asakul
/
pontarius-xmpp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
636 Commits
1 Branch
0 Tags
2.6 MiB
Tree: 302b2603d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '302b2603d8'
${ noResults }
pontarius-xmpp/source/Network/Xmpp/Sasl/Common.hs

233 lines
8.9 KiB
Raw Normal View History Unescape

shape documentation
13 years ago
{-# OPTIONS_HADDOCK hide #-}
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
{-# LANGUAGE PatternGuards #-}
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
{-# LANGUAGE OverloadedStrings #-}
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
module Network.Xmpp.Sasl.Common where
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
import Control.Applicative ((<$>))
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
import Control.Monad.Error
import qualified Data.Attoparsec.ByteString.Char8 as AP
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
import Data.Bits
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
import qualified Data.ByteString as BS
refactor digestMd5 to move common functionality to module Common
14 years ago
import qualified Data.ByteString.Base64 as B64
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
import Data.Maybe (maybeToList)
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
import qualified Data.Text as Text
refactor digestMd5 to move common functionality to module Common
14 years ago
import qualified Data.Text.Encoding as Text
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
import Data.Word (Word8)
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
import Data.XML.Pickle
import Data.XML.Types
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
import Network.Xmpp.Marshal
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
import Network.Xmpp.Sasl.StringPrep
rename Network.Xmpp.Monad to Network.Xmpp.Connection
13 years ago
import Network.Xmpp.Sasl.Types
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
import Network.Xmpp.Stream
import Network.Xmpp.Types
refactor digestMd5 to move common functionality to module Common
14 years ago
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
import qualified System.Random as Random
Remove SaslM While short, I do believe that `SaslM' type makes the code significantly less understandable. This is at least the case for me. This patch removes it and changes the types to read the full `ErrorT AuthFailure (StateT Stream IO) a' type instead.
13 years ago
import Control.Monad.State.Strict
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
--makeNonce :: ErrorT AuthFailure (StateT StreamState IO) BS.ByteString
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
makeNonce :: IO BS.ByteString
makeNonce = do
g <- liftIO Random.newStdGen
return $ B64.encode . BS.pack . map toWord8 . take 15 $ Random.randoms g
where
toWord8 :: Int -> Word8
toWord8 x = fromIntegral x :: Word8
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
(untested) sasl plain implementation
14 years ago
-- The <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> element, with an
-- optional round-trip value.
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
saslInitE :: Text.Text -> Maybe Text.Text -> Element
(untested) sasl plain implementation
14 years ago
saslInitE mechanism rt =
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
Element "{urn:ietf:params:xml:ns:xmpp-sasl}auth"
[("mechanism", [ContentText mechanism])]
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
(maybeToList $ NodeContent . ContentText <$> rt)
(untested) sasl plain implementation
14 years ago
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
-- SASL response with text payload.
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
saslResponseE :: Maybe Text.Text -> Element
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
saslResponseE resp =
Element "{urn:ietf:params:xml:ns:xmpp-sasl}response"
[]
refactor digestMd5 to move common functionality to module Common
14 years ago
(maybeToList $ NodeContent . ContentText <$> resp)
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- The <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> element.
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
xpSuccess :: PU [Node] (Maybe Text.Text)
xpSuccess = xpElemNodes "{urn:ietf:params:xml:ns:xmpp-sasl}success"
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
(xpOption $ xpContent xpId)
Change more all-caps names to camel case rename Sasl.Sasl to Sasl.Common
14 years ago
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
-- Parses the incoming SASL data to a mapped list of pairs.
refactor digestMd5 to move common functionality to module Common
14 years ago
pairs :: BS.ByteString -> Either String Pairs
pairs = AP.parseOnly . flip AP.sepBy1 (void $ AP.char ',') $ do
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
AP.skipSpace
name <- AP.takeWhile1 (/= '=')
_ <- AP.char '='
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
qt <- ((AP.char '"' >> return True) `mplus` return False)
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
content <- AP.takeWhile1 (AP.notInClass [',', '"'])
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
when qt . void $ AP.char '"'
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
return (name, content)
-- Failure element pickler.
refactor digestMd5 to move common functionality to module Common
14 years ago
xpFailure :: PU [Node] SaslFailure
xpFailure = xpWrap
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
(\(txt, (failure, _, _)) -> SaslFailure failure txt)
(\(SaslFailure failure txt) -> (txt,(failure,(),())))
(xpElemNodes
"{urn:ietf:params:xml:ns:xmpp-sasl}failure"
(xp2Tuple
(xpOption $ xpElem
"{urn:ietf:params:xml:ns:xmpp-sasl}text"
xpLangTag
(xpContent xpId))
(xpElemByNamespace
"urn:ietf:params:xml:ns:xmpp-sasl"
Replace additional `xpPrim' calls Moved and started using `xpSaslError'. Added `xpShow' and `xpPriority'.
13 years ago
xpSaslError
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
(xpUnit)
(xpUnit))))
add documentation to Scram.hs and Common.hs
14 years ago
Replace additional `xpPrim' calls Moved and started using `xpSaslError'. Added `xpShow' and `xpPriority'.
13 years ago
xpSaslError :: PU Text.Text SaslError
xpSaslError = ("xpSaslError", "") <?>
fix defined condition picklers being too strict
12 years ago
xpIso saslErrorFromText saslErrorToText
Replace additional `xpPrim' calls Moved and started using `xpSaslError'. Added `xpShow' and `xpPriority'.
13 years ago
where
saslErrorToText SaslAborted = "aborted"
saslErrorToText SaslAccountDisabled = "account-disabled"
saslErrorToText SaslCredentialsExpired = "credentials-expired"
saslErrorToText SaslEncryptionRequired = "encryption-required"
saslErrorToText SaslIncorrectEncoding = "incorrect-encoding"
saslErrorToText SaslInvalidAuthzid = "invalid-authzid"
saslErrorToText SaslInvalidMechanism = "invalid-mechanism"
saslErrorToText SaslMalformedRequest = "malformed-request"
saslErrorToText SaslMechanismTooWeak = "mechanism-too-weak"
saslErrorToText SaslNotAuthorized = "not-authorized"
saslErrorToText SaslTemporaryAuthFailure = "temporary-auth-failure"
fix defined condition picklers being too strict
12 years ago
saslErrorFromText "aborted" = SaslAborted
saslErrorFromText "account-disabled" = SaslAccountDisabled
saslErrorFromText "credentials-expired" = SaslCredentialsExpired
saslErrorFromText "encryption-required" = SaslEncryptionRequired
saslErrorFromText "incorrect-encoding" = SaslIncorrectEncoding
saslErrorFromText "invalid-authzid" = SaslInvalidAuthzid
saslErrorFromText "invalid-mechanism" = SaslInvalidMechanism
saslErrorFromText "malformed-request" = SaslMalformedRequest
saslErrorFromText "mechanism-too-weak" = SaslMechanismTooWeak
saslErrorFromText "not-authorized" = SaslNotAuthorized
saslErrorFromText "temporary-auth-failure" = SaslTemporaryAuthFailure
saslErrorFromText _ = SaslNotAuthorized
Replace additional `xpPrim' calls Moved and started using `xpSaslError'. Added `xpShow' and `xpPriority'.
13 years ago
prepared to extend sasl functionality, put digest-md5 code in its own module
14 years ago
-- Challenge element pickler.
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
xpChallenge :: PU [Node] (Maybe Text.Text)
refactor digestMd5 to move common functionality to module Common
14 years ago
xpChallenge = xpElemNodes "{urn:ietf:params:xml:ns:xmpp-sasl}challenge"
(xpOption $ xpContent xpId)
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Pickler for SaslElement.
add documentation to Scram.hs and Common.hs
14 years ago
xpSaslElement :: PU [Node] SaslElement
refactor digestMd5 to move common functionality to module Common
14 years ago
xpSaslElement = xpAlt saslSel
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
[ xpWrap SaslSuccess (\(SaslSuccess x) -> x) xpSuccess
refactor digestMd5 to move common functionality to module Common
14 years ago
, xpWrap SaslChallenge (\(SaslChallenge c) -> c) xpChallenge
]
where
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
saslSel (SaslSuccess _) = 0
refactor digestMd5 to move common functionality to module Common
14 years ago
saslSel (SaslChallenge _) = 1
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Add quotationmarks around a byte string.
refactor digestMd5 to move common functionality to module Common
14 years ago
quote :: BS.ByteString -> BS.ByteString
quote x = BS.concat ["\"",x,"\""]
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
saslInit :: Text.Text -> Maybe BS.ByteString -> ErrorT AuthFailure (StateT StreamState IO) ()
Tweak failure approach I'm assuming and defining the following: 1. XMPP failures (which can occur at the TCP, TLS, and XML/XMPP layers (as a stream error or forbidden input)) are fatal; they will distrupt the XMPP session. 2. All fatal failures should be thrown (or similar) by `session', or any other function that might produce them. 3. Authentication failures that are not "XMPP failures" are not fatal. They do not necessarily terminate the stream. For example, the developer should be able to make another authentication attempt. The `Session' object returned by `session' might be useful even if the authentication fails. 4. We can (and should) use one single data type for fatal failures. (Previously, both StreamFailure and TlsFailure was used.) 5. We can catch and rethrow/wrap IO exceptions in the context of the Pontarius XMPP error system that we decide to use, making the error system more intuitive, Haskell-like, and more straight-forward to implement. Calling `error' may only be done in the case of a program error (a bug). 6. A logging system will remove the need for many of the error types. Only exceptions that seem likely to affect the flow of client applications should be defined. 7. The authentication functions are prone to fatal XMPP failures in addition to non-fatal authentication conditions. (Previously, `AuthStreamFailure' was used to wrap these errors.) I'm hereby suggesting (and implementing) the following: `StreamFailure' and `TlsFailure' should be joined into `XmppFailure'. `pullStanza' and the other Connection functions used to throw `IOException', `StreamFailure' and `TlsFailure' exceptions. With this patch, they have been converted to `StateT Connection IO (Either XmppFailure a)' computations. They also catch (some) IOException errors and wrap them in the new `XmppIOException' constructor. `newSession' is now `IO (Either XmppFailure Session)' as well (being capable of throwing IO exceptions). Whether or not to continue to a) wrap `XmppFailure' failures in an `AuthStreamFailure' equivalent, or, b) treat the authentication functions just like the other functions that may result in failure (Either XmppFailure a), depends on how Network.Xmpp.Connection.auth will be used. Since the latter will make `auth' more consistent, as well as remove the need for a wrapped (and special-case) "AuthFailure" type, I have decided to give the "b" approach a try. (The drawback being, of course, that authentication errors can not be accessed through the use of ErrorT. Whether or not this might be a problem, I don't really know at this point.) As the SASL code (and SaslM) depended on `AuthStreamFailure', it remains for internal use, at least for the time-being. `session' is now an ErrorT computation as well. Some functions have been updated as hacks, but this will be changed if we decide to move forward with this approach.
13 years ago
saslInit mechanism payload = do
r <- lift . pushElement . saslInitE mechanism $
Text.decodeUtf8 . B64.encode <$> payload
case r of
move from exceptions as StreamHandle error indicator to XmppFailure error values. This changes the return type of at least the following functions from IO Bool to IO (Either XmppFailure ()) * sendIQ * sendIQ' * answerIQ * sendMessage * sendPresence
12 years ago
Right () -> return ()
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
Left e -> throwError $ AuthStreamFailure e
refactor digestMd5 to move common functionality to module Common
14 years ago
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Pull the next element.
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
pullSaslElement :: ErrorT AuthFailure (StateT StreamState IO) SaslElement
refactor digestMd5 to move common functionality to module Common
14 years ago
pullSaslElement = do
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
mbse <- lift $ pullUnpickle (xpEither xpFailure xpSaslElement)
case mbse of
Tweak failure approach I'm assuming and defining the following: 1. XMPP failures (which can occur at the TCP, TLS, and XML/XMPP layers (as a stream error or forbidden input)) are fatal; they will distrupt the XMPP session. 2. All fatal failures should be thrown (or similar) by `session', or any other function that might produce them. 3. Authentication failures that are not "XMPP failures" are not fatal. They do not necessarily terminate the stream. For example, the developer should be able to make another authentication attempt. The `Session' object returned by `session' might be useful even if the authentication fails. 4. We can (and should) use one single data type for fatal failures. (Previously, both StreamFailure and TlsFailure was used.) 5. We can catch and rethrow/wrap IO exceptions in the context of the Pontarius XMPP error system that we decide to use, making the error system more intuitive, Haskell-like, and more straight-forward to implement. Calling `error' may only be done in the case of a program error (a bug). 6. A logging system will remove the need for many of the error types. Only exceptions that seem likely to affect the flow of client applications should be defined. 7. The authentication functions are prone to fatal XMPP failures in addition to non-fatal authentication conditions. (Previously, `AuthStreamFailure' was used to wrap these errors.) I'm hereby suggesting (and implementing) the following: `StreamFailure' and `TlsFailure' should be joined into `XmppFailure'. `pullStanza' and the other Connection functions used to throw `IOException', `StreamFailure' and `TlsFailure' exceptions. With this patch, they have been converted to `StateT Connection IO (Either XmppFailure a)' computations. They also catch (some) IOException errors and wrap them in the new `XmppIOException' constructor. `newSession' is now `IO (Either XmppFailure Session)' as well (being capable of throwing IO exceptions). Whether or not to continue to a) wrap `XmppFailure' failures in an `AuthStreamFailure' equivalent, or, b) treat the authentication functions just like the other functions that may result in failure (Either XmppFailure a), depends on how Network.Xmpp.Connection.auth will be used. Since the latter will make `auth' more consistent, as well as remove the need for a wrapped (and special-case) "AuthFailure" type, I have decided to give the "b" approach a try. (The drawback being, of course, that authentication errors can not be accessed through the use of ErrorT. Whether or not this might be a problem, I don't really know at this point.) As the SASL code (and SaslM) depended on `AuthStreamFailure', it remains for internal use, at least for the time-being. `session' is now an ErrorT computation as well. Some functions have been updated as hacks, but this will be changed if we decide to move forward with this approach.
13 years ago
Left e -> throwError $ AuthStreamFailure e
Right (Left e) -> throwError $ AuthSaslFailure e
Right (Right r) -> return r
refactor digestMd5 to move common functionality to module Common
14 years ago
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Pull the next element, checking that it is a challenge.
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
pullChallenge :: ErrorT AuthFailure (StateT StreamState IO) (Maybe BS.ByteString)
refactor digestMd5 to move common functionality to module Common
14 years ago
pullChallenge = do
e <- pullSaslElement
case e of
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
SaslChallenge Nothing -> return Nothing
SaslChallenge (Just scb64)
| Right sc <- B64.decode . Text.encodeUtf8 $ scb64
-> return $ Just sc
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
_ -> throwError AuthOtherFailure -- TODO: Log
refactor digestMd5 to move common functionality to module Common
14 years ago
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
-- | Extract value from Just, failing with AuthOtherFailure on Nothing.
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
saslFromJust :: Maybe a -> ErrorT AuthFailure (StateT StreamState IO) a
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
saslFromJust Nothing = throwError $ AuthOtherFailure -- TODO: Log
refactor digestMd5 to move common functionality to module Common
14 years ago
saslFromJust (Just d) = return d
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Pull the next element and check that it is success.
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
pullSuccess :: ErrorT AuthFailure (StateT StreamState IO) (Maybe Text.Text)
refactor digestMd5 to move common functionality to module Common
14 years ago
pullSuccess = do
e <- pullSaslElement
case e of
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
SaslSuccess x -> return x
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
_ -> throwError $ AuthOtherFailure -- TODO: Log
refactor digestMd5 to move common functionality to module Common
14 years ago
add documentation to Scram.hs and Common.hs
14 years ago
-- | Pull the next element. When it's success, return it's payload.
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- If it's a challenge, send an empty response and pull success.
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
pullFinalMessage :: ErrorT AuthFailure (StateT StreamState IO) (Maybe BS.ByteString)
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
pullFinalMessage = do
challenge2 <- pullSaslElement
case challenge2 of
add server authentication
14 years ago
SaslSuccess x -> decode x
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
SaslChallenge x -> do
_b <- respond Nothing
add server authentication
14 years ago
_s <- pullSuccess
decode x
where
decode Nothing = return Nothing
decode (Just d) = case B64.decode $ Text.encodeUtf8 d of
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
Left _e -> throwError $ AuthOtherFailure -- TODO: Log
add server authentication
14 years ago
Right x -> return $ Just x
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Extract p=q pairs from a challenge.
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
toPairs :: BS.ByteString -> ErrorT AuthFailure (StateT StreamState IO) Pairs
add scram add sAuthzid to XmppConnection add sAuthzid to XmppConnection more work on sasl infrastructure move more stuff from DigestMd5 to Common more work on sasl infrastructure
14 years ago
toPairs ctext = case pairs ctext of
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
Left _e -> throwError AuthOtherFailure -- TODO: Log
refactor digestMd5 to move common functionality to module Common
14 years ago
Right r -> return r
miscellaneous sasl changes stopped wrapping passwd in a SaslM computation for the time-being SaslHandler now takes password and does not take hostname minor formatting and documentation changes runSasl where-local SaslElement moved to Sasl/Types.hs
14 years ago
-- | Send a SASL response element. The content will be base64-encoded.
clear modules necessare for cabal install of warnings clear Network.Xmpp of warnings clear Network.XMpp.Tls of Warnings clear Network.Xmpp.Utilities of Warnings clear Network.Xmpp.Stream of warnings clear Network.Xmpp.Sasl of warnings clear Network.Xmpp.Concurrent of warnings clear Network.Xmpp.Concurrent.IQ of warnings clear Network.Xmpp.Concurrent.Message of warnings clear Network.Xmpp.Concurrent.Monad of warnings clear Network.Xmpp.Concurrent.Presence of Warnings clear Network.Xmpp.Concurrent.Threads of warnings clear Network.Xmpp.Concurrent.Types of warnings clear Network.Xmpp.IM.Presence of warnings clear Network.Xmpp.Sasl.Common of warnings clear Network.Xmpp.Sasl.StringPrep of warnings clear Network.Xmpp.Sasl.Mechanisms.DIgestMd5 of warnings clear Network.Xmpp.Sasl.Mechanisms.Plain of warnings clear Network.Xmpp.Sasl.Mechanisms.Scram of warnings clear Network.Xmpp.Xep.DataForms of warnings clear Network.Xmpp.Internal of warnings
13 years ago
respond :: Maybe BS.ByteString -> ErrorT AuthFailure (StateT StreamState IO) ()
Tweak failure approach I'm assuming and defining the following: 1. XMPP failures (which can occur at the TCP, TLS, and XML/XMPP layers (as a stream error or forbidden input)) are fatal; they will distrupt the XMPP session. 2. All fatal failures should be thrown (or similar) by `session', or any other function that might produce them. 3. Authentication failures that are not "XMPP failures" are not fatal. They do not necessarily terminate the stream. For example, the developer should be able to make another authentication attempt. The `Session' object returned by `session' might be useful even if the authentication fails. 4. We can (and should) use one single data type for fatal failures. (Previously, both StreamFailure and TlsFailure was used.) 5. We can catch and rethrow/wrap IO exceptions in the context of the Pontarius XMPP error system that we decide to use, making the error system more intuitive, Haskell-like, and more straight-forward to implement. Calling `error' may only be done in the case of a program error (a bug). 6. A logging system will remove the need for many of the error types. Only exceptions that seem likely to affect the flow of client applications should be defined. 7. The authentication functions are prone to fatal XMPP failures in addition to non-fatal authentication conditions. (Previously, `AuthStreamFailure' was used to wrap these errors.) I'm hereby suggesting (and implementing) the following: `StreamFailure' and `TlsFailure' should be joined into `XmppFailure'. `pullStanza' and the other Connection functions used to throw `IOException', `StreamFailure' and `TlsFailure' exceptions. With this patch, they have been converted to `StateT Connection IO (Either XmppFailure a)' computations. They also catch (some) IOException errors and wrap them in the new `XmppIOException' constructor. `newSession' is now `IO (Either XmppFailure Session)' as well (being capable of throwing IO exceptions). Whether or not to continue to a) wrap `XmppFailure' failures in an `AuthStreamFailure' equivalent, or, b) treat the authentication functions just like the other functions that may result in failure (Either XmppFailure a), depends on how Network.Xmpp.Connection.auth will be used. Since the latter will make `auth' more consistent, as well as remove the need for a wrapped (and special-case) "AuthFailure" type, I have decided to give the "b" approach a try. (The drawback being, of course, that authentication errors can not be accessed through the use of ErrorT. Whether or not this might be a problem, I don't really know at this point.) As the SASL code (and SaslM) depended on `AuthStreamFailure', it remains for internal use, at least for the time-being. `session' is now an ErrorT computation as well. Some functions have been updated as hacks, but this will be changed if we decide to move forward with this approach.
13 years ago
respond m = do
r <- lift . pushElement . saslResponseE . fmap (Text.decodeUtf8 . B64.encode) $ m
case r of
Left e -> throwError $ AuthStreamFailure e
move from exceptions as StreamHandle error indicator to XmppFailure error values. This changes the return type of at least the following functions from IO Bool to IO (Either XmppFailure ()) * sendIQ * sendIQ' * answerIQ * sendMessage * sendPresence
12 years ago
Right () -> return ()
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
-- | Run the appropriate stringprep profiles on the credentials.
Rename `AuthError' to `AuthFailure'; apply minor documentation changes
13 years ago
-- May fail with 'AuthStringPrepFailure'
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
prepCredentials :: Text.Text -> Maybe Text.Text -> Text.Text
wrap the stream object (TMVar Stream) in a newtype rename StreamState to ConnectionState rename Stream to StreamState add Stream newtype
13 years ago
-> ErrorT AuthFailure (StateT StreamState IO) (Text.Text, Maybe Text.Text, Text.Text)
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
prepCredentials authcid authzid password = case credentials of
Clean up and additionally document AuthFailure (and XmppFailure) types As mentioned in a previous patch, the `AuthFailure' type signals a (non-fatal) SASL error condition. This is now reflected in the documentation. I went through the different constructors for the type, looking at how they were produced (thrown) and whether or not that information were useful for the application using Pontarius XMPP. To begin, I conclude that `AuthStreamFailure' is only used internally. It will probably be removed when the internal type signatures of the Sasl package are changed to conform with the rest of the `Error' computations of Pontarius XMPP. `AuthFailure' is not thrown as far as I can see, but is only used for the Error instance. `AuthNoAcceptableMechanism' is thrown by `xmppSasl' when none of the mechanisms offered by the server is specified as acceptable by the client. It wraps the mechanisms offered. I consider this information useful for client developers, and will therefor keep this constructor. `AuthSaslFailure' wraps a `SaslFailure' (from Types.hs) and is only thrown when `pullSaslElement' unpickles a SASL failure. This, together with `AuthNoAcceptableMechanism' above, could be considered the `normal' ways of which SASL might be failing. `AuthStringPrepFailure' is thrown if `prepCredentials' fails to stringprep-verify the credentials. This might be interesting for the client developer. As I think that `AuthIllegalCredentials' is more understandable, I have changed the name to that. `AuthNoStream' is thrown by `xmppSasl' when the stream state is `Closed'. This is the result of a client program error/bug. This patch removes this constructor and modifies the behaviour of xmppSasl to throw an `XmppFailure' instead. `AuthChallengeFailure' is thrown if `fromPairs' fails (in Scram.hs), if a challenge element could not be pulled (in Common.hs), by `saslFromJust' if a `Nothing' value is encountered (in Common.hs), in `pullFinalMessage' (`decode') if the success payload could not be decoded (in Common.hs), or if `toPairs' (in Common.hs) can not extract the pairs. Furthermore, `AuthServerAuthFailure' is thrown if there is no `v' value in the final message of the SCRAM handler. Finally, `AuthXmlFailure' is thrown when `pullSuccess' find something other than a success element (and, I'm guessing, a `SaslFailure' element). This can only happen if there is a bug in Pontarius XMPP or the server. The way I see it, all these failures are abnormal and are of no interest from the client application itself. I suggest that these events are logged instead, and that we signal any of these conditions with a new `AuthOtherFailure' constructor. I suggest that we remove the `AuthFailure' constructor, and use the `AuthOtherFailure' for the `Error' instance. The `AuthFailure' type and all its constructors are now documented. I also made some minor documentation enhancements to the `XmppFailure' type.
13 years ago
Nothing -> throwError $ AuthIllegalCredentials
fix IBR always using IQ-Get add IBR unregister method improve TLS debug messages
13 years ago
Just creds -> return creds
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
where
credentials = do
Fix loggin in Network.Xmpp.Tls and minor cleanups
13 years ago
ac <- normalizeUsername authcid
az <- case authzid of
Nothing -> Just Nothing
Just az' -> Just <$> normalizeUsername az'
pw <- normalizePassword password
return (ac, az, pw)
move mechanisms to Sasl/Mechanisms factor out prepCredentials
14 years ago
-- | Bit-wise xor of byte strings
xorBS :: BS.ByteString -> BS.ByteString -> BS.ByteString
xorBS x y = BS.pack $ BS.zipWith xor x y
-- | Join byte strings with ","
merge :: [BS.ByteString] -> BS.ByteString
merge = BS.intercalate ","
-- | Infix concatenation of byte strings
(+++) :: BS.ByteString -> BS.ByteString -> BS.ByteString
(+++) = BS.append