Towards a 2.4.4 release

Alexander Bartolich alexander.bartolich at gmx.at
Thu Apr 3 21:46:49 UTC 2008


Heiko Schlichting wrote:
> [...]
> But it is fairly easy to implement processing Cancel-Lock/Cancel-Key with
> or without using libcanlock. The biggest problem is to guarantee that the
> person who tries to cancel is the author of the original article. If you
> can't guarantee this, inserting a Cancel-Key is not allowed (and not
> useful).
 >
 > Using IP based access control, this is impossible. In all other cases it
 > could be hard to impossible anyway, so we have to use our database to find
 > the unique userid of the original article and compare it with the userid of
 > the cancel posting attempt.

If you use a scheme based on username/password then the verified username
is available in filter_nnrpd.pl. The Cancel-Key is then based on three values:
- the message ID of the target ($message_id),
- the username sending the post ($user),
- and a site wide secret key (CANCEL_LOCK).

   return MIME::Base64::encode(
     Digest::HMAC_SHA1::hmac_sha1($message_id, $user . CANCEL_LOCK), ''
   );

This way only the holder of the original account can create a matching key.

Verification of Cancel-Lock/Cancel-Key then happens in filter_nnrpd.pl.
Typically cancel messages or supersedes with invalid keys are ignored
(i.e. stored in news spool like a regular article).

However, if the first word of X-Trace: matches your own site name than
that article is coming from a local user and should be rejected if the
Cancel-Key does not match the Cancel-Lock. It is not necessary to know
the user ID for that check.

Ciao

     Alexander.


More information about the inn-workers mailing list