AuthCmdHandlerpublic class AuthCmdHandler extends org.apache.avalon.framework.logger.AbstractLogEnabled implements CommandHandler
| Fields Summary |
|---|
| private static final String | AUTH_TYPE_PLAINThe text string for the SMTP AUTH type PLAIN. | | private static final String | AUTH_TYPE_LOGINThe text string for the SMTP AUTH type LOGIN. |
| Methods Summary |
|---|
| private void | doAUTH(SMTPSession session, java.lang.String argument)Handler method called upon receipt of a AUTH command.
Handles client authentication to the SMTP server.
String responseString = null;
if (session.getUser() != null) {
responseString = "503 "+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_OTHER)+" User has previously authenticated. "
+ " Further authentication is not required!";
session.writeResponse(responseString);
} else if (argument == null) {
responseString = "501 "+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+" Usage: AUTH (authentication type) <challenge>";
session.writeResponse(responseString);
} else {
String initialResponse = null;
if ((argument != null) && (argument.indexOf(" ") > 0)) {
initialResponse = argument.substring(argument.indexOf(" ") + 1);
argument = argument.substring(0,argument.indexOf(" "));
}
String authType = argument.toUpperCase(Locale.US);
if (authType.equals(AUTH_TYPE_PLAIN)) {
doPlainAuth(session, initialResponse);
return;
} else if (authType.equals(AUTH_TYPE_LOGIN)) {
doLoginAuth(session, initialResponse);
return;
} else {
doUnknownAuth(session, authType, initialResponse);
return;
}
}
| | private void | doLoginAuth(SMTPSession session, java.lang.String initialResponse)Carries out the Login AUTH SASL exchange.
String user = null, pass = null, responseString = null;
if (initialResponse == null) {
responseString = "334 VXNlcm5hbWU6"; // base64 encoded "Username:"
session.writeResponse(responseString);
user = session.readCommandLine();
} else {
user = initialResponse.trim();
}
if (user != null) {
try {
user = Base64.decodeAsString(user);
} catch (Exception e) {
// Ignored - this parse error will be
// addressed in the if clause below
user = null;
}
}
responseString = "334 UGFzc3dvcmQ6"; // base64 encoded "Password:"
session.writeResponse(responseString);
pass = session.readCommandLine();
if (pass != null) {
try {
pass = Base64.decodeAsString(pass);
} catch (Exception e) {
// Ignored - this parse error will be
// addressed in the if clause below
pass = null;
}
}
// Authenticate user
if ((user == null) || (pass == null)) {
responseString = "501 Could not decode parameters for AUTH LOGIN";
} else if (session.getConfigurationData().getUsersRepository().test(user, pass)) {
session.setUser(user);
responseString = "235 Authentication Successful";
if (getLogger().isDebugEnabled()) {
// TODO: Make this string a more useful debug message
getLogger().debug("AUTH method LOGIN succeeded");
}
} else {
responseString = "535 Authentication Failed";
// TODO: Make this string a more useful error message
getLogger().error("AUTH method LOGIN failed");
}
session.writeResponse(responseString);
return;
| | private void | doPlainAuth(SMTPSession session, java.lang.String initialResponse)Carries out the Plain AUTH SASL exchange.
According to RFC 2595 the client must send: [authorize-id] \0 authenticate-id \0 password.
>>> AUTH PLAIN dGVzdAB0ZXN0QHdpei5leGFtcGxlLmNvbQB0RXN0NDI=
Decoded: test\000test@wiz.example.com\000tEst42
>>> AUTH PLAIN dGVzdAB0ZXN0AHRFc3Q0Mg==
Decoded: test\000test\000tEst42
String userpass = null, user = null, pass = null, responseString = null;
if (initialResponse == null) {
responseString = "334 OK. Continue authentication";
session.writeResponse(responseString);
userpass = session.readCommandLine();
} else {
userpass = initialResponse.trim();
}
try {
if (userpass != null) {
userpass = Base64.decodeAsString(userpass);
}
if (userpass != null) {
/* See: RFC 2595, Section 6
The mechanism consists of a single message from the client to the
server. The client sends the authorization identity (identity to
login as), followed by a US-ASCII NUL character, followed by the
authentication identity (identity whose password will be used),
followed by a US-ASCII NUL character, followed by the clear-text
password. The client may leave the authorization identity empty to
indicate that it is the same as the authentication identity.
The server will verify the authentication identity and password with
the system authentication database and verify that the authentication
credentials permit the client to login as the authorization identity.
If both steps succeed, the user is logged in.
*/
StringTokenizer authTokenizer = new StringTokenizer(userpass, "\0");
String authorize_id = authTokenizer.nextToken(); // Authorization Identity
user = authTokenizer.nextToken(); // Authentication Identity
try {
pass = authTokenizer.nextToken(); // Password
}
catch (java.util.NoSuchElementException _) {
// If we got here, this is what happened. RFC 2595
// says that "the client may leave the authorization
// identity empty to indicate that it is the same as
// the authentication identity." As noted above,
// that would be represented as a decoded string of
// the form: "\0authenticate-id\0password". The
// first call to nextToken will skip the empty
// authorize-id, and give us the authenticate-id,
// which we would store as the authorize-id. The
// second call will give us the password, which we
// think is the authenticate-id (user). Then when
// we ask for the password, there are no more
// elements, leading to the exception we just
// caught. So we need to move the user to the
// password, and the authorize_id to the user.
pass = user;
user = authorize_id;
}
authTokenizer = null;
}
}
catch (Exception e) {
// Ignored - this exception in parsing will be dealt
// with in the if clause below
}
// Authenticate user
if ((user == null) || (pass == null)) {
responseString = "501 Could not decode parameters for AUTH PLAIN";
session.writeResponse(responseString);
} else if (session.getConfigurationData().getUsersRepository().test(user, pass)) {
session.setUser(user);
responseString = "235 Authentication Successful";
session.writeResponse(responseString);
getLogger().info("AUTH method PLAIN succeeded");
} else {
responseString = "535 Authentication Failed";
session.writeResponse(responseString);
getLogger().error("AUTH method PLAIN failed");
}
return;
| | private void | doUnknownAuth(SMTPSession session, java.lang.String authType, java.lang.String initialResponse)Handles the case of an unrecognized auth type.
String responseString = "504 Unrecognized Authentication Type";
session.writeResponse(responseString);
if (getLogger().isErrorEnabled()) {
StringBuffer errorBuffer =
new StringBuffer(128)
.append("AUTH method ")
.append(authType)
.append(" is an unrecognized authentication type");
getLogger().error(errorBuffer.toString());
}
return;
| | public void | onCommand(SMTPSession session)handles AUTH command
//deviation from the Main code
//Instead of throwing exception just end the session
try{
doAUTH(session, session.getCommandArgument());
} catch (Exception ex) {
getLogger().error("Exception occured:" + ex.getMessage());
session.endSession();
}
|
|
