From 73c76b8f7ecaa43c7b5d60ade1c2273af525e8f1 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 20 Jun 2013 17:31:41 -0400
Subject: Added WindowsUserService using Waffle

---
 src/main/java/com/gitblit/WindowsUserService.java | 194 ++++++++++++++++++++++
 1 file changed, 194 insertions(+)
 create mode 100644 src/main/java/com/gitblit/WindowsUserService.java

(limited to 'src/main/java/com/gitblit/WindowsUserService.java')

diff --git a/src/main/java/com/gitblit/WindowsUserService.java b/src/main/java/com/gitblit/WindowsUserService.java
new file mode 100644
index 00000000..4830297e
--- /dev/null
+++ b/src/main/java/com/gitblit/WindowsUserService.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2013 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit;
+
+import java.io.File;
+import java.util.Set;
+import java.util.TreeSet;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import waffle.windows.auth.IWindowsAccount;
+import waffle.windows.auth.IWindowsAuthProvider;
+import waffle.windows.auth.IWindowsComputer;
+import waffle.windows.auth.IWindowsIdentity;
+import waffle.windows.auth.impl.WindowsAuthProviderImpl;
+
+import com.gitblit.Constants.AccountType;
+import com.gitblit.models.UserModel;
+import com.gitblit.utils.ArrayUtils;
+import com.gitblit.utils.StringUtils;
+import com.sun.jna.platform.win32.Win32Exception;
+
+/**
+ * Implementation of a Windows user service.
+ * 
+ * @author James Moger
+ */
+public class WindowsUserService extends GitblitUserService {
+
+    private final Logger logger = LoggerFactory.getLogger(WindowsUserService.class);
+
+    private IStoredSettings settings;
+    
+    private IWindowsAuthProvider waffle;
+
+    public WindowsUserService() {
+        super();
+    }
+
+    @Override
+    public void setup(IStoredSettings settings) {
+        this.settings = settings;
+
+        String file = settings.getString(Keys.realm.windows.backingUserService, "${baseFolder}/users.conf");
+        File realmFile = GitBlit.getFileOrFolder(file);
+
+        serviceImpl = createUserService(realmFile);
+        logger.info("Windows User Service backed by " + serviceImpl.toString());
+        
+        waffle = new WindowsAuthProviderImpl();
+        IWindowsComputer computer = waffle.getCurrentComputer();
+        logger.info("      name = " + computer.getComputerName());
+        logger.info("    status = " + describeJoinStatus(computer.getJoinStatus()));
+        logger.info("  memberOf = " + computer.getMemberOf());
+        //logger.info("  groups     = " + Arrays.asList(computer.getGroups()));
+    }
+    
+    protected String describeJoinStatus(String value) {
+    	if ("NetSetupUnknownStatus".equals(value)) {
+    		return "unknown";
+    	} else if ("NetSetupUnjoined".equals(value)) {
+    		return "not joined";
+    	} else if ("NetSetupWorkgroupName".equals(value)) {
+    		return "joined to a workgroup";
+    	} else if ("NetSetupDomainName".equals(value)) {
+    		return "joined to a domain";
+    	}
+    	return value;
+    }
+
+    @Override
+    public boolean supportsCredentialChanges() {
+        return false;
+    }
+
+    @Override
+    public boolean supportsDisplayNameChanges() {
+        return false;
+    }
+
+    @Override
+    public boolean supportsEmailAddressChanges() {
+        return true;
+    }
+
+    @Override
+    public boolean supportsTeamMembershipChanges() {
+        return true;
+    }
+    
+	 @Override
+	protected AccountType getAccountType() {
+		return AccountType.WINDOWS;
+	}
+
+    @Override
+    public UserModel authenticate(String username, char[] password) {
+		if (isLocalAccount(username)) {
+			// local account, bypass Windows authentication
+			return super.authenticate(username, password);
+		}
+
+		String defaultDomain = settings.getString(Keys.realm.windows.defaultDomain, null);
+		if (StringUtils.isEmpty(defaultDomain)) {
+			// ensure that default domain is null
+			defaultDomain = null;
+		}
+
+		if (defaultDomain != null) {
+			// sanitize username
+			if (username.startsWith(defaultDomain + "\\")) {
+				// strip default domain from domain\ username
+				username = username.substring(defaultDomain.length() + 1);
+			} else if (username.endsWith("@" + defaultDomain)) {
+				// strip default domain from username@domain
+				username = username.substring(0, username.lastIndexOf('@'));
+			}
+		}
+
+		IWindowsIdentity identity = null;
+		try {
+			if (username.indexOf('@') > -1 || username.indexOf('\\') > -1) {
+				// manually specified domain
+				identity = waffle.logonUser(username, new String(password));
+			} else {
+				// no domain specified, use default domain
+				identity = waffle.logonDomainUser(username, defaultDomain, new String(password));
+			}
+		} catch (Win32Exception e) {
+			logger.error(e.getMessage());
+			return null;
+		}
+
+		if (identity.isGuest() && !settings.getBoolean(Keys.realm.windows.allowGuests, false)) {
+			logger.warn("Guest account access is disabled");
+			identity.dispose();
+			return null;
+		}
+		
+        UserModel user = getUserModel(username);
+        if (user == null)	// create user object for new authenticated user
+        	user = new UserModel(username.toLowerCase());
+
+        // create a user cookie
+        if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
+        	user.cookie = StringUtils.getSHA1(user.username + new String(password));
+        }
+
+        // update user attributes from Windows identity
+        user.accountType = getAccountType();
+        String fqn = identity.getFqn();
+        if (fqn.indexOf('\\') > -1) {
+        	user.displayName = fqn.substring(fqn.lastIndexOf('\\') + 1);
+        } else {
+        	user.displayName = fqn;
+        }
+        user.password = Constants.EXTERNAL_ACCOUNT;
+
+        Set<String> groupNames = new TreeSet<String>();
+       	for (IWindowsAccount group : identity.getGroups()) {
+       		groupNames.add(group.getFqn());
+        }
+        
+        if (groupNames.contains("BUILTIN\\Administrators")) {
+        	// local administrator
+        	user.canAdmin = true;
+        }
+        
+        // TODO consider mapping Windows groups to teams
+
+        // push the changes to the backing user service
+        super.updateUserModel(user);
+
+
+        // cleanup resources
+        identity.dispose();
+        
+        return user;
+    }
+}
-- 
cgit v1.2.3