1. /*

  2.  * @(#)SolarisLoginModule.java	1.10 04/05/18

  3.  *

  4.  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package com.sun.security.auth.module;

  9. 

  10. import java.util.*;

  11. import java.io.IOException;

  12. import javax.security.auth.*;

  13. import javax.security.auth.callback.*;

  14. import javax.security.auth.login.*;

  15. import javax.security.auth.spi.*;

  16. import com.sun.security.auth.SolarisPrincipal;

  17. import com.sun.security.auth.SolarisNumericUserPrincipal;

  18. import com.sun.security.auth.SolarisNumericGroupPrincipal;

  19. 

  20. /**

  21.  * <p> This <code>LoginModule</code> imports a user's Solaris

  22.  * <code>Principal</code> information (<code>SolarisPrincipal</code>,

  23.  * <code>SolarisNumericUserPrincipal</code>,

  24.  * and <code>SolarisNumericGroupPrincipal</code>)

  25.  * and associates them with the current <code>Subject</code>.

  26.  *

  27.  * <p> This LoginModule recognizes the debug option.

  28.  * If set to true in the login Configuration,

  29.  * debug messages will be output to the output stream, System.out.

  30.  * @deprecated  As of JDK1.4, replaced by 

  31.  * <code>com.sun.security.auth.module.UnixLoginModule</code>.

  32.  *             This LoginModule is entirely deprecated and

  33.  *             is here to allow for a smooth transition to the new

  34.  *             UnixLoginModule.

  35.  *

  36.  * @version 1.19, 01/11/00

  37.  */

  38. @Deprecated

  39. public class SolarisLoginModule implements LoginModule {

  40. 

  41.     // initial state

  42.     private Subject subject;

  43.     private CallbackHandler callbackHandler;

  44.     private Map sharedState;

  45.     private Map options;

  46. 

  47.     // configurable option

  48.     private boolean debug = true;

  49. 

  50.     // SolarisSystem to retrieve underlying system info

  51.     private SolarisSystem ss;

  52. 

  53.     // the authentication status

  54.     private boolean succeeded = false;

  55.     private boolean commitSucceeded = false;

  56. 

  57.     // Underlying system info

  58.     private SolarisPrincipal userPrincipal;

  59.     private SolarisNumericUserPrincipal UIDPrincipal;

  60.     private SolarisNumericGroupPrincipal GIDPrincipal;

  61.     private LinkedList supplementaryGroups = new LinkedList();

  62. 

  63.     /**

  64.      * Initialize this <code>LoginModule</code>.

  65.      *

  66.      * <p>

  67.      *

  68.      * @param subject the <code>Subject</code> to be authenticated. <p>

  69.      *

  70.      * @param callbackHandler a <code>CallbackHandler</code> for communicating

  71.      *			with the end user (prompting for usernames and

  72.      *			passwords, for example). <p>

  73.      *

  74.      * @param sharedState shared <code>LoginModule</code> state. <p>

  75.      *

  76.      * @param options options specified in the login

  77.      *			<code>Configuration</code> for this particular

  78.      *			<code>LoginModule</code>.

  79.      */

  80.     public void initialize(Subject subject, CallbackHandler callbackHandler,

  81. 			   Map<String,?> sharedState,

  82. 			   Map<String,?> options)

  83.     {

  84. 

  85. 	this.subject = subject;

  86. 	this.callbackHandler = callbackHandler;

  87. 	this.sharedState = sharedState;

  88. 	this.options = options;

  89. 

  90. 	// initialize any configured options

  91. 	debug = "true".equalsIgnoreCase((String)options.get("debug"));

  92.     }

  93. 

  94.     /**

  95.      * Authenticate the user (first phase).

  96.      *

  97.      * <p> The implementation of this method attempts to retrieve the user's

  98.      * Solaris <code>Subject</code> information by making a native Solaris

  99.      * system call.

  100.      *

  101.      * <p>

  102.      *

  103.      * @exception FailedLoginException if attempts to retrieve the underlying

  104.      *		system information fail.

  105.      *

  106.      * @return true in all cases (this <code>LoginModule</code>

  107.      *		should not be ignored).

  108.      */

  109.     public boolean login() throws LoginException {

  110. 

  111. 	long[] solarisGroups = null;

  112. 

  113. 	ss = new SolarisSystem();

  114. 

  115. 	if (ss == null) {

  116. 	    succeeded = false;

  117. 	    throw new FailedLoginException

  118. 				("Failed in attempt to import " +

  119. 				"the underlying system identity information");

  120. 	} else {

  121. 	    userPrincipal = new SolarisPrincipal(ss.getUsername());

  122. 	    UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());

  123. 	    GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);

  124. 	    if (ss.getGroups() != null && ss.getGroups().length > 0)

  125. 		solarisGroups = ss.getGroups();

  126. 		for (int i = 0; i < solarisGroups.length; i++) {

  127. 		    SolarisNumericGroupPrincipal ngp =

  128. 			new SolarisNumericGroupPrincipal

  129. 			(solarisGroups[i], false);

  130. 		    if (!ngp.getName().equals(GIDPrincipal.getName()))

  131. 			supplementaryGroups.add(ngp);

  132. 		}

  133. 	    if (debug) {

  134. 		System.out.println("\t\t[SolarisLoginModule]: " +

  135. 			"succeeded importing info: ");

  136. 		System.out.println("\t\t\tuid = " + ss.getUid());

  137. 		System.out.println("\t\t\tgid = " + ss.getGid());

  138. 		solarisGroups = ss.getGroups();

  139. 		for (int i = 0; i < solarisGroups.length; i++) {

  140. 		    System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);

  141. 		}

  142. 	    }

  143. 	    succeeded = true;

  144. 	    return true;

  145. 	}

  146.     }

  147. 

  148.     /**

  149.      * Commit the authentication (second phase).

  150.      *

  151.      * <p> This method is called if the LoginContext's

  152.      * overall authentication succeeded

  153.      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules

  154.      * succeeded).

  155.      *

  156.      * <p> If this LoginModule's own authentication attempt

  157.      * succeeded (the importing of the Solaris authentication information

  158.      * succeeded), then this method associates the Solaris Principals

  159.      * with the <code>Subject</code> currently tied to the 

  160.      * <code>LoginModule</code>.  If this LoginModule's

  161.      * authentication attempted failed, then this method removes

  162.      * any state that was originally saved.

  163.      *

  164.      * <p>

  165.      *

  166.      * @exception LoginException if the commit fails

  167.      *

  168.      * @return true if this LoginModule's own login and commit attempts

  169.      *		succeeded, or false otherwise.

  170.      */

  171.     public boolean commit() throws LoginException {

  172. 	if (succeeded == false) {

  173. 	    if (debug) {

  174. 		System.out.println("\t\t[SolarisLoginModule]: " +

  175. 		    "did not add any Principals to Subject " +

  176. 		    "because own authentication failed.");

  177. 	    }

  178. 	    return false;

  179. 	} 

  180. 	if (subject.isReadOnly()) {

  181. 	    throw new LoginException ("Subject is Readonly");

  182. 	}

  183. 	if (!subject.getPrincipals().contains(userPrincipal))

  184. 	    subject.getPrincipals().add(userPrincipal);

  185. 	if (!subject.getPrincipals().contains(UIDPrincipal))

  186. 	    subject.getPrincipals().add(UIDPrincipal);

  187. 	if (!subject.getPrincipals().contains(GIDPrincipal))

  188. 	    subject.getPrincipals().add(GIDPrincipal);

  189. 	for (int i = 0; i < supplementaryGroups.size(); i++) {

  190. 	    if (!subject.getPrincipals().contains

  191. 		((SolarisNumericGroupPrincipal)supplementaryGroups.get(i)))

  192. 		subject.getPrincipals().add((SolarisNumericGroupPrincipal)

  193. 					    supplementaryGroups.get(i));

  194. 	}

  195. 	

  196. 	if (debug) {

  197. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  198. 			       "added SolarisPrincipal,");

  199. 	    System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");

  200. 	    System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");

  201. 	    System.out.println("\t\t\t to Subject");

  202. 	}

  203. 	

  204. 	commitSucceeded = true;

  205. 	return true;

  206.     }

  207. 

  208. 

  209.     /**

  210.      * Abort the authentication (second phase).

  211.      *

  212.      * <p> This method is called if the LoginContext's

  213.      * overall authentication failed.

  214.      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules

  215.      * did not succeed).

  216.      *

  217.      * <p> This method cleans up any state that was originally saved

  218.      * as part of the authentication attempt from the <code>login</code>

  219.      * and <code>commit</code> methods.

  220.      *

  221.      * <p>

  222.      *

  223.      * @exception LoginException if the abort fails

  224.      *

  225.      * @return false if this LoginModule's own login and/or commit attempts

  226.      *		failed, and true otherwise.

  227.      */

  228.     public boolean abort() throws LoginException {

  229. 	if (debug) {

  230. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  231. 		"aborted authentication attempt");

  232. 	}

  233. 

  234. 	if (succeeded == false) {

  235. 	    return false;

  236. 	} else if (succeeded == true && commitSucceeded == false) {

  237. 

  238. 	    // Clean out state

  239. 	    succeeded = false;

  240. 	    ss = null;

  241. 	    userPrincipal = null;

  242. 	    UIDPrincipal = null;

  243. 	    GIDPrincipal = null;

  244. 	    supplementaryGroups = new LinkedList();

  245. 	} else {

  246. 	    // overall authentication succeeded and commit succeeded,

  247. 	    // but someone else's commit failed

  248. 	    logout();

  249. 	}

  250. 	return true;

  251.     }

  252. 

  253.     /**

  254.      * Logout the user

  255.      *

  256.      * <p> This method removes the Principals associated

  257.      * with the <code>Subject</code>.

  258.      *

  259.      * <p>

  260.      *

  261.      * @exception LoginException if the logout fails

  262.      *

  263.      * @return true in all cases (this <code>LoginModule</code>

  264.      *		should not be ignored).

  265.      */

  266.     public boolean logout() throws LoginException {

  267. 	if (debug) {

  268. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  269. 		"Entering logout");

  270. 	}

  271. 	if (subject.isReadOnly()) {

  272. 	    throw new LoginException ("Subject is Readonly");

  273. 	}

  274. 	// remove the added Principals from the Subject

  275. 	subject.getPrincipals().remove(userPrincipal);

  276. 	subject.getPrincipals().remove(UIDPrincipal);

  277. 	subject.getPrincipals().remove(GIDPrincipal);

  278. 	for (int i = 0; i < supplementaryGroups.size(); i++) {

  279. 	    subject.getPrincipals().remove

  280. 		    ((SolarisNumericGroupPrincipal)supplementaryGroups.get(i));

  281. 	}

  282. 

  283. 	// clean out state

  284. 	ss = null;

  285. 	succeeded = false;

  286. 	commitSucceeded = false;

  287. 	userPrincipal = null;

  288. 	UIDPrincipal = null;

  289. 	GIDPrincipal = null;

  290. 	supplementaryGroups = new LinkedList();

  291. 

  292. 	if (debug) {

  293. 	    System.out.println("\t\t[SolarisLoginModule]: " +

  294. 		"logged out Subject");

  295. 	}

  296. 	return true;

  297.     }

  298. }