R. David Murray added the comment:
I used some of this code in writing tests for the auth_login failure in issue
25446 (thanks, Milan, you saved me a bunch of work :)
Now that we have asyncio and asynchat is deprecated, we've decided that the
only real purpose of smtpd going forward is the
Roundup Robot added the comment:
New changeset d13263ecf0c6 by R David Murray in branch '3.5':
#25446: Fix regression in smtplib's AUTH LOGIN support.
https://hg.python.org/cpython/rev/d13263ecf0c6
--
nosy: +python-dev
___
Python tracker
Barry A. Warsaw added the comment:
Martin says: I cannot see any particular circumstances where unencrypted
passwords for smtpd would be acceptable, given that there are perfectly
established technologies. So I remain -1 on this patch.
Here's a use case: a testing SMTP server, such as
Milan Oberkirch added the comment:
After trying to implement SMTPS with asyncore and wrap_socket I agree with
David that it is at least hard: somehow the handshake fails
(ssl.SSLWantReadError) and I did not really figure out why. Looking at the
debugging output of openssl indicates that the
Changes by Milan Oberkirch milan...@oberkirch.org:
Added file: http://bugs.python.org/file35991/smtpd_AUTH_full2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21935
___
Martin v. Löwis added the comment:
RFC 4954 states
Note: A server implementation MUST implement a configuration in which
it does NOT permit any plaintext password mechanisms, unless either
the STARTTLS [SMTP-TLS] command has been negotiated or some other
mechanism that protects the
Milan Oberkirch added the comment:
My interpretation of this paragraph is the following (English is not my native
language so please correct me if I'm wrong):
The requirement is to provide a configuration where plain auth is disabled if
password snooping would be possible otherwise not to
R. David Murray added the comment:
Providing starttls support would be the preferred solution, but that is a Hard
Problem. We probably need to rewrite smtpd using asyncio in order to provide
starttls.
--
___
Python tracker rep...@bugs.python.org
Martin v. Löwis added the comment:
Milan: Your interpretation of the MUST requirement is correct.
However, we still cannot support the SHOULD NOT requirement: A server operator
SHOULD NOT accept unencrypted passwords. RFC 2119 explains
This phrase, or the phrase NOT RECOMMENDED mean that
R. David Murray added the comment:
I haven't looked at the problem myself. Someone (Giampaolo?) told me that
wrap_socket wouldn't work because of the fact that smtpd uses asynchat.
As for the 'particular circumstances' clause, I would suggest that one of the
primary use cases for smtpd is in
Milan Oberkirch added the comment:
Done. I added the keyarg 'enable_AUTH' and two abstract methods to the server:
process_auth(user, password) for authentication and accept_recipient(user,
mailfrom, rcptto) for authorization.
--
Added file:
Milan Oberkirch added the comment:
We could solve issue 8503 at the same time by always calling
'accept_recipient(mailfrom, rcptto, user=None)' and providing a default
implementation for backwards compatibility.
--
___
Python tracker
Milan Oberkirch added the comment:
There is no real API in the current patch and authenticating has no effect
(other then preventing you from authenticating again and storing the username).
I am wondering how the user should turn AUTH on/off.
Solution 1:
add a keyword argument 'enable_AUTH'
R. David Murray added the comment:
Describing how a programmer would implement authentication is exactly the API I
was referring to, and that includes the signature and semantics of
_verify_user_credentials.
I agree that (1) seems the cleanest. I'd favor 1.1, NotImplemented, which lets
the
R. David Murray added the comment:
I think it would be a good idea to write the documentation. It is much easier
to get a feel for the API via docs than it is via code. (That is, when you
explain how to use the API, you sometimes find design bugs :)
for a/b: so you are thinking of an auth
New submission from Milan Oberkirch:
I implemented message processing for LOGIN and PLAIN authentication in smtpd. I
also patched test_smtplib to make use of this functionality.
The goal for the API is to provide decryption and message processing in the
smtpd library and call a externally
16 matches
Mail list logo