readers.conf with python_access and python_auth
David Hláčik
david at hlacik.eu
Sat Jun 7 15:00:01 UTC 2008
Yes of course i have method access in my nnrpd_auth.py I am using it
also with python_auth parameter and calling method auth. I have also
tested it with my test.py to see if access returns correct values.
Honestly i am starting to giving up whole think. I am currently on my
4th whole day working on nnrpd_auth.py and there is just so many
issues (import modules not work and so) :(
This is what i have :
class AUTH:
"""Provide authentication and authorization callbacks to nnrpd."""
def __init__(self):
"""This is a good place to initialize variables or open a
database connection.
"""
# Create a list of NNTP codes to respond on connect
self.connectcodes = { 'READPOST':200,
'READ':201,
'AUTHNEEDED':480,
'PERMDENIED':502
}
# Create a list of NNTP codes to respond on authentication
self.authcodes = { 'ALLOWED':281,
'DENIED':502
}
syslog('notice', 'nnrpd authentication class instance created')
def authenticate(self, attributes):
"""Called when python_auth is encountered in readers.conf"""
# just for debugging purposes
syslog('notice', 'n_a authenticate() invoked: hostname %s,
ipaddress %s, interface %s, user %s' % (\
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# do username passworld authentication
#if 'foo' == str(attributes['user']) \
# and 'foo' == str(attributes['pass']):
# syslog('notice', 'authentication by username succeeded')
# return ( self.authcodes['ALLOWED'], 'No error', 'default_user')
#else:
# syslog('notice', 'authentication by username failed')
# return ( self.authcodes['DENIED'], 'Access Denied!')
import os
result = int(os.popen("%s %s %s"
%("/opt/pdg/newsauth.py",str(attributes['user']),str(attributes['pass'])),
"r").read())
if result == 1:
syslog('notice', 'authentication by username succeeded')
return(self.authcodes['ALLOWED'], 'OK')
else:
syslog('notice', 'authentication by username failed')
return ( self.authcodes['DENIED'], 'FAILED')
def access(self, attributes):
"""Called when python_access is encountered in readers.conf"""
# just for debugging purposes
syslog('notice', 'n_a access() invoked: hostname %s, ipaddress
%s, interface %s, user %s' % (\
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# allow newsreading from specific host only
#if '127.0.0.1' == str(attributes['ipaddress']):
# syslog('notice', 'authentication by IP address succeeded')
# return {'read':'*','post':'*'}
#else:
# syslog('notice', 'authentication by IP address failed')
# return {'read':'!*','post':'!*'}
import os
groups = os.popen("%s %s %s"
%("/opt/pdg/newsaccess.py",str(attributes['user']),str(attributes['pass'])),
"r").read().split("\n")
result = {}
result['read'] = ",".join(groups)
result['post'] = ",".join(groups)
syslog('notice', 'acess groups defined')
return result
def dynamic(self, attributes):
"""Called when python_dynamic was reached in the processing of
readers.conf and a reader requests either read or post
permission for particular newsgroup.
"""
# just for debugging purposes
syslog('notice', 'n_a dyanmic() invoked against type %s,
hostname %s, ipaddress %s, interface %s, user %s' % (\
attributes['type'], \
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# Allow reading of any newsgroup but not posting
if 'post' == str(attributes['type']):
syslog('notice', 'authorization for post access denied')
return "no posting for you"
elif 'read' == str(attributes['type']):
syslog('notice', 'authorization for read access granted')
return None
else:
syslog('notice', 'authorization type is not known: %s' %
attributes['type'])
return "Internal error";
#
# The rest is used to hook up the auth module on nnrpd. It is unlikely
# you will ever need to modify this.
#
# Import functions exposed by nnrpd. This import must succeed, or nothing
# will work!
from nnrpd import *
# Create a class instance
myauth = AUTH()
# ...and try to hook up on nnrpd. This would make auth object methods visible
# to nnrpd.
try:
set_auth_hook(myauth)
syslog('notice', "authentication module successfully hooked into nnrpd")
except Exception, errmsg:
syslog('error', "Cannot obtain nnrpd hook for authentication
method: %s" % errmsg[0])
#
# The rest is used to hook up the auth module on nnrpd. It is unlikely
# you will ever need to modify this.
#
# Import functions exposed by nnrpd. This import must succeed, or nothing
# will work!
from nnrpd import *
# Create a class instance
myauth = AUTH()
# ...and try to hook up on nnrpd. This would make auth object methods visible
# to nnrpd.
try:
set_auth_hook(myauth)
syslog('notice', "authentication module successfully hooked into nnrpd")
except Exception, errmsg:
syslog('error', "Cannot obtain nnrpd hook for authentication
method: %s" % errmsg[0])
On Sat, Jun 7, 2008 at 4:36 PM, Julien ÉLIE <julien at trigofacile.com> wrote:
> Hi David,
>
>> And what this means?
>> Jun 7 16:21:34 dev01 nnrpd[2787]: python access method not defined
>
> It means that the access method is not found in your nnrpd_auth.py file.
> According to the sample shipped with INN, it should be something like:
>
>
> class AUTH:
> def access(self, attributes):
> syslog('notice', 'n_a access() invoked: hostname %s, ipaddress %s,
> interface %s, user %s' % (\
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
>
> if '127.0.0.1' == str(attributes['ipaddress']):
> syslog('notice', 'authentication by IP address succeeded')
> return {'read':'*','post':'*'}
> else:
> syslog('notice', 'authentication by IP address failed')
> return {'read':'!*','post':'!*'}
>
> from nnrpd import *
> myauth = AUTH()
>
> try:
> set_auth_hook(myauth)
> syslog('notice', "authentication module successfully hooked into nnrpd")
> except Exception, errmsg:
> syslog('error', "Cannot obtain nnrpd hook for authentication method: %s" %
> errmsg[0])
>
>
>
>
> Does this mere sample work on your news server?
> (I have not tested.)
>
> --
> Julien ÉLIE
>
> « Quand je raconterai mon odyssée, personne ne me croira ! » (Astérix)
>
>
More information about the inn-workers
mailing list