GNU bug report logs -
#41951
28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?
Previous Next
Reported by: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Date: Fri, 19 Jun 2020 17:42:01 UTC
Severity: normal
Found in version 28.0.50
Done: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41951 in the body.
You can then email your comments to 41951 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Fri, 19 Jun 2020 17:42:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Eric Abrahamsen <eric <at> ericabrahamsen.net>
:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org
.
(Fri, 19 Jun 2020 17:42:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
IMAP servers that allow anonymous authentication advertise that fact in
their capabilities as AUTH=ANONYMOUS.
nnimap currently lets you take advantage of this explicitly, by setting
(nnimap-authenticator anonymous) in the server definition. But this
requires you to know in advance that the server allows anonymous
authentication, and decide to use it.
Gnus could figure this out itself and anonymously log in, using the
attached patch. It seems to work fine, but there might be further
consequences I haven't thought of. And possibly we'd simply prefer that
settings like this be a little more explicit for the user?
Does anyone have any opinions on this?
[nnimap-anonymous.diff (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 01:08:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 41951 <at> debbugs.gnu.org (full text, mbox):
Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
> Gnus could figure this out itself and anonymously log in, using the
> attached patch. It seems to work fine, but there might be further
> consequences I haven't thought of. And possibly we'd simply prefer that
> settings like this be a little more explicit for the user?
Would this interfere with logging in normally with your own user name?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 03:15:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 41951 <at> debbugs.gnu.org (full text, mbox):
On 07/19/20 03:07 AM, Lars Ingebrigtsen wrote:
> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> Gnus could figure this out itself and anonymously log in, using the
>> attached patch. It seems to work fine, but there might be further
>> consequences I haven't thought of. And possibly we'd simply prefer that
>> settings like this be a little more explicit for the user?
>
> Would this interfere with logging in normally with your own user name?
I think if we did it this way:
(if (or (eq nnimap-authenticator 'anonymous)
(and (null nnimap-authenticator)
(nnimap-capability "AUTH=ANONYMOUS")))
(list "anonymous"
(message-make-address))
;; normal log in process
)
Then we only fall back on anonymous if the user hasn't specified
anything explicitly. I haven't yet verified that (null
nnimap-authenticator) does the right thing in this case, though.
Eric
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 03:18:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 41951 <at> debbugs.gnu.org (full text, mbox):
Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
> I think if we did it this way:
>
> (if (or (eq nnimap-authenticator 'anonymous)
> (and (null nnimap-authenticator)
> (nnimap-capability "AUTH=ANONYMOUS")))
> (list "anonymous"
> (message-make-address))
> ;; normal log in process
> )
>
> Then we only fall back on anonymous if the user hasn't specified
> anything explicitly. I haven't yet verified that (null
> nnimap-authenticator) does the right thing in this case, though.
The code now is:
(if (not (setq credentials
(if (eq nnimap-authenticator 'anonymous)
(list "anonymous"
(message-make-address))
;; Look for the credentials based on
;; the virtual server name and the address
(nnimap-credentials
(gnus-delete-duplicates
(list server nnimap-address))
ports
nnimap-user))))
That call to nnimap-credentials looks into the .authinfo file, and if
the password is present there, it uses it.
So at the very least, the auto-anonymous thing would have to be reversed
in priority -- after the call to nnimap-credentials.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 03:21:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 41951 <at> debbugs.gnu.org (full text, mbox):
On 07/19/20 05:17 AM, Lars Ingebrigtsen wrote:
> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> I think if we did it this way:
>>
>> (if (or (eq nnimap-authenticator 'anonymous)
>> (and (null nnimap-authenticator)
>> (nnimap-capability "AUTH=ANONYMOUS")))
>> (list "anonymous"
>> (message-make-address))
>> ;; normal log in process
>> )
>>
>> Then we only fall back on anonymous if the user hasn't specified
>> anything explicitly. I haven't yet verified that (null
>> nnimap-authenticator) does the right thing in this case, though.
>
> The code now is:
>
> (if (not (setq credentials
> (if (eq nnimap-authenticator 'anonymous)
> (list "anonymous"
> (message-make-address))
> ;; Look for the credentials based on
> ;; the virtual server name and the address
> (nnimap-credentials
> (gnus-delete-duplicates
> (list server nnimap-address))
> ports
> nnimap-user))))
>
> That call to nnimap-credentials looks into the .authinfo file, and if
> the password is present there, it uses it.
>
> So at the very least, the auto-anonymous thing would have to be reversed
> in priority -- after the call to nnimap-credentials.
So only honor AUTH=ANONYMOUS if the user has set no
nnimap-authenticator, and also we don't find this server in our
auth-source-search, right?
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 03:22:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 41951 <at> debbugs.gnu.org (full text, mbox):
Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
> So only honor AUTH=ANONYMOUS if the user has set no
> nnimap-authenticator, and also we don't find this server in our
> auth-source-search, right?
Yes. nnimap-authenticator is nil by default.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 04:02:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 41951 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> So only honor AUTH=ANONYMOUS if the user has set no
>> nnimap-authenticator, and also we don't find this server in our
>> auth-source-search, right?
>
> Yes. nnimap-authenticator is nil by default.
Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
details and save them if none are found, which is the behavior I was
trying to avoid to begin with.
Meh, this probably isn't the right thing to do. The manual specifically
says (about `nnimap-authenticator'):
"Some IMAP servers allow anonymous logins. In that case, this should be
set to ‘anonymous’. If this variable isn’t set, the normal login
methods will be used."
So implicitly short-circuiting the normal login procedure is actually
contrary to the documentation, which says do it explicitly. I'm inclined
to drop this...
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 04:04:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 41951 <at> debbugs.gnu.org (full text, mbox):
Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
> Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
> details and save them if none are found, which is the behavior I was
> trying to avoid to begin with.
We could change that to not prompt if AUTH=ANONYMOUS is available?
> Meh, this probably isn't the right thing to do. The manual specifically
> says (about `nnimap-authenticator'):
>
> "Some IMAP servers allow anonymous logins. In that case, this should be
> set to ‘anonymous’. If this variable isn’t set, the normal login
> methods will be used."
>
> So implicitly short-circuiting the normal login procedure is actually
> contrary to the documentation, which says do it explicitly. I'm inclined
> to drop this...
Yeah, it's pretty obscure anyway, isn't it?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#41951
; Package
emacs
.
(Sun, 19 Jul 2020 04:13:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 41951 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> Eric Abrahamsen <eric <at> ericabrahamsen.net> writes:
>
>> Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
>> details and save them if none are found, which is the behavior I was
>> trying to avoid to begin with.
>
> We could change that to not prompt if AUTH=ANONYMOUS is available?
>
>> Meh, this probably isn't the right thing to do. The manual specifically
>> says (about `nnimap-authenticator'):
>>
>> "Some IMAP servers allow anonymous logins. In that case, this should be
>> set to ‘anonymous’. If this variable isn’t set, the normal login
>> methods will be used."
>>
>> So implicitly short-circuiting the normal login procedure is actually
>> contrary to the documentation, which says do it explicitly. I'm inclined
>> to drop this...
>
> Yeah, it's pretty obscure anyway, isn't it?
Yup. Sorry for the noise.
Reply sent
to
Eric Abrahamsen <eric <at> ericabrahamsen.net>
:
You have taken responsibility.
(Sun, 19 Jul 2020 04:13:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Eric Abrahamsen <eric <at> ericabrahamsen.net>
:
bug acknowledged by developer.
(Sun, 19 Jul 2020 04:13:03 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sun, 16 Aug 2020 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 253 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.