TclXMPP

Check-in [1c657c8f82]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Added preliminary support for the EXTERNAL SASL authentication mechanism. Since it results in adding -from attribute to the ::xmpp::openStream command, the xmpp package version is bumped to 0.3.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 1c657c8f823552aa3f620493aae48698a92b5047
User & Date: sergei 2016-01-06 13:41:29
Context
2016-01-07
10:59
Add the user's JID as cdata to the EXTERNAL SASL authentication response. This helps with prosody's mod_auth_ccert. Also, don't register the server part for the EXTERNAL SASL authentication mechaism. Added -cert option with a path to a client certificate. check-in: a2e1f16d3e user: sgolovan tags: trunk
2016-01-06
13:41
Added preliminary support for the EXTERNAL SASL authentication mechanism. Since it results in adding -from attribute to the ::xmpp::openStream command, the xmpp package version is bumped to 0.3. check-in: 1c657c8f82 user: sergei tags: trunk
2015-12-29
07:06
Extended copyright years. check-in: 524363a404 user: sgolovan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ChangeLog.








1
2
3
4
5
6
7







2015-12-29  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/starttls.tcl, xmpp/tls.tcl: Added -tls1.1 and -tls1.2 options
	  to support TLS1.1 and TLS1.2 protocols and enabled them by default.
	  Disabled SSLv3 by default.

	* xmpp/bosh.tcl, xmpp/poll.tcl: Disabled SSLv3 and enabled TLS1.1 and
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
2016-01-06  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/pkgIndex.tcl, xmpp/sasl.tcl, xmpp/xmpp.tcl: Added preliminary
	  support for the EXTERNAL SASL authentication mechanism. Since it
	  results in adding -from attribute to the ::xmpp::openStream command,
	  the xmpp package version is bumped to 0.3.

2015-12-29  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/starttls.tcl, xmpp/tls.tcl: Added -tls1.1 and -tls1.2 options
	  to support TLS1.1 and TLS1.2 protocols and enabled them by default.
	  Disabled SSLv3 by default.

	* xmpp/bosh.tcl, xmpp/poll.tcl: Disabled SSLv3 and enabled TLS1.1 and

Changes to xmpp/pkgIndex.tcl.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# pkgIndex.tcl --
#
#       This file is part of the XMPP library. It registeres XMPP packages
#       for Tcl.
#
# Copyright (c) 2008-2015 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package ifneeded pconnect 0.1                   [list source [file join $dir pconnect.tcl]]
package ifneeded pconnect::https 0.1            [list source [file join $dir https.tcl]]
package ifneeded pconnect::socks4 0.1           [list source [file join $dir socks4.tcl]]
package ifneeded pconnect::socks5 0.1           [list source [file join $dir socks5.tcl]]
package ifneeded xmpp 0.2                       [list source [file join $dir xmpp.tcl]]
package ifneeded xmpp::auth 0.2                 [list source [file join $dir auth.tcl]]
package ifneeded xmpp::bob 0.1                  [list source [file join $dir bob.tcl]]
package ifneeded xmpp::component 0.2            [list source [file join $dir component.tcl]]
package ifneeded xmpp::compress 0.1             [list source [file join $dir compress.tcl]]
package ifneeded xmpp::data 0.1                 [list source [file join $dir data.tcl]]
package ifneeded xmpp::delay 0.1                [list source [file join $dir delay.tcl]]
package ifneeded xmpp::disco 0.1                [list source [file join $dir disco.tcl]]





|








|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# pkgIndex.tcl --
#
#       This file is part of the XMPP library. It registeres XMPP packages
#       for Tcl.
#
# Copyright (c) 2008-2016 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package ifneeded pconnect 0.1                   [list source [file join $dir pconnect.tcl]]
package ifneeded pconnect::https 0.1            [list source [file join $dir https.tcl]]
package ifneeded pconnect::socks4 0.1           [list source [file join $dir socks4.tcl]]
package ifneeded pconnect::socks5 0.1           [list source [file join $dir socks5.tcl]]
package ifneeded xmpp 0.3                       [list source [file join $dir xmpp.tcl]]
package ifneeded xmpp::auth 0.2                 [list source [file join $dir auth.tcl]]
package ifneeded xmpp::bob 0.1                  [list source [file join $dir bob.tcl]]
package ifneeded xmpp::component 0.2            [list source [file join $dir component.tcl]]
package ifneeded xmpp::compress 0.1             [list source [file join $dir compress.tcl]]
package ifneeded xmpp::data 0.1                 [list source [file join $dir data.tcl]]
package ifneeded xmpp::delay 0.1                [list source [file join $dir delay.tcl]]
package ifneeded xmpp::disco 0.1                [list source [file join $dir disco.tcl]]
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package ifneeded xmpp::transport::bosh 0.2      [list source [file join $dir bosh.tcl]]
package ifneeded xmpp::transport::poll 0.2      [list source [file join $dir poll.tcl]]
package ifneeded xmpp::transport::tcp 0.2       [list source [file join $dir tcp.tcl]]
package ifneeded xmpp::transport::tls 0.2       [list source [file join $dir tls.tcl]]
package ifneeded xmpp::transport::zlib 0.2      [list source [file join $dir zlib.tcl]]
package ifneeded xmpp::xml 0.1                  [list source [file join $dir xml.tcl]]

package ifneeded xmpp::full 0.2 {
    package require pconnect::https 0.1
    package require pconnect::socks4 0.1
    package require pconnect::socks5 0.1
    package require xmpp 0.2
    package require xmpp::auth 0.2
    package require xmpp::bob 0.1
    package require xmpp::component 0.2
    package require xmpp::compress 0.1
    package require xmpp::delay 0.1
    package require xmpp::disco 0.1
    package require xmpp::dns 0.1







|



|







48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package ifneeded xmpp::transport::bosh 0.2      [list source [file join $dir bosh.tcl]]
package ifneeded xmpp::transport::poll 0.2      [list source [file join $dir poll.tcl]]
package ifneeded xmpp::transport::tcp 0.2       [list source [file join $dir tcp.tcl]]
package ifneeded xmpp::transport::tls 0.2       [list source [file join $dir tls.tcl]]
package ifneeded xmpp::transport::zlib 0.2      [list source [file join $dir zlib.tcl]]
package ifneeded xmpp::xml 0.1                  [list source [file join $dir xml.tcl]]

package ifneeded xmpp::full 0.3 {
    package require pconnect::https 0.1
    package require pconnect::socks4 0.1
    package require pconnect::socks5 0.1
    package require xmpp 0.3
    package require xmpp::auth 0.2
    package require xmpp::bob 0.1
    package require xmpp::component 0.2
    package require xmpp::compress 0.1
    package require xmpp::delay 0.1
    package require xmpp::disco 0.1
    package require xmpp::dns 0.1

Changes to xmpp/sasl.tcl.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# sasl.tcl --
#
#       This file is part of the XMPP library. It provides support for the
#       SASL authentication layer via the tclsasl or tcllib SASL package.
#       Also, it binds resource and opens XMPP session.
#
# Copyright (c) 2008-2015 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require base64
package require xmpp::stanzaerror







|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
# sasl.tcl --
#
#       This file is part of the XMPP library. It provides support for the
#       SASL authentication layer via the tclsasl or tcllib SASL package.
#       Also, it binds resource and opens XMPP session.
#
# Copyright (c) 2008-2016 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require base64
package require xmpp::stanzaerror

36
37
38
39
40
41
42
























43
44
45
46
47
48
49
    } else {
        return -code error [::msgcat::mc "No SASL package found"]
    }

    switch -- $saslpack {
        tclsasl {
            sasl::client_init -callbacks {}
























        }
        default {
            # empty
        }
    }

    # SASL error messages







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
    } else {
        return -code error [::msgcat::mc "No SASL package found"]
    }

    switch -- $saslpack {
        tclsasl {
            sasl::client_init -callbacks {}
        }
        tcllib {
            if {[lsearch -exact [::SASL::mechanisms] EXTERNAL] < 0} {
                # Register the EXTERNAL SASL authentication mechanism

                namespace eval ::SASL::EXTERNAL {
                    proc client {context challenge args} {
                        upvar #0 $context ctx
                        incr ctx(step)
                        set authzid [eval $ctx(callback) [list $context login]]
                        set ctx(response) $authzid
                        return 0
                    }

                    proc server {context clientrsp args} {
                        # We don't need a server part

                        return -code error "authentication failed"
                    }

                    ::SASL::register EXTERNAL 100 [namespace current]::client \
                                                  [namespace current]::server
                }
            }
        }
        default {
            # empty
        }
    }

    # SASL error messages
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
proc ::xmpp::sasl::ChooseMech {token mechanisms} {
    variable $token
    upvar 0 $token state

    set forbiddenMechs $state(-disable)

    if {$state(-digest) == 1} {
        lappend forbiddenMechs PLAIN LOGIN EXTERNAL
    } elseif {$state(-digest) == 0} {
        foreach m [SASL::mechanisms] {
            switch -- $m {
                PLAIN -
                LOGIN -
                EXTERNAL {}
                default {lappend forbiddenMechs $m}
            }
        }
    }

    foreach m [SASL::mechanisms] {
        if {[lsearch -exact $mechanisms $m] >= 0 && \







|




|
<







507
508
509
510
511
512
513
514
515
516
517
518
519

520
521
522
523
524
525
526
proc ::xmpp::sasl::ChooseMech {token mechanisms} {
    variable $token
    upvar 0 $token state

    set forbiddenMechs $state(-disable)

    if {$state(-digest) == 1} {
        lappend forbiddenMechs PLAIN LOGIN
    } elseif {$state(-digest) == 0} {
        foreach m [SASL::mechanisms] {
            switch -- $m {
                PLAIN -
                LOGIN {}

                default {lappend forbiddenMechs $m}
            }
        }
    }

    foreach m [SASL::mechanisms] {
        if {[lsearch -exact $mechanisms $m] >= 0 && \

Changes to xmpp/xmpp.tcl.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# xmpp.tcl --
#
#       This file is part of the XMPP library. It implements the main library
#       routines.
#
# Copyright (c) 2008-2015 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require msgcat
package require xmpp::jid
package require xmpp::xml
package require xmpp::transport::tcp 0.2
package require xmpp::streamerror
package require xmpp::stanzaerror
package require xmpp::iq
package require xmpp::presence
package require xmpp::sm

package provide xmpp 0.2

namespace eval ::xmpp {

    # Default debug level (0: no debug, 1: light debug, 2: heavy debug).

    variable debug 0
}





|














|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# xmpp.tcl --
#
#       This file is part of the XMPP library. It implements the main library
#       routines.
#
# Copyright (c) 2008-2016 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require msgcat
package require xmpp::jid
package require xmpp::xml
package require xmpp::transport::tcp 0.2
package require xmpp::streamerror
package require xmpp::stanzaerror
package require xmpp::iq
package require xmpp::presence
package require xmpp::sm

package provide xmpp 0.3

namespace eval ::xmpp {

    # Default debug level (0: no debug, 1: light debug, 2: heavy debug).

    variable debug 0
}
452
453
454
455
456
457
458

459
460
461
462
463
464
465
                    return -code error \
                           [::msgcat::mc "Unsupported stream XMLNS \"%s\"" \
                                         $val]
                }
            }
            -xmlns -
            -xml:lang -

            -version {
                set state($key) $val
                set params($key) $val
            }
            -timeout {
                set timeout $val
            }







>







452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
                    return -code error \
                           [::msgcat::mc "Unsupported stream XMLNS \"%s\"" \
                                         $val]
                }
            }
            -xmlns -
            -xml:lang -
            -from -
            -version {
                set state($key) $val
                set params($key) $val
            }
            -timeout {
                set timeout $val
            }