You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2011/05/31 19:42:10 UTC
svn commit: r1129820 - in /james/imap/trunk:
message/src/main/java/org/apache/james/imap/decode/parser/
message/src/main/java/org/apache/james/imap/message/request/
processor/src/main/java/org/apache/james/imap/processor/
Author: norman
Date: Tue May 31 17:42:09 2011
New Revision: 1129820
URL: http://svn.apache.org/viewvc?rev=1129820&view=rev
Log:
Add support for SASL-IR. See IMAP-310
Added:
james/imap/trunk/message/src/main/java/org/apache/james/imap/message/request/IRAuthenticateRequest.java
Modified:
james/imap/trunk/message/src/main/java/org/apache/james/imap/decode/parser/AuthenticateCommandParser.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
Modified: james/imap/trunk/message/src/main/java/org/apache/james/imap/decode/parser/AuthenticateCommandParser.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/message/src/main/java/org/apache/james/imap/decode/parser/AuthenticateCommandParser.java?rev=1129820&r1=1129819&r2=1129820&view=diff
==============================================================================
--- james/imap/trunk/message/src/main/java/org/apache/james/imap/decode/parser/AuthenticateCommandParser.java (original)
+++ james/imap/trunk/message/src/main/java/org/apache/james/imap/decode/parser/AuthenticateCommandParser.java Tue May 31 17:42:09 2011
@@ -26,9 +26,10 @@ import org.apache.james.imap.decode.Imap
import org.apache.james.imap.decode.DecodingException;
import org.apache.james.imap.decode.base.AbstractImapCommandParser;
import org.apache.james.imap.message.request.AuthenticateRequest;
+import org.apache.james.imap.message.request.IRAuthenticateRequest;
/**
- * Parses AUTHENTICATE commands
+ * Parses AUTHENTICATE commands and also support SASL-IR (RFC4959)
*/
public class AuthenticateCommandParser extends AbstractImapCommandParser {
@@ -46,9 +47,19 @@ public class AuthenticateCommandParser e
* org.apache.james.imap.api.process.ImapSession)
*/
protected ImapMessage decode(ImapCommand command, ImapRequestLineReader request, String tag, ImapSession session) throws DecodingException {
+ ImapMessage result;
String authType = request.astring();
- request.eol();
- final ImapMessage result = new AuthenticateRequest(command, authType, tag);
+ try {
+ result = new AuthenticateRequest(command, authType, tag);
+
+ request.eol();
+ } catch (DecodingException e) {
+ // Ok this means we have some SASL-IR request to parse
+ String initialClientResponse = request.astring();
+ result = new IRAuthenticateRequest(command, authType, tag, initialClientResponse);
+
+ request.eol();
+ }
return result;
}
Added: james/imap/trunk/message/src/main/java/org/apache/james/imap/message/request/IRAuthenticateRequest.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/message/src/main/java/org/apache/james/imap/message/request/IRAuthenticateRequest.java?rev=1129820&view=auto
==============================================================================
--- james/imap/trunk/message/src/main/java/org/apache/james/imap/message/request/IRAuthenticateRequest.java (added)
+++ james/imap/trunk/message/src/main/java/org/apache/james/imap/message/request/IRAuthenticateRequest.java Tue May 31 17:42:09 2011
@@ -0,0 +1,41 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+package org.apache.james.imap.message.request;
+
+import org.apache.james.imap.api.ImapCommand;
+
+/**
+ * A {@link AuthenticateRequest} which also contains the initialClientResponse as stated in RFC4959
+ *
+ */
+public class IRAuthenticateRequest extends AuthenticateRequest{
+
+ private final String initialClientResponse;
+
+ public IRAuthenticateRequest(ImapCommand command, String authType, String tag, String initialClientResponse) {
+ super(command, authType, tag);
+ this.initialClientResponse = initialClientResponse;
+ }
+
+ public String getInitialClientResponse() {
+ return initialClientResponse;
+ }
+
+
+}
Modified: james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java?rev=1129820&r1=1129819&r2=1129820&view=diff
==============================================================================
--- james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java (original)
+++ james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java Tue May 31 17:42:09 2011
@@ -32,9 +32,15 @@ import org.apache.james.imap.api.process
import org.apache.james.imap.api.process.ImapProcessor;
import org.apache.james.imap.api.process.ImapSession;
import org.apache.james.imap.message.request.AuthenticateRequest;
+import org.apache.james.imap.message.request.IRAuthenticateRequest;
import org.apache.james.imap.message.response.AuthenticateResponse;
import org.apache.james.mailbox.MailboxManager;
+/**
+ * Processor which handles the AUTHENTICATE command. Only authtype of PLAIN is supported ATM.
+ *
+ *
+ */
public class AuthenticateProcessor extends AbstractAuthProcessor<AuthenticateRequest> implements CapabilityImplementingProcessor{
private final static String PLAIN = "PLAIN";
@@ -59,54 +65,25 @@ public class AuthenticateProcessor exten
if (session.isPlainAuthDisallowed() && session.isTLSActive() == false) {
no(command, tag, responder, HumanReadableText.DISABLED_LOGIN);
} else {
- responder.respond(new AuthenticateResponse());
- session.pushLineHandler(new ImapLineHandler() {
+ if (request instanceof IRAuthenticateRequest) {
+ IRAuthenticateRequest irRequest = (IRAuthenticateRequest) request;
+ doPlainAuth(irRequest.getInitialClientResponse(), session, tag, command, responder);
+ } else {
+ responder.respond(new AuthenticateResponse());
+ session.pushLineHandler(new ImapLineHandler() {
- public void onLine(ImapSession session, byte[] data) {
- String user = null, pass = null;
- try {
- // strip of the newline
- String userpass = new String(data, 0, data.length - 2, Charset.forName("US-ASCII"));
-
- userpass = new String(Base64.decodeBase64(userpass));
- StringTokenizer authTokenizer = new StringTokenizer(userpass, "\0");
- String authorize_id = authTokenizer.nextToken(); // Authorization Identity
- user = authTokenizer.nextToken(); // Authentication Identity
- try {
- pass = authTokenizer.nextToken(); // Password
- } catch (java.util.NoSuchElementException _) {
- // If we got here, this is what happened. RFC 2595
- // says that "the client may leave the authorization
- // identity empty to indicate that it is the same as
- // the authentication identity." As noted above,
- // that would be represented as a decoded string of
- // the form: "\0authenticate-id\0password". The
- // first call to nextToken will skip the empty
- // authorize-id, and give us the authenticate-id,
- // which we would store as the authorize-id. The
- // second call will give us the password, which we
- // think is the authenticate-id (user). Then when
- // we ask for the password, there are no more
- // elements, leading to the exception we just
- // caught. So we need to move the user to the
- // password, and the authorize_id to the user.
- pass = user;
- user = authorize_id;
- }
-
- authTokenizer = null;
- } catch (Exception e) {
- // Ignored - this exception in parsing will be dealt
- // with in the if clause below
- }
- // Authenticate user
- doAuth(user, pass, session, tag, command, responder, HumanReadableText.AUTHENTICATION_FAILED);
-
- // remove the handler now
- session.popLineHandler();
+ public void onLine(ImapSession session, byte[] data) {
+ // cut of the CRLF
+ String initialClientResponse = new String(data, 0, data.length - 2, Charset.forName("US-ASCII"));
+
+ doPlainAuth(initialClientResponse, session, tag, command, responder);
+
+ // remove the handler now
+ session.popLineHandler();
- }
- });
+ }
+ });
+ }
}
} else {
session.getLog().info("Unsupported authentication mechanism '" + authType + "'");
@@ -114,6 +91,55 @@ public class AuthenticateProcessor exten
}
}
+ /**
+ * Parse the initialClientResponse and do a PLAIN AUTH with it
+ *
+ * @param initialClientResponse
+ * @param session
+ * @param tag
+ * @param command
+ * @param responder
+ */
+ protected void doPlainAuth(String initialClientResponse, ImapSession session, String tag, ImapCommand command, Responder responder) {
+ String pass = null;
+ String user = null;
+ try {
+
+ String userpass = new String(Base64.decodeBase64(initialClientResponse));
+ StringTokenizer authTokenizer = new StringTokenizer(userpass, "\0");
+ String authorize_id = authTokenizer.nextToken(); // Authorization Identity
+ user = authTokenizer.nextToken(); // Authentication Identity
+ try {
+ pass = authTokenizer.nextToken(); // Password
+ } catch (java.util.NoSuchElementException _) {
+ // If we got here, this is what happened. RFC 2595
+ // says that "the client may leave the authorization
+ // identity empty to indicate that it is the same as
+ // the authentication identity." As noted above,
+ // that would be represented as a decoded string of
+ // the form: "\0authenticate-id\0password". The
+ // first call to nextToken will skip the empty
+ // authorize-id, and give us the authenticate-id,
+ // which we would store as the authorize-id. The
+ // second call will give us the password, which we
+ // think is the authenticate-id (user). Then when
+ // we ask for the password, there are no more
+ // elements, leading to the exception we just
+ // caught. So we need to move the user to the
+ // password, and the authorize_id to the user.
+ pass = user;
+ user = authorize_id;
+ }
+
+ authTokenizer = null;
+ } catch (Exception e) {
+ // Ignored - this exception in parsing will be dealt
+ // with in the if clause below
+ }
+ // Authenticate user
+ doAuth(user, pass, session, tag, command, responder, HumanReadableText.AUTHENTICATION_FAILED);
+ }
+
/*
* (non-Javadoc)
* @see org.apache.james.imap.processor.CapabilityImplementingProcessor#getImplementedCapabilities(org.apache.james.imap.api.process.ImapSession)
@@ -125,6 +151,8 @@ public class AuthenticateProcessor exten
if (session.isPlainAuthDisallowed() == false || session.isTLSActive()) {
caps.add("AUTH=PLAIN");
}
+ // Support for SASL-IR. See RFC4959
+ caps.add("SASL-IR");
return caps;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org