esiur/esiur-dotnet
2
0
Fork 0
mirror of https://github.com/esiur/esiur-dotnet.git synced 2026-06-13 22:48:42 +00:00
Code Issues Projects Releases Wiki Activity

Auth

Browse Source
This commit is contained in:
Ahmed Zamil
2026-06-01 18:00:07 +03:00
parent f13efe88e0
commit f3bfed4f77
4 changed files with 135 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Libraries/Esiur/Net/Packets/EpAuthPacketHeader.cs
+1
View File
@@ -22,5 +22,6 @@ namespace Esiur.Net.Packets
Identity, Identity,
AuthenticationProtocol, AuthenticationProtocol,
AuthenticationData, AuthenticationData,
ErrorMessage
} }
} }
Libraries/Esiur/Protocol/EpConnection.cs
+97 -79
View File
@@ -719,7 +719,7 @@ public partial class EpConnection : NetworkConnection, IStore
{ {
if (!(Server?.AllowUnauthorizedAccess ?? false)) if (!(Server?.AllowUnauthorizedAccess ?? false))
{ {
SendAuth(EpAuthPacketMethod.ErrorTerminate); SendAuthMessage(EpAuthPacketMethod.ErrorTerminate, "Unauthorized access not allowed.");
_invalidCredentials = true; _invalidCredentials = true;
//Close(); //Close();
return offset; return offset;
@@ -776,7 +776,8 @@ public partial class EpConnection : NetworkConnection, IStore
{ {
SendAuthHeaders(EpAuthPacketMethod.Denied, localHeaders); SendAuthHeaders(EpAuthPacketMethod.Denied, localHeaders);
_invalidCredentials = true; _invalidCredentials = true;
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
else if (authResult.Ruling == AuthenticationRuling.InProgress) else if (authResult.Ruling == AuthenticationRuling.InProgress)
{ {
@@ -796,98 +797,116 @@ public partial class EpConnection : NetworkConnection, IStore
} }
else if (_authPacket.Command == EpAuthPacketCommand.Acknowledge) else if (_authPacket.Command == EpAuthPacketCommand.Acknowledge)
{ {
var remoteHeaders if (_authPacket.Method == EpAuthPacketMethod.ProceedToHandshake
= new Map<EpAuthPacketHeader, object>(); || _authPacket.Method == EpAuthPacketMethod.ProceedToFinalHandshake)
object remoteAuthData = null;
if (_authPacket.Tdu != null)
{ {
var parsed = Codec.ParseSync(_authPacket.Tdu.Value, Instance.Warehouse); var remoteHeaders
= new Map<EpAuthPacketHeader, object>();
object remoteAuthData = null;
if (parsed is Map<byte, object> headers) if (_authPacket.Tdu != null)
{ {
foreach (var header in headers) var parsed = Codec.ParseSync(_authPacket.Tdu.Value, Instance.Warehouse);
if (parsed is Map<byte, object> headers)
{ {
if (header.Key == (byte)EpAuthPacketHeader.AuthenticationData) foreach (var header in headers)
{ {
remoteAuthData = header.Value; if (header.Key == (byte)EpAuthPacketHeader.AuthenticationData)
} {
else remoteAuthData = header.Value;
{ }
remoteHeaders.Add((EpAuthPacketHeader)header.Key, header.Value); else
{
remoteHeaders.Add((EpAuthPacketHeader)header.Key, header.Value);
}
} }
_session.RemoteHeaders = remoteHeaders;// headers.Select(x => new KeyValuePair<EpAuthPacketHeader, object>((EpAuthPacketHeader)x.Key, x.Value));
}
}
if (_session.AuthenticationMode == AuthenticationMode.None)
{
if (_authPacket.Method == EpAuthPacketMethod.SessionEstablished)
{
_session.Authenticated = true;
_session.LocalIdentity = null;
_session.RemoteIdentity = null;
_session.Key = null;
AuthenticatonCompleted();
}
else
{
_invalidCredentials = true;
Task.Delay(100).ContinueWith(x => Close());
} }
_session.RemoteHeaders = remoteHeaders;// headers.Select(x => new KeyValuePair<EpAuthPacketHeader, object>((EpAuthPacketHeader)x.Key, x.Value)); return offset;
} }
}
if (_session.AuthenticationMode == AuthenticationMode.None) var authResult = _session.AuthenticationHandler.Process(remoteAuthData);
{
if (_authPacket.Method == EpAuthPacketMethod.SessionEstablished) if (authResult.Ruling == AuthenticationRuling.Failed)
{
SendAuth(EpAuthPacketMethod.ErrorTerminate);
_invalidCredentials = true;
Task.Delay(100).ContinueWith(x => Close());
return offset;
}
else if (authResult.Ruling == AuthenticationRuling.InProgress)
{
if (_authPacket.Method == EpAuthPacketMethod.ProceedToHandshake)
{
SendAuthData(EpAuthPacketMethod.Handshake,
authResult.AuthenticationData);
}
else
{
throw new Exception("Bad protocol sequence.");
}
}
else if (authResult.Ruling == AuthenticationRuling.Succeeded)
{ {
_session.Authenticated = true; _session.Authenticated = true;
_session.LocalIdentity = null; _session.Key = authResult.SessionKey;
_session.RemoteIdentity = null; _session.LocalIdentity = authResult.LocalIdentity;
_session.Key = null; _session.RemoteIdentity = authResult.RemoteIdentity;
AuthenticatonCompleted();
}
else
{
_invalidCredentials = true;
Close();
}
return offset; // send final handshake with data
SendAuthData(EpAuthPacketMethod.FinalHandshake,
authResult.AuthenticationData);
//if (_authPacket.Method == EpAuthPacketMethod.SessionEstablished)
//{
// AuthenticatonCompleted(authResult.LocalIdentity, authResult.RemoteIdentity);
//}
//else if (_authPacket.Method == EpAuthPacketMethod.ProceedToEstablishSession
// || _authPacket.Method == EpAuthPacketMethod.FinalHandshake)
//{
// // Send establish request
// SendAuthData(EpAuthPacketMethod.FinalHandshake,
// authResult.AuthenticationData);
//}
}
} }
else if (_authPacket.Method == EpAuthPacketMethod.Denied)
var authResult = _session.AuthenticationHandler.Process(remoteAuthData);
if (authResult.Ruling == AuthenticationRuling.Failed)
{ {
SendAuth(EpAuthPacketMethod.ErrorTerminate); var errorMessage = "Authentication error.";
if (_authPacket.Tdu != null)
{
var parsed = Codec.ParseSync(_authPacket.Tdu.Value, _serverWarehouse);
if (parsed is string parsedErrorMsg)
errorMessage = parsedErrorMsg;
}
_invalidCredentials = true; _invalidCredentials = true;
Close(); OnError?.Invoke(this, _authPacket.ErrorCode, errorMessage);
return offset; _openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error."));
}
else if (authResult.Ruling == AuthenticationRuling.InProgress)
{
if (_authPacket.Method == EpAuthPacketMethod.ProceedToHandshake)
{
SendAuthData(EpAuthPacketMethod.Handshake,
authResult.AuthenticationData);
}
else
{
throw new Exception("Bad protocol sequence.");
}
}
else if (authResult.Ruling == AuthenticationRuling.Succeeded)
{
_session.Authenticated = true;
_session.Key = authResult.SessionKey;
_session.LocalIdentity = authResult.LocalIdentity;
_session.RemoteIdentity = authResult.RemoteIdentity;
// send final handshake with data
SendAuthData(EpAuthPacketMethod.FinalHandshake,
authResult.AuthenticationData);
//if (_authPacket.Method == EpAuthPacketMethod.SessionEstablished)
//{
// AuthenticatonCompleted(authResult.LocalIdentity, authResult.RemoteIdentity);
//}
//else if (_authPacket.Method == EpAuthPacketMethod.ProceedToEstablishSession
// || _authPacket.Method == EpAuthPacketMethod.FinalHandshake)
//{
// // Send establish request
// SendAuthData(EpAuthPacketMethod.FinalHandshake,
// authResult.AuthenticationData);
//}
} }
} }
else if (_authPacket.Command == EpAuthPacketCommand.Action) else if (_authPacket.Command == EpAuthPacketCommand.Action)
{ {
@@ -910,7 +929,6 @@ public partial class EpConnection : NetworkConnection, IStore
SendAuth(EpAuthPacketMethod.ErrorTerminate); SendAuth(EpAuthPacketMethod.ErrorTerminate);
_invalidCredentials = true; _invalidCredentials = true;
Task.Delay(100).ContinueWith(x => Close()); Task.Delay(100).ContinueWith(x => Close());
// Close();
} }
else if (authResult.Ruling == AuthenticationRuling.InProgress) else if (authResult.Ruling == AuthenticationRuling.InProgress)
{ {
@@ -957,7 +975,7 @@ public partial class EpConnection : NetworkConnection, IStore
OnError?.Invoke(this, _authPacket.ErrorCode, errorMessage); OnError?.Invoke(this, _authPacket.ErrorCode, errorMessage);
_openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error.")); _openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error."));
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
else if (_authPacket.Method == EpAuthPacketMethod.Established) else if (_authPacket.Method == EpAuthPacketMethod.Established)
{ {
@@ -970,7 +988,7 @@ public partial class EpConnection : NetworkConnection, IStore
_invalidCredentials = true; _invalidCredentials = true;
OnError?.Invoke(this, _authPacket.ErrorCode, "Authentication error."); OnError?.Invoke(this, _authPacket.ErrorCode, "Authentication error.");
_openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error.")); _openReply?.TriggerError(new AsyncException(ErrorType.Management, _authPacket.ErrorCode, "Authentication error."));
Close(); Task.Delay(100).ContinueWith(x => Close());
} }
} }
else if (_authPacket.Method == EpAuthPacketMethod.IndicationEstablished) else if (_authPacket.Method == EpAuthPacketMethod.IndicationEstablished)
Libraries/Esiur/Protocol/EpConnectionProtocol.cs
+8
View File
@@ -161,6 +161,14 @@ partial class EpConnection
Send(new byte[] { (byte)method }); Send(new byte[] { (byte)method });
} }
void SendAuthMessage(EpAuthPacketMethod method, string message)
{
var bl = new BinaryList();
bl.AddUInt8((byte)((byte)method | 0x20));
bl.AddUInt8Array(Codec.Compose(message, null, this));
Send(bl.ToArray());
}
void SendAuthHeaders(EpAuthPacketMethod method, void SendAuthHeaders(EpAuthPacketMethod method,
Map<byte, object> authHeaders) Map<byte, object> authHeaders)
{ {
Libraries/Esiur/Security/Authority/Providers/PasswordAuthenticationHandler.cs
+28 -3
View File
@@ -88,6 +88,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 3)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote nonce, salt and challenge. // expect remote nonce, salt and challenge.
_remoteNonce = (byte[])remoteAuthData[0]; _remoteNonce = (byte[])remoteAuthData[0];
_remoteSalt = (byte[])remoteAuthData[1]; _remoteSalt = (byte[])remoteAuthData[1];
@@ -149,6 +152,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect responder identity and nonce. // expect responder identity and nonce.
_remoteNonce = (byte[])remoteAuthData[0]; _remoteNonce = (byte[])remoteAuthData[0];
_responderIdentity = (string)remoteAuthData[1]; _responderIdentity = (string)remoteAuthData[1];
@@ -185,6 +191,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 2) else if (_step == 2)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote challenge. // expect remote challenge.
var remoteChallenge = (byte[])remoteAuthData[0]; var remoteChallenge = (byte[])remoteAuthData[0];
@@ -244,6 +253,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 3)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect responder identity, nonce and salt. // expect responder identity, nonce and salt.
_remoteNonce = (byte[])remoteAuthData[0]; _remoteNonce = (byte[])remoteAuthData[0];
_responderIdentity = (string)remoteAuthData[1]; _responderIdentity = (string)remoteAuthData[1];
@@ -286,6 +298,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 2) else if (_step == 2)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote challenge. // expect remote challenge.
var remoteChallenge = (byte[])remoteAuthData[0]; var remoteChallenge = (byte[])remoteAuthData[0];
@@ -337,7 +352,7 @@ namespace Esiur.Security.Authority.Providers
{ {
if (_step == 0) if (_step == 0)
{ {
if (remoteAuthData.Length < 2) if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null); return new AuthenticationResult(AuthenticationRuling.Failed, null);
// step 0: expect remote nonce and initiator identity. // step 0: expect remote nonce and initiator identity.
@@ -378,6 +393,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect challenge response. // expect challenge response.
var remoteChallenge = (byte[])remoteAuthData[0]; var remoteChallenge = (byte[])remoteAuthData[0];
@@ -416,7 +434,7 @@ namespace Esiur.Security.Authority.Providers
{ {
if (_step == 0) if (_step == 0)
{ {
if (remoteAuthData.Length < 1) if (remoteAuthData == null || remoteAuthData.Length < 1)
return new AuthenticationResult(AuthenticationRuling.Failed, null); return new AuthenticationResult(AuthenticationRuling.Failed, null);
// step 0: receive remote nonce. // step 0: receive remote nonce.
@@ -456,6 +474,10 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect remote salt and challenge. // expect remote salt and challenge.
_remoteSalt = (byte[])remoteAuthData[0]; _remoteSalt = (byte[])remoteAuthData[0];
var remoteChallenge = (byte[])remoteAuthData[1]; var remoteChallenge = (byte[])remoteAuthData[1];
@@ -503,7 +525,7 @@ namespace Esiur.Security.Authority.Providers
{ {
if (_step == 0) if (_step == 0)
{ {
if (remoteAuthData.Length < 2) if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null); return new AuthenticationResult(AuthenticationRuling.Failed, null);
// step 0: receive remote nonce and initiator identity. // step 0: receive remote nonce and initiator identity.
@@ -558,6 +580,9 @@ namespace Esiur.Security.Authority.Providers
} }
else if (_step == 1) else if (_step == 1)
{ {
if (remoteAuthData == null || remoteAuthData.Length < 2)
return new AuthenticationResult(AuthenticationRuling.Failed, null);
// expect initiator salt and challenge. // expect initiator salt and challenge.
var remoteSalt = (byte[])remoteAuthData[0]; var remoteSalt = (byte[])remoteAuthData[0];
var remoteChallenge = (byte[])remoteAuthData[1]; var remoteChallenge = (byte[])remoteAuthData[1];