"Fossies" - the Fresh Open Source Software Archive

Member "tin-2.4.1/libcanlock/HOWTO" (28 Aug 2013, 2464 Bytes) of package /linux/misc/tin-2.4.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Here are some sort-of plain language descriptions of how to use the
    2 library.
    3 
    4 First, your news posting program needs to generate its own Message-ID
    5 headers, or some other unique per-article header if IDs aren't allowed
    6 by your server.  If this isn't already the case, fix that first.
    7 
    8 You will also need to add a facility for storing a user password; see
    9 the included RFCs about recommended lengths.  This can be user-generated
   10 or built automatically from random cruft, but however you generate the
   11 password you do have to save it.  This password is the only thing that
   12 will allow you to cancel articles later.
   13 
   14 An alternative approach is to generate a unique password for each
   15 article, but then you would need to build a whole little database
   16 monster.
   17 
   18 
   19 POSTING:
   20 
   21 Generate a Message-ID.  Now, pass the pointers and lengths of the
   22 password and message id to sha_lock().  It will return a pointer to your
   23 cancel lock. For example:
   24 
   25     fprintf(art, "Message-ID: %s\n", msgid);
   26     fprintf(art, "Cancel-Lock: sha1:%s\n",
   27             sha_lock(password, strlen(password), msgid, strlen(msgid));
   28 
   29 
   30 CANCELING:
   31 
   32 This time, you use the Message-ID of the article to be canceled.  We
   33 use sha_key this time to complete the cycle.
   34 
   35     fprintf(art, "Control: cancel %s\n", msg_can);
   36     fprintf(art, "Cancel-Key: sha1:%s\n",
   37             sha_key(password, strlen(password), msgid, strlen(msgid));
   38 
   39 
   40 VERIFYING:
   41 
   42 This is purely optional at the newsreader level; only servers should
   43 really need to bother.
   44 
   45 Extract the Cancel-Key: header from the cancel message.  Fetch the
   46 original article from the server and extract its Cancel-Lock: header.
   47 Chop off the keywords; we are only interested in the Base64 thingies.
   48 
   49 - If the original article has no lock (or is missing), you can ignore
   50   the cancel key and use traditional verification, or abort the cancel
   51   operation if you don't want to trust unauthenticated cancels.
   52 
   53 - If the original article has a lock and the cancel has no key, abort
   54   the cancel operation.
   55 
   56 - If both a key and lock are present, strip off the type numbers and
   57   make sure they're both type sha1 (the only kind this library handles).
   58   You can use the lock_strip() function to make this a bit easier.
   59 
   60 - Finally, you can send pointers to each stripped lock on to
   61   sha_verify().  If it returns zero, your may delete the article. Remember
   62   that there may be more than one lock in the header.  Be sure to check
   63   all locks against the key before giving up.