src/org/sonews/acl/AuthInfoCommand.java
author František Kučera <franta-hg@frantovo.cz>
Thu, 05 Jul 2012 13:19:19 +0200
changeset 119 f5b57e221e38
parent 118 ba7ea56fd672
permissions -rw-r--r--
mezery, tabulátory
     1 /*
     2  *   SONEWS News Server
     3  *   see AUTHORS for the list of contributors
     4  *
     5  *   This program is free software: you can redistribute it and/or modify
     6  *   it under the terms of the GNU General Public License as published by
     7  *   the Free Software Foundation, either version 3 of the License, or
     8  *   (at your option) any later version.
     9  *
    10  *   This program is distributed in the hope that it will be useful,
    11  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  *   GNU General Public License for more details.
    14  *
    15  *   You should have received a copy of the GNU General Public License
    16  *   along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  */
    18 package org.sonews.acl;
    19 
    20 import java.io.IOException;
    21 import java.util.Arrays;
    22 import java.util.logging.Level;
    23 import java.util.logging.Logger;
    24 import java.util.regex.Matcher;
    25 import java.util.regex.Pattern;
    26 import org.sonews.daemon.NNTPConnection;
    27 import org.sonews.daemon.command.Command;
    28 import org.sonews.storage.StorageBackendException;
    29 import org.sonews.storage.StorageManager;
    30 
    31 /**
    32  *
    33  * @author František Kučera (frantovo.cz)
    34  */
    35 public class AuthInfoCommand implements Command {
    36 
    37 	private static final Logger log = Logger.getLogger(AuthInfoCommand.class.getName());
    38 	private static String[] SUPPORTED_COMMANDS = {"AUTHINFO"};
    39 
    40 	@Override
    41 	public boolean hasFinished() {
    42 		return true;
    43 	}
    44 
    45 	@Override
    46 	public String impliedCapability() {
    47 		return "AUTHINFO";
    48 	}
    49 
    50 	@Override
    51 	public boolean isStateful() {
    52 		// TODO: make it statefull?
    53 		return false;
    54 	}
    55 
    56 	@Override
    57 	public String[] getSupportedCommandStrings() {
    58 		return SUPPORTED_COMMANDS;
    59 	}
    60 
    61 	@Override
    62 	public void processLine(NNTPConnection conn, String line, byte[] rawLine) throws IOException, StorageBackendException {
    63 		Pattern commandPattern = Pattern.compile("AUTHINFO (USER|PASS) (.*)", Pattern.CASE_INSENSITIVE);
    64 		Matcher commandMatcher = commandPattern.matcher(line);
    65 
    66 		if (commandMatcher.matches()) {
    67 
    68 			if (conn.getUser() != null && conn.getUser().isAuthenticated()) {
    69 				conn.println("502 Command unavailable (you are already authenticated)");
    70 			} else if ("USER".equalsIgnoreCase(commandMatcher.group(1))) {
    71 				conn.setUser(new User(commandMatcher.group(2)));
    72 				conn.println("381 Password required"); // ask user for his password
    73 				log.log(Level.FINE, "User ''{0}'' greets us. We are waiting for his password.", conn.getUser().getUserName());
    74 			} else if ("PASS".equalsIgnoreCase(commandMatcher.group(1))) {
    75 				if (conn.getUser() == null) {
    76 					conn.println("482 Authentication commands issued out of sequence");
    77 				} else {
    78 
    79 					char[] password = commandMatcher.group(2).toCharArray();
    80 					// TODO: StorageManager should return User object instead of boolean (so there could be transferred some additional information about user)
    81 					boolean goodPassword = StorageManager.current().authenticateUser(conn.getUser().getUserName(), password);
    82 					Arrays.fill(password, '*');
    83 					commandMatcher = null;
    84 
    85 					if (goodPassword) {
    86 						conn.println("281 Authentication accepted");
    87 						conn.getUser().setAuthenticated(true);
    88 						log.log(Level.INFO, "User ''{0}'' has been succesfully authenticated.", conn.getUser().getUserName());
    89 					} else {
    90 						log.log(Level.INFO, "User ''{0}'' has provided wrong password.", conn.getUser().getUserName());
    91 						conn.setUser(null);
    92 						conn.println("481 Authentication failed: wrong password");
    93 					}
    94 
    95 				}
    96 			} else {
    97 				// impossible, see commandPattern
    98 				conn.println("500 Unknown command");
    99 			}
   100 
   101 
   102 		} else {
   103 			conn.println("500 Unknown command, expecting AUTHINFO USER username or AUTHINFO PASS password ");
   104 		}
   105 	}
   106 }