Examples with ConsoleAccessAuthenticationAnswer - com.cloud.legacymodel.communication.answer.ConsoleAccessAuthenticationAnswer

Example 1 with ConsoleAccessAuthenticationAnswer

use of com.cloud.legacymodel.communication.answer.ConsoleAccessAuthenticationAnswer in project cosmic by MissionCriticalCloud.

the class AgentHookBase method onConsoleAccessAuthentication.

@Override
public AgentControlAnswer onConsoleAccessAuthentication(final ConsoleAccessAuthenticationCommand cmd) {
    final Long vmId = null;
    final String ticketInUrl = cmd.getTicket();
    if (ticketInUrl == null) {
        s_logger.error("Access ticket could not be found, you could be running an old version of console proxy. vmId: " + cmd.getVmId());
        return new ConsoleAccessAuthenticationAnswer(cmd, false);
    }
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Console authentication. Ticket in url for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticketInUrl);
    }
    if (!cmd.isReauthenticating()) {
        final String ticket = ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId());
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Console authentication. Ticket in 1 minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticket);
        }
        if (!ticket.equals(ticketInUrl)) {
            final Date now = new Date();
            // considering of minute round-up
            final String minuteEarlyTicket = ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(), new Date(now.getTime() - 60 * 1000));
            if (s_logger.isDebugEnabled()) {
                s_logger.debug("Console authentication. Ticket in 2-minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + minuteEarlyTicket);
            }
            if (!minuteEarlyTicket.equals(ticketInUrl)) {
                s_logger.error("Access ticket expired or has been modified. vmId: " + cmd.getVmId() + "ticket in URL: " + ticketInUrl + ", tickets to check against: " + ticket + "," + minuteEarlyTicket);
                return new ConsoleAccessAuthenticationAnswer(cmd, false);
            }
        }
    }
    if (cmd.getVmId() != null && cmd.getVmId().isEmpty()) {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Invalid vm id sent from proxy(happens when proxy session has terminated)");
        }
        return new ConsoleAccessAuthenticationAnswer(cmd, false);
    }
    VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId());
    if (vm == null) {
        vm = _instanceDao.findById(Long.parseLong(cmd.getVmId()));
    }
    if (vm == null) {
        s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication");
        return new ConsoleAccessAuthenticationAnswer(cmd, false);
    }
    if (vm.getHostId() == null) {
        s_logger.warn("VM " + vmId + " lost host info, failed authentication request");
        return new ConsoleAccessAuthenticationAnswer(cmd, false);
    }
    final HostVO host = _hostDao.findById(vm.getHostId());
    if (host == null) {
        s_logger.warn("VM " + vmId + "'s host does not exist, fail authentication request");
        return new ConsoleAccessAuthenticationAnswer(cmd, false);
    }
    final String sid = cmd.getSid();
    if (sid == null || !sid.equals(vm.getVncPassword())) {
        s_logger.warn("sid " + sid + " in url does not match stored sid.");
        return new ConsoleAccessAuthenticationAnswer(cmd, false);
    }
    if (cmd.isReauthenticating()) {
        final ConsoleAccessAuthenticationAnswer authenticationAnswer = new ConsoleAccessAuthenticationAnswer(cmd, true);
        authenticationAnswer.setReauthenticating(true);
        s_logger.info("Re-authentication request, ask host " + vm.getHostId() + " for new console info");
        final GetVncPortAnswer answer = (GetVncPortAnswer) _agentMgr.easySend(vm.getHostId(), new GetVncPortCommand(vm.getId(), vm.getInstanceName()));
        if (answer != null && answer.getResult()) {
            final Ternary<String, String, String> parsedHostInfo = ConsoleProxyServlet.parseHostInfo(answer.getAddress());
            if (parsedHostInfo.second() != null && parsedHostInfo.third() != null) {
                s_logger.info("Re-authentication result. vm: " + vm.getId() + ", tunnel url: " + parsedHostInfo.second() + ", tunnel session: " + parsedHostInfo.third());
                authenticationAnswer.setTunnelUrl(parsedHostInfo.second());
                authenticationAnswer.setTunnelSession(parsedHostInfo.third());
            } else {
                s_logger.info("Re-authentication result. vm: " + vm.getId() + ", host address: " + parsedHostInfo.first() + ", port: " + answer.getPort());
                authenticationAnswer.setHost(parsedHostInfo.first());
                authenticationAnswer.setPort(answer.getPort());
            }
        } else {
            s_logger.warn("Re-authentication request failed");
            authenticationAnswer.setSuccess(false);
        }
        return authenticationAnswer;
    }
    return new ConsoleAccessAuthenticationAnswer(cmd, true);
}

Also used : GetVncPortAnswer(com.cloud.legacymodel.communication.answer.GetVncPortAnswer) GetVncPortCommand(com.cloud.legacymodel.communication.command.GetVncPortCommand) ConsoleAccessAuthenticationAnswer(com.cloud.legacymodel.communication.answer.ConsoleAccessAuthenticationAnswer) Date(java.util.Date) HostVO(com.cloud.host.HostVO) VirtualMachine(com.cloud.legacymodel.vm.VirtualMachine)

Aggregations

HostVO (com.cloud.host.HostVO)1 ConsoleAccessAuthenticationAnswer (com.cloud.legacymodel.communication.answer.ConsoleAccessAuthenticationAnswer)1 GetVncPortAnswer (com.cloud.legacymodel.communication.answer.GetVncPortAnswer)1 GetVncPortCommand (com.cloud.legacymodel.communication.command.GetVncPortCommand)1 VirtualMachine (com.cloud.legacymodel.vm.VirtualMachine)1 Date (java.util.Date)1