1 | /** |
---|
2 | * MailArchiver is an application that provides services for storing and managing e-mail messages through a Web Services SOAP interface. |
---|
3 | * Copyright (C) 2012 Marcio Andre Scholl Levien and Fernando Alberto Reuter Wendt and Jose Ronaldo Nogueira Fonseca Junior |
---|
4 | * |
---|
5 | * This program is free software: you can redistribute it and/or modify |
---|
6 | * it under the terms of the GNU Affero General Public License as |
---|
7 | * published by the Free Software Foundation, either version 3 of the |
---|
8 | * License, or (at your option) any later version. |
---|
9 | * |
---|
10 | * This program is distributed in the hope that it will be useful, |
---|
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
13 | * GNU Affero General Public License for more details. |
---|
14 | * |
---|
15 | * You should have received a copy of the GNU Affero General Public License |
---|
16 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
---|
17 | */ |
---|
18 | |
---|
19 | /******************************************************************************\ |
---|
20 | * |
---|
21 | * This product was developed by |
---|
22 | * |
---|
23 | * SERVIÃO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), |
---|
24 | * |
---|
25 | * a government company established under Brazilian law (5.615/70), |
---|
26 | * at Department of Development of Porto Alegre. |
---|
27 | * |
---|
28 | \******************************************************************************/ |
---|
29 | |
---|
30 | package serpro.mailarchiver.util; |
---|
31 | |
---|
32 | import com.sun.jna.Platform; |
---|
33 | import com.sun.jna.platform.win32.Advapi32; |
---|
34 | import com.sun.jna.platform.win32.Kernel32; |
---|
35 | import com.sun.jna.platform.win32.W32Errors; |
---|
36 | import com.sun.jna.platform.win32.WinBase; |
---|
37 | import com.sun.jna.platform.win32.WinNT.HANDLE; |
---|
38 | import com.sun.jna.platform.win32.WinNT.HANDLEByReference; |
---|
39 | |
---|
40 | import org.jvnet.libpam.PAM; |
---|
41 | import org.jvnet.libpam.PAMException; |
---|
42 | import org.jvnet.libpam.UnixUser; |
---|
43 | |
---|
44 | public class SystemAuthenticator { |
---|
45 | |
---|
46 | private static final Logger log = Logger.getLocalLogger(); |
---|
47 | |
---|
48 | public SystemAccount authenticate(String username, String password) { |
---|
49 | return authenticate(username, password, null); |
---|
50 | } |
---|
51 | |
---|
52 | public SystemAccount authenticate(String username, String password, String domain) { |
---|
53 | |
---|
54 | if(username == null) { |
---|
55 | return null; |
---|
56 | } |
---|
57 | if(password == null) { |
---|
58 | password = ""; |
---|
59 | } |
---|
60 | if(domain == null) { |
---|
61 | //domain = ""; |
---|
62 | domain = ""; // "." significa usar a estação local |
---|
63 | } |
---|
64 | |
---|
65 | if(Platform.isWindows()) { |
---|
66 | |
---|
67 | HANDLE token = null; |
---|
68 | |
---|
69 | try { |
---|
70 | HANDLEByReference tokenRef = new HANDLEByReference(); |
---|
71 | |
---|
72 | boolean success = Advapi32.INSTANCE.LogonUser( |
---|
73 | username, domain, password, |
---|
74 | |
---|
75 | //Logon types e desc -> http://msdn.microsoft.com/en-us/library/windows/desktop/aa378184%28v=vs.85%29.aspx |
---|
76 | //WinBase.LOGON32_LOGON_BATCH, |
---|
77 | //WinBase.LOGON32_LOGON_NETWORK, |
---|
78 | //WinBase.LOGON32_LOGON_SERVICE, |
---|
79 | //WinBase.LOGON32_LOGON_INTERACTIVE, |
---|
80 | WinBase.LOGON32_LOGON_NETWORK_CLEARTEXT, |
---|
81 | WinBase.LOGON32_PROVIDER_DEFAULT, |
---|
82 | tokenRef); |
---|
83 | |
---|
84 | if(success) { |
---|
85 | token = tokenRef.getValue(); |
---|
86 | return new SystemAccount(token); |
---|
87 | } |
---|
88 | else { |
---|
89 | int error = Kernel32.INSTANCE.GetLastError(); |
---|
90 | String errorDesc; |
---|
91 | switch(error) { |
---|
92 | case W32Errors.ERROR_LOGON_FAILURE: |
---|
93 | errorDesc = "logon failure"; |
---|
94 | break; |
---|
95 | |
---|
96 | case W32Errors.ERROR_INVALID_PARAMETER: |
---|
97 | errorDesc = "invalid parameter"; |
---|
98 | break; |
---|
99 | |
---|
100 | case W32Errors.ERROR_INVALID_PASSWORD: |
---|
101 | errorDesc = "invalid password"; |
---|
102 | break; |
---|
103 | |
---|
104 | case W32Errors.ERROR_LOGON_NOT_GRANTED: |
---|
105 | errorDesc = "logon not granted"; |
---|
106 | break; |
---|
107 | |
---|
108 | case W32Errors.ERROR_LOGON_TYPE_NOT_GRANTED: |
---|
109 | errorDesc = "logon type not granted"; |
---|
110 | break; |
---|
111 | |
---|
112 | case W32Errors.ERROR_ACCOUNT_RESTRICTION: |
---|
113 | errorDesc = "account restriction"; |
---|
114 | break; |
---|
115 | |
---|
116 | default: |
---|
117 | errorDesc = "" + error; |
---|
118 | } |
---|
119 | log.error("System authentication error: %s", errorDesc); |
---|
120 | } |
---|
121 | } |
---|
122 | finally { |
---|
123 | if(token != null) { |
---|
124 | Kernel32.INSTANCE.CloseHandle(token); |
---|
125 | } |
---|
126 | } |
---|
127 | } |
---|
128 | else { |
---|
129 | |
---|
130 | PAM pam = null; |
---|
131 | |
---|
132 | try { |
---|
133 | pam = new PAM("common-auth"); |
---|
134 | UnixUser unixUser = pam.authenticate(username, password); |
---|
135 | return new SystemAccount(unixUser); |
---|
136 | } |
---|
137 | catch(PAMException ex) { |
---|
138 | log.error("System authentication error: %s" + ex.getMessage()); |
---|
139 | } |
---|
140 | finally { |
---|
141 | if(pam != null) { |
---|
142 | pam.dispose(); |
---|
143 | } |
---|
144 | } |
---|
145 | } |
---|
146 | return null; |
---|
147 | } |
---|
148 | } |
---|