📄 type3message.java
字号:
/* jcifs smb client library in Java
* Copyright (C) 2002 "Michael B. Allen" <jcifs at samba dot org>
* "Eric Glass" <jcifs at samba dot org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package jcifs.ntlmssp;
import java.io.IOException;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import jcifs.Config;
import jcifs.netbios.NbtAddress;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.util.HMACT64;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.security.GeneralSecurityException;
import jcifs.util.MD4;
import jcifs.util.RC4;
/**
* Represents an NTLMSSP Type-3 message.
*/
public class Type3Message extends NtlmMessage {
static final long MILLISECONDS_BETWEEN_1970_AND_1601 = 11644473600000L;
private static final int DEFAULT_FLAGS;
private static final String DEFAULT_DOMAIN;
private static final String DEFAULT_USER;
private static final String DEFAULT_PASSWORD;
private static final String DEFAULT_WORKSTATION;
private static final int LM_COMPATIBILITY;
private static final SecureRandom RANDOM = new SecureRandom();
private byte[] lmResponse;
private byte[] ntResponse;
private String domain;
private String user;
private String workstation;
private byte[] masterKey = null;
private byte[] sessionKey = null;
static {
DEFAULT_FLAGS = NTLMSSP_NEGOTIATE_NTLM |
(Config.getBoolean("jcifs.smb.client.useUnicode", true) ?
NTLMSSP_NEGOTIATE_UNICODE : NTLMSSP_NEGOTIATE_OEM);
DEFAULT_DOMAIN = Config.getProperty("jcifs.smb.client.domain", null);
DEFAULT_USER = Config.getProperty("jcifs.smb.client.username", null);
DEFAULT_PASSWORD = Config.getProperty("jcifs.smb.client.password",
null);
String defaultWorkstation = null;
try {
defaultWorkstation = NbtAddress.getLocalHost().getHostName();
} catch (UnknownHostException ex) { }
DEFAULT_WORKSTATION = defaultWorkstation;
LM_COMPATIBILITY = Config.getInt("jcifs.smb.lmCompatibility", 3);
}
/**
* Creates a Type-3 message using default values from the current
* environment.
*/
public Type3Message() {
setFlags(getDefaultFlags());
setDomain(getDefaultDomain());
setUser(getDefaultUser());
setWorkstation(getDefaultWorkstation());
}
/**
* Creates a Type-3 message in response to the given Type-2 message
* using default values from the current environment.
*
* @param type2 The Type-2 message which this represents a response to.
*/
public Type3Message(Type2Message type2) {
setFlags(getDefaultFlags(type2));
setWorkstation(getDefaultWorkstation());
String domain = getDefaultDomain();
setDomain(domain);
String user = getDefaultUser();
setUser(user);
String password = getDefaultPassword();
switch (LM_COMPATIBILITY) {
case 0:
case 1:
setLMResponse(getLMResponse(type2, password));
setNTResponse(getNTResponse(type2, password));
break;
case 2:
byte[] nt = getNTResponse(type2, password);
setLMResponse(nt);
setNTResponse(nt);
break;
case 3:
case 4:
case 5:
byte[] clientChallenge = new byte[8];
RANDOM.nextBytes(clientChallenge);
setLMResponse(getLMv2Response(type2, domain, user, password,
clientChallenge));
/*
setNTResponse(getNTLMv2Response(type2, domain, user, password,
clientChallenge));
*/
break;
default:
setLMResponse(getLMResponse(type2, password));
setNTResponse(getNTResponse(type2, password));
}
}
/**
* Creates a Type-3 message in response to the given Type-2 message.
*
* @param type2 The Type-2 message which this represents a response to.
* @param password The password to use when constructing the response.
* @param domain The domain in which the user has an account.
* @param user The username for the authenticating user.
* @param workstation The workstation from which authentication is
* taking place.
*/
public Type3Message(Type2Message type2, String password, String domain,
String user, String workstation, int flags) {
setFlags(flags | getDefaultFlags(type2));
if (workstation == null)
workstation = getDefaultWorkstation();
setWorkstation(workstation);
setDomain(domain);
setUser(user);
switch (LM_COMPATIBILITY) {
case 0:
case 1:
if ((getFlags() & NTLMSSP_NEGOTIATE_NTLM2) == 0) {
setLMResponse(getLMResponse(type2, password));
setNTResponse(getNTResponse(type2, password));
} else {
// NTLM2 Session Response
byte[] clientChallenge = new byte[24];
RANDOM.nextBytes(clientChallenge);
java.util.Arrays.fill(clientChallenge, 8, 24, (byte)0x00);
// NTLMv1 w/ NTLM2 session sec and key exch all been verified with a debug build of smbclient
byte[] responseKeyNT = NtlmPasswordAuthentication.nTOWFv1(password);
byte[] ntlm2Response = NtlmPasswordAuthentication.getNTLM2Response(responseKeyNT,
type2.getChallenge(),
clientChallenge);
setLMResponse(clientChallenge);
setNTResponse(ntlm2Response);
if ((getFlags() & NTLMSSP_NEGOTIATE_SIGN) == NTLMSSP_NEGOTIATE_SIGN) {
byte[] sessionNonce = new byte[16];
System.arraycopy(type2.getChallenge(), 0, sessionNonce, 0, 8);
System.arraycopy(clientChallenge, 0, sessionNonce, 8, 8);
MD4 md4 = new MD4();
md4.update(responseKeyNT);
byte[] userSessionKey = md4.digest();
HMACT64 hmac = new HMACT64(userSessionKey);
hmac.update(sessionNonce);
byte[] ntlm2SessionKey = hmac.digest();
if ((getFlags() & NTLMSSP_NEGOTIATE_KEY_EXCH) != 0) {
masterKey = new byte[16];
RANDOM.nextBytes(masterKey);
byte[] exchangedKey = new byte[16];
RC4 rc4 = new RC4(ntlm2SessionKey);
rc4.update(masterKey, 0, 16, exchangedKey, 0);
/* RC4 was not added to Java until 1.5u7 so let's use our own for a little while longer ...
try {
Cipher rc4 = Cipher.getInstance("RC4");
rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(ntlm2SessionKey, "RC4"));
rc4.update(masterKey, 0, 16, exchangedKey, 0);
} catch (GeneralSecurityException gse) {
throw new RuntimeException("", gse);
}
*/
setSessionKey(exchangedKey);
} else {
masterKey = ntlm2SessionKey;
setSessionKey(masterKey);
}
}
}
break;
case 2:
byte[] nt = getNTResponse(type2, password);
setLMResponse(nt);
setNTResponse(nt);
break;
case 3:
case 4:
case 5:
byte[] responseKeyNT = NtlmPasswordAuthentication.nTOWFv2(domain, user, password);
byte[] clientChallenge = new byte[8];
RANDOM.nextBytes(clientChallenge);
setLMResponse(getLMv2Response(type2, domain, user, password, clientChallenge));
byte[] clientChallenge2 = new byte[8];
RANDOM.nextBytes(clientChallenge2);
setNTResponse(getNTLMv2Response(type2, responseKeyNT, clientChallenge2));
if ((getFlags() & NTLMSSP_NEGOTIATE_SIGN) == NTLMSSP_NEGOTIATE_SIGN) {
HMACT64 hmac = new HMACT64(responseKeyNT);
hmac.update(ntResponse, 0, 16); // only first 16 bytes of ntResponse
byte[] userSessionKey = hmac.digest();
if ((getFlags() & NTLMSSP_NEGOTIATE_KEY_EXCH) != 0) {
masterKey = new byte[16];
RANDOM.nextBytes(masterKey);
byte[] exchangedKey = new byte[16];
RC4 rc4 = new RC4(userSessionKey);
rc4.update(masterKey, 0, 16, exchangedKey, 0);
/* RC4 was not added to Java until 1.5u7 so let's use our own for a little while longer ...
try {
Cipher rc4 = Cipher.getInstance("RC4");
rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(userSessionKey, "RC4"));
rc4.update(masterKey, 0, 16, exchangedKey, 0);
} catch (GeneralSecurityException gse) {
throw new RuntimeException("", gse);
}
*/
setSessionKey(exchangedKey);
} else {
masterKey = userSessionKey;
setSessionKey(masterKey);
}
}
break;
default:
setLMResponse(getLMResponse(type2, password));
setNTResponse(getNTResponse(type2, password));
}
}
/**
* Creates a Type-3 message with the specified parameters.
*
* @param flags The flags to apply to this message.
* @param lmResponse The LanManager/LMv2 response.
* @param ntResponse The NT/NTLMv2 response.
* @param domain The domain in which the user has an account.
* @param user The username for the authenticating user.
* @param workstation The workstation from which authentication is
* taking place.
*/
public Type3Message(int flags, byte[] lmResponse, byte[] ntResponse,
String domain, String user, String workstation) {
setFlags(flags);
setLMResponse(lmResponse);
setNTResponse(ntResponse);
setDomain(domain);
setUser(user);
setWorkstation(workstation);
}
/**
* Creates a Type-3 message using the given raw Type-3 material.
*
* @param material The raw Type-3 material used to construct this message.
* @throws IOException If an error occurs while parsing the material.
*/
public Type3Message(byte[] material) throws IOException {
parse(material);
}
/**
* Returns the LanManager/LMv2 response.
*
* @return A <code>byte[]</code> containing the LanManager response.
*/
public byte[] getLMResponse() {
return lmResponse;
}
/**
* Sets the LanManager/LMv2 response for this message.
*
* @param lmResponse The LanManager response.
*/
public void setLMResponse(byte[] lmResponse) {
this.lmResponse = lmResponse;
}
/**
* Returns the NT/NTLMv2 response.
*
* @return A <code>byte[]</code> containing the NT/NTLMv2 response.
*/
public byte[] getNTResponse() {
return ntResponse;
}
/**
* Sets the NT/NTLMv2 response for this message.
*
* @param ntResponse The NT/NTLMv2 response.
*/
public void setNTResponse(byte[] ntResponse) {
this.ntResponse = ntResponse;
}
/**
* Returns the domain in which the user has an account.
*
* @return A <code>String</code> containing the domain for the user.
*/
public String getDomain() {
return domain;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -