[jcifs] NtlmSsp - Closing sessions?
Bazyl, Steven
sbazyl at rsasecurity.com
Thu Dec 19 12:18:08 EST 2002
> This will not work with "thousands of users". It might work with
> 200. 1000 users would require well over 1GB of ram just to hold the
> stacks of transport threads. Even if you do not use jCIFS at
> all I would
> be surprised to see anything written in Java support more
> than a couple
> hundred concurrent users. Not without a demultiplexer (e.g.
> select(2)).
Yes, apps in Java can support (tens-of-)thousands of concurrent 'users'.
Details of that aside, isn't it just one transport thread per domain
controller regardless of the number of sessions? I just did some testing of
authenticating a small number of users and there is only 1 transport thread
as expected. Its the SmbSession objects that keep building up, however,
which is why I wanted the logoff call.
Anyway, please give yourself some credit -- JCifs actually performs pretty
well as far as just authenticating goes (at least in a single thread...I'll
try some multithreaded tests later :) Could it be faster, probably, but it
works pretty well all things considered!
> But if you just stick 'public' in front of all the methods and build a
> closed source DCE/RPC implementation I will not be happy.
The only thing I'm intersted in (as the thread subject implies) is
incorporating the NTLM authentication functionality into a product. Anyway,
it turns out that the modifications are pretty small for my needs - just
adding one method to SmbTransport:
/**
* Authenticate against a domain controller. Unlike logon(), this does
not establish
* a long-lived session for the user -- its purpose is simply to validate
the user password.
*
* @param dc Domain Controller to authenticate against
* @param auth User authentication info
* @throws SmbException if authentication fails.
**/
public static void authenticate( UniAddress dc,
NtlmPasswordAuthentication auth )
throws SmbException {
SmbSession session = null;
try {
// Don't register SmbSession with transport since we want this
to be stateless
// As for side-effects, this appears to only be an issue if the
transport thread
// is interrupted. Any other failures, such as socket
timeouts, result in
// calling the SmbTransport.tryClose() and SmbSession.logoff()
methods with the
// error flag set to true in which case the logoff is
effectively a no-op save a
// few bits of cleanup. But since we're discarding the session
anyway its
// probably no big deal.
session = new SmbSession( SmbTransport.getSmbTransport( dc, 0
), auth );
session.getSmbTree( "IPC$", null ).treeConnect( null, null );
} finally {
if( session != null ) {
// Terminate the session
session.logoff( false );
session = null;
}
}
}
Again, thanks for your assistance :)
More information about the jcifs
mailing list