jdk-sandbox: jdk/src/share/classes/com/sun/security/ntlm/Server.java@e150cbaf584e (annotated)

6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	1	/*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	2	* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	4	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	10	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	15	* accompanied this code).
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	16	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	20	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	23	* questions.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	24	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	25
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	26	package com.sun.security.ntlm;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	27
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	28	import java.util.Arrays;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	29	import java.util.Locale;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	30
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	31	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	32	* The NTLM server, not multi-thread enabled.<p>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	33	* Example:
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	34	* <pre>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	35	* Server server = new Server(null, "REALM") {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	36	* public char[] getPassword(String ntdomain, String username) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	37	* switch (username) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	38	* case "dummy": return "t0pSeCr3t".toCharArray();
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	39	* case "guest": return "".toCharArray();
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	40	* default: return null;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	41	* }
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	42	* }
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	43	* };
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	44	* // Receive client request as type1
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	45	* byte[] type2 = server.type2(type1, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	46	* // Send type2 to client and receive type3
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	47	* verify(type3, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	48	* </pre>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	49	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	50	public abstract class Server extends NTLM {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	51	final private String domain;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	52	final private boolean allVersion;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	53	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	54	* Creates a Server instance.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	55	* @param version the NTLM version to use, which can be:
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	56	* <ul>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	57	* <li>NTLM: Original NTLM v1
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	58	* <li>NTLM2: NTLM v1 with Client Challenge
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	59	* <li>NTLMv2: NTLM v2
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	60	* </ul>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	61	* If null, all versions will be supported. Please note that unless NTLM2
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	62	* is selected, authentication succeeds if one of LM (or LMv2) or
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	63	* NTLM (or NTLMv2) is verified.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	64	* @param domain the domain, must not be null
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	65	* @throws NTLMException if {@code domain} is null.
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	66	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	67	public Server(String version, String domain) throws NTLMException {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	68	super(version);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	69	if (domain == null) {
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	70	throw new NTLMException(NTLMException.PROTOCOL,
7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	71	"domain cannot be null");
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	72	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	73	this.allVersion = (version == null);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	74	this.domain = domain;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	75	debug("NTLM Server: (t,version) = (%s,%s)\n", domain, version);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	76	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	77
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	78	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	79	* Generates the Type 2 message
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	80	* @param type1 the Type1 message received, must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	81	* @param nonce the random 8-byte array to be used in message generation,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	82	* must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	83	* @return the message generated
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	84	* @throws NTLMException if the incoming message is invalid, or
7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	85	* {@code nonce} is null.
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	86	*/
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	87	public byte[] type2(byte[] type1, byte[] nonce) throws NTLMException {
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	88	if (nonce == null) {
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	89	throw new NTLMException(NTLMException.PROTOCOL,
7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	90	"nonce cannot be null");
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	91	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	92	debug("NTLM Server: Type 1 received\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	93	if (type1 != null) debug(type1);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	94	Writer p = new Writer(2, 32);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	95	int flags = 0x80205;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	96	p.writeSecurityBuffer(12, domain, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	97	p.writeInt(20, flags);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	98	p.writeBytes(24, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	99	debug("NTLM Server: Type 2 created\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	100	debug(p.getBytes());
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	101	return p.getBytes();
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	102	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	103
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	104	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	105	* Verifies the Type3 message received from client and returns
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	106	* various negotiated information.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	107	* @param type3 the incoming Type3 message from client, must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	108	* @param nonce the same nonce provided in {@link #type2}, must not be null
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: 10348 diff changeset	109	* @return client username, client hostname, and the request target
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	110	* @throws NTLMException if the incoming message is invalid, or
7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	111	* {@code nonce} is null.
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	112	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	113	public String[] verify(byte[] type3, byte[] nonce)
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	114	throws NTLMException {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	115	if (type3 == null \|\| nonce == null) {
10348 7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	116	throw new NTLMException(NTLMException.PROTOCOL,
7d1a82029332 7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method weijun parents: 6517 diff changeset	117	"type1 or nonce cannot be null");
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	118	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	119	debug("NTLM Server: Type 3 received\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	120	if (type3 != null) debug(type3);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	121	Reader r = new Reader(type3);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	122	String username = r.readSecurityBuffer(36, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	123	String hostname = r.readSecurityBuffer(44, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	124	String incomingDomain = r.readSecurityBuffer(28, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	125	/*if (incomingDomain != null && !incomingDomain.equals(domain)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	126	throw new NTLMException(NTLMException.DOMAIN_UNMATCH,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	127	"Wrong domain: " + incomingDomain +
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	128	" vs " + domain); // Needed?
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	129	}*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	130	boolean verified = false;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	131	char[] password = getPassword(domain, username);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	132	if (password == null) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	133	throw new NTLMException(NTLMException.USER_UNKNOWN,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	134	"Unknown user");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	135	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	136	byte[] incomingLM = r.readSecurityBuffer(12);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	137	byte[] incomingNTLM = r.readSecurityBuffer(20);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	138
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	139	if (!verified && (allVersion \|\| v == Version.NTLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	140	if (incomingLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	141	byte[] pw1 = getP1(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	142	byte[] lmhash = calcLMHash(pw1);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	143	byte[] lmresponse = calcResponse (lmhash, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	144	if (Arrays.equals(lmresponse, incomingLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	145	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	146	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	147	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	148	if (incomingNTLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	149	byte[] pw2 = getP2(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	150	byte[] nthash = calcNTHash(pw2);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	151	byte[] ntresponse = calcResponse (nthash, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	152	if (Arrays.equals(ntresponse, incomingNTLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	153	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	154	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	155	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	156	debug("NTLM Server: verify using NTLM: " + verified + "\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	157	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	158	if (!verified && (allVersion \|\| v == Version.NTLM2)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	159	byte[] pw2 = getP2(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	160	byte[] nthash = calcNTHash(pw2);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	161	byte[] clientNonce = Arrays.copyOf(incomingLM, 8);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	162	byte[] ntlmresponse = ntlm2NTLM(nthash, clientNonce, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	163	if (Arrays.equals(incomingNTLM, ntlmresponse)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	164	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	165	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	166	debug("NTLM Server: verify using NTLM2: " + verified + "\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	167	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	168	if (!verified && (allVersion \|\| v == Version.NTLMv2)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	169	byte[] pw2 = getP2(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	170	byte[] nthash = calcNTHash(pw2);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	171	if (incomingLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	172	byte[] clientNonce = Arrays.copyOfRange(
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	173	incomingLM, 16, incomingLM.length);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	174	byte[] lmresponse = calcV2(nthash,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	175	username.toUpperCase(Locale.US)+incomingDomain,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	176	clientNonce, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	177	if (Arrays.equals(lmresponse, incomingLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	178	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	179	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	180	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	181	if (incomingNTLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	182	byte[] clientBlob = Arrays.copyOfRange(
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	183	incomingNTLM, 16, incomingNTLM.length);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	184	byte[] ntlmresponse = calcV2(nthash,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	185	username.toUpperCase(Locale.US)+incomingDomain,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	186	clientBlob, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	187	if (Arrays.equals(ntlmresponse, incomingNTLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	188	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	189	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	190	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	191	debug("NTLM Server: verify using NTLMv2: " + verified + "\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	192	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	193	if (!verified) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	194	throw new NTLMException(NTLMException.AUTH_FAILED,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	195	"None of LM and NTLM verified");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	196	}
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: 10348 diff changeset	197	return new String[] {username, hostname, incomingDomain};
6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	198	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	199
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	200	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	201	* Retrieves the password for a given user. This method should be
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	202	* overridden in a concrete class.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	203	* @param domain can be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	204	* @param username must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	205	* @return the password for the user, or null if unknown
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	206	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	207	public abstract char[] getPassword(String domain, String username);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	208	}

author	weijun
	Fri, 02 Nov 2012 10:48:04 +0800
changeset 14340	e150cbaf584e
parent 10348	7d1a82029332
child 14342	8435a30053c1
permissions	-rw-r--r--