Author: david.lloyd(a)jboss.com Date: 2008-02-21 00:25:03 -0500 (Thu, 21 Feb 2008) New Revision: 3461 Modified: remoting3/trunk/jrpp/src/main/java/org/jboss/cx/remoting/jrpp/JrppConnection.java Log: Properly handle failures caused by the inability to process the server challenge; in this case, restart the auth process Modified: remoting3/trunk/jrpp/src/main/java/org/jboss/cx/remoting/jrpp/JrppConnection.java =================================================================== --- remoting3/trunk/jrpp/src/main/java/org/jboss/cx/remoting/jrpp/JrppConnection.java 2008-02-21 03:01:31 UTC (rev 3460) +++ remoting3/trunk/jrpp/src/main/java/org/jboss/cx/remoting/jrpp/JrppConnection.java 2008-02-21 05:25:03 UTC (rev 3461) @@ -241,6 +241,8 @@ ((NameCallback)callback).setName("anonymous"); } else if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword(new char[0]); + } else if (callback instanceof RealmCallback) { + ((RealmCallback)callback).setText("default"); } else { throw new UnsupportedCallbackException(callback, "Default anonymous client callback handler cannot support this callback type"); } @@ -350,7 +352,7 @@ private void close() { state.transition(State.CLOSED); - ioSession.close().awaitUninterruptibly(); + ioSession.close(); protocolContext.closeSession(); } @@ -644,6 +646,43 @@ default: break OUT; } } + case AWAITING_CLIENT_RESPONSE: { + switch (type) { + case SASL_RESPONSE: { + if (trace) { + log.trace("Recevied SASL response from client"); + } + byte[] bytes = new byte[input.remaining()]; + input.readFully(bytes); + SaslServerFilter saslServerFilter = getSaslServerFilter(); + try { + if (saslServerFilter.handleSaslResponse(ioSession, bytes)) { + final IoBuffer buffer = newBuffer(60, false); + final MessageOutput output = protocolContext.getMessageOutput(new IoBufferByteOutput(buffer, ioSession)); + write(output, MessageType.AUTH_SUCCESS); + output.commit(); + saslServerFilter.startEncryption(ioSession); + state.requireTransition(State.AWAITING_CLIENT_RESPONSE, State.UP); + } + } catch (SaslException ex) { + final IoBuffer buffer = newBuffer(100, true); + final MessageOutput output = protocolContext.getMessageOutput(new IoBufferByteOutput(buffer, ioSession)); + write(output, MessageType.AUTH_FAILED); + output.writeUTF("Authentication failed: " + ex.getMessage()); + output.commit(); + log.debug("Client authentication failed (" + ex.getMessage() + ")"); + // todo - retry counter - JBREM-907 + state.requireTransition(State.AWAITING_CLIENT_RESPONSE, State.AWAITING_CLIENT_AUTH_REQUEST); + } + return; + } + case AUTH_REQUEST: { + state.transition(State.AWAITING_CLIENT_AUTH_REQUEST); + break; // fall thru to AWAITING_CLIENT_AUTH_REQUEST/AUTH_REQUEST + } + default: break OUT; + } + } case AWAITING_CLIENT_AUTH_REQUEST: { switch (type) { case AUTH_REQUEST: { @@ -666,9 +705,9 @@ final MessageOutput output = protocolContext.getMessageOutput(new IoBufferByteOutput(buffer, ioSession)); write(output, MessageType.AUTH_SUCCESS); output.commit(); - state.requireTransition(State.AWAITING_CLIENT_VERSION, State.UP); + state.requireTransition(State.UP); } else { - state.requireTransition(State.AWAITING_CLIENT_VERSION, State.AWAITING_CLIENT_RESPONSE); + state.requireTransition(State.AWAITING_CLIENT_RESPONSE); } } catch (SaslException ex) { final IoBuffer buffer = newBuffer(100, true); @@ -692,54 +731,27 @@ final String name = input.readUTF(); remoteName = name.length() > 0 ? name : null; sendAuthRequest(); - state.requireTransition(State.AWAITING_SERVER_VERSION, State.AWAITING_SERVER_CHALLENGE); + state.requireTransition(State.AWAITING_SERVER_CHALLENGE); return; } default: break OUT; } } - case AWAITING_CLIENT_RESPONSE: { + case AWAITING_SERVER_CHALLENGE: { switch (type) { - case SASL_RESPONSE: { - if (trace) { - log.trace("Recevied SASL response from client"); - } + case SASL_CHALLENGE: { byte[] bytes = new byte[input.remaining()]; input.readFully(bytes); - SaslServerFilter saslServerFilter = getSaslServerFilter(); + SaslClientFilter saslClientFilter = getSaslClientFilter(); try { - if (saslServerFilter.handleSaslResponse(ioSession, bytes)) { - final IoBuffer buffer = newBuffer(60, false); - final MessageOutput output = protocolContext.getMessageOutput(new IoBufferByteOutput(buffer, ioSession)); - write(output, MessageType.AUTH_SUCCESS); - output.commit(); - saslServerFilter.startEncryption(ioSession); - state.requireTransition(State.AWAITING_CLIENT_RESPONSE, State.UP); - } + saslClientFilter.handleSaslChallenge(ioSession, bytes); } catch (SaslException ex) { - final IoBuffer buffer = newBuffer(100, true); - final MessageOutput output = protocolContext.getMessageOutput(new IoBufferByteOutput(buffer, ioSession)); - write(output, MessageType.AUTH_FAILED); - output.writeUTF("Authentication failed: " + ex.getMessage()); - output.commit(); - log.info("Client authentication failed (" + ex.getMessage() + ")"); + log.debug("Failed to handle challenge from server; reset and try again"); // todo - retry counter - JBREM-907 - state.requireTransition(State.AWAITING_CLIENT_RESPONSE, State.AWAITING_CLIENT_AUTH_REQUEST); + sendAuthRequest(); } return; } - default: break OUT; - } - } - case AWAITING_SERVER_CHALLENGE: { - switch (type) { - case SASL_CHALLENGE: { - byte[] bytes = new byte[input.remaining()]; - input.readFully(bytes); - SaslClientFilter saslClientFilter = getSaslClientFilter(); - saslClientFilter.handleSaslChallenge(ioSession, bytes); - return; - } case AUTH_SUCCESS: { SaslClientFilter saslClientFilter = getSaslClientFilter(); saslClientFilter.startEncryption(ioSession); @@ -748,7 +760,7 @@ } case AUTH_FAILED: { String reason = input.readUTF(); - log.info("JRPP client failed to authenticate: %s", reason); + log.debug("JRPP client failed to authenticate: %s", reason); final SaslClientFilter oldClientFilter = getSaslClientFilter(); oldClientFilter.destroy(); final CallbackHandler callbackHandler = getClientCallbackHandler(attributeMap);