Work in progress, will deploy soon and let you guys know when is ready,
I still need to add some features so is generic, usable on other
situtions.

https://git.sr.ht/~rek2/nnrpd-password
Also writing a Usenet/Matrix portal, also work in progress.

Happy Hacking
ReK2

--
{gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-07-23, rek2 hispagatos <rek2@hispagatos.org.invalid> wrote:

Work in progress, will deploy soon and let you guys know when is ready,
I still need to add some features so is generic, usable on other
situtions.

https://git.sr.ht/~rek2/nnrpd-password
Also writing a Usenet/Matrix portal, also work in progress.

OK this is already deployed and working, feel free to submit patches,
there are a lot to do still but is working now and is live on my own
server.

Happy Hacking
ReK2

--
{gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27.07.23 21:36, rek2 hispagatos wrote:

OK this is already deployed and working, feel free to submit patches,
there are a lot to do still but is working now and is live on my own
server.

Happy Hacking
ReK2

great work!

i dont know about rust and pgsql so i need ask question:

this code is safe against sql injection?

let creds = sqlx::query_as!(
Creds,
"SELECT usenet_password FROM users WHERE usenet_username = $1",
username
)

no need to check if username is alphanum before passing to db?

fn clean() splits by whitespace and parses to string only?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-07-27, go-while <no-reply@no.spam> wrote:

On 27.07.23 21:36, rek2 hispagatos wrote:

OK this is already deployed and working, feel free to submit patches,
there are a lot to do still but is working now and is live on my own
server.

Happy Hacking
ReK2

great work!

i dont know about rust and pgsql so i need ask question:

this code is safe against sql injection?

Indeed, is my first time using this libs and I asked myself the same
question when I was reading thru their documentation, so I have put it
on my TODO list to research and use better prepared queries
this is from their documentation:
```
Prepared queries have their query plan cached, use a binary mode of
communication (lower bandwidth and faster decoding),
and utilize parameters to avoid SQL injection.
```
Is in my TODO list, if I get help even better ;)

no need to check if username is alphanum before passing to db?

Yes some checks and balances will be nice to add also on my todo list, I
did this tool at the same time I was making a portal for my users to be
able to register for our usenet server(inn2) or
matrix server(dendrite) and later on maybe our mastodon instance.
So made the tool to plug inn and the portal,
but much work still to do, a lot more :)

fn clean() splits by whitespace and parses to string only?

yes, I am learning rust so I am sure there is more idiomatic ways and
elegant but as of now testing the inn stdout to the program it give us the
6 or 7 diff pieces of information, including the ClientAuthname,
ClientPassword (paste below) so I have it all put into a
slice/array and grab only 2 and sends it to the clean() function
and does exaccly that you mention, so later we can compare it vs
the database entries.

I was testing against the information I got from: https://www.eyrie.org/~eagle/software/inn/docs-2.7/external-auth.html
But I found it to be mistaken or I did not understood it right, because
it says it only sends 2 pieces of information the Name and Password
information but it actually sends more so I had to do adjustments like:


["ClientHost: domain.net", "ClientIP: x.x.x.x", "ClientPort: 52014",
"LocalIP: x.x.x.x", "LocalPort: 563", "ClientAuthname: rek2",
"ClientPassword: HerePassword", ".", ""]

also was using for testing:
echo -e "Auth rek2\r\nPassword: testest222\r\n | cargo run
and from the ckpasswd man page:
(echo 'ClientAuthname: rek2' ; echo 'ClientPassword: testmeow') | nnrpd-password

Writing this super late 5:40 am been up all night coding, going to bed
if you find lot of bad grammar and stuff is because of that and that I
am not a native English speaker ;)

Happy Hacking
--
{gemini,https}://{,rek2.}hispagatos.org
https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28.07.23, rek2 hispagatos wrote:

I was testing against the information I got from: https://www.eyrie.org/~eagle/software/inn/docs-2.7/external-auth.html
But I found it to be mistaken or I did not understood it right, because
it says it only sends 2 pieces of information the Name and Password information but it actually sends more so I had to do adjustments like:

"In addition, nnrpd generally also passes, if available, the fields
mentioned as intended for resolvers; in rare instances this data may be
useful for authenticators."

But everytime i read rust, i dont like their syntax xD

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-07-28, go-while <no-reply@no.spam> wrote:

On 28.07.23, rek2 hispagatos wrote:

I was testing against the information I got from:
https://www.eyrie.org/~eagle/software/inn/docs-2.7/external-auth.html
But I found it to be mistaken or I did not understood it right, because
it says it only sends 2 pieces of information the Name and Password
information but it actually sends more so I had to do adjustments like:

"In addition, nnrpd generally also passes, if available, the fields
mentioned as intended for resolvers; in rare instances this data may be useful for authenticators."

But everytime i read rust, i dont like their syntax xD

Yes indeed, I figure that out the hard way :D :D with debuggin :D I get
lost in translation a lot.

Yeah I used to hate rust syntax as well, specially when they add their weird traits, but I got used to it and most people do not use many since they
are advised to not use complicated traits because it makes it hard for
other people to understand.
I still pick up GO for most of my work and some times I go back to C if
is for specific proyects, but im curious so been learning
rust for the last 3-4 months now that I did it does have its good
things.

Happy Hacking
reK2
--
{gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28.07.23, rek2 hispagatos wrote:

Yes indeed, I figure that out the hard way :D :D with debuggin :D
I get lost in translation a lot.

.....
Happy Hacking
reK2

who writes with debugs is king!
and much more king if you dont know what you're doing :D

i wrote a little too with greece coffee!

https://github.com/go-while/go-inn2-auth

same binary as daemon and authenticator/resolver? .oO*
daemon listens on tcp port (maybe socket later)
cli talks via tcp textproto with daemon
multiple workers and parallel requests
daemon can act as cache, less requests to databases (later)
read users from json file, reloads every 60s if hash changed
places for mysql, pgsql, redis are there but need testing first

test on command line looks good for me but did not install to try...
not sure how to configure inn.conf xD

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-07-28, go-while <no-reply@no.spam> wrote:

On 28.07.23, rek2 hispagatos wrote:

Yes indeed, I figure that out the hard way :D :D with debuggin :D
I get lost in translation a lot.

.....
Happy Hacking
reK2

who writes with debugs is king!
and much more king if you dont know what you're doing :D

LOL :)

i wrote a little too with greece coffee!

https://github.com/go-while/go-inn2-auth

same binary as daemon and authenticator/resolver? .oO*
daemon listens on tcp port (maybe socket later)
cli talks via tcp textproto with daemon
multiple workers and parallel requests
daemon can act as cache, less requests to databases (later)
read users from json file, reloads every 60s if hash changed
places for mysql, pgsql, redis are there but need testing first

test on command line looks good for me but did not install to try...
not sure how to configure inn.conf xD

Looking good, I will test it, everything seems so much simpler with Go
;) only reason I started my proyect with Rust is to get familiar with
the language, but go is been my choice for the last 7 years for most
tooling I write for work and myself.

Is good that we updating some old usenet tools to talk to other most
used today daemons like postgresql, redis etc.

I will love to engage to write a small two way gateway between a
usergroup and a lemmy group( a reddit alike decentralized service part
of the fediverse ).

Happy Hacking
ReK2
--
{gemini,https}://{,rek2.}hispagatos.org
https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 29.07.23, rek2 hispagatos wrote:

Looking good, I will test it

can you provide a readme to your tool?
with your inn config for readers and how to implement the binary?

still had no time to test mine, not even tried to lookup the config :D
i don't know if this code does anything good
at least it dit not crash over night in infinite loop
hammered with millions of requests and mem <20KB?! with 3 users added

...
, everything seems so much simpler with Go
;)

I will love to engage to write a small two way gateway between a
usergroup and a lemmy group( a reddit alike decentralized service part
of the fediverse ).

Happy Hacking
ReK2

go textproto + nntp... easy
only be careful when sending strings over the network

for example the tp.Cmd() eats a formated string

lets say you have read a msgid fine
from another peer or server or file

but msgid contains a % (percent sign)
like:
msgid := "<abcd1234..%...@test.com>"

we construct cmdline to send request to another peer
cmdline := "IHAVE "+msgid
this is fine, prints correctly

but if you pass cmdline to 'tp.Cmd(cmdline)'
go adds formats to string: result in total garbage after % data is lost.
as soon as it leaves your networkcard
you can see it going out with weird things added to the 'cmdline' string

use 'tp.Cmd("%s", cmdline)'
you send it fine and receiver reads correctly

i'm writing websrv in go talking to nntp, could be useful for a lemmygw
maybe first release is ready in few weeks

GET:
http(s)://.../groups/(?json)
http(s)://.../group/msgnum/[head|body|head+body](/?json)
http(s)://.../msgid/[head|body|head+body](/?json)


happy sunday!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

ok i'm near to have a working test bench

you are using "res" in your config?

would explain why you got all lines

will provide instruction soon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-07-31, Billy G. (go-while) <no-reply@no.spam> wrote:

ok i'm near to have a working test bench

nice!

you are using "res" in your config?

I do not think so, also remember my tool is part of 3-4 other pieces a
portal front end for usenet, matrix etc.

would explain why you got all lines

Very possible,

will provide instruction soon

cool thanks!

--
{gemini,https}://{,rek2.}hispagatos.org
https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-07-30, Billy G. (go-while) <no-reply@no.spam> wrote:

On 29.07.23, rek2 hispagatos wrote:

Looking good, I will test it

can you provide a readme to your tool?
with your inn config for readers and how to implement the binary?

still had no time to test mine, not even tried to lookup the config :D
i don't know if this code does anything good
at least it dit not crash over night in infinite loop
hammered with millions of requests and mem <20KB?! with 3 users added

I will, is not really finish yet, but I will write a readme as soon I
get a bit of time after work.
I have not tried yours neither yet, just now I had time to pop open slrn
at 4:32 am before bed to check on msg's.



--
{gemini,https}://{,rek2.}hispagatos.org
https://hispagatos.space/@rek2

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 01.08.23, rek2 hispagatos wrote:

On 2023-07-31, Billy G. (go-while) <no-reply@no.spam> wrote:

ok i'm near to have a working test bench

nice!

you are using "res" in your config?

would explain why you got all lines

this was just an idea i had before testing. was wrong.

would be nice to know under which circumstances inn2 sends user+pass
only or more lines, as reference documentation states, or does it always
pass all 7 lines to stdin actually?
but with my "auth" part taken 1:1 from example docs (without explicit
use of "res" which should be resolver i guess?) i got all 7 lines
delivered to my tool, not ClientAuthname+ClientPassword.


auth "foreignokay" {
auth: "go-inn2-auth -config /etc/news/config.json"
default: "<unauthenticated>"
}

access "authenticatedpeople" {
users: "*"
newsgroups: "*,!junk,!control,!control.*"
}

access "restrictive" {
users: "<unauthenticated>"
newsgroups: "!*"
}
access "readonly" {
users: "<unauthenticated>"
read: "local.*"
post: "!*"
}


https://www.eyrie.org/~eagle/software/inn/docs/external-auth.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Billy,

would be nice to know under which circumstances inn2 sends user+pass
only or more lines, as reference documentation states, or does it always
pass all 7 lines to stdin actually?

Actually, nnrpd always provides the 7 lines (when of course the related information is available).
The documentation needs fixing. Thanks for having pointed that out!

--
Julien ÉLIE

« Lupus est matrem suum. »

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-08-02, Julien ÉLIE <iulius@nom-de-mon-site.com.invalid> wrote:

Hi Billy,

would be nice to know under which circumstances inn2 sends user+pass
only or more lines, as reference documentation states, or does it always
pass all 7 lines to stdin actually?

Actually, nnrpd always provides the 7 lines (when of course the related information is available).
The documentation needs fixing. Thanks for having pointed that out!

I was going to reply this, when I was debugging because my tool was not
working I notice that will always send all the 7 lines no matter what,
so I changed my authentificator to grab all 7 into an slice/array and
use what I need, in case later on I need the other info.


PD: Julien, check the start of the thread, the documentation about authentificator does need an update please, I was going nuts until I
hadd debug/logging features to my program because it was not following
what was there (in the doc) :)


Cheers
Happy Hacking.


--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi rek2,

would be nice to know under which circumstances inn2 sends user+pass
only or more lines, as reference documentation states, or does it always >>> pass all 7 lines to stdin actually?

Actually, nnrpd always provides the 7 lines (when of course the related
information is available).
The documentation needs fixing. Thanks for having pointed that out!

PD: Julien, check the start of the thread, the documentation about authentificator does need an update please, I was going nuts until I
hadd debug/logging features to my program because it was not following
what was there (in the doc) :)

Seems like the only change to do is to remove the "also" adverb?
The rest of the documentation looks OK to me.


where I<user> and I<pass> are the username and password provided by the -client (e.g. using AUTHINFO). In addition, B<nnrpd> generally also passes, +client (e.g. using AUTHINFO). In addition, B<nnrpd> also passes,
if available, the fields mentioned as intended for resolvers; in rare
instances, this data may be useful for authenticators.


--
Julien ÉLIE

« I think it's a new feature. Don't tell anyone it was an accident. »
(Larry Wall)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)