headers
Matthias Andree | 3 Feb 2009 10:09
Picon
Picon

Re: Wrong reply to ARTICLE command: "412 no group selected"

Am 30.01.2009, 01:10 Uhr, schrieb Paul Brooks <paulbrooks59@...>:

> Ive not been using leafnode very long and have come across this error
> "Wrong reply to ARTICLE command: "412 no group selected""
> There are thousands of occurrences of this error when receiving news  
> articles.
> I am receiving new posts ok but these errors are from trying to get  
> older posts.

Hi Paul,

sorry for seeing your message only now; I've had a file system (/usr)  
crash and am only recovering slowly.

> Is this an error caused by the news server im getting my news from or is  
> it caused by leafnode itself? and what does the error mean?

The message is *generated* by the server. At the time, leafnode has tried  
downloading an article. What causes it, is hard to tell without closer  
inspection.

Can you try to obtain a debug log? Simply run:

fetchnews -evvvvD 131 2>&1 | tee some.log

Then gzip, bzip2, or lzma the some.log file and send it to me IN PRIVATE  
(to the gmx.de address) - it's too large for the list. I'll then see if I  
can figure out what's up.

Best regards
(Continue reading)

Permalink | Reply | 6 comments |
headers
clemens fischer | 3 Feb 2009 23:31
Favicon

Re: authentication questions

(sorry for beeing late)

On Thu-2009/01/29-00:22 Matthias Andree wrote:

> Eric S. Johansson schrieb am 2009-01-23:
> 
>> Matthias Andree wrote:
>> > Eric S. Johansson schrieb:
>> >> I know from the documentation, it's possible to authenticate using
>> >> PAM.  That authentication gives you access to all the newsgroups
>> >> on a server.  is it possible to restrict specific newsgroups to
>> >> subset of the entire user population?
>> > 
>> > Not at the moment, that's on the TODO list.
>> 
>>  so, you're telling me that if I need it, I should roll up my sleeves
>>  etc..  :-)
> 
> Feel free, but I'm not expecting that, particularly not if you suffer
> from RSI.
> 
>> Seriously, could this be done from the lua extension environment or
>> do I need to relearn C/C++? [1]
> 
> C for the nonce; WRT the Lua extension, that's for Clemens to answer.
> I haven't yet had the time to fully understand the Lua extension's
> capabilities.

using Lua to do this would not even be all that hard, but ATM only
fetchnews is instrumented.  This was my highest priority, because
(Continue reading)

Permalink | Reply | 7 comments |
headers
Matthias Andree | 4 Feb 2009 02:27
Picon
Picon

Re: authentication questions

[sorry clemens for the dupe, resending with proper sender address for the  
list]

Am 03.02.2009, 23:31 Uhr, schrieb clemens fischer
<ino-news@...>:

> The other "big" components of leafnode, ie. leafnode(8) and texpire(8)
> have no lua hooks.  Matthias, does leafnode(8) have a nice central place
> where all the music is launched from, like the store article function in
> fetchnews?

There's a main loop that reads the input and then handles the known
commands in individual functions. Then there's an authentication that can
be crypt() based or PAM based, but we don't do mandatory access control
for user -> newsgroups mapping yet, it's all-or-nothing.

--

-- 
Matthias Andree
Permalink | Reply | 6 comments |
headers
Matthias Andree | 5 Feb 2009 09:20
Picon
Picon

Re: Wrong reply to ARTICLE command: "412 no group selected"

Am 05.02.2009, 00:59 Uhr, schrieb Paul Brooks <paulbrooks59@...>:

> I got the messages when trying to get old posts with the command
> fetchnews vvvv -x 60000    I only have one interesting group at the  
> moment.

The messages may have appeared when (a) the server's overview data was not  
in synch with group contents and (b) it was unable to articulate itself  
properly. It doesn't make too much sense though and requires both server  
bugs and server data inconsistencies for explanation.

Do you know what software the server is using? It should be visible from  
the first 200 or 201 greeting line from the server.

--

-- 
Matthias Andree
Permalink | Reply | 0 comments |
headers
clemens fischer | 5 Feb 2009 13:59
Favicon

Re: authentication questions

Matthias Andree wrote:

> Am 03.02.2009, 23:31 Uhr, schrieb clemens fischer
> <ino-news <at> spotteswoode.dnsalias.org>:
> 
>> The other "big" components of leafnode, ie. leafnode(8) and
>> texpire(8) have no lua hooks.  Matthias, does leafnode(8) have a nice
>> central place where all the music is launched from, like the store
>> article function in fetchnews?
> 
> There's a main loop that reads the input and then handles the known
> commands in individual functions. Then there's an authentication that
> can be crypt() based or PAM based, but we don't do mandatory access
> control for user -> newsgroups mapping yet, it's all-or-nothing.

Ok, in that case I can take care of the mapping lua-style.  If the user
is properly authenticated, then the scripts just need to lookup which
groups the particular user has access to and deny him or her the rest.

This will take some time, but not months, more like a few weeks.  Who
knows, maybe I have it ready in a couple of days.  I'll copy the script
initialization from fetchnews and introduce hooks into leafnodes main
loop handling group functions.

clemens
Permalink | Reply | 0 comments |
headers
clemens fischer | 5 Feb 2009 14:15
Favicon

Re: Wrong reply to ARTICLE command: "412 no group?selected"

On Fri-2009/01/30-01:10 Paul Brooks wrote:

> Ive not been using leafnode very long and have come across this error
> "Wrong reply to ARTICLE command: "412 no group selected"" There are
> thousands of occurrences of this error when receiving news articles.
> I am receiving new posts ok but these errors are from trying to get
> older posts.
> 
> Is this an error caused by the news server im getting my news from or
> is it caused by leafnode itself? and what does the error mean?

i was thinking:  could the upstream server have expired the article
numbers asked for and left the group as the result of not finding them?
In that case it would indeed be in the "group selection" state, but
fetchnews would continue to ask for article numbers specific to some
group.

clemens
Permalink | Reply | 0 comments |
headers
clemens fischer | 5 Feb 2009 17:16
Favicon

Re: authentication questions

Matthias Andree wrote:

> There's a main loop that reads the input and then handles the known
> commands in individual functions. Then there's an authentication that
> can be crypt() based or PAM based, but we don't do mandatory access
> control for user -> newsgroups mapping yet, it's all-or-nothing.

Does somebody know what NNTP status code (4xx or 5xx) would have to be
returned to the client of an unauthenticated or unelligable user if he
wanted to open some group or read an article?  Are there different codes
depending on state?

Maybe I should leave this to the admin.  Afterall, he sets up the
script.

clemens
Permalink | Reply | 4 comments |
headers
Matthias Andree | 5 Feb 2009 17:44
Picon
Picon

Re: authentication questions

Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer  
<ino-news@...>:

> Matthias Andree wrote:
>
>> There's a main loop that reads the input and then handles the known
>> commands in individual functions. Then there's an authentication that
>> can be crypt() based or PAM based, but we don't do mandatory access
>> control for user -> newsgroups mapping yet, it's all-or-nothing.
>
> Does somebody know what NNTP status code (4xx or 5xx) would have to be
> returned to the client of an unauthenticated or unelligable user if he
> wanted to open some group or read an article?  Are there different codes
> depending on state?

There's a reason why leafnode doesn't have such a feature yet...

RFC3977 doesn't appear to foresee special codes, so you'll pretend that  
the group doesn't exist, i. e. "411 no such group".

Please keep in mind that such features are usually requested by concerned  
parents who want to protect their offspring, so just showing, but not  
giving, is second to fully hiding the group.

If you want to do it thoroughly and to avoid that groups spring into  
existence through cross-posting and wreak havoc later on, when  
restrictions are relaxed, there's more: You also need to hide  
non-permitted groups from the lists (active/group lists) and suppressing  
related information in overview and headers (Xref, Newsgroups, in  
particular). It's much easier to do that in fetchnews with
(Continue reading)

Permalink | Reply | 3 comments |
headers
Matthias Andree | 5 Feb 2009 17:57
Picon
Picon

Re: authentication questions

Am 05.02.2009, 17:44 Uhr, schrieb Matthias Andree <matthias.andree@...>:

> Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer
> <ino-news@...>:
>
>> Matthias Andree wrote:
>>
>>> There's a main loop that reads the input and then handles the known
>>> commands in individual functions. Then there's an authentication that
>>> can be crypt() based or PAM based, but we don't do mandatory access
>>> control for user -> newsgroups mapping yet, it's all-or-nothing.
>>
>> Does somebody know what NNTP status code (4xx or 5xx) would have to be
>> returned to the client of an unauthenticated or unelligable user if he
>> wanted to open some group or read an article?  Are there different codes
>> depending on state?
>
> There's a reason why leafnode doesn't have such a feature yet...
>
> RFC3977 doesn't appear to foresee special codes, so you'll pretend that
> the group doesn't exist, i. e. "411 no such group".

Well, there are STARTTLS and authentication RFCs for NNTP v2 as well,
namely RFC 4642 (STARTTLS for NNTP) and 4643 (NNTP authentication) that
suggest other solutions - but I haven't yet reviews these new RFCs yet and
don't know how I want leafnode changed to accomodate these.

While leafnode is not yet RFC3977 compliant (that's NNTP v2, which
obsoletes RFC0977 and RFC2980), new changes for leafnode-2 should keep
RFC3977 and 4642...4644 and the related USEFOR (USEFOR and USEPRO) drafts
(Continue reading)

Permalink | Reply | 1 comment |
headers
clemens fischer | 5 Feb 2009 20:38
Favicon

Re: authentication questions

Matthias Andree wrote:

> Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer  

> There's a reason why leafnode doesn't have such a feature yet...
> 
> RFC3977 doesn't appear to foresee special codes, so you'll pretend that  
> the group doesn't exist, i. e. "411 no such group".
> 
> Please keep in mind that such features are usually requested by concerned  
> parents who want to protect their offspring, so just showing, but not  
> giving, is second to fully hiding the group.
> 
> If you want to do it thoroughly and to avoid that groups spring into  
> existence through cross-posting and wreak havoc later on, when  
> restrictions are relaxed, there's more: You also need to hide  
> non-permitted groups from the lists (active/group lists) and suppressing  
> related information in overview and headers (Xref, Newsgroups, in  
> particular). It's much easier to do that in fetchnews with  
> only_groups_pcre (which is a long-winding name, I'll admit).
> 
> I'm willing to help here.
> 
> Please do not use different codes or strings in the NNTP dialogues,  
> although you can opt to log a different code or additional line to syslog  
> in addition to the string that goes over the wire. dogroup() is simple  
> enough and should be the only source of 411 codes.

Ok, I already found "dogroup()".  What I'm currently doing is this:  If
authentication is enabled and the newsreader sends "authinfo", scripting
(Continue reading)

Permalink | Reply | 0 comments |

Gmane