KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > alfresco > filesys > server > auth > LocalAuthenticator


1 /*
2  * Copyright (C) 2005 Alfresco, Inc.
3  *
4  * Licensed under the Mozilla Public License version 1.1
5  * with a permitted attribution clause. You may obtain a
6  * copy of the License at
7  *
8  * http://www.alfresco.org/legal/license.txt
9  *
10  * Unless required by applicable law or agreed to in writing,
11  * software distributed under the License is distributed on an
12  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13  * either express or implied. See the License for the specific
14  * language governing permissions and limitations under the
15  * License.
16  */

17 package org.alfresco.filesys.server.auth;
18
19 import java.util.Random JavaDoc;
20
21 import org.alfresco.config.ConfigElement;
22 import org.alfresco.filesys.server.SrvSession;
23 import org.alfresco.filesys.server.config.InvalidConfigurationException;
24 import org.alfresco.filesys.server.config.ServerConfiguration;
25 import org.alfresco.filesys.server.core.ShareType;
26 import org.alfresco.filesys.server.core.SharedDevice;
27 import org.alfresco.filesys.smb.server.SMBSrvSession;
28 import org.alfresco.filesys.util.DataPacker;
29
30 /**
31  * <p>
32  * Local Authenticator Class.
33  * <p>
34  * The local authenticator implementation enables user level security mode and uses the user account
35  * list that is part of the server configuration to determine if a user is allowed to access the
36  * server/share.
37  * <p>
38  * Note: Switching off encrypted password support will cause later NT4 service pack releases and
39  * Win2000 to refuse to connect to the server without a registry update on the client.
40  */

41 public class LocalAuthenticator extends SrvAuthenticator
42 {
43
44     // Random number generator used to generate challenge keys
45

46     private Random JavaDoc m_random = new Random JavaDoc(System.currentTimeMillis());
47
48     // Server configuration
49

50     private ServerConfiguration m_config;
51
52     /**
53      * Local Authenticator Constructor
54      * <p>
55      * Default to user mode security with encrypted password support.
56      */

57     public LocalAuthenticator()
58     {
59         setAccessMode(SrvAuthenticator.USER_MODE);
60         setEncryptedPasswords(true);
61     }
62
63     /**
64      * Authenticate the connection to a share
65      *
66      * @param client ClienInfo
67      * @param share SharedDevice
68      * @param pwd Share level password.
69      * @param sess Server session
70      * @return Authentication status.
71      */

72     public int authenticateShareConnect(ClientInfo client, SharedDevice share, String JavaDoc pwd, SrvSession sess)
73     {
74
75         // If the server is in share mode security allow the user access
76

77         if (this.getAccessMode() == SHARE_MODE)
78             return SrvAuthenticator.Writeable;
79
80         // Check if the IPC$ share is being accessed
81

82         if (share.getType() == ShareType.ADMINPIPE)
83             return SrvAuthenticator.Writeable;
84
85         // Check if the user is allowed to access the specified shared device
86
//
87
// If a user does not have access to the requested share the connection will still be
88
// allowed
89
// but any attempts to access files or search directories will result in a 'no access
90
// rights'
91
// error being returned to the client.
92

93         UserAccount user = null;
94         if (client != null)
95             user = getUserDetails(client.getUserName());
96
97         if (user == null)
98         {
99
100             // Check if the guest account is enabled
101

102             return allowGuest() ? SrvAuthenticator.Writeable : SrvAuthenticator.NoAccess;
103         }
104         else if (user.hasShare(share.getName()) == false)
105             return SrvAuthenticator.NoAccess;
106
107         // Allow user to access this share
108

109         return SrvAuthenticator.Writeable;
110     }
111
112     /**
113      * Authenticate a user
114      *
115      * @param client Client information
116      * @param sess Server session
117      * @param alg Encryption algorithm
118      */

119     public int authenticateUser(ClientInfo client, SrvSession sess, int alg)
120     {
121
122         // Check if the user exists in the user list
123

124         UserAccount userAcc = getUserDetails(client.getUserName());
125         if (userAcc != null)
126         {
127
128             // Validate the password
129

130             boolean authSts = false;
131
132             if (client.getPassword() != null)
133             {
134
135                 // Validate using the Unicode password
136

137                 authSts = validatePassword(userAcc.getPassword(), client.getPassword(), sess.getChallengeKey(), alg);
138             }
139             else if (client.hasANSIPassword())
140             {
141
142                 // Validate using the ANSI password with the LanMan encryption
143

144                 authSts = validatePassword(userAcc.getPassword(), client.getANSIPassword(), sess.getChallengeKey(),
145                         SrvAuthenticator.LANMAN);
146             }
147
148             // Return the authentication status
149

150             return authSts == true ? SrvAuthenticator.AUTH_ALLOW : SrvAuthenticator.AUTH_BADPASSWORD;
151         }
152
153         // Check if this is an SMB/CIFS null session logon.
154
//
155
// The null session will only be allowed to connect to the IPC$ named pipe share.
156

157         if (client.isNullSession() && sess instanceof SMBSrvSession)
158             return SrvAuthenticator.AUTH_ALLOW;
159
160         // Unknown user
161

162         return allowGuest() ? SrvAuthenticator.AUTH_GUEST : SrvAuthenticator.AUTH_DISALLOW;
163     }
164
165     /**
166      * Generate a challenge key
167      *
168      * @param sess SrvSession
169      * @return byte[]
170      */

171     public byte[] getChallengeKey(SrvSession sess)
172     {
173
174         // Generate a new challenge key, pack the key and return
175

176         byte[] key = new byte[8];
177
178         DataPacker.putIntelLong(m_random.nextLong(), key, 0);
179         return key;
180     }
181
182     /**
183      * Search for the requried user account details in the defined user list
184      *
185      * @param user String
186      * @return UserAccount
187      */

188     public UserAccount getUserDetails(String JavaDoc user)
189     {
190
191         // Get the user account list from the configuration
192

193         UserAccountList userList = m_config.getUserAccounts();
194         if (userList == null || userList.numberOfUsers() == 0)
195             return null;
196
197         // Search for the required user account record
198

199         return userList.findUser(user);
200     }
201
202     /**
203      * Initialize the authenticator
204      *
205      * @param config ServerConfiguration
206      * @param params ConfigElement
207      * @exception InvalidConfigurationException
208      */

209     public void initialize(ServerConfiguration config, ConfigElement params) throws InvalidConfigurationException
210     {
211
212         // Save the server configuration so we can access the defined user list
213

214         m_config = config;
215     }
216 }
Popular Tags