AuthenticateByName(string DomainID, string User, string Password)
{
Simias.Authentication.Status status = new Simias.Authentication.Status(SCodes.Unknown);
status.DomainID = DomainID;
status.UserName = User;
try
{
// Verify the credentials passed in.
if (Simias.Identity.User.VerifyPassword(User, Password, status))
{
log.Info("Authenticated User: {0}:{1} {2}", status.UserID, status.UserName, status.statusCode);
}
else
{
log.Info("{0} : {1}", status.statusCode, status.UserName);
}
}
catch (Exception authEx)
{
log.Debug(authEx.Message);
log.Debug(authEx.StackTrace);
status.statusCode = SCodes.InternalException;
status.ExceptionMessage = authEx.Message;
}
return(status);
}
/// <summary>
/// Performs authentication to the specified domain.
/// </summary>
/// <param name="domain">Domain to authenticate to.</param>
/// <param name="httpContext">HTTP-specific request information. This is passed as a parameter so that a domain
/// provider may modify the HTTP request by adding special headers as necessary.
///
/// NOTE: The domain provider must NOT end the HTTP request.
/// </param>
/// <returns>The status from the authentication.</returns>
public Authentication.Status Authenticate(Domain domain, HttpContext httpContext)
{
// Assume failure
Simias.Authentication.Status status = new Simias.Authentication.Status(SCodes.InvalidCredentials);
// Check for an authorization header.
string[] encodedCredentials = httpContext.Request.Headers.GetValues("Authorization");
if ((encodedCredentials != null) && (encodedCredentials[0] != null))
{
// Get the credentials from the auth header.
LocalCredentials creds = new LocalCredentials();
bool success = creds.AuthorizationHeaderToCredentials(encodedCredentials[0]);
if (success)
{
// Valid credentials?
if ((creds.Username != null) && (creds.Password != null) && (creds.DomainID != null))
{
// Only support basic and make sure that the domain is local.
if ((creds.AuthType == "basic") && (creds.DomainID == store.LocalDomain))
{
// Get the member of the local domain and compare the passwords.
string CurrentUserID = store.GetUserIDFromDomainID(creds.DomainID);
Member member = domain.GetMemberByID(CurrentUserID);
if ((member != null) && (store.LocalPassword == creds.Password))
{
status.UserName = member.Name;
status.UserID = member.UserID;
status.statusCode = SCodes.Success;
}
}
}
}
}
return(status);
}
public Authentication.Status Authenticate( Simias.Storage.Domain domain, HttpContext ctx )
{
string gaimSessionTag = "gaim";
Simias.Storage.Member member = null;
Simias.Authentication.Status status =
new Simias.Authentication.Status( SCodes.InvalidCredentials );
if ( ctx.Session != null )
{
GaimSession gaimSession;
string memberID = ctx.Request.Headers[ "gaim-member" ];
if ( memberID == null || memberID == "" )
{
return status;
}
member = domain.GetMemberByID( memberID );
if ( member == null )
{
return status;
}
status.UserName = member.Name;
status.UserID = member.UserID;
gaimSession = ctx.Session[ gaimSessionTag ] as GaimSession;
if ( gaimSession == null )
{
gaimSession = new GaimSession();
gaimSession.MemberID = member.UserID;
gaimSession.State = 1;
gaimSession.OneTimePassword = DateTime.UtcNow.Ticks.ToString();
GaimBuddy buddy = GaimDomain.GetBuddyByUserID( member.UserID );
if (buddy != null)
{
RSACryptoServiceProvider credential = buddy.GetCredentialByUserID( member.UserID );
if ( credential != null )
{
byte[] oneTime = new UTF8Encoding().GetBytes( gaimSession.OneTimePassword );
byte[] encryptedText = credential.Encrypt( oneTime, false );
ctx.Response.AddHeader(
"gaim-secret",
Convert.ToBase64String( encryptedText ) );
ctx.Session[ gaimSessionTag ] = gaimSession;
}
}
}
else
if ( status.UserID == gaimSession.MemberID )
{
string encodedSecret = ctx.Request.Headers[ "gaim-secret" ];
if ( encodedSecret != null && encodedSecret != "" )
{
UTF8Encoding utf8 = new UTF8Encoding();
string decodedString =
utf8.GetString( Convert.FromBase64String( encodedSecret ) );
if ( decodedString.Equals( gaimSession.OneTimePassword ) == true )
{
status.statusCode = SCodes.Success;
gaimSession.State = 2;
}
}
else
{
gaimSession.OneTimePassword = DateTime.UtcNow.Ticks.ToString();
gaimSession.State = 1;
GaimBuddy buddy = GaimDomain.GetBuddyByUserID( member.UserID );
if (buddy != null)
{
RSACryptoServiceProvider credential = buddy.GetCredentialByUserID( member.UserID );
if ( credential != null )
{
try
{
byte[] oneTime = new UTF8Encoding().GetBytes( gaimSession.OneTimePassword );
byte[] encryptedText = credential.Encrypt( oneTime, false );
ctx.Response.AddHeader(
"gaim-secret",
Convert.ToBase64String( encryptedText ) );
}
catch( Exception encr )
{
log.Debug( encr.Message );
log.Debug( encr.StackTrace );
}
}
}
}
}
}
return status;
}
Authenticate(Simias.Storage.Domain Domain, HttpContext HttpCtx)
{
Simias.Authentication.Status authStatus;
log.Debug("Authenticate called");
try
{
// Check for an authorization header.
string[] encodedCredentials = HttpCtx.Request.Headers.GetValues("Authorization");
if ((encodedCredentials != null) && (encodedCredentials[0] != null))
{
// Get the basic encoding type from the http header.
string[] encodingName = HttpCtx.Request.Headers.GetValues("Basic-Encoding");
if ((encodingName == null) || (encodingName[0] == null))
{
// Use the specified default encoding.
encodingName = new string[] { defaultBasicEncodingName };
}
// Get the credentials from the auth header.
SimiasCredentials creds = new SimiasCredentials();
if (creds.AuthorizationHeaderToCredentials(encodedCredentials[0], encodingName[0]))
{
// Valid credentials?
if ((creds.Username != null) && (creds.Password != null))
{
// Only support basic.
if (creds.AuthType == "basic")
{
Member member = Domain.GetMemberByName(creds.Username);
if (member == null)
{
member = Domain.GetMemberByDN(creds.Username);
}
if (member == null)
{
member = Domain.GetMemberByOldName(creds.Username);
if (member != null)
{
creds.Username = member.Name; // give new username for e-dir auth
}
}
if (member != null)
{
if (Domain.IsLoginDisabled(member.UserID) != true)
{
try
{
// Authenticate the user.
authStatus = AuthenticateByName(Domain.ID, creds.Username, creds.Password);
HostNode hNode = HostNode.GetLocalHost();
if (hNode.IsMasterHost != true)
{
for (int i = 0; i < 10; i++)
{
log.Debug("System Sync Status : " + Domain.SystemSyncStatus.ToString());
if ((Domain.SystemSyncStatus &
(ulong)CollectionSyncClient.StateMap.CatalogSyncOnce) ==
(ulong)CollectionSyncClient.StateMap.CatalogSyncOnce ||
(CollectionSyncClient.ServerSyncStatus &
CollectionSyncClient.StateMap.CatalogSyncOnce) ==
CollectionSyncClient.StateMap.CatalogSyncOnce)
{
break;
}
else
{
syncEvent.WaitOne(5000, false);
}
if (i == 9)
{
authStatus = new Simias.Authentication.Status(SCodes.InvalidCredentials);
}
}
}
HostNode mNode = member.HomeServer;
log.Debug("id.Auth : localhost userid is :" + hNode.UserID);
Http.UserMoved = 0;
if (mNode != null)
{
log.Debug("id.Auth : member's home server userid is :" + mNode.UserID);
if (hNode.UserID != mNode.UserID)
{
log.Debug("id.Aith : sending useralreadymoved status back to client");
Http.UserMoved = 1;
}
}
}
catch (Exception e)
{
log.Error(e.Message);
log.Error(e.StackTrace);
authStatus = new Simias.Authentication.Status(SCodes.InternalException);
authStatus.ExceptionMessage = e.Message;
}
}
else
{
log.Debug("Login is disabled for user " + creds.Username);
authStatus = new Simias.Authentication.Status(SCodes.SimiasLoginDisabled);
}
}
else
{
log.Debug(creds.Username + " is not member of simias");
authStatus = new Simias.Authentication.Status(SCodes.InvalidCredentials);
}
}
else
{
authStatus = new Simias.Authentication.Status(SCodes.MethodNotSupported);
}
}
else
{
authStatus = new Simias.Authentication.Status(SCodes.InvalidCredentials);
}
}
else
{
authStatus = new Simias.Authentication.Status(SCodes.InvalidCredentials);
}
}
else
{
authStatus = new Simias.Authentication.Status(SCodes.InvalidCredentials);
}
}
catch (Exception e)
{
log.Error(e.Message);
log.Error(e.StackTrace);
authStatus = new Simias.Authentication.Status(SCodes.InternalException);
authStatus.ExceptionMessage = e.Message;
}
return(authStatus);
}
/// <summary>
/// Domain Watcher Thread.
/// </summary>
public void WatcherThread()
{
log.Debug("WatcherThread started");
EventPublisher cEvent = new EventPublisher();
Simias.Authentication.Status authStatus = null;
// Let the caller know we're good to go
this.started = true;
do
{
//
// Cycle through the domains
//
try
{
//ICSList domainList = store.GetDomainList();
foreach (ShallowNode shallowNode in store.GetDomainList())
{
Domain cDomain = store.GetDomain(shallowNode.ID);
log.Debug("In domain watcher: domain id: {0} and wait time is {1}", shallowNode.ID, waitTime);
// Make sure this domain is a slave since we don't watch
// mastered domains.
if (cDomain.Role == SyncRoles.Slave)
{
DomainAgent domainAgent = new DomainAgent();
log.Debug("Checking domain: " + cDomain.Name);
// Skip this domain if it is inactive
if (domainAgent.IsDomainActive(cDomain.ID) == false)
{
log.Debug(" domain: " + cDomain.Name + " - is inactive");
continue;
}
// Skip this domain if it's already authenticated
if (domainAgent.IsDomainAuthenticated(cDomain.ID))
{
log.Debug(" domain: " + cDomain.Name + " - is authenticated");
continue;
}
// If the domain is default, attempt to get a full credential
// set which under the covers will attempt to get it from
// CASA.
if (store.DefaultDomain == cDomain.ID)
{
log.Debug(" domain is default - getting credentials");
Member member = cDomain.GetCurrentMember();
BasicCredentials basicCredentials =
new BasicCredentials(
cDomain.ID,
cDomain.ID,
member.Name);
if (basicCredentials.Cached == true)
{
// We have credentials for this domain so
// attempt to login
log.Debug(" yes - we have credentials for default");
log.Debug(" username: "******" failed authentication. ");
log.Debug(we.Message);
if (we.Status == WebExceptionStatus.TrustFailure)
{
// The certificate is invalid. Force the client to
// login thru a UI so the user can make a decision
cEvent.RaiseEvent(
new Simias.Client.Event.NotifyEventArgs(
"Domain-Up",
cDomain.ID,
System.DateTime.Now));
continue;
}
}
if (authStatus != null)
{
if (authStatus.statusCode == SCodes.Success ||
authStatus.statusCode == SCodes.SuccessInGrace)
{
log.Debug(" successful authentication to the default domain");
if (authStatus.statusCode == SCodes.SuccessInGrace)
{
log.Debug(" BUT - we're in grace");
// Tell the clients we authenticated successfully
// but that we're in a grace period
cEvent.RaiseEvent(
new Simias.Client.Event.NotifyEventArgs(
"in-grace-period",
cDomain.ID,
System.DateTime.Now));
}
continue;
}
}
}
else
{
log.Debug(" no credentials for the default domain - bummer");
}
}
if (domainAgent.IsDomainAutoLoginEnabled(cDomain.ID) == false)
{
log.Debug(" domain: " + cDomain.Name + " auto-login is disabled");
continue;
}
/*
* The try-catch section below fixes the exception on the thick-clients during login. Wait for the member node to be synced to be synced before trying to ping the domain.
*/
/*
* Commenting out this code since the member node sync happens immediately...
* Fix for bug #341552.
* try
* {
* string userID = store.GetUserIDFromDomainID(shallowNode.ID);
* Member m = cDomain.GetMemberByID(userID);
* log.Debug("trying to get the member id: home server is: {0}", m.HomeServer.ID);
* }
* catch(Exception ex)
* {
* continue;
* }
*/
log.Debug(" attempting to ping the domain");
if (domainAgent.Ping(cDomain.ID) == true)
{
log.Debug(" domain up");
cEvent.RaiseEvent(
new Simias.Client.Event.NotifyEventArgs(
"Domain-Up",
cDomain.ID,
System.DateTime.Now));
}
else
{
log.Debug(" domain down");
}
}
}
}
catch (Exception e)
{
log.Error("Exception at DomainWatcherThread(): {0}", e.Message);
log.Error("Exception at DomainWatcherThread(): {0}", e.StackTrace);
}
if (this.stop == false)
{
stopEvent.WaitOne(waitTime, false);
waitTime = (waitTime * 2 < maxWaitTime) ? waitTime * 2 : maxWaitTime;
}
} while(this.stop == false);
this.started = false;
this.stopEvent.Close();
this.stopEvent = null;
}