[jcifs] Please Help Me!

Eric Glass eric.glass at gmail.com
Tue Aug 31 10:40:24 GMT 2004


This would occur if the client is set up for NTLMv2, but
jcifs.smb.client.lmCompatibility isn't set correspondingly.  The fix
is ~line 61 of SmbComSessionSetupAndX; currently it does:

accountPassword = auth.getAnsiHash( session.transport.server.encryptionKey );
unicodePassword = auth.getUnicodeHash( session.transport.server.encryptionKey );
passwordLength = unicodePasswordLength = 24;
// fix for win9x clients
if (unicodePassword.length == 0) unicodePasswordLength = 0;

This should really just be:

accountPassword = auth.getAnsiHash( session.transport.server.encryptionKey );
passwordLength = accountPassword.length;
unicodePassword = auth.getUnicodeHash( session.transport.server.encryptionKey );
unicodePasswordLength = unicodePassword.length;
// prohibit HTTP auth attempts for the null session
if (unicodePasswordLength == 0 && passwordLength == 0) {
    throw new RuntimeException("Null setup prohibited.");
}

i.e. the lengths should actually be the lengths of the fields (rather
than hardcoded to 24).

This actually allows full NTLMv2 to work, provided the HTTP server and
SMB server are the same machine (otherwise the host name won't match
the target list).  You don't even have to set
jcifs.smb.client.lmCompatibility in this particular case, as it will
copy the NTLMv2 response directly into the session setup message.


Eric


On Tue, 31 Aug 2004 04:18:23 -0400, Michael B Allen <mba2000 at ioplex.com> wrote:
> On Tue, 31 Aug 2004 15:36:27 +0800
> "Aris Javier" <aristotle.javier at eazix.com> wrote:
> 
> >      <filter-name>NtlmHttpFilter</filter-name>
> >      <url-pattern>/*</url-pattern>
> >  </filter-mapping>
> >
> >
> > but this error occured;
> >
> > java.lang.ArrayIndexOutOfBoundsException
> > java.lang.System.arraycopy(Native Method)
> > jcifs.smb.SmbComSessionSetupAndX.writeBytesWireFormat(SmbComSessionSetup
> > AndX.java:118)
> 
> Whooops. That's not supposed to happen. That code is:
> 
> 116   if( session.transport.server.security == SECURITY_USER &&
> 117       ( auth.hashesExternal || auth.password.length() > 0 )) {
> 118    System.arraycopy( accountPassword, 0, dst, dstIndex, passwordLength
> );
> 119    dstIndex += passwordLength;
> 
> Since this is the first time we're seing this I have to wonder what it
> is about your setup that's different. What web broswer are you using? Is
> there anything special about the server config? What is the host OS? I'm
> thinking perhaps the client or server outside of jCIFS jurisdiction
> is modifying the password hashes such that they are not what the above
> code expects.
> 
> Mike
> 
> --
> Greedo shoots first? Not in my Star Wars.
>


More information about the jcifs mailing list