AnsweredAssumed Answered

Alfresco JLan SMB/CIFS Custom Authenticator error

Question asked by sfigueras on Jun 4, 2013
Latest reply on Jun 4, 2013 by sfigueras
Hi everyone,

I'm creating an custom authenticator to my Alfresco JLan authenticate into one specific Database.

Here's my jlanConfig.xml:

<?xml version="1.0" standalone="no"?>
<!– <!DOCTYPE jlanserver SYSTEM "jlanserver.dtd"> –>

<jlanserver>
  <servers>
    <SMB/>
    <noFTP/>
    <noNFS/>
  </servers>

  <SMB>
    <host name="NUAGESERVER" domain="NUAGE">
      <broadcast>255.255.255.0</broadcast>
      <smbdialects>LanMan,NT</smbdialects>
      <comment>Alfresco JLAN Server</comment>

      <Win32NetBIOS/>
      <Win32Announce interval="5"/>

      <!– To run the server using a non-root account on linux, Mac OS X, Solaris –>

        <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,macosx,solaris"/>
      <tcpipSMB port="1445" platforms="linux,macosx,solaris"/>


      <hostAnnounce interval="5"/>
    </host>
    <sessionDebug flags="Negotiate,Socket,Tree"/>
    <netbiosDebug/>
   <announceDebug/>

        <authenticator>
            <class>com.ye.nuage.auth.NuageAuthenticator</class>
      <Debug/>
        </authenticator>

  </SMB>

  <FTP>
    <port>21</port>
    <allowAnonymous/>
    <debug flags="File,Search,Error,DataPort,Directory"/>
  </FTP>

  <NFS>
    <enablePortMapper/>
    <debug flags="File,FileIO"/>
  </NFS>

  <debug>
    <output>
      <class>org.alfresco.jlan.debug.ConsoleDebug</class>
      <logFile>jlansrv.log</logFile>
      <append/>
    </output>
  </debug>

  <shares>
    <diskshare name="JLAN" comment="Test share">
      <driver>
        <class>org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver</class>
        <LocalPath>.</LocalPath>
      </driver>
    </diskshare>
  </shares>    

  <security>
    <JCEProvider>cryptix.jce.provider.CryptixCrypto</JCEProvider>
    <authenticator>
      <class>com.ye.nuage.auth.NuageAuthenticator</class>
      <mode>USER</mode>
    </authenticator>

    <users>
      <user name="jlansrv">
        <password>jlan</password>
        <comment>System administrator</comment>
        <administrator/>
      </user>
      <user name="normal">
        <password>normal</password>
      </user>
    </users>
  </security>
</jlanserver>


My NuageAuthenticator is a copy of CifsAuthenticator, excepts those methods:

Override
public int authenticateUser(ClientInfo client, SrvSession sess, int alg) {

    // Check if the user exists in the user list
    UserAccount userAcc = null;
    try {
        userAcc = getNuageUserDetails(client.getUserName());
    } catch (YeException e) {
        e.printStackTrace();
    }
    if (userAcc != null) {

        // Validate the password

        boolean authSts = false;

        if (client.getPassword() != null) {

            // Validate using the Unicode password

            authSts = validateNuagePassword(userAcc, client, sess.getAuthenticationContext(), alg);
        } else if (client.hasANSIPassword()) {

            // Validate using the ANSI password with the LanMan encryption

            authSts = validateNuagePassword(userAcc, client, sess.getAuthenticationContext(), LANMAN);
        }

        // Return the authentication status

        return authSts == true ? AUTH_ALLOW : AUTH_BADPASSWORD;
    }

    // Check if this is an SMB/CIFS null session logon.
    //
    // The null session will only be allowed to connect to the IPC$ named
    // pipe share.

    if (client.isNullSession() && sess instanceof SMBSrvSession)
        return AUTH_ALLOW;

    // Unknown user

    return allowGuest() ? AUTH_GUEST : AUTH_DISALLOW;
}

private UserAccount getNuageUserDetails(String userName) throws YeException {
    if (context == null) {
        context = new ClassPathXmlApplicationContext("/applicationContext-nuage.xml");
    }
    userRepository = context.getBean(UserRepository.class);
    User u = userRepository.findByUserLogin(userName); // Search the user into my repository
    if (u != null) {
        UserAccount ua = new UserAccount();
        ua.setMD4Password(u.getUserMd4Password().getBytes());
        ua.setUserName(userName);
        ua.setRealName(u.getUserFirstName() + " " + u.getUserLastName());
        return ua;
    }
    return null;
}


But when I try to login, I receive the following error when I'm calling the validatePassword method.

 
  [T2] Closing session due to exception
java.lang.ArrayIndexOutOfBoundsException
    at java.lang.System.arraycopy(Native Method)
    at com.ye.nuage.auth.NuageAuthenticator.validatePassword(NuageAuthenticator.java:123)
    at com.ye.nuage.auth.NuageAuthenticator.authenticateUser(NuageAuthenticator.java:60)
    at org.alfresco.jlan.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:572)
    at org.alfresco.jlan.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:396)
    at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:213)
    at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1439)
    at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:104)
    at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:141)
    at java.lang.Thread.run(Thread.java:722)
java.lang.ArrayIndexOutOfBoundsException
    at java.lang.System.arraycopy(Native Method)
    at com.ye.nuage.auth.NuageAuthenticator.validatePassword(NuageAuthenticator.java:123)
    at com.ye.nuage.auth.NuageAuthenticator.authenticateUser(NuageAuthenticator.java:60)
    at org.alfresco.jlan.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:572)
    at org.alfresco.jlan.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:396)
    at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:213)
    at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1439)
    at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:104)
    at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:141)
    at java.lang.Thread.run(Thread.java:722)

Here's a method snip:


if (user.hasMD4Password() && alg != LANMAN) {

            try {

                // Generate the encrpyted password

                if (alg == NTLM1) {

                    // Get the MD4 hashed password

                    byte[] p21 = new byte[21];
                    System.arraycopy(user.getMD4Password(), 0, p21, 0, user.getMD4Password().length); **//THE ERROR OCCURS HERE!**

                    // Generate an NTLMv1 encrypted password

The error occurs here:


System.arraycopy(user.getMD4Password(), 0, p21, 0, user.getMD4Password().length);


But the question is very simple: Why this error occurs? Some mismatch between the MD4 hashes? Is that possible?

Outcomes