[jcifs] LsaLookupNames
Giampaolo Tomassoni
Giampaolo at Tomassoni.biz
Thu Jan 31 13:37:59 GMT 2008
Dears,
I patched the jcifs package in order to implement an
LsaLookupNames-equivalent functionality.
It seems to work and I'm about to send a patch to the jcifs project.
However, I'm facing a problem which I don't know how to circumvent.
I began implementing the LsaLookupNames due to the fact that I need to map
domain group names to web roles. Thereby, I first use the well-known
NtlmHttpFilter in order to log on, then I would like to issue my
LsaLookupNames by using an LsaPolicyHandle based on the very same
NtlmPasswordAuthentication that NtlmHttpFilter saves as a session
attributes.
In facts, I would like to do something like this:
HttpServletRequest req = ...
HttpSession ssn = req.getSession(false);
NtlmPasswordAuthentication ntlm =
(NtlmPasswordAuthentication)ssn.getAttribute("NtlmHttpAuth");
try {
DcerpcHandle dceHandle = DcerpcHandle.getHandle(
"ncacn_np:testbed.local[\\PIPE\\lsarpc]",
ntlm
);
LsaPolicyHandle lsaHandle = new LsaPolicyHandle(
dceHandle,
"\\\\testbed",
0x00000800
);
SID sids[] = SID.getFromNames(
dceHandle,
lsaHandle,
new String[] { "MyWebAllowedUserGroup" }
);
} catch(IOException ex) {
throw new RuntimeException("Can't map domain names to SIDs",
ex);
}
The problem is that this doesn't work and the above code throws a
"jcifs.smb.SmbAuthException: Invalid access to memory location" at
jcifs.smb.SmbComSessionSetupAndX.<init> (SmbComSessionSetupAndX.java:44).
It merely seems I can't use the ntlm which NtlmHttpFilter successfully used
against SmbSession.logon(...).
I would like to avoid using a pre-defined username and password in order to
issue my name lookups, thereby I would like to know how to establish an RPC
session using the same authoritative things SmbSession.logon() uses or,
even, if there is a way to obtain some kind of authoritative tokens from SMB
such that it can be used in building a DcerpcHandle.
Regards,
Giampaolo
More information about the jcifs
mailing list