@Override public void destroy() { super.destroy(); cleanup(); }
public Object down(Message msg) { GmsHeader hdr =msg.getHeader(GMS_ID); Address remoteAddress = msg.getDest(); if (needsAuthentication(hdr, remoteAddress)) { // We are a client who needs to authenticate SaslClientContext ctx = null; try { ctx = new SaslClientContext(saslClientFactory, mech, server_name != null ? server_name : remoteAddress.toString(), client_callback_handler, sasl_props, client_subject); sasl_context.put(remoteAddress, ctx); ctx.addHeader(msg, null); } catch (Exception e) { if (ctx != null) { disposeContext(remoteAddress); } throw new SecurityException(e); } } return down_prot.down(msg); }
private boolean needsAuthentication(GmsHeader hdr, Address remoteAddress) { if (hdr != null) { switch (hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: return true; case GMS.GmsHeader.MERGE_REQ: return !isSelf(remoteAddress); case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.MERGE_RSP: return false; default: return false; } } else { return false; } }
protected void sendRejectionMessage(byte type, Address dest, String error_msg) { switch (type) { case GmsHeader.JOIN_REQ: case GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: sendJoinRejectionMessage(dest, error_msg); break; case GmsHeader.MERGE_REQ: sendMergeRejectionMessage(dest); break; default: log.error("type " + type + " unknown"); break; } }
@Override public void up(MessageBatch batch) { for (Message msg : batch) { // If we have a join or merge request --> authenticate, else pass up GmsHeader gmsHeader =msg.getHeader(GMS_ID); Address remoteAddress = msg.getSrc(); if (needsAuthentication(gmsHeader, remoteAddress)) { SaslHeader saslHeader =msg.getHeader(id); if (saslHeader == null) { log.warn("Found GMS join or merge request but no SASL header"); sendRejectionMessage(gmsHeader.getType(), batch.sender(), "join or merge without an SASL header"); batch.remove(msg); } else if (!serverChallenge(gmsHeader, saslHeader, msg)) // authentication failed batch.remove(msg); // don't pass up } } if (!batch.isEmpty()) up_prot.up(batch); }
GmsHeader gmsHeader =msg.getHeader(GMS_ID); Address remoteAddress = msg.getSrc(); if (needsAuthentication(gmsHeader, remoteAddress)) { if (saslHeader == null) throw new IllegalStateException("Found GMS join or merge request but no SASL header"); if (!serverChallenge(gmsHeader, saslHeader, msg)) return null; // failed auth, don't pass up } else if (saslHeader != null) { try { if (log.isTraceEnabled()) log.trace("%s: received CHALLENGE from %s", getAddress(), remoteAddress); log.trace("%s: sending RESPONSE to %s", getAddress(), remoteAddress); down_prot.down(response); } else { log.trace("%s: authentication complete from %s", getAddress(), remoteAddress); disposeContext(remoteAddress); if (log.isWarnEnabled()) { log.warn(getAddress() + ": failed to validate CHALLENGE from " + remoteAddress + ", token", e); try { if (log.isTraceEnabled()) log.trace("%s: received RESPONSE from %s", getAddress(), remoteAddress); Message challenge = saslContext.nextMessage(remoteAddress, saslHeader); log.trace("%s: sending CHALLENGE to %s", getAddress(), remoteAddress);
ctx = new SaslServerContext(saslServerFactory, mech, server_name != null ? server_name : local_addr.toString(), server_callback_handler, sasl_props, server_subject); sasl_context.put(remoteAddress, ctx); this.getDownProtocol().down(ctx.nextMessage(remoteAddress, saslHeader)); ctx.awaitCompletion(timeout); if (ctx.isSuccessful()) { } else { log.warn("failed to validate SaslHeader from %s, header: %s", msg.getSrc(), saslHeader); sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); return false; sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); } catch (InterruptedException e) { return false; } finally { if (ctx != null && !ctx.needsWrapping()) { disposeContext(remoteAddress);
GmsHeader gmsHeader =msg.getHeader(GMS_ID); Address remoteAddress = msg.getSrc(); if (needsAuthentication(gmsHeader, remoteAddress)) { if (saslHeader == null) throw new IllegalStateException("Found GMS join or merge request but no SASL header"); if (!serverChallenge(gmsHeader, saslHeader, msg)) return null; // failed auth, don't pass up } else if (saslHeader != null) { try { if (log.isTraceEnabled()) log.trace("%s: received CHALLENGE from %s", getAddress(), remoteAddress); log.trace("%s: sending RESPONSE to %s", getAddress(), remoteAddress); down_prot.down(response); } else { log.trace("%s: authentication complete from %s", getAddress(), remoteAddress); disposeContext(remoteAddress); if (log.isWarnEnabled()) { log.warn(getAddress() + ": failed to validate CHALLENGE from " + remoteAddress + ", token", e); try { if (log.isTraceEnabled()) log.trace("%s: received RESPONSE from %s", getAddress(), remoteAddress); Message challenge = saslContext.nextMessage(remoteAddress, saslHeader); log.trace("%s: sending CHALLENGE to %s", getAddress(), remoteAddress);
@Override public void up(MessageBatch batch) { for (Message msg : batch) { // If we have a join or merge request --> authenticate, else pass up GmsHeader gmsHeader =msg.getHeader(GMS_ID); Address remoteAddress = msg.getSrc(); if (needsAuthentication(gmsHeader, remoteAddress)) { SaslHeader saslHeader =msg.getHeader(id); if (saslHeader == null) { log.warn("Found GMS join or merge request but no SASL header"); sendRejectionMessage(gmsHeader.getType(), batch.sender(), "join or merge without an SASL header"); batch.remove(msg); } else if (!serverChallenge(gmsHeader, saslHeader, msg)) // authentication failed batch.remove(msg); // don't pass up } } if (!batch.isEmpty()) up_prot.up(batch); }
ctx = new SaslServerContext(saslServerFactory, mech, server_name != null ? server_name : local_addr.toString(), server_callback_handler, sasl_props, server_subject); sasl_context.put(remoteAddress, ctx); this.getDownProtocol().down(ctx.nextMessage(remoteAddress, saslHeader)); ctx.awaitCompletion(timeout); if (ctx.isSuccessful()) { } else { log.warn("failed to validate SaslHeader from %s, header: %s", msg.getSrc(), saslHeader); sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); return false; sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); } catch (InterruptedException e) { return false; } finally { if (ctx != null && !ctx.needsWrapping()) { disposeContext(remoteAddress);
protected void sendRejectionMessage(byte type, Address dest, String error_msg) { switch (type) { case GmsHeader.JOIN_REQ: case GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: sendJoinRejectionMessage(dest, error_msg); break; case GmsHeader.MERGE_REQ: sendMergeRejectionMessage(dest); break; default: log.error("type " + type + " unknown"); break; } }
public Object down(Message msg) { GmsHeader hdr =msg.getHeader(GMS_ID); Address remoteAddress = msg.getDest(); if (needsAuthentication(hdr, remoteAddress)) { // We are a client who needs to authenticate SaslClientContext ctx = null; try { ctx = new SaslClientContext(saslClientFactory, mech, server_name != null ? server_name : remoteAddress.toString(), client_callback_handler, sasl_props, client_subject); sasl_context.put(remoteAddress, ctx); ctx.addHeader(msg, null); } catch (Exception e) { if (ctx != null) { disposeContext(remoteAddress); } throw new SecurityException(e); } } return down_prot.down(msg); }
@Override public void stop() { super.stop(); cleanup(); }
private boolean needsAuthentication(GmsHeader hdr, Address remoteAddress) { if (hdr != null) { switch (hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: return true; case GMS.GmsHeader.MERGE_REQ: return !isSelf(remoteAddress); case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.MERGE_RSP: return false; default: return false; } } else { return false; } }
@Override public void destroy() { super.destroy(); cleanup(); }
@Override public void stop() { super.stop(); cleanup(); }