jcifs.smb

Class NtlmPasswordAuthentication

java.lang.Object

jcifs.smb.NtlmPasswordAuthentication

All Implemented Interfaces:

Serializable, Cloneable, Principal, Credentials, CredentialsInternal

Direct Known Subclasses:

Kerb5Authenticator

public class NtlmPasswordAuthentication
extends Object
implements Principal, CredentialsInternal, Serializable

This class stores and encrypts NTLM user credentials. The default credentials are retrieved from the jcifs.smb.client.domain, jcifs.smb.client.username, and jcifs.smb.client.password properties.

Read jCIFS Exceptions and NtlmAuthenticator for related information.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
NtlmPasswordAuthentication(CIFSContext tc) Construct anonymous credentials
NtlmPasswordAuthentication(CIFSContext tc, String userInfo) Create an NtlmPasswordAuthentication object from the userinfo component of an SMB URL like "domain;user:pass".
NtlmPasswordAuthentication(CIFSContext tc, String domain, String username, String password) Create an NtlmPasswordAuthentication object from a domain, username, and password.
NtlmPasswordAuthentication(String domain, String username, byte[] challenge, byte[] ansiHash, byte[] unicodeHash) Create an NtlmPasswordAuthentication object with raw password hashes.

Method Summary

Modifier and Type	Method and Description
boolean	areHashesExternal()
NtlmPasswordAuthentication	clone()
SSPContext	createContext(CIFSContext transportContext, String targetDomain, String host, byte[] initialToken, boolean doSigning)
boolean	equals(Object obj) Compares two NtlmPasswordAuthentication objects for equality.
byte[]	getAnsiHash(CIFSContext tc, byte[] chlng) Computes the 24 byte ANSI password hash given the 8 byte server challenge.
String	getName() Return the domain and username in the format: domain\\username.
String	getPassword() Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used.
byte[]	getSigningKey(CIFSContext tc, byte[] chlng)
String	getSpecifiedUserDomain()
Subject	getSubject()
byte[]	getUnicodeHash(CIFSContext tc, byte[] chlng) Computes the 24 byte Unicode password hash given the 8 byte server challenge.
String	getUserDomain() Returns the domain.
String	getUsername() Returns the username.
byte[]	getUserSessionKey(CIFSContext tc, byte[] chlng) Returns the effective user session key.
void	getUserSessionKey(CIFSContext tc, byte[] chlng, byte[] dest, int offset) Calculates the effective user session key.
int	hashCode() Return the upcased username hash code.
boolean	isAnonymous()
boolean	isGuest()
String	toString() Return the domain and username in the format: domain\\username.
<T extends Credentials> T	unwrap(Class<T> type)

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Detail

NtlmPasswordAuthentication

public NtlmPasswordAuthentication(CIFSContext tc,
                                  String domain,
                                  String username,
                                  String password)

Create an NtlmPasswordAuthentication object from a domain, username, and password. Parameters that are null will be substituted with jcifs.smb.client.domain, jcifs.smb.client.username, jcifs.smb.client.password property values.

Parameters:

tc - context to use

domain -

username -

password -

NtlmPasswordAuthentication

public NtlmPasswordAuthentication(String domain,
                                  String username,
                                  byte[] challenge,
                                  byte[] ansiHash,
                                  byte[] unicodeHash)

Create an NtlmPasswordAuthentication object with raw password hashes. This is used exclusively by the jcifs.http.NtlmSsp class which is in turn used by NTLM HTTP authentication functionality.

Parameters:

domain -

username -

challenge -

ansiHash -

unicodeHash -

NtlmPasswordAuthentication

public NtlmPasswordAuthentication(CIFSContext tc)

Construct anonymous credentials

Parameters:

tc -

NtlmPasswordAuthentication

public NtlmPasswordAuthentication(CIFSContext tc,
                                  String userInfo)

Create an NtlmPasswordAuthentication object from the userinfo component of an SMB URL like "domain;user:pass". This constructor is used internally be jCIFS when parsing SMB URLs.

Parameters:

tc -

userInfo -

Method Detail

unwrap

public <T extends Credentials> T unwrap(Class<T> type)

Specified by:

unwrap in interface Credentials

Returns:

instance for type, null if the type cannot be unwrapped

getSubject

public Subject getSubject()

Specified by:

getSubject in interface CredentialsInternal

Returns:

subject associated with the credentials

See Also:

CredentialsInternal.getSubject()

createContext

public SSPContext createContext(CIFSContext transportContext,
                                String targetDomain,
                                String host,
                                byte[] initialToken,
                                boolean doSigning)
                         throws SmbException

Specified by:

createContext in interface CredentialsInternal

Returns:

a new context

Throws:

SmbException

See Also:

CredentialsInternal.createContext(jcifs.CIFSContext, java.lang.String, java.lang.String, byte[], boolean)

clone

public NtlmPasswordAuthentication clone()

Specified by:

clone in interface CredentialsInternal

Overrides:

clone in class Object

Returns:

a copy of the credentials

getUserDomain

public String getUserDomain()

Returns the domain.

Specified by:

getUserDomain in interface Credentials

Returns:

the domain the user account is in

getSpecifiedUserDomain

public String getSpecifiedUserDomain()

Returns:

the original specified user domain

getUsername

public String getUsername()

Returns the username.

Returns:

the username

getPassword

public String getPassword()

Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used. There is no way to retrieve a users password in plain text unless it is supplied by the user at runtime.

Returns:

the password

getName

public String getName()

Return the domain and username in the format: domain\\username. This is equivalent to toString().

Specified by:

getName in interface Principal

getAnsiHash

public byte[] getAnsiHash(CIFSContext tc,
                          byte[] chlng)
                   throws GeneralSecurityException

Computes the 24 byte ANSI password hash given the 8 byte server challenge.

Parameters:

tc -

chlng -

Returns:

the hash for the given challenge

Throws:

GeneralSecurityException

getUnicodeHash

public byte[] getUnicodeHash(CIFSContext tc,
                             byte[] chlng)
                      throws GeneralSecurityException

Computes the 24 byte Unicode password hash given the 8 byte server challenge.

Parameters:

tc -

chlng -

Returns:

the hash for the given challenge

Throws:

GeneralSecurityException

getSigningKey

public byte[] getSigningKey(CIFSContext tc,
                            byte[] chlng)
                     throws SmbException,
                            GeneralSecurityException

Parameters:

tc -

chlng -

Returns:

the signing key

Throws:

SmbException

GeneralSecurityException

getUserSessionKey

public byte[] getUserSessionKey(CIFSContext tc,
                                byte[] chlng)

Returns the effective user session key.

Parameters:

tc -

chlng - The server challenge.

Returns:

A byte[] containing the effective user session key, used in SMB MAC signing and NTLMSSP signing and sealing.

getUserSessionKey

public void getUserSessionKey(CIFSContext tc,
                              byte[] chlng,
                              byte[] dest,
                              int offset)
                       throws SmbException

Calculates the effective user session key.

Parameters:

tc - context to use

chlng - The server challenge.

dest - The destination array in which the user session key will be placed.

offset - The offset in the destination array at which the session key will start.

Throws:

SmbException

equals

public boolean equals(Object obj)

Compares two NtlmPasswordAuthentication objects for equality. Two NtlmPasswordAuthentication objects are equal if their caseless domain and username fields are equal and either both hashes are external and they are equal or both internally supplied passwords are equal. If one NtlmPasswordAuthentication object has external hashes (meaning negotiated via NTLM HTTP Authentication) and the other does not they will not be equal. This is technically not correct however the server 8 byte challenge would be required to compute and compare the password hashes but that it not available with this method.

Specified by:

equals in interface Principal

Overrides:

equals in class Object

hashCode

public int hashCode()

Return the upcased username hash code.

Specified by:

hashCode in interface Principal

Overrides:

hashCode in class Object

toString

public String toString()

Return the domain and username in the format: domain\\username. This is equivalent to getName().

Specified by:

toString in interface Principal

Overrides:

toString in class Object

isAnonymous

public boolean isAnonymous()

Specified by:

isAnonymous in interface Credentials

Returns:

whether these are anonymous credentials

isGuest

public boolean isGuest()

Specified by:

isGuest in interface Credentials

Returns:

whether these are guest credentials

areHashesExternal

public boolean areHashesExternal()

Returns:

whether the hashes are externally supplied