[jcifs] Version 1.3.1 bug (and fix)

John.Baker at barclayscapital.com John.Baker at barclayscapital.com
Wed Dec 3 12:03:09 GMT 2008 

And I've come around to the conclusion that I can't fix this unless I
start making lots of changes to the code.  Namely, removing the static
initDefaults method, which break lots of other stuff.

Happy to try a patch if one appears! 

> -----Original Message-----
> From: 
> jcifs-bounces+john.baker=barclayscapital.com at lists.samba.org 
> [mailto:jcifs-bounces+john.baker=barclayscapital.com at lists.sam
> ba.org] On Behalf Of Baker, John: IT (LDN)
> Sent: 03 December 2008 11:53
> To: jcifs at lists.samba.org
> Subject: RE: [jcifs] Version 1.3.1 bug (and fix)
> 
> 
>  Actually no that doesn't fix it - it's more complicated 
> because the static initialisers sometimes cause Tomcat to 
> load the class before the Config has been loaded.  Yum.
> 
> > -----Original Message-----
> > From: 
> > jcifs-bounces+john.baker=barclayscapital.com at lists.samba.org
> > [mailto:jcifs-bounces+john.baker=barclayscapital.com at lists.sam
> > ba.org] On Behalf Of Baker, John: IT (LDN)
> > Sent: 03 December 2008 11:45
> > To: jcifs at lists.samba.org
> > Subject: [jcifs] Version 1.3.1 bug (and fix)
> > 
> > Hi,
> > 
> > I think I've found a bug in version 1.3.1 when using the 
> > NtlmHttpFilter.
> > Having configured the system and watched it work, I then configured
> > logging:
> > 
> > 	    <init-param>
> > 	        <param-name>jcifs.util.loglevel</param-name>
> > 	        <param-value>4</param-value>
> > 	    </init-param>
> > 
> > Restarted and it failed with this exception:
> > 
> > jcifs.smb.SmbException: NTLMv2 requires extended security 
> > (jcifs.smb.client.useExtendedSecurity must be true if 
> > jcifs.smb.lmCompatibility >= 3)
> > 	at
> > jcifs.smb.NtlmPasswordAuthentication.getSigningKey(NtlmPasswor
> > dAuthentic
> > ation.java:473)
> > 	at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:295)
> > 	at jcifs.smb.SmbSession.send(SmbSession.java:234)
> > 	at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
> > 	at jcifs.smb.SmbSession.interrogate(SmbSession.java:83)
> > 	at
> > jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:115)
> > 	at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:157)
> > 	at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:121)
> > 	at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App
> > 
> > (Be sure to start a new browser window.)
> > 
> > Looking at NtlmPasswordAuthentication:
> > 
> >     private static final int LM_COMPATIBILITY =
> >             Config.getInt("jcifs.smb.lmCompatibility", 3);
> > 
> > That is clearly wrong as it sets the compatibility when the 
> class is 
> > first created (but I guess, never again).  Hence, when the logging 
> > occurs, the value is set incorrectly and before it's been 
> reset by the 
> > NtlmHttpFilter!
> > 
> > Removing 'static' fixes the problem.
> > 
> > 
> > John
> > 
> > _______________________________________________
> > 
> > This e-mail may contain information that is confidential, 
> privileged 
> > or otherwise protected from disclosure. If you are not an intended 
> > recipient of this e-mail, do not duplicate or redistribute 
> it by any 
> > means. Please delete it and any attachments and notify the 
> sender that 
> > you have received it in error. Unless specifically indicated, this 
> > e-mail is not an offer to buy or sell or a solicitation to 
> buy or sell 
> > any securities, investment products or other financial product or 
> > service, an official confirmation of any transaction, or an 
> official 
> > statement of Barclays. Any views or opinions presented are solely 
> > those of the author and do not necessarily represent those of 
> > Barclays. This e-mail is subject to terms available at the 
> following 
> > link:
> > www.barcap.com/emaildisclaimer. By messaging with Barclays 
> you consent 
> > to the foregoing.  Barclays Capital is the investment 
> banking division 
> > of Barclays Bank PLC, a company registered in England 
> (number 1026167) 
> > with its registered office at 1 Churchill Place, London, E14 5HP.  
> > This email may relate to or be sent from other members of 
> the Barclays 
> > Group.
> > _______________________________________________
> > 
> _______________________________________________
> 
> This e-mail may contain information that is confidential, 
> privileged or otherwise protected from disclosure. If you are 
> not an intended recipient of this e-mail, do not duplicate or 
> redistribute it by any means. Please delete it and any 
> attachments and notify the sender that you have received it 
> in error. Unless specifically indicated, this e-mail is not 
> an offer to buy or sell or a solicitation to buy or sell any 
> securities, investment products or other financial product or 
> service, an official confirmation of any transaction, or an 
> official statement of Barclays. Any views or opinions 
> presented are solely those of the author and do not 
> necessarily represent those of Barclays. This e-mail is 
> subject to terms available at the following link: 
> www.barcap.com/emaildisclaimer. By messaging with Barclays 
> you consent to the foregoing.  Barclays Capital is the 
> investment banking division of Barclays Bank PLC, a company 
> registered in England (number 1026167) with its registered 
> office at 1 Churchill Place, London, E14 5HP.  This email may 
> relate to or be sent from other members of the Barclays Group.
> _______________________________________________
> 
_______________________________________________

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.
_______________________________________________

More information about the jcifs mailing list