def is_valid_user(self, username, password):
stmt = """
SELECT
user_password
FROM
%susers
WHERE
username='******'
""" % (settings.phpbb_table_prefix,
self.quote_string(username))
num_rows = self.query(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent(
'Error - Authentication failed for username \'%s\' (user not found)'
% (username))
return 0
else:
db_password = self.cursor.fetchone()[0]
if db_password != phpass.crypt_private(password, db_password,
'$H$'):
settings.logEvent(
'Error - Authentication failed for username \'%s\' (incorrect password)'
% (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
self.conn = MySQLdb.connect(host=settings.dbhost, db=settings.dbname, user=settings.dbuser, passwd=settings.dbpass)
self.cursor = self.conn.cursor()
stmt = """
SELECT
user_password
FROM
%susers
WHERE
username='******'
""" % (settings.phpbb_table_prefix, username)
num_rows = self.cursor.execute(stmt)
retcode=0
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
else:
db_password = self.cursor.fetchone()[0]
if db_password != phpass.crypt_private(password, db_password, '$H$'):
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
else:
retcode=1
self.cursor.close()
self.conn.close()
return retcode
def is_valid_user(self, username, password):
stmt = """
SELECT
password
FROM
forums_auth
WHERE
username='******'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent(
'Error - Authentication failed for username \'%s\' (user not found)'
% (username))
return 0
db_password = self.cursor.fetchone()[0]
# somehow detect the version of phorum being used and guess the encryption type
if len(db_password) == 32:
result = (db_password != md5.new(password).hexdigest())
else:
result = (db_password != crypt.crypt(
password, password[:settings.PHP_CRYPT_SALT_LENGTH]))
if result:
settings.logEvent(
'Error - Authentication failed for username \'%s\' (incorrect password)'
% (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
pn_pass
FROM
nuke_users
WHERE
pn_uname='%s'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
if db_password != md5.new(password).hexdigest():
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
user_password
FROM
%susers
WHERE
username='******'
""" % (settings.phpbb_table_prefix, username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
if db_password != md5.new(password).hexdigest():
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
password
FROM
papercut_groups_auth
WHERE
username='******'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
if db_password != password:
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
user_password
FROM
%susers
WHERE
username='******'
""" % (settings.phpbb_table_prefix, self.quote_string(username))
num_rows = self.query(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
else:
db_password = self.cursor.fetchone()[0]
if db_password != phpass.crypt_private(password, db_password, '$H$'):
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
password
FROM
forums_auth
WHERE
username='******'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
# somehow detect the version of phorum being used and guess the encryption type
if len(db_password) == 32:
result = (db_password != md5.new(password).hexdigest())
else:
result = (db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]))
if result:
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
self.conn = MySQLdb.connect(host=settings.dbhost,
db=settings.dbname,
user=settings.dbuser,
passwd=settings.dbpass)
self.cursor = self.conn.cursor()
stmt = """
SELECT
user_password
FROM
%susers
WHERE
username='******'
""" % (settings.phpbb_table_prefix, username)
num_rows = self.cursor.execute(stmt)
retcode = 0
if num_rows == 0 or num_rows is None:
settings.logEvent(
'Error - Authentication failed for username \'%s\' (user not found)'
% (username))
else:
db_password = self.cursor.fetchone()[0]
if db_password != phpass.crypt_private(password, db_password,
'$H$'):
settings.logEvent(
'Error - Authentication failed for username \'%s\' (incorrect password)'
% (username))
else:
retcode = 1
self.cursor.close()
self.conn.close()
return retcode
def handle(self):
settings.logEvent('Connection from %s' % (self.client_address[0]))
if settings.server_type == 'read-only':
self.send_response(STATUS_READYNOPOST % (settings.nntp_hostname, __VERSION__))
else:
self.send_response(STATUS_READYOKPOST % (settings.nntp_hostname, __VERSION__))
while not self.terminated:
if self.sending_article == 0:
self.article_lines = []
if os.name == 'posix':
signal.signal(signal.SIGALRM, self.handle_timeout)
signal.alarm(__TIMEOUT__)
try:
self.inputline = self.rfile.readline()
except IOError:
continue
if os.name == 'posix':
signal.alarm(0)
if __DEBUG__:
print "client>", repr(self.inputline)
# Strip spaces only if NOT receiving article
if not self.sending_article:
line = self.inputline.strip()
else:
line = self.inputline
# somehow outlook express sends a lot of newlines (so we need to kill those users when this happens)
if (not self.sending_article) and (line == ''):
self.broken_oe_checker += 1
if self.broken_oe_checker == 10:
self.terminated = 1
continue
self.tokens = line.split(' ')
# NNTP commands are case-insensitive
command = self.tokens[0].upper()
# don't save the password in the log file
match = authinfo_regexp.search(line)
if not match:
settings.logEvent('Received request: %s' % (line))
if command == 'POST':
if settings.server_type == 'read-only':
settings.logEvent('Error - Read-only server received a post request from \'%s\'' % self.client_address[0])
self.send_response(STATUS_READONLYSERVER)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '':
self.send_response(STATUS_AUTH_REQUIRED)
else:
self.sending_article = 1
self.send_response(STATUS_SENDARTICLE)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '' and command not in ('AUTHINFO', 'MODE'):
self.send_response(STATUS_AUTH_REQUIRED)
else:
if self.sending_article:
if self.inputline == '.\r\n':
self.sending_article = 0
try:
self.do_POST()
except:
# use a temporary file handle object to store the traceback information
temp = StringIO.StringIO()
traceback.print_exc(file=temp)
temp_msg = temp.getvalue()
# save on the log file
settings.logEvent('Error - Posting failed for user from \'%s\' (exception triggered)' % self.client_address[0])
settings.logEvent(temp_msg)
if __DEBUG__:
print 'Error - Posting failed for user from \'%s\' (exception triggered; details below)' % self.client_address[0]
print temp_msg
self.send_response(ERR_POSTINGFAILED)
continue
self.article_lines.append(line)
else:
if command in self.commands:
getattr(self, "do_%s" % (command))()
else:
self.send_response(ERR_NOTCAPABLE)
settings.logEvent('Connection closed (IP Address: %s)' % (self.client_address[0]))
def handle_timeout(self, signum, frame):
self.terminated = 1
settings.logEvent('Connection timed out from %s' % (self.client_address[0]))
class NNTPRequestHandler(SocketServer.StreamRequestHandler):
# this is the list of supported commands
commands = ('ARTICLE', 'BODY', 'HEAD',
'STAT', 'GROUP', 'LIST', 'POST',
'HELP', 'LAST','NEWGROUPS',
'NEWNEWS', 'NEXT', 'QUIT',
'MODE', 'XOVER', 'XPAT',
'LISTGROUP', 'XGTITLE', 'XHDR',
'SLAVE', 'DATE', 'IHAVE',
'OVER', 'HDR', 'AUTHINFO',
'XROVER', 'XVERSION')
# this is the list of list of extensions supported that are obviously not in the official NNTP document
extensions = ('XOVER', 'XPAT', 'LISTGROUP',
'XGTITLE', 'XHDR', 'MODE',
'OVER', 'HDR', 'AUTHINFO',
'XROVER', 'XVERSION')
terminated = 0
selected_article = 'ggg'
selected_group = 'ggg'
tokens = []
sending_article = 0
message_length = 0
article_lines = []
broken_oe_checker = 0
auth_username = ''
def setup(self):
if settings.nntp_cache == 'yes':
self.backend = papercut_cache.Cache(storagemod, papercut_cache.cache_methods)
else:
self.backend = storagemod.Papercut_Storage()
SocketServer.StreamRequestHandler.setup(self);
def handle_timeout(self, signum, frame):
self.terminated = 1
settings.logEvent('Connection timed out from %s' % (self.client_address[0]))
raise KeyboardInterrupt('connection time out')
def handle(self):
settings.logEvent('Connection from %s' % (self.client_address[0]))
if settings.server_type == 'read-only':
self.send_response(STATUS_READYNOPOST % (settings.nntp_hostname, __VERSION__))
else:
self.send_response(STATUS_READYOKPOST % (settings.nntp_hostname, __VERSION__))
while not self.terminated:
if self.sending_article == 0:
self.article_lines = []
if os.name == 'posix':
signal.signal(signal.SIGALRM, self.handle_timeout)
signal.alarm(__TIMEOUT__)
try:
self.inputline = self.rfile.readline()
except IOError, KeyboardInterrupt:
continue
if os.name == 'posix':
signal.alarm(0)
if __DEBUG__:
print "client>", repr(self.inputline)
# Strip spaces only if NOT receiving article
if not self.sending_article:
line = self.inputline.strip()
# somehow outlook express sends a lot of newlines (so we need to kill those users when this happens)
if (line == ''):
self.broken_oe_checker += 1
if self.broken_oe_checker == 10:
self.terminated = 1
continue
else:
line = self.inputline
self.message_length=self.message_length+len(line)
if self.message_length>MAX_MESSAGE_LENGTH:
self.sending_article = 0
self.message_length=0
self.send_response(STATUS_READONLYSERVER)
self.terminated = 1
continue
# only extract 3 items to supprot AUTHINFO USER with name including spaces
self.tokens = line.split(' ', 2)
# NNTP commands are case-insensitive
command = self.tokens[0].upper()
# don't save the password in the log file
#match = authinfo_regexp.search(line)
#if not match:
# settings.logEvent('Received request: %s' % (line))
if command != 'AUTHINFO':
self.tokens = line.split(' ')
if command == 'POST':
if settings.server_type == 'read-only':
settings.logEvent('Error - Read-only server received a post request from \'%s\'' % self.client_address[0])
self.send_response(STATUS_READONLYSERVER)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '':
self.send_response(STATUS_AUTH_REQUIRED)
else:
self.sending_article = 1
self.message_length = 0
self.send_response(STATUS_SENDARTICLE)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '' and command not in ('AUTHINFO', 'MODE'):
self.send_response(STATUS_AUTH_REQUIRED)
else:
if self.sending_article:
if self.inputline == '.\r\n':
self.sending_article = 0
try:
self.do_POST()
except:
# use a temporary file handle object to store the traceback information
temp = StringIO.StringIO()
traceback.print_exc(file=temp)
temp_msg = temp.getvalue()
# save on the log file
settings.logEvent('Error - Posting failed for user from \'%s\' (exception triggered)' % self.client_address[0])
settings.logEvent(temp_msg)
if __DEBUG__:
print 'Error - Posting failed for user from \'%s\' (exception triggered; details below)' % self.client_address[0]
print temp_msg
self.send_response(ERR_POSTINGFAILED)
continue
self.article_lines.append(line)
else:
if command in self.commands:
getattr(self, "do_%s" % (command))()
else:
self.send_response(ERR_NOTCAPABLE)
settings.logEvent('Connection closed (IP Address: %s)' % (self.client_address[0]))
def handle(self):
settings.logEvent('Connection from %s' % (self.client_address[0]))
if settings.server_type == 'read-only':
self.send_response(STATUS_READYNOPOST % (settings.nntp_hostname, __VERSION__))
else:
self.send_response(STATUS_READYOKPOST % (settings.nntp_hostname, __VERSION__))
while not self.terminated:
if self.sending_article == 0:
self.article_lines = []
if os.name == 'posix':
signal.signal(signal.SIGALRM, self.handle_timeout)
signal.alarm(__TIMEOUT__)
try:
self.inputline = self.rfile.readline()
except IOError, KeyboardInterrupt:
continue
if os.name == 'posix':
signal.alarm(0)
if __DEBUG__:
print "client>", repr(self.inputline)
# Strip spaces only if NOT receiving article
if not self.sending_article:
line = self.inputline.strip()
# somehow outlook express sends a lot of newlines (so we need to kill those users when this happens)
if (line == ''):
self.broken_oe_checker += 1
if self.broken_oe_checker == 10:
self.terminated = 1
continue
else:
line = self.inputline
self.message_length=self.message_length+len(line)
if self.message_length>MAX_MESSAGE_LENGTH:
self.sending_article = 0
self.message_length=0
self.send_response(STATUS_READONLYSERVER)
self.terminated = 1
continue
# only extract 3 items to supprot AUTHINFO USER with name including spaces
self.tokens = line.split(' ', 2)
# NNTP commands are case-insensitive
command = self.tokens[0].upper()
# don't save the password in the log file
#match = authinfo_regexp.search(line)
#if not match:
# settings.logEvent('Received request: %s' % (line))
if command != 'AUTHINFO':
self.tokens = line.split(' ')
if command == 'POST':
if settings.server_type == 'read-only':
settings.logEvent('Error - Read-only server received a post request from \'%s\'' % self.client_address[0])
self.send_response(STATUS_READONLYSERVER)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '':
self.send_response(STATUS_AUTH_REQUIRED)
else:
self.sending_article = 1
self.message_length = 0
self.send_response(STATUS_SENDARTICLE)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '' and command not in ('AUTHINFO', 'MODE'):
self.send_response(STATUS_AUTH_REQUIRED)
else:
if self.sending_article:
if self.inputline == '.\r\n':
self.sending_article = 0
try:
self.do_POST()
except:
# use a temporary file handle object to store the traceback information
temp = StringIO.StringIO()
traceback.print_exc(file=temp)
temp_msg = temp.getvalue()
# save on the log file
settings.logEvent('Error - Posting failed for user from \'%s\' (exception triggered)' % self.client_address[0])
settings.logEvent(temp_msg)
if __DEBUG__:
print 'Error - Posting failed for user from \'%s\' (exception triggered; details below)' % self.client_address[0]
print temp_msg
self.send_response(ERR_POSTINGFAILED)
continue
self.article_lines.append(line)
else:
if command in self.commands:
getattr(self, "do_%s" % (command))()
else:
self.send_response(ERR_NOTCAPABLE)
def handle_timeout(self, signum, frame):
self.terminated = 1
settings.logEvent('Connection timed out from %s' % (self.client_address[0]))
raise KeyboardInterrupt('connection time out')
