linkerlau/my-jdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(jdk8): move files to new folder to avoid resources compiled.

Browse Source
This commit is contained in:
linkerlau
2025-09-07 15:25:52 +08:00
parent 3f0047bf6f
commit 8c35cfb1c0
17415 changed files with 217 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

398
jdkSrc/jdk8/com/sun/security/auth/module/Crypt.java Normal file
View File

@@ -0,0 +1,398 @@
/*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* Copyright (c) 1988 AT&T */
/* All Rights Reserved */
/**
* Implements the UNIX crypt(3) function, based on a direct port of the
* libc crypt function.
*
* <p>
* From the crypt man page:
* <p>
* crypt() is the password encryption routine, based on the NBS
* Data Encryption Standard, with variations intended (among
* other things) to frustrate use of hardware implementations
* of the DES for key search.
* <p>
* The first argument to crypt() is normally a user's typed
* password. The second is a 2-character string chosen from
* the set [a-zA-Z0-9./]. the salt string is used to perturb
* the DES algorithm in one
* of 4096 different ways, after which the password is used as
* the key to encrypt repeatedly a constant string. The
* returned value points to the encrypted password, in the same
* alphabet as the salt. The first two characters are the salt
* itself.
*
* @author Roland Schemers
*/
package com.sun.security.auth.module;
class Crypt {
/* EXPORT DELETE START */
private static final byte[] IP = {
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
};
private static final byte[] FP = {
40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25,
};
private static final byte[] PC1_C = {
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
};
private static final byte[] PC1_D = {
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4,
};
private static final byte[] shifts = { 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1, };
private static final byte[] PC2_C = {
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
};
private static final byte[] PC2_D = {
41,52,31,37,47,55,
30,40,51,45,33,48,
44,49,39,56,34,53,
46,42,50,36,29,32,
};
private byte[] C = new byte[28];
private byte[] D = new byte[28];
private byte[] KS;
private byte[] E = new byte[48];
private static final byte[] e2 = {
32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9,10,11,12,13,
12,13,14,15,16,17,
16,17,18,19,20,21,
20,21,22,23,24,25,
24,25,26,27,28,29,
28,29,30,31,32, 1,
};
private void setkey(byte[] key) {
int i, j, k;
byte t;
if (KS == null) {
KS = new byte[16*48];
}
for (i = 0; i < 28; i++) {
C[i] = key[PC1_C[i]-1];
D[i] = key[PC1_D[i]-1];
}
for (i = 0; i < 16; i++) {
for (k = 0; k < shifts[i]; k++) {
t = C[0];
for (j = 0; j < 28-1; j++)
C[j] = C[j+1];
C[27] = t;
t = D[0];
for (j = 0; j < 28-1; j++)
D[j] = D[j+1];
D[27] = t;
}
for (j = 0; j < 24; j++) {
int index = i * 48;
KS[index+j] = C[PC2_C[j]-1];
KS[index+j+24] = D[PC2_D[j]-28-1];
}
}
for (i = 0; i < 48; i++)
E[i] = e2[i];
}
private static final byte[][] S = {
{14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
{15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
{10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
{7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
{2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
{12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
{4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
{13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
};
private static final byte[] P = {
16, 7,20,21,
29,12,28,17,
1,15,23,26,
5,18,31,10,
2, 8,24,14,
32,27, 3, 9,
19,13,30, 6,
22,11, 4,25,
};
private byte[] L = new byte[64];
private byte[] tempL = new byte[32];
private byte[] f = new byte[32];
private byte[] preS = new byte[48];
private void encrypt(byte[] block,int fake) {
int i;
int t, j, k;
int R = 32; // &L[32]
if (KS == null) {
KS = new byte[16*48];
}
for(j=0; j < 64; j++) {
L[j] = block[IP[j]-1];
}
for(i=0; i < 16; i++) {
int index = i * 48;
for(j=0; j < 32; j++) {
tempL[j] = L[R+j];
}
for(j=0; j < 48; j++) {
preS[j] = (byte) (L[R+E[j]-1] ^ KS[index+j]);
}
for(j=0; j < 8; j++) {
t = 6*j;
k = S[j][(preS[t+0]<<5)+
(preS[t+1]<<3)+
(preS[t+2]<<2)+
(preS[t+3]<<1)+
(preS[t+4]<<0)+
(preS[t+5]<<4)];
t = 4*j;
f[t+0] = (byte) ((k>>3)&01);
f[t+1] = (byte) ((k>>2)&01);
f[t+2] = (byte) ((k>>1)&01);
f[t+3] = (byte) ((k>>0)&01);
}
for(j=0; j < 32; j++) {
L[R+j] = (byte) (L[j] ^ f[P[j]-1]);
}
for(j=0; j < 32; j++) {
L[j] = tempL[j];
}
}
for(j=0; j < 32; j++) {
t = L[j];
L[j] = L[R+j];
L[R+j] = (byte)t;
}
for(j=0; j < 64; j++) {
block[j] = L[FP[j]-1];
}
}
/* EXPORT DELETE END */
/**
* Creates a new Crypt object for use with the crypt method.
*
*/
public Crypt()
{
// does nothing at this time
super();
}
/**
* Implements the libc crypt(3) function.
*
* @param pw the password to "encrypt".
*
* @param salt the salt to use.
*
* @return A new byte[13] array that contains the encrypted
* password. The first two characters are the salt.
*
*/
public synchronized byte[] crypt(byte[] pw, byte[] salt) {
int c, i, j, pwi;
byte temp;
byte[] block = new byte[66];
byte[] iobuf = new byte[13];
/* EXPORT DELETE START */
pwi = 0;
for(i=0; pwi < pw.length && i < 64; pwi++) {
c = pw[pwi];
for(j=0; j < 7; j++, i++) {
block[i] = (byte) ((c>>(6-j)) & 01);
}
i++;
}
setkey(block);
for(i=0; i < 66; i++) {
block[i] = 0;
}
for(i=0; i < 2; i++) {
c = salt[i];
iobuf[i] = (byte)c;
if(c > 'Z')
c -= 6;
if(c > '9')
c -= 7;
c -= '.';
for(j=0; j < 6; j++) {
if( ((c>>j) & 01) != 0) {
temp = E[6*i+j];
E[6*i+j] = E[6*i+j+24];
E[6*i+j+24] = temp;
}
}
}
for(i=0; i < 25; i++) {
encrypt(block,0);
}
for(i=0; i < 11; i++) {
c = 0;
for(j=0; j < 6; j++) {
c <<= 1;
c |= block[6*i+j];
}
c += '.';
if(c > '9') {
c += 7;
}
if(c > 'Z') {
c += 6;
}
iobuf[i+2] = (byte)c;
}
//iobuf[i+2] = 0;
if(iobuf[1] == 0) {
iobuf[1] = iobuf[0];
}
/* EXPORT DELETE END */
return(iobuf);
}
/**
* program to test the crypt routine.
*
* The first parameter is the cleartext password, the second is
* the salt to use. The salt should be two characters from the
* set [a-zA-Z0-9./]. Outputs the crypt result.
*
* @param arg command line arguments.
*
*/
public static void main(String arg[]) {
if (arg.length!=2) {
System.err.println("usage: Crypt password salt");
System.exit(1);
}
Crypt c = new Crypt();
try {
byte result[] = c.crypt
(arg[0].getBytes("ISO-8859-1"), arg[1].getBytes("ISO-8859-1"));
for (int i=0; i<result.length; i++) {
System.out.println(" "+i+" "+(char)result[i]);
}
} catch (java.io.UnsupportedEncodingException uee) {
// cannot happen
}
}
}

779
jdkSrc/jdk8/com/sun/security/auth/module/JndiLoginModule.java Normal file
View File

@@ -0,0 +1,779 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import javax.naming.*;
import javax.naming.directory.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.LinkedList;
import java.util.ResourceBundle;
import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import com.sun.security.auth.UnixNumericGroupPrincipal;
/**
* <p> The module prompts for a username and password
* and then verifies the password against the password stored in
* a directory service configured under JNDI.
*
* <p> This <code>LoginModule</code> interoperates with
* any conformant JNDI service provider. To direct this
* <code>LoginModule</code> to use a specific JNDI service provider,
* two options must be specified in the login <code>Configuration</code>
* for this <code>LoginModule</code>.
* <pre>
* user.provider.url=<b>name_service_url</b>
* group.provider.url=<b>name_service_url</b>
* </pre>
*
* <b>name_service_url</b> specifies
* the directory service and path where this <code>LoginModule</code>
* can access the relevant user and group information. Because this
* <code>LoginModule</code> only performs one-level searches to
* find the relevant user information, the <code>URL</code>
* must point to a directory one level above where the user and group
* information is stored in the directory service.
* For example, to instruct this <code>LoginModule</code>
* to contact a NIS server, the following URLs must be specified:
* <pre>
* user.provider.url="nis://<b>NISServerHostName</b>/<b>NISDomain</b>/user"
* group.provider.url="nis://<b>NISServerHostName</b>/<b>NISDomain</b>/system/group"
* </pre>
*
* <b>NISServerHostName</b> specifies the server host name of the
* NIS server (for example, <i>nis.sun.com</i>, and <b>NISDomain</b>
* specifies the domain for that NIS server (for example, <i>jaas.sun.com</i>.
* To contact an LDAP server, the following URLs must be specified:
* <pre>
* user.provider.url="ldap://<b>LDAPServerHostName</b>/<b>LDAPName</b>"
* group.provider.url="ldap://<b>LDAPServerHostName</b>/<b>LDAPName</b>"
* </pre>
*
* <b>LDAPServerHostName</b> specifies the server host name of the
* LDAP server, which may include a port number
* (for example, <i>ldap.sun.com:389</i>),
* and <b>LDAPName</b> specifies the entry name in the LDAP directory
* (for example, <i>ou=People,o=Sun,c=US</i> and <i>ou=Groups,o=Sun,c=US</i>
* for user and group information, respectively).
*
* <p> The format in which the user's information must be stored in
* the directory service is specified in RFC 2307. Specifically,
* this <code>LoginModule</code> will search for the user's entry in the
* directory service using the user's <i>uid</i> attribute,
* where <i>uid=<b>username</b></i>. If the search succeeds,
* this <code>LoginModule</code> will then
* obtain the user's encrypted password from the retrieved entry
* using the <i>userPassword</i> attribute.
* This <code>LoginModule</code> assumes that the password is stored
* as a byte array, which when converted to a <code>String</code>,
* has the following format:
* <pre>
* "{crypt}<b>encrypted_password</b>"
* </pre>
*
* The LDAP directory server must be configured
* to permit read access to the userPassword attribute.
* If the user entered a valid username and password,
* this <code>LoginModule</code> associates a
* <code>UnixPrincipal</code>, <code>UnixNumericUserPrincipal</code>,
* and the relevant UnixNumericGroupPrincipals with the
* <code>Subject</code>.
*
* <p> This LoginModule also recognizes the following <code>Configuration</code>
* options:
* <pre>
* debug if, true, debug messages are output to System.out.
*
* useFirstPass if, true, this LoginModule retrieves the
* username and password from the module's shared state,
* using "javax.security.auth.login.name" and
* "javax.security.auth.login.password" as the respective
* keys. The retrieved values are used for authentication.
* If authentication fails, no attempt for a retry is made,
* and the failure is reported back to the calling
* application.
*
* tryFirstPass if, true, this LoginModule retrieves the
* the username and password from the module's shared state,
* using "javax.security.auth.login.name" and
* "javax.security.auth.login.password" as the respective
* keys. The retrieved values are used for authentication.
* If authentication fails, the module uses the
* CallbackHandler to retrieve a new username and password,
* and another attempt to authenticate is made.
* If the authentication fails, the failure is reported
* back to the calling application.
*
* storePass if, true, this LoginModule stores the username and password
* obtained from the CallbackHandler in the module's
* shared state, using "javax.security.auth.login.name" and
* "javax.security.auth.login.password" as the respective
* keys. This is not performed if existing values already
* exist for the username and password in the shared state,
* or if authentication fails.
*
* clearPass if, true, this <code>LoginModule</code> clears the
* username and password stored in the module's shared state
* after both phases of authentication (login and commit)
* have completed.
* </pre>
*
*/
@jdk.Exported
public class JndiLoginModule implements LoginModule {
private static final ResourceBundle rb = AccessController.doPrivileged(
new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/** JNDI Provider */
public final String USER_PROVIDER = "user.provider.url";
public final String GROUP_PROVIDER = "group.provider.url";
// configurable options
private boolean debug = false;
private boolean strongDebug = false;
private String userProvider;
private String groupProvider;
private boolean useFirstPass = false;
private boolean tryFirstPass = false;
private boolean storePass = false;
private boolean clearPass = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// username, password, and JNDI context
private String username;
private char[] password;
DirContext ctx;
// the user (assume it is a UnixPrincipal)
private UnixPrincipal userPrincipal;
private UnixNumericUserPrincipal UIDPrincipal;
private UnixNumericGroupPrincipal GIDPrincipal;
private LinkedList<UnixNumericGroupPrincipal> supplementaryGroups =
new LinkedList<>();
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, Object> sharedState;
private Map<String, ?> options;
private static final String CRYPT = "{crypt}";
private static final String USER_PWD = "userPassword";
private static final String USER_UID = "uidNumber";
private static final String USER_GID = "gidNumber";
private static final String GROUP_ID = "gidNumber";
private static final String NAME = "javax.security.auth.login.name";
private static final String PWD = "javax.security.auth.login.password";
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
// Unchecked warnings from options.get(String) are safe since we are
// passing known keys.
@SuppressWarnings("unchecked")
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = (Map<String, Object>)sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
strongDebug =
"true".equalsIgnoreCase((String)options.get("strongDebug"));
userProvider = (String)options.get(USER_PROVIDER);
groupProvider = (String)options.get(GROUP_PROVIDER);
tryFirstPass =
"true".equalsIgnoreCase((String)options.get("tryFirstPass"));
useFirstPass =
"true".equalsIgnoreCase((String)options.get("useFirstPass"));
storePass =
"true".equalsIgnoreCase((String)options.get("storePass"));
clearPass =
"true".equalsIgnoreCase((String)options.get("clearPass"));
}
/**
* <p> Prompt for username and password.
* Verify the password against the relevant name service.
*
* <p>
*
* @return true always, since this <code>LoginModule</code>
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @exception LoginException if this <code>LoginModule</code>
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
if (userProvider == null) {
throw new LoginException
("Error: Unable to locate JNDI user provider");
}
if (groupProvider == null) {
throw new LoginException
("Error: Unable to locate JNDI group provider");
}
if (debug) {
System.out.println("\t\t[JndiLoginModule] user provider: " +
userProvider);
System.out.println("\t\t[JndiLoginModule] group provider: " +
groupProvider);
}
// attempt the authentication
if (tryFirstPass) {
try {
// attempt the authentication by getting the
// username and password from shared state
attemptAuthentication(true);
// authentication succeeded
succeeded = true;
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"tryFirstPass succeeded");
}
return true;
} catch (LoginException le) {
// authentication failed -- try again below by prompting
cleanState();
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"tryFirstPass failed with:" +
le.toString());
}
}
} else if (useFirstPass) {
try {
// attempt the authentication by getting the
// username and password from shared state
attemptAuthentication(true);
// authentication succeeded
succeeded = true;
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"useFirstPass succeeded");
}
return true;
} catch (LoginException le) {
// authentication failed
cleanState();
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"useFirstPass failed");
}
throw le;
}
}
// attempt the authentication by prompting for the username and pwd
try {
attemptAuthentication(false);
// authentication succeeded
succeeded = true;
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"regular authentication succeeded");
}
return true;
} catch (LoginException le) {
cleanState();
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"regular authentication failed");
}
throw le;
}
}
/**
* Abstract method to commit the authentication process (phase 2).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>UnixPrincipal</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
} else {
if (subject.isReadOnly()) {
cleanState();
throw new LoginException ("Subject is Readonly");
}
// add Principals to the Subject
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains
(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[JndiLoginModule]: " +
"added UnixPrincipal,");
System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
}
// in any case, clean out state
cleanState();
commitSucceeded = true;
return true;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug)
System.out.println("\t\t[JndiLoginModule]: " +
"aborted authentication failed");
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
cleanState();
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
/**
* Logout a user.
*
* <p> This method removes the Principals
* that were added by the <code>commit</code> method.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
cleanState();
throw new LoginException ("Subject is Readonly");
}
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
cleanState();
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[JndiLoginModule]: " +
"logged out Subject");
}
return true;
}
/**
* Attempt authentication
*
* <p>
*
* @param getPasswdFromSharedState boolean that tells this method whether
* to retrieve the password from the sharedState.
*/
private void attemptAuthentication(boolean getPasswdFromSharedState)
throws LoginException {
String encryptedPassword = null;
// first get the username and password
getUsernamePassword(getPasswdFromSharedState);
try {
// get the user's passwd entry from the user provider URL
InitialContext iCtx = new InitialContext();
ctx = (DirContext)iCtx.lookup(userProvider);
/*
SearchControls controls = new SearchControls
(SearchControls.ONELEVEL_SCOPE,
0,
5000,
new String[] { USER_PWD },
false,
false);
*/
SearchControls controls = new SearchControls();
NamingEnumeration<SearchResult> ne = ctx.search("",
"(uid=" + username + ")",
controls);
if (ne.hasMore()) {
SearchResult result = ne.next();
Attributes attributes = result.getAttributes();
// get the password
// this module works only if the LDAP directory server
// is configured to permit read access to the userPassword
// attribute. The directory administrator need to grant
// this access.
//
// A workaround would be to make the server do authentication
// by setting the Context.SECURITY_PRINCIPAL
// and Context.SECURITY_CREDENTIALS property.
// However, this would make it not work with systems that
// don't do authentication at the server (like NIS).
//
// Setting the SECURITY_* properties and using "simple"
// authentication for LDAP is recommended only for secure
// channels. For nonsecure channels, SSL is recommended.
Attribute pwd = attributes.get(USER_PWD);
String encryptedPwd = new String((byte[])pwd.get(), "UTF8");
encryptedPassword = encryptedPwd.substring(CRYPT.length());
// check the password
if (verifyPassword
(encryptedPassword, new String(password)) == true) {
// authentication succeeded
if (debug)
System.out.println("\t\t[JndiLoginModule] " +
"attemptAuthentication() succeeded");
} else {
// authentication failed
if (debug)
System.out.println("\t\t[JndiLoginModule] " +
"attemptAuthentication() failed");
throw new FailedLoginException("Login incorrect");
}
// save input as shared state only if
// authentication succeeded
if (storePass &&
!sharedState.containsKey(NAME) &&
!sharedState.containsKey(PWD)) {
sharedState.put(NAME, username);
sharedState.put(PWD, password);
}
// create the user principal
userPrincipal = new UnixPrincipal(username);
// get the UID
Attribute uid = attributes.get(USER_UID);
String uidNumber = (String)uid.get();
UIDPrincipal = new UnixNumericUserPrincipal(uidNumber);
if (debug && uidNumber != null) {
System.out.println("\t\t[JndiLoginModule] " +
"user: '" + username + "' has UID: " +
uidNumber);
}
// get the GID
Attribute gid = attributes.get(USER_GID);
String gidNumber = (String)gid.get();
GIDPrincipal = new UnixNumericGroupPrincipal
(gidNumber, true);
if (debug && gidNumber != null) {
System.out.println("\t\t[JndiLoginModule] " +
"user: '" + username + "' has GID: " +
gidNumber);
}
// get the supplementary groups from the group provider URL
ctx = (DirContext)iCtx.lookup(groupProvider);
ne = ctx.search("", new BasicAttributes("memberUid", username));
while (ne.hasMore()) {
result = ne.next();
attributes = result.getAttributes();
gid = attributes.get(GROUP_ID);
String suppGid = (String)gid.get();
if (!gidNumber.equals(suppGid)) {
UnixNumericGroupPrincipal suppPrincipal =
new UnixNumericGroupPrincipal(suppGid, false);
supplementaryGroups.add(suppPrincipal);
if (debug && suppGid != null) {
System.out.println("\t\t[JndiLoginModule] " +
"user: '" + username +
"' has Supplementary Group: " +
suppGid);
}
}
}
} else {
// bad username
if (debug) {
System.out.println("\t\t[JndiLoginModule]: User not found");
}
throw new FailedLoginException("User not found");
}
} catch (NamingException ne) {
// bad username
if (debug) {
System.out.println("\t\t[JndiLoginModule]: User not found");
ne.printStackTrace();
}
throw new FailedLoginException("User not found");
} catch (java.io.UnsupportedEncodingException uee) {
// password stored in incorrect format
if (debug) {
System.out.println("\t\t[JndiLoginModule]: " +
"password incorrectly encoded");
uee.printStackTrace();
}
throw new LoginException("Login failure due to incorrect " +
"password encoding in the password database");
}
// authentication succeeded
}
/**
* Get the username and password.
* This method does not return any value.
* Instead, it sets global name and password variables.
*
* <p> Also note that this method will set the username and password
* values in the shared state in case subsequent LoginModules
* want to use them via use/tryFirstPass.
*
* <p>
*
* @param getPasswdFromSharedState boolean that tells this method whether
* to retrieve the password from the sharedState.
*/
private void getUsernamePassword(boolean getPasswdFromSharedState)
throws LoginException {
if (getPasswdFromSharedState) {
// use the password saved by the first module in the stack
username = (String)sharedState.get(NAME);
password = (char[])sharedState.get(PWD);
return;
}
// prompt for a username and password
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
String protocol = userProvider.substring(0, userProvider.indexOf(":"));
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(protocol + " "
+ rb.getString("username."));
callbacks[1] = new PasswordCallback(protocol + " " +
rb.getString("password."),
false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
}
// print debugging information
if (strongDebug) {
System.out.println("\t\t[JndiLoginModule] " +
"user entered username: " +
username);
System.out.print("\t\t[JndiLoginModule] " +
"user entered password: ");
for (int i = 0; i < password.length; i++)
System.out.print(password[i]);
System.out.println();
}
}
/**
* Verify a password against the encrypted passwd from /etc/shadow
*/
private boolean verifyPassword(String encryptedPassword, String password) {
if (encryptedPassword == null)
return false;
Crypt c = new Crypt();
try {
byte oldCrypt[] = encryptedPassword.getBytes("UTF8");
byte newCrypt[] = c.crypt(password.getBytes("UTF8"),
oldCrypt);
if (newCrypt.length != oldCrypt.length)
return false;
for (int i = 0; i < newCrypt.length; i++) {
if (oldCrypt[i] != newCrypt[i])
return false;
}
} catch (java.io.UnsupportedEncodingException uee) {
// cannot happen, but return false just to be safe
return false;
}
return true;
}
/**
* Clean out state because of a failed authentication attempt
*/
private void cleanState() {
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
ctx = null;
if (clearPass) {
sharedState.remove(NAME);
sharedState.remove(PWD);
}
}
}

939
jdkSrc/jdk8/com/sun/security/auth/module/KeyStoreLoginModule.java Normal file
View File

@@ -0,0 +1,939 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.*;
import javax.security.auth.Destroyable;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.x500.*;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import sun.security.util.Password;
/**
* Provides a JAAS login module that prompts for a key store alias and
* populates the subject with the alias's principal and credentials. Stores
* an <code>X500Principal</code> for the subject distinguished name of the
* first certificate in the alias's credentials in the subject's principals,
* the alias's certificate path in the subject's public credentials, and a
* <code>X500PrivateCredential</code> whose certificate is the first
* certificate in the alias's certificate path and whose private key is the
* alias's private key in the subject's private credentials. <p>
*
* Recognizes the following options in the configuration file:
* <dl>
*
* <dt> <code>keyStoreURL</code> </dt>
* <dd> A URL that specifies the location of the key store. Defaults to
* a URL pointing to the .keystore file in the directory specified by the
* <code>user.home</code> system property. The input stream from this
* URL is passed to the <code>KeyStore.load</code> method.
* "NONE" may be specified if a <code>null</code> stream must be
* passed to the <code>KeyStore.load</code> method.
* "NONE" should be specified if the KeyStore resides
* on a hardware token device, for example.</dd>
*
* <dt> <code>keyStoreType</code> </dt>
* <dd> The key store type. If not specified, defaults to the result of
* calling <code>KeyStore.getDefaultType()</code>.
* If the type is "PKCS11", then keyStoreURL must be "NONE"
* and privateKeyPasswordURL must not be specified.</dd>
*
* <dt> <code>keyStoreProvider</code> </dt>
* <dd> The key store provider. If not specified, uses the standard search
* order to find the provider. </dd>
*
* <dt> <code>keyStoreAlias</code> </dt>
* <dd> The alias in the key store to login as. Required when no callback
* handler is provided. No default value. </dd>
*
* <dt> <code>keyStorePasswordURL</code> </dt>
* <dd> A URL that specifies the location of the key store password. Required
* when no callback handler is provided and
* <code>protected</code> is false.
* No default value. </dd>
*
* <dt> <code>privateKeyPasswordURL</code> </dt>
* <dd> A URL that specifies the location of the specific private key password
* needed to access the private key for this alias.
* The keystore password
* is used if this value is needed and not specified. </dd>
*
* <dt> <code>protected</code> </dt>
* <dd> This value should be set to "true" if the KeyStore
* has a separate, protected authentication path
* (for example, a dedicated PIN-pad attached to a smart card).
* Defaults to "false". If "true" keyStorePasswordURL and
* privateKeyPasswordURL must not be specified.</dd>
*
* </dl>
*/
@jdk.Exported
public class KeyStoreLoginModule implements LoginModule {
private static final ResourceBundle rb = AccessController.doPrivileged(
new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/* -- Fields -- */
private static final int UNINITIALIZED = 0;
private static final int INITIALIZED = 1;
private static final int AUTHENTICATED = 2;
private static final int LOGGED_IN = 3;
private static final int PROTECTED_PATH = 0;
private static final int TOKEN = 1;
private static final int NORMAL = 2;
private static final String NONE = "NONE";
private static final String P11KEYSTORE = "PKCS11";
private static final TextOutputCallback bannerCallback =
new TextOutputCallback
(TextOutputCallback.INFORMATION,
rb.getString("Please.enter.keystore.information"));
private final ConfirmationCallback confirmationCallback =
new ConfirmationCallback
(ConfirmationCallback.INFORMATION,
ConfirmationCallback.OK_CANCEL_OPTION,
ConfirmationCallback.OK);
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, Object> sharedState;
private Map<String, ?> options;
private char[] keyStorePassword;
private char[] privateKeyPassword;
private KeyStore keyStore;
private String keyStoreURL;
private String keyStoreType;
private String keyStoreProvider;
private String keyStoreAlias;
private String keyStorePasswordURL;
private String privateKeyPasswordURL;
private boolean debug;
private javax.security.auth.x500.X500Principal principal;
private Certificate[] fromKeyStore;
private java.security.cert.CertPath certP = null;
private X500PrivateCredential privateCredential;
private int status = UNINITIALIZED;
private boolean nullStream = false;
private boolean token = false;
private boolean protectedPath = false;
/* -- Methods -- */
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example),
* which may be <code>null</code>. <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
@SuppressWarnings("unchecked")
public void initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = (Map<String, Object>)sharedState;
this.options = options;
processOptions();
status = INITIALIZED;
}
private void processOptions() {
keyStoreURL = (String) options.get("keyStoreURL");
if (keyStoreURL == null) {
keyStoreURL =
"file:" +
System.getProperty("user.home").replace(
File.separatorChar, '/') +
'/' + ".keystore";
} else if (NONE.equals(keyStoreURL)) {
nullStream = true;
}
keyStoreType = (String) options.get("keyStoreType");
if (keyStoreType == null) {
keyStoreType = KeyStore.getDefaultType();
}
if (P11KEYSTORE.equalsIgnoreCase(keyStoreType)) {
token = true;
}
keyStoreProvider = (String) options.get("keyStoreProvider");
keyStoreAlias = (String) options.get("keyStoreAlias");
keyStorePasswordURL = (String) options.get("keyStorePasswordURL");
privateKeyPasswordURL = (String) options.get("privateKeyPasswordURL");
protectedPath = "true".equalsIgnoreCase((String)options.get
("protected"));
debug = "true".equalsIgnoreCase((String) options.get("debug"));
if (debug) {
debugPrint(null);
debugPrint("keyStoreURL=" + keyStoreURL);
debugPrint("keyStoreType=" + keyStoreType);
debugPrint("keyStoreProvider=" + keyStoreProvider);
debugPrint("keyStoreAlias=" + keyStoreAlias);
debugPrint("keyStorePasswordURL=" + keyStorePasswordURL);
debugPrint("privateKeyPasswordURL=" + privateKeyPasswordURL);
debugPrint("protectedPath=" + protectedPath);
debugPrint(null);
}
}
/**
* Authenticate the user.
*
* <p> Get the Keystore alias and relevant passwords.
* Retrieve the alias's principal and credentials from the Keystore.
*
* <p>
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean login() throws LoginException {
switch (status) {
case UNINITIALIZED:
default:
throw new LoginException("The login module is not initialized");
case INITIALIZED:
case AUTHENTICATED:
if (token && !nullStream) {
throw new LoginException
("if keyStoreType is " + P11KEYSTORE +
" then keyStoreURL must be " + NONE);
}
if (token && privateKeyPasswordURL != null) {
throw new LoginException
("if keyStoreType is " + P11KEYSTORE +
" then privateKeyPasswordURL must not be specified");
}
if (protectedPath &&
(keyStorePasswordURL != null ||
privateKeyPasswordURL != null)) {
throw new LoginException
("if protected is true then keyStorePasswordURL and " +
"privateKeyPasswordURL must not be specified");
}
// get relevant alias and password info
if (protectedPath) {
getAliasAndPasswords(PROTECTED_PATH);
} else if (token) {
getAliasAndPasswords(TOKEN);
} else {
getAliasAndPasswords(NORMAL);
}
// log into KeyStore to retrieve data,
// then clear passwords
try {
getKeyStoreInfo();
} finally {
if (privateKeyPassword != null &&
privateKeyPassword != keyStorePassword) {
Arrays.fill(privateKeyPassword, '\0');
privateKeyPassword = null;
}
if (keyStorePassword != null) {
Arrays.fill(keyStorePassword, '\0');
keyStorePassword = null;
}
}
status = AUTHENTICATED;
return true;
case LOGGED_IN:
return true;
}
}
/** Get the alias and passwords to use for looking up in the KeyStore. */
@SuppressWarnings("fallthrough")
private void getAliasAndPasswords(int env) throws LoginException {
if (callbackHandler == null) {
// No callback handler - check for alias and password options
switch (env) {
case PROTECTED_PATH:
checkAlias();
break;
case TOKEN:
checkAlias();
checkStorePass();
break;
case NORMAL:
checkAlias();
checkStorePass();
checkKeyPass();
break;
}
} else {
// Callback handler available - prompt for alias and passwords
NameCallback aliasCallback;
if (keyStoreAlias == null || keyStoreAlias.length() == 0) {
aliasCallback = new NameCallback(
rb.getString("Keystore.alias."));
} else {
aliasCallback =
new NameCallback(rb.getString("Keystore.alias."),
keyStoreAlias);
}
PasswordCallback storePassCallback = null;
PasswordCallback keyPassCallback = null;
switch (env) {
case PROTECTED_PATH:
break;
case NORMAL:
keyPassCallback = new PasswordCallback
(rb.getString("Private.key.password.optional."), false);
// fall thru
case TOKEN:
storePassCallback = new PasswordCallback
(rb.getString("Keystore.password."), false);
break;
}
prompt(aliasCallback, storePassCallback, keyPassCallback);
}
if (debug) {
debugPrint("alias=" + keyStoreAlias);
}
}
private void checkAlias() throws LoginException {
if (keyStoreAlias == null) {
throw new LoginException
("Need to specify an alias option to use " +
"KeyStoreLoginModule non-interactively.");
}
}
private void checkStorePass() throws LoginException {
if (keyStorePasswordURL == null) {
throw new LoginException
("Need to specify keyStorePasswordURL option to use " +
"KeyStoreLoginModule non-interactively.");
}
InputStream in = null;
try {
in = new URL(keyStorePasswordURL).openStream();
keyStorePassword = Password.readPassword(in);
} catch (IOException e) {
LoginException le = new LoginException
("Problem accessing keystore password \"" +
keyStorePasswordURL + "\"");
le.initCause(e);
throw le;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
LoginException le = new LoginException(
"Problem closing the keystore password stream");
le.initCause(ioe);
throw le;
}
}
}
}
private void checkKeyPass() throws LoginException {
if (privateKeyPasswordURL == null) {
privateKeyPassword = keyStorePassword;
} else {
InputStream in = null;
try {
in = new URL(privateKeyPasswordURL).openStream();
privateKeyPassword = Password.readPassword(in);
} catch (IOException e) {
LoginException le = new LoginException
("Problem accessing private key password \"" +
privateKeyPasswordURL + "\"");
le.initCause(e);
throw le;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
LoginException le = new LoginException(
"Problem closing the private key password stream");
le.initCause(ioe);
throw le;
}
}
}
}
}
private void prompt(NameCallback aliasCallback,
PasswordCallback storePassCallback,
PasswordCallback keyPassCallback)
throws LoginException {
if (storePassCallback == null) {
// only prompt for alias
try {
callbackHandler.handle(
new Callback[] {
bannerCallback, aliasCallback, confirmationCallback
});
} catch (IOException e) {
LoginException le = new LoginException
("Problem retrieving keystore alias");
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
throw new LoginException(
"Error: " + e.getCallback().toString() +
" is not available to retrieve authentication " +
" information from the user");
}
int confirmationResult = confirmationCallback.getSelectedIndex();
if (confirmationResult == ConfirmationCallback.CANCEL) {
throw new LoginException("Login cancelled");
}
saveAlias(aliasCallback);
} else if (keyPassCallback == null) {
// prompt for alias and key store password
try {
callbackHandler.handle(
new Callback[] {
bannerCallback, aliasCallback,
storePassCallback, confirmationCallback
});
} catch (IOException e) {
LoginException le = new LoginException
("Problem retrieving keystore alias and password");
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
throw new LoginException(
"Error: " + e.getCallback().toString() +
" is not available to retrieve authentication " +
" information from the user");
}
int confirmationResult = confirmationCallback.getSelectedIndex();
if (confirmationResult == ConfirmationCallback.CANCEL) {
throw new LoginException("Login cancelled");
}
saveAlias(aliasCallback);
saveStorePass(storePassCallback);
} else {
// prompt for alias, key store password, and key password
try {
callbackHandler.handle(
new Callback[] {
bannerCallback, aliasCallback,
storePassCallback, keyPassCallback,
confirmationCallback
});
} catch (IOException e) {
LoginException le = new LoginException
("Problem retrieving keystore alias and passwords");
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
throw new LoginException(
"Error: " + e.getCallback().toString() +
" is not available to retrieve authentication " +
" information from the user");
}
int confirmationResult = confirmationCallback.getSelectedIndex();
if (confirmationResult == ConfirmationCallback.CANCEL) {
throw new LoginException("Login cancelled");
}
saveAlias(aliasCallback);
saveStorePass(storePassCallback);
saveKeyPass(keyPassCallback);
}
}
private void saveAlias(NameCallback cb) {
keyStoreAlias = cb.getName();
}
private void saveStorePass(PasswordCallback c) {
keyStorePassword = c.getPassword();
if (keyStorePassword == null) {
/* Treat a NULL password as an empty password */
keyStorePassword = new char[0];
}
c.clearPassword();
}
private void saveKeyPass(PasswordCallback c) {
privateKeyPassword = c.getPassword();
if (privateKeyPassword == null || privateKeyPassword.length == 0) {
/*
* Use keystore password if no private key password is
* specified.
*/
privateKeyPassword = keyStorePassword;
}
c.clearPassword();
}
/** Get the credentials from the KeyStore. */
private void getKeyStoreInfo() throws LoginException {
/* Get KeyStore instance */
try {
if (keyStoreProvider == null) {
keyStore = KeyStore.getInstance(keyStoreType);
} else {
keyStore =
KeyStore.getInstance(keyStoreType, keyStoreProvider);
}
} catch (KeyStoreException e) {
LoginException le = new LoginException
("The specified keystore type was not available");
le.initCause(e);
throw le;
} catch (NoSuchProviderException e) {
LoginException le = new LoginException
("The specified keystore provider was not available");
le.initCause(e);
throw le;
}
/* Load KeyStore contents from file */
InputStream in = null;
try {
if (nullStream) {
// if using protected auth path, keyStorePassword will be null
keyStore.load(null, keyStorePassword);
} else {
in = new URL(keyStoreURL).openStream();
keyStore.load(in, keyStorePassword);
}
} catch (MalformedURLException e) {
LoginException le = new LoginException
("Incorrect keyStoreURL option");
le.initCause(e);
throw le;
} catch (GeneralSecurityException e) {
LoginException le = new LoginException
("Error initializing keystore");
le.initCause(e);
throw le;
} catch (IOException e) {
LoginException le = new LoginException
("Error initializing keystore");
le.initCause(e);
throw le;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
LoginException le = new LoginException
("Error initializing keystore");
le.initCause(ioe);
throw le;
}
}
}
/* Get certificate chain and create a certificate path */
try {
fromKeyStore =
keyStore.getCertificateChain(keyStoreAlias);
if (fromKeyStore == null
|| fromKeyStore.length == 0
|| !(fromKeyStore[0] instanceof X509Certificate))
{
throw new FailedLoginException(
"Unable to find X.509 certificate chain in keystore");
} else {
LinkedList<Certificate> certList = new LinkedList<>();
for (int i=0; i < fromKeyStore.length; i++) {
certList.add(fromKeyStore[i]);
}
CertificateFactory certF=
CertificateFactory.getInstance("X.509");
certP =
certF.generateCertPath(certList);
}
} catch (KeyStoreException e) {
LoginException le = new LoginException("Error using keystore");
le.initCause(e);
throw le;
} catch (CertificateException ce) {
LoginException le = new LoginException
("Error: X.509 Certificate type unavailable");
le.initCause(ce);
throw le;
}
/* Get principal and keys */
try {
X509Certificate certificate = (X509Certificate)fromKeyStore[0];
principal = new javax.security.auth.x500.X500Principal
(certificate.getSubjectDN().getName());
// if token, privateKeyPassword will be null
Key privateKey = keyStore.getKey(keyStoreAlias, privateKeyPassword);
if (privateKey == null
|| !(privateKey instanceof PrivateKey))
{
throw new FailedLoginException(
"Unable to recover key from keystore");
}
privateCredential = new X500PrivateCredential(
certificate, (PrivateKey) privateKey, keyStoreAlias);
} catch (KeyStoreException e) {
LoginException le = new LoginException("Error using keystore");
le.initCause(e);
throw le;
} catch (NoSuchAlgorithmException e) {
LoginException le = new LoginException("Error using keystore");
le.initCause(e);
throw le;
} catch (UnrecoverableKeyException e) {
FailedLoginException fle = new FailedLoginException
("Unable to recover key from keystore");
fle.initCause(e);
throw fle;
}
if (debug) {
debugPrint("principal=" + principal +
"\n certificate="
+ privateCredential.getCertificate() +
"\n alias =" + privateCredential.getAlias());
}
}
/**
* Abstract method to commit the authentication process (phase 2).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>X500Principal</code> for the subject distinguished name of the
* first certificate in the alias's credentials in the subject's
* principals,the alias's certificate path in the subject's public
* credentials, and a<code>X500PrivateCredential</code> whose certificate
* is the first certificate in the alias's certificate path and whose
* private key is the alias's private key in the subject's private
* credentials. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
switch (status) {
case UNINITIALIZED:
default:
throw new LoginException("The login module is not initialized");
case INITIALIZED:
logoutInternal();
throw new LoginException("Authentication failed");
case AUTHENTICATED:
if (commitInternal()) {
return true;
} else {
logoutInternal();
throw new LoginException("Unable to retrieve certificates");
}
case LOGGED_IN:
return true;
}
}
private boolean commitInternal() throws LoginException {
/* If the subject is not readonly add to the principal and credentials
* set; otherwise just return true
*/
if (subject.isReadOnly()) {
throw new LoginException ("Subject is set readonly");
} else {
subject.getPrincipals().add(principal);
subject.getPublicCredentials().add(certP);
subject.getPrivateCredentials().add(privateCredential);
status = LOGGED_IN;
return true;
}
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p> If the loaded KeyStore's provider extends
* <code>java.security.AuthProvider</code>,
* then the provider's <code>logout</code> method is invoked.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
switch (status) {
case UNINITIALIZED:
default:
return false;
case INITIALIZED:
return false;
case AUTHENTICATED:
logoutInternal();
return true;
case LOGGED_IN:
logoutInternal();
return true;
}
}
/**
* Logout a user.
*
* <p> This method removes the Principals, public credentials and the
* private credentials that were added by the <code>commit</code> method.
*
* <p> If the loaded KeyStore's provider extends
* <code>java.security.AuthProvider</code>,
* then the provider's <code>logout</code> method is invoked.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
public boolean logout() throws LoginException {
if (debug)
debugPrint("Entering logout " + status);
switch (status) {
case UNINITIALIZED:
throw new LoginException
("The login module is not initialized");
case INITIALIZED:
case AUTHENTICATED:
default:
// impossible for LoginModule to be in AUTHENTICATED
// state
// assert status != AUTHENTICATED;
return false;
case LOGGED_IN:
logoutInternal();
return true;
}
}
private void logoutInternal() throws LoginException {
if (debug) {
debugPrint("Entering logoutInternal");
}
// assumption is that KeyStore.load did a login -
// perform explicit logout if possible
LoginException logoutException = null;
Provider provider = keyStore.getProvider();
if (provider instanceof AuthProvider) {
AuthProvider ap = (AuthProvider)provider;
try {
ap.logout();
if (debug) {
debugPrint("logged out of KeyStore AuthProvider");
}
} catch (LoginException le) {
// save but continue below
logoutException = le;
}
}
if (subject.isReadOnly()) {
// attempt to destroy the private credential
// even if the Subject is read-only
principal = null;
certP = null;
status = INITIALIZED;
// destroy the private credential
Iterator<Object> it = subject.getPrivateCredentials().iterator();
while (it.hasNext()) {
Object obj = it.next();
if (privateCredential.equals(obj)) {
privateCredential = null;
try {
((Destroyable)obj).destroy();
if (debug)
debugPrint("Destroyed private credential, " +
obj.getClass().getName());
break;
} catch (DestroyFailedException dfe) {
LoginException le = new LoginException
("Unable to destroy private credential, "
+ obj.getClass().getName());
le.initCause(dfe);
throw le;
}
}
}
// throw an exception because we can not remove
// the principal and public credential from this
// read-only Subject
throw new LoginException
("Unable to remove Principal ("
+ "X500Principal "
+ ") and public credential (certificatepath) "
+ "from read-only Subject");
}
if (principal != null) {
subject.getPrincipals().remove(principal);
principal = null;
}
if (certP != null) {
subject.getPublicCredentials().remove(certP);
certP = null;
}
if (privateCredential != null) {
subject.getPrivateCredentials().remove(privateCredential);
privateCredential = null;
}
// throw pending logout exception if there is one
if (logoutException != null) {
throw logoutException;
}
status = INITIALIZED;
}
private void debugPrint(String message) {
// we should switch to logging API
if (message == null) {
System.err.println();
} else {
System.err.println("Debug KeyStoreLoginModule: " + message);
}
}
}

1306
jdkSrc/jdk8/com/sun/security/auth/module/Krb5LoginModule.java Normal file
View File

File diff suppressed because it is too large Load Diff

1068
jdkSrc/jdk8/com/sun/security/auth/module/LdapLoginModule.java Normal file
View File

File diff suppressed because it is too large Load Diff

399
jdkSrc/jdk8/com/sun/security/auth/module/NTLoginModule.java Normal file
View File

@@ -0,0 +1,399 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.util.*;
import java.io.IOException;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import java.security.Principal;
import com.sun.security.auth.NTUserPrincipal;
import com.sun.security.auth.NTSidUserPrincipal;
import com.sun.security.auth.NTDomainPrincipal;
import com.sun.security.auth.NTSidDomainPrincipal;
import com.sun.security.auth.NTSidPrimaryGroupPrincipal;
import com.sun.security.auth.NTSidGroupPrincipal;
import com.sun.security.auth.NTNumericCredential;
/**
* <p> This <code>LoginModule</code>
* renders a user's NT security information as some number of
* <code>Principal</code>s
* and associates them with a <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
*
* <p> This LoginModule also recognizes the debugNative option.
* If set to true in the login Configuration,
* debug messages from the native component of the module
* will be output to the output stream, System.out.
*
* @see javax.security.auth.spi.LoginModule
*/
@jdk.Exported
public class NTLoginModule implements LoginModule {
private NTSystem ntSystem;
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// configurable option
private boolean debug = false;
private boolean debugNative = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
private NTUserPrincipal userPrincipal; // user name
private NTSidUserPrincipal userSID; // user SID
private NTDomainPrincipal userDomain; // user domain
private NTSidDomainPrincipal domainSID; // domain SID
private NTSidPrimaryGroupPrincipal primaryGroup; // primary group
private NTSidGroupPrincipal groups[]; // supplementary groups
private NTNumericCredential iToken; // impersonation token
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). This particular LoginModule only
* extracts the underlying NT system information, so this
* parameter is ignored.<p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
debugNative="true".equalsIgnoreCase((String)options.get("debugNative"));
if (debugNative == true) {
debug = true;
}
}
/**
* Import underlying NT system identity information.
*
* <p>
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @exception LoginException if this <code>LoginModule</code>
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
succeeded = false; // Indicate not yet successful
ntSystem = new NTSystem(debugNative);
if (ntSystem == null) {
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"Failed in NT login");
}
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
if (ntSystem.getName() == null) {
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
userPrincipal = new NTUserPrincipal(ntSystem.getName());
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"succeeded importing info: ");
System.out.println("\t\t\tuser name = " +
userPrincipal.getName());
}
if (ntSystem.getUserSID() != null) {
userSID = new NTSidUserPrincipal(ntSystem.getUserSID());
if (debug) {
System.out.println("\t\t\tuser SID = " +
userSID.getName());
}
}
if (ntSystem.getDomain() != null) {
userDomain = new NTDomainPrincipal(ntSystem.getDomain());
if (debug) {
System.out.println("\t\t\tuser domain = " +
userDomain.getName());
}
}
if (ntSystem.getDomainSID() != null) {
domainSID =
new NTSidDomainPrincipal(ntSystem.getDomainSID());
if (debug) {
System.out.println("\t\t\tuser domain SID = " +
domainSID.getName());
}
}
if (ntSystem.getPrimaryGroupID() != null) {
primaryGroup =
new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID());
if (debug) {
System.out.println("\t\t\tuser primary group = " +
primaryGroup.getName());
}
}
if (ntSystem.getGroupIDs() != null &&
ntSystem.getGroupIDs().length > 0) {
String groupSIDs[] = ntSystem.getGroupIDs();
groups = new NTSidGroupPrincipal[groupSIDs.length];
for (int i = 0; i < groupSIDs.length; i++) {
groups[i] = new NTSidGroupPrincipal(groupSIDs[i]);
if (debug) {
System.out.println("\t\t\tuser group = " +
groups[i].getName());
}
}
}
if (ntSystem.getImpersonationToken() != 0) {
iToken = new NTNumericCredential(ntSystem.getImpersonationToken());
if (debug) {
System.out.println("\t\t\timpersonation token = " +
ntSystem.getImpersonationToken());
}
}
succeeded = true;
return succeeded;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates some
* number of various <code>Principal</code>s
* with the <code>Subject</code> located in the
* <code>LoginModuleContext</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
Set<Principal> principals = subject.getPrincipals();
// we must have a userPrincipal - everything else is optional
if (!principals.contains(userPrincipal)) {
principals.add(userPrincipal);
}
if (userSID != null && !principals.contains(userSID)) {
principals.add(userSID);
}
if (userDomain != null && !principals.contains(userDomain)) {
principals.add(userDomain);
}
if (domainSID != null && !principals.contains(domainSID)) {
principals.add(domainSID);
}
if (primaryGroup != null && !principals.contains(primaryGroup)) {
principals.add(primaryGroup);
}
for (int i = 0; groups != null && i < groups.length; i++) {
if (!principals.contains(groups[i])) {
principals.add(groups[i]);
}
}
Set<Object> pubCreds = subject.getPublicCredentials();
if (iToken != null && !pubCreds.contains(iToken)) {
pubCreds.add(iToken);
}
commitSucceeded = true;
return true;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
ntSystem = null;
userPrincipal = null;
userSID = null;
userDomain = null;
domainSID = null;
primaryGroup = null;
groups = null;
iToken = null;
succeeded = false;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return succeeded;
}
/**
* Logout the user.
*
* <p> This method removes the <code>NTUserPrincipal</code>,
* <code>NTDomainPrincipal</code>, <code>NTSidUserPrincipal</code>,
* <code>NTSidDomainPrincipal</code>, <code>NTSidGroupPrincipal</code>s,
* and <code>NTSidPrimaryGroupPrincipal</code>
* that may have been added by the <code>commit</code> method.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
Set<Principal> principals = subject.getPrincipals();
if (principals.contains(userPrincipal)) {
principals.remove(userPrincipal);
}
if (principals.contains(userSID)) {
principals.remove(userSID);
}
if (principals.contains(userDomain)) {
principals.remove(userDomain);
}
if (principals.contains(domainSID)) {
principals.remove(domainSID);
}
if (principals.contains(primaryGroup)) {
principals.remove(primaryGroup);
}
for (int i = 0; groups != null && i < groups.length; i++) {
if (principals.contains(groups[i])) {
principals.remove(groups[i]);
}
}
Set<Object> pubCreds = subject.getPublicCredentials();
if (pubCreds.contains(iToken)) {
pubCreds.remove(iToken);
}
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
userDomain = null;
userSID = null;
domainSID = null;
groups = null;
primaryGroup = null;
iToken = null;
ntSystem = null;
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"completed logout processing");
}
return true;
}
}

148
jdkSrc/jdk8/com/sun/security/auth/module/NTSystem.java Normal file
View File

@@ -0,0 +1,148 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available NT
* security information for the current user.
*
*/
@jdk.Exported
public class NTSystem {
private native void getCurrent(boolean debug);
private native long getImpersonationToken0();
private String userName;
private String domain;
private String domainSID;
private String userSID;
private String groupIDs[];
private String primaryGroupID;
private long impersonationToken;
/**
* Instantiate an <code>NTSystem</code> and load
* the native library to access the underlying system information.
*/
public NTSystem() {
this(false);
}
/**
* Instantiate an <code>NTSystem</code> and load
* the native library to access the underlying system information.
*/
NTSystem(boolean debug) {
loadNative();
getCurrent(debug);
}
/**
* Get the username for the current NT user.
*
* <p>
*
* @return the username for the current NT user.
*/
public String getName() {
return userName;
}
/**
* Get the domain for the current NT user.
*
* <p>
*
* @return the domain for the current NT user.
*/
public String getDomain() {
return domain;
}
/**
* Get a printable SID for the current NT user's domain.
*
* <p>
*
* @return a printable SID for the current NT user's domain.
*/
public String getDomainSID() {
return domainSID;
}
/**
* Get a printable SID for the current NT user.
*
* <p>
*
* @return a printable SID for the current NT user.
*/
public String getUserSID() {
return userSID;
}
/**
* Get a printable primary group SID for the current NT user.
*
* <p>
*
* @return the primary group SID for the current NT user.
*/
public String getPrimaryGroupID() {
return primaryGroupID;
}
/**
* Get the printable group SIDs for the current NT user.
*
* <p>
*
* @return the group SIDs for the current NT user.
*/
public String[] getGroupIDs() {
return groupIDs == null ? null : groupIDs.clone();
}
/**
* Get an impersonation token for the current NT user.
*
* <p>
*
* @return an impersonation token for the current NT user.
*/
public synchronized long getImpersonationToken() {
if (impersonationToken == 0) {
impersonationToken = getImpersonationToken0();
}
return impersonationToken;
}
private void loadNative() {
System.loadLibrary("jaas_nt");
}
}

315
jdkSrc/jdk8/com/sun/security/auth/module/SolarisLoginModule.java Normal file
View File

@@ -0,0 +1,315 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.util.*;
import java.io.IOException;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import com.sun.security.auth.SolarisPrincipal;
import com.sun.security.auth.SolarisNumericUserPrincipal;
import com.sun.security.auth.SolarisNumericGroupPrincipal;
/**
* <p> This <code>LoginModule</code> imports a user's Solaris
* <code>Principal</code> information (<code>SolarisPrincipal</code>,
* <code>SolarisNumericUserPrincipal</code>,
* and <code>SolarisNumericGroupPrincipal</code>)
* and associates them with the current <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
* @deprecated As of JDK1.4, replaced by
* <code>com.sun.security.auth.module.UnixLoginModule</code>.
* This LoginModule is entirely deprecated and
* is here to allow for a smooth transition to the new
* UnixLoginModule.
*
*/
@jdk.Exported(false)
@Deprecated
public class SolarisLoginModule implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// configurable option
private boolean debug = true;
// SolarisSystem to retrieve underlying system info
private SolarisSystem ss;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// Underlying system info
private SolarisPrincipal userPrincipal;
private SolarisNumericUserPrincipal UIDPrincipal;
private SolarisNumericGroupPrincipal GIDPrincipal;
private LinkedList<SolarisNumericGroupPrincipal> supplementaryGroups =
new LinkedList<>();
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
/**
* Authenticate the user (first phase).
*
* <p> The implementation of this method attempts to retrieve the user's
* Solaris <code>Subject</code> information by making a native Solaris
* system call.
*
* <p>
*
* @exception FailedLoginException if attempts to retrieve the underlying
* system information fail.
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean login() throws LoginException {
long[] solarisGroups = null;
ss = new SolarisSystem();
if (ss == null) {
succeeded = false;
throw new FailedLoginException
("Failed in attempt to import " +
"the underlying system identity information");
} else {
userPrincipal = new SolarisPrincipal(ss.getUsername());
UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());
GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);
if (ss.getGroups() != null && ss.getGroups().length > 0)
solarisGroups = ss.getGroups();
for (int i = 0; i < solarisGroups.length; i++) {
SolarisNumericGroupPrincipal ngp =
new SolarisNumericGroupPrincipal
(solarisGroups[i], false);
if (!ngp.getName().equals(GIDPrincipal.getName()))
supplementaryGroups.add(ngp);
}
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"succeeded importing info: ");
System.out.println("\t\t\tuid = " + ss.getUid());
System.out.println("\t\t\tgid = " + ss.getGid());
solarisGroups = ss.getGroups();
for (int i = 0; i < solarisGroups.length; i++) {
System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);
}
}
succeeded = true;
return true;
}
}
/**
* Commit the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (the importing of the Solaris authentication information
* succeeded), then this method associates the Solaris Principals
* with the <code>Subject</code> currently tied to the
* <code>LoginModule</code>. If this LoginModule's
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit attempts
* succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is Readonly");
}
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"added SolarisPrincipal,");
System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");
System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
commitSucceeded = true;
return true;
}
/**
* Abort the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> This method cleans up any state that was originally saved
* as part of the authentication attempt from the <code>login</code>
* and <code>commit</code> methods.
*
* <p>
*
* @exception LoginException if the abort fails
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
ss = null;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups =
new LinkedList<SolarisNumericGroupPrincipal>();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
/**
* Logout the user
*
* <p> This method removes the Principals associated
* with the <code>Subject</code>.
*
* <p>
*
* @exception LoginException if the logout fails
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean logout() throws LoginException {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"Entering logout");
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is Readonly");
}
// remove the added Principals from the Subject
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
ss = null;
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<SolarisNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"logged out Subject");
}
return true;
}
}

95
jdkSrc/jdk8/com/sun/security/auth/module/SolarisSystem.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available Solaris
* UID/GID/groups information for the current user.
*
*/
@jdk.Exported
public class SolarisSystem {
private native void getSolarisInfo();
protected String username;
protected long uid;
protected long gid;
protected long[] groups;
/**
* Instantiate a <code>SolarisSystem</code> and load
* the native library to access the underlying system information.
*/
public SolarisSystem() {
System.loadLibrary("jaas_unix");
getSolarisInfo();
}
/**
* Get the username for the current Solaris user.
*
* <p>
*
* @return the username for the current Solaris user.
*/
public String getUsername() {
return username;
}
/**
* Get the UID for the current Solaris user.
*
* <p>
*
* @return the UID for the current Solaris user.
*/
public long getUid() {
return uid;
}
/**
* Get the GID for the current Solaris user.
*
* <p>
*
* @return the GID for the current Solaris user.
*/
public long getGid() {
return gid;
}
/**
* Get the supplementary groups for the current Solaris user.
*
* <p>
*
* @return the supplementary groups for the current Solaris user.
*/
public long[] getGroups() {
return groups == null ? null : groups.clone();
}
}

308
jdkSrc/jdk8/com/sun/security/auth/module/UnixLoginModule.java Normal file
View File

@@ -0,0 +1,308 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.util.*;
import java.io.IOException;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import com.sun.security.auth.UnixNumericGroupPrincipal;
/**
* <p> This <code>LoginModule</code> imports a user's Unix
* <code>Principal</code> information (<code>UnixPrincipal</code>,
* <code>UnixNumericUserPrincipal</code>,
* and <code>UnixNumericGroupPrincipal</code>)
* and associates them with the current <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
*
*/
@jdk.Exported
public class UnixLoginModule implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// configurable option
private boolean debug = true;
// UnixSystem to retrieve underlying system info
private UnixSystem ss;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// Underlying system info
private UnixPrincipal userPrincipal;
private UnixNumericUserPrincipal UIDPrincipal;
private UnixNumericGroupPrincipal GIDPrincipal;
private LinkedList<UnixNumericGroupPrincipal> supplementaryGroups =
new LinkedList<>();
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
/**
* Authenticate the user (first phase).
*
* <p> The implementation of this method attempts to retrieve the user's
* Unix <code>Subject</code> information by making a native Unix
* system call.
*
* <p>
*
* @exception FailedLoginException if attempts to retrieve the underlying
* system information fail.
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean login() throws LoginException {
long[] unixGroups = null;
ss = new UnixSystem();
if (ss == null) {
succeeded = false;
throw new FailedLoginException
("Failed in attempt to import " +
"the underlying system identity information");
} else {
userPrincipal = new UnixPrincipal(ss.getUsername());
UIDPrincipal = new UnixNumericUserPrincipal(ss.getUid());
GIDPrincipal = new UnixNumericGroupPrincipal(ss.getGid(), true);
if (ss.getGroups() != null && ss.getGroups().length > 0) {
unixGroups = ss.getGroups();
for (int i = 0; i < unixGroups.length; i++) {
UnixNumericGroupPrincipal ngp =
new UnixNumericGroupPrincipal
(unixGroups[i], false);
if (!ngp.getName().equals(GIDPrincipal.getName()))
supplementaryGroups.add(ngp);
}
}
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"succeeded importing info: ");
System.out.println("\t\t\tuid = " + ss.getUid());
System.out.println("\t\t\tgid = " + ss.getGid());
unixGroups = ss.getGroups();
for (int i = 0; i < unixGroups.length; i++) {
System.out.println("\t\t\tsupp gid = " + unixGroups[i]);
}
}
succeeded = true;
return true;
}
}
/**
* Commit the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (the importing of the Unix authentication information
* succeeded), then this method associates the Unix Principals
* with the <code>Subject</code> currently tied to the
* <code>LoginModule</code>. If this LoginModule's
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit attempts
* succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
} else {
if (subject.isReadOnly()) {
throw new LoginException
("commit Failed: Subject is Readonly");
}
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains
(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"added UnixPrincipal,");
System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
commitSucceeded = true;
return true;
}
}
/**
* Abort the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> This method cleans up any state that was originally saved
* as part of the authentication attempt from the <code>login</code>
* and <code>commit</code> methods.
*
* <p>
*
* @exception LoginException if the abort fails
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
ss = null;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
/**
* Logout the user
*
* <p> This method removes the Principals associated
* with the <code>Subject</code>.
*
* <p>
*
* @exception LoginException if the logout fails
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
throw new LoginException
("logout Failed: Subject is Readonly");
}
// remove the added Principals from the Subject
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
ss = null;
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"logged out Subject");
}
return true;
}
}

95
jdkSrc/jdk8/com/sun/security/auth/module/UnixSystem.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available Unix
* UID/GID/groups information for the current user.
*
*/
@jdk.Exported
public class UnixSystem {
private native void getUnixInfo();
protected String username;
protected long uid;
protected long gid;
protected long[] groups;
/**
* Instantiate a <code>UnixSystem</code> and load
* the native library to access the underlying system information.
*/
public UnixSystem() {
System.loadLibrary("jaas_unix");
getUnixInfo();
}
/**
* Get the username for the current Unix user.
*
* <p>
*
* @return the username for the current Unix user.
*/
public String getUsername() {
return username;
}
/**
* Get the UID for the current Unix user.
*
* <p>
*
* @return the UID for the current Unix user.
*/
public long getUid() {
return uid;
}
/**
* Get the GID for the current Unix user.
*
* <p>
*
* @return the GID for the current Unix user.
*/
public long getGid() {
return gid;
}
/**
* Get the supplementary groups for the current Unix user.
*
* <p>
*
* @return the supplementary groups for the current Unix user.
*/
public long[] getGroups() {
return groups == null ? null : groups.clone();
}
}

27
jdkSrc/jdk8/com/sun/security/auth/module/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
@jdk.Exported
package com.sun.security.auth.module;