1 /** 2 * Waffle (https://github.com/dblock/waffle) 3 * 4 * Copyright (c) 2010 - 2015 Application Security, Inc. 5 * 6 * All rights reserved. This program and the accompanying materials 7 * are made available under the terms of the Eclipse Public License v1.0 8 * which accompanies this distribution, and is available at 9 * http://www.eclipse.org/legal/epl-v10.html 10 * 11 * Contributors: 12 * Application Security, Inc. 13 */ 14 package waffle.windows.auth; 15 16 /** 17 * Implements Windows authentication functions. 18 * 19 * @author dblock[at]dblock[dot]org 20 */ 21 public interface IWindowsAuthProvider { 22 23 /** 24 * The LogonUser function attempts to log a user on to the local computer using a network logon type and the default 25 * authentication provider. 26 * 27 * @param username 28 * A string that specifies the name of the user in the UPN format. 29 * @param password 30 * A string that specifies the plaintext password for the user account specified by username. 31 * @return Windows identity. 32 */ 33 IWindowsIdentity logonUser(final String username, final String password); 34 35 /** 36 * The LogonDomainUser function attempts to log a user on to the local computer using a network logon type and the 37 * default authentication provider. 38 * 39 * @param username 40 * A string that specifies the name of the user. This is the name of the user account to log on to. If 41 * you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL. 42 * @param domain 43 * A string that specifies the name of the domain or server whose account database contains the username 44 * account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter 45 * is ".", the function validates the account by using only the local account database. 46 * @param password 47 * A string that specifies the plaintext password for the user account specified by username. 48 * @return Windows identity. 49 */ 50 IWindowsIdentity logonDomainUser(final String username, final String domain, final String password); 51 52 /** 53 * The LogonDomainUserEx function attempts to log a user on to the local computer. The local computer is the 54 * computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer. You specify 55 * the user with a user name and domain and authenticate the user with a plaintext password. 56 * 57 * @param username 58 * A string that specifies the name of the user. This is the name of the user account to log on to. If 59 * you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL. 60 * @param domain 61 * A string that specifies the name of the domain or server whose account database contains the username 62 * account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter 63 * is ".", the function validates the account by using only the local account database. 64 * @param password 65 * A string that specifies the plaintext password for the user account specified by username. 66 * @param logonType 67 * The type of logon operation to perform. 68 * @param logonProvider 69 * Specifies the logon provider. 70 * @return Windows identity. 71 */ 72 IWindowsIdentity logonDomainUserEx(final String username, final String domain, final String password, 73 final int logonType, final int logonProvider); 74 75 /** 76 * Retrieve a security identifier (SID) for the account and the name of the domain or local computer on which the 77 * account was found. 78 * 79 * @param username 80 * Fully qualified or partial username. 81 * @return Windows account. 82 */ 83 IWindowsAccount lookupAccount(final String username); 84 85 /** 86 * Retrieve the current computer information. 87 * 88 * @return Current computer information. 89 */ 90 IWindowsComputer getCurrentComputer(); 91 92 /** 93 * Retrieve a list of domains (Active Directory) on the local server. 94 * 95 * @return A list of domains. 96 */ 97 IWindowsDomain[] getDomains(); 98 99 /** 100 * Attempts to validate the user using an SSPI token. This token is generated by the client via the 101 * InitializeSecurityContext(package) method described in 102 * http://msdn.microsoft.com/en-us/library/aa375509(VS.85).aspx 103 * 104 * @param connectionId 105 * A unique connection id. 106 * @param token 107 * The security token generated by the client wishing to logon. 108 * @param securityPackage 109 * The name of the security package to use. Can be any security package supported by both the client and 110 * the server. This is usually set to "Negotiate" which will use SPNEGO to determine which security 111 * package to use. Other common values are "Kerberos" and "NTLM". 112 * @return Windows account. 113 */ 114 IWindowsSecurityContext acceptSecurityToken(final String connectionId, final byte[] token, 115 final String securityPackage); 116 117 /** 118 * Reset a previously saved continuation security token for a given connection id. 119 * 120 * @param connectionId 121 * Connection id. 122 */ 123 void resetSecurityToken(final String connectionId); 124 }