Parametring cancel processing (Cancel-Lock vs unauthenticated cancels)
Julien ÉLIE
julien at trigofacile.com
Sun Jan 23 21:09:39 UTC 2022
Hi Grant,
>> That sounds great for a soft transition period. I'll put a warning in
>> 2.7.0 and really remove it in 2.8.0.
>
> <ASCII thumbs up>
>
> The only other thing that I might ask is that you include the exact
> error message(s) in release notes / FAQ / what have you. That way if
> (read: when) people hit the error and search for it (a la. fgrep -ir
> "...") they will have a nugget of information to find.
Just done.
The release notes will contain what you asked for:
* A new *docancels* parameter has been added in inn.conf to define which
types of cancels innd should process. The -C flag given to innd is
deprecated in favour of that new parameter (you'll see in your logs
the message "innd -C flag has been deprecated and has no effect; use
docancels in inn.conf" in case you're passing that flag to innd).
For the ones using CURRENT snapshots, you'll see that warning starting from
tomorrow's snapshots. Have a look at inn.conf(5) to see how to parameter
"docancels":
docancels
This parameter is intended for sites concerned about abuse of
cancels, or that wish to enforce a mechanism to authenticate
cancels. Unless rejected by the use of a filter hook, innd always
accepts and propagates cancel articles and supersede requests.
However, actually processing such articles on the local news server
depends on this parameter which can take the following values:
"require-auth"
Only articles originally protected by the Cancel-Lock
authentication mechanism can be withdrawn by a valid
authenticated cancel article or a valid authenticated supersede
request. Withdrawals of articles not originally protected by
Cancel-Lock will not be executed.
This is the default value if innd knows how to authenticate
cancels (that is to say if INN was built with Cancel-Lock
support). Otherwise, the behaviour will be the same as "none".
"auth"
Withdrawals of articles not originally protected by the Cancel-
Lock authentication mechanism will always be executed.
However, if the original article is protected, only a valid
authenticated cancel article or a valid authenticated supersede
request will permit withdrawing it. (If INN was not built with
Cancel-Lock support, such protected articles won't be
withdrawn.)
"none"
Neither cancel articles nor supersede requests will be
processed; no articles will be withdrawn.
This is the default value if innd does not know how to
authenticate cancels (that is to say if INN was not built with
Cancel-Lock support) as it has no means to ensure that these
withdrawal requests are legitimate.
"all"
innd will process all cancel articles and supersede requests,
even if unauthenticated, forged or with bad authentication.
You should be sure of what you are doing if you choose that
value as any article can be withdrawn (even by someone who is
not the author of the article).
> Aside: Is doing the same in the source going too far? As in "Use the
> Source Luke!". ;-)
The exact message is naturally present in the source.
--
Julien ÉLIE
« – Prends un peu de potion magique, Jolitorax ?
– Mais ça va être l'heure de l'eau chaude ! » (Astérix)
More information about the inn-workers
mailing list