mirrors
/
gitblit
spogulis no https://github.com/gitblit/gitblit.git
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Laidieni 43 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
1533 Revīzijas
11 Atzari
Koks: db4f6b5740
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'db4f6b5740'
${ noResults }
gitblit/src/main/java/com/gitblit/PAMUserService.java

PAMUserService.java 4.2KB
Neapstrādāts Vainot Vēsture

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. /*

  2.  * Copyright 2013 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit;

  17. 

  18. import java.io.File;

  19. 

  20. import org.jvnet.libpam.PAM;

  21. import org.jvnet.libpam.PAMException;

  22. import org.jvnet.libpam.impl.CLibrary;

  23. import org.slf4j.Logger;

  24. import org.slf4j.LoggerFactory;

  25. 

  26. import com.gitblit.Constants.AccountType;

  27. import com.gitblit.manager.IRuntimeManager;

  28. import com.gitblit.models.UserModel;

  29. import com.gitblit.utils.ArrayUtils;

  30. import com.gitblit.utils.StringUtils;

  31. 

  32. /**

  33.  * Implementation of a PAM user service for Linux/Unix/MacOSX.

  34.  *

  35.  * @author James Moger

  36.  */

  37. public class PAMUserService extends GitblitUserService {

  38. 

  39.     private final Logger logger = LoggerFactory.getLogger(PAMUserService.class);

  40. 

  41.     private IStoredSettings settings;

  42. 

  43.     public PAMUserService() {

  44.         super();

  45.     }

  46. 

  47.     @Override

  48.     public void setup(IStoredSettings settings) {

  49.         this.settings = settings;

  50. 

  51.         String file = settings.getString(Keys.realm.pam.backingUserService, "${baseFolder}/users.conf");

  52.         IRuntimeManager runtimeManager = GitBlit.getManager(IRuntimeManager.class);

  53.         File realmFile = runtimeManager.getFileOrFolder(file);

  54. 

  55.         serviceImpl = createUserService(realmFile);

  56.         logger.info("PAM User Service backed by " + serviceImpl.toString());

  57. 

  58.         // Try to identify the passwd database

  59.         String [] files = { "/etc/shadow", "/etc/master.passwd" };

  60. 		File passwdFile = null;

  61. 		for (String name : files) {

  62. 			File f = new File(name);

  63. 			if (f.exists()) {

  64. 				passwdFile = f;

  65. 				break;

  66. 			}

  67. 		}

  68. 		if (passwdFile == null) {

  69. 			logger.error("PAM User Service could not find a passwd database!");

  70. 		} else if (!passwdFile.canRead()) {

  71. 			logger.error("PAM User Service can not read passwd database {}! PAM authentications may fail!", passwdFile);

  72. 		}

  73.     }

  74. 

  75.     @Override

  76.     public boolean supportsCredentialChanges() {

  77.         return false;

  78.     }

  79. 

  80.     @Override

  81.     public boolean supportsDisplayNameChanges() {

  82.         return true;

  83.     }

  84. 

  85.     @Override

  86.     public boolean supportsEmailAddressChanges() {

  87.         return true;

  88.     }

  89. 

  90.     @Override

  91.     public boolean supportsTeamMembershipChanges() {

  92.         return true;

  93.     }

  94. 

  95. 	 @Override

  96. 	protected AccountType getAccountType() {

  97. 		return AccountType.PAM;

  98. 	}

  99. 

  100.     @Override

  101.     public UserModel authenticate(String username, char[] password) {

  102. 		if (isLocalAccount(username)) {

  103. 			// local account, bypass PAM authentication

  104. 			return super.authenticate(username, password);

  105. 		}

  106. 

  107. 		if (CLibrary.libc.getpwnam(username) == null) {

  108. 			logger.warn("Can not get PAM passwd for " + username);

  109. 			return null;

  110. 		}

  111. 

  112. 		PAM pam = null;

  113. 		try {

  114. 			String serviceName = settings.getString(Keys.realm.pam.serviceName, "system-auth");

  115. 			pam = new PAM(serviceName);

  116. 			pam.authenticate(username, new String(password));

  117. 		} catch (PAMException e) {

  118. 			logger.error(e.getMessage());

  119. 			return null;

  120. 		} finally {

  121. 			pam.dispose();

  122. 		}

  123. 

  124.         UserModel user = getUserModel(username);

  125.         if (user == null)	// create user object for new authenticated user

  126.         	user = new UserModel(username.toLowerCase());

  127. 

  128.         // create a user cookie

  129.         if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {

  130.         	user.cookie = StringUtils.getSHA1(user.username + new String(password));

  131.         }

  132. 

  133.         // update user attributes from UnixUser

  134.         user.accountType = getAccountType();

  135.         user.password = Constants.EXTERNAL_ACCOUNT;

  136. 

  137.         // TODO consider mapping PAM groups to teams

  138. 

  139.         // push the changes to the backing user service

  140.         super.updateUserModel(user);

  141. 

  142.         return user;

  143.     }

  144. }