jdk-sandbox: jdk/src/share/classes/com/sun/security/ntlm/Server.java@151856936fd8 (annotated)

6517 151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	1	/*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	2	* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	4	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	10	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	15	* accompanied this code).
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	16	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	20	*
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	23	* questions.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	24	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	25
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	26	package com.sun.security.ntlm;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	27
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	28	import java.util.Arrays;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	29	import java.util.Locale;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	30
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	31	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	32	* The NTLM server, not multi-thread enabled.<p>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	33	* Example:
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	34	* <pre>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	35	* Server server = new Server(null, "REALM") {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	36	* public char[] getPassword(String ntdomain, String username) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	37	* switch (username) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	38	* case "dummy": return "t0pSeCr3t".toCharArray();
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	39	* case "guest": return "".toCharArray();
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	40	* default: return null;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	41	* }
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	42	* }
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	43	* };
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	44	* // Receive client request as type1
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	45	* byte[] type2 = server.type2(type1, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	46	* // Send type2 to client and receive type3
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	47	* verify(type3, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	48	* </pre>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	49	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	50	public abstract class Server extends NTLM {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	51	final private String domain;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	52	final private boolean allVersion;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	53	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	54	* Creates a Server instance.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	55	* @param version the NTLM version to use, which can be:
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	56	* <ul>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	57	* <li>NTLM: Original NTLM v1
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	58	* <li>NTLM2: NTLM v1 with Client Challenge
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	59	* <li>NTLMv2: NTLM v2
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	60	* </ul>
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	61	* If null, all versions will be supported. Please note that unless NTLM2
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	62	* is selected, authentication succeeds if one of LM (or LMv2) or
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	63	* NTLM (or NTLMv2) is verified.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	64	* @param domain the domain, must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	65	* @throws NullPointerException if {@code domain} is null.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	66	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	67	public Server(String version, String domain) throws NTLMException {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	68	super(version);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	69	if (domain == null) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	70	throw new NullPointerException("domain cannot be null");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	71	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	72	this.allVersion = (version == null);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	73	this.domain = domain;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	74	debug("NTLM Server: (t,version) = (%s,%s)\n", domain, version);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	75	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	76
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	77	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	78	* Generates the Type 2 message
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	79	* @param type1 the Type1 message received, must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	80	* @param nonce the random 8-byte array to be used in message generation,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	81	* must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	82	* @return the message generated
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	83	* @throws NullPointerException if type1 or nonce is null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	84	* @throws NTLMException if the incoming message is invalid
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	85	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	86	public byte[] type2(byte[] type1, byte[] nonce) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	87	if (nonce == null) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	88	throw new NullPointerException("nonce cannot be null");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	89	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	90	debug("NTLM Server: Type 1 received\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	91	if (type1 != null) debug(type1);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	92	Writer p = new Writer(2, 32);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	93	int flags = 0x80205;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	94	p.writeSecurityBuffer(12, domain, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	95	p.writeInt(20, flags);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	96	p.writeBytes(24, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	97	debug("NTLM Server: Type 2 created\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	98	debug(p.getBytes());
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	99	return p.getBytes();
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	100	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	101
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	102	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	103	* Verifies the Type3 message received from client and returns
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	104	* various negotiated information.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	105	* @param type3 the incoming Type3 message from client, must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	106	* @param nonce the same nonce provided in {@link #type2}, must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	107	* @return username and hostname of the client in a byte array
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	108	* @throws NullPointerException if {@code type3} or {@code nonce} is null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	109	* @throws NTLMException if the incoming message is invalid
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	110	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	111	public String[] verify(byte[] type3, byte[] nonce)
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	112	throws NTLMException {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	113	if (type3 == null \|\| nonce == null) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	114	throw new NullPointerException("type1 or nonce cannot be null");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	115	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	116	debug("NTLM Server: Type 3 received\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	117	if (type3 != null) debug(type3);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	118	Reader r = new Reader(type3);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	119	String username = r.readSecurityBuffer(36, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	120	String hostname = r.readSecurityBuffer(44, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	121	String incomingDomain = r.readSecurityBuffer(28, true);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	122	/*if (incomingDomain != null && !incomingDomain.equals(domain)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	123	throw new NTLMException(NTLMException.DOMAIN_UNMATCH,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	124	"Wrong domain: " + incomingDomain +
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	125	" vs " + domain); // Needed?
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	126	}*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	127	boolean verified = false;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	128	char[] password = getPassword(domain, username);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	129	if (password == null) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	130	throw new NTLMException(NTLMException.USER_UNKNOWN,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	131	"Unknown user");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	132	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	133	byte[] incomingLM = r.readSecurityBuffer(12);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	134	byte[] incomingNTLM = r.readSecurityBuffer(20);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	135
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	136	if (!verified && (allVersion \|\| v == Version.NTLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	137	if (incomingLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	138	byte[] pw1 = getP1(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	139	byte[] lmhash = calcLMHash(pw1);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	140	byte[] lmresponse = calcResponse (lmhash, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	141	if (Arrays.equals(lmresponse, incomingLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	142	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	143	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	144	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	145	if (incomingNTLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	146	byte[] pw2 = getP2(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	147	byte[] nthash = calcNTHash(pw2);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	148	byte[] ntresponse = calcResponse (nthash, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	149	if (Arrays.equals(ntresponse, incomingNTLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	150	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	151	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	152	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	153	debug("NTLM Server: verify using NTLM: " + verified + "\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	154	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	155	if (!verified && (allVersion \|\| v == Version.NTLM2)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	156	byte[] pw2 = getP2(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	157	byte[] nthash = calcNTHash(pw2);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	158	byte[] clientNonce = Arrays.copyOf(incomingLM, 8);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	159	byte[] ntlmresponse = ntlm2NTLM(nthash, clientNonce, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	160	if (Arrays.equals(incomingNTLM, ntlmresponse)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	161	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	162	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	163	debug("NTLM Server: verify using NTLM2: " + verified + "\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	164	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	165	if (!verified && (allVersion \|\| v == Version.NTLMv2)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	166	byte[] pw2 = getP2(password);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	167	byte[] nthash = calcNTHash(pw2);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	168	if (incomingLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	169	byte[] clientNonce = Arrays.copyOfRange(
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	170	incomingLM, 16, incomingLM.length);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	171	byte[] lmresponse = calcV2(nthash,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	172	username.toUpperCase(Locale.US)+incomingDomain,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	173	clientNonce, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	174	if (Arrays.equals(lmresponse, incomingLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	175	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	176	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	177	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	178	if (incomingNTLM.length > 0) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	179	byte[] clientBlob = Arrays.copyOfRange(
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	180	incomingNTLM, 16, incomingNTLM.length);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	181	byte[] ntlmresponse = calcV2(nthash,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	182	username.toUpperCase(Locale.US)+incomingDomain,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	183	clientBlob, nonce);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	184	if (Arrays.equals(ntlmresponse, incomingNTLM)) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	185	verified = true;
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	186	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	187	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	188	debug("NTLM Server: verify using NTLMv2: " + verified + "\n");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	189	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	190	if (!verified) {
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	191	throw new NTLMException(NTLMException.AUTH_FAILED,
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	192	"None of LM and NTLM verified");
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	193	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	194	return new String[] {username, hostname};
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	195	}
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	196
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	197	/**
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	198	* Retrieves the password for a given user. This method should be
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	199	* overridden in a concrete class.
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	200	* @param domain can be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	201	* @param username must not be null
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	202	* @return the password for the user, or null if unknown
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	203	*/
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	204	public abstract char[] getPassword(String domain, String username);
151856936fd8 6911951: NTLM should be a supported Java SASL mechanism weijun parents: diff changeset	205	}

author	weijun
	Mon, 30 Aug 2010 14:37:43 +0800
changeset 6517	151856936fd8
child 10348	7d1a82029332
permissions	-rw-r--r--