[jcifs] Need help on NTLM with SMB Signature

tetsu.soh at nts.ricoh.co.jp tetsu.soh at nts.ricoh.co.jp
Fri Aug 31 02:39:15 GMT 2007 

Hi Mike,
Thanks for your quick response.

I tested the patch and it works. Thank you!

> On Fri, 31 Aug 2007 09:44:39 +0900
> tetsu.soh at nts.ricoh.co.jp wrote:

> > Hi Mike,
> >
> > Yes. If I use correct path first, it works.
> > I mean, "good --> bad --> good"works as expected;
> > "bad --> good" get the exception I mentioned.

> Hi Tetsu,

> I have replicated the problem at my end and fixed it. Attached is a
patch.

> To my surprise, if an SMB_COM_SESSION_SETUP_ANDX is batched with
> an SMB_COM_TREE_CONNECT_ANDX and the SMB_COM_SESSION_SETUP_ANDX
> succeeds but the SMB_COM_TREE_CONNECT_ANDX fails, the result of the
> SMB_COM_SESSION_SETUP_ANDX must still be honored. One of those results
> is to install the signing digest. Previously, my understanding was that
> if either command failed they both were considered a failure.

> You learn something new every day I guess.

> Mike

>
> > Michael B Allen <miallen at ioplex.com> wrote on 2007/08/30 23:20:43:
> >
> > > On Thu, 30 Aug 2007 16:19:25 +0900
> > > tetsu.soh at nts.ricoh.co.jp wrote:
> >
> > > > Hi,
> > > >
> > > > I met a problem when use ntlm + smb signature.
> > > >
> > > > Here is what I did:
> > > > First, I try to access a unavailable resource on Server, for
example,
> > > > smb://Server/bad/
> > > > As expected, got a SmbException with the message that The network
name
> > > > cannot be found.
> > > >
> > > > Next, I try to access a available resource, let's say
> > smb://Server/good/
> > > > But, this time I got a SmbException with the message that Access is
> > denied.
> > > >
> > > > Additionally, if I disable the smb signature on Server, I won't get
the
> > > > "Access is denied" exception and everything works fine.
> > > >
> > > > IMO, the leading cause of this problem is that jCIFS try to reuse
the
> > > > SmbSession but didn't update the digest.
> > > >
> > > > So what do you think? And how I can avoid this problem?
> >
> > > Hi Tetsu,
> >
> > > Does it work if you access smb://Server/good/ without trying to
access
> > > smb://Server/bad/ first?
> >
> > > If so, then, yes that is clearly not the desired behavior. What
version
> > > of JCIFS are you using?
> >
> > > Mike
> >
> > > --
> > > Michael B Allen
> > > PHP Active Directory Kerberos SSO
> > > http://www.ioplex.com/
> >

>
> --
> Michael B Allen
> PHP Active Directory Kerberos SSO
> http://www.ioplex.com/
> [attachment "BatchTconnFail.patch" deleted by Tetsu Soh/O/RICOH]

More information about the jcifs mailing list