[jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFileconstructor

Burkes, Terry terry.burkes at hp.com
Fri Dec 15 17:25:53 GMT 2006 

 I encountered this problem in the copyTo method when I used a password
with a '%' in it. I must use that particular password, so I wrote my own
copyTo methods that work with the password. The rewrite avoids the
SmbFile constructor problem. It might be worth fixing copyTo, since that
is such a useful method.


Terry Burkes             
Indigo Digital Press   Hewlett-Packard Company

-----Original Message-----
From: jcifs-bounces+terry.burkes=hp.com at lists.samba.org
[mailto:jcifs-bounces+terry.burkes=hp.com at lists.samba.org] On Behalf Of
Michael B Allen
Sent: Thursday, December 14, 2006 8:58 PM
To: Eric Glass
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about
SmbFileconstructor

Not only that but I think this might be specific to URLs with passwords
that have a '%' in it because that is the only character that would be
incorrectly interpreted by the Handler on a second pass. It's a bug, but
it's a small one that we have lived with for 6+ years now. In fact, I'm
not convinced it's worth the extra overhead of re-escaping all URLs of
SmbFile children. A better fix might be to simply put something in the
documentation like "a % cannot be used in a password embedded in a URL"
:->

Mike

On Thu, 14 Dec 2006 22:45:37 -0500
"Eric Glass" <eric.glass at gmail.com> wrote:

> Note that the existing version works with the 
> NtlmPasswordAuthentication constructor (which is preferred anyway); 
> i.e. rather than embedding the credentials in the URL.
> 
> On 12/14/06, Paul Ling <drpaulling at msn.com> wrote:
> > Where and when I can get the fixed version of jcifs.jar? if this bug

> > has not fixed, I cannot call listFiles and mkdirs()!
> >
> >
> > >From: "Eric Glass" <eric.glass at gmail.com>
> > >To: "Michael B Allen" <mba2000 at ioplex.com>
> > >CC: "Paul Ling" <drpaulling at msn.com>, jcifs at lists.samba.org
> > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about 
> > >SmbFile constructor
> > >Date: Wed, 13 Dec 2006 06:55:02 -0500
> > >
> > >>The bottom line is:
> > >>
> > >>1) SmbFile passes URLs directly to java.net.URL. So whatever the 
> > >>case is, it's a problem with java.net.URL. You can see the 
> > >>exceptions are being thrown from within java.net.URL. We could
probably work around it but ...
> > >>
> > >
> > >The problem is that our jcifs.smb.Handler class (which interprets 
> > >the raw URL string on behalf of java.net.URL) unescapes the 
> > >userinfo during parsing, which is inconsistent with "normal" 
> > >URLStreamHandler
> > >implementations:
> > >
> > >
> > >import java.net.*;
> > >
> > >public class testurl {
> > >
> > >    public static void main(String[] args) throws Exception {
> > >        URL url = new URL("http://test:test%25n1234@example.com/");
> > >        System.out.println(url.getUserInfo()); // prints 
> > >"test:test%25n1234"
> > >        System.setProperty("java.protocol.handler.pkgs", "jcifs");
> > >        url = new URL("smb://test:test%25n1234@example.com/");
> > >        System.out.println(url.getUserInfo()); // prints
"test:test%n1234"
> > >    }
> > >
> > >}
> > >
> > >
> > >The issue arises when the SmbFile(SmbFile, String) constructor is 
> > >called and the base SmbFile was created as above; the underlying 
> > >base URL now holds the userinfo in an unescaped representation
(i.e.
> > >"test%n1234"), and creating a relative SMB URL tries to unescape it

> > >a second time.
> > >
> > >The solution is to move the unescape code from the Handler class 
> > >into the NtlmPasswordAuthentication(String) constructor (patch
attached).
> > >I don't think this would have any impact outside of this 
> > >constructor (which is only there to support the Handler anyway) but

> > >your mileage may vary...
> > >
> > >
> > >Eric
> >
> >
> > ><< urlfix.patch >>
> >
> > _________________________________________________________________
> > Don't just search. Find. Check out the new MSN Search!
> > http://search.msn.com/
> >
> >
> 


--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list