follow RFC-6120 section 6.4.4: send <abord> and a SASL authentication mechanism fails, wait for server <failure> reply before trying a new mechanism

author: Yann Leboulanger <asterix@lagaule.org> 2011-08-22 15:45:29 +0400
committer: Yann Leboulanger <asterix@lagaule.org> 2011-08-22 15:45:29 +0400
commit: 920f5e320b32b6d154df3950b3b940fc28390a76 (patch)
tree: 98e3ee8a41e48ac954e291d98ec04419860e958c /src/common/xmpp
parent: fc765088f7ce71f921c8d45fb43e62c17609cd41 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/src/common/xmpp/auth_nb.py b/src/common/xmpp/auth_nb.py
index 3f4fcb015..a43ba06be 100644
--- a/src/common/xmpp/auth_nb.py
+++ b/src/common/xmpp/auth_nb.py
@@ -49,6 +49,7 @@ except ImportError:
 
 GSS_STATE_STEP = 0
 GSS_STATE_WRAP = 1
+SASL_FAILURE_IN_PROGRESS = 'failure-in-process'
 SASL_FAILURE = 'failure'
 SASL_SUCCESS = 'success'
 SASL_UNSUPPORTED = 'not-supported'
@@ -285,15 +286,20 @@ class SASL(PlugIn):
         ### Handle Auth result
         def on_auth_fail(reason):
             log.info('Failed SASL authentification: %s' % reason)
+            self._owner.send(str(Node('abort', attrs={'xmlns': NS_SASL})))
             if len(self.mecs) > 0:
-                # There are other mechanisms to test
-                self.MechanismHandler()
+                # There are other mechanisms to test, but wait for <failure>
+                # answer from server
+                self.startsasl = SASL_FAILURE_IN_PROGRESS
                 raise NodeProcessed
             if self.on_sasl:
                 self.on_sasl()
             raise NodeProcessed
 
         if challenge.getName() == 'failure':
+            if self.startsasl == SASL_FAILURE_IN_PROGRESS:
+                self.MechanismHandler()
+                raise NodeProcessed
             self.startsasl = SASL_FAILURE
             try:
                 reason = challenge.getChildren()[0]
@@ -666,9 +672,9 @@ class NonBlockingBind(PlugIn):
                 if self.supports_sm:
                     # starts negociation
                     sm.set_owner(self._owner)
-                    sm.negociate()    
+                    sm.negociate()
                     self._owner.Dispatcher.sm = sm
-                    
+
                 if hasattr(self, 'session') and self.session == -1:
                     # Server don't want us to initialize a session
                     log.info('No session required.')
author	Yann Leboulanger <asterix@lagaule.org>	2011-08-22 15:45:29 +0400
committer	Yann Leboulanger <asterix@lagaule.org>	2011-08-22 15:45:29 +0400
commit	920f5e320b32b6d154df3950b3b940fc28390a76 (patch)
tree	98e3ee8a41e48ac954e291d98ec04419860e958c /src/common/xmpp
parent	fc765088f7ce71f921c8d45fb43e62c17609cd41 (diff)