Search in sources :

Example 1 with UnixNumericGroupPrincipal

use of com.sun.security.auth.UnixNumericGroupPrincipal in project jdk8u_jdk by JetBrains.

the class JndiLoginModule method attemptAuthentication.

/**
     * Attempt authentication
     *
     * <p>
     *
     * @param getPasswdFromSharedState boolean that tells this method whether
     *          to retrieve the password from the sharedState.
     */
private void attemptAuthentication(boolean getPasswdFromSharedState) throws LoginException {
    String encryptedPassword = null;
    // first get the username and password
    getUsernamePassword(getPasswdFromSharedState);
    try {
        // get the user's passwd entry from the user provider URL
        InitialContext iCtx = new InitialContext();
        ctx = (DirContext) iCtx.lookup(userProvider);
        /*
            SearchControls controls = new SearchControls
                                        (SearchControls.ONELEVEL_SCOPE,
                                        0,
                                        5000,
                                        new String[] { USER_PWD },
                                        false,
                                        false);
            */
        SearchControls controls = new SearchControls();
        NamingEnumeration<SearchResult> ne = ctx.search("", "(uid=" + username + ")", controls);
        if (ne.hasMore()) {
            SearchResult result = ne.next();
            Attributes attributes = result.getAttributes();
            // get the password
            // this module works only if the LDAP directory server
            // is configured to permit read access to the userPassword
            // attribute. The directory administrator need to grant
            // this access.
            //
            // A workaround would be to make the server do authentication
            // by setting the Context.SECURITY_PRINCIPAL
            // and Context.SECURITY_CREDENTIALS property.
            // However, this would make it not work with systems that
            // don't do authentication at the server (like NIS).
            //
            // Setting the SECURITY_* properties and using "simple"
            // authentication for LDAP is recommended only for secure
            // channels. For nonsecure channels, SSL is recommended.
            Attribute pwd = attributes.get(USER_PWD);
            String encryptedPwd = new String((byte[]) pwd.get(), "UTF8");
            encryptedPassword = encryptedPwd.substring(CRYPT.length());
            // check the password
            if (verifyPassword(encryptedPassword, new String(password)) == true) {
                // authentication succeeded
                if (debug)
                    System.out.println("\t\t[JndiLoginModule] " + "attemptAuthentication() succeeded");
            } else {
                // authentication failed
                if (debug)
                    System.out.println("\t\t[JndiLoginModule] " + "attemptAuthentication() failed");
                throw new FailedLoginException("Login incorrect");
            }
            // authentication succeeded
            if (storePass && !sharedState.containsKey(NAME) && !sharedState.containsKey(PWD)) {
                sharedState.put(NAME, username);
                sharedState.put(PWD, password);
            }
            // create the user principal
            userPrincipal = new UnixPrincipal(username);
            // get the UID
            Attribute uid = attributes.get(USER_UID);
            String uidNumber = (String) uid.get();
            UIDPrincipal = new UnixNumericUserPrincipal(uidNumber);
            if (debug && uidNumber != null) {
                System.out.println("\t\t[JndiLoginModule] " + "user: '" + username + "' has UID: " + uidNumber);
            }
            // get the GID
            Attribute gid = attributes.get(USER_GID);
            String gidNumber = (String) gid.get();
            GIDPrincipal = new UnixNumericGroupPrincipal(gidNumber, true);
            if (debug && gidNumber != null) {
                System.out.println("\t\t[JndiLoginModule] " + "user: '" + username + "' has GID: " + gidNumber);
            }
            // get the supplementary groups from the group provider URL
            ctx = (DirContext) iCtx.lookup(groupProvider);
            ne = ctx.search("", new BasicAttributes("memberUid", username));
            while (ne.hasMore()) {
                result = ne.next();
                attributes = result.getAttributes();
                gid = attributes.get(GROUP_ID);
                String suppGid = (String) gid.get();
                if (!gidNumber.equals(suppGid)) {
                    UnixNumericGroupPrincipal suppPrincipal = new UnixNumericGroupPrincipal(suppGid, false);
                    supplementaryGroups.add(suppPrincipal);
                    if (debug && suppGid != null) {
                        System.out.println("\t\t[JndiLoginModule] " + "user: '" + username + "' has Supplementary Group: " + suppGid);
                    }
                }
            }
        } else {
            // bad username
            if (debug) {
                System.out.println("\t\t[JndiLoginModule]: User not found");
            }
            throw new FailedLoginException("User not found");
        }
    } catch (NamingException ne) {
        // bad username
        if (debug) {
            System.out.println("\t\t[JndiLoginModule]:  User not found");
            ne.printStackTrace();
        }
        throw new FailedLoginException("User not found");
    } catch (java.io.UnsupportedEncodingException uee) {
        // password stored in incorrect format
        if (debug) {
            System.out.println("\t\t[JndiLoginModule]:  " + "password incorrectly encoded");
            uee.printStackTrace();
        }
        throw new LoginException("Login failure due to incorrect " + "password encoding in the password database");
    }
// authentication succeeded
}
Also used : UnixNumericGroupPrincipal(com.sun.security.auth.UnixNumericGroupPrincipal) UnixPrincipal(com.sun.security.auth.UnixPrincipal) UnixNumericUserPrincipal(com.sun.security.auth.UnixNumericUserPrincipal)

Example 2 with UnixNumericGroupPrincipal

use of com.sun.security.auth.UnixNumericGroupPrincipal in project jdk8u_jdk by JetBrains.

the class UnixLoginModule method login.

/**
     * Authenticate the user (first phase).
     *
     * <p> The implementation of this method attempts to retrieve the user's
     * Unix <code>Subject</code> information by making a native Unix
     * system call.
     *
     * <p>
     *
     * @exception FailedLoginException if attempts to retrieve the underlying
     *          system information fail.
     *
     * @return true in all cases (this <code>LoginModule</code>
     *          should not be ignored).
     */
public boolean login() throws LoginException {
    long[] unixGroups = null;
    ss = new UnixSystem();
    if (ss == null) {
        succeeded = false;
        throw new FailedLoginException("Failed in attempt to import " + "the underlying system identity information");
    } else {
        userPrincipal = new UnixPrincipal(ss.getUsername());
        UIDPrincipal = new UnixNumericUserPrincipal(ss.getUid());
        GIDPrincipal = new UnixNumericGroupPrincipal(ss.getGid(), true);
        if (ss.getGroups() != null && ss.getGroups().length > 0) {
            unixGroups = ss.getGroups();
            for (int i = 0; i < unixGroups.length; i++) {
                UnixNumericGroupPrincipal ngp = new UnixNumericGroupPrincipal(unixGroups[i], false);
                if (!ngp.getName().equals(GIDPrincipal.getName()))
                    supplementaryGroups.add(ngp);
            }
        }
        if (debug) {
            System.out.println("\t\t[UnixLoginModule]: " + "succeeded importing info: ");
            System.out.println("\t\t\tuid = " + ss.getUid());
            System.out.println("\t\t\tgid = " + ss.getGid());
            unixGroups = ss.getGroups();
            for (int i = 0; i < unixGroups.length; i++) {
                System.out.println("\t\t\tsupp gid = " + unixGroups[i]);
            }
        }
        succeeded = true;
        return true;
    }
}
Also used : UnixNumericGroupPrincipal(com.sun.security.auth.UnixNumericGroupPrincipal) UnixPrincipal(com.sun.security.auth.UnixPrincipal) UnixNumericUserPrincipal(com.sun.security.auth.UnixNumericUserPrincipal)

Aggregations

UnixNumericGroupPrincipal (com.sun.security.auth.UnixNumericGroupPrincipal)2 UnixNumericUserPrincipal (com.sun.security.auth.UnixNumericUserPrincipal)2 UnixPrincipal (com.sun.security.auth.UnixPrincipal)2