if a SASL mechanism fails, try the others before abording authentification

This commit is contained in:
Yann Leboulanger 2008-11-26 12:45:05 +00:00
parent 73e4e000b9
commit 4cf9d0d622
1 changed files with 15 additions and 5 deletions

View File

@ -135,13 +135,17 @@ class SASL(PlugIn):
self.startsasl='not-supported' self.startsasl='not-supported'
self.DEBUG('SASL not supported by server', 'error') self.DEBUG('SASL not supported by server', 'error')
return return
mecs=[] self.mecs=[]
for mec in feats.getTag('mechanisms', namespace=NS_SASL).getTags('mechanism'): for mec in feats.getTag('mechanisms', namespace=NS_SASL).getTags('mechanism'):
mecs.append(mec.getData()) self.mecs.append(mec.getData())
self._owner.RegisterHandler('challenge', self.SASLHandler, xmlns=NS_SASL) self._owner.RegisterHandler('challenge', self.SASLHandler, xmlns=NS_SASL)
self._owner.RegisterHandler('failure', self.SASLHandler, xmlns=NS_SASL) self._owner.RegisterHandler('failure', self.SASLHandler, xmlns=NS_SASL)
self._owner.RegisterHandler('success', self.SASLHandler, xmlns=NS_SASL) self._owner.RegisterHandler('success', self.SASLHandler, xmlns=NS_SASL)
if "GSSAPI" in mecs and have_kerberos: self.MechanismHandler()
def MechanismHandler(self):
if "GSSAPI" in self.mecs and have_kerberos:
self.mecs.remove("GSSAPI")
rc, self.gss_vc = kerberos.authGSSClientInit('xmpp@' + rc, self.gss_vc = kerberos.authGSSClientInit('xmpp@' +
self._owner.Server) self._owner.Server)
response = kerberos.authGSSClientResponse(self.gss_vc) response = kerberos.authGSSClientResponse(self.gss_vc)
@ -149,10 +153,12 @@ class SASL(PlugIn):
payload=(response or "")) payload=(response or ""))
self.mechanism = "GSSAPI" self.mechanism = "GSSAPI"
self.gss_step = GSS_STATE_STEP self.gss_step = GSS_STATE_STEP
elif "DIGEST-MD5" in mecs: elif "DIGEST-MD5" in self.mecs:
self.mecs.remove("DIGEST-MD5")
node=Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'DIGEST-MD5'}) node=Node('auth',attrs={'xmlns': NS_SASL, 'mechanism': 'DIGEST-MD5'})
self.mechanism = "DIGEST-MD5" self.mechanism = "DIGEST-MD5"
elif "PLAIN" in mecs: elif "PLAIN" in self.mecs:
self.mecs.remove("PLAIN")
sasl_data='%s\x00%s\x00%s' % (self.username+'@' + self._owner.Server, sasl_data='%s\x00%s\x00%s' % (self.username+'@' + self._owner.Server,
self.username, self.password) self.username, self.password)
node=Node('auth', attrs={'xmlns':NS_SASL,'mechanism':'PLAIN'}, node=Node('auth', attrs={'xmlns':NS_SASL,'mechanism':'PLAIN'},
@ -177,6 +183,10 @@ class SASL(PlugIn):
except Exception: except Exception:
reason = challenge reason = challenge
self.DEBUG('Failed SASL authentification: %s' % reason, 'error') self.DEBUG('Failed SASL authentification: %s' % reason, 'error')
if len(self.mecs) > 0:
# There are other mechanisms to test
self.MechanismHandler()
raise NodeProcessed
if self.on_sasl : if self.on_sasl :
self.on_sasl () self.on_sasl ()
raise NodeProcessed raise NodeProcessed