X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSingleUserLoginModule.java;h=4d2cc33390183f406a8fd1a71b2552ae479936d5;hb=3714331f776988facff3632d86ad3f6d6352220c;hp=801e4af7c24d4c4dad48e8c74a755463d1cad9cf;hpb=c643dda1e6d1ccde18dc859ffae26d01cbbe87cf;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
index 801e4af7c..4d2cc3339 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
@@ -1,37 +1,70 @@
 package org.argeo.cms.auth;
 
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.security.Principal;
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.security.auth.x500.X500Principal;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
+import org.argeo.naming.LdapAttrs;
 import org.argeo.node.NodeConstants;
 import org.argeo.node.security.DataAdminPrincipal;
+import org.argeo.osgi.useradmin.IpaUtils;
 
 public class SingleUserLoginModule implements LoginModule {
+	private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
+
 	private Subject subject;
+	private Map<String, Object> sharedState = null;
 
+	@SuppressWarnings("unchecked")
 	@Override
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
 			Map<String, ?> options) {
 		this.subject = subject;
+		this.sharedState = (Map<String, Object>) sharedState;
 	}
 
 	@Override
 	public boolean login() throws LoginException {
+		String username = System.getProperty("user.name");
+		if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
+			sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
 		return true;
 	}
 
 	@Override
 	public boolean commit() throws LoginException {
-		String username = System.getProperty("user.name");
-		X500Principal principal = new X500Principal("uid=" + username + ",dc=localhost,dc=localdomain");
+		X500Principal principal;
+		KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
+		if (kerberosPrincipal != null) {
+			LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
+			principal = new X500Principal(userDn.toString());
+		} else {
+			Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			if (username == null)
+				throw new LoginException("No username available");
+			String hostname;
+			try {
+				hostname = InetAddress.getLocalHost().getHostName();
+			} catch (UnknownHostException e) {
+				log.warn("Using localhost as hostname", e);
+				hostname = "localhost";
+			}
+			String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
+			principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
+		}
 		Set<Principal> principals = subject.getPrincipals();
 		principals.add(principal);
 		principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));