innreport: nnrpd_connect
Alexander Bartolich
alexander.bartolich at gmx.at
Thu Jun 26 19:31:47 UTC 2008
Here is an excempt from my /var/log/syslog.
Line numbers added by "nl -ba".
Addresses munged to protect the guilty.
1 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 (192.168.1.1) connect
2 Jun 26 07:47:24 alpha826 nnrpd[11536]: Reading access from /etc/news/readers.conf
3 Jun 26 07:47:24 alpha826 nnrpd[11536]: Auth strategy 'xxx' does not match client. Removing.
4 Jun 26 07:47:24 alpha826 nnrpd[11536]: Auth strategy 'yyy' does not match client. Removing.
5 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 no_success_auth
6 Jun 26 07:47:24 alpha826 nnrpd[11536]: SERVER perl filtering enabled
7 Jun 26 07:47:24 alpha826 nnrpd[11536]: filter: authenticate s: login failed, password=w
8 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 bad_auth
9 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 no_success_auth
10 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 bad_auth
11 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 script error str: authenticate s: login failed
12 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 times user 0.104 system 0.020 idle 0.000 elapsed 0.913
13 Jun 26 07:47:24 alpha826 nnrpd[11536]: 192.168.1.1 time 913 idle 797(3) nntpwrite 0(7)
The interesting thing is that "bad_auth" occurs twice.
In innreport_inn::collect does the following:
$nnrpd_connect{'192.168.1.1'} is incremented once because of line 1.
$nnrpd_no_permission{'192.168.1.1'} is incremented twice because of
lines 8 and 10.
At the start of innreport_inn::adjust is a loop that does the following:
$nnrpd_connect{$serv} -= $nnrpd_no_permission{$serv};
# [...]
delete $nnrpd_connect{$serv} unless $nnrpd_connect{$serv};
Because of the imbalance created by collect() the value of nnrpd_connect
can get negative. And since negative values are considered true by Perl
the delete statement is not executed in that case.
A second loop at the end of innreport_inn::adjust is even stranger:
unless ($nnrpd_groups{$key} || $nnrpd_post_ok{$key} ||
$nnrpd_articles{$key}) {
$nnrpd_curious{$key} = $nnrpd_connect{$key};
undef $nnrpd_connect{$key};
}
So the negative values of nnrpd_connect get copied to nnrpd_curious.
And nnrpd_connect is littered with undef, causing errors in
innreport::ComputeTotal.
I don't know why bad_auth occurs twice for single login attempt.
But since nnrpd does not close the socket after failed "AUTHINFO PASS"
even larger imbalance between connect and bad_auth is possible.
Correct numbers can only be obtained if innreport_inn::collect tracks
sessions. Unfortunately the process ID is not passed on by innreport.
Anyway, the next problem then would be detect the end of a session.
Ciao
Alexander.
More information about the inn-workers
mailing list