Mercurial > libervia-backend
annotate libervia/backend/core/patches.py @ 4237:a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Twisted auth mechanism are outdated, and as a result, Libervia was not supporting the
mandatory SCRAM-SHA auth mechanism. This patch implements it for SCRAM-SHA-1,
SCRAM-SHA-256 and SCRAM-SHA-512 variants.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Mon, 08 Apr 2024 12:29:40 +0200 |
| parents | 4b842c1fb686 |
| children | c14e904eee13 |
| rev | line source |
|---|---|
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
1 import base64 |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
2 import copy |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
3 import secrets |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
4 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
5 from cryptography.hazmat.backends import default_backend |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
6 from cryptography.hazmat.primitives import hashes, hmac |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
7 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
8 from twisted.words.protocols.jabber import ( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
9 client as tclient, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
10 jid, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
11 sasl, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
12 sasl_mechanisms, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
13 xmlstream, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
14 ) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 from wokkel import client |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
16 from zope.interface import implementer |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
17 |
|
4071
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
18 from libervia.backend.core.constants import Const as C |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
19 from libervia.backend.core.log import getLogger |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
21 log = getLogger(__name__) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
23 """This module applies monkey patches to Twisted and Wokkel |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
24 First part handle certificate validation during XMPP connectionand are temporary |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
25 (until merged upstream). |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
26 Second part add a trigger point to send and onElement method of XmlStream |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
27 """ |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
28 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
29 |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
30 # SCRAM-SHA implementation |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
31 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
32 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
33 @implementer(sasl_mechanisms.ISASLMechanism) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
34 class ScramSha: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
35 """Implements the SCRAM-SHA SASL authentication mechanism. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
36 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
37 This mechanism is defined in RFC 5802. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
38 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
39 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
40 ALLOWED_ALGORITHMS = ("SHA-1", "SHA-256", "SHA-512") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
41 backend = default_backend() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
42 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
43 def __init__(self, username: str, password: str, algorithm: str) -> None: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
44 """Initialize SCRAM-SHA mechanism with user credentials. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
45 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
46 @param username: The user's username. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
47 @param password: The user's password. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
48 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
49 if algorithm not in self.ALLOWED_ALGORITHMS: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
50 raise ValueError(f"Invalid algorithm: {algorithm!r}") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
51 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
52 self.username = username |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
53 self.password = password |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
54 self.algorithm = getattr(hashes, algorithm.replace("-", "", 1))() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
55 self.name = f"SCRAM-{algorithm}" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
56 self.client_nonce = base64.b64encode(secrets.token_bytes(24)).decode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
57 self.server_nonce = None |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
58 self.salted_password = None |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
59 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
60 def digest(self, data: bytes) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
61 hasher = hashes.Hash(self.algorithm) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
62 hasher.update(data) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
63 return hasher.finalize() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
64 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
65 def _hmac(self, key: bytes, msg: bytes) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
66 """Compute HMAC-SHA""" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
67 h = hmac.HMAC(key, self.algorithm, backend=self.backend) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
68 h.update(msg) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
69 return h.finalize() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
70 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
71 def _hi(self, password: str, salt: bytes, iterations: int) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
72 kdf = PBKDF2HMAC( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
73 algorithm=self.algorithm, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
74 length=self.algorithm.digest_size, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
75 salt=salt, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
76 iterations=iterations, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
77 backend=default_backend(), |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
78 ) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
79 return kdf.derive(password.encode()) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
80 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
81 def getInitialResponse(self) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
82 """Builds the initial client response message.""" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
83 return f"n,,n={self.username},r={self.client_nonce}".encode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
84 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
85 def getResponse(self, challenge: bytes) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
86 """SCRAM-SHA authentication final step. Building proof of having the password. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
87 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
88 @param challenge: Challenge string from the server. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
89 @return: Client proof. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
90 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
91 challenge_parts = dict(item.split("=") for item in challenge.decode().split(",")) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
92 self.server_nonce = challenge_parts["r"] |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
93 salt = base64.b64decode(challenge_parts["s"]) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
94 iterations = int(challenge_parts["i"]) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
95 self.salted_password = self._hi(self.password, salt, iterations) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
96 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
97 client_key = self._hmac(self.salted_password, b"Client Key") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
98 stored_key = self.digest(client_key) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
99 auth_message = ( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
100 f"n={self.username},r={self.client_nonce},{challenge.decode()},c=biws," |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
101 f"r={self.server_nonce}" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
102 ).encode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
103 client_signature = self._hmac(stored_key, auth_message) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
104 client_proof = bytes(a ^ b for a, b in zip(client_key, client_signature)) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
105 client_final_message = ( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
106 f"c=biws,r={self.server_nonce},p={base64.b64encode(client_proof).decode()}" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
107 ) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
108 return client_final_message.encode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
109 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
110 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
111 class SASLInitiatingInitializer(sasl.SASLInitiatingInitializer): |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
112 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
113 def setMechanism(self): |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
114 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
115 Select and setup authentication mechanism. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
116 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
117 Uses the authenticator's C{jid} and C{password} attribute for the |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
118 authentication credentials. If no supported SASL mechanisms are |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
119 advertized by the receiving party, a failing deferred is returned with |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
120 a L{SASLNoAcceptableMechanism} exception. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
121 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
122 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
123 jid = self.xmlstream.authenticator.jid |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
124 password = self.xmlstream.authenticator.password |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
125 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
126 mechanisms = sasl.get_mechanisms(self.xmlstream) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
127 if jid.user is not None: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
128 if "SCRAM-SHA-512" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
129 self.mechanism = ScramSha(jid.user, password, algorithm="SHA-512") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
130 elif "SCRAM-SHA-256" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
131 self.mechanism = ScramSha(jid.user, password, algorithm="SHA-256") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
132 elif "SCRAM-SHA-1" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
133 self.mechanism = ScramSha(jid.user, password, algorithm="SHA-1") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
134 # FIXME: PLAIN should probably be disabled. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
135 elif "PLAIN" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
136 self.mechanism = sasl_mechanisms.Plain(None, jid.user, password) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
137 else: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
138 raise sasl.SASLNoAcceptableMechanism() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
139 else: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
140 if "ANONYMOUS" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
141 self.mechanism = sasl_mechanisms.Anonymous() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
142 else: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
143 raise sasl.SASLNoAcceptableMechanism() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
144 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
145 |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
146 ## certificate validation patches |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 class XMPPClient(client.XMPPClient): |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
151 def __init__( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
152 self, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
153 jid, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
154 password, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
155 host=None, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
156 port=5222, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
157 tls_required=True, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
158 configurationForTLS=None, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
159 ): |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 self.jid = jid |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
161 self.domain = jid.host.encode("idna") |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 self.host = host |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 self.port = port |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
165 factory = HybridClientFactory( |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
166 jid, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
167 password, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
168 tls_required=tls_required, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
169 configurationForTLS=configurationForTLS, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
170 ) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
171 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
172 client.StreamManager.__init__(self, factory) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
175 def HybridClientFactory(jid, password, tls_required=True, configurationForTLS=None): |
|
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
176 a = HybridAuthenticator(jid, password, tls_required, configurationForTLS) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 return xmlstream.XmlStreamFactory(a) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
180 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 class HybridAuthenticator(client.HybridAuthenticator): |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
182 res_binding = True |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
184 def __init__(self, jid, password, tls_required=True, configurationForTLS=None): |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 xmlstream.ConnectAuthenticator.__init__(self, jid.host) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 self.jid = jid |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 self.password = password |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
188 self.tls_required = tls_required |
|
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
189 self.configurationForTLS = configurationForTLS |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 def associateWithStream(self, xs): |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 xmlstream.ConnectAuthenticator.associateWithStream(self, xs) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
194 tlsInit = xmlstream.TLSInitiatingInitializer( |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
195 xs, required=self.tls_required, configurationForTLS=self.configurationForTLS |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
196 ) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
197 xs.initializers = [ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
198 client.client.CheckVersionInitializer(xs), |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
199 tlsInit, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
200 CheckAuthInitializer(xs, self.res_binding), |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
201 ] |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
202 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
203 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
204 # XmlStream triggers |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
205 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
206 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
207 class XmlStream(xmlstream.XmlStream): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
208 """XmlStream which allows to add hooks""" |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
209 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
210 def __init__(self, authenticator): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
211 xmlstream.XmlStream.__init__(self, authenticator) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
212 # hooks at this level should not modify content |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
213 # so it's not needed to handle priority as with triggers |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
214 self._onElementHooks = [] |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
215 self._sendHooks = [] |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
216 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3044
diff
changeset
|
217 def add_hook(self, hook_type, callback): |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
218 """Add a send or receive hook""" |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
219 conflict_msg = f"Hook conflict: can't add {hook_type} hook {callback}" |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
220 if hook_type == C.STREAM_HOOK_RECEIVE: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
221 if callback not in self._onElementHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
222 self._onElementHooks.append(callback) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
223 else: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
224 log.warning(conflict_msg) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
225 elif hook_type == C.STREAM_HOOK_SEND: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
226 if callback not in self._sendHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
227 self._sendHooks.append(callback) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
228 else: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
229 log.warning(conflict_msg) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
230 else: |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
231 raise ValueError(f"Invalid hook type: {hook_type}") |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
232 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
233 def onElement(self, element): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
234 for hook in self._onElementHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
235 hook(element) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
236 xmlstream.XmlStream.onElement(self, element) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
237 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
238 def send(self, obj): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
239 for hook in self._sendHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
240 hook(obj) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
241 xmlstream.XmlStream.send(self, obj) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
242 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
243 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
244 # Binding activation (needed for stream management, XEP-0198) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
245 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
246 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
247 class CheckAuthInitializer(client.CheckAuthInitializer): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
248 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
249 def __init__(self, xs, res_binding): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
250 super(CheckAuthInitializer, self).__init__(xs) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
251 self.res_binding = res_binding |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
252 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
253 def initialize(self): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
254 # XXX: modification of client.CheckAuthInitializer which has optional |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
255 # resource binding, and which doesn't do deprecated |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
256 # SessionInitializer |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
257 if (sasl.NS_XMPP_SASL, "mechanisms") in self.xmlstream.features: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
258 inits = [(SASLInitiatingInitializer, True)] |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
259 if self.res_binding: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
260 inits.append((tclient.BindInitializer, True)), |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
261 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
262 for initClass, required in inits: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
263 init = initClass(self.xmlstream) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
264 init.required = required |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
265 self.xmlstream.initializers.append(init) |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
266 elif (tclient.NS_IQ_AUTH_FEATURE, "auth") in self.xmlstream.features: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
267 self.xmlstream.initializers.append(tclient.IQAuthInitializer(self.xmlstream)) |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
268 else: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
269 raise Exception("No available authentication method found") |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
272 # jid fix |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
273 |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
274 |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
275 def internJID(jidstring): |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
276 """ |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
277 Return interned JID. |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
278 |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
279 @rtype: L{JID} |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
280 """ |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
281 # XXX: this interJID return a copy of the cached jid |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
282 # this avoid modification of cached jid as JID is mutable |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
283 # TODO: propose this upstream |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
284 |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
285 if jidstring in jid.__internJIDs: |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
286 return copy.copy(jid.__internJIDs[jidstring]) |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
287 else: |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
288 j = jid.JID(jidstring) |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
289 jid.__internJIDs[jidstring] = j |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
290 return copy.copy(j) |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
291 |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
292 |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 def apply(): |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
294 # certificate validation |
|
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
295 client.XMPPClient = XMPPClient |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
296 # XmlStream triggers |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
297 xmlstream.XmlStreamFactory.protocol = XmlStream |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
298 # jid fix |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
299 jid.internJID = internJID |