diff options
Diffstat (limited to 'sleekxmpp/__init__.py')
-rw-r--r-- | sleekxmpp/__init__.py | 149 |
1 files changed, 120 insertions, 29 deletions
diff --git a/sleekxmpp/__init__.py b/sleekxmpp/__init__.py index 263f1f99..b62e35db 100644 --- a/sleekxmpp/__init__.py +++ b/sleekxmpp/__init__.py @@ -1,13 +1,12 @@ #!/usr/bin/python2.5 """ - SleekXMPP: The Sleek XMPP Library - Copyright (C) 2010 Nathanael C. Fritz - This file is part of SleekXMPP. + SleekXMPP: The Sleek XMPP Library + Copyright (C) 2010 Nathanael C. Fritz + This file is part of SleekXMPP. - See the file license.txt for copying permission. + See the file license.txt for copying permission. """ -from __future__ import absolute_import, unicode_literals from . basexmpp import basexmpp from xml.etree import cElementTree as ET from . xmlstream.xmlstream import XMLStream @@ -27,10 +26,15 @@ import sys import random import copy from . import plugins +from xml.etree.cElementTree import tostring +from xml.etree.cElementTree import Element +from cStringIO import StringIO + #from . import stanza srvsupport = True try: import dns.resolver + import dns.rdatatype except ImportError: srvsupport = False @@ -53,12 +57,14 @@ class ClientXMPP(basexmpp, XMLStream): self.plugin_config = plugin_config self.escape_quotes = escape_quotes self.set_jid(jid) + self.server = None + self.port = 5222 # not used if DNS SRV is used self.plugin_whitelist = plugin_whitelist self.auto_reconnect = True self.srvsupport = srvsupport self.password = password self.registered_features = [] - self.stream_header = """<stream:stream to='%s' xmlns:stream='http://etherx.jabber.org/streams' xmlns='%s' version='1.0'>""" % (self.server,self.default_ns) + self.stream_header = """<stream:stream to='%s' xmlns:stream='http://etherx.jabber.org/streams' xmlns='%s' version='1.0'>""" % (self.domain,self.default_ns) self.stream_footer = "</stream:stream>" #self.map_namespace('http://etherx.jabber.org/streams', 'stream') #self.map_namespace('jabber:client', '') @@ -66,8 +72,16 @@ class ClientXMPP(basexmpp, XMLStream): #TODO: Use stream state here self.authenticated = False self.sessionstarted = False - self.registerHandler(Callback('Stream Features', MatchXPath('{http://etherx.jabber.org/streams}features'), self._handleStreamFeatures, thread=True)) - self.registerHandler(Callback('Roster Update', MatchXPath('{%s}iq/{jabber:iq:roster}query' % self.default_ns), self._handleRoster, thread=True)) + self.bound = False + self.bindfail = False + self.digest_auth_started = False + XMLStream.registerHandler(self, Callback('Stream Features', MatchXPath('{http://etherx.jabber.org/streams}features'), self._handleStreamFeatures, thread=True)) + XMLStream.registerHandler(self, Callback('Roster Update', MatchXPath('{%s}iq/{jabber:iq:roster}query' % self.default_ns), self._handleRoster, thread=True)) + #SASL Auth handlers + basexmpp.add_handler(self, "<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", self.handler_sasl_digest_md5_auth, instream=True) + basexmpp.add_handler(self, "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>", self.handler_sasl_digest_md5_auth_fail, instream=True) + basexmpp.add_handler(self, "<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", self.handler_auth_success, instream=True) + basexmpp.add_handler(self, "<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", self.handler_auth_fail, instream=True) #self.registerHandler(Callback('Roster Update', MatchXMLMask("<presence xmlns='%s' type='subscribe' />" % self.default_ns), self._handlePresenceSubscribe, thread=True)) self.registerFeature("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls' />", self.handler_starttls, True) self.registerFeature("<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", self.handler_sasl_auth, True) @@ -87,12 +101,18 @@ class ClientXMPP(basexmpp, XMLStream): def get(self, key, default): return self.plugin.get(key, default) - def connect(self, address=tuple()): + def connect(self, host=None, port=None): """Connect to the Jabber Server. Attempts SRV lookup, and if it fails, uses the JID server.""" - if not address or len(address) < 2: + + if self.state['connected']: return True + + if host: + self.server = host + if port is None: port = self.port + else: if not self.srvsupport: - logging.debug("Did not supply (address, port) to connect to and no SRV support is installed (http://www.dnspython.org). Continuing to attempt connection, using server hostname from JID.") + logging.debug("Did not supply (address, port) to connect to and no SRV support is installed (http://www.dnspython.org). Continuing to attempt connection, using domain from JID.") else: logging.debug("Since no address is supplied, attempting SRV lookup.") try: @@ -113,12 +133,19 @@ class ClientXMPP(basexmpp, XMLStream): picked = random.randint(0, intmax) for priority in priorities: if picked <= priority: - address = addresses[priority] + (host,port) = addresses[priority] break - if not address: + # if SRV lookup was successful, we aren't using a particular server. + self.server = None + + if not host: # if all else fails take server from JID. - address = (self.server, 5222) - result = XMLStream.connect(self, address[0], address[1], use_tls=True) + (host,port) = (self.domain, self.port) + self.server = None + + logging.debug('Attempting connection to %s:%d', host, port ) + #TODO option to not use TLS? + result = XMLStream.connect(self, host, port, use_tls=True) if result: self.event("connected") else: @@ -129,12 +156,12 @@ class ClientXMPP(basexmpp, XMLStream): # overriding reconnect and disconnect so that we can get some events # should events be part of or required by xmlstream? Maybe that would be cleaner def reconnect(self): - logging.info("Reconnecting") - self.event("disconnected") - XMLStream.reconnect(self) + self.disconnect(reconnect=True) - def disconnect(self, init=True, close=False, reconnect=False): + def disconnect(self, reconnect=False): self.event("disconnected") + self.authenticated = False + self.sessionstarted = False XMLStream.disconnect(self, reconnect) def registerFeature(self, mask, pointer, breaker = False): @@ -155,6 +182,7 @@ class ClientXMPP(basexmpp, XMLStream): self._handleRoster(iq, request=True) def _handleStreamFeatures(self, features): + logging.debug('handling stream features') self.features = [] for sub in features.xml: self.features.append(sub.tag) @@ -162,13 +190,17 @@ class ClientXMPP(basexmpp, XMLStream): for feature in self.registered_features: if feature[0].match(subelement): #if self.maskcmp(subelement, feature[0], True): + # This calls the feature handler & optionally breaks if feature[1](subelement) and feature[2]: #if breaker, don't continue return True def handler_starttls(self, xml): + logging.debug( 'TLS start handler; SSL support: %s', self.ssl_support ) if not self.authenticated and self.ssl_support: - self.add_handler("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls' />", self.handler_tls_start, instream=True) - self.sendXML(xml) + _stanza = "<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls' />" + if not self.event_handlers.get(_stanza,None): # don't add handler > once + self.add_handler( _stanza, self.handler_tls_start, instream=True ) + self.sendPriorityRaw(self.tostring(xml)) return True else: logging.warning("The module tlslite is required in to some servers, and has not been found.") @@ -183,17 +215,17 @@ class ClientXMPP(basexmpp, XMLStream): if '{urn:ietf:params:xml:ns:xmpp-tls}starttls' in self.features: return False logging.debug("Starting SASL Auth") - self.add_handler("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", self.handler_auth_success, instream=True) - self.add_handler("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", self.handler_auth_fail, instream=True) sasl_mechs = xml.findall('{urn:ietf:params:xml:ns:xmpp-sasl}mechanism') if len(sasl_mechs): for sasl_mech in sasl_mechs: self.features.append("sasl:%s" % sasl_mech.text) - if 'sasl:PLAIN' in self.features: + if 'sasl:DIGEST-MD5' in self.features: + self.sendPriorityRaw("""<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'/>""") + elif 'sasl:PLAIN' in self.features: if sys.version_info < (3,0): - self.send("""<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>%s</auth>""" % base64.b64encode(b'\x00' + bytes(self.username) + b'\x00' + bytes(self.password)).decode('utf-8')) + self.sendPriorityRaw("""<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>%s</auth>""" % base64.b64encode(b'\x00' + bytes(self.username) + b'\x00' + bytes(self.password)).decode('utf-8')) else: - self.send("""<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>%s</auth>""" % base64.b64encode(b'\x00' + bytes(self.username, 'utf-8') + b'\x00' + bytes(self.password, 'utf-8')).decode('utf-8')) + self.sendPriorityRaw("""<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>%s</auth>""" % base64.b64encode(b'\x00' + bytes(self.username, 'utf-8') + b'\x00' + bytes(self.password, 'utf-8')).decode('utf-8')) else: logging.error("No appropriate login method.") self.disconnect() @@ -201,13 +233,50 @@ class ClientXMPP(basexmpp, XMLStream): # self._auth_digestmd5() return True + def handler_sasl_digest_md5_auth(self, xml): + logging.debug(tostring(xml)) + logging.debug(xml) + logging.debug(type(xml).__name__) + + if self.digest_auth_started == False: + challenge = [item.split('=', 1) for item in base64.b64decode(xml.text).replace("\"", "").split(',', 6) ] + challenge = dict(challenge) + logging.debug(challenge) + + #Realm, nonce, qop should all be present + if not challenge['realm'] or not challenge['qop'] or not challenge['nonce']: + logging.error("Error during digest-md5 authentication. Challenge missing critical information. Challenge: %s" %base64.b64decode(xml.text)) + self.disconnect() + self.event("failed_auth") + return + #TODO: charset can be either UTF-8 or if not present use ISO 8859-1 defaulting for UTF-8 for now + #Compute the cnonce - a unique hex string only used in this request + cnonce = "" + for i in range(7): + cnonce+=hex(int(random.random()*65536*4096))[2:] + cnonce = base64.encodestring(cnonce)[0:-1] + a1 = md5("%s:%s:%s" % (self.username, self.domain, self.password)) + a1 = "%s:%s:%s" %(a1, challenge["nonce"], cnonce ) + a2 = "AUTHENTICATE:xmpp/%s" %self.domain + responseHash = md5digest("%s:%s:00000001:%s:auth:%s" %(md5digest(a1), challenge["nonce"], cnonce, md5digest(a2) ) ) + response = '''charset=utf-8,username="%s",realm="%s",nonce="%s",nc=00000001,cnonce="%s",digest-uri="%s",response=%s,qop=%s,''' %(self.username, self.domain, challenge["nonce"], cnonce, "xmpp/%s" % self.domain, responseHash, challenge["qop"]) + self.sendPriorityRaw("""<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>%s</response>""" %base64.encodestring(response)[:-1]) + else: + logging.warn("handler_sasl_digest_md5_auth called while digest_auth_started is True (has already begun)") + + def handler_sasl_digest_md5_auth_fail(self, xml): + self.digest_auth_started = False + self.handler_auth_fail(xml) + def handler_auth_success(self, xml): + logging.debug("Authentication successful.") self.authenticated = True self.features = [] raise RestartStream() def handler_auth_fail(self, xml): - logging.info("Authentication failed.") + logging.warning("Authentication failed.") + logging.debug(tostring(xml, 'utf-8')) self.disconnect() self.event("failed_auth") @@ -221,19 +290,23 @@ class ClientXMPP(basexmpp, XMLStream): response = iq.send() #response = self.send(iq, self.Iq(sid=iq['id'])) self.set_jid(response.xml.find('{urn:ietf:params:xml:ns:xmpp-bind}bind/{urn:ietf:params:xml:ns:xmpp-bind}jid').text) + self.bound = True logging.info("Node set to: %s" % self.fulljid) - if "{urn:ietf:params:xml:ns:xmpp-session}session" not in self.features: + if "{urn:ietf:params:xml:ns:xmpp-session}session" not in self.features or self.bindfail: logging.debug("Established Session") self.sessionstarted = True self.event("session_start") def handler_start_session(self, xml): - if self.authenticated: + if self.authenticated and self.bound: iq = self.makeIqSet(xml) response = iq.send() logging.debug("Established Session") self.sessionstarted = True self.event("session_start") + else: + #bind probably hasn't happened yet + self.bindfail = True def _handleRoster(self, iq, request=False): if iq['type'] == 'set' or (iq['type'] == 'result' and request): @@ -244,3 +317,21 @@ class ClientXMPP(basexmpp, XMLStream): if iq['type'] == 'set': self.send(self.Iq().setValues({'type': 'result', 'id': iq['id']}).enable('roster')) self.event("roster_update", iq) + +def md5(data): + try: + import hashlib + md5 = hashlib.md5(data) + except ImportError: + import md5 + md5 = md5.new(data) + return md5.digest() + +def md5digest(data): + try: + import hashlib + md5 = hashlib.md5(data) + except ImportError: + import md5 + md5 = md5.new(data) + return md5.hexdigest() |