Message382955
Hi, I'm one of the maintainers of aio-libs/aiosmtpd.
This issue also bit me when trying to write unit tests for aio-libs/aiosmtpd AUTH implementation
But I partially disagree with Dario D'Amico's changes, specifically the suggested change in the auth_login() method.
According to draft-murchison-sasl-login-00.txt [1], the two challenges sent by the server SHOULD be ignored. The example in that document uses b"VXNlciBOYW1lAA==" and b"UGFzc3dvcmQA" (b64 of b"User Name\x00" and b"Password\x00", respectively), and this is what we have implemented in aio-libs/aiosmtpd.
Furthermore, the same document never indicated that username may be sent along with "AUTH LOGIN", so we haven't implemented that in aio-libs/aiosmtpd.
So rather than hardcoding the challenges to b"Username:" and b"Password:", a compliant SMTP client must instead _count_ the number of challenges it received.
I propose the following changes instead:
def auth(self, mechanism, authobject, *, initial_response_ok=True):
... snip ...
if initial_response is not None:
response = encode_base64(initial_response.encode('ascii'), eol='')
(code, resp) = self.docmd("AUTH", mechanism + " " + response)
self._challenge_count = 1
else:
(code, resp) = self.docmd("AUTH", mechanism)
self._challenge_count = 0
# If server responds with a challenge, send the response.
while code == 334:
self._challenge_count += 1
challenge = base64.decodebytes(resp)
... snip ...
... snip ...
def auth_login(self, challenge=None):
""" Authobject to use with LOGIN authentication. Requires self.user and
self.password to be set."""
if challenge is None or self._challenge_count < 2:
return self.user
else:
return self.password
[1] https://www.ietf.org/archive/id/draft-murchison-sasl-login-00.txt |
|
Date |
User |
Action |
Args |
2020-12-14 06:48:15 | pepoluan | set | recipients:
+ pepoluan, barry, r.david.murray, redstone-cold, Dario D'Amico, Mario Colombo |
2020-12-14 06:48:15 | pepoluan | set | messageid: <1607928495.24.0.711952359935.issue27820@roundup.psfhosted.org> |
2020-12-14 06:48:15 | pepoluan | link | issue27820 messages |
2020-12-14 06:48:14 | pepoluan | create | |
|