[jcifs] RE: jcifs digest, Vol 1 #509 - 6 msgs
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Mon Oct 21 18:52:33 EST 2002
There have been some reports of problems with doing things on the localhost. I recall someone
claiming that if your machine is a domain controller you would have to set baddr=127.0.0.1. Look
back in the mailing list archives. By "scan" I assume you mean list shares/directories/files. In
general this should work but it might change depending on which OS/server combination you use.
For example, Win2K on a laptop may bring down the network if nothing is plugged into the ethernet
port. Just to explore this a little I tried it on NT with success:
C:\TEMP\jcifs_0.7.0b4>c:\jre1.3\bin\java -cp c:\jre1.3\lib\rt.jar;jcifs-0.7.0b4.jar;. ListFiles smb://nyc-users;miallen:passwd@miallen2/
ADMIN$/ IPC$/ C$/
3 files in 6453ms
It took >6 seconds because I didn't specify a WINS server so there's a name service timeout
occuring. I noticed I could not use resolveOrder=BCAST because my NT workstation (not a PDC)
will not respond to NetBIOS broadcasts even if I also set baddr=127.0.0.1. If I use
resolveOrder=DNS it's fast (no name service timeout) but I suppose this sort of thing is highly
dependant on your network configuration. The most reliable and portable solution would probably be
to just use the local machine's IP address like smb://dom;user;pass@192.168.1.15/. Doesn't look
like you can use the loopback:
C:\TEMP\jcifs_0.7.0b4>c:\jre1.3\bin\java -cp c:\jre1.3\lib\rt.jar;jcifs-0.7.0b4.jar;. ListFiles smb://nyc-users;miallen:passwd@127.0.0.1/
Exception in thread "main" jcifs.smb.SmbException: Connection refused: no further information
at jcifs.smb.SmbTransport.send(SmbTransport.java:478)
at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:666)
at jcifs.smb.SmbTree.treeConnect(SmbTree.java:107)
at jcifs.smb.SmbFile.connect(SmbFile.java:489)
at jcifs.smb.SmbFile.connect0(SmbFile.java:460)
at jcifs.smb.SmbFile.sendTransaction(SmbFile.java:436)
at jcifs.smb.SmbFile.listFiles(SmbFile.java:1247)
at jcifs.smb.SmbFile.listFiles(SmbFile.java:1159)
at ListFiles.main(ListFiles.java:31)
but I bet that would work with Samba/Linux.
> -----Original Message-----
> From: Sujit Jagdev [SMTP:sujit.jagdev at casero.com]
> Sent: Thursday, October 17, 2002 9:47 AM
> To: jcifs at lists.samba.org
> Subject: [jcifs] RE: jcifs digest, Vol 1 #509 - 6 msgs
>
> Is there anyway to get Jcifs to scan the network on the local interface.
> Would setting the jcifs.client.laddr variable work.
> I am not sure if that is what it does.
> Sujit
>
> -----Original Message-----
> From: jcifs-request at lists.samba.org
> [mailto:jcifs-request at lists.samba.org]
> Sent: Thursday, October 17, 2002 5:03 AM
> To: jcifs at lists.samba.org
> Subject: jcifs digest, Vol 1 #509 - 6 msgs
>
> Send jcifs mailing list submissions to
> jcifs at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.samba.org/listinfo/jcifs
> or, via email, send a message with subject or body 'help' to
> jcifs-request at lists.samba.org
>
> You can reach the person managing the list at
> jcifs-admin at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of jcifs digest..."
>
>
> Today's Topics:
>
> 1. RE: Alternative to jcifs.http.NtlmHttpFilter (Allen, Michael B
> (RSCH))
> 2. jcifs-0.7.0b4 released (Allen, Michael B (RSCH))
> 3. RE: Alternative to jcifs.http.NtlmHttpFilter (Allen, Michael B
> (RSCH))
> 4. Re: jcifs-0.7.0b4 released (Christopher R. Hertel)
> 5. RE: jcifs-0.7.0b4 released (Glass, Eric)
> 6. RE: Alternative to jcifs.http.NtlmHttpFilter (Glass, Eric)
>
> --__--__--
>
> Message: 1
> From: "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
> To: "'Michael Piscatello'" <mpiscatello at directvinternet.com>,
> jcifs at lists.samba.org
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> Date: Wed, 16 Oct 2002 19:34:00 -0400
>
>
>
> > -----Original Message-----
> > From: Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> > Sent: Wednesday, October 16, 2002 8:21 AM
> > To: Allen, Michael B (RSCH); jcifs at lists.samba.org
> > Subject: Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >
> > Mike,
> >
> > Thanks! RSN? I did try to adapt it, but it does not bring up the NTLM
> > challenge box. It returns, null and then after refreshing, brings back
> the
> > credentials, But I need the pop-up. Here is my code.
> >
> I'm going to release new code Real Soon Now (RSN). Look at the
> NtlmSsp
> class and how the Filter and NetworkExplorer use it. At some
> point you
> will have to look at the NTLM SSP documentation (see end of
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html) and
> understand
> theprocess and probably look at packet traces to be sure it's
> doing the right
> thing though.
>
> > Thanks,
> >
> >
> > Mike
> >
> >
> > import java.io.IOException;
> > import java.io.PrintWriter;
> >
> > import javax.servlet.ServletContext;
> > import javax.servlet.ServletException;
> > import javax.servlet.http.HttpServlet;
> > import javax.servlet.http.HttpServletRequest;
> > import javax.servlet.http.HttpServletResponse;
> > import javax.servlet.http.HttpSession;
> > import jcifs.UniAddress;
> > import jcifs.netbios.NbtAddress;
> > import jcifs.smb.SmbSession;
> > import jcifs.util.Base64;
> > import jcifs.http.NtlmHttpSession;
> >
> > public class jcifstest extends HttpServlet {
> >
> > public void doPost(
> > javax.servlet.http.HttpServletRequest request,
> > javax.servlet.http.HttpServletResponse response)
> > throws javax.servlet.ServletException, java.io.IOException {
> >
> > PrintWriter out = response.getWriter();
> > ServletContext context = getServletContext();
> > String domainController = "192.168.1.102";
> > String domain = "HOMEDOM";
> > boolean debug = true;
> > HttpServletRequest req;
> > HttpServletResponse resp;
> > HttpSession ssn;
> > NtlmHttpSession ntlm;
> > String msg;
> > byte[] src;
> >
> > try {
> > req = (HttpServletRequest) request;
> > resp = (HttpServletResponse) response;
> >
> > ssn = req.getSession(); /* Retrive the NTLM session
> > */
> > ntlm = (NtlmHttpSession)
> ssn.getAttribute("NtlmHttpSession");
> > msg = req.getHeader("Authorization");
> >
> > if (msg == null || msg.startsWith("NTLM ") == false) {
> > resp.reset();
> > resp.setContentLength(0);
> > resp.setHeader("WWW-Authenticate", "NTLM");
> > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > resp.flushBuffer();
> > return;
> > }
> >
> > src = Base64.decode(msg.substring(5));
> >
> > if (src[8] == 1) {
> > String svr;
> > byte[] dst = new byte[40];
> >
> > ntlm = new NtlmHttpSession();
> > /* Message 1
> > */
> > ntlm.decodeType1Message(src);
> > ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> >
> > /* If a "Domain Contoller" IP was not specified try
> and
> > lookup
> > * a real domain controller using
> jcifs.smb.client.domain
> > */
> > if ((svr = domainController) == null) {
> > svr = domain != null ? domain : ntlm.domain;
> > svr = NbtAddress.getByName(svr, 0x1c,
> > null).getHostAddress();
> > }
> >
> > ntlm.domainController = UniAddress.getByName(svr);
> > ntlm.challenge =
> > SmbSession.getChallenge(ntlm.domainController);
> >
> > /* Message 2
> > */
> > msg = Base64.encodeBytes(dst, 0,
> > ntlm.encodeType2Message(dst));
> >
> > /* Save NTLM session in HTTP session
> > */
> > ssn.setAttribute("NtlmHttpSession", ntlm);
> >
> > resp.reset();
> > resp.setContentLength(0);
> > resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > resp.flushBuffer();
> > return;
> > } else
> > if (src[8] == 3) { /* Message 3
> > */
> >
> > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> > } else {
> > throw new ServletException("NTLM HTTP
> Authentication
> > message invalid");
> > }
> >
> > SmbSession.logon(ntlm.domainController, ntlm.auth);
> >
> > ssn.setAttribute("ntlmdomain", ntlm.domain);
> > ssn.setAttribute("ntlmuser", ntlm.user);
> > ssn.setAttribute("ntlmhost", ntlm.host);
> >
> > if (debug) {
> > context.log(
> > "NTLM HTTP Autentication successfull: "
> > + ntlm.domain
> > + "\\"
> > + ntlm.user
> > + "@"
> > + ntlm.host);
> > }
> > out.print("ntdomain: " + ssn.getAttribute("ntlmdomain"));
> > } catch (Exception e) {
> > out.print("An Error has occured: " + e.getMessage());
> > }
> >
> > }
> >
> > public void doGet(
> > javax.servlet.http.HttpServletRequest request,
> > javax.servlet.http.HttpServletResponse response)
> > throws javax.servlet.ServletException, java.io.IOException {
> > doPost(request, response);
> > }
> >
> > }
> >
> > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
> <Michael_B_Allen at ml.com>
> > wrote:
> >
> > > The code is pretty simple. I don't think it would be hard to adapt
> it.
> > > Actually
> > > the current code is somewhat flawed and more complicated than it
> needs to
> > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > >
> > >> -----Original Message-----
> > >> From: Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> > >> Sent: Tuesday, October 15, 2002 9:53 PM
> > >> To: jcifs at lists.samba.org
> > >> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >>
> > >> Help! I need the functionality of the NtlmHttpFilter but I am stuck
> with a
> > >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> > >> functionality of the NtlmHttpFilter in a servlet?
> > >>
> > >> Thanks
> > >>
> > >> Mike
> > >>
> > >
> > >
> >
>
>
> --__--__--
>
> Message: 2
> From: "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
> To: "'jcifs at samba.org'" <jcifs at samba.org>
> Date: Thu, 17 Oct 2002 01:10:57 -0400
> Subject: [jcifs] jcifs-0.7.0b4 released
>
> Packages can be had here:
>
> http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
> http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
> http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
> http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
>
> I'm on the run so I will not have time to prepare the distribution per
> normal until ~Tuesday.
> Please give it a whirl while I'm gone.
>
>
> --__--__--
>
> Message: 3
> From: "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
> To: "'Michael Piscatello'" <mpiscatello at directvinternet.com>,
> jcifs at lists.samba.org
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> Date: Thu, 17 Oct 2002 01:27:08 -0400
>
> I just noticed you said "pop-up". Do you mean the authentication dialog?
> NTLM
> SSP negotiates user password hashes on the fly. There's no need for a
> dialog.
>
> Not sure why you would want the dialog to come up but just in case, you
> can get it
> to come up if send "401 Unauthorized / WWW-Authenticate: NTLM" again
> *after you
> have already negotiated password hashes once*. But you'll have to read
> about how
> NTLM HTTP Authentication actually works before you get that far. Read
> the end of this:
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
>
> > -----Original Message-----
> > From: Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> > Sent: Wednesday, October 16, 2002 8:21 AM
> > To: Allen, Michael B (RSCH); jcifs at lists.samba.org
> > Subject: Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >
> > Mike,
> >
> > Thanks! RSN? I did try to adapt it, but it does not bring up the NTLM
> > challenge box. It returns, null and then after refreshing, brings back
> the
> > credentials, But I need the pop-up. Here is my code.
> >
> > Thanks,
> >
> >
> > Mike
> >
> >
> > import java.io.IOException;
> > import java.io.PrintWriter;
> >
> > import javax.servlet.ServletContext;
> > import javax.servlet.ServletException;
> > import javax.servlet.http.HttpServlet;
> > import javax.servlet.http.HttpServletRequest;
> > import javax.servlet.http.HttpServletResponse;
> > import javax.servlet.http.HttpSession;
> > import jcifs.UniAddress;
> > import jcifs.netbios.NbtAddress;
> > import jcifs.smb.SmbSession;
> > import jcifs.util.Base64;
> > import jcifs.http.NtlmHttpSession;
> >
> > public class jcifstest extends HttpServlet {
> >
> > public void doPost(
> > javax.servlet.http.HttpServletRequest request,
> > javax.servlet.http.HttpServletResponse response)
> > throws javax.servlet.ServletException, java.io.IOException {
> >
> > PrintWriter out = response.getWriter();
> > ServletContext context = getServletContext();
> > String domainController = "192.168.1.102";
> > String domain = "HOMEDOM";
> > boolean debug = true;
> > HttpServletRequest req;
> > HttpServletResponse resp;
> > HttpSession ssn;
> > NtlmHttpSession ntlm;
> > String msg;
> > byte[] src;
> >
> > try {
> > req = (HttpServletRequest) request;
> > resp = (HttpServletResponse) response;
> >
> > ssn = req.getSession(); /* Retrive the NTLM session
> > */
> > ntlm = (NtlmHttpSession)
> ssn.getAttribute("NtlmHttpSession");
> > msg = req.getHeader("Authorization");
> >
> > if (msg == null || msg.startsWith("NTLM ") == false) {
> > resp.reset();
> > resp.setContentLength(0);
> > resp.setHeader("WWW-Authenticate", "NTLM");
> > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > resp.flushBuffer();
> > return;
> > }
> >
> > src = Base64.decode(msg.substring(5));
> >
> > if (src[8] == 1) {
> > String svr;
> > byte[] dst = new byte[40];
> >
> > ntlm = new NtlmHttpSession();
> > /* Message 1
> > */
> > ntlm.decodeType1Message(src);
> > ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> >
> > /* If a "Domain Contoller" IP was not specified try
> and
> > lookup
> > * a real domain controller using
> jcifs.smb.client.domain
> > */
> > if ((svr = domainController) == null) {
> > svr = domain != null ? domain : ntlm.domain;
> > svr = NbtAddress.getByName(svr, 0x1c,
> > null).getHostAddress();
> > }
> >
> > ntlm.domainController = UniAddress.getByName(svr);
> > ntlm.challenge =
> > SmbSession.getChallenge(ntlm.domainController);
> >
> > /* Message 2
> > */
> > msg = Base64.encodeBytes(dst, 0,
> > ntlm.encodeType2Message(dst));
> >
> > /* Save NTLM session in HTTP session
> > */
> > ssn.setAttribute("NtlmHttpSession", ntlm);
> >
> > resp.reset();
> > resp.setContentLength(0);
> > resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > resp.flushBuffer();
> > return;
> > } else
> > if (src[8] == 3) { /* Message 3
> > */
> >
> > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> > } else {
> > throw new ServletException("NTLM HTTP
> Authentication
> > message invalid");
> > }
> >
> > SmbSession.logon(ntlm.domainController, ntlm.auth);
> >
> > ssn.setAttribute("ntlmdomain", ntlm.domain);
> > ssn.setAttribute("ntlmuser", ntlm.user);
> > ssn.setAttribute("ntlmhost", ntlm.host);
> >
> > if (debug) {
> > context.log(
> > "NTLM HTTP Autentication successfull: "
> > + ntlm.domain
> > + "\\"
> > + ntlm.user
> > + "@"
> > + ntlm.host);
> > }
> > out.print("ntdomain: " + ssn.getAttribute("ntlmdomain"));
> > } catch (Exception e) {
> > out.print("An Error has occured: " + e.getMessage());
> > }
> >
> > }
> >
> > public void doGet(
> > javax.servlet.http.HttpServletRequest request,
> > javax.servlet.http.HttpServletResponse response)
> > throws javax.servlet.ServletException, java.io.IOException {
> > doPost(request, response);
> > }
> >
> > }
> >
> > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
> <Michael_B_Allen at ml.com>
> > wrote:
> >
> > > The code is pretty simple. I don't think it would be hard to adapt
> it.
> > > Actually
> > > the current code is somewhat flawed and more complicated than it
> needs to
> > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > >
> > >> -----Original Message-----
> > >> From: Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> > >> Sent: Tuesday, October 15, 2002 9:53 PM
> > >> To: jcifs at lists.samba.org
> > >> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >>
> > >> Help! I need the functionality of the NtlmHttpFilter but I am stuck
> with a
> > >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> > >> functionality of the NtlmHttpFilter in a servlet?
> > >>
> > >> Thanks
> > >>
> > >> Mike
> > >>
> > >
> > >
> >
>
>
> --__--__--
>
> Message: 4
> Date: Thu, 17 Oct 2002 00:43:52 -0500
> From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
> To: jcifs at samba.org
> Subject: Re: [jcifs] jcifs-0.7.0b4 released
>
> I assume that the biggest changes are in the NTLM auth stuff, though it
> also makes sense to excersize the SMB URL handling.
>
> Have fun everyone.
>
> Chris -)-----
>
> On Thu, Oct 17, 2002 at 01:10:57AM -0400, Allen, Michael B (RSCH) wrote:
> > Packages can be had here:
> >
> > http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
> > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
> > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
> > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
> >
> > I'm on the run so I will not have time to prepare the distribution per
> > normal until ~Tuesday.
> > Please give it a whirl while I'm gone.
> >
>
> --
> Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
> jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development,
> uninq.
> ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
>
> --__--__--
>
> Message: 5
> From: "Glass, Eric" <eric.glass at capitalone.com>
> To: "'jcifs at lists.samba.org'" <jcifs at lists.samba.org>
> Cc: "'Allen, Michael B (RSCH)'" <Michael_B_Allen at ml.com>
> Subject: RE: [jcifs] jcifs-0.7.0b4 released
> Date: Thu, 17 Oct 2002 04:47:57 -0400
>
> The NTLM filter in the below doesn't work; the following changes will
> fix
> it:
>
> a) In "NtlmHttpFilter.java", line 90:
>
> resp.setHeader( "Connection", "closed" );
>
> should be
>
> resp.setHeader( "Connection", "close" );
>
> b) In "NtlmSsp.java", line 108:
>
> resp.setHeader( "Connection", "close" );
>
> should be
>
> resp.setHeader( "Connection", "Keep-Alive" );
> resp.setContentLength(0);
>
>
> That being said, I haven't seen any issues with the new stuff.
>
> > -----Original Message-----
> > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > Sent: Thursday, October 17, 2002 1:11 AM
> > To: 'jcifs at samba.org'
> > Subject: [jcifs] jcifs-0.7.0b4 released
> >
> >
> > Packages can be had here:
> >
> > http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
> > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
> > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
> > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
> >
> > I'm on the run so I will not have time to prepare the
> > distribution per normal until ~Tuesday.
> > Please give it a whirl while I'm gone.
> >
>
> ************************************************************************
> **
> The information transmitted herewith is sensitive information intended
> only
> for use by the individual or entity to which it is addressed. If the
> reader
> of this message is not the intended recipient, you are hereby notified
> that
> any review, retransmission, dissemination, distribution, copying or
> other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.
>
> --__--__--
>
> Message: 6
> From: "Glass, Eric" <eric.glass at capitalone.com>
> To: jcifs at lists.samba.org
> Cc: "'melbaird at hotmail.com'" <melbaird at hotmail.com>,
> "'Allen, Michael B (RSCH)'" <Michael_B_Allen at ml.com>,
> 'Michael Piscatello' <mpiscatello at directvinternet.com>
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> Date: Thu, 17 Oct 2002 05:00:29 -0400
>
> This message is in MIME format. Since your mail reader does not
> understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_000_01C275BB.A46A9DE0
> Content-Type: text/plain;
> charset="iso-8859-1"
>
> Attached is a servlet which uses the 0.7.0b4 NTLM stuff to do
> authentication
> -- this should work in pre-2.3 Servlet environments. It only overrides
> the
> "service" method, so if you are just implementing doGet, doPost, etc. it
> should be a drop in replacement for HttpServlet; i.e., you can just
> change:
>
> public class MyServlet extends HttpServlet
>
> to:
>
> public class MyServlet extends NtlmServlet
>
> and be up and going. You would set all the jcifs.* parameters (domain
> controller, etc.) via the servlet's initparameters (similar to the
> filter
> configuration in 2.3+ environments).
>
> See also the notes just posted to the list regarding 0.7.0b4. If you
> don't
> subscribe to the list the message in question is here:
> http://lists.samba.org/pipermail/jcifs/2002-October/002693.html
>
> > -----Original Message-----
> > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > Sent: Thursday, October 17, 2002 1:27 AM
> > To: 'Michael Piscatello'; jcifs at lists.samba.org
> > Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >
> >
> > I just noticed you said "pop-up". Do you mean the
> > authentication dialog? NTLM
> > SSP negotiates user password hashes on the fly. There's no
> > need for a dialog.
> >
> > Not sure why you would want the dialog to come up but just in
> > case, you can get it
> > to come up if send "401 Unauthorized / WWW-Authenticate:
> > NTLM" again *after you
> > have already negotiated password hashes once*. But you'll
> > have to read about how
> > NTLM HTTP Authentication actually works before you get that
> > far. Read the end of this:
> > http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
> >
> > > -----Original Message-----
> > > From: Michael Piscatello
> > [SMTP:mpiscatello at directvinternet.com]
> > > Sent: Wednesday, October 16, 2002 8:21 AM
> > > To: Allen, Michael B (RSCH); jcifs at lists.samba.org
> > > Subject: Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >
> > > Mike,
> > >
> > > Thanks! RSN? I did try to adapt it, but it does not bring
> > up the NTLM
> > > challenge box. It returns, null and then after refreshing,
> > brings back the
> > > credentials, But I need the pop-up. Here is my code.
> > >
> > > Thanks,
> > >
> > >
> > > Mike
> > >
> > >
> > > import java.io.IOException;
> > > import java.io.PrintWriter;
> > >
> > > import javax.servlet.ServletContext;
> > > import javax.servlet.ServletException;
> > > import javax.servlet.http.HttpServlet;
> > > import javax.servlet.http.HttpServletRequest;
> > > import javax.servlet.http.HttpServletResponse;
> > > import javax.servlet.http.HttpSession;
> > > import jcifs.UniAddress;
> > > import jcifs.netbios.NbtAddress;
> > > import jcifs.smb.SmbSession;
> > > import jcifs.util.Base64;
> > > import jcifs.http.NtlmHttpSession;
> > >
> > > public class jcifstest extends HttpServlet {
> > >
> > > public void doPost(
> > > javax.servlet.http.HttpServletRequest request,
> > > javax.servlet.http.HttpServletResponse response)
> > > throws javax.servlet.ServletException, java.io.IOException {
> > >
> > > PrintWriter out = response.getWriter();
> > > ServletContext context = getServletContext();
> > > String domainController = "192.168.1.102";
> > > String domain = "HOMEDOM";
> > > boolean debug = true;
> > > HttpServletRequest req;
> > > HttpServletResponse resp;
> > > HttpSession ssn;
> > > NtlmHttpSession ntlm;
> > > String msg;
> > > byte[] src;
> > >
> > > try {
> > > req = (HttpServletRequest) request;
> > > resp = (HttpServletResponse) response;
> > >
> > > ssn = req.getSession(); /* Retrive the NTLM session
> > > */
> > > ntlm = (NtlmHttpSession)
> > ssn.getAttribute("NtlmHttpSession");
> > > msg = req.getHeader("Authorization");
> > >
> > > if (msg == null || msg.startsWith("NTLM ") == false) {
> > > resp.reset();
> > > resp.setContentLength(0);
> > > resp.setHeader("WWW-Authenticate", "NTLM");
> > > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > > resp.flushBuffer();
> > > return;
> > > }
> > >
> > > src = Base64.decode(msg.substring(5));
> > >
> > > if (src[8] == 1) {
> > > String svr;
> > > byte[] dst = new byte[40];
> > >
> > > ntlm = new NtlmHttpSession();
> > > /* Message 1
> > > */
> > > ntlm.decodeType1Message(src);
> > > ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> > >
> > > /* If a "Domain Contoller" IP was not
> > specified try and
> > > lookup
> > > * a real domain controller using
> > jcifs.smb.client.domain
> > > */
> > > if ((svr = domainController) == null) {
> > > svr = domain != null ? domain : ntlm.domain;
> > > svr = NbtAddress.getByName(svr, 0x1c,
> > > null).getHostAddress();
> > > }
> > >
> > > ntlm.domainController = UniAddress.getByName(svr);
> > > ntlm.challenge =
> > > SmbSession.getChallenge(ntlm.domainController);
> > >
> > > /* Message 2
> > > */
> > > msg = Base64.encodeBytes(dst, 0,
> > > ntlm.encodeType2Message(dst));
> > >
> > > /* Save NTLM session in HTTP session
> > > */
> > > ssn.setAttribute("NtlmHttpSession", ntlm);
> > >
> > > resp.reset();
> > > resp.setContentLength(0);
> > > resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> > > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > > resp.flushBuffer();
> > > return;
> > > } else
> > > if (src[8] == 3) { /* Message 3
> > > */
> > >
> > > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> > > } else {
> > > throw new ServletException("NTLM HTTP
> > Authentication
> > > message invalid");
> > > }
> > >
> > > SmbSession.logon(ntlm.domainController, ntlm.auth);
> > >
> > > ssn.setAttribute("ntlmdomain", ntlm.domain);
> > > ssn.setAttribute("ntlmuser", ntlm.user);
> > > ssn.setAttribute("ntlmhost", ntlm.host);
> > >
> > > if (debug) {
> > > context.log(
> > > "NTLM HTTP Autentication successfull: "
> > > + ntlm.domain
> > > + "\\"
> > > + ntlm.user
> > > + "@"
> > > + ntlm.host);
> > > }
> > > out.print("ntdomain: " +
> > ssn.getAttribute("ntlmdomain"));
> > > } catch (Exception e) {
> > > out.print("An Error has occured: " + e.getMessage());
> > > }
> > >
> > > }
> > >
> > > public void doGet(
> > > javax.servlet.http.HttpServletRequest request,
> > > javax.servlet.http.HttpServletResponse response)
> > > throws javax.servlet.ServletException, java.io.IOException {
> > > doPost(request, response);
> > > }
> > >
> > > }
> > >
> > > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
> > <Michael_B_Allen at ml.com>
> > > wrote:
> > >
> > > > The code is pretty simple. I don't think it would be hard
> > to adapt it.
> > > > Actually
> > > > the current code is somewhat flawed and more complicated
> > than it needs to
> > > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > > >
> > > >> -----Original Message-----
> > > >> From: Michael Piscatello
> > [SMTP:mpiscatello at directvinternet.com]
> > > >> Sent: Tuesday, October 15, 2002 9:53 PM
> > > >> To: jcifs at lists.samba.org
> > > >> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > > >>
> > > >> Help! I need the functionality of the NtlmHttpFilter but
> > I am stuck with a
> > > >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> > > >> functionality of the NtlmHttpFilter in a servlet?
> > > >>
> > > >> Thanks
> > > >>
> > > >> Mike
> > > >>
> > > >
> > > >
> > >
> >
>
> ************************************************************************
> **
> The information transmitted herewith is sensitive information intended
> only
> for use by the individual or entity to which it is addressed. If the
> reader
> of this message is not the intended recipient, you are hereby notified
> that
> any review, retransmission, dissemination, distribution, copying or
> other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.
>
>
>
> ------_=_NextPart_000_01C275BB.A46A9DE0
> Content-Type: application/octet-stream;
> name="NtlmServlet.java"
> Content-Disposition: attachment;
> filename="NtlmServlet.java"
>
> package jcifs.http;
>
> import java.io.IOException;
>
> import java.net.UnknownHostException;
>
> import java.util.Enumeration;
>
> import javax.servlet.ServletConfig;
> import javax.servlet.ServletException;
> import javax.servlet.UnavailableException;
>
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
>
> import jcifs.Config;
> import jcifs.UniAddress;
>
> import jcifs.smb.NtlmPasswordAuthentication;
> import jcifs.smb.SmbSession;
>
> public abstract class NtlmServlet extends HttpServlet {
>
> private static final NtlmSsp AUTH = new NtlmSsp();
>
> private UniAddress domainController;
>
> public void init(ServletConfig config) throws ServletException {
> super.init(config);
> Config.setProperty("jcifs.netbios.cachePolicy", "600");
> Config.setProperty("jcifs.smb.client.attrExpirationPeriod",
> "120000");
> Enumeration e = config.getInitParameterNames();
> String name;
> while (e.hasMoreElements()) {
> name = (String) e.nextElement();
> if (name.startsWith("jcifs.")) {
> Config.setProperty(name, config.getInitParameter(name));
> }
> }
> String dc = Config.getProperty("jcifs.http.domainController");
> if (dc == null) {
> throw new UnavailableException("No domain controller
> specified.");
> }
> try {
> domainController = UniAddress.getByName(dc);
> } catch (UnknownHostException ex) {
> throw new UnavailableException("Specified DC unreachable.");
> }
> }
>
> protected void service(HttpServletRequest request,
> HttpServletResponse response) throws ServletException,
> IOException {
> String msg = request.getHeader("Authorization");
> if (msg != null && msg.startsWith("NTLM")) {
> byte[] challenge =
> SmbSession.getChallenge(domainController);
> NtlmPasswordAuthentication ntlm =
> AUTH.doAuthentication(request,
> response, challenge);
> if (ntlm == null) return;
> SmbSession.logon(domainController, ntlm);
> request.getSession().setAttribute("NtlmHttpFilter", "1");
> } else if (request.getSession().getAttribute("NtlmHttpFilter")
> ==
> null) {
> response.setHeader("WWW-Authenticate", "NTLM");
> response.setHeader("Connection", "close");
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> response.flushBuffer();
> return;
> }
> super.service(request, response);
> }
>
> }
>
> ------_=_NextPart_000_01C275BB.A46A9DE0--
>
>
> --__--__--
>
> _______________________________________________
> jcifs mailing list
> jcifs at lists.samba.org
> http://lists.samba.org/listinfo/jcifs
>
>
> End of jcifs Digest
>
>
> -----
>
> The information contained in this message is proprietary of Casero Inc.,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the
> message. If the reader of this message is not the intended recipient,
> you are hereby notified that any dissemination, use, distribution or
> copying of this communication is strictly prohibited and may be
> unlawful. If you have received this communication in error, please
> notify us immediately by replying to the message and deleting it from
> your computer. Thank you.
>
More information about the jcifs
mailing list