1 /* 2 * MIT License 3 * 4 * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in all 14 * copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 package waffle.windows.auth; 25 26 /** 27 * Implements Windows authentication functions. 28 */ 29 public interface IWindowsAuthProvider { 30 31 /** 32 * The LogonUser function attempts to log a user on to the local computer using a network logon type and the default 33 * authentication provider. 34 * 35 * @param username 36 * A string that specifies the name of the user in the UPN format. 37 * @param password 38 * A string that specifies the plaintext password for the user account specified by username. 39 * 40 * @return Windows identity. 41 */ 42 IWindowsIdentity logonUser(final String username, final String password); 43 44 /** 45 * The LogonDomainUser function attempts to log a user on to the local computer using a network logon type and the 46 * default authentication provider. 47 * 48 * @param username 49 * A string that specifies the name of the user. This is the name of the user account to log on to. If 50 * you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL. 51 * @param domain 52 * A string that specifies the name of the domain or server whose account database contains the username 53 * account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter 54 * is ".", the function validates the account by using only the local account database. 55 * @param password 56 * A string that specifies the plaintext password for the user account specified by username. 57 * 58 * @return Windows identity. 59 */ 60 IWindowsIdentity logonDomainUser(final String username, final String domain, final String password); 61 62 /** 63 * The LogonDomainUserEx function attempts to log a user on to the local computer. The local computer is the 64 * computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer. You specify 65 * the user with a user name and domain and authenticate the user with a plaintext password. 66 * 67 * @param username 68 * A string that specifies the name of the user. This is the name of the user account to log on to. If 69 * you use the user principal name (UPN) format, user@DNS_domain_name, the domain parameter must be NULL. 70 * @param domain 71 * A string that specifies the name of the domain or server whose account database contains the username 72 * account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter 73 * is ".", the function validates the account by using only the local account database. 74 * @param password 75 * A string that specifies the plaintext password for the user account specified by username. 76 * @param logonType 77 * The type of logon operation to perform. 78 * @param logonProvider 79 * Specifies the logon provider. 80 * 81 * @return Windows identity. 82 */ 83 IWindowsIdentity logonDomainUserEx(final String username, final String domain, final String password, 84 final int logonType, final int logonProvider); 85 86 /** 87 * Retrieve a security identifier (SID) for the account and the name of the domain or local computer on which the 88 * account was found. 89 * 90 * @param username 91 * Fully qualified or partial username. 92 * 93 * @return Windows account. 94 */ 95 IWindowsAccount lookupAccount(final String username); 96 97 /** 98 * Retrieve the current computer information. 99 * 100 * @return Current computer information. 101 */ 102 IWindowsComputer getCurrentComputer(); 103 104 /** 105 * Retrieve a list of domains (Active Directory) on the local server. 106 * 107 * @return A list of domains. 108 */ 109 IWindowsDomain[] getDomains(); 110 111 /** 112 * Attempts to validate the user using an SSPI token. This token is generated by the client via the 113 * InitializeSecurityContext(package) method described in 114 * https://msdn.microsoft.com/en-us/library/aa375509(VS.85).aspx 115 * 116 * @param connectionId 117 * A unique connection id. 118 * @param token 119 * The security token generated by the client wishing to logon. 120 * @param securityPackage 121 * The name of the security package to use. Can be any security package supported by both the client and 122 * the server. This is usually set to "Negotiate" which will use SPNEGO to determine which security 123 * package to use. Other common values are "Kerberos" and "NTLM". 124 * 125 * @return Windows account. 126 */ 127 IWindowsSecurityContext acceptSecurityToken(final String connectionId, final byte[] token, 128 final String securityPackage); 129 130 /** 131 * Reset a previously saved continuation security token for a given connection id. 132 * 133 * @param connectionId 134 * Connection id. 135 */ 136 void resetSecurityToken(final String connectionId); 137 }