1
/*
2
 * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package javax.security.auth.kerberos;
27

28
import java.util.*;
29
import java.security.Permission;
30
import java.security.PermissionCollection;
31
import java.io.ObjectStreamField;
32
import java.io.ObjectOutputStream;
33
import java.io.ObjectInputStream;
34
import java.io.IOException;
35

36
/**
37
 * This class is used to protect Kerberos services and the
38
 * credentials necessary to access those services. There is a one to
39
 * one mapping of a service principal and the credentials necessary
40
 * to access the service. Therefore granting access to a service
41
 * principal implicitly grants access to the credential necessary to
42
 * establish a security context with the service principal. This
43
 * applies regardless of whether the credentials are in a cache
44
 * or acquired via an exchange with the KDC. The credential can
45
 * be either a ticket granting ticket, a service ticket or a secret
46
 * key from a key table.
47
 * <p>
48
 * A ServicePermission contains a service principal name and
49
 * a list of actions which specify the context the credential can be
50
 * used within.
51
 * <p>
52
 * The service principal name is the canonical name of the
53
 * {@code KerberosPrincipal} supplying the service, that is
54
 * the KerberosPrincipal represents a Kerberos service
55
 * principal. This name is treated in a case sensitive manner.
56
 * An asterisk may appear by itself, to signify any service principal.
57
 * <p>
58
 * Granting this permission implies that the caller can use a cached
59
 * credential (TGT, service ticket or secret key) within the context
60
 * designated by the action. In the case of the TGT, granting this
61
 * permission also implies that the TGT can be obtained by an
62
 * Authentication Service exchange.
63
 * <p>
64
 * The possible actions are:
65
 *
66
 * <pre>
67
 *    initiate -              allow the caller to use the credential to
68
 *                            initiate a security context with a service
69
 *                            principal.
70
 *
71
 *    accept -                allow the caller to use the credential to
72
 *                            accept security context as a particular
73
 *                            principal.
74
 * </pre>
75
 *
76
 * For example, to specify the permission to access to the TGT to
77
 * initiate a security context the permission is constructed as follows:
78
 *
79
 * <pre>
80
 *     ServicePermission("krbtgt/[email protected]", "initiate");
81
 * </pre>
82
 * <p>
83
 * To obtain a service ticket to initiate a context with the "host"
84
 * service the permission is constructed as follows:
85
 * <pre>
86
 *     ServicePermission("host/[email protected]", "initiate");
87
 * </pre>
88
 * <p>
89
 * For a Kerberized server the action is "accept". For example, the permission
90
 * necessary to access and use the secret key of the  Kerberized "host"
91
 * service (telnet and the likes)  would be constructed as follows:
92
 *
93
 * <pre>
94
 *     ServicePermission("host/[email protected]", "accept");
95
 * </pre>
96
 *
97
 * @since 1.4
98
 */
99

100
public final class ServicePermission extends Permission
101
    implements java.io.Serializable {
102

103
    private static final long serialVersionUID = -1227585031618624935L;
104

105
    /**
106
     * Initiate a security context to the specified service
107
     */
108
    private final static int INITIATE   = 0x1;
109

110
    /**
111
     * Accept a security context
112
     */
113
    private final static int ACCEPT     = 0x2;
114

115
    /**
116
     * All actions
117
     */
118
    private final static int ALL        = INITIATE|ACCEPT;
119

120
    /**
121
     * No actions.
122
     */
123
    private final static int NONE    = 0x0;
124

125
    // the actions mask
126
    private transient int mask;
127

128
    /**
129
     * the actions string.
130
     *
131
     * @serial
132
     */
133

134
    private String actions; // Left null as long as possible, then
135
                            // created and re-used in the getAction function.
136

137
    /**
138
     * Create a new {@code ServicePermission}
139
     * with the specified {@code servicePrincipal}
140
     * and {@code action}.
141
     *
142
     * @param servicePrincipal the name of the service principal.
143
     * An asterisk may appear by itself, to signify any service principal.
144
     * <p>
145
     * @param action the action string
146
     */
147
    public ServicePermission(String servicePrincipal, String action) {
148
        // Note: servicePrincipal can be "@REALM" which means any principal in
149
        // this realm implies it. action can be "-" which means any
150
        // action implies it.
151
        super(servicePrincipal);
152
        init(servicePrincipal, getMask(action));
153
    }
154

155

156
    /**
157
     * Initialize the ServicePermission object.
158
     */
159
    private void init(String servicePrincipal, int mask) {
160

161
        if (servicePrincipal == null)
162
                throw new NullPointerException("service principal can't be null");
163

164
        if ((mask & ALL) != mask)
165
            throw new IllegalArgumentException("invalid actions mask");
166

167
        this.mask = mask;
168
    }
169

170

171
    /**
172
     * Checks if this Kerberos service permission object "implies" the
173
     * specified permission.
174
     * <P>
175
     * If none of the above are true, {@code implies} returns false.
176
     * @param p the permission to check against.
177
     *
178
     * @return true if the specified permission is implied by this object,
179
     * false if not.
180
     */
181
    public boolean implies(Permission p) {
182
        if (!(p instanceof ServicePermission))
183
            return false;
184

185
        ServicePermission that = (ServicePermission) p;
186

187
        return ((this.mask & that.mask) == that.mask) &&
188
            impliesIgnoreMask(that);
189
    }
190

191

192
    boolean impliesIgnoreMask(ServicePermission p) {
193
        return ((this.getName().equals("*")) ||
194
                this.getName().equals(p.getName()) ||
195
                (p.getName().startsWith("@") &&
196
                        this.getName().endsWith(p.getName())));
197
    }
198

199
    /**
200
     * Checks two ServicePermission objects for equality.
201
     * <P>
202
     * @param obj the object to test for equality with this object.
203
     *
204
     * @return true if <i>obj</i> is a ServicePermission, and has the
205
     *  same service principal, and actions as this
206
     * ServicePermission object.
207
     */
208
    public boolean equals(Object obj) {
209
        if (obj == this)
210
            return true;
211

212
        if (! (obj instanceof ServicePermission))
213
            return false;
214

215
        ServicePermission that = (ServicePermission) obj;
216
        return ((this.mask & that.mask) == that.mask) &&
217
            this.getName().equals(that.getName());
218

219

220
    }
221

222
    /**
223
     * Returns the hash code value for this object.
224
     *
225
     * @return a hash code value for this object.
226
     */
227

228
    public int hashCode() {
229
        return (getName().hashCode() ^ mask);
230
    }
231

232

233
    /**
234
     * Returns the "canonical string representation" of the actions in the
235
     * specified mask.
236
     * Always returns present actions in the following order:
237
     * initiate, accept.
238
     *
239
     * @param mask a specific integer action mask to translate into a string
240
     * @return the canonical string representation of the actions
241
     */
242
    private static String getActions(int mask)
243
    {
244
        StringBuilder sb = new StringBuilder();
245
        boolean comma = false;
246

247
        if ((mask & INITIATE) == INITIATE) {
248
            if (comma) sb.append(',');
249
            else comma = true;
250
            sb.append("initiate");
251
        }
252

253
        if ((mask & ACCEPT) == ACCEPT) {
254
            if (comma) sb.append(',');
255
            else comma = true;
256
            sb.append("accept");
257
        }
258

259
        return sb.toString();
260
    }
261

262
    /**
263
     * Returns the canonical string representation of the actions.
264
     * Always returns present actions in the following order:
265
     * initiate, accept.
266
     */
267
    public String getActions() {
268
        if (actions == null)
269
            actions = getActions(this.mask);
270

271
        return actions;
272
    }
273

274

275
    /**
276
     * Returns a PermissionCollection object for storing
277
     * ServicePermission objects.
278
     * <br>
279
     * ServicePermission objects must be stored in a manner that
280
     * allows them to be inserted into the collection in any order, but
281
     * that also enables the PermissionCollection implies method to
282
     * be implemented in an efficient (and consistent) manner.
283
     *
284
     * @return a new PermissionCollection object suitable for storing
285
     * ServicePermissions.
286
     */
287
    public PermissionCollection newPermissionCollection() {
288
        return new KrbServicePermissionCollection();
289
    }
290

291
    /**
292
     * Return the current action mask.
293
     *
294
     * @return the actions mask.
295
     */
296
    int getMask() {
297
        return mask;
298
    }
299

300
    /**
301
     * Convert an action string to an integer actions mask.
302
     *
303
     * Note: if action is "-", action will be NONE, which means any
304
     * action implies it.
305
     *
306
     * @param action the action string.
307
     * @return the action mask
308
     */
309
    private static int getMask(String action) {
310

311
        if (action == null) {
312
            throw new NullPointerException("action can't be null");
313
        }
314

315
        if (action.equals("")) {
316
            throw new IllegalArgumentException("action can't be empty");
317
        }
318

319
        int mask = NONE;
320

321
        char[] a = action.toCharArray();
322

323
        if (a.length == 1 && a[0] == '-') {
324
            return mask;
325
        }
326

327
        int i = a.length - 1;
328

329
        while (i != -1) {
330
            char c;
331

332
            // skip whitespace
333
            while ((i!=-1) && ((c = a[i]) == ' ' ||
334
                               c == '\r' ||
335
                               c == '\n' ||
336
                               c == '\f' ||
337
                               c == '\t'))
338
                i--;
339

340
            // check for the known strings
341
            int matchlen;
342

343
            if (i >= 7 && (a[i-7] == 'i' || a[i-7] == 'I') &&
344
                          (a[i-6] == 'n' || a[i-6] == 'N') &&
345
                          (a[i-5] == 'i' || a[i-5] == 'I') &&
346
                          (a[i-4] == 't' || a[i-4] == 'T') &&
347
                          (a[i-3] == 'i' || a[i-3] == 'I') &&
348
                          (a[i-2] == 'a' || a[i-2] == 'A') &&
349
                          (a[i-1] == 't' || a[i-1] == 'T') &&
350
                          (a[i] == 'e' || a[i] == 'E'))
351
            {
352
                matchlen = 8;
353
                mask |= INITIATE;
354

355
            } else if (i >= 5 && (a[i-5] == 'a' || a[i-5] == 'A') &&
356
                                 (a[i-4] == 'c' || a[i-4] == 'C') &&
357
                                 (a[i-3] == 'c' || a[i-3] == 'C') &&
358
                                 (a[i-2] == 'e' || a[i-2] == 'E') &&
359
                                 (a[i-1] == 'p' || a[i-1] == 'P') &&
360
                                 (a[i] == 't' || a[i] == 'T'))
361
            {
362
                matchlen = 6;
363
                mask |= ACCEPT;
364

365
            } else {
366
                // parse error
367
                throw new IllegalArgumentException(
368
                        "invalid permission: " + action);
369
            }
370

371
            // make sure we didn't just match the tail of a word
372
            // like "ackbarfaccept".  Also, skip to the comma.
373
            boolean seencomma = false;
374
            while (i >= matchlen && !seencomma) {
375
                switch(a[i-matchlen]) {
376
                case ',':
377
                    seencomma = true;
378
                    break;
379
                case ' ': case '\r': case '\n':
380
                case '\f': case '\t':
381
                    break;
382
                default:
383
                    throw new IllegalArgumentException(
384
                            "invalid permission: " + action);
385
                }
386
                i--;
387
            }
388

389
            // point i at the location of the comma minus one (or -1).
390
            i -= matchlen;
391
        }
392

393
        return mask;
394
    }
395

396

397
    /**
398
     * WriteObject is called to save the state of the ServicePermission
399
     * to a stream. The actions are serialized, and the superclass
400
     * takes care of the name.
401
     */
402
    private void writeObject(java.io.ObjectOutputStream s)
403
        throws IOException
404
    {
405
        // Write out the actions. The superclass takes care of the name
406
        // call getActions to make sure actions field is initialized
407
        if (actions == null)
408
            getActions();
409
        s.defaultWriteObject();
410
    }
411

412
    /**
413
     * readObject is called to restore the state of the
414
     * ServicePermission from a stream.
415
     */
416
    private void readObject(java.io.ObjectInputStream s)
417
         throws IOException, ClassNotFoundException
418
    {
419
        // Read in the action, then initialize the rest
420
        s.defaultReadObject();
421
        init(getName(),getMask(actions));
422
    }
423

424

425
    /*
426
      public static void main(String args[]) throws Exception {
427
      ServicePermission this_ =
428
      new ServicePermission(args[0], "accept");
429
      ServicePermission that_ =
430
      new ServicePermission(args[1], "accept,initiate");
431
      System.out.println("-----\n");
432
      System.out.println("this.implies(that) = " + this_.implies(that_));
433
      System.out.println("-----\n");
434
      System.out.println("this = "+this_);
435
      System.out.println("-----\n");
436
      System.out.println("that = "+that_);
437
      System.out.println("-----\n");
438

439
      KrbServicePermissionCollection nps =
440
      new KrbServicePermissionCollection();
441
      nps.add(this_);
442
      nps.add(new ServicePermission("nfs/[email protected]",
443
      "accept"));
444
      nps.add(new ServicePermission("host/[email protected]",
445
      "initiate"));
446
      System.out.println("nps.implies(that) = " + nps.implies(that_));
447
      System.out.println("-----\n");
448

449
      Enumeration e = nps.elements();
450

451
      while (e.hasMoreElements()) {
452
      ServicePermission x =
453
      (ServicePermission) e.nextElement();
454
      System.out.println("nps.e = " + x);
455
      }
456

457
      }
458
    */
459

460
}
461

462

463
final class KrbServicePermissionCollection extends PermissionCollection
464
    implements java.io.Serializable {
465

466
    // Not serialized; see serialization section at end of class
467
    private transient List<Permission> perms;
468

469
    public KrbServicePermissionCollection() {
470
        perms = new ArrayList<Permission>();
471
    }
472

473
    /**
474
     * Check and see if this collection of permissions implies the permissions
475
     * expressed in "permission".
476
     *
477
     * @param permission the Permission object to compare
478
     *
479
     * @return true if "permission" is a proper subset of a permission in
480
     * the collection, false if not.
481
     */
482
    public boolean implies(Permission permission) {
483
        if (! (permission instanceof ServicePermission))
484
                return false;
485

486
        ServicePermission np = (ServicePermission) permission;
487
        int desired = np.getMask();
488

489
        if (desired == 0) {
490
            for (Permission p: perms) {
491
                ServicePermission sp = (ServicePermission)p;
492
                if (sp.impliesIgnoreMask(np)) {
493
                    return true;
494
                }
495
            }
496
            return false;
497
        }
498

499
        int effective = 0;
500
        int needed = desired;
501

502
        synchronized (this) {
503
            int len = perms.size();
504

505
            // need to deal with the case where the needed permission has
506
            // more than one action and the collection has individual permissions
507
            // that sum up to the needed.
508

509
            for (int i = 0; i < len; i++) {
510
                ServicePermission x = (ServicePermission) perms.get(i);
511

512
                //System.out.println("  trying "+x);
513
                if (((needed & x.getMask()) != 0) && x.impliesIgnoreMask(np)) {
514
                    effective |=  x.getMask();
515
                    if ((effective & desired) == desired)
516
                        return true;
517
                    needed = (desired ^ effective);
518
                }
519
            }
520
        }
521
        return false;
522
    }
523

524
    /**
525
     * Adds a permission to the ServicePermissions. The key for
526
     * the hash is the name.
527
     *
528
     * @param permission the Permission object to add.
529
     *
530
     * @exception IllegalArgumentException - if the permission is not a
531
     *                                       ServicePermission
532
     *
533
     * @exception SecurityException - if this PermissionCollection object
534
     *                                has been marked readonly
535
     */
536
    public void add(Permission permission) {
537
        if (! (permission instanceof ServicePermission))
538
            throw new IllegalArgumentException("invalid permission: "+
539
                                               permission);
540
        if (isReadOnly())
541
            throw new SecurityException("attempt to add a Permission to a readonly PermissionCollection");
542

543
        synchronized (this) {
544
            perms.add(0, permission);
545
        }
546
    }
547

548
    /**
549
     * Returns an enumeration of all the ServicePermission objects
550
     * in the container.
551
     *
552
     * @return an enumeration of all the ServicePermission objects.
553
     */
554

555
    public Enumeration<Permission> elements() {
556
        // Convert Iterator into Enumeration
557
        synchronized (this) {
558
            return Collections.enumeration(perms);
559
        }
560
    }
561

562
    private static final long serialVersionUID = -4118834211490102011L;
563

564
    // Need to maintain serialization interoperability with earlier releases,
565
    // which had the serializable field:
566
    // private Vector permissions;
567

568
    /**
569
     * @serialField permissions java.util.Vector
570
     *     A list of ServicePermission objects.
571
     */
572
    private static final ObjectStreamField[] serialPersistentFields = {
573
        new ObjectStreamField("permissions", Vector.class),
574
    };
575

576
    /**
577
     * @serialData "permissions" field (a Vector containing the ServicePermissions).
578
     */
579
    /*
580
     * Writes the contents of the perms field out as a Vector for
581
     * serialization compatibility with earlier releases.
582
     */
583
    private void writeObject(ObjectOutputStream out) throws IOException {
584
        // Don't call out.defaultWriteObject()
585

586
        // Write out Vector
587
        Vector<Permission> permissions = new Vector<>(perms.size());
588

589
        synchronized (this) {
590
            permissions.addAll(perms);
591
        }
592

593
        ObjectOutputStream.PutField pfields = out.putFields();
594
        pfields.put("permissions", permissions);
595
        out.writeFields();
596
    }
597

598
    /*
599
     * Reads in a Vector of ServicePermissions and saves them in the perms field.
600
     */
601
    @SuppressWarnings("unchecked")
602
    private void readObject(ObjectInputStream in)
603
        throws IOException, ClassNotFoundException
604
    {
605
        // Don't call defaultReadObject()
606

607
        // Read in serialized fields
608
        ObjectInputStream.GetField gfields = in.readFields();
609

610
        // Get the one we want
611
        Vector<Permission> permissions =
612
                (Vector<Permission>)gfields.get("permissions", null);
613
        perms = new ArrayList<Permission>(permissions.size());
614
        perms.addAll(permissions);
615
    }
616
}
617

618