1 package com.knowgate.jcifs.http; 2 3 import java.io.IOException ; 4 5 import javax.servlet.ServletRequest ; 6 import javax.servlet.ServletResponse ; 7 import javax.servlet.ServletException ; 8 import javax.servlet.FilterChain ; 9 10 import javax.servlet.http.*; 11 12 import com.knowgate.jcifs.Config; 13 import com.knowgate.jcifs.UniAddress; 14 import com.knowgate.jcifs.smb.SmbSession; 15 import com.knowgate.jcifs.smb.NtlmPasswordAuthentication; 16 import com.knowgate.jcifs.smb.SmbAuthException; 17 import com.knowgate.jcifs.netbios.NbtAddress; 18 19 import com.knowgate.debug.DebugFile; 20 import com.knowgate.misc.Base64Decoder; 21 import com.knowgate.http.Cookies; 22 import com.knowgate.acl.ACL; 23 import com.knowgate.misc.Gadgets; 24 25 29 30 public class NtlmHipergateFilter extends NtlmHttpFilter { 31 32 public NtlmHipergateFilter() { } 33 34 public void doFilter( ServletRequest request,ServletResponse response, FilterChain chain ) 35 throws IOException , ServletException { 36 37 NtlmPasswordAuthentication ntlm = null; 38 HttpServletRequest req = (HttpServletRequest)request; 39 HttpServletResponse resp = (HttpServletResponse)response; 40 41 String msg = req.getHeader( "Authorization" ); 42 43 if (DebugFile.trace) DebugFile.writeln("NtlmHipergateFilter Authorization=" + msg); 44 45 UniAddress dc; 46 String user = "", password = "", domain = ""; 47 48 boolean offerBasic = enableBasic && (insecureBasic || req.isSecure()); 49 50 if (DebugFile.trace) DebugFile.writeln("offerBasic=" + String.valueOf(offerBasic)); 51 52 if( msg != null && (msg.startsWith( "NTLM " ) || (offerBasic && msg.startsWith("Basic ")))) { 53 if( loadBalance ) { 54 if (DebugFile.trace) DebugFile.writeln("new UniAddress(" + NbtAddress.getByName( domainController, 0x1C, null ) + ")"); 55 dc = new UniAddress( NbtAddress.getByName( domainController, 0x1C, null )); 56 } else { 57 if (DebugFile.trace) DebugFile.writeln("UniAddress.getByName( " + domainController + ", true)"); 58 dc = UniAddress.getByName( domainController, true ); 59 } 60 61 if (msg.startsWith("NTLM ")) { 62 req.getSession(); 63 byte[] challenge = SmbSession.getChallenge( dc ); 64 65 66 if (( ntlm = NtlmSsp.authenticate( req, resp, challenge )) == null ) { 67 if (DebugFile.trace) DebugFile.writeln("NtlmPasswordAuthentication = null"); 68 return; 69 } 70 } else { 71 String auth = new String (Base64Decoder.decodeToBytes(msg.substring(6)), "US-ASCII"); 72 73 int index = auth.indexOf(':'); 74 75 user = (index != -1) ? auth.substring(0, index) : auth; 76 77 if (DebugFile.trace) DebugFile.writeln("user=" + user); 78 79 password = (index != -1) ? auth.substring(index + 1) : ""; 80 81 index = user.indexOf('\\'); 82 if (index == -1) index = user.indexOf('/'); 83 domain = (index != -1) ? user.substring(0, index) : defaultDomain; 84 85 if (DebugFile.trace) DebugFile.writeln("domain=" + domain); 86 87 user = (index != -1) ? user.substring(index + 1) : user; 88 89 ntlm = new NtlmPasswordAuthentication(domain, user, password); 90 91 } 93 try { 94 if (DebugFile.trace && (dc!=null) && (ntlm!=null)) 95 DebugFile.writeln("SmbSession.logon(" + dc.toString() + "," + ntlm.toString()); 96 97 SmbSession.logon( dc, ntlm ); 98 99 } catch( SmbAuthException sae ) { 100 if (DebugFile.trace) DebugFile.writeln("SmbAuthException" + Gadgets.toHexString(sae.getNtStatus(), 8) + " " + sae.getMessage()); 101 102 if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) { 103 106 HttpSession ssn = req.getSession(false); 107 if (ssn != null) { 108 ssn.removeAttribute( "NtlmHttpAuth" ); 109 } 110 111 if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.sendRedirect(" + req.getRequestURL().toString() + ")"); 112 113 resp.sendRedirect( req.getRequestURL().toString() ); 114 return; 115 } 116 if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.setHeader(WWW-Authenticate, NTLM)"); 117 118 resp.setHeader( "WWW-Authenticate", "NTLM" ); 119 if (offerBasic) { 120 resp.addHeader( "WWW-Authenticate", "Basic realm=\"" + realm + "\""); 121 } 122 resp.setHeader( "Connection", "close" ); 123 resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED ); 124 resp.flushBuffer(); 125 return; 126 } 127 128 if (DebugFile.trace) DebugFile.writeln("HttpServletRequest.getSession().setAttribute(NtlmHttpAuth, " + ntlm.toString() + ")"); 129 130 req.getSession().setAttribute( "NtlmHttpAuth", ntlm ); 131 132 if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.addCookie(domainnm, " + ntlm.getDomain().toUpperCase() + ")"); 133 if (DebugFile.trace) DebugFile.writeln("HttpServletResponse.addCookie(nickname, " + ntlm.getUsername() + ")"); 134 135 resp.addCookie(new Cookie("domainnm", ntlm.getDomain().toUpperCase())); 136 resp.addCookie(new Cookie("NickCookie", ntlm.getUsername())); 137 resp.addCookie(new Cookie("authstr", ntlm.getPassword())); 138 139 } else { 140 if (DebugFile.trace) DebugFile.writeln("HttpSession = HttpServletRequest.getSession(false)"); 141 142 HttpSession ssn = req.getSession(false); 143 144 if (ssn == null || (ntlm = (NtlmPasswordAuthentication) ssn.getAttribute("NtlmHttpAuth")) == null) { 145 146 resp.setHeader( "WWW-Authenticate", "NTLM" ); 147 148 if (DebugFile.trace) DebugFile.writeln("offerBasic=" + String.valueOf(offerBasic)); 149 150 if (offerBasic) { 151 resp.addHeader( "WWW-Authenticate", "Basic realm=\"" + realm + "\""); 152 } 153 154 resp.setHeader( "Connection", "close" ); 155 resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED ); 156 resp.flushBuffer(); 157 return; 158 } 159 } 160 161 if (DebugFile.trace) DebugFile.writeln("FilterChain.doFilter(NtlmHttpServletRequest, HttpServletResponse)"); 162 163 chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response ); 164 } 165 } | Popular Tags |