[jcifs] Need help on NTLM with SMB Signature
Michael B Allen
miallen at ioplex.com
Fri Aug 31 01:43:24 GMT 2007
On Fri, 31 Aug 2007 09:44:39 +0900
tetsu.soh at nts.ricoh.co.jp wrote:
> Hi Mike,
>
> Yes. If I use correct path first, it works.
> I mean, "good --> bad --> good"works as expected;
> "bad --> good" get the exception I mentioned.
Hi Tetsu,
I have replicated the problem at my end and fixed it. Attached is a patch.
To my surprise, if an SMB_COM_SESSION_SETUP_ANDX is batched with
an SMB_COM_TREE_CONNECT_ANDX and the SMB_COM_SESSION_SETUP_ANDX
succeeds but the SMB_COM_TREE_CONNECT_ANDX fails, the result of the
SMB_COM_SESSION_SETUP_ANDX must still be honored. One of those results
is to install the signing digest. Previously, my understanding was that
if either command failed they both were considered a failure.
You learn something new every day I guess.
Mike
> Michael B Allen <miallen at ioplex.com> wrote on 2007/08/30 23:20:43:
>
> > On Thu, 30 Aug 2007 16:19:25 +0900
> > tetsu.soh at nts.ricoh.co.jp wrote:
>
> > > Hi,
> > >
> > > I met a problem when use ntlm + smb signature.
> > >
> > > Here is what I did:
> > > First, I try to access a unavailable resource on Server, for example,
> > > smb://Server/bad/
> > > As expected, got a SmbException with the message that The network name
> > > cannot be found.
> > >
> > > Next, I try to access a available resource, let's say
> smb://Server/good/
> > > But, this time I got a SmbException with the message that Access is
> denied.
> > >
> > > Additionally, if I disable the smb signature on Server, I won't get the
> > > "Access is denied" exception and everything works fine.
> > >
> > > IMO, the leading cause of this problem is that jCIFS try to reuse the
> > > SmbSession but didn't update the digest.
> > >
> > > So what do you think? And how I can avoid this problem?
>
> > Hi Tetsu,
>
> > Does it work if you access smb://Server/good/ without trying to access
> > smb://Server/bad/ first?
>
> > If so, then, yes that is clearly not the desired behavior. What version
> > of JCIFS are you using?
>
> > Mike
>
> > --
> > Michael B Allen
> > PHP Active Directory Kerberos SSO
> > http://www.ioplex.com/
>
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BatchTconnFail.patch
Type: application/octet-stream
Size: 1069 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20070830/9cc52aa1/BatchTconnFail.obj
More information about the jcifs
mailing list