From 9bdb297fe27c8f00d81fb6e924abc71ec0282b95 Mon Sep 17 00:00:00 2001 From: Brian Beggs Date: Wed, 30 Jun 2010 14:44:57 -0400 Subject: basic checking for digest-md5 to make sure the necessary components are there to complete auth. If not a failed_auth event is dispatched and the socket disconnected. --- sleekxmpp/__init__.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'sleekxmpp') diff --git a/sleekxmpp/__init__.py b/sleekxmpp/__init__.py index f05e8a5f..9185c175 100644 --- a/sleekxmpp/__init__.py +++ b/sleekxmpp/__init__.py @@ -241,16 +241,17 @@ class ClientXMPP(basexmpp, XMLStream): logging.debug(type(xml).__name__) if self.digest_auth_started == False: - logging.debug(base64.b64decode(xml.text).split(',', 6)) - challenge = [item.split('=', 1) for item in base64.b64decode(xml.text).replace("\"", "").split(',', 6) ] challenge = dict(challenge) logging.debug(challenge) - #TODO: check for abort states #Realm, nonce, qop should all be present - #charset can be either UTF-8 or if not present use ISO 8859-1 - + if not challenge['realm'] or not challenge['qop'] or not challenge['nonce']: + logging.error("Error during digest-md5 authentication. Challenge missing critical information. Challenge: %s" %base64.b64decode(xml.text)) + self.disconnect() + self.event("failed_auth") + return + #TODO: charset can be either UTF-8 or if not present use ISO 8859-1 defaulting for UTF-8 for now #Compute the cnonce - a unique hex string only used in this request cnonce = "" for i in range(7): @@ -263,7 +264,7 @@ class ClientXMPP(basexmpp, XMLStream): response = '''charset=utf-8,username="%s",realm="%s",nonce="%s",nc=00000001,cnonce="%s",digest-uri="%s",response=%s,qop=%s,''' %(self.username, self.domain, challenge["nonce"], cnonce, "xmpp/%s" % self.domain, responseHash, challenge["qop"]) self.sendPriorityRaw("""%s""" %base64.encodestring(response)[:-1]) else: - pass + logging.warn("handler_sasl_digest_md5_auth called while digest_auth_started is false") def handler_sasl_digest_md5_auth_fail(self, xml): self.digest_auth_started = False -- cgit v1.2.3