@Override
public User getUser(Renderer renderer, String username, String password) throws IOException {
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password))
throw new AuthException("Username or password is empty");
if (StringUtils.isEmpty(renderer.getAuthServer()))
throw new AuthException("No auth server given, check the parameters of the renderer");
ActiveDirectory activeDirectory = null;
try {
String domain = renderer.getAuthDomain();
String authServer = renderer.getAuthServer();
User user = AuthUserCache.INSTANCE.get(username, domain);
if (user != null) return user;
NtlmPasswordAuthentication ntlmAuth = getNtlmAuth(renderer, username, password);
UniAddress dc = UniAddress.getByName(authServer, true);
SmbSession.logon(dc, ntlmAuth);
activeDirectory =
new ActiveDirectory(authServer, ntlmAuth.getUsername(), ntlmAuth.getPassword(), domain);
NamingEnumeration<SearchResult> result = activeDirectory.findUser(username);
Attributes attrs = ActiveDirectory.getAttributes(result);
if (attrs == null) throw new AuthException("No user found: " + username);
String userId = ActiveDirectory.getObjectSID(attrs);
List<ADGroup> groups = new ArrayList<ADGroup>();
activeDirectory.findUserGroups(attrs, groups);
String dnUser = ActiveDirectory.getStringAttribute(attrs, "DistinguishedName");
if (!StringUtils.isEmpty(dnUser)) activeDirectory.findUserGroup(dnUser, groups);
Logging.info("USER authenticated: " + user);
user =
new User(
userId.toLowerCase(),
username.toLowerCase(),
password,
ActiveDirectory.toArray(groups, "everyone"),
ActiveDirectory.getDisplayString(domain, username));
AuthUserCache.INSTANCE.add(username, domain, user);
return user;
} catch (SmbAuthException e) {
Logging.warn(e);
throw new AuthException("Authentication error (SmbAuthException) : " + e.getMessage());
} catch (UnknownHostException e) {
Logging.warn(e);
throw new AuthException("Authentication error (UnknownHostException) : " + e.getMessage());
} catch (NamingException e) {
Logging.warn(e);
throw new AuthException("LDAP error (NamingException) : " + e.getMessage());
} finally {
IOUtils.close(activeDirectory);
}
}
public static byte[] getLMv2Response(
Type2Message type2, String domain, String user, String password, byte[] clientChallenge) {
if (type2 == null
|| domain == null
|| user == null
|| password == null
|| clientChallenge == null) {
return null;
}
return NtlmPasswordAuthentication.getLMv2Response(
domain, user, password, type2.getChallenge(), clientChallenge);
}
/**
* Constructs the NT response to the given Type-2 message using the supplied password.
*
* @param type2 The Type-2 message.
* @param password The password.
* @return A <code>byte[]</code> containing the NT response.
*/
public static byte[] getNTResponse(Type2Message type2, String password) {
if (type2 == null || password == null) return null;
return NtlmPasswordAuthentication.getNTLMResponse(password, type2.getChallenge());
}