/** * MailArchiver is an application that provides services for storing and managing e-mail messages through a Web Services SOAP interface. * Copyright (C) 2012 Marcio Andre Scholl Levien and Fernando Alberto Reuter Wendt and Jose Ronaldo Nogueira Fonseca Junior * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ /******************************************************************************\ * * This product was developed by * * SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), * * a government company established under Brazilian law (5.615/70), * at Department of Development of Porto Alegre. * \******************************************************************************/ package serpro.mailarchiver.util; import com.sun.jna.Platform; import com.sun.jna.platform.win32.Advapi32; import com.sun.jna.platform.win32.Kernel32; import com.sun.jna.platform.win32.W32Errors; import com.sun.jna.platform.win32.WinBase; import com.sun.jna.platform.win32.WinNT.HANDLE; import com.sun.jna.platform.win32.WinNT.HANDLEByReference; import org.jvnet.libpam.PAM; import org.jvnet.libpam.PAMException; import org.jvnet.libpam.UnixUser; public class SystemAuthenticator { private static final Logger log = Logger.getLocalLogger(); public SystemAccount authenticate(String username, String password) { return authenticate(username, password, null); } public SystemAccount authenticate(String username, String password, String domain) { if(username == null) { return null; } if(password == null) { password = ""; } if(domain == null) { //domain = ""; domain = ""; // "." significa usar a estação local } if(Platform.isWindows()) { HANDLE token = null; try { HANDLEByReference tokenRef = new HANDLEByReference(); boolean success = Advapi32.INSTANCE.LogonUser( username, domain, password, //Logon types e desc -> http://msdn.microsoft.com/en-us/library/windows/desktop/aa378184%28v=vs.85%29.aspx //WinBase.LOGON32_LOGON_BATCH, //WinBase.LOGON32_LOGON_NETWORK, //WinBase.LOGON32_LOGON_SERVICE, //WinBase.LOGON32_LOGON_INTERACTIVE, WinBase.LOGON32_LOGON_NETWORK_CLEARTEXT, WinBase.LOGON32_PROVIDER_DEFAULT, tokenRef); if(success) { token = tokenRef.getValue(); return new SystemAccount(token); } else { int error = Kernel32.INSTANCE.GetLastError(); String errorDesc; switch(error) { case W32Errors.ERROR_LOGON_FAILURE: errorDesc = "logon failure"; break; case W32Errors.ERROR_INVALID_PARAMETER: errorDesc = "invalid parameter"; break; case W32Errors.ERROR_INVALID_PASSWORD: errorDesc = "invalid password"; break; case W32Errors.ERROR_LOGON_NOT_GRANTED: errorDesc = "logon not granted"; break; case W32Errors.ERROR_LOGON_TYPE_NOT_GRANTED: errorDesc = "logon type not granted"; break; case W32Errors.ERROR_ACCOUNT_RESTRICTION: errorDesc = "account restriction"; break; default: errorDesc = "" + error; } log.error("System authentication error: %s", errorDesc); } } finally { if(token != null) { Kernel32.INSTANCE.CloseHandle(token); } } } else { PAM pam = null; try { pam = new PAM("common-auth"); UnixUser unixUser = pam.authenticate(username, password); return new SystemAccount(unixUser); } catch(PAMException ex) { log.error("System authentication error: %s" + ex.getMessage()); } finally { if(pam != null) { pam.dispose(); } } } return null; } }