[jcifs] NTLM Authentication with W2003 Server / Bug
K.Streng
hama6789 at online.de
Wed Nov 30 20:22:33 GMT 2005
Hello folks,
I found a bug in jcifs.smb.SmbTransport.
For a SingleSignOn solution with the IExplorer, i programmed a class based on
the file NtlmHttpFilter.java. It works fine with W2000 Server, because with
the switch to W2003 Server the logon fails with the second user.
Corresponding with the manual, I changed ssnLimit to 1 – with the result that
nobody can’t logon because iCIFS throw out the exception
NT_STATUS_ACCESS_VIOLATION.
This causes from the handshake of the NTLM HTTP protocol (3 messages). Because
with each call of the Method “SmbTransport” the first if-condition blocks and
forced the creation of a new “conn”-object although the authentication are not
complete.
The append patch solves this problem by eliminating the first if-condition. I
believe the second if-condition (… conn.sessions.size() < SSN_LIMIT) are
sufficient for the correct handling of SMB signing key for W2003 Server.
K. Streng.
--- jcifs_1.2.7\src\jcifs\smb\SmbTransport.java Fri Nov 18 17:21:00 2005
+++ .\jcifs\src\jcifs\smb\SmbTransport.java Wed Nov 30 21:07:38 2005
@@ -42,14 +42,12 @@
SmbTransport conn;
synchronized( CONNECTIONS ) {
- if( SSN_LIMIT != 1 ) {
- ListIterator iter = CONNECTIONS.listIterator();
- while( iter.hasNext() ) {
- conn = (SmbTransport)iter.next();
- if( conn.matches( address, port, localAddr, localPort ) &&
- ( SSN_LIMIT == 0 || conn.sessions.size() <
SSN_LIMIT )) {
- return conn;
- }
+ ListIterator iter = CONNECTIONS.listIterator();
+ while( iter.hasNext() ) {
+ conn = (SmbTransport)iter.next();
+ if( conn.matches( address, port, localAddr, localPort ) &&
+ ( SSN_LIMIT == 0 || conn.sessions.size() <
SSN_LIMIT )) {
+ return conn;
}
}
More information about the jcifs
mailing list