GNU bug report logs - #41951
28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41951 in the body.
You can then email your comments to 41951 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?
Date: Fri, 19 Jun 2020 10:41:53 -0700

[Message part 1 (text/plain, inline)]

IMAP servers that allow anonymous authentication advertise that fact in
their capabilities as AUTH=ANONYMOUS.

nnimap currently lets you take advantage of this explicitly, by setting
(nnimap-authenticator anonymous) in the server definition. But this
requires you to know in advance that the server allows anonymous
authentication, and decide to use it.

Gnus could figure this out itself and anonymously log in, using the
attached patch. It seems to work fine, but there might be further
consequences I haven't thought of. And possibly we'd simply prefer that
settings like this be a little more explicit for the user?

Does anyone have any opinions on this?

[nnimap-anonymous.diff (text/x-patch, attachment)]

Message #8 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sun, 19 Jul 2020 03:07:14 +0200

Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:

> Gnus could figure this out itself and anonymously log in, using the
> attached patch. It seems to work fine, but there might be further
> consequences I haven't thought of. And possibly we'd simply prefer that
> settings like this be a little more explicit for the user?

Would this interfere with logging in normally with your own user name?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #11 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sat, 18 Jul 2020 20:14:09 -0700

On 07/19/20 03:07 AM, Lars Ingebrigtsen wrote:
> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> Gnus could figure this out itself and anonymously log in, using the
>> attached patch. It seems to work fine, but there might be further
>> consequences I haven't thought of. And possibly we'd simply prefer that
>> settings like this be a little more explicit for the user?
>
> Would this interfere with logging in normally with your own user name?

I think if we did it this way:

(if (or (eq nnimap-authenticator 'anonymous)
	(and (null nnimap-authenticator)
	     (nnimap-capability "AUTH=ANONYMOUS")))
    (list "anonymous"
	  (message-make-address))
  ;; normal log in process
  )

Then we only fall back on anonymous if the user hasn't specified
anything explicitly. I haven't yet verified that (null
nnimap-authenticator) does the right thing in this case, though.

Eric

Message #14 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sun, 19 Jul 2020 05:17:18 +0200

Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:

> I think if we did it this way:
>
> (if (or (eq nnimap-authenticator 'anonymous)
> 	(and (null nnimap-authenticator)
> 	     (nnimap-capability "AUTH=ANONYMOUS")))
>     (list "anonymous"
> 	  (message-make-address))
>   ;; normal log in process
>   )
>
> Then we only fall back on anonymous if the user hasn't specified
> anything explicitly. I haven't yet verified that (null
> nnimap-authenticator) does the right thing in this case, though.

The code now is:

	      (if (not (setq credentials
			     (if (eq nnimap-authenticator 'anonymous)
				 (list "anonymous"
				       (message-make-address))
                               ;; Look for the credentials based on
                               ;; the virtual server name and the address
                               (nnimap-credentials
				(gnus-delete-duplicates
				 (list server nnimap-address))
                                ports
                                nnimap-user))))

That call to nnimap-credentials looks into the .authinfo file, and if
the password is present there, it uses it.

So at the very least, the auto-anonymous thing would have to be reversed
in priority -- after the call to nnimap-credentials.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #17 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sat, 18 Jul 2020 20:20:35 -0700

On 07/19/20 05:17 AM, Lars Ingebrigtsen wrote:
> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> I think if we did it this way:
>>
>> (if (or (eq nnimap-authenticator 'anonymous)
>> 	(and (null nnimap-authenticator)
>> 	     (nnimap-capability "AUTH=ANONYMOUS")))
>>     (list "anonymous"
>> 	  (message-make-address))
>>   ;; normal log in process
>>   )
>>
>> Then we only fall back on anonymous if the user hasn't specified
>> anything explicitly. I haven't yet verified that (null
>> nnimap-authenticator) does the right thing in this case, though.
>
> The code now is:
>
> 	      (if (not (setq credentials
> 			     (if (eq nnimap-authenticator 'anonymous)
> 				 (list "anonymous"
> 				       (message-make-address))
>                                ;; Look for the credentials based on
>                                ;; the virtual server name and the address
>                                (nnimap-credentials
> 				(gnus-delete-duplicates
> 				 (list server nnimap-address))
>                                 ports
>                                 nnimap-user))))
>
> That call to nnimap-credentials looks into the .authinfo file, and if
> the password is present there, it uses it.
>
> So at the very least, the auto-anonymous thing would have to be reversed
> in priority -- after the call to nnimap-credentials.

So only honor AUTH=ANONYMOUS if the user has set no
nnimap-authenticator, and also we don't find this server in our
auth-source-search, right?

Message #20 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sun, 19 Jul 2020 05:21:45 +0200

Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:

> So only honor AUTH=ANONYMOUS if the user has set no
> nnimap-authenticator, and also we don't find this server in our
> auth-source-search, right?

Yes.  nnimap-authenticator is nil by default.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #23 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sat, 18 Jul 2020 21:01:15 -0700

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> So only honor AUTH=ANONYMOUS if the user has set no
>> nnimap-authenticator, and also we don't find this server in our
>> auth-source-search, right?
>
> Yes.  nnimap-authenticator is nil by default.

Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
details and save them if none are found, which is the behavior I was
trying to avoid to begin with.

Meh, this probably isn't the right thing to do. The manual specifically
says (about `nnimap-authenticator'):

"Some IMAP servers allow anonymous logins. In that case, this should be
 set to ‘anonymous’. If this variable isn’t set, the normal login
 methods will be used."

So implicitly short-circuiting the normal login procedure is actually
contrary to the documentation, which says do it explicitly. I'm inclined
to drop this...

Message #26 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Cc: 41951 <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sun, 19 Jul 2020 06:03:06 +0200

Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:

> Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
> details and save them if none are found, which is the behavior I was
> trying to avoid to begin with.

We could change that to not prompt if AUTH=ANONYMOUS is available?

> Meh, this probably isn't the right thing to do. The manual specifically
> says (about `nnimap-authenticator'):
>
> "Some IMAP servers allow anonymous logins. In that case, this should be
>  set to ‘anonymous’. If this variable isn’t set, the normal login
>  methods will be used."
>
> So implicitly short-circuiting the normal login procedure is actually
> contrary to the documentation, which says do it explicitly. I'm inclined
> to drop this...

Yeah, it's pretty obscure anyway, isn't it?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #29 received at 41951 <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 41951 <at> debbugs.gnu.org, 41951-done <at> debbugs.gnu.org
Subject: Re: bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus
 nnimap?
Date: Sat, 18 Jul 2020 21:12:49 -0700

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
>> details and save them if none are found, which is the behavior I was
>> trying to avoid to begin with.
>
> We could change that to not prompt if AUTH=ANONYMOUS is available?
>
>> Meh, this probably isn't the right thing to do. The manual specifically
>> says (about `nnimap-authenticator'):
>>
>> "Some IMAP servers allow anonymous logins. In that case, this should be
>>  set to ‘anonymous’. If this variable isn’t set, the normal login
>>  methods will be used."
>>
>> So implicitly short-circuiting the normal login procedure is actually
>> contrary to the documentation, which says do it explicitly. I'm inclined
>> to drop this...
>
> Yeah, it's pretty obscure anyway, isn't it?

Yup. Sorry for the noise.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.