[jcifs] RE: jCIFS authentication stuff

eglass1 at attbi.com eglass1 at attbi.com
Thu May 15 23:32:13 EST 2003 

> I would certainly like to see jCIFS talking SPNEGO, NTLMSSP, Kerberos, and so 
on 
> in both the core and via the HTTP authentication filter/servlet. The 
> TokenFactory abstraction in your code confusing
> though. It not clear to me that it will be what jCIFS needs when/if these 
> mechanisms are integrated into the core. I'd really need a KDC or Win2K 
server 
> to explore this further though.
> 
> Mike
> 

This was actually an amalgam of a lot of stuff I was working on.
The main idea behind the tokens was to represent the Type 1, etc. messages as
objects rather than manually parsing and formatting the byte arrays;
this is extremely useful when developing clients, because manually creating
and preparing a Type 3 message in particular is very complicated and
error-prone.  It also streamlines the creation of server-side support for
NTLM over protocols other than HTTP.  Rather than having to duplicate large
chunks of NtlmSsp.java for each protocol, the NTLMSSP-specific stuff is broken 
out and encapsulated.

The TokenFactory stuff came about while I was attempting to get
SPNEGO/Kerberos working; it was an attempt to automate the process of
recognizing and parsing an arbitrary message into a token object.  This
isn't really necessary, especially if you're only dealing with NTLMSSP
messages, and I agree it is a bit confusing.

Attached is a quick refactoring of the NTLMSSP-specific stuff; this
would allow you to do stuff like (using the server side as an example):

// type1Bytes is the type 1 message from the client
byte[] type1Bytes;
Type1Message type1 = new Type1Message(type1Bytes);
byte[] challenge = SmbSession.getChallenge(dc);
Type2Message type2 = new Type2Message(type1, challenge, null);
// send the type2 bytes
output.write(type2.toByteArray());

// type3Bytes is the type 3 message from the client
byte[] type3Bytes;
Type3Message type3 = new Type3Message(type3Bytes);
NtlmPasswordAuthentication ntlm =
        new NtlmPasswordAuthentication(type3.getDomain(), type3.getUser(),
                type3.getLMResponse(), type3.getNTResponse());
SmbSession.logon(dc, ntlm);

This is really more useful for clients, since currently jCIFS doesn't provide 
an easy way to build Type 1 and Type 3 messages.  Client packages such as the 
Jakarta Commons' HttpClient could use this to do NTLM authentication, rather 
than rolling their own.

I put these in the jcifs.smb package, so they should work out-of-the-box now.


Eric



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 8074 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/f89bcaf3/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 7998 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/f89bcaf3/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 13474 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/f89bcaf3/attachment-0002.obj

More information about the jcifs mailing list