[jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile constructor

Michael B Allen mba2000 at ioplex.com
Fri Dec 15 18:25:58 GMT 2006 

So once the NPA is created the auth member is passed to
children. Good. And I see unescaping is only done with the userInfo
version of the NPA constructor which is good because I would not want the
regualr domain, user, pass NPA construtor to try to unescape the password.

Ok, I'm sure this will make it in but not in a stable release.

Mike

On Fri, 15 Dec 2006 13:05:13 -0500
"Eric Glass" <eric.glass at gmail.com> wrote:

> The patch I sent earlier doesn't actually re-escape the URL; instead
> it avoids unescaping it altogether (which is consistent with the
> out-of-box handlers).  The current code unescapes it so it can be
> passed into the NtlmPasswordAuthentication constructor, so the patch
> just moves the unescape into the NPA constructor itself.
> 
> On 12/14/06, Michael B Allen <mba2000 at ioplex.com> wrote:
> > Not only that but I think this might be specific to URLs with passwords
> > that have a '%' in it because that is the only character that would be
> > incorrectly interpreted by the Handler on a second pass. It's a bug,
> > but it's a small one that we have lived with for 6+ years now. In fact,
> > I'm not convinced it's worth the extra overhead of re-escaping all URLs
> > of SmbFile children. A better fix might be to simply put something in
> > the documentation like "a % cannot be used in a password embedded in a
> > URL" :->
> >
> > Mike
> >
> > On Thu, 14 Dec 2006 22:45:37 -0500
> > "Eric Glass" <eric.glass at gmail.com> wrote:
> >
> > > Note that the existing version works with the
> > > NtlmPasswordAuthentication constructor (which is preferred anyway);
> > > i.e. rather than embedding the credentials in the URL.
> > >
> > > On 12/14/06, Paul Ling <drpaulling at msn.com> wrote:
> > > > Where and when I can get the fixed version of jcifs.jar? if this bug has not
> > > > fixed, I cannot call listFiles and mkdirs()!
> > > >
> > > >
> > > > >From: "Eric Glass" <eric.glass at gmail.com>
> > > > >To: "Michael B Allen" <mba2000 at ioplex.com>
> > > > >CC: "Paul Ling" <drpaulling at msn.com>, jcifs at lists.samba.org
> > > > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile
> > > > >constructor
> > > > >Date: Wed, 13 Dec 2006 06:55:02 -0500
> > > > >
> > > > >>The bottom line is:
> > > > >>
> > > > >>1) SmbFile passes URLs directly to java.net.URL. So whatever the case is,
> > > > >>it's a problem with java.net.URL. You can see the exceptions are being
> > > > >>thrown from within java.net.URL. We could probably work around it but ...
> > > > >>
> > > > >
> > > > >The problem is that our jcifs.smb.Handler class (which interprets the
> > > > >raw URL string on behalf of java.net.URL) unescapes the userinfo
> > > > >during parsing, which is inconsistent with "normal" URLStreamHandler
> > > > >implementations:
> > > > >
> > > > >
> > > > >import java.net.*;
> > > > >
> > > > >public class testurl {
> > > > >
> > > > >    public static void main(String[] args) throws Exception {
> > > > >        URL url = new URL("http://test:test%25n1234@example.com/");
> > > > >        System.out.println(url.getUserInfo()); // prints
> > > > >"test:test%25n1234"
> > > > >        System.setProperty("java.protocol.handler.pkgs", "jcifs");
> > > > >        url = new URL("smb://test:test%25n1234@example.com/");
> > > > >        System.out.println(url.getUserInfo()); // prints "test:test%n1234"
> > > > >    }
> > > > >
> > > > >}
> > > > >
> > > > >
> > > > >The issue arises when the SmbFile(SmbFile, String) constructor is
> > > > >called and the base SmbFile was created as above; the underlying base
> > > > >URL now holds the userinfo in an unescaped representation (i.e.
> > > > >"test%n1234"), and creating a relative SMB URL tries to unescape it a
> > > > >second time.
> > > > >
> > > > >The solution is to move the unescape code from the Handler class into
> > > > >the NtlmPasswordAuthentication(String) constructor (patch attached).
> > > > >I don't think this would have any impact outside of this constructor
> > > > >(which is only there to support the Handler anyway) but your mileage
> > > > >may vary...
> > > > >
> > > > >
> > > > >Eric
> > > >
> > > >
> > > > ><< urlfix.patch >>
> > > >
> > > > _________________________________________________________________
> > > > Don't just search. Find. Check out the new MSN Search!
> > > > http://search.msn.com/
> > > >
> > > >
> > >
> >
> >
> > --
> > Michael B Allen
> > PHP Active Directory SSO
> > http://www.ioplex.com/
> >
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list