此時瀏覽器會跳出一個登入的對話框,當使用者登入後,
可以經由解析Authorization得到使用者的username和domain,
以下是參考這篇文
NTLM Authentication in Java
寫出的 Java 程式碼,可以得到username和domain,
要注意的是,在 NTLM Authentication in Java 的程式碼中,其忽略了 username 和 doamin 的 length 或 offset, byte 轉成 int 時會變成負數的可能性,
而在我們的程式碼中對此做出了修正。
String auth = request.getHeader("Authorization"); String szUserName = ""; String szDomain = ""; StringBuffer szUserNameBuffer = new StringBuffer(); StringBuffer szDomainBuffer = new StringBuffer(); if (auth == null) { response.setStatus(response.SC_UNAUTHORIZED); response.setHeader("WWW-Authenticate", "NTLM"); response.flushBuffer(); return; } if (auth.startsWith("NTLM ")) { byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5)); int off = 0, length, offset; if (msg[8] == 1) { byte z = 0; byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z, (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)2, z, z, z, z, z, z, z, z, z, z, z, z}; response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1)); response.sendError(response.SC_UNAUTHORIZED); return; } else if (msg[8] == 3) { off = 30; length = (msg[off+17]&0x0FF)*256 + (msg[off+16]&0x0FF); offset = (msg[off+19]&0x0FF)*256 + (msg[off+18]&0x0FF); String remoteHost = new String(msg, offset, length); length = (msg[off+1]&0x0FF)*256 + (msg[off]&0x0FF); offset = (msg[off+3]&0x0FF)*256 + (msg[off+2]&0x0FF); String domain = new String(msg, offset, length); length = (msg[off+9]&0x0FF)*256 + (msg[off+8]&0x0FF); offset = (msg[off+11]&0x0FF)*256 + (msg[off+10]&0x0FF); String username = new String(msg, offset, length); char[] ca = remoteHost.toCharArray(); String szHost = ""; for(int i = 0; i < ca.length; i = i + 2){ szHost = szHost + (char)ca[i]; } char[] ca2 = domain.toCharArray(); for(int i = 0; i < ca2.length; i = i + 2){ szDomain = szDomain + (char)ca2[i]; } char[] ca3 = username.toCharArray(); for(int i = 0; i < ca3.length; i = i + 2){ szUserName = szUserName + (char)ca3[i]; } } }else if(auth.startsWith("Negotiate")){ byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(10)); int off = 0, length, offset; if (msg[8] == 1){ byte z = 0; byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z, (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)2, z, z, z, z, z, z, z, z, z, z, z, z}; response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1)); response.sendError(response.SC_UNAUTHORIZED); return; }else if (msg[8] == 3){ off = 30; length = (msg[off+17]&0x0FF)*256 + (msg[off+16]&0x0FF); offset = (msg[off+19]&0x0FF)*256 + (msg[off+18]&0x0FF); // String remoteHost = new String(msg, offset, length); length = (msg[off+1]&0x0FF)*256 + (msg[off]&0x0FF); offset = (msg[off+3]&0x0FF)*256 + (msg[off+2]&0x0FF); szDomain = new String(msg, offset, length); length = (msg[off+9]&0x0FF)*256 + (msg[off+8]&0x0FF); offset = (msg[off+11]&0x0FF)*256 + (msg[off+10]&0x0FF); szUserName = new String(msg, offset, length , "UTF-8" ); } } String charSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ_".toLowerCase(); for(int i=0; i<szUserName.length();i++){ if(charSet.contains(String.valueOf(szUserName.charAt(i)).toLowerCase())){ szUserNameBuffer.append(szUserName.charAt(i)); } } for(int i=0; i<szDomain.length();i++){ if(charSet.contains(String.valueOf(szDomain.charAt(i)).toLowerCase())){ szDomainBuffer.append(szDomain.charAt(i)); } }
修正的方式很簡單,就是將byte與 0x0FF 進行和(&) 運算,
那麼為什麼會需要這樣的修正呢?
我們可以看看 NTLM Header 的 Schema,在 NTLM Authentication Scheme for HTT 中
有說明到
" byte is an 8-bit field; short is a 16-bit field. All fields are unsigned. Numbers are stored in little-endian order. "
以domain length 為例,表示了其是用 short 16-bit 來儲存,
並且是用 little-endian order,即後8-bit 為高位,
最後為unsigned的,也就是一定為正數,即使8-bit中的最高位為1也是一樣為正。
如果在 8-bit 中的最高位為0, byte 轉 int 是沒問題的,
但是如果最高位為1的話,直接轉就會出問題了,
例如: 144 (NTLM- unsigned 10進位)
1001 0000 (byte) 在轉成 int 時,因為 Java 看到最高位為1,誤以為是負數,且 int 為 32-bit,所以就在前面多出的24個位元補上了1,而變成
1111 1111 1111 1111 1111 1111 1001 0000 (int) ==> -112 (Java signed 10 進位)
這樣就出錯了,
很顯然,前面的24個位元應該都要為0才對,所以我們只要在對其與 0xFF進行和(&)運算,
將前面24個位元都變成0就行了。
0000 0000 0000 0000 0000 0000 1001 0000 (int) ==> 144 (NTLD unsigned 10 進位)
參考資料:
- NTLM Authentication Scheme for HTT
- NTLM Authentication in Java (此處程式碼不夠好,沒有考慮到本文錯誤取到負值的狀況)
- java中byte轉換int時為何與0xff進行與運算
- Base64
沒有留言 :
張貼留言