bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Eric Abrahamsen]

[-- Attachment #1: Type: text/plain, Size: 662 bytes --]


IMAP servers that allow anonymous authentication advertise that fact in
their capabilities as AUTH=ANONYMOUS.

nnimap currently lets you take advantage of this explicitly, by setting
(nnimap-authenticator anonymous) in the server definition. But this
requires you to know in advance that the server allows anonymous
authentication, and decide to use it.

Gnus could figure this out itself and anonymously log in, using the
attached patch. It seems to work fine, but there might be further
consequences I haven't thought of. And possibly we'd simply prefer that
settings like this be a little more explicit for the user?

Does anyone have any opinions on this?


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: nnimap-anonymous.diff --]
[-- Type: text/x-patch, Size: 1140 bytes --]

diff --git a/lisp/gnus/gnus-registry.el b/lisp/gnus/gnus-registry.el
index f306889a7f..ebb1236674 100644
--- a/lisp/gnus/gnus-registry.el
+++ b/lisp/gnus/gnus-registry.el
@@ -837,6 +837,7 @@ gnus-registry-find-keywords
                 (completing-read "Keyword: " (gnus-registry-keywords) nil t)))
   (registry-lookup-secondary-value gnus-registry-db 'keyword keyword))
 
+
 (defun gnus-registry-register-message-ids ()
   "Register the Message-ID of every article in the group."
   (unless (gnus-parameter-registry-ignore gnus-newsgroup-name)
diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el
index 3c4e75ede8..18d3cba173 100644
--- a/lisp/gnus/nnimap.el
+++ b/lisp/gnus/nnimap.el
@@ -509,7 +509,8 @@ nnimap-open-connection-1
 			  (split-string capabilities)))
 	    (unless (string-match-p "[*.] PREAUTH" greeting)
 	      (if (not (setq credentials
-			     (if (eq nnimap-authenticator 'anonymous)
+			     (if (or (eq nnimap-authenticator 'anonymous)
+				     (nnimap-capability "AUTH=ANONYMOUS"))
 				 (list "anonymous"
 				       (message-make-address))
                                ;; Look for the credentials based on

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Lars Ingebrigtsen]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> Gnus could figure this out itself and anonymously log in, using the
> attached patch. It seems to work fine, but there might be further
> consequences I haven't thought of. And possibly we'd simply prefer that
> settings like this be a little more explicit for the user?

Would this interfere with logging in normally with your own user name?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Eric Abrahamsen]

On 07/19/20 03:07 AM, Lars Ingebrigtsen wrote:
> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>
>> Gnus could figure this out itself and anonymously log in, using the
>> attached patch. It seems to work fine, but there might be further
>> consequences I haven't thought of. And possibly we'd simply prefer that
>> settings like this be a little more explicit for the user?
>
> Would this interfere with logging in normally with your own user name?

I think if we did it this way:

(if (or (eq nnimap-authenticator 'anonymous)
	(and (null nnimap-authenticator)
	     (nnimap-capability "AUTH=ANONYMOUS")))
    (list "anonymous"
	  (message-make-address))
  ;; normal log in process
  )

Then we only fall back on anonymous if the user hasn't specified
anything explicitly. I haven't yet verified that (null
nnimap-authenticator) does the right thing in this case, though.

Eric

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Lars Ingebrigtsen]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> I think if we did it this way:
>
> (if (or (eq nnimap-authenticator 'anonymous)
> 	(and (null nnimap-authenticator)
> 	     (nnimap-capability "AUTH=ANONYMOUS")))
>     (list "anonymous"
> 	  (message-make-address))
>   ;; normal log in process
>   )
>
> Then we only fall back on anonymous if the user hasn't specified
> anything explicitly. I haven't yet verified that (null
> nnimap-authenticator) does the right thing in this case, though.

The code now is:

	      (if (not (setq credentials
			     (if (eq nnimap-authenticator 'anonymous)
				 (list "anonymous"
				       (message-make-address))
                               ;; Look for the credentials based on
                               ;; the virtual server name and the address
                               (nnimap-credentials
				(gnus-delete-duplicates
				 (list server nnimap-address))
                                ports
                                nnimap-user))))

That call to nnimap-credentials looks into the .authinfo file, and if
the password is present there, it uses it.

So at the very least, the auto-anonymous thing would have to be reversed
in priority -- after the call to nnimap-credentials.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Eric Abrahamsen]

On 07/19/20 05:17 AM, Lars Ingebrigtsen wrote:
> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>
>> I think if we did it this way:
>>
>> (if (or (eq nnimap-authenticator 'anonymous)
>> 	(and (null nnimap-authenticator)
>> 	     (nnimap-capability "AUTH=ANONYMOUS")))
>>     (list "anonymous"
>> 	  (message-make-address))
>>   ;; normal log in process
>>   )
>>
>> Then we only fall back on anonymous if the user hasn't specified
>> anything explicitly. I haven't yet verified that (null
>> nnimap-authenticator) does the right thing in this case, though.
>
> The code now is:
>
> 	      (if (not (setq credentials
> 			     (if (eq nnimap-authenticator 'anonymous)
> 				 (list "anonymous"
> 				       (message-make-address))
>                                ;; Look for the credentials based on
>                                ;; the virtual server name and the address
>                                (nnimap-credentials
> 				(gnus-delete-duplicates
> 				 (list server nnimap-address))
>                                 ports
>                                 nnimap-user))))
>
> That call to nnimap-credentials looks into the .authinfo file, and if
> the password is present there, it uses it.
>
> So at the very least, the auto-anonymous thing would have to be reversed
> in priority -- after the call to nnimap-credentials.

So only honor AUTH=ANONYMOUS if the user has set no
nnimap-authenticator, and also we don't find this server in our
auth-source-search, right?

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Lars Ingebrigtsen]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> So only honor AUTH=ANONYMOUS if the user has set no
> nnimap-authenticator, and also we don't find this server in our
> auth-source-search, right?

Yes.  nnimap-authenticator is nil by default.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Eric Abrahamsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>
>> So only honor AUTH=ANONYMOUS if the user has set no
>> nnimap-authenticator, and also we don't find this server in our
>> auth-source-search, right?
>
> Yes.  nnimap-authenticator is nil by default.

Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
details and save them if none are found, which is the behavior I was
trying to avoid to begin with.

Meh, this probably isn't the right thing to do. The manual specifically
says (about `nnimap-authenticator'):

"Some IMAP servers allow anonymous logins. In that case, this should be
 set to ‘anonymous’. If this variable isn’t set, the normal login
 methods will be used."

So implicitly short-circuiting the normal login procedure is actually
contrary to the documentation, which says do it explicitly. I'm inclined
to drop this...

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Lars Ingebrigtsen]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
> details and save them if none are found, which is the behavior I was
> trying to avoid to begin with.

We could change that to not prompt if AUTH=ANONYMOUS is available?

> Meh, this probably isn't the right thing to do. The manual specifically
> says (about `nnimap-authenticator'):
>
> "Some IMAP servers allow anonymous logins. In that case, this should be
>  set to ‘anonymous’. If this variable isn’t set, the normal login
>  methods will be used."
>
> So implicitly short-circuiting the normal login procedure is actually
> contrary to the documentation, which says do it explicitly. I'm inclined
> to drop this...

Yeah, it's pretty obscure anyway, isn't it?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#41951: 28.0.50; Automatically detect AUTH=ANONYMOUS in Gnus nnimap?

[Eric Abrahamsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>
>> Hmm, but `nnimap-credentials->auth-source-search' will prompt for auth
>> details and save them if none are found, which is the behavior I was
>> trying to avoid to begin with.
>
> We could change that to not prompt if AUTH=ANONYMOUS is available?
>
>> Meh, this probably isn't the right thing to do. The manual specifically
>> says (about `nnimap-authenticator'):
>>
>> "Some IMAP servers allow anonymous logins. In that case, this should be
>>  set to ‘anonymous’. If this variable isn’t set, the normal login
>>  methods will be used."
>>
>> So implicitly short-circuiting the normal login procedure is actually
>> contrary to the documentation, which says do it explicitly. I'm inclined
>> to drop this...
>
> Yeah, it's pretty obscure anyway, isn't it?

Yup. Sorry for the noise.