readers.conf with python_access and python_auth
David Hláčik
david at hlacik.eu
Sat Jun 7 15:26:54 UTC 2008
Julien i have investigated problem,
seems like access method and authenticate method can not be located in
same file nnrpd_auth.py , i have created nnrpd_access.py with access
method only and nnrpd_auth.py with authenticate method only.
I will see in log :
python: n_a access() invoked: hostname david-nb.net.hlacik.eu,
ipaddress 10.10.10.199, interface 10.10.10.183, user boss
Jun 7 17:23:06 dev01 nnrpd[1378]: python: acess groups defined
Alltought, what i am getting in my Windows Mail on windows vista now is :
Windows Mail was unable to retrieve list of newsgroups located on
server message ,
with error string called wird =========BACKTRACE==================
What does it means?
And how it is possible that nnrpd_auth.py is shiped as a sample with
both auth and access when it needs to be in separated files, can it be
bug of inn2.4.3 which i am using on Centos 5.1?
Thanks
On Sat, Jun 7, 2008 at 5:00 PM, David Hláčik <david at hlacik.eu> wrote:
> Yes of course i have method access in my nnrpd_auth.py I am using it
> also with python_auth parameter and calling method auth. I have also
> tested it with my test.py to see if access returns correct values.
> Honestly i am starting to giving up whole think. I am currently on my
> 4th whole day working on nnrpd_auth.py and there is just so many
> issues (import modules not work and so) :(
>
> This is what i have :
> class AUTH:
> """Provide authentication and authorization callbacks to nnrpd."""
> def __init__(self):
> """This is a good place to initialize variables or open a
> database connection.
> """
> # Create a list of NNTP codes to respond on connect
> self.connectcodes = { 'READPOST':200,
> 'READ':201,
> 'AUTHNEEDED':480,
> 'PERMDENIED':502
> }
>
> # Create a list of NNTP codes to respond on authentication
> self.authcodes = { 'ALLOWED':281,
> 'DENIED':502
> }
>
> syslog('notice', 'nnrpd authentication class instance created')
>
> def authenticate(self, attributes):
> """Called when python_auth is encountered in readers.conf"""
>
> # just for debugging purposes
> syslog('notice', 'n_a authenticate() invoked: hostname %s,
> ipaddress %s, interface %s, user %s' % (\
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
>
> # do username passworld authentication
> #if 'foo' == str(attributes['user']) \
> # and 'foo' == str(attributes['pass']):
> # syslog('notice', 'authentication by username succeeded')
> # return ( self.authcodes['ALLOWED'], 'No error', 'default_user')
> #else:
> # syslog('notice', 'authentication by username failed')
> # return ( self.authcodes['DENIED'], 'Access Denied!')
>
> import os
> result = int(os.popen("%s %s %s"
> %("/opt/pdg/newsauth.py",str(attributes['user']),str(attributes['pass'])),
> "r").read())
> if result == 1:
> syslog('notice', 'authentication by username succeeded')
> return(self.authcodes['ALLOWED'], 'OK')
> else:
> syslog('notice', 'authentication by username failed')
> return ( self.authcodes['DENIED'], 'FAILED')
>
> def access(self, attributes):
> """Called when python_access is encountered in readers.conf"""
>
> # just for debugging purposes
> syslog('notice', 'n_a access() invoked: hostname %s, ipaddress
> %s, interface %s, user %s' % (\
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
>
> # allow newsreading from specific host only
> #if '127.0.0.1' == str(attributes['ipaddress']):
> # syslog('notice', 'authentication by IP address succeeded')
> # return {'read':'*','post':'*'}
> #else:
> # syslog('notice', 'authentication by IP address failed')
> # return {'read':'!*','post':'!*'}
> import os
> groups = os.popen("%s %s %s"
> %("/opt/pdg/newsaccess.py",str(attributes['user']),str(attributes['pass'])),
> "r").read().split("\n")
> result = {}
> result['read'] = ",".join(groups)
> result['post'] = ",".join(groups)
> syslog('notice', 'acess groups defined')
> return result
>
> def dynamic(self, attributes):
> """Called when python_dynamic was reached in the processing of
> readers.conf and a reader requests either read or post
> permission for particular newsgroup.
> """
> # just for debugging purposes
> syslog('notice', 'n_a dyanmic() invoked against type %s,
> hostname %s, ipaddress %s, interface %s, user %s' % (\
> attributes['type'], \
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
>
> # Allow reading of any newsgroup but not posting
> if 'post' == str(attributes['type']):
> syslog('notice', 'authorization for post access denied')
> return "no posting for you"
> elif 'read' == str(attributes['type']):
> syslog('notice', 'authorization for read access granted')
> return None
> else:
> syslog('notice', 'authorization type is not known: %s' %
> attributes['type'])
> return "Internal error";
>
>
> #
> # The rest is used to hook up the auth module on nnrpd. It is unlikely
> # you will ever need to modify this.
> #
>
> # Import functions exposed by nnrpd. This import must succeed, or nothing
> # will work!
> from nnrpd import *
>
> # Create a class instance
> myauth = AUTH()
>
> # ...and try to hook up on nnrpd. This would make auth object methods visible
> # to nnrpd.
> try:
> set_auth_hook(myauth)
> syslog('notice', "authentication module successfully hooked into nnrpd")
> except Exception, errmsg:
> syslog('error', "Cannot obtain nnrpd hook for authentication
> method: %s" % errmsg[0])
>
>
> #
> # The rest is used to hook up the auth module on nnrpd. It is unlikely
> # you will ever need to modify this.
> #
>
> # Import functions exposed by nnrpd. This import must succeed, or nothing
> # will work!
> from nnrpd import *
>
> # Create a class instance
> myauth = AUTH()
>
> # ...and try to hook up on nnrpd. This would make auth object methods visible
> # to nnrpd.
> try:
> set_auth_hook(myauth)
> syslog('notice', "authentication module successfully hooked into nnrpd")
> except Exception, errmsg:
> syslog('error', "Cannot obtain nnrpd hook for authentication
> method: %s" % errmsg[0])
>
>
> On Sat, Jun 7, 2008 at 4:36 PM, Julien ÉLIE <julien at trigofacile.com> wrote:
>> Hi David,
>>
>>> And what this means?
>>> Jun 7 16:21:34 dev01 nnrpd[2787]: python access method not defined
>>
>> It means that the access method is not found in your nnrpd_auth.py file.
>> According to the sample shipped with INN, it should be something like:
>>
>>
>> class AUTH:
>> def access(self, attributes):
>> syslog('notice', 'n_a access() invoked: hostname %s, ipaddress %s,
>> interface %s, user %s' % (\
>> attributes['hostname'], \
>> attributes['ipaddress'], \
>> attributes['interface'], \
>> attributes['user']))
>>
>> if '127.0.0.1' == str(attributes['ipaddress']):
>> syslog('notice', 'authentication by IP address succeeded')
>> return {'read':'*','post':'*'}
>> else:
>> syslog('notice', 'authentication by IP address failed')
>> return {'read':'!*','post':'!*'}
>>
>> from nnrpd import *
>> myauth = AUTH()
>>
>> try:
>> set_auth_hook(myauth)
>> syslog('notice', "authentication module successfully hooked into nnrpd")
>> except Exception, errmsg:
>> syslog('error', "Cannot obtain nnrpd hook for authentication method: %s" %
>> errmsg[0])
>>
>>
>>
>>
>> Does this mere sample work on your news server?
>> (I have not tested.)
>>
>> --
>> Julien ÉLIE
>>
>> « Quand je raconterai mon odyssée, personne ne me croira ! » (Astérix)
>>
>>
>
More information about the inn-workers
mailing list