[jcifs] Re: jcifs / davenport / dfs

[Michael B Allen]

Please send all messages to the jCIFS mailing list.

mourik jan c heupink said:
> dear Michael B Allen,
>
> just a quick question: what is the current status of using dfs with
> davenport? Read some things on jcifs mailing list, no real answer
> however... Should it work, or should it not work?

Currently it will not but the technique for making it work has been
established and is illustrated in the NetworkExplorer servlet [1]. There
is still one remaining issue that needs to be fixed however those changes
[2] should reside entirely within the jCIFS library.

Mike

[1] The jCIFS library will throw the now public DfsReferral if the
supplied password hashes are "external" and a DFS referral has occured.
The caller is then required to renegotiate the password hashes for the new
target provided by the DfsReferral.node member. The simplest method for
performing this renegotiation is to simply do resp.sendRedirect with the
new URL as NetworkExplorer does.

[2] Currently if the SmbTransport to the server closes before the user's
HTTP session the NtlmPasswordAuthentication object stored in the user's
HTTP session will be invalid. Subsequent requests will result in
authentication failure on the server. JCIFS needs to be modified to never
use invalid NPA credentials. It's not clear yet how that will be done
precisely. Also, please be advised that the attribute name of the NPA
credentials in NetworkExplorer is now "npa-servername" where "servername"
is the name of the server from which the challenge was obtained to
generate the associated NPA (note this has nothing to do with the
NtlmHttpFilter -- that remains "NtlmHttpAuth"). This permits the user to
store multiple NPAs for browsing accross different targets without causing
authentication failure. As a general rule the jCIFS library or other
associated applications should never attempt to use invalid NPA
credentials.