[FIXED JENKINS-9094] "Remember me" doesn't work with PAM

Originally-Committed-As: ca4de00c2c93b156a3e4ffc1d5c39d13e351792e
jenkinsci · Mar 19, 2011 · 9057f6b · 9057f6b
1 parent fe7385a
commit 9057f6b
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 8 deletions.
diff --git a/core/src/main/java/hudson/security/PAMSecurityRealm.java b/core/src/main/java/hudson/security/PAMSecurityRealm.java
@@ -88,11 +88,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 
             try {
                 UnixUser u = new PAM(serviceName).authenticate(username, password);
-                Set<String> grps = u.getGroups();
-                GrantedAuthority[] groups = new GrantedAuthority[grps.size()];
-                int i=0;
-                for (String g : grps)
-                    groups[i++] = new GrantedAuthorityImpl(g);
+                GrantedAuthority[] groups = toAuthorities(u);
 
                 // I never understood why Acegi insists on keeping the password...
                 return new UsernamePasswordAuthenticationToken(username, password, groups);
@@ -119,14 +115,28 @@ public SecurityComponents createSecurityComponents() {
                 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
                     if(!UnixUser.exists(username))
                         throw new UsernameNotFoundException("No such Unix user: "+username);
-                    // return some dummy instance
-                    return new User(username,"",true,true,true,true,
-                            new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
+                    try {
+                        UnixUser uu = new UnixUser(username);
+                        // return some dummy instance
+                        return new User(username,"",true,true,true,true, toAuthorities(uu));
+                    } catch (PAMException e) {
+                        throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
+                    }
                 }
             }
         );
     }
 
+    private static GrantedAuthority[] toAuthorities(UnixUser u) {
+        Set<String> grps = u.getGroups();
+        GrantedAuthority[] groups = new GrantedAuthority[grps.size()+1];
+        int i=0;
+        for (String g : grps)
+            groups[i++] = new GrantedAuthorityImpl(g);
+        groups[i++] = AUTHENTICATED_AUTHORITY;
+        return groups;
+    }
+
     @Override
     public GroupDetails loadGroupByGroupname(final String groupname) throws UsernameNotFoundException, DataAccessException {
         if(CLibrary.libc.getgrnam(groupname)==null)

diff --git a/test/src/test/java/hudson/security/PAMSecurityRealmTest.java b/test/src/test/java/hudson/security/PAMSecurityRealmTest.java
@@ -0,0 +1,32 @@
+package hudson.security;
+
+import hudson.Functions;
+import hudson.security.SecurityRealm.SecurityComponents;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.jvnet.hudson.test.HudsonTestCase;
+
+import java.util.Arrays;
+
+import static hudson.util.jna.GNUCLibrary.*;
+
+/**
+ * @author Kohsuke Kawaguchi
+ */
+public class PAMSecurityRealmTest extends HudsonTestCase {
+    public void testLoadUsers() {
+        if (Functions.isWindows())  return; // skip on Windows
+
+        SecurityComponents sc = new PAMSecurityRealm("sshd").getSecurityComponents();
+
+        try {
+            sc.userDetails.loadUserByUsername("bogus-bogus-bogus");
+            fail("no such user");
+        } catch (UsernameNotFoundException e) {
+            // expected
+        }
+
+        String name = LIBC.getpwuid(LIBC.geteuid()).pw_name;
+
+        System.out.println(Arrays.asList(sc.userDetails.loadUserByUsername(name).getAuthorities()));
+    }
+}