diff -r 000000000000 -r d54786065fa3 src/org/sonews/acl/DrupalAuthInfoCommand.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/org/sonews/acl/DrupalAuthInfoCommand.java Wed Oct 19 21:40:51 2011 +0200 @@ -0,0 +1,107 @@ +/* + * SONEWS News Server + * see AUTHORS for the list of contributors + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package org.sonews.acl; + +import java.io.IOException; +import java.util.Arrays; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import org.sonews.daemon.NNTPConnection; +import org.sonews.daemon.command.Command; +import org.sonews.storage.StorageBackendException; +import org.sonews.storage.StorageManager; +import org.sonews.storage.StorageProvider; +import org.sonews.storage.impl.DrupalDatabaseProvider; + +/** + * + * @author František Kučera (frantovo.cz) + */ +public class DrupalAuthInfoCommand implements Command { + + private static final Logger log = Logger.getLogger(DrupalAuthInfoCommand.class.getName()); + private static String[] SUPPORTED_COMMANDS = {"AUTHINFO"}; + + @Override + public boolean hasFinished() { + return true; + } + + @Override + public String impliedCapability() { + return "AUTHINFO"; + } + + @Override + public boolean isStateful() { + return false; + } + + @Override + public String[] getSupportedCommandStrings() { + return SUPPORTED_COMMANDS; + } + + @Override + public void processLine(NNTPConnection conn, String line, byte[] rawLine) throws IOException, StorageBackendException { + Pattern commandPattern = Pattern.compile("AUTHINFO (USER|PASS) (.*)", Pattern.CASE_INSENSITIVE); + Matcher commandMatcher = commandPattern.matcher(line); + + if (commandMatcher.matches()) { + + if (conn.isUserAuthenticated()) { + conn.println("502 Command unavailable (you are already authenticated)"); + } else if ("USER".equalsIgnoreCase(commandMatcher.group(1))) { + conn.setUsername(commandMatcher.group(2)); + conn.println("381 Password required"); + log.log(Level.FINE, "User ''{0}'' greets us. We are waiting for his password.", conn.getUsername()); + } else if ("PASS".equalsIgnoreCase(commandMatcher.group(1))) { + if (conn.getUsername() == null) { + conn.println("482 Authentication commands issued out of sequence"); + } else { + + char[] password = commandMatcher.group(2).toCharArray(); + boolean goodPassword = StorageManager.current().authenticateUser(conn.getUsername(), password); + Arrays.fill(password, '*'); + commandMatcher = null; + + if (goodPassword) { + conn.println("281 Authentication accepted"); + conn.setUserAuthenticated(true); + log.log(Level.INFO, "User ''{0}'' has been succesfully authenticated.", conn.getUsername()); + } else { + log.log(Level.INFO, "User ''{0}'' has provided wrong password.", conn.getUsername()); + conn.setUsername(null); + conn.setUserAuthenticated(false); + conn.println("481 Authentication failed: wrong password"); + } + + } + } else { + // impossible, see commandPattern + conn.println("500 Unknown command"); + } + + + } else { + conn.println("500 Unknown command, expecting AUTHINFO USER username or AUTHINFO PASS password "); + } + } +}