[issue27820] Possible bug in smtplib when initial_response_ok=False

[Dario D'Amico]

Dario D'Amico added the comment:

I have reasons to believe that smtlib.py does not support AUTH LOGIN well.

My guts feeling are that the auth_login method should be changed into:

def auth_login(self, challenge=None):
print("auth_login", challenge)
""" Authobject to use with LOGIN authentication. Requires self.user and
self.password to be set."""
if challenge is None:
return self.user
elif challenge == b'Username:':
return self.user
elif challenge == b'Password:':
return self.password

While the if at line 634, in the auth method, should actually be a while,
so that this:

# If server responds with a challenge, send the response.
if code == 334:
challenge = base64.decodebytes(resp)
response = encode_base64(
authobject(challenge).encode('ascii'), eol='')
(code, resp) = self.docmd(response)

is turned into this:

# If server responds with a challenge, send the response.
# Note that there may be multiple, sequential challenges.
while code == 334:
challenge = base64.decodebytes(resp)
response = encode_base64(
authobject(challenge).encode('ascii'), eol='')
(code, resp) = self.docmd(response)

First, some background on AUTH LOGIN; based on my understanding of
http://www.fehcom.de/qmail/smtpauth.html there are two possible ways
to authenticate a client using AUTH LOGIN:

Method A
C: AUTH LOGIN
S: 334 VXNlcm5hbWU6
C: 
S: 334 UGFzc3dvcmQ6
C: 

Method B
C: AUTH LOGIN 
S: 334 UGFzc3dvcmQ6
C: 

The second method saves two round trips because the client sends
the username together with the AUTH LOGIN command. Note that the
strings VXNlcm5hbWU6 and UGFzc3dvcmQ6 are fixed and they are,
respectively, the Base64 encodings of 'Username:' and 'Password:'.

In the following I will detail my experience with smtplib.

Everything begun from this code fragment:

smtpObj = smtplib.SMTP("smtp.example.com", "25")
smtpObj.set_debuglevel(2)
smtpObj.login("nore...@example.com", "chocolaterain")
smtpObj.sendmail(sender, receivers, message)

The debug log produced by smtplib looked like this:

01:53:32.420185 send: 'ehlo localhost.localdomain\r\n'
01:53:32.624123 reply: b'250-smtp.example.com\r\n'
01:53:32.862965 reply: b'250-AUTH LOGIN\r\n'
01:53:32.863490 reply: b'250 8BITMIME\r\n'
01:53:32.863844 reply: retcode (250); Msg: b'smtp.example.com\nAUTH 
LOGIN\n8BITMIME'
01:53:32.868414 send: 'AUTH LOGIN <<>>\r\n'
01:53:33.069884 reply: b'501 syntax error\r\n'
01:53:33.070479 reply: retcode (501); Msg: b'syntax error'
Traceback (most recent call last):
  File "/usr/lib/python3.5/runpy.py", line 184, in _run_module_as_main
"__main__", mod_spec)
  File "/usr/lib/python3.5/runpy.py", line 85, in _run_code
exec(code, run_globals)
  File "/home/dario/Programming/DigitalOcean/s.py", line 48, in 
smtpObj.login("nore...@example.com", "chocolaterain")
  File "/usr/lib/python3.5/smtplib.py", line 729, in login
raise last_exception
  File "/usr/lib/python3.5/smtplib.py", line 720, in login
initial_response_ok=initial_response_ok)
  File "/usr/lib/python3.5/smtplib.py", line 641, in auth
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (501, b'syntax error')

This is most likely not an issue with smtplib, but simply an
indication that smtp.example.com does not support receiving the
username together with AUTH LOGIN (method B), and it replies with 501 syntax 
error.

I figured out that I could force the alternate data flow (method A), in which
the username is issued in a separate command, by setting
initial_response_ok=False when logging in:

smtpObj = smtplib.SMTP("smtp.example.com", "25")
smtpObj.set_debuglevel(2)
smtpObj.login("nore...@example.com", "chocolaterain", 
initial_response_ok=False)
smtpObj.sendmail(sender, receivers, message)

This resulted in a slightly more interesting behaviour:

01:53:54.445118 send: 'ehlo localhost.localdomain\r\n'
01:53:54.648136 reply: b'250-smtp.example.com\r\n'
01:53:54.884669 reply: b'250-AUTH LOGIN\r\n'
01:53:54.885197 reply: b'250 8BITMIME\r\n'
01:53:54.88 reply: retcode (250); Msg: b'smtp.example.com\nAUTH 
LOGIN\n8BITMIME'
01:53:54.890051 send: 'AUTH LOGIN\r\n'
01:53:55.089540 reply: b'334 VXNlcm5hbWU6\r\n'
01:53:55.090119 reply: retcode (334); Msg: b'VXNlcm5hbWU6'
01:53:55.090955 send

[issue27820] Possible bug in smtplib when initial_response_ok=False

[Dario D'Amico]

New submission from Dario D'Amico:

oo

--

___
Python tracker 
<http://bugs.python.org/issue27820>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27820] Possible bug in smtplib when initial_response_ok=False

[Dario D'Amico]

Changes by Dario D'Amico :


Removed file: http://bugs.python.org/file44177/SmtplibBugReport.txt

___
Python tracker 
<http://bugs.python.org/issue27820>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27820] Possible bug in smtplib when initial_response_ok=False

[Dario D'Amico]

Changes by Dario D'Amico :


Added file: http://bugs.python.org/file44177/SmtplibBugReport.txt

___
Python tracker 
<http://bugs.python.org/issue27820>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27820] Possible bug in smtplib when initial_response_ok=False

[Dario D'Amico]

Changes by Dario D'Amico :


--
components: Library (Lib)
nosy: Dario D'Amico
priority: normal
severity: normal
status: open
title: Possible bug in smtplib when initial_response_ok=False
type: crash
versions: Python 3.5

___
Python tracker 
<http://bugs.python.org/issue27820>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com