Examples with LoginUidPrincipal org.dcache.auth.LoginUidPrincipal used on opensource projects

Example 1 with LoginUidPrincipal

use of org.dcache.auth.LoginUidPrincipal in project dcache by dCache.

the class AuthzDbPlugin method map.

@Override
public void map(Set<Principal> principals) throws AuthenticationException {
    /* Classify input principals.
         */
    List<String> names = Lists.newArrayList();
    String loginName = null;
    Long loginUid = null;
    Long loginGid = null;
    String userName = null;
    String primaryGroup = null;
    boolean hasPrimaryGid = false;
    for (Principal principal : principals) {
        if (principal instanceof LoginNamePrincipal) {
            checkAuthentication(loginName == null, "multiple login names");
            loginName = principal.getName();
        } else if (principal instanceof LoginUidPrincipal) {
            checkAuthentication(loginUid == null, "multiple login UIDs");
            loginUid = ((LoginUidPrincipal) principal).getUid();
        } else if (principal instanceof LoginGidPrincipal) {
            checkAuthentication(loginGid == null, "multiple login GIDs");
            loginGid = ((LoginGidPrincipal) principal).getGid();
        } else if (principal instanceof UserNamePrincipal) {
            checkAuthentication(userName == null, "multiple usernames");
            userName = principal.getName();
            names.add(userName);
        } else if (principal instanceof GroupNamePrincipal) {
            if (((GroupNamePrincipal) principal).isPrimaryGroup()) {
                checkAuthentication(primaryGroup == null, "multiple primary group names");
                primaryGroup = principal.getName();
            }
            names.add(principal.getName());
        } else if (principal instanceof GidPrincipal) {
            hasPrimaryGid |= ((GidPrincipal) principal).isPrimaryGroup();
        }
    }
    /* Determine the UIDs and GIDs available to the user
         */
    List<Long> uids = Lists.newArrayList();
    List<Long> gids = Lists.newArrayList();
    for (String name : names) {
        Collection<UserAuthzInformation> mappings = _map.getValuesForPredicatesMatching(name);
        for (UserAuthzInformation mapping : mappings) {
            uids.add(mapping.getUid());
            gids.addAll(Longs.asList(mapping.getGids()));
        }
    }
    /* Verify that the login name, login UID and login GID are
         * among the valid values.
         */
    checkAuthentication(loginName == null || names.contains(loginName), "not authorized to use login name: " + loginName);
    checkAuthentication(loginUid == null || uids.contains(loginUid), "not authorized to use UID: " + loginUid);
    checkAuthentication(loginGid == null || gids.contains(loginGid), "not authorized to use GID: " + loginGid);
    /* Pick a UID and user name.
         */
    UserAuthzInformation user = getEntity(_uidOrder, loginUid, null, loginName, userName, primaryGroup);
    principals.add(new UidPrincipal(user.getUid()));
    if (user.getUsername() != null) {
        // If UID is not based on user name but on some other principle, then it
        // may be that the UserNamePrincipal is inconsistent with the UID. Since
        // space manager uses user name for authorization, we replace the principal
        // with the on matching the selected UID.
        removeIf(principals, instanceOf(UserNamePrincipal.class));
        principals.add(new UserNamePrincipal(user.getUsername()));
    }
    /* Pick the first gid.  This is the primary gid provided the user does
         * not already have a primary gid.
         */
    UserAuthzInformation group = getEntity(_gidOrder, null, loginGid, loginName, userName, primaryGroup);
    long primaryGid = group.getGids()[0];
    principals.add(new GidPrincipal(primaryGid, !hasPrimaryGid));
    /* Add remaining GIDs.
         */
    for (long gid : gids) {
        if (gid != primaryGid) {
            principals.add(new GidPrincipal(gid, false));
        }
    }
}