Ejemplo n.º 1
0
 /// <summary>
 /// Represents a failure response, providing a custom failure reason string.
 /// </summary>
 /// <param name="session">The user's session.  May not be null.</param>
 /// <param name="error">The reason for the failure.</param>
 public ResultFailWithReason(ServerSession session, string reason)
 {
     this.error   = reason;
     this.session = session.sid;
 }
Ejemplo n.º 2
0
 public ResultLoginSuccess(ServerSession session, string settingsKey)
 {
     this.session     = session.sid;
     this.admin       = session.IsAdminValid;
     this.settingsKey = settingsKey;
 }
Ejemplo n.º 3
0
        public static void HandleRequest(HttpProcessor p, string jsonStr)
        {
            object response = null;

            try
            {
                dynamic       requestObj = JsonConvert.DeserializeObject(jsonStr);
                ServerSession session    = GetSession(requestObj);
                string        cmd        = Try.Get(() => (string)requestObj.cmd);
                if (cmd == "login")
                {
                    if (session == null)
                    {
                        session = ServerSession.CreateUnauthenticated();
                        SessionManager.AddSession(session);
                    }
                    // Get current challenge and generate a new one so the previous one can not be used again, preventing replay attacks.
                    byte[] currentChallenge = session.authChallenge;
                    session.authChallenge = ByteUtil.GenerateRandomBytes(32);
                    // Get user
                    string userName = Try.Get(() => (string)requestObj.user);
                    if (string.IsNullOrEmpty(userName))
                    {
                        response = new ResultFailWithReason(session, "missing parameter: \"user\"");
                        return;
                    }
                    User user = ServiceWrapper.db.GetUser(userName);

                    string responseToken = Try.Get(() => (string)requestObj.response);
                    if (string.IsNullOrEmpty(responseToken))
                    {
                        // No response token was provided. This is step 1 of authentication, where the client requests information necessary to build the response token.
                        string salt;
                        if (user != null)
                        {
                            salt = user.Salt;
                        }
                        else
                        {
                            salt = Util.GenerateFakeUserSalt(userName);
                            Logger.Info("Fake salt \"" + salt + "\" created for user name \"" + userName + "\". Remote IP: " + p.RemoteIPAddressStr);
                        }

                        response = new ResultLoginChallengeAndSalt(session, salt);
                    }
                    else
                    {
                        bool authenticated = false;
                        // If the user hasn't gotten a challenge token yet, currentChallenge will be blank.
                        if (currentChallenge != null && currentChallenge.Length > 0)
                        {
                            if (user != null)
                            {
                                authenticated = user.AuthenticateUser(responseToken, currentChallenge);
                            }
                        }
                        if (authenticated)
                        {
                            session.userId = user.ID;
                            response       = new ResultLoginSuccess(session, user.SettingsKey);
                        }
                        else
                        {
                            response = new ResultFailWithReason(session, "authentication rejected");
                        }
                    }
                    return;
                }
                else
                {
                    if (session == null || !session.IsAuthValid)
                    {
                        response = new ResultFailNoSession(session);
                        return;
                    }
                    ///////////////////////////////////////////////////////////////////////////////////////////////////
                    ///////////////////////////////////////////////////////////////////////////////////////////////////
                    // Commands after this point require an authenticated session, but not administrator permission. //
                    ///////////////////////////////////////////////////////////////////////////////////////////////////
                    ///////////////////////////////////////////////////////////////////////////////////////////////////
                    User user = session.GetUser();
                    if (user == null)
                    {
                        Logger.Debug("Session has user ID " + session.userId + " but GetUser returned null");
                        response = new ResultFailWithReason(session, "session corrupted");
                        return;
                    }
                    bool handled = true;
                    switch (cmd)
                    {
                    case "getComputers":
                        UserGroup[]             userGroups = user.GetGroups();
                        GetComputerGroupsResult result     = new GetComputerGroupsResult();
                        result.Groups = userGroups.Select(g => new GroupOfComputers(g, ServiceWrapper.db.GetComputersInGroup(g.ID))).ToArray();
                        response      = result;
                        break;

                    case "logout":
                        SessionManager.RemoveSession(session.sid);
                        response = new ResultSuccess();
                        break;

                    default:
                        handled = false;
                        break;
                    }
                    if (handled)
                    {
                        return;
                    }

                    if (!user.IsAdmin)
                    {
                        response = new ResultFailInsufficientPrivileges();
                        return;
                    }
                    /////////////////////////////////////////////////////////////////
                    /////////////////////////////////////////////////////////////////
                    // Commands after this point require administrator permission. //
                    /////////////////////////////////////////////////////////////////
                    /////////////////////////////////////////////////////////////////
                    switch (cmd)
                    {
                        #region admin/getComputers
                    case "admin/getComputers":
                    {
                        ResultComputersAndTheirGroups result = new ResultComputersAndTheirGroups();

                        ComputerAndItsGroups[] allComputers = ServiceWrapper.db.GetAllComputersAndTheirGroups();
                        result.Computers = allComputers.Select(c => new AdminResultComputer(c)).ToArray();

                        response = result;
                        break;
                    }

                        #endregion
                        #region admin/getUsers
                    case "admin/getUsers":
                    {
                        ResultAllUsers result = new ResultAllUsers();

                        UserAndItsGroups[] allUsers = ServiceWrapper.db.GetAllUsersAndTheirGroups();
                        result.Users = allUsers.Select(u => new AdminResultUser(u)).ToArray();

                        response = result;
                        break;
                    }

                        #endregion
                    default:
                    {
                        response = new ResultFailWithReason(session, "unrecognized command");
                        break;
                    }
                    }
                }
            }
            catch (Exception ex)
            {
                Logger.Debug(ex);
                response = new ResultFail()
                {
                    error = "An unexpected error occurred."
                };
            }
            finally
            {
                if (response == null)
                {
                    response = new ResultFail()
                    {
                        error = "Application Error: A response was not generated, so this response was generated as a fallback."
                    }
                }
                ;
                p.writeSuccess(jsonType);
                p.outputStream.Write(JsonConvert.SerializeObject(response));
            }
        }
Ejemplo n.º 4
0
        /// <summary>
        /// Handles a request from a Web Client who is requesting a proxied web socket connection to a specific Host Service.
        /// </summary>
        /// <param name="p">The HttpProcessor handling the request.</param>
        private static void HandleWebSocketProxyRequest(HttpProcessor p)
        {
            string[] parts = p.request_url.Segments;
            #region Validate Input
            if (parts.Length != 3)
            {
                p.writeFailure("400 Bad Request");
                return;
            }
            if (!int.TryParse(parts[1], out int computerId))
            {
                p.writeFailure("400 Bad Request");
                return;
            }
            #endregion
            #region Verify Permission
            string        sid     = parts[2];
            ServerSession session = SessionManager.GetSession(sid);
            if (session == null || session.Expired)
            {
                p.writeFailure("403 Forbidden");
                return;
            }
            Computer computer = ServiceWrapper.db.GetComputer(computerId);
            if (computer == null)
            {
                p.writeFailure("404 Not Found");
                return;
            }

            User user = session.GetUser();
            if (user == null)
            {
                p.writeFailure("403 Forbidden");
                return;
            }

            // If we get here, we have an active authenticated session.
            if (!user.IsAdmin)
            {
                // Admin users can access all computers.
                // This user is not an adminn, so we must check group membership.
                ComputerGroupMembership[] cgm = computer.GetGroupMemberships();
                if (cgm.Length == 0)
                {
                    Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but computer has no group memberships.");
                    p.writeFailure("403 Forbidden");
                    return;
                }
                UserGroupMembership[] ugm = user.GetGroupMemberships();
                if (ugm.Length == 0)
                {
                    Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but user has no group memberships.");
                    p.writeFailure("403 Forbidden");
                    return;
                }

                // The computer is accessible to this user if the computer and the user share at least one group membership.
                bool accessible = 0 < cgm.Select(m => m.GroupID).Intersect(ugm.Select(m => m.GroupID)).Count();
                if (!accessible)
                {
                    Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") without permission.");
                    p.writeFailure("403 Forbidden");
                    return;
                }
            }
            #endregion

            // Now that permission has been verified, find out of the specified computer is online.
            HostConnectHandle host = HostConnect.GetOnlineComputer(computer.ID);
            if (host == null)
            {
                p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " is not online.");
                return;
            }

            // The computer is online.  Send a request to have the Host Service connect to this Master Server's web socket proxy service.
            string        proxyKey      = Util.GetRandomAlphaNumericString(64);
            WaitingClient waitingClient = null;
            try
            {
                waitingClient = new WaitingClient(p);
                pendingProxyConnections[proxyKey] = waitingClient;
                host.RequestWebSocketProxy(p.RemoteIPAddress, proxyKey);

                // Wait for the connection from the Host Service.
                if (!waitingClient.clientWaitHandle.WaitOne(10000))
                {
                    p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " did not respond in a timely manner.");
                    return;
                }
                Stream hostStream = waitingClient.hostProcessor?.tcpStream;
                if (hostStream == null)
                {
                    p.writeFailure("500 Internal Server Error");
                    Logger.Debug("hostStream was null in WebSocketProxy handler");
                    return;
                }

                // The Host Service has connected.  Remove the pending connection and clean up before starting to proxy data between the sockets.
                pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored);
                proxyKey = null;
                waitingClient.Dispose();

                // Copy data from Host Service to Web Client
                p.responseWritten = true;
                CopyStreamUntilClosed(hostStream, p.tcpStream);
            }
            finally
            {
                if (proxyKey != null)
                {
                    pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored);
                }

                waitingClient?.Dispose();
            }
        }
        /// <summary>
        /// Handles a request from a Web Client who is requesting a proxied web socket connection to a specific Host Service.
        /// </summary>
        /// <param name="p">The HttpProcessor handling the request.</param>
        public static void HandleWebSocketClientProxyRequest(HttpProcessor p)
        {
            #region Perform Validation
            // Path format: "/WebSocketClientProxy/1/SESSION". More path segments, if given, are ignored (the last path segment is typically used as a display name in browser developer tools).
            string[] parts = p.request_url.LocalPath.Split('/').Skip(1).ToArray();
            int      computerId;        // The computer ID the client wishes to connect to.
            if (parts.Length < 3 || parts[0] != "WebSocketClientProxy" || !int.TryParse(parts[1], out computerId))
            {
                p.writeFailure("400 Bad Request");
                return;
            }
            string sid = parts[2];             // The session ID of the client's session.
            #endregion
            #region Verify Permission
            ServerSession session = SessionManager.GetSession(sid);
            if (session == null || session.Expired)
            {
                p.writeFailure("403 Forbidden");
                return;
            }
            Computer computer = ServiceWrapper.db.GetComputer(computerId);
            if (computer == null)
            {
                p.writeFailure("404 Not Found");
                return;
            }

            User user = session.GetUser();
            if (user == null)
            {
                p.writeFailure("403 Forbidden");
                return;
            }

            // If we get here, we have an active authenticated session.
            if (!user.IsAdmin)
            {
                // Admin users can access all computers.
                // This user is not an adminn, so we must check group membership.
                ComputerGroupMembership[] cgm = computer.GetGroupMemberships();
                if (cgm.Length == 0)
                {
                    Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but computer has no group memberships.");
                    p.writeFailure("403 Forbidden");
                    return;
                }
                UserGroupMembership[] ugm = user.GetGroupMemberships();
                if (ugm.Length == 0)
                {
                    Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but user has no group memberships.");
                    p.writeFailure("403 Forbidden");
                    return;
                }

                // The computer is accessible to this user if the computer and the user share at least one group membership.
                bool accessible = 0 < cgm.Select(m => m.GroupID).Intersect(ugm.Select(m => m.GroupID)).Count();
                if (!accessible)
                {
                    Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") without permission.");
                    p.writeFailure("403 Forbidden");
                    return;
                }
            }
            #endregion

            // Now that permission has been verified, find out of the specified computer is online.
            HostConnectHandle host = HostConnect.GetOnlineComputer(computer.ID);
            if (host == null)
            {
                p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " is not online.");
                return;
            }

            // The computer is online.  Send a request to have the Host Service connect to this Master Server's web socket proxy service.
            string        proxyKey      = StringUtil.GetRandomAlphaNumericString(64);
            WaitingClient waitingClient = null;
            try
            {
                waitingClient = new WaitingClient(p);
                pendingProxyConnections[proxyKey] = waitingClient;
                host.RequestWebSocketProxy(p.RemoteIPAddress, proxyKey);

                // Wait for the connection from the Host Service.
                if (!waitingClient.clientWaitHandle.WaitOne(10000))
                {
                    p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " did not respond in a timely manner.");
                    return;
                }
                Stream hostStream = waitingClient.hostProcessor?.tcpStream;
                if (hostStream == null)
                {
                    p.writeFailure("500 Internal Server Error");
                    Logger.Debug("hostStream was null in WebSocketProxy handler");
                    return;
                }

                // The Host Service has connected.  Remove the pending connection and clean up before starting to proxy data between the sockets.
                pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored);
                proxyKey = null;
                waitingClient.Dispose();

                // Copy data from Host Service to Web Client
                p.responseWritten   = true;
                p.tcpClient.NoDelay = true;
                Console.WriteLine("Client Proxy Initialized");
                CopyStreamUntilClosed(hostStream, p.tcpStream);
            }
            finally
            {
                // If anything went wrong initializing the proxy connection, we might not have cleaned up yet.
                if (proxyKey != null)
                {
                    pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored);
                }

                waitingClient?.Dispose();
            }
        }
Ejemplo n.º 6
0
 public ResultLoginSuccess(ServerSession session)
 {
     this.session = session.sid;
     this.admin   = session.IsAdminValid;
 }
Ejemplo n.º 7
0
 /// <summary>
 /// Adds a session to the active sessions map.
 /// </summary>
 /// <param name="session"></param>
 public static void AddSession(ServerSession session)
 {
     Maintain();
     activeSessions.TryAdd(session.sid, session);
 }