[jcifs] Please Help Me!

Aris Javier aristotle.javier at eazix.com
Wed Sep 1 06:15:03 GMT 2004 

im sorry.
i don't understand your reply. im new to authentication stuff.
all i want is to get request.getRemoteUser() to work...

do you know any working code, even basic authentication just for 
request.getRemoteUser() to work?

please help! i got sick yesterday because of this.. really no kidding!


-----Original Message-----
From: Eric Glass [mailto:eric.glass at gmail.com] 
Sent: Tuesday, August 31, 2004 6:40 PM
To: Michael B Allen
Cc: Aris Javier; jcifs at lists.samba.org
Subject: Re: [jcifs] Please Help Me!


This would occur if the client is set up for NTLMv2, but
jcifs.smb.client.lmCompatibility isn't set correspondingly.  The fix is
~line 61 of SmbComSessionSetupAndX; currently it does:

accountPassword = auth.getAnsiHash(
session.transport.server.encryptionKey ); unicodePassword =
auth.getUnicodeHash( session.transport.server.encryptionKey );
passwordLength = unicodePasswordLength = 24; // fix for win9x clients if
(unicodePassword.length == 0) unicodePasswordLength = 0;

This should really just be:

accountPassword = auth.getAnsiHash(
session.transport.server.encryptionKey ); passwordLength =
accountPassword.length; unicodePassword = auth.getUnicodeHash(
session.transport.server.encryptionKey ); unicodePasswordLength =
unicodePassword.length; // prohibit HTTP auth attempts for the null
session if (unicodePasswordLength == 0 && passwordLength == 0) {
    throw new RuntimeException("Null setup prohibited.");
}

i.e. the lengths should actually be the lengths of the fields (rather
than hardcoded to 24).

This actually allows full NTLMv2 to work, provided the HTTP server and
SMB server are the same machine (otherwise the host name won't match the
target list).  You don't even have to set
jcifs.smb.client.lmCompatibility in this particular case, as it will
copy the NTLMv2 response directly into the session setup message.


Eric


On Tue, 31 Aug 2004 04:18:23 -0400, Michael B Allen <mba2000 at ioplex.com>
wrote:
> On Tue, 31 Aug 2004 15:36:27 +0800
> "Aris Javier" <aristotle.javier at eazix.com> wrote:
> 
> >      <filter-name>NtlmHttpFilter</filter-name>
> >      <url-pattern>/*</url-pattern>
> >  </filter-mapping>
> >
> >
> > but this error occured;
> >
> > java.lang.ArrayIndexOutOfBoundsException
> > java.lang.System.arraycopy(Native Method) 
> > jcifs.smb.SmbComSessionSetupAndX.writeBytesWireFormat(SmbComSessionS
> > etup
> > AndX.java:118)
> 
> Whooops. That's not supposed to happen. That code is:
> 
> 116   if( session.transport.server.security == SECURITY_USER &&
> 117       ( auth.hashesExternal || auth.password.length() > 0 )) {
> 118    System.arraycopy( accountPassword, 0, dst, dstIndex,
passwordLength
> );
> 119    dstIndex += passwordLength;
> 
> Since this is the first time we're seing this I have to wonder what it

> is about your setup that's different. What web broswer are you using? 
> Is there anything special about the server config? What is the host 
> OS? I'm thinking perhaps the client or server outside of jCIFS 
> jurisdiction is modifying the password hashes such that they are not 
> what the above code expects.
> 
> Mike
> 
> --
> Greedo shoots first? Not in my Star Wars.
>

More information about the jcifs mailing list