[jcifs] there is a mistake in jcifs-1.2.9.jar aboutSmbFileconstructor

Paul Ling drpaulling at msn.com
Fri Dec 15 18:13:00 GMT 2006 

Yes, I found that the listFiles() and mkdirs() member functions of SmbFile 
use the SmbFile(SmbFile, String) constuctor too. These two function is also 
very important.


>From: "Burkes, Terry" <terry.burkes at hp.com>
>To: "Michael B Allen" <mba2000 at ioplex.com>
>CC: jcifs at lists.samba.org
>Subject: RE: [jcifs] there is a mistake in jcifs-1.2.9.jar 
>aboutSmbFileconstructor
>Date: Fri, 15 Dec 2006 10:25:53 -0700
>
>  I encountered this problem in the copyTo method when I used a password
>with a '%' in it. I must use that particular password, so I wrote my own
>copyTo methods that work with the password. The rewrite avoids the
>SmbFile constructor problem. It might be worth fixing copyTo, since that
>is such a useful method.
>
>
>Terry Burkes
>Indigo Digital Press   Hewlett-Packard Company
>
>-----Original Message-----
>From: jcifs-bounces+terry.burkes=hp.com at lists.samba.org
>[mailto:jcifs-bounces+terry.burkes=hp.com at lists.samba.org] On Behalf Of
>Michael B Allen
>Sent: Thursday, December 14, 2006 8:58 PM
>To: Eric Glass
>Cc: jcifs at lists.samba.org
>Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about
>SmbFileconstructor
>
>Not only that but I think this might be specific to URLs with passwords
>that have a '%' in it because that is the only character that would be
>incorrectly interpreted by the Handler on a second pass. It's a bug, but
>it's a small one that we have lived with for 6+ years now. In fact, I'm
>not convinced it's worth the extra overhead of re-escaping all URLs of
>SmbFile children. A better fix might be to simply put something in the
>documentation like "a % cannot be used in a password embedded in a URL"
>:->
>
>Mike
>
>On Thu, 14 Dec 2006 22:45:37 -0500
>"Eric Glass" <eric.glass at gmail.com> wrote:
>
> > Note that the existing version works with the
> > NtlmPasswordAuthentication constructor (which is preferred anyway);
> > i.e. rather than embedding the credentials in the URL.
> >
> > On 12/14/06, Paul Ling <drpaulling at msn.com> wrote:
> > > Where and when I can get the fixed version of jcifs.jar? if this bug
>
> > > has not fixed, I cannot call listFiles and mkdirs()!
> > >
> > >
> > > >From: "Eric Glass" <eric.glass at gmail.com>
> > > >To: "Michael B Allen" <mba2000 at ioplex.com>
> > > >CC: "Paul Ling" <drpaulling at msn.com>, jcifs at lists.samba.org
> > > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about
> > > >SmbFile constructor
> > > >Date: Wed, 13 Dec 2006 06:55:02 -0500
> > > >
> > > >>The bottom line is:
> > > >>
> > > >>1) SmbFile passes URLs directly to java.net.URL. So whatever the
> > > >>case is, it's a problem with java.net.URL. You can see the
> > > >>exceptions are being thrown from within java.net.URL. We could
>probably work around it but ...
> > > >>
> > > >
> > > >The problem is that our jcifs.smb.Handler class (which interprets
> > > >the raw URL string on behalf of java.net.URL) unescapes the
> > > >userinfo during parsing, which is inconsistent with "normal"
> > > >URLStreamHandler
> > > >implementations:
> > > >
> > > >
> > > >import java.net.*;
> > > >
> > > >public class testurl {
> > > >
> > > >    public static void main(String[] args) throws Exception {
> > > >        URL url = new URL("http://test:test%25n1234@example.com/");
> > > >        System.out.println(url.getUserInfo()); // prints
> > > >"test:test%25n1234"
> > > >        System.setProperty("java.protocol.handler.pkgs", "jcifs");
> > > >        url = new URL("smb://test:test%25n1234@example.com/");
> > > >        System.out.println(url.getUserInfo()); // prints
>"test:test%n1234"
> > > >    }
> > > >
> > > >}
> > > >
> > > >
> > > >The issue arises when the SmbFile(SmbFile, String) constructor is
> > > >called and the base SmbFile was created as above; the underlying
> > > >base URL now holds the userinfo in an unescaped representation
>(i.e.
> > > >"test%n1234"), and creating a relative SMB URL tries to unescape it
>
> > > >a second time.
> > > >
> > > >The solution is to move the unescape code from the Handler class
> > > >into the NtlmPasswordAuthentication(String) constructor (patch
>attached).
> > > >I don't think this would have any impact outside of this
> > > >constructor (which is only there to support the Handler anyway) but
>
> > > >your mileage may vary...
> > > >
> > > >
> > > >Eric
> > >
> > >
> > > ><< urlfix.patch >>
> > >
> > > _________________________________________________________________
> > > Don't just search. Find. Check out the new MSN Search!
> > > http://search.msn.com/
> > >
> > >
> >
>
>
>--
>Michael B Allen
>PHP Active Directory SSO
>http://www.ioplex.com/

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the jcifs mailing list