private void check(int ret, String msg) throws PAMException { this.ret = ret; if(ret!=0) { if(pht!=null) throw new PAMException(msg+" : "+libpam.pam_strerror(pht,ret)); else throw new PAMException(msg); } }
@Override public void authenticate(String user, String password) throws UserAuthenticationException { for (String profile : profiles) { PAM pam = null; try { pam = new PAM(profile); pam.authenticate(user, password); } catch (PAMException ex) { logger.error("PAM auth failed for user: {} against {} profile. Exception: {}", user, profile, ex.getMessage()); throw new UserAuthenticationException(String.format("PAM auth failed for user: %s using profile: %s", user, profile)); } finally { if (pam != null) { pam.dispose(); } } // No need to check for null unixUser as in case of failure we will not reach here. logger.trace("PAM authentication was successful for user: {} using profile: {}", user, profile); } }
private void check(int ret, String msg) throws PAMException { this.ret = ret; if(ret!=0) { if(pht!=null) throw new PAMException(msg+" : "+libpam.pam_strerror(pht,ret)); else throw new PAMException(msg); } }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { UnixUser u = new PAM(serviceName).authenticate(username, password); Set<String> grps = u.getGroups(); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i=0; for (String g : grps) groups[i++] = new GrantedAuthorityImpl(g); EnvVars.setHudsonUserEnvVar(username); // I never understood why Acegi insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (PAMException e) { throw new BadCredentialsException(e.getMessage(),e); } }
private void check(int ret, String msg) throws PAMException { this.ret = ret; if(ret!=0) { if(pht!=null) throw new PAMException(msg+" : "+libpam.pam_strerror(pht,ret)); else throw new PAMException(msg); } }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { UnixUser u = new PAM(serviceName).authenticate(username, password); Set<String> grps = u.getGroups(); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i=0; for (String g : grps) groups[i++] = new GrantedAuthorityImpl(g); EnvVars.setHudsonUserEnvVar(username); // I never understood why Acegi insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (PAMException e) { throw new BadCredentialsException(e.getMessage(),e); } }
public static Passwd loadPasswd(String userName) throws PAMException { Passwd pwd = libc.getpwnam(userName); if (pwd == null) { throw new PAMException("No user information is available"); } return pwd; }
@Override public Account authenticate(final String username, final String password) { PAM pam = null; try { pam = new PAM(serviceName); pam.authenticate(username, password); log.debug("Authentication succeeded for '{}' against '{}'", username, getRealmName()); Account account = new Account(null, new StandardCredentials(username, password)); cacheAccount(account); return account; } catch (PAMException e) { log.debug("Authentication failed for '{}' against '{}'", username, getRealmName()); log.error(e.getMessage()); } finally { if (pam != null) { pam.dispose(); } } return null; }
public static passwd loadPasswd(String userName) throws PAMException { passwd pwd = libc.getpwnam(userName); if (pwd == null) { throw new PAMException("No user information is available"); } return pwd; } }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; UnixUser user = null; try { user = (new PAM(this.getService())).authenticate(upToken.getUsername(), new String(upToken.getPassword())); } catch (PAMException e) { handleAuthFailure(token, e.getMessage(), e); } HashRequest.Builder builder = new HashRequest.Builder(); Hash credentialsHash = hashService .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build()); /* Coverity Scan CID 1361684 */ if (credentialsHash == null) { handleAuthFailure(token, "Failed to compute hash", null); } return new SimpleAuthenticationInfo(new UnixUserPrincipal(user), credentialsHash.toHex(), credentialsHash.getSalt(), getName()); }
private boolean performLogin() throws LoginException { try { if (_passwordchar != null) { UnixUser user = _pam.authenticate(_username, String.valueOf(_passwordchar)); _principal = new PamPrincipal(user); _authSucceeded = true; return true; } else { throw new PAMException("Password is Null or Empty!!!"); } } catch (PAMException ex) { LoginException le = new FailedLoginException("Invalid username or password"); le.initCause(ex); throw le; } }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; UnixUser user = null; try { user = (new PAM(this.getService())).authenticate(upToken.getUsername(), new String(upToken.getPassword())); } catch (PAMException e) { handleAuthFailure(token, e.getMessage(), e); } HashRequest.Builder builder = new HashRequest.Builder(); Hash credentialsHash = hashService .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build()); /* Coverity Scan CID 1361684 */ if (credentialsHash == null) { handleAuthFailure(token, "Failed to compute hash", null); } return new SimpleAuthenticationInfo(new UnixUserPrincipal(user), credentialsHash.toHex(), credentialsHash.getSalt(), getName()); }
/*package*/ UnixUser(String userName, passwd pwd) throws PAMException { this.userName = userName; this.uid = pwd.pw_uid; this.gid = pwd.pw_gid; int sz = 4; /*sizeof(gid_t)*/ int ngroups = 64; Memory m = new Memory(ngroups*sz); IntByReference pngroups = new IntByReference(ngroups); try { if(libc.getgrouplist(userName,pwd.pw_gid,m,pngroups)<0) { // allocate a bigger memory m = new Memory(pngroups.getValue()*sz); if(libc.getgrouplist(userName,pwd.pw_gid,m,pngroups)<0) // shouldn't happen, but just in case. throw new PAMException("getgrouplist failed"); } ngroups = pngroups.getValue(); } catch (LinkageError e) { // some platform, notably Solaris, doesn't have the getgrouplist function ngroups = libc._getgroupsbymember(userName,m,ngroups,0); if (ngroups<0) throw new PAMException("_getgroupsbymember failed"); } groups = new HashSet<String>(); for( int i=0; i<ngroups; i++ ) { int gid = m.getInt(i * sz); group grp = libc.getgrgid(gid); groups.add(grp.gr_name); } }
if (resultPointer == null) { if(result == 0) { throw new PAMException("No user information is available"); } else { throw new PAMException("Failed to retrieve user information (Error: " + result + ")");
if(libc.getgrouplist(userName,pwd.getPwGid(),m,pngroups)<0) throw new PAMException("getgrouplist failed"); throw new PAMException("_getgroupsbymember failed");
if(libc.getgrouplist(userName,pwd.getPwGid(),m,pngroups)<0) throw new PAMException("getgrouplist failed"); throw new PAMException("_getgroupsbymember failed");
/** * Authenticate the user with a password. * * @return * Upon a successful authentication, return information about the user. * @throws PAMException * If the authentication fails. */ public UnixUser authenticate(String username, String password) throws PAMException { this.password = password; try { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); // several different error code seem to be used to represent authentication failures // check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); } finally { this.password = null; } }
/** * Authenticate the user with a password. * * @return * Upon a successful authentication, return information about the user. * @throws PAMException * If the authentication fails. */ public UnixUser authenticate(String username, String password) throws PAMException { this.password = password; try { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); check(libpam.pam_setcred(pht,0),"pam_setcred failed"); // several different error code seem to be used to represent authentication failures // check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); Passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); } finally { this.password = null; } }
/** * Authenticate the user with a password. * * @return * Upon a successful authentication, return information about the user. * @throws PAMException * If the authentication fails. */ public UnixUser authenticate(String username, String password) throws PAMException { this.password = password; try { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); check(libpam.pam_setcred(pht,0),"pam_setcred failed"); // several different error code seem to be used to represent authentication failures check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); } finally { this.password = null; } }