[jcifs] LsaLookupNames
Michael B Allen
miallen at ioplex.com
Thu Jan 31 16:11:48 GMT 2008
On Thu, 31 Jan 2008 14:37:59 +0100
"Giampaolo Tomassoni" <Giampaolo at Tomassoni.biz> wrote:
> Dears,
>
> I patched the jcifs package in order to implement an
> LsaLookupNames-equivalent functionality.
>
> It seems to work and I'm about to send a patch to the jcifs project.
> However, I'm facing a problem which I don't know how to circumvent.
>
> I began implementing the LsaLookupNames due to the fact that I need to map
> domain group names to web roles. Thereby, I first use the well-known
> NtlmHttpFilter in order to log on, then I would like to issue my
> LsaLookupNames by using an LsaPolicyHandle based on the very same
> NtlmPasswordAuthentication that NtlmHttpFilter saves as a session
> attributes.
>
> In facts, I would like to do something like this:
>
> HttpServletRequest req = ...
> HttpSession ssn = req.getSession(false);
> NtlmPasswordAuthentication ntlm =
> (NtlmPasswordAuthentication)ssn.getAttribute("NtlmHttpAuth");
> try {
> DcerpcHandle dceHandle = DcerpcHandle.getHandle(
> "ncacn_np:testbed.local[\\PIPE\\lsarpc]",
> ntlm
> );
> LsaPolicyHandle lsaHandle = new LsaPolicyHandle(
> dceHandle,
> "\\\\testbed",
> 0x00000800
> );
> SID sids[] = SID.getFromNames(
> dceHandle,
> lsaHandle,
> new String[] { "MyWebAllowedUserGroup" }
> );
> } catch(IOException ex) {
> throw new RuntimeException("Can't map domain names to SIDs",
> ex);
> }
>
> The problem is that this doesn't work and the above code throws a
> "jcifs.smb.SmbAuthException: Invalid access to memory location" at
> jcifs.smb.SmbComSessionSetupAndX.<init> (SmbComSessionSetupAndX.java:44).
Hi Giampaolo,
The NPA is specific to the server server challenge with which it was created and thus specific to a particular server.
However, since the particular server happens to be a domain controller, in theory, it should work. You just need to build the DcerpcHandle with the SmbTransport object that the challenge is bound to. Maybe you can create a new DcerpcHandle.getHandle() that takes the SmbTree or SmbSession or SmbTransport?
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the jcifs
mailing list