[jcifs] A bunch of NTLM stuff
Michael B. Allen
miallen at eskimo.com
Thu Oct 10 03:21:54 EST 2002
On Wed, 9 Oct 2002 03:50:04 -0400
"Glass, Eric" <eric.glass at capitalone.com> wrote:
> > -----Original Message-----
> >
> > Thanks for this code. It was thought provoking. I have
> > converted to the
> > stateless approach and it does seem more correct.
> >
> > Note however that your code will choke after soTimeout
> > because the same
> > NtlmPasswordAuthentication object is being used by
> > SmbSession and you
> > create new ones. My old code updated the hashes in-place
> > so SmbSession's
> > pointer didn't need to be updated. Regardless, I've
> > changed the
> > SmbTransport.getSmbSession() method to assign
> > the new
> > NtlmPasswordAuthentication object to the SmbSession so that
> > this will not
> > happing in my code or yours (post 0.7.0b3).
> >
>
> Thanks for the heads up. I haven't come across this as of yet, but this
> will probably save me some hair-pulling at some point. When would this
> occur? I've set the soTimeout to 10 minutes -- would I see the issue
> globally after that time? How would this manifest itself?
After 10 minutes the transport will be dropped invalidating the 8 byte
challenge in the NtlmPasswordAuthentication object held by SmbSession. In
my original code, when reconnecting the password hashes could be updated in
place because it was in the NtlmPasswordAuthentication object held by
SmbSession held by NtlmHttpSession. You create a *new*
NtlmHttpAuthentication object which means the new challenge cannot be
known. The fix is to set the new NtlmHttpAuthentication object when you
dole out new SmbSessions in SmbTransport.getSmbSession().
>
> > Also, note that the "domain" in the type-1-message is the
> > workgroup and not
> > the authentication domain. Frequently they are the same but
> > not always. In
> > my code, I do not even bother to use this field as a
> > fallback domain and
> > instead just require a domainController property. The real
> > authentication
> > domain is in the type-3-message.
> >
>
> Good to know. Thanks again!
>
> **************************************************************************
> The information transmitted herewith is sensitive information intended only
> for use by the individual or entity to which it is addressed. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any review, retransmission, dissemination, distribution, copying or other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.
--
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and, more important, to tasks that have not
yet been conceived.
More information about the jcifs
mailing list