private void ProcessAuthIQSet(XmppStream stream, AuthIq iq, XmppHandlerContext context)
{
if (string.IsNullOrEmpty(iq.Query.Username) || string.IsNullOrEmpty(iq.Query.Resource))
{
context.Sender.SendTo(stream, XmppStanzaError.ToNotAcceptable(iq));
return;
}
bool authorized = false;
if (!string.IsNullOrEmpty(iq.Query.Digest))
{
authorized = AuthDigest(iq.Query.Username, iq.Query.Digest, stream, context.UserManager);
}
if (!string.IsNullOrEmpty(iq.Query.Password))
{
authorized = AuthPlain(iq.Query.Username, iq.Query.Password, stream, context.UserManager);
}
if (authorized)
{
stream.Authenticate(iq.Query.Username);
var answer = new IQ(IqType.result);
answer.Id = iq.Id;
answer.To = iq.From;
answer.From = iq.To;
context.Sender.SendTo(stream, answer);
}
else
{
context.Sender.SendTo(stream, XmppStanzaError.ToNotAuthorized(iq));
}
}
private void ProcessResponse(XmppStream stream, Response response, XmppHandlerContext context)
{
AuthData authStep;
lock (authData)
{
authData.TryGetValue(stream.Id, out authStep);
}
if (authStep == null)
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
return;
}
if (!authStep.IsPlain)
{
if (authStep.Step == AuthStep.Step1)
{
var challenge = ProcessStep1(stream, response, context);
if (challenge != null)
{
context.Sender.SendTo(stream, challenge);
authStep.DoStep();
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.NotAuthorized);
}
}
else if (authStep.Step == AuthStep.Step2)
{
var success = ProcessStep2(stream, response, context);
context.Sender.SendTo(stream, success);
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
}
else
{
if (authStep.IsAuth)
{
lock (authData)
{
stream.Authenticate(authData[stream.Id].UserName);
authData.Remove(stream.Id);
}
log.DebugFormat("User authorized");
context.Sender.ResetStream(stream);
context.Sender.SendTo(stream, new Success());
}
else
{
log.DebugFormat("User not authorized");
context.Sender.SendTo(stream, new Failure(FailureCondition.not_authorized));
}
}
}
private Success ProcessStep2(XmppStream stream, XmppHandlerContext ctx)
{
lock (authData)
{
stream.Authenticate(authData[stream.Id].UserName);
authData.Remove(stream.Id);
}
ctx.Sender.ResetStream(stream);
return(new Success());
}
public override void ElementHandle(XmppStream stream, Element element, XmppHandlerContext context)
{
if (stream.Authenticated) return;
var user = context.AuthManager.RestoreUserToken(((TMToken)element).Value);
if (!string.IsNullOrEmpty(user))
{
stream.Authenticate(user);
context.Sender.ResetStream(stream);
context.Sender.SendTo(stream, new Success());
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.NotAuthorized);
}
}
private void ProcessAuth(XmppStream stream, Auth auth, XmppHandlerContext context)
{
AuthData authStep;
lock (authData)
{
authData.TryGetValue(stream.Id, out authStep);
}
if (auth.MechanismType == MechanismType.DIGEST_MD5)
{
if (authStep != null)
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
else
{
lock (authData)
{
authData[stream.Id] = new AuthData();
}
var challenge = GetChallenge(stream.Domain);
context.Sender.SendTo(stream, challenge);
}
}
else if (auth.MechanismType == MechanismType.PLAIN)
{
if (auth.TextBase64 == null)
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
else
{
string[] array = auth.TextBase64.Split('\0');
if (array.Length == 3)
{
string userName = array[1];
string password = array[2];
bool isAuth = false;
User user = context.UserManager.GetUser(new Jid(userName, stream.Domain, null));
if (user != null)
{
if (user.Sid != null)
{
var settings = LdapSettings.Load();
using (var ldapHelper = new NovellLdapHelper(settings))
{
var accountName = ldapHelper.GetUserBySid(user.Sid);
if (accountName != null)
{
ldapHelper.CheckCredentials(settings.Login, password, settings.Server,
settings.PortNumber, settings.StartTls, settings.Ssl,
settings.AcceptCertificate, settings.AcceptCertificateHash);
// ldap user
isAuth = true;
}
}
}
else if (user.Password == password)
{
// usual user
isAuth = true;
}
}
if (isAuth)
{
log.DebugFormat("User {0} authorized, Domain = {1}", userName, stream.Domain);
context.Sender.ResetStream(stream);
stream.Authenticate(userName);
context.Sender.SendTo(stream, new Success());
}
else
{
log.DebugFormat("User {0} not authorized, Domain = {1}", userName, stream.Domain);
context.Sender.SendToAndClose(stream, XmppFailureError.NotAuthorized);
}
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
}
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.InvalidMechanism);
}
}
private void ProcessAuth(XmppStream stream, Auth auth, XmppHandlerContext context)
{
AuthData authStep;
lock (authData)
{
authData.TryGetValue(stream.Id, out authStep);
}
if (auth.MechanismType == MechanismType.DIGEST_MD5)
{
if (authStep != null)
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
else
{
lock (authData)
{
authData[stream.Id] = new AuthData();
}
var challenge = GetChallenge(stream.Domain);
context.Sender.SendTo(stream, challenge);
}
}
else if (auth.MechanismType == MechanismType.PLAIN)
{
if (auth.TextBase64 == null)
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
else
{
string[] array = auth.TextBase64.Split('\0');
if (array.Length == 3)
{
string userName = array[1];
string password = array[2];
bool isAuth = false;
User user = context.UserManager.GetUser(new Jid(userName, stream.Domain, null));
if (user != null)
{
if (user.Sid != null)
{
if (!user.Sid.StartsWith("l"))
{
var storage = new DbLdapSettingsStore();
storage.GetLdapSettings(stream.Domain);
ILdapHelper ldapHelper = !WorkContext.IsMono ?
(ILdapHelper) new SystemLdapHelper() : new NovellLdapHelper();
var accountName = ldapHelper.GetAccountNameBySid(user.Sid, storage.Authentication,
storage.Login, storage.Password, storage.Server, storage.PortNumber,
storage.UserDN, storage.LoginAttribute, storage.StartTls);
if (accountName != null && ldapHelper.CheckCredentials(accountName,
password, storage.Server, storage.PortNumber, storage.Login, storage.StartTls))
{
// ldap user
isAuth = true;
}
}
}
else if (user.Password == password)
{
// usual user
isAuth = true;
}
}
if (isAuth)
{
log.DebugFormat("User {0} authorized, Domain = {1}", userName, stream.Domain);
context.Sender.ResetStream(stream);
stream.Authenticate(userName);
context.Sender.SendTo(stream, new Success());
}
else
{
log.DebugFormat("User {0} not authorized, Domain = {1}", userName, stream.Domain);
context.Sender.SendToAndClose(stream, XmppFailureError.NotAuthorized);
}
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.TemporaryAuthFailure);
}
}
}
else
{
context.Sender.SendToAndClose(stream, XmppFailureError.InvalidMechanism);
}
}
