/** * An event was received from the layer below. Usually the current layer will want to examine the event type and * - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating * the internal membership list when receiving a VIEW_CHANGE event). * Finally the event is either a) discarded, or b) an event is sent down the stack using {@code down_prot.down()} * or c) the event (or another event) is sent up the stack using {@code up_prot.up()}. */ public Object up(Message msg) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { sendRejectionMessage(gms_hdr.getType(), msg.src(), "no AUTH header found in message"); throw new IllegalStateException(String.format("found %s from %s but no AUTH header", gms_hdr, msg.src())); } if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed return null; // don't pass up } if(!callUpHandlers(msg)) return null; return up_prot.up(msg); }
public boolean authenticate(AuthToken token, Message msg) { Address sender=msg.getSrc(); if(match_ip_address) { PhysicalAddress src=sender != null? (PhysicalAddress)auth.down(new Event(Event.GET_PHYSICAL_ADDRESS, sender)) : null; String ip_addr=src != null? src.toString() : null; if(ip_addr != null) { Matcher matcher=pattern.matcher(ip_addr); boolean result=matcher.matches(); if(log.isTraceEnabled()) log.trace("matching ip_address: pattern= " + pattern + ", input= " + ip_addr + ", result= " + result); if(result) return true; } } if(match_logical_name) { String logical_name=sender != null? NameCache.get(sender) : null; if(logical_name != null) { Matcher matcher=pattern.matcher(logical_name); boolean result=matcher.matches(); if(log.isTraceEnabled()) log.trace("matching logical_name: pattern= " + pattern + ", input= " + logical_name + ", result= " + result); if(result) return true; } } return false; }
public boolean authenticate(AuthToken token, Message msg) { Address sender=msg.getSrc(); // 1. send a challenge to the sender byte[] buf=generateRandomBytes(challenge_size); Message challenge=new Message(sender).setFlag(Message.Flag.OOB) .putHeader(ID, new ChallengeResponseHeader(buf)); Entry entry=new Entry(buf); pending_requests.put(sender, entry); // here we'd have to check if a latch already exists... log.trace("%s: sending challenge to %s", auth.getAddress(), sender); try { auth.getDownProtocol().down(challenge); long hash=entry.future.get(block_time, TimeUnit.MILLISECONDS); boolean result=hash > 0 && hash == hash(encrypt(entry.challenge)); log.trace("%s: authentication of %s: %b (hash=%d)", auth.getAddress(), sender, result, hash); return result; } catch(Exception e) { return false; } finally { pending_requests.remove(sender); } }
public Object down(Message msg) { GMS.GmsHeader hdr = getGMSHeader(msg); if(hdr != null && needsAuthentication(hdr)) { // we found a join request message - now add an AUTH Header msg.putHeader(this.id, new AuthHeader(this.auth_token)); } return down_prot.down(msg); }
/** * Handles a GMS header * @param gms_hdr * @param msg * @return true if the message should be passed up, or else false */ protected boolean handleAuthHeader(GMS.GmsHeader gms_hdr, AuthHeader auth_hdr, Message msg) { if(needsAuthentication(gms_hdr)) { if(this.auth_token.authenticate(auth_hdr.getToken(), msg)) return true; // authentication passed, send message up the stack else { log.warn("%s: failed to validate AuthHeader (token: %s) from %s; dropping message and sending " + "rejection message", local_addr, auth_token.getClass().getSimpleName(), msg.src()); sendRejectionMessage(gms_hdr.getType(), msg.getSrc(), "authentication failed"); return false; } } return true; }
GMS.GmsHeader hdr = isJoinMessage(evt); if((hdr != null) && (hdr.getType() == GMS.GmsHeader.JOIN_REQ)){ if(log.isDebugEnabled()){ log.warn("AUTH failed to validate AuthHeader token"); sendRejectionMessage(msg.getSrc(), createFailureEvent(msg.getSrc(), "Authentication failed")); log.warn("AUTH failed to get valid AuthHeader from Message"); sendRejectionMessage(msg.getSrc(), createFailureEvent(msg.getSrc(), "Failed to find valid AuthHeader in Message")); sendRejectionMessage(msg.getSrc(), createFailureEvent(msg.getSrc(), "Failed to find an AuthHeader in Message"));
protected static void registerBypasser(AUTH auth) { ASYM_ENCRYPT asym_encr=auth.getProtocolStack().findProtocol(ASYM_ENCRYPT.class); if(asym_encr != null) asym_encr.registerBypasser(BYPASSER_FUNCTION); }
public PhysicalAddress getPhysicalAddress() {return getTransport().getPhysicalAddress();}
/** * Handles a GMS header * @param gms_hdr * @param msg * @return true if the message should be passed up, or else false */ protected boolean handleAuthHeader(GMS.GmsHeader gms_hdr, AuthHeader auth_hdr, Message msg) { if(needsAuthentication(gms_hdr)) { if(this.auth_token.authenticate(auth_hdr.getToken(), msg)) return true; // authentication passed, send message up the stack else { log.warn("%s: failed to validate AuthHeader (token: %s) from %s; dropping message and sending " + "rejection message", local_addr, auth_token.getClass().getSimpleName(), msg.src()); sendRejectionMessage(gms_hdr.getType(), msg.getSrc(), "authentication failed"); return false; } } return true; }
public Object down(Message msg) { GMS.GmsHeader hdr = getGMSHeader(msg); if(hdr != null && needsAuthentication(hdr)) { // we found a join request message - now add an AUTH Header msg.putHeader(this.id, new AuthHeader(this.auth_token)); } return down_prot.down(msg); }
protected static void unregisterBypasser(AUTH auth) { ASYM_ENCRYPT asym_encr=auth.getProtocolStack().findProtocol(ASYM_ENCRYPT.class); if(asym_encr != null) asym_encr.unregisterBypasser(BYPASSER_FUNCTION); }
public PhysicalAddress getPhysicalAddress() {return getTransport().getPhysicalAddress();}
public void up(MessageBatch batch) { for(Message msg: batch) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { log.warn("%s: found GMS join or merge request from %s but no AUTH header", local_addr, batch.sender()); sendRejectionMessage(gms_hdr.getType(), batch.sender(), "join or merge without an AUTH header"); batch.remove(msg); } else if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed batch.remove(msg); // don't pass up } } if(!batch.isEmpty()) up_prot.up(batch); }
public boolean handleUpMessage(Message msg) { ChallengeResponseHeader hdr=msg.getHeader(ID); if(hdr == null) return true; switch(hdr.type) { case ChallengeResponseHeader.CHALLENGE: long hash=hash(encrypt(hdr.payload)); Message response=new Message(msg.getSrc()).setFlag(Message.Flag.OOB) .putHeader(ID, new ChallengeResponseHeader(hash)); log.trace("%s: received CHALLENGE from %s; sending RESPONSE (hash=%d)", auth.getAddress(), msg.src(), hash); auth.getDownProtocol().down(response); break; case ChallengeResponseHeader.RESPONSE: log.trace("%s: received RESPONSE from %s", auth.getAddress(), msg.getSrc()); Entry entry=pending_requests.get(msg.getSrc()); if(entry != null) entry.setResponse(hdr.hash); break; } return false; // don't pass up }
protected static void registerBypasser(AUTH auth) { ASYM_ENCRYPT asym_encr=auth.getProtocolStack().findProtocol(ASYM_ENCRYPT.class); if(asym_encr != null) asym_encr.registerBypasser(BYPASSER_FUNCTION); }
/** Check if I'm in memberList, too */ /*public void start() throws Exception { super.start(); IpAddress self=(IpAddress)auth.getPhysicalAddress(); if(!isInMembersList(self)) throw new IllegalStateException("own physical address " + self + " is not in members (" + memberList + ")"); } */ public boolean authenticate(AuthToken token, Message msg) { if ((token != null) && (token instanceof FixedMembershipToken) && (this.memberList != null)) { PhysicalAddress src = (PhysicalAddress) auth.down(new Event(Event.GET_PHYSICAL_ADDRESS, msg.getSrc())); if (src == null) { log.error(Util.getMessage("DidnTFindPhysicalAddressFor") + msg.getSrc()); return false; } return isInMembersList((IpAddress)src); } if (log.isWarnEnabled()) log.warn("Invalid AuthToken instance - wrong type or null"); return false; }
/** * An event was received from the layer below. Usually the current layer will want to examine the event type and * - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating * the internal membership list when receiving a VIEW_CHANGE event). * Finally the event is either a) discarded, or b) an event is sent down the stack using {@code down_prot.down()} * or c) the event (or another event) is sent up the stack using {@code up_prot.up()}. */ public Object up(Message msg) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { sendRejectionMessage(gms_hdr.getType(), msg.src(), "no AUTH header found in message"); throw new IllegalStateException(String.format("found %s from %s but no AUTH header", gms_hdr, msg.src())); } if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed return null; // don't pass up } if(!callUpHandlers(msg)) return null; return up_prot.up(msg); }
public boolean authenticate(AuthToken token, Message msg) { Address sender=msg.getSrc(); // 1. send a challenge to the sender byte[] buf=generateRandomBytes(challenge_size); Message challenge=new Message(sender).setFlag(Message.Flag.OOB) .putHeader(ID, new ChallengeResponseHeader(buf)); Entry entry=new Entry(buf); pending_requests.put(sender, entry); // here we'd have to check if a latch already exists... log.trace("%s: sending challenge to %s", auth.getAddress(), sender); try { auth.getDownProtocol().down(challenge); long hash=entry.future.get(block_time, TimeUnit.MILLISECONDS); boolean result=hash > 0 && hash == hash(encrypt(entry.challenge)); log.trace("%s: authentication of %s: %b (hash=%d)", auth.getAddress(), sender, result, hash); return result; } catch(Exception e) { return false; } finally { pending_requests.remove(sender); } }
protected static void unregisterBypasser(AUTH auth) { ASYM_ENCRYPT asym_encr=auth.getProtocolStack().findProtocol(ASYM_ENCRYPT.class); if(asym_encr != null) asym_encr.unregisterBypasser(BYPASSER_FUNCTION); }
public boolean authenticate(AuthToken token, Message msg) { Address sender=msg.getSrc(); if(match_ip_address) { PhysicalAddress src=sender != null? (PhysicalAddress)auth.down(new Event(Event.GET_PHYSICAL_ADDRESS, sender)) : null; String ip_addr=src != null? src.toString() : null; if(ip_addr != null) { Matcher matcher=pattern.matcher(ip_addr); boolean result=matcher.matches(); if(log.isTraceEnabled()) log.trace("matching ip_address: pattern= " + pattern + ", input= " + ip_addr + ", result= " + result); if(result) return true; } } if(match_logical_name) { String logical_name=sender != null? NameCache.get(sender) : null; if(logical_name != null) { Matcher matcher=pattern.matcher(logical_name); boolean result=matcher.matches(); if(log.isTraceEnabled()) log.trace("matching logical_name: pattern= " + pattern + ", input= " + logical_name + ", result= " + result); if(result) return true; } } return false; }