AUTHINFO SSL Patch (2nd try)

James F. Hranicky jfh at cise.ufl.edu
Thu Apr 19 20:30:05 UTC 2001


Here's the patch again:

-------------------------- cut here -----------------------------------
diff -c -r inn-2.3.1.orig/nnrpd/commands.c inn-2.3.1/nnrpd/commands.c
*** inn-2.3.1.orig/nnrpd/commands.c	Thu Jan 11 03:55:23 2001
--- inn-2.3.1/nnrpd/commands.c	Thu Apr 19 11:07:31 2001
***************
*** 26,32 ****
  
  
  extern int LLOGenable;
! 
  
  STATIC LISTINFO		INFOactive = {
      NULL, _PATH_ACTIVE, TRUE, "active newsgroups",
--- 26,32 ----
  
  
  extern int LLOGenable;
! extern int nnrpd_starttls_done;
  
  STATIC LISTINFO		INFOactive = {
      NULL, _PATH_ACTIVE, TRUE, "active newsgroups",
***************
*** 244,249 ****
--- 244,255 ----
  	}
  
      } else {
+ 
+ 	if (AUTHINFOrequiresSSL == TRUE && !nnrpd_starttls_done) {
+ 	    syslog(L_NOTICE, "%s AUTHINFO without SSL disallowed. Exiting.", ClientHost);
+ 	    Reply("%s: AUTHINFO requires SSL. Please use a secure channel to authenticate.\n", NNTP_ACCESS);
+ 	    ExitWithStats(1, FALSE);
+ 	}
  
  	if (caseEQ(av[1], "simple")) {
  	    if (ac != 4) {
diff -c -r inn-2.3.1.orig/nnrpd/nnrpd.c inn-2.3.1/nnrpd/nnrpd.c
*** inn-2.3.1.orig/nnrpd/nnrpd.c	Thu Jan 11 03:55:23 2001
--- inn-2.3.1/nnrpd/nnrpd.c	Thu Apr 19 09:45:45 2001
***************
*** 788,793 ****
--- 788,800 ----
      if (ReadInnConf() < 0) exit(1);
  
  #ifdef HAVE_SSL
+ 
+     /* 
+      * Be default, don't allow user/pass over an insecure channel.
+      */
+ 
+     AUTHINFOrequiresSSL = TRUE;
+ 
      while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:tS")) != EOF)
  #else
      while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:t")) != EOF)
diff -c -r inn-2.3.1.orig/nnrpd/nnrpd.h inn-2.3.1/nnrpd/nnrpd.h
*** inn-2.3.1.orig/nnrpd/nnrpd.h	Thu Jan 11 03:55:23 2001
--- inn-2.3.1/nnrpd/nnrpd.h	Thu Apr 19 09:44:12 2001
***************
*** 180,185 ****
--- 180,189 ----
  EXTERN char	*VirtualPath;
  EXTERN int	VirtualPathlen;
  
+ #ifdef HAVE_SSL
+ EXTERN BOOL	AUTHINFOrequiresSSL;
+ #endif
+ 
  
  #if	NNRP_LOADLIMIT > 0
  extern int		GetLoadAverage();
-------------------------- cut here -----------------------------------

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
         -  Encryption: its use by criminals is far less  - 
         - frightening than its banishment by governments -
                      - Vote for Privacy -


More information about the inn-workers mailing list