Merge remote branch 'origin/jenkins-1.400-trunk' into oss

a1003269 · Kohsuke Kawaguchi · b22a064d · c21918df · a1003269 · a1003269
15 changed file
--- a/changelog.html
+++ b/changelog.html
@@ -59,6 +59,9 @@ Upcoming changes</a>
 <div id="trunk" style="display:none"><!--=TRUNK-BEGIN=-->
 <ul class=image>
  <li class=>
+  <li class=bug>
+    PAM authentication fails to restore group membership information on "remember me" tokens.
+    (<a href="http://issues.jenkins-ci.org/browse/JENKINS-9094">issue 9094</a>)
 </ul>
 </div><!--=TRUNK-END=-->


--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -4,7 +4,7 @@
  <parent>
    <artifactId>pom</artifactId>
    <groupId>org.jenkins-ci.main</groupId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
  </parent>
  <artifactId>cli</artifactId>
  <name>Jenkins CLI</name>

--- a/core/pom.xml
+++ b/core/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>

@@ -763,7 +763,7 @@ THE SOFTWARE.
    <dependency>
      <groupId>org.jvnet.libpam4j</groupId>
      <artifactId>libpam4j</artifactId>
-      <version>1.2</version>
+      <version>1.4</version>
    </dependency>
    <dependency>
      <groupId>org.jvnet.libzfs</groupId>

--- a/core/src/main/java/hudson/security/PAMSecurityRealm.java
+++ b/core/src/main/java/hudson/security/PAMSecurityRealm.java
@@ -88,11 +88,7 @@ public class PAMSecurityRealm extends SecurityRealm {

            try {
                UnixUser u = new PAM(serviceName).authenticate(username, password);
-                Set<String> grps = u.getGroups();
-                GrantedAuthority[] groups = new GrantedAuthority[grps.size()];
-                int i=0;
-                for (String g : grps)
-                    groups[i++] = new GrantedAuthorityImpl(g);
+                GrantedAuthority[] groups = toAuthorities(u);

                // I never understood why Acegi insists on keeping the password...
                return new UsernamePasswordAuthenticationToken(username, password, groups);
@@ -119,14 +115,28 @@ public class PAMSecurityRealm extends SecurityRealm {
                public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
                    if(!UnixUser.exists(username))
                        throw new UsernameNotFoundException("No such Unix user: "+username);
-                    // return some dummy instance
-                    return new User(username,"",true,true,true,true,
-                            new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
+                    try {
+                        UnixUser uu = new UnixUser(username);
+                        // return some dummy instance
+                        return new User(username,"",true,true,true,true, toAuthorities(uu));
+                    } catch (PAMException e) {
+                        throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
+                    }
                }
            }
        );
    }

+    private static GrantedAuthority[] toAuthorities(UnixUser u) {
+        Set<String> grps = u.getGroups();
+        GrantedAuthority[] groups = new GrantedAuthority[grps.size()+1];
+        int i=0;
+        for (String g : grps)
+            groups[i++] = new GrantedAuthorityImpl(g);
+        groups[i++] = AUTHENTICATED_AUTHORITY;
+        return groups;
+    }
+
    @Override
    public GroupDetails loadGroupByGroupname(final String groupname) throws UsernameNotFoundException, DataAccessException {
        if(CLibrary.libc.getgrnam(groupname)==null)

--- a/maven-agent/pom.xml
+++ b/maven-agent/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>
  

--- a/maven-interceptor/pom.xml
+++ b/maven-interceptor/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>
  

--- a/maven-plugin/pom.xml
+++ b/maven-plugin/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
  </parent>

  <artifactId>maven-plugin</artifactId>

--- a/maven3-agent/pom.xml
+++ b/maven3-agent/pom.xml
@@ -4,7 +4,7 @@
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
  </parent>
  <artifactId>maven3-agent</artifactId>
  <name>Jenkins Maven3 CLI Agent</name>

--- a/maven3-interceptor/pom.xml
+++ b/maven3-interceptor/pom.xml
@@ -4,7 +4,7 @@
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
  </parent>
  <artifactId>maven3-interceptor</artifactId>
  <name>Jenkins Maven3 Interceptor</name>

--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@ THE SOFTWARE.
  
  <groupId>org.jenkins-ci.main</groupId>
  <artifactId>pom</artifactId>
-  <version>1.400-SNAPSHOT</version>
+  <version>1.400.0-SNAPSHOT</version>
  <packaging>pom</packaging>
  
  <name>Jenkins main module</name>

--- a/remoting/pom.xml
+++ b/remoting/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>
  

--- a/test/pom.xml
+++ b/test/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
  <parent>
    <artifactId>pom</artifactId>
    <groupId>org.jenkins-ci.main</groupId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
  </parent>
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.jenkins-ci.main</groupId>

--- a/test/src/test/java/hudson/security/PAMSecurityRealmTest.java
+++ b/test/src/test/java/hudson/security/PAMSecurityRealmTest.java
+package hudson.security;
+
+import hudson.Functions;
+import hudson.security.SecurityRealm.SecurityComponents;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.jvnet.hudson.test.HudsonTestCase;
+
+import java.util.Arrays;
+
+import static hudson.util.jna.GNUCLibrary.*;
+
+/**
+ * @author Kohsuke Kawaguchi
+ */
+public class PAMSecurityRealmTest extends HudsonTestCase {
+    public void testLoadUsers() {
+        if (Functions.isWindows())  return; // skip on Windows
+
+        SecurityComponents sc = new PAMSecurityRealm("sshd").getSecurityComponents();
+
+        try {
+            sc.userDetails.loadUserByUsername("bogus-bogus-bogus");
+            fail("no such user");
+        } catch (UsernameNotFoundException e) {
+            // expected
+        }
+
+        String name = LIBC.getpwuid(LIBC.geteuid()).pw_name;
+
+        System.out.println(Arrays.asList(sc.userDetails.loadUserByUsername(name).getAuthorities()));
+    }
+}
--- a/ui-samples-plugin/pom.xml
+++ b/ui-samples-plugin/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
  </parent>

  <artifactId>ui-samples-plugin</artifactId>

--- a/war/pom.xml
+++ b/war/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
  <parent>
    <groupId>org.jenkins-ci.main</groupId>
    <artifactId>pom</artifactId>
-    <version>1.400-SNAPSHOT</version>
+    <version>1.400.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>