public RadiusPacket authenticate()

in extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java [184:265]

• 62 lines of code
• 13 McCabe index (conditional complexity)

    public RadiusPacket authenticate(String username, String secret, 
                String clientAddress, byte[] state)
            throws GuacamoleException {

        // If a username wasn't passed, we quit
        if (username == null || username.isEmpty()) {
            logger.warn("Anonymous access not allowed with RADIUS client.");
            return null;
        }

        // If secret wasn't passed, we quit
        if (secret == null || secret.isEmpty()) {
            logger.warn("Password/secret required for RADIUS authentication.");
            return null;
        }

        // Create the RADIUS connection and set up the dictionary
        RadiusClient radiusClient = createRadiusConnection();
        AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");

        // Set up the RadiusAuthenticator
        RadiusAuthenticator radAuth = getRadiusAuthenticator();

        // Add attributes to the connection and send the packet
        try {
            AttributeList radAttrs = new AttributeList();
            radAttrs.add(new Attr_UserName(username));
            radAttrs.add(new Attr_ClientIPAddress(InetAddress.getByName(clientAddress)));
            radAttrs.add(new Attr_NASIPAddress(confService.getRadiusNasIp()));
            radAttrs.add(new Attr_NASPortType(Attr_NASPortType.Virtual));
            if (state != null && state.length > 0)
                radAttrs.add(new Attr_State(state));
            radAttrs.add(new Attr_UserPassword(secret));
            radAttrs.add(new Attr_CleartextPassword(secret));

            AccessRequest radAcc = new AccessRequest(radiusClient);

            // EAP-TTLS tunnels protected attributes inside the TLS layer
            if (radAuth instanceof EAPTTLSAuthenticator) {
                radAuth.setUsername(new Attr_UserName(username));
                ((EAPTTLSAuthenticator)radAuth).setTunneledAttributes(radAttrs);
            }
            else
                radAcc.addAttributes(radAttrs);

            radAuth.setupRequest(radiusClient, radAcc);
            radAuth.processRequest(radAcc);
            RadiusResponse reply = radiusClient.sendReceive(radAcc,
                    confService.getRadiusMaxRetries());

            // We receive a Challenge not asking for user input, so silently process the challenge
            while((reply instanceof AccessChallenge) 
                    && (reply.findAttribute(Attr_ReplyMessage.TYPE) == null)) {
                
                radAuth.processChallenge(radAcc, reply);
                reply = radiusClient.sendReceive(radAcc,
                        confService.getRadiusMaxRetries());
                
            }
            
            return reply;
            
        }
        catch (RadiusException e) {
            logger.error("Unable to complete authentication.", e.getMessage());
            logger.debug("Authentication with RADIUS failed.", e);
            return null;
        }
        catch (NoSuchAlgorithmException e) {
            logger.error("No such RADIUS algorithm: {}", e.getMessage());
            logger.debug("Unknown RADIUS algorithm.", e);
            return null;
        }
        catch (UnknownHostException e) {
            logger.error("Could not resolve address: {}", e.getMessage());
            logger.debug("Exception resolving host address.", e);
            return null;
        }
        finally {
            radiusClient.close();
        }
    }