1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Thunderbird not requesting username/password for NNTP

    From Michael J. Ryan@1:103/705 to GitLab issue in main/sbbs on Monday, January 25, 2021 09:49:56
    open https://gitlab.synchro.net/main/sbbs/-/issues/208

    Using -na or -auto, Thunderbird over NNTP doesn't request authentication...Replacing the status response 502 on nntpservice.js line 303[1] with 450 appears to address the issue.May want to also do similar under "POST" for guest user.[1] https://gitlab.synchro.net/main/sbbs/-/blob/master/exec/nntpservice.js#L303
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deuce@1:103/705 to GitLab note in main/sbbs on Monday, January 25, 2021 22:54:16
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1365

    I believe 480 is the correct new response code, not 450.Further, 502 *is* the standard correct reponse per RFC 977. 480 was added in 3977, which means it should only be used if CAPABILITIES is supported (which I believe it isn't).Updating to RFC 3977 compliance is non-trivial as new commands are mandatory, and some existing conventions (ie: <0>) are no longer used.
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Tuesday, January 26, 2021 00:01:04
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1367

    Can you just not use the -auto option?
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Tuesday, January 26, 2021 09:18:26
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1384

    450 is for authentication required... and since the client hasn't actually authenticated at that point, may be the correct response. With auto, it doesn't work if the IP doesn't match a prior login.. worse it could be wrong if multiple people in a household actually use the bbs.
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Tuesday, January 26, 2021 09:19:19
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1385

    480 is a response to "CHECK"
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deuce@1:103/705 to GitLab note in main/sbbs on Tuesday, January 26, 2021 09:47:31
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1386

    Are you looking at [this document](https://tools.ietf.org/html/rfc3977)?
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deuce@1:103/705 to GitLab note in main/sbbs on Tuesday, January 26, 2021 09:55:22
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1387

    Assuming you're actually looking at [this one](https://tools.ietf.org/html/rfc2980) (whcih says to use RFC977, not it):``` When authorization is required, the server will send a 480 response requesting authorization from the client. The client must enter AUTHINFO USER followed by the username.```
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Tuesday, January 26, 2021 11:22:34
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1391

    I would argue to not use or just get rid of the "-auto" option altogether.
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Monday, February 01, 2021 15:33:08
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1444

    @Deuce will test with 480 this weekend and make a PR if it works. I did discover where to set the "always authenticate" option in Thunderbird, but the default doesn't set this, and the 502 response definitely doesn't work/prompt.@rswindell I'm actually using the `-na` option, but auto behavior is the same if undetected via IP, which I'm not sure I like the behavior of and agree `-auto` should probably be removed.Aside, should add additional safeguards when posting without post access (guest is default) when logged in as "guest". Possibly just not allowing guest to post and instantly responding with auth required (480). As it is, guest is allowed to impersonate any user as part of posting, mirroring network accounts.
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Monday, February 01, 2021 16:23:08
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1447

    Guest, by default, has the 'P' restriction preventing posted messages.
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Thursday, February 04, 2021 05:29:35
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1459

    @rswindell nod... I'm suggesting it should return a 480 if the user is guest and tries to POST... the POST itself fails, but no authentication request ever popped up in the nntp client. Was actually somewhat surprised that the default was to use guest, and why I switched to -na, and then noticed the 502 just wasn't working in thunderbird.
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Sunday, February 28, 2021 11:34:55
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1663

    @rswindell @deuce setting no-anonymous, and using 480 works...Around line 297```writeln("480 Authorization Required");```
    --- SBBSecho 3.13-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Sunday, February 28, 2021 11:58:27
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1664

    Line 297 is currently a blank line. Maybe you mean line 303:`writeln("502 Authentication required");` ?Also, "the defaults" already don't have auto-login or anonymous/guest (assuming the sysop did not create a guest account).
    --- SBBSecho 3.13-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab issue in main/sbbs on Sunday, February 28, 2021 14:33:06
    close https://gitlab.synchro.net/main/sbbs/-/issues/208
    --- SBBSecho 3.13-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Sunday, February 28, 2021 18:42:46
    https://gitlab.synchro.net/main/sbbs/-/issues/208#note_1666

    That's the line... with 502, Thunderbird just hang or closed the window... with 480 it will prompt for access.And if the sysop doesn't have a guest account, the web UI doesn't work at all. Just thinking the anonymous access for nntp should be opt-in instead of opt-out, beyond just the guest account existign.
    --- SBBSecho 3.13-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab issue in main/sbbs on Sunday, February 28, 2021 18:44:29
    reopen https://gitlab.synchro.net/main/sbbs/-/issues/208

    Using -na or -auto, Thunderbird over NNTP doesn't request authentication...Replacing the status response 502 on nntpservice.js line 303[1] with 450 appears to address the issue.May want to also do similar under "POST" for guest user.[1] https://gitlab.synchro.net/main/sbbs/-/blob/master/exec/nntpservice.js#L303
    --- SBBSecho 3.13-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)