Mercurial > 510Connectbot
comparison src/net/sourceforge/jsocks/server/IdentAuthenticator.java @ 349:205ee2873330
update jsocks to 2011-03-19
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Fri, 01 Aug 2014 11:23:10 -0700 |
| parents | |
| children | 72de889ecfe7 |
comparison
equal
deleted
inserted
replaced
| 348:29076621bab0 | 349:205ee2873330 |
|---|---|
| 1 package socks.server; | |
| 2 import net.sourceforge.jsocks.InetRange; | |
| 3 import net.sourceforge.jsocks.ProxyMessage; | |
| 4 import java.util.Hashtable; | |
| 5 import java.util.Vector; | |
| 6 import java.util.Enumeration; | |
| 7 import java.net.*; | |
| 8 import java.io.*; | |
| 9 | |
| 10 /** | |
| 11 An implementation of socks.ServerAuthentication which provides | |
| 12 simple authentication based on the host from which the connection | |
| 13 is made and the name of the user on the remote machine, as reported | |
| 14 by identd daemon on the remote machine. | |
| 15 <p> | |
| 16 It can also be used to provide authentication based only on the contacting | |
| 17 host address. | |
| 18 */ | |
| 19 | |
| 20 public class IdentAuthenticator extends ServerAuthenticatorNone{ | |
| 21 /** Vector of InetRanges */ | |
| 22 Vector hosts; | |
| 23 | |
| 24 /** Vector of user hashes*/ | |
| 25 Vector users; | |
| 26 | |
| 27 String user; | |
| 28 | |
| 29 | |
| 30 /** | |
| 31 Constructs empty IdentAuthenticator. | |
| 32 */ | |
| 33 public IdentAuthenticator(){ | |
| 34 hosts = new Vector(); | |
| 35 users = new Vector(); | |
| 36 } | |
| 37 /** | |
| 38 Used to create instances returned from startSession. | |
| 39 @param in Input stream. | |
| 40 @param out OutputStream. | |
| 41 @param user Username associated with this connection,could be | |
| 42 null if name was not required. | |
| 43 */ | |
| 44 IdentAuthenticator(InputStream in,OutputStream out, String user){ | |
| 45 super(in,out); | |
| 46 this.user = user; | |
| 47 } | |
| 48 | |
| 49 /** | |
| 50 Adds range of addresses from which connection is allowed. Hashtable | |
| 51 users should contain user names as keys and anything as values | |
| 52 (value is not used and will be ignored). | |
| 53 @param hostRange Range of ip addresses from which connection is allowed. | |
| 54 @param users Hashtable of users for whom connection is allowed, or null | |
| 55 to indicate that anybody is allowed to connect from the hosts within given | |
| 56 range. | |
| 57 */ | |
| 58 public synchronized void add(InetRange hostRange,Hashtable users){ | |
| 59 this.hosts.addElement(hostRange); | |
| 60 this.users.addElement(users); | |
| 61 } | |
| 62 | |
| 63 /** | |
| 64 Grants permission only to those users, who connect from one of the | |
| 65 hosts registered with add(InetRange,Hashtable) and whose names, as | |
| 66 reported by identd daemon, are listed for the host the connection | |
| 67 came from. | |
| 68 */ | |
| 69 public ServerAuthenticator startSession(Socket s) | |
| 70 throws IOException{ | |
| 71 | |
| 72 int ind = getRangeIndex(s.getInetAddress()); | |
| 73 String user = null; | |
| 74 | |
| 75 //System.out.println("getRangeReturned:"+ind); | |
| 76 | |
| 77 if(ind < 0) return null; //Host is not on the list. | |
| 78 | |
| 79 ServerAuthenticatorNone auth = (ServerAuthenticatorNone) | |
| 80 super.startSession(s); | |
| 81 | |
| 82 //System.out.println("super.startSession() returned:"+auth); | |
| 83 if(auth == null) return null; | |
| 84 | |
| 85 //do the authentication | |
| 86 | |
| 87 Hashtable user_names = (Hashtable) users.elementAt(ind); | |
| 88 | |
| 89 if(user_names != null){ //If need to do authentication | |
| 90 Ident ident; | |
| 91 ident = new Ident(s); | |
| 92 //If can't obtain user name, fail | |
| 93 if(!ident.successful) return null; | |
| 94 //If user name is not listed for this address, fail | |
| 95 if(!user_names.containsKey(ident.userName)) return null; | |
| 96 user = ident.userName; | |
| 97 } | |
| 98 return new IdentAuthenticator(auth.in,auth.out,user); | |
| 99 | |
| 100 } | |
| 101 /** | |
| 102 For SOCKS5 requests allways returns true. For SOCKS4 requests | |
| 103 checks wether the user name supplied in the request corresponds | |
| 104 to the name obtained from the ident daemon. | |
| 105 */ | |
| 106 public boolean checkRequest(ProxyMessage msg,java.net.Socket s){ | |
| 107 //If it's version 5 request, or if anybody is permitted, return true; | |
| 108 if(msg.version == 5 || user == null) | |
| 109 return true; | |
| 110 | |
| 111 if(msg.version != 4) return false; //Who knows? | |
| 112 | |
| 113 return user.equals(msg.user); | |
| 114 } | |
| 115 | |
| 116 /** Get String representaion of the IdentAuthenticator.*/ | |
| 117 public String toString(){ | |
| 118 String s = ""; | |
| 119 | |
| 120 for(int i=0;i<hosts.size();++i) | |
| 121 s += "Range:"+hosts.elementAt(i)+"\nUsers:"+userNames(i)+"\n"; | |
| 122 return s; | |
| 123 } | |
| 124 | |
| 125 //Private Methods | |
| 126 ////////////////// | |
| 127 private int getRangeIndex(InetAddress ip){ | |
| 128 int index = 0; | |
| 129 Enumeration eEnum = hosts.elements(); | |
| 130 while(eEnum.hasMoreElements()){ | |
| 131 InetRange ir = (InetRange) eEnum.nextElement(); | |
| 132 if(ir.contains(ip)) return index; | |
| 133 index++; | |
| 134 } | |
| 135 return -1; //Not found | |
| 136 } | |
| 137 | |
| 138 private String userNames(int i){ | |
| 139 if(users.elementAt(i) == null) return "Everybody is permitted."; | |
| 140 | |
| 141 Enumeration eEnum = ((Hashtable)users.elementAt(i)).keys(); | |
| 142 if(!eEnum.hasMoreElements()) return ""; | |
| 143 String s = eEnum.nextElement().toString(); | |
| 144 while(eEnum.hasMoreElements()) | |
| 145 s += "; "+eEnum.nextElement(); | |
| 146 | |
| 147 return s; | |
| 148 } | |
| 149 | |
| 150 } |