public bool IsAuthMechanismEnabled(IConnection connection, IAuthMechanism authMechanism)
{
if (Settings.Default.OnlyAllowClearTextAuthOverSecureConnection)
{
return((!authMechanism.IsPlainText) || connection.Session.SecureConnection);
}
return(true);
}
public bool IsAuthMechanismEnabled(IConnection connection, IAuthMechanism authMechanism)
{
return(true);
}
public virtual bool IsAuthMechanismEnabled(IConnection connection, IAuthMechanism authMechanism)
{
return(false);
}
public void Process(IConnection connection, SmtpCommand command)
{
if (command.Arguments.Length > 0)
{
if (connection.Session.Authenticated)
{
throw new SmtpServerException(new SmtpResponse(StandardSmtpResponseCode.BadSequenceOfCommands,
"Already authenticated"));
}
string mechanismId = command.Arguments[0];
IAuthMechanism mechanism = AuthExtensionProcessor.MechanismMap.Get(mechanismId);
if (mechanism == null)
{
throw new SmtpServerException(
new SmtpResponse(StandardSmtpResponseCode.CommandParameterNotImplemented,
"Specified AUTH mechanism not supported"));
}
if (!AuthExtensionProcessor.IsMechanismEnabled(mechanism))
{
throw new SmtpServerException(
new SmtpResponse(StandardSmtpResponseCode.AuthenticationFailure,
"Specified AUTH mechanism not allowed right now (might require secure connection etc)"));
}
IAuthMechanismProcessor authMechanismProcessor =
mechanism.CreateAuthMechanismProcessor(connection);
AuthMechanismProcessorStatus status =
authMechanismProcessor.ProcessResponse(string.Join(" ", command.Arguments.Skip(1).ToArray()));
while (status == AuthMechanismProcessorStatus.Continue)
{
string response = connection.ReadLine();
if (response == "*")
{
connection.WriteResponse(new SmtpResponse(StandardSmtpResponseCode.SyntaxErrorInCommandArguments, "Authentication aborted"));
return;
}
status = authMechanismProcessor.ProcessResponse(response);
}
if (status == AuthMechanismProcessorStatus.Success)
{
connection.WriteResponse(new SmtpResponse(StandardSmtpResponseCode.AuthenitcationOK,
"Authenticated OK"));
connection.Session.Authenticated = true;
connection.Session.AuthenticationCredentials = authMechanismProcessor.Credentials;
}
else
{
connection.WriteResponse(new SmtpResponse(StandardSmtpResponseCode.AuthenticationFailure,
"Authentication failure"));
}
}
else
{
throw new SmtpServerException(new SmtpResponse(StandardSmtpResponseCode.SyntaxErrorInCommandArguments,
"Must specify AUTH mechanism as a parameter"));
}
}
/// <inheritdoc/>
public virtual Task <bool> IsAuthMechanismEnabled(IConnection connection, IAuthMechanism authMechanism)
{
return(Task.FromResult(true));
}
public bool IsAuthMechanismEnabled(IConnection connection, IAuthMechanism authMechanism)
{
if (Settings.Default.OnlyAllowClearTextAuthOverSecureConnection)
{
return (!authMechanism.IsPlainText) || connection.Session.SecureConnection;
}
return true;
}
/// <inheritdoc/>
public async Task Process(IConnection connection, SmtpCommand command)
{
ArgumentsParser argumentsParser = new ArgumentsParser(command.ArgumentsText);
if (argumentsParser.Arguments.Count > 0)
{
if (connection.Session.Authenticated)
{
throw new SmtpServerException(new SmtpResponse(
StandardSmtpResponseCode.BadSequenceOfCommands,
"Already authenticated"));
}
string mechanismId = argumentsParser.Arguments.First();
IAuthMechanism mechanism = this.AuthExtensionProcessor.MechanismMap.Get(mechanismId);
if (mechanism == null)
{
throw new SmtpServerException(
new SmtpResponse(
StandardSmtpResponseCode.CommandParameterNotImplemented,
"Specified AUTH mechanism not supported"));
}
if (!await this.AuthExtensionProcessor.IsMechanismEnabled(mechanism).ConfigureAwait(false))
{
throw new SmtpServerException(
new SmtpResponse(
StandardSmtpResponseCode.AuthenticationFailure,
"Specified AUTH mechanism not allowed right now (might require secure connection etc)"));
}
IAuthMechanismProcessor authMechanismProcessor =
mechanism.CreateAuthMechanismProcessor(connection);
string initialData = null;
if (argumentsParser.Arguments.Count > 1)
{
initialData = string.Join(" ", argumentsParser.Arguments.Skip(1).ToArray());
}
AuthMechanismProcessorStatus status =
await authMechanismProcessor.ProcessResponse(initialData).ConfigureAwait(false);
while (status == AuthMechanismProcessorStatus.Continue)
{
string response = await connection.ReadLine().ConfigureAwait(false);
if (response == "*")
{
await connection.WriteResponse(new SmtpResponse(StandardSmtpResponseCode.SyntaxErrorInCommandArguments, "Authentication aborted")).ConfigureAwait(false);
return;
}
status = await authMechanismProcessor.ProcessResponse(response).ConfigureAwait(false);
}
if (status == AuthMechanismProcessorStatus.Success)
{
await connection.WriteResponse(new SmtpResponse(
StandardSmtpResponseCode.AuthenticationOK,
"Authenticated OK")).ConfigureAwait(false);
connection.Session.Authenticated = true;
connection.Session.AuthenticationCredentials = authMechanismProcessor.Credentials;
}
else
{
await connection.WriteResponse(new SmtpResponse(
StandardSmtpResponseCode.AuthenticationFailure,
"Authentication failure")).ConfigureAwait(false);
}
}
else
{
throw new SmtpServerException(new SmtpResponse(
StandardSmtpResponseCode.SyntaxErrorInCommandArguments,
"Must specify AUTH mechanism as a parameter"));
}
}
public bool IsMechanismEnabled(IAuthMechanism mechanism)
{
return(_processor.Server.Behaviour.IsAuthMechanismEnabled(_processor, mechanism));
}
private void StartAndTune()
{
var connectionStartCell = new BlockingCell <ConnectionStartDetails>();
_model0.m_connectionStartCell = connectionStartCell;
_model0.HandshakeContinuationTimeout = _config.HandshakeContinuationTimeout;
_frameHandler.ReadTimeout = _config.HandshakeContinuationTimeout;
_frameHandler.SendHeader();
ConnectionStartDetails connectionStart = connectionStartCell.WaitForValue();
if (connectionStart is null)
{
throw new IOException("connection.start was never received, likely due to a network timeout");
}
ServerProperties = connectionStart.m_serverProperties;
var serverVersion = new AmqpVersion(connectionStart.m_versionMajor, connectionStart.m_versionMinor);
if (!serverVersion.Equals(Protocol.Version))
{
TerminateMainloop();
FinishClose();
throw new ProtocolVersionMismatchException(Protocol.MajorVersion, Protocol.MinorVersion, serverVersion.Major, serverVersion.Minor);
}
// FIXME: parse out locales properly!
ConnectionTuneDetails connectionTune = default;
bool tuned = false;
try
{
string mechanismsString = Encoding.UTF8.GetString(connectionStart.m_mechanisms);
IAuthMechanismFactory mechanismFactory = GetAuthMechanismFactory(mechanismsString);
IAuthMechanism mechanism = mechanismFactory.GetInstance();
byte[]? challenge = null;
do
{
byte[] response = mechanism.handleChallenge(challenge, _config);
ConnectionSecureOrTune res;
if (challenge is null)
{
res = _model0.ConnectionStartOk(ClientProperties,
mechanismFactory.Name,
response,
"en_US");
}
else
{
res = _model0.ConnectionSecureOk(response);
}
if (res.m_challenge is null)
{
connectionTune = res.m_tuneDetails;
tuned = true;
}
else
{
challenge = res.m_challenge;
}
}while (!tuned);
}
catch (OperationInterruptedException e)
{
if (e.ShutdownReason != null && e.ShutdownReason.ReplyCode == Constants.AccessRefused)
{
throw new AuthenticationFailureException(e.ShutdownReason.ReplyText);
}
throw new PossibleAuthenticationFailureException(
"Possibly caused by authentication failure", e);
}
ushort channelMax = (ushort)NegotiatedMaxValue(_config.MaxChannelCount, connectionTune.m_channelMax);
_sessionManager = new SessionManager(this, channelMax);
uint frameMax = NegotiatedMaxValue(_config.MaxFrameSize, connectionTune.m_frameMax);
FrameMax = frameMax;
MaxPayloadSize = frameMax == 0 ? int.MaxValue : (int)frameMax - Client.Impl.Framing.BaseFrameSize;
uint heartbeatInSeconds = NegotiatedMaxValue((uint)_config.HeartbeatInterval.TotalSeconds, (uint)connectionTune.m_heartbeatInSeconds);
Heartbeat = TimeSpan.FromSeconds(heartbeatInSeconds);
_model0.ConnectionTuneOk(channelMax, frameMax, (ushort)Heartbeat.TotalSeconds);
// now we can start heartbeat timers
MaybeStartHeartbeatTimers();
}
/// <summary>
/// Updates the UserStore with this UserData. Basically a shortcut for Authentication.UserStore.UpdateByID
/// </summary>
/// <returns>
/// true if user updated successfully
/// </returns>
public bool Update(IAuthMechanism auth)
{
if(string.IsNullOrEmpty(UniqueID)){
return false;
}
return auth.UserStore.UpdateUserByID(this);
}
/// <summary>
/// Inserts this UserData into the UserStore, generating the password in the process. Basically a shortcut for Authentication.AddUser
/// </summary>
/// <param name="password">
/// The password to use for this user
/// </param>
/// <returns>
/// true if successfully inserted
/// </returns>
public bool SaveNew(IAuthMechanism auth, string password)
{
if(!string.IsNullOrEmpty(UniqueID)){ //UniqueID can't already be set
return false;
}
if(!auth.UserStore.AddUser(this))
{
return false;
}
auth.ComputePasswordHash(this, password);
return auth.UserStore.UpdateUserByID(this);
}
/// <summary>
/// Resets the password for this UserData, as well as updating the password for it in the UserStore.
/// </summary>
/// <returns>
/// The generated password. Returns null on error.
/// </returns>
public string ResetPassword(IAuthMechanism auth)
{
if(string.IsNullOrEmpty(UniqueID)){
return null;
}
return auth.ResetPassword(this);
}
/// <summary>
/// Deletes this UserData from the UserStore. Note, if successful, UniqueID will be set to null as well.
/// </summary>
/// <returns>
/// true if successfully deleted
/// </returns>
public bool Delete(IAuthMechanism auth)
{
bool res=auth.UserStore.DeleteUserByID(this);
if(res){
UniqueID=null;
}
return res;
}
public TestController(RequestContext c, IAuthMechanism auth=null)
: base(c)
{
Authentication=auth;
}
public void Add(IAuthMechanism mechanism)
{
_map[mechanism.Identifier] = mechanism;
}
public virtual bool IsAuthMechanismEnabled(IConnection connection, IAuthMechanism authMechanism)
{
return false;
}
/// <summary>
/// Adds an auth mechanism to the map.
/// </summary>
/// <param name="mechanism">The mechanism<see cref="IAuthMechanism"/>.</param>
public void Add(IAuthMechanism mechanism)
{
this.map[mechanism.Identifier] = mechanism;
}
public bool IsMechanismEnabled(IAuthMechanism mechanism)
{
return _processor.Server.Behaviour.IsAuthMechanismEnabled(_processor, mechanism);
}
/// <summary>
/// Determines whether the specified auth mechanism is enabled for the current connection.
/// </summary>
/// <param name="mechanism">The mechanism.</param>
/// <returns>A <see cref="Task{T}"/> representing the async operation which yields true if enabled.</returns>
public async Task <bool> IsMechanismEnabled(IAuthMechanism mechanism)
{
return(await this.connection.Server.Behaviour.IsAuthMechanismEnabled(this.connection, mechanism).ConfigureAwait(false));
}
protected void StartAndTune()
{
var connectionStartCell = new BlockingCell();
m_model0.m_connectionStartCell = connectionStartCell;
m_model0.HandshakeContinuationTimeout = m_factory.HandshakeContinuationTimeout;
m_frameHandler.ReadTimeout = (int)m_factory.HandshakeContinuationTimeout.TotalMilliseconds;
m_frameHandler.SendHeader();
var connectionStart = (ConnectionStartDetails)
connectionStartCell.Value;
if (connectionStart == null)
{
throw new IOException("connection.start was never received, likely due to a network timeout");
}
ServerProperties = connectionStart.m_serverProperties;
var serverVersion = new AmqpVersion(connectionStart.m_versionMajor,
connectionStart.m_versionMinor);
if (!serverVersion.Equals(Protocol.Version))
{
TerminateMainloop();
FinishClose();
throw new ProtocolVersionMismatchException(Protocol.MajorVersion,
Protocol.MinorVersion,
serverVersion.Major,
serverVersion.Minor);
}
ClientProperties = new Dictionary <string, object>(m_factory.ClientProperties)
{
["capabilities"] = Protocol.Capabilities,
["connection_name"] = ClientProvidedName
};
// FIXME: parse out locales properly!
ConnectionTuneDetails connectionTune = default;
bool tuned = false;
try
{
string mechanismsString = Encoding.UTF8.GetString(connectionStart.m_mechanisms, 0, connectionStart.m_mechanisms.Length);
string[] mechanisms = mechanismsString.Split(' ');
IAuthMechanismFactory mechanismFactory = m_factory.AuthMechanismFactory(mechanisms);
if (mechanismFactory == null)
{
throw new IOException("No compatible authentication mechanism found - " +
"server offered [" + mechanismsString + "]");
}
IAuthMechanism mechanism = mechanismFactory.GetInstance();
byte[] challenge = null;
do
{
byte[] response = mechanism.HandleChallenge(challenge, m_factory);
ConnectionSecureOrTune res;
if (challenge == null)
{
res = m_model0.ConnectionStartOk(ClientProperties,
mechanismFactory.Name,
response,
"en_US");
}
else
{
res = m_model0.ConnectionSecureOk(response);
}
if (res.m_challenge == null)
{
connectionTune = res.m_tuneDetails;
tuned = true;
}
else
{
challenge = res.m_challenge;
}
}while (!tuned);
}
catch (OperationInterruptedException e)
{
if (e.ShutdownReason?.ReplyCode == Constants.AccessRefused)
{
throw new AuthenticationFailureException(e.ShutdownReason.ReplyText);
}
throw new PossibleAuthenticationFailureException(
"Possibly caused by authentication failure", e);
}
var channelMax = (ushort)NegotiatedMaxValue(m_factory.RequestedChannelMax,
connectionTune.m_channelMax);
m_sessionManager = new SessionManager(this, channelMax);
uint frameMax = NegotiatedMaxValue(m_factory.RequestedFrameMax,
connectionTune.m_frameMax);
FrameMax = frameMax;
var heartbeat = (ushort)NegotiatedMaxValue(m_factory.RequestedHeartbeat,
connectionTune.m_heartbeat);
Heartbeat = heartbeat;
m_model0.ConnectionTuneOk(channelMax,
frameMax,
heartbeat);
// now we can start heartbeat timers
MaybeStartHeartbeatTimers();
}
