mirror of
https://github.com/nicolabs/script-realm-plugin.git
synced 2025-09-07 05:13:16 +02:00
add 'SystemRoot' variable for win to loadGroups
This commit is contained in:
imod
parent
d50ca3cc7a
commit
385345d4b7
|
|
@ -82,14 +82,13 @@ public class ScriptSecurityRealm extends AbstractPasswordBasedSecurityRealm {
|
|||
try {
|
||||
StringWriter out = new StringWriter();
|
||||
LocalLauncher launcher = new LoginScriptLauncher(new StreamTaskListener(out));
|
||||
Map<String,String> overrides = new HashMap<String, String>();
|
||||
Map<String, String> overrides = new HashMap<String, String>();
|
||||
overrides.put("U", username);
|
||||
overrides.put("P", password);
|
||||
if (System.getProperty("os.name").toLowerCase().contains("win")) {
|
||||
if (isWindows()) {
|
||||
overrides.put("SystemRoot", System.getenv("SystemRoot"));
|
||||
}
|
||||
if (launcher.launch().cmds(QuotedStringTokenizer.tokenize(commandLine)).stdout(new NullOutputStream()).envs(overrides)
|
||||
.join() != 0) {
|
||||
if (launcher.launch().cmds(QuotedStringTokenizer.tokenize(commandLine)).stdout(new NullOutputStream()).envs(overrides).join() != 0) {
|
||||
throw new BadCredentialsException(out.toString());
|
||||
}
|
||||
GrantedAuthority[] groups = loadGroups(username);
|
||||
|
|
@ -129,8 +128,13 @@ public class ScriptSecurityRealm extends AbstractPasswordBasedSecurityRealm {
|
|||
if (!StringUtils.isBlank(groupsCommandLine)) {
|
||||
StringWriter out = new StringWriter();
|
||||
LocalLauncher launcher = new LoginScriptLauncher(new StreamTaskListener(out));
|
||||
Map<String, String> overrides = new HashMap<String, String>();
|
||||
overrides.put("U", username);
|
||||
if (isWindows()) {
|
||||
overrides.put("SystemRoot", System.getenv("SystemRoot"));
|
||||
}
|
||||
OutputStream scriptOut = new ByteArrayOutputStream();
|
||||
if (launcher.launch().cmds(QuotedStringTokenizer.tokenize(groupsCommandLine)).stdout(scriptOut).envs("U=" + username).join() == 0) {
|
||||
if (launcher.launch().cmds(QuotedStringTokenizer.tokenize(groupsCommandLine)).stdout(scriptOut).envs(overrides).join() == 0) {
|
||||
StringTokenizer tokenizer = new StringTokenizer(scriptOut.toString().trim(), groupsDelimiter);
|
||||
while (tokenizer.hasMoreTokens()) {
|
||||
final String token = tokenizer.nextToken().trim();
|
||||
|
|
@ -150,4 +154,9 @@ public class ScriptSecurityRealm extends AbstractPasswordBasedSecurityRealm {
|
|||
throw new AuthenticationServiceException("Failed", e);
|
||||
}
|
||||
}
|
||||
|
||||
public boolean isWindows() {
|
||||
String os = System.getProperty("os.name").toLowerCase();
|
||||
return os.contains("win");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,21 +1,44 @@
|
|||
package hudson.plugins.script_realm;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.jvnet.hudson.test.HudsonTestCase;
|
||||
|
||||
/**
|
||||
* @author Kohsuke Kawaguchi
|
||||
*/
|
||||
public class ScriptSecurityRealmTest extends HudsonTestCase {
|
||||
|
||||
private File trueScript = new File("src/test/resources/true.sh");
|
||||
private File falseScript = new File("src/test/resources/false.sh");
|
||||
|
||||
@Override
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
if (!trueScript.exists()) {
|
||||
throw new IllegalStateException(trueScript.getAbsolutePath() + " file not found!");
|
||||
}
|
||||
if (!falseScript.exists()) {
|
||||
throw new IllegalStateException(falseScript.getAbsolutePath() + " file not found!");
|
||||
}
|
||||
Runtime.getRuntime().exec("chmod 777 " + trueScript.getAbsolutePath());
|
||||
Runtime.getRuntime().exec("chmod 777 " + falseScript.getAbsolutePath());
|
||||
}
|
||||
|
||||
public void test1() {
|
||||
new ScriptSecurityRealm("/bin/true", null, null).authenticate("test",
|
||||
"test");
|
||||
UserDetails user = new ScriptSecurityRealm(trueScript.getAbsolutePath(), null, null).authenticate("test", "test");
|
||||
System.out.println("**-->" + user);
|
||||
assertTrue("user account not enabled", user.isEnabled());
|
||||
assertTrue("user credentials expired", user.isCredentialsNonExpired());
|
||||
assertTrue("user account locked", user.isAccountNonLocked());
|
||||
assertTrue("user account expired", user.isAccountNonExpired());
|
||||
}
|
||||
|
||||
public void test2() {
|
||||
try {
|
||||
new ScriptSecurityRealm("/bin/false", null, null).authenticate(
|
||||
"test", "test");
|
||||
new ScriptSecurityRealm(falseScript.getAbsolutePath(), null, null).authenticate("test", "test");
|
||||
fail();
|
||||
} catch (AuthenticationException e) {
|
||||
// as expected
|
||||
|
|
|
|||
1
src/test/resources/false.sh
Executable file
1
src/test/resources/false.sh
Executable file
|
|
@ -0,0 +1 @@
|
|||
exit 1
|
||||
1
src/test/resources/true.sh
Executable file
1
src/test/resources/true.sh
Executable file
|
|
@ -0,0 +1 @@
|
|||
exit 0
|
||||
Loading…
Reference in a new issue