/* * Tigase Jabber/XMPP Server * Copyright (C) 2004-2012 "Artur Hefczyc" <artur.hefczyc@tigase.org> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. Look for COPYING file in the top folder. * If not, see http://www.gnu.org/licenses/. * * $Rev$ * Last modified by $Author$ * $Date$ */ package tigase.xmpp.impl; //~--- non-JDK imports -------------------------------------------------------- import tigase.db.AuthRepository; import tigase.db.NonAuthUserRepository; import tigase.db.TigaseDBException; import tigase.db.UserNotFoundException; import tigase.server.Command; import tigase.server.Packet; import tigase.server.Priority; import tigase.xml.Element; import tigase.xmpp.Authorization; import tigase.xmpp.NotAuthorizedException; import tigase.xmpp.StanzaType; import tigase.xmpp.XMPPProcessor; import tigase.xmpp.XMPPProcessorIfc; import tigase.xmpp.XMPPResourceConnection; //~--- JDK imports ------------------------------------------------------------ import java.util.HashMap; import java.util.Map; import java.util.Queue; import java.util.logging.Level; import java.util.logging.Logger; //~--- classes ---------------------------------------------------------------- /** * Describe class SaslAuth here. * * * Created: Mon Feb 20 16:28:13 2006 * * @author <a href="mailto:artur.hefczyc@tigase.org">Artur Hefczyc</a> * @version $Rev$ */ public class SaslAuth extends XMPPProcessor implements XMPPProcessorIfc { private static final String XMLNS = "urn:ietf:params:xml:ns:xmpp-sasl"; private static final Logger log = Logger.getLogger(SaslAuth.class.getName()); private static final String ID = XMLNS; private static final String[] ELEMENTS = { "auth", "response", "challenge", "failure", "success", "abort" }; private static final String[] XMLNSS = { XMLNS, XMLNS, XMLNS, XMLNS, XMLNS, XMLNS }; private static final Element[] DISCO_FEATURES = { new Element("feature", new String[] { "var" }, new String[] { XMLNS }) }; // ~--- constant enums ------------------------------------------------------- /** * Enum description * */ public enum ElementType { auth, abort, response, challenge, failure, success; } // ~--- methods -------------------------------------------------------------- /** * Method description * * * @return */ @Override public int concurrentQueuesNo() { return Runtime.getRuntime().availableProcessors(); } /** * Method description * * * @return */ @Override public String id() { return ID; } /** * Method description * * * @param packet * @param session * @param repo * @param results * @param settings */ @SuppressWarnings({ "unchecked" }) @Override public void process(final Packet packet, final XMPPResourceConnection session, final NonAuthUserRepository repo, final Queue<Packet> results, final Map<String, Object> settings) { if (session == null) { return; } // end of if (session == null) synchronized (session) { // If authentication timeout expired, ignore the request.... if (session.getSessionData(XMPPResourceConnection.AUTHENTICATION_TIMEOUT_KEY) != null) { return; } if (session.isAuthorized()) { // Multiple authentication attempts.... // Another authentication request on already authenticated connection // This is not allowed and must be forbidden. Packet res = packet.swapFromTo(createReply(ElementType.failure, "<not-authorized/>"), null, null); // Make sure it gets delivered before stream close res.setPriority(Priority.SYSTEM); results.offer(res); // Optionally close the connection to make sure there is no // confusion about the connection state. results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, session.nextStanzaId())); if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "Discovered second authentication attempt: {0}, packet: {1}", new Object[] { session.toString(), packet.toString() }); } try { session.logout(); } catch (NotAuthorizedException ex) { log.log(Level.FINER, "Unsuccessful session logout: {0}", session.toString()); } if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "Session after logout: {0}", session.toString()); } } Element request = packet.getElement(); // ElementType type = null; // try { // type = ElementType.valueOf(request.getName()); // } catch (IllegalArgumentException e) { // log.warning("Incorrect stanza type: " + request.getName()); // results.offer(packet.swapFromTo(createReply(ElementType.failure, // "<temporary-auth-failure/>"))); // results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), // StanzaType.set, packet.getElemId())); // return; // } // end of try-catch Map<String, Object> authProps = (Map<String, Object>) (session.getSessionData(XMLNS + "-authProps")); if (authProps == null) { authProps = new HashMap<String, Object>(10, 0.75f); authProps.put(AuthRepository.PROTOCOL_KEY, AuthRepository.PROTOCOL_VAL_SASL); authProps.put(AuthRepository.MACHANISM_KEY, request.getAttribute("/auth", "mechanism")); authProps.put(AuthRepository.REALM_KEY, session.getDomain().getVhost() .getDomain()); authProps.put(AuthRepository.SERVER_NAME_KEY, session.getDomain().getVhost() .getDomain()); session.putSessionData(XMLNS + "-authProps", authProps); } // end of if (authProps == null) // String user = (String)authProps.get(AuthRepository.USER_ID_KEY); authProps.put(AuthRepository.DATA_KEY, request.getCData()); try { Authorization result = session.loginOther(authProps); String challenge_data = (String) authProps.get(AuthRepository.RESULT_KEY); if (result == Authorization.AUTHORIZED) { results.offer(packet.swapFromTo( createReply(ElementType.success, challenge_data), null, null)); authProps.clear(); session.removeSessionData(XMLNS + "-authProps"); } else { results.offer(packet.swapFromTo( createReply(ElementType.challenge, challenge_data), null, null)); } } catch (UserNotFoundException e) { if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "User not found: {0}", e.getMessage()); } // e.printStackTrace(); session.removeSessionData(XMLNS + "-authProps"); Packet response = packet.swapFromTo(createReply(ElementType.failure, "<not-authorized/>"), null, null); response.setPriority(Priority.SYSTEM); results.offer(response); Integer retries = (Integer) session.getSessionData("auth-retries"); if (retries == null) { retries = new Integer(0); } if (retries.intValue() < 3) { session.putSessionData("auth-retries", new Integer(retries.intValue() + 1)); } else { results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, session.nextStanzaId())); } } catch (Exception e) { log.log(Level.INFO, "Authentication failed: ", e); // e.printStackTrace(); session.removeSessionData(XMLNS + "-authProps"); Packet response = packet.swapFromTo(createReply(ElementType.failure, "<not-authorized/>"), null, null); response.setPriority(Priority.SYSTEM); results.offer(response); Integer retries = (Integer) session.getSessionData("auth-retries"); if (retries == null) { retries = new Integer(0); } if (retries.intValue() < 3) { session.putSessionData("auth-retries", new Integer(retries.intValue() + 1)); } else { results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, session.nextStanzaId())); } } // end of try-catch } } /** * Method description * * * @param session * * @return */ @Override public Element[] supDiscoFeatures(final XMPPResourceConnection session) { return DISCO_FEATURES; } /** * Method description * * * @return */ @Override public String[] supElements() { return ELEMENTS; } /** * Method description * * * @return */ @Override public String[] supNamespaces() { return XMLNSS; } /** * Method description * * * @param session * * @return */ @Override public Element[] supStreamFeatures(final XMPPResourceConnection session) { if ((session == null) || session.isAuthorized()) { return null; } else { try { Map<String, Object> query = new HashMap<String, Object>(); query.put(AuthRepository.PROTOCOL_KEY, AuthRepository.PROTOCOL_VAL_SASL); session.queryAuth(query); String[] auth_mechs = (String[]) query.get(AuthRepository.RESULT_KEY); Element[] mechs = new Element[auth_mechs.length]; int idx = 0; for (String mech : auth_mechs) { mechs[idx++] = new Element("mechanism", mech); } // end of for (String mech: mechs) return new Element[] { new Element("mechanisms", mechs, new String[] { "xmlns" }, new String[] { XMLNS }) }; } catch (TigaseDBException ex) { log.warning("Database problem: " + ex); return null; } } // end of if (session.isAuthorized()) else } private Element createReply(final ElementType type, final String cdata) { Element reply = new Element(type.toString()); reply.setXMLNS(XMLNS); if (cdata != null) { reply.setCData(cdata); } // end of if (cdata != null) return reply; } } // SaslAuth // ~ Formatted in Sun Code Convention // ~ Formatted by Jindent --- http://www.jindent.com