To:               inn-bugs@isc.org
Subject:          User authentication in nnrpd.
Send reply to:    Martin Ostermann <ost@comnets.rwth-aachen.de>
From:             Martin Ostermann <ost@comnets.rwth-aachen.de>
Date sent:        26 Feb 1998 11:48:10 +0100

Hi,

nnrpd doesn't behave like dokumented in its man page. When
authenticating a user, the host/domain entry is neglected. So a 
user coming from some domain A that is allowd some access is given 
permisson upon using a user/pass combination that was meant to be only
valid for domain B. This means that I cannot control access based on
origin additionally to user authentifiction. Sometimes this is needed,
though. 

Patch below is based on inn-1.5.1 and fixes that.

Regards, Martin


diff -urb nnrpd.org/commands.c nnrpd/commands.c
--- nnrpd.org/commands.c	Tue Dec 17 15:40:40 1996
+++ nnrpd/commands.c	Thu Jan 29 14:47:02 1998
@@ -245,7 +245,7 @@
 	    PERMauthorized = TRUE;
 	    return;
 	}
-	if (PERMinfile((char *)NULL, (char *)NULL, User, Password,
+	if (PERMinfile(ClientHost, ClientAddr, User, Password,
 		accesslist)) {
 	    PERMspecified = NGgetlist(&PERMlist, accesslist);
 	    syslog(L_NOTICE, "%s user %s", ClientHost, User);
diff -urb nnrpd.org/nnrpd.c nnrpd/nnrpd.c
--- nnrpd.org/nnrpd.c	Tue Dec 17 15:40:40 1996
+++ nnrpd/nnrpd.c	Thu Feb 26 11:36:52 1998
@@ -384,12 +384,9 @@
 {
     struct sockaddr_in	sin;
     int			length;
-    char		buff[SMBUF];
-    char		*ClientAddr;
 
     /* Get the peer's name. */
     length = sizeof sin;
-    ClientAddr = NULL;
     if (getpeername(STDIN, (struct sockaddr *)&sin, &length) < 0) {
 	if (!isatty(STDIN)) {
 	    syslog(L_ERROR, "%s cant getpeername %m", "?");
@@ -430,8 +427,7 @@
 		ClientHost);
 	}
 	else {
-	    ClientAddr = buff;
-	    (void)strcpy(buff, inet_ntoa(sin.sin_addr));
+	    (void)strcpy(ClientAddr, inet_ntoa(sin.sin_addr));
 	}
 #else
 	(void)strcpy(ClientHost, inet_ntoa(sin.sin_addr));
diff -urb nnrpd.org/nnrpd.h nnrpd/nnrpd.h
--- nnrpd.org/nnrpd.h	Tue Dec 17 15:40:40 1996
+++ nnrpd/nnrpd.h	Thu Jan 29 14:44:46 1998
@@ -93,6 +93,7 @@
 EXTERN STRING	MyHostName;
 extern char	ACTIVE[];
 EXTERN char	ClientHost[SMBUF];
+EXTERN char	ClientAddr[SMBUF];
 EXTERN char	LogName[256] ;
 extern char	ACTIVETIMES[];
 extern char	HISTORY[];

-- 
Martin Ostermann                | 
mailto:ost+sig0@comnets.rwth-aachen.de

Communication Networks          | 
http://www.comnets.rwth-aachen.de/~ost

Aachen University of Technology | phone: ++49/241/807917
Germany                         | fax: ++49/241/8888242