Hi Steve,
>> auth "dynamic_access" {
>> hosts: "*"
>> python_dynamic: "nnrpd_dynamic"
>> }
>>
>> mode reader
>> 502 Could not get your access name. Goodbye!
>> Connection closed by foreign host.
I believe it is a genuine bug.
In nnrpd/perm.c, we have:
/* auth_realms are all expected to match the user.
* Be careful whether SSL is required, though. */
for (i = 0; auth_realms[i]; i++) {
if (auth_realms[i]->auth_methods != NULL) {
PERMcanauthenticate = true;
#ifdef HAVE_SSL
if (auth_realms[i]->require_ssl == false)
PERMcanauthenticatewithoutSSL = true;
#endif
}
/* We assume that an access or dynamic script will allow
* the user to post when authenticated, so that a 200 greeting
* code can be sent. */
if (auth_realms[i]->access_script != NULL
|| auth_realms[i]->dynamic_script != NULL)
PERMcanpostgreeting = true;
}
PERMcanauthenticate should also be set to true when
a Python dynamic hook is present. It would then not trigger
the "502 Could not get your access name. Goodbye!" error.
>> At this point, the nnrpd_dynamic.py script is completely unaltered so I
>> would expect to see a syslog message as it initializes, but I get
>> nothing. Any suggestions as to what I'm doing wrong?
You're right that a syslog message should be given... Only when the Python
hook is parsed, which did not happen in your example.
> To answer my own question, the auth group requires a default.
It should not.
That (wrong) behaviour happens because of PERMcanauthenticate not being
properly set.
uname is here the name of the user.
The code is:
if (!uname && auth_realms[i]->default_user)
uname = xstrdup(auth_realms[i]->default_user);
if (uname) {
...
} else if (!PERMcanauthenticate) {
/* Couldn't resolve the user. */
syslog(L_NOTICE, "%s no_user", Client.host);
Reply("%d Could not get your access name. Goodbye!\r\n",
} else {
PERMneedauth = true;
}
So the problem will be solved if PERMcanauthenticate is true.
> I'm not
> convinced this ever gets used as the dynamic access script should return
> something for every scenario.
You're right.
> To ask another related question: How does one reinitialize the DYNACCESS
> class without restarting the inn server?
Isn't
ctlinnd reload filter.python ''
working fine?
--
Julien ÉLIE
« – Vous n'avez rien à déclarer ?
– J'ai faim.
– Qu'est-ce que vous avez là ?
– Un creux ! » (Astérix)