From 2baf53d697a32dd6e684bf175a15bbc8cb8b9544 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 1 Jan 2011 22:02:37 +0100
Subject: [PATCH] improve scm-pam-plugin

---
 .../scm/pam/PAMAuthenticationHandler.java     |  44 +++++++-
 .../main/java/sonia/scm/pam/PAMConfig.java    | 104 ++++++++++++++++++
 .../main/resources/sonia/scm/pam/sonia.pam.js |  10 ++
 3 files changed, 154 insertions(+), 4 deletions(-)

diff --git a/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMAuthenticationHandler.java b/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMAuthenticationHandler.java
index f024db4849..8b3398108f 100644
--- a/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMAuthenticationHandler.java
+++ b/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMAuthenticationHandler.java
@@ -131,12 +131,14 @@ public class PAMAuthenticationHandler implements AuthenticationHandler
       {
         try
         {
-          UnixUser user = pam.authenticate(username, password);
+          UnixUser unixUser = pam.authenticate(username, password);
 
-          if (user != null)
+          if (unixUser != null)
           {
-            result = new AuthenticationResult(new User(username, username,
-                    null));
+            User user = new User(username, username, null);
+
+            user.setAdmin(isAdmin(unixUser));
+            result = new AuthenticationResult(user);
           }
         }
         catch (PAMException ex)
@@ -227,6 +229,40 @@ public class PAMAuthenticationHandler implements AuthenticationHandler
     this.config = config;
   }
 
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param unixUser
+   *
+   * @return
+   */
+  private boolean isAdmin(UnixUser unixUser)
+  {
+    boolean admin = false;
+
+    if (config.getAdminUserSet().contains(unixUser.getUserName()))
+    {
+      admin = true;
+    }
+    else
+    {
+      for (String group : unixUser.getGroups())
+      {
+        if (config.getAdminGroupSet().contains(group))
+        {
+          admin = true;
+
+          break;
+        }
+      }
+    }
+
+    return admin;
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
diff --git a/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMConfig.java b/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMConfig.java
index ccc59cd22f..f810139bf4 100644
--- a/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMConfig.java
+++ b/plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMConfig.java
@@ -35,6 +35,9 @@ package sonia.scm.pam;
 
 //~--- JDK imports ------------------------------------------------------------
 
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
@@ -49,6 +52,28 @@ import javax.xml.bind.annotation.XmlRootElement;
 public class PAMConfig
 {
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public String getAdminGroups()
+  {
+    return adminGroups;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public String getAdminUsers()
+  {
+    return adminUsers;
+  }
+
   /**
    * Method description
    *
@@ -62,6 +87,28 @@ public class PAMConfig
 
   //~--- set methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @param adminGroups
+   */
+  public void setAdminGroups(String adminGroups)
+  {
+    this.adminGroups = adminGroups;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param adminUsers
+   */
+  public void setAdminUsers(String adminUsers)
+  {
+    this.adminUsers = adminUsers;
+  }
+
   /**
    * Method description
    *
@@ -73,8 +120,65 @@ public class PAMConfig
     this.serviceName = serviceName;
   }
 
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  Set<String> getAdminGroupSet()
+  {
+    return split(adminGroups);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  Set<String> getAdminUserSet()
+  {
+    return split(adminUsers);
+  }
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param rawString
+   *
+   * @return
+   */
+  private Set<String> split(String rawString)
+  {
+    Set<String> tokens = new HashSet<String>();
+
+    for (String token : rawString.split(","))
+    {
+      if (token.trim().length() > 0)
+      {
+        tokens.add(token);
+      }
+    }
+
+    return tokens;
+  }
+
   //~--- fields ---------------------------------------------------------------
 
+  /** Field description */
+  @XmlElement(name = "admin-groups")
+  private String adminGroups = "";
+
+  /** Field description */
+  @XmlElement(name = "admin-users")
+  private String adminUsers = "";
+
   /** Field description */
   @XmlElement(name = "service-name")
   private String serviceName = "sshd";
diff --git a/plugins/scm-pam-plugin/src/main/resources/sonia/scm/pam/sonia.pam.js b/plugins/scm-pam-plugin/src/main/resources/sonia/scm/pam/sonia.pam.js
index e0551e3dca..fd15e4085a 100644
--- a/plugins/scm-pam-plugin/src/main/resources/sonia/scm/pam/sonia.pam.js
+++ b/plugins/scm-pam-plugin/src/main/resources/sonia/scm/pam/sonia.pam.js
@@ -38,6 +38,16 @@ registerGeneralConfigPanel({
     fieldLabel : 'Service name',
     name : 'service-name',
     allowBlank : false
+  },{
+    xtype : 'textfield',
+    fieldLabel : 'Admin Groups',
+    name : 'admin-groups',
+    allowBlank : true
+  },{
+    xtype : 'textfield',
+    fieldLabel : 'Admin Users',
+    name : 'admin-users',
+    allowBlank : true
   }],
 
   onSubmit: function(values){