innreport: nnrpd_connect

Alexander Bartolich alexander.bartolich at gmx.at
Thu Jun 26 19:31:47 UTC 2008 

Here is an excempt from my /var/log/syslog.
Line numbers added by "nl -ba".
Addresses munged to protect the guilty.

      1  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 (192.168.1.1) connect
      2  Jun 26 07:47:24 alpha826 nnrpd[11536]: Reading access from /etc/news/readers.conf
      3  Jun 26 07:47:24 alpha826 nnrpd[11536]: Auth strategy 'xxx' does not match client.  Removing.
      4  Jun 26 07:47:24 alpha826 nnrpd[11536]: Auth strategy 'yyy' does not match client.  Removing.
      5  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 no_success_auth
      6  Jun 26 07:47:24 alpha826 nnrpd[11536]: SERVER perl filtering enabled
      7  Jun 26 07:47:24 alpha826 nnrpd[11536]: filter: authenticate s: login failed, password=w
      8  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 bad_auth
      9  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 no_success_auth
     10  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 bad_auth
     11  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 script error str: authenticate s: login failed
     12  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 times user 0.104 system 0.020 idle 0.000 elapsed 0.913
     13  Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 time 913 idle 797(3) nntpwrite 0(7)

The interesting thing is that "bad_auth" occurs twice.

In innreport_inn::collect does the following:
   $nnrpd_connect{'192.168.1.1'} is incremented once because of line 1.
   $nnrpd_no_permission{'192.168.1.1'} is incremented twice because of
   lines 8 and 10.

At the start of innreport_inn::adjust is a loop that does the following:
   $nnrpd_connect{$serv} -= $nnrpd_no_permission{$serv};
   # [...]
   delete $nnrpd_connect{$serv} unless $nnrpd_connect{$serv};

Because of the imbalance created by collect() the value of nnrpd_connect
can get negative. And since negative values are considered true by Perl
the delete statement is not executed in that case.

A second loop at the end of innreport_inn::adjust is even stranger:
       unless ($nnrpd_groups{$key} || $nnrpd_post_ok{$key} ||
               $nnrpd_articles{$key}) {
         $nnrpd_curious{$key} = $nnrpd_connect{$key};
         undef $nnrpd_connect{$key};
       }

So the negative values of nnrpd_connect get copied to nnrpd_curious.
And nnrpd_connect is littered with undef, causing errors in
innreport::ComputeTotal.

I don't know why bad_auth occurs twice for single login attempt.
But since nnrpd does not close the socket after failed "AUTHINFO PASS"
even larger imbalance between connect and bad_auth is possible.

Correct numbers can only be obtained if innreport_inn::collect tracks
sessions. Unfortunately the process ID is not passed on by innreport.
Anyway, the next problem then would be detect the end of a session.

Ciao

     Alexander.

More information about the inn-workers mailing list