001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.ntlm;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.ntlm.msrpc.NetlogonAuthenticator;
020    import com.liferay.portal.security.ntlm.msrpc.NetlogonIdentityInfo;
021    import com.liferay.portal.security.ntlm.msrpc.NetlogonNetworkInfo;
022    import com.liferay.portal.security.ntlm.msrpc.NetlogonValidationSamInfo;
023    import com.liferay.portal.security.ntlm.msrpc.NetrLogonSamLogon;
024    
025    import java.io.IOException;
026    
027    import java.security.NoSuchAlgorithmException;
028    
029    import jcifs.dcerpc.DcerpcBinding;
030    import jcifs.dcerpc.DcerpcHandle;
031    import jcifs.dcerpc.UnicodeString;
032    
033    import jcifs.smb.SmbException;
034    
035    /**
036     * @author Marcellus Tavares
037     * @author Michael C. Han
038     */
039    public class Netlogon {
040    
041            public NtlmUserAccount logon(
042                            String domain, String userName, String workstation,
043                            byte[] serverChallenge, byte[] ntResponse, byte[] lmResponse)
044                    throws NtlmLogonException {
045    
046                    NetlogonConnection netlogonConnection = new NetlogonConnection();
047    
048                    try {
049                            netlogonConnection.connect(
050                                    _domainController, _domainControllerName, _ntlmServiceAccount);
051    
052                            NetlogonAuthenticator netlogonAuthenticator =
053                                    netlogonConnection.computeNetlogonAuthenticator();
054    
055                            NetlogonIdentityInfo netlogonIdentityInfo =
056                                    new NetlogonIdentityInfo(
057                                            domain, 0x00000820, 0, 0, userName, workstation);
058    
059                            NetlogonNetworkInfo netlogonNetworkInfo = new NetlogonNetworkInfo(
060                                    netlogonIdentityInfo, serverChallenge, ntResponse, lmResponse);
061    
062                            NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(
063                                    _domainControllerName, _ntlmServiceAccount.getComputerName(),
064                                    netlogonAuthenticator, new NetlogonAuthenticator(), 2,
065                                    netlogonNetworkInfo, 2, new NetlogonValidationSamInfo(), 0);
066    
067                            DcerpcHandle dcerpcHandle = netlogonConnection.getDcerpcHandle();
068    
069                            dcerpcHandle.sendrecv(netrLogonSamLogon);
070    
071                            if (netrLogonSamLogon.getStatus() == 0) {
072                                    NetlogonValidationSamInfo netlogonValidationSamInfo =
073                                            netrLogonSamLogon.getNetlogonValidationSamInfo();
074    
075                                    UnicodeString name = new UnicodeString(
076                                            netlogonValidationSamInfo.getEffectiveName(), false);
077    
078                                    return new NtlmUserAccount(name.toString());
079                            }
080    
081                            SmbException smbe = new SmbException(
082                                    netrLogonSamLogon.getStatus(), false);
083    
084                            throw new NtlmLogonException(
085                                    "Unable to authenticate user: " + smbe.getMessage());
086                    }
087                    catch (NoSuchAlgorithmException nsae) {
088                            throw new NtlmLogonException(
089                                    "Unable to authenticate due to invalid encryption algorithm",
090                                    nsae);
091                    }
092                    catch (IOException ioe) {
093                            throw new NtlmLogonException(
094                                    "Unable to authenticate due to communication failure with " +
095                                            "server",
096                                    ioe);
097                    }
098                    finally {
099                            try {
100                                    netlogonConnection.disconnect();
101                            }
102                            catch (Exception e) {
103                                    _log.error("Unable to disconnect Netlogon connection", e);
104                            }
105                    }
106            }
107    
108            public void setConfiguration(
109                    String domainController, String domainControllerName,
110                    NtlmServiceAccount ntlmServiceAccount) {
111    
112                    _domainController = domainController;
113                    _domainControllerName = domainControllerName;
114                    _ntlmServiceAccount = ntlmServiceAccount;
115            }
116    
117            private static Log _log = LogFactoryUtil.getLog(Netlogon.class);
118    
119            private String _domainController;
120            private String _domainControllerName;
121            private NtlmServiceAccount _ntlmServiceAccount;
122    
123            static {
124                    DcerpcBinding.addInterface(
125                            "netlogon", "12345678-1234-abcd-ef00-01234567cffb:1.0");
126            }
127    
128    }