working my way through the docs: perl_access woes

[Erik Klavon]

Hi Matt

On Wed, Aug 14, 2002 at 07:20:56PM +0100, Matt 'Goo Goo Dolls' Melton wrote:
> I'm not sure if this is required, but I can testify that the build I've
> recently compiled, inn-CURRENT-20020814, is no longer compatible Perl
> 5.6.0. The module Sys::SysLog is out date; with a differing syntax.
> A clear error to such effect is left in errlog, and the syslog shows
> the server restarting over and over again.

Did you try the following suggestion in INSTALL:

If you're using a version of Perl prior to 5.6.0, you may need to make
sure that the Perl versions of your system header files have been
generated in order for Sys::Syslog to work properly (used by various
utility programs, including controlchan).  To do this, run the
following two commands:

          # cd /usr/include
          # h2ph * sys/*
 
> My problem lies in the use of perl_access.
> 
> I first found it not documented that i had to put this directive within
> the particular auth block of my readers.conf.

I interpret 'particular' to mean 'the auth group that matches the
connection'. Did you mean something else? Where did you look for
documentation?

The following fragments of documentation I belive address your
statement. Please let me know if/how these are unhelpful.

from the readers.conf manpage:

[I]f the auth group which matched the client contains the
perl_access: parameter then the perl script given as argu-
ment is used to dynamically generate an access group. This
new access group is then used to determine the access
rights of the client.

from doc/hook-perl:

If a connection matches an auth group with a perl_access
parameter, all access groups in readers.conf are ignored and the
procedure described below is used to generate an access group.

> I am using the following idiot proof (?) script (chmoded 755 and owned
> by news.news et al): 
> 
> #!/usr/bin/perl
> require '/usr/cpfx/news/inn/lib/innshellvars.pl';
> sub access {
> 	%return_hash = (
> 		"read" => "*", "post" => "local.*",
> 		"virtualhost" => "true", "key" => "pwd" );
> 	return %return_hash;
> }

Looks fine. A side comment: if you are going to use key here (which
doesn't really do anything for you in this context) make sure you've
got the corresponding key value in whatever auth groups use this
script.

> No errors are left in the errlog nor syslog, yet, after authentication
> the connection simply dies. This happens with the supplied test
> script nnrpd_access.pl, and a line of "*:Read Post:::*" within
> nnrp.access.
> 
> My syslog is merely:
> Aug 14 18:49:11 myhost nnrpd[30279]: hopeless.client.com (10.0.0.1)
> connect
> Aug 14 18:49:41 myhost nnrpd[30279]: SERVER perl filtering enabled
> 
> ... With no further notices.

The problem I found isn't due to your script or readers.conf. Rather,
its a bug in a modification made by me to conffile.c. Here is a patch:

diff -ur inn/lib/conffile.c inn_patch/lib/conffile.c
--- inn/lib/conffile.c  Wed Jun 19 21:49:24 2002
+++ inn_patch/lib/conffile.c    Wed Aug 14 14:01:44 2002
@@ -12,11 +12,11 @@
 static int getconfline(CONFFILE *F, char *buffer, int length) {
   if (F->f) {
     fgets(buffer, length, F->f);
+    if (ferror(F->f)) {
+      return 1;
+    }
   } else if (F->array) {
     strncpy(buffer, F->array[F->lineno], length);
-  }
-  if (ferror(F->f)) {
-    return 1;
   }
   F->lineno++;
   if (strlen (F->buf) == F->sbuf) {

Applying that patch to CURRENT solved the problem for me. Let me know
if it works on your end.

Erik
 
-- 
erik         | "It is idle to think that, by means of words, | Maurice
  kl at von     | any real communication can ever pass | Maeterlinck
    eriq.org | from one [human] to another." | Silence