Beispiel #1
0
 def get_error_tree(iq, type, code, tag):
     result = Element('iq', {'type': 'error', 'id': iq.get('id')})
     result.append(iq)
     err_tree = Element('error', {'type': type, 'code': code,})
     SubElement(err_tree, tag, {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})
     result.append(err_tree)
     return result
Beispiel #2
0
    def createRosterQuery(cjid,
                          subName,
                          name=None,
                          groups=None,
                          itemArgs=None):
        """Creates and returns a <query> item for sending in an <iq> in a
        roster push.
        cjid -- jid as a str for the contact in a roster item.
        subName -- name of the subscription as a str.
        name -- name for the contact. Can be None.
        groups -- list of group names as strings.
        """
        itemArgs = itemArgs or {}
        query = Element('query', {'xmlns': 'jabber:iq:roster'})

        d = {
            'jid': cjid,
            'subscription': subName,
        }
        if name:
            d['name'] = name

        d.update(itemArgs)

        item = SubElement(query, 'item', d)

        for groupName in groups:
            if groupName:  # don't want empty groups
                group = Element('group')
                group.text = groupName
                item.append(group)

        return query
Beispiel #3
0
    def createRosterQuery(cjid, subName, name=None, groups=None, itemArgs=None):
        """Creates and returns a <query> item for sending in an <iq> in a
        roster push.
        cjid -- jid as a str for the contact in a roster item.
        subName -- name of the subscription as a str.
        name -- name for the contact. Can be None.
        groups -- list of group names as strings.
        """
        itemArgs = itemArgs or {}
        query = Element('query', {'xmlns' : 'jabber:iq:roster'})

        d = {
             'jid' : cjid,
             'subscription' : subName,
             }
        if name:
            d['name'] = name

        d.update(itemArgs)

        item = SubElement(query, 'item', d)

        for groupName in groups:
            if groupName: # don't want empty groups
                group = Element('group')
                group.text = groupName
                item.append(group)

        return query
Beispiel #4
0
    def handle(self, tree, msg, lastRetVal=None):
        if len(tree) > 0:
            # get the original iq msg
            origIQ = tree
        else:
            logging.warning("[%s] Original <iq> missing:\n%s",
                            self.__class__, tostring(tree))
            return

        id = origIQ.get('id')
        if id:
            res = Element('iq', {
                                 'type' : 'error',
                                 'id' : id
                                })
            res.append(origIQ)

            err = Element('error', {'type' : 'cancel'})
            SubElement(err, 'service-unavailable',
                       {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-stanzas'})

            res.append(err)

            return chainOutput(lastRetVal, res)
        else:
            logging.warning("[%s] No id in <iq>:\n%s",
                            self.__class__, tostring(origIQ))

        return lastRetVal
Beispiel #5
0
 def testNamespacedXPath(self):
     """Should be able to refer to elements using namespaces in XPath"""
     self.p.feed(streamStart)
     self.p.feed('<stream:features></stream:features>')
     
     stream = Element('dummy')
     stream.insert(0, self.p.tree)
     
     self.assert_(stream.find('{http://etherx.jabber.org/streams}features') is not None)
Beispiel #6
0
    def getAsTree(self):
        """Returns the roster Element tree starting from <query>. Call
        loadRoster() before this.
        """
        query = Element('query', {'xmlns' : 'jabber:iq:roster'})
        for item in self.items:
            query.append(self.items[item].getAsTree())

        return query
Beispiel #7
0
 def makeServiceUnavailableError():
     fromJID = cjid.__str__()
     reply = Element("message", {"type": "error", "to": fromJID})
     reply.append(copy(tree))
     error = Element("error", {"type": "cancel"})
     SubElement(error, "service-unavailable", {"xmlns": "urn:ietf:params:xml:ns:xmpp-stanzas"})
     routeData = {"to": fromJID, "data": reply}
     msg.setNextHandler("route-client")
     return chainOutput(lastRetVal, routeData)
Beispiel #8
0
    def getAsTree(self):
        """Returns the roster Element tree starting from <query>. Call
        loadRoster() before this.
        """
        query = Element('query', {'xmlns': 'jabber:iq:roster'})
        for item in self.items:
            query.append(self.items[item].getAsTree())

        return query
Beispiel #9
0
 def makeServiceUnavailableError():
     fromJID = cjid.__str__()
     reply = Element('message', {'type': 'error', 'to': fromJID})
     reply.append(copy(tree))
     error = Element('error', {'type': 'cancel'})
     SubElement(error, 'service-unavailable',
                {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})
     routeData = {'to': fromJID, 'data': reply}
     msg.setNextHandler('route-client')
     return chainOutput(lastRetVal, routeData)
Beispiel #10
0
    def testNamespacedXPath(self):
        """Should be able to refer to elements using namespaces in XPath"""
        self.p.feed(streamStart)
        self.p.feed('<stream:features></stream:features>')

        stream = Element('dummy')
        stream.insert(0, self.p.tree)

        self.assert_(
            stream.find('{http://etherx.jabber.org/streams}features')
            is not None)
Beispiel #11
0
 def handle(self, tree, msg, lastRetVal=None):
     if isinstance(lastRetVal, SASLError):
         el = Element('failure', {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-sasl'})
         el.append(lastRetVal.errorElement())
         
         return chainOutput(lastRetVal, el)
     else:
         logging.warning("[%s] SASLErrorHandler was passed a non-SASL " +\
                         "exception. Exception: %s",
                         self.__class__, lastRetVal)
         raise Exception, "can't handle a non-SASL error"
Beispiel #12
0
    def handle(self, tree, msg, lastRetVal=None):
        if isinstance(lastRetVal, SASLError):
            el = Element('failure',
                         {'xmlns': 'urn:ietf:params:xml:ns:xmpp-sasl'})
            el.append(lastRetVal.errorElement())

            return chainOutput(lastRetVal, el)
        else:
            logging.warning("[%s] SASLErrorHandler was passed a non-SASL " +\
                            "exception. Exception: %s",
                            self.__class__, lastRetVal)
            raise Exception, "can't handle a non-SASL error"
Beispiel #13
0
    def getAsTree(self):
        """Return the roster item as an Element tree starting from <item>"""
        item = Element('item', {
                                'jid' : self.jid,
                                'subscription' : Subscription.getPrimaryNameFromState(self.subscription)
                                })
        if self.name:
            item.set('name', self.name)
        for group in self.groups:
            SubElement(item, 'group').text = group

        return item
Beispiel #14
0
    def handle_close(self):
        # we want to be able to do stuff in handlers when the connection is
        # closed, so we dispatch into the 'stream-end' phase.

        # we set the tree to a dummy element so that the handlers could modify
        # it.
        if self.data['stream']['closing']:
            # already closing
            return
        wrapper = Element('wrapper')
        tree = Element('tag')
        wrapper.append(tree)
        Dispatcher().dispatch(wrapper, self, 'stream-end')
Beispiel #15
0
    def handle(self, tree, msg, lastRetVal=None):
        iq = tree
        id = iq.get('id')
        if id:
            bind = iq[0]
            if len(bind) > 0:
                resource = bind[0].text
            else:
                # generate an id
                resource = generateId()[:6]

            # TODO: check that we don't already have such a resource
            jid = msg.conn.data['user']['jid']
            bindResource(msg, resource)

            res = Element('iq', {'type' : 'result', 'id' : id})
            bind = Element('bind', {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-bind'})
            jidEl = Element('jid')
            jidEl.text = '%s/%s' % (jid, resource)
            bind.append(jidEl)
            res.append(bind)

            return chainOutput(lastRetVal, res)
        else:
            logging.warning("[%s] No id in <iq>:\n%s", self.__class__, tostring(iq))

        return lastRetVal
Beispiel #16
0
    def handle(self, tree, msg, lastRetVal=None):
        iq = tree
        id = iq.get("id")
        if id:
            bind = iq[0]
            if len(bind) > 0:
                resource = bind[0].text
            else:
                # generate an id
                resource = generateId()[:6]

            # TODO: check that we don't already have such a resource
            jid = msg.conn.data["user"]["jid"]
            bindResource(msg, resource)

            res = Element("iq", {"type": "result", "id": id})
            bind = Element("bind", {"xmlns": "urn:ietf:params:xml:ns:xmpp-bind"})
            jidEl = Element("jid")
            jidEl.text = "%s/%s" % (jid, resource)
            bind.append(jidEl)
            res.append(bind)

            return chainOutput(lastRetVal, res)
        else:
            logging.warning("[%s] No id in <iq>:\n%s", self.__class__, tostring(iq))

        return lastRetVal
Beispiel #17
0
    def getAsTree(self):
        """Return the roster item as an Element tree starting from <item>"""
        item = Element(
            'item', {
                'jid':
                self.jid,
                'subscription':
                Subscription.getPrimaryNameFromState(self.subscription)
            })
        if self.name:
            item.set('name', self.name)
        for group in self.groups:
            SubElement(item, 'group').text = group

        return item
Beispiel #18
0
def makeSuccess(id):
    """Creates the auth successful iq stanza"""
    d = {'type': 'result'}
    if id:
        d['id'] = id
    iq = Element('iq', d)
    return iq
Beispiel #19
0
            def handle(self, tree, msg, lastRetVal=None):
                res = Element('stream:features')
                mechs = SubElement(res, 'mechanisms',
                                   {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-sasl'})
                SubElement(mechs, 'mechanism').text = 'PLAIN'

                return chainOutput(lastRetVal, res)
Beispiel #20
0
    def handle(self, tree, msg, lastRetVal=None):
        res = Element('stream:features')
        SubElement(res, 'bind', {'xmlns': 'urn:ietf:params:xml:ns:xmpp-bind'})
        SubElement(res, 'session',
                   {'xmlns': 'urn:ietf:params:xml:ns:xmpp-session'})

        return chainOutput(lastRetVal, res)
Beispiel #21
0
 def makeServiceUnavailableError():
     fromJID = cjid.__str__()
     reply = Element('message', {
                                 'type' : 'error',
                                 'to' : fromJID
                                 })
     reply.append(copy(tree))
     error = Element('error', {'type' : 'cancel'})
     SubElement(error, 'service-unavailable', {
                   'xmlns' : 'urn:ietf:params:xml:ns:xmpp-stanzas'
                   })
     routeData = {
                  'to' : fromJID,
                  'data' : reply
                  }
     msg.setNextHandler('route-client')
     return chainOutput(lastRetVal, routeData)
Beispiel #22
0
    def handle(self, tree, msg, lastRetVal=None):
        if len(tree) > 0:
            # get the original iq msg
            origIQ = tree
        else:
            logging.warning("[%s] Original <iq> missing:\n%s", self.__class__,
                            tostring(tree))
            return

        id = origIQ.get('id')
        if id:
            res = Element('iq', {'type': 'error', 'id': id})
            res.append(origIQ)

            err = Element('error', {'type': 'cancel'})
            SubElement(err, 'service-unavailable',
                       {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})

            res.append(err)

            return chainOutput(lastRetVal, res)
        else:
            logging.warning("[%s] No id in <iq>:\n%s", self.__class__,
                            tostring(origIQ))

        return lastRetVal
Beispiel #23
0
def checkPolicyViolation(msg):
    """Checks if a SASL auth is being or has been attempted"""
    data = msg.conn.data['sasl']
    if data['in-progress'] or data['complete'] or data['mechObj']:
        # policy violation!
        se = Element('stream:error')
        SubElement(se, 'policy-violation',
                   {'xmlns': 'urn:ietf:params:xml:ns:xmpp-streams'})
        return se
Beispiel #24
0
        def act():
            # TODO: verify that it's coming from a known user
            jid = msg.conn.data["user"]["jid"]
            resource = msg.conn.data["user"]["resource"]
            id = tree.get("id")
            if id is None:
                logging.warning("[%s] No id in roster get query. Tree: %s", self.__class__, tree)
                # TODO: throw exception here
                return

            roster = Roster(jid)

            roster.loadRoster()

            res = Element("iq", {"to": "/".join([jid, resource]), "type": "result", "id": id})

            res.append(roster.getAsTree())
            return chainOutput(lastRetVal, res)
Beispiel #25
0
def makeNotAcceptable(id):
    """Creates the not-acceptable iq error stanza"""
    d = {'type': 'error'}
    if id:
        d['id'] = id
    iq = Element('iq', d)
    error = SubElement(iq, 'error', {'code': '406', 'type': 'modify'})
    SubElement(error, 'not-acceptable',
               {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})
    return iq
Beispiel #26
0
def makeConflict(id):
    """Creates the conflict iq error stanza"""
    d = {'type': 'error'}
    if id:
        d['id'] = id
    iq = Element('iq', d)
    error = SubElement(iq, 'error', {'code': '409', 'type': 'cancel'})
    SubElement(error, 'conflict',
               {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})
    return iq
Beispiel #27
0
    def handle(self, tree, msg, lastRetVal=None):
        res = Element(
            'iq', {
                'from': msg.conn.server.hostname,
                'type': 'result',
                'id': tree.get('id')
            })

        msg.conn.data['user']['in-session'] = True

        return chainOutput(lastRetVal, res)
Beispiel #28
0
def makeNotAuthorized(id):
    """Creates the not-authorized iq error stanza"""
    d = {'type': 'error'}
    if id:
        d['id'] = id
    iq = Element('iq', d)
    error = SubElement(iq, 'error', {'code': '401', 'type': 'cancel'})

    SubElement(error, 'not-authorized',
               {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})
    return iq
Beispiel #29
0
    def handle(self, tree, msg, lastRetVal=None):
        res = Element('stream:features')
        mechs = SubElement(res, 'mechanisms',
                           {'xmlns': 'urn:ietf:params:xml:ns:xmpp-sasl'})
        SubElement(mechs, 'mechanism').text = 'DIGEST-MD5'
        SubElement(mechs, 'mechanism').text = 'PLAIN'

        # we also support the old style jabber:iq:auth
        SubElement(res, 'auth',
                   {'xmlns': 'http://jabber.org/features/iq-auth'})

        return chainOutput(lastRetVal, res)
Beispiel #30
0
        def act():
            # TODO: verify that it's coming from a known user
            jid = msg.conn.data['user']['jid']
            resource = msg.conn.data['user']['resource']
            id = tree.get('id')
            if id is None:
                logging.warning('[%s] No id in roster get query. Tree: %s',
                                self.__class__, tree)
                # TODO: throw exception here
                return

            roster = Roster(jid)

            roster.loadRoster()

            res = Element('iq', {
                'to': '/'.join([jid, resource]),
                'type': 'result',
                'id': id
            })

            res.append(roster.getAsTree())
            return chainOutput(lastRetVal, res)
Beispiel #31
0
        def act():
            # TODO: verify that it's coming from a known user
            jid = msg.conn.data['user']['jid']
            resource = msg.conn.data['user']['resource']
            id = tree.get('id')
            if id is None:
                logging.warning('[%s] No id in roster get query. Tree: %s',
                                self.__class__, tree)
                # TODO: throw exception here
                return

            roster = Roster(jid)

            roster.loadRoster()

            res = Element('iq', {
                                 'to' : '/'.join([jid, resource]),
                                 'type' : 'result',
                                 'id' : id
                                 })

            res.append(roster.getAsTree())
            return chainOutput(lastRetVal, res)
Beispiel #32
0
    def handle(self, tree, msg, lastRetVal=None):
        if len(tree) > 0:
            # get the original iq msg
            origIQ = tree
        else:
            logging.warning("[%s] Original <iq> missing:\n%s", self.__class__, tostring(tree))
            return

        id = origIQ.get("id")
        if id:
            res = Element("iq", {"type": "error", "id": id})
            res.append(origIQ)

            err = Element("error", {"type": "cancel"})
            SubElement(err, "service-unavailable", {"xmlns": "urn:ietf:params:xml:ns:xmpp-stanzas"})

            res.append(err)

            return chainOutput(lastRetVal, res)
        else:
            logging.warning("[%s] No id in <iq>:\n%s", self.__class__, tostring(origIQ))

        return lastRetVal
Beispiel #33
0
    def handle(self, b64text):
        """Verify the username/password in response"""
        authtext = ''
        if b64text:
            try:
                authtext = fromBase64(b64text)
            except:
                raise SASLIncorrectEncodingError

            auth = authtext.split('\x00')

            if len(auth) != 3:
                raise SASLIncorrectEncodingError

            con = DBautocommit()
            c = con.cursor()
            c.execute("SELECT * FROM jids WHERE \
                jid = ? AND password = ?"                                         , (auth[1] + \
                                            '@' + self.msg.conn.server.hostname, auth[2]))
            res = c.fetchall()
            if len(res) == 0:
                c.close()
                con.close()
                raise SASLAuthError
            c.close()
            con.close()

        self.msg.conn.data['sasl']['complete'] = True
        self.msg.conn.data['sasl']['in-progress'] = False
        self.msg.conn.data['user']['jid'] = '%s@%s' % (
            auth[1], self.msg.conn.server.hostname)

        # record the JID for local delivery
        self.msg.conn.server.conns[self.msg.conn.id] = (JID(
            self.msg.conn.data['user']['jid']), self.msg.conn)

        self.msg.conn.parser.resetParser()

        return Element('success',
                       {'xmlns': 'urn:ietf:params:xml:ns:xmpp-sasl'})
Beispiel #34
0
    def __init__(self, sock, addr, server):
        ServerConnection.__init__(self, sock, addr, server)

        self.id = 'locsin%s' % id(self)

        self.data['server']['direction'] = 'from'
        self.data['server']['hostname'] = 'localhost'

        # send the <stream> to prime the parser for the ns it'll deal with,
        # but tell it not to process the xml during priming, since we don't
        # care for auth/encr on a loopback connection
        self.parser.disable()
        data = "<?xml version='1.0' ?>" +\
                "<stream:stream xmlns='jabber:server' " +\
                "xmlns:stream='http://etherx.jabber.org/streams' " +\
                "version='1.0'>"
        self.parser.feed(data)
        self.parser.depth = 1
        self.parser.stream = Element('{http://etherx.jabber.org/streams}stream',
                                     {'version' : '1.0'})
        self.parser.ns = 'jabber:server'
        self.parser.enable()

        logging.info("New LocalServerInConnection created with %s", addr)
Beispiel #35
0
    def handle(self, tree, msg, lastRetVal=None):
        iq = tree
        id = iq.get('id')
        if id:
            bind = iq[0]
            if len(bind) > 0:
                resource = bind[0].text
            else:
                # generate an id
                resource = generateId()[:6]

            # TODO: check that we don't already have such a resource
            jid = msg.conn.data['user']['jid']
            bindResource(msg, resource)

            res = Element('iq', {'type': 'result', 'id': id})
            bind = Element('bind',
                           {'xmlns': 'urn:ietf:params:xml:ns:xmpp-bind'})
            jidEl = Element('jid')
            jidEl.text = '%s/%s' % (jid, resource)
            bind.append(jidEl)
            res.append(bind)

            return chainOutput(lastRetVal, res)
        else:
            logging.warning("[%s] No id in <iq>:\n%s", self.__class__,
                            tostring(iq))

        return lastRetVal
Beispiel #36
0
    def handle(self, tree, msg, lastRetVal=None):

        # generate error response tree
        def get_error_tree(iq, type, code, tag):
            result = Element('iq', {'type': 'error', 'id': iq.get('id')})
            result.append(iq)
            err_tree = Element('error', {'type': type, 'code': code,})
            SubElement(err_tree, tag, {'xmlns': 'urn:ietf:params:xml:ns:xmpp-stanzas'})
            result.append(err_tree)
            return result

        if len(tree) > 0:
            # get the original iq msg
            origIQ = tree
        else:
            logging.warning("[%s] Original <iq> missing:\n%s",
                            self.__class__, tostring(tree))
            return lastRetVal

        id = origIQ.get('id')
        if id:
            try:
                username_tree = origIQ[0][0]
                password_tree = origIQ[0][1]
                if username_tree.tag == '{jabber:iq:register}username' and password_tree.tag == '{jabber:iq:register}password':
                    username = username_tree.text
                    password = password_tree.text

                    # ruling out illegal username
                    if not re.match("^[a-zA-Z0-9_.-]+$", username):
                        raise Exception('Username not accepted')

                    # write to database
                    try:
                        con = DB()
                        with closing(con.cursor()) as cursor:
                            cursor.execute("INSERT INTO jids (jid, password) VALUES ('%s@%s', '%s')" %
                                           (username, msg.conn.server.hostname, password))
                            con.commit()
                        res = Element('iq', {'type': 'result', 'id': id})
                        query = deepcopy(origIQ[0])
                        query.insert(0, Element('registered'))
                        res.append(query)
                        return chainOutput(lastRetVal, res)

                    # conflict response
                    except sqlite.IntegrityError as e:
                        if e.message.find('column jid is not unique') >= 0:
                            logging.warning("[%s] Username conflict in <iq>:\n%s",
                            self.__class__, str(e), tostring(origIQ))
                            res = get_error_tree(origIQ, 'cancel', '409', 'conflict')
                            return chainOutput(lastRetVal, res)
                        else:
                            raise e

                else:
                    raise Exception('IQ missing registration fields')

            # error response
            except Exception as e:
                error_string = str(e)
                logging.warning("[%s] Register failed '%s' in <iq>:\n%s",
                            self.__class__, str(e) if error_string else 'Unknown error',
                            tostring(origIQ))
                res = get_error_tree(origIQ, 'modify', '406', 'not-acceptable')
                return chainOutput(lastRetVal, res)

        else:
            logging.warning("[%s] No id in <iq>:\n%s",
                            self.__class__, tostring(origIQ))

        return lastRetVal
Beispiel #37
0
        def act():
            # we have to be passed a tree to work
            # or a tuple with routingData and a tree
            if not isinstance(lastRetVal, list):
                logging.warning('[%s] lastRetVal is not a list', self.__class__)
                return
            if isinstance(lastRetVal[-1], Element):
                if lastRetVal[-1].tag.find('query') == -1:
                    logging.warning('[%s] Got a non-query Element last return value' +\
                                '. Last return value: %s',
                                self.__class__, lastRetVal)
            elif isinstance(lastRetVal[-1], tuple):
                if not isinstance(lastRetVal[-1][0], dict) \
                or not isinstance(lastRetVal[-1][1], Element):
                    logging.warning('[%s] Got a non-query Element last return value' +\
                                '. Last return value: %s',
                                self.__class__, lastRetVal)
                    return
            else:
                logging.warning('[%s] Roster push needs either a <query> Element ' +\
                                'as the last item in lastRetVal or a tuple ' + \
                                'with (routeData, query Element)', self.__class__)
                return

            # this is the roster <query> that we'll send
            # it could be a tuple if we got routing data as well
            query = lastRetVal.pop(-1)
            routeData = None

            # did we get routing data (from S2S)
            if isinstance(query, tuple):
                routeData = query[0]
                query = query[1]

            if routeData:
                jid = routeData['jid']
                resources = routeData['resources']
            else:
                jid = msg.conn.data['user']['jid']
                resource = msg.conn.data['user']['resource']
                resources = msg.conn.server.data['resources'][jid]

            for res, con in resources.items():
                # don't send the roster to clients that didn't request it
                if con.data['user']['requestedRoster']:
                    iq = Element('iq', {
                                        'to' : '%s/%s' % (jid, res),
                                        'type' : 'set',
                                        'id' : generateId()[:10]
                                        })
                    iq.append(query)

                    # TODO: remove this. debug.
                    logging.debug("Sending " + tostring(iq))
                    con.send(tostring(iq))

            if tree.tag == '{jabber:client}iq' and tree.get('id'):
                # send an ack to client if this is in reply to a roster get/set
                id = tree.get('id')
                d = {
                     'to' : '%s/%s' % (jid, resource),
                     'type' : 'result',
                     'id' : id
                     }
                iq = Element('iq', d)
                return chainOutput(lastRetVal, iq)
Beispiel #38
0
"""XMPP SASL and iq auth stuff"""
# Some parts are borrowed from twisted. See TWISTED-LICENSE for details on its
# license.

import pjs.auth_mechanisms as mechs
import pjs.threadpool as threadpool
import logging

from pjs.handlers.base import Handler, ThreadedHandler, poll, chainOutput
from pjs.auth_mechanisms import SASLError, IQAuthError
from pjs.handlers.iq import bindResource
from pjs.utils import FunctionCall
from pjs.elementtree.ElementTree import Element, SubElement

iqAuthEl = Element('iq', {'type': 'result'})
iqAuthQueryEl = SubElement(iqAuthEl, 'query', {'xmlns': 'jabber:iq:auth'})
SubElement(iqAuthQueryEl, 'username')
SubElement(iqAuthQueryEl, 'digest')
SubElement(iqAuthQueryEl, 'resource')


def checkPolicyViolation(msg):
    """Checks if a SASL auth is being or has been attempted"""
    data = msg.conn.data['sasl']
    if data['in-progress'] or data['complete'] or data['mechObj']:
        # policy violation!
        se = Element('stream:error')
        SubElement(se, 'policy-violation',
                   {'xmlns': 'urn:ietf:params:xml:ns:xmpp-streams'})
        return se
Beispiel #39
0
        def act():
            d = msg.conn.data

            retVal = lastRetVal

            jid = d['user']['jid']
            resource = d['user']['resource']

            roster = Roster(jid)

            presTree = deepcopy(tree)
            presTree.set('from', '%s/%s' % (jid, resource))

            probes = []
            init_rosters = []
            offline_msgs = []
            if tree.get('to') is None and not d['user']['active']:
                # initial presence
                # TODO: we don't need to do it every time. we can cache the
                # data after the first resource is active and just resend
                # that to all new resources
                d['user']['active'] = True

                # get jids of the contacts whose status we're interested in
                cjids = roster.getPresenceSubscriptions()

                probeTree = Element('presence', {
                                                 'type': 'probe',
                                                 'from' : '%s/%s' \
                                                    % (jid, resource)
                                                 })

                # TODO: replace this with a more efficient router handler
                for cjid in cjids:
                    probeTree.set('to', cjid)
                    probeRouteData = {
                                      'to' : cjid,
                                      'data' : deepcopy(probeTree)
                                      }
                    probes.append(probeRouteData)
                    # they're sent first. see below

                # send initial roster list to this user
                rosterTree = Element('presence', {
                                                 'type': 'unavailable',
                                                 'to' : '%s/%s' \
                                                    % (jid, resource)
                                                 })
                for cjid in cjids:
                    rosterTree.set('from', cjid)
                    rosterRouterData = {
                                           'to' : '%s/%s' % (jid, resource),
                                           'data' : deepcopy(rosterTree)
                                       }
                    init_rosters.append(rosterRouterData)

                # send offline message to this user
                try:
                    con = DB()
                    result = []
                    to_jid = JID(jid)
                    with closing(con.cursor()) as cursor:
                        cursor.execute("SELECT fromid, time, content FROM offline WHERE toid = %d ORDER BY time DESC" %
                                       (to_jid.getNumId()))
                        con.commit()
                        result = cursor.fetchall()
                    with closing(con.cursor()) as cursor:
                        cursor.execute("DELETE FROM offline WHERE toid = %d" %
                                       (to_jid.getNumId()))
                        con.commit()
                    for fromid, time, content in result:
                        fromJID = JID(fromid, True).getBare()
                        toJID = '%s/%s' % (jid, resource)

                        reply = Element('message', {
                            'to': toJID,
                            'from': fromJID,
                            'type': 'chat'
                        })

                        body = Element('body')
                        body.text = content
                        reply.append(body)

                        delay = Element('delay', {
                            'xmlns': 'urn:xmpp:delay',
                            'from': fromJID,
                            'stamp': time.strftime("%Y-%m-%dT%H:%M:%SZ")
                        })
                        reply.append(delay)

                        routeData = {
                            'to' : toJID,
                            'data': reply
                        }
                        offline_msgs.append(routeData)
                    logging.debug("[%s] Sending %d offline messages to %s", self.__class__, len(offline_msgs), to_jid.getBare())
                except Exception as e:
                    logging.warning("[%s] Failed to read offline messages: %s", self.__class__, str(e))

                # broadcast to other resources of this user
                retVal = self.broadcastToOtherResources(presTree, msg, retVal, jid, resource)

            elif tree.get('to') is not None:
                # TODO: directed presence
                return
            elif tree.get('type') == 'unavailable':
                # broadcast to other resources of this user
                d['user']['active'] = False
                retVal = self.broadcastToOtherResources(presTree, msg, retVal, jid, resource)

            # record this stanza as the last presence sent from this client
            lastPresence = deepcopy(tree)
            lastPresence.set('from', '%s/%s' % (jid, resource))
            d['user']['lastPresence'] = lastPresence

            # lookup contacts interested in presence
            cjids = roster.getPresenceSubscribers()

            # TODO: replace this with another router handler that would send
            # it out to all cjids in a batch instead of queuing a handler
            # for each
            for cjid in cjids:
                presTree.set('to', cjid)
                presRouteData = {
                     'to' : cjid,
                     'data' : deepcopy(presTree)
                     }
                retVal = chainOutput(retVal, presRouteData)
                msg.setNextHandler('route-server')

            # send the probes first
            for probe in probes:
                msg.setNextHandler('route-server')
                retVal = chainOutput(retVal, probe)

            # send initial rosters
            for init_roster in init_rosters:
                msg.setNextHandler('route-client')
                retVal = chainOutput(retVal, init_roster)

            # send offline messages
            for offline_msg in offline_msgs:
                msg.setNextHandler('route-client')
                retVal = chainOutput(retVal, offline_msg)

            return retVal
Beispiel #40
0
 def errorElement(self):
     return Element('mechanism-too-weak')
Beispiel #41
0
    def handle(self, data=None):
        """Performs DIGEST-MD5 auth based on current state.

        data -- either None for initial challenge, base64-encoded text when
                the client responds to challenge 1, or the tree when the client
                responds to challenge 2.
        """

        # TODO: authz
        # TODO: subsequent auth

        qop = 'qop="auth"'
        charset = 'charset=utf-8'
        algo = 'algorithm=md5-sess'

        if self.state == SASLDigestMD5.INIT: # initial challenge
            self.nonce = generateId()
            self.state = SASLDigestMD5.SENT_CHALLENGE1

            nonce = 'nonce="%s"' % self.nonce
            realm = 'realm="%s"' % self.realm

            res = Element('challenge',
                          {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-sasl'})
            res.text = base64.b64encode(','.join([realm, qop, nonce, charset, algo]))

            return res
        elif self.state == SASLDigestMD5.SENT_CHALLENGE1 and data:
            # response to client's reponse (ie. challenge 2)
            try:
                text = fromBase64(data)
            except:
                raise SASLIncorrectEncodingError

            pairs = self._parse(text)
            try:
                username = pairs['username']
                nonce = pairs['nonce']
                realm = pairs['realm']
                cnonce = pairs['cnonce']
                nc = pairs['nc']
                qop = pairs['qop']
                response = pairs['response']
                digest_uri = pairs['digest-uri']
            except KeyError:
                self._handleFailure()
                raise SASLAuthError

            self.username = username

            # authz is ignored for now
            if nonce != self.nonce or realm != self.realm \
                or int(nc, 16) != 1 or qop[0] != 'auth' or not response\
                or not digest_uri:
                self._handleFailure()
                raise SASLAuthError

            # fetch the password now
            con = DBautocommit()
            c = con.cursor()
            c.execute("SELECT password FROM jids WHERE \
                jid = ?", (username + '@%s' % self.msg.conn.server.hostname,))
            for row in c:
                password = row['password']
                break
            else:
                self._handleFailure()
                c.close()
                con.close()
                raise SASLAuthError
            c.close()
            con.close()

            # compute the digest as per RFC 2831
            a1 = "%s:%s:%s" % (H("%s:%s:%s" % (username, realm, password)),
                               nonce, cnonce)
            a2 = ":%s" % digest_uri
            a2client = "AUTHENTICATE:%s" % digest_uri

            digest = HEX(KD(HEX(H(a1)),
                            "%s:%s:%s:%s:%s" % (nonce, nc,
                                                  cnonce, "auth",
                                                  HEX(H(a2client)))))

            if digest == response:
                rspauth = HEX(KD(HEX(H(a1)),
                                 "%s:%s:%s:%s:%s" % (nonce, nc,
                                                       cnonce, "auth",
                                                       HEX(H(a2)))))

                self.state = SASLDigestMD5.SENT_CHALLENGE2

                res = Element('challenge',
                              {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-sasl'})
                res.text = base64.b64encode(u"rspauth=%s" % rspauth)

                return res

            else:
                self._handleFailure()
                raise SASLAuthError
        elif self.state == SASLDigestMD5.SENT_CHALLENGE2 and isinstance(data, Element):
            # expect to get <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
            respInd = data.tag.find('{urn:ietf:params:xml:ns:xmpp-sasl}response')
            d = self.msg.conn.data
            if respInd != -1 and len(data) == 0:
                self.state = SASLDigestMD5.INIT
                d['sasl']['complete'] = True
                d['sasl']['in-progress'] = False
                d['user']['jid'] = '%s@%s' % (self.username,
                                            self.msg.conn.server.hostname)

                # record the JID for local delivery
                self.msg.conn.server.conns[self.msg.conn.id] = (JID(d['user']['jid']),
                                                                self.msg.conn)

                self.msg.conn.parser.resetParser()

                res = Element('success',
                              {'xmlns' : 'urn:ietf:params:xml:ns:xmpp-sasl'})
                return res
            else:
                self._handleFailure()
                raise SASLAuthError
        else:
            self._handleFailure()
            raise SASLAuthError
Beispiel #42
0
 def errorElement(self):
     return Element('invalid-mechanism')
Beispiel #43
0
        def act():
            # we have to be passed a tree to work
            # or a tuple with routingData and a tree
            if not isinstance(lastRetVal, list):
                logging.warning("[%s] lastRetVal is not a list", self.__class__)
                return
            if isinstance(lastRetVal[-1], Element):
                if lastRetVal[-1].tag.find("query") == -1:
                    logging.warning(
                        "[%s] Got a non-query Element last return value" + ". Last return value: %s",
                        self.__class__,
                        lastRetVal,
                    )
            elif isinstance(lastRetVal[-1], tuple):
                if not isinstance(lastRetVal[-1][0], dict) or not isinstance(lastRetVal[-1][1], Element):
                    logging.warning(
                        "[%s] Got a non-query Element last return value" + ". Last return value: %s",
                        self.__class__,
                        lastRetVal,
                    )
                    return
            else:
                logging.warning(
                    "[%s] Roster push needs either a <query> Element "
                    + "as the last item in lastRetVal or a tuple "
                    + "with (routeData, query Element)",
                    self.__class__,
                )
                return

            # this is the roster <query> that we'll send
            # it could be a tuple if we got routing data as well
            query = lastRetVal.pop(-1)
            routeData = None

            # did we get routing data (from S2S)
            if isinstance(query, tuple):
                routeData = query[0]
                query = query[1]

            if routeData:
                jid = routeData["jid"]
                resources = routeData["resources"]
            else:
                jid = msg.conn.data["user"]["jid"]
                resource = msg.conn.data["user"]["resource"]
                resources = msg.conn.server.data["resources"][jid]

            for res, con in resources.items():
                # don't send the roster to clients that didn't request it
                if con.data["user"]["requestedRoster"]:
                    iq = Element("iq", {"to": "%s/%s" % (jid, res), "type": "set", "id": generateId()[:10]})
                    iq.append(query)

                    # TODO: remove this. debug.
                    logging.debug("Sending " + tostring(iq))
                    con.send(tostring(iq))

            if tree.tag == "{jabber:client}iq" and tree.get("id"):
                # send an ack to client if this is in reply to a roster get/set
                id = tree.get("id")
                d = {"to": "%s/%s" % (jid, resource), "type": "result", "id": id}
                iq = Element("iq", d)
                return chainOutput(lastRetVal, iq)
Beispiel #44
0
 def errorElement(self):
     return Element('incorrect-encoding')
Beispiel #45
0
 def errorElement(self):
     return Element('invalid-authzid')
Beispiel #46
0
        def act():
            d = msg.conn.data

            retVal = lastRetVal

            jid = d['user']['jid']
            resource = d['user']['resource']

            roster = Roster(jid)

            presTree = deepcopy(tree)
            presTree.set('from', '%s/%s' % (jid, resource))

            probes = []
            if tree.get('to') is None and not d['user']['active']:
                # initial presence
                # TODO: we don't need to do it every time. we can cache the
                # data after the first resource is active and just resend
                # that to all new resources
                d['user']['active'] = True

                # get jids of the contacts whose status we're interested in
                cjids = roster.getPresenceSubscriptions()

                probeTree = Element('presence', {
                                                 'type': 'probe',
                                                 'from' : '%s/%s' \
                                                    % (jid, resource)
                                                 })

                # TODO: replace this with a more efficient router handler
                for cjid in cjids:
                    probeTree.set('to', cjid)
                    probeRouteData = {
                                      'to' : cjid,
                                      'data' : deepcopy(probeTree)
                                      }
                    probes.append(probeRouteData)
                    # they're sent first. see below

                # broadcast to other resources of this user
                retVal = self.broadcastToOtherResources(presTree, msg, retVal, jid, resource)

            elif tree.get('to') is not None:
                # TODO: directed presence
                return
            elif tree.get('type') == 'unavailable':
                # broadcast to other resources of this user
                d['user']['active'] = False
                retVal = self.broadcastToOtherResources(presTree, msg, retVal, jid, resource)

            # record this stanza as the last presence sent from this client
            lastPresence = deepcopy(tree)
            lastPresence.set('from', '%s/%s' % (jid, resource))
            d['user']['lastPresence'] = lastPresence

            # lookup contacts interested in presence
            cjids = roster.getPresenceSubscribers()

            # TODO: replace this with another router handler that would send
            # it out to all cjids in a batch instead of queuing a handler
            # for each
            for cjid in cjids:
                presTree.set('to', cjid)
                presRouteData = {
                     'to' : cjid,
                     'data' : deepcopy(presTree)
                     }
                retVal = chainOutput(retVal, presRouteData)
                msg.setNextHandler('route-server')

            # send the probes first
            for probe in probes:
                msg.setNextHandler('route-server')
                retVal = chainOutput(retVal, probe)

            return retVal
Beispiel #47
0
 def errorElement(self):
     return Element('not-authorized')
Beispiel #48
0
    def handle(self, data=None):
        """Performs DIGEST-MD5 auth based on current state.

        data -- either None for initial challenge, base64-encoded text when
                the client responds to challenge 1, or the tree when the client
                responds to challenge 2.
        """

        # TODO: authz
        # TODO: subsequent auth

        qop = 'qop="auth"'
        charset = 'charset=utf-8'
        algo = 'algorithm=md5-sess'

        if self.state == SASLDigestMD5.INIT:  # initial challenge
            self.nonce = generateId()
            self.state = SASLDigestMD5.SENT_CHALLENGE1

            nonce = 'nonce="%s"' % self.nonce
            realm = 'realm="%s"' % self.realm

            res = Element('challenge',
                          {'xmlns': 'urn:ietf:params:xml:ns:xmpp-sasl'})
            res.text = base64.b64encode(','.join(
                [realm, qop, nonce, charset, algo]))

            return res
        elif self.state == SASLDigestMD5.SENT_CHALLENGE1 and data:
            # response to client's reponse (ie. challenge 2)
            try:
                text = fromBase64(data)
            except:
                raise SASLIncorrectEncodingError

            pairs = self._parse(text)
            try:
                username = pairs['username']
                nonce = pairs['nonce']
                realm = pairs['realm']
                cnonce = pairs['cnonce']
                nc = pairs['nc']
                qop = pairs['qop']
                response = pairs['response']
                digest_uri = pairs['digest-uri']
            except KeyError:
                self._handleFailure()
                raise SASLAuthError

            self.username = username

            # authz is ignored for now
            if nonce != self.nonce or realm != self.realm \
                or int(nc, 16) != 1 or qop[0] != 'auth' or not response\
                or not digest_uri:
                self._handleFailure()
                raise SASLAuthError

            # fetch the password now
            con = DBautocommit()
            c = con.cursor()
            c.execute(
                "SELECT password FROM jids WHERE \
                jid = ?", (username + '@%s' % self.msg.conn.server.hostname, ))
            for row in c:
                password = row['password']
                break
            else:
                self._handleFailure()
                c.close()
                con.close()
                raise SASLAuthError
            c.close()
            con.close()

            # compute the digest as per RFC 2831
            a1 = "%s:%s:%s" % (H("%s:%s:%s" %
                                 (username, realm, password)), nonce, cnonce)
            a2 = ":%s" % digest_uri
            a2client = "AUTHENTICATE:%s" % digest_uri

            digest = HEX(
                KD(
                    HEX(H(a1)), "%s:%s:%s:%s:%s" %
                    (nonce, nc, cnonce, "auth", HEX(H(a2client)))))

            if digest == response:
                rspauth = HEX(
                    KD(
                        HEX(H(a1)), "%s:%s:%s:%s:%s" %
                        (nonce, nc, cnonce, "auth", HEX(H(a2)))))

                self.state = SASLDigestMD5.SENT_CHALLENGE2

                res = Element('challenge',
                              {'xmlns': 'urn:ietf:params:xml:ns:xmpp-sasl'})
                res.text = base64.b64encode(u"rspauth=%s" % rspauth)

                return res

            else:
                self._handleFailure()
                raise SASLAuthError
        elif self.state == SASLDigestMD5.SENT_CHALLENGE2 and isinstance(
                data, Element):
            # expect to get <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
            respInd = data.tag.find(
                '{urn:ietf:params:xml:ns:xmpp-sasl}response')
            d = self.msg.conn.data
            if respInd != -1 and len(data) == 0:
                self.state = SASLDigestMD5.INIT
                d['sasl']['complete'] = True
                d['sasl']['in-progress'] = False
                d['user']['jid'] = '%s@%s' % (self.username,
                                              self.msg.conn.server.hostname)

                # record the JID for local delivery
                self.msg.conn.server.conns[self.msg.conn.id] = (JID(
                    d['user']['jid']), self.msg.conn)

                self.msg.conn.parser.resetParser()

                res = Element('success',
                              {'xmlns': 'urn:ietf:params:xml:ns:xmpp-sasl'})
                return res
            else:
                self._handleFailure()
                raise SASLAuthError
        else:
            self._handleFailure()
            raise SASLAuthError
Beispiel #49
0
        def act():
            d = msg.conn.data

            retVal = lastRetVal

            jid = d['user']['jid']
            resource = d['user']['resource']

            roster = Roster(jid)

            presTree = deepcopy(tree)
            presTree.set('from', '%s/%s' % (jid, resource))

            probes = []
            if tree.get('to') is None and not d['user']['active']:
                # initial presence
                # TODO: we don't need to do it every time. we can cache the
                # data after the first resource is active and just resend
                # that to all new resources
                d['user']['active'] = True

                # get jids of the contacts whose status we're interested in
                cjids = roster.getPresenceSubscriptions()

                probeTree = Element('presence', {
                                                 'type': 'probe',
                                                 'from' : '%s/%s' \
                                                    % (jid, resource)
                                                 })

                # TODO: replace this with a more efficient router handler
                for cjid in cjids:
                    probeTree.set('to', cjid)
                    probeRouteData = {'to': cjid, 'data': deepcopy(probeTree)}
                    probes.append(probeRouteData)
                    # they're sent first. see below

                # broadcast to other resources of this user
                retVal = self.broadcastToOtherResources(
                    presTree, msg, retVal, jid, resource)

            elif tree.get('to') is not None:
                # TODO: directed presence
                return
            elif tree.get('type') == 'unavailable':
                # broadcast to other resources of this user
                d['user']['active'] = False
                retVal = self.broadcastToOtherResources(
                    presTree, msg, retVal, jid, resource)

            # record this stanza as the last presence sent from this client
            lastPresence = deepcopy(tree)
            lastPresence.set('from', '%s/%s' % (jid, resource))
            d['user']['lastPresence'] = lastPresence

            # lookup contacts interested in presence
            cjids = roster.getPresenceSubscribers()

            # TODO: replace this with another router handler that would send
            # it out to all cjids in a batch instead of queuing a handler
            # for each
            for cjid in cjids:
                presTree.set('to', cjid)
                presRouteData = {'to': cjid, 'data': deepcopy(presTree)}
                retVal = chainOutput(retVal, presRouteData)
                msg.setNextHandler('route-server')

            # send the probes first
            for probe in probes:
                msg.setNextHandler('route-server')
                retVal = chainOutput(retVal, probe)

            return retVal
Beispiel #50
0
 def errorElement(self):
     return Element('temporary-auth-failure')