001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.ntlm;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.ntlm.msrpc.NetlogonAuthenticator;
020    import com.liferay.portal.security.ntlm.msrpc.NetlogonIdentityInfo;
021    import com.liferay.portal.security.ntlm.msrpc.NetlogonNetworkInfo;
022    import com.liferay.portal.security.ntlm.msrpc.NetlogonValidationSamInfo;
023    import com.liferay.portal.security.ntlm.msrpc.NetrLogonSamLogon;
024    
025    import java.io.IOException;
026    
027    import java.security.NoSuchAlgorithmException;
028    import java.security.SecureRandom;
029    
030    import jcifs.dcerpc.DcerpcBinding;
031    import jcifs.dcerpc.DcerpcHandle;
032    import jcifs.dcerpc.UnicodeString;
033    
034    import jcifs.smb.SmbException;
035    
036    /**
037     * @author Marcellus Tavares
038     * @author Michael C. Han
039     */
040    public class Netlogon {
041    
042            public NtlmUserAccount logon(
043                            String domain, String userName, String workstation,
044                            byte[] serverChallenge, byte[] ntResponse, byte[] lmResponse)
045                    throws NtlmLogonException {
046    
047                    NetlogonConnection netlogonConnection = new NetlogonConnection();
048    
049                    try {
050    
051                            netlogonConnection.connect(
052                                    _domainController, _domainControllerName, _ntlmServiceAccount,
053                                    _secureRandom);
054    
055                            NetlogonAuthenticator netlogonAuthenticator =
056                                    netlogonConnection.computeNetlogonAuthenticator();
057    
058                            NetlogonIdentityInfo netlogonIdentityInfo =
059                                    new NetlogonIdentityInfo(
060                                            domain, 0x00000820, 0, 0, userName, workstation);
061    
062                            NetlogonNetworkInfo netlogonNetworkInfo = new NetlogonNetworkInfo(
063                                    netlogonIdentityInfo, serverChallenge, ntResponse, lmResponse);
064    
065                            NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(
066                                    _domainControllerName, _ntlmServiceAccount.getComputerName(),
067                                    netlogonAuthenticator, new NetlogonAuthenticator(), 2,
068                                    netlogonNetworkInfo, 2, new NetlogonValidationSamInfo(), 0);
069    
070                            DcerpcHandle dcerpcHandle = netlogonConnection.getDcerpcHandle();
071    
072                            dcerpcHandle.sendrecv(netrLogonSamLogon);
073    
074                            if (netrLogonSamLogon.getStatus() == 0) {
075                                    NetlogonValidationSamInfo netlogonValidationSamInfo =
076                                            netrLogonSamLogon.getNetlogonValidationSamInfo();
077    
078                                    UnicodeString name = new UnicodeString(
079                                            netlogonValidationSamInfo.getEffectiveName(), false);
080    
081                                    return new NtlmUserAccount(name.toString());
082                            }
083                            else {
084                                    SmbException smbe = new SmbException(
085                                            netrLogonSamLogon.getStatus(), false);
086    
087                                    throw new NtlmLogonException(
088                                            "Unable to authenticate user: " + smbe.getMessage());
089                            }
090                    }
091                    catch (NoSuchAlgorithmException e) {
092                            throw new NtlmLogonException(
093                                    "Unable to authenticate due to invalid encryption algorithm",
094                                    e);
095                    }
096                    catch (IOException e) {
097                            throw new NtlmLogonException(
098                                    "Unable to authenticate due to communication failure with " +
099                                            "server",
100                                    e);
101                    }
102                    finally {
103                            try {
104                                    netlogonConnection.disconnect();
105                            }
106                            catch (Exception e) {
107                                    _log.error("Unable to disconnect Netlogon connection", e);
108                            }
109                    }
110            }
111    
112            public void setConfiguration(
113                    String domainController, String domainControllerName,
114                    NtlmServiceAccount ntlmServiceAccount) {
115    
116                    _domainController = domainController;
117                    _domainControllerName = domainControllerName;
118                    _ntlmServiceAccount = ntlmServiceAccount;
119            }
120    
121            private static Log _log = LogFactoryUtil.getLog(Netlogon.class);
122    
123            private String _domainController;
124            private String _domainControllerName;
125            private NtlmServiceAccount _ntlmServiceAccount;
126            private SecureRandom _secureRandom = new SecureRandom();
127    
128            static {
129                    DcerpcBinding.addInterface(
130                            "netlogon", "12345678-1234-abcd-ef00-01234567cffb:1.0");
131            }
132    
133    }