sasl – SASL helpers

This module is used to implement SASL in aioxmpp.security_layer. It provides a state machine for use by the different SASL mechanisms and implementations of some SASL mechansims.

SASL mechansims

class aioxmpp.sasl.PLAIN(credential_provider)

The PLAIN SASL mechanism (see RFC 4616).

credential_provider must be coroutine which returns a (user, password) tuple.

class aioxmpp.sasl.SCRAM(credential_provider)

The SCRAM SASL mechanism (see RFC 5802).

credential_provider must be coroutine which returns a (user, password) tuple.

Base class

class aioxmpp.sasl.SASLMechanism

Implementation of a SASL mechanism. Each SASLMechanism class must have a class attribute handled_mechanisms, which must be a container of strings holding the SASL mechanism names supported by that class.

SASL state machine and XSOs

class aioxmpp.sasl.SASLStateMachine(xmlstream)

A state machine to reduce code duplication during SASL handshake.

The state methods change the state and return the next client state of the SASL handshake, optionally with server-supplied payload.

Valid next states are:

• ('challenge', payload) (with payload being a bytes object obtained from base64-decoding the servers challenge)
• ('success', None) – after successful authentication
• ('failure', None) – after failed authentication (e.g. after a call to abort())

Note that, with the notable exception of abort(), failure states are never returned but thrown as errors.SASLFailure instead.

The initial state is never returned.

class aioxmpp.sasl.SASLAuth(mechanism=None, payload=None)

Start SASL authentication.

mechanism

The mechanism to authenticate with.

payload

For mechanisms which use an initial client-supplied payload, this can be a string. It is automatically encoded as base64 according to the XMPP SASL specification.

class aioxmpp.sasl.SASLChallenge(payload=None)

A SASL challenge sent by the server.

payload

The (decoded) SASL payload. Base64 en/decoding is handled by the XSO stack.

class aioxmpp.sasl.SASLResponse(payload=None)

A SASL challenge sent by the client.

payload

The (decoded) SASL payload. Base64 en/decoding is handled by the XSO stack.

class aioxmpp.sasl.SASLFailure(condition=('urn:ietf:params:xml:ns:xmpp-sasl', 'temporary-auth-failure'))

Indication of SASL failure.

condition

The condition which caused the authentication to fail.

text

Optional human-readable text.

class aioxmpp.sasl.SASLSuccess(*args, **kwargs)

Indication of SASL success, with optional final payload supplied by the server.

payload

The (decoded) SASL payload. Base64 en/decoding is handled by the XSO stack.

class aioxmpp.sasl.SASLAbort(*args, **kwargs)

Request to abort the SASL authentication.