package org.filesys.server.auth;

import java.net.InetAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import org.filesys.debug.Debug;
import org.filesys.debug.DebugConfigSection;
import org.filesys.server.SrvSession;
import org.filesys.server.auth.ClientInfo;
import org.filesys.server.auth.ISMBAuthenticator;
import org.filesys.server.auth.passthru.DomainMapping;
import org.filesys.server.config.InvalidConfigurationException;
import org.filesys.server.config.SecurityConfigSection;
import org.filesys.server.config.ServerConfiguration;
import org.filesys.server.config.ServerConfigurationAccessor;
import org.filesys.server.core.NoPooledMemoryException;
import org.filesys.server.core.SharedDevice;
import org.filesys.smb.DialectSelector;
import org.filesys.smb.SMBStatus;
import org.filesys.smb.server.SMBConfigSection;
import org.filesys.smb.server.SMBSrvException;
import org.filesys.smb.server.SMBSrvPacket;
import org.filesys.smb.server.SMBSrvSession;
import org.filesys.smb.server.SMBV1Parser;
import org.filesys.smb.server.VirtualCircuit;
import org.filesys.util.DataPacker;
import org.filesys.util.HexDump;
import org.filesys.util.IPAddress;
import org.springframework.extensions.config.ConfigElement;

/* loaded from: input_file:org/filesys/server/auth/SMBAuthenticator.class */
public abstract class SMBAuthenticator implements ISMBAuthenticator {
    protected static final String GUEST_USERNAME = "guest";
    private DialectSelector m_dialects;
    private boolean m_extendedSecurity;
    private boolean m_allowGuest;
    private boolean m_mapToGuest;
    protected ServerConfigurationAccessor m_config;
    private boolean m_debug;
    private int m_securityMode = 3;
    private PasswordEncryptor m_encryptor = new PasswordEncryptor();
    private ISMBAuthenticator.AuthMode m_accessMode = ISMBAuthenticator.AuthMode.USER;
    private String m_guestUserName = GUEST_USERNAME;
    protected Random m_random = new Random(System.currentTimeMillis());
    private boolean m_sessCleanup = true;

    public void setDebug(boolean z) {
        this.m_debug = z;
    }

    public void setConfig(ServerConfigurationAccessor serverConfigurationAccessor) {
        this.m_config = serverConfigurationAccessor;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public ISMBAuthenticator.ShareStatus authenticateShareConnect(ClientInfo clientInfo, SharedDevice sharedDevice, String str, SrvSession srvSession) {
        return ISMBAuthenticator.ShareStatus.WRITEABLE;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public ISMBAuthenticator.AuthStatus authenticateUser(ClientInfo clientInfo, SrvSession srvSession, ISMBAuthenticator.PasswordAlgorithm passwordAlgorithm) {
        UserAccount userDetails = getUserDetails(clientInfo.getUserName());
        if (userDetails == null) {
            return (clientInfo.isNullSession() && (srvSession instanceof SMBSrvSession)) ? ISMBAuthenticator.AuthStatus.AUTHENTICATED : allowGuest() ? ISMBAuthenticator.AuthStatus.GUEST_LOGON : ISMBAuthenticator.AuthStatus.DISALLOW;
        }
        boolean z = false;
        if (clientInfo.getPassword() != null) {
            z = validatePassword(userDetails, clientInfo, srvSession.getAuthenticationContext(), passwordAlgorithm);
        } else if (clientInfo.hasANSIPassword()) {
            z = validatePassword(userDetails, clientInfo, srvSession.getAuthenticationContext(), ISMBAuthenticator.PasswordAlgorithm.LANMAN);
        }
        return z ? ISMBAuthenticator.AuthStatus.AUTHENTICATED : ISMBAuthenticator.AuthStatus.BAD_PASSWORD;
    }

    public void initialize() throws InvalidConfigurationException {
        if (this.m_config == null) {
            throw new InvalidConfigurationException("server configuration accessor not set");
        }
        this.m_dialects = new DialectSelector();
        this.m_dialects.enableUpTo(8);
    }

    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        if (configElement.getChild(DebugConfigSection.SectionName) != null) {
            setDebug(true);
        }
        if (configElement.getChild("allowGuest") != null) {
            this.m_allowGuest = true;
        }
        setConfig(serverConfiguration);
        initialize();
    }

    protected final byte[] generateEncryptedPassword(String str, byte[] bArr, ISMBAuthenticator.PasswordAlgorithm passwordAlgorithm, String str2, String str3) {
        int i = 0;
        switch (passwordAlgorithm) {
            case LANMAN:
                i = 0;
                break;
            case NTLM1:
                i = 1;
                break;
            case NTLM2:
                i = 2;
                break;
        }
        byte[] bArr2 = null;
        try {
            bArr2 = this.m_encryptor.generateEncryptedPassword(str, bArr, i, str2, str3);
        } catch (InvalidKeyException e) {
        } catch (NoSuchAlgorithmException e2) {
        }
        return bArr2;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public final ISMBAuthenticator.AuthMode getAccessMode() {
        return this.m_accessMode;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public final boolean hasExtendedSecurity() {
        return this.m_extendedSecurity;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public AuthContext getAuthContext(SMBSrvSession sMBSrvSession) {
        AuthContext nTLanManAuthContext;
        if (sMBSrvSession.hasAuthenticationContext() && (sMBSrvSession.getAuthenticationContext() instanceof NTLanManAuthContext)) {
            nTLanManAuthContext = sMBSrvSession.getAuthenticationContext();
        } else {
            nTLanManAuthContext = new NTLanManAuthContext();
            sMBSrvSession.setAuthenticationContext(nTLanManAuthContext);
        }
        return nTLanManAuthContext;
    }

    public final DialectSelector getEnabledDialects() {
        return this.m_dialects;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public final int getSecurityMode() {
        return this.m_securityMode;
    }

    public final SMBConfigSection getSMBConfig() {
        return (SMBConfigSection) this.m_config.getConfigSection(SMBConfigSection.SectionName);
    }

    public final SecurityConfigSection getSecurityConfig() {
        return (SecurityConfigSection) this.m_config.getConfigSection(SecurityConfigSection.SectionName);
    }

    public final boolean hasDebug() {
        return this.m_debug;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public void processSessionSetup(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket) throws SMBSrvException {
        int disconnectClientSessions;
        SMBV1Parser sMBV1Parser = (SMBV1Parser) sMBSrvPacket.getParser();
        if (!sMBV1Parser.checkPacketIsValid(13, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        int parameter = sMBV1Parser.getParameter(2);
        int parameter2 = sMBV1Parser.getParameter(3);
        int parameter3 = sMBV1Parser.getParameter(4);
        int parameter4 = sMBV1Parser.getParameter(7);
        int parameter5 = sMBV1Parser.getParameter(8);
        int parameterLong = sMBV1Parser.getParameterLong(11);
        sMBV1Parser.getBuffer();
        boolean isUnicode = sMBV1Parser.isUnicode();
        byte[] unpackBytes = sMBV1Parser.unpackBytes(parameter4);
        byte[] unpackBytes2 = sMBV1Parser.unpackBytes(parameter5);
        String unpackString = sMBV1Parser.unpackString(isUnicode);
        if (unpackString == null) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        String str = "";
        if (sMBV1Parser.hasMoreData()) {
            str = sMBV1Parser.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        String str2 = "";
        if (sMBV1Parser.hasMoreData()) {
            str2 = sMBV1Parser.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
            Debug.println("[SMB] NT Session setup from user=" + unpackString + ", password=" + (unpackBytes2 != null ? HexDump.hexString(unpackBytes2) : "none") + ", ANSIpwd=" + (unpackBytes != null ? HexDump.hexString(unpackBytes) : "none") + ", domain=" + str + ", os=" + str2 + ", VC=" + parameter3 + ", maxBuf=" + parameter + ", maxMpx=" + parameter2 + ", authCtx=" + String.valueOf(sMBSrvSession.getAuthenticationContext()));
            Debug.println("[SMB]  MID=" + sMBV1Parser.getMultiplexId() + ", UID=" + sMBV1Parser.getUserId() + ", PID=" + sMBV1Parser.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter != 0 ? parameter : 65540);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo createInfo = ClientInfo.getFactory().createInfo(unpackString, unpackBytes2);
        createInfo.setANSIPassword(unpackBytes);
        createInfo.setDomain(str);
        createInfo.setOperatingSystem(str2);
        if (sMBSrvSession.hasRemoteAddress()) {
            createInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        if (unpackString.length() == 0 && str.length() == 0 && parameter5 == 0 && parameter4 == 1) {
            createInfo.setLogonType(ClientInfo.LogonType.Null);
        }
        boolean z = false;
        ISMBAuthenticator.AuthStatus authenticateUser = authenticateUser(createInfo, sMBSrvSession, ISMBAuthenticator.PasswordAlgorithm.NTLM1);
        if (authenticateUser.intValue() > 0 && authenticateUser == ISMBAuthenticator.AuthStatus.GUEST_LOGON) {
            z = true;
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                Debug.println("[SMB] User " + unpackString + ", logged on as guest");
            }
        } else {
            if (authenticateUser != ISMBAuthenticator.AuthStatus.AUTHENTICATED) {
                if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                    Debug.println("[SMB] User " + unpackString + ", access denied");
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                Debug.println("[SMB] User " + unpackString + " logged on " + (createInfo != null ? " (type " + createInfo.getLogonTypeString() + ")" : ""));
            }
        }
        VirtualCircuit virtualCircuit = new VirtualCircuit(parameter3, createInfo);
        int addVirtualCircuit = sMBSrvSession.addVirtualCircuit(virtualCircuit);
        if (addVirtualCircuit == -1) {
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                Debug.println("[SMB] Failed to allocate UID for virtual circuit, " + String.valueOf(virtualCircuit));
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
            Debug.println("[SMB] Allocated UID=" + addVirtualCircuit + " for VC=" + String.valueOf(virtualCircuit));
        }
        if (!createInfo.isNullSession()) {
            createInfo.setGuest(z);
        }
        sMBSrvSession.setLoggedOn(true);
        if (parameter3 == 0 && hasSessionCleanup() && (disconnectClientSessions = sMBSrvSession.disconnectClientSessions()) > 0 && sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
            Debug.println("[SMB] Disconnected " + disconnectClientSessions + " existing sessions from client, sess=" + String.valueOf(sMBSrvSession));
        }
        if (sMBV1Parser.hasAndXCommand()) {
            try {
                SMBSrvPacket allocatePacket = sMBSrvSession.getPacketPool().allocatePacket(sMBSrvPacket.getLength(), sMBSrvPacket);
                allocatePacket.setParser(SMBSrvPacket.Version.V1);
                sMBV1Parser = (SMBV1Parser) allocatePacket.getParser();
            } catch (NoPooledMemoryException e) {
                throw new SMBSrvException(2, 83);
            }
        }
        sMBV1Parser.setParameterCount(3);
        sMBV1Parser.setParameter(0, 0);
        sMBV1Parser.setParameter(1, 0);
        sMBV1Parser.setParameter(2, z ? 1 : 0);
        sMBV1Parser.setByteCount(0);
        sMBV1Parser.setTreeId(0);
        sMBV1Parser.setUserId(addVirtualCircuit);
        sMBV1Parser.setFlags(sMBV1Parser.getFlags() & (-9));
        int i = 1;
        if (isUnicode) {
            i = 1 + 32768;
        }
        if (!hasExtendedSecurity()) {
            i &= -2049;
        }
        sMBV1Parser.setFlags2(i);
        int byteOffset = sMBV1Parser.getByteOffset();
        byte[] buffer = sMBV1Parser.getBuffer();
        if (isUnicode) {
            byteOffset = DataPacker.wordAlign(byteOffset);
        }
        int putString = DataPacker.putString(sMBSrvSession.getSMBServer().getSMBConfiguration().getDomainName(), buffer, DataPacker.putString("Java File Server " + sMBSrvSession.getServer().isVersion(), buffer, DataPacker.putString("Java", buffer, byteOffset, true, isUnicode), true, isUnicode), true, isUnicode);
        sMBV1Parser.setByteCount(putString - sMBV1Parser.getByteOffset());
        sMBV1Parser.setParameter(1, putString - 4);
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public ISMBAuthenticator.AuthStatus processSecurityBlob(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, SecurityBlob securityBlob) throws SMBSrvException {
        return ISMBAuthenticator.AuthStatus.UNSUPPORTED;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public int getEncryptionKeyLength() {
        return 8;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public int getServerCapabilities() {
        return 49788;
    }

    public final boolean allowGuest() {
        return this.m_allowGuest;
    }

    public final String getGuestUserName() {
        return this.m_guestUserName;
    }

    public final boolean mapUnknownUserToGuest() {
        return this.m_mapToGuest;
    }

    public final void setAllowGuest(boolean z) {
        this.m_allowGuest = z;
    }

    public final void setGuestUserName(String str) {
        this.m_guestUserName = str;
    }

    public final void setMapToGuest(boolean z) {
        this.m_mapToGuest = z;
    }

    protected final void setSecurityMode(int i) {
        this.m_securityMode = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setExtendedSecurity(boolean z) {
        this.m_extendedSecurity = z;
    }

    public final boolean hasSessionCleanup() {
        return this.m_sessCleanup;
    }

    public void setSessionCleanup(boolean z) {
        this.m_sessCleanup = z;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public void closeAuthenticator() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean validatePassword(UserAccount userAccount, ClientInfo clientInfo, AuthContext authContext, ISMBAuthenticator.PasswordAlgorithm passwordAlgorithm) {
        if (authContext == null || !(authContext instanceof NTLanManAuthContext)) {
            return false;
        }
        byte[] challenge = ((NTLanManAuthContext) authContext).getChallenge();
        byte[] aNSIPassword = passwordAlgorithm == ISMBAuthenticator.PasswordAlgorithm.LANMAN ? clientInfo.getANSIPassword() : clientInfo.getPassword();
        byte[] bArr = null;
        if (!userAccount.hasMD4Password() || passwordAlgorithm == ISMBAuthenticator.PasswordAlgorithm.LANMAN) {
            bArr = generateEncryptedPassword(userAccount.getPassword() != null ? userAccount.getPassword() : "", challenge, passwordAlgorithm, clientInfo.getUserName(), clientInfo.getDomain());
        } else {
            try {
                if (passwordAlgorithm == ISMBAuthenticator.PasswordAlgorithm.NTLM1) {
                    byte[] bArr2 = new byte[21];
                    System.arraycopy(userAccount.getMD4Password(), 0, bArr2, 0, userAccount.getMD4Password().length);
                    bArr = getEncryptor().doNTLM1Encryption(bArr2, challenge);
                } else if (passwordAlgorithm == ISMBAuthenticator.PasswordAlgorithm.NTLM2) {
                    bArr = getEncryptor().doNTLM2Encryption(userAccount.getMD4Password(), clientInfo.getUserName(), clientInfo.getDomain());
                }
            } catch (InvalidKeyException e) {
            } catch (NoSuchAlgorithmException e2) {
            }
        }
        if (bArr == null || aNSIPassword == null || bArr.length != 24 || aNSIPassword.length != 24) {
            return false;
        }
        for (int i = 0; i < 24; i++) {
            if (bArr[i] != aNSIPassword[i]) {
                return false;
            }
        }
        return true;
    }

    protected final byte[] convertPassword(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        if (stringBuffer.length() > 14) {
            stringBuffer.setLength(14);
        } else {
            while (stringBuffer.length() < 14) {
                stringBuffer.append((char) 0);
            }
        }
        return stringBuffer.toString().getBytes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PasswordEncryptor getEncryptor() {
        return this.m_encryptor;
    }

    public final void setAccessMode(ISMBAuthenticator.AuthMode authMode) {
        this.m_accessMode = authMode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doGuestLogon(ClientInfo clientInfo, SrvSession srvSession) {
        clientInfo.setUserName(getGuestUserName());
        clientInfo.setGuest(true);
    }

    public final UserAccount getUserDetails(String str) {
        return getSecurityConfig().getUsersInterface().getUserAccount(str);
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public void setCurrentUser(ClientInfo clientInfo) {
    }

    protected final String mapClientAddressToDomain(InetAddress inetAddress) {
        SecurityConfigSection securityConfig = getSecurityConfig();
        if (!securityConfig.hasDomainMappings()) {
            return null;
        }
        int asInteger = IPAddress.asInteger(inetAddress);
        for (DomainMapping domainMapping : securityConfig.getDomainMappings()) {
            if (domainMapping.isMemberOfDomain(asInteger)) {
                if (hasDebug()) {
                    Debug.println("Mapped client IP " + String.valueOf(inetAddress) + " to domain " + domainMapping.getDomain());
                }
                return domainMapping.getDomain();
            }
        }
        if (!hasDebug()) {
            return null;
        }
        Debug.println("Failed to map client IP " + String.valueOf(inetAddress) + " to a domain");
        return null;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public boolean usingSPNEGO() {
        return false;
    }

    @Override // org.filesys.server.auth.ISMBAuthenticator
    public byte[] getNegTokenInit() {
        return null;
    }

    public String toString() {
        return getClass().getName() + ", mode=" + getAccessMode().name();
    }
}
