001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.ntlm;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.ntlm.msrpc.NetlogonAuthenticator;
020    import com.liferay.portal.security.ntlm.msrpc.NetlogonIdentityInfo;
021    import com.liferay.portal.security.ntlm.msrpc.NetlogonNetworkInfo;
022    import com.liferay.portal.security.ntlm.msrpc.NetlogonValidationSamInfo;
023    import com.liferay.portal.security.ntlm.msrpc.NetrLogonSamLogon;
024    
025    import java.io.IOException;
026    
027    import java.security.NoSuchAlgorithmException;
028    import java.security.SecureRandom;
029    
030    import jcifs.dcerpc.DcerpcBinding;
031    import jcifs.dcerpc.DcerpcHandle;
032    import jcifs.dcerpc.UnicodeString;
033    
034    import jcifs.smb.SmbException;
035    
036    /**
037     * @author Marcellus Tavares
038     * @author Michael C. Han
039     */
040    public class Netlogon {
041    
042            public NtlmUserAccount logon(
043                            String domain, String userName, String workstation,
044                            byte[] serverChallenge, byte[] ntResponse, byte[] lmResponse)
045                    throws NtlmLogonException {
046    
047                    NetlogonConnection netlogonConnection = new NetlogonConnection();
048    
049                    try {
050                            netlogonConnection.connect(
051                                    _domainController, _domainControllerName, _ntlmServiceAccount,
052                                    _secureRandom);
053    
054                            NetlogonAuthenticator netlogonAuthenticator =
055                                    netlogonConnection.computeNetlogonAuthenticator();
056    
057                            NetlogonIdentityInfo netlogonIdentityInfo =
058                                    new NetlogonIdentityInfo(
059                                            domain, 0x00000820, 0, 0, userName, workstation);
060    
061                            NetlogonNetworkInfo netlogonNetworkInfo = new NetlogonNetworkInfo(
062                                    netlogonIdentityInfo, serverChallenge, ntResponse, lmResponse);
063    
064                            NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(
065                                    _domainControllerName, _ntlmServiceAccount.getComputerName(),
066                                    netlogonAuthenticator, new NetlogonAuthenticator(), 2,
067                                    netlogonNetworkInfo, 2, new NetlogonValidationSamInfo(), 0);
068    
069                            DcerpcHandle dcerpcHandle = netlogonConnection.getDcerpcHandle();
070    
071                            dcerpcHandle.sendrecv(netrLogonSamLogon);
072    
073                            if (netrLogonSamLogon.getStatus() == 0) {
074                                    NetlogonValidationSamInfo netlogonValidationSamInfo =
075                                            netrLogonSamLogon.getNetlogonValidationSamInfo();
076    
077                                    UnicodeString name = new UnicodeString(
078                                            netlogonValidationSamInfo.getEffectiveName(), false);
079    
080                                    return new NtlmUserAccount(name.toString());
081                            }
082                            else {
083                                    SmbException smbe = new SmbException(
084                                            netrLogonSamLogon.getStatus(), false);
085    
086                                    throw new NtlmLogonException(
087                                            "Unable to authenticate user: " + smbe.getMessage());
088                            }
089                    }
090                    catch (NoSuchAlgorithmException nsae) {
091                            throw new NtlmLogonException(
092                                    "Unable to authenticate due to invalid encryption algorithm",
093                                    nsae);
094                    }
095                    catch (IOException ioe) {
096                            throw new NtlmLogonException(
097                                    "Unable to authenticate due to communication failure with " +
098                                            "server",
099                                    ioe);
100                    }
101                    finally {
102                            try {
103                                    netlogonConnection.disconnect();
104                            }
105                            catch (Exception e) {
106                                    _log.error("Unable to disconnect Netlogon connection", e);
107                            }
108                    }
109            }
110    
111            public void setConfiguration(
112                    String domainController, String domainControllerName,
113                    NtlmServiceAccount ntlmServiceAccount) {
114    
115                    _domainController = domainController;
116                    _domainControllerName = domainControllerName;
117                    _ntlmServiceAccount = ntlmServiceAccount;
118            }
119    
120            private static Log _log = LogFactoryUtil.getLog(Netlogon.class);
121    
122            private String _domainController;
123            private String _domainControllerName;
124            private NtlmServiceAccount _ntlmServiceAccount;
125            private SecureRandom _secureRandom = new SecureRandom();
126    
127            static {
128                    DcerpcBinding.addInterface(
129                            "netlogon", "12345678-1234-abcd-ef00-01234567cffb:1.0");
130            }
131    
132    }