No subject


Fri Feb 17 02:32:51 UTC 2012


> Posting to the news.supernews.com nntp server, as configured since
> 31 March 2008, using inews -h, fails with "you do not have
> permission to post", because the nntp server responds to the
> initial post command with a "480 authentication required" response.
> inews.c, receiving what is not an "ok" response, terminates the
> connection rather than attempting to offer the article
> (at which point authentication, if required, is offered by inews).
>
> This patch fixes the problem for me:
>
> --- inn-2.4.3.orig/frontends/inews.c 2006-03-19 22:14:57.000000000 -0600
> +++ inn-2.4.3/frontends/inews.c 2008-04-08 13:10:39.000000000 -0500
> @@ -989,7 +989,7 @@
>  if ((j = atoi(buff)) != NNTP_BAD_COMMAND_VAL)
>      i = j;
>
> - if (i != NNTP_POSTOK_VAL)
> + if ((i != NNTP_POSTOK_VAL) && (i != NNTP_AUTH_NEEDED_VAL))
>             die("you do not have permission to post");
>  deadfile = NULL;
>     }

I have just tested and it works well (with passwd.nntp for inews).

However, I have a little question:

If readers.conf has only one auth/access block like:


auth "users-ssl" {
    hosts: "*"
    auth: "ckpasswd -f /home/news/work/testserver/etc/users"
}

access "users-ssl" {
    newsgroups: "*"
    access: RPA
}


it works pretty fine:


22:00 news at trigofacile ~% telnet localhost 1190
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
200 test-INN-2.4.4 InterNetNews server INN 2.4.4 (20080406 prerelease) ready
mode reader
200 test-INN-2.4.4 InterNetNews NNRP server INN 2.4.4 (20080406 prerelease) ready (posting ok).
post
480 Authentication required for command
quit
205 .

(and I can authentify myself if I want)



But if I have two blocks like:


auth "users" {
    hosts: "*"
    default: "<all>"
}

access "users" {
    users: "<all>"
    newsgroups: "*,!fr.*"
    access: R
}

auth "users-ssl" {
    hosts: "*"
    auth: "ckpasswd -f /home/news/work/testserver/etc/users"
}

access "users-ssl" {
    newsgroups: "*,!trigofacile.test.batavia"
    strippath: "true"
    access: RPA
}


the answer is different:


21:58 news at trigofacile ~% telnet localhost 1190
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
200 test-INN-2.4.4 InterNetNews server INN 2.4.4 (20080406 prerelease) ready
mode reader
201 test-INN-2.4.4 InterNetNews NNRP server INN 2.4.4 (20080406 prerelease) ready (no posting).
post
440 Posting not allowed
quit
205 .


We have a 440 error code (and not a 480 one, even though I can authentify
myself afterwards).  Indeed, I am in "users" and not in "users-ssl".

Is this the correct behaviour?

And what should we do regarding inews?  Shouldn't it also try to
authenticate if 440 is returned?

Regards,

-- 
Julien ÉLIE

« -- Ensuite, il n'y a plus qu'à tirer, comme pour la pêche au gros.
  -- Qui est gros ? » (Astérix) 



More information about the inn-workers mailing list