[jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile
constructor
Eric Glass
eric.glass at gmail.com
Fri Dec 15 18:05:13 GMT 2006
The patch I sent earlier doesn't actually re-escape the URL; instead
it avoids unescaping it altogether (which is consistent with the
out-of-box handlers). The current code unescapes it so it can be
passed into the NtlmPasswordAuthentication constructor, so the patch
just moves the unescape into the NPA constructor itself.
On 12/14/06, Michael B Allen <mba2000 at ioplex.com> wrote:
> Not only that but I think this might be specific to URLs with passwords
> that have a '%' in it because that is the only character that would be
> incorrectly interpreted by the Handler on a second pass. It's a bug,
> but it's a small one that we have lived with for 6+ years now. In fact,
> I'm not convinced it's worth the extra overhead of re-escaping all URLs
> of SmbFile children. A better fix might be to simply put something in
> the documentation like "a % cannot be used in a password embedded in a
> URL" :->
>
> Mike
>
> On Thu, 14 Dec 2006 22:45:37 -0500
> "Eric Glass" <eric.glass at gmail.com> wrote:
>
> > Note that the existing version works with the
> > NtlmPasswordAuthentication constructor (which is preferred anyway);
> > i.e. rather than embedding the credentials in the URL.
> >
> > On 12/14/06, Paul Ling <drpaulling at msn.com> wrote:
> > > Where and when I can get the fixed version of jcifs.jar? if this bug has not
> > > fixed, I cannot call listFiles and mkdirs()!
> > >
> > >
> > > >From: "Eric Glass" <eric.glass at gmail.com>
> > > >To: "Michael B Allen" <mba2000 at ioplex.com>
> > > >CC: "Paul Ling" <drpaulling at msn.com>, jcifs at lists.samba.org
> > > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile
> > > >constructor
> > > >Date: Wed, 13 Dec 2006 06:55:02 -0500
> > > >
> > > >>The bottom line is:
> > > >>
> > > >>1) SmbFile passes URLs directly to java.net.URL. So whatever the case is,
> > > >>it's a problem with java.net.URL. You can see the exceptions are being
> > > >>thrown from within java.net.URL. We could probably work around it but ...
> > > >>
> > > >
> > > >The problem is that our jcifs.smb.Handler class (which interprets the
> > > >raw URL string on behalf of java.net.URL) unescapes the userinfo
> > > >during parsing, which is inconsistent with "normal" URLStreamHandler
> > > >implementations:
> > > >
> > > >
> > > >import java.net.*;
> > > >
> > > >public class testurl {
> > > >
> > > > public static void main(String[] args) throws Exception {
> > > > URL url = new URL("http://test:test%25n1234@example.com/");
> > > > System.out.println(url.getUserInfo()); // prints
> > > >"test:test%25n1234"
> > > > System.setProperty("java.protocol.handler.pkgs", "jcifs");
> > > > url = new URL("smb://test:test%25n1234@example.com/");
> > > > System.out.println(url.getUserInfo()); // prints "test:test%n1234"
> > > > }
> > > >
> > > >}
> > > >
> > > >
> > > >The issue arises when the SmbFile(SmbFile, String) constructor is
> > > >called and the base SmbFile was created as above; the underlying base
> > > >URL now holds the userinfo in an unescaped representation (i.e.
> > > >"test%n1234"), and creating a relative SMB URL tries to unescape it a
> > > >second time.
> > > >
> > > >The solution is to move the unescape code from the Handler class into
> > > >the NtlmPasswordAuthentication(String) constructor (patch attached).
> > > >I don't think this would have any impact outside of this constructor
> > > >(which is only there to support the Handler anyway) but your mileage
> > > >may vary...
> > > >
> > > >
> > > >Eric
> > >
> > >
> > > ><< urlfix.patch >>
> > >
> > > _________________________________________________________________
> > > Don't just search. Find. Check out the new MSN Search!
> > > http://search.msn.com/
> > >
> > >
> >
>
>
> --
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
>
More information about the jcifs
mailing list