/// <summary> /// Represents a failure response, providing a custom failure reason string. /// </summary> /// <param name="session">The user's session. May not be null.</param> /// <param name="error">The reason for the failure.</param> public ResultFailWithReason(ServerSession session, string reason) { this.error = reason; this.session = session.sid; }
public ResultLoginSuccess(ServerSession session, string settingsKey) { this.session = session.sid; this.admin = session.IsAdminValid; this.settingsKey = settingsKey; }
public static void HandleRequest(HttpProcessor p, string jsonStr) { object response = null; try { dynamic requestObj = JsonConvert.DeserializeObject(jsonStr); ServerSession session = GetSession(requestObj); string cmd = Try.Get(() => (string)requestObj.cmd); if (cmd == "login") { if (session == null) { session = ServerSession.CreateUnauthenticated(); SessionManager.AddSession(session); } // Get current challenge and generate a new one so the previous one can not be used again, preventing replay attacks. byte[] currentChallenge = session.authChallenge; session.authChallenge = ByteUtil.GenerateRandomBytes(32); // Get user string userName = Try.Get(() => (string)requestObj.user); if (string.IsNullOrEmpty(userName)) { response = new ResultFailWithReason(session, "missing parameter: \"user\""); return; } User user = ServiceWrapper.db.GetUser(userName); string responseToken = Try.Get(() => (string)requestObj.response); if (string.IsNullOrEmpty(responseToken)) { // No response token was provided. This is step 1 of authentication, where the client requests information necessary to build the response token. string salt; if (user != null) { salt = user.Salt; } else { salt = Util.GenerateFakeUserSalt(userName); Logger.Info("Fake salt \"" + salt + "\" created for user name \"" + userName + "\". Remote IP: " + p.RemoteIPAddressStr); } response = new ResultLoginChallengeAndSalt(session, salt); } else { bool authenticated = false; // If the user hasn't gotten a challenge token yet, currentChallenge will be blank. if (currentChallenge != null && currentChallenge.Length > 0) { if (user != null) { authenticated = user.AuthenticateUser(responseToken, currentChallenge); } } if (authenticated) { session.userId = user.ID; response = new ResultLoginSuccess(session, user.SettingsKey); } else { response = new ResultFailWithReason(session, "authentication rejected"); } } return; } else { if (session == null || !session.IsAuthValid) { response = new ResultFailNoSession(session); return; } /////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////// // Commands after this point require an authenticated session, but not administrator permission. // /////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////// User user = session.GetUser(); if (user == null) { Logger.Debug("Session has user ID " + session.userId + " but GetUser returned null"); response = new ResultFailWithReason(session, "session corrupted"); return; } bool handled = true; switch (cmd) { case "getComputers": UserGroup[] userGroups = user.GetGroups(); GetComputerGroupsResult result = new GetComputerGroupsResult(); result.Groups = userGroups.Select(g => new GroupOfComputers(g, ServiceWrapper.db.GetComputersInGroup(g.ID))).ToArray(); response = result; break; case "logout": SessionManager.RemoveSession(session.sid); response = new ResultSuccess(); break; default: handled = false; break; } if (handled) { return; } if (!user.IsAdmin) { response = new ResultFailInsufficientPrivileges(); return; } ///////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////// // Commands after this point require administrator permission. // ///////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////// switch (cmd) { #region admin/getComputers case "admin/getComputers": { ResultComputersAndTheirGroups result = new ResultComputersAndTheirGroups(); ComputerAndItsGroups[] allComputers = ServiceWrapper.db.GetAllComputersAndTheirGroups(); result.Computers = allComputers.Select(c => new AdminResultComputer(c)).ToArray(); response = result; break; } #endregion #region admin/getUsers case "admin/getUsers": { ResultAllUsers result = new ResultAllUsers(); UserAndItsGroups[] allUsers = ServiceWrapper.db.GetAllUsersAndTheirGroups(); result.Users = allUsers.Select(u => new AdminResultUser(u)).ToArray(); response = result; break; } #endregion default: { response = new ResultFailWithReason(session, "unrecognized command"); break; } } } } catch (Exception ex) { Logger.Debug(ex); response = new ResultFail() { error = "An unexpected error occurred." }; } finally { if (response == null) { response = new ResultFail() { error = "Application Error: A response was not generated, so this response was generated as a fallback." } } ; p.writeSuccess(jsonType); p.outputStream.Write(JsonConvert.SerializeObject(response)); } }
/// <summary> /// Handles a request from a Web Client who is requesting a proxied web socket connection to a specific Host Service. /// </summary> /// <param name="p">The HttpProcessor handling the request.</param> private static void HandleWebSocketProxyRequest(HttpProcessor p) { string[] parts = p.request_url.Segments; #region Validate Input if (parts.Length != 3) { p.writeFailure("400 Bad Request"); return; } if (!int.TryParse(parts[1], out int computerId)) { p.writeFailure("400 Bad Request"); return; } #endregion #region Verify Permission string sid = parts[2]; ServerSession session = SessionManager.GetSession(sid); if (session == null || session.Expired) { p.writeFailure("403 Forbidden"); return; } Computer computer = ServiceWrapper.db.GetComputer(computerId); if (computer == null) { p.writeFailure("404 Not Found"); return; } User user = session.GetUser(); if (user == null) { p.writeFailure("403 Forbidden"); return; } // If we get here, we have an active authenticated session. if (!user.IsAdmin) { // Admin users can access all computers. // This user is not an adminn, so we must check group membership. ComputerGroupMembership[] cgm = computer.GetGroupMemberships(); if (cgm.Length == 0) { Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but computer has no group memberships."); p.writeFailure("403 Forbidden"); return; } UserGroupMembership[] ugm = user.GetGroupMemberships(); if (ugm.Length == 0) { Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but user has no group memberships."); p.writeFailure("403 Forbidden"); return; } // The computer is accessible to this user if the computer and the user share at least one group membership. bool accessible = 0 < cgm.Select(m => m.GroupID).Intersect(ugm.Select(m => m.GroupID)).Count(); if (!accessible) { Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") without permission."); p.writeFailure("403 Forbidden"); return; } } #endregion // Now that permission has been verified, find out of the specified computer is online. HostConnectHandle host = HostConnect.GetOnlineComputer(computer.ID); if (host == null) { p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " is not online."); return; } // The computer is online. Send a request to have the Host Service connect to this Master Server's web socket proxy service. string proxyKey = Util.GetRandomAlphaNumericString(64); WaitingClient waitingClient = null; try { waitingClient = new WaitingClient(p); pendingProxyConnections[proxyKey] = waitingClient; host.RequestWebSocketProxy(p.RemoteIPAddress, proxyKey); // Wait for the connection from the Host Service. if (!waitingClient.clientWaitHandle.WaitOne(10000)) { p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " did not respond in a timely manner."); return; } Stream hostStream = waitingClient.hostProcessor?.tcpStream; if (hostStream == null) { p.writeFailure("500 Internal Server Error"); Logger.Debug("hostStream was null in WebSocketProxy handler"); return; } // The Host Service has connected. Remove the pending connection and clean up before starting to proxy data between the sockets. pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored); proxyKey = null; waitingClient.Dispose(); // Copy data from Host Service to Web Client p.responseWritten = true; CopyStreamUntilClosed(hostStream, p.tcpStream); } finally { if (proxyKey != null) { pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored); } waitingClient?.Dispose(); } }
/// <summary> /// Handles a request from a Web Client who is requesting a proxied web socket connection to a specific Host Service. /// </summary> /// <param name="p">The HttpProcessor handling the request.</param> public static void HandleWebSocketClientProxyRequest(HttpProcessor p) { #region Perform Validation // Path format: "/WebSocketClientProxy/1/SESSION". More path segments, if given, are ignored (the last path segment is typically used as a display name in browser developer tools). string[] parts = p.request_url.LocalPath.Split('/').Skip(1).ToArray(); int computerId; // The computer ID the client wishes to connect to. if (parts.Length < 3 || parts[0] != "WebSocketClientProxy" || !int.TryParse(parts[1], out computerId)) { p.writeFailure("400 Bad Request"); return; } string sid = parts[2]; // The session ID of the client's session. #endregion #region Verify Permission ServerSession session = SessionManager.GetSession(sid); if (session == null || session.Expired) { p.writeFailure("403 Forbidden"); return; } Computer computer = ServiceWrapper.db.GetComputer(computerId); if (computer == null) { p.writeFailure("404 Not Found"); return; } User user = session.GetUser(); if (user == null) { p.writeFailure("403 Forbidden"); return; } // If we get here, we have an active authenticated session. if (!user.IsAdmin) { // Admin users can access all computers. // This user is not an adminn, so we must check group membership. ComputerGroupMembership[] cgm = computer.GetGroupMemberships(); if (cgm.Length == 0) { Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but computer has no group memberships."); p.writeFailure("403 Forbidden"); return; } UserGroupMembership[] ugm = user.GetGroupMemberships(); if (ugm.Length == 0) { Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") but user has no group memberships."); p.writeFailure("403 Forbidden"); return; } // The computer is accessible to this user if the computer and the user share at least one group membership. bool accessible = 0 < cgm.Select(m => m.GroupID).Intersect(ugm.Select(m => m.GroupID)).Count(); if (!accessible) { Logger.Info("Non-admin user " + user.ID + " (" + user.Name + ") attempted to access computer " + computer.ID + " (" + computer.Name + ") without permission."); p.writeFailure("403 Forbidden"); return; } } #endregion // Now that permission has been verified, find out of the specified computer is online. HostConnectHandle host = HostConnect.GetOnlineComputer(computer.ID); if (host == null) { p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " is not online."); return; } // The computer is online. Send a request to have the Host Service connect to this Master Server's web socket proxy service. string proxyKey = StringUtil.GetRandomAlphaNumericString(64); WaitingClient waitingClient = null; try { waitingClient = new WaitingClient(p); pendingProxyConnections[proxyKey] = waitingClient; host.RequestWebSocketProxy(p.RemoteIPAddress, proxyKey); // Wait for the connection from the Host Service. if (!waitingClient.clientWaitHandle.WaitOne(10000)) { p.writeFailure("504 Gateway Timeout", "Computer " + computer.ID + " did not respond in a timely manner."); return; } Stream hostStream = waitingClient.hostProcessor?.tcpStream; if (hostStream == null) { p.writeFailure("500 Internal Server Error"); Logger.Debug("hostStream was null in WebSocketProxy handler"); return; } // The Host Service has connected. Remove the pending connection and clean up before starting to proxy data between the sockets. pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored); proxyKey = null; waitingClient.Dispose(); // Copy data from Host Service to Web Client p.responseWritten = true; p.tcpClient.NoDelay = true; Console.WriteLine("Client Proxy Initialized"); CopyStreamUntilClosed(hostStream, p.tcpStream); } finally { // If anything went wrong initializing the proxy connection, we might not have cleaned up yet. if (proxyKey != null) { pendingProxyConnections.TryRemove(proxyKey, out WaitingClient ignored); } waitingClient?.Dispose(); } }
public ResultLoginSuccess(ServerSession session) { this.session = session.sid; this.admin = session.IsAdminValid; }
/// <summary> /// Adds a session to the active sessions map. /// </summary> /// <param name="session"></param> public static void AddSession(ServerSession session) { Maintain(); activeSessions.TryAdd(session.sid, session); }