1. Forum
  2. DOVE-Net
  3. Synchronet Sysops

  • Thunderbird not requesting username/password for NNTP

    From Michael J. Ryan@VERT to GitLab issue in main/sbbs on Mon Jan 25 17:49:56 2021
    open https://gitlab.synchro.net/main/sbbs/-/issues/208

    Using -na or -auto, Thunderbird over NNTP doesn't request authentication...

    Replacing the status response 502 on nntpservice.js line 303[1] with 450 appears to address the issue.

    May want to also do similar under "POST" for guest user.

    [1] https://gitlab.synchro.net/main/sbbs/-/blob/master/exec/nntpservice.js#L303

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to GitLab note in main/sbbs on Tue Jan 26 06:54:16 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1365

    I believe 480 is the correct new response code, not 450.

    Further, 502 *is* the standard correct reponse per RFC 977. 480 was added in 3977, which means it should only be used if CAPABILITIES is supported (which I believe it isn't).

    Updating to RFC 3977 compliance is non-trivial as new commands are mandatory, and some existing conventions (ie: <0>) are no longer used.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Tue Jan 26 08:01:04 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1367

    Can you just not use the -auto option?

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab note in main/sbbs on Tue Jan 26 17:18:26 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1384

    450 is for authentication required... and since the client hasn't actually authenticated at that point, may be the correct response. With auto, it doesn't work if the IP doesn't match a prior login.. worse it could be wrong if multiple people in a household actually use the bbs.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab note in main/sbbs on Tue Jan 26 17:19:19 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1385

    480 is a response to "CHECK"

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to GitLab note in main/sbbs on Tue Jan 26 17:47:31 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1386

    Are you looking at [this document](https://tools.ietf.org/html/rfc3977)?

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to GitLab note in main/sbbs on Tue Jan 26 17:55:22 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1387

    Assuming you're actually looking at [this one](https://tools.ietf.org/html/rfc2980) (whcih says to use RFC977, not it):

    ```
    When authorization is required, the server will send a 480 response
    requesting authorization from the client. The client must enter
    AUTHINFO USER followed by the username.
    ```

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Tue Jan 26 19:22:34 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1391

    I would argue to not use or just get rid of the "-auto" option altogether.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab note in main/sbbs on Mon Feb 1 23:33:08 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1444

    @Deuce will test with 480 this weekend and make a PR if it works. I did discover where to set the "always authenticate" option in Thunderbird, but the default doesn't set this, and the 502 response definitely doesn't work/prompt.

    @rswindell I'm actually using the `-na` option, but auto behavior is the same if undetected via IP, which I'm not sure I like the behavior of and agree `-auto` should probably be removed.

    Aside, should add additional safeguards when posting without post access (guest is default) when logged in as "guest". Possibly just not allowing guest to post and instantly responding with auth required (480). As it is, guest is allowed to impersonate any user as part of posting, mirroring network accounts.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Tue Feb 2 00:23:08 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1447

    Guest, by default, has the 'P' restriction preventing posted messages.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab note in main/sbbs on Thu Feb 4 13:29:35 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1459

    @rswindell nod... I'm suggesting it should return a 480 if the user is guest and tries to POST... the POST itself fails, but no authentication request ever popped up in the nntp client. Was actually somewhat surprised that the default was to use guest, and why I switched to -na, and then noticed the 502 just wasn't working in thunderbird.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab note in main/sbbs on Sun Feb 28 19:34:55 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1663

    @rswindell @deuce setting no-anonymous, and using 480 works...

    Around line 297
    ```
    writeln("480 Authorization Required");
    ```

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Sun Feb 28 19:58:27 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1664

    Line 297 is currently a blank line. Maybe you mean line 303:
    `writeln("502 Authentication required");` ?

    Also, "the defaults" already don't have auto-login or anonymous/guest (assuming the sysop did not create a guest account).

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab issue in main/sbbs on Sun Feb 28 22:33:06 2021
    close https://gitlab.synchro.net/main/sbbs/-/issues/208

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab note in main/sbbs on Mon Mar 1 02:42:46 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1666

    That's the line... with 502, Thunderbird just hang or closed the window... with 480 it will prompt for access.

    And if the sysop doesn't have a guest account, the web UI doesn't work at all. Just thinking the anonymous access for nntp should be opt-in instead of opt-out, beyond just the guest account existign.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Michael J. Ryan@VERT to GitLab issue in main/sbbs on Mon Mar 1 02:44:29 2021
    reopen https://gitlab.synchro.net/main/sbbs/-/issues/208

    Using -na or -auto, Thunderbird over NNTP doesn't request authentication...

    Replacing the status response 502 on nntpservice.js line 303[1] with 450 appears to address the issue.

    May want to also do similar under "POST" for guest user.

    [1] https://gitlab.synchro.net/main/sbbs/-/blob/master/exec/nntpservice.js#L303

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net