Package pyxmpp :: Package sasl :: Module gssapi
[hide private]

Source Code for Module pyxmpp.sasl.gssapi

 1  # 
 2  # (C) Copyright 2008 Jelmer Vernooij <jelmer@samba.org> 
 3  # 
 4  # This program is free software; you can redistribute it and/or modify 
 5  # it under the terms of the GNU Lesser General Public License Version 
 6  # 2.1 as published by the Free Software Foundation. 
 7  # 
 8  # This program is distributed in the hope that it will be useful, 
 9  # but WITHOUT ANY WARRANTY; without even the implied warranty of 
10  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
11  # GNU Lesser General Public License for more details. 
12  # 
13  # You should have received a copy of the GNU Lesser General Public 
14  # License along with this program; if not, write to the Free Software 
15  # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
16  # 
17  """GSSAPI authentication mechanism for PyXMPP SASL implementation. 
18   
19  Normative reference: 
20    - `RFC 4752 <http://www.ietf.org/rfc/rfc4752.txt>`__ 
21  """ 
22   
23  __docformat__="restructuredtext en" 
24   
25  import base64 
26  import kerberos 
27   
28  import logging 
29   
30  from pyxmpp.sasl.core import (ClientAuthenticator,Failure,Response,Challenge,Success) 
31   
32 -class GSSAPIClientAuthenticator(ClientAuthenticator):
33 """Provides client-side GSSAPI SASL (Kerberos 5) authentication.""" 34
35 - def __init__(self,password_manager):
36 ClientAuthenticator.__init__(self, password_manager) 37 self.password_manager = password_manager 38 self.__logger = logging.getLogger("pyxmpp.sasl.gssapi.GSSAPIClientAuthenticator")
39
40 - def start(self, username, authzid):
41 self.username = username 42 self.authzid = authzid 43 rc, self._gss = kerberos.authGSSClientInit(authzid or "%s@%s" % ("xmpp", self.password_manager.get_serv_host())) 44 self.step = 0 45 return self.challenge("")
46
47 - def challenge(self, challenge):
48 if self.step == 0: 49 rc = kerberos.authGSSClientStep(self._gss, base64.b64encode(challenge)) 50 if rc != kerberos.AUTH_GSS_CONTINUE: 51 self.step = 1 52 elif self.step == 1: 53 rc = kerberos.authGSSClientUnwrap(self._gss, base64.b64encode(challenge)) 54 response = kerberos.authGSSClientResponse(self._gss) 55 rc = kerberos.authGSSClientWrap(self._gss, response, self.username) 56 response = kerberos.authGSSClientResponse(self._gss) 57 if response is None: 58 return Response("") 59 else: 60 return Response(base64.b64decode(response))
61
62 - def finish(self, data):
63 self.username = kerberos.authGSSClientUserName(self._gss) 64 self.__logger.debug("Authenticated as %s" % kerberos.authGSSClientUserName(self._gss)) 65 return Success(self.username,None,self.authzid)
66 67 68 # vi: sts=4 et sw=4 69