/* * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.security.auth.module; import java.util.*; import java.io.IOException; import javax.security.auth.*; import javax.security.auth.callback.*; import javax.security.auth.login.*; import javax.security.auth.spi.*; import java.security.Principal; import com.sun.security.auth.NTUserPrincipal; import com.sun.security.auth.NTSidUserPrincipal; import com.sun.security.auth.NTDomainPrincipal; import com.sun.security.auth.NTSidDomainPrincipal; import com.sun.security.auth.NTSidPrimaryGroupPrincipal; import com.sun.security.auth.NTSidGroupPrincipal; import com.sun.security.auth.NTNumericCredential; /** *
This LoginModule
* renders a user's NT security information as some number of
* Principal
s
* and associates them with a Subject
.
*
*
This LoginModule recognizes the debug option. * If set to true in the login Configuration, * debug messages will be output to the output stream, System.out. * *
This LoginModule also recognizes the debugNative option.
* If set to true in the login Configuration,
* debug messages from the native component of the module
* will be output to the output stream, System.out.
*
* @see javax.security.auth.spi.LoginModule
*/
@jdk.Exported
public class NTLoginModule implements LoginModule {
private NTSystem ntSystem;
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map
*
* @param subject the
*
* @param callbackHandler a
*
* @param sharedState shared
*
* @param options options specified in the login
*
*
* @return true in all cases since this
*
* @exception LoginException if this This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
*
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
SetLoginModule
.
*
* Subject
to be authenticated. CallbackHandler
for communicating
* with the end user (prompting for usernames and
* passwords, for example). This particular LoginModule only
* extracts the underlying NT system information, so this
* parameter is ignored.LoginModule
state. Configuration
for this particular
* LoginModule
.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
MapLoginModule
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. LoginModule
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
succeeded = false; // Indicate not yet successful
ntSystem = new NTSystem(debugNative);
if (ntSystem == null) {
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"Failed in NT login");
}
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
if (ntSystem.getName() == null) {
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
userPrincipal = new NTUserPrincipal(ntSystem.getName());
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"succeeded importing info: ");
System.out.println("\t\t\tuser name = " +
userPrincipal.getName());
}
if (ntSystem.getUserSID() != null) {
userSID = new NTSidUserPrincipal(ntSystem.getUserSID());
if (debug) {
System.out.println("\t\t\tuser SID = " +
userSID.getName());
}
}
if (ntSystem.getDomain() != null) {
userDomain = new NTDomainPrincipal(ntSystem.getDomain());
if (debug) {
System.out.println("\t\t\tuser domain = " +
userDomain.getName());
}
}
if (ntSystem.getDomainSID() != null) {
domainSID =
new NTSidDomainPrincipal(ntSystem.getDomainSID());
if (debug) {
System.out.println("\t\t\tuser domain SID = " +
domainSID.getName());
}
}
if (ntSystem.getPrimaryGroupID() != null) {
primaryGroup =
new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID());
if (debug) {
System.out.println("\t\t\tuser primary group = " +
primaryGroup.getName());
}
}
if (ntSystem.getGroupIDs() != null &&
ntSystem.getGroupIDs().length > 0) {
String groupSIDs[] = ntSystem.getGroupIDs();
groups = new NTSidGroupPrincipal[groupSIDs.length];
for (int i = 0; i < groupSIDs.length; i++) {
groups[i] = new NTSidGroupPrincipal(groupSIDs[i]);
if (debug) {
System.out.println("\t\t\tuser group = " +
groups[i].getName());
}
}
}
if (ntSystem.getImpersonationToken() != 0) {
iToken = new NTNumericCredential(ntSystem.getImpersonationToken());
if (debug) {
System.out.println("\t\t\timpersonation token = " +
ntSystem.getImpersonationToken());
}
}
succeeded = true;
return succeeded;
}
/**
* login
method), then this method associates some
* number of various Principal
s
* with the Subject
located in the
* LoginModuleContext
. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
*