geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject svn commit: r1633281 - in /geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src: main/java/org/apache/geronimo/javamail/authentication/ main/java/org/apache/geronimo/javamail/store/imap/connection/ main/java/org/apache/geron...
Date Tue, 21 Oct 2014 06:29:51 GMT
Author: rmannibucau
Date: Tue Oct 21 06:29:50 2014
New Revision: 1633281

URL: http://svn.apache.org/r1633281
Log:
GERONIMO-6526 patch from Hendrik Saly, handling authId in authentication

Added:
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/test/java/org/apache/geronimo/javamail/store/imap/AuthenticationTest.java
Modified:
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/AuthenticatorFactory.java
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/PlainAuthenticator.java
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPConnection.java
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPResponseStream.java
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPTaggedResponse.java
    geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/util/MailConnection.java

Modified: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/AuthenticatorFactory.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/AuthenticatorFactory.java?rev=1633281&r1=1633280&r2=1633281&view=diff
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/AuthenticatorFactory.java
(original)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/AuthenticatorFactory.java
Tue Oct 21 06:29:50 2014
@@ -78,7 +78,7 @@ public class AuthenticatorFactory {
         } else if (mechanisms.contains(AUTHENTICATION_LOGIN)) {
             return new LoginAuthenticator(username, password);
         } else if (mechanisms.contains(AUTHENTICATION_PLAIN)) {
-            return new PlainAuthenticator(username, password);
+            return new PlainAuthenticator(authId, username, password);
         } else {
             // can't find a mechanism we support in common
             return null;

Modified: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/PlainAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/PlainAuthenticator.java?rev=1633281&r1=1633280&r2=1633281&view=diff
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/PlainAuthenticator.java
(original)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/PlainAuthenticator.java
Tue Oct 21 06:29:50 2014
@@ -23,8 +23,14 @@ import java.io.UnsupportedEncodingExcept
 
 import javax.mail.MessagingException;
 
+//Implements RFC 4616 PLAIN SASL mechanism
+//See also RFC 3501, section 6.2.2"
+//an RFC 2595, section 6"
 public class PlainAuthenticator implements ClientAuthenticator {
 
+    // the sasl authzid we're authenticating
+    protected String authzid;
+
     // the user we're authenticating
     protected String username;
 
@@ -36,17 +42,32 @@ public class PlainAuthenticator implemen
 
     /**
      * Main constructor.
-     * 
+     *
+     * @param authzid
+     *            SASL authenticationid (optional)
      * @param username
      *            The login user name.
      * @param password
      *            The login password.
      */
-    public PlainAuthenticator(String username, String password) {
+    public PlainAuthenticator(String authzid, String username, String password) {
+        this.authzid = authzid;
         this.username = username;
         this.password = password;
     }
 
+     /**
+      * Constructor without authzid
+      *
+      * @param username
+      *            The login user name.
+      * @param password
+      *            The login password.
+      */
+     public PlainAuthenticator(String username, String password) {
+         this(null, username, password);
+     }
+
     /**
      * Respond to the hasInitialResponse query. This mechanism does have an
      * initial response, which is the entire challenge sequence.
@@ -77,32 +98,25 @@ public class PlainAuthenticator implemen
 
     /**
      * Evaluate a PLAIN login challenge, returning the a result string that
-     * should satisfy the clallenge.
+     * should satisfy the challenge.
      * 
      * @param challenge
-     *            The decoded challenge data, as byte array.
+     *            For PLAIN Authentication there is no challenge (so this is unused)
      * 
-     * @return A formatted challege response, as an array of bytes.
+     * @return A formatted challenge response, as an array of bytes.
      * @exception MessagingException
      */
     public byte[] evaluateChallenge(byte[] challenge) throws MessagingException {
         try {
-            // get the username and password in an UTF-8 encoding to create the
-            // token
-            byte[] userBytes = username.getBytes("UTF-8");
-            byte[] passBytes = password.getBytes("UTF-8");
-
-            // our token has two copies of the username, one copy of the
-            // password, and nulls
-            // between
-            byte[] tokenBytes = new byte[(userBytes.length * 2) + passBytes.length + 2];
-
-            System.arraycopy(userBytes, 0, tokenBytes, 0, userBytes.length);
-            System.arraycopy(userBytes, 0, tokenBytes, userBytes.length + 1, userBytes.length);
-            System.arraycopy(passBytes, 0, tokenBytes, (userBytes.length * 2) + 2, passBytes.length);
+
+            String result = "\0"+username+"\0"+password;
+
+            if(authzid != null && authzid.length() > 0) {
+                result = authzid+result;
+            }
 
             complete = true;
-            return tokenBytes;
+            return result.getBytes("UTF-8");
 
         } catch (UnsupportedEncodingException e) {
             // got an error, fail this

Modified: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPConnection.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPConnection.java?rev=1633281&r1=1633280&r2=1633281&view=diff
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPConnection.java
(original)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPConnection.java
Tue Oct 21 06:29:50 2014
@@ -534,7 +534,7 @@ public class IMAPConnection extends Mail
      */
     protected boolean processPlainAuthentication() throws MessagingException {
         // go process the login.
-        return processLogin(new PlainAuthenticator(username, password));
+        return processLogin(new PlainAuthenticator(authid, username, password));
     }
 
 

Modified: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPResponseStream.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPResponseStream.java?rev=1633281&r1=1633280&r2=1633281&view=diff
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPResponseStream.java
(original)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPResponseStream.java
Tue Oct 21 06:29:50 2014
@@ -213,6 +213,10 @@ public class IMAPResponseStream {
             String tag = token.getValue();
             token = tokenizer.next();
             String status = token.getValue();
+            //handle plain authentication gracefully, see GERONIMO-6526
+            if("+".equals(tag) && status == null) {
+            	return new IMAPContinuationResponse(data);
+            }                      
             // primary information in one of these is the status field, which hopefully
             // is 'OK'
             return new IMAPTaggedResponse(tag, status, tokenizer.getRemainder(), data);

Modified: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPTaggedResponse.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPTaggedResponse.java?rev=1633281&r1=1633280&r2=1633281&view=diff
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPTaggedResponse.java
(original)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/store/imap/connection/IMAPTaggedResponse.java
Tue Oct 21 06:29:50 2014
@@ -113,6 +113,12 @@ public class IMAPTaggedResponse extends 
     {
         // we're passed back a challenge value, Base64 encoded.  Decode that portion of the

         // response data. 
+    	
+    	//handle plain authentication gracefully, see GERONIMO-6526
+    	if(response.length <= 2){
+    		return null;
+    	}
+    	
         return Base64.decode(response, 2, response.length - 2);
     }
     

Modified: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/util/MailConnection.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/util/MailConnection.java?rev=1633281&r1=1633280&r2=1633281&view=diff
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/util/MailConnection.java
(original)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/util/MailConnection.java
Tue Oct 21 06:29:50 2014
@@ -715,7 +715,7 @@ public class MailConnection {
             return new LoginAuthenticator(username, password);
         }
         else if (mechs.contains(AUTHENTICATION_PLAIN)) {
-            return new PlainAuthenticator(username, password);
+            return new PlainAuthenticator(authid, username, password);
         }
         else {
             // can't find a mechanism we support in common

Added: geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/test/java/org/apache/geronimo/javamail/store/imap/AuthenticationTest.java
URL: http://svn.apache.org/viewvc/geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/test/java/org/apache/geronimo/javamail/store/imap/AuthenticationTest.java?rev=1633281&view=auto
==============================================================================
--- geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/test/java/org/apache/geronimo/javamail/store/imap/AuthenticationTest.java
(added)
+++ geronimo/javamail/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/test/java/org/apache/geronimo/javamail/store/imap/AuthenticationTest.java
Tue Oct 21 06:29:50 2014
@@ -0,0 +1,193 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.javamail.store.imap;
+
+import junit.framework.TestCase;
+import org.apache.geronimo.mail.util.Base64;
+
+import javax.mail.Folder;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Store;
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.util.Properties;
+
+public class AuthenticationTest extends TestCase {
+
+    public void testAuthenticatePlain() throws Exception {
+
+        //greenmail does not have AUTHENTICATE "PLAIN" support
+        FakeImapAuthPlainServer fs = new FakeImapAuthPlainServer(null, "user", "pass");
+        fs.startServer();
+        // Setup JavaMail session
+        Properties props = new Properties();
+        props.setProperty("mail.imap.port", "5111");
+        props.setProperty("mail.debug", String.valueOf(true));
+        props.setProperty("mail.debug.auth", String.valueOf(true));
+
+        Session session = Session.getInstance(props);
+        Store store = session.getStore("imap");
+        store.connect("localhost", "user", "pass");
+        assertTrue(store.isConnected());
+        fs.join();
+        assertNull(fs.exception);
+    }
+
+    public void testAuthenticatePlainFail() throws Exception {
+
+        //greenmail does not have AUTHENTICATE "PLAIN" support
+        FakeImapAuthPlainServer fs = new FakeImapAuthPlainServer(null, "user", "pass");
+        fs.startServer();
+        // Setup JavaMail session
+        Properties props = new Properties();
+        props.setProperty("mail.imap.port", "5111");
+        props.setProperty("mail.debug", String.valueOf(true));
+        props.setProperty("mail.debug.auth", String.valueOf(true));
+        Session session = Session.getInstance(props);
+        Store store = session.getStore("imap");
+
+        try {
+
+            store.connect("localhost", "userXXX", "passXXX");
+            fail();
+        } catch (MessagingException e) {
+            //expected
+        }
+    }
+
+    public void testAuthenticatePlainAuthzid() throws Exception {
+
+        //greenmail does not have AUTHENTICATE "PLAIN" support
+        FakeImapAuthPlainServer fs = new FakeImapAuthPlainServer("authzid", "user", "pass");
+        fs.startServer();
+        // Setup JavaMail session
+        Properties props = new Properties();
+        props.setProperty("mail.imap.port", "5111");
+        props.setProperty("mail.debug", String.valueOf(true));
+        props.setProperty("mail.debug.auth", String.valueOf(true));
+        props.setProperty("mail.imap.sasl.authorizationid", "authzid");
+
+        Session session = Session.getInstance(props);
+        Store store = session.getStore("imap");
+        store.connect("localhost", "user", "pass");
+        assertTrue(store.isConnected());
+        fs.join();
+        assertNull(fs.exception);
+    }
+
+
+    private class FakeImapAuthPlainServer extends Thread{
+
+        private ServerSocket serverSocket;
+        private Socket socket;
+        private String authzid;
+        private String username;
+        private String password;
+        Exception exception;
+
+        private FakeImapAuthPlainServer(String authzid, String username, String password)
{
+            this.password = password;
+            this.username = username;
+            this.authzid = authzid==null?"":authzid;
+        }
+
+        void startServer() throws IOException {
+
+            serverSocket = new ServerSocket(5111);
+            this.setDaemon(false);
+            this.start();
+
+        }
+
+
+        public void run() {
+            try {
+                socket = serverSocket.accept();
+                BufferedReader br = new BufferedReader(new InputStreamReader(socket.getInputStream()));
+                PrintWriter pw = new PrintWriter(new OutputStreamWriter(socket.getOutputStream()));
+                pw.write("* OK ready\r\n");
+                pw.flush();
+                String tag = br.readLine().split(" ")[0];
+                pw.write("* OK IMAP4rev1 Server ready\r\n");
+                pw.write("* CAPABILITY IMAP4rev1 AUTH=PLAIN\r\n");
+                pw.write(tag+" OK CAPABILITY completed.\r\n");
+                pw.flush();
+                tag = br.readLine().split(" ")[0];
+                pw.write("+ \r\n");
+                pw.flush();
+                String authline = new String(Base64.decode(br.readLine()));
+                System.out.println("authline : "+authline );
+
+                if(!"".equals(authzid) && !(authzid+"\0"+username+"\0"+password).equals(authline))
{
+                    pw.write(tag+" BAD username password invalid.\r\n");
+                    pw.flush();
+                    return;
+                }
+
+                if("".equals(authzid) && !(username+"\0"+username+"\0"+password).equals(authline)
&& !("\0"+username+"\0"+password).equals(authline)) {
+                    pw.write(tag+" BAD username password invalid.\r\n");
+                    pw.flush();
+                    return;
+                }
+
+                pw.write(tag + " OK Authenticated.\r\n");
+                pw.flush();
+
+                String fin = br.readLine();
+                tag = fin.split(" ")[0];
+
+                if(fin.contains("CAPA")) {
+                    pw.write("* CAPABILITY IMAP4rev1 AUTH=PLAIN\r\n");
+                    pw.write(tag+" OK CAPABILITY completed.\r\n");
+                    pw.flush();
+                    tag = br.readLine().split(" ")[0];
+                    pw.write(tag+" OK NOOP.\r\n");
+                }
+                else {
+                    pw.write(tag+" OK NOOP.\r\n");
+                }
+
+                pw.flush();
+
+            } catch (Exception e) {
+                exception = e;
+            }finally {
+
+                try {
+                    socket.close();
+                } catch (Exception e) {
+                    //ignore
+                }
+
+                try {
+                    serverSocket.close();
+                } catch (Exception e) {
+                    //ignore
+                }
+
+            }
+        }
+    }
+
+}



Mime
View raw message