1 7 8 package com.sun.security.auth.module; 9 10 import java.util.*; 11 import java.io.IOException ; 12 import javax.security.auth.*; 13 import javax.security.auth.callback.*; 14 import javax.security.auth.login.*; 15 import javax.security.auth.spi.*; 16 import com.sun.security.auth.NTUserPrincipal; 17 import com.sun.security.auth.NTSidUserPrincipal; 18 import com.sun.security.auth.NTDomainPrincipal; 19 import com.sun.security.auth.NTSidDomainPrincipal; 20 import com.sun.security.auth.NTSidPrimaryGroupPrincipal; 21 import com.sun.security.auth.NTSidGroupPrincipal; 22 import com.sun.security.auth.NTNumericCredential; 23 24 42 public class NTLoginModule implements LoginModule { 43 44 private NTSystem ntSystem; 45 46 private Subject subject; 48 private CallbackHandler callbackHandler; 49 private Map sharedState; 50 private Map options; 51 52 private boolean debug = false; 54 private boolean debugNative = false; 55 56 private boolean succeeded = false; 58 private boolean commitSucceeded = false; 59 60 private NTUserPrincipal userPrincipal; private NTSidUserPrincipal userSID; private NTDomainPrincipal userDomain; private NTSidDomainPrincipal domainSID; private NTSidPrimaryGroupPrincipal primaryGroup; private NTSidGroupPrincipal groups[]; private NTNumericCredential iToken; 68 87 public void initialize(Subject subject, CallbackHandler callbackHandler, 88 Map<String ,?> sharedState, 89 Map<String ,?> options) 90 { 91 92 this.subject = subject; 93 this.callbackHandler = callbackHandler; 94 this.sharedState = sharedState; 95 this.options = options; 96 97 debug = "true".equalsIgnoreCase((String )options.get("debug")); 99 debugNative="true".equalsIgnoreCase((String )options.get("debugNative")); 100 101 if (debugNative == true) { 102 debug = true; 103 } 104 } 105 106 119 public boolean login() throws LoginException { 120 121 succeeded = false; 123 ntSystem = new NTSystem(debugNative); 124 if (ntSystem == null) { 125 if (debug) { 126 System.out.println("\t\t[NTLoginModule] " + 127 "Failed in NT login"); 128 } 129 throw new FailedLoginException 130 ("Failed in attempt to import the " + 131 "underlying NT system identity information"); 132 } 133 134 if (ntSystem.getName() == null) { 135 throw new FailedLoginException 136 ("Failed in attempt to import the " + 137 "underlying NT system identity information"); 138 } 139 userPrincipal = new NTUserPrincipal(ntSystem.getName()); 140 if (debug) { 141 System.out.println("\t\t[NTLoginModule] " + 142 "succeeded importing info: "); 143 System.out.println("\t\t\tuser name = " + 144 userPrincipal.getName()); 145 } 146 147 if (ntSystem.getUserSID() != null) { 148 userSID = new NTSidUserPrincipal(ntSystem.getUserSID()); 149 if (debug) { 150 System.out.println("\t\t\tuser SID = " + 151 userSID.getName()); 152 } 153 } 154 if (ntSystem.getDomain() != null) { 155 userDomain = new NTDomainPrincipal(ntSystem.getDomain()); 156 if (debug) { 157 System.out.println("\t\t\tuser domain = " + 158 userDomain.getName()); 159 } 160 } 161 if (ntSystem.getDomainSID() != null) { 162 domainSID = 163 new NTSidDomainPrincipal(ntSystem.getDomainSID()); 164 if (debug) { 165 System.out.println("\t\t\tuser domain SID = " + 166 domainSID.getName()); 167 } 168 } 169 if (ntSystem.getPrimaryGroupID() != null) { 170 primaryGroup = 171 new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID()); 172 if (debug) { 173 System.out.println("\t\t\tuser primary group = " + 174 primaryGroup.getName()); 175 } 176 } 177 if (ntSystem.getGroupIDs() != null && 178 ntSystem.getGroupIDs().length > 0) { 179 180 String groupSIDs[] = ntSystem.getGroupIDs(); 181 groups = new NTSidGroupPrincipal[groupSIDs.length]; 182 for (int i = 0; i < groupSIDs.length; i++) { 183 groups[i] = new NTSidGroupPrincipal(groupSIDs[i]); 184 if (debug) { 185 System.out.println("\t\t\tuser group = " + 186 groups[i].getName()); 187 } 188 } 189 } 190 if (ntSystem.getImpersonationToken() != 0) { 191 iToken = new NTNumericCredential(ntSystem.getImpersonationToken()); 192 if (debug) { 193 System.out.println("\t\t\timpersonation token = " + 194 ntSystem.getImpersonationToken()); 195 } 196 } 197 198 succeeded = true; 199 return succeeded; 200 } 201 202 224 public boolean commit() throws LoginException { 225 if (succeeded == false) { 226 if (debug) { 227 System.out.println("\t\t[NTLoginModule]: " + 228 "did not add any Principals to Subject " + 229 "because own authentication failed."); 230 } 231 return false; 232 } 233 if (subject.isReadOnly()) { 234 throw new LoginException ("Subject is ReadOnly"); 235 } 236 Set principals = subject.getPrincipals(); 237 238 if (!principals.contains(userPrincipal)) { 240 principals.add(userPrincipal); 241 } 242 if (userSID != null && !principals.contains(userSID)) { 243 principals.add(userSID); 244 } 245 246 if (userDomain != null && !principals.contains(userDomain)) { 247 principals.add(userDomain); 248 } 249 if (domainSID != null && !principals.contains(domainSID)) { 250 principals.add(domainSID); 251 } 252 253 if (primaryGroup != null && !principals.contains(primaryGroup)) { 254 principals.add(primaryGroup); 255 } 256 for (int i = 0; groups != null && i < groups.length; i++) { 257 if (!principals.contains(groups[i])) { 258 principals.add(groups[i]); 259 } 260 } 261 262 Set pubCreds = subject.getPublicCredentials(); 263 if (iToken != null && !pubCreds.contains(iToken)) { 264 pubCreds.add(iToken); 265 } 266 commitSucceeded = true; 267 return true; 268 } 269 270 271 289 public boolean abort() throws LoginException { 290 if (debug) { 291 System.out.println("\t\t[NTLoginModule]: " + 292 "aborted authentication attempt"); 293 } 294 295 if (succeeded == false) { 296 return false; 297 } else if (succeeded == true && commitSucceeded == false) { 298 ntSystem = null; 299 userPrincipal = null; 300 userSID = null; 301 userDomain = null; 302 domainSID = null; 303 primaryGroup = null; 304 groups = null; 305 iToken = null; 306 succeeded = false; 307 } else { 308 logout(); 311 } 312 return succeeded; 313 } 314 315 331 public boolean logout() throws LoginException { 332 333 if (subject.isReadOnly()) { 334 throw new LoginException ("Subject is ReadOnly"); 335 } 336 Set principals = subject.getPrincipals(); 337 if (principals.contains(userPrincipal)) { 338 principals.remove(userPrincipal); 339 } 340 if (principals.contains(userSID)) { 341 principals.remove(userSID); 342 } 343 if (principals.contains(userDomain)) { 344 principals.remove(userDomain); 345 } 346 if (principals.contains(domainSID)) { 347 principals.remove(domainSID); 348 } 349 if (principals.contains(primaryGroup)) { 350 principals.remove(primaryGroup); 351 } 352 for (int i = 0; groups != null && i < groups.length; i++) { 353 if (principals.contains(groups[i])) { 354 principals.remove(groups[i]); 355 } 356 } 357 358 Set pubCreds = subject.getPublicCredentials(); 359 if (pubCreds.contains(iToken)) { 360 pubCreds.remove(iToken); 361 } 362 363 succeeded = false; 364 commitSucceeded = false; 365 userPrincipal = null; 366 userDomain = null; 367 userSID = null; 368 domainSID = null; 369 groups = null; 370 primaryGroup = null; 371 iToken = null; 372 ntSystem = null; 373 374 if (debug) { 375 System.out.println("\t\t[NTLoginModule] " + 376 "completed logout processing"); 377 } 378 return true; 379 } 380 } 381 | Popular Tags |