[jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile constructor

Wang, Tony Tony.Wang at McKesson.com
Fri Dec 15 13:50:57 GMT 2006 

I like your solutions and thanks so much for your dedications. -:).

Tony

-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: Thursday, December 14, 2006 10:58 PM
To: Eric Glass
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile
constructor

Not only that but I think this might be specific to URLs with passwords
that have a '%' in it because that is the only character that would be
incorrectly interpreted by the Handler on a second pass. It's a bug,
but it's a small one that we have lived with for 6+ years now. In fact,
I'm not convinced it's worth the extra overhead of re-escaping all URLs
of SmbFile children. A better fix might be to simply put something in
the documentation like "a % cannot be used in a password embedded in a
URL" :->

Mike

On Thu, 14 Dec 2006 22:45:37 -0500
"Eric Glass" <eric.glass at gmail.com> wrote:

> Note that the existing version works with the
> NtlmPasswordAuthentication constructor (which is preferred anyway);
> i.e. rather than embedding the credentials in the URL.
> 
> On 12/14/06, Paul Ling <drpaulling at msn.com> wrote:
> > Where and when I can get the fixed version of jcifs.jar? if this bug
has not
> > fixed, I cannot call listFiles and mkdirs()!
> >
> >
> > >From: "Eric Glass" <eric.glass at gmail.com>
> > >To: "Michael B Allen" <mba2000 at ioplex.com>
> > >CC: "Paul Ling" <drpaulling at msn.com>, jcifs at lists.samba.org
> > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about
SmbFile
> > >constructor
> > >Date: Wed, 13 Dec 2006 06:55:02 -0500
> > >
> > >>The bottom line is:
> > >>
> > >>1) SmbFile passes URLs directly to java.net.URL. So whatever the
case is,
> > >>it's a problem with java.net.URL. You can see the exceptions are
being
> > >>thrown from within java.net.URL. We could probably work around it
but ...
> > >>
> > >
> > >The problem is that our jcifs.smb.Handler class (which interprets
the
> > >raw URL string on behalf of java.net.URL) unescapes the userinfo
> > >during parsing, which is inconsistent with "normal"
URLStreamHandler
> > >implementations:
> > >
> > >
> > >import java.net.*;
> > >
> > >public class testurl {
> > >
> > >    public static void main(String[] args) throws Exception {
> > >        URL url = new URL("http://test:test%25n1234@example.com/");
> > >        System.out.println(url.getUserInfo()); // prints
> > >"test:test%25n1234"
> > >        System.setProperty("java.protocol.handler.pkgs", "jcifs");
> > >        url = new URL("smb://test:test%25n1234@example.com/");
> > >        System.out.println(url.getUserInfo()); // prints
"test:test%n1234"
> > >    }
> > >
> > >}
> > >
> > >
> > >The issue arises when the SmbFile(SmbFile, String) constructor is
> > >called and the base SmbFile was created as above; the underlying
base
> > >URL now holds the userinfo in an unescaped representation (i.e.
> > >"test%n1234"), and creating a relative SMB URL tries to unescape it
a
> > >second time.
> > >
> > >The solution is to move the unescape code from the Handler class
into
> > >the NtlmPasswordAuthentication(String) constructor (patch
attached).
> > >I don't think this would have any impact outside of this
constructor
> > >(which is only there to support the Handler anyway) but your
mileage
> > >may vary...
> > >
> > >
> > >Eric
> >
> >
> > ><< urlfix.patch >>
> >
> > _________________________________________________________________
> > Don't just search. Find. Check out the new MSN Search!
> > http://search.msn.com/
> >
> >
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list