GNU bug report logs - #18842
24.4; gnus not handling passwords with double quotes in .authinfo

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 18842 in the body.
You can then email your comments to 18842 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: David Spångberg <david <at> tunna.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.4; gnus not handling passwords with double quotes in .authinfo
Date: Sun, 26 Oct 2014 12:54:29 +0100

Hi

After a recent update of emacs gnus fails to connect to a mail server
with login information listed in one of the "~/.authinfo" or
"~/.authinfo.gpg" files. The password in the file is quoted and contains
an escaped double quote. Something like this:

  machine example.org login testuser password "test\"password" port 12345

gnus fails with the following messages displayed in the *messages* buffer:

  auth-source-netrc-parse-entries: Unexpected 'machine' token at line 2
  nnimap (example) open error: 'NO (AUTHENTICATIONFAILED) Authentication failed.'.  Continue? (y or n) n

The problem seems to be a faulty regexp in
`auth-source-netrc-parse-one'. The following code run from a clean emacs
24.4 session shows the problem:

  (require 'auth-source)

  ;; The following should return "test\"password" but instead returns
  ;; "test\\"
  (with-temp-buffer
    (insert "\"test\\\"password\"\n")
    (goto-char (point-min))
    (auth-source-netrc-parse-one))

The faulty regexp in `auth-source-netrc-parse-one' I am referring to is
the following:

  ...
  (looking-at "\"\\([^\"]*\\)\"")
  ...

My current workaround is to redefine `auth-source-netrc-parse-one' in my
init file like this:

  (defun auth-source-netrc-parse-one ()
    "Read one thing from the current buffer."
    (auth-source-netrc-parse-next-interesting)
    (unless (eobp)
      (let ((matched
             (if (= (following-char) ?\")
                 (read (current-buffer))
               (buffer-substring
                (point) (progn (skip-chars-forward "^\t\n ")
                               (point))))))
        (auth-source-netrc-parse-next-interesting)
        matched)))

This definition is based on some code in `netrc-parse' from
"net/netrc.el" (maybe it is possible to use this function in gnus
instead?).

Best regards,

David


In GNU Emacs 24.4.1 (x86_64-unknown-linux-gnu, GTK+ Version 3.14.3)
 of 2014-10-21 on bitzer.hoetzel.info
Windowing system distributor `The X.Org Foundation', version 11.0.11601000
Configured using:
 `configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
 --localstatedir=/var --with-x-toolkit=gtk3 --with-xft
 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong
 --param=ssp-buffer-size=4' CPPFLAGS=-D_FORTIFY_SOURCE=2
 LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro'

Important settings:
  value of $LC_MESSAGES: C
  value of $LANG: en_US.utf8
  locale-coding-system: utf-8-unix

Major mode: Emacs-Lisp

Minor modes in effect:
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
C-e C-x C-e C-n C-n C-M-x M-x r e p o r t <tab> <return>
G N U <backspace> <backspace> <backspace> g n u s SPC
n o t SPC h a n d l i n g SPC d o u b l e SPC q u o
t e s SPC i n SPC q u o t e d SPC p a s s w o r d SPC
s t r i n g e s <backspace> <backspace> s C-a C-e <return>
C-n C-n C-n C-n C-n C-n C-l C-n C-l C-n C-l C-n C-l
C-p C-p C-p C-p C-p C-p C-p C-p C-l C-p C-l C-p C-l
C-p C-l C-n C-n C-n C-n C-n C-n C-n C-n C-l C-x k y e
s <return> C-g C-g C-x k <return> y e s <return> M-x
M-p <return>

Recent messages:
Checking 70 files in /usr/share/emacs/24.4/lisp/erc...
Checking 48 files in /usr/share/emacs/24.4/lisp/emulation...
Checking 151 files in /usr/share/emacs/24.4/lisp/emacs-lisp...
Checking 24 files in /usr/share/emacs/24.4/lisp/cedet...
Checking 57 files in /usr/share/emacs/24.4/lisp/calendar...
Checking 87 files in /usr/share/emacs/24.4/lisp/calc...
Checking 95 files in /usr/share/emacs/24.4/lisp/obsolete...
Checking for load-path shadows...done
byte-code: Beginning of buffer [3 times]
Auto-saving...done
Quit [2 times]

Load-path shadows:
None found.

Features:
(help-mode pp shadow sort mail-extr emacsbug message format-spec rfc822
mml easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mail-utils auth-source eieio byte-opt bytecomp byte-compile cconv
eieio-core gnus-util mm-util help-fns mail-prsvr password-cache
time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment lisp-mode prog-mode register page menu-bar
rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax
facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak
czech european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button
faces cus-face macroexp files text-properties overlay sha1 md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process dbusbind gfilenotify dynamic-setting
system-font-setting font-render-setting move-toolbar gtk x-toolkit x
multi-tty emacs)

Memory information:
((conses 16 82211 11023)
 (symbols 48 18873 0)
 (miscs 40 46 233)
 (strings 32 12611 4005)
 (string-bytes 1 356631)
 (vectors 16 11040)
 (vector-slots 8 403091 11662)
 (floats 8 69 402)
 (intervals 56 283 24)
 (buffers 960 14)
 (heap 1024 51340 1029))

Message #8 received at 18842 <at> debbugs.gnu.org (full text, mbox):

From: Katsumi Yamaoka <yamaoka <at> jpl.org>
To: david <at> tunna.org
Cc: 18842 <at> debbugs.gnu.org
Subject: Re: bug#18842: 24.4;
 gnus not handling passwords with double quotes in .authinfo
Date: Mon, 27 Oct 2014 08:40:09 +0900

On Sun, 26 Oct 2014 12:54:29 +0100, David Spångberg wrote:
> After a recent update of emacs gnus fails to connect to a mail server
> with login information listed in one of the "~/.authinfo" or
> "~/.authinfo.gpg" files. The password in the file is quoted and contains
> an escaped double quote. Something like this:

>   machine example.org login testuser password "test\"password" port 12345

IBM says[1]:
If the password phrase itself contains a quotation mark, use
the other style of quotation mark to enclose the password phrase.

I.e.: 'test"password'

The rule is enough to handle such a case, isn't it?
(auth-source.el supports it of course.)

[1] <http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.halu001/netftp.htm>

Message #11 received at 18842 <at> debbugs.gnu.org (full text, mbox):

From: Andreas Schwab <schwab <at> suse.de>
To: Katsumi Yamaoka <yamaoka <at> jpl.org>
Cc: 18842 <at> debbugs.gnu.org, david <at> tunna.org
Subject: Re: bug#18842: 24.4;
 gnus not handling passwords with double quotes in .authinfo
Date: Mon, 27 Oct 2014 11:15:13 +0100

Katsumi Yamaoka <yamaoka <at> jpl.org> writes:

> On Sun, 26 Oct 2014 12:54:29 +0100, David Spångberg wrote:
>> After a recent update of emacs gnus fails to connect to a mail server
>> with login information listed in one of the "~/.authinfo" or
>> "~/.authinfo.gpg" files. The password in the file is quoted and contains
>> an escaped double quote. Something like this:
>
>>   machine example.org login testuser password "test\"password" port 12345
>
> IBM says[1]:
> If the password phrase itself contains a quotation mark, use
> the other style of quotation mark to enclose the password phrase.
>
> I.e.: 'test"password'
>
> The rule is enough to handle such a case, isn't it?

Until you start using both. :-)

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab <at> suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Message #14 received at 18842 <at> debbugs.gnu.org (full text, mbox):

From: David Spångberg <david <at> tunna.org>
To: Andreas Schwab <schwab <at> suse.de>
Cc: 18842 <at> debbugs.gnu.org, Katsumi Yamaoka <yamaoka <at> jpl.org>
Subject: Re: bug#18842: 24.4;
 gnus not handling passwords with double quotes in .authinfo
Date: Mon, 27 Oct 2014 20:28:32 +0100

Andreas Schwab <schwab <at> suse.de> writes:

> Katsumi Yamaoka <yamaoka <at> jpl.org> writes:
>
>> On Sun, 26 Oct 2014 12:54:29 +0100, David Spångberg wrote:
>>> After a recent update of emacs gnus fails to connect to a mail server
>>> with login information listed in one of the "~/.authinfo" or
>>> "~/.authinfo.gpg" files. The password in the file is quoted and contains
>>> an escaped double quote. Something like this:
>>
>>>   machine example.org login testuser password "test\"password" port 12345
>>
>> IBM says[1]:
>> If the password phrase itself contains a quotation mark, use
>> the other style of quotation mark to enclose the password phrase.
>>
>> I.e.: 'test"password'
>>
>> The rule is enough to handle such a case, isn't it?

This solves the problem for me at least.

> Until you start using both. :-)

IBM further bans using both forms at the same time so I guess it's a
problem with the specification rather than the implementation in
"auth-source.el".

Thanks for the help :)


Best regards,

David

Message #21 received at 18842-done <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: David Spångberg <david <at> tunna.org>
Cc: 18842-done <at> debbugs.gnu.org, Andreas Schwab <schwab <at> suse.de>,
 Katsumi Yamaoka <yamaoka <at> jpl.org>
Subject: Re: bug#18842: 24.4;
 gnus not handling passwords with double quotes in .authinfo
Date: Sun, 02 Nov 2014 15:58:35 -0500

On Mon, 27 Oct 2014 20:28:32 +0100 David Spångberg <david <at> tunna.org> wrote: 

DS> Andreas Schwab <schwab <at> suse.de> writes:
>> Katsumi Yamaoka <yamaoka <at> jpl.org> writes:
>> 
>>> IBM says[1]:
>>> If the password phrase itself contains a quotation mark, use
>>> the other style of quotation mark to enclose the password phrase.
>>> 
>>> I.e.: 'test"password'
>>> 
>>> The rule is enough to handle such a case, isn't it?

DS> This solves the problem for me at least.

>> Until you start using both. :-)

DS> IBM further bans using both forms at the same time so I guess it's a
DS> problem with the specification rather than the implementation in
DS> "auth-source.el".

I've explained the situation in the auth.texi manual with this commit to
gnus.git, which will be synchronized into Emacs as well:

commit 01c75b7c8e4ecbdaea6dda97b113a76c60458620
Author: Ted Zlatanov <tzz <at> lifelogs.com>
Date:   Sun Nov 2 15:45:34 2014 -0500

    * auth.texi (Help for users): Explain quoting rules better.

Background: the original netrc.el parser just used the Lisp reader. But
that reader doesn't support single-quoted strings, which is the standard
netrc format, so I modified the parser accordingly in gnus.git:

commit 1474b920b7471e4bdb4f983b98fb767d61f8037b
Author: Ted Zlatanov <tzz <at> lifelogs.com>
Date:   Sat Jun 15 04:03:04 2013 -0400

    auth-source netrc backend: Support single-quoted strings, multiline entries.

I've never seen passwords or other tokens with both single and double
quotes, so IMO the current parser in `auth-source-netrc-parse-one' is
sufficient.  But I'm happy to take patches or demands for it to support
some other style.  Marking this bug as done, in any case.

Ted

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.