[jcifs] Re: jcifs versions (packet-signing)

SAlappatt at unicacorp.com SAlappatt at unicacorp.com
Wed Jan 7 21:18:38 GMT 2004


 Looking forward to the drop.....


"Michael B Allen" <mba2000 at ioplex.com> 
Sent by: jcifs-bounces+salappatt=unicacorp.com at lists.samba.org
01/07/2004 03:31 PM

SAlappatt at unicacorp.com
jcifs at lists.samba.org
Re: [jcifs] Re: jcifs versions (packet-signing)

> I just found out that we do have packet signing turned on to required in
> the win2003 domain controller. jcifs authentication seems to work with
> 0.7.3.  I am using only the HttpFilter functionality of jcifs and do not
> use jcifs after authentication.

As described by Eric, only SMBs that follow authentication need to be 
signed. That is why versions that do not support signing actually work 
servers that require it. Because it was assumed that SMBs would follow
authentication an Exception was coded to be thrown if password hashes are
determined to be inadiquate to generate MAC signing key. However because 
the NTLM
HTTP filter does not send additional SMBs signing will never actually 
occur. The
Exception is only generated if the password hashes are "externel" meaning 
from the
NTLM HTTP Filter but this is precisely the case where signing will never 
Therefore, the solution is simple matter of eliminating this exception so 
additional SMBs will generate a signing error but the NTLM HTTP Filter 
will be
permitted to proceed without error.

I'll fix this and post 0.7.18 tonight.

> I will try to send you guys a packet
> capture ASAP. I have to figure out how to do it first..:-(

Well I don't think we need it any more but for future reference:


> Where do I get jcifs jar of 0.7.12 ?  Does that version have the benign
> "socket closed" stack trace issue?...

Yes it does. Use 0.7.18.


A program should be written to  model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the  potential for it  to be applied  to tasks that are
conceptually similar and, more  important, to tasks that have not
yet been conceived.

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list