From 94187d215a87a9acb61dba8d0d0b60fb397f93be Mon Sep 17 00:00:00 2001 From: Graham Date: Wed, 14 May 2014 17:47:34 +0100 Subject: [PATCH 1/3] don't use the kerberos.GSSError.message attribute Replaced the reference to kerberos.GSSError.message in any raised exception, because: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6 and its natural repr is probably the most desirable output. --- sleekxmpp/util/sasl/mechanisms.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sleekxmpp/util/sasl/mechanisms.py b/sleekxmpp/util/sasl/mechanisms.py index 36fcb928..6c2aeb04 100644 --- a/sleekxmpp/util/sasl/mechanisms.py +++ b/sleekxmpp/util/sasl/mechanisms.py @@ -541,7 +541,7 @@ else: resp = kerberos.authGSSClientResponse(self.gss) except kerberos.GSSError as e: - raise SASLCancelled('Kerberos error: %s' % e.message) + raise SASLCancelled('Kerberos error: %s' % e) if not resp: return b'' else: From 9434ae267ff7af08328061ed90526803f6f0a8a5 Mon Sep 17 00:00:00 2001 From: Graham Date: Wed, 14 May 2014 22:25:09 +0100 Subject: [PATCH 2/3] support 'success' phase correctly When the GSSAPI mechanism's process() function is invoked for the third time (on success) it must not attempt further processing. Instead it should clean the context and return an empty response. --- sleekxmpp/util/sasl/mechanisms.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sleekxmpp/util/sasl/mechanisms.py b/sleekxmpp/util/sasl/mechanisms.py index 6c2aeb04..d341ed3e 100644 --- a/sleekxmpp/util/sasl/mechanisms.py +++ b/sleekxmpp/util/sasl/mechanisms.py @@ -532,6 +532,9 @@ else: result = kerberos.authGSSClientStep(self.gss, b64_challenge) if result != kerberos.AUTH_GSS_CONTINUE: self.step = 1 + elif not challenge: + kerberos.authGSSClientClean(self.gss) + return b'' elif self.step == 1: username = self.credentials['username'] From a918bf3a95f9accc7272edea4fe4fdab705a0b17 Mon Sep 17 00:00:00 2001 From: Graham Date: Wed, 14 May 2014 22:32:51 +0100 Subject: [PATCH 3/3] Support jabberd2 SASL with really empty response Despite http://xmpp.org/rfcs/rfc3920.html#rfc.section.6.2, jabberd version 2.2.14 cannot accept the typical "=". Instead it must be truly empty, so we force an empty response for this stanza only. --- sleekxmpp/features/feature_mechanisms/mechanisms.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sleekxmpp/features/feature_mechanisms/mechanisms.py b/sleekxmpp/features/feature_mechanisms/mechanisms.py index f71a9c25..17ad5ed0 100644 --- a/sleekxmpp/features/feature_mechanisms/mechanisms.py +++ b/sleekxmpp/features/feature_mechanisms/mechanisms.py @@ -215,6 +215,8 @@ class FeatureMechanisms(BasePlugin): self.attempted_mechs.add(self.mech.name) self.xmpp.disconnect() else: + if resp.get_value() == '': + resp.del_value() resp.send(now=True) def _handle_success(self, stanza):