doc/hook-perl - response codes for authentication
Russ Allbery
rra at stanford.edu
Fri Dec 26 17:45:11 UTC 2008
Julien ÉLIE <julien at trigofacile.com> writes:
> No, it is not how nnrpd currently works (in both 2.4 and 2.5 branches).
> I tested that when I fixed Python hooks.
Oh, thank you for checking this!
> In fact, the samples nnrpd_auth.py and nnrpd_auth.pl contained:
>
> %authcodes = ('allowed' => 281, 'denied' => 502);
>
> which I changed in commit 8051 (September, 28th 20008) on CURRENT
> (for 481 when 'denied').
>
> But their use is not implemented. After both Perl and Python auth
> hooks, if 281 is returned, then it is successful. Upon receiving
> another code (be it 481, 502, 42 or 1200), authentication fails and
> nnrpd returns 481, along with the error string provided.
>
> return (12, 'Not allowed.');
>
> will reply:
>
> 481 Not allowed.
>
> nnrpd never closes the connection. Therefore, 400 should not be sent.
> And it cannot be sent.
I think we should fix the code in nnrpd so that it allows 403 in addition
to 481 and 281 and passes those codes along.
I'm not sure what to do about other codes -- it's tempting to map them all
to 403 (on the grounds that the Perl filter is returning a code that it
shouldn't), but we may want to keep mapping 502 to 481 for backwards
compatibility.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list