org.jvnet.libpam.PAM クラス

org.jvnet.libpam.PAM 連携図

公開メンバ関数
	PAM (String serviceName) throws PAMException
UnixUser	authenticate (String username, String... factors) throws PAMException
Set< String >	getGroupsOfUser (String username) throws PAMException
void	dispose ()

限定公開メンバ関数
void	finalize () throws Throwable

非公開メンバ関数
void	check (int ret, String msg) throws PAMException

非公開変数類
pam_handle_t	pht
int	ret
String []	factors

静的非公開変数類
static final Logger	LOGGER = Logger.getLogger(PAM.class.getName())

詳解

PAM authenticator.

Instances are thread unsafe and non reentrant. An instace cannot be reused to authenticate multiple users.

For an overview of PAM programming, refer to the following resources:

• NetBSD PAM programming guide
• Linux PAM

著者

Kohsuke Kawaguchi

構築子と解体子

PAM()

org.jvnet.libpam.PAM.PAM ( String  serviceName ) throws PAMException

inline

Creates a new authenticator.

引数

serviceName

PAM service name. This corresponds to the service name that shows up in the PAM configuration,

                                                       {
        pam_conv conv = new pam_conv(new PamCallback() {
            public int callback(int num_msg, Pointer msg, Pointer resp, Pointer _) {
                LOGGER.debug("pam_conv num_msg=" + num_msg);
                if (factors == null)
                    return PAM_CONV_ERR;

                // allocates pam_response[num_msg]. the caller will free this
                Pointer m = libc.calloc(pam_response.SIZE, num_msg);
                resp.setPointer(0, m);

                for (int i = 0; i < factors.length; i++) {
                    pam_message pm = new pam_message(msg.getPointer(POINTER_SIZE * i));
                    LOGGER.debug(pm.msg_style + ":" + pm.msg);
                    if (pm.msg_style == PAM_PROMPT_ECHO_OFF) {
                        pam_response r = new pam_response(m.share(pam_response.SIZE * i));
                        r.setResp(factors[i]);
                        r.write(); // write to (*resp)[i]
                    }
                }

                return PAM_SUCCESS;
            }
        });

        PointerByReference phtr = new PointerByReference();
        check(libpam.pam_start(serviceName, null, conv, phtr), "pam_start failed");
        pht = new pam_handle_t(phtr.getValue());
    }

関数詳解

authenticate()

UnixUser org.jvnet.libpam.PAM.authenticate ( String  username, String...  factors  ) throws PAMException

inline

Authenticate the user with a password.

戻り値

Upon a successful authentication, return information about the user.

例外

PAMException

If the authentication fails.

                                                                                         {
        this.factors = factors;
        try {
            check(libpam.pam_set_item(pht, PAM_USER, username), "pam_set_item failed");
            check(libpam.pam_authenticate(pht, 0), "pam_authenticate failed");
            check(libpam.pam_setcred(pht, 0), "pam_setcred failed");
            // several different error code seem to be used to represent authentication failures
            check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed");

            PointerByReference r = new PointerByReference();
            check(libpam.pam_get_item(pht, PAM_USER, r), "pam_get_item failed");
            String userName = r.getValue().getString(0);
            passwd pwd = libc.getpwnam(userName);
            if (pwd == null)
                throw new PAMException("Authentication succeeded but no user information is available");
            return new UnixUser(userName, pwd);
        } finally {
            this.factors = null;
        }
    }

check()

void org.jvnet.libpam.PAM.check ( int  ret, String  msg  ) throws PAMException

inlineprivate

                                                                {
        this.ret = ret;
        if (ret != 0) {
            if (pht != null)
                throw new PAMException(msg + " : " + libpam.pam_strerror(pht, ret));
            else
                throw new PAMException(msg);
        }
    }

dispose()

void org.jvnet.libpam.PAM.dispose ( )

inline

After a successful authentication, call this method to obtain the effective user name. This can be different from the user name that you passed to the authenticate(String, String) method. Performs an early disposal of the object, instead of letting this GC-ed. Since PAM may hold on to native resources that don't put pressure on Java GC, doing this is a good idea.

This method is called by finalize(), too, so it's not required to call this method explicitly, however.

                          {
        if (pht != null) {
            libpam.pam_end(pht, ret);
            pht = null;
        }
    }

finalize()

void org.jvnet.libpam.PAM.finalize ( ) throws Throwable

inlineprotected

                                               {
        super.finalize();
        dispose();
    }

getGroupsOfUser()

Set<String> org.jvnet.libpam.PAM.getGroupsOfUser ( String  username ) throws PAMException

inline

Returns the groups a user belongs to

引数

username

戻り値

Set of group names

例外

PAMException

非推奨:

Pointless and ugly convenience method.

                                                                            {
        return new UnixUser(username).getGroups();
    }

メンバ詳解

factors

String [] org.jvnet.libpam.PAM.factors

private

Temporarily stored to pass a value from authenticate(String, String...) to pam_conv.

LOGGER

final Logger org.jvnet.libpam.PAM.LOGGER = Logger.getLogger(PAM.class.getName())

staticprivate

pht

pam_handle_t org.jvnet.libpam.PAM.pht

private

ret

int org.jvnet.libpam.PAM.ret

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/federation/src/federation/sssd/src/main/java/org/jvnet/libpam/PAM.java