Open Bug 248100 Opened 21 years ago Updated 2 years ago

Double authentication when using pushed auth

Categories

(MailNews Core :: Networking: NNTP, defect)

Product:
MailNews Core
Component:
Networking: NNTP
Type:
defect

Tracking

(Not tracked)

People

(Reporter: jarfil, Unassigned)

Details

(Whiteboard: [jcranmer:auth])

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a2) Gecko/20040617 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a2) Gecko/20040617 Connecting to the server news.terra.es as an authenticated user, Mozilla informs of an "NNTP error". Checking the server conversation reveals it resends user authinfo in spite of already being authenticated, making the server respond as to reject this duplicated attempt, and Mozilla detecting this as a failure to authenticate (!!). Reproducible: Always Steps to Reproduce: 1. Add server which needs authentication 2. Open Subscribe dialog 3. Enter username and password when asked Actual Results: "A News (NNTP) error occurred: Authenication rejected" response. Expected Results: Correct authentication and further operation. < 200 Server id > MODE READER < 480 Authenication required > AUTHINFO user username < 381 More Authenication information required > AUTHINFO pass password < 281 Authenication succeeded > MODE READER < 200 Server id > AUTHINFO user username < 482 Authenication rejected
I guess you force Mozilla to authenticate by choosing "Always request authentication when connecting to this server" in the server settings. Two things come together: 1. The server pre-empts Mozilla in requiring a login. Our "always login first" mode seems to start not before the response to "MODE READER". 2. Mozilla doesn't count the 281 answer before it self issued "MODE READER". It should be possible to work around the problem if you switch the option off. But I nevertheless see No.2 a as bug in Mozilla.
Severity: major → normal
Status: UNCONFIRMED → NEW
Component: Subscribe → Networking: News
Ever confirmed: true
OS: Linux → All
Hardware: PC → All
(In reply to comment #1) > 2. Mozilla doesn't count the 281 answer before it self issued "MODE READER". To be more precisely, we go into authentication unconditionally from SendModeReaderResponse() if the always_authenticate pref is set. RFC 2980 says "Servers are not required to accept authentication information that is volunteered by the client. Clients must accommodate servers that reject any authentication information volunteered by the client." So I we can: 1. Tell users to switch of the pref if their server has problems with unrequested authentication (since the pref is off by default, only few users should have problems at all). 2. a) Carry a flag with us whether we're already authenticated and do if (NS_SUCCEEDED(rv) && pushAuth && alreadyAuthenticated) and b) Don't bail out after a 482 response if we issued AUTHINFO without having received a request (code 480). That means, only take "Authentication rejected" responses seriously if we have been asked to authenticate by the server. 3. Move our pushed authentication to the first opportunity. That means right after the 220 greeting, before "MODE READER". I couldn't find something saying MODE READER can not be issued in authenticated state. David, any preference or additional thought?
Summary: NNTP Authentication process error → Double authentication when using pushed auth
Product: MailNews → Core
sorry for the spam. making bugzilla reflect reality as I'm not working on these bugs. filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody
QA Contact: networking.news
Whiteboard: [jcranmer:auth]
Product: Core → MailNews Core
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.