patch for perl auth hook in CURRENT

[Russ Allbery]

Erik Klavon <erik at eriq.org> writes:

> Below is a patch for the perl authenticate hook in CURRENT. It modifies
> nnrpd so as to require a three-element array be returned from
> authenticate. The first element is the response code, the third an error
> string as before. The second is a string containing the username to be
> associated with the connection; it will be used to match the connection
> with the users: parameter in access groups and will be logged.  If this
> string is empty, the username supplied by the client during
> authentication will be used instead.

> The necessary modifications to the documentation and wrapper scripts
> are included.

I like the basic idea, but I'd rather that it be done slightly
differently.  Rather than adding the username between the return code and
the error message, could you add it as an optional third value which,
if not given, defaults to the username given in the authentication?

The rationale is that most people won't need to set the username, so this
way they don't have to think about it and pass that empty string in the
middle of their return value.

The static buffer for the new user string is rather ugly, but I guess
there isn't a good way to do that with the current, rather horrible,
perm.c structure.

Also, the source file for doc/hook-perl is doc/pod/hook-perl.pod; could
you provide a patch for it instead?

Thanks!

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.