View Javadoc
1   /**
2    * Waffle (https://github.com/dblock/waffle)
3    *
4    * Copyright (c) 2010 - 2015 Application Security, Inc.
5    *
6    * All rights reserved. This program and the accompanying materials
7    * are made available under the terms of the Eclipse Public License v1.0
8    * which accompanies this distribution, and is available at
9    * http://www.eclipse.org/legal/epl-v10.html
10   *
11   * Contributors:
12   *     Application Security, Inc.
13   */
14  package waffle.windows.auth;
15  
16  /**
17   * Implements Windows authentication functions.
18   * 
19   * @author dblock[at]dblock[dot]org
20   */
21  public interface IWindowsAuthProvider {
22  
23      /**
24       * The LogonUser function attempts to log a user on to the local computer using a network logon type and the default
25       * authentication provider.
26       * 
27       * @param username
28       *            A string that specifies the name of the user in the UPN format.
29       * @param password
30       *            A string that specifies the plaintext password for the user account specified by username.
31       * @return Windows identity.
32       */
33      IWindowsIdentity logonUser(final String username, final String password);
34  
35      /**
36       * The LogonDomainUser function attempts to log a user on to the local computer using a network logon type and the
37       * default authentication provider.
38       * 
39       * @param username
40       *            A string that specifies the name of the user. This is the name of the user account to log on to. If
41       *            you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL.
42       * @param domain
43       *            A string that specifies the name of the domain or server whose account database contains the username
44       *            account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter
45       *            is ".", the function validates the account by using only the local account database.
46       * @param password
47       *            A string that specifies the plaintext password for the user account specified by username.
48       * @return Windows identity.
49       */
50      IWindowsIdentity logonDomainUser(final String username, final String domain, final String password);
51  
52      /**
53       * The LogonDomainUserEx function attempts to log a user on to the local computer. The local computer is the
54       * computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer. You specify
55       * the user with a user name and domain and authenticate the user with a plaintext password.
56       * 
57       * @param username
58       *            A string that specifies the name of the user. This is the name of the user account to log on to. If
59       *            you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL.
60       * @param domain
61       *            A string that specifies the name of the domain or server whose account database contains the username
62       *            account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter
63       *            is ".", the function validates the account by using only the local account database.
64       * @param password
65       *            A string that specifies the plaintext password for the user account specified by username.
66       * @param logonType
67       *            The type of logon operation to perform.
68       * @param logonProvider
69       *            Specifies the logon provider.
70       * @return Windows identity.
71       */
72      IWindowsIdentity logonDomainUserEx(final String username, final String domain, final String password,
73              final int logonType, final int logonProvider);
74  
75      /**
76       * Retrieve a security identifier (SID) for the account and the name of the domain or local computer on which the
77       * account was found.
78       * 
79       * @param username
80       *            Fully qualified or partial username.
81       * @return Windows account.
82       */
83      IWindowsAccount lookupAccount(final String username);
84  
85      /**
86       * Retrieve the current computer information.
87       * 
88       * @return Current computer information.
89       */
90      IWindowsComputer getCurrentComputer();
91  
92      /**
93       * Retrieve a list of domains (Active Directory) on the local server.
94       * 
95       * @return A list of domains.
96       */
97      IWindowsDomain[] getDomains();
98  
99      /**
100      * Attempts to validate the user using an SSPI token. This token is generated by the client via the
101      * InitializeSecurityContext(package) method described in
102      * http://msdn.microsoft.com/en-us/library/aa375509(VS.85).aspx
103      * 
104      * @param connectionId
105      *            A unique connection id.
106      * @param token
107      *            The security token generated by the client wishing to logon.
108      * @param securityPackage
109      *            The name of the security package to use. Can be any security package supported by both the client and
110      *            the server. This is usually set to "Negotiate" which will use SPNEGO to determine which security
111      *            package to use. Other common values are "Kerberos" and "NTLM".
112      * @return Windows account.
113      */
114     IWindowsSecurityContext acceptSecurityToken(final String connectionId, final byte[] token,
115             final String securityPackage);
116 
117     /**
118      * Reset a previously saved continuation security token for a given connection id.
119      * 
120      * @param connectionId
121      *            Connection id.
122      */
123     void resetSecurityToken(final String connectionId);
124 }