1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.kerberos.protocol;
21
22
23 import java.net.InetAddress;
24 import java.net.InetSocketAddress;
25
26 import javax.security.auth.kerberos.KerberosPrincipal;
27
28 import org.apache.directory.server.kerberos.kdc.KdcServer;
29 import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
30 import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService;
31 import org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingContext;
32 import org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService;
33 import org.apache.directory.server.kerberos.shared.KerberosMessageType;
34 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
35 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
36 import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
37 import org.apache.directory.server.kerberos.shared.messages.ErrorMessageModifier;
38 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
39 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
40 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
41 import org.apache.mina.common.IdleStatus;
42 import org.apache.mina.common.IoHandler;
43 import org.apache.mina.common.IoSession;
44 import org.apache.mina.common.TransportType;
45 import org.apache.mina.filter.codec.ProtocolCodecFilter;
46 import org.slf4j.Logger;
47 import org.slf4j.LoggerFactory;
48
49
50
51
52
53
54
55
56
57 public class KerberosProtocolHandler implements IoHandler
58 {
59 private static final Logger log = LoggerFactory.getLogger( KerberosProtocolHandler.class );
60
61 private KdcServer config;
62 private PrincipalStore store;
63 private static final String CONTEXT_KEY = "context";
64
65
66
67
68
69
70
71
72
73 public KerberosProtocolHandler( KdcServer config, PrincipalStore store )
74 {
75 this.config = config;
76 this.store = store;
77 }
78
79
80 public void sessionCreated( IoSession session ) throws Exception
81 {
82 if ( log.isDebugEnabled() )
83 {
84 log.debug( "{} CREATED: {}", session.getRemoteAddress(), session.getTransportType() );
85 }
86
87 if ( session.getTransportType() == TransportType.DATAGRAM )
88 {
89 session.getFilterChain().addFirst( "codec",
90 new ProtocolCodecFilter( KerberosUdpProtocolCodecFactory.getInstance() ) );
91 }
92 else
93 {
94 session.getFilterChain().addFirst( "codec",
95 new ProtocolCodecFilter( KerberosTcpProtocolCodecFactory.getInstance() ) );
96 }
97 }
98
99
100 public void sessionOpened( IoSession session )
101 {
102 if ( log.isDebugEnabled() )
103 {
104 log.debug( "{} OPENED", session.getRemoteAddress() );
105 }
106 }
107
108
109 public void sessionClosed( IoSession session )
110 {
111 if ( log.isDebugEnabled() )
112 {
113 log.debug( "{} CLOSED", session.getRemoteAddress() );
114 }
115 }
116
117
118 public void sessionIdle( IoSession session, IdleStatus status )
119 {
120 if ( log.isDebugEnabled() )
121 {
122 log.debug( "{} IDLE ({})", session.getRemoteAddress(), status );
123 }
124 }
125
126
127 public void exceptionCaught( IoSession session, Throwable cause )
128 {
129 log.error( session.getRemoteAddress() + " EXCEPTION", cause );
130 session.close();
131 }
132
133
134 public void messageReceived( IoSession session, Object message )
135 {
136 if ( log.isDebugEnabled() )
137 {
138 log.debug( "{} RCVD: {}", session.getRemoteAddress(), message );
139 }
140
141 InetAddress clientAddress = ( ( InetSocketAddress ) session.getRemoteAddress() ).getAddress();
142 KdcRequest request = ( KdcRequest ) message;
143
144 KerberosMessageType messageType = request.getMessageType();
145
146 try
147 {
148 switch ( messageType )
149 {
150 case AS_REQ :
151 AuthenticationContext authContext = new AuthenticationContext();
152 authContext.setConfig( config );
153 authContext.setStore( store );
154 authContext.setClientAddress( clientAddress );
155 authContext.setRequest( request );
156 session.setAttribute( CONTEXT_KEY, authContext );
157
158 AuthenticationService.execute( authContext );
159
160 session.write( authContext.getReply() );
161 break;
162
163 case TGS_REQ:
164 TicketGrantingContext tgsContext = new TicketGrantingContext();
165 tgsContext.setConfig( config );
166 tgsContext.setStore( store );
167 tgsContext.setClientAddress( clientAddress );
168 tgsContext.setRequest( request );
169 session.setAttribute( CONTEXT_KEY, tgsContext );
170
171 TicketGrantingService.execute( tgsContext );
172
173 session.write( tgsContext.getReply() );
174 break;
175
176 case AS_REP:
177 case TGS_REP:
178 throw new KerberosException( ErrorType.KRB_AP_ERR_BADDIRECTION );
179
180 default:
181 throw new KerberosException( ErrorType.KRB_AP_ERR_MSG_TYPE );
182 }
183 }
184 catch ( KerberosException ke )
185 {
186 String messageText = ke.getMessage() + " (" + ke.getErrorCode() + ")";
187
188 if ( log.isDebugEnabled() )
189 {
190 log.warn( messageText, ke );
191 }
192 else
193 {
194 log.warn( messageText );
195 }
196
197 ErrorMessage error = getErrorMessage( config.getServicePrincipal(), ke );
198
199 if ( log.isDebugEnabled() )
200 {
201 logErrorMessage( error );
202 }
203
204 session.write( error );
205 }
206 catch ( Exception e )
207 {
208 log.error( "Unexpected exception: " + e.getMessage(), e );
209
210 session.write( getErrorMessage( config.getServicePrincipal(), new KerberosException(
211 ErrorType.KDC_ERR_SVC_UNAVAILABLE ) ) );
212 }
213 }
214
215
216 public void messageSent( IoSession session, Object message )
217 {
218 if ( log.isDebugEnabled() )
219 {
220 log.debug( "{} SENT: {}", session.getRemoteAddress(), message );
221 }
222 }
223
224
225 protected ErrorMessage getErrorMessage( KerberosPrincipal principal, KerberosException exception )
226 {
227 ErrorMessageModifier modifier = new ErrorMessageModifier();
228
229 KerberosTime now = new KerberosTime();
230
231 modifier.setErrorCode( exception.getErrorCode() );
232 modifier.setExplanatoryText( exception.getMessage() );
233 modifier.setServerPrincipal( principal );
234 modifier.setServerTime( now );
235 modifier.setServerMicroSecond( 0 );
236 modifier.setExplanatoryData( exception.getExplanatoryData() );
237
238 return modifier.getErrorMessage();
239 }
240
241
242 protected void logErrorMessage( ErrorMessage error )
243 {
244 try
245 {
246 StringBuffer sb = new StringBuffer();
247
248 sb.append( "Responding to request with error:" );
249 sb.append( "\n\t" + "explanatory text: " + error.getExplanatoryText() );
250 sb.append( "\n\t" + "error code: " + error.getErrorCode() );
251 sb.append( "\n\t" + "clientPrincipal: " + error.getClientPrincipal() );
252 sb.append( "\n\t" + "client time: " + error.getClientTime() );
253 sb.append( "\n\t" + "serverPrincipal: " + error.getServerPrincipal() );
254 sb.append( "\n\t" + "server time: " + error.getServerTime() );
255
256 log.debug( sb.toString() );
257 }
258 catch ( Exception e )
259 {
260
261 log.error( "Error in reply monitor", e );
262 }
263 }
264 }