[leafnode-list] group access control
Matthew Parry
mettw at yahoo.com.au
Fri Jul 21 09:50:11 CEST 2006
Hi,
The following diff for nntpd.c adds group access control to leafnode though hosts.allow.
The point of this is to allow someone to create local groups
and give other computers access to them without also
giving them access to all of the other newsgroups in USENET.
Thereby preventing the server's hard-drive possibly becoming
clogged with unwanted groups.
If the environment variable LEAFNODE_GROUPS is defined and non-empty
then leafnode assumes it is a space separated wildmat compatible list
of newsgroups to grant access to.
On GROUP, NEWNEWS, POST and ARTICLE leafnode checks to see if the
group is listed in LEAFNODE_GROUPS and if not gives a reply of:
484 access to group xxx is restricted
On tin this seems to block access.
There don't appear to be any bugs other than that the format of
LEAFNODE_GROUPS is not checked.
--
Matthew Parry
-
"There now, didn't I tell you to keep a good count? Well,
there's an end of the story. God knows there's no going on
with it now." - Sancho Panza.
84a85,127
> /*
> * Determine if the env var LEAFNODE_GROUPS is set and if so then
> * whether the group passed as an argument is in it.
> *
> * LEAFNODE_GROUPS is a space seperated list of newsgroups to
> * allow access to. Can use wildmat patterns.
> *
> * On GROUP, NEWNEWS, ARTICLE and POST, if LEAFNODE_GROUPS is set and
> * non-empty and the group is not listed in LEAFNODE_GROUPS then the
> * server sends a "484 access to the group xxx is restricted" error.
> *
> * BUGS:
> *
> * No checks done on the format of LEAFNODE_GROUPS.
> *
> * Matthew Parry <mettw at yahoo.com.au>
> */
>
> static struct stringlisthead *allowed_groups = NULL;
> static int allow_all_groups = FALSE;
>
> static int
> allow_access_to_group(char *name)
> {
> if(allow_all_groups)
> return TRUE;
> else if(!allowed_groups){
> char *leafnode_groups = getenv("LEAFNODE_GROUPS");
>
> if(!leafnode_groups || strlen(leafnode_groups) == 0){
> allow_all_groups = TRUE;
> return TRUE;
> } else
> allowed_groups = cmdlinetolist(leafnode_groups);
>
> }
>
> if(matchlist(allowed_groups->head, name) == NULL)
> return FALSE;
> else
> return TRUE;
> }
>
566a610,614
> if(!allow_access_to_group(group->name)){
> nntpprintf("484 access to group %s is restricted",
> group->name);
> return;
> }
691a740,745
> if(!allow_access_to_group(g->name)){
> nntpprintf("484 access to the group %s is restricted",
> g->name);
> return group;
> }
>
1017a1072,1077
> if(!allow_access_to_group(l->head->string)){
> nntpprintf("484 acces to the group %s is restricted",
> l->head->string);
> freelist(l);
> return;
> }
1480a1541,1550
>
> /* Check first if access to group is permitted */
> if(!allow_access_to_group(t)) {
> nntpprintf("502 access to the group %s is restricted",
> t);
> log_unlink(inname, 0);
> free(u);
> goto cleanup;
> }
>
Send instant messages to your online friends http://au.messenger.yahoo.com
More information about the leafnode-list
mailing list