Skip to content
Permalink
Browse files
[FIXED JENKINS-9094] "Remember me" doesn't work with PAM
  • Loading branch information
kohsuke committed Mar 19, 2011
1 parent 371993e commit ca4de00c2c93b156a3e4ffc1d5c39d13e351792e
Showing with 54 additions and 9 deletions.
  1. +3 −0 changelog.html
  2. +1 −1 core/pom.xml
  3. +18 −8 core/src/main/java/hudson/security/PAMSecurityRealm.java
  4. +32 −0 test/src/test/java/hudson/security/PAMSecurityRealmTest.java
@@ -82,6 +82,9 @@
<li class=bug>
Build list tables had "Date" as column label, but actual content of the column was "Time Since".
(<a href="http://issues.jenkins-ci.org/browse/JENKINS-9102">issue 9102</a>)
<li class=bug>
PAM authentication fails to restore group membership information on "remember me" tokens.
(<a href="http://issues.jenkins-ci.org/browse/JENKINS-9094">issue 9094</a>)
<li class=rfe>
Added the <tt>--mimeTypes</tt> command line option to define additional MIME type mappings.
<li class=rfe>
@@ -763,7 +763,7 @@ THE SOFTWARE.
<dependency>
<groupId>org.jvnet.libpam4j</groupId>
<artifactId>libpam4j</artifactId>
<version>1.2</version>
<version>1.4</version>
</dependency>
<dependency>
<groupId>org.jvnet.libzfs</groupId>
@@ -88,11 +88,7 @@ public Authentication authenticate(Authentication authentication) throws Authent

try {
UnixUser u = new PAM(serviceName).authenticate(username, password);
Set<String> grps = u.getGroups();
GrantedAuthority[] groups = new GrantedAuthority[grps.size()];
int i=0;
for (String g : grps)
groups[i++] = new GrantedAuthorityImpl(g);
GrantedAuthority[] groups = toAuthorities(u);

// I never understood why Acegi insists on keeping the password...
return new UsernamePasswordAuthenticationToken(username, password, groups);
@@ -119,14 +115,28 @@ public SecurityComponents createSecurityComponents() {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
if(!UnixUser.exists(username))
throw new UsernameNotFoundException("No such Unix user: "+username);
// return some dummy instance
return new User(username,"",true,true,true,true,
new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
try {
UnixUser uu = new UnixUser(username);
// return some dummy instance
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
}
}
}
);
}

private static GrantedAuthority[] toAuthorities(UnixUser u) {
Set<String> grps = u.getGroups();
GrantedAuthority[] groups = new GrantedAuthority[grps.size()+1];
int i=0;
for (String g : grps)
groups[i++] = new GrantedAuthorityImpl(g);
groups[i++] = AUTHENTICATED_AUTHORITY;
return groups;
}

@Override
public GroupDetails loadGroupByGroupname(final String groupname) throws UsernameNotFoundException, DataAccessException {
if(CLibrary.libc.getgrnam(groupname)==null)
@@ -0,0 +1,32 @@
package hudson.security;

import hudson.Functions;
import hudson.security.SecurityRealm.SecurityComponents;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.jvnet.hudson.test.HudsonTestCase;

import java.util.Arrays;

import static hudson.util.jna.GNUCLibrary.*;

/**
* @author Kohsuke Kawaguchi
*/
public class PAMSecurityRealmTest extends HudsonTestCase {
public void testLoadUsers() {
if (Functions.isWindows()) return; // skip on Windows

SecurityComponents sc = new PAMSecurityRealm("sshd").getSecurityComponents();

try {
sc.userDetails.loadUserByUsername("bogus-bogus-bogus");
fail("no such user");
} catch (UsernameNotFoundException e) {
// expected
}

String name = LIBC.getpwuid(LIBC.geteuid()).pw_name;

System.out.println(Arrays.asList(sc.userDetails.loadUserByUsername(name).getAuthorities()));
}
}

0 comments on commit ca4de00

Please sign in to comment.