1   
 2   
 3   
 4   
 5   
 6   
 7   
 8   
 9   
10   
11   
12   
13   
14   
15   
16   
17  """GSSAPI authentication mechanism for PyXMPP SASL implementation. 
18   
19  Normative reference: 
20    - `RFC 4752 <http://www.ietf.org/rfc/rfc4752.txt>`__ 
21  """ 
22   
23  __revision__="$Id$" 
24  __docformat__="restructuredtext en" 
25   
26  import base64 
27  import kerberos 
28   
29  import logging 
30   
31  from pyxmpp.sasl.core import (ClientAuthenticator,Failure,Response,Challenge,Success) 
32   
34      """Provides client-side GSSAPI SASL (Kerberos 5) authentication.""" 
35   
37          ClientAuthenticator.__init__(self, password_manager) 
38          self.password_manager = password_manager 
39          self.__logger = logging.getLogger("pyxmpp.sasl.gssapi.GSSAPIClientAuthenticator") 
 40   
41 -    def start(self, username, authzid): 
 42          self.username = username 
43          self.authzid = authzid 
44          rc, self._gss = kerberos.authGSSClientInit(authzid or "%s@%s" % ("xmpp", self.password_manager.get_serv_host())) 
45          self.step = 0 
46          return self.challenge("") 
 47   
49          if self.step == 0: 
50              rc = kerberos.authGSSClientStep(self._gss, base64.b64encode(challenge)) 
51              if rc != kerberos.AUTH_GSS_CONTINUE: 
52                  self.step = 1 
53          elif self.step == 1: 
54              rc = kerberos.authGSSClientUnwrap(self._gss, base64.b64encode(challenge)) 
55              response = kerberos.authGSSClientResponse(self._gss) 
56              rc = kerberos.authGSSClientWrap(self._gss, response, self.username) 
57          response = kerberos.authGSSClientResponse(self._gss) 
58          if response is None: 
59              return Response("") 
60          else: 
61              return Response(base64.b64decode(response)) 
 62   
64          self.username = kerberos.authGSSClientUserName(self._gss) 
65          self.__logger.debug("Authenticated as %s" % kerberos.authGSSClientUserName(self._gss)) 
66          return Success(self.username,None,self.authzid) 
  67   
68   
69   
70