esiur/esiur-dotnet
2
0
Fork 0
mirror of https://github.com/esiur/esiur-dotnet.git synced 2026-06-13 22:48:42 +00:00
Code Issues Projects Releases Wiki Activity

Auth

Browse Source
This commit is contained in:
Ahmed Zamil
2026-06-01 18:00:07 +03:00
parent f13efe88e0
commit f3bfed4f77
4 changed files with 135 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Libraries/Esiur/Net/Packets/EpAuthPacketHeader.cs
+1
View File
@@ -22,5 +22,6 @@ namespace Esiur.Net.Packets
Identity, Identity,
AuthenticationProtocol, AuthenticationProtocol,
AuthenticationData, AuthenticationData,
ErrorMessage
} }
} }
Libraries/Esiur/Protocol/EpConnection.cs
+25 -7
View File
@@ -719,7 +719,7 @@ public partial class EpConnection : NetworkConnection, IStore
{ {
if (!(Server?.AllowUnauthorizedAccess ?? false)) if (!(Server?.AllowUnauthorizedAccess ?? false))
{ {
SendAuth(EpAuthPacketMethod.ErrorTerminate); SendAuthMessage(EpAuthPacketMethod.ErrorTerminate, "Unauthorized access not allowed.");
_invalidCredentials = true; _invalidCredentials = true;
//Close(); //Close();
return offset; return offset;
@@ -776,7 +776,8 @@ public partial class EpConnection : NetworkConnection, IStore
{ {
SendAuthHeaders(EpAuthPacketMethod.Denied, localHeaders); SendAuthHeaders(EpAuthPacketMethod.Denied, localHeaders);
_invalidCredentials = true; _invalidCredentials = true;
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
else if (authResult.Ruling == AuthenticationRuling.InProgress) else if (authResult.Ruling == AuthenticationRuling.InProgress)
{ {
@@ -795,6 +796,9 @@ public partial class EpConnection : NetworkConnection, IStore
} }
} }
else if (_authPacket.Command == EpAuthPacketCommand.Acknowledge) else if (_authPacket.Command == EpAuthPacketCommand.Acknowledge)
{
if (_authPacket.Method == EpAuthPacketMethod.ProceedToHandshake
|| _authPacket.Method == EpAuthPacketMethod.ProceedToFinalHandshake)
{ {
var remoteHeaders var remoteHeaders
= new Map<EpAuthPacketHeader, object>(); = new Map<EpAuthPacketHeader, object>();
@@ -835,7 +839,7 @@ public partial class EpConnection : NetworkConnection, IStore
else else
{ {
_invalidCredentials = true; _invalidCredentials = true;
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
return offset; return offset;
@@ -847,7 +851,7 @@ public partial class EpConnection : NetworkConnection, IStore
{ {
SendAuth(EpAuthPacketMethod.ErrorTerminate); SendAuth(EpAuthPacketMethod.ErrorTerminate);
_invalidCredentials = true; _invalidCredentials = true;
Close(); Task.Delay(100).ContinueWith(x => Close());
return offset; return offset;
} }
else if (authResult.Ruling == AuthenticationRuling.InProgress) else if (authResult.Ruling == AuthenticationRuling.InProgress)
@@ -887,7 +891,22 @@ public partial class EpConnection : NetworkConnection, IStore
//} //}
} }
}
else if (_authPacket.Method == EpAuthPacketMethod.Denied)
{
var errorMessage = "Authentication error.";
if (_authPacket.Tdu != null)
{
var parsed = Codec.ParseSync(_authPacket.Tdu.Value, _serverWarehouse);
if (parsed is string parsedErrorMsg)
errorMessage = parsedErrorMsg;
}
_invalidCredentials = true;
OnError?.Invoke(this, _authPacket.ErrorCode, errorMessage);
_openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error."));
}
} }
else if (_authPacket.Command == EpAuthPacketCommand.Action) else if (_authPacket.Command == EpAuthPacketCommand.Action)
{ {
@@ -910,7 +929,6 @@ public partial class EpConnection : NetworkConnection, IStore
SendAuth(EpAuthPacketMethod.ErrorTerminate); SendAuth(EpAuthPacketMethod.ErrorTerminate);
_invalidCredentials = true; _invalidCredentials = true;
Task.Delay(100).ContinueWith(x => Close()); Task.Delay(100).ContinueWith(x => Close());
// Close();
} }
else if (authResult.Ruling == AuthenticationRuling.InProgress) else if (authResult.Ruling == AuthenticationRuling.InProgress)
{ {
@@ -957,7 +975,7 @@ public partial class EpConnection : NetworkConnection, IStore
OnError?.Invoke(this, _authPacket.ErrorCode, errorMessage); OnError?.Invoke(this, _authPacket.ErrorCode, errorMessage);
_openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error.")); _openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error."));
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
else if (_authPacket.Method == EpAuthPacketMethod.Established) else if (_authPacket.Method == EpAuthPacketMethod.Established)
{ {
@@ -970,7 +988,7 @@ public partial class EpConnection : NetworkConnection, IStore
_invalidCredentials = true; _invalidCredentials = true;
OnError?.Invoke(this, _authPacket.ErrorCode, "Authentication error."); OnError?.Invoke(this, _authPacket.ErrorCode, "Authentication error.");
_openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error.")); _openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error."));
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
} }
else if (_authPacket.Method == EpAuthPacketMethod.IndicationEstablished) else if (_authPacket.Method == EpAuthPacketMethod.IndicationEstablished)
Libraries/Esiur/Protocol/EpConnectionProtocol.cs
+8
View File
@@ -161,6 +161,14 @@ partial class EpConnection
Send(new byte[] { (byte)method }); Send(new byte[] { (byte)method });
} }
void SendAuthMessage(EpAuthPacketMethod method, string message)
{
var bl = new BinaryList();
bl.AddUInt8((byte)((byte)method | 0x20));
bl.AddUInt8Array(Codec.Compose(message, null, this));
Send(bl.ToArray());
}
void SendAuthHeaders(EpAuthPacketMethod method, void SendAuthHeaders(EpAuthPacketMethod method,
Map<byte, object> authHeaders) Map<byte, object> authHeaders)
{ {
Libraries/Esiur/Security/Authority/Providers/PasswordAuthenticationHandler.cs
+28 -3
View File
@@ -88,6 +88,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 3)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote nonce, salt and challenge. // expect remote nonce, salt and challenge.
_remoteNonce = (byte[])remoteAuthData[0]; _remoteNonce = (byte[])remoteAuthData[0];
_remoteSalt = (byte[])remoteAuthData[1]; _remoteSalt = (byte[])remoteAuthData[1];
@@ -149,6 +152,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect responder identity and nonce. // expect responder identity and nonce.
_remoteNonce = (byte[])remoteAuthData[0]; _remoteNonce = (byte[])remoteAuthData[0];
_responderIdentity = (string)remoteAuthData[1]; _responderIdentity = (string)remoteAuthData[1];
@@ -185,6 +191,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 2) else if (_step == 2)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote challenge. // expect remote challenge.
var remoteChallenge = (byte[])remoteAuthData[0]; var remoteChallenge = (byte[])remoteAuthData[0];
@@ -244,6 +253,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 3)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect responder identity, nonce and salt. // expect responder identity, nonce and salt.
_remoteNonce = (byte[])remoteAuthData[0]; _remoteNonce = (byte[])remoteAuthData[0];
_responderIdentity = (string)remoteAuthData[1]; _responderIdentity = (string)remoteAuthData[1];
@@ -286,6 +298,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 2) else if (_step == 2)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote challenge. // expect remote challenge.
var remoteChallenge = (byte[])remoteAuthData[0]; var remoteChallenge = (byte[])remoteAuthData[0];
@@ -337,7 +352,7 @@ namespace Esiur.Security.Authority.Providers
{ {
if (_step == 0) if (_step == 0)
{ {
if (remoteAuthData.Length < 2) if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null); return new AuthenticationResult(AuthenticationRuling.Failed, null);
// step 0: expect remote nonce and initiator identity. // step 0: expect remote nonce and initiator identity.
@@ -378,6 +393,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect challenge response. // expect challenge response.
var remoteChallenge = (byte[])remoteAuthData[0]; var remoteChallenge = (byte[])remoteAuthData[0];
@@ -416,7 +434,7 @@ namespace Esiur.Security.Authority.Providers
{ {
if (_step == 0) if (_step == 0)
{ {
if (remoteAuthData.Length < 1) if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null); return new AuthenticationResult(AuthenticationRuling.Failed, null);
// step 0: receive remote nonce. // step 0: receive remote nonce.
@@ -456,6 +474,10 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote salt and challenge. // expect remote salt and challenge.
_remoteSalt = (byte[])remoteAuthData[0]; _remoteSalt = (byte[])remoteAuthData[0];
var remoteChallenge = (byte[])remoteAuthData[1]; var remoteChallenge = (byte[])remoteAuthData[1];
@@ -503,7 +525,7 @@ namespace Esiur.Security.Authority.Providers
{ {
if (_step == 0) if (_step == 0)
{ {
if (remoteAuthData.Length < 2) if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null); return new AuthenticationResult(AuthenticationRuling.Failed, null);
// step 0: receive remote nonce and initiator identity. // step 0: receive remote nonce and initiator identity.
@@ -558,6 +580,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect initiator salt and challenge. // expect initiator salt and challenge.
var remoteSalt = (byte[])remoteAuthData[0]; var remoteSalt = (byte[])remoteAuthData[0];
var remoteChallenge = (byte[])remoteAuthData[1]; var remoteChallenge = (byte[])remoteAuthData[1];