INN commit: trunk (4 files)

INN Commit rra at isc.org
Thu Jun 6 20:04:56 UTC 2013


    Date: Thursday, June 6, 2013 @ 13:04:56
  Author: iulius
Revision: 9480

add the attributes hash to nnrpd Perl posting filter

The attributes hash was only created for Perl authentication and access
functions.  It is now accessible to Perl posting filter.

Also update the sample filter_nnrpd.pl file.

Thanks to Steve Crook for the patch.

Modified:
  trunk/doc/pod/hook-perl.pod
  trunk/doc/pod/news.pod
  trunk/nnrpd/perl.c
  trunk/samples/filter_nnrpd.pl

-------------------------+
 doc/pod/hook-perl.pod   |   13 ++++++++++++-
 doc/pod/news.pod        |    7 +++++++
 nnrpd/perl.c            |   13 ++++++++++++-
 samples/filter_nnrpd.pl |   44 ++++++++++++++++++++++++++------------------
 4 files changed, 57 insertions(+), 20 deletions(-)

Modified: doc/pod/hook-perl.pod
===================================================================
--- doc/pod/hook-perl.pod	2013-06-03 18:12:39 UTC (rev 9479)
+++ doc/pod/hook-perl.pod	2013-06-06 20:04:56 UTC (rev 9480)
@@ -309,7 +309,18 @@
 the string returned by filter_post() is returned to the client as the
 error message (with some exceptions; see below).
 
-filter_post() has access to a global hash C<%hdr>, which contains all
+filter_post() has access to a global hash %attributes which contains
+information about the connection as follows:  C<$attributes{'hostname'}>
+will contain the hostname (or the IP address if it does not resolve)
+of the client machine, C<$attributes{'ipaddress'}> will contain its IP
+address (as a string), C<$attributes{'port'}> will contain the client
+port (as an integer), C<$attributes{'interface'}> contains the hostname
+of the interface the client connected on, C<$attributes{'intipaddr'}>
+contains the IP address (as a string) of the interface the client
+connected on, and C<$attributes{'intport'}> contains the port (as an
+integer) on the interface the client connected on.
+
+filter_post() also has access to a global hash C<%hdr>, which contains all
 of the headers of the article.  (Unlike the B<innd> Perl filter, C<%hdr>
 for the B<nnrpd> Perl filter contains *all* of the headers, not just the
 standard ones.  If any of the headers are duplicated, though, C<%hdr>

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2013-06-03 18:12:39 UTC (rev 9479)
+++ doc/pod/news.pod	2013-06-06 20:04:56 UTC (rev 9480)
@@ -130,6 +130,13 @@
 
 =item *
 
+The attributes hash is now accessible to B<nnrpd> Perl posting filter.
+As a result, F<filter_nnrpd.pl> can make use of it.  Only authentication
+and access Perl hooks could previously use the attributes hash.
+Thanks to Steve Crook for this addition.
+
+=item *
+
 When using funnel feeds, B<innfeed> log files were open forever, which
 resulted in empty log files, once rotated by B<scanlogs>.  Exploder and
 process channels are now reopened when C<ctlinnd flushlogs> is used,

Modified: nnrpd/perl.c
===================================================================
--- nnrpd/perl.c	2013-06-03 18:12:39 UTC (rev 9479)
+++ nnrpd/perl.c	2013-06-06 20:04:56 UTC (rev 9480)
@@ -52,6 +52,7 @@
 {
     dSP;
     HEADER *hp;
+    HV *attribs;
     HV *hdr;
     SV *body;
     int rc;
@@ -82,7 +83,16 @@
     ENTER;
     SAVETMPS;
 
-    /* Create the Perl hash. */
+    /* Create the Perl attributes hash. */
+    attribs = perl_get_hv("attributes", true);
+    (void) hv_store(attribs, "hostname", 8, newSVpv(Client.host, 0), 0);
+    (void) hv_store(attribs, "ipaddress", 9, newSVpv(Client.ip, 0), 0);
+    (void) hv_store(attribs, "port", 4, newSViv(Client.port), 0);
+    (void) hv_store(attribs, "interface", 9, newSVpv(Client.serverhost, 0), 0);
+    (void) hv_store(attribs, "intipaddr", 9, newSVpv(Client.serverip, 0), 0);
+    (void) hv_store(attribs, "intport", 7, newSViv(Client.serverport), 0);
+
+    /* Create the Perl header hash. */
     hdr = perl_get_hv("hdr", true);
     for (hp = Table; hp < EndOfTable; hp++) {
         if (hp->Body)
@@ -177,6 +187,7 @@
 #endif /* DEBUG_MODIFY */
     }
 
+    hv_undef(attribs);
     hv_undef(hdr);
     sv_setsv(body, &PL_sv_undef);
 

Modified: samples/filter_nnrpd.pl
===================================================================
--- samples/filter_nnrpd.pl	2013-06-03 18:12:39 UTC (rev 9479)
+++ samples/filter_nnrpd.pl	2013-06-06 20:04:56 UTC (rev 9480)
@@ -1,22 +1,24 @@
-#
-# $Id$
-#
-# Sample perl filtering code for nnrpd hook.
-#
+##  $Id$
+##
+##  This is a sample filter for the Perl nnrpd hook.
+##
+##  See the INN Perl Filtering and Authentication Hooks documentation
+##  for more information.
+##
+##  This file is loaded when nnrpd starts up.  If it defines a sub named
+##  "filter_post", then that function will be called during processing of a
+##  posting.  It has access to the headers of the article via the associative
+##  array %hdr, and to useful information about the connection via the
+##  associative array %attributes.
+##  If it returns a null string, then the article is accepted for posting.
+##  A non-null string rejects it, and the value returned is used in the
+##  rejection message (make sure that such a message is properly encoded
+##  in UTF-8 so as to comply with the NNTP protocol).
+##
+##  When filtering is disabled, the filter_end() Perl routine is called,
+##  if defined, prior to the deactivation of the filter.
 
 #
-# This file is loaded when nnrpd starts up. If it defines a sub named
-# `filter_post', then that function will be called during processing of a
-# posting. It has access to the headers of the article via the associative
-# array `%hdr'. If it returns a null string then the article is accepted
-# for posting. A non-null string rejects it, and the value returned is used
-# in the rejection message (make sure that such a message is properly encoded
-# in UTF-8 so as to comply with the NNTP protocol).
-#
-# When filtering is disabled, the filter_end() Perl routine is called,
-# if defined, prior to the deactivation of the filter.
-
-#
 # Do any initialization steps.
 #
 my %config = (checkincludedtext => 0,
@@ -36,7 +38,7 @@
 ### Uncomment this next block to reject articles that have 'make money'
 ### in their subject, or which have a "Re: " subject, but no References:
 ### header, or which have an invalid From.
-
+##
 ##    if ($hdr{"Subject"} =~ /make.*money/i) {
 ##        $rval = "Spam is not acceptable here..." ;
 ##    } elsif ($hdr{'Subject'} =~ /^Re: /o and $hdr{'References'} eq "") {
@@ -46,6 +48,12 @@
 ##        $rval = "From: is invalid, must be user\@[host.]domain.tld";
 ##    }
 
+### Uncomment this next block to reject articles that are sent from
+### a network outside 10.42.0.0/16.
+##
+##    if ($attributes{'ipaddress'} !~ /^10\.42\./) {
+##        $rval = "Unauthorized network.";
+##    }
 
 ### The next block rejects articles with too much quoted text, if the
 ### config hash directs it to.



More information about the inn-committers mailing list