TclXMPP

Check-in [a2e1f16d3e]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add the user's JID as cdata to the EXTERNAL SASL authentication response. This helps with prosody's mod_auth_ccert. Also, don't register the server part for the EXTERNAL SASL authentication mechaism. Added -cert option with a path to a client certificate.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:a2e1f16d3ed1744cae57db35f7ad079efcbe424f
User & Date: sgolovan 2016-01-07 10:59:34
Context
2016-01-11
15:18
Replace a bunch of control characters by spaces when create XML data to send. Leaf check-in: b6a6c2174d user: sgolovan tags: trunk
2016-01-07
10:59
Add the user's JID as cdata to the EXTERNAL SASL authentication response. This helps with prosody's mod_auth_ccert. Also, don't register the server part for the EXTERNAL SASL authentication mechaism. Added -cert option with a path to a client certificate. check-in: a2e1f16d3e user: sgolovan tags: trunk
2016-01-06
13:41
Added preliminary support for the EXTERNAL SASL authentication mechanism. Since it results in adding -from attribute to the ::xmpp::openStream command, the xmpp package version is bumped to 0.3. check-in: 1c657c8f82 user: sergei tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ChangeLog.











1
2
3
4
5
6
7










2016-01-06  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/pkgIndex.tcl, xmpp/sasl.tcl, xmpp/xmpp.tcl: Added preliminary
	  support for the EXTERNAL SASL authentication mechanism. Since it
	  results in adding -from attribute to the ::xmpp::openStream command,
	  the xmpp package version is bumped to 0.3.

>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2016-01-07  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/sasl.tcl: Add the user's JID as cdata to the EXTERNAL SASL
	  authentication response. This helps with prosody's mod_auth_ccert.
	  Also, don't register the server part for the EXTERNAL SASL
	  authentication mechaism.

	* examples/jsend.tcl: Added -cert option with a path to a client
	  certificate.

2016-01-06  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/pkgIndex.tcl, xmpp/sasl.tcl, xmpp/xmpp.tcl: Added preliminary
	  support for the EXTERNAL SASL authentication mechanism. Since it
	  results in adding -from attribute to the ::xmpp::openStream command,
	  the xmpp package version is bumped to 0.3.

Changes to examples/jsend.tcl.

57
58
59
60
61
62
63

64
65
66
67
68
69
70
...
189
190
191
192
193
194
195

196
197
198
199
200
201
202
203
204
205
                            -xhtml       ""    \
                            -date        ""    \
                            -description ""    \
                            -url         ""    \
                            -bosh        ""    \
                            -tls         false \
                            -starttls    true  \

                            -sasl        true  \
                            -digest      true]
    array set options $args

    if {[string equal $options(-host) ""]} {
        if {[string first @ $options(-from)] < 0} {
            set options(-host) [info hostname]
................................................................................
        ::xmpp::connect $xlib $options(-host) $port \
                              -transport $transport \
                              -url $options(-bosh)

        if {[string equal $options(-bosh) ""] && !$options(-tls) && $options(-starttls)} {
            # Open XMPP stream
            set sessionID [::xmpp::openStream $xlib $domain \

                                                    -version 1.0]

            ::xmpp::starttls::starttls $xlib

            ::xmpp::sasl::auth $xlib -username  $node \
                                     -password  $options(-password) \
                                     -resource  $resource \
                                     -digest    $options(-digest)
        } elseif {$options(-sasl)} {
            # Open XMPP stream







>







 







>


|







57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
...
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
                            -xhtml       ""    \
                            -date        ""    \
                            -description ""    \
                            -url         ""    \
                            -bosh        ""    \
                            -tls         false \
                            -starttls    true  \
                            -cert        ""    \
                            -sasl        true  \
                            -digest      true]
    array set options $args

    if {[string equal $options(-host) ""]} {
        if {[string first @ $options(-from)] < 0} {
            set options(-host) [info hostname]
................................................................................
        ::xmpp::connect $xlib $options(-host) $port \
                              -transport $transport \
                              -url $options(-bosh)

        if {[string equal $options(-bosh) ""] && !$options(-tls) && $options(-starttls)} {
            # Open XMPP stream
            set sessionID [::xmpp::openStream $xlib $domain \
                                                    -from [::xmpp::jid::jid $node $domain] \
                                                    -version 1.0]

            ::xmpp::starttls::starttls $xlib -certfile $options(-cert)

            ::xmpp::sasl::auth $xlib -username  $node \
                                     -password  $options(-password) \
                                     -resource  $resource \
                                     -digest    $options(-digest)
        } elseif {$options(-sasl)} {
            # Open XMPP stream

Changes to xmpp/sasl.tcl.

45
46
47
48
49
50
51

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
...
432
433
434
435
436
437
438

439
440
441
442
443
444
445
            if {[lsearch -exact [::SASL::mechanisms] EXTERNAL] < 0} {
                # Register the EXTERNAL SASL authentication mechanism

                namespace eval ::SASL::EXTERNAL {
                    proc client {context challenge args} {
                        upvar #0 $context ctx
                        incr ctx(step)

                        set authzid [eval $ctx(callback) [list $context login]]
                        set ctx(response) $authzid
                        return 0
                    }

                    proc server {context clientrsp args} {
                        # We don't need a server part

                        return -code error "authentication failed"
                    }

                    ::SASL::register EXTERNAL 100 [namespace current]::client \
                                                  [namespace current]::server
                }
            }
        }
        default {
            # empty
        }
    }
................................................................................

            if {!$code} {
                set state(mech) $result
                SASL::configure $state(token) -mech $state(mech)
                switch -glob -- $state(mech) {
                    SCRAM-* -
                    PLAIN -

                    X-GOOGLE-TOKEN {
                        # Initial responce
                        set code [catch {SASL::step $state(token) ""} result]
                        if {!$code} {
                            set output [SASL::response $state(token)]
                        }
                    }







>
|
|



<
<
<
<
<
<
|
<







 







>







45
46
47
48
49
50
51
52
53
54
55
56
57






58

59
60
61
62
63
64
65
...
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
            if {[lsearch -exact [::SASL::mechanisms] EXTERNAL] < 0} {
                # Register the EXTERNAL SASL authentication mechanism

                namespace eval ::SASL::EXTERNAL {
                    proc client {context challenge args} {
                        upvar #0 $context ctx
                        incr ctx(step)
                        set username [eval $ctx(callback) [list $context username]]
                        set realm [eval $ctx(callback) [list $context realm]]
                        set ctx(response) $username@$realm
                        return 0
                    }







                    ::SASL::register EXTERNAL 100 [namespace current]::client

                }
            }
        }
        default {
            # empty
        }
    }
................................................................................

            if {!$code} {
                set state(mech) $result
                SASL::configure $state(token) -mech $state(mech)
                switch -glob -- $state(mech) {
                    SCRAM-* -
                    PLAIN -
                    EXTERNAL -
                    X-GOOGLE-TOKEN {
                        # Initial responce
                        set code [catch {SASL::step $state(token) ""} result]
                        if {!$code} {
                            set output [SASL::response $state(token)]
                        }
                    }