NtlmHipergateFilter


1   package com.knowgate.jcifs.http;
2   
3   import java.io.IOException  ;
4   
5   import javax.servlet.ServletRequest  ;
6   import javax.servlet.ServletResponse  ;
7   import javax.servlet.ServletException  ;
8   import javax.servlet.FilterChain  ;
9   
10  import javax.servlet.http.*;
11  
12  import com.knowgate.jcifs.Config;
13  import com.knowgate.jcifs.UniAddress;
14  import com.knowgate.jcifs.smb.SmbSession;
15  import com.knowgate.jcifs.smb.NtlmPasswordAuthentication;
16  import com.knowgate.jcifs.smb.SmbAuthException;
17  import com.knowgate.jcifs.netbios.NbtAddress;
18  
19  import com.knowgate.debug.DebugFile;
20  import com.knowgate.misc.Base64Decoder;
21  import com.knowgate.http.Cookies;
22  import com.knowgate.acl.ACL;
23  import com.knowgate.misc.Gadgets;
24  
25  /**
26   * @author Sergio Montoro Ten
27   * @version 0.9.1
28   */
29  
30  public class NtlmHipergateFilter extends NtlmHttpFilter {
31  
32    public NtlmHipergateFilter() { }
33  
34    public void doFilter( ServletRequest   request,ServletResponse   response, FilterChain   chain )
35        throws IOException  , ServletException   {
36  
37        NtlmPasswordAuthentication ntlm = null;
38        HttpServletRequest req = (HttpServletRequest)request;
39        HttpServletResponse resp = (HttpServletResponse)response;
40  
41        String   msg = req.getHeader( "Authorization" );
42  
43        if (DebugFile.trace) DebugFile.writeln("NtlmHipergateFilter Authorization=" + msg);
44  
45        UniAddress dc;
46        String   user = "", password = "", domain = "";
47  
48        boolean offerBasic = enableBasic && (insecureBasic || req.isSecure());
49  
50        if (DebugFile.trace) DebugFile.writeln("offerBasic=" + String.valueOf(offerBasic));
51  
52        if( msg != null && (msg.startsWith( "NTLM " ) || (offerBasic && msg.startsWith("Basic ")))) {
53            if( loadBalance ) {
54                if (DebugFile.trace) DebugFile.writeln("new UniAddress(" + NbtAddress.getByName( domainController, 0x1C, null ) + ")");
55                dc = new UniAddress( NbtAddress.getByName( domainController, 0x1C, null ));
56            } else {
57                if (DebugFile.trace) DebugFile.writeln("UniAddress.getByName( " + domainController + ", true)");
58                dc = UniAddress.getByName( domainController, true );
59            }
60  
61            if (msg.startsWith("NTLM ")) {
62                req.getSession();
63                byte[] challenge = SmbSession.getChallenge( dc );
64  
65  
66                if (( ntlm = NtlmSsp.authenticate( req, resp, challenge )) == null ) {
67                    if (DebugFile.trace) DebugFile.writeln("NtlmPasswordAuthentication = null");
68                    return;
69                }
70            } else {
71                String   auth = new String   (Base64Decoder.decodeToBytes(msg.substring(6)), "US-ASCII");
72  
73                int index = auth.indexOf(':');
74  
75                user = (index != -1) ? auth.substring(0, index) : auth;
76  
77                if (DebugFile.trace) DebugFile.writeln("user=" + user);
78  
79                password = (index != -1) ? auth.substring(index + 1) : "";
80  
81                index = user.indexOf('\\');
82                if (index == -1) index = user.indexOf('/');
83                domain = (index != -1) ? user.substring(0, index) : defaultDomain;
84  
85                if (DebugFile.trace) DebugFile.writeln("domain=" + domain);
86  
87                user = (index != -1) ? user.substring(index + 1) : user;
88  
89                ntlm = new NtlmPasswordAuthentication(domain, user, password);
90  
91            } // fi (msg.startsWith("NTLM "))
92  
93            try {
94                if (DebugFile.trace && (dc!=null) && (ntlm!=null))
95                  DebugFile.writeln("SmbSession.logon(" + dc.toString() + "," + ntlm.toString());
96  
97                SmbSession.logon( dc, ntlm );
98  
99            } catch( SmbAuthException sae ) {
100               if (DebugFile.trace) DebugFile.writeln("SmbAuthException" + Gadgets.toHexString(sae.getNtStatus(), 8) + " " + sae.getMessage());
101 
102               if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) {
103                   /* Server challenge no longer valid for
104                    * externally supplied password hashes.
105                    */
106                   HttpSession ssn = req.getSession(false);
107                   if (ssn != null) {
108                       ssn.removeAttribute( "NtlmHttpAuth" );
109                   }
110 
111                   if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.sendRedirect(" + req.getRequestURL().toString() + ")");
112 
113                   resp.sendRedirect( req.getRequestURL().toString() );
114                   return;
115               }
116               if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.setHeader(WWW-Authenticate, NTLM)");
117 
118               resp.setHeader( "WWW-Authenticate", "NTLM" );
119               if (offerBasic) {
120                   resp.addHeader( "WWW-Authenticate", "Basic realm=\"" + realm + "\"");
121               }
122               resp.setHeader( "Connection", "close" );
123               resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
124               resp.flushBuffer();
125               return;
126           }
127 
128           if (DebugFile.trace) DebugFile.writeln("HttpServletRequest.getSession().setAttribute(NtlmHttpAuth, " + ntlm.toString() + ")");
129 
130           req.getSession().setAttribute( "NtlmHttpAuth", ntlm );
131 
132           if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.addCookie(domainnm, " + ntlm.getDomain().toUpperCase() + ")");
133           if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.addCookie(nickname, " + ntlm.getUsername() + ")");
134 
135           resp.addCookie(new Cookie("domainnm", ntlm.getDomain().toUpperCase()));
136           resp.addCookie(new Cookie("NickCookie", ntlm.getUsername()));
137           resp.addCookie(new Cookie("authstr", ntlm.getPassword()));
138 
139       } else {
140           if (DebugFile.trace) DebugFile.writeln("HttpSession = HttpServletRequest.getSession(false)");
141 
142           HttpSession ssn = req.getSession(false);
143 
144           if (ssn == null || (ntlm = (NtlmPasswordAuthentication) ssn.getAttribute("NtlmHttpAuth")) == null) {
145 
146               resp.setHeader( "WWW-Authenticate", "NTLM" );
147 
148               if (DebugFile.trace) DebugFile.writeln("offerBasic=" + String.valueOf(offerBasic));
149 
150               if (offerBasic) {
151                 resp.addHeader( "WWW-Authenticate", "Basic realm=\"" + realm + "\"");
152               }
153 
154               resp.setHeader( "Connection", "close" );
155               resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
156               resp.flushBuffer();
157               return;
158           }
159       }
160 
161       if (DebugFile.trace) DebugFile.writeln("FilterChain.doFilter(NtlmHttpServletRequest, HttpServletResponse)");
162 
163       chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response );
164   }
165 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags