Hi all,

I am finalizing the integration of Cancel-Lock into INN, based on the libcanlock library maintained by Michael (and Dennis Preiser before him).

As the news admin needs an easy way to cancel articles sent from his news server in case of abuse or for whatever reason, I have added a "gencancel" tool that generates the cancel control article to send. As a matter of fact, he needs computing the
right Cancel-Key header field to authenticate the cancel with his admin secret.

Here is what I have come up with right now:

Usage: gencancel [-adkm] [-b body] [-c charset] [-f from] [-n newsgroups]
[-s subject] '<Message-ID>'

-a Do not add an Approved header field
-b body Use the argument as the body of the cancel article
-c charset Use the argument for the Content-Type charset
-d Do not use local time for the Date header field
-f from Use the argument for the From and Approved header fields
-k Only write the body of the Cancel-Key header field
-m Do not generate a Message-ID for the cancel article
-n newsgroups Use the argument for the Newsgroups header field
-s subject Use the argument for the Subject header field

Message-ID The Message-ID to cancel (with quotes around for the
shell, and angle brackets)




% gencancel '<an-unknown-article-to-cancel@example.com>'
gencancel: Cannot find article <an-article-to-cancel@example.com> in history; you may want to use -n

The Newsgroups header field will be automatically set to the value of the original article (if still in your news spool).
Otherwise, "-n news.software.nntp" should be for instance given.


Basically, it will generate a proto-article like this:

% gencancel '<an-article-to-cancel@example.com>' -f 'newsadmin@example.com' From: newsadmin@example.com
Newsgroups: local.test
Subject: cmsg cancel <an-article-to-cancel@example.com>
Control: cancel <an-article-to-cancel@example.com>
Date: Sat, 19 Feb 2022 23:18:34 +0100 (CET)
Approved: newsadmin@example.com
Message-ID: <surqbq$24bml$1@news.trigofacile.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Cancel-Key: sha1:w1saUe2FYUi48sVbVtKcm7cdznE= sha256:3Wb6ayHU0EdK7BQGIa6vma6RpPRgzo1lmxphpu5zaUo=

Admin cancel.



which can be piped into inews, and that's it. Cancel done!

I've kept the legacy "cmsg cancel <mid>" as default Subject but I can put "cancel <mid>" or any better idea as default.




% gencancel '<an-article-to-cancel@example.com>' | inews -h -s

(-h to say the proto-article contains headers, -s to prevent the addition of a Sender header field)




Also, for people just wanting the hashes to use, the -k parameter outputs them:

% gencancel '<an-article-to-cancel@example.com>' -k sha1:w1saUe2FYUi48sVbVtKcm7cdznE= sha256:3Wb6ayHU0EdK7BQGIa6vma6RpPRgzo1lmxphpu5zaUo=

This way, the news admin or an external program can easily make use of them (for a supersede request for instance).

If Cancel-Lock support is not enabled, gencancel also works for unauthenticated cancels (it will just not generate the Cancel-Key header field).


Naturally, if one wants to customize even more the output of gencancel, he can echo additional header fields, modify existing fields with sed or any commands he wants.

That's why I think this basic gencancel should normally fit most (if not all) needs.
But I prefer to ask here, in case I missed something important.
So, do you think this proposal is enough for the needs of news admins? Otherwise, what would you need?

Better provide the useful stuff in the initial release than having to ask and then wait for the next release!

--
Julien ÉLIE

« Nul n'entre ici s'il n'est géomètre. » (Platon)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 19/02/2022 à 23:40, Julien ÉLIE a écrit :

Hi all,

I am finalizing the integration of Cancel-Lock into INN, based on the libcanlock library maintained by Michael (and Dennis Preiser before him).

As the news admin needs an easy way to cancel articles sent from his news server in case of abuse or for whatever reason,

good :-)

I didn't find link to a way of forgive automatic cancel from outside
user, do you have one?

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bonjour Jean-Daniel,

As the news admin needs an easy way to cancel articles sent from his
news server in case of abuse or for whatever reason,

I didn't find link to a way of forgive automatic cancel from outside
user, do you have one?

I do not understand well the question.
What are the cancels you want your server to be process, and the cancels
that you do not want your server to process?
Does "outside user" mean "news readers connected to your server" or
"external peers"?

--
Julien ÉLIE

« César, c'est un Jules tout de même ! » (Astérix)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 20/02/2022 à 10:32, Julien ÉLIE a écrit :

Does "outside user" mean "news readers connected to your server

IMHO, supersed by original poster is ok, not by anybody (except admin).

cancel-lock/cancel-key seems perfect for this, but I didn't find how to
have it on my server.

probably an option in readers. conf, but which one?

thanks

and by the way the getcancel is a very good idea, thanks again

jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 20/02/2022 à 11:16, Julien ÉLIE a écrit :

Didn't you try Gérald documentation? (based on German work by Alexander
and Thomas)
https://home.gegeweb.org/rfc8315.html

yes, I did, but is it as simple as replacing my (default)
filter_nnrpd.pl by the one of this page?

I also read:

https://www.eyrie.org/~eagle/usefor/drafts/draft-ietf-usefor-cancel-lock-00.txt

but disabling the cancel function for user, and using with your
gencancel as admin for the rare cases when a cancel is necessary may be
enough for now.

I expect this system not changing the nocem process?

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bonjour Jean-Daniel,

Does "outside user" mean "news readers connected to your server

IMHO, supersed by original poster is ok, not by anybody (except admin).

cancel-lock/cancel-key seems perfect for this, but I didn't find how to
have it on my server.

Ah, OK, I wasn't sure it was what you were looking for.
Didn't you try Gérald documentation? (based on German work by Alexander
and Thomas)
https://home.gegeweb.org/rfc8315.html

probably an option in readers.conf, but which one?

Currently, it should be done with Perl hooks.
It will be native in innd/nnrpd in the upcoming INN 2.7.0 release.

and by the way the gencancel is a very good idea, thanks again

You're welcome!

--
Julien ÉLIE

« César, c'est un Jules tout de même ! » (Astérix)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bonjour Jean-Daniel,

Didn't you try Gérald documentation? (based on German work by Alexander
and Thomas)
    https://home.gegeweb.org/rfc8315.html

yes, I did, but is it as simple as replacing my (default)
filter_nnrpd.pl by the one of this page?

Yes, it is as simple as that. (Who said INN was complicated? :-) )

And also cleanfeed.local for the verification part (when innd receives a
cancel or supersede request). There are 2 scripts in the page.

Make sure you have the Digest::SHA and Digest::MD5 Perl modules
installed. They are normally standard modules but some distributions do
not install it by default.

The following commands should not return any error:
% perl -e "use Digest::SHA"
% perl -e "use Digest::MD5"

I also read:

https://www.eyrie.org/~eagle/usefor/drafts/draft-ietf-usefor-cancel-lock-00.txt

This is an old draft (the first one). The final document is here:
https://www.rfc-editor.org/rfc/rfc8315.html

but disabling the cancel function for user, and using with your
gencancel as admin for the rare cases when a cancel is necessary may be enough for now.

It's up to you to decide what you need for your users.

I expect this system not changing the nocem process?

NoCeM is something different, and untouched.

--
Julien ÉLIE

« Si les chefs sont de force égale, ils ont le droit de se jeter des
ballots à la tête ; on dit alors qu'ils sont en ballottage. »
(Astérix)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 20/02/2022 à 12:18, Julien ÉLIE a écrit :


http://dodin.me/wiki/pmwiki.php?n=Doc.ConfigurerINN-2021#toc-14.3

any way to check if it works?

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,
jdanield a écrit :

http://dodin.me/wiki/pmwiki.php?n=Doc.ConfigurerINN-2021#toc-14.3
any way to check if it works?

I hope that you have keep all the config for cleanfeed.local.

You can open on your server something like :
tail -F /var/log/syslog | fgrep -i cancel

And post on a *.test with a server and cancel on another server.

--
Stéphane
Sorry for my bad English

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 20/02/2022 à 15:57, yamo' a écrit :

Hi,
jdanield a écrit :

http://dodin.me/wiki/pmwiki.php?n=Doc.ConfigurerINN-2021#toc-14.3
any way to check if it works?

I hope that you have keep all the config for cleanfeed.local.

in fact I noticed I had none :-( but a cleanfeed.local.sample

in fact I had read it and seen there notices about cancels I was seeking
for since some time (but didn't found :-))

nuit in the sample file there is:

"# Before using any of this code please *think*, and be sure you really
# understand what it does."

and as I don't understand most of the code...

You can open on your server something like :
tail -F /var/log/syslog | fgrep -i cancel

this it's ok

And post on a *.test with a server and cancel on another server.

this I not sure what to do. have to learn

sorry, Julien, I wasn't expecting to hack your post like this :-(

jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Julien,

Julien ÉLIE a tapoté le 19/02/2022 23:40:

That's why I think this basic gencancel should normally fit most (if not all) needs.
But I prefer to ask here, in case I missed something important.
So, do you think this proposal is enough for the needs of news admins? Otherwise, what would you need?

I think it is really a good work!


Best regards,

--
Stéphane

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)