GNU bug report logs -
#34458
27.0.50; Gnus's nnimap truncates password
Previous Next
Reported by: Amin Bandali <bandali <at> gnu.org>
Date: Tue, 12 Feb 2019 16:50:02 UTC
Severity: normal
Tags: fixed
Found in version 27.0.50
Fixed in version 27.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34458 in the body.
You can then email your comments to 34458 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Tue, 12 Feb 2019 16:50:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Amin Bandali <bandali <at> gnu.org>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 12 Feb 2019 16:50:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
It seems that when the combined length of username + password for an
imap login exceeds certain length, nnimap tries to log into the server
with a truncated password.
Example:
Say I have the following line in ~/.authinfo.gpg:
machine mymchn login myuserid <at> hereis.alongaddr.ca password VAdlmhgtPX3RQpV2bfr8ilj6Qptr0Omz
I was wondering why Gnus wasn’t able to log into the server, though I
had made sure I was using the correct username and password. Upon
looking into server logs, I noticed that the login attempts were made
using VAdlmhgtPX3RQpV2bfr8ilj6Qpt as the password (notice that r0Omz is
missing at the end) instead of the correct full password.
Then I tried with a shorter username like below and it worked just fine:
machine mymchn login myuserid <at> hereis.ca password VAdlmhgtPX3RQpV2bfr8ilj6Qptr0Omz
If I recall correctly, this issue also happens without adding a machine
entry to ~/.authinfo.gpg (i.e. by filling out the username and password
prompt); which leads me to think that the issue is not with auth-source.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Sat, 22 Jun 2019 13:02:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 34458 <at> debbugs.gnu.org (full text, mbox):
Amin Bandali <bandali <at> gnu.org> writes:
> It seems that when the combined length of username + password for an
> imap login exceeds certain length, nnimap tries to log into the server
> with a truncated password.
I've looked at the code, and I can't see where it would be truncating
the password...
> I was wondering why Gnus wasn’t able to log into the server, though I
> had made sure I was using the correct username and password. Upon
> looking into server logs, I noticed that the login attempts were made
> using VAdlmhgtPX3RQpV2bfr8ilj6Qpt as the password (notice that r0Omz is
> missing at the end) instead of the correct full password.
Is it possible that the server is truncating the password (before
logging it, even)? What IMAP server are you using?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Sat, 22 Jun 2019 13:05:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 34458 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> Amin Bandali <bandali <at> gnu.org> writes:
>
>> It seems that when the combined length of username + password for an
>> imap login exceeds certain length, nnimap tries to log into the server
>> with a truncated password.
>
> I've looked at the code, and I can't see where it would be truncating
> the password...
Unless you're using CRAM-MD5 as the auth method, but then you wouldn't
see the password at all on the server side, I guess...
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Sat, 29 Jun 2019 18:33:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 34458 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
[...]
>
> Is it possible that the server is truncating the password (before
> logging it, even)? What IMAP server are you using?
I don’t think so…? I use a local dovecot with a fairly typical
configuration [0], with sha512 of passwords stored in a separate file.
[0]: https://git.sr.ht/~bandali/dotfiles/tree/b1ed9ee8a3c507dd26df3d884fb0e15daef7da99/rc.org#L23
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
[...]
>
> Unless you're using CRAM-MD5 as the auth method, but then you wouldn't
> see the password at all on the server side, I guess...
Right. As far as I know, I am not. I have been meaning to try and
edebug nnimap-login, but I’ve been super busy with school work lately,
and have barely had any free time.
Have you tried reproducing this on your end?
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Thu, 04 Jul 2019 13:24:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 34458 <at> debbugs.gnu.org (full text, mbox):
Amin Bandali <bandali <at> gnu.org> writes:
> Have you tried reproducing this on your end?
No, but the code is:
(defun nnimap-login (user password)
(cond
;; Prefer plain LOGIN if it's enabled (since it requires fewer
;; round trips than CRAM-MD5, and it's less likely to be buggy),
;; and we're using an encrypted connection.
((and (not (nnimap-capability "LOGINDISABLED"))
[...]
(nnimap-command "LOGIN %S %S" user password))
[...]
((and (not (nnimap-capability "LOGINDISABLED"))
[...]
(nnimap-command "LOGIN %S %S" user password))
((and (nnimap-capability "AUTH=PLAIN")
[...]
(nnimap-command
"AUTHENTICATE PLAIN %s"
(base64-encode-string
(format "\000%s\000%s"
(nnimap-quote-specials user)
(nnimap-quote-specials password)))))))
so if you're using any of the plain LOGIN things to the IMAP server,
there's really no code in there that I can see that can truncate
anything...
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Fri, 12 Jul 2019 23:50:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 34458 <at> debbugs.gnu.org (full text, mbox):
A bug report was filed for a similar problem in url.el, and it turns out
that the base64 encoding may have been the culprit -- it would split the
encoded string into two lines, thereby effectively truncating the data.
I've pushed a fix for this in nnimap, too. Could you check whether the
trunk now works for you?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Sat, 13 Jul 2019 03:21:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 34458 <at> debbugs.gnu.org (full text, mbox):
Hi Lars,
Sorry for the slow reply.
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> A bug report was filed for a similar problem in url.el, and it turns out
> that the base64 encoding may have been the culprit -- it would split the
> encoded string into two lines, thereby effectively truncating the data.
>
> I've pushed a fix for this in nnimap, too. Could you check whether the
> trunk now works for you?
With your 99e8d6fc26a163001c3a7ccf6786e1c4ecc5788e it does seem to be
fixed now; many thanks!
--
Amin Bandali
Free Software Activist | GNU Webmaster & Volunteer
GPG: BE62 7373 8E61 6D6D 1B3A 08E8 A21A 0202 4881 6103
https://shemshak.org/~amin
Added tag(s) fixed.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sat, 13 Jul 2019 03:34:02 GMT)
Full text and
rfc822 format available.
bug marked as fixed in version 27.1, send any further explanations to
34458 <at> debbugs.gnu.org and Amin Bandali <bandali <at> gnu.org>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sat, 13 Jul 2019 03:34:05 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34458; Package
emacs.
(Sat, 13 Jul 2019 03:35:01 GMT)
Full text and
rfc822 format available.
Message #30 received at 34458 <at> debbugs.gnu.org (full text, mbox):
Amin Bandali <bandali <at> gnu.org> writes:
> With your 99e8d6fc26a163001c3a7ccf6786e1c4ecc5788e it does seem to be
> fixed now; many thanks!
Great; thanks for confirming.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 10 Aug 2019 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 260 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.