[Bug 300052] New: Unable to fetch list of newsgroups when password contains colon

Graeme Hewson bugs at wormhole.me.uk
Tue May 15 11:29:27 BST 2012 

https://bugs.kde.org/show_bug.cgi?id=300052

            Bug ID: 300052
          Severity: normal
           Version: 4.8
          Priority: NOR
          Assignee: kdepim-bugs at kde.org
           Summary: Unable to fetch list of newsgroups when password
                    contains colon
    Classification: Unclassified
                OS: Linux
          Reporter: bugs at wormhole.me.uk
          Hardware: Other
            Status: UNCONFIRMED
         Component: general
           Product: knode

Created attachment 71100
  --> https://bugs.kde.org/attachment.cgi?id=71100&action=edit
kioslave debug

To reproduce:

1. Set up a new account in KNode. For the test I used server
news.eternal-september.org. I hope they don't mind (it's not the server I
really want to use). User "abcdefgh", password "pq:rstuv". Of course, these are
fake, for the purposes of this bug report, but tracing with Wireshark shows
there's a problem with KNode.

2. Start Wireshark, and in Capture / Options enter capture filter "host
news.eternal-september.org". Start capturing.

3. Click on Account / Subscribe to Newsgroups... In the popup dialog box, click
Fetch List.

4. Stop capturing in Wireshark. Go to Statistics / Conversations. The TCP tab
shows two TCP conversations (sessions). In the second conversation click
"Follow Stream". This shows the problem with the colon in the password, where
both the user and password get garbled. The password here is "pq:rstuv",
remember, but the problem shows up if the colon is anywhere in the password.

200 mx04.eternal-september.org InterNetNews NNRP server INN 2.6.0 (20120411
snapshot) ready (posting ok)
MODE READER
200 mx04.eternal-september.org InterNetNews NNRP server INN 2.6.0 (20120411
snapshot) ready (posting ok)
AUTHINFO USER abcdefgh:pq
381 Enter password
AUTHINFO PASS rstuv
481 Invalid credentials
LIST
480 Authentication required for command
AUTHINFO USER abcdefgh:pq
381 Enter password
AUTHINFO PASS rstuv
481 Invalid credentials
QUIT
205 Bye!

This is the main topic of this bug report, but there are other things to point
out besides:

A) There's no point in KNode trying to enter the authentication information
again here, after already getting a "481 Invalid credentials" response.

B) Look at the first conversation. KNode logs in (or tries to) and then quits.
There's no reason for this! Using my real account on the server where I
encountered the problem, I see this (I'm munging, of course):

200
MODE READER
200
AUTHINFO USER XXX
381
AUTHINFO PASS XXX
281
QUIT
205

Response 281 means "Authentication accepted". Note that here KNode doesn't
garble the account information.  

C) After step 3 above, KNode pops up an alert box entitled "Authentication
Failed", with entry fields containing the existing Username and Password (the
latter masked out). If I enter a different password here and try again to fetch
the list of newsgroups, Wireshark shows the password hasn't been changed, and
KNode is still using the original password.

D) I'm attaching output from kdebug. All output (information, warnings, errors
and fatal errors) should have been logged to file, but these messages were
written to the console where I started debugging:

kio_nntp(24110): Unexpected response to "LIST" command: ( 482 ) 482 Invalid
Account Information

kio_nntp(24110)/kio (kioslave) KIO::SlaveBase::finished: finished() called
after error()! Please fix the KIO slave.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list