/*
* Tigase Jabber/XMPP Server
* Copyright (C) 2004-2012 "Artur Hefczyc" <artur.hefczyc@tigase.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. Look for COPYING file in the top folder.
* If not, see http://www.gnu.org/licenses/.
*
* $Rev$
* Last modified by $Author$
* $Date$
*/
package tigase.xmpp.impl;
//~--- non-JDK imports --------------------------------------------------------
import tigase.db.AuthRepository;
import tigase.db.NonAuthUserRepository;
import tigase.db.TigaseDBException;
import tigase.server.Command;
import tigase.server.Packet;
import tigase.server.Priority;
import tigase.xml.Element;
import tigase.xmpp.Authorization;
import tigase.xmpp.BareJID;
import tigase.xmpp.NotAuthorizedException;
import tigase.xmpp.StanzaType;
import tigase.xmpp.XMPPException;
import tigase.xmpp.XMPPProcessor;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.impl.SaslAuth.ElementType;
//~--- JDK imports ------------------------------------------------------------
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
//~--- classes ----------------------------------------------------------------
/**
* JEP-0078: Non-SASL Authentication
*
*
* Created: Thu Feb 16 17:46:16 2006
*
* @author <a href="mailto:artur.hefczyc@tigase.org">Artur Hefczyc</a>
* @version $Rev$
*/
public class JabberIqAuth extends XMPPProcessor implements XMPPProcessorIfc {
/**
* Private logger for class instancess.
*/
private static final Logger log = Logger.getLogger("tigase.xmpp.impl.JabberIqAuth");
private static final String XMLNS = "jabber:iq:auth";
private static final String ID = XMLNS;
private static final String[] ELEMENTS = { "query" };
private static final String[] XMLNSS = { XMLNS };
private static final Element[] FEATURES = { new Element("auth",
new String[] { "xmlns" }, new String[] { "http://jabber.org/features/iq-auth" }) };
private static final Element[] DISCO_FEATURES = { new Element("feature",
new String[] { "var" }, new String[] { XMLNS }) };
// ~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @return
*/
@Override
public int concurrentQueuesNo() {
return Runtime.getRuntime().availableProcessors();
}
/**
* Method description
*
*
* @return
*/
@Override
public String id() {
return ID;
}
/**
* Method description
*
*
* @param packet
* @param session
* @param repo
* @param results
* @param settings
*
* @throws XMPPException
*/
@Override
public void process(final Packet packet, final XMPPResourceConnection session,
final NonAuthUserRepository repo, final Queue<Packet> results,
final Map<String, Object> settings) throws XMPPException {
if (session == null) {
return;
} // end of if (session == null)
synchronized (session) {
// If authentication timeout expired, ignore the request....
if (session.getSessionData(XMPPResourceConnection.AUTHENTICATION_TIMEOUT_KEY) != null) {
return;
}
if (session.isAuthorized()) {
// Multiple authentication attempts....
// Another authentication request on already authenticated connection
// This is not allowed and must be forbidden.
Packet res =
Authorization.NOT_AUTHORIZED.getResponseMessage(packet,
"Cannot authenticate twice on the same stream.", false);
// Make sure it gets delivered before stream close
res.setPriority(Priority.SYSTEM);
results.offer(res);
// Optionally close the connection to make sure there is no
// confusion about the connection state.
results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(),
StanzaType.set, session.nextStanzaId()));
if (log.isLoggable(Level.FINEST)) {
log.log(Level.FINEST,
"Discovered second authentication attempt: {0}, packet: {1}", new Object[] {
session.toString(), packet.toString() });
}
try {
session.logout();
} catch (NotAuthorizedException ex) {
log.log(Level.FINER, "Unsuccessful session logout: {0}", session.toString());
}
if (log.isLoggable(Level.FINEST)) {
log.log(Level.FINEST, "Session after logout: {0}", session.toString());
}
}
Element request = packet.getElement();
StanzaType type = packet.getType();
switch (type) {
case get:
Map<String, Object> query = new HashMap<String, Object>();
query.put(AuthRepository.PROTOCOL_KEY, AuthRepository.PROTOCOL_VAL_NONSASL);
try {
session.queryAuth(query);
String[] auth_mechs = (String[]) query.get(AuthRepository.RESULT_KEY);
StringBuilder response = new StringBuilder("<username/>");
for (String mech : auth_mechs) {
response.append("<").append(mech).append("/>");
} // end of for (String mech: auth_mechs)
response.append("<resource/>");
results.offer(packet.okResult(response.toString(), 1));
} catch (NullPointerException ex) {
log.warning("Database problem, most likely misconfiguration error: " + ex);
results.offer(Authorization.INTERNAL_SERVER_ERROR.getResponseMessage(packet,
"Database access problem, please contact administrator.", true));
} catch (TigaseDBException ex) {
// TODO Auto-generated catch block
log.warning("Database problem: " + ex);
results.offer(Authorization.INTERNAL_SERVER_ERROR.getResponseMessage(packet,
"Database access problem, please contact administrator.", true));
}
break;
case set:
// Now we use loginOther() instead to make it easier to customize
// the authentication protocol without a need to replace the
// authentication plug-in. The authentication takes place on the
// AuthRepository
// level so we do not really care here what the user has sent.
String user_name = request.getChildCData("/iq/query/username");
String resource = request.getChildCData("/iq/query/resource");
try {
List<Element> children = request.getChildren("/iq/query");
Map<String, Object> authProps = new HashMap<String, Object>(10, 0.75f);
authProps.put(AuthRepository.PROTOCOL_KEY, AuthRepository.PROTOCOL_VAL_NONSASL);
authProps.put(AuthRepository.REALM_KEY, session.getDomain().getVhost()
.getDomain());
authProps.put(AuthRepository.SERVER_NAME_KEY, session.getDomain().getVhost()
.getDomain());
authProps.put(AuthRepository.DIGEST_ID_KEY, session.getSessionId());
BareJID user_id =
BareJID.bareJIDInstance(user_name, session.getDomain().getVhost()
.getDomain());
authProps.put(AuthRepository.USER_ID_KEY, user_id);
for (Element child : children) {
authProps.put(child.getName(), child.getCData());
}
Authorization result = session.loginOther(authProps);
if (result == Authorization.AUTHORIZED) {
// Some clients don't send resource here, instead they send it later
// in resource bind packet.
if (resource != null && !resource.isEmpty()) {
session.setResource(resource);
}
results.offer(session.getAuthState().getResponseMessage(packet,
"Authentication successful.", false));
} else {
results.offer(Authorization.NOT_AUTHORIZED.getResponseMessage(packet,
"Authentication failed", false));
results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(),
StanzaType.set, session.nextStanzaId()));
} // end of else
} catch (Exception e) {
log.info("Authentication failed: " + user_name);
if (log.isLoggable(Level.FINEST)) {
log.log(Level.FINEST, "Authorization exception: ", e);
}
Packet response =
Authorization.NOT_AUTHORIZED.getResponseMessage(packet, e.getMessage(),
false);
response.setPriority(Priority.SYSTEM);
results.offer(response);
Integer retries = (Integer) session.getSessionData("auth-retries");
if (retries == null) {
retries = new Integer(0);
}
if (retries.intValue() < 3) {
session.putSessionData("auth-retries", new Integer(retries.intValue() + 1));
} else {
results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(),
StanzaType.set, session.nextStanzaId()));
}
}
break;
default:
results.offer(Authorization.BAD_REQUEST.getResponseMessage(packet,
"Message type is incorrect", false));
results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(),
StanzaType.set, session.nextStanzaId()));
break;
} // end of switch (type)
}
}
/**
* Method description
*
*
* @param session
*
* @return
*/
@Override
public Element[] supDiscoFeatures(final XMPPResourceConnection session) {
return DISCO_FEATURES;
}
/**
* Method description
*
*
* @return
*/
@Override
public String[] supElements() {
return ELEMENTS;
}
/**
* Method description
*
*
* @return
*/
@Override
public String[] supNamespaces() {
return XMLNSS;
}
/**
* Method description
*
*
* @param session
*
* @return
*/
@Override
public Element[] supStreamFeatures(final XMPPResourceConnection session) {
if ((session == null) || session.isAuthorized()) {
return null;
} else {
return FEATURES;
} // end of if (session.isAuthorized()) else
}
} // JabberIqAuth
// ~ Formatted in Sun Code Convention
// ~ Formatted by Jindent --- http://www.jindent.com