AUTHINFO SSL Patch (2nd try)
James F. Hranicky
jfh at cise.ufl.edu
Thu Apr 19 20:30:05 UTC 2001
Here's the patch again:
-------------------------- cut here -----------------------------------
diff -c -r inn-2.3.1.orig/nnrpd/commands.c inn-2.3.1/nnrpd/commands.c
*** inn-2.3.1.orig/nnrpd/commands.c Thu Jan 11 03:55:23 2001
--- inn-2.3.1/nnrpd/commands.c Thu Apr 19 11:07:31 2001
***************
*** 26,32 ****
extern int LLOGenable;
!
STATIC LISTINFO INFOactive = {
NULL, _PATH_ACTIVE, TRUE, "active newsgroups",
--- 26,32 ----
extern int LLOGenable;
! extern int nnrpd_starttls_done;
STATIC LISTINFO INFOactive = {
NULL, _PATH_ACTIVE, TRUE, "active newsgroups",
***************
*** 244,249 ****
--- 244,255 ----
}
} else {
+
+ if (AUTHINFOrequiresSSL == TRUE && !nnrpd_starttls_done) {
+ syslog(L_NOTICE, "%s AUTHINFO without SSL disallowed. Exiting.", ClientHost);
+ Reply("%s: AUTHINFO requires SSL. Please use a secure channel to authenticate.\n", NNTP_ACCESS);
+ ExitWithStats(1, FALSE);
+ }
if (caseEQ(av[1], "simple")) {
if (ac != 4) {
diff -c -r inn-2.3.1.orig/nnrpd/nnrpd.c inn-2.3.1/nnrpd/nnrpd.c
*** inn-2.3.1.orig/nnrpd/nnrpd.c Thu Jan 11 03:55:23 2001
--- inn-2.3.1/nnrpd/nnrpd.c Thu Apr 19 09:45:45 2001
***************
*** 788,793 ****
--- 788,800 ----
if (ReadInnConf() < 0) exit(1);
#ifdef HAVE_SSL
+
+ /*
+ * Be default, don't allow user/pass over an insecure channel.
+ */
+
+ AUTHINFOrequiresSSL = TRUE;
+
while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:tS")) != EOF)
#else
while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:t")) != EOF)
diff -c -r inn-2.3.1.orig/nnrpd/nnrpd.h inn-2.3.1/nnrpd/nnrpd.h
*** inn-2.3.1.orig/nnrpd/nnrpd.h Thu Jan 11 03:55:23 2001
--- inn-2.3.1/nnrpd/nnrpd.h Thu Apr 19 09:44:12 2001
***************
*** 180,185 ****
--- 180,189 ----
EXTERN char *VirtualPath;
EXTERN int VirtualPathlen;
+ #ifdef HAVE_SSL
+ EXTERN BOOL AUTHINFOrequiresSSL;
+ #endif
+
#if NNRP_LOADLIMIT > 0
extern int GetLoadAverage();
-------------------------- cut here -----------------------------------
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh at cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
- Encryption: its use by criminals is far less -
- frightening than its banishment by governments -
- Vote for Privacy -
More information about the inn-workers
mailing list