summaryrefslogtreecommitdiff
path: root/sleekxmpp/features/feature_mechanisms/mechanisms.py
diff options
context:
space:
mode:
Diffstat (limited to 'sleekxmpp/features/feature_mechanisms/mechanisms.py')
-rw-r--r--sleekxmpp/features/feature_mechanisms/mechanisms.py46
1 files changed, 24 insertions, 22 deletions
diff --git a/sleekxmpp/features/feature_mechanisms/mechanisms.py b/sleekxmpp/features/feature_mechanisms/mechanisms.py
index b480d5be..1d8f8798 100644
--- a/sleekxmpp/features/feature_mechanisms/mechanisms.py
+++ b/sleekxmpp/features/feature_mechanisms/mechanisms.py
@@ -6,7 +6,6 @@
See the file LICENSE for copying permission.
"""
-import sys
import ssl
import logging
@@ -44,15 +43,16 @@ class FeatureMechanisms(BasePlugin):
}
def plugin_init(self):
- if not self.use_mech and not self.xmpp.requested_jid.user:
- self.use_mech = 'ANONYMOUS'
-
if self.sasl_callback is None:
self.sasl_callback = self._default_credentials
if self.security_callback is None:
self.security_callback = self._default_security
+ creds = self.sasl_callback(set(['username']), set())
+ if not self.use_mech and not creds['username']:
+ self.use_mech = 'ANONYMOUS'
+
self.mech = None
self.mech_list = set()
self.attempted_mechs = set()
@@ -92,27 +92,26 @@ class FeatureMechanisms(BasePlugin):
values = required_values.union(optional_values)
for value in values:
if value == 'username':
- result[value] = self.xmpp.requested_jid.user
- elif value == 'password':
- result[value] = creds['password']
- elif value == 'authzid':
- result[value] = creds.get('authzid', '')
+ result[value] = creds.get('username', self.xmpp.requested_jid.user)
elif value == 'email':
jid = self.xmpp.requested_jid.bare
result[value] = creds.get('email', jid)
elif value == 'channel_binding':
- if sys.version_info >= (3, 3):
+ if hasattr(self.xmpp.socket, 'get_channel_binding'):
result[value] = self.xmpp.socket.get_channel_binding()
else:
+ log.debug("Channel binding not supported.")
+ log.debug("Use Python 3.3+ for channel binding and " + \
+ "SCRAM-SHA-1-PLUS support")
result[value] = None
elif value == 'host':
- result[value] = self.xmpp.requested_jid.domain
+ result[value] = creds.get('host', self.xmpp.requested_jid.domain)
elif value == 'realm':
- result[value] = self.xmpp.requested_jid.domain
+ result[value] = creds.get('realm', self.xmpp.requested_jid.domain)
elif value == 'service-name':
- result[value] = self.xmpp._service_name
+ result[value] = creds.get('service-name', self.xmpp._service_name)
elif value == 'service':
- result[value] = 'xmpp'
+ result[value] = creds.get('service', 'xmpp')
elif value in creds:
result[value] = creds[value]
return result
@@ -174,8 +173,12 @@ class FeatureMechanisms(BasePlugin):
except sasl.SASLNoAppropriateMechanism:
log.error("No appropriate login method.")
self.xmpp.event("no_auth", direct=True)
+ self.xmpp.event("failed_auth", direct=True)
self.attempted_mechs = set()
return self.xmpp.disconnect()
+ except StringPrepError:
+ log.exception("A credential value did not pass SASLprep.")
+ self.xmpp.disconnect()
resp = stanza.Auth(self.xmpp)
resp['mechanism'] = self.mech.name
@@ -184,17 +187,14 @@ class FeatureMechanisms(BasePlugin):
except sasl.SASLCancelled:
self.attempted_mechs.add(self.mech.name)
self._send_auth()
- except sasl.SASLFailed:
- self.attempted_mechs.add(self.mech.name)
- self._send_auth()
except sasl.SASLMutualAuthFailed:
log.error("Mutual authentication failed! " + \
"A security breach is possible.")
self.attempted_mechs.add(self.mech.name)
self.xmpp.disconnect()
- except StringPrepError:
- log.exception("A credential value did not pass SASLprep.")
- self.xmpp.disconnect()
+ except sasl.SASLFailed:
+ self.attempted_mechs.add(self.mech.name)
+ self._send_auth()
else:
resp.send(now=True)
@@ -207,14 +207,16 @@ class FeatureMechanisms(BasePlugin):
resp['value'] = self.mech.process(stanza['value'])
except sasl.SASLCancelled:
self.stanza.Abort(self.xmpp).send()
- except sasl.SASLFailed:
- self.stanza.Abort(self.xmpp).send()
except sasl.SASLMutualAuthFailed:
log.error("Mutual authentication failed! " + \
"A security breach is possible.")
self.attempted_mechs.add(self.mech.name)
self.xmpp.disconnect()
+ except sasl.SASLFailed:
+ self.stanza.Abort(self.xmpp).send()
else:
+ if resp.get_value() == '':
+ resp.del_value()
resp.send(now=True)
def _handle_success(self, stanza):