[jcifs] RE: jcifs digest, Vol 1 #509 - 6 msgs

Sujit Jagdev sujit.jagdev at casero.com
Thu Oct 17 23:47:21 EST 2002


Is there anyway to get Jcifs to scan the network on the local interface.
Would setting the jcifs.client.laddr variable work.
I am not sure if that is what it does.
Sujit

-----Original Message-----
From: jcifs-request at lists.samba.org
[mailto:jcifs-request at lists.samba.org] 
Sent: Thursday, October 17, 2002 5:03 AM
To: jcifs at lists.samba.org
Subject: jcifs digest, Vol 1 #509 - 6 msgs

Send jcifs mailing list submissions to
	jcifs at lists.samba.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.samba.org/listinfo/jcifs
or, via email, send a message with subject or body 'help' to
	jcifs-request at lists.samba.org

You can reach the person managing the list at
	jcifs-admin at lists.samba.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of jcifs digest..."


Today's Topics:

   1. RE: Alternative to jcifs.http.NtlmHttpFilter (Allen, Michael B
(RSCH))
   2. jcifs-0.7.0b4 released (Allen, Michael B (RSCH))
   3. RE: Alternative to jcifs.http.NtlmHttpFilter (Allen, Michael B
(RSCH))
   4. Re: jcifs-0.7.0b4 released (Christopher R. Hertel)
   5. RE: jcifs-0.7.0b4 released (Glass, Eric)
   6. RE: Alternative to jcifs.http.NtlmHttpFilter (Glass, Eric)

--__--__--

Message: 1
From: "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
To: "'Michael Piscatello'" <mpiscatello at directvinternet.com>,
	jcifs at lists.samba.org
Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
Date: Wed, 16 Oct 2002 19:34:00 -0400



> -----Original Message-----
> From:	Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> Sent:	Wednesday, October 16, 2002 8:21 AM
> To:	Allen, Michael B (RSCH); jcifs at lists.samba.org
> Subject:	Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> 
> Mike,
> 
> Thanks! RSN? I did try to adapt it, but it does not bring up the NTLM
> challenge box. It returns, null and then after refreshing, brings back
the
> credentials, But I need the pop-up. Here is my code.
> 
	I'm going to release new code Real Soon Now (RSN). Look at the
NtlmSsp
	class and how the Filter and NetworkExplorer use it. At some
point you
	will have to look at the NTLM SSP documentation (see end of
	http://jcifs.samba.org/src/docs/ntlmhttpauth.html) and
understand
	theprocess and probably look at packet traces to be sure it's
doing the right
	thing though.

> Thanks,
> 
> 
> Mike
> 
> 
> import java.io.IOException;
> import java.io.PrintWriter;
> 
> import javax.servlet.ServletContext;
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> import jcifs.UniAddress;
> import jcifs.netbios.NbtAddress;
> import jcifs.smb.SmbSession;
> import jcifs.util.Base64;
> import jcifs.http.NtlmHttpSession;
> 
> public class jcifstest extends HttpServlet {
> 
>     public void doPost(
>         javax.servlet.http.HttpServletRequest request,
>         javax.servlet.http.HttpServletResponse response)
>         throws javax.servlet.ServletException, java.io.IOException {
> 
>         PrintWriter out = response.getWriter();
>         ServletContext context = getServletContext();
>         String domainController = "192.168.1.102";
>         String domain = "HOMEDOM";
>         boolean debug = true;
>         HttpServletRequest req;
>         HttpServletResponse resp;
>         HttpSession ssn;
>         NtlmHttpSession ntlm;
>         String msg;
>         byte[] src;
> 
>         try {
>             req = (HttpServletRequest) request;
>             resp = (HttpServletResponse) response;
> 
>             ssn = req.getSession(); /* Retrive the NTLM session
>             */
>             ntlm = (NtlmHttpSession)
ssn.getAttribute("NtlmHttpSession");
>             msg = req.getHeader("Authorization");
> 
>             if (msg == null || msg.startsWith("NTLM ") == false) {
>                 resp.reset();
>                 resp.setContentLength(0);
>                 resp.setHeader("WWW-Authenticate", "NTLM");
>                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>                 resp.flushBuffer();
>                 return;
>             }
> 
>             src = Base64.decode(msg.substring(5));
> 
>             if (src[8] == 1) {
>                 String svr;
>                 byte[] dst = new byte[40];
> 
>                 ntlm = new NtlmHttpSession();
>                 /* Message 1
>                  */
>                 ntlm.decodeType1Message(src);
>                 ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> 
>                 /* If a "Domain Contoller" IP was not specified try
and
> lookup
>                  * a real domain controller using
jcifs.smb.client.domain
>                  */
>                 if ((svr = domainController) == null) {
>                     svr = domain != null ? domain : ntlm.domain;
>                     svr = NbtAddress.getByName(svr, 0x1c,
> null).getHostAddress();
>                 }
> 
>                 ntlm.domainController = UniAddress.getByName(svr);
>                 ntlm.challenge =
> SmbSession.getChallenge(ntlm.domainController);
> 
>                 /* Message 2
>                  */
>                 msg = Base64.encodeBytes(dst, 0,
> ntlm.encodeType2Message(dst));
> 
>                 /* Save NTLM session in HTTP session
>                  */
>                 ssn.setAttribute("NtlmHttpSession", ntlm);
> 
>                 resp.reset();
>                 resp.setContentLength(0);
>                 resp.setHeader("WWW-Authenticate", "NTLM " + msg);
>                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>                 resp.flushBuffer();
>                 return;
>             } else
>                 if (src[8] == 3) { /* Message 3
>                 */
>                    
> ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
>                 } else {
>                     throw new ServletException("NTLM HTTP
Authentication
> message invalid");
>                 }
> 
>             SmbSession.logon(ntlm.domainController, ntlm.auth);
> 
>             ssn.setAttribute("ntlmdomain", ntlm.domain);
>             ssn.setAttribute("ntlmuser", ntlm.user);
>             ssn.setAttribute("ntlmhost", ntlm.host);
> 
>             if (debug) {
>                 context.log(
>                     "NTLM HTTP Autentication successfull: "
>                         + ntlm.domain
>                         + "\\"
>                         + ntlm.user
>                         + "@"
>                         + ntlm.host);
>             }
>             out.print("ntdomain: " + ssn.getAttribute("ntlmdomain"));
>         } catch (Exception e) {
>             out.print("An Error has occured: " + e.getMessage());
>         }
> 
>     }
> 
>     public void doGet(
>         javax.servlet.http.HttpServletRequest request,
>         javax.servlet.http.HttpServletResponse response)
>         throws javax.servlet.ServletException, java.io.IOException {
>         doPost(request, response);
>     }
> 
> }
> 
> On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
<Michael_B_Allen at ml.com>
> wrote:
> 
> > The code is pretty simple. I don't think it would be hard to adapt
it.
> > Actually
> > the current code is somewhat flawed and more complicated than it
needs to
> > be. The 0.7.0b4 package will be released RSN. Look at that.
> > 
> >> -----Original Message-----
> >> From:    Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> >> Sent:    Tuesday, October 15, 2002 9:53 PM
> >> To:    jcifs at lists.samba.org
> >> Subject:    [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >> 
> >> Help! I need the functionality of the NtlmHttpFilter but I am stuck
with a
> >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> >> functionality of the NtlmHttpFilter in a servlet?
> >> 
> >> Thanks
> >> 
> >> Mike
> >> 
> > 
> > 
> 


--__--__--

Message: 2
From: "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
To: "'jcifs at samba.org'" <jcifs at samba.org>
Date: Thu, 17 Oct 2002 01:10:57 -0400
Subject: [jcifs] jcifs-0.7.0b4 released

Packages can be had here:

  http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
  http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
  http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
  http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip

I'm on the run so I will not have time to prepare the distribution per
normal until ~Tuesday. 
Please give it a whirl while I'm gone.


--__--__--

Message: 3
From: "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
To: "'Michael Piscatello'" <mpiscatello at directvinternet.com>,
	jcifs at lists.samba.org
Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
Date: Thu, 17 Oct 2002 01:27:08 -0400

I just noticed you said "pop-up". Do you mean the authentication dialog?
NTLM
SSP negotiates user password hashes on the fly. There's no need for a
dialog.

Not sure why you would want the dialog to come up but just in case, you
can get it
to come up if send "401 Unauthorized / WWW-Authenticate: NTLM" again
*after you
have already negotiated password hashes once*. But you'll have to read
about how
NTLM HTTP Authentication actually works before you get that far. Read
the end of this:
http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.

> -----Original Message-----
> From:	Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> Sent:	Wednesday, October 16, 2002 8:21 AM
> To:	Allen, Michael B (RSCH); jcifs at lists.samba.org
> Subject:	Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> 
> Mike,
> 
> Thanks! RSN? I did try to adapt it, but it does not bring up the NTLM
> challenge box. It returns, null and then after refreshing, brings back
the
> credentials, But I need the pop-up. Here is my code.
> 
> Thanks,
> 
> 
> Mike
> 
> 
> import java.io.IOException;
> import java.io.PrintWriter;
> 
> import javax.servlet.ServletContext;
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> import jcifs.UniAddress;
> import jcifs.netbios.NbtAddress;
> import jcifs.smb.SmbSession;
> import jcifs.util.Base64;
> import jcifs.http.NtlmHttpSession;
> 
> public class jcifstest extends HttpServlet {
> 
>     public void doPost(
>         javax.servlet.http.HttpServletRequest request,
>         javax.servlet.http.HttpServletResponse response)
>         throws javax.servlet.ServletException, java.io.IOException {
> 
>         PrintWriter out = response.getWriter();
>         ServletContext context = getServletContext();
>         String domainController = "192.168.1.102";
>         String domain = "HOMEDOM";
>         boolean debug = true;
>         HttpServletRequest req;
>         HttpServletResponse resp;
>         HttpSession ssn;
>         NtlmHttpSession ntlm;
>         String msg;
>         byte[] src;
> 
>         try {
>             req = (HttpServletRequest) request;
>             resp = (HttpServletResponse) response;
> 
>             ssn = req.getSession(); /* Retrive the NTLM session
>             */
>             ntlm = (NtlmHttpSession)
ssn.getAttribute("NtlmHttpSession");
>             msg = req.getHeader("Authorization");
> 
>             if (msg == null || msg.startsWith("NTLM ") == false) {
>                 resp.reset();
>                 resp.setContentLength(0);
>                 resp.setHeader("WWW-Authenticate", "NTLM");
>                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>                 resp.flushBuffer();
>                 return;
>             }
> 
>             src = Base64.decode(msg.substring(5));
> 
>             if (src[8] == 1) {
>                 String svr;
>                 byte[] dst = new byte[40];
> 
>                 ntlm = new NtlmHttpSession();
>                 /* Message 1
>                  */
>                 ntlm.decodeType1Message(src);
>                 ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> 
>                 /* If a "Domain Contoller" IP was not specified try
and
> lookup
>                  * a real domain controller using
jcifs.smb.client.domain
>                  */
>                 if ((svr = domainController) == null) {
>                     svr = domain != null ? domain : ntlm.domain;
>                     svr = NbtAddress.getByName(svr, 0x1c,
> null).getHostAddress();
>                 }
> 
>                 ntlm.domainController = UniAddress.getByName(svr);
>                 ntlm.challenge =
> SmbSession.getChallenge(ntlm.domainController);
> 
>                 /* Message 2
>                  */
>                 msg = Base64.encodeBytes(dst, 0,
> ntlm.encodeType2Message(dst));
> 
>                 /* Save NTLM session in HTTP session
>                  */
>                 ssn.setAttribute("NtlmHttpSession", ntlm);
> 
>                 resp.reset();
>                 resp.setContentLength(0);
>                 resp.setHeader("WWW-Authenticate", "NTLM " + msg);
>                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>                 resp.flushBuffer();
>                 return;
>             } else
>                 if (src[8] == 3) { /* Message 3
>                 */
>                    
> ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
>                 } else {
>                     throw new ServletException("NTLM HTTP
Authentication
> message invalid");
>                 }
> 
>             SmbSession.logon(ntlm.domainController, ntlm.auth);
> 
>             ssn.setAttribute("ntlmdomain", ntlm.domain);
>             ssn.setAttribute("ntlmuser", ntlm.user);
>             ssn.setAttribute("ntlmhost", ntlm.host);
> 
>             if (debug) {
>                 context.log(
>                     "NTLM HTTP Autentication successfull: "
>                         + ntlm.domain
>                         + "\\"
>                         + ntlm.user
>                         + "@"
>                         + ntlm.host);
>             }
>             out.print("ntdomain: " + ssn.getAttribute("ntlmdomain"));
>         } catch (Exception e) {
>             out.print("An Error has occured: " + e.getMessage());
>         }
> 
>     }
> 
>     public void doGet(
>         javax.servlet.http.HttpServletRequest request,
>         javax.servlet.http.HttpServletResponse response)
>         throws javax.servlet.ServletException, java.io.IOException {
>         doPost(request, response);
>     }
> 
> }
> 
> On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
<Michael_B_Allen at ml.com>
> wrote:
> 
> > The code is pretty simple. I don't think it would be hard to adapt
it.
> > Actually
> > the current code is somewhat flawed and more complicated than it
needs to
> > be. The 0.7.0b4 package will be released RSN. Look at that.
> > 
> >> -----Original Message-----
> >> From:    Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> >> Sent:    Tuesday, October 15, 2002 9:53 PM
> >> To:    jcifs at lists.samba.org
> >> Subject:    [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >> 
> >> Help! I need the functionality of the NtlmHttpFilter but I am stuck
with a
> >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> >> functionality of the NtlmHttpFilter in a servlet?
> >> 
> >> Thanks
> >> 
> >> Mike
> >> 
> > 
> > 
> 


--__--__--

Message: 4
Date: Thu, 17 Oct 2002 00:43:52 -0500
From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
To: jcifs at samba.org
Subject: Re: [jcifs] jcifs-0.7.0b4 released

I assume that the biggest changes are in the NTLM auth stuff, though it 
also makes sense to excersize the SMB URL handling.

Have fun everyone.

Chris -)-----

On Thu, Oct 17, 2002 at 01:10:57AM -0400, Allen, Michael B (RSCH) wrote:
> Packages can be had here:
> 
>   http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
>   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
>   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
>   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
> 
> I'm on the run so I will not have time to prepare the distribution per
> normal until ~Tuesday. 
> Please give it a whirl while I'm gone.
> 

-- 
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development,
uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

--__--__--

Message: 5
From: "Glass, Eric" <eric.glass at capitalone.com>
To: "'jcifs at lists.samba.org'" <jcifs at lists.samba.org>
Cc: "'Allen, Michael B (RSCH)'" <Michael_B_Allen at ml.com>
Subject: RE: [jcifs] jcifs-0.7.0b4 released
Date: Thu, 17 Oct 2002 04:47:57 -0400

The NTLM filter in the below doesn't work; the following changes will
fix
it:

a) In "NtlmHttpFilter.java", line 90:

      resp.setHeader( "Connection", "closed" );

   should be

      resp.setHeader( "Connection", "close" );

b) In "NtlmSsp.java", line 108:

      resp.setHeader( "Connection", "close" );

   should be

      resp.setHeader( "Connection", "Keep-Alive" );
      resp.setContentLength(0);


That being said, I haven't seen any issues with the new stuff.

> -----Original Message-----
> From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> Sent: Thursday, October 17, 2002 1:11 AM
> To: 'jcifs at samba.org'
> Subject: [jcifs] jcifs-0.7.0b4 released
> 
> 
> Packages can be had here:
> 
>   http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
>   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
>   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
>   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
> 
> I'm on the run so I will not have time to prepare the 
> distribution per normal until ~Tuesday. 
> Please give it a whirl while I'm gone.
> 
 
************************************************************************
**
The information transmitted herewith is sensitive information intended
only
for use by the individual or entity to which it is addressed. If the
reader
of this message is not the intended recipient, you are hereby notified
that
any review, retransmission, dissemination, distribution, copying or
other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.

--__--__--

Message: 6
From: "Glass, Eric" <eric.glass at capitalone.com>
To: jcifs at lists.samba.org
Cc: "'melbaird at hotmail.com'" <melbaird at hotmail.com>,
	"'Allen, Michael B (RSCH)'" <Michael_B_Allen at ml.com>,
	'Michael Piscatello' <mpiscatello at directvinternet.com>
Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
Date: Thu, 17 Oct 2002 05:00:29 -0400

This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C275BB.A46A9DE0
Content-Type: text/plain;
	charset="iso-8859-1"

Attached is a servlet which uses the 0.7.0b4 NTLM stuff to do
authentication
-- this should work in pre-2.3 Servlet environments.  It only overrides
the
"service" method, so if you are just implementing doGet, doPost, etc. it
should be a drop in replacement for HttpServlet;  i.e., you can just
change:

public class MyServlet extends HttpServlet

    to:

public class MyServlet extends NtlmServlet

and be up and going.  You would set all the jcifs.* parameters (domain
controller, etc.) via the servlet's initparameters (similar to the
filter
configuration in 2.3+ environments).

See also the notes just posted to the list regarding 0.7.0b4.  If you
don't
subscribe to the list the message in question is here:
http://lists.samba.org/pipermail/jcifs/2002-October/002693.html

> -----Original Message-----
> From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> Sent: Thursday, October 17, 2002 1:27 AM
> To: 'Michael Piscatello'; jcifs at lists.samba.org
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> 
> 
> I just noticed you said "pop-up". Do you mean the 
> authentication dialog? NTLM
> SSP negotiates user password hashes on the fly. There's no 
> need for a dialog.
> 
> Not sure why you would want the dialog to come up but just in 
> case, you can get it
> to come up if send "401 Unauthorized / WWW-Authenticate: 
> NTLM" again *after you
> have already negotiated password hashes once*. But you'll 
> have to read about how
> NTLM HTTP Authentication actually works before you get that 
> far. Read the end of this:
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
> 
> > -----Original Message-----
> > From:	Michael Piscatello 
> [SMTP:mpiscatello at directvinternet.com]
> > Sent:	Wednesday, October 16, 2002 8:21 AM
> > To:	Allen, Michael B (RSCH); jcifs at lists.samba.org
> > Subject:	Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > 
> > Mike,
> > 
> > Thanks! RSN? I did try to adapt it, but it does not bring 
> up the NTLM
> > challenge box. It returns, null and then after refreshing, 
> brings back the
> > credentials, But I need the pop-up. Here is my code.
> > 
> > Thanks,
> > 
> > 
> > Mike
> > 
> > 
> > import java.io.IOException;
> > import java.io.PrintWriter;
> > 
> > import javax.servlet.ServletContext;
> > import javax.servlet.ServletException;
> > import javax.servlet.http.HttpServlet;
> > import javax.servlet.http.HttpServletRequest;
> > import javax.servlet.http.HttpServletResponse;
> > import javax.servlet.http.HttpSession;
> > import jcifs.UniAddress;
> > import jcifs.netbios.NbtAddress;
> > import jcifs.smb.SmbSession;
> > import jcifs.util.Base64;
> > import jcifs.http.NtlmHttpSession;
> > 
> > public class jcifstest extends HttpServlet {
> > 
> >     public void doPost(
> >         javax.servlet.http.HttpServletRequest request,
> >         javax.servlet.http.HttpServletResponse response)
> >         throws javax.servlet.ServletException, java.io.IOException {
> > 
> >         PrintWriter out = response.getWriter();
> >         ServletContext context = getServletContext();
> >         String domainController = "192.168.1.102";
> >         String domain = "HOMEDOM";
> >         boolean debug = true;
> >         HttpServletRequest req;
> >         HttpServletResponse resp;
> >         HttpSession ssn;
> >         NtlmHttpSession ntlm;
> >         String msg;
> >         byte[] src;
> > 
> >         try {
> >             req = (HttpServletRequest) request;
> >             resp = (HttpServletResponse) response;
> > 
> >             ssn = req.getSession(); /* Retrive the NTLM session
> >             */
> >             ntlm = (NtlmHttpSession) 
> ssn.getAttribute("NtlmHttpSession");
> >             msg = req.getHeader("Authorization");
> > 
> >             if (msg == null || msg.startsWith("NTLM ") == false) {
> >                 resp.reset();
> >                 resp.setContentLength(0);
> >                 resp.setHeader("WWW-Authenticate", "NTLM");
> >                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> >                 resp.flushBuffer();
> >                 return;
> >             }
> > 
> >             src = Base64.decode(msg.substring(5));
> > 
> >             if (src[8] == 1) {
> >                 String svr;
> >                 byte[] dst = new byte[40];
> > 
> >                 ntlm = new NtlmHttpSession();
> >                 /* Message 1
> >                  */
> >                 ntlm.decodeType1Message(src);
> >                 ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> > 
> >                 /* If a "Domain Contoller" IP was not 
> specified try and
> > lookup
> >                  * a real domain controller using 
> jcifs.smb.client.domain
> >                  */
> >                 if ((svr = domainController) == null) {
> >                     svr = domain != null ? domain : ntlm.domain;
> >                     svr = NbtAddress.getByName(svr, 0x1c,
> > null).getHostAddress();
> >                 }
> > 
> >                 ntlm.domainController = UniAddress.getByName(svr);
> >                 ntlm.challenge =
> > SmbSession.getChallenge(ntlm.domainController);
> > 
> >                 /* Message 2
> >                  */
> >                 msg = Base64.encodeBytes(dst, 0,
> > ntlm.encodeType2Message(dst));
> > 
> >                 /* Save NTLM session in HTTP session
> >                  */
> >                 ssn.setAttribute("NtlmHttpSession", ntlm);
> > 
> >                 resp.reset();
> >                 resp.setContentLength(0);
> >                 resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> >                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> >                 resp.flushBuffer();
> >                 return;
> >             } else
> >                 if (src[8] == 3) { /* Message 3
> >                 */
> >                    
> > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> >                 } else {
> >                     throw new ServletException("NTLM HTTP 
> Authentication
> > message invalid");
> >                 }
> > 
> >             SmbSession.logon(ntlm.domainController, ntlm.auth);
> > 
> >             ssn.setAttribute("ntlmdomain", ntlm.domain);
> >             ssn.setAttribute("ntlmuser", ntlm.user);
> >             ssn.setAttribute("ntlmhost", ntlm.host);
> > 
> >             if (debug) {
> >                 context.log(
> >                     "NTLM HTTP Autentication successfull: "
> >                         + ntlm.domain
> >                         + "\\"
> >                         + ntlm.user
> >                         + "@"
> >                         + ntlm.host);
> >             }
> >             out.print("ntdomain: " + 
> ssn.getAttribute("ntlmdomain"));
> >         } catch (Exception e) {
> >             out.print("An Error has occured: " + e.getMessage());
> >         }
> > 
> >     }
> > 
> >     public void doGet(
> >         javax.servlet.http.HttpServletRequest request,
> >         javax.servlet.http.HttpServletResponse response)
> >         throws javax.servlet.ServletException, java.io.IOException {
> >         doPost(request, response);
> >     }
> > 
> > }
> > 
> > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)" 
> <Michael_B_Allen at ml.com>
> > wrote:
> > 
> > > The code is pretty simple. I don't think it would be hard 
> to adapt it.
> > > Actually
> > > the current code is somewhat flawed and more complicated 
> than it needs to
> > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > > 
> > >> -----Original Message-----
> > >> From:    Michael Piscatello 
> [SMTP:mpiscatello at directvinternet.com]
> > >> Sent:    Tuesday, October 15, 2002 9:53 PM
> > >> To:    jcifs at lists.samba.org
> > >> Subject:    [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >> 
> > >> Help! I need the functionality of the NtlmHttpFilter but 
> I am stuck with a
> > >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> > >> functionality of the NtlmHttpFilter in a servlet?
> > >> 
> > >> Thanks
> > >> 
> > >> Mike
> > >> 
> > > 
> > > 
> > 
> 
 
************************************************************************
**
The information transmitted herewith is sensitive information intended
only
for use by the individual or entity to which it is addressed. If the
reader
of this message is not the intended recipient, you are hereby notified
that
any review, retransmission, dissemination, distribution, copying or
other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.
  


------_=_NextPart_000_01C275BB.A46A9DE0
Content-Type: application/octet-stream;
	name="NtlmServlet.java"
Content-Disposition: attachment;
	filename="NtlmServlet.java"

package jcifs.http;

import java.io.IOException;

import java.net.UnknownHostException;

import java.util.Enumeration;

import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.UnavailableException;

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import jcifs.Config;
import jcifs.UniAddress;

import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbSession;

public abstract class NtlmServlet extends HttpServlet {

    private static final NtlmSsp AUTH = new NtlmSsp();

    private UniAddress domainController;

    public void init(ServletConfig config) throws ServletException {
        super.init(config);
        Config.setProperty("jcifs.netbios.cachePolicy", "600");
        Config.setProperty("jcifs.smb.client.attrExpirationPeriod",
"120000");
        Enumeration e = config.getInitParameterNames();
        String name;
        while (e.hasMoreElements()) {
            name = (String) e.nextElement();
            if (name.startsWith("jcifs.")) {
                Config.setProperty(name, config.getInitParameter(name));
            }
        }
        String dc = Config.getProperty("jcifs.http.domainController");
        if (dc == null) {
            throw new UnavailableException("No domain controller
specified.");
        }
        try {
            domainController = UniAddress.getByName(dc);
        } catch (UnknownHostException ex) {
            throw new UnavailableException("Specified DC unreachable.");
        }
    }

    protected void service(HttpServletRequest request,
            HttpServletResponse response) throws ServletException,
IOException {
        String msg = request.getHeader("Authorization");
        if (msg != null && msg.startsWith("NTLM")) {
            byte[] challenge =
SmbSession.getChallenge(domainController);
            NtlmPasswordAuthentication ntlm =
AUTH.doAuthentication(request,
                    response, challenge);
            if (ntlm == null) return;
            SmbSession.logon(domainController, ntlm);
            request.getSession().setAttribute("NtlmHttpFilter", "1");
        } else if (request.getSession().getAttribute("NtlmHttpFilter")
==
                null) {
            response.setHeader("WWW-Authenticate", "NTLM");
            response.setHeader("Connection", "close");
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            response.flushBuffer();
            return;
        }
        super.service(request, response);
    }

}

------_=_NextPart_000_01C275BB.A46A9DE0--


--__--__--

_______________________________________________
jcifs mailing list
jcifs at lists.samba.org
http://lists.samba.org/listinfo/jcifs


End of jcifs Digest


-----

The information contained in this message is proprietary of Casero Inc.,
protected from disclosure, and may be privileged. The information is
intended to be conveyed only to the designated recipient(s) of the
message. If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, use, distribution or
copying of this communication is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to the message and deleting it from
your computer. Thank you.




More information about the jcifs mailing list