KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > knowgate > jcifs > smb > SmbSession


1 /* jcifs smb client library in Java
2  * Copyright (C) 2000 "Michael B. Allen" <jcifs at samba dot org>
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  */
18
19 package com.knowgate.jcifs.smb;
20
21 import java.util.Vector JavaDoc;
22 import java.util.Enumeration JavaDoc;
23 import java.net.InetAddress JavaDoc;
24 import java.net.UnknownHostException JavaDoc;
25
26 import com.knowgate.jcifs.Config;
27 import com.knowgate.jcifs.UniAddress;
28 import com.knowgate.debug.*;
29
30 /**
31  * The class represents a user's session established with an SMB/CIFS
32  * server. This class is used internally to the jCIFS library however
33  * applications may wish to authenticate aribrary user credentials
34  * with the <tt>logon</tt> method. It is noteworthy that jCIFS does not
35  * support DCE/RPC at this time and therefore does not use the NETLOGON
36  * procedure. Instead, it simply performs a "tree connect" to IPC$ using
37  * the supplied credentials. This is only a subset of the NETLOGON procedure
38  * but is achives the same effect.
39
40 Note that it is possible to change the resource against which clients
41 are authenticated to be something other than <tt>IPC$</tt> using the
42 <tt>jcifs.smb.client.logonShare</tt> property. This can be used to
43 provide simple group based access control. For example, one could setup
44 the NTLM HTTP Filter with the <tt>jcifs.smb.client.domainController</tt>
45 init parameter set to the name of the server used for authentication. On
46 that host, create a share called JCIFSAUTH and adjust the access control
47 list for that share to permit only the clients that should have access to
48 the target website. Finally, set the <tt>jcifs.smb.client.logonShare</tt>
49 to JCIFSAUTH. This should restrict access to only those clients that have
50 access to the JCIFSAUTH share. The access control on that share can be
51 changed without changing init parameters or reinitializing the webapp.
52  */
53
54 public final class SmbSession {
55
56     private static final String JavaDoc LOGON_SHARE = Config.getProperty( "jcifs.smb.client.logonShare", "IPC$" );
57
58     public static byte[] getChallenge( UniAddress dc )
59                 throws SmbException, UnknownHostException JavaDoc {
60         SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
61         trans.negotiate();
62         return trans.server.encryptionKey;
63     }
64 /**
65  * Authenticate arbitrary credentials represented by the
66  * <tt>NtlmPasswordAuthentication</tt> object against the domain controller
67  * specified by the <tt>UniAddress</tt> parameter. If the credentials are
68  * not accepted, an <tt>SmbAuthException</tt> will be thrown. If an error
69  * occurs an <tt>SmbException</tt> will be thrown. If the credentials are
70  * valid, the method will return without throwing an exception. See the
71  * last <a HREF="../../../../FAQ.html">FAQ</a> question.
72  *
73  * See also the <tt>jcifs.smb.client.logonShare</tt> property.
74  */
75     public static void logon( UniAddress dc,
76                         NtlmPasswordAuthentication auth ) throws SmbException {
77         SmbTransport.getSmbTransport( dc, 0 ).getSmbSession( auth ).getSmbTree( LOGON_SHARE, null ).treeConnect( null, null );
78     }
79
80     private int uid;
81     private Vector JavaDoc trees;
82     private boolean sessionSetup;
83     // Transport parameters allows trans to be removed from CONNECTIONS
84 private UniAddress address;
85     private int port, localPort;
86     private InetAddress JavaDoc localAddr;
87
88     SmbTransport transport = SmbTransport.NULL_TRANSPORT;
89     NtlmPasswordAuthentication auth;
90
91     SmbSession( UniAddress address, int port,
92                 InetAddress JavaDoc localAddr, int localPort,
93                 NtlmPasswordAuthentication auth ) {
94         this.address = address;
95         this.port = port;
96         this.localAddr = localAddr;
97         this.localPort = localPort;
98         this.auth = auth;
99         trees = new Vector JavaDoc();
100     }
101
102     synchronized SmbTree getSmbTree( String JavaDoc share, String JavaDoc service ) {
103         SmbTree t;
104
105         if( share == null ) {
106             share = "IPC$";
107         }
108         for( Enumeration JavaDoc e = trees.elements(); e.hasMoreElements(); ) {
109             t = (SmbTree)e.nextElement();
110             if( t.matches( share, service )) {
111                 return t;
112             }
113         }
114         t = new SmbTree( this, share, service );
115         trees.addElement( t );
116         return t;
117     }
118     boolean matches( NtlmPasswordAuthentication auth ) {
119         return this.auth == auth || this.auth.equals( auth );
120     }
121     synchronized SmbTransport transport() throws SmbException {
122         if( transport == SmbTransport.NULL_TRANSPORT ) {
123             transport = SmbTransport.getSmbTransport( address, port, localAddr, localPort );
124         }
125         return transport;
126     }
127     void sendTransaction( SmbComTransaction request,
128                             SmbComTransactionResponse response ) throws SmbException {
129         // transactions are not batchable
130 sessionSetup( null, null );
131         request.uid = uid;
132         request.auth = auth;
133         transport().sendTransaction( request, response );
134     }
135     void send( ServerMessageBlock request,
136                             ServerMessageBlock response ) throws SmbException {
137         if( response != null ) {
138             response.received = false;
139         }
140         sessionSetup( request, response );
141         if( response != null && response.received ) {
142             return;
143         }
144         request.uid = uid;
145         request.auth = auth;
146         transport().send( request, response );
147     }
148     void sessionSetup( ServerMessageBlock andx,
149                             ServerMessageBlock andxResponse ) throws SmbException {
150
151 synchronized( transport() ) {
152         if( sessionSetup ) {
153             return;
154         }
155
156         transport.negotiate();
157
158         /*
159          * Session Setup And X Request / Response
160          */
161
162         if( DebugFile.trace )
163             DebugFile.writeln( "sessionSetup: accountName=" + auth.username + ",primaryDomain=" + auth.domain );
164
165         SmbComSessionSetupAndX request = new SmbComSessionSetupAndX( this, andx );
166         SmbComSessionSetupAndXResponse response = new SmbComSessionSetupAndXResponse( andxResponse );
167
168         /* Create SMB signature digest if necessary
169          * Only the first SMB_COM_SESSION_SETUP_ANX with creds other than NULL initializes signing.
170          */
171         if( transport.isSignatureSetupRequired( auth )) {
172             if( auth.hashesExternal && NtlmPasswordAuthentication.DEFAULT_PASSWORD != null ) {
173                 /* preauthentication
174                  */
175                 transport.getSmbSession( NtlmPasswordAuthentication.DEFAULT ).getSmbTree( LOGON_SHARE, null ).treeConnect( null, null );
176             }
177             request.digest = new SigningDigest( transport, auth );
178         }
179
180         request.auth = auth;
181         transport.send( request, response );
182
183         if( response.isLoggedInAsGuest && "GUEST".equals( auth.username )) {
184             throw new SmbAuthException( NtStatus.NT_STATUS_LOGON_FAILURE );
185         }
186
187         uid = response.uid;
188         sessionSetup = true;
189
190         if( request.digest != null ) {
191             /* success - install the signing digest */
192             transport.digest = request.digest;
193         }
194 }
195     }
196     void logoff( boolean inError ) {
197 synchronized( transport ) {
198         try {
199             if( sessionSetup == false ) {
200                 return;
201             }
202
203             for( Enumeration JavaDoc e = trees.elements(); e.hasMoreElements(); ) {
204                 SmbTree t = (SmbTree)e.nextElement();
205                 t.treeDisconnect( inError );
206             }
207
208             if( transport.server.security == ServerMessageBlock.SECURITY_SHARE ) {
209                 return;
210             }
211
212             if( !inError ) {
213
214                 /*
215                  * Logoff And X Request / Response
216                  */
217
218                 SmbComLogoffAndX request = new SmbComLogoffAndX( null );
219                 request.uid = uid;
220                 try {
221                     transport.send( request, null );
222                 } catch( SmbException se ) {
223                 }
224             }
225             sessionSetup = false;
226         } finally {
227             transport = SmbTransport.NULL_TRANSPORT;
228         }
229 }
230     }
231     public String JavaDoc toString() {
232         return "SmbSession[accountName=" + auth.username +
233                 ",primaryDomain=" + auth.domain +
234                 ",uid=" + uid +
235                 ",sessionSetup=" + sessionSetup + "]";
236     }
237 }
238
Popular Tags