/*

 * Copyright 2000-2004 Sun Microsystems, Inc.  All Rights Reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Sun designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Sun in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,

 * CA 95054 USA or visit www.sun.com if you need additional information or

 * have any questions.

 */

#include <jni.h>

#include "com_sun_security_auth_module_NTSystem.h"

#include <windows.h>

#include <stdio.h>

#include <wchar.h>

#include <ntsecapi.h>

#include <lmerr.h>

static BOOL debug = FALSE;

BOOL getToken(PHANDLE);

BOOL getUser(HANDLE tokenHandle, LPTSTR *userName,

        LPTSTR *domainName, LPTSTR *userSid, LPTSTR *domainSid);

BOOL getPrimaryGroup(HANDLE tokenHandle, LPTSTR *primaryGroup);

BOOL getGroups(HANDLE tokenHandle, PDWORD numGroups, LPTSTR **groups);

BOOL getImpersonationToken(PHANDLE impersonationToken);

BOOL getTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen);

void DisplayErrorText(DWORD dwLastError);

JNIEXPORT void JNICALL

Java_com_sun_security_auth_module_NTSystem_getCurrent

    (JNIEnv *env, jobject obj, jboolean debugNative) {

    long i, j = 0;

    HANDLE tokenHandle = INVALID_HANDLE_VALUE;

    BOOL systemError = FALSE;

    LPTSTR userName = NULL;             // user name

    LPTSTR userSid = NULL;              // user sid

    LPTSTR domainName = NULL;           // domain name

    LPTSTR domainSid = NULL;            // domain sid

    LPTSTR primaryGroup = NULL;         // primary group sid

    DWORD numGroups = 0;                // num groups

    LPTSTR *groups = NULL;              // groups array

    long pIndex = -1;                   // index of primaryGroup in groups array

    HANDLE impersonationToken = 0;      // impersonation token

    jfieldID fid;

    jstring jstr;

    jobjectArray jgroups;

    jclass stringClass = 0;

    jclass cls = (*env)->GetObjectClass(env, obj);

    debug = debugNative;

    // get NT information first

    if (debug) {

        printf("getting access token\n");

    }

    if (getToken(&tokenHandle) == FALSE) {

        return;

    }

    if (debug) {

        printf("getting user info\n");

    }

    if (getUser

        (tokenHandle, &userName, &domainName, &userSid, &domainSid) == FALSE) {

        return;

    }

    if (debug) {

        printf("getting primary group\n");

    }

    if (getPrimaryGroup(tokenHandle, &primaryGroup) == FALSE) {

        return;

    }

    if (debug) {

        printf("getting supplementary groups\n");

    }

    if (getGroups(tokenHandle, &numGroups, &groups) == FALSE) {

        return;

    }

    if (debug) {

        printf("getting impersonation token\n");

    }

    if (getImpersonationToken(&impersonationToken) == FALSE) {

        return;

    }

    // then set values into NTSystem

    fid = (*env)->GetFieldID(env, cls, "userName", "Ljava/lang/String;");

    if (fid == 0) {

        jclass newExcCls =

            (*env)->FindClass(env, "java/lang/IllegalArgumentException");

        if (newExcCls == 0) {

            // Unable to find exception class

            systemError = TRUE;

            goto out;

        }

        (*env)->ThrowNew(env, newExcCls, "invalid field: userName");

    }

    jstr = (*env)->NewStringUTF(env, userName);

    (*env)->SetObjectField(env, obj, fid, jstr);

    fid = (*env)->GetFieldID(env, cls, "userSID", "Ljava/lang/String;");

    if (fid == 0) {

        jclass newExcCls =

            (*env)->FindClass(env, "java/lang/IllegalArgumentException");

        if (newExcCls == 0) {

            systemError = TRUE;

            goto out;

        }

        (*env)->ThrowNew(env, newExcCls, "invalid field: userSID");

    }

    jstr = (*env)->NewStringUTF(env, userSid);

    (*env)->SetObjectField(env, obj, fid, jstr);

    fid = (*env)->GetFieldID(env, cls, "domain", "Ljava/lang/String;");

    if (fid == 0) {

        jclass newExcCls =

            (*env)->FindClass(env, "java/lang/IllegalArgumentException");

        if (newExcCls == 0) {

            systemError = TRUE;

            goto out;

        }

        (*env)->ThrowNew(env, newExcCls, "invalid field: domain");

    }

    jstr = (*env)->NewStringUTF(env, domainName);

    (*env)->SetObjectField(env, obj, fid, jstr);

    if (domainSid != NULL) {

        fid = (*env)->GetFieldID(env, cls, "domainSID", "Ljava/lang/String;");

        if (fid == 0) {

            jclass newExcCls =

                (*env)->FindClass(env, "java/lang/IllegalArgumentException");

            if (newExcCls == 0) {

                systemError = TRUE;

                goto out;

            }

            (*env)->ThrowNew(env, newExcCls, "invalid field: domainSID");

        }

        jstr = (*env)->NewStringUTF(env, domainSid);

        (*env)->SetObjectField(env, obj, fid, jstr);

    }

    fid = (*env)->GetFieldID(env, cls, "primaryGroupID", "Ljava/lang/String;");

    if (fid == 0) {

        jclass newExcCls =

            (*env)->FindClass(env, "java/lang/IllegalArgumentException");

        if (newExcCls == 0) {

            systemError = TRUE;

            goto out;

        }

        (*env)->ThrowNew(env, newExcCls, "invalid field: PrimaryGroupID");

    }

    jstr = (*env)->NewStringUTF(env, primaryGroup);

    (*env)->SetObjectField(env, obj, fid, jstr);

    // primary group may or may not be part of supplementary groups

    for (i = 0; i < (long)numGroups; i++) {

        if (strcmp(primaryGroup, groups[i]) == 0) {

            // found primary group in groups array

            pIndex = i;

            break;

        }

    }

    if (numGroups == 0 || (pIndex == 0 && numGroups == 1)) {

        // primary group is only group in groups array

        if (debug) {

            printf("no secondary groups\n");

        }

    } else {

        // the groups array is non-empty,

        // and may or may not contain the primary group

        fid = (*env)->GetFieldID(env, cls, "groupIDs", "[Ljava/lang/String;");

        if (fid == 0) {

            jclass newExcCls =

                (*env)->FindClass(env, "java/lang/IllegalArgumentException");

            if (newExcCls == 0) {

                systemError = TRUE;

                goto out;

            }

            (*env)->ThrowNew(env, newExcCls, "invalid field: groupIDs");

        }

        stringClass = (*env)->FindClass(env, "java/lang/String");

        if (stringClass == 0) {

            goto out;

        }

        if (pIndex == -1) {

            // primary group not in groups array

            jgroups = (*env)->NewObjectArray(env, numGroups, stringClass, 0);

        } else {

            // primary group in groups array -

            // allocate one less array entry and do not add into new array

            jgroups = (*env)->NewObjectArray(env, numGroups-1, stringClass, 0);

        }

        for (i = 0, j = 0; i < (long)numGroups; i++) {

            if (pIndex == i) {

                // continue if equal to primary group

                continue;

            }

            jstr = (*env)->NewStringUTF(env, groups[i]);

            (*env)->SetObjectArrayElement(env, jgroups, j++, jstr);

        }

        (*env)->SetObjectField(env, obj, fid, jgroups);

    }

    fid = (*env)->GetFieldID(env, cls, "impersonationToken", "J");

    if (fid == 0) {

        jclass newExcCls =

            (*env)->FindClass(env, "java/lang/IllegalArgumentException");

        if (newExcCls == 0) {

            systemError = TRUE;

            goto out;

        }

        (*env)->ThrowNew(env, newExcCls, "invalid field: impersonationToken");

    }

    (*env)->SetLongField(env, obj, fid, (jlong)impersonationToken);

out:

    if (userName != NULL) {

        HeapFree(GetProcessHeap(), 0, userName);

    }

    if (domainName != NULL) {

        HeapFree(GetProcessHeap(), 0, domainName);

    }

    if (userSid != NULL) {

        HeapFree(GetProcessHeap(), 0, userSid);

    }

    if (domainSid != NULL) {

        HeapFree(GetProcessHeap(), 0, domainSid);

    }

    if (primaryGroup != NULL) {

        HeapFree(GetProcessHeap(), 0, primaryGroup);

    }

    if (groups != NULL) {

        for (i = 0; i < (long)numGroups; i++) {

            if (groups[i] != NULL) {

                HeapFree(GetProcessHeap(), 0, groups[i]);

            }

        }

        HeapFree(GetProcessHeap(), 0, groups);

    }

    if (systemError && debug) {

        printf("  [getCurrent] System Error: ");

        printf("unable to find IllegalArgumentException class\n");

    }

    return;

}

BOOL getToken(PHANDLE tokenHandle) {

    // first try the thread token

    if (OpenThreadToken(GetCurrentThread(),

                        TOKEN_READ,

                        FALSE,

                        tokenHandle) == 0) {

        if (debug) {

            printf("  [getToken] OpenThreadToken error [%d]: ", GetLastError());

            DisplayErrorText(GetLastError());

        }

        // next try the process token

        if (OpenProcessToken(GetCurrentProcess(),

                        TOKEN_READ,

                        tokenHandle) == 0) {

            if (debug) {

                printf("  [getToken] OpenProcessToken error [%d]: ",

                        GetLastError());

                DisplayErrorText(GetLastError());

            }

            return FALSE;

        }

    }

    if (debug) {

        printf("  [getToken] got user access token\n");

    }

    return TRUE;

}

BOOL getUser(HANDLE tokenHandle, LPTSTR *userName,

        LPTSTR *domainName, LPTSTR *userSid, LPTSTR *domainSid) {

    BOOL error = FALSE;

    DWORD bufSize = 0;

    DWORD buf2Size = 0;

    DWORD retBufSize = 0;

    PTOKEN_USER tokenUserInfo = NULL;   // getTokenInformation

    SID_NAME_USE nameUse;               // LookupAccountSid

    PSID dSid = NULL;

    LPTSTR domainSidName = NULL;

    // get token information

    GetTokenInformation(tokenHandle,

                        TokenUser,

                        NULL,   // TokenInformation - if NULL get buffer size

                        0,      // since TokenInformation is NULL

                        &bufSize);

    tokenUserInfo = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), 0, bufSize);

    if (GetTokenInformation(tokenHandle,

                        TokenUser,

                        tokenUserInfo,

                        bufSize,

                        &retBufSize) == 0) {

        if (debug) {

            printf("  [getUser] GetTokenInformation error [%d]: ",

                GetLastError());

            DisplayErrorText(GetLastError());

        }

        error = TRUE;

        goto out;

    }

    if (debug) {

        printf("  [getUser] Got TokenUser info\n");

    }

    // get userName

    bufSize = 0;

    buf2Size = 0;

    LookupAccountSid(NULL,      // local host

                tokenUserInfo->User.Sid,

                NULL,

                &bufSize,

                NULL,

                &buf2Size,

                &nameUse);

    *userName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);

    *domainName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, buf2Size);

    if (LookupAccountSid(NULL,  // local host

                tokenUserInfo->User.Sid,

                *userName,

                &bufSize,

                *domainName,

                &buf2Size,

                &nameUse) == 0) {

        if (debug) {

            printf("  [getUser] LookupAccountSid error [%d]: ",

                GetLastError());

            DisplayErrorText(GetLastError());

        }

        error = TRUE;

        goto out;

    }

    if (debug) {

        printf("  [getUser] userName: %s, domainName = %s\n",

                *userName, *domainName);

    }

    bufSize = 0;

    getTextualSid(tokenUserInfo->User.Sid, NULL, &bufSize);

    *userSid = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);

    getTextualSid(tokenUserInfo->User.Sid, *userSid, &bufSize);

    if (debug) {

        printf("  [getUser] userSid: %s\n", *userSid);

    }

    // get domainSid

    bufSize = 0;

    buf2Size = 0;

    LookupAccountName(NULL,     // local host

                *domainName,

                NULL,

                &bufSize,

                NULL,

                &buf2Size,

                &nameUse);

    dSid = (PSID)HeapAlloc(GetProcessHeap(), 0, bufSize);

    domainSidName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, buf2Size);

    if (LookupAccountName(NULL, // local host

                *domainName,

                dSid,

                &bufSize,

                domainSidName,

                &buf2Size,

                &nameUse) == 0) {

        if (debug) {

            printf("  [getUser] LookupAccountName error [%d]: ",

                GetLastError());

            DisplayErrorText(GetLastError());

        }

        // ok not to have a domain SID (no error)

        goto out;

    }

    bufSize = 0;

    getTextualSid(dSid, NULL, &bufSize);

    *domainSid = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);

    getTextualSid(dSid, *domainSid, &bufSize);

    if (debug) {

        printf("  [getUser] domainSid: %s\n", *domainSid);

    }

out:

    if (tokenUserInfo != NULL) {

        HeapFree(GetProcessHeap(), 0, tokenUserInfo);

    }

    if (dSid != NULL) {

        HeapFree(GetProcessHeap(), 0, dSid);

    }

    if (domainSidName != NULL) {

        HeapFree(GetProcessHeap(), 0, domainSidName);

    }

    if (error) {

        return FALSE;

    }

    return TRUE;

}

BOOL getPrimaryGroup(HANDLE tokenHandle, LPTSTR *primaryGroup) {

    BOOL error = FALSE;

    DWORD bufSize = 0;

    DWORD retBufSize = 0;

    PTOKEN_PRIMARY_GROUP tokenGroupInfo = NULL;

    // get token information

    GetTokenInformation(tokenHandle,

                        TokenPrimaryGroup,

                        NULL,   // TokenInformation - if NULL get buffer size

                        0,      // since TokenInformation is NULL

                        &bufSize);

    tokenGroupInfo = (PTOKEN_PRIMARY_GROUP)HeapAlloc

                        (GetProcessHeap(), 0, bufSize);

    if (GetTokenInformation(tokenHandle,

                        TokenPrimaryGroup,

                        tokenGroupInfo,

                        bufSize,

                        &retBufSize) == 0) {

        if (debug) {

            printf("  [getPrimaryGroup] GetTokenInformation error [%d]: ",

                GetLastError());

            DisplayErrorText(GetLastError());

        }

        error = TRUE;

        goto out;

    }

    if (debug) {

        printf("  [getPrimaryGroup] Got TokenPrimaryGroup info\n");

    }

    bufSize = 0;

    getTextualSid(tokenGroupInfo->PrimaryGroup, NULL, &bufSize);

    *primaryGroup = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);

    getTextualSid(tokenGroupInfo->PrimaryGroup, *primaryGroup, &bufSize);

    if (debug) {

        printf("  [getPrimaryGroup] primaryGroup: %s\n", *primaryGroup);

    }

out:

    if (tokenGroupInfo != NULL) {

        HeapFree(GetProcessHeap(), 0, tokenGroupInfo);

    }

    if (error) {

        return FALSE;

    }

    return TRUE;

}

BOOL getGroups(HANDLE tokenHandle, PDWORD numGroups, LPTSTR **groups) {

    BOOL error = FALSE;

    DWORD bufSize = 0;

    DWORD retBufSize = 0;

    long i = 0;

    PTOKEN_GROUPS tokenGroupInfo = NULL;

    // get token information

    GetTokenInformation(tokenHandle,

                        TokenGroups,

                        NULL,   // TokenInformation - if NULL get buffer size

                        0,      // since TokenInformation is NULL

                        &bufSize);

    tokenGroupInfo = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(), 0, bufSize);

    if (GetTokenInformation(tokenHandle,

                        TokenGroups,

                        tokenGroupInfo,

                        bufSize,

                        &retBufSize) == 0) {

        if (debug) {

            printf("  [getGroups] GetTokenInformation error [%d]: ",

                GetLastError());

            DisplayErrorText(GetLastError());

        }

        error = TRUE;

        goto out;

    }