diff -Nrup inn-2.4.4/ChangeLog inn-2.4.5/ChangeLog --- inn-2.4.4/ChangeLog 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/ChangeLog 2008-06-29 10:56:57.000000000 -0700 @@ -1,500 +1,238 @@ -2008-05-05 iulius +2008-06-29 iulius - * NEWS, doc/pod/news.pod: Update the ChangeLog for Perl 5.10 - support. + * lib/perl.c: Use snprintf instead of asprintf. - * innd/perl.c, lib/perl.c, nnrpd/perl.c: Perl 5.10 support for INN. - Thanks, Jakub Bogusz, for the patch. + * doc/hook-python, doc/pod/hook-python.pod: Use initial capital + letters for head titles. -2008-04-30 iulius - - * NEWS, doc/pod/news.pod: Update the ChangeLog for Berkeley DB 4.5 - (which works). - - * configure, configure.in: Fix a problem at build time: auth_krb5.c - should normally be compiled only if "--with-kerberos" is given to - configure. - -2008-04-26 iulius - - * innfeed/host.c: Fix a bug in hostDeleteIpv4Addr(): after innfeed - has called that function, host->nextIpAddr can point outside the - host->ipAddrs[] array. - - * NEWS, doc/man/innfeed.1, doc/man/mailpost.8, doc/man/pullnews.1: - Update generated documentation. - - * doc/pod/news.pod: New changelog for INN 2.4.4 (the last one?). - - * doc/pod/pullnews.pod, frontends/pullnews.in: Fix bugs in pullnews - because of a lack of parenthesis. Update its documentation for -x - (and also add this feature). - - * doc/pod/mailpost.pod, frontends/mailpost.in: * Fix a bug when - mailpost either couldn't find the pathtmp directory or couldn't - write to it; * Add documentation for -h, -n and -o; * Add a list - of known headers; * Clarify the use of -b; * Fix - /mailpost-msgid.db which is /mailpost-msgid.dir - and /mailpost-msgid.pag; * Fix the usage of [newsgroups] - which is not optional; * It is $Database and not $lockfile in - dbmopen/close; * Better formatting of error mails; * Typos. - - * LICENSE: Clarify RSA's license for lib/md5.c. - - * NEWS, doc/pod/news.pod, innfeed/connection.c: Revert commit 7753 - because innfeed uses too much CPU with it. - -2008-04-17 iulius - - * NEWS, doc/pod/news.pod: Update the ChangeLog for INN 2.4.4 (new - features for bindaddress and bindaddress6, instead of - force-ipv4). - - * doc/man/innfeed.conf.5, innfeed/connection.c, innfeed/host.c, - innfeed/host.h: bindaddress/bindaddress6 keys can now be set on a - per-peer basis in infeed.conf. - - Setting "bindaddress6: none" is equivalent to "force-ipv4: true". - - Both bindaddress and bindaddress6 work simultaneously, using - bindaddress for IPv4 peer addresses and bindaddress6 for IPv6 - peer addresses. If a peer has IPv6 addresses, and at least one of - them works, it never falls back to IPv4. If none of the IPv6 - addresses work, it falls back to IPv4. - - Since the server cannot connect to an IPv4 address if it binds to - an IPv6 address and the other way around, hostIpAddr() has been - changed to take an extra "family" argument, so that IPv4 - addresses are skipped for IPv6 sockets and vice versa. - - Thanks to Miquel van Smoorenburg for this patch. - -2008-04-13 iulius - - * NEWS, doc/pod/news.pod: Changelog for INN 2.4.4. - - * scripts/scanlogs.in: scanlogs now rotates innfeed's log file (a - regexp is used to find its name in innfeed.conf). When this log - file reached 2 GB, innfeed began to silently die whenever it is - started. - - Also fix the rotation of send-nntp.log and send-uucp.log. - - Thanks to Shalon Wood for the bug report. - - * frontends/inews.c: inews now tries to authenticate if it does not - receive a 200 return code after MODE READER. Indeed, it might be - able to post even with a 201 return code (and also with another - codes like 440 or 480 but such codes are not RFC compliant in - reply to MODE READER). - - Thanks to Alan Schwartz for the bug report. - - * doc/man/innfeed.conf.5: Fix escape characters in the innfeed.conf - man page. - -2008-04-12 iulius - - * configure, configure.in, storage/ovdb/ovdb.c: INN now supports - Berkeley DB 4.6. Thanks to Marco d'Itri for the patch. - -2008-04-10 iulius - - * nnrpd/line.c: It seems that the SSL_read cannot be mixed with - select() as in the current code. SSL communicates in its own data - blocks and hand shaking. The do_readline using SSL_read could - return, but still with a partial line in the SSL_read buffer. - Then the server SSL routine would sit there waiting for - completion of that data block while nnrpd sat at the select() - routine waiting for more data from the server. - - (Without this patch, clients like Thunderbird, SeaMonkey or slrn - sometimes hang when posting using a SSL connection.) - - Here, we decide to just bypass the select() wait. Unlike innd - with multiple threads, the select on nnrpd is just waiting on a - single file descriptor, so it is not really essential with - blocked read like SSL_read. Using an alarm signal around SSL_read - for non active timeout, SSL works without dead locks. However, - without the select() wait, the IDLE timer stat won't be - collected... - - Patch from Kachun Lee. - -2008-04-09 iulius - - * innfeed/connection.c: In all of the response handlers that idle - the connection if there's nothing left in the queue, don't idle - if there are writes pending. The cases where this could possibly - trigger are obscure and involve the remote peer doing evil - things, but the rest of the code handles it correctly and we were - still seeing assertion failures, indicating that evil may be - happening. - - In issueStreamingCommands, make certain that there are no pending - writes before idling the connection. - - Add the code to ihaveBodyDone that was already in - commandWriteDone to idle the connection if the queue is empty in - case we'd had to defer the idle in the response handler due to an - unfinished write. - - Whenever doSomeWrites is called with writes still pending, add a - work callback to do the write at the next opportunity. This - should eliminate a temporary connection deadlock state on - flushing, where the response to the IHAVE body arrived before we - finished writing it. Before, doSomeWrites would have failed to - call issueQUIT because writes were still pending, and then after - the writes complete, there's no code to go back and issue it - until the read timeout expires. - - Thanks to Russ Allbery for the patch. - -2008-04-06 iulius - - * doc/man/inn.conf.5, doc/man/innd.8, doc/man/nnrpd.8, - doc/pod/inn.conf.pod, doc/pod/nnrpd.pod, include/inn/innconf.h, - innd/rc.c, lib/innconf.c, samples/inn.conf.in: Add a "nnrpdflags" - parameter to inn.conf (modeled on the concept of "innflags") to - permit passing of commandline arguments to instances of nnrpd - spawned from innd. - - * scripts/innreport_inn.pm: Do not report an unknown line when a - cancel feed is closed. Innreport does not (currently) count such - cancels. - - * innd/inndstart.c: This patch makes innd listen on separate - sockets for IPv4 and IPv6 connections if the IPV6_V6ONLY socket - option is available. - - There might also be operating systems that still have separate - IPv4 and IPv6 TCP implementations, and advanced features like TCP - SACK might not be available on v6 sockets. - - Thanks to Miquel van Smoorenburg for this patch. - - * doc/pod/inn.conf.pod, doc/pod/innd.pod, include/inn/innconf.h, - innd/art.c, innd/cc.c, innd/innd.c, innd/innd.h, innd/site.c, - lib/innconf.c, samples/inn.conf.in, scripts/inncheck.in, - tests/lib/innconf-t.c: This patch adds a new inn.conf parameter - called "pathcluster" which allows to append a common name to the - Path: header on all incoming articles. "pathhost" and "pathalias" - (if set) are still appended to the path as usual, but - "pathcluster" is always appended as the last element (e.g. on the - leftmost side of the Path: header). - - If the last pathname of the incoming article is the same as - "pathcluster", it is stripped from the path. - - Thanks to Miquel van Smoorenburg for this patch. - - * innd/Makefile: Update dependencies. - - * authprogs/radius.c: Switch xmalloc to xcalloc. Bug reported by - Erik Klavon. - - * innd/rc.c: Group blocks in incoming.conf are now correctly parsed - and no longer cause segfaults. - - * control/docheckgroups.in, control/modules/checkgroups.pl, - control/modules/newgroup.pl, control/modules/rmgroup.pl: - docheckgroups now handles wireformat articles (for using it - manually from the spool) and warns when there are missing or - obsolete descriptions. - - Newgroup control messages for existing groups now change their - description. If a mail is sent to administrators, it reminds them - to update their newsgroups file. Now pretty print the newsgroups - file (from one to three tabulations between the name of the group - and its short description). Refuse the creation of to. groups. - - Checkgroups when there is nothing to change no longer result in - sending a blank mail to administrators. - - * scripts/innreport_inn.pm: Better innreport processing of log - files (especially for Python filtering and Cleanfeed rejects). - Add a NoCeM entry for perl-nocem. Only ncmspool was previously - parsed. - - * doc/man/innd.8, doc/man/newsfeeds.5, doc/pod/innd.pod, - doc/pod/newsfeeds.pod, frontends/sys2nf.c, innd/art.c, - samples/newsfeeds.in: * Checkgroups are now properly propagated - even though the news server does not carry the groups they are - posted to. * Improve documentation as for the use of - "!control,!control.*" regarding the propagation of control - articles. * Expand "control*" to "control,control.*" in - documentation and samples for more accuracy. * control.cancel is - mandatory for innd to start so cancel messages are not fed to - control. - - * control/pgpverify.in, doc/man/pgpverify.1: Typos. - - * doc/man/simpleftp.1, doc/pod/simpleftp.pod, scripts/Makefile, - scripts/simpleftp.in: Rewrite simpleftp to use Net::FTP. Indeed, - ftp.pl is no longer shipped with Perl 5 and the script does not - work. - - * Add support for usernames, passwords and ports. * Fix typos in - the documentation. * Remove the use of fixscript on simpleftp. * - Perl warnings are now on. - - * innfeed/endpoint.c: Fix a problem with innfeed continuously - segfaulting on amd64 hardware (and possibly on lots of 64 bits - platforms); sig_atomic_t is indeed a long and not an integer - there. - - Patch from Ollivier Robert. Many thanks to him and also to Kai - Gallasch for having reported the problem and provided the FreeBSD - server to debug it. - - * backends/send-uucp.in: Fix a bug in the display of the used - compressor (cunbatch was put if arguments were passed to gzip or - bzip2). - - * HACKING, doc/man/active.5, doc/man/active.times.5, - doc/man/auth_krb5.8, doc/man/auth_smb.8, doc/man/ckpasswd.8, - doc/man/control.ctl.5, doc/man/convdate.1, - doc/man/cycbuff.conf.5, doc/man/distrib.pats.5, doc/man/domain.8, - doc/man/expire.ctl.5, doc/man/expireover.8, doc/man/fastrm.1, - doc/man/grephistory.1, doc/man/ident.8, doc/man/inews.1, - doc/man/inn.conf.5, doc/man/innconfval.1, doc/man/innd.8, - doc/man/inndf.8, doc/man/inndstart.8, doc/man/innmail.1, - doc/man/innupgrade.8, doc/man/libauth.3, doc/man/libinnhist.3, - doc/man/list.3, doc/man/mailpost.8, doc/man/makehistory.8, - doc/man/motd.news.5, doc/man/newsfeeds.5, doc/man/ninpaths.8, - doc/man/nnrpd.8, doc/man/ovdb.5, doc/man/ovdb_init.8, - doc/man/ovdb_monitor.8, doc/man/ovdb_server.8, - doc/man/ovdb_stat.8, doc/man/passwd.nntp.5, doc/man/pgpverify.1, - doc/man/pullnews.1, doc/man/qio.3, doc/man/radius.8, - doc/man/radius.conf.5, doc/man/rc.news.8, doc/man/readers.conf.5, - doc/man/sasl.conf.5, doc/man/send-uucp.8, doc/man/sendinpaths.8, - doc/man/simpleftp.1, doc/man/sm.1, doc/man/subscriptions.5, - doc/man/tdx-util.8, doc/man/tst.3, doc/man/uwildmat.3: Generate - fresh man pages for INN 2.4.4. - - * CONTRIBUTORS: Typos. - - * backends/Makefile: Add missing man page generation for send-uucp. - - * control/perl-nocem.in, doc/man/perl-nocem.8: * perl-nocem will - now check for a timeout and re-open the socket if required. - Additionally, perl-nocem will switch to cancel_ctlinnd in case - cancel_nntp fails after sending the Message-ID. Thanks to - Christoph Biedl for the patch. * Fix the count of the time spent - in do_nocem(): the $start and $diff variables were consecutive. * - Use "%d" instead of "$nr" in sprintf. * Documentation fixes: * - perl-nocem does not expect a message but a token. * Add - "--no-default-keyring" because gpg otherwise uses the one in - ~/.gnupg (strange). * Mention the keyring and improve a lot this - documentation. - - * frontends/ovdb_init.c: Patch daemonize-ovdb_init to make - ovdb_init properly close stdin/out/err when it becomes a daemon. - The issue was reported by Viktor Pilpenok and fixed by Marco - d'Itri. Thanks to both of them. - - * nnrpd/list.c, nnrpd/nnrpd.c: * In response to a LIST [file] - command, if the file does not exist, we assume it is not - maintained and return 503 instead of 215 and an empty file. * - Typo in the answer for LIST MOTD (two final dots). * Add - capability to LIST ACTIVE.TIMES for a wildmat pattern as its - third argument (LIST ACTIVE.TIMES *nntp). * The "moderators" - keyword was missing in the answer for HELP. - - * doc/pod/newsfeeds.pod, innd/art.c, innd/innd.h, innd/newsfeeds.c, - innd/site.c, scripts/inncheck.in: Implementation of the Diablo - quickhash and hashfeed algorithms. It allows to distribute the - messages among several peers (new Q flag for newsfeeds). + * NEWS, doc/pod/news.pod, lib/perl.c: Fixed a hang in Perl hooks on + (at least) HP/PA since Perl 5.10. On such architectures, + pthread_mutex_lock() hangs inside perl_parse() if + PERL_SYS_INIT3() hasn't been called. - Thanks to Miquel van Smoorenburg for this implementation in INN. - - * support/config.guess, support/config.sub: Update support files - for autoconf to their last stable version. - - * samples/control.ctl: A more up-to-date control.ctl file from the - ISC. - - * authprogs/Makefile, backends/Makefile, expire/Makefile, - frontends/Makefile, history/Makefile, innd/Makefile, - innfeed/Makefile, lib/Makefile, nnrpd/Makefile, storage/Makefile: - Update dependencies. + Also rewrite "do" and "eval" calls to use perl_eval_pv(). - * LICENSE: Update license information. +2008-06-25 iulius -2008-01-19 eagle - - * innd/innd.c: Fix a variable reference in catch_terminate in the - non-sigaction case. - -2007-02-10 eagle - - * lib/dbz.c: Don't use ints; we lose with large files on many - systems. Use xpwrite instead of pwrite to get complete writes. - Based on a patch by Chris Caputo. - - * storage/buffindexed/buffindexed.c: When calculating the length of - a buffer, cast the calculation to off_t since it may be longer - than unsigned long. Thanks, Kirill Berezin. - -2007-02-09 eagle + * samples/innreport.conf.in: For two sections in innreport.conf + there is a mismatch between sort function and sorted hash. + + Thanks to Alexander Bartolich for this patch. - * include/inn/mmap.h, lib/dbz.c, lib/mmap.c, - storage/tradindexed/tdx-data.c, storage/tradindexed/tdx-group.c: - Rename mapcntl to inn_mapcntl and avoid having the function and - the wrapper define have the same name. It looks like at least - some compilers don't like this (and reasonably so). +2008-06-24 iulius -2007-01-16 eagle + * NEWS, doc/pod/news.pod, scripts/innreport_inn.pm: Fix another + long-standing bug in innreport which prevented it from correctly + reporting innfeed log messages. - * innd/cc.c, lib/inndcomm.c: Fix incomplete checking of packet - sizes in the ctlinnd interface in the no-Unix-domain-sockets - case. This is a potential buffer overflow in dead code since - basically all systems INN builds on support Unix domain sockets - these days, but let's not have that code sitting around anyway. - - Also track the buffer size more correctly in the client side of - this interface for the Unix domain socket case (we were thinking - it was smaller than it actually was). - - Thanks to zybadawg333@hushmail.com for the report. + * scripts/innreport_inn.pm: Suppress a few other nnrpd and + controlchan notices in innreport. -2006-11-22 eagle +2008-06-23 iulius - * control/controlchan.in: Pring the newline and not $_, not the - other way around. + * NEWS, doc/pod/news.pod: Add changelog for innreport. - * control/controlchan.in: When printing the blank line between - headers, don't also try to print $_; it's undefined at that - point. + * NEWS, doc/pod/news.pod: Changelog for INN 2.4.5 :-) -2006-11-21 eagle + * doc/hook-python: Update the auto-generated documentation for INN + 2.4.5. - * contrib/README: Various updates for new files and verb tense. - Remove ninpaths, which is now included in the main part of INN. - Patch from Julien ÉLIE. + * scripts/innreport_inn.pm: Fix a long-standing bug in innreport + which prevented it from correctly reporting nnrpd log messages. - * control/modules/newgroup.pl: Don't send mail if the action is no - change. Patch from Julien ÉLIE. + * scripts/innreport_inn.pm: Suppress a few warnings in innreport + (especially from Python hooks and nnrpd). Also backport some + other improvements made in TRUNK. -2006-09-11 eagle + * site, site/.cvsignore, site/Makefile: Install nnrpd.py which + previously was not. - * tests/runtests.c: Work around a bad interaction between the glibc - headers and gcc 4.1 that causes the sys/wait.h W* macros to fail - to compile when run on an int member of a const struct. + * MANIFEST, samples/nnrpd_access.py, samples/nnrpd_auth.py, + samples/nnrpd_dynamic.py, site, site/.cvsignore, site/Makefile: + Update the Python nnrpd filter. New samples for access and + dynamic hooks. - * TODO: Remove the link to Dave Barr's old INN site; that page - seems to have gone away. +2008-06-22 iulius -2006-09-07 eagle + * samples/filter_innd.py: Update the Python innd filter. - * samples/control.ctl: Update to new upstream version. + * doc/pod/hook-python.pod: Typo (canceled -> cancelled). -2006-09-04 eagle + * samples/nnrpd_access_wrapper.py, samples/nnrpd_auth_wrapper.py, + samples/nnrpd_dynamic_wrapper.py: Update old Python wrappers. - * samples/control.ctl: Update to current upstream version. + * samples/INN.py, samples/nnrpd.py: Update stub Python scripts. Fix + a compilation problem with INN.py (undefined variable) and add + missing methods. -2006-08-30 eagle + * doc/hook-python, doc/man/readers.conf.5, doc/pod/hook-python.pod, + doc/pod/readers.conf.pod: Update POD documentation for Python + hooks. It is a complete proof-reading. - * doc/pod/control.ctl.pod: Clarify the differences between - verify-*, verify-*=mail, doit, and doit=mail and correct some - inaccuracies noted by Iulius. + * nnrpd/python.c: No need to check the existence of methods not + used by the hooked script. - * control/controlchan.in: Handle wire format messages. Patch from - Iulius. + * innd/python.c, nnrpd/python.c: Fix an issue with Python exception + handling. -2006-08-28 eagle + * nnrpd/python.c: Fix typos. - * Makefile.global.in, authprogs/Makefile, authprogs/ckpasswd.c, - configure, configure.in, include/config.h.in: If compiling with - BerkeleyDB, use its ndbm compatibility layer for ckpasswd in - preference to searching for a traditional dbm library. Based on a - proposal by Marco d'Itri. + * nnrpd/python.c: Fix a segfault when one closes and then reopens + Python in the same process. files and dynamic_file are still + pointing to the old freed memory and INN blithely tries to write + to it. Thanks to Russ Allbery for the patch. - * frontends/ovdb_stat.c: Support for BerkeleyDB 4.4. Patch from - Marco d'Itri. +2008-06-21 iulius - * innfeed/host.c: Fix another mistake I made when merging. *sigh* + * innd/python.c: Better be more careful when decrementing the + reference count for these objects. - * innfeed/host.c: Fix typo in the previous change. +2008-06-16 iulius - * doc/man/innfeed.conf.5, innfeed/host.c, innfeed/innfeed.h, - samples/innfeed.conf: Add a force-ipv4 peer configuration option - for innfeed that, if set, tells innfeed to never attempt an IPv6 - connection to that host. Patch from Marco d'Itri. + * doc/external-auth, doc/hook-perl, doc/hook-python, + doc/man/active.5, doc/man/active.times.5, doc/man/auth_krb5.8, + doc/man/auth_smb.8, doc/man/ckpasswd.8, doc/man/control.ctl.5, + doc/man/convdate.1, doc/man/cycbuff.conf.5, + doc/man/distrib.pats.5, doc/man/domain.8, doc/man/expire.ctl.5, + doc/man/expireover.8, doc/man/fastrm.1, doc/man/grephistory.1, + doc/man/ident.8, doc/man/inews.1, doc/man/inn.conf.5, + doc/man/innconfval.1, doc/man/innd.8, doc/man/inndf.8, + doc/man/inndstart.8, doc/man/innmail.1, doc/man/innupgrade.8, + doc/man/libauth.3, doc/man/libinnhist.3, doc/man/list.3, + doc/man/mailpost.8, doc/man/makehistory.8, doc/man/motd.news.5, + doc/man/newsfeeds.5, doc/man/ninpaths.8, doc/man/nnrpd.8, + doc/man/ovdb.5, doc/man/ovdb_init.8, doc/man/ovdb_monitor.8, + doc/man/ovdb_server.8, doc/man/ovdb_stat.8, + doc/man/passwd.nntp.5, doc/man/qio.3, doc/man/radius.8, + doc/man/radius.conf.5, doc/man/rc.news.8, doc/man/readers.conf.5, + doc/man/sasl.conf.5, doc/man/sendinpaths.8, doc/man/simpleftp.1, + doc/man/sm.1, doc/man/subscriptions.5, doc/man/tdx-util.8, + doc/man/tst.3, doc/man/uwildmat.3: Update version number for INN + 2.4.5 documentation. - * innfeed/host.c: Tell getaddrinfo that we need a SOCK_STREAM so - that it won't return each address for a hostname three times, one - with each supported socket type. Patch from Henning Makholm by - way of Marco d'Itri. +2008-06-11 iulius - * samples/radius.conf: The RADIUS configuration has to be wrapped - in a server {} block. Thanks to Marco d'Itri for the patch. + * support/config.guess, support/config.sub: Update support files + for autoconf to their last stable version. -2006-08-27 eagle +2008-06-10 iulius - * doc/man/innfeed.conf.5: Fix a mistaken backlog-limit-high instead - of backlog-limit-highwater and document backlog-rotate-period. + * innd/python.c: Fix the name of a variable used in Python filters. -2006-08-26 eagle +2008-06-09 iulius - * control/perl-nocem.in: Update the documentation to use - --primary-keyring for importing keys and to drop - --allow-non-selfsigned-uid from the default options but describe - when it might be necessary. + * innd/python.c: Fix a bug when reloading Python filters. They + might not be correctly reloaded. They must be reimported before + being reloaded. - * control/perl-nocem.in: "error" is not a syslog level. Replace - with "err" instead. Reported by various people, including - Christoph Biedl. + * nnrpd/python.c: Fix a segfault when generating access groups with + embedded Python filters for nnrpd. Thanks to David Hlacik for the + bug report. - * innd/status.c: Report an error if we can't open the status file. - Reported by Bjoern A Zeeb. +2008-06-08 iulius - * configure, include/config.h.in: Regenerate. + * frontends/pullnews.in: Two minor issues resolved with this patch + by Geraint Edwards: * an off-by-one error on the limit to the + amount of articles to get; * when an article is not available, we + may have redundantly retried that article. - * nnrpd/commands.c: Fix another instance of treating article - numbers as signed. +2008-06-07 iulius - * nnrpd/list.c: Fix another occurrence of treating article numbers - as signed. + * doc/pod/cycbuff.conf.pod, doc/pod/hook-perl.pod, + doc/pod/hook-python.pod, innd/python.c, samples/filter_innd.pl: + Fix the use of "ctlinnd reload something 'reason'" in + documentation. - * nnrpd/article.c, nnrpd/group.c: Print out article numbers as - unsigned long with appropriate casts. Thanks to Piotr Meyer for - pointing out places where INN was assuming signed article - numbers. +2008-06-05 iulius - * nnrpd/nnrpd.c: Address2Name6 should lowercase the hostname just - like Address2Name since wildmat matching is case-sensitive. - Thanks to Brandon Hume for the patch. + * doc/hook-perl, doc/hook-python, doc/pod/hook-perl.pod, + doc/pod/hook-python.pod, innd/innd.c, innd/innd.h, + samples/filter_innd.py: Add access to several new headers within + Perl and Python hooks for innd. Thanks to Matija Nalis for the + patch. + + Also update the POD documentation and the Python sample. - * nnrpd/group.c: Empty LISTGROUP replies need to be terminated. - Thanks to David Canzi for the patch. + * doc/man/pullnews.1, doc/pod/pullnews.pod, frontends/pullnews.in: + A new improved version of pullnews. Great thanks to Geraint A. + Edwards for all his work. He added no more than 16 flags, fixed + some bugs and integrated the backupfeed contrib script by Kai + Henningsen, adding again 6 other flags. + + A long-standing but very minor bug in the -g option was + especially fixed and items from the to-do list implemented. + + From TODO: + + + reset highwater mark to match server (-w) + reset highwater + mark to zero (also -w) + add group to config (-G) + drop articles + with headers matching (or not matching) regexp (-m) + + From backupfeed: + + + pull only a proportion (factor) of articles (-f) + sleeps + between articles/groups (-z/-Z) + Path: fake hop insert (-F) + + NNTP connection timeout (-N) + overall session timeout (-S) + + Other new flags/features: + + -l logfile log to logfile (rather than /dev/null when rnews'ing!) + -s host:port add local port option (can use -p already) -t + retries attempt connect to upstream retries times -T retry_pause + wait between retries -k checkpt checkpoint the config file every + checkpt arts -C width when writing the progress bar - use width + columns -d debug_level self-explanatory -M max_arts only process + max_arts articles per run -H headers remove these headers from + articles -Q quietness set how quiet we are -R be a reader -n + no-op -P paths feed articles depending on number of hops in Path: - * samples/control.ctl: Update chi.* and the alt.* comment. +2008-05-25 iulius -2006-08-12 eagle + * control/modules/newgroup.pl: Fix a Perl warning. - * doc/pod/ckpasswd.pod: Update URL for the Linux-PAM System - Administrator's Guide. +2008-05-24 iulius -2006-04-15 eagle + * nnrpd/tls.c: When an article of a size greater than remaining + stack is retrieved via SSL, a segmentation fault will occur due + to the use of alloca(). The below patch uses heap based realloc() + instead of stack based alloca(), with a static buffer growing as + needed. It uses realloc() instead of malloc() for performance + reasons since this function is called frequently. The caveat is + that the memory is never free()'ed, so if more correct code is + desired, it should be adjusted. + + Thanks to Chris Caputo for this patch. - * doc/pod/hacking.pod: Document the version of svn2cl required. +2008-05-19 iulius -2006-04-10 eagle + * innd/Makefile, nnrpd/line.c: Implementation of the "alarm signal" + around SSL_read so that to prevent dead connections from leading + nnrpd processes to wait forever in SSL_read(). "clienttimeout" + now also works on SSL connections. + + Thanks to Matija Nalis for the patch. - * scripts/inncheck.in: Expect fewer things to be private to the - news user. Most of the configuration files will never contain - private information like passwords. + * nnrpd/tls.c: Implementation on systems that support it of + SO_KEEPALIVE in SSL TCP connections, allowing system detection + and closing the dead TCP SSL connections automatically after + system-specified time (usually at least 2 hours as recommended by + RFC (on Linux, see /proc/sys/net/ipv4/tcp_keepalive_*). + + Thanks to Matija Nalis for the patch. - * site/Makefile: If creating a new history file, set the ownership - and mode appropriately. Reported by Ernst Boetsch. +2008-05-18 iulius -2006-04-02 eagle + * innfeed/host.c: Fix a problem of undefined constant. - * tests/lib/snprintf-t.c: The %n test was written incorrectly on - AMD64. Thanks, Ernst Boetsch. +2008-05-14 iulius -2006-03-31 eagle + * innfeed/host.c: Fix a bug in ipAddrs which contained thrice the + same IPs. Rotating the peer IP addresses was a bit slower than it + could be. + + Thanks, D. Stussy, for having seen that. Miquel van Smoorenburg + provided the patch. - * samples/newsfeeds.in: Clarify the comment about the ME line. + * Makefile.global.in: Bump the revision number to 2.4.5 (in case it + is released one day). diff -Nrup inn-2.4.4/MANIFEST inn-2.4.5/MANIFEST --- inn-2.4.4/MANIFEST 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/MANIFEST 2008-06-29 10:56:57.000000000 -0700 @@ -566,12 +566,14 @@ samples/newsgroups.minimal Mi samples/nnrpd.py Python hooks for nnrpd samples/nnrpd.track Reader tracking configuration samples/nnrpd_access.pl.in Sample nnrpd Perl access hooks +samples/nnrpd_access.py Sample nnrpd Python access hooks samples/nnrpd_access_wrapper.pl.in Wrapper around old Perl access hooks samples/nnrpd_access_wrapper.py Wrapper around old Python access hooks samples/nnrpd_auth.pl.in Sample nnrpd Perl authorization hooks samples/nnrpd_auth.py Sample nnrpd Python authorization hooks samples/nnrpd_auth_wrapper.pl.in Wrapper around old Perl auth hooks samples/nnrpd_auth_wrapper.py Wrapper around old Python auth hooks +samples/nnrpd_dynamic.py Sample nnrpd Python dynamic access hooks samples/nnrpd_dynamic_wrapper.py Wrapper around old Python dynamic hooks samples/nntpsend.ctl Outgoing nntpsend feed configuration samples/ovdb.conf Berkeley DB overview configuration diff -Nrup inn-2.4.4/Makefile.global.in inn-2.4.5/Makefile.global.in --- inn-2.4.4/Makefile.global.in 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/Makefile.global.in 2008-06-29 10:56:57.000000000 -0700 @@ -1,4 +1,4 @@ -## $Id: Makefile.global.in 7565 2006-08-28 02:42:54Z eagle $ +## $Id: Makefile.global.in 7830 2008-05-14 18:57:39Z iulius $ ## ## This file is meant to be the central Makefile that configure works with ## and that all other Makefiles include. No Makefile other than this one @@ -14,7 +14,7 @@ ## put your own version information in $VERSION_EXTRA. If it's set to ## "CVS prerelease", the build time will be automatically included. -VERSION = 2.4.4 +VERSION = 2.4.5 VERSION_EXTRA = ## If you want to install INN relative to a root directory other than /, diff -Nrup inn-2.4.4/NEWS inn-2.4.5/NEWS --- inn-2.4.4/NEWS 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/NEWS 2008-06-29 10:56:57.000000000 -0700 @@ -1,3 +1,71 @@ +Changes in 2.4.5 + + * Fixed the "alarm signal" around "SSL_read" in nnrpd: it allows a + proper disconnection of news clients which were previously hanging + when posting an article through a SSL connection. Moreover, the + *clienttimeout* parameter now works on SSL connections. Thanks to + Matija Nalis for the patch. + + * SO_KEEPALIVE is now implemented for SSL TCP connections on systems + which support it, allowing system detection and closing the dead TCP + SSL connections automatically after system-specified time. Thanks to + Matija Nalis for the patch. + + * Fixed a segmentation fault when an article of a size greater than + remaining stack is retrieved via SSL. Thanks to Chris Caputo for this + patch. + + * Fixed a few segfaults and bugs which affected both Python innd and + nnrpd hooks. They no longer check the existence of methods not used + by the hooked script. An issue with Python exception handling was + also fixed, as well as a segfault fixed by Russ Allbery which happened + whenever one closes and then reopens Python in the same process. + Julien Elie also fixed a bug when reloading Python filters (they were + not always correctly reloaded) and a segfault when generating access + groups with embedded Python filters for nnrpd. Many thanks to David + Hlacik for its bug reports. + + * The nnrpd.py stub file in order to test Python nnrpd hooks, as + mentioned in their documentation, is now installed; only INN.py was + previously installed in *pathfilter*. Also fixed a bug in INN.py and + add missing methods to it. + + * Fixed a long-standing bug in innreport which prevented it from + correctly reporting nnrpd and innfeed log messages. + + * Fixed a hang in Perl hooks on (at least) HP/PA since Perl 5.10. + + * Fixed a compilation problem on some platforms because of AF_INET6 + which was not inside a HAVE_INET6 block in innfeed. + + * Fixed a bug in innfeed which contained thrice the same IPs for each + peer; it unnecessarily slowed the peer IP rotation for innfeed. + Thanks, D. Stussy, for having seen that. Miquel van Smoorenburg + provided the patch. + + * A new *heavily* improved version of pullnews is shipped with this INN + release. This new version is provided by Geraint Edwards. He added + no more than 16 flags, fixed some bugs and integrated the backupfeed + contrib script by Kai Henningsen, adding again 6 other flags. A + long-standing but very minor bug in the -g option was especially fixed + and items from the to-do list implemented. Many thanks again to + Geraint Edwards. + + * New headers are accessible through Perl and Python innd filtering + hooks. You will find the exact list in the INN Python Filtering and + Authentication Hooks documentation (doc/hook-python) and in Python + samples. Thanks to Matija Nalis for this addition of new useful + headers. + + * New samples for Python nnrpd hooks are shipped with INN: + nnrpd_access.py for access control and nnrpd_dynamic.py for dynamic + access control. The nnrpd_auth.py script is now only used for + authorization control. See the readers.conf man page for more + information (especially the *python_auth*, *python_access* and + *python_dynamic* parameters). The documention about INN Python + Filtering and Authentication Hooks has also been improved by Julien + Elie. + Changes in 2.4.4 * Fixed incomplete checking of packet sizes in the ctlinnd interface in diff -Nrup inn-2.4.4/control/modules/newgroup.pl inn-2.4.5/control/modules/newgroup.pl --- inn-2.4.4/control/modules/newgroup.pl 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/control/modules/newgroup.pl 2008-06-29 10:56:57.000000000 -0700 @@ -1,4 +1,4 @@ -## $Id: newgroup.pl 7743 2008-04-06 10:04:43Z iulius $ +## $Id: newgroup.pl 7849 2008-05-25 17:11:32Z iulius $ ## ## newgroup control message handler. ## @@ -139,9 +139,9 @@ END update_desc($ngname, $ngdesc) if $ngdesc and $ngname eq $groupname; } - if ($log ne 'mail' or $status ne 'no change') { + if ($log) { logger($log, "newgroup $groupname $modcmd $status $sender", - $headers, $body) if $log; + $headers, $body) if ($log ne 'mail' or $status ne 'no change'); } } return; diff -Nrup inn-2.4.4/doc/external-auth inn-2.4.5/doc/external-auth --- inn-2.4.4/doc/external-auth 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/external-auth 2008-06-29 10:56:57.000000000 -0700 @@ -1,6 +1,7 @@ NNRPD External Authentication Support - This is $Revision: 7141 $ dated $Date: 2005-03-17 03:42:46 -0800 (Thu, 17 Mar 2005) $. + This is $Revision: 7880 $ dated $Date: 2005-03-17 12:42:46 +0100 (Thu, + 17 Mar 2005) $. A fundamental part of the readers.conf(5)-based authorization mechanism is the interface to external authenticator and resolver programs. This diff -Nrup inn-2.4.4/doc/hook-perl inn-2.4.5/doc/hook-perl --- inn-2.4.4/doc/hook-perl 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/hook-perl 2008-06-29 10:56:57.000000000 -0700 @@ -1,6 +1,7 @@ INN Perl Filtering and Authentication Support - This is $Revision: 6221 $ dated $Date: 2003-02-09 19:21:27 -0800 (Sun, 09 Feb 2003) $. + This is $Revision: 7880 $ dated $Date: 2008-06-07 14:46:49 +0200 (Sat, + 07 Jun 2008) $. This file documents INN's built-in support for Perl filtering and reader authentication. The code is based very heavily on work by Christophe @@ -46,8 +47,8 @@ The innd Perl Filter cause it to be reloaded. filter_innd.pl, on the other hand, can be reloaded on command (with - "ctlinnd reload filter.perl"). Whenever filter_innd.pl is loaded, - including the first time at innd startup, the Perl function + "ctlinnd reload filter.perl 'reason'"). Whenever filter_innd.pl is + loaded, including the first time at innd startup, the Perl function filter_before_reload() is called before it's reloaded and the function filter_after_reload() is called after it's reloaded (if the functions exist). Additionally, any code in either startup_innd.pl or @@ -64,13 +65,13 @@ The innd Perl Filter load data that was preserved on disk across a stop and restart of innd (perhaps using filter_mode() -- see below). - As mentioned above, "ctlinnd reload filter.perl" (or "ctlinnd reload - all") will cause filter_innd.pl to be reloaded. If the function - filter_art() is defined after the file has been reloaded, filtering is - turned on. Otherwise, filtering is turned off. (Note that due to the - way Perl stores functions, once you've defined filter_art(), you can't - undefine it just by deleting it from the file and reloading the filter. - You'll need to replace it with an empty sub.) + As mentioned above, "ctlinnd reload filter.perl 'reason'" (or "ctlinnd + reload all 'reason'") will cause filter_innd.pl to be reloaded. If the + function filter_art() is defined after the file has been reloaded, + filtering is turned on. Otherwise, filtering is turned off. (Note that + due to the way Perl stores functions, once you've defined filter_art(), + you can't undefine it just by deleting it from the file and reloading + the filter. You'll need to replace it with an empty sub.) The Perl function filter_art() is the heart of a Perl filter. Whenever an article is received from a peer, via either IHAVE or TAKETHIS, @@ -83,34 +84,45 @@ The innd Perl Filter of the standard headers present in the article and their values. The standard headers are: - Approved, Control, Date, Distribution, Expires, From, Lines, - Message-ID, Newsgroups, Path, Reply-To, Sender, Subject, - Supersedes, Bytes, Also-Control, References, Keywords, X-Trace, - NNTP-Posting-Host, Followup-To, Organization, Content-Type, - Content-Base, Content-Disposition, X-Newsreader, X-Mailer, - X-Cancelled-By, X-Canceled-By, Cancel-Key - - (so, for example, the Newsgroups header of the article is accessible - inside the Perl filter as $hdr{Newsgroups}). In addition, - $hdr{__BODY__} will contain the full body of the article and - $hdr{__LINES__} will contain the number of lines in the body of the - article. + Also-Control, Approved, Bytes, Cancel-Key, Cancel-Lock, + Content-Base, Content-Disposition, Content-Transfer-Encoding, + Content-Type, Control, Date, Date-Received, Distribution, Expires, + Face, Followup-To, From, In-Reply-To, Injection-Date, Injection-Info, + Keywords, Lines, List-ID, Message-ID, MIME-Version, Newsgroups, + NNTP-Posting-Date, NNTP-Posting-Host, Organization, Originator, + Path, Posted, Posting-Version, Received, References, Relay-Version, + Reply-To, Sender, Subject, Supersedes, User-Agent, + X-Auth, X-Canceled-By, X-Cancelled-By, X-Complaints-To, X-Face, + X-HTTP-UserAgent, X-HTTP-Via, X-Mailer, X-Modbot, X-Modtrace, + X-Newsposter, X-Newsreader, X-No-Archive, X-Original-Message-ID, + X-Original-Trace, X-Originating-IP, X-PGP-Key, X-PGP-Sig, + X-Poster-Trace, X-Postfilter, X-Proxy-User, X-Submissions-To, + X-Trace, X-Usenet-Provider, Xref. + + Note that all the above headers are as they arrived, not modified by + your INN (especially, the Xref: header, if present, is the one of the + remote site which sent you the article, and not yours). + + For example, the Newsgroups: header of the article is accessible inside + the Perl filter as $hdr{'Newsgroups'}. In addition, $hdr{'__BODY__'} + will contain the full body of the article and $hdr{'__LINES__'} will + contain the number of lines in the body of the article. The contents of the %hdr hash for a typical article may therefore look something like this: - %hdr = (Subject => 'MAKE MONEY FAST!!', - From => 'Joe Spamer ', - Date => '10 Sep 1996 15:32:28 UTC', - Newsgroups => 'alt.test', - Path => 'news.example.com!not-for-mail', - Organization => 'Spammers Anonymous', - Lines => '5', - Distribution => 'usa', - 'Message-ID' => '<6.20232.842369548@example.com>', - __BODY__ => 'Send five dollars to the ISC, c/o ...', - __LINES__ => 5 - ); + %hdr = (Subject => 'MAKE MONEY FAST!!', + From => 'Joe Spamer ', + Date => '10 Sep 1996 15:32:28 UTC', + Newsgroups => 'alt.test', + Path => 'news.example.com!not-for-mail', + Organization => 'Spammers Anonymous', + Lines => '5', + Distribution => 'usa', + 'Message-ID' => '<6.20232.842369548@example.com>', + __BODY__ => 'Send five dollars to the ISC, c/o ...', + __LINES__ => 5 + ); Note that the value of $hdr{Lines} is the contents of the Lines: header of the article and may bear no resemblence to the actual length of the @@ -164,9 +176,9 @@ The innd Perl Filter arguments and returns no value, but it has access to a global hash %mode that contains three values: - Mode The current server mode (throttled, paused, or running) - NewMode The new mode the server is going to - reason The reason that was given to ctlinnd + Mode The current server mode (throttled, paused, or running) + NewMode The new mode the server is going to + reason The reason that was given to ctlinnd One possible use for this function is to save filter state across a restart of innd. There isn't any Perl function which is called when INN @@ -346,7 +358,7 @@ Changes to Perl Authentication Support f Scripts (like those from the old mechanism) are listed in readers.conf using perl_auth in the same manner other authenticators are using auth: - perl_auth: "/path/to/script/auth1.pl" + perl_auth: "/path/to/script/auth1.pl" The file given as argument to perl_auth should contain the same procedures as before. The global hash %attributes remains the same, diff -Nrup inn-2.4.4/doc/hook-python inn-2.4.5/doc/hook-python --- inn-2.4.4/doc/hook-python 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/hook-python 2008-06-29 10:56:57.000000000 -0700 @@ -1,118 +1,133 @@ INN Python Filtering and Authentication Support - This is $Revision: 7134 $, dated $Date: 2005-03-05 13:19:44 -0800 (Sat, 05 Mar 2005) $. - This file documents INN's built-in optional support for Python article - filtering. It is patterned after the TCL and Perl hooks previously - added by Bob Heiney and Christophe Wolfhugel. + filtering. It is patterned after the Perl and (now obsolete) TCL hooks + previously added by Bob Heiney and Christophe Wolfhugel. - For this filter to work successfully, you will need to have Python 1.5.2 - (the latest at this writing) installed. You can obtain it from - . + For this filter to work successfully, you will need to have at least + Python 1.5.2 installed. You can obtain it from + . The innd Python interface and the original Python filtering - documentation was written by Greg Andruk (nee Fluffy) + documentation were written by Greg Andruk (nee Fluffy) . The Python authentication and authorization support - for nnrpd and the original documentation for it was written by Ilya - Etingof , 12/1999. - -NOTE TO RED HAT LINUX USERS + for nnrpd as well as the original documentation for it were written by + Ilya Etingof in December 1999. - Python will be preinstalled, but it may not include all the headers and - libraries required for embedding into INN. You will need to add the - development package. Better yet, get the source kit from the above URL - and build it yourself. Be sure when installing Python on Red Hat, to - run configure with "--prefix=/usr" so that there are no version - conflicts with the "factory" installation. You can also find a - selection of well made RPMs at - . - -INSTALLATION +Installation Once you have built and installed Python, you can cause INN to use it by - adding the "--with-python" switch to your configure command. + adding the --with-python switch to your "configure" command. You will + need to have all the headers and libraries required for embedding Python + into INN; they can be found in Python development packages, which + include header files and static libraries. + + You will then be able to use Python authentication, dynamic access group + generation and dynamic access control support in nnrpd along with + filtering support in innd. See the ctlinnd(8) manual page to learn how to enable, disable and - reload Python filters on a running server ("ctlinnd mode", "ctlinnd - python y|n", "ctlinnd reload filter.python"). + reload Python filters on a running server (especially "ctlinnd mode", + "ctlinnd python y|n" and "ctlinnd reload filter.python 'reason'"). + + Also, see the filter_innd.py, nnrpd_auth.py, nnrpd_access.py and + nnrpd_dynamic.py samples in your filters directory for a demonstration + of how to get all this working. - Also, see the example filter_innd.py script in your filters directory - for a demonstration of how to get all this working. +Writing an innd Filter -WRITING AN INND FILTER + Introduction You need to create a filter_innd.py module in INN's filter directory - (see the pathfilter setting in inn.conf). A heavily-commented sample is - provided that you can use as a template for your own filter. There is + (see the *pathfilter* setting in inn.conf). A heavily-commented sample + is provided; you can use it as a template for your own filter. There is also an INN.py module there which is not actually used by INN; it is there so you can test your module interactively. First, define a class containing the methods you want to provide to innd. Methods innd will use if present are: - __init__(self) + __init__(*self*) Not explicitly called by innd, but will run whenever the filter module is (re)loaded. This is a good place to initialize constants - or pick up where filter_before_reload or filter_close left off. + or pick up where "filter_before_reload" or "filter_close" left off. - filter_before_reload(self) - This will execute any time a "ctlinnd reload all" or "ctlinnd reload - filter.python" command is issued. You can use it to save statistics - or reports for use after reloading. - - filter_close(self) - This will run when a "ctlinnd shutdown" command is received. - - filter_art(self, art) - art is a dictionary containing an article's headers and body. This - method is called every time innd receives an article. The following - can be defined: - - Approved, Control, Date, Distribution, Expires, From, Lines, - Message-ID, Newsgroups, Path, Reply-To, Sender, Subject, - Supersedes, Bytes, Also-Control, References, Xref, Keywords, - X-Trace, NNTP-Posting-Host, Followup-To, Organization, - Content-Type, Content-Base, Content-Disposition, X-Newsreader, - X-Mailer, X-Newsposter, X-Cancelled-By, X-Canceled-By, Cancel-Key, - __LINES__, __BODY__ - - All the above values will be buffer objects holding the contents of - the same named article headers, except for the special __BODY__ and - __LINES__ items. Items not present in the article will contain - None. - - __BODY__ is a buffer object containing the article's entire body, - and __LINES__ is an int holding innd's reckoning of the number of - lines in the article. All the other elements will be buffers with - the contents of the same-named article headers. + filter_before_reload(*self*) + This will execute any time a "ctlinnd reload all 'reason'" or + "ctlinnd reload filter.python 'reason'" command is issued. You can + use it to save statistics or reports for use after reloading. + + filter_close(*self*) + This will run when a "ctlinnd shutdown 'reason'" command is + received. + + filter_art(*self*, *art*) + *art* is a dictionary containing an article's headers and body. + This method is called every time innd receives an article. The + following can be defined: + + Also-Control, Approved, Bytes, Cancel-Key, Cancel-Lock, + Content-Base, Content-Disposition, Content-Transfer-Encoding, + Content-Type, Control, Date, Date-Received, Distribution, Expires, + Face, Followup-To, From, In-Reply-To, Injection-Date, Injection-Info, + Keywords, Lines, List-ID, Message-ID, MIME-Version, Newsgroups, + NNTP-Posting-Date, NNTP-Posting-Host, Organization, Originator, + Path, Posted, Posting-Version, Received, References, Relay-Version, + Reply-To, Sender, Subject, Supersedes, User-Agent, + X-Auth, X-Canceled-By, X-Cancelled-By, X-Complaints-To, X-Face, + X-HTTP-UserAgent, X-HTTP-Via, X-Mailer, X-Modbot, X-Modtrace, + X-Newsposter, X-Newsreader, X-No-Archive, X-Original-Message-ID, + X-Original-Trace, X-Originating-IP, X-PGP-Key, X-PGP-Sig, + X-Poster-Trace, X-Postfilter, X-Proxy-User, X-Submissions-To, + X-Trace, X-Usenet-Provider, Xref, __BODY__, __LINES__. + + Note that all the above values are as they arrived, not modified by + your INN (especially, the Xref: header, if present, is the one of + the remote site which sent you the article, and not yours). + + These values will be buffer objects holding the contents of the same + named article headers, except for the special "__BODY__" and + "__LINES__" items. Items not present in the article will contain + "None". + + "art('__BODY__')" is a buffer object containing the article's entire + body, and "art('__LINES__')" is an int holding innd's reckoning of + the number of lines in the article. All the other elements will be + buffers with the contents of the same-named article headers. - If you want to accept an article, return None or an empty string. + The Newsgroups: header of the article is accessible inside the + Python filter as "art['Newsgroups']". + + If you want to accept an article, return "None" or an empty string. To reject, return a non-empty string. The rejection strings will be shown to local clients and your peers, so keep that in mind when phrasing your rejection responses. - filter_messageid(self, msgid) - msgid is a buffer object containing the ID of an article being - offered by IHAVE or CHECK. Like with filter_art(), the message will + filter_messageid(*self*, *msgid*) + *msgid* is a buffer object containing the ID of an article being + offered by IHAVE or CHECK. Like with "filter_art", the message will be refused if you return a non-empty string. If you use this feature, keep it light because it is called at a rather busy place in innd's main loop. Also, do not rely on this function alone to - reject by ID; you should repeat the tests in filter_art() to catch + reject by ID; you should repeat the tests in "filter_art" to catch articles sent with TAKETHIS but no CHECK. - filter_mode(self, oldmode, newmode, reason) - When the operator issues a ctlinnd pause, throttle or go command, - this function can be used to do something sensible in accordance - with the state change. Stamp a log file, save your state on - throttle, etc. oldmode and newmode will be strings containing one - of the values in ('running', 'throttled', 'paused', 'unknown') -- - oldmode is the state innd was in before ctlinnd was run, newmode is - the state innd will be in after the command finishes. reason is the - comment string provided on the ctlinnd command line. + filter_mode(*self*, *oldmode*, *newmode*, *reason*) + When the operator issues a ctlinnd "pause", "throttle", "go", + "shutdown" or "xexec" command, this function can be used to do + something sensible in accordance with the state change. Stamp a log + file, save your state on throttle, etc. *oldmode* and *newmode* + will be strings containing one of the values in ("running", + "throttled", "paused", "shutdown", "unknown"). *oldmode* is the + state innd was in before ctlinnd was run, *newmode* is the state + innd will be in after the command finishes. *reason* is the comment + string provided on the ctlinnd command line. + + How to Use these Methods with innd To register your methods with innd, you need to create an instance of your class, import the built-in INN module, and pass the instance to - INN.set_filter_hook(). For example: + "INN.set_filter_hook". For example: class Filter: def filter_art(self, art): @@ -130,40 +145,39 @@ WRITING AN INND FILTER INN.set_filter_hook(myfilter) When writing and testing your Python filter, don't be afraid to make use - of try:/except: and the provided INN.syslog() function. stdout and + of "try:"/"except:" and the provided "INN.syslog" function. stdout and stderr will be disabled, so your filter will die silently otherwise. Also, remember to try importing your module interactively before loading it, to ensure there are no obvious errors. One typo can ruin your whole - filter. A dummy INND.py module is provided to facilitate testing - outside the server. To test, change into your filter directory and use - a command like: + filter. A dummy INN.py module is provided to facilitate testing outside + the server. To test, change into your filter directory and use a + command like: python -ic 'import INN, filter_innd' You can define as many or few of the methods listed above as you want in - your filter class (it's fine to define more methods for your own use; - innd won't use them but your filter can). If you *do* define the above - methods, GET THE PARAMETER COUNTS RIGHT. There are checks in innd to - see if the methods exist and are callable, but if you define one and get - the parameter counts wrong, INND WILL DIE. You have been warned. Be - careful with your return values, too. The filter_art() and - filter_messageid() methods have to return strings, or None. If you - return something like an int, innd will not be happy. - -WHAT'S THE DEAL WITH THESE BUFFER OBJECTS? - - Buffer objects are cousins of strings, new in Python 1.5.2. They are - supported, but at this writing you won't yet find much about them in the - Python documentation. Using buffer objects may take some getting used - to, but we can create buffers much faster and with less memory than - strings. - - For most of the operations you will perform in filters (like re.search, - string.find, md5.digest) you can treat buffers just like strings, but - there are a few important differences you should know about: + your filter class (it is fine to define more methods for your own use; + innd will not be using them but your filter can). If you *do* define + the above methods, GET THE PARAMETER COUNTS RIGHT. There are checks in + innd to see whether the methods exist and are callable, but if you + define one and get the parameter counts wrong, innd WILL DIE. You have + been warned. Be careful with your return values, too. The "filter_art" + and "filter_messageid" methods have to return strings, or "None". If + you return something like an int, innd will *not* be happy. + + A Note regarding Buffer Objects + + Buffer objects are cousins of strings, new in Python 1.5.2. Using + buffer objects may take some getting used to, but we can create buffers + much faster and with less memory than strings. + + For most of the operations you will perform in filters (like + "re.search", "string.find", "md5.digest") you can treat buffers just + like strings, but there are a few important differences you should know + about: - # Make a string and a two buffers. + # Make a string and two buffers. s = "abc" b = buffer("def") bs = buffer("abc") @@ -173,23 +187,40 @@ WHAT'S THE DEAL WITH THESE BUFFER OBJECT s == str(bs) # - This is also true, but buffer() is faster. s[:2] == bs[:2] # - True. Buffer slices are strings. - # While most string methods will take either a buffer or string, - # string.join insists on using only strings. - string.join([str(b), s], '.') # returns 'def.abc' + # While most string methods will take either a buffer or a string, + # string.join (in the string module) insists on using only strings. + import string + string.join([str(b), s], '.') # Returns 'def.abc'. + '.'.join([str(b), s]) # Returns 'def.abc' too. + '.'.join([b, s]) # This raises a TypeError. - e = s + b # This raises a TypeError, but... + e = s + b # This raises a TypeError, but... - # ...these two both return the string 'abcdef'. The first one + # ...these two both return the string 'abcdef'. The first one # is faster -- choose buffer() over str() whenever you can. e = buffer(s) + b f = s + str(b) - g = b + '>' # This is legal, returns the string 'def>'. + g = b + '>' # This is legal, returns the string 'def>'. -FUNCTIONS SUPPLIED BY THE BUILT-IN INND MODULE + Functions Supplied by the Built-in innd Module - Not only can innd use Python, but your filter can use some of innd's - features too. Here is some sample Python code to show what you get: + Besides "INN.set_filter_hook" which is used to register your methods + with innd as it has already been explained above, the following + functions are available from Python scripts: + + addhist(*message-id*) + article(*message-id*) + cancel(*message-id*) + havehist(*message-id*) + hashstring(*string*) + head(*message-id*) + newsgroup(*groupname*) + syslog(*level*, *message*) + + Therefore, not only can innd use Python, but your filter can use some of + innd's features too. Here is some sample Python code to show what you + get with the previously listed functions. import INN @@ -198,7 +229,7 @@ FUNCTIONS SUPPLIED BY THE BUILT-IN INND # tells the Unix syslogger what severity to use; you can # abbreviate down to one letter and it's case insensitive. # Available levels are (in increasing levels of seriousness) - # Debug, Info, Notice, Warning, Err, Crit, and Alert. (If you + # Debug, Info, Notice, Warning, Err, Crit, and Alert. (If you # provide any other string, it will be defaulted to Notice.) The # second parameter is the message text. The syslog entries will # go to the same log files innd itself uses, with a 'python:' @@ -212,15 +243,15 @@ FUNCTIONS SUPPLIED BY THE BUILT-IN INND # local server; it doesn't send out a control message or anything # scary like that. Returns 1 if successful, else 0. if INN.cancel(''): - canceled = "yup" + cancelled = "yup" else: - canceled = "nope" + cancelled = "nope" - # Check if a given message is in history. This doesn't - # necessarily mean the article is on your spool; canceled and + # Check if a given message is in history. This doesn't + # necessarily mean the article is on your spool; cancelled and # expired articles hang around in history for a while, and # rejected articles will be in there if you have enabled - # remember_trash in inn.conf. Returns 1 if found, else 0. + # remembertrash in inn.conf. Returns 1 if found, else 0. if INN.havehist(''): comment = "*yawn* I've already seen this article." else: @@ -229,8 +260,8 @@ FUNCTIONS SUPPLIED BY THE BUILT-IN INND # Here we are running a local spam filter, so why eat all those # cancels? We can add fake entries to history so they'll get # refused. Returns 1 on success, 0 on failure. - canceled_id = buffer('') - if INN.addhist("') + if INN.addhist("') artheader = INN.head('') + # As we can compute a hash digest for a string, we can obtain one + # for artbody. It might be of help to detect spam. + digest = INN.hashstring(artbody) + # Finally, do you want to see if a given newsgroup is moderated or # whatever? INN.newsgroup returns the last field of a group's # entry in active as a string. @@ -255,288 +290,325 @@ FUNCTIONS SUPPLIED BY THE BUILT-IN INND else: moderated = "something else" -CHANGES TO PYTHON AUTHENTICATION AND ACCESS CONTROL SUPPORT FOR -NNRPD +Writing an nnrpd Filter + + Changes to Python Authentication and Access Control Support for nnrpd The old authentication and access control functionality has been combined with the new readers.conf mechanism by Erik Klavon - ; bug reports should however go to inn-bugs@isc.org, not - Erik. + ; bug reports should however go to , + not Erik. The remainder of this section is an introduction to the new mechanism - (which uses the python_auth, python_access, and python_dynamic + (which uses the *python_auth*, *python_access*, and *python_dynamic* readers.conf parameters) with porting/migration suggestions for people familiar with the old mechanism (identifiable by the now deprecated - nnrpperlauth: parameter in inn.conf). + *nnrpperlauth* parameter in inn.conf). Other people should skip this section. - The python_auth parameter allows the use of Python to authenticate a - user. Authentication scripts (like those from the old mechanism) are - listed in readers.conf using python_auth in the same manner other - authenticators are using auth: + The *python_auth* parameter allows the use of Python to authenticate a + user. Authentication scripts (like those from the old mechanism) are + listed in readers.conf using *python_auth* in the same manner other + authenticators are using *auth*: - python_auth: "auth1.py" + python_auth: "nnrpd_auth" + + It uses the script named nnrpd_auth.py (note that ".py" is not present + in the *python_auth* value). Scripts should be placed as before in the filter directory (see the - *pathfilter* setting in inn.conf). The new hook method authen_init takes - no arguments and its return value is ignored; its purpose is to provide - a means for authentication specific initialization. The hook method - authen_close is the more specific analogue to the old close method. - These method hooks are not required. - - The argument dictionary passed to authenticate remains the same, except - for the removal of the "type" entry which is no longer needed in this - modification and the addition of several new entries (port, intipaddr, - intport) described below. The return tuple now only contains either two - or three elements, the first of which is the NNTP response code. The - second is an error string which is passed to the client if the response - code indicates that the authentication attempt has failed. This allows a - specific error message to be generated by the Python script in place of - the generic message "Authentication failed". An optional third return - element, if present, will be used to match the connection with the user: - parameter in access groups and will also be the username logged. If this - element is absent, the username supplied by the client during - authentication will be used, as was the previous behavior. + *pathfilter* setting in inn.conf). The new hook method "authen_init" + takes no arguments and its return value is ignored; its purpose is to + provide a means for authentication specific initialization. The hook + method "authen_close" is the more specific analogue to the old "close" + method. These two method hooks are not required, contrary to + "authenticate", the main method. + + The argument dictionary passed to "authenticate" remains the same, + except for the removal of the *type* entry which is no longer needed in + this modification and the addition of several new entries (*port*, + *intipaddr*, *intport*) described below. The return tuple now only + contains either two or three elements, the first of which is the NNTP + response code. The second is an error string which is passed to the + client if the response code indicates that the authentication attempt + has failed. This allows a specific error message to be generated by the + Python script in place of the generic message "Authentication failed". + An optional third return element, if present, will be used to match the + connection with the *user* parameter in access groups and will also be + the username logged. If this element is absent, the username supplied + by the client during authentication will be used, as was the previous + behaviour. - The python_access parameter (described below) is new; it allows the + The *python_access* parameter (described below) is new; it allows the dynamic generation of an access group of an incoming connection using a - Python script. If a connection matches an auth group which has a - python_access parameter, all access groups in readers.conf are ignored; - instead the procedure described below is used to generate an access - group. This concept is due to Jeffrey M. Vinocur. + Python script. If a connection matches an auth group which has a + *python_access* parameter, all access groups in readers.conf are + ignored; instead the procedure described below is used to generate an + access group. This concept is due to Jeffrey M. Vinocur and you can add + this line to readers.conf in order to use the nnrpd_access.py Python + script in *pathfilter*: + + python_access: "nnrpd_access" In the old implementation, the authorization method allowed for access - control on a per-group basis. That functionality is preserved in the new - implementation by the inclusion of the python_dynamic parameter in - readers.conf. The only change is the corresponding method name of - "dynamic" as opposed to "authorize"; "domain" and "range" are the same - as before except for the addition of several new entries to the argument - dictionary (port, intipaddr, intport) described below. Additionally, the - associated optional housekeeping methods dynamic_init and dynamic_close - may be implemented if needed. + control on a per-group basis. That functionality is preserved in the + new implementation by the inclusion of the *python_dynamic* parameter in + readers.conf. The only change is the corresponding method name of + "dynamic" as opposed to "authorize". Additionally, the associated + optional housekeeping methods "dynamic_init" and "dynamic_close" may be + implemented if needed. In order to use nnrpd_dynamic.py in + *pathfilter*, you can add this line to readers.conf: + + python_dynamic: "nnrpd_dynamic" This new implementation should provide all of the previous capabilities of the Python hooks, in combination with the flexibility of readers.conf and the use of other authentication and resolving programs (including - the Perl hooks!). To use Python code that predates the new mechanism, + the Perl hooks!). To use Python code that predates the new mechanism, you would need to modify the code slightly (see below for the new - specification) and supply a simple readers.conf file. If you don't want - to modify your code, the sample directory has nnrpd_auth_wrapper.py, - nnrpd_access_wrapper.py, and nnrpd_dynamic_wrapper.py which should allow - you to use your old code without needing to change it. + specification) and supply a simple readers.conf file. If you do not + want to modify your code, the sample directory has + nnrpd_auth_wrapper.py, nnrpd_access_wrapper.py and + nnrpd_dynamic_wrapper.py which should allow you to use your old code + without needing to change it. However, before trying to use your old Python code, you may want to - consider replacing it entirely with non-Python authentication. (With + consider replacing it entirely with non-Python authentication. (With readers.conf and the regular authenticator and resolver programs, much of what once required Python can be done directly.) Even if the functionality is not available directly, you may wish to write a new authenticator or resolver (which can be done in whatever language you prefer). -PYTHON AUTHENTICATION SUPPORT FOR NNRPD - - Python authentication, dynamic access group generation and dynamic - access control support in nnrpd along with filtering support in innd may - be compiled in by passing "--with-python" "configure". + Python Authentication Support for nnrpd Support for authentication via Python is provided in nnrpd by the - inclusion of a python_auth: parameter in a readers.conf auth group. - python_auth: works exactly like the auth: parameter in readers.conf, + inclusion of a *python_auth* parameter in a readers.conf auth group. + *python_auth* works exactly like the *auth* parameter in readers.conf, except that it calls the script given as argument using the Python hook - rather then treating it as an external program. Multiple, mixed use of - python_auth: with other auth: statements including perl_auth: is - permitted. Each auth: statement will be tried in the order they appear + rather then treating it as an external program. Multiple, mixed use of + *python_auth* with other *auth* statements including *perl_auth* is + permitted. Each *auth* statement will be tried in the order they appear in the auth group until either one succeeds or all are exhausted. - If the processing of readers.conf requires that a python_auth: statement - be used for authentication, Python is loaded (if it has yet to be) and - the file given as argument to the python_auth: parameter is loaded as - well. If a Python object with a method authen_init is hooked in during - the loading of that file, then that method is called immediately after - the file is loaded. If no errors have occurred, the method authenticate - is called. Depending on the NNTP response code returned by authenticate, - the authentication hook either succeeds or fails, after which the - processing of the auth group continues as usual. When the connection - with the client is closed, the method authen_close is called if it - exists. + If the processing of readers.conf requires that a *python_auth* + statement be used for authentication, Python is loaded (if it has yet to + be) and the file given as argument to the *python_auth* parameter is + loaded as well (do not include the ".py" extension of this file in the + value of *python_auth*). If a Python object with a method "authen_init" + is hooked in during the loading of that file, then that method is called + immediately after the file is loaded. If no errors have occurred, the + method "authenticate" is called. Depending on the NNTP response code + returned by "authenticate", the authentication hook either succeeds or + fails, after which the processing of the auth group continues as usual. + When the connection with the client is closed, the method "authen_close" + is called if it exists. -DYNAMIC GENERATION OF ACCESS GROUPS + Dynamic Generation of Access Groups A Python script may be used to dynamically generate an access group - which is then used to determine the access rights of the client. This - occurs whenever the python_access: parameter is specified in an auth - group which has successfully matched the client. Only one python_access: - statement is allowed in an auth group. This parameter should not be - mixed with a perl_access: statement in the same auth group. - - When a python_access: parameter is encountered, Python is loaded (if it - has yet to be) and the file given as argument is loaded as well. If a - Python object with a method "access_init" is hooked in during the - loading of that file, then that method is called immediately after the - file is loaded. If no errors have occurred, the method "access" is - called. The dictionary returned by "access" is used to generate an - access group that is then used to determine the access rights of the - client. When the connection with the client is closed, the method - "access_close" is called, if it exists. - - While you may include the users: parameter in a dynamically generated - access group, some care should be taken (unless your pattern is just * - which is equivalent to leaving the parameter out). The group created + which is then used to determine the access rights of the client. This + occurs whenever the *python_access* parameter is specified in an auth + group which has successfully matched the client. Only one + *python_access* statement is allowed in an auth group. This parameter + should not be mixed with a *perl_access* statement in the same auth + group. + + When a *python_access* parameter is encountered, Python is loaded (if it + has yet to be) and the file given as argument is loaded as well (do not + include the ".py" extension of this file in the value of + *python_access*). If a Python object with a method "access_init" is + hooked in during the loading of that file, then that method is called + immediately after the file is loaded. If no errors have occurred, the + method "access" is called. The dictionary returned by "access" is used + to generate an access group that is then used to determine the access + rights of the client. When the connection with the client is closed, + the method "access_close" is called, if it exists. + + While you may include the *users* parameter in a dynamically generated + access group, some care should be taken (unless your pattern is just "*" + which is equivalent to leaving the parameter out). The group created with the values returned from the Python script is the only one considered when nnrpd attempts to find an access group matching the - connection. If a users: parameter is included and it doesn't match the - connection, then the client will be denied access since there are no + connection. If a *users* parameter is included and it does not match + the connection, then the client will be denied access since there are no other access groups which could match the connection. -DYNAMIC ACCESS CONTROL + Dynamic Access Control If you need to have access control rules applied immediately without having to restart all the nnrpd processes, you may apply access control on a per newsgroup basis using the Python dynamic hooks (as opposed to - readers.conf, which does the same on per user basis). These hooks are - activated through the inclusion of the python_dynamic: parameter in a - readers.conf auth group. Only one python_dynamic: statement is allowed + readers.conf, which does the same on per user basis). These hooks are + activated through the inclusion of the *python_dynamic* parameter in a + readers.conf auth group. Only one *python_dynamic* statement is allowed in an auth group. - When a python_dynamic: parameter is encountered, Python is loaded (if it - has yet to be) and the file given as argument is loaded as well. If a - Python object with a method "dynamic_init" is hooked in during the - loading of that file, then that method is called immediately after the - file is loaded. Every time a reader asks nnrpd to read or post an - article, the Python method "dynamic" is invoked before proceeding with - the requested operation. Based on the value returned by "dynamic", the - operation is either permitted or denied. When the connection with the - client is closed, the method "access_close" is called if it exists. + When a *python_dynamic* parameter is encountered, Python is loaded (if + it has yet to be) and the file given as argument is loaded as well (do + not include the ".py" extension of this file in the value of + *python_dynamic*). If a Python object with a method "dynamic_init" is + hooked in during the loading of that file, then that method is called + immediately after the file is loaded. Every time a reader asks nnrpd to + read or post an article, the Python method "dynamic" is invoked before + proceeding with the requested operation. Based on the value returned by + "dynamic", the operation is either permitted or denied. When the + connection with the client is closed, the method "access_close" is + called if it exists. -WRITING A PYTHON NNRPD AUTHENTICATION MODULE + Writing a Python nnrpd Authentication Module You need to create a nnrpd_auth.py module in INN's filter directory (see the *pathfilter* setting in inn.conf) where you should define a class holding certain methods depending on which hooks you want to use. + Note that you will have to use different Python scripts for + authentication and access: the values of *python_auth*, *python_access* + and *python_dynamic* have to be distinct for your scripts to work. + The following methods are known to nnrpd: - __init__(self) + __init__(*self*) Not explicitly called by nnrpd, but will run whenever the auth - module is loaded. Use this method to initialize any general - variables or open a common database connection. This method may be + module is loaded. Use this method to initialize any general + variables or open a common database connection. This method may be omitted. - authen_init(self) - Initialization function specific to authentication. This method may + authen_init(*self*) + Initialization function specific to authentication. This method may be omitted. - authenticate(self, attributes) - Called when a python_auth statement is reached in the processing of - readers.conf. Connection attributes are passed in the "attributes" - dictionary. Returns a response code, an error string, and an - optional string to be used in place of the client-supplied username - (both for logging and for matching the connection with an access - group). + authenticate(*self*, *attributes*) + Called when a *python_auth* statement is reached in the processing + of readers.conf. Connection attributes are passed in the + *attributes* dictionary. Returns a response code, an error string, + and an optional string to be used in place of the client-supplied + username (both for logging and for matching the connection with an + access group). - authen_close(self) + authen_close(*self*) This method is invoked on nnrpd termination. You can use it to save - state information or close a database connection. + state information or close a database connection. This method may + be omitted. - access_init(self) - Initialization function specific to generation of an access group. + access_init(*self*) + Initialization function specific to generation of an access group. This method may be omitted. - access(self, attributes) - Called when a python_access statement is reached in the processing - of readers.conf. Connection attributes are passed in the - "attributes" dictionary. Returns a dictionary of values representing - statements to be included in an access group. - - access_close(self) - This method is invoked on nnrpd termination. You can use it to save - state information or close a database connection. + access(*self*, *attributes*) + Called when a *python_access* statement is reached in the processing + of readers.conf. Connection attributes are passed in the + *attributes* dictionary. Returns a dictionary of values + representing statements to be included in an access group. - dynamic_init(self) - Initialization function specific to dynamic access control. This + access_close(*self*) + This method is invoked on nnrpd termination. You can use it to save + state information or close a database connection. This method may + be omitted. + + dynamic_init(*self*) + Initialization function specific to dynamic access control. This method may be omitted. - dynamic(self, attributes) + dynamic(*self*, *attributes*) Called when a client requests a newsgroup, an article or attempts to - post. Connection attributes are passed in the "attributes" + post. Connection attributes are passed in the *attributes* dictionary. Returns "None" to grant access, or a non-empty string (which will be reported back to the client) otherwise. - dynamic_close(self) + dynamic_close(*self*) This method is invoked on nnrpd termination. You can use it to save - state information or close a database connection. + state information or close a database connection. This method may + be omitted. + + The *attributes* Dictionary + + The keys and associated values of the *attributes* dictionary are + described below. - attributes dictionary - The keys and associated values of the "attributes" dictionary are - described below. + *type* + "read" or "post" values specify the authentication type; only valid + for the "dynamic" method. - type - "read" or "post" values specify the authentication type; only - valid for the "dynamic" method + *hostname* + It is the resolved hostname (or IP address if resolution fails) of + the connected reader. - hostname - resolved hostname (or IP address if resolution fails) of - connected reader + *ipaddress* + The IP address of the connected reader. - ipaddress - IP address of connected reader + *port* + The port of the connected reader. - port - port of connected reader + *interface* + The hostname of the local endpoint of the NNTP connection. - interface - hostname of the local endpoint of the NNTP connection + *intipaddr* + The IP address of the local endpoint of the NNTP connection. - intipaddr - IP address of the local endpoint of the NNTP connection + *intport* + The port of the local endpoint of the NNTP connection. - intport - port of the local endpoint of the NNTP connection + *user* + The username as passed with AUTHINFO command, or "None" if not + applicable. - user - username as reader passed with AUTHINFO command, or None if not - applicable + *pass* + The password as passed with AUTHINFO command, or "None" if not + applicable. - pass - password as reader passed with AUTHINFO command, or None if not - applicible + *newsgroup* + The name of the newsgroup to which the reader requests read or post + access; only valid for the "dynamic" method. - newsgroup - name of the newsgroup reader requests read or post access to; - only valid for the "dynamic" method + All the above values are buffer objects (see the notes above on what + buffer objects are). - All the above values are buffer objects (see the notes above on what - buffer objects are). + How to Use these Methods with nnrpd To register your methods with nnrpd, you need to create an instance of your class, import the built-in nnrpd module, and pass the instance to - nnrpd.set_auth_hook(). For example: + "nnrpd.set_auth_hook". For example: class AUTH: - def authenticate(self, attributes): + def authen_init(self): + ... + blah blah ... - def authorize(self, attributes): + def authenticate(self, attributes): + ... + yadda yadda ... import nnrpd myauth = AUTH() nnrpd.set_auth_hook(myauth) - There is also an nnrpd.py module there that is not actually used by - nnrpd but provides the same set of functions as built-in nnrpd module. - This stub module may be used when debugging your own module. + When writing and testing your Python filter, don't be afraid to make use + of "try:"/"except:" and the provided "nnrpd.syslog" function. stdout + and stderr will be disabled, so your filter will die silently otherwise. + + Also, remember to try importing your module interactively before loading + it, to ensure there are no obvious errors. One typo can ruin your whole + filter. A dummy nnrpd.py module is provided to facilitate testing + outside the server. It is not actually used by nnrpd but provides the + same set of functions as built-in nnrpd module. This stub module may be + used when debugging your own module. To test, change into your filter + directory and use a command like: + + python -ic 'import nnrpd, nnrpd_auth' -FUNCTIONS SUPPLIED BY THE BUILT-IN NNRPD MODULE + Functions Supplied by the Built-in nnrpd Module - As of this writing, nnrpd built-in module exports the following - functions: + Besides "nnrpd.set_auth_hook" used to pass a reference to the instance + of authentication and authorization class to nnrpd, the nnrpd built-in + module exports the following function: - set_auth_hook() - used to pass a reference to the instance of authentication and - authorization class to nnrpd + syslog(*level*, *message*) + It is intended to be a replacement for a Python native syslog. It + works like "INN.syslog", seen above. - syslog() - intended to be a replacement for a Python native syslog + $Id: hook-python 7926 2008-06-29 08:27:41Z iulius $ diff -Nrup inn-2.4.4/doc/man/active.5 inn-2.4.5/doc/man/active.5 --- inn-2.4.4/doc/man/active.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/active.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ACTIVE 5" -.TH ACTIVE 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH ACTIVE 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" active \- List of newsgroups carried by the server .SH "DESCRIPTION" @@ -214,7 +214,7 @@ alias. Written by Rich \f(CW$alz\fR for InterNetNews. Converted to \&\s-1POD\s0 by Russ Allbery . .PP -$Id: active.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: active.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactive.times\fR\|(5), \fIcontrolchan\fR\|(8), \fIctlinnd\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), diff -Nrup inn-2.4.4/doc/man/active.times.5 inn-2.4.5/doc/man/active.times.5 --- inn-2.4.4/doc/man/active.times.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/active.times.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ACTIVE.TIMES 5" -.TH ACTIVE.TIMES 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH ACTIVE.TIMES 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" active.times \- List of local creation times of newsgroups .SH "DESCRIPTION" @@ -157,7 +157,7 @@ given to \fBctlinnd\fR. Written by Rich \f(CW$alz\fR for InterNetNews. Converted to \&\s-1POD\s0 by Russ Allbery .PP -$Id: active.times.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: active.times.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactive\fR\|(5), \fIctlinnd\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fInnrpd\fR\|(8) diff -Nrup inn-2.4.4/doc/man/auth_krb5.8 inn-2.4.5/doc/man/auth_krb5.8 --- inn-2.4.4/doc/man/auth_krb5.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/auth_krb5.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "AUTH_KRB5 8" -.TH AUTH_KRB5 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH AUTH_KRB5 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" auth_krb5 \- nnrpd Kerberos v5 authenticator .SH "SYNOPSIS" @@ -200,7 +200,7 @@ Originally written by Christopher P. Lin written by Russ Allbery based on Christopher's original \&\s-1README\s0 file. .PP -$Id: auth_krb5.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: auth_krb5.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fInnrpd\fR\|(8), \fIreaders.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/auth_smb.8 inn-2.4.5/doc/man/auth_smb.8 --- inn-2.4.4/doc/man/auth_smb.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/auth_smb.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "AUTH_SMB 8" -.TH AUTH_SMB 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH AUTH_SMB 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" auth_smb \- nnrpd Samba authenticator .SH "SYNOPSIS" @@ -176,7 +176,7 @@ Originally written October 2000 by Krisc based heavily on pam_smb v1.1.6 by David Airlie . This documentation was written by Jeffrey M. Vinocur . .PP -$Id: auth_smb.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: auth_smb.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fInnrpd\fR\|(8), \fIreaders.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/ckpasswd.8 inn-2.4.5/doc/man/ckpasswd.8 --- inn-2.4.4/doc/man/ckpasswd.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/ckpasswd.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CKPASSWD 8" -.TH CKPASSWD 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH CKPASSWD 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" ckpasswd \- nnrpd password authenticator .SH "SYNOPSIS" @@ -301,7 +301,7 @@ it will print some sort of error message .IX Header "HISTORY" Written by Russ Allbery for InterNetNews. .PP -$Id: ckpasswd.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: ckpasswd.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIreaders.conf\fR\|(5), \fInnrpd\fR\|(8) diff -Nrup inn-2.4.4/doc/man/control.ctl.5 inn-2.4.5/doc/man/control.ctl.5 --- inn-2.4.4/doc/man/control.ctl.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/control.ctl.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CONTROL.CTL 5" -.TH CONTROL.CTL 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH CONTROL.CTL 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" control.ctl \- Specify handling of Usenet control messages .SH "DESCRIPTION" @@ -310,7 +310,7 @@ probably intended to do (yet). Written by Rich \f(CW$alz\fR for InterNetNews. Rewritten in \&\s-1POD\s0 by Russ Allbery . .PP -$Id: control.ctl.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: control.ctl.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIcontrolchan\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fInewsfeeds\fR\|(5), \fIpgpverify\fR\|(8), \fIsh\fR\|(1). diff -Nrup inn-2.4.4/doc/man/convdate.1 inn-2.4.5/doc/man/convdate.1 --- inn-2.4.4/doc/man/convdate.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/convdate.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CONVDATE 1" -.TH CONVDATE 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH CONVDATE 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" convdate \- Convert time/date strings and numbers .SH "SYNOPSIS" @@ -230,7 +230,7 @@ determine (or at least override) the loc Written by Rich \f(CW$alz\fR , rewritten and updated by Russ Allbery for the \fB\-d\fR and \fB\-l\fR flags. .PP -$Id: convdate.1 7736 2008-04-06 09:27:49Z iulius $ +$Id: convdate.1 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIparsedate\fR\|(3). diff -Nrup inn-2.4.4/doc/man/cycbuff.conf.5 inn-2.4.5/doc/man/cycbuff.conf.5 --- inn-2.4.4/doc/man/cycbuff.conf.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/cycbuff.conf.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CYCBUFF.CONF 5" -.TH CYCBUFF.CONF 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH CYCBUFF.CONF 5 "2008-06-07" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" cycbuff.conf \- Configuration file for INN CNFS storage method .SH "DESCRIPTION" @@ -210,7 +210,7 @@ metacycbuff line. .PP \&\fBinnd\fR only reads \fIcycbuff.conf\fR on startup, so if you change anything in this file and want \fBinnd\fR to pick up the changes, you have to stop and -restart it. \f(CW\*(C`ctlinnd reload ''\*(C'\fR is not sufficient. +restart it. \f(CW\*(C`ctlinnd reload all ''\*(C'\fR is not sufficient. .PP When articles are stored, the cycbuff into which they're stored is saved as part of the article token. In order for \s-1INN\s0 to retrieve articles from @@ -314,7 +314,7 @@ where \s-1ONE\s0 will be whatever you ca Written by Katsuhiro Kondou for InterNetNews. Rewritten into \s-1POD\s0 by Russ Allbery . .PP -$Id: cycbuff.conf.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: cycbuff.conf.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIctlinnd\fR\|(8), \fIinnd\fR\|(8), \fInnrpd\fR\|(8), \fIsm\fR\|(1), \fIstorage.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/distrib.pats.5 inn-2.4.5/doc/man/distrib.pats.5 --- inn-2.4.4/doc/man/distrib.pats.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/distrib.pats.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DISTRIB.PATS 5" -.TH DISTRIB.PATS 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH DISTRIB.PATS 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" distrib.pats \- Default values for the Distribution header .SH "DESCRIPTION" @@ -168,7 +168,7 @@ header will be added. Written by Rich \f(CW$alz\fR for InterNetNews. Converted to \&\s-1POD\s0 by Russ Allbery . .PP -$Id: distrib.pats.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: distrib.pats.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIinn.conf\fR\|(5), \fInnrpd\fR\|(8), \fIuwildmat\fR\|(3) diff -Nrup inn-2.4.4/doc/man/domain.8 inn-2.4.5/doc/man/domain.8 --- inn-2.4.4/doc/man/domain.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/domain.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DOMAIN 8" -.TH DOMAIN 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH DOMAIN 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" domain \- nnrpd domain resolver .SH "SYNOPSIS" @@ -181,7 +181,7 @@ If so, the example above should reflect .IX Header "HISTORY" This documentation was written by Jeffrey M. Vinocur . .PP -$Id: domain.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: domain.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fInnrpd\fR\|(8), \fIreaders.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/expire.ctl.5 inn-2.4.5/doc/man/expire.ctl.5 --- inn-2.4.4/doc/man/expire.ctl.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/expire.ctl.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXPIRE.CTL 5" -.TH EXPIRE.CTL 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH EXPIRE.CTL 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" expire.ctl \- Configuration file for article expiration .SH "DESCRIPTION" @@ -312,7 +312,7 @@ When \fIgroupbaseexpiry\fR is false, for Written by Rich \f(CW$alz\fR for InterNetNews. Converted to \&\s-1POD\s0 by Russ Allbery . .PP -$Id: expire.ctl.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: expire.ctl.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIexpire\fR\|(8), \fIexpireover\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fInews.daily\fR\|(8), diff -Nrup inn-2.4.4/doc/man/expireover.8 inn-2.4.5/doc/man/expireover.8 --- inn-2.4.4/doc/man/expireover.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/expireover.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXPIREOVER 8" -.TH EXPIREOVER 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH EXPIREOVER 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" expireover \- Expire entries from the news overview database .SH "SYNOPSIS" @@ -260,7 +260,7 @@ Written by Rob Robertson (with help from Dave Lawrence ) for InterNetNews. .PP -$Id: expireover.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: expireover.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactive\fR\|(5), \fIctlinnd\fR\|(8), \fIexpire\fR\|(8), \fIexpire.ctl\fR\|(5), \fIinn.conf\fR\|(5), diff -Nrup inn-2.4.4/doc/man/fastrm.1 inn-2.4.5/doc/man/fastrm.1 --- inn-2.4.4/doc/man/fastrm.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/fastrm.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "FASTRM 1" -.TH FASTRM 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH FASTRM 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" fastrm \- Quickly remove a list of files .SH "SYNOPSIS" @@ -302,7 +302,7 @@ general fast file removal program. \&\fBfastrm\fR was originally written by kre@munnari.oz.au. This manual page rewritten in \s-1POD\s0 by Russ Allbery for InterNetNews. .PP -$Id: fastrm.1 7736 2008-04-06 09:27:49Z iulius $ +$Id: fastrm.1 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIexpirerm\fR\|(8) diff -Nrup inn-2.4.4/doc/man/grephistory.1 inn-2.4.5/doc/man/grephistory.1 --- inn-2.4.4/doc/man/grephistory.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/grephistory.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GREPHISTORY 1" -.TH GREPHISTORY 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH GREPHISTORY 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" grephistory \- Query the INN history database .SH "SYNOPSIS" @@ -194,7 +194,7 @@ any other requested information. This f Written by Rich \f(CW$alz\fR for InterNetNews. Rewritten in \&\s-1POD\s0 by Russ Allbery . .Sp -$Id: grephistory.1 7736 2008-04-06 09:27:49Z iulius $ +$Id: grephistory.1 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIhistory\fR\|(5), \fIinn.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/ident.8 inn-2.4.5/doc/man/ident.8 --- inn-2.4.4/doc/man/ident.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/ident.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "IDENT 8" -.TH IDENT 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH IDENT 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" ident \- nnrpd ident resolver .SH "SYNOPSIS" @@ -186,7 +186,7 @@ network whose machines respond to ident .IX Header "HISTORY" This documentation was written by Jeffrey M. Vinocur . .PP -$Id: ident.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: ident.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fInnrpd\fR\|(8), \fIreaders.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/inews.1 inn-2.4.5/doc/man/inews.1 --- inn-2.4.4/doc/man/inews.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/inews.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INEWS 1" -.TH INEWS 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INEWS 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" inews \- Post a Usenet article to the local news server .SH "SYNOPSIS" diff -Nrup inn-2.4.4/doc/man/inn.conf.5 inn-2.4.5/doc/man/inn.conf.5 --- inn-2.4.4/doc/man/inn.conf.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/inn.conf.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INN.CONF 5" -.TH INN.CONF 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INN.CONF 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" inn.conf \- Configuration data for InterNetNews programs .SH "DESCRIPTION" @@ -1211,7 +1211,7 @@ values for reference. Written by Rich \f(CW$alz\fR for InterNetNews and since modified, updated, and reorganized by innumerable other people. .PP -$Id: inn.conf.5 7751 2008-04-06 14:35:40Z iulius $ +$Id: inn.conf.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIinews\fR\|(1), \fIinnd\fR\|(8), \fIinnwatch\fR\|(8), \fInnrpd\fR\|(8), \fIrnews\fR\|(1). diff -Nrup inn-2.4.4/doc/man/innconfval.1 inn-2.4.5/doc/man/innconfval.1 --- inn-2.4.4/doc/man/innconfval.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/innconfval.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INNCONFVAL 1" -.TH INNCONFVAL 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INNCONFVAL 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" innconfval \- Get configuration parameters from inn.conf .SH "SYNOPSIS" @@ -192,7 +192,7 @@ Print \s-1INN\s0's version. This is equ .IX Header "HISTORY" Written by Rich \f(CW$alz\fR for InterNetNews. .PP -$Id: innconfval.1 7736 2008-04-06 09:27:49Z iulius $ +$Id: innconfval.1 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIinn.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/innd.8 inn-2.4.5/doc/man/innd.8 --- inn-2.4.4/doc/man/innd.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/innd.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INND 8" -.TH INND 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INND 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" innd \- InterNetNews daemon .SH "SYNOPSIS" @@ -593,7 +593,7 @@ disables source routing. .IX Header "HISTORY" Written by Rich \f(CW$alz\fR for InterNetNews. .PP -$Id: innd.8 7751 2008-04-06 14:35:40Z iulius $ +$Id: innd.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactive\fR\|(5), \fIctlinnd\fR\|(8), \fIdbz\fR\|(3), \fIhistory\fR\|(5), \fIincoming.conf\fR\|(5), \fIinn.conf\fR\|(5), diff -Nrup inn-2.4.4/doc/man/inndf.8 inn-2.4.5/doc/man/inndf.8 --- inn-2.4.4/doc/man/inndf.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/inndf.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INNDF 8" -.TH INNDF 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INNDF 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" inndf \- Report free disk, inodes, and overview information .SH "SYNOPSIS" diff -Nrup inn-2.4.4/doc/man/inndstart.8 inn-2.4.5/doc/man/inndstart.8 --- inn-2.4.4/doc/man/inndstart.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/inndstart.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INNDSTART 8" -.TH INNDSTART 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INNDSTART 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" inndstart \- Start innd .SH "SYNOPSIS" @@ -388,7 +388,7 @@ The binary that is executed as \fBinnd\f .IX Header "HISTORY" Written by Russ Allbery for InterNetNews. .PP -$Id: inndstart.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: inndstart.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIinn.conf\fR\|(5), \fIinnd\fR\|(8) diff -Nrup inn-2.4.4/doc/man/innmail.1 inn-2.4.5/doc/man/innmail.1 --- inn-2.4.4/doc/man/innmail.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/innmail.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INNMAIL 1" -.TH INNMAIL 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INNMAIL 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" innmail \- Simple mail\-sending program .SH "SYNOPSIS" diff -Nrup inn-2.4.4/doc/man/innupgrade.8 inn-2.4.5/doc/man/innupgrade.8 --- inn-2.4.4/doc/man/innupgrade.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/innupgrade.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "INNUPGRADE 8" -.TH INNUPGRADE 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH INNUPGRADE 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" innupgrade \- Upgrade INN configuration files .SH "SYNOPSIS" @@ -201,4 +201,4 @@ alternate file. .IX Header "HISTORY" Written by Russ Allbery for InterNetNews. .PP -$Id: innupgrade.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: innupgrade.8 7880 2008-06-16 20:37:13Z iulius $ diff -Nrup inn-2.4.4/doc/man/libauth.3 inn-2.4.5/doc/man/libauth.3 --- inn-2.4.4/doc/man/libauth.3 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/libauth.3 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "libauth 3" -.TH libauth 3 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH libauth 3 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" libauth \- routines for writing nnrpd resolvers and authenticators .SH "SYNOPSIS" @@ -201,7 +201,7 @@ respectively? .IX Header "HISTORY" Written by Jeffrey M. Vinocur for InterNetNews. .PP -$Id: libauth.3 7736 2008-04-06 09:27:49Z iulius $ +$Id: libauth.3 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fInnrpd\fR\|(8), \fIreaders.conf\fR\|(5), \fIdoc/external\-auth\fR diff -Nrup inn-2.4.4/doc/man/libinnhist.3 inn-2.4.5/doc/man/libinnhist.3 --- inn-2.4.4/doc/man/libinnhist.3 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/libinnhist.3 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "libinnhist 3" -.TH libinnhist 3 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH libinnhist 3 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" his \- routines for managing INN history .SH "SYNOPSIS" @@ -418,4 +418,4 @@ type \fBtime_t\fR and will not be modifi .IX Header "HISTORY" Written by Alex Kiernan for InterNetNews 2.4.0. .Sp -$Id: libinnhist.3 7736 2008-04-06 09:27:49Z iulius $ +$Id: libinnhist.3 7880 2008-06-16 20:37:13Z iulius $ diff -Nrup inn-2.4.4/doc/man/list.3 inn-2.4.5/doc/man/list.3 --- inn-2.4.4/doc/man/list.3 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/list.3 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "list 3" -.TH list 3 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH list 3 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" list \- list routines .SH "SYNOPSIS" @@ -208,4 +208,4 @@ to the caller. .IX Header "HISTORY" Written by Alex Kiernan for InterNetNews 2.4.0. .PP -$Id: list.3 7736 2008-04-06 09:27:49Z iulius $ +$Id: list.3 7880 2008-06-16 20:37:13Z iulius $ diff -Nrup inn-2.4.4/doc/man/mailpost.8 inn-2.4.5/doc/man/mailpost.8 --- inn-2.4.4/doc/man/mailpost.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/mailpost.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "MAILPOST 8" -.TH MAILPOST 8 "2008-04-26" "INN 2.4.4" "InterNetNews Documentation" +.TH MAILPOST 8 "2008-04-26" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" mailpost \- Feed an e\-mail message into a newsgroup .SH "SYNOPSIS" @@ -252,7 +252,7 @@ The default database files which record Written by Paul Vixie long ago and then hacked up by James Brister for \s-1INN\s0 integration. .PP -$Id: mailpost.8 7798 2008-04-26 08:47:01Z iulius $ +$Id: mailpost.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactive\fR\|(5), \fIinews\fR\|(1), \fIinn.conf\fR\|(5), \fInnrpd\fR\|(8), \fIuwildmat\fR\|(3). diff -Nrup inn-2.4.4/doc/man/makehistory.8 inn-2.4.5/doc/man/makehistory.8 --- inn-2.4.4/doc/man/makehistory.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/makehistory.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "MAKEHISTORY 8" -.TH MAKEHISTORY 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH MAKEHISTORY 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" makehistory \- Initialize or rebuild INN history database .SH "SYNOPSIS" @@ -301,7 +301,7 @@ Where temporary files are written unless Originally written by Rich \f(CW$alz\fR for InterNetNews and updated by various other people since. .PP -$Id: makehistory.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: makehistory.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIdbz\fR\|(3), \fIactive\fR\|(5), \fIhistory\fR\|(5), \fIinn.conf\fR\|(5), \fIctlinnd\fR\|(8), \fIinnd\fR\|(8), diff -Nrup inn-2.4.4/doc/man/motd.news.5 inn-2.4.5/doc/man/motd.news.5 --- inn-2.4.4/doc/man/motd.news.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/motd.news.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "MOTD.NEWS 5" -.TH MOTD.NEWS 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH MOTD.NEWS 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" motd.news \- Message of the day information for readers .SH "DESCRIPTION" @@ -148,7 +148,7 @@ the client an empty response. .IX Header "HISTORY" Rewritten in \s-1POD\s0 by Russ Allbery for InterNetNews. .PP -$Id: motd.news.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: motd.news.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIinn.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/newsfeeds.5 inn-2.4.5/doc/man/newsfeeds.5 --- inn-2.4.4/doc/man/newsfeeds.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/newsfeeds.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "NEWSFEEDS 5" -.TH NEWSFEEDS 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH NEWSFEEDS 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" newsfeeds \- Determine where Usenet articles are sent .SH "DESCRIPTION" @@ -904,7 +904,7 @@ the standard newsfeeds entries used by m Written by Rich \f(CW$alz\fR for InterNetNews. Reformatted and rewritten in \s-1POD\s0 by Russ Allbery . .PP -$Id: newsfeeds.5 7741 2008-04-06 09:51:47Z iulius $ +$Id: newsfeeds.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactive\fR\|(5), \fIbuffchan\fR\|(8), \fIcontrolchan\fR\|(8), \fIctlinnd\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), diff -Nrup inn-2.4.4/doc/man/ninpaths.8 inn-2.4.5/doc/man/ninpaths.8 --- inn-2.4.4/doc/man/ninpaths.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/ninpaths.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "NINPATHS 8" -.TH NINPATHS 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH NINPATHS 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" ninpaths \- Report Usenet Path statistics (new inpaths) .SH "SYNOPSIS" diff -Nrup inn-2.4.4/doc/man/nnrpd.8 inn-2.4.5/doc/man/nnrpd.8 --- inn-2.4.4/doc/man/nnrpd.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/nnrpd.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "NNRPD 8" -.TH NNRPD 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH NNRPD 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" nnrpd \- NNTP server for reader clients .SH "SYNOPSIS" @@ -376,7 +376,7 @@ support added by Rob Robertston for InterNetNews. This is revision \f(CW$Revision:\fR 5089 $, dated \f(CW$Date:\fR 2002\-02\-03 20:03:41 +0100 (dim, 03 f�v 2002) $. .PP -$Id: passwd.nntp.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: passwd.nntp.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fIlibinn\fR\|(3). diff -Nrup inn-2.4.4/doc/man/pullnews.1 inn-2.4.5/doc/man/pullnews.1 --- inn-2.4.4/doc/man/pullnews.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/pullnews.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,16 +129,21 @@ .\" ======================================================================== .\" .IX Title "PULLNEWS 1" -.TH PULLNEWS 1 "2008-04-26" "INN 2.4.4" "InterNetNews Documentation" +.TH PULLNEWS 1 "2008-06-05" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" -pullnews \- Pull news from one news server and feed it to another +pullnews \- Pull news from multiple news servers and feed it to another .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBpullnews\fR [\fB\-hqx\fR] [\fB\-c\fR \fIconfig\fR] [\fB\-g\fR \fIgroups\fR] [\fB\-p\fR \fIport\fR] -[\fB\-r\fR \fIfile\fR] [\fB\-s\fR \fIto-server\fR] [ ...] +\&\fBpullnews\fR [\fB\-hnqRx\fR] [\fB\-b\fR \fIfraction\fR] [\fB\-c\fR \fIconfig\fR] [\fB\-C\fR \fIwidth\fR] +[\fB\-d\fR \fIlevel\fR] [\fB\-f\fR \fIfraction\fR] [\fB\-F\fR \fIfakehop\fR] [\fB\-g\fR \fIgroups\fR] +[\fB\-G\fR \fInewsgroups\fR] [\fB\-H\fR \fIheaders\fR] [\fB\-k\fR \fIcheckpt\fR] [\fB\-l\fR \fIlogfile\fR] +[\fB\-m\fR \fIheader_pats\fR] [\fB\-M\fR \fInum\fR] [\fB\-N\fR \fItimeout\fR] [\fB\-p\fR \fIport\fR] +[\fB\-P\fR \fIhop_limit\fR] [\fB\-Q\fR \fIlevel\fR] [\fB\-r\fR \fIfile\fR] [\fB\-s\fR \fIto-server\fR[:\fIport\fR]] +[\fB\-S\fR \fImax-run\fR] [\fB\-t\fR \fIretries\fR] [\fB\-T\fR \fIconnect-pause\fR] [\fB\-w\fR \fInum\fR] +[\fB\-z\fR \fIarticle-pause\fR] [\fB\-Z\fR \fIgroup-pause\fR] [\fIfrom-server\fR ...] .SH "REQUIREMENTS" .IX Header "REQUIREMENTS" -The Net::NNTP module must be installed. This module is available as part +The \f(CW\*(C`Net::NNTP\*(C'\fR module must be installed. This module is available as part of the libnet distribution and comes with recent versions of Perl. For older versions of Perl, you can download it from . .SH "DESCRIPTION" @@ -147,62 +152,167 @@ older versions of Perl, you can download (normally called \fI~/.pullnews\fR) and connects to the upstream servers given there as a reader client. By default, it connects to all servers listed in the configuration file, but you can limit \fBpullnews\fR to -specific servers by listing them on the command line. For each server it -connects to, it pulls over articles and feeds them to the destination -server via the \s-1IHAVE\s0 command. This means that the system \fBpullnews\fR is -run on must have feeding access to the destination news server. +specific servers by listing them on the command line: a whitespace-separated +list of server names can be specified, like \fIfrom-server\fR for one of them. +For each server it connects to, it pulls over articles and feeds them to the +destination server via the \s-1IHAVE\s0 or \s-1POST\s0 commands. This means that the system +\&\fBpullnews\fR is run on must have feeding access to the destination news server. .PP -\&\fBpullnews\fR is designed for very small sites that don't want to bother +\&\fBpullnews\fR is designed for very small sites that do not want to bother setting up traditional peering and is not meant for handling large feeds. .SH "OPTIONS" .IX Header "OPTIONS" +.IP "\fB\-b\fR \fIfraction\fR" 4 +.IX Item "-b fraction" +Backtrack on server numbering reset. Specify the proportion (\f(CW0.0\fR to \f(CW1.0\fR) +of a group's articles to pull when the server's article number is less than +our high for that group. When \fIfraction\fR is \f(CW1.0\fR, pull all the articles on +a renumbered server. The default is to do nothing. .IP "\fB\-c\fR \fIconfig\fR" 4 .IX Item "-c config" Normally, the config file is stored in \fI~/.pullnews\fR for the user running \&\fBpullnews\fR. If \fB\-c\fR is given, \fIconfig\fR will be used as the config file instead. This is useful if you're running \fBpullnews\fR as a system user on an automated basis out of cron rather than as an individual user. +.Sp +See \*(L"\s-1CONFIG\s0 \s-1FILE\s0\*(R" below for the format of this file. +.IP "\fB\-C\fR \fIwidth\fR" 4 +.IX Item "-C width" +Use \fIwidth\fR characters per line for the progress table. The default value +is \f(CW50\fR. +.IP "\fB\-d\fR \fIlevel\fR" 4 +.IX Item "-d level" +Set the debugging level to the integer \fIlevel\fR; more debugging output +will be logged as this increases. The default value is \f(CW0\fR. +.IP "\fB\-f\fR \fIfraction\fR" 4 +.IX Item "-f fraction" +This changes the proportion of articles to get from each group to +\&\fIfraction\fR and should be in the range \f(CW0.0\fR to \f(CW1.0\fR (\f(CW1.0\fR being +the default). +.IP "\fB\-F\fR \fIfakehop\fR" 4 +.IX Item "-F fakehop" +Prepend \fIfakehop\fR as a host to the Path: header of articles fed. .IP "\fB\-g\fR \fIgroups\fR" 4 .IX Item "-g groups" -Specifies a collection of groups to get. \fIgroups\fR is a list of +Specify a collection of groups to get. \fIgroups\fR is a list of newsgroups separated by commas (only commas, no spaces). Each group must be defined in the config file, and only the remote hosts that carry those groups will be contacted. Note that this is a simple list of groups, not a wildmat expression, and wildcards are not supported. +.IP "\fB\-G\fR \fInewsgroups\fR" 4 +.IX Item "-G newsgroups" +Add the comma-separated list of groups \fInewsgroups\fR to each server in the +configuration file (see also \fB\-g\fR and \fB\-w\fR). .IP "\fB\-h\fR" 4 .IX Item "-h" Print a usage message and exit. +.IP "\fB\-H\fR \fIheaders\fR" 4 +.IX Item "-H headers" +Remove these named headers (colon\-separated list) from fed articles. +.IP "\fB\-k\fR \fIcheckpt\fR" 4 +.IX Item "-k checkpt" +Checkpoint (save) the config file every \fIcheckpt\fR articles +(default is \f(CW0\fR, that is to say at the end of the session). +.IP "\fB\-l\fR \fIlogfile\fR" 4 +.IX Item "-l logfile" +Log progress/stats to \fIlogfile\fR (default is \f(CW\*(C`stdout\*(C'\fR). +.IP "\fB\-m\fR \fIheader_pats\fR" 4 +.IX Item "-m header_pats" +Feed an article based on header matching. The argument is a number of +whitespace-separated tuples (each tuple being a colon-separated header and +regular expression). For instance: +.Sp +.Vb 1 +\& Hdr1:regexp1 !Hdr2:regexp2 +.Ve +.Sp +specifies that the article will be passed only if the \f(CW\*(C`Hdr1:\*(C'\fR header +matches \f(CW\*(C`regexp1\*(C'\fR and the \f(CW\*(C`Hdr2:\*(C'\fR header does not match \f(CW\*(C`regexp2\*(C'\fR. +.IP "\fB\-M\fR \fInum\fR" 4 +.IX Item "-M num" +Specify the maximum number of articles (per group) to process. +The default is to process all new articles. See also \fB\-f\fR. +.IP "\fB\-n\fR" 4 +.IX Item "-n" +Do nothing but read articles \-\-\ does not feed articles downstream, +writes no \fBrnews\fR file, does not update the config file. +.IP "\fB\-N\fR \fItimeout\fR" 4 +.IX Item "-N timeout" +Specify the timeout length, as \fItimeout\fR seconds, +when establishing an \s-1NNTP\s0 connection. .IP "\fB\-p\fR \fIport\fR" 4 .IX Item "-p port" Connect to the destination news server on a port other than the default of -119. This option does not change the port used to connect to the remote +\&\f(CW119\fR. This option does not change the port used to connect to the source news servers. +.IP "\fB\-P\fR \fIhop_limit\fR" 4 +.IX Item "-P hop_limit" +Restrict feeding an article based on the number of hops it has already made. +Count the hops in the Path: header (\fIhop_count\fR), feeding the article only +when \fIhop_limit\fR is \f(CW\*(C`+num\*(C'\fR and \fIhop_count\fR is more than \fInum\fR; +or \fIhop_limit\fR is \f(CW\*(C`\-num\*(C'\fR and \fIhop_count\fR is less than \fInum\fR. .IP "\fB\-q\fR" 4 .IX Item "-q" Print out less status information while running. +.IP "\fB\-Q\fR \fIlevel\fR" 4 +.IX Item "-Q level" +Set the quietness level (\f(CW\*(C`\-Q 2\*(C'\fR is equivalent to \f(CW\*(C`\-q\*(C'\fR). The higher this +value, the less gets logged. The default is \f(CW0\fR. .IP "\fB\-r\fR \fIfile\fR" 4 .IX Item "-r file" -Rather than feeding the downloaded articles to a local server, instead +Rather than feeding the downloaded articles to a destination server, instead create a batch file that can later be fed to a server using \fBrnews\fR. See \&\fIrnews\fR\|(1) for more information about the batch file format. -.IP "\fB\-s\fR \fIto-server\fR" 4 -.IX Item "-s to-server" +.IP "\fB\-R\fR" 4 +.IX Item "-R" +Be a reader (use \s-1MODE\s0 \s-1READER\s0 and \s-1POST\s0 commands) to the downstream +server. The default is to use the \s-1IHAVE\s0 command. +.IP "\fB\-s\fR \fIto-server\fR[:\fIport\fR]" 4 +.IX Item "-s to-server[:port]" Normally, \fBpullnews\fR will feed the articles it retrieves to the news server running on localhost. To connect to a different host, specify a -server with the \fB\-s\fR flag. +server with the \fB\-s\fR flag. You can also specify the port with this same +flag or use \fB\-p\fR. +.IP "\fB\-S\fR \fImax-run\fR" 4 +.IX Item "-S max-run" +Specify the maximum time \fImax-run\fR in seconds for \fBpullnews\fR to run. +.IP "\fB\-t\fR \fIretries\fR" 4 +.IX Item "-t retries" +The maximum number (\fIretries\fR) of attempts to connect to a server +(see also \fB\-T\fR). The default is \f(CW0\fR. +.IP "\fB\-T\fR \fIconnect-pause\fR" 4 +.IX Item "-T connect-pause" +Pause \fIconnect-pause\fR seconds between connection retries (see also \fB\-t\fR). +The default is \f(CW1\fR. +.IP "\fB\-w\fR \fInum\fR" 4 +.IX Item "-w num" +Set each group's high watermark (last received article number) to \fInum\fR. +If \fInum\fR is negative, calculate \fICurrent\fR+\fInum\fR instead (i.e. get the last +\&\fInum\fR articles). Therefore, a \fInum\fR of \f(CW0\fR will re-get all articles on the +server; whereas a \fInum\fR of \f(CW\*(C`\-0\*(C'\fR will get no old articles, setting the +watermark to \fICurrent\fR (the most recent article on the server). .IP "\fB\-x\fR" 4 .IX Item "-x" If the \fB\-x\fR flag is used, an Xref: header is added to any article that lacks one. It can be useful for instance if articles are fed to a news server which has \fIxrefslave\fR set in \fIinn.conf\fR. +.IP "\fB\-z\fR \fIarticle-pause\fR" 4 +.IX Item "-z article-pause" +Sleep \fIarticle-pause\fR seconds between articles. The default is \f(CW0\fR. +.IP "\fB\-Z\fR \fIgroup-pause\fR" 4 +.IX Item "-Z group-pause" +Sleep \fIgroup-pause\fR seconds between groups. The default is \f(CW0\fR. .SH "CONFIG FILE" .IX Header "CONFIG FILE" The config file for \fBpullnews\fR is divided into blocks, one block for each remote server to connect to. A block begins with the host line, which must have no leading whitespace and contains just the hostname of the -remote server. Following this line should be one or more newsgroup lines -which start with whitespace followed by the name of a newsgroup to -retrieve. Only one newsgroup should be listed on each line. +remote server, optionally followed by authentication details (username +and password for that server). +.PP +Following the host line should be one or more newsgroup lines which start +with whitespace followed by the name of a newsgroup to retrieve. Only one +newsgroup should be listed on each line. .PP \&\fBpullnews\fR will update the config file to include the time the group was last checked and the highest numbered article successfully retrieved and @@ -218,8 +328,7 @@ The full syntax is: .Ve .PP where the line must not have leading whitespace and the -lines must. Note that you may optionally specify a username and password -for basic authentication to the remote server if necessary. +lines must. .PP A typical configuration file would be: .PP @@ -239,16 +348,26 @@ were just added by the user and have not .PP The nnrp.vix.com server requires authentication, and \fBpullnews\fR will use the username \f(CW\*(C`pull\*(C'\fR and the password \f(CW\*(C`sekret\*(C'\fR. -.SH "BUGS" -.IX Header "BUGS" -\&\fBpullnews\fR is very simple and is lacking in more sophisticated features -(like killing articles based on user-defined conditions) that better pull -feeders most certainly have. It also doesn't keep or log much detail on -articles transferred. +.SH "FILES" +.IX Header "FILES" +.IP "\fIpathbin\fR/pullnews" 4 +.IX Item "pathbin/pullnews" +The Perl script itself used to pull news from upstream servers and feed +it to another news server. +.IP "\fI$HOME\fR/.pullnews" 4 +.IX Item "$HOME/.pullnews" +The default config file. It is in the running user's home directory +(normally called \fI~/.pullnews\fR). .SH "HISTORY" .IX Header "HISTORY" -pullnews was written by James Brister for \s-1INN\s0. The documentation was +\&\fBpullnews\fR was written by James Brister for \s-1INN\s0. The documentation was rewritten in \s-1POD\s0 by Russ Allbery . +.PP +Geraint A. Edwards greatly improved \fBpullnews\fR, adding no more than 16\ new +recognized flags, fixing some bugs and integrating the \fBbackupfeed\fR +contrib script by Kai Henningsen, adding again 6\ other flags. +.PP +$Id: pullnews.pod 7853 2008\-05\-27 19:07:45Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIincoming.conf\fR\|(5) +\&\fIincoming.conf\fR\|(5), \fIrnews\fR\|(1). diff -Nrup inn-2.4.4/doc/man/qio.3 inn-2.4.5/doc/man/qio.3 --- inn-2.4.4/doc/man/qio.3 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/qio.3 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "qio 3" -.TH qio 3 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH qio 3 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" qio \- Quick I/O routines for reading files .SH "SYNOPSIS" @@ -239,4 +239,4 @@ printing out each line preceeded by its Written by Rich \f(CW$alz\fR for InterNetNews. Updated by Russ Allbery . .PP -$Id: qio.3 7736 2008-04-06 09:27:49Z iulius $ +$Id: qio.3 7880 2008-06-16 20:37:13Z iulius $ diff -Nrup inn-2.4.4/doc/man/radius.8 inn-2.4.5/doc/man/radius.8 --- inn-2.4.4/doc/man/radius.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/radius.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RADIUS 8" -.TH RADIUS 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH RADIUS 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" radius \- nnrpd RADIUS password authenticator .SH "SYNOPSIS" @@ -188,7 +188,7 @@ implement it correctly. The \s-1RADIUS\s0 authenticator was originally written by Aidan Cully. This documentation was written by Russ Allbery . .PP -$Id: radius.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: radius.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fInnrpd\fR\|(8), \fIradius.conf\fR\|(5), \fIreaders.conf\fR\|(5) diff -Nrup inn-2.4.4/doc/man/radius.conf.5 inn-2.4.5/doc/man/radius.conf.5 --- inn-2.4.4/doc/man/radius.conf.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/radius.conf.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RADIUS.CONF 5" -.TH RADIUS.CONF 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH RADIUS.CONF 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" radius.conf \- Configuration for nnrpd RADIUS authenticator .SH "DESCRIPTION" @@ -220,7 +220,7 @@ The shared secret with the \s-1RADIUS\s0 This documentation was written by Russ Allbery based on the comments in the sample radius.conf file by Yury B. Razbegin. .PP -$Id: radius.conf.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: radius.conf.5 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIradius\fR\|(1) diff -Nrup inn-2.4.4/doc/man/rc.news.8 inn-2.4.5/doc/man/rc.news.8 --- inn-2.4.4/doc/man/rc.news.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/rc.news.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RC.NEWS 8" -.TH RC.NEWS 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH RC.NEWS 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" rc.news \- Start or stop INN daemons .SH "SYNOPSIS" @@ -205,7 +205,7 @@ user \s-1ID\s0. This manual page written by Jeffrey M. Vinocur for InterNetNews. .PP -$Id: rc.news.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: rc.news.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIctlinnd\fR\|(8), diff -Nrup inn-2.4.4/doc/man/readers.conf.5 inn-2.4.5/doc/man/readers.conf.5 --- inn-2.4.4/doc/man/readers.conf.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/readers.conf.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "READERS.CONF 5" -.TH READERS.CONF 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH READERS.CONF 5 "2008-06-22" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" readers.conf \- Access control and configuration for nnrpd .SH "DESCRIPTION" @@ -404,16 +404,17 @@ valid if \s-1INN\s0 is compiled with Per configure). More information may be found in \fIdoc/hook\-perl\fR. .IP "\fBpython_auth:\fR" 4 .IX Item "python_auth:" -A python script for authentication. The python_auth: parameter works -exactly like auth:, except that it calls the named script using the -python hook rather then an external program. Multiple/mixed use of -the auth, perl_auth, and python_auth parameters is permitted within any -auth group; each line is tried in the order it appears. python_auth: -has more power than auth: in that it provides the authentication -program with additional information about the client and the ability -to return an error string and a username. This parameter is only -valid if \s-1INN\s0 is compiled with Python support (\fB\-\-with\-python\fR passed -to configure). More information may be found in \fIdoc/hook\-python\fR. +A Python script for authentication. The \fIpython_auth\fR parameter works +exactly like \fIauth\fR, except that it calls the named script (without its +\&\f(CW\*(C`.py\*(C'\fR extension) using the Python hook rather then an external program. +Multiple/mixed use of the \fIauth\fR, \fIperl_auth\fR, and \fIpython_auth\fR +parameters is permitted within any auth group; each line is tried +in the order it appears. \fIpython_auth\fR has more power than \fIauth\fR +in that it provides the authentication program with additional information +about the client and the ability to return an error string and a username. +This parameter is only valid if \s-1INN\s0 is compiled with Python support +(\fB\-\-with\-python\fR passed to \fBconfigure\fR). More information may be +found in \fIdoc/hook\-python\fR. .IP "\fBdefault:\fR" 4 .IX Item "default:" The default username for connections matching this auth group. This is @@ -454,27 +455,28 @@ support (\fB\-\-with\-perl\fR passed to found in the file \fIdoc/hook\-perl\fR. .IP "\fBpython_access:\fR" 4 .IX Item "python_access:" -A python script for dynamically generating an access group. If -an auth group matches successfully and contains a python_access parameter, -then the argument script will be used to create an access group. -This group will then determine the access rights of the client, -overriding any access groups in \fIreaders.conf\fR. If and only if a -successful auth group contains the python_access parameter, \fIreaders.conf\fR +A Python script for dynamically generating an access group. If +an auth group matches successfully and contains a \fIpython_access\fR parameter, +then the argument script (without its \f(CW\*(C`.py\*(C'\fR extension) will be used to +create an access group. This group will then determine the access rights +of the client, overriding any access groups in \fIreaders.conf\fR. If and only +if a successful auth group contains the \fIpython_access\fR parameter, \fIreaders.conf\fR access groups are ignored and the client's rights are instead determined dynamically. This parameter is only valid if \s-1INN\s0 is compiled with Python -support (\fB\-\-with\-python\fR passed to configure). More information may be +support (\fB\-\-with\-python\fR passed to \fBconfigure\fR). More information may be found in the file \fIdoc/hook\-python\fR. .IP "\fBpython_dynamic:\fR" 4 .IX Item "python_dynamic:" -A python script for applying access control dynamically on a per newsgroup +A Python script for applying access control dynamically on a per newsgroup basis. If an auth group matches successfully and contains a -python_dynamic parameter, then the argument script will be used to -determine the clients rights each time the user attempts to view a -newsgroup, or read or post an article. Access rights as determined by -python_dynamic override the values of access group parameters such as -newsgroups, read, and post. This parameter is only valid if \s-1INN\s0 is -compiled with Python support (\fB\-\-with\-python\fR passed to configure). More -information may be found in the file \fIdoc/hook\-python\fR. +\&\fIpython_dynamic\fR parameter, then the argument script (without its +\&\f(CW\*(C`.py\*(C'\fR extension) will be used to determine the clients rights each time +the user attempts to view a newsgroup, or read or post an article. Access +rights as determined by \fIpython_dynamic\fR override the values of access +group parameters such as \fInewsgroups\fR, \fIread\fR and \fIpost\fR. This parameter +is only valid if \s-1INN\s0 is compiled with Python support (\fB\-\-with\-python\fR +passed to \fBconfigure\fR). More information may be found in the file +\&\fIdoc/hook\-python\fR. .SH "ACCESS GROUP PARAMETERS" .IX Header "ACCESS GROUP PARAMETERS" .IP "\fBusers:\fR" 4 @@ -564,8 +566,8 @@ disconnected with a \*(L"Permission deni display the reason to the user. .IP "\fBmax_rate:\fR" 4 .IX Item "max_rate:" -If this parameter is present (and nonzero) it is used for nnrpd's -rate-limiting code. The client will only be able to download at this +If this parameter is present (and nonzero), it is used for \fBnnrpd\fR's +rate-limiting code. The client will only be able to download at this speed (in bytes/second). Note that if \s-1SSL\s0 is being used, limiting is applied to the pre-encryption datastream. .IP "\fBlocaltime:\fR" 4 @@ -595,13 +597,14 @@ filter even if it is otherwise enabled. default is true. .IP "\fBvirtualhost:\fR" 4 .IX Item "virtualhost:" -Set this parameter to make \fBnnrpd\fR behave as if it's running on a server -with a different name than it actually is. If you set this parameter, you -must also set either pathhost: or domain: to something different than is -set in \fIinn.conf\fR. All articles displayed to clients will then have +Set this parameter to true in order to make \fBnnrpd\fR behave as if it is +running on a server with a different name than it actually is. If you +set this parameter to true, you must also set either pathhost: or domain: +in the relevant access group in \fIreaders.conf\fR to something different +than is set in \fIinn.conf\fR. All articles displayed to clients will then have their Path: and Xref: headers altered to appear to be from the server named in pathhost: or domain: (whichever is set), and posted articles will -use that server name in the Path:, Message\-ID;, and X\-Trace: headers. +use that server name in the Path:, Message\-ID:, and X\-Trace: headers. .Sp Note that setting this parameter requires the server modify all posts before presenting them to the client and therefore may decrease @@ -609,12 +612,16 @@ performance slightly. .PP In addition, all of the following parameters are valid in access groups and override the global setting in \fIinn.conf\fR. See \fIinn.conf\fR\|(5) for the -descriptions of these parameters: addnntppostingdate, addnntppostinghost, -backoff_auth, backoff_db, backoff_k, backoff_postfast, backoff_postslow, -backoff_trigger, checkincludedtext, clienttimeout, complaints, domain, -fromhost, localmaxartsize, moderatormailer, nnrpdauthsender, -nnrpdcheckart, nnrpdoverstats, nnrpdposthost, nnrpdpostport, organization, -pathhost, readertrack, spoolfirst, and strippostcc. +descriptions of these parameters: +.PP +.Vb 6 +\& addnntppostingdate, addnntppostinghost, backoff_auth, backoff_db, +\& backoff_k, backoff_postfast, backoff_postslow, backoff_trigger, +\& checkincludedtext, clienttimeout, complaints, domain, +\& fromhost, localmaxartsize, moderatormailer, nnrpdauthsender, +\& nnrpdcheckart, nnrpdoverstats, nnrpdposthost, nnrpdpostport, organization, +\& pathhost, readertrack, spoolfirst, strippostcc. +.Ve .SH "SUMMARY" .IX Header "SUMMARY" Here's a basic summary of what happens when a client connects: @@ -710,7 +717,7 @@ usernames and passwords, and then agains .PP .Vb 4 \& auth all { -\& auth: "ckpasswd \-d /usr/local/news/db/newsusers" +\& auth: "ckpasswd \-d /newsusers" \& auth: "ckpasswd \-s" \& } .Ve @@ -764,7 +771,7 @@ cannot. .PP .Vb 5 \& auth default { -\& auth: "ckpasswd \-f /usr/local/news/db/newsusers" +\& auth: "ckpasswd \-f /newsusers" \& default: \& default\-domain: example.com \& } @@ -904,7 +911,8 @@ some auth groups with a restrictive host above, with ones having global applicability below. .IP "\(bu" 4 Consider running a \f(CW\*(C`nnrpd \-S\*(C'\fR (with \f(CW\*(C`\-D\*(C'\fR, or out of \*(L"super\-server\*(R" -like inetd) on the nntps port (563) for clients that support \s-1SSL\s0. You +like \fBinetd\fR) on the \s-1NNTPS\s0 port (563) for clients that support \s-1SSL\s0. See +\&\fInnrpd\fR\|(8) for more details about how to configure that. You can use the require_ssl: parameter, or \f(CW\*(C`\-c\*(C'\fR to specify an alternate \&\fIreaders.conf\fR if you want a substantially different configuration for this case. @@ -917,7 +925,8 @@ tunnel), use the localaddress: parameter Written by Aidan Cully for InterNetNews. Substantially expanded by Russ Allbery . .PP -$Id: readers.conf.5 7736 2008-04-06 09:27:49Z iulius $ +$Id: readers.conf.5 7895 2008-06-22 17:54:10Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIckpasswd\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fInewsfeeds\fR\|(5), \fInnrpd\fR\|(8), \fIuwildmat\fR\|(3) +\&\fIauth_krb5\fR\|(8), \fIauth_smb\fR\|(8), \fIckpasswd\fR\|(8), \fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fInewsfeeds\fR\|(5), +\&\fInnrpd\fR\|(8), \fIuwildmat\fR\|(3). diff -Nrup inn-2.4.4/doc/man/sasl.conf.5 inn-2.4.5/doc/man/sasl.conf.5 --- inn-2.4.4/doc/man/sasl.conf.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/sasl.conf.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SASL.CONF 5" -.TH SASL.CONF 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH SASL.CONF 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" sasl.conf \- SASL Configuration file for nnrpd. .SH "DESCRIPTION" diff -Nrup inn-2.4.4/doc/man/sendinpaths.8 inn-2.4.5/doc/man/sendinpaths.8 --- inn-2.4.4/doc/man/sendinpaths.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/sendinpaths.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SENDINPATHS 8" -.TH SENDINPATHS 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH SENDINPATHS 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" sendinpaths \- Send Usenet Path statistics via e\-mail .SH "SYNOPSIS" diff -Nrup inn-2.4.4/doc/man/simpleftp.1 inn-2.4.5/doc/man/simpleftp.1 --- inn-2.4.4/doc/man/simpleftp.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/simpleftp.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SIMPLEFTP 1" -.TH SIMPLEFTP 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH SIMPLEFTP 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" simpleftp \- Rudimentary FTP client .SH "SYNOPSIS" @@ -166,7 +166,7 @@ with the same name in the local director Tossed off by David C Lawrence for InterNetNews. Rewritten to use Net::FTP by Julien Elie . .PP -$Id: simpleftp.1 7739 2008-04-06 09:38:31Z iulius $ +$Id: simpleftp.1 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIactsync\fR\|(8). diff -Nrup inn-2.4.4/doc/man/sm.1 inn-2.4.5/doc/man/sm.1 --- inn-2.4.4/doc/man/sm.1 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/sm.1 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SM 1" -.TH SM 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH SM 1 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" sm \- Command\-line interface to the INN storage manager .SH "SYNOPSIS" @@ -205,7 +205,7 @@ succeeded, you should run sm on one toke Written by Katsuhiro Kondou for InterNetNews. Rewritten in \s-1POD\s0 by Russ Allbery . .PP -$Id: sm.1 7736 2008-04-06 09:27:49Z iulius $ +$Id: sm.1 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIctlinnd\fR\|(8), \fIgrephistory\fR\|(1), \fIhistory\fR\|(5), \fIrnews\fR\|(1), \fIstorage.conf\fR\|(5). diff -Nrup inn-2.4.4/doc/man/subscriptions.5 inn-2.4.5/doc/man/subscriptions.5 --- inn-2.4.4/doc/man/subscriptions.5 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/subscriptions.5 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SUBSCRIPTIONS 5" -.TH SUBSCRIPTIONS 5 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH SUBSCRIPTIONS 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" subscriptions \- Default recommended subscriptions .SH "DESCRIPTION" diff -Nrup inn-2.4.4/doc/man/tdx-util.8 inn-2.4.5/doc/man/tdx-util.8 --- inn-2.4.4/doc/man/tdx-util.8 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/tdx-util.8 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "TDX-UTIL 8" -.TH TDX-UTIL 8 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH TDX-UTIL 8 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" tdx\-util \- Tradindexed overview manipulation utility .SH "SYNOPSIS" @@ -298,7 +298,7 @@ using the tradspool article storage meth .IX Header "HISTORY" Written by Russ Allbery for InterNetNews. .PP -$Id: tdx-util.8 7736 2008-04-06 09:27:49Z iulius $ +$Id: tdx-util.8 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fImakehistory\fR\|(8) diff -Nrup inn-2.4.4/doc/man/tst.3 inn-2.4.5/doc/man/tst.3 --- inn-2.4.4/doc/man/tst.3 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/tst.3 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "tst 3" -.TH tst 3 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH tst 3 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" tst \- ternary search trie functions .SH "SYNOPSIS" @@ -201,4 +201,4 @@ Converted to \s-1POD\s0 from Peter A. Fr documentation by Alex Kiernan for InterNetNews 2.4.0. .PP -$Id: tst.3 7736 2008-04-06 09:27:49Z iulius $ +$Id: tst.3 7880 2008-06-16 20:37:13Z iulius $ diff -Nrup inn-2.4.4/doc/man/uwildmat.3 inn-2.4.5/doc/man/uwildmat.3 --- inn-2.4.4/doc/man/uwildmat.3 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/man/uwildmat.3 2008-06-29 10:56:57.000000000 -0700 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "uwildmat 3" -.TH uwildmat 3 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation" +.TH uwildmat 3 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation" .SH "NAME" uwildmat, uwildmat_simple, uwildmat_poison \- Perform wildmat matching .SH "SYNOPSIS" @@ -284,7 +284,7 @@ substantial differences, including the e characters, and has noticable functionality changes. Any bugs present in it aren't Rich's fault. .PP -$Id: uwildmat.3 7736 2008-04-06 09:27:49Z iulius $ +$Id: uwildmat.3 7880 2008-06-16 20:37:13Z iulius $ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIgrep\fR\|(1), \fIfnmatch\fR\|(3), \fIregex\fR\|(3), \fIregexp\fR\|(3). diff -Nrup inn-2.4.4/doc/pod/cycbuff.conf.pod inn-2.4.5/doc/pod/cycbuff.conf.pod --- inn-2.4.4/doc/pod/cycbuff.conf.pod 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/pod/cycbuff.conf.pod 2008-06-29 10:56:57.000000000 -0700 @@ -86,7 +86,7 @@ metacycbuff line. B only reads F on startup, so if you change anything in this file and want B to pick up the changes, you have to stop and -restart it. C is not sufficient. +restart it. C is not sufficient. When articles are stored, the cycbuff into which they're stored is saved as part of the article token. In order for INN to retrieve articles from @@ -192,7 +192,7 @@ where ONE will be whatever you called yo Written by Katsuhiro Kondou for InterNetNews. Rewritten into POD by Russ Allbery . -$Id: cycbuff.conf.pod 6247 2003-02-28 00:05:40Z kondou $ +$Id: cycbuff.conf.pod 7860 2008-06-07 12:46:49Z iulius $ =head1 SEE ALSO diff -Nrup inn-2.4.4/doc/pod/hook-perl.pod inn-2.4.5/doc/pod/hook-perl.pod --- inn-2.4.4/doc/pod/hook-perl.pod 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/pod/hook-perl.pod 2008-06-29 10:56:57.000000000 -0700 @@ -1,6 +1,6 @@ =head1 INN Perl Filtering and Authentication Support -This is $Revision: 6221 $ dated $Date: 2003-02-09 19:21:27 -0800 (Sun, 09 Feb 2003) $. +This is $Revision: 7860 $ dated $Date: 2008-06-07 05:46:49 -0700 (Sat, 07 Jun 2008) $. This file documents INN's built-in support for Perl filtering and reader authentication. The code is based very heavily on work by Christophe @@ -46,7 +46,7 @@ won't be noticed by innd; only stopping to be reloaded. F, on the other hand, can be reloaded on command (with -C). Whenever F is loaded, +C). Whenever F is loaded, including the first time at innd startup, the Perl function filter_before_reload() is called before it's reloaded and the function filter_after_reload() is called after it's reloaded (if the functions @@ -64,8 +64,8 @@ initialization code that should only run was preserved on disk across a stop and restart of innd (perhaps using filter_mode() -- see below). -As mentioned above, C (or C) will cause F to be reloaded. If the function +As mentioned above, C (or C) will cause F to be reloaded. If the function filter_art() is defined after the file has been reloaded, filtering is turned on. Otherwise, filtering is turned off. (Note that due to the way Perl stores functions, once you've defined filter_art(), you can't @@ -83,34 +83,46 @@ filter_art() has access to a global hash the standard headers present in the article and their values. The standard headers are: - Approved, Control, Date, Distribution, Expires, From, Lines, - Message-ID, Newsgroups, Path, Reply-To, Sender, Subject, - Supersedes, Bytes, Also-Control, References, Keywords, X-Trace, - NNTP-Posting-Host, Followup-To, Organization, Content-Type, - Content-Base, Content-Disposition, X-Newsreader, X-Mailer, - X-Cancelled-By, X-Canceled-By, Cancel-Key - -(so, for example, the Newsgroups header of the article is accessible -inside the Perl filter as C<$hdr{Newsgroups}>). In addition, -C<$hdr{__BODY__}> will contain the full body of the article and -C<$hdr{__LINES__}> will contain the number of lines in the body of the + Also-Control, Approved, Bytes, Cancel-Key, Cancel-Lock, + Content-Base, Content-Disposition, Content-Transfer-Encoding, + Content-Type, Control, Date, Date-Received, Distribution, Expires, + Face, Followup-To, From, In-Reply-To, Injection-Date, Injection-Info, + Keywords, Lines, List-ID, Message-ID, MIME-Version, Newsgroups, + NNTP-Posting-Date, NNTP-Posting-Host, Organization, Originator, + Path, Posted, Posting-Version, Received, References, Relay-Version, + Reply-To, Sender, Subject, Supersedes, User-Agent, + X-Auth, X-Canceled-By, X-Cancelled-By, X-Complaints-To, X-Face, + X-HTTP-UserAgent, X-HTTP-Via, X-Mailer, X-Modbot, X-Modtrace, + X-Newsposter, X-Newsreader, X-No-Archive, X-Original-Message-ID, + X-Original-Trace, X-Originating-IP, X-PGP-Key, X-PGP-Sig, + X-Poster-Trace, X-Postfilter, X-Proxy-User, X-Submissions-To, + X-Trace, X-Usenet-Provider, Xref. + +Note that all the above headers are as they arrived, not modified by +your INN (especially, the Xref: header, if present, is the one of +the remote site which sent you the article, and not yours). + +For example, the Newsgroups: header of the article is accessible +inside the Perl filter as C<$hdr{'Newsgroups'}>. In addition, +C<$hdr{'__BODY__'}> will contain the full body of the article and +C<$hdr{'__LINES__'}> will contain the number of lines in the body of the article. The contents of the %hdr hash for a typical article may therefore look something like this: - %hdr = (Subject => 'MAKE MONEY FAST!!', - From => 'Joe Spamer ', - Date => '10 Sep 1996 15:32:28 UTC', - Newsgroups => 'alt.test', - Path => 'news.example.com!not-for-mail', - Organization => 'Spammers Anonymous', - Lines => '5', - Distribution => 'usa', - 'Message-ID' => '<6.20232.842369548@example.com>', - __BODY__ => 'Send five dollars to the ISC, c/o ...', - __LINES__ => 5 - ); + %hdr = (Subject => 'MAKE MONEY FAST!!', + From => 'Joe Spamer ', + Date => '10 Sep 1996 15:32:28 UTC', + Newsgroups => 'alt.test', + Path => 'news.example.com!not-for-mail', + Organization => 'Spammers Anonymous', + Lines => '5', + Distribution => 'usa', + 'Message-ID' => '<6.20232.842369548@example.com>', + __BODY__ => 'Send five dollars to the ISC, c/o ...', + __LINES__ => 5 + ); Note that the value of C<$hdr{Lines}> is the contents of the Lines: header of the article and may bear no resemblence to the actual length of the @@ -163,9 +175,9 @@ the Perl function filter_mode() is calle arguments and returns no value, but it has access to a global hash %mode that contains three values: - Mode The current server mode (throttled, paused, or running) - NewMode The new mode the server is going to - reason The reason that was given to ctlinnd + Mode The current server mode (throttled, paused, or running) + NewMode The new mode the server is going to + reason The reason that was given to ctlinnd One possible use for this function is to save filter state across a restart of innd. There isn't any Perl function which is called when INN @@ -358,7 +370,7 @@ The perl_auth parameter allows the use o Scripts (like those from the old mechanism) are listed in F using perl_auth in the same manner other authenticators are using auth: - perl_auth: "/path/to/script/auth1.pl" + perl_auth: "/path/to/script/auth1.pl" The file given as argument to perl_auth should contain the same procedures as before. The global hash %attributes remains the same, diff -Nrup inn-2.4.4/doc/pod/hook-python.pod inn-2.4.5/doc/pod/hook-python.pod --- inn-2.4.4/doc/pod/hook-python.pod 2008-05-05 03:18:36.000000000 -0700 +++ inn-2.4.5/doc/pod/hook-python.pod 2008-06-29 10:56:57.000000000 -0700 @@ -1,124 +1,138 @@ =head1 INN Python Filtering and Authentication Support -This is $Revision: 7134 $, dated $Date: 2005-03-05 13:19:44 -0800 (Sat, 05 Mar 2005) $. - This file documents INN's built-in optional support for Python article -filtering. It is patterned after the TCL and Perl hooks previously added -by Bob Heiney and Christophe Wolfhugel. +filtering. It is patterned after the Perl and (now obsolete) TCL hooks +previously added by Bob Heiney and Christophe Wolfhugel. + +For this filter to work successfully, you will need to have at least +S installed. You can obtain it from L. -For this filter to work successfully, you will need to have Python 1.5.2 -(the latest at this writing) installed. You can obtain it from -. - -The innd Python interface and the original Python filtering documentation -was written by Greg Andruk (nee Fluffy) . The Python -authentication and authorization support for nnrpd and the original -documentation for it was written by Ilya Etingof , 12/1999. - -=head1 NOTE TO RED HAT LINUX USERS - -Python will be preinstalled, but it may not include all the headers and -libraries required for embedding into INN. You will need to add the -development package. Better yet, get the source kit from the above URL -and build it yourself. Be sure when installing Python on Red Hat, to run -configure with C<--prefix=/usr> so that there are no version conflicts -with the "factory" installation. You can also find a selection of well -made RPMs at . +The B Python interface and the original Python filtering documentation +were written by Greg Andruk (nee Fluffy) . The Python +authentication and authorization support for B as well as the original +documentation for it were written by Ilya Etingof in +December 1999. -=head1 INSTALLATION +=head1 Installation Once you have built and installed Python, you can cause INN to use it by -adding the C<--with-python> switch to your configure command. +adding the B<--with-python> switch to your C command. You will +need to have all the headers and libraries required for embedding Python +into INN; they can be found in Python development packages, which include +header files and static libraries. + +You will then be able to use Python authentication, dynamic access group +generation and dynamic access control support in B along with +filtering support in B. See the ctlinnd(8) manual page to learn how to enable, disable and reload -Python filters on a running server (C, C, C). +Python filters on a running server (especially C, +C and C). + +Also, see the F, F, F +and F samples in your filters directory for +a demonstration of how to get all this working. -Also, see the example F script in your filters directory -for a demonstration of how to get all this working. +=head1 Writing an B Filter -=head1 WRITING AN INND FILTER +=head2 Introduction You need to create a F module in INN's filter directory -(see the pathfilter setting in F). A heavily-commented sample -is provided that you can use as a template for your own filter. There is +(see the I setting in F). A heavily-commented sample +is provided; you can use it as a template for your own filter. There is also an F module there which is not actually used by INN; it is there so you can test your module interactively. -First, define a class containing the methods you want to provide to innd. -Methods innd will use if present are: +First, define a class containing the methods you want to provide to B. +Methods B will use if present are: =over 4 -=item __init__(self) +=item __init__(I) -Not explicitly called by innd, but will run whenever the filter module is +Not explicitly called by B, but will run whenever the filter module is (re)loaded. This is a good place to initialize constants or pick up where -filter_before_reload or filter_close left off. +C or C left off. -=item filter_before_reload(self) +=item filter_before_reload(I) -This will execute any time a C or C command is issued. You can use it to save statistics or +This will execute any time a C or C command is issued. You can use it to save statistics or reports for use after reloading. -=item filter_close(self) +=item filter_close(I) -This will run when a C command is received. +This will run when a C command is received. -=item filter_art(self, art) +=item filter_art(I, I) -art is a dictionary containing an article's headers and body. This method -is called every time innd receives an article. The following can be +I is a dictionary containing an article's headers and body. This method +is called every time B receives an article. The following can be defined: - - Approved, Control, Date, Distribution, Expires, From, Lines, - Message-ID, Newsgroups, Path, Reply-To, Sender, Subject, - Supersedes, Bytes, Also-Control, References, Xref, Keywords, - X-Trace, NNTP-Posting-Host, Followup-To, Organization, - Content-Type, Content-Base, Content-Disposition, X-Newsreader, - X-Mailer, X-Newsposter, X-Cancelled-By, X-Canceled-By, Cancel-Key, - __LINES__, __BODY__ - -All the above values will be buffer objects holding the contents of the -same named article headers, except for the special __BODY__ and __LINES__ -items. Items not present in the article will contain None. - -__BODY__ is a buffer object containing the article's entire body, and -__LINES__ is an int holding innd's reckoning of the number of lines in the -article. All the other elements will be buffers with the contents of the -same-named article headers. -If you want to accept an article, return None or an empty string. To + Also-Control, Approved, Bytes, Cancel-Key, Cancel-Lock, + Content-Base, Content-Disposition, Content-Transfer-Encoding, + Content-Type, Control, Date, Date-Received, Distribution, Expires, + Face, Followup-To, From, In-Reply-To, Injection-Date, Injection-Info, + Keywords, Lines, List-ID, Message-ID, MIME-Version, Newsgroups, + NNTP-Posting-Date, NNTP-Posting-Host, Organization, Originator, + Path, Posted, Posting-Version, Received, References, Relay-Version, + Reply-To, Sender, Subject, Supersedes, User-Agent, + X-Auth, X-Canceled-By, X-Cancelled-By, X-Complaints-To, X-Face, + X-HTTP-UserAgent, X-HTTP-Via, X-Mailer, X-Modbot, X-Modtrace, + X-Newsposter, X-Newsreader, X-No-Archive, X-Original-Message-ID, + X-Original-Trace, X-Originating-IP, X-PGP-Key, X-PGP-Sig, + X-Poster-Trace, X-Postfilter, X-Proxy-User, X-Submissions-To, + X-Trace, X-Usenet-Provider, Xref, __BODY__, __LINES__. + +Note that all the above values are as they arrived, not modified +by your INN (especially, the Xref: header, if present, is the one +of the remote site which sent you the article, and not yours). + +These values will be buffer objects holding the contents of the +same named article headers, except for the special C<__BODY__> and C<__LINES__> +items. Items not present in the article will contain C. + +C is a buffer object containing the article's entire body, and +C is an int holding B's reckoning of the number of lines +in the article. All the other elements will be buffers with the contents +of the same-named article headers. + +The Newsgroups: header of the article is accessible inside the Python +filter as C. + +If you want to accept an article, return C or an empty string. To reject, return a non-empty string. The rejection strings will be shown to local clients and your peers, so keep that in mind when phrasing your rejection responses. -=item filter_messageid(self, msgid) +=item filter_messageid(I, I) -msgid is a buffer object containing the ID of an article being offered by -IHAVE or CHECK. Like with filter_art(), the message will be refused if +I is a buffer object containing the ID of an article being offered by +IHAVE or CHECK. Like with C, the message will be refused if you return a non-empty string. If you use this feature, keep it light -because it is called at a rather busy place in innd's main loop. Also, do +because it is called at a rather busy place in B's main loop. Also, do not rely on this function alone to reject by ID; you should repeat the -tests in filter_art() to catch articles sent with TAKETHIS but no CHECK. +tests in C to catch articles sent with TAKETHIS but no CHECK. -=item filter_mode(self, oldmode, newmode, reason) +=item filter_mode(I, I, I, I) -When the operator issues a ctlinnd pause, throttle or go command, this -function can be used to do something sensible in accordance with the state -change. Stamp a log file, save your state on throttle, etc. oldmode and -newmode will be strings containing one of the values in ('running', -'throttled', 'paused', 'unknown') -- oldmode is the state innd was in -before ctlinnd was run, newmode is the state innd will be in after the -command finishes. reason is the comment string provided on the ctlinnd -command line. +When the operator issues a B C, C, C, C +or C command, this function can be used to do something sensible in accordance +with the state change. Stamp a log file, save your state on throttle, +etc. I and I will be strings containing one of the values in +(C, C, C, C, C). I is +the state B was in before B was run, I is the state B +will be in after the command finishes. I is the comment string +provided on the B command line. =back -To register your methods with innd, you need to create an instance of your +=head2 How to Use these Methods with B + +To register your methods with B, you need to create an instance of your class, import the built-in INN module, and pass the instance to -INN.set_filter_hook(). For example: +C. For example: class Filter: def filter_art(self, art): @@ -136,39 +150,38 @@ INN.set_filter_hook(). For example: INN.set_filter_hook(myfilter) When writing and testing your Python filter, don't be afraid to make use -of try:/except: and the provided INN.syslog() function. stdout and stderr +of C/C and the provided C function. stdout and stderr will be disabled, so your filter will die silently otherwise. Also, remember to try importing your module interactively before loading it, to ensure there are no obvious errors. One typo can ruin your whole -filter. A dummy INND.py module is provided to facilitate testing outside +filter. A dummy F module is provided to facilitate testing outside the server. To test, change into your filter directory and use a command like: python -ic 'import INN, filter_innd' You can define as many or few of the methods listed above as you want in -your filter class (it's fine to define more methods for your own use; innd -won't use them but your filter can). If you I define the above -methods, GET THE PARAMETER COUNTS RIGHT. There are checks in innd to see -if the methods exist and are callable, but if you define one and get the -parameter counts wrong, INND WILL DIE. You have been warned. Be careful -with your return values, too. The filter_art() and filter_messageid() -methods have to return strings, or None. If you return something like an -int, innd will B be happy. - -=head1 WHAT'S THE DEAL WITH THESE BUFFER OBJECTS? - -Buffer objects are cousins of strings, new in Python 1.5.2. They are -supported, but at this writing you won't yet find much about them in the -Python documentation. Using buffer objects may take some getting used to, -but we can create buffers much faster and with less memory than strings. +your filter class (it is fine to define more methods for your own use; B +will not be using them but your filter can). If you I define the above +methods, GET THE PARAMETER COUNTS RIGHT. There are checks in B to see +whether the methods exist and are callable, but if you define one and get the +parameter counts wrong, B WILL DIE. You have been warned. Be careful +with your return values, too. The C and C +methods have to return strings, or C. If you return something like an +int, B will I be happy. + +=head2 A Note regarding Buffer Objects + +Buffer objects are cousins of strings, new in S. Using buffer +objects may take some getting used to, but we can create buffers much faster +and with less memory than strings. -For most of the operations you will perform in filters (like re.search, -string.find, md5.digest) you can treat buffers just like strings, but +For most of the operations you will perform in filters (like C, +C, C) you can treat buffers just like strings, but there are a few important differences you should know about: - # Make a string and a two buffers. + # Make a string and two buffers. s = "abc" b = buffer("def") bs = buffer("abc") @@ -178,23 +191,51 @@ there are a few important differences yo s == str(bs) # - This is also true, but buffer() is faster. s[:2] == bs[:2] # - True. Buffer slices are strings. - # While most string methods will take either a buffer or string, - # string.join insists on using only strings. - string.join([str(b), s], '.') # returns 'def.abc' + # While most string methods will take either a buffer or a string, + # string.join (in the string module) insists on using only strings. + import string + string.join([str(b), s], '.') # Returns 'def.abc'. + '.'.join([str(b), s]) # Returns 'def.abc' too. + '.'.join([b, s]) # This raises a TypeError. - e = s + b # This raises a TypeError, but... + e = s + b # This raises a TypeError, but... - # ...these two both return the string 'abcdef'. The first one + # ...these two both return the string 'abcdef'. The first one # is faster -- choose buffer() over str() whenever you can. e = buffer(s) + b f = s + str(b) - g = b + '>' # This is legal, returns the string 'def>'. + g = b + '>' # This is legal, returns the string 'def>'. + +=head2 Functions Supplied by the Built-in B Module + +Besides C which is used to register your methods +with B as it has already been explained above, the following functions +are available from Python scripts: + +=over 4 + +=item addhist(I) -=head1 FUNCTIONS SUPPLIED BY THE BUILT-IN INND MODULE +=item article(I) -Not only can innd use Python, but your filter can use some of innd's -features too. Here is some sample Python code to show what you get: +=item cancel(I) + +=item havehist(I) + +=item hashstring(I) + +=item head(I) + +=item newsgroup(I) + +=item syslog(I, I) + +=back + +Therefore, not only can B use Python, but your filter can use some of +B's features too. Here is some sample Python code to show what you get +with the previously listed functions. import INN @@ -203,7 +244,7 @@ features too. Here is some sample Pytho # tells the Unix syslogger what severity to use; you can # abbreviate down to one letter and it's case insensitive. # Available levels are (in increasing levels of seriousness) - # Debug, Info, Notice, Warning, Err, Crit, and Alert. (If you + # Debug, Info, Notice, Warning, Err, Crit, and Alert. (If you # provide any other string, it will be defaulted to Notice.) The # second parameter is the message text. The syslog entries will # go to the same log files innd itself uses, with a 'python:' @@ -217,15 +258,15 @@ features too. Here is some sample Pytho # local server; it doesn't send out a control message or anything # scary like that. Returns 1 if successful, else 0. if INN.cancel(''): - canceled = "yup" + cancelled = "yup" else: - canceled = "nope" + cancelled = "nope" - # Check if a given message is in history. This doesn't - # necessarily mean the article is on your spool; canceled and + # Check if a given message is in history. This doesn't + # necessarily mean the article is on your spool; cancelled and # expired articles hang around in history for a while, and # rejected articles will be in there if you have enabled - # remember_trash in inn.conf. Returns 1 if found, else 0. + # remembertrash in inn.conf. Returns 1 if found, else 0. if INN.havehist(''): comment = "*yawn* I've already seen this article." else: @@ -234,8 +275,8 @@ features too. Here is some sample Pytho # Here we are running a local spam filter, so why eat all those # cancels? We can add fake entries to history so they'll get # refused. Returns 1 on success, 0 on failure. - canceled_id = buffer('') - if INN.addhist("') + if INN.addhist("') artheader = INN.head('') + # As we can compute a hash digest for a string, we can obtain one + # for artbody. It might be of help to detect spam. + digest = INN.hashstring(artbody) + # Finally, do you want to see if a given newsgroup is moderated or # whatever? INN.newsgroup returns the last field of a group's # entry in active as a string. @@ -260,324 +305,353 @@ features too. Here is some sample Pytho else: moderated = "something else" -=head1 CHANGES TO PYTHON AUTHENTICATION AND ACCESS CONTROL SUPPORT FOR -NNRPD +=head1 Writing an B Filter + +=head2 Changes to Python Authentication and Access Control Support for B The old authentication and access control functionality has been -combined with the new readers.conf mechanism by Erik Klavon -; bug reports should however go to inn-bugs@isc.org, +combined with the new F mechanism by Erik Klavon +; bug reports should however go to , not Erik. The remainder of this section is an introduction to the new mechanism -(which uses the python_auth, python_access, and python_dynamic +(which uses the I, I, and I F parameters) with porting/migration suggestions for people familiar with the old mechanism (identifiable by the now -deprecated nnrpperlauth: parameter in F). +deprecated I parameter in F). Other people should skip this section. -The python_auth parameter allows the use of Python to authenticate a -user. Authentication scripts (like those from the old mechanism) are -listed in F using python_auth in the same manner other -authenticators are using auth: +The I parameter allows the use of Python to authenticate a +user. Authentication scripts (like those from the old mechanism) are +listed in F using I in the same manner other +authenticators are using I: - python_auth: "auth1.py" + python_auth: "nnrpd_auth" + +It uses the script named F (note that C<.py> is not present +in the I value). Scripts should be placed as before in the filter directory (see the -I setting in F). The new hook method authen_init +I setting in F). The new hook method C takes no arguments and its return value is ignored; its purpose is to -provide a means for authentication specific initialization. The hook -method authen_close is the more specific analogue to the old close -method. These method hooks are not required. - -The argument dictionary passed to authenticate remains the same, -except for the removal of the C entry which is no longer needed -in this modification and the addition of several new entries (port, -intipaddr, intport) described below. The return tuple now only +provide a means for authentication specific initialization. The hook +method C is the more specific analogue to the old C +method. These two method hooks are not required, contrary to +C, the main method. + +The argument dictionary passed to C remains the same, +except for the removal of the I entry which is no longer needed +in this modification and the addition of several new entries (I, +I, I) described below. The return tuple now only contains either two or three elements, the first of which is the NNTP -response code. The second is an error string which is passed to the +response code. The second is an error string which is passed to the client if the response code indicates that the authentication attempt -has failed. This allows a specific error message to be generated by -the Python script in place of the generic message "Authentication -failed". An optional third return element, if present, will be used to -match the connection with the user: parameter in access groups and -will also be the username logged. If this element is absent, the +has failed. This allows a specific error message to be generated by +the Python script in place of the generic message C. An optional third return element, if present, will be used to +match the connection with the I parameter in access groups and +will also be the username logged. If this element is absent, the username supplied by the client during authentication will be used, as -was the previous behavior. +was the previous behaviour. -The python_access parameter (described below) is new; it allows the +The I parameter (described below) is new; it allows the dynamic generation of an access group of an incoming connection using -a Python script. If a connection matches an auth group which has a -python_access parameter, all access groups in readers.conf are +a Python script. If a connection matches an auth group which has a +I parameter, all access groups in F are ignored; instead the procedure described below is used to generate an -access group. This concept is due to Jeffrey M. Vinocur. +access group. This concept is due to Jeffrey S and you can +add this line to F in order to use the F +Python script in I: + + python_access: "nnrpd_access" In the old implementation, the authorization method allowed for access -control on a per-group basis. That functionality is preserved in the -new implementation by the inclusion of the python_dynamic parameter in -F. The only change is the corresponding method name of -C as opposed to C; C and C are the -same as before except for the addition of several new entries to the -argument dictionary (port, intipaddr, intport) described -below. Additionally, the associated optional housekeeping methods -dynamic_init and dynamic_close may be implemented if needed. +control on a per-group basis. That functionality is preserved in the +new implementation by the inclusion of the I parameter in +F. The only change is the corresponding method name of +C as opposed to C. Additionally, the associated +optional housekeeping methods C and C +may be implemented if needed. In order to use F in +I, you can add this line to F: + + python_dynamic: "nnrpd_dynamic" This new implementation should provide all of the previous capabilities of the Python hooks, in combination with the flexibility -of readers.conf and the use of other authentication and resolving -programs (including the Perl hooks!). To use Python code that predates +of F and the use of other authentication and resolving +programs (including the Perl hooks!). To use Python code that predates the new mechanism, you would need to modify the code slightly (see -below for the new specification) and supply a simple readers.conf -file. If you don't want to modify your code, the sample directory has -F, F, and +below for the new specification) and supply a simple F +file. If you do not want to modify your code, the sample directory has +F, F and F which should allow you to use your old code without needing to change it. However, before trying to use your old Python code, you may want to -consider replacing it entirely with non-Python authentication. (With -readers.conf and the regular authenticator and resolver programs, much +consider replacing it entirely with non-Python authentication. (With +F and the regular authenticator and resolver programs, much of what once required Python can be done directly.) Even if the functionality is not available directly, you may wish to write a new authenticator or resolver (which can be done in whatever language you prefer). -=head1 PYTHON AUTHENTICATION SUPPORT FOR NNRPD +=head2 Python Authentication Support for B -Python authentication, dynamic access group generation and dynamic -access control support in nnrpd along with filtering support in innd -may be compiled in by passing C<--with-python> C. - -Support for authentication via Python is provided in nnrpd by the -inclusion of a python_auth: parameter in a F auth -group. python_auth: works exactly like the auth: parameter in +Support for authentication via Python is provided in B by the +inclusion of a I parameter in a F auth +group. I works exactly like the I parameter in F, except that it calls the script given as argument using the Python hook rather then treating it as an external -program. Multiple, mixed use of python_auth: with other auth: -statements including perl_auth: is permitted. Each auth: statement +program. Multiple, mixed use of I with other I +statements including I is permitted. Each I statement will be tried in the order they appear in the auth group until either one succeeds or all are exhausted. -If the processing of readers.conf requires that a python_auth: +If the processing of F requires that a I statement be used for authentication, Python is loaded (if it has yet -to be) and the file given as argument to the python_auth: parameter is -loaded as well. If a Python object with a method authen_init is hooked in -during the loading of that file, then that method is called -immediately after the file is loaded. If no errors have occurred, the -method authenticate is called. Depending on the NNTP response code -returned by authenticate, the authentication hook either succeeds or -fails, after which the processing of the auth group continues as -usual. When the connection with the client is closed, the method -authen_close is called if it exists. +to be) and the file given as argument to the I parameter is +loaded as well (do not include the C<.py> extension of this file in +the value of I). If a Python object with a method +C is hooked in during the loading of that file, then +that method is called immediately after the file is loaded. If no +errors have occurred, the method C is called. Depending +on the NNTP response code returned by C, the authentication +hook either succeeds or fails, after which the processing of the +auth group continues as usual. When the connection with the client +is closed, the method C is called if it exists. -=head1 DYNAMIC GENERATION OF ACCESS GROUPS +=head2 Dynamic Generation of Access Groups A Python script may be used to dynamically generate an access group -which is then used to determine the access rights of the client. This -occurs whenever the python_access: parameter is specified in an auth group -which has successfully matched the client. Only one python_access: -statement is allowed in an auth group. This parameter should not be -mixed with a perl_access: statement in the same auth group. - -When a python_access: parameter is encountered, Python is loaded (if -it has yet to be) and the file given as argument is loaded as well. If -a Python object with a method C is hooked in during the +which is then used to determine the access rights of the client. This +occurs whenever the I parameter is specified in an auth group +which has successfully matched the client. Only one I +statement is allowed in an auth group. This parameter should not be +mixed with a I statement in the same auth group. + +When a I parameter is encountered, Python is loaded (if +it has yet to be) and the file given as argument is loaded as well (do not +include the C<.py> extension of this file in the value of I). +If a Python object with a method C is hooked in during the loading of that file, then that method is called immediately after the -file is loaded. If no errors have occurred, the method C is -called. The dictionary returned by C is used to generate an +file is loaded. If no errors have occurred, the method C is +called. The dictionary returned by C is used to generate an access group that is then used to determine the access rights of the -client. When the connection with the client is closed, the method +client. When the connection with the client is closed, the method C is called, if it exists. -While you may include the users: parameter in a dynamically generated +While you may include the I parameter in a dynamically generated access group, some care should be taken (unless your pattern is just -* which is equivalent to leaving the parameter out). The group created +C<*> which is equivalent to leaving the parameter out). The group created with the values returned from the Python script is the only one -considered when nnrpd attempts to find an access group matching the -connection. If a users: parameter is included and it doesn't match the +considered when B attempts to find an access group matching the +connection. If a I parameter is included and it does not match the connection, then the client will be denied access since there are no other access groups which could match the connection. -=head1 DYNAMIC ACCESS CONTROL +=head2 Dynamic Access Control If you need to have access control rules applied immediately without -having to restart all the nnrpd processes, you may apply access +having to restart all the B processes, you may apply access control on a per newsgroup basis using the Python dynamic hooks (as opposed to F, which does the same on per user -basis). These hooks are activated through the inclusion of the -python_dynamic: parameter in a F auth group. Only one -python_dynamic: statement is allowed in an auth group. - -When a python_dynamic: parameter is encountered, Python is loaded (if -it has yet to be) and the file given as argument is loaded as well. If -a Python object with a method C is hooked in during the +basis). These hooks are activated through the inclusion of the +I parameter in a F auth group. Only one +I statement is allowed in an auth group. + +When a I parameter is encountered, Python is loaded (if +it has yet to be) and the file given as argument is loaded as well (do not +include the C<.py> extension of this file in the value of I). +If a Python object with a method C is hooked in during the loading of that file, then that method is called immediately after the -file is loaded. Every time a reader asks nnrpd to read or post an +file is loaded. Every time a reader asks B to read or post an article, the Python method C is invoked before proceeding with -the requested operation. Based on the value returned by C, the -operation is either permitted or denied. When the connection with the +the requested operation. Based on the value returned by C, the +operation is either permitted or denied. When the connection with the client is closed, the method C is called if it exists. -=head1 WRITING A PYTHON NNRPD AUTHENTICATION MODULE +=head2 Writing a Python B Authentication Module You need to create a F module in INN's filter directory (see the I setting in F) where you should define a class holding certain methods depending on which hooks you want to use. -The following methods are known to nnrpd: +Note that you will have to use different Python scripts for authentication +and access: the values of I, I and I +have to be distinct for your scripts to work. + +The following methods are known to B: =over 4 -=item __init__(self) +=item __init__(I) -Not explicitly called by nnrpd, but will run whenever the auth module is -loaded. Use this method to initialize any general variables or open -a common database connection. This method may be omitted. +Not explicitly called by B, but will run whenever the auth module is +loaded. Use this method to initialize any general variables or open +a common database connection. This method may be omitted. -=item authen_init(self) +=item authen_init(I) -Initialization function specific to authentication. This method may be +Initialization function specific to authentication. This method may be omitted. -=item authenticate(self, attributes) +=item authenticate(I, I) -Called when a python_auth statement is reached in the processing of -readers.conf. Connection attributes are passed in the C -dictionary. Returns a response code, an error string, and an optional +Called when a I statement is reached in the processing of +F. Connection attributes are passed in the I +dictionary. Returns a response code, an error string, and an optional string to be used in place of the client-supplied username (both for logging and for matching the connection with an access group). -=item authen_close(self) +=item authen_close(I) -This method is invoked on nnrpd termination. You can use it to save -state information or close a database connection. +This method is invoked on B termination. You can use it to save +state information or close a database connection. This method may be omitted. -=item access_init(self) +=item access_init(I) -Initialization function specific to generation of an access group. This +Initialization function specific to generation of an access group. This method may be omitted. -=item access(self, attributes) +=item access(I, I) -Called when a python_access statement is reached in the processing of -readers.conf. Connection attributes are passed in the C -dictionary. Returns a dictionary of values representing statements to +Called when a I statement is reached in the processing of +F. Connection attributes are passed in the I +dictionary. Returns a dictionary of values representing statements to be included in an access group. -=item access_close(self) +=item access_close(I) -This method is invoked on nnrpd termination. You can use it to save -state information or close a database connection. +This method is invoked on B termination. You can use it to save +state information or close a database connection. This method may be omitted. -=item dynamic_init(self) +=item dynamic_init(I) -Initialization function specific to dynamic access control. This +Initialization function specific to dynamic access control. This method may be omitted. -=item dynamic(self, attributes) +=item dynamic(I, I) Called when a client requests a newsgroup, an article or attempts to -post. Connection attributes are passed in the C dictionary. +post. Connection attributes are passed in the I dictionary. Returns C to grant access, or a non-empty string (which will be reported back to the client) otherwise. -=item dynamic_close(self) +=item dynamic_close(I) + +This method is invoked on B termination. You can use it to save +state information or close a database connection. This method may be omitted. -This method is invoked on nnrpd termination. You can use it to save -state information or close a database connection. +=back -=item attributes dictionary +=head2 The I Dictionary -The keys and associated values of the C dictionary are +The keys and associated values of the I dictionary are described below. =over 4 -=item type +=item I -C or C values specify the authentication -type; only valid for the C method +C or C values specify the authentication type; only valid +for the C method. -=item hostname +=item I -resolved hostname (or IP address if resolution fails) of connected -reader +It is the resolved hostname (or IP address if resolution fails) of +the connected reader. -=item ipaddress +=item I -IP address of connected reader +The IP address of the connected reader. -=item port +=item I -port of connected reader +The port of the connected reader. -=item interface +=item I -hostname of the local endpoint of the NNTP connection +The hostname of the local endpoint of the NNTP connection. -=item intipaddr +=item I -IP address of the local endpoint of the NNTP connection +The IP address of the local endpoint of the NNTP connection. -=item intport +=item I -port of the local endpoint of the NNTP connection +The port of the local endpoint of the NNTP connection. -=item user +=item I -username as reader passed with AUTHINFO command, or None if not -applicable +The username as passed with AUTHINFO command, or C if not +applicable. -=item pass +=item I -password as reader passed with AUTHINFO command, or None if not -applicible +The password as passed with AUTHINFO command, or C if not +applicable. -=item newsgroup +=item I -name of the newsgroup reader requests read or post access to; only -valid for the C method +The name of the newsgroup to which the reader requests read or post access; +only valid for the C