/** * Handles a GMS header * @param gms_hdr * @param msg * @return true if the message should be passed up, or else false */ protected boolean handleAuthHeader(GMS.GmsHeader gms_hdr, AuthHeader auth_hdr, Message msg) { if(needsAuthentication(gms_hdr)) { if(this.auth_token.authenticate(auth_hdr.getToken(), msg)) return true; // authentication passed, send message up the stack else { log.warn("%s: failed to validate AuthHeader (token: %s) from %s; dropping message and sending " + "rejection message", local_addr, auth_token.getClass().getSimpleName(), msg.src()); sendRejectionMessage(gms_hdr.getType(), msg.getSrc(), "authentication failed"); return false; } } return true; }
/** * An event was received from the layer below. Usually the current layer will want to examine the event type and * - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating * the internal membership list when receiving a VIEW_CHANGE event). * Finally the event is either a) discarded, or b) an event is sent down the stack using {@code down_prot.down()} * or c) the event (or another event) is sent up the stack using {@code up_prot.up()}. */ public Object up(Message msg) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { sendRejectionMessage(gms_hdr.getType(), msg.src(), "no AUTH header found in message"); throw new IllegalStateException(String.format("found %s from %s but no AUTH header", gms_hdr, msg.src())); } if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed return null; // don't pass up } if(!callUpHandlers(msg)) return null; return up_prot.up(msg); }
protected boolean serverChallenge(GmsHeader gmsHeader, SaslHeader saslHeader, Message msg) { switch (gmsHeader.getType()) { case GmsHeader.JOIN_REQ: case GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: } else { log.warn("failed to validate SaslHeader from %s, header: %s", msg.getSrc(), saslHeader); sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); return false; sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); } catch (InterruptedException e) { return false;
if((hdr != null) && (hdr.getType() == GMS.GmsHeader.JOIN_REQ)){ if(log.isDebugEnabled()){ log.debug("AUTH got up event");
protected boolean serverChallenge(GmsHeader gmsHeader, SaslHeader saslHeader, Message msg) { switch (gmsHeader.getType()) { case GmsHeader.JOIN_REQ: case GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: } else { log.warn("failed to validate SaslHeader from %s, header: %s", msg.getSrc(), saslHeader); sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); return false; sendRejectionMessage(gmsHeader.getType(), msg.getSrc(), "authentication failed"); } catch (InterruptedException e) { return false;
/** * An event is to be sent down the stack. The layer may want to examine its type and perform * some action on it, depending on the event's type. If the event is a message MSG, then * the layer may need to add a header to it (or do nothing at all) before sending it down * the stack using <code>down_prot.down()</code>. In case of a GET_ADDRESS event (which tries to * retrieve the stack's address from one of the bottom layers), the layer may need to send * a new response event back up the stack using <code>up_prot.up()</code>. */ public Object down(Event evt) { GMS.GmsHeader hdr = isJoinMessage(evt); if((hdr != null) && (hdr.getType() == GMS.GmsHeader.JOIN_REQ)){ if(log.isDebugEnabled()){ log.debug("AUTH got down event"); } //we found a join request message - now add an AUTH Header Message msg = (Message)evt.getArg(); AuthHeader authHeader = new AuthHeader(); authHeader.setToken(this.serverSideToken); msg.putHeader(AUTH.NAME, authHeader); if(log.isDebugEnabled()){ log.debug("AUTH passing down event"); } } if((hdr != null) && (hdr.getType() == GMS.GmsHeader.JOIN_RSP)){ if(log.isDebugEnabled()){ log.debug(hdr.toString()); } } return down_prot.down(evt); }
/** * An event was received from the layer below. Usually the current layer will want to examine the event type and * - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating * the internal membership list when receiving a VIEW_CHANGE event). * Finally the event is either a) discarded, or b) an event is sent down the stack using {@code down_prot.down()} * or c) the event (or another event) is sent up the stack using {@code up_prot.up()}. */ public Object up(Message msg) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { sendRejectionMessage(gms_hdr.getType(), msg.src(), "no AUTH header found in message"); throw new IllegalStateException(String.format("found %s from %s but no AUTH header", gms_hdr, msg.src())); } if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed return null; // don't pass up } if(!callUpHandlers(msg)) return null; return up_prot.up(msg); }
@Override public void up(MessageBatch batch) { for (Message msg : batch) { // If we have a join or merge request --> authenticate, else pass up GmsHeader gmsHeader =msg.getHeader(GMS_ID); Address remoteAddress = msg.getSrc(); if (needsAuthentication(gmsHeader, remoteAddress)) { SaslHeader saslHeader =msg.getHeader(id); if (saslHeader == null) { log.warn("Found GMS join or merge request but no SASL header"); sendRejectionMessage(gmsHeader.getType(), batch.sender(), "join or merge without an SASL header"); batch.remove(msg); } else if (!serverChallenge(gmsHeader, saslHeader, msg)) // authentication failed batch.remove(msg); // don't pass up } } if (!batch.isEmpty()) up_prot.up(batch); }
/** * Handles a GMS header * @param gms_hdr * @param msg * @return true if the message should be passed up, or else false */ protected boolean handleAuthHeader(GMS.GmsHeader gms_hdr, AuthHeader auth_hdr, Message msg) { if(needsAuthentication(gms_hdr)) { if(this.auth_token.authenticate(auth_hdr.getToken(), msg)) return true; // authentication passed, send message up the stack else { log.warn("%s: failed to validate AuthHeader (token: %s) from %s; dropping message and sending " + "rejection message", local_addr, auth_token.getClass().getSimpleName(), msg.src()); sendRejectionMessage(gms_hdr.getType(), msg.getSrc(), "authentication failed"); return false; } } return true; }
private boolean needsAuthentication(GmsHeader hdr, Address remoteAddress) { if (hdr != null) { switch (hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: return true; case GMS.GmsHeader.MERGE_REQ: return !isSelf(remoteAddress); case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.MERGE_RSP: return false; default: return false; } } else { return false; } }
public void up(MessageBatch batch) { for(Message msg: batch) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { log.warn("%s: found GMS join or merge request from %s but no AUTH header", local_addr, batch.sender()); sendRejectionMessage(gms_hdr.getType(), batch.sender(), "join or merge without an AUTH header"); batch.remove(msg); } else if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed batch.remove(msg); // don't pass up } } if(!batch.isEmpty()) up_prot.up(batch); }
/** Checks if a message needs to be encrypted/decrypted, or whether it can bypass encryption */ protected static boolean skip(GMS.GmsHeader hdr) { if(hdr == null) return false; switch(hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: case GMS.GmsHeader.MERGE_REQ: case GMS.GmsHeader.MERGE_RSP: case GMS.GmsHeader.VIEW_ACK: case GMS.GmsHeader.GET_DIGEST_REQ: case GMS.GmsHeader.GET_DIGEST_RSP: return true; } return false; }
protected boolean needsAuthentication(GMS.GmsHeader hdr) { switch(hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: case GMS.GmsHeader.MERGE_REQ: return true; case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.MERGE_RSP: case GMS.GmsHeader.INSTALL_MERGE_VIEW: return this.authenticate_coord; default: return false; } }
protected static boolean isJoinOrInstallViewMessage(GMS.GmsHeader hdr) { if(hdr == null) return false; switch(hdr.getType()) { case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.INSTALL_MERGE_VIEW: return true; } return false; }
private boolean needsAuthentication(GmsHeader hdr, Address remoteAddress) { if (hdr != null) { switch (hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: return true; case GMS.GmsHeader.MERGE_REQ: return !isSelf(remoteAddress); case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.MERGE_RSP: return false; default: return false; } } else { return false; } }
public void up(MessageBatch batch) { for(Message msg: batch) { // If we have a join or merge request --> authenticate, else pass up GMS.GmsHeader gms_hdr=getGMSHeader(msg); if(gms_hdr != null && needsAuthentication(gms_hdr)) { AuthHeader auth_hdr=msg.getHeader(id); if(auth_hdr == null) { log.warn("%s: found GMS join or merge request from %s but no AUTH header", local_addr, batch.sender()); sendRejectionMessage(gms_hdr.getType(), batch.sender(), "join or merge without an AUTH header"); batch.remove(msg); } else if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed batch.remove(msg); // don't pass up } } if(!batch.isEmpty()) up_prot.up(batch); }
/** Checks if a message needs to be encrypted/decrypted, or whether it can bypass encryption */ protected static boolean skip(GMS.GmsHeader hdr) { if(hdr == null) return false; switch(hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: case GMS.GmsHeader.MERGE_REQ: case GMS.GmsHeader.MERGE_RSP: case GMS.GmsHeader.VIEW_ACK: case GMS.GmsHeader.GET_DIGEST_REQ: case GMS.GmsHeader.GET_DIGEST_RSP: return true; } return false; }
protected boolean needsAuthentication(GMS.GmsHeader hdr) { switch(hdr.getType()) { case GMS.GmsHeader.JOIN_REQ: case GMS.GmsHeader.JOIN_REQ_WITH_STATE_TRANSFER: case GMS.GmsHeader.MERGE_REQ: return true; case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.MERGE_RSP: case GMS.GmsHeader.INSTALL_MERGE_VIEW: return this.authenticate_coord; default: return false; } }
@Override public void up(MessageBatch batch) { for (Message msg : batch) { // If we have a join or merge request --> authenticate, else pass up GmsHeader gmsHeader =msg.getHeader(GMS_ID); Address remoteAddress = msg.getSrc(); if (needsAuthentication(gmsHeader, remoteAddress)) { SaslHeader saslHeader =msg.getHeader(id); if (saslHeader == null) { log.warn("Found GMS join or merge request but no SASL header"); sendRejectionMessage(gmsHeader.getType(), batch.sender(), "join or merge without an SASL header"); batch.remove(msg); } else if (!serverChallenge(gmsHeader, saslHeader, msg)) // authentication failed batch.remove(msg); // don't pass up } } if (!batch.isEmpty()) up_prot.up(batch); }
protected static boolean isJoinOrInstallViewMessage(GMS.GmsHeader hdr) { if(hdr == null) return false; switch(hdr.getType()) { case GMS.GmsHeader.JOIN_RSP: case GMS.GmsHeader.INSTALL_MERGE_VIEW: return true; } return false; }