follow RFC-6120 section 6.4.4: send <abord> and a SASL authentication mechanism fails, wait for server <failure> reply before trying a new mechanism
This commit is contained in:
Yann Leboulanger
parent
fc765088f7
commit
920f5e320b
1 changed files with 10 additions and 4 deletions
|
|
@ -49,6 +49,7 @@ except ImportError:
|
||||||
|
|
||||||
GSS_STATE_STEP = 0
|
GSS_STATE_STEP = 0
|
||||||
GSS_STATE_WRAP = 1
|
GSS_STATE_WRAP = 1
|
||||||
|
SASL_FAILURE_IN_PROGRESS = 'failure-in-process'
|
||||||
SASL_FAILURE = 'failure'
|
SASL_FAILURE = 'failure'
|
||||||
SASL_SUCCESS = 'success'
|
SASL_SUCCESS = 'success'
|
||||||
SASL_UNSUPPORTED = 'not-supported'
|
SASL_UNSUPPORTED = 'not-supported'
|
||||||
|
|
@ -285,15 +286,20 @@ class SASL(PlugIn):
|
||||||
### Handle Auth result
|
### Handle Auth result
|
||||||
def on_auth_fail(reason):
|
def on_auth_fail(reason):
|
||||||
log.info('Failed SASL authentification: %s' % reason)
|
log.info('Failed SASL authentification: %s' % reason)
|
||||||
|
self._owner.send(str(Node('abort', attrs={'xmlns': NS_SASL})))
|
||||||
if len(self.mecs) > 0:
|
if len(self.mecs) > 0:
|
||||||
# There are other mechanisms to test
|
# There are other mechanisms to test, but wait for <failure>
|
||||||
self.MechanismHandler()
|
# answer from server
|
||||||
|
self.startsasl = SASL_FAILURE_IN_PROGRESS
|
||||||
raise NodeProcessed
|
raise NodeProcessed
|
||||||
if self.on_sasl:
|
if self.on_sasl:
|
||||||
self.on_sasl()
|
self.on_sasl()
|
||||||
raise NodeProcessed
|
raise NodeProcessed
|
||||||
|
|
||||||
if challenge.getName() == 'failure':
|
if challenge.getName() == 'failure':
|
||||||
|
if self.startsasl == SASL_FAILURE_IN_PROGRESS:
|
||||||
|
self.MechanismHandler()
|
||||||
|
raise NodeProcessed
|
||||||
self.startsasl = SASL_FAILURE
|
self.startsasl = SASL_FAILURE
|
||||||
try:
|
try:
|
||||||
reason = challenge.getChildren()[0]
|
reason = challenge.getChildren()[0]
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue