/* (non-Javadoc)
   * @see net.jradius.handler.EventHandler#handle(net.jradius.server.JRadiusEvent)
   */
  public boolean handle(JRadiusEvent evt) throws Exception {
    if (evt instanceof SessionExpiredEvent) {
      SessionExpiredEvent event = (SessionExpiredEvent) evt;
      JRadiusSession session = event.getSession();
      if (session == null) return true;

      RadiusLog.debug("Processing Session Expired Event for Session: " + session.getSessionKey());

      if (session.getSessionState() == JRadiusSession.RADIUS_ERROR) {
        onRadiusError(event);
      } else if ((session.getSessionState() & JRadiusSession.ACCT_STOPPED) != 0) {
        onAcctStopped(event);
      } else if ((session.getSessionState() & JRadiusSession.ACCT_STARTED) != 0) {
        onAcctStarted(event);
      } else if ((session.getSessionState() & JRadiusSession.AUTH_REJECTED) != 0) {
        onAuthRejected(event);
      } else if ((session.getSessionState() & JRadiusSession.AUTH_ACCEPTED) != 0) {
        Long serviceType = session.getServiceType();
        if (serviceType != null) {
          int iServiceType = serviceType.intValue();
          if (iServiceType != 6
              && // Administrative-User
              iServiceType != 8) // Authenticate-Only
          {
            onAuthAccepted(event);
          }
        }
      } else if ((session.getSessionState() & JRadiusSession.AUTH_REJECTED) != 0) {
        onAuthPending(event);
      }

      return true;
    }
    return false;
  }
Beispiel #2
0
  /**
   * Listen for one object and place it on the request queue
   *
   * @throws IOException
   * @throws InterruptedException
   * @throws RadiusException
   */
  public void listen() throws Exception {
    RadiusLog.debug("Listening on socket...");
    Socket socket = serverSocket.accept();

    socket.setTcpNoDelay(false);

    if (keepAlive) {
      KeepAliveListener keepAliveListener = new KeepAliveListener(socket, this, queue);
      keepAliveListener.start();

      synchronized (keepAliveListeners) {
        keepAliveListeners.add(keepAliveListener);
      }
    } else {
      TCPListenerRequest lr = (TCPListenerRequest) requestObjectPool.borrowObject();
      lr.setBorrowedFromPool(requestObjectPool);
      lr.accept(socket, this, false, false);

      while (true) {
        try {
          this.queue.put(lr);
          break;
        } catch (InterruptedException e) {
        }
      }
    }
  }
 public void onAuthPending(SessionExpiredEvent event) {
   RadiusLog.problem(
       null,
       event.getSession(),
       null,
       "Expired in Auth-Pending state (no response from service provider)");
 }
Beispiel #4
0
 public void setConfiguration(ListenerConfigurationItem cfg) {
   try {
     setConfiguration(cfg, false);
   } catch (Exception e) {
     e.printStackTrace();
     RadiusLog.error("Invalid JRadius configuration.", e);
   }
 }
 public void onAcctStarted(SessionExpiredEvent event) {
   JRadiusSession session = event.getSession();
   String error = "Session Expired in Accounting-Started state, Accounting never stopped";
   RadiusLog.warn(session.getSessionKey() + ": " + error);
   JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
   logEntry.setType("error");
   logEntry.addMessage(error);
 }
 public void notifyElementExpired(Ehcache cache, Element element) {
   JRadiusSession session = (JRadiusSession) element.getValue();
   RadiusLog.debug("Expired session: " + session.getSessionKey());
   if (JRadiusServer.getEventDispatcher() != null) {
     SessionExpiredEvent evt = new SessionExpiredEvent(session);
     evt.setApplicationContext(applicationContext);
     JRadiusServer.getEventDispatcher().post(evt);
   }
 }
 public void onAuthAccepted(SessionExpiredEvent event) {
   JRadiusSession session = event.getSession();
   String error = "Session Expired in Auth-Accepted state, Accounting never started";
   RadiusLog.warn(session.getSessionKey() + ": " + error);
   JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
   logEntry.setType("error");
   logEntry.addMessage(error);
   session.commitLogEntries(JRadiusServer.RLM_MODULE_FAIL);
 }
 public void onRadiusError(SessionExpiredEvent event) {
   JRadiusSession session = event.getSession();
   String error = "Session Expired in Error State";
   RadiusLog.error(session.getSessionKey() + ": " + error);
   JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
   logEntry.setType("error");
   logEntry.addMessage(error);
   session.commitLogEntries(JRadiusServer.RLM_MODULE_FAIL);
 }
 private synchronized void release(JRadiusSession session) {
   String thisThread = Thread.currentThread().getName();
   String sessionToUnlock = session.getSessionKey();
   String sessionOwner = (String) locks.get(sessionToUnlock);
   if (sessionOwner != null) {
     if (sessionOwner.equals(thisThread)) {
       locks.remove(sessionToUnlock);
       RadiusLog.debug("Release: Thread " + thisThread + " unlocking session " + sessionToUnlock);
     } else {
       RadiusLog.error(
           "Releasing session lock not owned by this thread (owner="
               + sessionOwner
               + ",this="
               + thisThread
               + ")");
     }
   }
   notifyAll();
 }
Beispiel #10
0
  /** The thread's run method repeatedly calls listen() */
  public void run() {
    while (getActive()) {
      try {
        Thread.yield();
        listen();
      } catch (SocketException e) {
        if (getActive() == false) {
          break;
        } else {
          RadiusLog.error("Socket exception", e);
        }
      } catch (InterruptedException e) {
      } catch (SSLException e) {
        RadiusLog.error("Error occured in TCPListener.", e);
        active = false;
      } catch (Throwable e) {
        RadiusLog.error("Error occured in TCPListener.", e);
      }
    }

    RadiusLog.debug("Listener: " + this.getClass().getName() + " exiting (not active)");
  }
 private void initialize() {
   try {
     // If we can find the extended JRadius classes, configure
     // the default RadiusSessionKeyProvider and RadiusSessionFactory
     Class c;
     c = Class.forName("net.jradius.session.RadiusSessionKeyProvider");
     providers.put(null, c.newInstance());
     c = Class.forName("net.jradius.session.RadiusSessionFactory");
     factories.put(null, c.newInstance());
   } catch (Exception e) {
     RadiusLog.error(
         "Could not find extended JRadius classes - not running JRadiusSessionManager");
     throw new RuntimeException(e);
   }
 }
 private synchronized void lock(JRadiusSession session) {
   String thisThread = Thread.currentThread().getName();
   String sessionToLock = session.getSessionKey();
   String sessionOwner = null;
   while (true) {
     sessionOwner = (String) locks.get(sessionToLock);
     if (sessionOwner == null) {
       locks.put(sessionToLock, thisThread);
       RadiusLog.debug("Lock: Thread " + thisThread + " locked session " + sessionToLock);
       break;
     } else if (sessionOwner.equals(thisThread)) {
       break;
     } else {
       try {
         wait();
       } catch (InterruptedException ex) {
       }
     }
   }
 }
Beispiel #13
0
 static {
   // Supported Authentication Protocols
   registerAuthenticator("pap", PAPAuthenticator.class);
   registerAuthenticator("chap", CHAPAuthenticator.class);
   registerAuthenticator("mschapv1", MSCHAPv1Authenticator.class);
   registerAuthenticator("mschapv2", MSCHAPv2Authenticator.class);
   registerAuthenticator("mschap", MSCHAPv2Authenticator.class);
   registerAuthenticator("eap-md5", EAPMD5Authenticator.class);
   registerAuthenticator("eap-mschapv2", EAPMSCHAPv2Authenticator.class);
   try {
     registerAuthenticator("eap-tls", "net.jradius.client.auth.EAPTLSAuthenticator");
     registerAuthenticator("eap-ttls", "net.jradius.client.auth.EAPTTLSAuthenticator");
     registerAuthenticator("peap", "net.jradius.client.auth.PEAPAuthenticator");
     // registerAuthenticator("eap-aka",  "net.jradius.client.auth.EAPAKAAuthenticator");
   } catch (ClassNotFoundException e) {
     RadiusLog.warn("EAP-TLS and EAP-TTLS are only available with Java 1.5");
   }
   // Lets use the Gnu-Crypto Provider
   // if (java.security.Security.getProvider("GNU-CRYPTO") == null)
   // java.security.Security.addProvider(new gnu.crypto.jce.GnuCrypto());
 }
Beispiel #14
0
  /**
   * Get a supported RadiusAuthenticator based on the protocol name. If no protocol with that name
   * is supported, null is returned. If the authenticator class for the named protocol has writable
   * bean properties, these can be set by appending a colon separated list of property=value pairs
   * to the protocolName. For instance, the EAP-TLS (and EAP-TTLS since it derives from EAP-TLS)
   * authenticator class has numerous configurable properties (including keyFile, keyFileType,
   * keyPassword, etc).
   *
   * <p>Examples:
   *
   * <ul>
   *   <li>getAuthProtocol("pap") returns PAPAuthenticator
   *   <li>getAuthProtocol("chap") returns CHAPAuthenticator
   *   <li>getAuthProtocol("eap-md5") returns EAPMD5Authenticator
   *   <li>getAuthProtocol("eap-ttls") returns default EALTTLSAuthenticator
   *   <li>getAuthProtocol("eap-tls:keyFile=keystore:keyPassword=mypass") returns
   *       EALTLSAuthenticator with setKeyFile("keystore") and setKeyPassword("mypass")
   *   <li>getAuthProtocol("eap-ttls:trustAll=true") returns EALTTLSAuthenticator with
   *       setTrustAll(true)
   * </ul>
   *
   * Keep in mind that Java 1.5 is required for EAP-TLS/TTLS and only PAP is usable as the inner
   * protocol because of limitations of Java 1.5.
   *
   * <p>
   *
   * @param protocolName The requested authentication protocol
   * @return Returns an instance of RadiusAuthenticator or null
   */
  public static RadiusAuthenticator getAuthProtocol(String protocolName) {
    RadiusAuthenticator auth = null;
    String[] args = null;
    int i;

    if ((i = protocolName.indexOf(':')) > 0) {
      if (i < protocolName.length()) {
        args = protocolName.substring(i + 1).split(":");
      }
      protocolName = protocolName.substring(0, i);
    }

    protocolName = protocolName.toLowerCase();

    Class<?> c = (Class<?>) authenticators.get(protocolName);

    if (c == null) return null;

    try {
      auth = (RadiusAuthenticator) c.newInstance();
    } catch (Exception e) {
      RadiusLog.error("Invalid auth protocol", e);
      return null;
    }

    if (args != null) {
      HashMap<String, PropertyDescriptor> elements = new HashMap<String, PropertyDescriptor>();
      Class<?> clazz = auth.getClass();
      PropertyDescriptor[] props = null;
      try {
        props = Introspector.getBeanInfo(clazz).getPropertyDescriptors();
      } catch (Exception e) {
        RadiusLog.error("Could not instanciate authenticator " + protocolName, e);
        return auth;
      }
      for (int p = 0; p < props.length; p++) {
        PropertyDescriptor pd = props[p];
        Method m = pd.getWriteMethod();
        if (m != null) {
          elements.put(pd.getName(), pd);
        }
      }
      for (int a = 0; a < args.length; a++) {
        int eq = args[a].indexOf("=");
        if (eq > 0) {
          String name = args[a].substring(0, eq);
          String value = args[a].substring(eq + 1);

          PropertyDescriptor pd = (PropertyDescriptor) elements.get(name);
          Method m = pd.getWriteMethod();

          if (m == null) {
            RadiusLog.error(
                "Authenticator " + protocolName + " does not have a writable attribute " + name);
          } else {
            Object valueObject = value;
            Class<?> cType = pd.getPropertyType();
            if (cType == Boolean.class) {
              valueObject = new Boolean(value);
            } else if (cType == Integer.class) {
              valueObject = new Integer(value);
            }
            try {
              m.invoke(auth, new Object[] {valueObject});
            } catch (Exception e) {
              RadiusLog.error(
                  "Error setting attribute " + name + " for authenticator " + protocolName, e);
            }
          }
        }
      }
    }
    return auth;
  }
 private void put(Serializable key, Serializable value) {
   RadiusLog.debug("Adding session key: " + key);
   sessionCache.put(new Element(key, value));
 }
 private void remove(Serializable key) {
   RadiusLog.debug("Removing session key: " + key);
   sessionCache.remove(key);
 }
  /**
   * Returns a session object. First, a key is generated by the session manager's key provider,
   * based on the JRadiusRequest. If there is a stored session based on the key, this session is
   * returned, otherwise a new session created by the session factory is returned
   *
   * @param request a JRadiusRequest used to retrieve or generate a session with
   * @return Returns a RadiusSession
   * @throws RadiusException
   */
  public JRadiusSession getSession(JRadiusRequest request) throws RadiusException {
    SessionKeyProvider skp = getSessionKeyProvider(request.getSender());
    Serializable key = skp.getAppSessionKey(request);
    JRadiusSession session = null;
    Serializable nkey = null;

    if (key != null) {
      RadiusLog.debug("** Looking for session: " + key);
      session = getSession(request, key);
      if (session == null) {
        RadiusLog.error("Broken JRadius-Session-Id implementation for session: " + key);
        key = null;
      }
    }

    if (key == null) {
      key = skp.getClassKey(request);

      if (key != null) {
        RadiusLog.debug("** Looking for session: " + key);
        session = getSession(request, key);
        if (session == null) {
          RadiusLog.error("Broken Class implementation for session: " + key);
          key = null;
        } else {
          if (session.getJRadiusKey() != null
              && !session.getJRadiusKey().equals(session.getSessionKey())) {
            rehashSession(session, session.getJRadiusKey(), key);
          }
        }
      }
    }

    if (key == null) {
      Serializable keys = skp.getRequestSessionKey(request);

      if (keys == null) {
        return null;
      }

      if (keys instanceof Serializable[]) {
        key = ((Serializable[]) (keys))[0];
        nkey = ((Serializable[]) (keys))[1];
        RadiusLog.debug("Rehashing session with key " + key + " under new key " + nkey);
      } else {
        key = keys;
      }

      RadiusLog.debug("** Looking for session: " + key);
      session = getSession(request, key);

      if (session != null && nkey != null && !nkey.equals(key)) {
        rehashSession(session, key, nkey);
      }
    }

    if (session == null) {
      session = newSession(request, nkey == null ? key : nkey);
    } else {
      session.setNewSession(false);
    }

    session.setTimeStamp(System.currentTimeMillis());
    session.setLastRadiusRequest(request);

    return session;
  }
 public void onAuthRejected(SessionExpiredEvent event) {
   RadiusLog.debug("Rejected Session Expired: " + event);
 }
 public void onAcctStopped(SessionExpiredEvent event) {
   RadiusLog.debug("Completed Session Expired: " + event);
 }