*** nnrpd_auth.pl.dist Thu Dec 10 16:03:40 1998 --- nnrpd_auth.pl Thu Dec 10 16:03:28 1998 *************** *** 19,33 **** # All four of these are required. If there is a problem with them then nnrpd # will die and syslog the exact reason. # # Sample Auth program # ! use vars qw(@readerconfig); ! use CDB_File; ! $authfile = "/usr/local/news/db/users.cdb"; ! $defaultgroups = "*"; require "/usr/local/news/lib/innshellvars.pl"; --- 19,35 ---- # All four of these are required. If there is a problem with them then nnrpd # will die and syslog the exact reason. + # Modified: 1998.12.10 v1.1+0.1 + # Copyright (C) 1998 Hisashi Gotoh + # Hitachi Information Network, Ltd. + # # Sample Auth program # ! use vars qw(@readerconfig, %userperm); ! $passwdfile = "/usr/local/news/nnrpdetc/passwd.nnrpd"; require "/usr/local/news/lib/innshellvars.pl"; *************** *** 43,50 **** while () { my (%tmp); chomp; - s/\#.*//g; ($tmp{block}, $perm, $user, $pass, $tmp{groups}) = split(/:/); if (!defined($tmp{groups})) { undef %tmp; --- 45,52 ---- while () { my (%tmp); + next if(/^#/); chomp; ($tmp{block}, $perm, $user, $pass, $tmp{groups}) = split(/:/); if (!defined($tmp{groups})) { undef %tmp; *************** *** 52,57 **** --- 54,60 ---- } $tmp{canread} = 1 if ($perm =~ /r/i); $tmp{canpost} = 1 if ($perm =~ /p/i); + $tmp{authneed} = 1 if ($user eq '+'); unshift(@readerconfig, \%tmp); } close(F); *************** *** 60,73 **** # This is called by nnrpd when it first starts up. sub auth_init { &loadnnrp($inn::newsetc . "/nnrp.access"); - tie(%users, 'CDB_File', $authfile) || warn "Could not open CDB file for users: $!\n"; } # This is called when a user connects or authenticates sub authenticate { my $key; ! foreach $key (keys %attributes) { ! } if ($attributes{type} eq "connect") { my (@results) = checkhost(); return @results; --- 63,75 ---- # This is called by nnrpd when it first starts up. sub auth_init { &loadnnrp($inn::newsetc . "/nnrp.access"); } # This is called when a user connects or authenticates sub authenticate { my $key; ! #foreach $key (keys %attributes) { ! #} if ($attributes{type} eq "connect") { my (@results) = checkhost(); return @results; *************** *** 78,109 **** return 502; } sub checkuser { my $user = $attributes{'username'}; my $pass = $attributes{'password'}; if (!defined($users{$user})) { return ($authcodes{'denied'}, undef, undef, undef); } ! my ($password, $news_post, $maxcon, $subscription) = split(/\t/, $users{$user}); my ($salt) = substr($password, 0, 2); if (crypt($pass, $salt) ne $password) { return ($authcodes{'denied'}, undef, undef, undef); } ! $news_post = lc($news_post); ! $news_post = ($news_post eq 'y') ? 1 : 0; ! if (!defined($subscription)) { ! $subscription = $defaultgroups; ! } ! return ($authcodes{'allowed'}, 1, $news_post , $subscription); } sub permtocode { ! my ($read, $post) = @_; return $connectcodes{'read/post'} if ($post); return $connectcodes{'read'} if ($read); ! return $connectcodes{'authneeded'}; } sub checkhost { --- 80,132 ---- return 502; } + sub loadpasswd { + my (%users, $user, $pass); + return if ( ! -f $passwdfile); + open(F, $passwdfile) || die "Could not open $passwdfile: $!\n"; + while () { + next if(/^#/); + chop; + ($user,$pass) = (split(':',$_))[0,1]; + $users{$user} = $pass; + } + close(F); + return(%users); + } + sub checkuser { my $user = $attributes{'username'}; my $pass = $attributes{'password'}; + my (%users) = &loadpasswd(); + if (!defined($users{$user})) { return ($authcodes{'denied'}, undef, undef, undef); } ! my ($password) = $users{$user}; my ($salt) = substr($password, 0, 2); if (crypt($pass, $salt) ne $password) { return ($authcodes{'denied'}, undef, undef, undef); } ! $news_read = $userperm{read}; ! $news_post = $userperm{post}; ! $subscription = $userperm{groups}; ! return ($authcodes{'allowed'}, $news_read, $news_post , $subscription); } sub permtocode { ! my ($read, $post, $authneed, $groups) = @_; + if ($authneed) { + $userperm{read} = 1 if($read); + $userperm{post} = 1 if($post); + $userperm{groups} = $groups; + } + + return $connectcodes{'authneeded'} if ($authneed); return $connectcodes{'read/post'} if ($post); return $connectcodes{'read'} if ($read); ! # return $connectcodes{'permdenied'}; } sub checkhost { *************** *** 111,117 **** foreach $key (@readerconfig) { # Process CIDR style entries first ! my ($read, $post) = ($key->{canread}, $key->{canpost}); if ($key->{block} =~ /(\d+\.\d+\.\d+\.\d+)\/(\d+)/) { $block = unpack('N', pack('C4', split(/\./, $1))); --- 134,142 ---- foreach $key (@readerconfig) { # Process CIDR style entries first ! # my ($read, $post) = ($key->{canread}, $key->{canpost}); ! my ($read, $post, $authneed) = ! ($key->{canread}, $key->{canpost}, $key->{authneed}); if ($key->{block} =~ /(\d+\.\d+\.\d+\.\d+)\/(\d+)/) { $block = unpack('N', pack('C4', split(/\./, $1))); *************** *** 119,134 **** $block = $block & $mask; $ip = unpack('N', pack('C4', split(/\./, $attributes{ipaddress}))); if (($ip & $mask) == $block) { ! return (permtocode($read, $post) , $read, $post, $key->{groups}); } } if ($attributes{ipaddress} =~ /$key->{block}/) { ! return (permtocode($read, $post), $read, $post, $key->{groups}); } if ($attributes{hostname} =~ /$key->{block}/) { ! return (permtocode($read, $post), $read, $post, $key->{groups}); } } return ($connectcodes{'permdenied'}, undef, undef, undef); } - --- 144,165 ---- $block = $block & $mask; $ip = unpack('N', pack('C4', split(/\./, $attributes{ipaddress}))); if (($ip & $mask) == $block) { ! # return (permtocode($read, $post) , $read, $post, $key->{groups}); ! return (permtocode($read, $post, $authneed, $key->{groups}), ! $read, $post, $key->{groups}); } } + # for perl regexp + $key->{block} =~ s/\*/.*/; + $key->{block} =~ s/\./\\./; if ($attributes{ipaddress} =~ /$key->{block}/) { ! return (permtocode($read, $post, $authneed, $key->{groups}), ! $read, $post, $key->{groups}); } if ($attributes{hostname} =~ /$key->{block}/) { ! return (permtocode($read, $post, $authneed, $key->{groups}), ! $read, $post, $key->{groups}); } } return ($connectcodes{'permdenied'}, undef, undef, undef); }