Closed Bug 701474 Opened 13 years ago Closed 3 years ago

Can't enter new password for SMTP password change at server and for bad password entering by mistake

Categories

(MailNews Core :: Networking: SMTP, defect)

Product:
MailNews Core
Component:
Networking: SMTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: paul.verket+moz.bug, Unassigned)

References

Details

Attachments

(3 files)

Pop up windows
44.02 KB, image/png
Details
SMTP log for bad password, then failed entry of revised passowrd
12.52 KB, text/plain
Details
smtp log with additional logging
61.24 KB, text/plain
Details
Attached image Pop up windows 
User Agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Build ID: 20111008085056

Steps to reproduce:

- In prior usage, save the SMTP password to the password manager 
- Change password to SMTP server outside of Thunderbird
- Start Thunderbird 7.0.1 (Ubuntu 11.10) and reply to mail
- Click send. 


Actual results:

- The "Sending Messages" window/progress bar comes up.
- A short while later a second pop up appears "Login failed" with buttons for enter new password, Cancel and retry.
- Click "Enter New Password"
- "Login failed" pop up disappears but the "sending messages" pop up remains.
- A short while later the "Login failed" pop up reappears without ever having prompted for a new password.


Expected results:

- A windows allowing me to change my SMTP password should have appeared before retrying to send my mail
- Workaround is to open Preferences-->Security-->Passwords-->Saved Passwords..., find the smtp server and remove the entry.
- Save the mail as a draft and close.
- Edit the draft and send.
- You will get the sending messages pop up and login failed pop up again.
- This time the "Enter new password" will work.
- Enter the updated password and save the password to the password manager
(In reply to Paul from comment #0)
See bug 391090.
Thanks for the pointer -- I missed it when searching. The situation seems to have improved since that bug in that I'm getting prompted whether to change the password. It's just that the "Enter New Password" button is ignored unless I first remove the saved password though preferences.
Perhaps problem stated in bug 155172 comment #27 and SMTP version of bug 	429069 or bug 490140 or bug 505481 on POP3. Setting dependency to Bug 533006.

If SMTP version of these bugs, even when old/wrong password is removed and new password is prompted, password may not be re-prompted if wrong password is entered at the first password dialog.
Is new password prompted when bad password is entered at password dialog in your case?
Component: General → Networking: SMTP
Depends on: 533006
Product: Thunderbird → MailNews Core
QA Contact: general → networking.smtp
Status: UNCONFIRMED → NEW
Ever confirmed: true
Bug 533006 was for POP3 only. Removing dependency to it.
No longer depends on: 533006
See Also: → 533006
(In reply to WADA from comment #3)
> Perhaps problem stated in bug 155172 comment #27 and SMTP version of bug 
> 429069 or bug 490140 or bug 505481 on POP3. Setting dependency to Bug 533006.
> 
> If SMTP version of these bugs, even when old/wrong password is removed and
> new password is prompted, password may not be re-prompted if wrong password
> is entered at the first password dialog.
> Is new password prompted when bad password is entered at password dialog in
> your case?

- Removed SMTP password through preferences
- Restarted Thunderbird
- Compose/send mail
- Was prompted for password, entered bad password and with save checked
- Got into same state as the original bug report, that is, "Login failed" pop up with buttons for enter new password appears but the new password button is ignored and the login failed pop up reappears.
(In reply to Paul from comment #5)
> - Got into same state as the original bug report, that is,
> "Login failed" pop up with buttons for enter new password appears
>  but the new password button is ignored and the login failed pop up reappears.

I couldn't see it with Gmail's SMTP server and Tb 8 on Win. If wrong password is typed at prompt, dialog is shown, and when New Password is requested, password is prompted again. And it continued until correct password is entered at password prompt.
So, similar issue such as "silent connection kill by server" is probably involved in your case.
However, SMTP case seems different from POP3 case, even if it looks very similar and same cause is involved.

If you'll have time, get SMTP log with timestamp for the entering bad password case, and attach log file to this bug, please.
Because your original problem is alreay bypassed by clear saved password, and because it'll take long to resolve problem even if log is available as seen in POP3 cases, no need to hurry up.
> https://wiki.mozilla.org/MailNews:Logging
> Win example : SET NSPR_LOG_MODULES=timestamp,smtp:5
> SMTP command/response : http://tools.ietf.org/html/rfc2821
Remove/replace personal information from log file, and don't paste log data if data is long, please.
Summary: Can't enter new password for SMTP password change → Can't enter new password for SMTP password change at server and for bad password entering by mistake
According to log, rough flow is next.
(1) Greeting from SMTP server
> 2011-11-12 01:14:38.814950 UTC  SMTP Response: 220 XXX.com Microsoft ESMTP MAIL Service ready at Fri, 11 Nov 2011 19:14:38 -0600
(2) After StartTLS and trying of some methods, PLAIN/LOGIN, authentication fails.
    It looks old password is used and is obsolete, i.e. changed at server,
    because log for "prompt" nor "ask" is not seen before login and 535.
> 2011-11-12 01:14:46.640686 UTC  SMTP AuthLoginStep2
> 2011-11-12 01:14:46.640694 UTC  PLAIN/LOGIN auth, step 2
> 2011-11-12 01:14:46.640704 UTC  Logging suppressed for this command (it probably contained authentication information)
> 2011-11-12 01:14:51.766177 UTC  SMTP Response: 535 5.7.3 Authentication unsuccessful
(3) Server looks stil kept, even after authentication fails.
(4) Ask you, New Password is requested
> 2011-11-12 01:14:51.766257 UTC  no auth method remaining
> 2011-11-12 01:14:51.766262 UTC  SMTP: ask user what to do (after login failed): new password, retry or cancel
> 2011-11-12 01:14:53.755009 UTC  new password button pressed
(5) New password is perhaps prompted, and bad password is perhaps entered.
(6) Trying of some methods, and PLAIN/LOGIN, authentication fails.
> 2011-11-12 01:14:53.858872 UTC  SMTP AuthLoginStep2
> 2011-11-12 01:14:53.858880 UTC  PLAIN/LOGIN auth, step 2
> 2011-11-12 01:14:53.858888 UTC  Logging suppressed for this command (it probably contained authentication information)
> 2011-11-12 01:14:58.875203 UTC  SMTP entering state: 0
> 2011-11-12 01:14:58.875263 UTC  SMTP Response: 535 5.7.3 Authentication unsuccessful
(7) Ask you, New Password is requested, and you requested Cancel
> 2011-11-12 01:14:58.875322 UTC  no auth method remaining
> 2011-11-12 01:14:58.875328 UTC  SMTP: ask user what to do (after login failed): new password, retry or cancel
> 2011-11-12 01:15:01.274041 UTC  cancel button pressed
(8) Because Cancel request, QUIT
> 2011-11-12 01:15:01.274175 UTC  SMTP Send: QUIT

As it looks for me "you requested cancel" at second ask, it looks normal.
Tb may not write log for "password prompt" if SMTP.
At which step was password prompted? What was your test procedure?
Sorry for being *way* too terse.

- Removed SMTP password through preferences
- Set env vars and restarted Thunderbird
- Compose/send mail
- Was prompted for password, entered bad password with save checked
- "Login failed" pop up with buttons for enter new password appears
- new password button is ignored and the login failed pop up reappears.
- hit cancel.

Sorry but I didn't note what log entries corresponded to my actions but I can do it again if that'd help.
Following is log with next parameter.
> SET NSPR_LOG_MODULES=smtp:5,DOMLeak:5,DocumentLeak:5,nsDocShellLeak:5
DOM... are for leak detector, and it's write internal load etc.
With it, dialog open can be tracked by NSPR log.

Next log is for same test as yours, and first password prompt was shown between "SMTP AuthLoginStep1() for ..." and first atempt of login("PLAIN auth", "Logging suppressed ...").  
> SMTP AuthLoginStep1() for {userid}@{garbled_string}
> DOCSHELL 8bc7400 created
> DOCSHELL 8bc7400 InternalLoad chrome://global/content/commonDialog.xul
> DOCUMENT 9219800 created
> DOCUMENT 9219800 ResetToURI about:blank
> DOCSHELL 8bc7400 SetCurrentURI about:blank
> DOCUMENT a62c800 created
> DOCSHELL 8bc7400 SetCurrentURI chrome://global/content/commonDialog.xul
> DOCUMENT 9219800 destroyed
> DOCSHELL 8bc7400 destroyed
> PLAIN auth
> Logging suppressed for this command (it probably contained authentication information)
> SMTP entering state: 0
> SMTP Response: 235 2.7.0 Accepted

After login error due to bad password, log like next is written.
> SMTP: ask user what to do (after login failed): new password, retry or cancel
> (logs for internalroad of dialog panel for asking action)
> (password is also prompted in this phase)
> new password button pressed
Because same dialog panel is used for "asking action" and "prompt of password", "password is promted not" can not be known by log only. 
Please complement such lacking information by your description about such as test procedure, your observation.
With Gmail SMTP, I saw next phenomenon.
(1) SMTP send with correct password. Send is successful. Password is saved.
(2) Tools/Options/Security/Password, Saved Password, remove smtp: entry for the SMTP server.
(3) Send mail => Even though passward was already deleted from signons.sqlite by Password Manager, Tb never prompted for password, and send was always successfull.
It indicates that Tb uses previously used password which is held in somewhere without checking saved password entry.

This is perhaps one of cause of "no password prompt even though New Password is requested at action dialog" in your case.
Correct interpretation of your log.
(1) Greeting from SMTP server
> 2011-11-12 01:14:38.814950 UTC  SMTP Response: 220 XXX.com Microsoft ESMTP MAIL Service ready at Fri, 11 Nov 2011 19:14:38 -0600
(2) After StartTLS, password is prompted before first atempt of login, because password is not saed. Bad password is entered at the prompt. 
(3) After trial of some methods, LAIN/LOGIN, authentication fails due to bad password.
> 2011-11-12 01:14:46.640686 UTC  SMTP AuthLoginStep2
> 2011-11-12 01:14:46.640694 UTC  PLAIN/LOGIN auth, step 2
> 2011-11-12 01:14:46.640704 UTC  Logging suppressed for this command (it probably contained authentication information)
> 2011-11-12 01:14:51.766177 UTC  SMTP Response: 535 5.7.3 Authentication unsuccessful
(4) Server connection is still kept as expected even after authentication failure.
(5) Ask you for action. New Password is requested.
> 2011-11-12 01:14:51.766257 UTC  no auth method remaining
> 2011-11-12 01:14:51.766262 UTC  SMTP: ask user what to do (after login failed): new password, retry or cancel
(6) Even though New Password is requested, password is not prompted by Tb.
> 2011-11-12 01:14:53.755009 UTC  new password button pressed
(7) Using bad password entered at step (2), try some methods, and PLAIN/LOGIN, authentication fails due to bad password.
> 2011-11-12 01:14:53.858872 UTC  SMTP AuthLoginStep2
> 2011-11-12 01:14:53.858880 UTC  PLAIN/LOGIN auth, step 2
> 2011-11-12 01:14:53.858888 UTC  Logging suppressed for this command (it probably contained authentication information)
> 2011-11-12 01:14:58.875203 UTC  SMTP entering state: 0
> 2011-11-12 01:14:58.875263 UTC  SMTP Response: 535 5.7.3 Authentication unsuccessful
(8) Ask you for action, you requested Cancel
> 2011-11-12 01:14:58.875322 UTC  no auth method remaining
> 2011-11-12 01:14:58.875328 UTC  SMTP: ask user what to do (after login failed): new password, retry or cancel
> 2011-11-12 01:15:01.274041 UTC  cancel button pressed
(9) Because Cancel request, QUIT
> 2011-11-12 01:15:01.274175 UTC  SMTP Send: QUIT
Following was log with DOMLeak:5,DocumentLeak:5,nsDocShellLeak:5, using Gmail's SMTP. Different InternalLoad was actually logged for "action dalog" and "password prompt".
So, "no password dialog" can be tracked by NSPR log only.
Sorry for my confusion in log viewing.

(1) login failure due to bad password
> no auth method remaining
> SMTP: ask user what to do (after login failed): new password, retry or cancel
> DOCSHELL 92a7a00 InternalLoad chrome://global/content/commonDialog.xul
> DOCSHELL 92a7a00 SetCurrentURI chrome://global/content/commonDialog.xul
(2) Action dialog is shown at here
(3) Reply New Password
> new password button pressed
> marking auth method 0x800 failed
> marking auth method 0x400 failed
> SMTP: login failed: failed C00, current 0
> SMTP entering state: 21
> SMTP auth: server caps 0x10310, pref 0x300, failed 0xC00, avail caps 0x300
> (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN =  0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
> trying auth method 0x200
> SMTP entering state: 16
> SMTP AuthLoginStep1() for {userid}@{garbled_servername}
(4) Password prompt is shown at here, because of New Password request
> DOCSHELL 92a7a00 InternalLoad chrome://global/content/commonDialog.xul
> DOCSHELL 92a7a00 SetCurrentURI chrome://global/content/commonDialog.xul
(5) Enter password (bad or correct is irrelevant, if Gmail)
> PLAIN auth
> Logging suppressed for this command (it probably contained authentication information)

Get NSPR log with next parameter. You can see latest log line when dialog is shown by viewing log file, as "sync" parameter is for "no buffering of log data in log writing". 
> SET NSPR_LOG_MODULES=timestamp,sync,smtp:5,DOMLeak:5,DocumentLeak:5,nsDocShellLeak:5
(In reply to WADA from comment #11)
> (3) Send mail => Even though passward was already deleted from
> signons.sqlite by Password Manager, Tb never prompted for password, and send
> was always successfull.
> It indicates that Tb uses previously used password which is held in
> somewhere without checking saved password entry.
> 
> This is perhaps one of cause of "no password prompt even though New Password
> is requested at action dialog" in your case.

I've noticed this behavior too -- that's why I always had the "Restart TB in the above scenarios".
(In reply to WADA from comment #13)
> Get NSPR log with next parameter. You can see latest log line when dialog is
> shown by viewing log file, as "sync" parameter is for "no buffering of log
> data in log writing". 
> > SET NSPR_LOG_MODULES=timestamp,sync,smtp:5,DOMLeak:5,DocumentLeak:5,nsDocShellLeak:5

FYI, I'll be away from that machine for a week but will do this as soon as I get back. Thanks for all the help!
SMTP log with NSPR_LOG_MODULES timestamp,sync,smtp:5,DOMLeak:5,DocumentLeak:5,nsDocShellLeak:5
and inline comments on UI actions taken. After a bad password is entered, subsequent password requests don't display the UI.
When I type the password in notepad on windows and paste it into the TB password windows. Thunderbird now accept it! But if I manually type the password into the TB password windows. The password is not accepted...
(In reply to gagne.patrick from comment #17)
> When I type the password in notepad on windows and paste it into the TB
> password windows. Thunderbird now accept it! But if I manually type the
> password into the TB password windows. The password is not accepted...

Non 7bits-ascii password, isn't it?
When pasted from notepad and login was successful, what string is shown as saved password by Tb's Password Manager? 

If you actually typed correctly, and if non 7bits-ascii password, it's perhaps following;
  Non 7bits-ascii, then notepad uses utf-8 in text editing.
  By copy&paste, utf-8 binary is pasted to Tb's password field.
  Because the utf-8 binary is correct binary of windows-1252, iso-8859-1
  etc., it is passed to server as-is.
  If typed at Tb's password field, typed data is windows-1252,
  iso-8859-1 etc. Because binary of windows-1252, iso-8859-1 etc.,
  which is not utf-8 what server expects, sever rejects it as "wrong
  password".
Similar phenomenon was reported to other bug on "non-ascii username of news server etc. in prefs.js".

As for "password in SMTP, POP3, IMAP", IIRC, only 7bits-ascii is officially defined, even though utf-8 is referred for some kind of "authentication string" in some RFCs.

If "non 7bits-ascii password" and "server's expectation == utf-8 binary" case, open separate bug after search bugzilla.mozilla.org well, please.
(In reply to WADA from comment #18)
> (In reply to gagne.patrick from comment #17)
> > When I type the password in notepad on windows and paste it into the TB
> > password windows. Thunderbird now accept it! But if I manually type the
> > password into the TB password windows. The password is not accepted...
> 
> Non 7bits-ascii password, isn't it?
> When pasted from notepad and login was successful, what string is shown as
> saved password by Tb's Password Manager? 
> 
> If you actually typed correctly, and if non 7bits-ascii password, it's
> perhaps following;
>   Non 7bits-ascii, then notepad uses utf-8 in text editing.
>   By copy&paste, utf-8 binary is pasted to Tb's password field.
>   Because the utf-8 binary is correct binary of windows-1252, iso-8859-1
>   etc., it is passed to server as-is.
>   If typed at Tb's password field, typed data is windows-1252,
>   iso-8859-1 etc. Because binary of windows-1252, iso-8859-1 etc.,
>   which is not utf-8 what server expects, sever rejects it as "wrong
>   password".
> Similar phenomenon was reported to other bug on "non-ascii username of news
> server etc. in prefs.js".
> 
> As for "password in SMTP, POP3, IMAP", IIRC, only 7bits-ascii is officially
> defined, even though utf-8 is referred for some kind of "authentication
> string" in some RFCs.
> 
> If "non 7bits-ascii password" and "server's expectation == utf-8 binary"
> case, open separate bug after search bugzilla.mozilla.org well, please.

The password I have used was "Stargate99" so I think it's a very simple password. I also try with Start/Run in windows and type the password here and copy/paste with the same good result. I have use the same solution on others computer with success. The others users with this issu have similar password like: January00,etc.
(In reply to gagne.patrick from comment #19)
> The password I have used was "Stargate99" so I think it's a very simple
> password.(snip) 
> The others users with this issu have similar password like: January00,etc.

If 7bits-ascii only password, and if it's "not Hot mail account" or "hot mail account but password length is not grater than 16 bytes", it's simply "server killed connection just after login failure due to Bad password" and "there is no chance for Tb to try login with newly typed correct password", which is repatedly explained in this bug, isn't it?
Have you checked NSPR log with timestamp? (if SMTP, smtp:5, if POP3, pop3:5, if IMAP, imap:5, ...).
See Also: → 702991

Version 91 has all new smtp backend code. If you can still reproduce this issue, please file a new bug report https://bugzilla.mozilla.org/enter_bug.cgi?product=MailNews%20Core&component=Networking%3A%20SMTP

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: