Search in sources :

Example 1 with AccessChallenge

use of org.forgerock.openam.radius.common.AccessChallenge in project OpenAM by OpenRock.

the class RadiusConn method sendPacket.

/**
     * Finds an available server and then sends a packet to that servers.
     *
     * @param packet the packet.
     * @throws IOException        if there is a problem.
     * @throws RejectException    if there is a problem.
     * @throws ChallengeException if there is a problem.
     */
private void sendPacket(Packet packet) throws IOException, RejectException, ChallengeException {
    Packet res = null;
    RADIUSServer server = null;
    while (res == null) {
        server = getOnlineServer();
        if (debug.messageEnabled()) {
            debug.message("Using " + server + " for contact RADIUS");
        }
        try {
            send(packet, server);
            res = receive();
            if (res instanceof AccessReject) {
                throw new RejectException((AccessReject) res);
            } else if (res instanceof AccessChallenge) {
                throw new ChallengeException((AccessChallenge) res);
            }
        } catch (IOException ioe) {
            if (ioe instanceof ConnectException || ioe instanceof SocketTimeoutException) {
                if (debug.messageEnabled()) {
                    debug.message("Moving server to offline state - " + server);
                }
                synchronized (SERVER_STATUS) {
                    SERVER_STATUS.put(server, Boolean.FALSE);
                }
                synchronized (SERVER_MONITOR_LOCK) {
                    if (serverMonitor == null || serverMonitor.scheduledExecutionTime() == -1) {
                        serverMonitor = new RADIUSMonitor();
                        SystemTimer.getTimer().schedule(serverMonitor, new Date(((System.currentTimeMillis()) / 1000) * 1000));
                    }
                }
            } else {
                throw ioe;
            }
        }
    }
}
Also used : Packet(org.forgerock.openam.radius.common.Packet) DatagramPacket(java.net.DatagramPacket) SocketTimeoutException(java.net.SocketTimeoutException) AccessReject(org.forgerock.openam.radius.common.AccessReject) RADIUSServer(com.sun.identity.authentication.modules.radius.RADIUSServer) IOException(java.io.IOException) AccessChallenge(org.forgerock.openam.radius.common.AccessChallenge) Date(java.util.Date) ConnectException(java.net.ConnectException)

Example 2 with AccessChallenge

use of org.forgerock.openam.radius.common.AccessChallenge in project OpenAM by OpenRock.

the class ConsoleClient method run.

/**
     * Calls the server in a thread.
     */
@Override
public void run() {
    try {
        final DatagramChannel chan = DatagramChannel.open();
        // request id
        short reqId = 1;
        final SecureRandom random = new SecureRandom();
        final InetSocketAddress serverAddr = new InetSocketAddress(this.host, this.port);
        final NASIPAddressAttribute nasAddr = new NASIPAddressAttribute(InetAddress.getLocalHost());
        final NASPortAttribute nasPort = new NASPortAttribute(chan.socket().getLocalPort());
        StateAttribute state = null;
        // String username = "boydmr"; // TODO: restore
        final String username = getUserInputFor("Username", null);
        // String passwordOrAnswer = "password"; // TODO: restore
        String passwordOrAnswer = getUserInputFor("Password", null);
        System.out.println();
        boolean finished = false;
        // ready for writing
        final ByteBuffer bufIn = ByteBuffer.allocate(4096);
        while (!finished) {
            final RequestAuthenticator reqAuthR = new RequestAuthenticator(random, this.secret);
            final AccessRequest req = new AccessRequest(reqId++, reqAuthR);
            req.addAttribute(new UserNameAttribute(username));
            req.addAttribute(new UserPasswordAttribute(req.getAuthenticator(), this.secret, passwordOrAnswer));
            req.addAttribute(nasAddr);
            req.addAttribute(nasPort);
            if (state != null) {
                req.addAttribute(state);
            }
            final ByteBuffer reqBuf = ByteBuffer.wrap(req.getOctets());
            if (logTraffic) {
                System.out.println("Packet To " + host + ":" + port);
                System.out.println(RadiusRequestContext.getPacketRepresentation(req));
            }
            chan.send(reqBuf, serverAddr);
            // now handle responses possibly sending additional requests
            chan.receive(bufIn);
            // prepare buffer for reading out
            bufIn.flip();
            final Packet res = PacketFactory.toPacket(bufIn);
            // prepare buffer for next response
            bufIn.clear();
            if (logTraffic) {
                System.out.println("Packet From " + host + ":" + port);
                System.out.println(RadiusRequestContext.getPacketRepresentation(res));
            }
            if (res instanceof AccessReject) {
                System.out.println("---> Sorry. Not Authenticated.");
                System.out.println();
                finished = true;
            } else if (res instanceof AccessAccept) {
                System.out.println("---> SUCCESS! You've Authenticated!");
                System.out.println();
                finished = true;
            } else if (res instanceof AccessChallenge) {
                final AccessChallenge chng = (AccessChallenge) res;
                state = (StateAttribute) getAttribute(StateAttribute.class, res);
                final ReplyMessageAttribute msg = (ReplyMessageAttribute) getAttribute(ReplyMessageAttribute.class, res);
                String message = null;
                if (msg != null) {
                    message = msg.getMessage();
                }
                passwordOrAnswer = getUserInputFor("Answer", message);
                System.out.println();
            }
        }
    } catch (final Exception e) {
        e.printStackTrace();
    }
}
Also used : StateAttribute(org.forgerock.openam.radius.common.StateAttribute) Packet(org.forgerock.openam.radius.common.Packet) RequestAuthenticator(org.forgerock.openam.radius.common.RequestAuthenticator) AccessRequest(org.forgerock.openam.radius.common.AccessRequest) InetSocketAddress(java.net.InetSocketAddress) DatagramChannel(java.nio.channels.DatagramChannel) SecureRandom(java.security.SecureRandom) NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute) ByteBuffer(java.nio.ByteBuffer) IOException(java.io.IOException) ReplyMessageAttribute(org.forgerock.openam.radius.common.ReplyMessageAttribute) UserNameAttribute(org.forgerock.openam.radius.common.UserNameAttribute) AccessReject(org.forgerock.openam.radius.common.AccessReject) NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute) AccessChallenge(org.forgerock.openam.radius.common.AccessChallenge) UserPasswordAttribute(org.forgerock.openam.radius.common.UserPasswordAttribute) AccessAccept(org.forgerock.openam.radius.common.AccessAccept)

Example 3 with AccessChallenge

use of org.forgerock.openam.radius.common.AccessChallenge in project OpenAM by OpenRock.

the class OpenAMAuthHandler method gatherUserInput.

private void gatherUserInput(RadiusResponse response, ContextHolder holder, String answer, StateAttribute state) {
    LOG.message("Entering gatherUserInput();");
    // a challenge response, get the next set loaded, and then start sending a challenges for that set.
    while (holder.getAuthPhase() == ContextHolder.AuthPhase.GATHERING_INPUT) {
        if (holder.getCallbacks() == null) {
            LOG.message("--- callbacks == null in gatherUserInput");
            // either just starting process or just finished submitting a set of callback input values
            if (!isNextCallbackSetAvailable(response, holder)) {
                // no further input from user needed or error occurred
                if (holder.getAuthPhase() == ContextHolder.AuthPhase.TERMINATED) {
                    return;
                }
                LOG.message("--- NextCallbackSet not-available in gatherUserInput - move to finalization");
                holder.setAuthPhase(ContextHolder.AuthPhase.FINALIZING);
                return;
            }
        } else {
            LOG.warning("--- callbacks[" + holder.getCallbacks().length + "] in gatherUserInput - ");
            // we are gathering for current set.
            // answers
            final boolean injected = injectAnswerForCallback(response, holder, answer);
            if (!injected) {
                // couldn't inject and already sent reject response so exit out
                return;
            }
        }
        // new callbacks available or still gathering input for the current set. if all callbacks have values
        // then submit and loop around again to get next set else send challenge response to gather input for the
        // next callback
        final Callback[] callbacks = holder.getCallbacks();
        if (holder.getIdxOfCurrentCallback() > callbacks.length - 1) {
            LOG.warning("--- holder.idxOfCurrentCallback " + holder.getIdxOfCurrentCallback() + " > holder.callbacks.length-1 " + (holder.getCallbacks().length - 1) + " in gatherUserInput - submitting/set callbacks=null");
            try {
                holder.getAuthContext().submitRequirements(callbacks);
            } catch (final Throwable t) {
                LOG.error("Exception thrown while submitting callbacks. Rejecting access.", t);
                rejectAccessAndTerminateProcess(response, holder);
                return;
            }
            holder.setCallbacks(null);
        } else {
            final ReplyMessageAttribute msg = getNextCallbackReplyMsg(response, holder);
            if (msg == null) {
                // failed to inject and already sent a reject msg so stop processing at this point.
                return;
            }
            // if we get here then we have a challenge response message ready to send
            final AccessChallenge challenge = new AccessChallenge();
            if (state == null) {
                // as when starting authentication
                state = new StateAttribute(holder.getCacheKey());
            }
            challenge.addAttribute(state);
            challenge.addAttribute(msg);
            response.setResponsePacket(challenge);
            // exit out and await response to challenge response
            return;
        }
    }
}
Also used : StateAttribute(org.forgerock.openam.radius.common.StateAttribute) ReplyMessageAttribute(org.forgerock.openam.radius.common.ReplyMessageAttribute) PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback) HttpCallback(com.sun.identity.authentication.spi.HttpCallback) RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) ChoiceCallback(javax.security.auth.callback.ChoiceCallback) NameCallback(javax.security.auth.callback.NameCallback) ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback) Callback(javax.security.auth.callback.Callback) AccessChallenge(org.forgerock.openam.radius.common.AccessChallenge)

Aggregations

AccessChallenge (org.forgerock.openam.radius.common.AccessChallenge)3 IOException (java.io.IOException)2 AccessReject (org.forgerock.openam.radius.common.AccessReject)2 Packet (org.forgerock.openam.radius.common.Packet)2 ReplyMessageAttribute (org.forgerock.openam.radius.common.ReplyMessageAttribute)2 StateAttribute (org.forgerock.openam.radius.common.StateAttribute)2 RADIUSServer (com.sun.identity.authentication.modules.radius.RADIUSServer)1 HttpCallback (com.sun.identity.authentication.spi.HttpCallback)1 PagePropertiesCallback (com.sun.identity.authentication.spi.PagePropertiesCallback)1 RedirectCallback (com.sun.identity.authentication.spi.RedirectCallback)1 ConnectException (java.net.ConnectException)1 DatagramPacket (java.net.DatagramPacket)1 InetSocketAddress (java.net.InetSocketAddress)1 SocketTimeoutException (java.net.SocketTimeoutException)1 ByteBuffer (java.nio.ByteBuffer)1 DatagramChannel (java.nio.channels.DatagramChannel)1 SecureRandom (java.security.SecureRandom)1 Date (java.util.Date)1 Callback (javax.security.auth.callback.Callback)1 ChoiceCallback (javax.security.auth.callback.ChoiceCallback)1