[jcifs] Performing Only Password Authentication against a Domain

Michael B. Allen miallen at eskimo.com
Wed Aug 28 04:18:57 EST 2002 

On Tue, 27 Aug 2002 07:59:48 -0500
"Larry S. Bartz" <lbartz at parnelli.indy.cr.irs.gov> wrote:

> Nick Newman wrote, On 08/26/2002 01:17 PM:
> 
> > Hi,
> >
> > I have a client who wants to check name/password information against 
> > an NT domain, but from within Java. The jCIFS software lets me do this 
> > indirectly by using the following scheme:
> >
> > 1) Make a share which is accessible only to that domain.
> > 2) Try to access the share with jCIFS (sending the name and password)
> > 3) Security exception means bad name/password, success means good 
> > name/password.
> >
> > My question is, is there a better way to use jCIFS - a way that does a 
> > direct check of the name/password against the domain without the trick 
> > of trying to access something? (If not, I can certainly use the above 
> > scheme - but if I can do better I'd like to).
> >
> > Thanks,
> > Nick
> 
> 
> Nick,
> 
> After this coaching by Mike
> http://lists.samba.org/pipermail/jcifs/2002-May/002146.html I 
> implemented the
> following class. It avoids the entire issue of attempting to access a 
> share. It
> just establishes a session and bails out. I had to make NTAuthenticator 
> a part
> of the jcifs.smb package so that it could leverage some private stuff.

When  0.7 is stable this is what SmbSession.logon() is for (and it may even
work  now).  I  think  the  best  way to do auth only with 0.6.5 is as Tony
described. You could even create that dummy share at a later time to adjust
access controls or block an abusive user and so on. 

> 
> 
> /* 20020514 - Larry S. Bartz - Internal Revenue Service - Indianapolis, IN
> * uses:
> * jcifs smb client library in Java
> * Copyright (C) 2001 "Michael B. Allen" <mballen at erols.com>
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License as published by
> * the Free Software Foundation; either version 2 of the License, or
> * (at your option) any later version.
> *
> * This program is distributed in the hope that it will be useful,
> * but WITHOUT ANY WARRANTY; without even the implied warranty of
> * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> * GNU General Public License for more details.
> *
> * You should have received a copy of the GNU General Public License
> * along with this program; if not, write to the Free Software
> * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
> */
> 
> package jcifs.smb;
> 
> import java.net.InetAddress;
> import jcifs.UniAddress;
> import jcifs.netbios.NbtAddress;
> import jcifs.smb.SmbTransport;
> import jcifs.smb.SmbSession;
> import jcifs.smb.SmbAuthException;
> 
> public class NTAuthenticator {
> 
> public boolean isAuthenticated(
> String logname, String domain, String passphrase ) throws Exception {
> 
> try {
> // get the domain controller
> NbtAddress a = NbtAddress.getByName( domain, 0x1c, null );
> 
> SmbTransport t = SmbTransport.getSmbTransport(
> UniAddress.getByName( a.getInetAddress().getHostName() ), 139 );
> SmbSession s = t.getSmbSession( logname, passphrase, domain );
> s.sessionSetup( null, null );
> s.logoff( false );
> t.tryClose( false );
> 
> }
> catch( SmbAuthException sae ) {
> // System.out.println( "authentication FAILURE" );
> return false;
> }
> 
> // System.out.println( "authentication SUCCESS" );
> return true;
> 
> }
> }
> 
> -- 
> --
> #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::|
> # Larry Bartz                           |                              |
> #  lsbartz at parnelli.indy.cr.irs.gov     | Ooo, ooo,                    |
> #                                       | Ooo, ooo, oooooo!            |
> #                                       | I've got a gnu attitude!     |
> #  voice (317) 226-7060                 |                              |
> #  FAX   (317) 226-6378                 |                              |
> #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::|
> 
> 
> 


-- 
A  program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes  the  potential  for it to be applied to tasks that are
conceptually  similar and more importantly to tasks that have not
yet been conceived.

More information about the jcifs mailing list