readers.conf with python_access and python_auth

David Hláčik david at hlacik.eu
Sat Jun 7 15:00:01 UTC 2008


Yes of course i have method access in my nnrpd_auth.py I am using it
also with python_auth parameter and calling method auth. I have also
tested it with my test.py to see if access returns correct values.
Honestly i am starting to giving up whole think. I am currently on my
4th whole day working on nnrpd_auth.py and there is just so many
issues (import modules not work and so) :(

This is what i have :
class AUTH:
    """Provide authentication and authorization callbacks to nnrpd."""
    def __init__(self):
        """This is a good place to initialize variables or open a
           database connection.
        """
        # Create a list of NNTP codes to respond on connect
        self.connectcodes = {   'READPOST':200,
                                'READ':201,
                                'AUTHNEEDED':480,
                                'PERMDENIED':502
        }

        # Create a list of NNTP codes to respond on authentication
        self.authcodes = {  'ALLOWED':281,
                            'DENIED':502
        }

        syslog('notice', 'nnrpd authentication class instance created')

    def authenticate(self, attributes):
        """Called when python_auth is encountered in readers.conf"""

        # just for debugging purposes
        syslog('notice', 'n_a authenticate() invoked: hostname %s,
ipaddress %s, interface %s, user %s' % (\
                attributes['hostname'], \
                attributes['ipaddress'], \
                attributes['interface'], \
                attributes['user']))

        # do username passworld authentication
        #if 'foo' == str(attributes['user'])  \
        #   and 'foo' == str(attributes['pass']):
        #    syslog('notice', 'authentication by username succeeded')
        #    return ( self.authcodes['ALLOWED'], 'No error', 'default_user')
        #else:
        #    syslog('notice', 'authentication by username failed')
        #    return ( self.authcodes['DENIED'], 'Access Denied!')

        import os
        result = int(os.popen("%s %s %s"
%("/opt/pdg/newsauth.py",str(attributes['user']),str(attributes['pass'])),
"r").read())
        if result == 1:
                syslog('notice', 'authentication by username succeeded')
                return(self.authcodes['ALLOWED'], 'OK')
        else:
                syslog('notice', 'authentication by username failed')
                return ( self.authcodes['DENIED'], 'FAILED')

    def access(self, attributes):
        """Called when python_access is encountered in readers.conf"""

        # just for debugging purposes
        syslog('notice', 'n_a access() invoked: hostname %s, ipaddress
%s, interface %s, user %s' % (\
                attributes['hostname'], \
                attributes['ipaddress'], \
                attributes['interface'], \
                attributes['user']))

        # allow newsreading from specific host only
        #if '127.0.0.1' == str(attributes['ipaddress']):
        #    syslog('notice', 'authentication by IP address succeeded')
        #    return {'read':'*','post':'*'}
        #else:
        #    syslog('notice', 'authentication by IP address failed')
        #    return {'read':'!*','post':'!*'}
        import os
        groups = os.popen("%s %s %s"
%("/opt/pdg/newsaccess.py",str(attributes['user']),str(attributes['pass'])),
"r").read().split("\n")
        result = {}
        result['read'] = ",".join(groups)
        result['post'] = ",".join(groups)
        syslog('notice', 'acess groups defined')
        return result

    def dynamic(self, attributes):
        """Called when python_dynamic was reached in the processing of
           readers.conf and a reader requests either read or post
           permission for particular newsgroup.
        """
        # just for debugging purposes
        syslog('notice', 'n_a dyanmic() invoked against type %s,
hostname %s, ipaddress %s, interface %s, user %s' % (\
                attributes['type'], \
                attributes['hostname'], \
                attributes['ipaddress'], \
                attributes['interface'], \
                attributes['user']))

        # Allow reading of any newsgroup but not posting
        if 'post' == str(attributes['type']):
            syslog('notice', 'authorization for post access denied')
            return "no posting for you"
        elif 'read' == str(attributes['type']):
            syslog('notice', 'authorization for read access granted')
            return None
        else:
            syslog('notice', 'authorization type is not known: %s' %
attributes['type'])
            return "Internal error";


#
# The rest is used to hook up the auth module on nnrpd. It is unlikely
# you will ever need to modify this.
#

# Import functions exposed by nnrpd. This import must succeed, or nothing
# will work!
from nnrpd import *

# Create a class instance
myauth = AUTH()

# ...and try to hook up on nnrpd. This would make auth object methods visible
# to nnrpd.
try:
    set_auth_hook(myauth)
    syslog('notice', "authentication module successfully hooked into nnrpd")
except Exception, errmsg:
    syslog('error', "Cannot obtain nnrpd hook for authentication
method: %s" % errmsg[0])


#
# The rest is used to hook up the auth module on nnrpd. It is unlikely
# you will ever need to modify this.
#

# Import functions exposed by nnrpd. This import must succeed, or nothing
# will work!
from nnrpd import *

# Create a class instance
myauth = AUTH()

# ...and try to hook up on nnrpd. This would make auth object methods visible
# to nnrpd.
try:
    set_auth_hook(myauth)
    syslog('notice', "authentication module successfully hooked into nnrpd")
except Exception, errmsg:
    syslog('error', "Cannot obtain nnrpd hook for authentication
method: %s" % errmsg[0])


On Sat, Jun 7, 2008 at 4:36 PM, Julien ÉLIE <julien at trigofacile.com> wrote:
> Hi David,
>
>> And what this means?
>> Jun  7 16:21:34 dev01 nnrpd[2787]: python access method not defined
>
> It means that the access method is not found in your nnrpd_auth.py file.
> According to the sample shipped with INN, it should be something like:
>
>
> class AUTH:
>   def access(self, attributes):
>       syslog('notice', 'n_a access() invoked: hostname %s, ipaddress %s,
> interface %s, user %s' % (\
>           attributes['hostname'], \
>           attributes['ipaddress'], \
>           attributes['interface'], \
>           attributes['user']))
>
>       if '127.0.0.1' == str(attributes['ipaddress']):
>           syslog('notice', 'authentication by IP address succeeded')
>           return {'read':'*','post':'*'}
>       else:
>           syslog('notice', 'authentication by IP address failed')
>           return {'read':'!*','post':'!*'}
>
> from nnrpd import *
> myauth = AUTH()
>
> try:
>   set_auth_hook(myauth)
>   syslog('notice', "authentication module successfully hooked into nnrpd")
> except Exception, errmsg:
>   syslog('error', "Cannot obtain nnrpd hook for authentication method: %s" %
> errmsg[0])
>
>
>
>
> Does this mere sample work on your news server?
> (I have not tested.)
>
> --
> Julien ÉLIE
>
> « Quand je raconterai mon odyssée, personne ne me croira ! » (Astérix)
>
>


More information about the inn-workers mailing list