ϪfdZddlZddlmZmZddlmZddlmZm Z ddl m Z dZ dZ Gd d eZGd d eZGd deZGddeZej&dZdZGdde j,Zy)z XMPP-specific SASL profile. N) b64decode b64encode)defer)sasl_mechanisms xmlstream)domishz urn:ietf:params:xml:ns:xmpp-saslcg}|jtdfjD],}|jdk(s|j t |.|S)zJ Parse the SASL feature to extract the available mechanism names. mechanisms mechanism)features NS_XMPP_SASLelementsnameappendstr)xsr elements E/usr/lib/python3/dist-packages/twisted/words/protocols/jabber/sasl.pyget_mechanismsrsUJ;; l;<EEG, <<; &   c'l +, ceZdZdZy) SASLErrorz SASL base exception. N__name__ __module__ __qualname____doc__rrrrrrceZdZdZy)SASLNoAcceptableMechanismzB The server did not present an acceptable SASL mechanism. Nrrrrr!r!%rrr!c$eZdZdZddZdefdZy) SASLAuthErrorz% SASL Authentication failed. Nc||_yN condition)selfr's r__init__zSASLAuthError.__init__0s "rreturnc d|jzS)NzSASLAuthError with condition %rr&r(s r__str__zSASLAuthError.__str__3s04>>AArr%)rrrrr)rr-rrrr#r#+s#BBrr#ceZdZdZy)SASLIncorrectEncodingErrora  SASL base64 encoding was incorrect. RFC 3920 specifies that any characters not in the base64 alphabet and padding characters present elsewhere than at the end of the string MUST be rejected. See also L{fromBase64}. This exception is raised whenever the encoded string does not adhere to these additional restrictions or when the decoding itself fails. The recommended behaviour for so-called receiving entities (like servers in client-to-server connections, see RFC 3920 for terminology) is to fail the SASL negotiation with a C{'incorrect-encoding'} condition. For initiating entities, one should assume the receiving entity to be either buggy or malevolent. The stream should be terminated and reconnecting is not advised. Nrrrrr/r/7srr/z"^[0-9A-Za-z+/]*[0-9A-Za-z+/=]{,2}$ctj| t t|S#t$r}tt |d}~wwxYw)a Decode base64 encoded string. This helper performs regular decoding of a base64 encoded string, but also rejects any characters that are not in the base64 alphabet and padding occurring elsewhere from the last or last two characters, as specified in section 14.9 of RFC 3920. This safeguards against various attack vectors among which the creation of a covert channel that "leaks" information. N) base64Patternmatchr/r Exceptionr)ses r fromBase64r6NsL1%(**1| 1(Q001s , AA  AcJeZdZdZedfZdZdZdZd dZ d dZ dZ d Z d Z y) SASLInitiatingInitializera Stream initializer that performs SASL authentication. The supported mechanisms by this initializer are C{DIGEST-MD5}, C{PLAIN} and C{ANONYMOUS}. The C{ANONYMOUS} SASL mechanism is used when the JID, set on the authenticator, does not have a localpart (username), requesting an anonymous session where the username is generated by the server. Otherwise, C{DIGEST-MD5} and C{PLAIN} are attempted, in that order. r Nc|jjj}|jjj}t |j}|j ld|vr3t jd|jd|j ||_ yd|vr't jd|j ||_ ytd|vrt j|_ yt)aP Select and setup authentication mechanism. Uses the authenticator's C{jid} and C{password} attribute for the authentication credentials. If no supported SASL mechanisms are advertized by the receiving party, a failing deferred is returned with a L{SASLNoAcceptableMechanism} exception. Nz DIGEST-MD5xmppPLAIN ANONYMOUS) r authenticatorjidpasswordruserr DigestMD5hostr Plainr! Anonymous)r(r>r?r s r setMechanismz&SASLInitiatingInitializer.setMechanismpsnn**..>>//88#DNN3 88 z)!0!:!:CHHdCHHh"J&!0!6!6tSXXx!P/11j(!0!:!:!</11rc|jtj|_|jj d|j |jjd|j|jjd|j|j|jj|jS)z5 Start SASL authentication exchange. /challenge/success/failure) rErDeferred _deferredr addObserver onChallengeaddOnetimeObserver onSuccess onFailuresendAuthr getInitialResponser,s rstartzSASLInitiatingInitializer.starts ) ""<1A1AB ))*dnnE ))*dnnE dnn779:~~rctjtdf}|jj|d<|-|j t |jdxsd|jj|y)z Initiate authentication protocol exchange. If an initial client response is given in C{data}, it will be sent along. @param data: initial client response. @type data: C{str} or L{None}. authr Nascii=) rElementr r r addContentrdecodersend)r(datarUs rrQz"SASLInitiatingInitializer.sendAuthsc~~|V45 NN//[   OOIdO227;Bs C D!rctjtdf}|r)|jt |j d|j j|y)zt Send response to a challenge. @param data: client response. @type data: L{bytes}. responserVN)rrXr rYrrZrr[)r(r\r^s r sendResponsez&SASLInitiatingInitializer.sendResponsesI>><"<=     $ 6 6w ? @ H%rc tt|}|j|jj |y#t $r|j jYywxYw)z Parse challenge and send response from the mechanism. @param element: the challenge protocol element. @type element: L{domish.Element}. N)r6rr_r getResponser/rKerrback)r(r challenges rrMz%SASLInitiatingInitializer.onChallengesV E"3w<0I   dnn88C D* % NN " " $ %sA#A'&A'cV|jjd|j|jjd|j|jj |jj |j jtjy)z Clean up observers, reset the XML stream and send a new header. @param success: the success protocol element. For now unused, but could hold additional data. @type success: L{domish.Element} rGrIN) rremoveObserverrMrPreset sendHeaderrKcallbackReset)r(successs rrOz#SASLInitiatingInitializer.onSuccesssl %%lD4D4DE %%j$..A  !!#  0rc<|jjd|j|jjd|j |j j }|jjt|y#t $rd}Y2wxYw)z Clean up observers, parse the failure and errback the deferred. @param failure: the failure protocol element. Holds details on the error condition. @type failure: L{domish.Element} rGrHN) rrerMrOfirstChildElementrAttributeErrorrKrbr#)r(failurer's rrPz#SASLInitiatingInitializer.onFailures~ %%lD4D4DE %%j$..A 11388I }Y78 I sB BBr%)r)rrrrr featurerKrErSrQr_rMrOrPrrrr8r8bs<\*GI2: "" & E 19rr8)rrebase64rrtwisted.internetrtwisted.words.protocols.jabberrrtwisted.words.xishrr rr3rr!r#r/compiler1r6 BaseFeatureInitiatingInitializerr8rrrrws  '"E%1      BI B( ?@ 1(C9 J JC9r