2011-06-30 22:40:22 +00:00
|
|
|
"""
|
|
|
|
SleekXMPP: The Sleek XMPP Library
|
2011-07-03 05:49:34 +00:00
|
|
|
Copyright (C) 2011 Nathanael C. Fritz
|
2011-06-30 22:40:22 +00:00
|
|
|
This file is part of SleekXMPP.
|
|
|
|
|
|
|
|
See the file LICENSE for copying permission.
|
|
|
|
"""
|
|
|
|
|
|
|
|
import logging
|
|
|
|
|
2011-08-04 00:00:51 +00:00
|
|
|
from sleekxmpp.thirdparty import suelta
|
|
|
|
|
2011-07-03 06:09:29 +00:00
|
|
|
from sleekxmpp.stanza import StreamFeatures
|
|
|
|
from sleekxmpp.xmlstream import RestartStream, register_stanza_plugin
|
2011-06-30 22:40:22 +00:00
|
|
|
from sleekxmpp.xmlstream.matcher import *
|
|
|
|
from sleekxmpp.xmlstream.handler import *
|
|
|
|
from sleekxmpp.plugins.base import base_plugin
|
2011-07-03 04:43:02 +00:00
|
|
|
from sleekxmpp.features.feature_mechanisms import stanza
|
2011-06-30 22:40:22 +00:00
|
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
class feature_mechanisms(base_plugin):
|
|
|
|
|
|
|
|
def plugin_init(self):
|
|
|
|
self.name = 'SASL Mechanisms'
|
|
|
|
self.rfc = '6120'
|
|
|
|
self.description = "SASL Stream Feature"
|
2011-07-03 04:43:02 +00:00
|
|
|
self.stanza = stanza
|
2011-06-30 22:40:22 +00:00
|
|
|
|
2011-08-09 07:51:49 +00:00
|
|
|
self.use_mech = self.config.get('use_mech', None)
|
|
|
|
|
2011-08-04 00:00:51 +00:00
|
|
|
def tls_active():
|
|
|
|
return 'starttls' in self.xmpp.features
|
|
|
|
|
|
|
|
def basic_callback(mech, values):
|
|
|
|
if 'username' in values:
|
|
|
|
values['username'] = self.xmpp.boundjid.user
|
|
|
|
if 'password' in values:
|
|
|
|
values['password'] = self.xmpp.password
|
2012-01-07 04:31:58 +00:00
|
|
|
if 'access_token' in values:
|
|
|
|
values['access_token'] = self.xmpp.password
|
2011-08-04 00:00:51 +00:00
|
|
|
mech.fulfill(values)
|
|
|
|
|
|
|
|
sasl_callback = self.config.get('sasl_callback', None)
|
|
|
|
if sasl_callback is None:
|
|
|
|
sasl_callback = basic_callback
|
|
|
|
|
|
|
|
self.mech = None
|
|
|
|
self.sasl = suelta.SASL(self.xmpp.boundjid.domain, 'xmpp',
|
|
|
|
username=self.xmpp.boundjid.user,
|
|
|
|
sec_query=suelta.sec_query_allow,
|
|
|
|
request_values=sasl_callback,
|
2011-08-09 07:51:49 +00:00
|
|
|
tls_active=tls_active,
|
|
|
|
mech=self.use_mech)
|
2011-08-04 00:00:51 +00:00
|
|
|
|
2011-07-03 06:09:29 +00:00
|
|
|
register_stanza_plugin(StreamFeatures, stanza.Mechanisms)
|
2011-08-04 00:00:51 +00:00
|
|
|
|
2011-07-03 04:43:02 +00:00
|
|
|
self.xmpp.register_stanza(stanza.Success)
|
|
|
|
self.xmpp.register_stanza(stanza.Failure)
|
|
|
|
self.xmpp.register_stanza(stanza.Auth)
|
2011-08-04 00:00:51 +00:00
|
|
|
self.xmpp.register_stanza(stanza.Challenge)
|
|
|
|
self.xmpp.register_stanza(stanza.Response)
|
2011-06-30 22:40:22 +00:00
|
|
|
|
|
|
|
self.xmpp.register_handler(
|
|
|
|
Callback('SASL Success',
|
2011-07-03 04:43:02 +00:00
|
|
|
MatchXPath(stanza.Success.tag_name()),
|
2011-06-30 22:40:22 +00:00
|
|
|
self._handle_success,
|
|
|
|
instream=True,
|
|
|
|
once=True))
|
|
|
|
self.xmpp.register_handler(
|
|
|
|
Callback('SASL Failure',
|
2011-07-03 04:43:02 +00:00
|
|
|
MatchXPath(stanza.Failure.tag_name()),
|
2011-06-30 22:40:22 +00:00
|
|
|
self._handle_fail,
|
|
|
|
instream=True,
|
|
|
|
once=True))
|
2011-08-04 00:00:51 +00:00
|
|
|
self.xmpp.register_handler(
|
|
|
|
Callback('SASL Challenge',
|
|
|
|
MatchXPath(stanza.Challenge.tag_name()),
|
|
|
|
self._handle_challenge))
|
2011-06-30 22:40:22 +00:00
|
|
|
|
|
|
|
self.xmpp.register_feature('mechanisms',
|
|
|
|
self._handle_sasl_auth,
|
|
|
|
restart=True,
|
|
|
|
order=self.config.get('order', 100))
|
|
|
|
|
|
|
|
def _handle_sasl_auth(self, features):
|
|
|
|
"""
|
|
|
|
Handle authenticating using SASL.
|
|
|
|
|
|
|
|
Arguments:
|
|
|
|
features -- The stream features stanza.
|
|
|
|
"""
|
2011-07-03 05:30:34 +00:00
|
|
|
if 'mechanisms' in self.xmpp.features:
|
|
|
|
# SASL authentication has already succeeded, but the
|
|
|
|
# server has incorrectly offered it again.
|
|
|
|
return False
|
|
|
|
|
2011-08-04 00:00:51 +00:00
|
|
|
mech_list = features['mechanisms']
|
|
|
|
self.mech = self.sasl.choose_mechanism(mech_list)
|
|
|
|
|
|
|
|
if self.mech is not None:
|
|
|
|
resp = stanza.Auth(self.xmpp)
|
|
|
|
resp['mechanism'] = self.mech.name
|
|
|
|
resp['value'] = self.mech.process()
|
|
|
|
resp.send(now=True)
|
2011-06-30 22:40:22 +00:00
|
|
|
else:
|
|
|
|
log.error("No appropriate login method.")
|
|
|
|
self.xmpp.event("no_auth", direct=True)
|
|
|
|
self.xmpp.disconnect()
|
|
|
|
return True
|
|
|
|
|
2011-08-04 00:00:51 +00:00
|
|
|
def _handle_challenge(self, stanza):
|
|
|
|
"""SASL challenge received. Process and send response."""
|
|
|
|
resp = self.stanza.Response(self.xmpp)
|
|
|
|
resp['value'] = self.mech.process(stanza['value'])
|
|
|
|
resp.send(now=True)
|
|
|
|
|
2011-06-30 22:40:22 +00:00
|
|
|
def _handle_success(self, stanza):
|
|
|
|
"""SASL authentication succeeded. Restart the stream."""
|
|
|
|
self.xmpp.authenticated = True
|
2011-07-03 05:30:34 +00:00
|
|
|
self.xmpp.features.add('mechanisms')
|
2011-06-30 22:40:22 +00:00
|
|
|
raise RestartStream()
|
|
|
|
|
|
|
|
def _handle_fail(self, stanza):
|
|
|
|
"""SASL authentication failed. Disconnect and shutdown."""
|
2011-11-19 20:07:57 +00:00
|
|
|
log.info("Authentication failed: %s", stanza['condition'])
|
2011-07-03 06:09:29 +00:00
|
|
|
self.xmpp.event("failed_auth", stanza, direct=True)
|
2011-06-30 22:40:22 +00:00
|
|
|
self.xmpp.disconnect()
|
|
|
|
return True
|