protected void authenticateUser() throws LoginException { // A Unix user must have a name not null so check here. if ((_username == null) || (_username.length() == 0)) { throw new LoginException("Invalid Username"); } UnixUser user = authenticate(_username, _password); if (user == null) { // JAAS behavior throw new LoginException("Failed Pam Login for " + _username); } if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "PAM login succeeded for: " + _username); } /* * Get the groups from the libpam4j UnixUser class that has been * returned after a successful authentication. */ String[] grpList = null; Set<String> groupSet = user.getGroups(); if (groupSet != null) { grpList = new String[groupSet.size()]; user.getGroups().toArray(grpList); } else { //Empty group list, create a zero-length group list grpList = new String[0]; } commitUserAuthentication(grpList); }
@Override public String getName() { return userName.getUserName(); }
/** * Authenticate the user with a password. * * @return * Upon a successful authentication, return information about the user. * @throws PAMException * If the authentication fails. */ public UnixUser authenticate(String username, String password) throws PAMException { this.password = password; try { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); // several different error code seem to be used to represent authentication failures // check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); } finally { this.password = null; } }
protected void authenticateUser() throws LoginException { // A Unix user must have a name not null so check here. if ((_username == null) || (_username.length() == 0)) { throw new LoginException("Invalid Username"); } UnixUser user = authenticate(_username, _password); if (user == null) { // JAAS behavior throw new LoginException("Failed Pam Login for " + _username); } if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "PAM login succeeded for: " + _username); } /* * Get the groups from the libpam4j UnixUser class that has been * returned after a successful authentication. */ String[] grpList = null; Set<String> groupSet = user.getGroups(); if (groupSet != null) { grpList = new String[groupSet.size()]; user.getGroups().toArray(grpList); } else { //Empty group list, create a zero-length group list grpList = new String[0]; } commitUserAuthentication(grpList); }
@Override public String getName() { return userName.getUserName(); }
/** * Authenticate the user with a password. * * @return * Upon a successful authentication, return information about the user. * @throws PAMException * If the authentication fails. */ public UnixUser authenticate(String username, String password) throws PAMException { this.password = password; try { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); check(libpam.pam_setcred(pht,0),"pam_setcred failed"); // several different error code seem to be used to represent authentication failures // check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); Passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); } finally { this.password = null; } }
@Override public Set<String> pamAuthenticate(String serviceName, String userName, String password) throws NativeAccessException { if (serviceName == null) { serviceName = "sshd"; // use sshd as the default } try { UnixUser unixUser = new PAM(serviceName).authenticate(userName, password); return unixUser.getGroups(); } catch (Throwable exc) { throw new NativeAccessException("Failed to do Pam Authentication. " + exc.getLocalizedMessage()); } }
@Override public String toString() { return String.valueOf(userName.getUserName()); }
/** * Authenticate the user with a password. * * @return * Upon a successful authentication, return information about the user. * @throws PAMException * If the authentication fails. */ public UnixUser authenticate(String username, String password) throws PAMException { this.password = password; try { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); check(libpam.pam_setcred(pht,0),"pam_setcred failed"); // several different error code seem to be used to represent authentication failures check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); } finally { this.password = null; } }
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Set<String> roles = new LinkedHashSet<>(); UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class); if (user != null) { roles.addAll(user.getUnixUser().getGroups()); } SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles); SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles); /* Coverity Scan CID 1361682 */ String userName = null; if (user != null) { userName = user.getName(); } GatewayLog.lookedUpUserRoles(roles, userName); return new SimpleAuthorizationInfo(roles); }
@Override public String toString() { return String.valueOf(userName.getUserName()); }
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Set<String> roles = new LinkedHashSet<>(); UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class); if (user != null) { roles.addAll(user.getUnixUser().getGroups()); } SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles); SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles); /* Coverity Scan CID 1361682 */ String userName = null; if (user != null) { userName = user.getName(); } GatewayLog.lookedUpUserRoles(roles, userName); return new SimpleAuthorizationInfo(roles); }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { UnixUser u = new PAM(serviceName).authenticate(username, password); Set<String> grps = u.getGroups(); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i=0; for (String g : grps) groups[i++] = new GrantedAuthorityImpl(g); EnvVars.setHudsonUserEnvVar(username); // I never understood why Acegi insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (PAMException e) { throw new BadCredentialsException(e.getMessage(),e); } }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { UnixUser u = new PAM(serviceName).authenticate(username, password); Set<String> grps = u.getGroups(); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i=0; for (String g : grps) groups[i++] = new GrantedAuthorityImpl(g); EnvVars.setHudsonUserEnvVar(username); // I never understood why Acegi insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (PAMException e) { throw new BadCredentialsException(e.getMessage(),e); } }