inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

filesys enterpise files

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2748 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Paul Holmes-Higgin
2006-05-03 20:15:10 +00:00
parent 231cfc3fa1
commit 7669f098bc
20 changed files with 9387 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

426
source/java/org/alfresco/filesys/server/auth/ntlm/AlfrescoAuthenticator.java Normal file
View File

@@ -0,0 +1,426 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
import java.security.NoSuchAlgorithmException;
import net.sf.acegisecurity.Authentication;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.auth.ClientInfo;
import org.alfresco.filesys.server.auth.SrvAuthenticator;
import org.alfresco.filesys.smb.server.SMBSrvSession;
import org.alfresco.filesys.util.DataPacker;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
/**
* Alfresco Authenticator Class
*
* <p>The Alfresco authenticator implementation enables user level security mode using the Alfresco authentication
* component.
*
* <p>Note: Switching off encrypted password support will cause later NT4 service pack releases and
* Win2000 to refuse to connect to the server without a registry update on the client.
*
* @author GKSpencer
*/
public class AlfrescoAuthenticator extends SrvAuthenticator
{
/**
* Default Constructor
*
* <p>Default to user mode security with encrypted password support.
*/
public AlfrescoAuthenticator()
{
setAccessMode(SrvAuthenticator.USER_MODE);
setEncryptedPasswords(true);
}
/**
* Validate that the authentication component supports the required mode
*
* @return boolean
*/
protected boolean validateAuthenticationMode()
{
// Make sure the authentication component supports MD4 hashed passwords or passthru mode
if ( m_authComponent.getNTLMMode() != NTLMMode.MD4_PROVIDER &&
m_authComponent.getNTLMMode() != NTLMMode.PASS_THROUGH)
return false;
return true;
}
/**
* Authenticate a user
*
* @param client Client information
* @param sess Server session
* @param alg Encryption algorithm
*/
public int authenticateUser(ClientInfo client, SrvSession sess, int alg)
{
// Check if this is an SMB/CIFS null session logon.
//
// The null session will only be allowed to connect to the IPC$ named pipe share.
if (client.isNullSession() && sess instanceof SMBSrvSession)
{
// Debug
if ( logger.isDebugEnabled())
logger.debug("Null CIFS logon allowed");
return SrvAuthenticator.AUTH_ALLOW;
}
// Check if the client is already authenticated, and it is not a null logon
if ( client.getAuthenticationToken() != null && client.getLogonType() != ClientInfo.LogonNull)
{
// Use the existing authentication token
m_authComponent.setCurrentUser(client.getUserName());
// Debug
if ( logger.isDebugEnabled())
logger.debug("Re-using existing authentication token");
// Return the authentication status
return client.getLogonType() != ClientInfo.LogonGuest ? AUTH_ALLOW : AUTH_GUEST;
}
// Check if this is a guest logon
int authSts = AUTH_DISALLOW;
if ( client.isGuest() || client.getUserName().equalsIgnoreCase(getGuestUserName()))
{
// Check if guest logons are allowed
if ( allowGuest() == false)
return AUTH_DISALLOW;
// Get a guest authentication token
doGuestLogon( client, sess);
// Indicate logged on as guest
authSts = AUTH_GUEST;
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Authenticated user " + client.getUserName() + " sts=" + getStatusAsString(authSts));
// Return the guest status
return authSts;
}
// Check if MD4 or passthru mode is configured
else if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
{
// Perform local MD4 password check
authSts = doMD4UserAuthentication(client, sess, alg);
}
else
{
// Perform passthru authentication password check
authSts = doPassthruUserAuthentication(client, sess, alg);
}
// Check if the logon status indicates a guest logon
if ( authSts == AUTH_GUEST)
{
// Only allow the guest logon if user mapping is enabled
if ( mapUnknownUserToGuest())
{
// Logon as guest, setup the security context
doGuestLogon( client, sess);
}
else
{
// Do not allow the guest logon
authSts = AUTH_DISALLOW;
}
}
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Authenticated user " + client.getUserName() + " sts=" + getStatusAsString(authSts) +
" via " + (m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER ? "MD4" : "Passthru"));
// Return the authentication status
return authSts;
}
/**
* Generate a challenge key
*
* @param sess SrvSession
* @return byte[]
*/
public byte[] getChallengeKey(SrvSession sess)
{
// In MD4 mode we generate the challenge locally
byte[] key = null;
// Check if the client is already authenticated, and it is not a null logon
if ( sess.hasClientInformation() && sess.getClientInformation().getAuthenticationToken() != null &&
sess.getClientInformation().getLogonType() != ClientInfo.LogonNull)
{
// Return the previous challenge, user is already authenticated
key = sess.getChallengeKey();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Re-using existing challenge, already authenticated");
}
else if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
{
// Generate a new challenge key, pack the key and return
key = new byte[8];
DataPacker.putIntelLong(m_random.nextLong(), key, 0);
}
else
{
// Create an authentication token for the session
NTLMPassthruToken authToken = new NTLMPassthruToken();
// Run the first stage of the passthru authentication to get the challenge
m_authComponent.authenticate( authToken);
// Save the authentication token for the second stage of the authentication
sess.setAuthenticationToken(authToken);
// Get the challenge from the token
if ( authToken.getChallenge() != null)
key = authToken.getChallenge().getBytes();
}
// Return the challenge
return key;
}
/**
* Perform MD4 user authentication
*
* @param client Client information
* @param sess Server session
* @param alg Encryption algorithm
* @return int
*/
private final int doMD4UserAuthentication(ClientInfo client, SrvSession sess, int alg)
{
// Get the stored MD4 hashed password for the user, or null if the user does not exist
String md4hash = m_authComponent.getMD4HashedPassword(client.getUserName());
if ( md4hash != null)
{
// Check if the client has supplied an NTLM hashed password, if not then do not allow access
if ( client.getPassword() == null)
return SrvAuthenticator.AUTH_BADPASSWORD;
try
{
// Generate the local encrypted password using the challenge that was sent to the client
byte[] p21 = new byte[21];
byte[] md4byts = m_md4Encoder.decodeHash(md4hash);
System.arraycopy(md4byts, 0, p21, 0, 16);
// Generate the local hash of the password using the same challenge
byte[] localHash = getEncryptor().doNTLM1Encryption(p21, sess.getChallengeKey());
// Validate the password
byte[] clientHash = client.getPassword();
if ( clientHash == null || clientHash.length != localHash.length)
return SrvAuthenticator.AUTH_BADPASSWORD;
for ( int i = 0; i < clientHash.length; i++)
{
if ( clientHash[i] != localHash[i])
return SrvAuthenticator.AUTH_BADPASSWORD;
}
// Set the current user to be authenticated, save the authentication token
client.setAuthenticationToken( m_authComponent.setCurrentUser(client.getUserName()));
// Get the users home folder node, if available
getHomeFolderForUser( client);
// Passwords match, grant access
return SrvAuthenticator.AUTH_ALLOW;
}
catch (NoSuchAlgorithmException ex)
{
}
// Error during password check, do not allow access
return SrvAuthenticator.AUTH_DISALLOW;
}
// Check if this is an SMB/CIFS null session logon.
//
// The null session will only be allowed to connect to the IPC$ named pipe share.
if (client.isNullSession() && sess instanceof SMBSrvSession)
return SrvAuthenticator.AUTH_ALLOW;
// User does not exist, check if guest access is allowed
return allowGuest() ? SrvAuthenticator.AUTH_GUEST : SrvAuthenticator.AUTH_DISALLOW;
}
/**
* Perform passthru user authentication
*
* @param client Client information
* @param sess Server session
* @param alg Encryption algorithm
* @return int
*/
private final int doPassthruUserAuthentication(ClientInfo client, SrvSession sess, int alg)
{
// Get the authentication token for the session
NTLMPassthruToken authToken = (NTLMPassthruToken) sess.getAuthenticationToken();
if ( authToken == null)
return SrvAuthenticator.AUTH_DISALLOW;
// Get the appropriate hashed password for the algorithm
int authSts = SrvAuthenticator.AUTH_DISALLOW;
byte[] hashedPassword = null;
if ( alg == NTLM1)
hashedPassword = client.getPassword();
else if ( alg == LANMAN)
hashedPassword = client.getANSIPassword();
else
{
// Invalid/unsupported algorithm specified
return SrvAuthenticator.AUTH_DISALLOW;
}
// Set the username and hashed password in the authentication token
authToken.setUserAndPassword( client.getUserName(), hashedPassword, alg);
// Authenticate the user
Authentication genAuthToken = null;
try
{
// Run the second stage of the passthru authentication
genAuthToken = m_authComponent.authenticate( authToken);
// Check if the user has been logged on as a guest
if (authToken.isGuestLogon())
{
// Check if the local server allows guest access
if (allowGuest() == true)
{
// Allow the user access as a guest
authSts = SrvAuthenticator.AUTH_GUEST;
}
}
else
{
// Allow the user full access to the server
authSts = SrvAuthenticator.AUTH_ALLOW;
}
// Set the current user to be authenticated, save the authentication token
client.setAuthenticationToken( genAuthToken);
// Get the users home folder node, if available
getHomeFolderForUser( client);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Auth token " + genAuthToken);
}
catch ( Exception ex)
{
logger.error("Error during passthru authentication", ex);
}
// Clear the authentication token
sess.setAuthenticationToken(null);
// Return the authentication status
return authSts;
}
}

72
source/java/org/alfresco/filesys/server/auth/ntlm/NTLM.java Normal file
View File

@@ -0,0 +1,72 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
/**
* NTLM Constants Class
*
* @author GKSpencer
*/
public class NTLM
{
// Signature
public static final byte[] Signature = "NTLMSSP\u0000".getBytes();
// Message types
public static final int Type1 = 1;
public static final int Type2 = 2;
public static final int Type3 = 3;
// NTLM flags
public static final int FlagNegotiateUnicode = 0x00000001;
public static final int FlagNegotiateOEM = 0x00000002;
public static final int FlagRequestTarget = 0x00000004;
public static final int FlagNegotiateSign = 0x00000010;
public static final int FlagNegotiateSeal = 0x00000020;
public static final int FlagDatagramStyle = 0x00000040;
public static final int FlagLanManKey = 0x00000080;
public static final int FlagNegotiateNTLM = 0x00000200;
public static final int FlagDomainSupplied = 0x00001000;
public static final int FlagWorkstationSupplied = 0x00002000;
public static final int FlagLocalCall = 0x00004000;
public static final int FlagAlwaysSign = 0x00008000;
public static final int FlagTypeDomain = 0x00010000;
public static final int FlagTypeServer = 0x00020000;
public static final int FlagTypeShare = 0x00040000;
public static final int FlagNTLM2Key = 0x00080000;
public static final int FlagTargetInfo = 0x00800000;
public static final int Flag128Bit = 0x20000000;
public static final int FlagKeyExchange = 0x40000000;
public static final int Flag56Bit = 0x80000000;
// Target information types
public static final int TargetServer = 0x0001;
public static final int TargetDomain = 0x0002;
public static final int TargetFullDNS = 0x0003;
public static final int TargetDNSDomain = 0x0004;
}

301
source/java/org/alfresco/filesys/server/auth/ntlm/NTLMLogonDetails.java Normal file
View File

@@ -0,0 +1,301 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
import java.util.Date;
import net.sf.acegisecurity.Authentication;
/**
* NTLM Logon Details Class
*
* <p>Contains the details from the NTLM authentication session that was used to authenticate a user.
*
* @author GKSpencer
*/
public class NTLMLogonDetails
{
// User name, workstation name and domain
private String m_user;
private String m_workstation;
private String m_domain;
// Authentication server name/address
private String m_authSrvAddr;
// Date/time the user was authenticated
private long m_authTime;
// User logged on via guest access
private boolean m_guestAccess;
// Cached type 2 NTLM message and copy of the NTLM hash used to successfully logon
private Type2NTLMMessage m_type2Msg;
private byte[] m_ntlmHash;
// Authentication token, used for passthru mode
private Authentication m_authToken;
/**
* Default constructor
*/
public NTLMLogonDetails()
{
}
/**
* Class constructor
*
* @param user String
* @param wks String
* @param domain String
* @param guest boolean
* @param authSrv String
*/
public NTLMLogonDetails(String user, String wks, String domain, boolean guest, String authSrv)
{
setDetails(user, wks, domain, guest, authSrv);
}
/**
* Return the user name
*
* @return String
*/
public final String getUserName()
{
return m_user;
}
/**
* Return the workstation name
*
* @return String
*/
public final String getWorkstation()
{
return m_workstation;
}
/**
* Return the domain name
*
* @return String
*/
public final String getDomain()
{
return m_domain;
}
/**
* Return the authentication server name/address
*
* @return String
*/
public final String getAuthenticationServer()
{
return m_authSrvAddr;
}
/**
* Return the date/time the user was authenticated
*
* @return long
*/
public final long authenticatedAt()
{
return m_authTime;
}
/**
* Determine if the type 2 NTLM message has been cached
*
* @return boolean
*/
public final boolean hasType2Message()
{
return m_type2Msg != null ? true : false;
}
/**
* Return the cached type 2 NTLM message
*
* @return Type2NTLMMessage
*/
public final Type2NTLMMessage getType2Message()
{
return m_type2Msg;
}
/**
* Determine if there is a cached NTLM hashed password
*
* @return boolean
*/
public final boolean hasNTLMHashedPassword()
{
return m_ntlmHash != null ? true : false;
}
/**
* Return the cached NTLM hashed password
*
* @return byte[]
*/
public final byte[] getNTLMHashedPassword()
{
return m_ntlmHash;
}
/**
* Return the challenge key from the type2 message
*
* @return byte[]
*/
public final byte[] getChallengeKey()
{
if ( m_type2Msg != null)
return m_type2Msg.getChallenge();
return null;
}
/**
* Determine if the passthru authentication token is valid
*
* @return boolean
*/
public final boolean hasAuthenticationToken()
{
return m_authToken != null ? true : false;
}
/**
* Return the authentication token
*
* @return Authentication
*/
public final Authentication getAuthenticationToken()
{
return m_authToken;
}
/**
* Set the authentication date/time
*
* @param authTime long
*/
public final void setAuthenticatedAt(long authTime)
{
m_authTime = authTime;
}
/**
* Set the client details
*
* @param user String
* @param wks String
* @param domain String
* @param guest boolean
* @param authSrv String
*/
public final void setDetails(String user, String wks, String domain, boolean guest, String authSrv)
{
m_user = user;
m_workstation = wks;
m_domain = domain;
m_authSrvAddr = authSrv;
m_guestAccess = guest;
m_authTime = System.currentTimeMillis();
}
/**
* Set the type 2 NTLM message
*
* @param type2 Type2NTLMMessage
*/
public final void setType2Message(Type2NTLMMessage type2)
{
m_type2Msg = type2;
}
/**
* Set the cached NTLM hashed password
*
* @param ntlmHash byte[]
*/
public final void setNTLMHashedPassword(byte[] ntlmHash)
{
m_ntlmHash = ntlmHash;
}
/**
* Set the passthru authentication token
*
* @param token Authentication
*/
public final void setAuthenticationToken(Authentication token)
{
m_authToken = token;
}
/**
* Return the NTLM logon details as a string
*
* @return String
*/
public String toString()
{
StringBuilder str = new StringBuilder();
str.append("[");
str.append(getUserName());
str.append(",Wks:");
str.append(getWorkstation());
str.append(",Dom:");
str.append(getDomain());
str.append(",AuthSrv:");
str.append(getAuthenticationServer());
str.append(",");
str.append(new Date(authenticatedAt()));
if ( hasAuthenticationToken())
{
str.append(",token=");
str.append(getAuthenticationToken());
}
str.append("]");
return str.toString();
}
}

535
source/java/org/alfresco/filesys/server/auth/ntlm/NTLMMessage.java Normal file
View File

@@ -0,0 +1,535 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
import java.io.UnsupportedEncodingException;
import org.alfresco.filesys.util.DataPacker;
/**
* NTLM Message Types Base Class
*
* @author GKSpencer
*/
public abstract class NTLMMessage
{
// Default buffer size to allocate
private static final int DefaultBlobSize = 256;
// Field offsets
public static final int OffsetSignature = 0;
public static final int OffsetType = 8;
// Buffer header length
public static final int BufferHeaderLen = 8;
// Buffer, offset and lenght of the NTLM blob
private byte[] m_buf;
private int m_offset;
private int m_len;
/**
* Default constructor
*/
protected NTLMMessage()
{
// Allocate a buffer
m_buf = new byte[DefaultBlobSize];
m_len = DefaultBlobSize;
}
/**
* Class constructor
*
* @param buf byte[]
* @param offset int
* @param len int
*/
protected NTLMMessage(byte[] buf, int offset, int len)
{
m_buf = buf;
m_offset = offset;
m_len = len;
}
/**
* Return the message type
*
* @return int
*/
public final int isMessageType()
{
return DataPacker.getIntelInt(m_buf, m_offset + OffsetType);
}
/**
* Return the message flags
*
* @return int
*/
public abstract int getFlags();
/**
* Return the state of the specified flag
*
* @param flag int
* @return boolean
*/
public final boolean hasFlag(int flag)
{
return (getFlags() & flag) != 0 ? true : false;
}
/**
* Return the message length
*
* @return int
*/
public int getLength()
{
return m_len;
}
/**
* Set the message type
*
* @param typ int
*/
public final void setMessageType(int typ)
{
DataPacker.putIntelInt(typ, m_buf, m_offset + OffsetType);
}
/**
* Copy the NTLM blob data from the specified buffer
*
* @param buf byte[]
* @param offset int
* @param len int
*/
public final void copyFrom(byte[] buf, int offset, int len)
{
// Allocate a new buffer, if required
if ( m_buf == null || m_offset != 0 || m_buf.length < len)
m_buf = new byte[len];
// Copy the security blob data
System.arraycopy(buf, offset, m_buf, 0, len);
}
/**
* Return the NTLM message as a byte array
*
* @return byte[]
*/
public final byte[] getBytes()
{
byte[] byts = new byte[getLength()];
System.arraycopy(m_buf, m_offset, byts, 0, getLength());
return byts;
}
/**
* Set the message flags
*
* @param flags int
*/
protected abstract void setFlags(int flags);
/**
* Initialize the blob
*
* @param typ int
* @param flags int
*/
protected void initializeHeader(int typ, int flags)
{
// Set the signature
System.arraycopy( NTLM.Signature, 0, m_buf, m_offset, NTLM.Signature.length);
setMessageType(typ);
setFlags(flags);
}
/**
* Return a short/16bit value
*
* @param offset int
* @return int
*/
protected final int getShortValue(int offset)
{
return DataPacker.getIntelShort(m_buf, m_offset + offset);
}
/**
* Return an int/32bit value
*
* @param offset int
* @return int
*/
protected final int getIntValue(int offset)
{
return DataPacker.getIntelInt(m_buf, m_offset + offset);
}
/**
* Return the offset for a byte value
*
* @param offset int
* @return int
*/
protected final int getByteOffset(int offset)
{
return getIntValue(m_offset + offset + 4);
}
/**
* Return a byte value that has a header
*
* @param offset int
* @return byte[]
*/
protected final byte[] getByteValue(int offset)
{
// Get the byte block length
int bLen = getShortValue(m_offset + offset);
if ( bLen == 0)
return null;
int bOff = getIntValue(m_offset + offset + 4);
return getRawBytes(bOff, bLen);
}
/**
* Return a block of byte data
*
* @param offset int
* @param len int
* @return byte[]
*/
protected final byte[] getRawBytes(int offset, int len)
{
byte[] byts = new byte[len];
System.arraycopy(m_buf, m_offset + offset, byts, 0, len);
return byts;
}
/**
* Return the length of a string
*
* @param offset int
* @return int
*/
protected final int getStringLength(int offset)
{
int bufpos = m_offset + offset;
if ( bufpos + 2 > m_len)
return -1;
return DataPacker.getIntelShort(m_buf, bufpos);
}
/**
* Return the allocated length of a string
*
* @param offset int
* @return int
*/
protected final int getStringAllocatedLength(int offset)
{
int bufpos = m_offset + offset;
if ( bufpos + 8 > m_len)
return -1;
return DataPacker.getIntelShort(m_buf, bufpos + 2);
}
/**
* Return the string data offset
*
* @param offset int
* @return int
*/
protected final int getStringOffset(int offset)
{
int bufpos = m_offset + offset;
if ( bufpos + 8 > m_len)
return -1;
return DataPacker.getIntelInt(m_buf, bufpos + 4);
}
/**
* Return a string value
*
* @param offset int
* @param isuni boolean
* @return String
*/
protected final String getStringValue(int offset, boolean isuni)
{
int bufpos = m_offset + offset;
if ( offset + 8 > m_len)
return null;
// Get the offset to the string
int len = DataPacker.getIntelShort(m_buf, bufpos);
int pos = DataPacker.getIntelInt(m_buf, bufpos + 4);
// Get the string value
if ( pos + len > m_len)
return null;
// if ( isuni)
// len = len / 2;
// Unpack the string
String str = null;
try
{
str = new String(m_buf, m_offset + pos, len, isuni ? "UnicodeLittle" : "US-ASCII");
}
catch (UnsupportedEncodingException ex)
{
ex.printStackTrace();
}
return str;
}
/**
* Return a raw string
*
* @param offset int
* @param len int
* @param isuni boolean
* @return String
*/
protected final String getRawString(int offset, int len, boolean isuni)
{
return DataPacker.getString(m_buf, m_offset + offset, len, isuni);
}
/**
* Set a short/16bit value
*
* @param offset int
* @param sval int
*/
protected final void setShortValue(int offset, int sval)
{
DataPacker.putIntelShort(sval, m_buf, m_offset + offset);
}
/**
* Set an int/32bit value
*
* @param offset int
* @param val int
*/
protected final void setIntValue(int offset, int val)
{
DataPacker.putIntelInt(val, m_buf, m_offset + offset);
}
/**
* Set a raw byte value
*
* @param offset int
* @param byts byte[]
*/
protected final void setRawBytes(int offset, byte[] byts)
{
System.arraycopy(byts, 0, m_buf, m_offset + offset, byts.length);
}
/**
* Set raw int values
*
* @param offset int
* @param ints int[]
*/
protected final void setRawInts(int offset, int[] ints)
{
int bufpos = m_offset + offset;
for ( int i = 0; i < ints.length; i++)
{
DataPacker.putIntelInt( ints[i], m_buf, bufpos);
bufpos += 4;
}
}
/**
* Pack a raw string
*
* @param offset int
* @param str String
* @param isuni boolean
* @return int
*/
protected final int setRawString(int offset, String str, boolean isuni)
{
return DataPacker.putString(str, m_buf, m_offset + offset, false, isuni);
}
/**
* Zero out an area of bytes
*
* @param offset int
* @param len int
*/
protected final void zeroBytes(int offset, int len)
{
int bufpos = m_offset + offset;
for ( int i = 0; i < len; i++)
m_buf[bufpos++] = (byte) 0;
}
/**
* Set a byte array value
*
* @param offset int
* @param byts byte[]
* @param dataOffset int
* @return int
*/
protected final int setByteValue(int offset, byte[] byts, int dataOffset)
{
int bytsLen = byts != null ? byts.length : 0;
if ( m_offset + offset + 12 > m_buf.length ||
m_offset + dataOffset + bytsLen > m_buf.length)
throw new ArrayIndexOutOfBoundsException();
// Pack the byte pointer block
DataPacker.putIntelShort(bytsLen, m_buf, m_offset + offset);
DataPacker.putIntelShort(bytsLen, m_buf, m_offset + offset + 2);
DataPacker.putIntelInt(dataOffset, m_buf, m_offset + offset + 4);
// Pack the bytes
if ( bytsLen > 0)
System.arraycopy(byts, 0, m_buf, m_offset + dataOffset, bytsLen);
// Return the new data buffer offset
return dataOffset + DataPacker.wordAlign(bytsLen);
}
/**
* Set a string value
*
* @param offset int
* @param val String
* @param strOffset int
* @param isuni boolean
* @return int
*/
protected final int setStringValue(int offset, String val, int strOffset, boolean isuni)
{
// Get the length in bytes
int len = val.length();
if ( isuni)
len *= 2;
if ( m_offset + offset + 8 > m_buf.length ||
m_offset + strOffset + len > m_buf.length)
throw new ArrayIndexOutOfBoundsException();
// Pack the string pointer block
DataPacker.putIntelShort(len, m_buf, m_offset + offset);
DataPacker.putIntelShort(len, m_buf, m_offset + offset + 2);
DataPacker.putIntelInt(strOffset, m_buf, m_offset + offset + 4);
// Pack the string
return DataPacker.putString(val, m_buf, m_offset + strOffset, false, isuni) - m_offset;
}
/**
* Set the message length
*
* @param len int
*/
protected final void setLength(int len)
{
m_len = len;
}
/**
* Validate and determine the NTLM message type
*
* @param buf byte[]
* @return int
*/
public final static int isNTLMType(byte[] buf)
{
return isNTLMType(buf, 0);
}
/**
* Validate and determine the NTLM message type
*
* @param buf byte[]
* @param offset int
* @return int
*/
public final static int isNTLMType(byte[] buf, int offset)
{
// Validate the buffer
if ( buf == null || buf.length < BufferHeaderLen)
return -1;
for ( int i = 0; i < NTLM.Signature.length; i++)
{
if ( buf[offset + i] != NTLM.Signature[i])
return -1;
}
// Get the NTLM message type
return DataPacker.getIntelInt(buf, offset + OffsetType);
}
}

164
source/java/org/alfresco/filesys/server/auth/ntlm/NTLMMessageTest.java Normal file
View File

@@ -0,0 +1,164 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
import junit.framework.TestCase;
/**
* NTLM Message Test Class
*
* @author GKSpencer
*/
public class NTLMMessageTest extends TestCase
{
/**
* Test type 1 message packing/unpacking
*/
public void testType1Message()
{
// Create a minimal type 1 message
Type1NTLMMessage ntlmMsg = new Type1NTLMMessage();
ntlmMsg.buildType1(0, null, null);
assertEquals("Minimal type 1 message length wrong", 16, ntlmMsg.getLength());
assertFalse("Minimal type 1 message domain supplied flag set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertFalse("Minimal type 1 message workstation supplied flag set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertFalse("Minimal type 1 has domain", ntlmMsg.hasDomain());
assertNull("Minimal type 1 domain not null", ntlmMsg.getDomain());
assertFalse("Minimal type 1 has workstation", ntlmMsg.hasWorkstation());
assertNull("Minimal type 1 workstation not null", ntlmMsg.getWorkstation());
// Use a buffer to build a type 1 message
byte[] buf = new byte[256];
ntlmMsg = new Type1NTLMMessage(buf, 128, 128);
ntlmMsg.buildType1(0, null, null);
assertEquals("Minimal type 1 message length wrong", 16, ntlmMsg.getLength());
assertFalse("Minimal type 1 message domain supplied flag set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertFalse("Minimal type 1 message workstation supplied flag set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertFalse("Minimal type 1 has domain", ntlmMsg.hasDomain());
assertNull("Minimal type 1 domain not null", ntlmMsg.getDomain());
assertFalse("Minimal type 1 has workstation", ntlmMsg.hasWorkstation());
assertNull("Minimal type 1 workstation not null", ntlmMsg.getWorkstation());
// Test type 1 with domain name only
String testDomain = "TESTDOMAIN";
String testWks = "TESTPC";
ntlmMsg = new Type1NTLMMessage();
ntlmMsg.buildType1(0, testDomain, null);
assertTrue("Minimal type 1 message length wrong", ntlmMsg.getLength() > 16);
assertTrue("Minimal type 1 message domain supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertFalse("Minimal type 1 message workstation supplied flag set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertTrue("Minimal type 1 no domain", ntlmMsg.hasDomain());
assertEquals("Minimal type 1 domain not correct", testDomain, ntlmMsg.getDomain());
assertFalse("Minimal type 1 has workstation", ntlmMsg.hasWorkstation());
assertNull("Minimal type 1 workstation not null", ntlmMsg.getWorkstation());
// Test type 1 with domain name only with buffer
ntlmMsg = new Type1NTLMMessage(buf, 128, 128);
ntlmMsg.buildType1(0, testDomain, null);
assertTrue("Minimal type 1 message length wrong", ntlmMsg.getLength() > 16);
assertTrue("Minimal type 1 message domain supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertFalse("Minimal type 1 message workstation supplied flag set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertTrue("Minimal type 1 no domain", ntlmMsg.hasDomain());
assertEquals("Minimal type 1 domain not correct", testDomain, ntlmMsg.getDomain());
assertFalse("Minimal type 1 has workstation", ntlmMsg.hasWorkstation());
assertNull("Minimal type 1 workstation not null", ntlmMsg.getWorkstation());
// Test type 1 with workstation name only
ntlmMsg = new Type1NTLMMessage();
ntlmMsg.buildType1(0, null, testWks);
assertTrue("Minimal type 1 message length wrong", ntlmMsg.getLength() > 16);
assertFalse("Minimal type 1 message domain supplied flag set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertTrue("Minimal type 1 message workstation supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertFalse("Minimal type 1 has domain", ntlmMsg.hasDomain());
assertNull("Minimal type 1 domain not null", ntlmMsg.getDomain());
assertTrue("Minimal type 1 no workstation", ntlmMsg.hasWorkstation());
assertEquals("Minimal type 1 workstation not correct", testWks, ntlmMsg.getWorkstation());
// Test type 1 with domain name only with buffer
ntlmMsg = new Type1NTLMMessage(buf, 128, 128);
ntlmMsg.buildType1(0, null, testWks);
assertTrue("Minimal type 1 message length wrong", ntlmMsg.getLength() > 16);
assertFalse("Minimal type 1 message domain supplied flag set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertTrue("Minimal type 1 message workstation supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertFalse("Minimal type 1 has domain", ntlmMsg.hasDomain());
assertNull("Minimal type 1 domain not null", ntlmMsg.getDomain());
assertTrue("Minimal type 1 no workstation", ntlmMsg.hasWorkstation());
assertEquals("Minimal type 1 workstation not correct", testWks, ntlmMsg.getWorkstation());
// Test type 1 with domain and workstation names
ntlmMsg = new Type1NTLMMessage();
ntlmMsg.buildType1(0, testDomain, testWks);
assertTrue("Minimal type 1 message length wrong", ntlmMsg.getLength() > 16);
assertTrue("Minimal type 1 message domain supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertTrue("Minimal type 1 message workstation supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertTrue("Minimal type 1 has domain", ntlmMsg.hasDomain());
assertEquals("Minimal type 1 domain not correct", testDomain, ntlmMsg.getDomain());
assertTrue("Minimal type 1 no workstation", ntlmMsg.hasWorkstation());
assertEquals("Minimal type 1 workstation not correct", testWks, ntlmMsg.getWorkstation());
// Test type 1 with domain and workstation names, with buffer
ntlmMsg = new Type1NTLMMessage(buf, 128, 128);
ntlmMsg.buildType1(0, testDomain, testWks);
assertTrue("Minimal type 1 message length wrong", ntlmMsg.getLength() > 16);
assertTrue("Minimal type 1 message domain supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagDomainSupplied));
assertTrue("Minimal type 1 message workstation supplied flag not set", ntlmMsg.hasFlag(NTLM.FlagWorkstationSupplied));
assertTrue("Minimal type 1 has domain", ntlmMsg.hasDomain());
assertEquals("Minimal type 1 domain not correct", testDomain, ntlmMsg.getDomain());
assertTrue("Minimal type 1 no workstation", ntlmMsg.hasWorkstation());
assertEquals("Minimal type 1 workstation not correct", testWks, ntlmMsg.getWorkstation());
}
/**
* Test type 2 message packing/unpacking
*/
public void testType2Message()
{
// No tests yet, only receive type 2 from the server
}
/**
* Test type 3 message packing/unpacking
*/
public void testType3Message()
{
}
}

121
source/java/org/alfresco/filesys/server/auth/ntlm/TargetInfo.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
/**
* Target Information Class
*
* <p>Contains the target information from an NTLM message.
*
* @author GKSpencer
*/
public class TargetInfo
{
// Target type and name
private int m_type;
private String m_name;
/**
* Class constructor
*
* @param type int
* @param name String
*/
public TargetInfo(int type, String name)
{
m_type = type;
m_name = name;
}
/**
* Return the target type
*
* @return int
*/
public final int isType()
{
return m_type;
}
/**
* Return the target name
*
* @return String
*/
public final String getName()
{
return m_name;
}
/**
* Return the target information as a string
*
* @return String
*/
public String toString()
{
StringBuilder str = new StringBuilder();
str.append("[");
str.append(getTypeAsString(isType()));
str.append(":");
str.append(getName());
str.append("]");
return str.toString();
}
/**
* Return the target type as a string
*
* @param typ int
* @return String
*/
public final static String getTypeAsString(int typ)
{
String typStr = null;
switch ( typ)
{
case NTLM.TargetServer:
typStr = "Server";
break;
case NTLM.TargetDomain:
typStr = "Domain";
break;
case NTLM.TargetFullDNS:
typStr = "DNS";
break;
case NTLM.TargetDNSDomain:
typStr = "DNS Domain";
break;
default:
typStr = "Unknown 0x" + Integer.toHexString(typ);
break;
}
return typStr;
}
}

215
source/java/org/alfresco/filesys/server/auth/ntlm/Type1NTLMMessage.java Normal file
View File

@@ -0,0 +1,215 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
/**
* Type1 NTLM Message Class
*
* @author GKSpencer
*/
public class Type1NTLMMessage extends NTLMMessage
{
// Minimal type 1 message length
public static final int MinimalMessageLength = 16;
// Type 1 field offsets
public static final int OffsetFlags = 12;
public static final int OffsetData = 16;
/**
* Default constructor
*/
public Type1NTLMMessage()
{
super();
}
/**
* Class constructor
*
* @param buf byte[]
*/
public Type1NTLMMessage(byte[] buf)
{
super(buf, 0, buf.length);
}
/**
* Class constructor
*
* @param buf byte[]
* @param offset int
* @param len int
*/
public Type1NTLMMessage(byte[] buf, int offset, int len)
{
super(buf, offset, len);
}
/**
* Return the flags value
*
* @return int
*/
public int getFlags()
{
return getIntValue(OffsetFlags);
}
/**
* Check if the domain security buffer is included
*
* @return boolean
*/
public final boolean hasDomain()
{
if ( getLength() == MinimalMessageLength || hasFlag(NTLM.FlagDomainSupplied) == false)
return false;
return true;
}
/**
* Return the domain name
*
* @return String
*/
public final String getDomain()
{
if ( hasFlag(NTLM.FlagDomainSupplied) == false)
return null;
return getStringValue(OffsetData, false);
}
/**
* Check if the workstation security buffer is included
*
* @return boolean
*/
public final boolean hasWorkstation()
{
if ( getLength() == MinimalMessageLength || hasFlag(NTLM.FlagWorkstationSupplied) == false)
return false;
return true;
}
/**
* Return the workstation name
*
* @return String
*/
public final String getWorkstation()
{
if ( hasFlag(NTLM.FlagWorkstationSupplied) == false)
return null;
int bufPos = OffsetData;
if ( hasFlag(NTLM.FlagDomainSupplied))
bufPos += BufferHeaderLen;
return getStringValue(bufPos, false);
}
/**
* Build a type 1 message
*
* @param flags int
* @param domain String
* @param workstation String
*/
public final void buildType1(int flags, String domain, String workstation)
{
int bufPos = OffsetData;
int strOff = OffsetData;
if ( domain != null)
strOff += BufferHeaderLen;
if ( workstation != null)
strOff += BufferHeaderLen;
// Pack the domain name
if ( domain != null)
{
strOff = setStringValue(bufPos, domain, strOff, false);
flags |= NTLM.FlagDomainSupplied;
bufPos += BufferHeaderLen;
}
// Pack the workstation name
if ( workstation != null)
{
strOff = setStringValue(bufPos, workstation, strOff, false);
flags |= NTLM.FlagWorkstationSupplied;
}
// Initialize the header/flags
initializeHeader(NTLM.Type1, flags);
// Set the message length
setLength(strOff);
}
/**
* Set the message flags
*
* @param flags int
*/
protected void setFlags(int flags)
{
setIntValue( OffsetFlags, flags);
}
/**
* Return the type 1 message as a string
*
* @return String
*/
public String toString()
{
StringBuilder str = new StringBuilder();
str.append("[Type1:0x");
str.append(Integer.toHexString(getFlags()));
str.append(",Domain:");
if ( hasDomain())
str.append(getDomain());
else
str.append("<NotSet>");
str.append(",Wks:");
if ( hasWorkstation())
str.append(getWorkstation());
else
str.append("<NotSet>");
str.append("]");
return str.toString();
}
}

331
source/java/org/alfresco/filesys/server/auth/ntlm/Type2NTLMMessage.java Normal file
View File

@@ -0,0 +1,331 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
import java.util.ArrayList;
import java.util.List;
import org.alfresco.filesys.util.HexDump;
/**
* Type 2 NTLM Message Class
*
* @author GKSpencer
*/
public class Type2NTLMMessage extends NTLMMessage
{
// Minimal type 2 message length
public static final int MinimalMessageLength = 32;
// Type 2 field offsets
public static final int OffsetTarget = 12;
public static final int OffsetFlags = 20;
public static final int OffsetChallenge = 24;
public static final int OffsetContext = 32;
public static final int OffsetTargetInfo = 40; // optional
/**
* Default constructor
*/
public Type2NTLMMessage()
{
super();
}
/**
* Class constructor
*
* @param buf byte[]
*/
public Type2NTLMMessage(byte[] buf)
{
super(buf, 0, buf.length);
}
/**
* Class constructor
*
* @param buf byte[]
* @param offset int
* @param len int
*/
public Type2NTLMMessage(byte[] buf, int offset, int len)
{
super(buf, offset, len);
}
/**
* Return the flags value
*
* @return int
*/
public int getFlags()
{
return getIntValue(OffsetFlags);
}
/**
* Check if the target name has been set
*
* @return boolean
*/
public final boolean hasTarget()
{
return hasFlag(NTLM.FlagRequestTarget);
}
/**
* Return the target name
*
* @return String
*/
public final String getTarget()
{
return getStringValue(OffsetTarget, hasFlag(NTLM.FlagNegotiateUnicode));
}
/**
* Return the challenge
*
* @return byte[]
*/
public final byte[] getChallenge()
{
return getRawBytes(OffsetChallenge, 8);
}
/**
* Check if the optional context field is present
*
* @return boolean
*/
public final boolean hasContext()
{
return hasFlag(NTLM.FlagLocalCall);
}
/**
* Return the context values
*
* @return int[]
*/
public final int[] getContext()
{
if ( hasContext() == false)
return null;
int[] ctx = new int[2];
ctx[0] = getIntValue(OffsetContext);
ctx[1] = getIntValue(OffsetContext + 4);
return ctx;
}
/**
* Check if target information is present
*
* @return boolean
*/
public final boolean hasTargetInformation()
{
return hasFlag(NTLM.FlagTargetInfo);
}
/**
* Return the target information
*
* @return List<TargetInfo>
*/
public final List<TargetInfo> getTargetInformation()
{
if ( hasTargetInformation() == false)
return null;
// Get the target information block length and offset
int tLen = getStringLength(OffsetTargetInfo);
int tOff = getStringOffset(OffsetTargetInfo);
List<TargetInfo> tList = new ArrayList<TargetInfo>();
if ( tLen == 0)
return tList;
// Unpack the target information structures
int typ = -1;
int slen = -1;
String name = null;
while ( typ != 0)
{
// Unpack the details for the current target
typ = getShortValue(tOff);
slen = getShortValue(tOff + 2);
if ( slen > 0)
name = getRawString(tOff + 4, slen/2, true);
else
name = null;
// Add the details to the list
if ( typ != 0)
tList.add( new TargetInfo(typ, name));
// Update the data offset
tOff += slen + 4;
}
// Return the target list
return tList;
}
/**
* Build a type 2 message
*
* @param flags int
* @param target String
* @param challenge byte[]
* @param ctx byte[]
* @param tList List<TargetInfo>
*/
public final void buildType2(int flags, String target, byte[] challenge, int[] ctx, List<TargetInfo> tList)
{
// Initialize the header/flags
initializeHeader(NTLM.Type2, flags);
// Determine if strings are ASCII or Unicode
boolean isUni = hasFlag(NTLM.FlagNegotiateUnicode);
int strOff = OffsetTargetInfo;
if ( tList != null)
strOff += 8;
// Pack the target name
strOff = setStringValue(OffsetTarget, target, strOff, isUni);
// Pack the challenge and context
if ( challenge != null)
setRawBytes(OffsetChallenge, challenge);
else
zeroBytes(OffsetChallenge, 8);
if ( ctx != null)
setRawInts(OffsetContext, ctx);
else
zeroBytes(OffsetContext, 8);
// Pack the target information, if specified
if ( tList != null)
{
// Clear the target information length and set the data offset
setIntValue(OffsetTargetInfo, 0);
setIntValue(OffsetTargetInfo+4, strOff);
int startOff = strOff;
// Pack the target information structures
for ( TargetInfo tInfo : tList)
{
// Pack the target information structure
setShortValue(strOff, tInfo.isType());
int tLen = tInfo.getName().length();
if ( isUni)
tLen *= 2;
setShortValue(strOff+2, tLen);
strOff = setRawString(strOff+4, tInfo.getName(), isUni);
}
// Add the list terminator
zeroBytes(strOff, 4);
strOff += 4;
// Set the target information block length
setShortValue(OffsetTargetInfo, strOff - startOff);
setShortValue(OffsetTargetInfo+2, strOff - startOff);
}
// Set the message length
setLength(strOff);
}
/**
* Set the message flags
*
* @param flags int
*/
protected void setFlags(int flags)
{
setIntValue( OffsetFlags, flags);
}
/**
* Return the type 2 message as a string
*
* @return String
*/
public String toString()
{
StringBuilder str = new StringBuilder();
str.append("[Type2:0x");
str.append(Integer.toHexString(getFlags()));
str.append(",Target:");
str.append(getTarget());
str.append(",Ch:");
str.append(HexDump.hexString(getChallenge()));
if ( hasTargetInformation())
{
List<TargetInfo> targets = getTargetInformation();
str.append(",TargInf:");
for ( TargetInfo target : targets)
{
str.append(target);
}
}
str.append("]");
return str.toString();
}
}

324
source/java/org/alfresco/filesys/server/auth/ntlm/Type3NTLMMessage.java Normal file
View File

@@ -0,0 +1,324 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Alfresco Network License. You may obtain a
* copy of the License at
*
* http://www.alfrescosoftware.com/legal/
*
* Please view the license relevant to your network subscription.
*
* BY CLICKING THE "I UNDERSTAND AND ACCEPT" BOX, OR INSTALLING,
* READING OR USING ALFRESCO'S Network SOFTWARE (THE "SOFTWARE"),
* YOU ARE AGREEING ON BEHALF OF THE ENTITY LICENSING THE SOFTWARE
* ("COMPANY") THAT COMPANY WILL BE BOUND BY AND IS BECOMING A PARTY TO
* THIS ALFRESCO NETWORK AGREEMENT ("AGREEMENT") AND THAT YOU HAVE THE
* AUTHORITY TO BIND COMPANY. IF COMPANY DOES NOT AGREE TO ALL OF THE
* TERMS OF THIS AGREEMENT, DO NOT SELECT THE "I UNDERSTAND AND AGREE"
* BOX AND DO NOT INSTALL THE SOFTWARE OR VIEW THE SOURCE CODE. COMPANY
* HAS NOT BECOME A LICENSEE OF, AND IS NOT AUTHORIZED TO USE THE
* SOFTWARE UNLESS AND UNTIL IT HAS AGREED TO BE BOUND BY THESE LICENSE
* TERMS. THE "EFFECTIVE DATE" FOR THIS AGREEMENT SHALL BE THE DAY YOU
* CHECK THE "I UNDERSTAND AND ACCEPT" BOX.
*/
package org.alfresco.filesys.server.auth.ntlm;
import org.alfresco.filesys.util.HexDump;
/**
* Type 3 NTLM Message Class
*
* @author GKSpencer
*/
public class Type3NTLMMessage extends NTLMMessage
{
// Minimal type 3 message length
public static final int MinimalMessageLength = 52;
// Type 2 field offsets
public static final int OffsetLMResponse = 12;
public static final int OffsetNTLMResponse = 20;
public static final int OffsetDomain = 28;
public static final int OffsetUserName = 36;
public static final int OffsetWorkstationName = 44;
public static final int OffsetDataMinimum = 52;
public static final int OffsetSessionKey = 52; // optional
public static final int OffsetFlags = 60; // optional
public static final int OffsetData = 64;
// Flag to indicate if Unicode strings have been negotiated
private boolean m_unicode;
// Data block offset, used to indicate if session key and flags have been specified
private int m_dataOffset = -1;
/**
* Default constructor
*/
public Type3NTLMMessage()
{
super();
}
/**
* Class constructor
*
* @param buf byte[]
*/
public Type3NTLMMessage(byte[] buf)
{
super(buf, 0, buf.length);
}
/**
* Class constructor
*
* @param buf byte[]
* @param offset int
* @param len int
* @param unicode boolean
*/
public Type3NTLMMessage(byte[] buf, int offset, int len, boolean unicode)
{
super(buf, offset, len);
m_unicode = unicode;
}
/**
* Return the flags value
*
* @return int
*/
public int getFlags()
{
return getIntValue(OffsetFlags);
}
/**
* Return the LM password hash
*
* @return byte[]
*/
public final byte[] getLMHash()
{
return getByteValue(OffsetLMResponse);
}
/**
* Return the NTLM password hash
*
* @return byte[]
*/
public final byte[] getNTLMHash()
{
return getByteValue(OffsetNTLMResponse);
}
/**
* Return the domain name
*
* @return String
*/
public final String getDomain()
{
return getStringValue(OffsetDomain, hasFlag(NTLM.FlagNegotiateUnicode));
}
/**
* Return the user name
*
* @return String
*/
public final String getUserName()
{
return getStringValue(OffsetUserName, hasFlag(NTLM.FlagNegotiateUnicode));
}
/**
* Return the workstation name
*
* @return String
*/
public final String getWorkstation()
{
return getStringValue(OffsetWorkstationName, hasFlag(NTLM.FlagNegotiateUnicode));
}
/**
* Determine if the session key has been specified
*
* @return boolean
*/
public final boolean hasSessionKey()
{
return getShortValue(OffsetSessionKey) > 0;
}
/**
* Return the session key, or null if the session key is not present
*
* @return byte[]
*/
public final byte[] getSessionKey()
{
if ( hasSessionKey() == false)
return null;
// Get the session key bytes
return getByteValue(OffsetSessionKey);
}
/**
* Build a type 3 message
*
* @param lmHash byte[]
* @param ntlmHash byte[]
* @param domain String
* @param username String
* @param wksname String
* @param sessKey byte[]
* @param flags int
*/
public final void buildType3(byte[] lmHash, byte[] ntlmHash, String domain, String username, String wksname,
byte[] sessKey, int flags)
{
initializeHeader(NTLM.Type3, 0);
// Set the data offset
int dataOff = OffsetData;
// Pack the domain, user and workstation names
dataOff = setStringValue(OffsetDomain, domain, dataOff, m_unicode);
dataOff = setStringValue(OffsetUserName, username, dataOff, m_unicode);
dataOff = setStringValue(OffsetWorkstationName, wksname, dataOff, m_unicode);
// Pack the LM and NTLM password hashes
dataOff = setByteValue(OffsetLMResponse, lmHash, dataOff);
dataOff = setByteValue(OffsetNTLMResponse, ntlmHash, dataOff);
// Pack the session key
dataOff = setByteValue(OffsetSessionKey, sessKey, dataOff);
// Make sure various flags are set
int typ3flags = NTLM.FlagNegotiateNTLM + NTLM.FlagRequestTarget;
if ( m_unicode)
flags += NTLM.FlagNegotiateUnicode;
// Pack the flags
setIntValue(OffsetFlags, typ3flags);
// Set the message length
setLength(dataOff);
}
/**
* Set the message flags
*
* @param flags int
*/
protected void setFlags(int flags)
{
setIntValue(OffsetFlags, flags);
}
/**
* Find the data block offset
*
* @return int
*/
private final int findDataBlockOffset()
{
// Find the lowest data offset
//
// Check the LM hash
int offset = getByteOffset(OffsetLMResponse);
if ( m_dataOffset == -1 || offset < m_dataOffset)
m_dataOffset = offset;
// Check the NTLM hash
offset = getByteOffset(OffsetNTLMResponse);
if ( offset < m_dataOffset)
m_dataOffset = offset;
// Check the domain name
offset = getStringOffset(OffsetDomain);
if ( offset < m_dataOffset)
m_dataOffset = offset;
// Check the user name
offset = getStringOffset(OffsetUserName);
if ( offset < m_dataOffset)
m_dataOffset = offset;
// Check the workstation
offset = getStringOffset(OffsetWorkstationName);
if ( offset < m_dataOffset)
m_dataOffset = offset;
// Return the new data offset
return m_dataOffset;
}
/**
* Return the type 3 message as a string
*
* @return String
*/
public String toString()
{
StringBuilder str = new StringBuilder();
str.append("[Type3:");
str.append(",LM:");
if ( getLMHash() != null)
str.append(HexDump.hexString(getLMHash()));
else
str.append("<Null>");
str.append(",NTLM:");
if ( getNTLMHash() != null)
str.append(HexDump.hexString(getNTLMHash()));
else
str.append("<Null>");
str.append(",Dom:");
str.append(getDomain());
str.append(",User:");
str.append(getUserName());
str.append(",Wks:");
str.append(getWorkstation());
if ( hasSessionKey())
{
str.append(",SessKey:");
str.append(HexDump.hexString(getSessionKey()));
str.append(",Flags:0x");
str.append(Integer.toHexString(getFlags()));
}
str.append("]");
return str.toString();
}
}