1. /*

  2.  * @(#)SolarisLoginModule.java	1.7 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package com.sun.security.auth.module;

  9. 

  10. import java.util.*;

  11. import java.io.IOException;

  12. import javax.security.auth.*;

  13. import javax.security.auth.callback.*;

  14. import javax.security.auth.login.*;

  15. import javax.security.auth.spi.*;

  16. import com.sun.security.auth.SolarisPrincipal;

  17. import com.sun.security.auth.SolarisNumericUserPrincipal;

  18. import com.sun.security.auth.SolarisNumericGroupPrincipal;

  19. 

  20. /**

  21.  * <p> This <code>LoginModule</code> imports a user's Solaris

  22.  * <code>Principal</code> information (<code>SolarisPrincipal</code>,

  23.  * <code>SolarisNumericUserPrincipal</code>,

  24.  * and <code>SolarisNumericGroupPrincipal</code>)

  25.  * and associates them with the current <code>Subject</code>.

  26.  *

  27.  * <p> This LoginModule recognizes the debug option.

  28.  * If set to true in the login Configuration,

  29.  * debug messages will be output to the output stream, System.out.

  30.  * @deprecated  As of JDK1.4, replaced by 

  31.  * <code>com.sun.security.auth.module.UnixLoginModule</code>.

  32.  *             This LoginModule is entirely deprecated and

  33.  *             is here to allow for a smooth transition to the new

  34.  *             UnixLoginModule.

  35.  *

  36.  * @version 1.19, 01/11/00

  37.  */

  38. public class SolarisLoginModule implements LoginModule {

  39. 

  40.     // initial state

  41.     private Subject subject;

  42.     private CallbackHandler callbackHandler;

  43.     private Map sharedState;

  44.     private Map options;

  45. 

  46.     // configurable option

  47.     private boolean debug = true;

  48. 

  49.     // SolarisSystem to retrieve underlying system info

  50.     private SolarisSystem ss;

  51. 

  52.     // the authentication status

  53.     private boolean succeeded = false;

  54.     private boolean commitSucceeded = false;

  55. 

  56.     // Underlying system info

  57.     private SolarisPrincipal userPrincipal;

  58.     private SolarisNumericUserPrincipal UIDPrincipal;

  59.     private SolarisNumericGroupPrincipal GIDPrincipal;

  60.     private LinkedList supplementaryGroups = new LinkedList();

  61. 

  62.     /**

  63.      * Initialize this <code>LoginModule</code>.

  64.      *

  65.      * <p>

  66.      *

  67.      * @param subject the <code>Subject</code> to be authenticated. <p>

  68.      *

  69.      * @param callbackHandler a <code>CallbackHandler</code> for communicating

  70.      *			with the end user (prompting for usernames and

  71.      *			passwords, for example). <p>

  72.      *

  73.      * @param sharedState shared <code>LoginModule</code> state. <p>

  74.      *

  75.      * @param options options specified in the login

  76.      *			<code>Configuration</code> for this particular

  77.      *			<code>LoginModule</code>.

  78.      */

  79.     public void initialize(Subject subject, CallbackHandler callbackHandler,

  80. 			Map sharedState, Map options) {

  81. 

  82. 	this.subject = subject;

  83. 	this.callbackHandler = callbackHandler;

  84. 	this.sharedState = sharedState;

  85. 	this.options = options;

  86. 

  87. 	// initialize any configured options

  88. 	debug = "true".equalsIgnoreCase((String)options.get("debug"));

  89.     }

  90. 

  91.     /**

  92.      * Authenticate the user (first phase).

  93.      *

  94.      * <p> The implementation of this method attempts to retrieve the user's

  95.      * Solaris <code>Subject</code> information by making a native Solaris

  96.      * system call.

  97.      *

  98.      * <p>

  99.      *

  100.      * @exception FailedLoginException if attempts to retrieve the underlying

  101.      *		system information fail.

  102.      *

  103.      * @return true in all cases (this <code>LoginModule</code>

  104.      *		should not be ignored).

  105.      */

  106.     public boolean login() throws LoginException {

  107. 

  108. 	long[] solarisGroups = null;

  109. 

  110. 	ss = new SolarisSystem();

  111. 

  112. 	if (ss == null) {

  113. 	    succeeded = false;

  114. 	    throw new FailedLoginException

  115. 				("Failed in attempt to import " +

  116. 				"the underlying system identity information");

  117. 	} else {

  118. 	    userPrincipal = new SolarisPrincipal(ss.getUsername());

  119. 	    UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());

  120. 	    GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);

  121. 	    if (ss.getGroups() != null && ss.getGroups().length > 0)

  122. 		solarisGroups = ss.getGroups();

  123. 		for (int i = 0; i < solarisGroups.length; i++) {

  124. 		    SolarisNumericGroupPrincipal ngp =

  125. 			new SolarisNumericGroupPrincipal

  126. 			(solarisGroups[i], false);

  127. 		    if (!ngp.getName().equals(GIDPrincipal.getName()))

  128. 			supplementaryGroups.add(ngp);

  129. 		}

  130. 	    if (debug) {

  131. 		System.out.println("\t\t[SolarisLoginModule]: " +

  132. 			"succeeded importing info: ");

  133. 		System.out.println("\t\t\tuid = " + ss.getUid());

  134. 		System.out.println("\t\t\tgid = " + ss.getGid());

  135. 		solarisGroups = ss.getGroups();

  136. 		for (int i = 0; i < solarisGroups.length; i++) {

  137. 		    System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);

  138. 		}

  139. 	    }

  140. 	    succeeded = true;

  141. 	    return true;

  142. 	}

  143.     }

  144. 

  145.     /**

  146.      * Commit the authentication (second phase).

  147.      *

  148.      * <p> This method is called if the LoginContext's

  149.      * overall authentication succeeded

  150.      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules

  151.      * succeeded).

  152.      *

  153.      * <p> If this LoginModule's own authentication attempt

  154.      * succeeded (the importing of the Solaris authentication information

  155.      * succeeded), then this method associates the Solaris Principals

  156.      * with the <code>Subject</code> currently tied to the 

  157.      * <code>LoginModule</code>.  If this LoginModule's

  158.      * authentication attempted failed, then this method removes

  159.      * any state that was originally saved.

  160.      *

  161.      * <p>

  162.      *

  163.      * @exception LoginException if the commit fails

  164.      *

  165.      * @return true if this LoginModule's own login and commit attempts

  166.      *		succeeded, or false otherwise.

  167.      */

  168.     public boolean commit() throws LoginException {

  169. 	if (succeeded == false) {

  170. 	    if (debug) {

  171. 		System.out.println("\t\t[SolarisLoginModule]: " +

  172. 		    "did not add any Principals to Subject " +

  173. 		    "because own authentication failed.");

  174. 	    }

  175. 	    return false;

  176. 	} 

  177. 	if (subject.isReadOnly()) {

  178. 	    throw new LoginException ("Subject is Readonly");

  179. 	}

  180. 	if (!subject.getPrincipals().contains(userPrincipal))

  181. 	    subject.getPrincipals().add(userPrincipal);

  182. 	if (!subject.getPrincipals().contains(UIDPrincipal))

  183. 	    subject.getPrincipals().add(UIDPrincipal);

  184. 	if (!subject.getPrincipals().contains(GIDPrincipal))

  185. 	    subject.getPrincipals().add(GIDPrincipal);

  186. 	for (int i = 0; i < supplementaryGroups.size(); i++) {

  187. 	    if (!subject.getPrincipals().contains

  188. 		((SolarisNumericGroupPrincipal)supplementaryGroups.get(i)))

  189. 		subject.getPrincipals().add((SolarisNumericGroupPrincipal)

  190. 					    supplementaryGroups.get(i));

  191. 	}

  192. 	

  193. 	if (debug) {

  194. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  195. 			       "added SolarisPrincipal,");

  196. 	    System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");

  197. 	    System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");

  198. 	    System.out.println("\t\t\t to Subject");

  199. 	}

  200. 	

  201. 	commitSucceeded = true;

  202. 	return true;

  203.     }

  204. 

  205. 

  206.     /**

  207.      * Abort the authentication (second phase).

  208.      *

  209.      * <p> This method is called if the LoginContext's

  210.      * overall authentication failed.

  211.      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules

  212.      * did not succeed).

  213.      *

  214.      * <p> This method cleans up any state that was originally saved

  215.      * as part of the authentication attempt from the <code>login</code>

  216.      * and <code>commit</code> methods.

  217.      *

  218.      * <p>

  219.      *

  220.      * @exception LoginException if the abort fails

  221.      *

  222.      * @return false if this LoginModule's own login and/or commit attempts

  223.      *		failed, and true otherwise.

  224.      */

  225.     public boolean abort() throws LoginException {

  226. 	if (debug) {

  227. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  228. 		"aborted authentication attempt");

  229. 	}

  230. 

  231. 	if (succeeded == false) {

  232. 	    return false;

  233. 	} else if (succeeded == true && commitSucceeded == false) {

  234. 

  235. 	    // Clean out state

  236. 	    succeeded = false;

  237. 	    ss = null;

  238. 	    userPrincipal = null;

  239. 	    UIDPrincipal = null;

  240. 	    GIDPrincipal = null;

  241. 	    supplementaryGroups = new LinkedList();

  242. 	} else {

  243. 	    // overall authentication succeeded and commit succeeded,

  244. 	    // but someone else's commit failed

  245. 	    logout();

  246. 	}

  247. 	return true;

  248.     }

  249. 

  250.     /**

  251.      * Logout the user

  252.      *

  253.      * <p> This method removes the Principals associated

  254.      * with the <code>Subject</code>.

  255.      *

  256.      * <p>

  257.      *

  258.      * @exception LoginException if the logout fails

  259.      *

  260.      * @return true in all cases (this <code>LoginModule</code>

  261.      *		should not be ignored).

  262.      */

  263.     public boolean logout() throws LoginException {

  264. 	if (debug) {

  265. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  266. 		"Entering logout");

  267. 	}

  268. 	if (subject.isReadOnly()) {

  269. 	    throw new LoginException ("Subject is Readonly");

  270. 	}

  271. 	// remove the added Principals from the Subject

  272. 	subject.getPrincipals().remove(userPrincipal);

  273. 	subject.getPrincipals().remove(UIDPrincipal);

  274. 	subject.getPrincipals().remove(GIDPrincipal);

  275. 	for (int i = 0; i < supplementaryGroups.size(); i++) {

  276. 	    subject.getPrincipals().remove

  277. 		    ((SolarisNumericGroupPrincipal)supplementaryGroups.get(i));

  278. 	}

  279. 

  280. 	// clean out state

  281. 	ss = null;

  282. 	succeeded = false;

  283. 	commitSucceeded = false;

  284. 	userPrincipal = null;

  285. 	UIDPrincipal = null;

  286. 	GIDPrincipal = null;

  287. 	supplementaryGroups = new LinkedList();

  288. 

  289. 	if (debug) {

  290. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  291. 		"logged out Subject");

  292. 	}

  293. 	return true;

  294.     }

  295. }