1#! /usr/bin/perl -w 2# fixscript will replace this line with code to load INN::Config 3 4## 5## Sample code for the nnrpd Perl authentication hooks. 6## 7## This file is loaded when a perl_auth: parameter is reached in 8## readers.conf. If it defines a sub named authenticate, that 9## function will be called during processing of a perl_auth: 10## parameter. Attributes about the connection are passed to the 11## program in the %attributes global variable. It should return an 12## array with two elements: 13## 14## 1) NNTP response code. Should be one of the codes from %authcodes 15## below to not risk violating the protocol. 16## 2) An error string to be passed to the client (make sure that 17## such a message is properly encoded in UTF-8 so as to comply with the 18## NNTP protocol). 19## Both elements are required. If there is a problem, nnrpd will die 20## and syslog the exact error. 21 22## The code below uses a user database based on CDB_File. It is 23## provided here as an example of an authentication script. 24 25## This file cannot be run as a standalone script, although it would be 26## worthwhile to add some code so that it could so that one could test the 27## results of various authentication and connection queries from the 28## command line. The #! line at the top is just so that fixscript will 29## work. 30 31use strict; 32use vars qw(%attributes %authcodes %users); 33 34# These codes are a widely implemented de facto standard. 35%authcodes = ('allowed' => 281, 'denied' => 481, 'error' => 403); 36 37# This sub should perform any initialization work that the 38# authentication stuff needs. 39sub auth_init { 40 require CDB_File; 41 tie (%users, 'CDB_File', $INN::Config::pathdb . '/users.cdb') 42 or warn "Could not open $INN::Config::pathdb/users.cdb for users: $!\n"; 43} 44 45# This function is called for authentication requests. For details on 46# all the information passed to it, see ~news/doc/hook-perl. 47sub authenticate { 48 return &checkuser(); 49} 50 51# This function assumes that there's a database tied as %users that 52# contains, keyed by users, a tab-separated list of the password (in 53# crypt format), whether they can post, a wildmat matching what 54# newsgroups they have access to, and the number of bytes per second 55# they're allowed to use. This section of the code only accesses the 56# username and password fields. See the file nnrpd_access.pl for 57# access rights based on the other fields. 58sub checkuser { 59 my $user = $attributes{'username'}; 60 my $pass = $attributes{'password'}; 61 62 return ($authcodes{denied}, "No username given.") 63 unless defined $users{$user}; 64 65 my ($password, $post, $speed, $subscription) = split(/\t/, $users{$user}); 66 return ($authcodes{denied}, "Incorrect password.") 67 if (crypt($pass, $password) ne $password); 68 69 return ($authcodes{allowed}, ""); 70} 71