public static void authenticate(
PGStream pgStream,
String host,
String user,
String password,
String jaasApplicationName,
String kerberosServerName,
Logger logger)
throws IOException, SQLException {
if (logger.logDebug()) logger.debug(" <=BE AuthenticationReqGSS");
Object result = null;
if (jaasApplicationName == null) jaasApplicationName = "pgjdbc";
if (kerberosServerName == null) kerberosServerName = "postgres";
try {
LoginContext lc =
new LoginContext(jaasApplicationName, new GSSCallbackHandler(user, password));
lc.login();
Subject sub = lc.getSubject();
PrivilegedAction action =
new GssAction(pgStream, host, user, password, kerberosServerName, logger);
result = Subject.doAs(sub, action);
} catch (Exception e) {
throw new PSQLException(GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, e);
}
if (result instanceof IOException) throw (IOException) result;
else if (result instanceof SQLException) throw (SQLException) result;
else if (result != null)
throw new PSQLException(
GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, (Exception) result);
}
public String toString() {
// Now construct the message from what the server sent
// The general format is:
// SEVERITY: Message \n
// Detail: \n
// Hint: \n
// Position: \n
// Where: \n
// Internal Query: \n
// Internal Position: \n
// Location: File:Line:Routine \n
// SQLState: \n
//
// Normally only the message and detail is included.
// If INFO level logging is enabled then detail, hint, position and where are
// included. If DEBUG level logging is enabled then all information
// is included.
StringBuffer l_totalMessage = new StringBuffer();
String l_message = (String) m_mesgParts.get(SEVERITY);
if (l_message != null) l_totalMessage.append(l_message).append(": ");
l_message = (String) m_mesgParts.get(MESSAGE);
if (l_message != null) l_totalMessage.append(l_message);
l_message = (String) m_mesgParts.get(DETAIL);
if (l_message != null) l_totalMessage.append("\n ").append(GT.tr("Detail: {0}", l_message));
l_message = (String) m_mesgParts.get(HINT);
if (l_message != null) l_totalMessage.append("\n ").append(GT.tr("Hint: {0}", l_message));
l_message = (String) m_mesgParts.get(POSITION);
if (l_message != null) l_totalMessage.append("\n ").append(GT.tr("Position: {0}", l_message));
l_message = (String) m_mesgParts.get(WHERE);
if (l_message != null) l_totalMessage.append("\n ").append(GT.tr("Where: {0}", l_message));
if (verbosity > 2) {
String l_internalQuery = (String) m_mesgParts.get(INTERNAL_QUERY);
if (l_internalQuery != null)
l_totalMessage.append("\n ").append(GT.tr("Internal Query: {0}", l_internalQuery));
String l_internalPosition = (String) m_mesgParts.get(INTERNAL_POSITION);
if (l_internalPosition != null)
l_totalMessage.append("\n ").append(GT.tr("Internal Position: {0}", l_internalPosition));
String l_file = (String) m_mesgParts.get(FILE);
String l_line = (String) m_mesgParts.get(LINE);
String l_routine = (String) m_mesgParts.get(ROUTINE);
if (l_file != null || l_line != null || l_routine != null)
l_totalMessage
.append("\n ")
.append(
GT.tr(
"Location: File: {0}, Routine: {1}, Line: {2}",
new Object[] {l_file, l_routine, l_line}));
l_message = (String) m_mesgParts.get(SQLSTATE);
if (l_message != null)
l_totalMessage.append("\n ").append(GT.tr("Server SQLState: {0}", l_message));
}
return l_totalMessage.toString();
}
@Override
public Boolean visit(GT ast) {
boolean checkLhs = ast.getLhs().accept(this);
boolean checkRhs = ast.getRhs().accept(this);
if (!(checkLhs && checkRhs)) return false;
Type lhsType = ast.getLhs().typeOf(env);
Type rhsType = ast.getRhs().typeOf(env);
if (!(lhsType.isCompatibleTo(rhsType)
&& lhsType.isCompatibleToNumeric()
&& rhsType.isCompatibleToNumeric())) {
addToErrorList(
ast,
"the operator > can not be applied to instances of type "
+ lhsType.getClass()
+ " and type "
+ rhsType.getClass());
return false;
}
return true;
}
public Object run() {
try {
org.ietf.jgss.Oid desiredMechs[] = new org.ietf.jgss.Oid[1];
desiredMechs[0] = new org.ietf.jgss.Oid("1.2.840.113554.1.2.2");
GSSManager manager = GSSManager.getInstance();
GSSName clientName = manager.createName(user, GSSName.NT_USER_NAME);
GSSCredential clientCreds =
manager.createCredential(clientName, 8 * 3600, desiredMechs, GSSCredential.INITIATE_ONLY);
GSSName serverName =
manager.createName(kerberosServerName + "@" + host, GSSName.NT_HOSTBASED_SERVICE);
GSSContext secContext =
manager.createContext(
serverName, desiredMechs[0], clientCreds, GSSContext.DEFAULT_LIFETIME);
secContext.requestMutualAuth(true);
byte inToken[] = new byte[0];
byte outToken[] = null;
boolean established = false;
while (!established) {
outToken = secContext.initSecContext(inToken, 0, inToken.length);
if (outToken != null) {
if (logger.logDebug()) logger.debug(" FE=> Password(GSS Authentication Token)");
pgStream.SendChar('p');
pgStream.SendInteger4(4 + outToken.length);
pgStream.Send(outToken);
pgStream.flush();
}
if (!secContext.isEstablished()) {
int response = pgStream.ReceiveChar();
// Error
if (response == 'E') {
int l_elen = pgStream.ReceiveInteger4();
ServerErrorMessage l_errorMsg =
new ServerErrorMessage(pgStream.ReceiveString(l_elen - 4), logger.getLogLevel());
if (logger.logDebug()) logger.debug(" <=BE ErrorMessage(" + l_errorMsg + ")");
return new PSQLException(l_errorMsg);
} else if (response == 'R') {
if (logger.logDebug()) logger.debug(" <=BE AuthenticationGSSContinue");
int len = pgStream.ReceiveInteger4();
int type = pgStream.ReceiveInteger4();
// should check type = 8
inToken = pgStream.Receive(len - 8);
} else {
// Unknown/unexpected message type.
return new PSQLException(
GT.tr("Protocol error. Session setup failed."),
PSQLState.CONNECTION_UNABLE_TO_CONNECT);
}
} else {
established = true;
}
}
} catch (IOException e) {
return e;
} catch (GSSException gsse) {
return new PSQLException(
GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, gsse);
}
return null;
}
