Excluding Cancel-Lock for certain users

Julien ÉLIE julien at trigofacile.com
Fri Feb 25 20:45:09 UTC 2022


Hi all,

As an identity is always assigned by readers.conf, all posts are 
considered to be sent by a known posting-account (the one appearing in 
Injection-Info).
Yet, it causes a problem with Cancel-Lock because some identities may be 
shared between several persons.  Which means that any user with that 
identity can cancel any other post from another user with the same identity.

I'm wondering whether a parameter should not be added for access blocks 
in readers.conf so as to prevent the generation of user Cancel-Lock and 
Cancel-Key for them (of course, the admin Cancel-Lock is always generated).

Example of use:

access "all" {
     users: "<all>"
     newsgroups: "*"
     canlock: false
}

# Same thing for "<localhost>" or similar common access blocks.



If not set, "canlock" defaults to true (meaning user Cancel-Lock and 
Cancel-Key are generated).


This proposal follows a discussion I've just had in a French newsgroup, 
where someone (Stéphane) pointed out a problem with the usual Perl code 
used to generate Cancel-Lock and Cancel-Key in filter_nnrpd.pl on 
servers without any authentication needed.
I believe this should be taken into account in the native Cancel-Lock 
implementation in nnrpd, and I would suggest that "canlock" parameter.


If you have any better idea, do not hesitate to tell.

-- 
Julien ÉLIE

« La grippe, ça dure huit jours si on la soigne et une semaine si on ne
   fait rien. » (Raymond Devos)


More information about the inn-workers mailing list