[jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile constructor

Michael B Allen mba2000 at ioplex.com
Wed Dec 13 03:26:39 GMT 2006 

Mmm, I thought that worked one way or the other. I guess not.

The bottom line is:

1) SmbFile passes URLs directly to java.net.URL. So whatever the case is,
it's a problem with java.net.URL. You can see the exceptions are being
thrown from within java.net.URL. We could probably work around it but ...

2) The correct method for supplying credentials is with the
NtlmPasswordAuthentication class. Putting credentials within a URL is
considered bad practice.

Yes, we should fix this, but we won't in 1.x because the correct fix is
to move to java.net.URI and that is a change that is far too pervasive
to happen in the 1.x branch.

If your application depends on this working and it's too late to change it
then you could add a method call to each SmbFile constructor to rebuild
URLs that contain escapes in them.

Thanks for the bug report though. We do appreciate it and I do keep
track of bug reports (although this one's so old it never made it onto
The List).

Mike

On Wed, 13 Dec 2006 07:03:11 +0800
"Paul Ling" <drpaulling at msn.com> wrote:

> What's your means? not escaped?
> 
> If use the such URL:
>      smb://administrator:ab%mx@10.10.1.140/record
> then you will get the following exception at first SmbFile contructor call.
> 
> java.net.MalformedURLException: For input string: "mx"
> 	at java.net.URL.<init>(URL.java:601)
> 	at jcifs.smb.SmbFile.<init>(SmbFile.java:437)
> 
> If escaped the password in URL string, you will get the same exception at 
> second SmbFile Contructor call.  Is it not a problem?
> 
> Paul Ling
> 
> >From: Michael B Allen <mba2000 at ioplex.com>
> >To: "Paul Ling" <drpaulling at msn.com>
> >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile 
> >constructor
> >Date: Tue, 12 Dec 2006 15:54:05 -0500
> >
> >Ok, so it's not escaped. Whatever the URL class wants is what SmbFile
> >accepts. See the API documentation for the URL class.
> >
> >Also, you should never use credentials in the URL anyway. Use the
> >NtlmPasswordAuthentication class.
> >
> >Mike
> >
> >PS: Please send all messages to the jcifs mailing list.
> >
> >On Wed, 13 Dec 2006 03:32:20 +0800
> >"Paul Ling" <drpaulling at msn.com> wrote:
> >
> > > Michael:
> > >
> > > Please try the following code sample, the real password is "ab%mx".
> > >
> > > try {
> > > 	String url = "smb://administrator:ab%25mx@10.10.1.140/record";
> > > 	SmbFile smbfile = new SmbFile(url);
> > > 	SmbFile subfile = new SmbFile(smbfile, "write.txt");
> > > } catch (IOException e) {
> > > 	e.printStackTrace();
> > > }
> > >
> > >
> > >
> > > >From: Michael B Allen <mba2000 at ioplex.com>
> > > >To: "Paul Ling" <drpaulling at msn.com>
> > > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about 
> >SmbFile
> > > >constructor
> > > >Date: Mon, 11 Dec 2006 13:56:31 -0500
> > > >
> > > >This uses the URI class. If you find a problem using URL, let us know.
> > > >
> > > >Mike
> > > >
> > > >On Tue, 12 Dec 2006 02:25:18 +0800
> > > >"Paul Ling" <drpaulling at msn.com> wrote:
> > > >
> > > > > Code Sample
> > > > > URI uri = new URI("smb", "administrator:%?$ 
> >;\\,./:#@*&!^()-+_=|~<>`",
> > > > > "10.10.1.140", -1, "/record", null, null);
> > > > > SmbFile smbfile = new SmbFile(uri.toASCIIString());
> > > > > SmbFile subfile = new SmbFile(smbfile, "write.txt");
> > > > >
> > > > > you can trace into the second contructor of SmbFile() and get the
> > > >following
> > > > > exception:
> > > > > java.net.MalformedURLException: For input string: "?$"
> > > > > at java.net.URL.<init>(URL.java:601)
> > > > > at jcifs.smb.SmbFile.<init>(SmbFile.java:457)
> > > > >
> > > > > I use URI to encoding the URL for SmbFile only. If you don't want to 
> >use
> > > >it,
> > > > > you can send escaped URL string to the first SmbFile contructor. If 
> >I
> > > >send
> > > > > the escaped password in this sample then the server of the shared 
> >folder
> > > > > will verify password failed.
> > > > >
> > > > >
> > > > > >From: Michael B Allen <mba2000 at ioplex.com>
> > > > > >To: "Paul Ling" <drpaulling at msn.com>
> > > > > >CC: jcifs at lists.samba.org
> > > > > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about
> > > >SmbFile
> > > > > >constructor
> > > > > >Date: Sat, 9 Dec 2006 00:43:17 -0500
> > > > > >
> > > > > >On Sat, 09 Dec 2006 09:08:24 +0800
> > > > > >"Paul Ling" <drpaulling at msn.com> wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > I think there is a mistake in jcifs-1.2.9.jar about SmbFile
> > > >Constructor
> > > > > >that
> > > > > > > accept a parent SmbFile and sub name as parameter, if the parent
> > > >SmbFile
> > > > > >has
> > > > > > > user password and the password include the charactors "%,?,
> > > > > > > ,\,/,#,@,^,|,<,>,`,Tab".
> > > > > > >
> > > > > > > The reason is at jcifs.smb.Handler.parseURL(), Line 94:
> > > > > > >         try {
> > > > > > >             userinfo = unescape( userinfo );
> > > > > > >         } catch( UnsupportedEncodingException uee ) {
> > > > > > >         }
> > > > > > >
> > > > > > > The userInfo of java.net.URL has been unescaped. it should not 
> >be
> > > > > >unescape
> > > > > > > here again.
> > > > > >
> > > > > >Since when? I distinctly recall users escaping these characters so 
> >if
> > > > > >what you say is true they would have reported this problem long 
> >ago.
> > > >Can
> > > > > >you post a very simple example that clearly illustrates the 
> >failure?
> > > >One
> > > > > >that does not use java.net.URI?
> > > > > >
> > > > > > > BTW, the userInfo of java.net.URI is escaped.
> > > > > >
> > > > > >I think switching to URI could be dangerous since java.net.URL is
> > > >hooked
> > > > > >deeply into these APIs. Any change in semantics and we could be 
> >trying
> > > >to
> > > > > >hash out subtle bugs for weeks. That sounds like something for 
> >JCIFS
> > > >2.0.
> > > > > >
> > > > > >--
> > > > > >Michael B Allen
> > > > > >PHP Active Directory SSO
> > > > > >http://www.ioplex.com/
> > > > >
> > > > > _________________________________________________________________
> > > > > Express yourself instantly with MSN Messenger! Download today it's 
> >FREE!
> > > > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > > > >
> > > >
> > > >
> > > >--
> > > >Michael B Allen
> > > >PHP Active Directory SSO
> > > >http://www.ioplex.com/
> > >
> > > _________________________________________________________________
> > > FREE pop-up blocking with the new MSN Toolbar - get it now!
> > > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> > >
> >
> >
> >--
> >Michael B Allen
> >PHP Active Directory SSO
> >http://www.ioplex.com/
> 
> _________________________________________________________________
> Don't just search. Find. Check out the new MSN Search! 
> http://search.msn.com/
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list