[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing
Dane Henry
danehenry at gmail.com
Fri Jun 2 12:37:49 GMT 2006
Hey Mike,
I believe I'm running into the problem that you are describing, and if
not, well sorry to waste your time. Either way, the config is as follows:
JCIFS 1.2.9
JDK 1.4.2_11
Tomcat 5.5.17 w/ JDK 1.4.2 compatibility package
The client is Windows XP, Service Pack 1 with IE 6
Pre-Auth is occurring against a Windows Server 2003
I used a fresh install of both Tomcat and JCIFS, and my web.xml is as
follows(user and pass fake, obviously):
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.netbios.wins</param-name>
<param-value>xx.xx.x.xx,xx.x.x.xx</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>MAIN</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>DHenry</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>********</param-value>
</init-param>
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>6</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I know for certain that Pre-Authentication is occurring, at log level 6 i
get the following:
NameQueryRequest[nameTrnId=1,isResponse=false,opCode=QUERY,isAuthAnswer=false,isTruncated=false,isRecurAvailable=false,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=1,answerCount=0,authorityCount=0,additionalCount=0,questionName=MAIN<1C>,questionType=0x0020,questionClass=IN,recordName=null,recordType=0x0000,recordClass=0x0000,ttl=0,rDataLength=0]
00000: 00 01 01 00 00 01 00 00 00 00 00 00 20 45 4E 45 |............ ENE|
00010: 42 45 4A 45 4F 43 41 43 41 43 41 43 41 43 41 43 |BEJEOCACACACACAC|
00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20 |ACACACACACABM.. |
00030: 00
01
|.. |
NetBIOS: new data read from socket
NameQueryResponse[nameTrnId=1,isResponse=true,opCode=QUERY,isAuthAnswer=true,isTruncated=false,isRecurAvailable=true,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=0,answerCount=1,authorityCount=0,additionalCount=0,questionName=null,questionType=0x0000,questionClass=IN,recordName=MAIN<1C>,recordType=0x0020,recordClass=IN,ttl=0,rDataLength=150,addrEntry=[
Ljcifs.netbios.NbtAddress;@1fb050c]
00000: 00 01 85 80 00 00 00 01 00 00 00 00 20 45 4E 45 |............ ENE|
00010: 42 45 4A 45 4F 43 41 43 41 43 41 43 41 43 41 43 |BEJEOCACACACACAC|
00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20 |ACACACACACABM.. |
00030: 00 01 00 00 00 00 00 96 80 00 0A 32 20 0C 80 00 |...........2 ...|
00040: 0A F9 4E 0A 80 00 0A 09 20 0F 80 00 0A 24 20 12 |.ùN..... ....$ .|
00050: 80 00 0A 32 21 0C 80 00 0A 6D 24 09 80 00 AC 14 |...2!....m$...¬.|
00060: 20 0B 80 00 0A 1E 08 29 80 00 0A 26 A0 11 80 00 | ......)...& ...|
00070: 0A 14 10 E6 80 00 0A 1E C0 33 80 00 0A 24 22 08 |...æ....À3...$".|
00080: 80 00 0A 26 A0 02 80 00 0A 1E 10 55 80 00 C0 A8 |...& ......U..ˬ|
00090: 24 57 80 00 0A 20 10 2B 80 00 0A 1E 10 52 80 00 |$W... .+.....R..|
000A0: 0A 1E 40 08 80 00 0A 28 20 0A 80 00 C0 A8 31 49 |.. at ....( ...ˬ1I|
000B0: 80 00 0A 26 45 20 80 00 0A 1E 50 F2 80 00 0A 28 |...&E ....Pò...(|
000C0: 20 09 80 00 0A 1E 50 F1 80 00 0A 32 08 24 | .....Pñ...2.$ |
session established ok with MAIN<1C>/xx.xx.xx.xx
requesting negotiation with MAIN<1C>/xx.xx.xx.xx
SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=58874,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
00000: 00 00 00 2F FF 53 4D 42 72 00 00 00 00 18 03 C0 |.../ÿSMBr......À|
00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FA E5 |..............úå|
00020: 00 00 01 00 00 0C 00 02 4E 54 20 4C 4D 20 30 |........NT LM 0 |
new data read from socket: MAIN<1C>/xx.xx.xx.xx
byteCount=44 but readBytesWireFormat returned 16
SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=58874,uid=0,mid=1,wordCount=17,byteCount=44,wordCount=17,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Fri
Jun 02 08:08:14 EDT
2006,serverTimeZone=240,encryptionKeyLength=8,byteCount=44,encryptionKey=0x436ED26945FC0506,oemDomainName=MAIN]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 FA E5 00 00 01 00 |..........úå....|
00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 00 |....2....A......|
00030: 00 00 00 00 FD F3 01 00 9B 0D A7 39 3D 86 C6 01 |....ýó....§9=.Æ.|
00040: F0 00 08 2C 00 43 6E D2 69 45 FC 05 06 4D 00 41 |ð..,.CnÒiEü..M.A|
00050: 00 49 00 4E 00 00 00 45 00 4D 00 4F 00 2D 00 44 |.I.N...E.M.O.-.D|
00060: 00 43 00 2D 00 4D 00 2D 00 30 00 30 00 31 00 00 |.C.-.M.-.0.0.1..|
00070: 00 |. |
treeConnect: unc=\\xx.xx.xx.xx\IPC$,service=?????
sessionSetup: accountName=DHenry,primaryDomain=MAIN
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=58874,uid=0,mid=2,wordCount=13,byteCount=109,andxCommand=0x75,andxOffset=170,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=DHenry,primaryDomain=MAIN,NATIVE_OS=Windows
XP,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=58874,uid=0,mid=0,wordCount=4,byteCount=45,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\10.50.32.12\IPC$,service=?????]
00000: 00 00 00 E2 FF 53 4D 42 73 00 00 00 00 18 03 C0 |...âÿSMBs......À|
00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FA E5 |..............úå|
00020: 00 00 02 00 0D 75 00 AA 00 04 41 0A 00 01 00 00 |.....u.ª..A.....|
00030: 00 00 00 18 00 18 00 00 00 00 00 54 10 00 00 6D |...........T...m|
00040: 00 CF DE 23 9F 99 C7 9C 54 98 49 B3 EE C5 B0 71 |.ÏÞ#..Ç.T.I³îÅ°q|
00050: F6 A2 C5 99 73 FB D2 2F 63 52 BB 3C 38 49 56 EE |ö¢Å.sûÒ/cR»<8IVî|
00060: 9E 6F 34 80 34 D3 C2 A6 E3 39 F5 B2 D0 BE 0C 2C |.o4.4Ó¦ã9õ²Ð¾.,|
00070: 8F 00 44 00 57 00 48 00 65 00 6E 00 72 00 79 00 |..D.H.e.n.r.y.|
00080: 00 00 4D 00 41 00 49 00 4E 00 00 00 57 00 69 00 |..M.A.I.N...W.i.|
00090: 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 |n.d.o.w.s. .X.P.|
000A0: 00 00 6A 00 43 00 49 00 46 00 53 00 00 00 04 FF |..j.C.I.F.S....ÿ|
000B0: 00 00 00 00 00 01 00 2D 00 00 5C 00 5C 00 31 00 |.......-..\.\.1.|
000C0: 30 00 2E 00 35 00 30 00 2E 00 33 00 32 00 2E 00 |0...5.0...3.2...|
000D0: 31 00 32 00 5C 00 49 00 50 00 43 00 24 00 00 00 |1.2.\.I.P.C.$...|
000E0: 3F 3F |?? |
new data read from socket: MAIN<1C>/xx.xx.xx.xx
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2049,pid=58874,uid=2049,mid=2,wordCount=3,byteCount=138,andxCommand=0x75,andxOffset=179,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 3790 Service Pack 1,nativeLanMan=Windows Server 2003 5.2
,primaryDomain=MAIN]
SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2049,pid=58874,uid=2049,mid=2,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=194,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
00000: FF 53 4D 42 73 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBs......À....|
00010: 00 00 00 00 00 00 00 00 01 08 FA E5 01 08 02 00 |..........úå....|
00020: 03 75 00 B3 00 00 00 8A 00 41 57 00 69 00 6E 00 |.u.³.....AW.i.n.|
00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
00050: 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 | .3.7.9.0. .S.e.|
00060: 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 |r.v.i.c.e. .P.a.|
00070: 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E 00 |c.k. .1...W.i.n.|
00080: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00090: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
000A0: 20 00 35 00 2E 00 32 00 00 00 4D 00 41 00 49 00 | .5...2...M.A.I.|
000B0: 4E 00 00 03 FF 00 C2 00 01 00 06 00 49 50 43 00 |N...ÿ.Â.....IPC.|
000C0: 00
00
|.. |
That, as I said, lets me know that the pre-auth has indeed occured, what
doesn't happen though is anything else. If I use the same config and access
through firefox, I get prompted with a Login dialog, as I should. When I
enter in the correct credentials, the user is fully logged in. All the above
logging is the same, but it also does the following in FF:
treeConnect: unc=\\xx.xx.xx.xx\IPC$,service=?????
sessionSetup: accountName=DHenry,primaryDomain=
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=55638,uid=0,mid=3,wordCount=13,byteCount=101,andxCommand=0x75,andxOffset=162,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=DHenry,primaryDomain=,NATIVE_OS=Windows
XP,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=55638,uid=0,mid=0,wordCount=4,byteCount=45,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\10.50.32.12\IPC$,service=?????]
00000: 00 00 00 DA FF 53 4D 42 73 00 00 00 00 18 03 C0 |...ÚÿSMBs......À|
00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 D9 |..............VÙ|
00020: 00 00 03 00 0D 75 00 A2 00 04 41 0A 00 01 00 00 |.....u.¢..A.....|
00030: 00 00 00 18 00 18 00 00 00 00 00 54 10 00 00 65 |...........T...e|
00040: 00 ED 9E E5 69 14 2F B6 04 8A 32 7A EB B3 23 48 |.í.åi./¶..2zë³#H|
00050: 4C DC 48 94 F2 2E 51 06 DB ED 9E E5 69 14 2F B6 |LÜH.ò.Q.Ûí.åi./¶|
00060: 04 8A 32 7A EB B3 23 48 4C DC 48 94 F2 2E 51 06 |..2zë³#HLÜH.ò.Q.|
00070: DB 00 44 00 57 00 48 00 65 00 6E 00 72 00 79 00 |Û.D.H.e.n.r.y.|
00080: 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 |....W.i.n.d.o.w.|
00090: 73 00 20 00 58 00 50 00 00 00 6A 00 43 00 49 00 |s. .X.P...j.C.I.|
000A0: 46 00 53 00 00 00 04 FF 00 00 00 00 00 01 00 2D |F.S....ÿ.......-|
000B0: 00 00 5C 00 5C 00 31 00 30 00 2E 00 35 00 30 00 |..\.\.1.0...5.0.|
000C0: 2E 00 33 00 32 00 2E 00 31 00 32 00 5C 00 49 00 |..3.2...1.2.\.I.|
000D0: 50 00 43 00 24 00 00 00 3F 3F |P.C.$...?? |
new data read from socket: MAIN<1C>/xx.xx.xx.xx
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2050,pid=55638,uid=2050,mid=3,wordCount=3,byteCount=138,andxCommand=0x75,andxOffset=179,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 3790 Service Pack 1,nativeLanMan=Windows Server 2003 5.2
,primaryDomain=MAIN]
SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2050,pid=55638,uid=2050,mid=3,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=194,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
00000: FF 53 4D 42 73 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBs......À....|
00010: 00 00 00 00 00 00 00 00 02 08 56 D9 02 08 03 00 |..........VÙ....|
00020: 03 75 00 B3 00 00 00 8A 00 89 57 00 69 00 6E 00 |.u.³......W.i.n.|
00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
00050: 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 | .3.7.9.0. .S.e.|
00060: 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 |r.v.i.c.e. .P.a.|
00070: 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E 00 |c.k. .1...W.i.n.|
00080: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00090: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
000A0: 20 00 35 00 2E 00 32 00 00 00 4D 00 41 00 49 00 | .5...2...M.A.I.|
000B0: 4E 00 00 03 FF 00 C2 00 01 00 06 00 49 50 43 00 |N...ÿ.Â.....IPC.|
000C0: 00 00 |.. |
NtlmHttpFilter: DHenry successfully authenticated against
MAIN<1C>/xx.xx.xx.xx
I know that it is pre-authenticating, because if I remove the user name and
password from the filter, it gives me the error:
Default credentials (jcifs.smb.client.username/password) not specified. SMB
signing may not work propertly. Skipping DC interrogation.
And I know that it is actually checking against the Server because if I
mis-type the user name or password, it gives me a log in error until I get
it right. I have used as I said a fresh copy of Tomcat and JCIFS and just in
case I did a 2nd install after wiping it using JCIFS 1.1.11. Neither worked,
and I know for certain that my company is using WINS. I know also that the
user name and passwords are correct as is the domain.
>From what I've been seeing, all that is _not_ happening, is IE 6 is not
sending the "3rd" handshake back to the server, unlike Firefox. And if what
I know of NTLM authentication is correct, it's this 3rd handshake that
contains the user's name and information to be checked against the server.
This is occurring in Firefox simply because I provide the browser with
credentials through the dialog box, however that defeats the purpose of NTLM
in my opinion. Any light that you or anyone else can shed on this would be
_amazing_.
Thanks for your time,
Dane
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list