[jcifs] Version 1.3.1 bug (and fix)

John.Baker at barclayscapital.com John.Baker at barclayscapital.com
Wed Dec 3 11:44:53 GMT 2008 

Hi,

I think I've found a bug in version 1.3.1 when using the NtlmHttpFilter.
Having configured the system and watched it work, I then configured
logging:

	    <init-param>
	        <param-name>jcifs.util.loglevel</param-name>
	        <param-value>4</param-value>
	    </init-param>

Restarted and it failed with this exception:

jcifs.smb.SmbException: NTLMv2 requires extended security
(jcifs.smb.client.useExtendedSecurity must be true if
jcifs.smb.lmCompatibility >= 3)
	at
jcifs.smb.NtlmPasswordAuthentication.getSigningKey(NtlmPasswordAuthentic
ation.java:473)
	at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:295)
	at jcifs.smb.SmbSession.send(SmbSession.java:234)
	at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
	at jcifs.smb.SmbSession.interrogate(SmbSession.java:83)
	at
jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:115)
	at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:157)
	at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:121)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App

(Be sure to start a new browser window.)

Looking at NtlmPasswordAuthentication:

    private static final int LM_COMPATIBILITY =
            Config.getInt("jcifs.smb.lmCompatibility", 3);

That is clearly wrong as it sets the compatibility when the class is
first created (but I guess, never again).  Hence, when the logging
occurs, the value is set incorrectly and before it's been reset by the
NtlmHttpFilter!

Removing 'static' fixes the problem.


John

_______________________________________________

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.
_______________________________________________

More information about the jcifs mailing list