[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing
Richard Caper
rcaper at gmail.com
Fri Jun 2 15:01:16 GMT 2006
This is a different issue... if FireFox is sending back the type 3
message but not IE, it may be the "minimum security" settings. Try
looking in the registry on your client at:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\MSV1_0\
there (might be) 2 values in there: NtlmMinClientSec and
NtlmMinServerSec. If so, what hex values are there?
On 6/2/06, Dane Henry <danehenry at gmail.com> wrote:
> Hey Mike,
> I believe I'm running into the problem that you are describing, and if
> not, well sorry to waste your time. Either way, the config is as follows:
>
> JCIFS 1.2.9
> JDK 1.4.2_11
> Tomcat 5.5.17 w/ JDK 1.4.2 compatibility package
>
> The client is Windows XP, Service Pack 1 with IE 6
> Pre-Auth is occurring against a Windows Server 2003
>
> I used a fresh install of both Tomcat and JCIFS, and my web.xml is as
> follows(user and pass fake, obviously):
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name> jcifs.netbios.wins</param-name>
> <param-value>xx.xx.x.xx,xx.x.x.xx</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.domain </param-name>
> <param-value>MAIN</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.username</param-name>
> <param-value>DHenry</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.password</param-name>
> <param-value>********</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.util.loglevel</param-name>
> <param-value>6</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>NtlmHttpFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> I know for certain that Pre-Authentication is occurring, at log level 6 i
> get the following:
>
> NameQueryRequest[nameTrnId=1,isResponse=false,opCode=QUERY,isAuthAnswer=false,isTruncated=false,isRecurAvailable=false,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=1,answerCount=0,authorityCount=0,additionalCount=0,questionName=MAIN<1C>,questionType=0x0020,questionClass=IN,recordName=null,recordType=0x0000,recordClass=0x0000,ttl=0,rDataLength=0]
> 00000: 00 01 01 00 00 01 00 00 00 00 00 00 20 45 4E 45 |............ ENE|
> 00010: 42 45 4A 45 4F 43 41 43 41 43 41 43 41 43 41 43 |BEJEOCACACACACAC|
> 00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20 |ACACACACACABM.. |
> 00030: 00 01
> |.. |
>
> NetBIOS: new data read from socket
> NameQueryResponse[nameTrnId=1,isResponse=true,opCode=QUERY,isAuthAnswer=true,isTruncated=false,isRecurAvailable=true,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=0,answerCount=1,authorityCount=0,additionalCount=0,questionName=null,questionType=0x0000,questionClass=IN,recordName=MAIN<1C>,recordType=0x0020,recordClass=IN,ttl=0,rDataLength=150,addrEntry=[
> Ljcifs.netbios.NbtAddress;@1fb050c]
> 00000: 00 01 85 80 00 00 00 01 00 00 00 00 20 45 4E 45 |............ ENE|
> 00010: 42 45 4A 45 4F 43 41 43 41 43 41 43 41 43 41 43 |BEJEOCACACACACAC|
> 00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20 |ACACACACACABM.. |
> 00030: 00 01 00 00 00 00 00 96 80 00 0A 32 20 0C 80 00 |...........2 ...|
> 00040: 0A F9 4E 0A 80 00 0A 09 20 0F 80 00 0A 24 20 12 |.ùN..... ....$ .|
> 00050: 80 00 0A 32 21 0C 80 00 0A 6D 24 09 80 00 AC 14 |...2!....m$...¬.|
> 00060: 20 0B 80 00 0A 1E 08 29 80 00 0A 26 A0 11 80 00 | ......)...& ...|
> 00070: 0A 14 10 E6 80 00 0A 1E C0 33 80 00 0A 24 22 08 |...æ....À3...$".|
> 00080: 80 00 0A 26 A0 02 80 00 0A 1E 10 55 80 00 C0 A8 |...& ......U..ˬ|
> 00090: 24 57 80 00 0A 20 10 2B 80 00 0A 1E 10 52 80 00 |$W... .+.....R..|
> 000A0: 0A 1E 40 08 80 00 0A 28 20 0A 80 00 C0 A8 31 49 |.. at ....( ...ˬ1I|
> 000B0: 80 00 0A 26 45 20 80 00 0A 1E 50 F2 80 00 0A 28 |...&E ....Pò...(|
> 000C0: 20 09 80 00 0A 1E 50 F1 80 00 0A 32 08 24 | .....Pñ...2.$ |
>
> session established ok with MAIN<1C>/xx.xx.xx.xx
> requesting negotiation with MAIN<1C>/xx.xx.xx.xx
> SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=The
> operation completed
> successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=58874,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
> LM 0.12]
> 00000: 00 00 00 2F FF 53 4D 42 72 00 00 00 00 18 03 C0 |.../ÿSMBr......À|
> 00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FA E5 |..............úå|
> 00020: 00 00 01 00 00 0C 00 02 4E 54 20 4C 4D 20 30 |........NT LM 0 |
>
> new data read from socket: MAIN<1C>/xx.xx.xx.xx
> byteCount=44 but readBytesWireFormat returned 16
> SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=true,errorCode=The
> operation completed
> successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=58874,uid=0,mid=1,wordCount=17,byteCount=44,wordCount=17,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Fri
> Jun 02 08:08:14 EDT
> 2006,serverTimeZone=240,encryptionKeyLength=8,byteCount=44,encryptionKey=0x436ED26945FC0506,oemDomainName=MAIN]
> 00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBr......À....|
> 00010: 00 00 00 00 00 00 00 00 00 00 FA E5 00 00 01 00 |..........úå....|
> 00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 00 |....2....A......|
> 00030: 00 00 00 00 FD F3 01 00 9B 0D A7 39 3D 86 C6 01 |....ýó....§9=.Æ.|
> 00040: F0 00 08 2C 00 43 6E D2 69 45 FC 05 06 4D 00 41 |ð..,.CnÒiEü..M.A|
> 00050: 00 49 00 4E 00 00 00 45 00 4D 00 4F 00 2D 00 44 |.I.N...E.M.O.-.D|
> 00060: 00 43 00 2D 00 4D 00 2D 00 30 00 30 00 31 00 00 |.C.-.M.-.0.0.1..|
> 00070: 00 |.
> |
>
> treeConnect: unc=\\xx.xx.xx.xx\IPC$,service=?????
> sessionSetup: accountName=DHenry,primaryDomain=MAIN
> SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
> operation completed
> successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=58874,uid=0,mid=2,wordCount=13,byteCount=109,andxCommand=0x75,andxOffset=170,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=DHenry,primaryDomain=MAIN,NATIVE_OS=Windows
> XP,NATIVE_LANMAN=jCIFS]
> SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
> operation completed
> successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=58874,uid=0,mid=0,wordCount=4,byteCount=45,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\10.50.32.12\IPC$,service=?????]
> 00000: 00 00 00 E2 FF 53 4D 42 73 00 00 00 00 18 03 C0 |...âÿSMBs......À|
> 00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FA E5 |..............úå|
> 00020: 00 00 02 00 0D 75 00 AA 00 04 41 0A 00 01 00 00 |.....u.ª..A.....|
> 00030: 00 00 00 18 00 18 00 00 00 00 00 54 10 00 00 6D |...........T...m|
> 00040: 00 CF DE 23 9F 99 C7 9C 54 98 49 B3 EE C5 B0 71 |.ÏÞ#..Ç.T.I³îÅ°q|
> 00050: F6 A2 C5 99 73 FB D2 2F 63 52 BB 3C 38 49 56 EE |ö¢Å.sûÒ/cR»<8IVî|
> 00060: 9E 6F 34 80 34 D3 C2 A6 E3 39 F5 B2 D0 BE 0C 2C |.o4.4Ó¦ã9õ²Ð¾.,|
> 00070: 8F 00 44 00 57 00 48 00 65 00 6E 00 72 00 79 00 |..D.H.e.n.r.y.|
> 00080: 00 00 4D 00 41 00 49 00 4E 00 00 00 57 00 69 00 |..M.A.I.N...W.i.|
> 00090: 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 |n.d.o.w.s. .X.P.|
> 000A0: 00 00 6A 00 43 00 49 00 46 00 53 00 00 00 04 FF |..j.C.I.F.S....ÿ|
> 000B0: 00 00 00 00 00 01 00 2D 00 00 5C 00 5C 00 31 00 |.......-..\.\.1.|
> 000C0: 30 00 2E 00 35 00 30 00 2E 00 33 00 32 00 2E 00 |0...5.0...3.2...|
> 000D0: 31 00 32 00 5C 00 49 00 50 00 43 00 24 00 00 00 |1.2.\.I.P.C.$...|
> 000E0: 3F 3F |??
> |
>
> new data read from socket: MAIN<1C>/xx.xx.xx.xx
> SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
> operation completed
> successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2049,pid=58874,uid=2049,mid=2,wordCount=3,byteCount=138,andxCommand=0x75,andxOffset=179,isLoggedInAsGuest=false,nativeOs=Windows
> Server 2003 3790 Service Pack 1,nativeLanMan=Windows Server 2003
> 5.2,primaryDomain=MAIN]
> SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
> operation completed
> successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2049,pid=58874,uid=2049,mid=2,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=194,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
> 00000: FF 53 4D 42 73 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBs......À....|
> 00010: 00 00 00 00 00 00 00 00 01 08 FA E5 01 08 02 00 |..........úå....|
> 00020: 03 75 00 B3 00 00 00 8A 00 41 57 00 69 00 6E 00 |.u.³.....AW.i.n.|
> 00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
> 00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
> 00050: 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 | .3.7.9.0. .S.e.|
> 00060: 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 |r.v.i.c.e. .P.a.|
> 00070: 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E 00 |c.k. .1...W.i.n.|
> 00080: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
> 00090: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
> 000A0: 20 00 35 00 2E 00 32 00 00 00 4D 00 41 00 49 00 | .5...2...M.A.I.|
> 000B0: 4E 00 00 03 FF 00 C2 00 01 00 06 00 49 50 43 00 |N...ÿ.Â.....IPC.|
> 000C0: 00 00
> |.. |
>
>
> That, as I said, lets me know that the pre-auth has indeed occured, what
> doesn't happen though is anything else. If I use the same config and access
> through firefox, I get prompted with a Login dialog, as I should. When I
> enter in the correct credentials, the user is fully logged in. All the above
> logging is the same, but it also does the following in FF:
>
> treeConnect: unc=\\xx.xx.xx.xx\IPC$,service=?????
> sessionSetup: accountName=DHenry,primaryDomain=
> SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
> operation completed
> successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=55638,uid=0,mid=3,wordCount=13,byteCount=101,andxCommand=0x75,andxOffset=162,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=DHenry,primaryDomain=,NATIVE_OS=Windows
> XP,NATIVE_LANMAN=jCIFS]
> SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
> operation completed
> successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=55638,uid=0,mid=0,wordCount=4,byteCount=45,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\10.50.32.12\IPC$,service=?????]
> 00000: 00 00 00 DA FF 53 4D 42 73 00 00 00 00 18 03 C0 |...ÚÿSMBs......À|
> 00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 D9 |..............VÙ|
> 00020: 00 00 03 00 0D 75 00 A2 00 04 41 0A 00 01 00 00 |.....u.¢..A.....|
> 00030: 00 00 00 18 00 18 00 00 00 00 00 54 10 00 00 65 |...........T...e|
> 00040: 00 ED 9E E5 69 14 2F B6 04 8A 32 7A EB B3 23 48 |.í.åi./¶..2zë³#H|
> 00050: 4C DC 48 94 F2 2E 51 06 DB ED 9E E5 69 14 2F B6 |LÜH.ò.Q.Ûí.åi./¶|
> 00060: 04 8A 32 7A EB B3 23 48 4C DC 48 94 F2 2E 51 06 |..2zë³#HLÜH.ò.Q.|
> 00070: DB 00 44 00 57 00 48 00 65 00 6E 00 72 00 79 00 |Û.D.H.e.n.r.y.|
> 00080: 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 |....W.i.n.d.o.w.|
> 00090: 73 00 20 00 58 00 50 00 00 00 6A 00 43 00 49 00 |s. .X.P...j.C.I.|
> 000A0: 46 00 53 00 00 00 04 FF 00 00 00 00 00 01 00 2D |F.S....ÿ.......-|
> 000B0: 00 00 5C 00 5C 00 31 00 30 00 2E 00 35 00 30 00 |..\.\.1.0...5.0.|
> 000C0: 2E 00 33 00 32 00 2E 00 31 00 32 00 5C 00 49 00 |..3.2...1.2.\.I.|
> 000D0: 50 00 43 00 24 00 00 00 3F 3F |P.C.$...?? |
>
> new data read from socket: MAIN<1C>/xx.xx.xx.xx
> SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
> operation completed
> successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2050,pid=55638,uid=2050,mid=3,wordCount=3,byteCount=138,andxCommand=0x75,andxOffset=179,isLoggedInAsGuest=false,nativeOs=Windows
> Server 2003 3790 Service Pack 1,nativeLanMan=Windows Server 2003
> 5.2,primaryDomain=MAIN]
> SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
> operation completed
> successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2050,pid=55638,uid=2050,mid=3,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=194,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
> 00000: FF 53 4D 42 73 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBs......À....|
> 00010: 00 00 00 00 00 00 00 00 02 08 56 D9 02 08 03 00 |..........VÙ....|
> 00020: 03 75 00 B3 00 00 00 8A 00 89 57 00 69 00 6E 00 |.u.³......W.i.n.|
> 00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
> 00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
> 00050: 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 | .3.7.9.0. .S.e.|
> 00060: 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 |r.v.i.c.e. .P.a.|
> 00070: 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E 00 |c.k. .1...W.i.n.|
> 00080: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
> 00090: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
> 000A0: 20 00 35 00 2E 00 32 00 00 00 4D 00 41 00 49 00 | .5...2...M.A.I.|
> 000B0: 4E 00 00 03 FF 00 C2 00 01 00 06 00 49 50 43 00 |N...ÿ.Â.....IPC.|
> 000C0: 00 00 |..
> |
>
> NtlmHttpFilter: DHenry successfully authenticated against
> MAIN<1C>/xx.xx.xx.xx
>
> I know that it is pre-authenticating, because if I remove the user name and
> password from the filter, it gives me the error:
> Default credentials (jcifs.smb.client.username/password) not specified. SMB
> signing may not work propertly. Skipping DC interrogation.
>
> And I know that it is actually checking against the Server because if I
> mis-type the user name or password, it gives me a log in error until I get
> it right. I have used as I said a fresh copy of Tomcat and JCIFS and just in
> case I did a 2nd install after wiping it using JCIFS 1.1.11. Neither worked,
> and I know for certain that my company is using WINS. I know also that the
> user name and passwords are correct as is the domain.
>
> From what I've been seeing, all that is _not_ happening, is IE 6 is not
> sending the "3rd" handshake back to the server, unlike Firefox. And if what
> I know of NTLM authentication is correct, it's this 3rd handshake that
> contains the user's name and information to be checked against the server.
> This is occurring in Firefox simply because I provide the browser with
> credentials through the dialog box, however that defeats the purpose of NTLM
> in my opinion. Any light that you or anyone else can shed on this would be
> _amazing_.
>
> Thanks for your time,
>
> Dane
>
More information about the jcifs
mailing list