[jcifs] Quick question Re: Challenge in NegProt response.

Michael B. Allen miallen at eskimo.com
Fri Sep 6 05:20:13 EST 2002 

On Thu, 05 Sep 2002 13:35:19 -0500
"Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:

> Mike,
> 
> I lost my notes on this...  You remember that bug I stumbled across at the
> PlugFest?  The one that would cause reconnections to fail?
> 
> Here's the thing:  Does SMB continue to use the same challenge for the
> entire duration of the TCP session or is there a mechanism for obtaining a
> new challenge?  What was it that was actually going wrong with the
> reconnection?

Whenever  a  negprot  response is received the new challenge should be used
but  to the best of my knowledge such a response will only be received once
during  transport establishment. The jCIFS gracefull reconnect bug resulted
because  jCIFS  closes  transport  after  a  configureable  time  period to
conserve  resources  and  it  does  not  tear  down  and  build up all data
structures: 

  NbtSocket
   |
  SmbTransport
   |
  SmbSession
   |
  SmbTree

every  time.  It  just  flips  a negotiated/sessionSetup/treeConnected flag
indicating       the      particular      layer      will      need      to
re-negotiate/re-sessionSetup/re-treeConnect.  However with the introduction
of  the  NtlmPasswordAuthentication  class  the  server challenge was being
cached. Encrypting passwords with an old challenge will not work of course.

Incedentally  it's  still  not  correct  actually.  If  an error occurs, an
SmbTransport/SmbSession/SmbTree hierarchy may be invalidated without trying
to  trigger  SMB_COM_LOGOFF_ANDX/SMB_COM_TREE_DISCONNECT_ANDX  messages and
that  too  even in the latest version will not invalidate the challenge. So
if the *server* closes the socket, that will be treated like this error and
now we have the graceful-reconnect issue. I'm working on a fix for that and
a few other complicated state consistentcey issues having to do with hashes
beeing provided externally (from IE). 

-- 
A  program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes  the  potential  for it to be applied to tasks that are
conceptually  similar and more importantly to tasks that have not
yet been conceived.

More information about the jcifs mailing list