1 /*
2 * MIT License
3 *
4 * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in all
14 * copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24 package waffle.windows.auth;
25
26 /**
27 * Implements Windows authentication functions.
28 */
29 public interface IWindowsAuthProvider {
30
31 /**
32 * The LogonUser function attempts to log a user on to the local computer using a network logon type and the default
33 * authentication provider.
34 *
35 * @param username
36 * A string that specifies the name of the user in the UPN format.
37 * @param password
38 * A string that specifies the plaintext password for the user account specified by username.
39 *
40 * @return Windows identity.
41 */
42 IWindowsIdentity logonUser(final String username, final String password);
43
44 /**
45 * The LogonDomainUser function attempts to log a user on to the local computer using a network logon type and the
46 * default authentication provider.
47 *
48 * @param username
49 * A string that specifies the name of the user. This is the name of the user account to log on to. If
50 * you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL.
51 * @param domain
52 * A string that specifies the name of the domain or server whose account database contains the username
53 * account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter
54 * is ".", the function validates the account by using only the local account database.
55 * @param password
56 * A string that specifies the plaintext password for the user account specified by username.
57 *
58 * @return Windows identity.
59 */
60 IWindowsIdentity logonDomainUser(final String username, final String domain, final String password);
61
62 /**
63 * The LogonDomainUserEx function attempts to log a user on to the local computer. The local computer is the
64 * computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer. You specify
65 * the user with a user name and domain and authenticate the user with a plaintext password.
66 *
67 * @param username
68 * A string that specifies the name of the user. This is the name of the user account to log on to. If
69 * you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL.
70 * @param domain
71 * A string that specifies the name of the domain or server whose account database contains the username
72 * account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter
73 * is ".", the function validates the account by using only the local account database.
74 * @param password
75 * A string that specifies the plaintext password for the user account specified by username.
76 * @param logonType
77 * The type of logon operation to perform.
78 * @param logonProvider
79 * Specifies the logon provider.
80 *
81 * @return Windows identity.
82 */
83 IWindowsIdentity logonDomainUserEx(final String username, final String domain, final String password,
84 final int logonType, final int logonProvider);
85
86 /**
87 * Retrieve a security identifier (SID) for the account and the name of the domain or local computer on which the
88 * account was found.
89 *
90 * @param username
91 * Fully qualified or partial username.
92 *
93 * @return Windows account.
94 */
95 IWindowsAccount lookupAccount(final String username);
96
97 /**
98 * Retrieve the current computer information.
99 *
100 * @return Current computer information.
101 */
102 IWindowsComputer getCurrentComputer();
103
104 /**
105 * Retrieve a list of domains (Active Directory) on the local server.
106 *
107 * @return A list of domains.
108 */
109 IWindowsDomain[] getDomains();
110
111 /**
112 * Attempts to validate the user using an SSPI token. This token is generated by the client via the
113 * InitializeSecurityContext(package) method described in
114 * https://msdn.microsoft.com/en-us/library/aa375509(VS.85).aspx
115 *
116 * @param connectionId
117 * A unique connection id.
118 * @param token
119 * The security token generated by the client wishing to logon.
120 * @param securityPackage
121 * The name of the security package to use. Can be any security package supported by both the client and
122 * the server. This is usually set to "Negotiate" which will use SPNEGO to determine which security
123 * package to use. Other common values are "Kerberos" and "NTLM".
124 *
125 * @return Windows account.
126 */
127 IWindowsSecurityContext acceptSecurityToken(final String connectionId, final byte[] token,
128 final String securityPackage);
129
130 /**
131 * Reset a previously saved continuation security token for a given connection id.
132 *
133 * @param connectionId
134 * Connection id.
135 */
136 void resetSecurityToken(final String connectionId);
137 }