slixmpp/sleekxmpp/features/feature_mechanisms/mechanisms.py

"""
    SleekXMPP: The Sleek XMPP Library
    Copyright (C) 2011  Nathanael C. Fritz
    This file is part of SleekXMPP.

    See the file LICENSE for copying permission.
"""

import logging

from sleekxmpp.thirdparty import suelta
from sleekxmpp.thirdparty.suelta.exceptions import SASLCancelled, SASLError

from sleekxmpp.stanza import StreamFeatures
from sleekxmpp.xmlstream import RestartStream, register_stanza_plugin
from sleekxmpp.xmlstream.matcher import *
from sleekxmpp.xmlstream.handler import *
from sleekxmpp.plugins.base import base_plugin
from sleekxmpp.features.feature_mechanisms import stanza


log = logging.getLogger(__name__)


class feature_mechanisms(base_plugin):

    def plugin_init(self):
        self.name = 'SASL Mechanisms'
        self.rfc = '6120'
        self.description = "SASL Stream Feature"
        self.stanza = stanza

        self.use_mech = self.config.get('use_mech', None)

        def tls_active():
            return 'starttls' in self.xmpp.features

        def basic_callback(mech, values):
            for value in values:
                if value == 'username':
                    values['username'] = self.xmpp.boundjid.user
                elif value == 'password':
                    values['password'] = self.xmpp.credentials['password']
                elif value == 'access_token':
                    if 'access_token' in self.xmpp.credentials:
                        values['access_token'] = self.xmpp.credentials['access_token']
                    else:
                        values['access_token'] = self.xmpp.credentials['password']
                elif value in self.xmpp.credentials:
                    values[value] = self.xmpp.credentials[value]
            mech.fulfill(values)

        sasl_callback = self.config.get('sasl_callback', None)
        if sasl_callback is None:
            sasl_callback = basic_callback

        self.mech = None
        self.sasl = suelta.SASL(self.xmpp.boundjid.domain, 'xmpp',
                                username=self.xmpp.boundjid.user,
                                sec_query=suelta.sec_query_allow,
                                request_values=sasl_callback,
                                tls_active=tls_active,
                                mech=self.use_mech)

        self.mech_list = set()
        self.attempted_mechs = set()

        register_stanza_plugin(StreamFeatures, stanza.Mechanisms)

        self.xmpp.register_stanza(stanza.Success)
        self.xmpp.register_stanza(stanza.Failure)
        self.xmpp.register_stanza(stanza.Auth)
        self.xmpp.register_stanza(stanza.Challenge)
        self.xmpp.register_stanza(stanza.Response)
        self.xmpp.register_stanza(stanza.Abort)

        self.xmpp.register_handler(
                Callback('SASL Success',
                         MatchXPath(stanza.Success.tag_name()),
                         self._handle_success,
                         instream=True))
        self.xmpp.register_handler(
                Callback('SASL Failure',
                         MatchXPath(stanza.Failure.tag_name()),
                         self._handle_fail,
                         instream=True))
        self.xmpp.register_handler(
                Callback('SASL Challenge',
                         MatchXPath(stanza.Challenge.tag_name()),
                         self._handle_challenge))

        self.xmpp.register_feature('mechanisms',
                self._handle_sasl_auth,
                restart=True,
                order=self.config.get('order', 100))

    def _handle_sasl_auth(self, features):
        """
        Handle authenticating using SASL.

        Arguments:
            features -- The stream features stanza.
        """
        if 'mechanisms' in self.xmpp.features:
            # SASL authentication has already succeeded, but the
            # server has incorrectly offered it again.
            return False

        self.mech_list = set(features['mechanisms'])
        return self._send_auth()

    def _send_auth(self):
        mech_list = self.mech_list - self.attempted_mechs
        self.mech = self.sasl.choose_mechanism(mech_list)

        if self.mech is not None:
            resp = stanza.Auth(self.xmpp)
            resp['mechanism'] = self.mech.name
            try:
                resp['value'] = self.mech.process()
            except SASLCancelled:
                self.attempted_mechs.add(self.mech.name)
                self._send_auth()
            except SASLError:
                self.attempted_mechs.add(self.mech.name)
                self._send_auth()
            else:
                resp.send(now=True)
        else:
            log.error("No appropriate login method.")
            self.xmpp.event("no_auth", direct=True)
            self.xmpp.disconnect()
        return True

    def _handle_challenge(self, stanza):
        """SASL challenge received. Process and send response."""
        resp = self.stanza.Response(self.xmpp)
        try:
            resp['value'] = self.mech.process(stanza['value'])
        except SASLCancelled:
            self.stanza.Abort(self.xmpp).send()
        except SASLError:
            self.stanza.Abort(self.xmpp).send()
        else:
            resp.send(now=True)

    def _handle_success(self, stanza):
        """SASL authentication succeeded. Restart the stream."""
        self.attempted_mechs = set()
        self.xmpp.authenticated = True
        self.xmpp.features.add('mechanisms')
        raise RestartStream()

    def _handle_fail(self, stanza):
        """SASL authentication failed. Disconnect and shutdown."""
        self.attempted_mechs.add(self.mech.name)
        log.info("Authentication failed: %s", stanza['condition'])
        self.xmpp.event("failed_auth", stanza, direct=True)
        self._send_auth()
        return True
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`"""`
			`SleekXMPP: The Sleek XMPP Library`
It isn't 2010 anymore. I keep forgetting to update the copyright on new code. 2011-07-03 05:49:34 +00:00			`Copyright (C) 2011 Nathanael C. Fritz`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`This file is part of SleekXMPP.`

			`See the file LICENSE for copying permission.`
			`"""`

			`import logging`

Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`from sleekxmpp.thirdparty import suelta`
Handle SASLCancelled and SASLError exceptions. 2012-01-21 08:19:08 +00:00			`from sleekxmpp.thirdparty.suelta.exceptions import SASLCancelled, SASLError`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00
SASL failure event now includes the failure stanza. Broke SASL stanzas into separate files. Fixed typo in feature_bind. 2011-07-03 06:09:29 +00:00			`from sleekxmpp.stanza import StreamFeatures`
			`from sleekxmpp.xmlstream import RestartStream, register_stanza_plugin`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`from sleekxmpp.xmlstream.matcher import *`
			`from sleekxmpp.xmlstream.handler import *`
			`from sleekxmpp.plugins.base import base_plugin`
Finish cleaning up stream feature organization. Fixed missing references that weren't caught due to leftover pyc file allowing tests to keep working when they shouldn't have. 2011-07-03 04:43:02 +00:00			`from sleekxmpp.features.feature_mechanisms import stanza`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00

			`log = logging.getLogger(__name__)`


			`class feature_mechanisms(base_plugin):`

			`def plugin_init(self):`
			`self.name = 'SASL Mechanisms'`
			`self.rfc = '6120'`
			`self.description = "SASL Stream Feature"`
Finish cleaning up stream feature organization. Fixed missing references that weren't caught due to leftover pyc file allowing tests to keep working when they shouldn't have. 2011-07-03 04:43:02 +00:00			`self.stanza = stanza`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00
Enable forcing a specififc SASL mech: xmpp = ClientXMPP(jid, password, { 'feature_mechanisms': {'use_mech':'PLAIN'}}) 2011-08-09 07:51:49 +00:00			`self.use_mech = self.config.get('use_mech', None)`

Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`def tls_active():`
			`return 'starttls' in self.xmpp.features`

			`def basic_callback(mech, values):`
Add an extra config dict to store SASL credentials. We'll need extra things beyond just a password, such as api_key. 2012-01-20 09:08:25 +00:00			`for value in values:`
			`if value == 'username':`
			`values['username'] = self.xmpp.boundjid.user`
			`elif value == 'password':`
			`values['password'] = self.xmpp.credentials['password']`
			`elif value == 'access_token':`
			`if 'access_token' in self.xmpp.credentials:`
			`values['access_token'] = self.xmpp.credentials['access_token']`
			`else:`
			`values['access_token'] = self.xmpp.credentials['password']`
			`elif value in self.xmpp.credentials:`
			`values[value] = self.xmpp.credentials[value]`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`mech.fulfill(values)`

			`sasl_callback = self.config.get('sasl_callback', None)`
			`if sasl_callback is None:`
			`sasl_callback = basic_callback`

			`self.mech = None`
			`self.sasl = suelta.SASL(self.xmpp.boundjid.domain, 'xmpp',`
			`username=self.xmpp.boundjid.user,`
			`sec_query=suelta.sec_query_allow,`
			`request_values=sasl_callback,`
Enable forcing a specififc SASL mech: xmpp = ClientXMPP(jid, password, { 'feature_mechanisms': {'use_mech':'PLAIN'}}) 2011-08-09 07:51:49 +00:00			`tls_active=tls_active,`
			`mech=self.use_mech)`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00
Allow attempting multiple SASL mechs during a single stream. Instead of disconnecting when the first chosen mech fails, we will try all of them once. 2012-01-20 10:01:08 +00:00			`self.mech_list = set()`
			`self.attempted_mechs = set()`

SASL failure event now includes the failure stanza. Broke SASL stanzas into separate files. Fixed typo in feature_bind. 2011-07-03 06:09:29 +00:00			`register_stanza_plugin(StreamFeatures, stanza.Mechanisms)`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00
Finish cleaning up stream feature organization. Fixed missing references that weren't caught due to leftover pyc file allowing tests to keep working when they shouldn't have. 2011-07-03 04:43:02 +00:00			`self.xmpp.register_stanza(stanza.Success)`
			`self.xmpp.register_stanza(stanza.Failure)`
			`self.xmpp.register_stanza(stanza.Auth)`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`self.xmpp.register_stanza(stanza.Challenge)`
			`self.xmpp.register_stanza(stanza.Response)`
Handle SASLCancelled and SASLError exceptions. 2012-01-21 08:19:08 +00:00			`self.xmpp.register_stanza(stanza.Abort)`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00
			`self.xmpp.register_handler(`
			`Callback('SASL Success',`
Finish cleaning up stream feature organization. Fixed missing references that weren't caught due to leftover pyc file allowing tests to keep working when they shouldn't have. 2011-07-03 04:43:02 +00:00			`MatchXPath(stanza.Success.tag_name()),`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`self._handle_success,`
Allow attempting multiple SASL mechs during a single stream. Instead of disconnecting when the first chosen mech fails, we will try all of them once. 2012-01-20 10:01:08 +00:00			`instream=True))`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`self.xmpp.register_handler(`
			`Callback('SASL Failure',`
Finish cleaning up stream feature organization. Fixed missing references that weren't caught due to leftover pyc file allowing tests to keep working when they shouldn't have. 2011-07-03 04:43:02 +00:00			`MatchXPath(stanza.Failure.tag_name()),`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`self._handle_fail,`
Allow attempting multiple SASL mechs during a single stream. Instead of disconnecting when the first chosen mech fails, we will try all of them once. 2012-01-20 10:01:08 +00:00			`instream=True))`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`self.xmpp.register_handler(`
			`Callback('SASL Challenge',`
			`MatchXPath(stanza.Challenge.tag_name()),`
			`self._handle_challenge))`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00
Revert "Remove stream feature handlers on session_start." This reverts commit 4274f49ada77d709b931f65e34d3a64e75b81638. The SASL mech was choking on this, so let's send it back for some more refining. 2012-01-18 19:51:00 +00:00			`self.xmpp.register_feature('mechanisms',`
			`self._handle_sasl_auth,`
			`restart=True,`
			`order=self.config.get('order', 100))`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00
			`def _handle_sasl_auth(self, features):`
			`"""`
			`Handle authenticating using SASL.`

			`Arguments:`
			`features -- The stream features stanza.`
			`"""`
Use a set to track negotiated features. Added guards to prevent renegotiating STARTTLS or SASL in cases where servers don't behave properly. 2011-07-03 05:30:34 +00:00			`if 'mechanisms' in self.xmpp.features:`
			`# SASL authentication has already succeeded, but the`
			`# server has incorrectly offered it again.`
			`return False`

Allow attempting multiple SASL mechs during a single stream. Instead of disconnecting when the first chosen mech fails, we will try all of them once. 2012-01-20 10:01:08 +00:00			`self.mech_list = set(features['mechanisms'])`
			`return self._send_auth()`

			`def _send_auth(self):`
			`mech_list = self.mech_list - self.attempted_mechs`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`self.mech = self.sasl.choose_mechanism(mech_list)`

			`if self.mech is not None:`
			`resp = stanza.Auth(self.xmpp)`
			`resp['mechanism'] = self.mech.name`
Handle SASLCancelled and SASLError exceptions. 2012-01-21 08:19:08 +00:00			`try:`
			`resp['value'] = self.mech.process()`
			`except SASLCancelled:`
			`self.attempted_mechs.add(self.mech.name)`
			`self._send_auth()`
			`except SASLError:`
			`self.attempted_mechs.add(self.mech.name)`
			`self._send_auth()`
			`else:`
			`resp.send(now=True)`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`else:`
			`log.error("No appropriate login method.")`
			`self.xmpp.event("no_auth", direct=True)`
			`self.xmpp.disconnect()`
			`return True`

Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00			`def _handle_challenge(self, stanza):`
			`"""SASL challenge received. Process and send response."""`
			`resp = self.stanza.Response(self.xmpp)`
Handle SASLCancelled and SASLError exceptions. 2012-01-21 08:19:08 +00:00			`try:`
			`resp['value'] = self.mech.process(stanza['value'])`
			`except SASLCancelled:`
			`self.stanza.Abort(self.xmpp).send()`
			`except SASLError:`
			`self.stanza.Abort(self.xmpp).send()`
			`else:`
			`resp.send(now=True)`
Integrate a modified version of Dave Cridland's Suelta SASL library. 2011-08-04 00:00:51 +00:00
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`def _handle_success(self, stanza):`
			`"""SASL authentication succeeded. Restart the stream."""`
Handle SASLCancelled and SASLError exceptions. 2012-01-21 08:19:08 +00:00			`self.attempted_mechs = set()`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`self.xmpp.authenticated = True`
Use a set to track negotiated features. Added guards to prevent renegotiating STARTTLS or SASL in cases where servers don't behave properly. 2011-07-03 05:30:34 +00:00			`self.xmpp.features.add('mechanisms')`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`raise RestartStream()`

			`def _handle_fail(self, stanza):`
			`"""SASL authentication failed. Disconnect and shutdown."""`
Handle SASLCancelled and SASLError exceptions. 2012-01-21 08:19:08 +00:00			`self.attempted_mechs.add(self.mech.name)`
Tidy up logging calls. 2011-11-19 20:07:57 +00:00			`log.info("Authentication failed: %s", stanza['condition'])`
SASL failure event now includes the failure stanza. Broke SASL stanzas into separate files. Fixed typo in feature_bind. 2011-07-03 06:09:29 +00:00			`self.xmpp.event("failed_auth", stanza, direct=True)`
Allow attempting multiple SASL mechs during a single stream. Instead of disconnecting when the first chosen mech fails, we will try all of them once. 2012-01-20 10:01:08 +00:00			`self._send_auth()`
Reorganize features into plugins. 2011-06-30 22:40:22 +00:00			`return True`