1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 """GSSAPI authentication mechanism for PyXMPP SASL implementation.
18
19 Normative reference:
20 - `RFC 4752 <http://www.ietf.org/rfc/rfc4752.txt>`__
21 """
22
23 __docformat__="restructuredtext en"
24
25 import base64
26 import kerberos
27
28 import logging
29
30 from pyxmpp.sasl.core import (ClientAuthenticator,Failure,Response,Challenge,Success)
31
33 """Provides client-side GSSAPI SASL (Kerberos 5) authentication."""
34
36 ClientAuthenticator.__init__(self, password_manager)
37 self.password_manager = password_manager
38 self.__logger = logging.getLogger("pyxmpp.sasl.gssapi.GSSAPIClientAuthenticator")
39
40 - def start(self, username, authzid):
41 self.username = username
42 self.authzid = authzid
43 rc, self._gss = kerberos.authGSSClientInit(authzid or "%s@%s" % ("xmpp", self.password_manager.get_serv_host()))
44 self.step = 0
45 return self.challenge("")
46
48 if self.step == 0:
49 rc = kerberos.authGSSClientStep(self._gss, base64.b64encode(challenge))
50 if rc != kerberos.AUTH_GSS_CONTINUE:
51 self.step = 1
52 elif self.step == 1:
53 rc = kerberos.authGSSClientUnwrap(self._gss, base64.b64encode(challenge))
54 response = kerberos.authGSSClientResponse(self._gss)
55 rc = kerberos.authGSSClientWrap(self._gss, response, self.username)
56 response = kerberos.authGSSClientResponse(self._gss)
57 if response is None:
58 return Response("")
59 else:
60 return Response(base64.b64decode(response))
61
63 self.username = kerberos.authGSSClientUserName(self._gss)
64 self.__logger.debug("Authenticated as %s" % kerberos.authGSSClientUserName(self._gss))
65 return Success(self.username,None,self.authzid)
66
67
68
69