Message-ID:

I was attacked by dselect as a small child and have since avoided debian. -- Andrew Morton

computers / news.software.nntp / New Readme: go-inn2-auth

https://github.com/go-while/go-inn2-auth

mv go-inn2-auth /usr/lib/news/bin/auth/passwd/go-inn2-auth
ln -sfv /usr/lib/news/bin/auth/passwd/go-inn2-auth /usr/bin/go-inn2-auth
chmod +x /usr/lib/news/bin/auth/passwd/go-inn2-auth
mv config.json user.json /etc/news

edit config.json set userfile: "/etc/news/user.json"

run daemon:
sudo -u nobody go-inn2-auth -daemon=true -config /etc/news/config.json

if you test from localhost: remove auth/access for localhost

and maybe set user.json ClientIP: "::1",

you can enable Debugs in config.json.
authentication works with debugs too.

tail -f /var/log/messages|grep nnrpd|grep auth

### /etc/news/readers.conf ###

auth "foreignokay" {
auth: "go-inn2-auth -config /etc/news/config.json"
default: "<unauthenticated>"
}

access "authenticatedpeople" {
users: "*"
newsgroups: "*,!junk,!control,!control.*"
}

access "restrictive" {
users: "<unauthenticated>"
newsgroups: "!*"
} access "readonly" {
users: "<unauthenticated>"
read: "local.*"
post: "!*"
}

### EOF readers.conf

telnet localhost 119
Trying ::1...
Connected to localhost.
Escape character is '^]'.
200 localhost server INN 2.6.4 ready (transit mode)
> mode reader
200 localhost NNRP server INN 2.6.4 ready (posting ok)
> authinfo user testuser1
381 Enter password
> authinfo pass wrongpass
481 Authentication failed
> quit
205 Bye!
Connection closed by foreign host.

: localhost (::1) connect - port 119
: localhost auth: program error: ReadStdin
: localhost auth: program error: ReadStdin: line='ClientHost: localhost'
: localhost auth: program error: ReadStdin: line='ClientIP: ::1'
: localhost auth: program error: ReadStdin: line='ClientPort: 35582'
: localhost auth: program error: ReadStdin: line='LocalIP: ::1'
: localhost auth: program error: ReadStdin: line='LocalPort: 119'
: localhost auth: program error: ReadStdin: line='ClientAuthname:
testuser1'
: localhost auth: program error: ReadStdin: line='ClientPassword:
wrongpass'
: localhost auth: program error: CLI lines=7
: localhost auth: program error: ERROR CLI code=400 err='400 DENIED'
: localhost bad_auth

> telnet localhost 119
Trying ::1...
Connected to localhost.
Escape character is '^]'.
200 localhost InterNetNews server INN 2.6.4 ready (transit mode)
> authinfo user testuser1
502 Authentication will fail
> mode reader
200 localhost InterNetNews NNRP server INN 2.6.4 ready (posting ok)
> authinfo user testuser1
381 Enter password
> authinfo pass testpass1
281 Authentication succeeded
> quit
205 Bye!

: localhost auth: program error: ReadStdin
: localhost auth: program error: ReadStdin: line='ClientHost: localhost'
: localhost auth: program error: ReadStdin: line='ClientIP: ::1'
: localhost auth: program error: ReadStdin: line='ClientPort: 34674'
: localhost auth: program error: ReadStdin: line='LocalIP: ::1'
: localhost auth: program error: ReadStdin: line='LocalPort: 119'
: localhost auth: program error: ReadStdin: line='ClientAuthname:
testuser1'
: localhost auth: program error: ReadStdin: line='ClientPassword:
testpass1'
: localhost auth: program error: CLI lines=7
: localhost auth: program error: CLI code=200 msg=testuser1
: localhost user testuser1

go-inn2-auth

https://github.com/go-while/go-inn2-auth/blob/main/README.md

go-inn2-auth is an external authentication server written in Go (Golang)
for the INN (InterNetNews) Usenet news server's nnrpd daemon.

It provides user authentication and authorization support based on the
provided credentials.
Features

Supports multiple authentication modes: "json" (using a JSON file
for user data) and others (e.g., MongoDB, MySQL, PostgreSQL, or Redis).
Allows authentication using plain passwords, bcrypt-hashed
passwords, or SHA256-hashed passwords.
CLI and a (caching) daemon server to handle incoming authentication
requests from the nnrpd daemon.

Installation

To compile go-inn2-auth yourself, you need to have Go (Golang) installed
on your system. If you don't have Go installed, you can download it from
the official website: https://golang.org/

Clone the repository:

git clone https://github.com/go-while/go-inn2-auth
cd go-inn2-auth

Build the program:

go build go-inn2-auth.go

Usage
Setup readers.conf to use go-inn2-auth
How to configure go-inn2-auth in conjunction with INN's readers.conf
file to enable authentication for Usenet news access?

To integrate go-inn2-auth with INN2 edit (/etc/news/readers.conf)

You need to define the authentication method and access restrictions as
follows:

In the readers.conf file (/etc/news/readers.conf), add an auth
block to specify the authentication method using go-inn2-auth. For example:

auth "foreignokay" {
auth: "go-inn2-auth -config /etc/news/config.json"
default: "<unauthenticated>"
}

Define access groups in readers.conf. For example:

access "authenticatedpeople" {
users: "*"
newsgroups: "*,!junk,!control,!control.*"
}

access "restrictive" {
users: "<unauthenticated>"
newsgroups: "!*"
}

access "readonly" {
users: "<unauthenticated>"
read: "local.*"
post: "!*"
}

Ensure to specify the correct path to your configuration file
(config.json) in the auth block.

With this configuration, go-inn2-auth will be invoked for
authentication, and users will be allowed access to different newsgroups
based on the access rules defined in readers.conf.

The provided readers.conf configuration assumes that you have set up the
access groups and newsgroups according to your desired access policy.

Please adapt the readers.conf configuration according to your specific
needs and newsgroup access requirements.
Running go-inn2-auth Daemon Background Server

go-inn2-auth consists of 2 parts: CLI and SRV (daemon).

The CLI is launched in readers.conf and authenticates against the
go-inn2-auth daemon via TCP or SSL.

The SRV daemon holds and caches the user credentials.

To run go-inn2-auth as a daemon server, follow these steps:

Start the daemon server with the -daemon=true flag and specify the
configuration file using the -config flag:

sudo -u nobody go-inn2-auth -daemon=true -config /etc/news/config.json

The daemon server will start listening for incoming requests on the
specified TCP or SSL address as configured in the provided config.json file.

The go-inn2-auth daemon will authenticate users based on the credentials
provided by the CLI in the readers.conf file.

It will respond to the nnrpd daemon accordingly, allowing or denying
access to Usenet news.

The daemon server will handle authentication requests concurrently, with
a configurable number of parallel requests defined in the Max_Workers
setting in the config.json file.

By running go-inn2-auth as a daemon server, you can enable secure and
efficient authentication for Usenet news access while benefiting from
the caching mechanism for user credentials.

Make sure to adjust the config.json file with the appropriate settings
and authentication methods to suit your specific use case.

For further details on configuration options and features, consult the
go-inn2-auth documentation.

Each worker in the daemon may require a dedicated database connection to
ensure proper data access and avoid potential issues with database
transactions.
Configuration

The go-inn2-auth daemon requires a configuration file in JSON format to
specify various settings and authentication mode.

An example configuration file config.json is provided in the repository.

edit config.json:

set userfile: "/etc/news/user.json"

If you test from localhost: remove auth/access for localhost from
readers.conf and set user.json ClientIP: "::1" You can enable Debugs in
config.json authentication works with Debugs too.

### /etc/news/readers.conf ###

auth "foreignokay" {
auth: "go-inn2-auth -config /etc/news/config.json"
default: "<unauthenticated>"
}

access "authenticatedpeople" {
users: "*"
newsgroups: "*,!junk,!control,!control.*"
}

access "restrictive" {
users: "<unauthenticated>"
newsgroups: "!*"
} access "readonly" {
users: "<unauthenticated>"
read: "local.*"
post: "!*"
}

### EOF readers.conf

Test

tail -f /var/log/messages|grep nnrpd

Contributing

Contributions to go-inn2-auth are welcome!

If you find any bugs or have suggestions for improvements, please open
an issue or submit a pull request.
Code Structure

The provided code is a Go (Golang) program that implements an external
authentication server for the nnrpd daemon in INN (InterNetNews), which
is a Usenet news server.

This program acts as a part of the readers.conf-based authorization
mechanism in INN and is responsible for authenticating users and
allowing or denying access to certain resources based on the provided
credentials.
The code is structured as follows:
Import Statements

The import statements in the go-inn2-auth project are essential for
including external packages and libraries that provide necessary
functionality.

These packages extend the capabilities of the program and allow it to
interact with various system components and perform specific tasks
efficiently.
Standard Library Imports

The project includes import statements for the Go (Golang) standard
library packages. These standard packages provide fundamental
functionality required for common programming tasks and interactions
with the operating system. Some of the standard library packages used in
go-inn2-auth include:

Click here to read the complete article

Subject	Author
go-inn2-auth	Billy G. (go-while)
New Readme: go-inn2-auth	Billy G. (go-while)