[jcifs] Unverifiable Signature when using SmbFileInputStreaminWin2k3

Gary Rambo grambo at aventail.com
Fri Apr 2 17:31:32 GMT 2004

I'm seeing similar behavior: the computed signature doesn't match the signature in the NT Create AndX Response packet. If I ignore the signature verification failure and continue, each subsequent Read AndX response signature also fails to match the computed signature, except for the closing (zero-byte) Read AndX response signature, which does match the computed value.

Moreover the signatures written into the corresponding request packets by Jcifs seem to satisfy the w2k3 server on the other side, because the w2k3 server doesn't complain.


> -----Original Message-----
> From: Michael B Allen [mailto:mba2000 at ioplex.com]
> Sent: Tuesday, March 30, 2004 8:35 PM
> Subject: Re: [jcifs] Unverifiable Signature when using SmbFileInputStream
> in Win2k3
> There are two known problems with signing.
> 1) when reading and writing to the same host the signature can
> mysteriously fail.

I'm only doing reads (no writes), so I don't think this is the problem.

> 2) it has been reported that jCIFS may try to verify a signature before a
> successfull user session has been established. It's on the TODO list.
> Perhaps you can determine if your problem is one of these cases? Or
> perhaps it's different?
> Mike

As for case #2, that depends on the version of jCIFS.  In 0.7.19, it doesn't
seem to be #2 because I'm able to get the file transfer started; it just
gets interrupted before it can finish (more on that later).  In 0.8.2, it
never begins transferring the file.

I've been looking at Ethereal traces (not the jCIFS code yet), and it seems
like jCIFS is giving up on the transfer for some reason (possibly the
premature signature verification issue).  In the stack traces, it looks like
both 0.7.19 and 0.8.2 are the same up until the "NT Create AndX Response"
packet.  In that packet, the Win2k3 server is sending back "Create action:
The file existed and was opened".  Both version of jCIFS then send back an
ACK packet, but after that they differ: 0.7.19 sends "Read AndX Request" and
continues to copy the file, but 0.8.2 sends FIN,ACK and closes the
connection, throwing an exception (jcifs.smb.SmbException: Unverifiable

About the interruption problem in 0.7.19:
Once I get a file copy going in 0.7.19, it seems like any CIFS traffic to
the file server will break the file transfer.  I added an extra machine to
the test network, so the network now consists of a Win2k3 server and two
Linux machines (no Samba) running my jCIFS test programs.  If I have jCIFS
client A start a file transfer from the server, and then tell client B to do
an SmbFile.list() operation on the same server, the server sends a NetBIOS
session message (Ethereal says "type unknown e9") to client A, and client A
proceeds to close the connection and throw a signature exception.

I have Ethereal traces of all these events, if anybody's interested.  I'm
going to start looking into the jCIFS code tomorrow and see if I can figure
anything out.  If I make any progress, I'll be sure to let everyone know.


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list