handle GSSError exceptions. Fixes #4913
This commit is contained in:
Yann Leboulanger
parent
9900698dc5
commit
346dbc04b2
|
|
@ -196,35 +196,43 @@ class SASL(PlugIn):
|
||||||
self.mecs.remove('ANONYMOUS')
|
self.mecs.remove('ANONYMOUS')
|
||||||
node = Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'ANONYMOUS'})
|
node = Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'ANONYMOUS'})
|
||||||
self.mechanism = 'ANONYMOUS'
|
self.mechanism = 'ANONYMOUS'
|
||||||
elif 'GSSAPI' in self.mecs and have_kerberos:
|
self.startsasl = SASL_IN_PROCESS
|
||||||
|
self._owner.send(str(node))
|
||||||
|
raise NodeProcessed
|
||||||
|
if 'GSSAPI' in self.mecs and have_kerberos:
|
||||||
self.mecs.remove('GSSAPI')
|
self.mecs.remove('GSSAPI')
|
||||||
self.gss_vc = kerberos.authGSSClientInit('xmpp@' + \
|
try:
|
||||||
self._owner.xmpp_hostname)[1]
|
self.gss_vc = kerberos.authGSSClientInit('xmpp@' + \
|
||||||
kerberos.authGSSClientStep(self.gss_vc, '')
|
self._owner.xmpp_hostname)[1]
|
||||||
response = kerberos.authGSSClientResponse(self.gss_vc)
|
kerberos.authGSSClientStep(self.gss_vc, '')
|
||||||
node=Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'GSSAPI'},
|
response = kerberos.authGSSClientResponse(self.gss_vc)
|
||||||
payload=(response or ''))
|
node=Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'GSSAPI'},
|
||||||
self.mechanism = 'GSSAPI'
|
payload=(response or ''))
|
||||||
self.gss_step = GSS_STATE_STEP
|
self.mechanism = 'GSSAPI'
|
||||||
elif 'DIGEST-MD5' in self.mecs:
|
self.gss_step = GSS_STATE_STEP
|
||||||
|
self.startsasl = SASL_IN_PROCESS
|
||||||
|
self._owner.send(str(node))
|
||||||
|
raise NodeProcessed
|
||||||
|
except GSSError, e:
|
||||||
|
log.info('GSSAPI authentication failed: %s' % str(e)
|
||||||
|
if 'DIGEST-MD5' in self.mecs:
|
||||||
self.mecs.remove('DIGEST-MD5')
|
self.mecs.remove('DIGEST-MD5')
|
||||||
node = Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'DIGEST-MD5'})
|
node = Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'DIGEST-MD5'})
|
||||||
self.mechanism = 'DIGEST-MD5'
|
self.mechanism = 'DIGEST-MD5'
|
||||||
elif 'PLAIN' in self.mecs:
|
self.startsasl = SASL_IN_PROCESS
|
||||||
|
self._owner.send(str(node))
|
||||||
|
raise NodeProcessed
|
||||||
|
if 'PLAIN' in self.mecs:
|
||||||
self.mecs.remove('PLAIN')
|
self.mecs.remove('PLAIN')
|
||||||
self.mechanism = 'PLAIN'
|
self.mechanism = 'PLAIN'
|
||||||
self._owner._caller.get_password(self.set_password)
|
self._owner._caller.get_password(self.set_password)
|
||||||
self.startsasl = SASL_IN_PROCESS
|
self.startsasl = SASL_IN_PROCESS
|
||||||
raise NodeProcessed
|
raise NodeProcessed
|
||||||
else:
|
self.startsasl = SASL_FAILURE
|
||||||
self.startsasl = SASL_FAILURE
|
log.error('I can only use DIGEST-MD5, GSSAPI and PLAIN mecanisms.')
|
||||||
log.error('I can only use DIGEST-MD5, GSSAPI and PLAIN mecanisms.')
|
if self.on_sasl:
|
||||||
if self.on_sasl:
|
self.on_sasl()
|
||||||
self.on_sasl()
|
return
|
||||||
return
|
|
||||||
self.startsasl = SASL_IN_PROCESS
|
|
||||||
self._owner.send(str(node))
|
|
||||||
raise NodeProcessed
|
|
||||||
|
|
||||||
def SASLHandler(self, conn, challenge):
|
def SASLHandler(self, conn, challenge):
|
||||||
''' Perform next SASL auth step. Used internally. '''
|
''' Perform next SASL auth step. Used internally. '''
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue