classification
Title: smtplib authentication - try all mechanisms
Type: behavior Stage: resolved
Components: Versions: Python 3.1, Python 3.2, Python 2.7, Python 2.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: ghaering Nosy List: Enrico.Carlesso, aguynamedben, akuchling, alfmel, ghaering, giampaolo.rodola, python-dev, shubes
Priority: normal Keywords: easy

Created on 2009-08-11 16:17 by shubes, last changed 2013-11-11 19:03 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
bug6683-patch.txt akuchling, 2012-11-03 18:46 review
Messages (8)
msg91478 - (view) Author: Eric Shubert (shubes) Date: 2009-08-11 16:17
The login method in smtplib.py tries only one authentication mechanism.
There are legitimate situations where cram-md5 might fail, yet plain or
login would succeed.

RFC2554 states:
  If an AUTH command fails, the client may try another authentication
  mechanism by issuing another AUTH command.

The login method should attempt all mechanisms in preferred_auths before
returning a failure. This will make the code more robust, returning a
failure only when absolutely no authentication is possible.
msg95665 - (view) Author: Ben Standefer (aguynamedben) Date: 2009-11-24 08:27
Here is one work-around.  The default smtplib.SMTP.login() doesn't work
for StrongMail out of the box.

http://www.harelmalka.com/?p=94&cpage=1
msg97947 - (view) Author: Enrico Carlesso (Enrico.Carlesso) Date: 2010-01-17 14:22
This affects tophost.it too. Unable to login with CRAM-MD5 but plain login (as described in referenced workaround) work fine.
msg112981 - (view) Author: Gerhard Häring (ghaering) * (Python committer) Date: 2010-08-05 14:12
Fixed in r83742. I implemented this without a test case, because if we wait for a test case for this, we can wait forever (would need a SMTP server implementation in Python for the various auth methods).
msg114126 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2010-08-17 14:59
A test suite is now available for both smtpd and smtplib modules.
msg114161 - (view) Author: Gerhard Häring (ghaering) * (Python committer) Date: 2010-08-17 20:28
Wow! That's great!
msg174667 - (view) Author: A.M. Kuchling (akuchling) * (Python committer) Date: 2012-11-03 18:46
The attached patch against trunk (3.4) exercises the multiple-authentication functionality; the SMTP server advertises four different authentication methods,
and the code will try CRAM-MD5 first, which will fail, but LOGIN succeeds.

If this patch is OK, or if having a test isn't considered necessary, then this bug can be closed.
msg202640 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-11-11 19:03
New changeset 19912ad231a3 by Andrew Kuchling in branch 'default':
Closes #6683: add a test that exercises multiple authentication.
http://hg.python.org/cpython/rev/19912ad231a3
History
Date User Action Args
2013-11-11 19:03:54python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg202640

resolution: fixed
stage: test needed -> resolved
2012-11-03 18:46:19akuchlingsetfiles: + bug6683-patch.txt
nosy: + akuchling
messages: + msg174667

2010-08-17 20:28:37ghaeringsetmessages: + msg114161
2010-08-17 15:00:12giampaolo.rodolasetnosy: + alfmel
2010-08-17 14:59:47giampaolo.rodolasetnosy: + giampaolo.rodola
messages: + msg114126
2010-08-05 14:12:23ghaeringsetmessages: + msg112981
2010-01-17 14:22:27Enrico.Carlessosetnosy: + Enrico.Carlesso
messages: + msg97947
2009-11-24 08:27:12aguynamedbensetnosy: + aguynamedben
messages: + msg95665
2009-08-18 02:03:12r.david.murraysetpriority: normal
keywords: + easy
stage: test needed
versions: + Python 2.6, Python 3.1, Python 2.7, Python 3.2, - Python 2.4
2009-08-11 16:22:36ghaeringsetassignee: ghaering

nosy: + ghaering
2009-08-11 16:17:15shubescreate