📄 unixuserdatabase.java
字号:
package com.sslexplorer.unixauth;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.sslexplorer.boot.ContextHolder;
import com.sslexplorer.boot.PropertyList;
import com.sslexplorer.boot.Util;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.core.CoreUtil;
import com.sslexplorer.security.AccountLockedException;
import com.sslexplorer.security.DefaultUserDatabase;
import com.sslexplorer.security.InvalidLoginCredentialsException;
import com.sslexplorer.security.Role;
import com.sslexplorer.security.User;
import com.sslexplorer.security.UserDatabase;
import com.sslexplorer.security.UserDatabaseException;
public class UNIXUserDatabase extends DefaultUserDatabase implements UserDatabase {
final static Log log = LogFactory.getLog(UNIXUserDatabase.class);
final static File GROUP_FILE = new File("/etc/group");
final static File PASSWD_FILE = new File("/etc/passwd");
final static File SHADOW_FILE = new File("/etc/shadow");
final static File USER_EMAIL_MAP_FILE = new File(ContextHolder.getContext().getConfDirectory(), "userEmailMap.properties");
private UNIXRole[] roles;
private UNIXUser[] users;
private HashMap shadowPasswords;
private Date lastGroupFileChange, lastPasswdFileChange, lastShadowFileChange;
private PropertyList administrators;
private Properties userEmailMap = new Properties();
private long userEmailMapLastModified = -1;
public UNIXUserDatabase() {
super("Unix", false, false, -1);
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.core.Database#open(com.sslexplorer.core.CoreServlet)
*/
public void open(CoreServlet controllingServlet) throws Exception {
administrators = new PropertyList(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.administrators"));
String osName = System.getProperty("os.name", "").toLowerCase();
if (!osName.startsWith("linux") && !osName.startsWith("solaris")) {
log.warn("The UNIXAuth plugin will only be likely to work on Linux based systems, Solaris or other operating systems "
+ "that use /etc/passwd, /etc/group and /etc/shadow. OpenBSD and FreeBSD will definately *not* work.");
}
super.open(controllingServlet);
open = true;
if (System.getProperty("sslexplorer.unix.passwordChange", "false").equals("true")) {
if (new File("/usr/sbin/chpasswd").exists()) {
if (log.isInfoEnabled())
log.info("Found chpasswd, enabling experimental password change support.");
supportsPasswordChange = true;
}
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.security.UserDatabase#logon(java.lang.String,
* java.lang.String)
*/
public User logon(String username, String password) throws UserDatabaseException, InvalidLoginCredentialsException,
AccountLockedException {
if (!checkPassword(username, password)) {
throw new InvalidLoginCredentialsException();
}
try {
return getAccount(username);
} catch (Exception e) {
throw new UserDatabaseException("Failed to get user account.", e);
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.security.UserDatabase#checkPassword(java.lang.String,
* java.lang.String)
*/
public boolean checkPassword(String username, String password) throws UserDatabaseException, InvalidLoginCredentialsException {
// Get the user account
UNIXUser user = null;
try {
user = (UNIXUser) getAccount(username);
} catch (Exception e) {
throw new UserDatabaseException("Could not get user account", e);
}
// Make sure the user exists
if (user == null) {
throw new InvalidLoginCredentialsException();
}
// Determine the password type
String pw = new String(user.getPassword());
try {
if (pw.startsWith("$1$")) {
// MD5
return pw.substring(12).equals(MD5Crypt.crypt(password, pw.substring(3, 11)).substring(12));
} else {
// DES
return DESCrypt.crypt(pw.substring(0, 2), password).equals(pw.substring(2));
}
} catch (Exception e) {
throw new UserDatabaseException("Invalid password format.", e);
}
}
public void logout(User user) {
}
public User[] listAllUsers(String filter) throws Exception {
checkPasswdFile();
if (!filter.equals("*")) {
List l = new ArrayList();
String wildCard = "^" + CoreUtil.replaceAllTokens(filter, "*", ".*") + "$";
Pattern p = Pattern.compile(wildCard, Pattern.CASE_INSENSITIVE);
for (int i = 0; i < users.length; i++) {
Matcher matcher = p.matcher(users[i].getPrincipalName());
if (matcher.matches()) {
l.add(users[i]);
}
}
User[] u = new User[l.size()];
l.toArray(u);
return u;
} else {
return users;
}
}
public com.sslexplorer.policyframework.Principal[] listAvailablePrincipals() throws Exception {
return listAllUsers("*");
}
public com.sslexplorer.policyframework.Principal getPrincipal(String principalName) throws Exception {
return getAccount(principalName);
}
public User getAccount(String username) throws Exception {
try {
checkPasswdFile();
for (int i = 0; i < users.length; i++) {
if (users[i].getPrincipalName().equals(username)) {
return users[i];
}
}
return null;
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
public boolean isDefaultAdministrator(com.sslexplorer.policyframework.Principal principal) throws Exception {
boolean found = false;
if (principal.getPrincipalName().equals("root")) {
found = true;
} else {
for (Iterator j = administrators.iterator(); !found && j.hasNext();) {
found = principal.getPrincipalName().matches((String) j.next());
}
}
return found;
}
public Role getRole(String rolename) throws Exception {
checkGroupFile();
for (int i = 0; i < roles.length; i++) {
if (roles[i].getPrincipalName().equals(rolename)) {
return roles[i];
}
}
return null;
}
public Role[] listAllRoles(String filter) throws Exception {
checkGroupFile();
if (!filter.equals("*")) {
List l = new ArrayList();
String wildCard = "^" + CoreUtil.replaceAllTokens(filter, "*", ".*") + "$";
Pattern p = Pattern.compile(wildCard, Pattern.CASE_INSENSITIVE);
for (int i = 0; i < roles.length; i++) {
Matcher matcher = p.matcher(roles[i].getPrincipalName());
if (matcher.matches()) {
l.add(roles[i]);
}
}
return (Role[]) l.toArray(new Role[l.size()]);
} else {
return roles;
}
}
private void checkGroupFile() throws Exception {
Date current = null;
if (GROUP_FILE.exists()) {
current = new Date(GROUP_FILE.lastModified());
if (lastGroupFileChange == null || !lastGroupFileChange.equals(current)) {
lastGroupFileChange = current;
String line = null;
FileInputStream fin = new FileInputStream(GROUP_FILE);
List rolesList = new ArrayList();
try {
BufferedReader r = new BufferedReader(new InputStreamReader(fin));
while ((line = r.readLine()) != null) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -