Forcing authentication on a server

Forcing authentication on a server

[Steinar Bang]

Platform: qgnus-0.22, GNU emacs 19.34, SPARC, Solaris 2.5

The FAQ says the following about using an NNTP server with
authentication: 
	(add-hook 'nntp-server-opened-hook 'nntp-send-authinfo)

I've also tried
	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo)


But this only works on an NNTP server that demands authentication,
right...? 

I would like to force authentication on a server that doesn't request
it in the first place.  Ie. a username and a password gives me access
to some newsgroups that aren't normally available.

Question: Is this possible?

Answer: of course it's possible! This is Gnus!

Rephrased question: Is this simple?

Answer: not really, you have to write a function that does a forced
authentication on some NNTP servers, and then add this function to
nntp-server-opened-hook

New question: would it be an idea to add a general mechanism that
would let you set username and password in the Group Info of a foreign
NNTP group?


- Steinar

Re: Forcing authentication on a server

[Andy Eskilsson]

/ Steinar Bang <sb@metis.no> wrote:
| Platform: qgnus-0.22, GNU emacs 19.34, SPARC, Solaris 2.5
| 
| The FAQ says the following about using an NNTP server with
| authentication: 
| 	(add-hook 'nntp-server-opened-hook 'nntp-send-authinfo)
| 
| I've also tried
| 	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo)
| 
| 
| But this only works on an NNTP server that demands authentication,
| right...? 

Hmm shouldn't?? The functions above just sends the authinfo commands
if I read the code right, doesn't check if the server wants
authentification.

| New question: would it be an idea to add a general mechanism that
| would let you set username and password in the Group Info of a foreign
| NNTP group?

I vote for this!!! At the moment I have created my own function that I
point the authentification function at that sends the login and pass.

Uhm am I the only one having problems with hangs after entering
user/pass, pressing C-g fixes and I can continue to read news from
that server, but when gnus-async kicks away and I have answered
user/login I can't abort it with C-g.

	/andy

BTW What is mode stream?? (Messing around with dnews servers, are
there any good docs for the extra commands and so on? I have a hard
time finding a RFC with for example XOVER in it

Re: Forcing authentication on a server

[Steinar Bang]

>>>>> Steinar Bang <sb@metis.no>:

> Platform: qgnus-0.22, GNU emacs 19.34, SPARC, Solaris 2.5
> The FAQ says the following about using an NNTP server with
> authentication: 
> 	(add-hook 'nntp-server-opened-hook 'nntp-send-authinfo)

> I've also tried
> 	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo)

Actually this seemed to work some of the time... but I've been unable
to reproduce it.  I seemed to introduce a behaviour where it *always*
asked for username and password on a "g" command in *Group*.

Not really what I was looking for, but I was able to read an article
on that server.

Re: Forcing authentication on a server

[Steinar Bang]

>>>>> Steinar Bang <sb@metis.no>:

>>>>> Steinar Bang <sb@metis.no>:
>> Platform: qgnus-0.22, GNU emacs 19.34, SPARC, Solaris 2.5
>> The FAQ says the following about using an NNTP server with
>> authentication: 
>> 	(add-hook 'nntp-server-opened-hook 'nntp-send-authinfo)

>> I've also tried
>> 	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo)

> Actually this seemed to work some of the time... but I've been unable
> to reproduce it.  I seemed to introduce a behaviour where it *always*
> asked for username and password on a "g" command in *Group*.

> Not really what I was looking for, but I was able to read an article
> on that server.

It's kind of strange, because it doesn't start asking for username and
password straight away.  It seems to happen after a certain number of
"g" commands in *Group*.  Or maybe it happens after the demon has
tried to fetch new news and mail...? 

Hm...

Attempted forced authentication on an NNTP server

[Steinar Bang]

[-- Attachment #1: Type: text/plain, Size: 2221 bytes --]

Platform: qgnus 0.22, GNU emacs 19.34, SPARC Solaris 2.5

Attached is an attempt at forcing authinfo on an NNTP server that
doesn't demand it, but allows access to more groups if you
authenticate. 

The questions that the information in this email leads up to, are:
 1. why doesn't this work? (And why doesn't nntp-send-nosy-authinfo
    work either?)
 2. where would be a good place to put the username/password pairs?

OK.  Information follows:

I'm trying to do
	(add-hook 'nntp-server-opened-hook 'nntp-force-unsecure-authinfo)
where nntp-force-unsecure-authinfo is the function in the patch
attached below.

But I get the same kind of flaky behaviour as when I'm using
nntp-send-nosy-authinfo here, ie.: it didn't work at first, I just got
an "error: 411 No such group".

But with nntp-send-nosy-authinfo (after the first demon fetch of mail
and news?), it started asking for username and password on all foreign
NNTP servers after a while.  Maybe this one will start working after a
while, too...?

The problems with this, are:
 1. the flaky behaviour (it doesn't work at first, and then suddenly
    starts working)
 2. asking for username and passwords, makes it impossible to use
    demonical retrieval of mail and news

My "solution" also do what I expect is a no-no: I'm adding new group
parameters.

I suspect this is a no-no for two reasons:
 1. one should not add group parameters beyond the standard ones (at
    least that's what I think larsi told John Prevost a long time
    back) 
 2. one should not put username/password pairs in clear text in files 

My answer to 1 above, is that I have no idea where else to put it.  Is
there a standard file with a standard format that takes tuples of 
	server-name username password
?

My answer to 2 above, is that the NNTP servers I want to access in
this way aren't terribly secure.  They're mainly private discussion
fora that we want to keep away from the eyes of idle net surfers.

As to the question of why I've hacked nntp.el, instead of putting this
in my ~/.emacs or whereever:
 I hated the fact that the cookbook receipe for getting Gnus to work
 with this server was more complex looking than the receipes for
 Agent, Netscape et al.


- Steinar




[-- Attachment #2: force-auth-patch --]
[-- Type: text/plain, Size: 1115 bytes --]

*** nntp.el	1998/02/08 16:27:15	1.1
--- nntp.el	1998/02/08 16:28:08
***************
*** 729,734 ****
--- 729,752 ----
         "^.*\r?\n" "AUTHINFO PASS"
         (buffer-substring (point) (progn (end-of-line) (point)))))))
  
+ (defun nntp-force-unsecure-authinfo ()
+   "If the symbols `authuser' and `authpass' are defined in Group Parameters,
+ send AUTHINFO to the nntp server, whether it asks for it or not.
+ This function is supposed to be called from `nntp-server-opened-hook'.
+ Note that this is not very secure.  Its primary use, is allowing access
+ to unlisted groups on a server that doesn't normally request
+ authentication"
+   (if (and
+        (gnus-group-find-parameter gnus-newsgroup-name 'authuser)
+        (gnus-group-find-parameter gnus-newsgroup-name 'authpass))
+       (progn
+ 	(nntp-send-command
+ 	 "^.*\r?\n" "AUTHINFO USER"
+ 	 (gnus-group-find-parameter gnus-newsgroup-name 'authuser))
+ 	(nntp-send-command
+ 	 "^.*\r?\n" "AUTHINFO PASS"
+ 	 (gnus-group-find-parameter gnus-newsgroup-name 'authpass)))))
+ 
  ;;; Internal functions.
  
  (defun nntp-make-process-buffer (buffer)

Re: Attempted forced authentication on an NNTP server

[Lars Magne Ingebrigtsen]

Steinar Bang <sb@metis.no> writes:

> I'm trying to do
> 	(add-hook 'nntp-server-opened-hook 'nntp-force-unsecure-authinfo)
> where nntp-force-unsecure-authinfo is the function in the patch
> attached below.
> 
> But I get the same kind of flaky behaviour as when I'm using
> nntp-send-nosy-authinfo here, ie.: it didn't work at first, I just got
> an "error: 411 No such group".

You need the "mode reader" thing in the hook as well.  Put
`(require 'nntp)' in there before modifying the hook.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Attempted forced authentication on an NNTP server

[Steinar Bang]

>>>>> Lars Magne Ingebrigtsen <larsi@gnus.org>:

> Steinar Bang <sb@metis.no> writes:
>> I'm trying to do
>> 	(add-hook 'nntp-server-opened-hook 'nntp-force-unsecure-authinfo)
>> where nntp-force-unsecure-authinfo is the function in the patch
>> attached below.
>> 
>> But I get the same kind of flaky behaviour as when I'm using
>> nntp-send-nosy-authinfo here, ie.: it didn't work at first, I just got
>> an "error: 411 No such group".

> You need the "mode reader" thing in the hook as well.  Put
> `(require 'nntp)' in there before modifying the hook.

Hm... I was already running Gnus, and did the add-hook thingies in the
*scratch* buffer.  nntp-send-mode-reader was in the hook already

I've tried both
	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo)
which puts nntp-send-nosy-authinfo first, and
	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo t)
which puts it at the end (and yes,... with a remove-hook in between).

Currently I have 
	nntp-server-opened-hook's value is (nntp-send-mode-reader nntp-send-nosy-authinfo)
and the behaviour is still flaky.  Ie. it doesn't work right now.  If
it starts working later on, I'll tell ya.

Re: Attempted forced authentication on an NNTP server

[Steinar Bang]

>>>>> Steinar Bang <sb@metis.no>:

>>>>> Lars Magne Ingebrigtsen <larsi@gnus.org>:
>> Steinar Bang <sb@metis.no> writes:
>>> I'm trying to do
>>> (add-hook 'nntp-server-opened-hook 'nntp-force-unsecure-authinfo)
>>> where nntp-force-unsecure-authinfo is the function in the patch
>>> attached below.
>>> 
>>> But I get the same kind of flaky behaviour as when I'm using
>>> nntp-send-nosy-authinfo here, ie.: it didn't work at first, I just got
>>> an "error: 411 No such group".

>> You need the "mode reader" thing in the hook as well.  Put
>> `(require 'nntp)' in there before modifying the hook.

> Hm... I was already running Gnus, and did the add-hook thingies in the
> *scratch* buffer.  nntp-send-mode-reader was in the hook already

> I've tried both
> 	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo)
> which puts nntp-send-nosy-authinfo first, and
> 	(add-hook 'nntp-server-opened-hook 'nntp-send-nosy-authinfo t)
> which puts it at the end (and yes,... with a remove-hook in between).

> Currently I have 
> 	nntp-server-opened-hook's value is (nntp-send-mode-reader nntp-send-nosy-authinfo)
> and the behaviour is still flaky.  Ie. it doesn't work right now.  If
> it starts working later on, I'll tell ya.

Hm... now it works for one foreign server (ie. it asks on every get,
even if it doesn't have to), but not on the one with a * in front of
it (the one where I need a username/password pair to get access to the
groups).

Is there a debug mode for nntp? Ie. some way I can look at the NNTP
traffic with a foreign server before Gnus zaps the buffer?

Re: Attempted forced authentication on an NNTP server

[Lars Magne Ingebrigtsen]

Steinar Bang <sb@metis.no> writes:

> Hm... now it works for one foreign server (ie. it asks on every get,
> even if it doesn't have to), but not on the one with a * in front of
> it (the one where I need a username/password pair to get access to the
> groups).

Perhaps that server has defined `nntp-server-opened-hook' to be
something else?

> Is there a debug mode for nntp? Ie. some way I can look at the NNTP
> traffic with a foreign server before Gnus zaps the buffer?

No; debugging the nntp traffic is difficult.  I normally edebug-defun
a few functions and step through them, and sees what happens in the
server buffers.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen