2 # fixscript will replace this line with require innshellvars.pl
5 ## Sample code for the nnrpd Perl authentication hooks.
7 ## This file is loaded when a perl_auth: parameter is reached in
8 ## readers.conf. If it defines a sub named authenticate, that
9 ## function will be called during processing of a perl_auth:
10 ## parameter. Attributes about the connection are passed to the
11 ## program in the %attributes global variable. It should return an
12 ## array with two elements:
14 ## 1) NNTP response code. Should be one of the codes from %authcodes
15 ## below to not risk violating the protocol.
16 ## 2) An error string to be passed to the client.
17 ## Both elements are required. If there is a problem, nnrpd will die
18 ## and syslog the exact error.
20 ## The code below uses a user database based on CDB_File. It is
21 ## provided here as an example of an authentication script.
23 ## This file cannot be run as a standalone script, although it would be
24 ## worthwhile to add some code so that it could so that one could test the
25 ## results of various authentication and connection queries from the
26 ## command line. The #! line at the top is just so that fixscript will
30 use vars qw(%attributes %authcodes %users);
32 # These codes are a widely implemented de facto standard.
33 %authcodes = ('allowed' => 281, 'denied' => 502);
35 # This sub should perform any initialization work that the
36 # authentication stuff needs.
39 tie (%users, 'CDB_File', $inn::pathdb . '/users.cdb')
40 or warn "Could not open $inn::pathdb/users.cdb for users: $!\n";
43 # This function is called for authentication requests. For details on
44 # all the information passed to it, see ~news/doc/hook-perl.
49 # This function assumes that there's a database tied as %users that
50 # contains, keyed by users, a tab-separated list of the password (in
51 # crypt format), whether they can post, a wildmat matching what
52 # newsgroups they have access to, and the number of bytes per second
53 # they're allowed to use. This section of the code only accesses the
54 # username and password fields. See the file nnrpd_access.pl for
55 # access rights based on the other fields.
57 my $user = $attributes{'username'};
58 my $pass = $attributes{'password'};
60 return ($authcodes{denied}, "No username given.")
61 unless defined $users{$user};
63 my ($password, $post, $speed, $subscription) = split(/\t/, $users{$user});
64 return ($authcodes{denied}, "Incorrect password.")
65 if (crypt($pass, $password) ne $password);
67 return ($authcodes{allowed}, "");