src/org/sonews/acl/AuthInfoCommand.java
author František Kučera <franta-hg@frantovo.cz>
Mon Nov 07 17:35:43 2011 +0100 (2011-11-07)
changeset 117 79ce65d63cce
parent 101 d54786065fa3
child 118 ba7ea56fd672
permissions -rw-r--r--
ACL: uživatel v Article bude jako User ne jen jako String.
     1 /*
     2  *   SONEWS News Server
     3  *   see AUTHORS for the list of contributors
     4  *
     5  *   This program is free software: you can redistribute it and/or modify
     6  *   it under the terms of the GNU General Public License as published by
     7  *   the Free Software Foundation, either version 3 of the License, or
     8  *   (at your option) any later version.
     9  *
    10  *   This program is distributed in the hope that it will be useful,
    11  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  *   GNU General Public License for more details.
    14  *
    15  *   You should have received a copy of the GNU General Public License
    16  *   along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  */
    18 package org.sonews.acl;
    19 
    20 import java.io.IOException;
    21 import java.util.Arrays;
    22 import java.util.logging.Level;
    23 import java.util.logging.Logger;
    24 import java.util.regex.Matcher;
    25 import java.util.regex.Pattern;
    26 import org.sonews.daemon.NNTPConnection;
    27 import org.sonews.daemon.command.Command;
    28 import org.sonews.storage.StorageBackendException;
    29 import org.sonews.storage.StorageManager;
    30 
    31 /**
    32  *
    33  * @author František Kučera (frantovo.cz)
    34  */
    35 public class AuthInfoCommand implements Command {
    36 
    37 	private static final Logger log = Logger.getLogger(AuthInfoCommand.class.getName());
    38 	private static String[] SUPPORTED_COMMANDS = {"AUTHINFO"};
    39 
    40 	@Override
    41 	public boolean hasFinished() {
    42 		return true;
    43 	}
    44 
    45 	@Override
    46 	public String impliedCapability() {
    47 		return "AUTHINFO";
    48 	}
    49 
    50 	@Override
    51 	public boolean isStateful() {
    52 		return false;
    53 	}
    54 
    55 	@Override
    56 	public String[] getSupportedCommandStrings() {
    57 		return SUPPORTED_COMMANDS;
    58 	}
    59 
    60 	@Override
    61 	public void processLine(NNTPConnection conn, String line, byte[] rawLine) throws IOException, StorageBackendException {
    62 		Pattern commandPattern = Pattern.compile("AUTHINFO (USER|PASS) (.*)", Pattern.CASE_INSENSITIVE);
    63 		Matcher commandMatcher = commandPattern.matcher(line);
    64 
    65 		if (commandMatcher.matches()) {
    66 
    67 			if (conn.getUser() != null && conn.getUser().isAuthenticated()) {
    68 				conn.println("502 Command unavailable (you are already authenticated)");
    69 			} else if ("USER".equalsIgnoreCase(commandMatcher.group(1))) {
    70 				conn.setUser(new User(commandMatcher.group(2)));
    71 				conn.println("381 Password required"); // ask user for his password
    72 				log.log(Level.FINE, "User ''{0}'' greets us. We are waiting for his password.", conn.getUser().getUserName());
    73 			} else if ("PASS".equalsIgnoreCase(commandMatcher.group(1))) {
    74 				if (conn.getUser() == null) {
    75 					conn.println("482 Authentication commands issued out of sequence");
    76 				} else {
    77 
    78 					char[] password = commandMatcher.group(2).toCharArray();
    79 					boolean goodPassword = StorageManager.current().authenticateUser(conn.getUser().getUserName(), password);
    80 					Arrays.fill(password, '*');
    81 					commandMatcher = null;
    82 
    83 					if (goodPassword) {
    84 						conn.println("281 Authentication accepted");
    85 						conn.getUser().setAuthenticated(true);
    86 						log.log(Level.INFO, "User ''{0}'' has been succesfully authenticated.", conn.getUser().getUserName());
    87 					} else {
    88 						log.log(Level.INFO, "User ''{0}'' has provided wrong password.", conn.getUser().getUserName());
    89 						conn.setUser(null);
    90 						conn.println("481 Authentication failed: wrong password");
    91 					}
    92 
    93 				}
    94 			} else {
    95 				// impossible, see commandPattern
    96 				conn.println("500 Unknown command");
    97 			}
    98 
    99 
   100 		} else {
   101 			conn.println("500 Unknown command, expecting AUTHINFO USER username or AUTHINFO PASS password ");
   102 		}
   103 	}
   104 }