XML RPC changes between 3.7 and 3.9 yield 401 http error

lucas lucas at bourneuf.net
Wed Feb 24 14:13:11 EST 2021 

On 24/02/2021 19:22, Chris Angelico wrote:
> On Thu, Feb 25, 2021 at 5:12 AM lucas <lucas at bourneuf.net> wrote:
>>
>> On 24/02/2021 18:48, Chris Angelico wrote:
>> I added socket.gethostbyname("wiki.example.net") (i removed the https://
>> since it, obviously now i think about it, led to a socket error)
>> in the program, so i could verify both the URL and IP are equivalent.
>>
>> I got the exact same URL and IP. To be sure, i let python run the
>> comparison instead of only relying on my eyes.
>>
>>   >>> 'https://wiki.example.net/lib/exe/xmlrpc.php?u=user&p=password' ==
>> 'https://wiki.example.net/lib/exe/xmlrpc.php?u=user&p=password'
>> True
>>   >>> 'xx.xxx.xxx.197' == 'xx.xxx.xxx.197'
>> True
> 
> Those URLs were printed out from each script, just before attempting the call?

Yes. The program is that one :

     import socket
     import xmlrpc.client as xmlrpclib
     from xml.parsers.expat import ExpatError
     from urllib.parse import urlencode

     URL = 'https://wiki.example.net'
     USER_AGENT = 'DokuWikiXMLRPC  1.0  for testing'

     script = '/lib/exe/xmlrpc.php'
     url = URL + script + '?' + urlencode({'u': USER, 'p': PASSWD})
     print(url)
     print(socket.gethostbyname('wiki.example.net'))
     # xmlrpclib.Transport.user_agent = USER_AGENT
     # xmlrpclib.SafeTransport.user_agent = USER_AGENT

     proxy = xmlrpclib.ServerProxy(url)
     v = proxy.dokuwiki.getVersion()
     print(v)


> 
>> You gave me an idea: i checked the nginx log of the server hosting the
>> dokuwiki instance, and got something of interest :
>>
>> [SERVER IP] - - [24/Feb/2021:19:08:31 +0100] "POST
>> /lib/exe/xmlrpc.php?u=[USER]&p=[PASSWORD] HTTP/1.1" 200 209 "-"
>> "Python-xmlrpc/3.7"
>> [LAPTOP IP] - - [24/Feb/2021:19:08:35 +0100] "POST /lib/exe/xmlrpc.php
>> HTTP/1.1" 401 433 "-" "Python-xmlrpc/3.9"
>>
>> It seems that the laptop is not sending the arguments, despite them
>> being fed in the python code ?
> 
> Fascinating! Well, that does at least simplify things somewhat -
> instead of "why is this coming back 401", it's "why is this not
> sending credentials".

Yes, we are going forward :)


>>
> 
> More data is always good.
> 
> ChrisA

I tested from the windows computer (Python 3.8, it appears, not 3.7 as i 
thought), and got the following nginx log:

[LAPTOP IP] - - [24/Feb/2021:20:06:42 +0100] "POST 
/lib/exe/xmlrpc.php?u=[user]&p=[password] HTTP/1.1" 200 209 "-" 
"DokuWikiXMLRPC  1.0  for testing windows"

That other laptop also had an ubuntu installed, with python 3.6.9, so i 
ran the program and got the expected output, and the following nginx log:
[LAPTOP IP] - - [24/Feb/2021:20:04:04 +0100] "POST 
/lib/exe/xmlrpc.php?u=[user]&p=[password] HTTP/1.1" 200 209 "-" 
"DokuWikiXMLRPC  1.0  for testing ubuntu"

Both accessed correctly the dokuwiki version. Unless this is a platform 
specific problem, it seems to narrow it to 3.9.

--lucas

More information about the Python-list mailing list