Exemple #1
0
func (this *Server) handleConnection(out net.Conn, ip net.IP, port int) {

	req, err := msg.DecodeMessage(out)
	if err != nil {
		log.Println(err)
		return
	}

	conn := &Connection{Req: req, Out: out, Realm: Realm}

	switch req.Type() {
	case msg.Binding | msg.Request:

		if this.auth == nil {
			log.Println("Binding to address:", ip, port)
			res := msg.NewResponse(msg.Success, req)
			xorAddr := msg.NewXORAddress(ip, port, res.Header())
			res.AddAttribute(xorAddr)

			out.Write(res.EncodeMessage())

			this.conns <- conn
			return
		}

		if this.Validate(conn) {
			conn.Write(msg.NewResponse(msg.Success, req))
			this.conns <- conn
		}

	default: // Unrecognized messages
		this.conns <- conn
	}
}
Exemple #2
0
// If the request is not valid this function sends a proper message back to the
// client.  Updates user, passwd, and realm fields in conn.  Not all fields are
// guaranteed to be correct unless Validate() return true
func (this *Server) Validate(conn *Connection) bool {

	req := conn.Req

	// Request attributes
	integrity, iErr := req.Attribute(msg.MessageIntegrity)
	user, uErr := req.Attribute(msg.Username)
	_, rErr := req.Attribute(msg.Realm)
	nonce, nErr := req.Attribute(msg.Nonce)
	ok := false

	// Response attributes
	res := msg.NewResponse(msg.Error, req)
	n := msg.NewNonce()

	if uErr == nil {
		conn.User = user.(*msg.UserAttr).String()
		conn.Passwd, ok = this.auth.Password(conn.User)
		if ok {
			conn.HasAuth = true
		}
	}

	if iErr != nil {
		// Reject request
		e, _ := msg.NewErrorAttr(msg.Unauthorized, "Unauthorized")
		res.AddAttribute(e)
		res.AddAttribute(this.realm)
		res.AddAttribute(n)

		log.Println("No Integrity")
		conn.Write(res)
		return false

	} else if uErr != nil || rErr != nil || nErr != nil {
		// Reject request
		e, _ := msg.NewErrorAttr(msg.BadRequest, "Bad Request")
		res.AddAttribute(e)

		log.Println("Missing user, nonce, or realm")
		conn.Write(res)
		return false

	} else if !ok {
		// Reject request
		res := msg.NewResponse(msg.Error, req)
		e, _ := msg.NewErrorAttr(msg.Unauthorized, "User Not Found")
		res.AddAttribute(e)
		res.AddAttribute(this.realm)
		res.AddAttribute(n)

		log.Println("User Not Found")
		conn.Write(res)
		return false

	} else if !msg.ValidNonce(nonce) {
		// Reject request
		e, _ := msg.NewErrorAttr(msg.StaleNonce, "Stale Nonce")
		res.AddAttribute(e)
		res.AddAttribute(this.realm)
		res.AddAttribute(n)

		log.Println("Invalid Nonce")
		conn.Write(res)
		return false

	} else if !msg.ToIntegrity(integrity).Valid(conn.User, conn.Passwd, Realm, req) {

		e, _ := msg.NewErrorAttr(msg.Unauthorized, "Unauthorized")
		res.AddAttribute(e)
		res.AddAttribute(this.realm)
		res.AddAttribute(n)

		log.Println("Invalid integrity")
		conn.Write(res)
		return false
	}

	return true
}