src/org/sonews/acl/DrupalAuthInfoCommand.java
author František Kučera <franta-hg@frantovo.cz>
Fri, 21 Oct 2011 17:35:29 +0200
changeset 104 b4c8a2760d6f
parent 101 d54786065fa3
permissions -rw-r--r--
Drupal: ignorování XML komentářů (nebudou dělit odstavce).
     1 /*
     2  *   SONEWS News Server
     3  *   see AUTHORS for the list of contributors
     4  *
     5  *   This program is free software: you can redistribute it and/or modify
     6  *   it under the terms of the GNU General Public License as published by
     7  *   the Free Software Foundation, either version 3 of the License, or
     8  *   (at your option) any later version.
     9  *
    10  *   This program is distributed in the hope that it will be useful,
    11  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  *   GNU General Public License for more details.
    14  *
    15  *   You should have received a copy of the GNU General Public License
    16  *   along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  */
    18 package org.sonews.acl;
    19 
    20 import java.io.IOException;
    21 import java.util.Arrays;
    22 import java.util.logging.Level;
    23 import java.util.logging.Logger;
    24 import java.util.regex.Matcher;
    25 import java.util.regex.Pattern;
    26 import org.sonews.daemon.NNTPConnection;
    27 import org.sonews.daemon.command.Command;
    28 import org.sonews.storage.StorageBackendException;
    29 import org.sonews.storage.StorageManager;
    30 import org.sonews.storage.StorageProvider;
    31 import org.sonews.storage.impl.DrupalDatabaseProvider;
    32 
    33 /**
    34  *
    35  * @author František Kučera (frantovo.cz)
    36  */
    37 public class DrupalAuthInfoCommand implements Command {
    38 
    39 	private static final Logger log = Logger.getLogger(DrupalAuthInfoCommand.class.getName());
    40 	private static String[] SUPPORTED_COMMANDS = {"AUTHINFO"};
    41 
    42 	@Override
    43 	public boolean hasFinished() {
    44 		return true;
    45 	}
    46 
    47 	@Override
    48 	public String impliedCapability() {
    49 		return "AUTHINFO";
    50 	}
    51 
    52 	@Override
    53 	public boolean isStateful() {
    54 		return false;
    55 	}
    56 
    57 	@Override
    58 	public String[] getSupportedCommandStrings() {
    59 		return SUPPORTED_COMMANDS;
    60 	}
    61 
    62 	@Override
    63 	public void processLine(NNTPConnection conn, String line, byte[] rawLine) throws IOException, StorageBackendException {
    64 		Pattern commandPattern = Pattern.compile("AUTHINFO (USER|PASS) (.*)", Pattern.CASE_INSENSITIVE);
    65 		Matcher commandMatcher = commandPattern.matcher(line);
    66 
    67 		if (commandMatcher.matches()) {
    68 
    69 			if (conn.isUserAuthenticated()) {
    70 				conn.println("502 Command unavailable (you are already authenticated)");
    71 			} else if ("USER".equalsIgnoreCase(commandMatcher.group(1))) {
    72 				conn.setUsername(commandMatcher.group(2));
    73 				conn.println("381 Password required");
    74 				log.log(Level.FINE, "User ''{0}'' greets us. We are waiting for his password.", conn.getUsername());
    75 			} else if ("PASS".equalsIgnoreCase(commandMatcher.group(1))) {
    76 				if (conn.getUsername() == null) {
    77 					conn.println("482 Authentication commands issued out of sequence");
    78 				} else {
    79 
    80 					char[] password = commandMatcher.group(2).toCharArray();
    81 					boolean goodPassword = StorageManager.current().authenticateUser(conn.getUsername(), password);
    82 					Arrays.fill(password, '*');
    83 					commandMatcher = null;
    84 
    85 					if (goodPassword) {
    86 						conn.println("281 Authentication accepted");
    87 						conn.setUserAuthenticated(true);
    88 						log.log(Level.INFO, "User ''{0}'' has been succesfully authenticated.", conn.getUsername());
    89 					} else {
    90 						log.log(Level.INFO, "User ''{0}'' has provided wrong password.", conn.getUsername());
    91 						conn.setUsername(null);
    92 						conn.setUserAuthenticated(false);
    93 						conn.println("481 Authentication failed: wrong password");
    94 					}
    95 
    96 				}
    97 			} else {
    98 				// impossible, see commandPattern
    99 				conn.println("500 Unknown command");
   100 			}
   101 
   102 
   103 		} else {
   104 			conn.println("500 Unknown command, expecting AUTHINFO USER username or AUTHINFO PASS password ");
   105 		}
   106 	}
   107 }