1#! /usr/bin/perl -w
2# fixscript will replace this line with code to load INN::Config
3
4##
5##  Sample code for the nnrpd Perl authentication hooks.
6##
7##  This file is loaded when a perl_auth: parameter is reached in
8##  readers.conf.  If it defines a sub named authenticate, that
9##  function will be called during processing of a perl_auth:
10##  parameter. Attributes about the connection are passed to the
11##  program in the %attributes global variable.  It should return an
12##  array with two elements:
13##
14##  1) NNTP response code.  Should be one of the codes from %authcodes
15##  below to not risk violating the protocol.
16##  2) An error string to be passed to the client (make sure that
17##  such a message is properly encoded in UTF-8 so as to comply with the
18##  NNTP protocol).
19##  Both elements are required.  If there is a problem, nnrpd will die
20##  and syslog the exact error.
21
22##  The code below uses a user database based on CDB_File. It is
23##  provided here as an example of an authentication script.
24
25##  This file cannot be run as a standalone script, although it would be
26##  worthwhile to add some code so that it could so that one could test the
27##  results of various authentication and connection queries from the
28##  command line.  The #! line at the top is just so that fixscript will
29##  work.
30
31use strict;
32use vars qw(%attributes %authcodes %users);
33
34# These codes are a widely implemented de facto standard.
35%authcodes = ('allowed' => 281, 'denied' => 481, 'error' => 403);
36
37# This sub should perform any initialization work that the
38# authentication stuff needs.
39sub auth_init {
40    require CDB_File;
41    tie (%users, 'CDB_File', $INN::Config::pathdb . '/users.cdb')
42        or warn "Could not open $INN::Config::pathdb/users.cdb for users: $!\n";
43}
44
45# This function is called for authentication requests.  For details on
46# all the information passed to it, see ~news/doc/hook-perl.
47sub authenticate {
48    return &checkuser();
49}
50
51# This function assumes that there's a database tied as %users that
52# contains, keyed by users, a tab-separated list of the password (in
53# crypt format), whether they can post, a wildmat matching what
54# newsgroups they have access to, and the number of bytes per second
55# they're allowed to use. This section of the code only accesses the
56# username and password fields. See the file nnrpd_access.pl for
57# access rights based on the other fields.
58sub checkuser {
59    my $user = $attributes{'username'};
60    my $pass = $attributes{'password'};
61
62    return ($authcodes{denied}, "No username given.")
63        unless defined $users{$user};
64
65    my ($password, $post, $speed, $subscription) = split(/\t/, $users{$user});
66    return ($authcodes{denied}, "Incorrect password.")
67        if (crypt($pass, $password) ne $password);
68
69    return ($authcodes{allowed}, "");
70}
71