[PATCH] send-email: explicitly disable authentication

[PATCH] send-email: explicitly disable authentication

[Joshua Watt]

It can be necessary to disable SMTP authentication by a mechanism other
than sendemail.smtpuser being undefined. For example, if the user has
sendemail.smtpuser set globally but wants to disable authentication
locally in one repository.

--smtp-auth and sendemail.smtpauth now understand the value 'none' which
means to disable authentication completely, even if an authentication
user is specified.

The value 'none' is lower case to avoid conflicts with any RFC 4422
authentication mechanisms.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
 Documentation/git-send-email.txt | 4 +++-
 git-send-email.perl              | 5 +++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
index 465a4ecbe..751a4851e 100644
--- a/Documentation/git-send-email.txt
+++ b/Documentation/git-send-email.txt
@@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ...
 If at least one of the specified mechanisms matches the ones advertised by the
 SMTP server and if it is supported by the utilized SASL library, the mechanism
 is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth`
-is specified, all mechanisms supported by the SASL library can be used.
+is specified, all mechanisms supported by the SASL library can be used. The
+special value 'none' maybe specified to completely disable authentication
+independently of `--smtp-user`
 
 --smtp-pass[=<password>]::
 	Password for SMTP-AUTH. The argument is optional: If no
diff --git a/git-send-email.perl b/git-send-email.perl
index 2be5dac33..4a74cd350 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -82,7 +82,8 @@ sub usage {
                                      Pass an empty string to disable certificate
                                      verification.
     --smtp-domain           <str>  * The domain name sent to HELO/EHLO handshake
-    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms.
+    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms, or
+                                     "none" to disable authentication.
                                      This setting forces to use one of the listed mechanisms.
     --smtp-debug            <0|1>  * Disable, enable Net::SMTP debug.
 
@@ -1241,7 +1242,7 @@ sub smtp_host_string {
 # (smtp_user was not specified), and 0 otherwise.
 
 sub smtp_auth_maybe {
-	if (!defined $smtp_authuser || $auth) {
+	if (!defined $smtp_authuser || $auth || $smtp_auth eq "none") {
 		return 1;
 	}
 
-- 
2.17.1

Re: [PATCH] send-email: explicitly disable authentication

[Eric Sunshine]

On Thu, Oct 18, 2018 at 5:16 PM Joshua Watt <jpewhacker@gmail.com> wrote:
> It can be necessary to disable SMTP authentication by a mechanism other
> than sendemail.smtpuser being undefined. For example, if the user has
> sendemail.smtpuser set globally but wants to disable authentication
> locally in one repository.
>
> --smtp-auth and sendemail.smtpauth now understand the value 'none' which
> means to disable authentication completely, even if an authentication
> user is specified.

Implementation complexity aside, spelling the option --no-smtp-auth
might be more intuitive and consistent than --smtp-auth=none.

> The value 'none' is lower case to avoid conflicts with any RFC 4422
> authentication mechanisms.
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>

Re: [PATCH] send-email: explicitly disable authentication

[Joshua Watt]

On Thu, 2018-10-18 at 17:53 -0400, Eric Sunshine wrote:
> On Thu, Oct 18, 2018 at 5:16 PM Joshua Watt <jpewhacker@gmail.com>
> wrote:
> > It can be necessary to disable SMTP authentication by a mechanism
> > other
> > than sendemail.smtpuser being undefined. For example, if the user
> > has
> > sendemail.smtpuser set globally but wants to disable authentication
> > locally in one repository.
> > 
> > --smtp-auth and sendemail.smtpauth now understand the value 'none'
> > which
> > means to disable authentication completely, even if an
> > authentication
> > user is specified.
> 
> Implementation complexity aside, spelling the option --no-smtp-auth
> might be more intuitive and consistent than --smtp-auth=none.

One advantage of --smtp-auth=none is that it can also be done with a
config variable sendemail.smtpauth="none". Would be also add a config
variable like sendemail.nosmtpauth (the negative seems strange to me)? 

Or maybe --no-smtp-auth is just a shorthand alias for --smtp-auth=none?

> 
> > The value 'none' is lower case to avoid conflicts with any RFC 4422
> > authentication mechanisms.
> > 
> > Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
-- 
Joshua Watt <JPEWhacker@gmail.com>

Re: [PATCH] send-email: explicitly disable authentication

[Eric Sunshine]

On Thu, Oct 18, 2018 at 6:02 PM Joshua Watt <jpewhacker@gmail.com> wrote:
> On Thu, 2018-10-18 at 17:53 -0400, Eric Sunshine wrote:
> > On Thu, Oct 18, 2018 at 5:16 PM Joshua Watt <jpewhacker@gmail.com>
> > wrote:
> > Implementation complexity aside, spelling the option --no-smtp-auth
> > might be more intuitive and consistent than --smtp-auth=none.
>
> One advantage of --smtp-auth=none is that it can also be done with a
> config variable sendemail.smtpauth="none". Would be also add a config
> variable like sendemail.nosmtpauth (the negative seems strange to me)?

I would not expect to see a "negating" config variable like that. I
was just suggesting that a "--no-*" command-line option might be more
intuitive.

> Or maybe --no-smtp-auth is just a shorthand alias for --smtp-auth=none?

That's one possibility.

[PATCH v2] send-email: explicitly disable authentication

[Joshua Watt]

It can be necessary to disable SMTP authentication by a mechanism other
than sendemail.smtpuser being undefined. For example, if the user has
sendemail.smtpuser set globally but wants to disable authentication
locally in one repository.

--smtp-auth and sendemail.smtpauth now understand the value 'none' which
means to disable authentication completely, even if an authentication
user is specified.

The value 'none' is lower case to avoid conflicts with any RFC 4422
authentication mechanisms.

The user may also specify the command line argument --no-smtp-auth as a
shorthand for --smtp-auth=none

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
 Documentation/git-send-email.txt | 7 ++++++-
 git-send-email.perl              | 8 ++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
index 465a4ecbe..17993e3c9 100644
--- a/Documentation/git-send-email.txt
+++ b/Documentation/git-send-email.txt
@@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ...
 If at least one of the specified mechanisms matches the ones advertised by the
 SMTP server and if it is supported by the utilized SASL library, the mechanism
 is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth`
-is specified, all mechanisms supported by the SASL library can be used.
+is specified, all mechanisms supported by the SASL library can be used. The
+special value 'none' maybe specified to completely disable authentication
+independently of `--smtp-user`
 
 --smtp-pass[=<password>]::
 	Password for SMTP-AUTH. The argument is optional: If no
@@ -204,6 +206,9 @@ or on the command line. If a username has been specified (with
 specified (with `--smtp-pass` or `sendemail.smtpPass`), then
 a password is obtained using 'git-credential'.
 
+--no-smtp-auth::
+	Disable SMTP authentication. Short hand for `--smtp-auth=none`
+
 --smtp-server=<host>::
 	If set, specifies the outgoing SMTP server to use (e.g.
 	`smtp.example.com` or a raw IP address).  Alternatively it can
diff --git a/git-send-email.perl b/git-send-email.perl
index 2be5dac33..7d7e69581 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -82,8 +82,11 @@ sub usage {
                                      Pass an empty string to disable certificate
                                      verification.
     --smtp-domain           <str>  * The domain name sent to HELO/EHLO handshake
-    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms.
+    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms, or
+                                     "none" to disable authentication.
                                      This setting forces to use one of the listed mechanisms.
+    --no-smtp-auth                   Disable SMTP authentication. Shorthand for
+                                     `--smtp-auth=none`
     --smtp-debug            <0|1>  * Disable, enable Net::SMTP debug.
 
     --batch-size            <int>  * send max <int> message per connection.
@@ -341,6 +344,7 @@ sub signal_handler {
 		    "smtp-debug:i" => \$debug_net_smtp,
 		    "smtp-domain:s" => \$smtp_domain,
 		    "smtp-auth=s" => \$smtp_auth,
+		    "no-smtp-auth" => sub {$smtp_auth = 'none'},
 		    "identity=s" => \$identity,
 		    "annotate!" => \$annotate,
 		    "no-annotate" => sub {$annotate = 0},
@@ -1241,7 +1245,7 @@ sub smtp_host_string {
 # (smtp_user was not specified), and 0 otherwise.
 
 sub smtp_auth_maybe {
-	if (!defined $smtp_authuser || $auth) {
+	if (!defined $smtp_authuser || $auth || $smtp_auth eq "none") {
 		return 1;
 	}
 
-- 
2.19.1.543.g99a77c85e.dirty

Re: [PATCH v2] send-email: explicitly disable authentication

[Joshua Watt]

On Mon, Oct 22, 2018 at 12:52 PM Joshua Watt <jpewhacker@gmail.com> wrote:
>
> It can be necessary to disable SMTP authentication by a mechanism other
> than sendemail.smtpuser being undefined. For example, if the user has
> sendemail.smtpuser set globally but wants to disable authentication
> locally in one repository.
>
> --smtp-auth and sendemail.smtpauth now understand the value 'none' which
> means to disable authentication completely, even if an authentication
> user is specified.
>
> The value 'none' is lower case to avoid conflicts with any RFC 4422
> authentication mechanisms.
>
> The user may also specify the command line argument --no-smtp-auth as a
> shorthand for --smtp-auth=none
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> ---
>  Documentation/git-send-email.txt | 7 ++++++-
>  git-send-email.perl              | 8 ++++++--
>  2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
> index 465a4ecbe..17993e3c9 100644
> --- a/Documentation/git-send-email.txt
> +++ b/Documentation/git-send-email.txt
> @@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ...
>  If at least one of the specified mechanisms matches the ones advertised by the
>  SMTP server and if it is supported by the utilized SASL library, the mechanism
>  is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth`
> -is specified, all mechanisms supported by the SASL library can be used.
> +is specified, all mechanisms supported by the SASL library can be used. The
> +special value 'none' maybe specified to completely disable authentication
> +independently of `--smtp-user`
>
>  --smtp-pass[=<password>]::
>         Password for SMTP-AUTH. The argument is optional: If no
> @@ -204,6 +206,9 @@ or on the command line. If a username has been specified (with
>  specified (with `--smtp-pass` or `sendemail.smtpPass`), then
>  a password is obtained using 'git-credential'.
>
> +--no-smtp-auth::
> +       Disable SMTP authentication. Short hand for `--smtp-auth=none`
> +
>  --smtp-server=<host>::
>         If set, specifies the outgoing SMTP server to use (e.g.
>         `smtp.example.com` or a raw IP address).  Alternatively it can
> diff --git a/git-send-email.perl b/git-send-email.perl
> index 2be5dac33..7d7e69581 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -82,8 +82,11 @@ sub usage {
>                                       Pass an empty string to disable certificate
>                                       verification.
>      --smtp-domain           <str>  * The domain name sent to HELO/EHLO handshake
> -    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms.
> +    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms, or
> +                                     "none" to disable authentication.
>                                       This setting forces to use one of the listed mechanisms.
> +    --no-smtp-auth                   Disable SMTP authentication. Shorthand for
> +                                     `--smtp-auth=none`
>      --smtp-debug            <0|1>  * Disable, enable Net::SMTP debug.
>
>      --batch-size            <int>  * send max <int> message per connection.
> @@ -341,6 +344,7 @@ sub signal_handler {
>                     "smtp-debug:i" => \$debug_net_smtp,
>                     "smtp-domain:s" => \$smtp_domain,
>                     "smtp-auth=s" => \$smtp_auth,
> +                   "no-smtp-auth" => sub {$smtp_auth = 'none'},
>                     "identity=s" => \$identity,
>                     "annotate!" => \$annotate,
>                     "no-annotate" => sub {$annotate = 0},
> @@ -1241,7 +1245,7 @@ sub smtp_host_string {
>  # (smtp_user was not specified), and 0 otherwise.
>
>  sub smtp_auth_maybe {
> -       if (!defined $smtp_authuser || $auth) {
> +       if (!defined $smtp_authuser || $auth || $smtp_auth eq "none") {

Oops, this generates a warning when no smtp auth argument is supplied
(comparison to undefined value). Version 3 will be along shortly.

>                 return 1;
>         }
>
> --
> 2.19.1.543.g99a77c85e.dirty
>

Re: [PATCH v2] send-email: explicitly disable authentication

[Junio C Hamano]

Joshua Watt <jpewhacker@gmail.com> writes:

> It can be necessary to disable SMTP authentication by a mechanism other
> than sendemail.smtpuser being undefined. For example, if the user has
> sendemail.smtpuser set globally but wants to disable authentication
> locally in one repository.

I wonder if it would be more productive to introduce a mechanism
that can be used to address that use case more directly.  For
example, would it help to teach "git send-email" that
sendemail.smtpuser set to a particular value (say '!', or empty
string if you prefer) is equivalent to the variable unset at all?

Re: [PATCH v2] send-email: explicitly disable authentication

[Joshua Watt]

On Mon, Oct 22, 2018 at 7:32 PM Junio C Hamano <gitster@pobox.com> wrote:
>
> Joshua Watt <jpewhacker@gmail.com> writes:
>
> > It can be necessary to disable SMTP authentication by a mechanism other
> > than sendemail.smtpuser being undefined. For example, if the user has
> > sendemail.smtpuser set globally but wants to disable authentication
> > locally in one repository.
>
> I wonder if it would be more productive to introduce a mechanism
> that can be used to address that use case more directly.  For
> example, would it help to teach "git send-email" that
> sendemail.smtpuser set to a particular value (say '!', or empty
> string if you prefer) is equivalent to the variable unset at all?
>

I'm a little worried that is more likely to break someone's workflow
(although, I'm not sure why someone would have such simple username).
Using sendemail.smtpauth = "none" is pretty much guaranteed to not
break an existing setup because git send-email would previously reject
any value that wasn't upper case. I suppose the one disadvantage is
that it isn't backward compatible, since setting sendemail.smtpauth to
"none" wouldn't work with older versions of git (due to it not being
upper case), but I'm not sure how much of a concern that is.

IMHO, setting ""  or "!" for sendemail.smtpuser probably isn't any
more clear or direct for the end user than my solution.

[PATCH v3] send-email: explicitly disable authentication

[Joshua Watt]

It can be necessary to disable SMTP authentication by a mechanism other
than sendemail.smtpuser being undefined. For example, if the user has
sendemail.smtpuser set globally but wants to disable authentication
locally in one repository.

--smtp-auth and sendemail.smtpauth now understand the value 'none' which
means to disable authentication completely, even if an authentication
user is specified.

The value 'none' is lower case to avoid conflicts with any RFC 4422
authentication mechanisms.

The user may also specify the command line argument --no-smtp-auth as a
shorthand for --smtp-auth=none

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
 Documentation/git-send-email.txt | 7 ++++++-
 git-send-email.perl              | 8 ++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
index 465a4ecbe..17993e3c9 100644
--- a/Documentation/git-send-email.txt
+++ b/Documentation/git-send-email.txt
@@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ...
 If at least one of the specified mechanisms matches the ones advertised by the
 SMTP server and if it is supported by the utilized SASL library, the mechanism
 is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth`
-is specified, all mechanisms supported by the SASL library can be used.
+is specified, all mechanisms supported by the SASL library can be used. The
+special value 'none' maybe specified to completely disable authentication
+independently of `--smtp-user`
 
 --smtp-pass[=<password>]::
 	Password for SMTP-AUTH. The argument is optional: If no
@@ -204,6 +206,9 @@ or on the command line. If a username has been specified (with
 specified (with `--smtp-pass` or `sendemail.smtpPass`), then
 a password is obtained using 'git-credential'.
 
+--no-smtp-auth::
+	Disable SMTP authentication. Short hand for `--smtp-auth=none`
+
 --smtp-server=<host>::
 	If set, specifies the outgoing SMTP server to use (e.g.
 	`smtp.example.com` or a raw IP address).  Alternatively it can
diff --git a/git-send-email.perl b/git-send-email.perl
index 2be5dac33..a70679484 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -82,8 +82,11 @@ sub usage {
                                      Pass an empty string to disable certificate
                                      verification.
     --smtp-domain           <str>  * The domain name sent to HELO/EHLO handshake
-    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms.
+    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms, or
+                                     "none" to disable authentication.
                                      This setting forces to use one of the listed mechanisms.
+    --no-smtp-auth                   Disable SMTP authentication. Shorthand for
+                                     `--smtp-auth=none`
     --smtp-debug            <0|1>  * Disable, enable Net::SMTP debug.
 
     --batch-size            <int>  * send max <int> message per connection.
@@ -341,6 +344,7 @@ sub signal_handler {
 		    "smtp-debug:i" => \$debug_net_smtp,
 		    "smtp-domain:s" => \$smtp_domain,
 		    "smtp-auth=s" => \$smtp_auth,
+		    "no-smtp-auth" => sub {$smtp_auth = 'none'},
 		    "identity=s" => \$identity,
 		    "annotate!" => \$annotate,
 		    "no-annotate" => sub {$annotate = 0},
@@ -1241,7 +1245,7 @@ sub smtp_host_string {
 # (smtp_user was not specified), and 0 otherwise.
 
 sub smtp_auth_maybe {
-	if (!defined $smtp_authuser || $auth) {
+	if (!defined $smtp_authuser || $auth || (defined $smtp_auth && $smtp_auth eq "none")) {
 		return 1;
 	}
 
-- 
2.19.1.543.g838de3e23.dirty

Re: [PATCH v3] send-email: explicitly disable authentication

[Junio C Hamano]

Joshua Watt <jpewhacker@gmail.com> writes:

> It can be necessary to disable SMTP authentication by a mechanism other
> than sendemail.smtpuser being undefined. For example, if the user has
> sendemail.smtpuser set globally but wants to disable authentication
> locally in one repository.
>
> --smtp-auth and sendemail.smtpauth now understand the value 'none' which
> means to disable authentication completely, even if an authentication
> user is specified.
>
> The value 'none' is lower case to avoid conflicts with any RFC 4422
> authentication mechanisms.
>
> The user may also specify the command line argument --no-smtp-auth as a
> shorthand for --smtp-auth=none
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> ---

Thanks.  Let's queue this and merge it to 'next' soonish.




>  Documentation/git-send-email.txt | 7 ++++++-
>  git-send-email.perl              | 8 ++++++--
>  2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
> index 465a4ecbe..17993e3c9 100644
> --- a/Documentation/git-send-email.txt
> +++ b/Documentation/git-send-email.txt
> @@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ...
>  If at least one of the specified mechanisms matches the ones advertised by the
>  SMTP server and if it is supported by the utilized SASL library, the mechanism
>  is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth`
> -is specified, all mechanisms supported by the SASL library can be used.
> +is specified, all mechanisms supported by the SASL library can be used. The
> +special value 'none' maybe specified to completely disable authentication
> +independently of `--smtp-user`
>  
>  --smtp-pass[=<password>]::
>  	Password for SMTP-AUTH. The argument is optional: If no
> @@ -204,6 +206,9 @@ or on the command line. If a username has been specified (with
>  specified (with `--smtp-pass` or `sendemail.smtpPass`), then
>  a password is obtained using 'git-credential'.
>  
> +--no-smtp-auth::
> +	Disable SMTP authentication. Short hand for `--smtp-auth=none`
> +
>  --smtp-server=<host>::
>  	If set, specifies the outgoing SMTP server to use (e.g.
>  	`smtp.example.com` or a raw IP address).  Alternatively it can
> diff --git a/git-send-email.perl b/git-send-email.perl
> index 2be5dac33..a70679484 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -82,8 +82,11 @@ sub usage {
>                                       Pass an empty string to disable certificate
>                                       verification.
>      --smtp-domain           <str>  * The domain name sent to HELO/EHLO handshake
> -    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms.
> +    --smtp-auth             <str>  * Space-separated list of allowed AUTH mechanisms, or
> +                                     "none" to disable authentication.
>                                       This setting forces to use one of the listed mechanisms.
> +    --no-smtp-auth                   Disable SMTP authentication. Shorthand for
> +                                     `--smtp-auth=none`
>      --smtp-debug            <0|1>  * Disable, enable Net::SMTP debug.
>  
>      --batch-size            <int>  * send max <int> message per connection.
> @@ -341,6 +344,7 @@ sub signal_handler {
>  		    "smtp-debug:i" => \$debug_net_smtp,
>  		    "smtp-domain:s" => \$smtp_domain,
>  		    "smtp-auth=s" => \$smtp_auth,
> +		    "no-smtp-auth" => sub {$smtp_auth = 'none'},
>  		    "identity=s" => \$identity,
>  		    "annotate!" => \$annotate,
>  		    "no-annotate" => sub {$annotate = 0},
> @@ -1241,7 +1245,7 @@ sub smtp_host_string {
>  # (smtp_user was not specified), and 0 otherwise.
>  
>  sub smtp_auth_maybe {
> -	if (!defined $smtp_authuser || $auth) {
> +	if (!defined $smtp_authuser || $auth || (defined $smtp_auth && $smtp_auth eq "none")) {
>  		return 1;
>  	}