[jcifs] Please Help Me!

Aris Javier aristotle.javier at eazix.com
Thu Sep 2 02:09:04 GMT 2004 

Eureka!

i found it Eric!

My error seems to be from JspIsapi filter.. because i ran
my app with 8080 port.. http://localhost:8080/ces and it worked
fine and got request.getRemoteUser() to work! it returns 
my name! =)

but the problem now is why JspIsapi filter failed?
i bought this from neurospeech.com.. $50... just to remove 8080
port number from URL.. 

do you know any workaround on this?

-----Original Message-----
From: Eric Glass [mailto:eric.glass at gmail.com] 
Sent: Wednesday, September 01, 2004 8:07 PM
To: Aris Javier
Cc: Michael B Allen; jcifs at lists.samba.org
Subject: Re: [jcifs] Please Help Me!


Inside your filter declaration, just add:

<init-param>
    <param-name>jcifs.smb.lmCompatibility</param-name>
    <param-value>3</param-value>
</init-param>

This should work fine.  If you want HTTP basic to be offered as well as
NTLM (to support browsers which don't work with NTLM), you would also
add:

<init-param>
    <param-name>jcifs.http.insecureBasic</param-name>
    <param-value>true</param-value>
</init-param>

So from your previous post, the full setup would be like:

 <filter>
     <filter-name>NtlmHttpFilter</filter-name>
     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
     <init-param>
         <param-name>jcifs.smb.client.domain</param-name>
         <param-value>EAZIX</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.netbios.wins</param-name>
         <param-value>192.168.63.1</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.smb.lmCompatibility</param-name>
         <param-value>3</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.http.insecureBasic</param-name>
         <param-value>true</param-value>
     </init-param>
 </filter>
 <filter-mapping>
     <filter-name>NtlmHttpFilter</filter-name>
     <url-pattern>/*</url-pattern>
 </filter-mapping>


jCIFS should work properly in *all* NTLMv2 scenarios with
lmCompatibility set; the previous patch would just get rid of this
particular error when someone has their clients set up for NTLMv2 but
jCIFS has lmCompatibility < 3.


Eric


On Wed, 1 Sep 2004 14:15:03 +0800, Aris Javier
<aristotle.javier at eazix.com> wrote:
> im sorry.
> i don't understand your reply. im new to authentication stuff. all i 
> want is to get request.getRemoteUser() to work...
> 
> do you know any working code, even basic authentication just for
> request.getRemoteUser() to work?
> 
> please help! i got sick yesterday because of this.. really no kidding!
> 
> 
> 
> 
> -----Original Message-----
> From: Eric Glass [mailto:eric.glass at gmail.com]
> Sent: Tuesday, August 31, 2004 6:40 PM
> To: Michael B Allen
> Cc: Aris Javier; jcifs at lists.samba.org
> Subject: Re: [jcifs] Please Help Me!
> 
> This would occur if the client is set up for NTLMv2, but 
> jcifs.smb.client.lmCompatibility isn't set correspondingly.  The fix 
> is ~line 61 of SmbComSessionSetupAndX; currently it does:
> 
> accountPassword = auth.getAnsiHash( 
> session.transport.server.encryptionKey ); unicodePassword = 
> auth.getUnicodeHash( session.transport.server.encryptionKey ); 
> passwordLength = unicodePasswordLength = 24; // fix for win9x clients 
> if (unicodePassword.length == 0) unicodePasswordLength = 0;
> 
> This should really just be:
> 
> accountPassword = auth.getAnsiHash( 
> session.transport.server.encryptionKey ); passwordLength = 
> accountPassword.length; unicodePassword = auth.getUnicodeHash( 
> session.transport.server.encryptionKey ); unicodePasswordLength = 
> unicodePassword.length; // prohibit HTTP auth attempts for the null 
> session if (unicodePasswordLength == 0 && passwordLength == 0) {
>    throw new RuntimeException("Null setup prohibited.");
> }
> 
> i.e. the lengths should actually be the lengths of the fields (rather 
> than hardcoded to 24).
> 
> This actually allows full NTLMv2 to work, provided the HTTP server and

> SMB server are the same machine (otherwise the host name won't match 
> the target list).  You don't even have to set 
> jcifs.smb.client.lmCompatibility in this particular case, as it will 
> copy the NTLMv2 response directly into the session setup message.
> 
> Eric
> 
> On Tue, 31 Aug 2004 04:18:23 -0400, Michael B Allen 
> <mba2000 at ioplex.com>
> wrote:
> > On Tue, 31 Aug 2004 15:36:27 +0800
> > "Aris Javier" <aristotle.javier at eazix.com> wrote:
> >
> > >      <filter-name>NtlmHttpFilter</filter-name>
> > >      <url-pattern>/*</url-pattern>
> > >  </filter-mapping>
> > >
> > >
> > > but this error occured;
> > >
> > > java.lang.ArrayIndexOutOfBoundsException
> > > java.lang.System.arraycopy(Native Method) 
> > > jcifs.smb.SmbComSessionSetupAndX.writeBytesWireFormat(SmbComSessio
> > > nS
> > > etup
> > > AndX.java:118)
> >
> > Whooops. That's not supposed to happen. That code is:
> >
> > 116   if( session.transport.server.security == SECURITY_USER &&
> > 117       ( auth.hashesExternal || auth.password.length() > 0 )) {
> > 118    System.arraycopy( accountPassword, 0, dst, dstIndex,
> passwordLength
> > );
> > 119    dstIndex += passwordLength;
> >
> > Since this is the first time we're seing this I have to wonder what 
> > it
> 
> > is about your setup that's different. What web broswer are you 
> > using? Is there anything special about the server config? What is 
> > the host OS? I'm thinking perhaps the client or server outside of 
> > jCIFS jurisdiction is modifying the password hashes such that they 
> > are not what the above code expects.
> >
> > Mike
> >
> > --
> > Greedo shoots first? Not in my Star Wars.
> >
>

More information about the jcifs mailing list