Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

libauth(3) [debian man page]

libauth(3)						    InterNetNews Documentation							libauth(3)

NAME

       libauth - routines for writing nnrpd resolvers and authenticators

SYNOPSIS

	   #include "libauth.h"

	   struct res_info {
	       struct sockaddr *client;
	       struct sockaddr *local;
	       char *clienthostname;
	   };

	   struct auth_info {
	       char *username;
	       char *password;
	   };

	   struct auth_info *get_auth_info(FILE *);
	   struct res_info  *get_res_info (FILE *);

	   void free_auth_info(struct auth_info*);
	   void free_res_info (struct res_info*);

DESCRIPTION

       These functions provide a convenient C frontend to the nnrpd external authentication interface documented in doc/external-auth.	Use of
       this library is not required; in particular, external resolvers and authenticators written in languages other than C will need to implement
       the necessary functionality themselves.

       The get_auth_info() and get_res_info() functions allocate sufficient memory for a struct auth_info or struct res_info and any necessary
       fields, and return a pointer to the struct with the fields filled in from information supplied by nnrpd (the FILE* parameter generally
       should be "stdin").  Both functions return NULL on error.  The caller is responsible for deallocating the memory by using the functions
       below.

       The string fields of both structs are straightforward.  The client and local fields of struct res_info actually point to instances of
       struct sockaddr_in (or struct sockaddr_in6 if IPv6 support is compiled in).

       The free_auth_info() and free_res_info() functions free the struct passed in as argument and all necessary fields.

BUGS

       In many cases, nnrpd provides more information than is normally useful (for example, even when calling an authenticator, the resolver
       information is often provided.)	On the other hand, in certain cases it provides less information than might be expected (for example, if
       nnrpd is reading from stdin rather than a socket).  The implementation is capable of handling at least the first of these issues, but that
       functionality is not exposed in the interface.

       At present, libauth.h and its implementation are located in authprogs/; perhaps they should be moved to include/ and lib/, respectively?

HISTORY

       Written by Jeffrey M. Vinocur <jeff@litech.org> for InterNetNews.

       $Id: libauth.pod 8200 2008-11-30 13:31:30Z iulius $

SEE ALSO

       nnrpd(8), readers.conf(5), doc/external-auth

INN 2.5.3							    2009-05-21								libauth(3)

Check Out this Related Man Page

DOMAIN(8)						    InterNetNews Documentation							 DOMAIN(8)

NAME

       domain - nnrpd domain resolver

SYNOPSIS

       domain domainname

DESCRIPTION

       This program can be used in readers.conf to grant access based on the subdomain part of the remote hostname.  In particular, it only
       returns success if the remote hostname ends in domainname.  (A leading dot on domainname is optional; even without it, the argument must
       match on dot-separated boundaries).  The "username" returned is whatever initial part of the remote hostname remains after domainname is
       removed.  It is an error if there is no initial part (that is, if the remote hostname is exactly the specified domainname).

EXAMPLE

       The following readers.conf(5) fragment grants access to hosts with internal domain names:

	   auth internal {
	       res: "domain .internal"
	       default-domain: "example.com"
	   }

	   access internal {
	       users: "*@example.com"
	       newsgroups: example.*
	   }

       Access is granted to the example.* groups for all connections from hosts that resolve to hostnames ending in ".internal"; a connection from
       "foo.internal" would match access groups as "foo@example.com".

BUGS

       It seems the code does not confirm that the matching part is actually at the end of the remote hostname (e.g., "domain: example.com" would
       match the remote host "foo.example.com.org" by ignoring the trailing ".org" part).

       Does this resolver actually provide any useful functionality not available by using wildcards in the readers.conf(5) hosts parameter?  If
       so, the example above should reflect this functionality.

HISTORY

       This documentation was written by Jeffrey M. Vinocur <jeff@litech.org>.

       $Id: domain.pod 8200 2008-11-30 13:31:30Z iulius $

SEE ALSO

       nnrpd(8), readers.conf(5)

INN 2.5.2							    2009-05-21								 DOMAIN(8)
Man Page