unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#34458: 27.0.50; Gnus's nnimap truncates password
@ 2019-02-12 16:49 Amin Bandali
  2019-06-22 13:01 ` Lars Ingebrigtsen
  0 siblings, 1 reply; 8+ messages in thread
From: Amin Bandali @ 2019-02-12 16:49 UTC (permalink / raw)
  To: 34458

It seems that when the combined length of username + password for an
imap login exceeds certain length, nnimap tries to log into the server
with a truncated password.

Example:

Say I have the following line in ~/.authinfo.gpg:

machine mymchn login myuserid@hereis.alongaddr.ca password VAdlmhgtPX3RQpV2bfr8ilj6Qptr0Omz

I was wondering why Gnus wasn’t able to log into the server, though I
had made sure I was using the correct username and password.  Upon
looking into server logs, I noticed that the login attempts were made
using VAdlmhgtPX3RQpV2bfr8ilj6Qpt as the password (notice that r0Omz is
missing at the end) instead of the correct full password.

Then I tried with a shorter username like below and it worked just fine:

machine mymchn login myuserid@hereis.ca password VAdlmhgtPX3RQpV2bfr8ilj6Qptr0Omz

If I recall correctly, this issue also happens without adding a machine
entry to ~/.authinfo.gpg (i.e. by filling out the username and password
prompt); which leads me to think that the issue is not with auth-source.





^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-02-12 16:49 bug#34458: 27.0.50; Gnus's nnimap truncates password Amin Bandali
@ 2019-06-22 13:01 ` Lars Ingebrigtsen
  2019-06-22 13:04   ` Lars Ingebrigtsen
  2019-06-29 18:32   ` Amin Bandali
  0 siblings, 2 replies; 8+ messages in thread
From: Lars Ingebrigtsen @ 2019-06-22 13:01 UTC (permalink / raw)
  To: Amin Bandali; +Cc: 34458

Amin Bandali <bandali@gnu.org> writes:

> It seems that when the combined length of username + password for an
> imap login exceeds certain length, nnimap tries to log into the server
> with a truncated password.

I've looked at the code, and I can't see where it would be truncating
the password...

> I was wondering why Gnus wasn’t able to log into the server, though I
> had made sure I was using the correct username and password.  Upon
> looking into server logs, I noticed that the login attempts were made
> using VAdlmhgtPX3RQpV2bfr8ilj6Qpt as the password (notice that r0Omz is
> missing at the end) instead of the correct full password.

Is it possible that the server is truncating the password (before
logging it, even)?  What IMAP server are you using?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-06-22 13:01 ` Lars Ingebrigtsen
@ 2019-06-22 13:04   ` Lars Ingebrigtsen
  2019-06-29 18:32   ` Amin Bandali
  1 sibling, 0 replies; 8+ messages in thread
From: Lars Ingebrigtsen @ 2019-06-22 13:04 UTC (permalink / raw)
  To: Amin Bandali; +Cc: 34458

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Amin Bandali <bandali@gnu.org> writes:
>
>> It seems that when the combined length of username + password for an
>> imap login exceeds certain length, nnimap tries to log into the server
>> with a truncated password.
>
> I've looked at the code, and I can't see where it would be truncating
> the password...

Unless you're using CRAM-MD5 as the auth method, but then you wouldn't
see the password at all on the server side, I guess...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-06-22 13:01 ` Lars Ingebrigtsen
  2019-06-22 13:04   ` Lars Ingebrigtsen
@ 2019-06-29 18:32   ` Amin Bandali
  2019-07-04 13:23     ` Lars Ingebrigtsen
  1 sibling, 1 reply; 8+ messages in thread
From: Amin Bandali @ 2019-06-29 18:32 UTC (permalink / raw)
  To: Lars Ingebrigtsen; +Cc: 34458

Lars Ingebrigtsen <larsi@gnus.org> writes:

[...]

>
> Is it possible that the server is truncating the password (before
> logging it, even)?  What IMAP server are you using?

I don’t think so…?  I use a local dovecot with a fairly typical
configuration [0], with sha512 of passwords stored in a separate file.

[0]: https://git.sr.ht/~bandali/dotfiles/tree/b1ed9ee8a3c507dd26df3d884fb0e15daef7da99/rc.org#L23


Lars Ingebrigtsen <larsi@gnus.org> writes:

[...]

>
> Unless you're using CRAM-MD5 as the auth method, but then you wouldn't
> see the password at all on the server side, I guess...

Right.  As far as I know, I am not.  I have been meaning to try and
edebug nnimap-login, but I’ve been super busy with school work lately,
and have barely had any free time.

Have you tried reproducing this on your end?





^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-06-29 18:32   ` Amin Bandali
@ 2019-07-04 13:23     ` Lars Ingebrigtsen
  2019-07-12 23:49       ` Lars Ingebrigtsen
  0 siblings, 1 reply; 8+ messages in thread
From: Lars Ingebrigtsen @ 2019-07-04 13:23 UTC (permalink / raw)
  To: Amin Bandali; +Cc: 34458

Amin Bandali <bandali@gnu.org> writes:

> Have you tried reproducing this on your end?

No, but the code is:

(defun nnimap-login (user password)
  (cond
   ;; Prefer plain LOGIN if it's enabled (since it requires fewer
   ;; round trips than CRAM-MD5, and it's less likely to be buggy),
   ;; and we're using an encrypted connection.
   ((and (not (nnimap-capability "LOGINDISABLED"))

[...]

    (nnimap-command "LOGIN %S %S" user password))

[...]

   ((and (not (nnimap-capability "LOGINDISABLED"))

[...]

    (nnimap-command "LOGIN %S %S" user password))
   ((and (nnimap-capability "AUTH=PLAIN")

[...]

    (nnimap-command
     "AUTHENTICATE PLAIN %s"
     (base64-encode-string
      (format "\000%s\000%s"
	      (nnimap-quote-specials user)
	      (nnimap-quote-specials password)))))))

so if you're using any of the plain LOGIN things to the IMAP server,
there's really no code in there that I can see that can truncate
anything...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-07-04 13:23     ` Lars Ingebrigtsen
@ 2019-07-12 23:49       ` Lars Ingebrigtsen
  2019-07-13  3:20         ` Amin Bandali
  0 siblings, 1 reply; 8+ messages in thread
From: Lars Ingebrigtsen @ 2019-07-12 23:49 UTC (permalink / raw)
  To: Amin Bandali; +Cc: 34458

A bug report was filed for a similar problem in url.el, and it turns out
that the base64 encoding may have been the culprit -- it would split the
encoded string into two lines, thereby effectively truncating the data.

I've pushed a fix for this in nnimap, too.  Could you check whether the
trunk now works for you?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no






^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-07-12 23:49       ` Lars Ingebrigtsen
@ 2019-07-13  3:20         ` Amin Bandali
  2019-07-13  3:34           ` Lars Ingebrigtsen
  0 siblings, 1 reply; 8+ messages in thread
From: Amin Bandali @ 2019-07-13  3:20 UTC (permalink / raw)
  To: Lars Ingebrigtsen; +Cc: 34458

Hi Lars,

Sorry for the slow reply.

Lars Ingebrigtsen <larsi@gnus.org> writes:

> A bug report was filed for a similar problem in url.el, and it turns out
> that the base64 encoding may have been the culprit -- it would split the
> encoded string into two lines, thereby effectively truncating the data.
>
> I've pushed a fix for this in nnimap, too.  Could you check whether the
> trunk now works for you?

With your 99e8d6fc26a163001c3a7ccf6786e1c4ecc5788e it does seem to be
fixed now; many thanks!

-- 
Amin Bandali
Free Software Activist | GNU Webmaster & Volunteer
GPG: BE62 7373 8E61 6D6D 1B3A  08E8 A21A 0202 4881 6103
https://shemshak.org/~amin





^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#34458: 27.0.50; Gnus's nnimap truncates password
  2019-07-13  3:20         ` Amin Bandali
@ 2019-07-13  3:34           ` Lars Ingebrigtsen
  0 siblings, 0 replies; 8+ messages in thread
From: Lars Ingebrigtsen @ 2019-07-13  3:34 UTC (permalink / raw)
  To: Amin Bandali; +Cc: 34458

Amin Bandali <bandali@gnu.org> writes:

> With your 99e8d6fc26a163001c3a7ccf6786e1c4ecc5788e it does seem to be
> fixed now; many thanks!

Great; thanks for confirming.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-07-13  3:34 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-12 16:49 bug#34458: 27.0.50; Gnus's nnimap truncates password Amin Bandali
2019-06-22 13:01 ` Lars Ingebrigtsen
2019-06-22 13:04   ` Lars Ingebrigtsen
2019-06-29 18:32   ` Amin Bandali
2019-07-04 13:23     ` Lars Ingebrigtsen
2019-07-12 23:49       ` Lars Ingebrigtsen
2019-07-13  3:20         ` Amin Bandali
2019-07-13  3:34           ` Lars Ingebrigtsen

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).