From 920f5e320b32b6d154df3950b3b940fc28390a76 Mon Sep 17 00:00:00 2001 From: Yann Leboulanger Date: Mon, 22 Aug 2011 13:45:29 +0200 Subject: [PATCH] follow RFC-6120 section 6.4.4: send and a SASL authentication mechanism fails, wait for server reply before trying a new mechanism --- src/common/xmpp/auth_nb.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/common/xmpp/auth_nb.py b/src/common/xmpp/auth_nb.py index 3f4fcb015..a43ba06be 100644 --- a/src/common/xmpp/auth_nb.py +++ b/src/common/xmpp/auth_nb.py @@ -49,6 +49,7 @@ except ImportError: GSS_STATE_STEP = 0 GSS_STATE_WRAP = 1 +SASL_FAILURE_IN_PROGRESS = 'failure-in-process' SASL_FAILURE = 'failure' SASL_SUCCESS = 'success' SASL_UNSUPPORTED = 'not-supported' @@ -285,15 +286,20 @@ class SASL(PlugIn): ### Handle Auth result def on_auth_fail(reason): log.info('Failed SASL authentification: %s' % reason) + self._owner.send(str(Node('abort', attrs={'xmlns': NS_SASL}))) if len(self.mecs) > 0: - # There are other mechanisms to test - self.MechanismHandler() + # There are other mechanisms to test, but wait for + # answer from server + self.startsasl = SASL_FAILURE_IN_PROGRESS raise NodeProcessed if self.on_sasl: self.on_sasl() raise NodeProcessed if challenge.getName() == 'failure': + if self.startsasl == SASL_FAILURE_IN_PROGRESS: + self.MechanismHandler() + raise NodeProcessed self.startsasl = SASL_FAILURE try: reason = challenge.getChildren()[0] @@ -666,9 +672,9 @@ class NonBlockingBind(PlugIn): if self.supports_sm: # starts negociation sm.set_owner(self._owner) - sm.negociate() + sm.negociate() self._owner.Dispatcher.sm = sm - + if hasattr(self, 'session') and self.session == -1: # Server don't want us to initialize a session log.info('No session required.')