[jcifs] Various and sundry jCIFS patches
eglass1 at comcast.net
eglass1 at comcast.net
Fri Jul 4 06:50:55 EST 2003
Mike/Chris/All,
Attached are various updates stemming from the NTLM research I have been doing
lately (it looks to be about 16K, so I'm going to take a chance that it will
make it out to the list...)
This includes:
* Additions and updated documentation on the NTLM flags.
* Fix to NtlmSsp to only provide the target when requested by the client via
the NTLM "request target" flag (this is the correct behavior).
* Bugfix to NtlmSsp to do Base64.encodeBytes(bytes, false) instead of
Base64.encodeBytes(bytes) (a linewrap in the header can cause an error).
* Patch to SmbComSessionSetupAndX/SmbComTreeConnectAndX to allow variable-
length LM/NTLM responses.
and the big one,
* Support for NTLMv2 authentication.
Most of these are one-or-two-line changes, except the last one.
This adds a "jcifs.smb.lmCompatibility" property to enable NTLMv2, which mimics
the Windows LMCompatibilityLevel registry setting:
0,1: Send LM/NTLM responses (this is the default)
2: Send only NTLM response
3,4,5: Send LMv2/NTLMv2 responses
Actually, this really only sends LMv2; there are issues involving cross-domain
authentication with NTLMv2 which made it infeasible to implement properly
without doing significant overhauls and guesswork for minimal benefit (the code
for NTLMv2 is in there, but commented out since it won't work across domains
right now). The servlet/filter will accept both the LMv2 and NTLMv2 responses
from the browser, but only send the LMv2 in the SMB session setup request.
Similarly, the NtlmHttpURLConnection only sends the LMv2 in the Type 3 message.
To enable LMv2 in the filter, you would just add:
<init-param>
<param-name>jcifs.smb.lmCompatibility</param-name>
<param-value>3</param-value>
</init-param>
Likewise, enabling LMv2 for SmbFile/NtlmHttpURLConnection just involves
specifying:
-Djcifs.smb.lmCompatibility=3
I have also finished the NTLM documentation at
http://davenport.sourceforge.net/ntlm.html
(or as finished as it's going to get for awhile). I was hoping it could be
linked/copied to the jCIFS page as a reference.
I'm going to be in and out of vacations for about the next 5 weeks, but I'll
try to keep reasonably in touch. I'm going to dig into the Davenport stuff and
see about getting WebDAV locks implemented; I might not be able to really focus
on it until things wind down a bit, though.
On a side note, have either of you guys looked into setting up a Sourceforge
project for jCIFS? I've been pretty happy with using it for Davenport, so I
figured I'd bring it up.
Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/x-tar
Size: 15608 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030703/536dc477/attachment.tar
More information about the jcifs
mailing list