Example 11 with LocalClientSession
use of org.jivesoftware.openfire.session.LocalClientSession in project Openfire by igniterealtime.
the class ConnectionMultiplexerManager method removeSession.
private void removeSession(Session session) {
// Remove trace indicating that a connection manager is hosting a connection
StreamID streamID = session.getStreamID();
String connectionManagerDomain = streamIDs.remove(streamID);
// Remove trace indicating that a connection manager is hosting a session
if (connectionManagerDomain != null) {
Map<StreamID, LocalClientSession> sessions = sessionsByManager.get(connectionManagerDomain);
if (sessions != null) {
sessions.remove(streamID);
}
}
}
Also used :
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
StreamID(org.jivesoftware.openfire.StreamID)
Example 12 with LocalClientSession
use of org.jivesoftware.openfire.session.LocalClientSession in project Openfire by igniterealtime.
the class ConnectionMultiplexerManager method createClientSession.
/**
* Creates a new client session that was established to the specified connection manager.
* The new session will not be findable through its stream ID.
*
* @param connectionManagerDomain the connection manager that is handling the connection
* of the session.
* @param streamID the stream ID created by the connection manager for the new session.
* @param hostName the address's hostname of the client or null if using old connection manager.
* @param hostAddress the textual representation of the address of the client or null if using old CM.
* @return true if a session was created or false if the client should disconnect.
*/
public boolean createClientSession(String connectionManagerDomain, StreamID streamID, String hostName, String hostAddress) {
Connection connection = new ClientSessionConnection(connectionManagerDomain, hostName, hostAddress);
// Check if client is allowed to connect from the specified IP address. Ignore the checking if connection
// manager is old version and is not passing client's address
byte[] address = null;
try {
address = connection.getAddress();
} catch (UnknownHostException e) {
// Ignore
}
if (address == null || LocalClientSession.isAllowed(connection)) {
LocalClientSession session = SessionManager.getInstance().createClientSession(connection, streamID);
// Register that this streamID belongs to the specified connection manager
streamIDs.put(streamID, connectionManagerDomain);
// Register which sessions are being hosted by the speicifed connection manager
Map<StreamID, LocalClientSession> sessions = sessionsByManager.get(connectionManagerDomain);
if (sessions == null) {
synchronized (connectionManagerDomain.intern()) {
sessions = sessionsByManager.get(connectionManagerDomain);
if (sessions == null) {
sessions = new ConcurrentHashMap<>();
sessionsByManager.put(connectionManagerDomain, sessions);
}
}
}
sessions.put(streamID, session);
return true;
}
return false;
}
Also used :
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
StreamID(org.jivesoftware.openfire.StreamID)
UnknownHostException(java.net.UnknownHostException)
Connection(org.jivesoftware.openfire.Connection)
Example 13 with LocalClientSession
use of org.jivesoftware.openfire.session.LocalClientSession in project Openfire by igniterealtime.
the class IQAuthHandler method handleIQ.
@Override
public IQ handleIQ(IQ packet) throws UnauthorizedException, PacketException {
JID from = packet.getFrom();
LocalClientSession session = (LocalClientSession) sessionManager.getSession(from);
// If no session was found then answer an error (if possible)
if (session == null) {
Log.error("Error during authentication. Session not found in " + sessionManager.getPreAuthenticatedKeys() + " for key " + from);
// This error packet will probably won't make it through
IQ reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.internal_server_error);
return reply;
}
IQ response;
boolean resourceBound = false;
if (JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
try {
Element iq = packet.getElement();
Element query = iq.element("query");
Element queryResponse = probeResponse.createCopy();
if (IQ.Type.get == packet.getType()) {
String username = query.elementText("username");
if (username != null) {
queryResponse.element("username").setText(username);
}
response = IQ.createResultIQ(packet);
response.setChildElement(queryResponse);
// JID until the user actually authenticates with the server.
if (session.getStatus() != Session.STATUS_AUTHENTICATED) {
response.setTo((JID) null);
}
} else // Otherwise set query
{
if (query.elements().isEmpty()) {
// Anonymous authentication
response = anonymousLogin(session, packet);
resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
} else {
String username = query.elementText("username");
// Login authentication
String password = query.elementText("password");
String digest = null;
if (query.element("digest") != null) {
digest = query.elementText("digest").toLowerCase();
}
// If we're already logged in, this is a password reset
if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
// Check that a new password has been specified
if (password == null || password.trim().length() == 0) {
response = IQ.createResultIQ(packet);
response.setError(PacketError.Condition.not_allowed);
response.setType(IQ.Type.error);
} else {
// Check if a user is trying to change his own password
if (session.getUsername().equalsIgnoreCase(username)) {
response = passwordReset(password, packet, username, session);
} else // Check if an admin is trying to set the password for another user
if (XMPPServer.getInstance().getAdmins().contains(new JID(from.getNode(), from.getDomain(), null, true))) {
response = passwordReset(password, packet, username, session);
} else {
// User not authorized to change the password of another user
throw new UnauthorizedException();
}
}
} else {
// it is an auth attempt
response = login(username, query, packet, password, session, digest);
resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
}
}
}
} catch (UserNotFoundException | UnauthorizedException e) {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_authorized);
} catch (ConnectionException | InternalUnauthenticatedException e) {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.internal_server_error);
}
} else {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_authorized);
}
// Send the response directly since we want to be sure that we are sending it back
// to the correct session. Any other session of the same user but with different
// resource is incorrect.
session.process(response);
if (resourceBound) {
// After the client has been informed, inform all listeners as well.
SessionEventDispatcher.dispatchEvent(session, SessionEventDispatcher.EventType.resource_bound);
}
return null;
}
Also used :
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
JID(org.xmpp.packet.JID)
Element(org.dom4j.Element)
IQ(org.xmpp.packet.IQ)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Example 14 with LocalClientSession
use of org.jivesoftware.openfire.session.LocalClientSession in project Openfire by igniterealtime.
the class IQAuthHandler method login.
private IQ login(String username, Element iq, IQ packet, String password, LocalClientSession session, String digest) throws UnauthorizedException, UserNotFoundException, ConnectionException, InternalUnauthenticatedException {
// Verify the validity of the username
if (username == null || username.trim().length() == 0) {
throw new UnauthorizedException("Invalid username (empty or null).");
}
try {
Stringprep.nodeprep(username);
} catch (StringprepException e) {
throw new UnauthorizedException("Invalid username: " + username, e);
}
// Verify that specified resource is not violating any string prep rule
String resource = iq.elementText("resource");
if (resource != null) {
try {
resource = JID.resourceprep(resource);
} catch (StringprepException e) {
throw new UnauthorizedException("Invalid resource: " + resource, e);
}
} else {
// Answer a not_acceptable error since a resource was not supplied
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_acceptable);
return response;
}
if (!JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
throw new UnauthorizedException();
}
username = username.toLowerCase();
// Verify that supplied username and password are correct (i.e. user authentication was successful)
AuthToken token = null;
if (AuthFactory.supportsPasswordRetrieval()) {
if (password != null) {
token = AuthFactory.authenticate(username, password);
} else if (digest != null) {
token = authenticate(username, session.getStreamID().toString(), digest);
}
}
if (token == null) {
throw new UnauthorizedException();
}
// Verify if there is a resource conflict between new resource and existing one.
// Check if a session already exists with the requested full JID and verify if
// we should kick it off or refuse the new connection
ClientSession oldSession = routingTable.getClientRoute(new JID(username, serverName, resource, true));
if (oldSession != null) {
try {
int conflictLimit = sessionManager.getConflictKickLimit();
if (conflictLimit == SessionManager.NEVER_KICK) {
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.forbidden);
return response;
}
int conflictCount = oldSession.incrementConflictCount();
if (conflictCount > conflictLimit) {
// Send a stream:error before closing the old connection
StreamError error = new StreamError(StreamError.Condition.conflict);
oldSession.deliverRawText(error.toXML());
oldSession.close();
} else {
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.forbidden);
return response;
}
} catch (Exception e) {
Log.error("Error during login", e);
}
}
// Set that the new session has been authenticated successfully
session.setAuthToken(token, resource);
packet.setFrom(session.getAddress());
return IQ.createResultIQ(packet);
}
Also used :
StringprepException(gnu.inet.encoding.StringprepException)
StreamError(org.xmpp.packet.StreamError)
JID(org.xmpp.packet.JID)
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
ClientSession(org.jivesoftware.openfire.session.ClientSession)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
IQ(org.xmpp.packet.IQ)
AuthToken(org.jivesoftware.openfire.auth.AuthToken)
StringprepException(gnu.inet.encoding.StringprepException)
PacketException(org.jivesoftware.openfire.PacketException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
Aggregations
LocalClientSession (org.jivesoftware.openfire.session.LocalClientSession)14
ClientSession (org.jivesoftware.openfire.session.ClientSession)7
JID (org.xmpp.packet.JID)6
Element (org.dom4j.Element)4
StreamID (org.jivesoftware.openfire.StreamID)4
UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)3
UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)3
IQ (org.xmpp.packet.IQ)3
StringprepException (gnu.inet.encoding.StringprepException)2
UnknownHostException (java.net.UnknownHostException)2
AuthToken (org.jivesoftware.openfire.auth.AuthToken)2
ConnectionException (org.jivesoftware.openfire.auth.ConnectionException)2
InternalUnauthenticatedException (org.jivesoftware.openfire.auth.InternalUnauthenticatedException)2
PacketRejectedException (org.jivesoftware.openfire.interceptor.PacketRejectedException)2
Message (org.xmpp.packet.Message)2
Presence (org.xmpp.packet.Presence)2
StreamError (org.xmpp.packet.StreamError)2
ArrayList (java.util.ArrayList)1
Connection (org.jivesoftware.openfire.Connection)1
PacketException (org.jivesoftware.openfire.PacketException)1
