[jcifs] zero termination not found exception
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Thu Aug 22 11:43:22 EST 2002
We really appreciate your help in tracking down this corrupted buffer issue.
Anyway. Using list() is not a good technique for authenticating users. Especially since
you're listing 48 shares which appears to take several seconds. The easy way to do
this without modifying jCIFS code is:
try {
(new SmbFile( "smb://" + dom + ";" + user + ":" + pass "@" + server + "/dummy" )).exists();
} catch( SmbAuthException sae ) {
System.out.println( "Authentication failed: " + sae.getMessage() );
}
The trick here is that even though the share "dummy" doesn't really exist the protocol requires
that the user authenticate themselves before they can even check. It's also important to create
a new SmbFile each time or the attrExpirationPeriod may circumvent checks other than the first.
The new SmbSession class (actually it's not new but it wasn't public before) addresses this
problem. See the 0.7.0b2 API documentation.
The *real* way to do this is with the NETLOGON DCE/RPC call but that's far off.
> -----Original Message-----
> From: Pope, Tony [SMTP:Tony.Pope at divine.com]
> Sent: Wednesday, August 21, 2002 9:49 AM
> To: Allen, Michael B (RSCH)
> Subject: RE: [jcifs] zero termination not found exception
>
> On a different note Michael, maybe it would help if I told you exactly what I am trying to do, as well as try to help track down the bug:
>
> what I really want to accomplish is writing an extremely simple method that will take a user's
> name and password, hit an NT domain controller, and ask if those credentials match an actual user.
>
> We have a system that manages user accounts and has its own built in authentication scheme, but we offer the alternative of using NT based authentication. The actual authenticating is done via an
> authentication server written in C that uses pam_smb. The server that actually allows users to create an account with the system, however, is written in java. If the user says that they want to
> create an account but use their current NT login and password, then they simply enter those and our server does a validation that the domain, login, and password entered really does exist. Not that
> it really matters security wise, since they can't get past our auth server if they had an account with bogus information, but I don't want to have a slew of junk accounts laying around in the
> system.
>
> And so I am using the list() method, since it is the only one that seems to actually check the password of the user to see if they have permission to do a listing. Just creating the file and
> calling "exists()" will return true regardless of the password provided.
>
> If you have any suggestions, let me know. Again, thanks for the help. Despite being new to this stuff, I will start learning more about cifs and begin digging into the source: least I can do is
> contribute a bug fix.
>
>
> Tony
>
> -----Original Message-----
> From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> Sent: Tue 8/20/2002 11:18 PM
> To: Pope, Tony
> Cc:
> Subject: RE: [jcifs] zero termination not found exception
>
>
>
> Well, I'm pretty stumped Tony. I've been going over your traces all night and I
> can't reproduce the issue. I can see the last message being sent and a valid
> response being received (the string *does* have zero term). The only thing I can
> think of is that there is a synchronization issue and a buffer is getting used when
> it should not be. Another use once complained of a "deadlock" when listing
> shares. So there's a bug in there but if I cannot reproduce it we're SOL.
>
> I have prepared a jar that just prints a hexdump of the entire buffer from where
> the string is trying to be decoded when that RuntimeException is thrown.
>
> http://users.erols.com/mballen/jcifs-0.6.5NoZero.jar
>
> If you could provide traces of this it might be insightful. Otherwise I need a
> minimalistic program to reproduce the issue. I have attached a very simple
> program that should do essentially the same thing (you have to put in your
> user/pass/dom/server address's in there). Perhaps you can isolate this
> further? I think the reason this happends with one server and not the other is
> because the errant one has 48 shares whereas the other has much fewer (like
> 10). From the traces it looks like this takes serveral seconds (~3) for the 48
> shares to be listed. This is creating an unusual timing scenario for the second
> user session the response of which is creating the error.
>
> <<Test.java>>
>
> > -----Original Message-----
> > From: Pope, Tony [SMTP:Tony.Pope at divine.com]
> > Sent: Tuesday, August 20, 2002 7:15 PM
> > To: Allen, Michael B (RSCH)
> > Subject: RE: [jcifs] zero termination not found exception
> >
> >
> >
> > Hi Michael,
> >
> > Attached is the output from the jcifs logging, as well as the ethereal output file.
> >
> > I can't hit 175.54.32.578, so I am not sure whether it would succeed.
> >
> >
> > I have also attached a version 2 of each of the files. This is hitting a different domain controller, and I am not
> > seeing the error. Is this perhaps an encoding issue?
> >
> >
> >
> > Thanks for taking your time, I truly appreciate it.
> >
> > Tony Pope
> > tony.pope at divine.com
> >
> >
> > -----Original Message-----
> > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > Sent: Tue 8/20/2002 5:27 PM
> > To: Pope, Tony; jcifs at lists.samba.org
> > Cc:
> > Subject: RE: [jcifs] zero termination not found exception
> >
> >
> >
> > Tony,
> >
> > I need to be able to reproduce the issue or there's nothing I can do. Can you use the -
> > log=ALL option and send me the output of the errant condition. If you had a Netmon or
> > Ethereal packet capture to go with this, that would be ideal. Also, does the below code
> > exhibit the error?
> >
> > import jcifs.smb.*;
> >
> > public class Test {
> >
> > private void authenticate(String nme, String pwd, String dnme, String controller) {
> > try {
> > String url = "smb://" + dnme + ";" + nme + ":"+pwd+"@"+controller;
> > SmbFile file = new SmbFile(url);
> > file.list();
> > } catch(Exception e){
> > e.printStackTrace();
> > }
> > }
> > public static void main( String argv[] ) throws Exception {
> > Test t = new Test();
> > t.authenticate( "user1", "pass1", "dom1", "175.54.32.578" );
> > t.authenticate( "user2", "pass2", "dom2", "175.54.32.578" );
> > }
> > }
> >
> > > -----Original Message-----
> > > From: Tony Pope [SMTP:tony.pope at divine.com]
> > > Sent: Tuesday, August 20, 2002 5:52 PM
> > > To: jcifs at lists.samba.org
> > > Subject: [jcifs] zero termination not found exception
> > >
> > >
> > > I am running a simple example against a 2000 domain controller. When I execute this call, one right after another, with two DIFFERENT
> > > sets of credentials, I get the following exception (it works just fine when I use the same credentials over and over again):
> > >
> > >
> > > the code:
> > >
> > > private void authenticate(String nme, String pwd, String dnme, String controller) {
> > > try{
> > > String url = "smb://" + dnme + ";" + nme + ":"+pwd+"@"+controller;
> > > SmbFile file = new SmbFile(url);
> > > file.list();
> > >
> > >
> > > }catch(Exception e){
> > > e.printStackTrace();
> > > }
> > > }
> > >
> > >
> > >
> > >
> > >
> > > the exception:
> > >
> > > java.lang.RuntimeException: zero termination not found
> > >
> > > at jcifs.smb.ServerMessageBlock.readString(ServerMessageBlock.java:283)
> > >
> > > at jcifs.smb.SmbComSessionSetupAndXResponse.readBytesWireFormat(SmbComSessionSetupAndXResponse.java:52)
> > >
> > > at jcifs.smb.AndXServerMessageBlock.readAndXWireFormat(AndXServerMessageBlock.java:256)
> > >
> > > at jcifs.smb.AndXServerMessageBlock.readWireFormat(AndXServerMessageBlock.java:94)
> > >
> > > at jcifs.smb.SmbTransport.run(SmbTransport.java:373)
> > >
> > > at java.lang.Thread.run(Thread.java:484)
> > >
> > > 20020820T154747 ERROR main Timeout waiting for response from server. <name of my server>
> > > jcifs.smb.SmbException: Timeout waiting for response from server. <name of server>/<ip of server>
> > > ....
> > > .....
> > > ....
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Am I missing something trivial here?
> > >
> > > Thank you for the help,
> > >
> > >
> > > Tony Pope
> > > tony.pope at divine.com <mailto:tony.pope at divine.com>
> >
> >
> > << File: smb.out >> << File: jcifs_log.txt >> << File: smb_success.out >> << File: jcifs_log_success.txt >>
>
>
More information about the jcifs
mailing list