[jcifs] Re: jcifs versions (packet-signing)
SAlappatt at unicacorp.com
SAlappatt at unicacorp.com
Wed Jan 7 21:18:38 GMT 2004
Thanks,
Looking forward to the drop.....
cheers,
-Siby
"Michael B Allen" <mba2000 at ioplex.com>
Sent by: jcifs-bounces+salappatt=unicacorp.com at lists.samba.org
01/07/2004 03:31 PM
To
SAlappatt at unicacorp.com
cc
jcifs at lists.samba.org
Subject
Re: [jcifs] Re: jcifs versions (packet-signing)
> I just found out that we do have packet signing turned on to required in
> the win2003 domain controller. jcifs authentication seems to work with
> 0.7.3. I am using only the HttpFilter functionality of jcifs and do not
> use jcifs after authentication.
As described by Eric, only SMBs that follow authentication need to be
actually
signed. That is why versions that do not support signing actually work
with
servers that require it. Because it was assumed that SMBs would follow
authentication an Exception was coded to be thrown if password hashes are
determined to be inadiquate to generate MAC signing key. However because
the NTLM
HTTP filter does not send additional SMBs signing will never actually
occur. The
Exception is only generated if the password hashes are "externel" meaning
from the
NTLM HTTP Filter but this is precisely the case where signing will never
occur.
Therefore, the solution is simple matter of eliminating this exception so
that
additional SMBs will generate a signing error but the NTLM HTTP Filter
will be
permitted to proceed without error.
I'll fix this and post 0.7.18 tonight.
> I will try to send you guys a packet
> capture ASAP. I have to figure out how to do it first..:-(
Well I don't think we need it any more but for future reference:
http://users.erols.com/mballen/jcifs/capture.html
>
> Where do I get jcifs jar of 0.7.12 ? Does that version have the benign
> "socket closed" stack trace issue?...
Yes it does. Use 0.7.18.
Mike
--
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and, more important, to tasks that have not
yet been conceived.
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list