and therefore
-should be as fast as possible, but it can do things like refuse articles
-from certain hosts or cancels for already rejected articles (if they
-follow the $alz convention) without having to take the network bandwidth
-hit of accepting the entire article first.
+One other type of filtering is also supported. If Perl filtering is turned
+on and the Perl function filter_messageid() is defined, that function will
+be called for each message-ID received from a peer (via either CHECK, IHAVE
+or TAKETHIS). The function receives a single argument, the message-ID,
+and like filter_art() should return an empty string to accept the article
+or an error string to refuse the article (make sure that such a message
+is properly encoded in UTF-8 so as to comply with the NNTP protocol).
+This function is called before any history lookups and for every article
+offered to B<innd> with CHECK or IHAVE (before the actual article is sent),
+or with TAKETHIS (after the actual article is sent). Accordingly, the
+message-ID is the only information it has about the article (the %hdr hash
+will be empty). This code would sit in a performance-critical hot path in
+a typical server, and therefore should be as fast as possible, but it can
+do things like refuse articles from certain hosts or cancels for already
+rejected articles (if they follow the $alz convention) without having to
+take the network bandwidth hit of accepting the entire article first.
-Note that you cannot rely on filter_messageid() being called for every
-incoming article; articles sent via TAKETHIS without an earlier CHECK will
-never pass through filter_messageid() and will only go through
-filter_art().
-
Finally, whenever ctlinnd throttle, ctlinnd pause, or ctlinnd go is run,
the Perl function filter_mode() is called if it exists. It receives no
arguments and returns no value, but it has access to a global hash %mode
Modified: doc/pod/hook-python.pod
===================================================================
--- doc/pod/hook-python.pod 2010-02-08 21:06:11 UTC (rev 8967)
+++ doc/pod/hook-python.pod 2010-02-08 21:06:43 UTC (rev 8968)
@@ -126,11 +126,9 @@
=item filter_messageid(I<self>, I<msgid>)
I<msgid> is a buffer object containing the ID of an article being offered by
-IHAVE or CHECK. Like with C<filter_art>, the message will be refused if
+CHECK, IHAVE or TAKETHIS. Like with C<filter_art>, the message will be refused if
you return a non-empty string. If you use this feature, keep it light
-because it is called at a rather busy place in B<innd>'s main loop. Also, do
-not rely on this function alone to reject by ID; you should repeat the
-tests in C<filter_art> to catch articles sent with TAKETHIS but no CHECK.
+because it is called at a rather busy place in B<innd>'s main loop.
=item filter_mode(I<self>, I<oldmode>, I<newmode>, I<reason>)
Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod 2010-02-08 21:06:11 UTC (rev 8967)
+++ doc/pod/news.pod 2010-02-08 21:06:43 UTC (rev 8968)
@@ -64,6 +64,12 @@
=item *
+The Perl and Python filters for B<innd> now check the message-ID of articles
+arriving through TAKETHIS. Only CHECK and IHAVE commands previously
+used them.
+
+=item *
+
Case-insensitive matches are now used for distributions, path identities,
IMAP commands, header names, and control commands. (Newsgroups are still
matched case-sensitively.) Message-IDs are case-sensitively matched,
Modified: innd/nc.c
===================================================================
--- innd/nc.c 2010-02-08 21:06:11 UTC (rev 8967)
+++ innd/nc.c 2010-02-08 21:06:43 UTC (rev 8968)
@@ -1850,8 +1850,11 @@
static char empty[] = "";
int returncode; /* Will *not* be changed in NCpostit()
if it does *not* start with '2'. */
- size_t msglen;
+ size_t idlen, msglen;
WIP *wp;
+#if defined(DO_PERL) || defined(DO_PYTHON)
+ char *filterrc;
+#endif /* DO_PERL || DO_PYTHON */
cp->Takethis++;
cp->Start = cp->Next;
@@ -1866,10 +1869,30 @@
mid = cp->av[1];
returncode = NNTP_OK_TAKETHIS; /* Default code. */
}
+
+ idlen = strlen(mid);
+ msglen = idlen + 5; /* 3 digits + space + id + null. */
+
if (!IsValidMessageID(mid, false)) {
syslog(L_NOTICE, "%s bad_messageid %s", CHANname(cp),
MaxLength(mid, mid));
returncode = NNTP_FAIL_TAKETHIS_REJECT;
+ } else {
+#if defined(DO_PERL)
+ /* Invoke a Perl message filter on the message-ID. */
+ filterrc = PLmidfilter(mid);
+ if (filterrc) {
+ returncode = NNTP_FAIL_TAKETHIS_REJECT;
+ }
+#endif /* defined(DO_PERL) */
+
+#if defined(DO_PYTHON)
+ /* Invoke a Python message filter on the message-ID. */
+ filterrc = PYmidfilter(mid, idlen);
+ if (filterrc) {
+ returncode = NNTP_FAIL_TAKETHIS_REJECT;
+ }
+#endif /* defined(DO_PYTHON) */
}
/* Check authentication after everything else. */
@@ -1878,7 +1901,6 @@
NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS;
}
- msglen = strlen(mid) + 5; /* 3 digits + space + id + null. */
if (cp->Sendid.size < msglen) {
if (cp->Sendid.size > 0)
free(cp->Sendid.data);
Modified: innd/perl.c
===================================================================
--- innd/perl.c 2010-02-08 21:06:11 UTC (rev 8967)
+++ innd/perl.c 2010-02-08 21:06:43 UTC (rev 8968)
@@ -132,7 +132,8 @@
/*
-** Run an incoming message ID from CHECK or IHAVE through the Perl filter.
+** Run an incoming message-ID from CHECK, IHAVE or TAKETHIS through
+** the Perl filter.
** Returns NULL to accept the article or a rejection message to reject it.
*/
char *
Modified: innd/python.c
===================================================================
--- innd/python.c 2010-02-08 21:06:11 UTC (rev 8967)
+++ innd/python.c 2010-02-08 21:06:43 UTC (rev 8968)
@@ -154,7 +154,8 @@
/*
-** Refuse Message-IDs offered through CHECK or IHAVE that we don't like.
+** Refuse message-IDs offered through CHECK, IHAVE or TAKETHIS that
+** we don't like.
*/
char *
PYmidfilter(char *messageID, int msglen)
Modified: samples/filter_innd.py
===================================================================
--- samples/filter_innd.py 2010-02-08 21:06:11 UTC (rev 8967)
+++ samples/filter_innd.py 2010-02-08 21:06:43 UTC (rev 8968)
@@ -146,15 +146,13 @@
def filter_messageid(self, msgid):
"""Filter articles just by their Message-IDs.
- This method interacts with the IHAVE and CHECK NNTP commands.
+ This method interacts with the CHECK, IHAVE and TAKETHIS
+ NNTP commands.
If you return a non-empty string here, the offered article
will be refused before you ever have to waste any bandwidth
- looking at it (make sure that such a message is properly
- encoded in UTF-8 so as to comply with the NNTP protocol).
- This is not foolproof, so you should do your ID checks both
- here and in filter_art. (TAKETHIS does not offer the ID
- for examination, and a TAKETHIS isn't always preceded
- by a CHECK.)
+ looking at it (unless TAKETHIS is used before an earlier CHECK).
+ Make sure that such a message is properly encoded in UTF-8
+ so as to comply with the NNTP protocol.
"""
return "" # Deactivate the samples.
More information about the inn-committers
mailing list