[jcifs] Quick question Re: Challenge in NegProt response.
Michael B. Allen
miallen at eskimo.com
Fri Sep 6 05:20:13 EST 2002
On Thu, 05 Sep 2002 13:35:19 -0500
"Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:
> I lost my notes on this... You remember that bug I stumbled across at the
> PlugFest? The one that would cause reconnections to fail?
> Here's the thing: Does SMB continue to use the same challenge for the
> entire duration of the TCP session or is there a mechanism for obtaining a
> new challenge? What was it that was actually going wrong with the
Whenever a negprot response is received the new challenge should be used
but to the best of my knowledge such a response will only be received once
during transport establishment. The jCIFS gracefull reconnect bug resulted
because jCIFS closes transport after a configureable time period to
conserve resources and it does not tear down and build up all data
every time. It just flips a negotiated/sessionSetup/treeConnected flag
indicating the particular layer will need to
re-negotiate/re-sessionSetup/re-treeConnect. However with the introduction
of the NtlmPasswordAuthentication class the server challenge was being
cached. Encrypting passwords with an old challenge will not work of course.
Incedentally it's still not correct actually. If an error occurs, an
SmbTransport/SmbSession/SmbTree hierarchy may be invalidated without trying
to trigger SMB_COM_LOGOFF_ANDX/SMB_COM_TREE_DISCONNECT_ANDX messages and
that too even in the latest version will not invalidate the challenge. So
if the *server* closes the socket, that will be treated like this error and
now we have the graceful-reconnect issue. I'm working on a fix for that and
a few other complicated state consistentcey issues having to do with hashes
beeing provided externally (from IE).
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and more importantly to tasks that have not
yet been conceived.
More information about the jcifs