diff options
| author | Philipp Hörist <philipp@hoerist.com> | 2019-02-05 22:33:01 +0300 |
|---|---|---|
| committer | Philipp Hörist <philipp@hoerist.com> | 2019-02-05 22:33:48 +0300 |
| commit | 4d7123936d42279acab414ed0d6c88c8468f4f80 (patch) | |
| tree | b720facabf24a142c29d6a5c8d6dba32ca2f6ebe | |
| parent | e55aad7ccbce3be42f374e73f8cc83f2c678e15a (diff) | |
Support domain based name for GSSAPI
| -rw-r--r-- | nbxmpp/auth_nb.py | 11 | ||||
| -rw-r--r-- | nbxmpp/protocol.py | 1 |
2 files changed, 9 insertions, 3 deletions
diff --git a/nbxmpp/auth_nb.py b/nbxmpp/auth_nb.py index 38e79f2..cd7f8dd 100644 --- a/nbxmpp/auth_nb.py +++ b/nbxmpp/auth_nb.py @@ -24,7 +24,7 @@ See client_nb.py from __future__ import unicode_literals from .protocol import NS_SASL, NS_SESSION, NS_STREAMS, NS_BIND, NS_AUTH -from .protocol import NS_STREAM_MGMT +from .protocol import NS_STREAM_MGMT, NS_DOMAIN_BASED_NAME from .protocol import Node, NodeProcessed, isResultNode, Iq, Protocol, JID from .plugin import PlugIn import sys @@ -124,6 +124,7 @@ class SASL(PlugIn): self.channel_binding = channel_binding self.enabled_auth_mechs = auth_mechs self.realm = None + self._domain_based_hostname = None def plugin(self, owner): if 'version' not in self._owner.Dispatcher.Stream._document_attrs: @@ -189,6 +190,10 @@ class SASL(PlugIn): in feats.getTag('mechanisms', namespace=NS_SASL).getTags('mechanism') ) & self.enabled_auth_mechs + hostname = feats.getTag('hostname', namespace=NS_DOMAIN_BASED_NAME) + if hostname is not None: + self._domain_based_name = hostname.getData() + # Password based authentication mechanism ordered by strength. # If the server supports a mechanism disable all weaker mechanisms. password_auth_mechs_strength = ['SCRAM-SHA-1-PLUS', 'SCRAM-SHA-1', @@ -229,9 +234,9 @@ class SASL(PlugIn): raise NodeProcessed if 'GSSAPI' in self.mecs and have_kerberos: self.mecs.remove('GSSAPI') + hostname = self._domain_based_name or self._owner.xmpp_hostname try: - self.gss_vc = kerberos.authGSSClientInit('xmpp@' + \ - self._owner.xmpp_hostname)[1] + self.gss_vc = kerberos.authGSSClientInit('xmpp@%s' % hostname)[1] kerberos.authGSSClientStep(self.gss_vc, '') response = kerberos.authGSSClientResponse(self.gss_vc) node=Node('auth', attrs={'xmlns': NS_SASL, diff --git a/nbxmpp/protocol.py b/nbxmpp/protocol.py index da71773..aa9410c 100644 --- a/nbxmpp/protocol.py +++ b/nbxmpp/protocol.py @@ -190,6 +190,7 @@ NS_HASHES_SHA3_512 = 'urn:xmpp:hash-function-text-names:sha3-512' NS_HASHES_BLAKE2B_256 = 'urn:xmpp:hash-function-text-names:id-blake2b256' NS_HASHES_BLAKE2B_512 = 'urn:xmpp:hash-function-text-names:id-blake2b512' NS_OPENPGP = 'urn:xmpp:openpgp:0' +NS_DOMAIN_BASED_NAME = 'urn:xmpp:domain-based-name:1' #xmpp_stream_error_conditions = ''' #bad-format -- -- -- The entity has sent XML that cannot be processed. |