Patch for additional connection attributes in python hooks

Erik Klavon erik at eriq.org
Fri Feb 7 23:57:12 UTC 2003


Greetings

Enclosed is a patch which provides all of the attributes available to
the external authentication mechanism to the nnrpd python auth,
access and dynamic hooks. Updated documentation is also provided.

Note that this patch assumes the application of the previous patches
posted to this list on 2/3/2003.

Erik

---------------------------------------------------------------------

diff -ur inn/doc/pod/hook-python.pod inn_py/doc/pod/hook-python.pod
--- inn/doc/pod/hook-python.pod	Sun Feb  2 21:45:35 2003
+++ inn_py/doc/pod/hook-python.pod	Fri Feb  7 15:46:55 2003
@@ -292,12 +292,13 @@
 
 The argument dictionary passed to authenticate remains the same,
 except for the removal of the C<type> entry which is no longer needed
-in this modification. The return tuple now only contains either two or
-three elements, the first of which is the NNTP response code. The
-second is an error string which is passed to the client if the
-response code indicates that the authentication attempt has
-failed. This allows a specific error message to be generated by the
-Python script in place of the generic message "Authentication
+in this modification and the addition of several new entries (port,
+intipaddr, intport) described below. The return tuple now only
+contains either two or three elements, the first of which is the NNTP
+response code. The second is an error string which is passed to the
+client if the response code indicates that the authentication attempt
+has failed. This allows a specific error message to be generated by
+the Python script in place of the generic message "Authentication
 failed". An optional third return element, if present, will be used to
 match the connection with the user: parameter in access groups and
 will also be the username logged. If this element is absent, the
@@ -316,8 +317,10 @@
 new implementation by the inclusion of the python_dynamic parameter in
 F<readers.conf>. The only change is the corresponding method name of
 C<dynamic> as opposed to C<authorize>; C<domain> and C<range> are the
-same as before. Additionally, the associated optional housekeeping
-methods dynamic_init and dynamic_close may be implemented if needed.
+same as before except for the addition of several new entries to the
+argument dictionary (port, intipaddr, intport) described
+below. Additionally, the associated optional housekeeping methods
+dynamic_init and dynamic_close may be implemented if needed.
 
 This new implementation should provide all of the previous
 capabilities of the Python hooks, in combination with the flexibility
@@ -503,9 +506,21 @@
 
 IP address of connected reader
 
+=item port
+
+port of connected reader
+
 =item interface
 
+hostname of the local endpoint of the NNTP connection
+
+=item intipaddr
+
 IP address of the local endpoint of the NNTP connection
+
+=item intport
+
+port of the local endpoint of the NNTP connection
 
 =item user
 
diff -ur inn/nnrpd/group.c inn_py/nnrpd/group.c
--- inn/nnrpd/group.c	Sun Feb  2 16:58:25 2003
+++ inn_py/nnrpd/group.c	Fri Feb  7 15:13:47 2003
@@ -58,7 +58,7 @@
         char    *reply;
 
 	/* Authorize user using Python module method dynamic*/
-	if (PY_dynamic(ClientHost, ClientIpString, ServerHost, PERMuser, group, false, &reply) < 0) {
+	if (PY_dynamic(PERMuser, group, false, &reply) < 0) {
 	    syslog(L_NOTICE, "PY_dynamic(): authorization skipped due to no Python dynamic method defined.");
 	} else {
 	    if (reply != NULL) {
diff -ur inn/nnrpd/misc.c inn_py/nnrpd/misc.c
--- inn/nnrpd/misc.c	Sun Feb  2 16:58:25 2003
+++ inn_py/nnrpd/misc.c	Fri Feb  7 15:14:16 2003
@@ -165,7 +165,7 @@
         char    *reply;
 
 	/* Authorize user at a Python authorization module */
-	if (PY_dynamic(ClientHost, ClientIpString, ServerHost, PERMuser, p, false, &reply) < 0) {
+	if (PY_dynamic(PERMuser, p, false, &reply) < 0) {
 	    syslog(L_NOTICE, "PY_dynamic(): authorization skipped due to no Python dynamic method defined.");
 	} else {
 	    if (reply != NULL) {
diff -ur inn/nnrpd/nnrpd.h inn_py/nnrpd/nnrpd.h
--- inn/nnrpd/nnrpd.h	Fri Feb  7 15:48:25 2003
+++ inn_py/nnrpd/nnrpd.h	Fri Feb  7 15:12:09 2003
@@ -276,9 +276,9 @@
 #ifdef	DO_PYTHON
 extern bool PY_use_dynamic;
 
-int PY_authenticate(char *path, char *clientHost, char *clientIpString, char *serverHost, char *Username, char *Password, char *errorstring, char *newUser);
-void PY_access(char* path, struct vector *access_vec, char *clientHost, char *clientIpString, char *serverHost, char *Username);
-int PY_dynamic(char *clientHost, char *clientIpString, char *ServerHost, char *Username, char *NewsGroup, int PostFlag, char **reply_message);
+int PY_authenticate(char *path, char *Username, char *Password, char *errorstring, char *newUser);
+void PY_access(char* path, struct vector *access_vec, char *Username);
+int PY_dynamic(char *Username, char *NewsGroup, int PostFlag, char **reply_message);
 void PY_dynamic_init (char* file);
 #endif	/* DO_PYTHON */
 
diff -ur inn/nnrpd/perm.c inn_py/nnrpd/perm.c
--- inn/nnrpd/perm.c	Fri Feb  7 15:48:25 2003
+++ inn_py/nnrpd/perm.c	Fri Feb  7 15:15:07 2003
@@ -1589,7 +1589,7 @@
             uname = xstrdup(PERMuser);
             access_vec = vector_new();
 
-            PY_access(script_path, access_vec, ClientHost, ClientIpString, ServerHost, uname);
+            PY_access(script_path, access_vec, uname);
             free(script_path);
             free(uname);
             free(args);
@@ -2277,7 +2277,7 @@
 	Argify(cp, &args);
 	script_path = concat(args[0], (char *) 0);
 	if ((script_path != NULL) && (strlen(script_path) > 0)) {
-	  code = PY_authenticate(script_path, ClientHost, ClientIpString, ServerHost, username, password, errorstr, newUser);
+	  code = PY_authenticate(script_path, username, password, errorstr, newUser);
 	  free(script_path);
 	  if (code < 0) {
 	    syslog(L_NOTICE, "PY_authenticate(): authentication skipped due to no Python authentication method defined.");
diff -ur inn/nnrpd/post.c inn_py/nnrpd/post.c
--- inn/nnrpd/post.c	Sun Feb  2 16:58:25 2003
+++ inn_py/nnrpd/post.c	Fri Feb  7 15:14:44 2003
@@ -716,7 +716,7 @@
 	    char    *reply;
 
 	    /* Authorize user using Python module method dynamic */
-	    if (PY_dynamic(ClientHost, ClientIpString, ServerHost, PERMuser, p, true, &reply) < 0) {
+	    if (PY_dynamic(PERMuser, p, true, &reply) < 0) {
 	        syslog(L_NOTICE, "PY_dynamic(): authorization skipped due to no Python dynamic method defined.");
 	    } else {
 	        if (reply != NULL) {
diff -ur inn/nnrpd/python.c inn_py/nnrpd/python.c
--- inn/nnrpd/python.c	Sun Feb  2 16:58:25 2003
+++ inn_py/nnrpd/python.c	Fri Feb  7 15:20:39 2003
@@ -38,14 +38,17 @@
 /* key names for attributes dictionary */
 #define PYTHONhostname         "hostname"
 #define PYTHONipaddress        "ipaddress"
+#define PYTHONport             "port"
 #define PYTHONinterface        "interface"
+#define PYTHONintipaddr        "intipaddr"
+#define PYTHONintport          "intport"
 #define PYTHONuser             "user"
 #define PYTHONpass             "pass"
 #define PYTHONtype             "type"
 #define PYTHONnewsgroup        "newsgroup"
 
 /* Max number of items in dictionary to pass to auth methods */
-#define	_PY_MAX_AUTH_ITEM	7
+#define	_PY_MAX_AUTH_ITEM	10
 
 
 /* Pointers to external Python objects */
@@ -87,7 +90,7 @@
 ** Return NNTP reply code as returned by Python method or -1 if method
 ** is not defined.
 */
-int PY_authenticate(char* file, char *clientHost, char *clientIpString, char *serverHost, char *Username, char *Password, char *errorstring, char *newUser) {
+int PY_authenticate(char* file, char *Username, char *Password, char *errorstring, char *newUser) {
     PyObject    *result, *item, *proc;
     char        *type;
     int         authnum;
@@ -105,17 +108,29 @@
     authnum = 0;
 
     /* Client hostname */
-    PYauthitem[authnum] = PyBuffer_FromMemory(clientHost, strlen(clientHost));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ClientHost, strlen(ClientHost));
     PyDict_SetItemString(PYauthinfo, PYTHONhostname, PYauthitem[authnum++]);
 
     /* Client IP number */
-    PYauthitem[authnum] = PyBuffer_FromMemory(clientIpString, strlen(clientIpString));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ClientIpString, strlen(ClientIpString));
     PyDict_SetItemString(PYauthinfo, PYTHONipaddress, PYauthitem[authnum++]);
 
+    /* Client port number */
+    PYauthitem[authnum] = PyInt_FromLong(ClientPort);
+    PyDict_SetItemString(PYauthinfo, PYTHONport, PYauthitem[authnum++]);
+
     /* Server interface the connection comes to */
-    PYauthitem[authnum] = PyBuffer_FromMemory(serverHost, strlen(serverHost));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ServerHost, strlen(ServerHost));
     PyDict_SetItemString(PYauthinfo, PYTHONinterface, PYauthitem[authnum++]);
 
+    /* Server IP number */
+    PYauthitem[authnum] = PyBuffer_FromMemory(ServerIpString, strlen(ServerIpString));
+    PyDict_SetItemString(PYauthinfo, PYTHONintipaddr, PYauthitem[authnum++]);
+
+    /* Server port number */
+    PYauthitem[authnum] = PyInt_FromLong(ServerPort);
+    PyDict_SetItemString(PYauthinfo, PYTHONintport, PYauthitem[authnum++]);
+
     /* Username if known */
     if (Username == NULL) {
         PYauthitem[authnum] = Py_None;
@@ -211,7 +226,7 @@
 ** Create an access group based on the values returned by the script in file
 **
 */
-void PY_access(char* file, struct vector *access_vec, char *clientHost, char *clientIpString, char *serverHost, char *Username) {
+void PY_access(char* file, struct vector *access_vec, char *Username) {
     PyObject	*result, *key, *value, *proc;
     char	*skey, *svalue, *temp;
     int		authnum;
@@ -231,17 +246,29 @@
     authnum = 0;
 
     /* Client hostname */
-    PYauthitem[authnum] = PyBuffer_FromMemory(clientHost, strlen(clientHost));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ClientHost, strlen(ClientHost));
     PyDict_SetItemString(PYauthinfo, PYTHONhostname, PYauthitem[authnum++]);
 
     /* Client IP number */
-    PYauthitem[authnum] = PyBuffer_FromMemory(clientIpString, strlen(clientIpString));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ClientIpString, strlen(ClientIpString));
     PyDict_SetItemString(PYauthinfo, PYTHONipaddress, PYauthitem[authnum++]);
 
+    /* Client port number */
+    PYauthitem[authnum] = PyInt_FromLong(ClientPort);
+    PyDict_SetItemString(PYauthinfo, PYTHONport, PYauthitem[authnum++]);
+
     /* Server interface the connection comes to */
-    PYauthitem[authnum] = PyBuffer_FromMemory(serverHost, strlen(serverHost));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ServerHost, strlen(ServerHost));
     PyDict_SetItemString(PYauthinfo, PYTHONinterface, PYauthitem[authnum++]);
 
+    /* Server IP number */
+    PYauthitem[authnum] = PyBuffer_FromMemory(ServerIpString, strlen(ServerIpString));
+    PyDict_SetItemString(PYauthinfo, PYTHONintipaddr, PYauthitem[authnum++]);
+
+    /* Server port number */
+    PYauthitem[authnum] = PyInt_FromLong(ServerPort);
+    PyDict_SetItemString(PYauthinfo, PYTHONintport, PYauthitem[authnum++]);
+
     /* Username */
     PYauthitem[authnum] = PyBuffer_FromMemory(Username, strlen(Username));
     PyDict_SetItemString(PYauthinfo, PYTHONuser, PYauthitem[authnum++]);
@@ -324,7 +351,7 @@
 ** and a reply_message pointer initialized with reply message.
 ** Return negative value if dynamic method is not defined.
 */
-int PY_dynamic(char *clientHost, char *clientIpString, char *serverHost, char *Username, char *NewsGroup, int PostFlag, char **reply_message) {
+int PY_dynamic(char *Username, char *NewsGroup, int PostFlag, char **reply_message) {
     PyObject	*result, *item, *proc;
     char	*string, *temp;
     int		authnum;
@@ -341,16 +368,28 @@
     authnum = 0;
 
     /* Client hostname */
-    PYauthitem[authnum] = PyBuffer_FromMemory(clientHost, strlen(clientHost));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ClientHost, strlen(ClientHost));
     PyDict_SetItemString(PYauthinfo, PYTHONhostname, PYauthitem[authnum++]);
-    
+
     /* Client IP number */
-    PYauthitem[authnum] = PyBuffer_FromMemory(clientIpString, strlen(clientIpString));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ClientIpString, strlen(ClientIpString));
     PyDict_SetItemString(PYauthinfo, PYTHONipaddress, PYauthitem[authnum++]);
-    
+
+    /* Client port number */
+    PYauthitem[authnum] = PyInt_FromLong(ClientPort);
+    PyDict_SetItemString(PYauthinfo, PYTHONport, PYauthitem[authnum++]);
+
     /* Server interface the connection comes to */
-    PYauthitem[authnum] = PyBuffer_FromMemory(serverHost, strlen(serverHost));
+    PYauthitem[authnum] = PyBuffer_FromMemory(ServerHost, strlen(ServerHost));
     PyDict_SetItemString(PYauthinfo, PYTHONinterface, PYauthitem[authnum++]);
+
+    /* Server IP number */
+    PYauthitem[authnum] = PyBuffer_FromMemory(ServerIpString, strlen(ServerIpString));
+    PyDict_SetItemString(PYauthinfo, PYTHONintipaddr, PYauthitem[authnum++]);
+
+    /* Server port number */
+    PYauthitem[authnum] = PyInt_FromLong(ServerPort);
+    PyDict_SetItemString(PYauthinfo, PYTHONintport, PYauthitem[authnum++]);
     
     /* Username */
     PYauthitem[authnum] = PyBuffer_FromMemory(Username, strlen(Username));


-- 
erik         | "It is idle to think that, by means of words, | Maurice
  kl at von     | any real communication can ever pass | Maeterlinck
    eriq.org | from one [human] to another." | Silence


More information about the inn-workers mailing list