[jcifs] NTLM V2 authentication is failing with JCIFS (sample
java program which uses JCIFS to contact the Proxy server with NTLMV2
authentication)
Nagaraja Joshi
joshinagaraja at rediffmail.com
Mon Nov 10 11:18:27 GMT 2008
Hi ,
Can anyone of you ,who have used this library (using Http connection to
connect using NTLMV2 protocol) can please reply,.
We need to see if we can use jcifs library for the NTLMV2 authentication
using Http protocol.(Using HttpUrlConnection)
Also
We debugged the Library code for JCIFS(for the problem mentioned in the
previous message) and found that the problem is coming in
in Type2Message.java file
private void parse(byte[] material) method
In this target information is not set (set as null)(as a result of this
type2Message target information is becoming null)
When the program tries to access the length on this target information the
Nullpointer Exception is been thrown.(it is being used in public static
byte[] getNTLMv2Response(... ) method of the
NtlmPasswordAuthentication.java file.
Here is the method in which the target info is set as null(In
Type2Message.java)
private void parse(byte[] material) throws IOException {
for (int i = 0; i < 8; i++) {
if (material[i] != NTLMSSP_SIGNATURE[i]) {
throw new IOException("Not an NTLMSSP message.");
}
}
if (readULong(material, 8) != 2) {
throw new IOException("Not a Type 2 message.");
}
int flags = readULong(material, 20);
setFlags(flags);
String target = null;
byte[] bytes = readSecurityBuffer(material, 12);
if (bytes.length != 0) {
target = new String(bytes,
((flags & NTLMSSP_NEGOTIATE_UNICODE) != 0) ?
"UnicodeLittleUnmarked" : getOEMEncoding());
}
setTarget(target);
for (int i = 24; i < 32; i++) {
if (material[i] != 0) {
byte[] challenge = new byte[8];
System.arraycopy(material, 24, challenge, 0, 8);
setChallenge(challenge);
break;
}
}
int offset = readULong(material, 16); // offset of targetname start
if (offset == 32 || material.length == 32) return;
for (int i = 32; i < 40; i++) {
if (material[i] != 0) {
byte[] context = new byte[8];
System.arraycopy(material, 32, context, 0, 8);
setContext(context);
break;
}
}
if (offset == 40 || material.length == 40) return;
bytes = readSecurityBuffer(material, 40);
///////// Here the bytes.length is becoming zero and hence the
setTargetInformation is not got called (therefore targetinfo field of
Type2Message.java is becoming null)
if (bytes.length != 0) setTargetInformation(bytes);
}
Nagaraja Joshi wrote:
>
> Hi Mike,
>
> In addition to my previous reply ,,,
>
> If you require the packet capture which are having the problems,,,,Please
> give your mail id ,,,,Also please send me a mail(
> joshinagaraja at rediffmail.com) so that i can send you the captured packets.
>
> Also i will tell our investigation once again (please refer my previous
> message also)
>
> We are using jcifs 1.3 version library.
>
> JCFIS client is not giving the username and password which is required for
> authentication for the proxy server.
>
> So its not taking the user name and password set in sample
> program(jcifs.smb.client.username and jcifs.smb.client.password) while
> negotitaing with the proxy server.
>
> Since the username and password given for the proxy is incorrect its
> denying with HTTP/4.1 407 proxy authentication error ( this we could infer
> from the captured packets)
>
> This negotitaion between client and server will repeat for certain number
> of times then it will stop.
>
> The exception is thrown is the same .
>
> Exception in thread "main" java.lang.NullPointerException
> at
> jcifs.smb.NtlmPasswordAuthentication.getNTLMv2Response(NtlmPasswordAuthentication.java:247)
> at jcifs.ntlmssp.Type3Message.getNTLMv2Response(Type3Message.java:584)
> at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:229)
> at
> jcifs.http.NtlmHttpURLConnection.attemptNegotiation(NtlmHttpURLConnection.java:566)
> at
> jcifs.http.NtlmHttpURLConnection.doHandshake(NtlmHttpURLConnection.java:452)
> at
> jcifs.http.NtlmHttpURLConnection.handshake(NtlmHttpURLConnection.java:103)
> at
> jcifs.http.NtlmHttpURLConnection.getInputStream(NtlmHttpURLConnection.java:240)
> at java.net.URL.openStream(Unknown Source)
> at JCIFS.main(JCIFS.java:65)
>
>
> Regards,
> Nagaraja
>
> Regards,
> Nagaraja
>
> Nagaraja Joshi wrote:
>>
>> Hi Mike,
>>
>> We need(have a requirement for) NTLM V2 authention with the proxy server
>> using the jcifs.
>>
>> We tried your suggestion of setting the Just set jcifs.lmCompatibility
>> and extended secutiry for NTLMV1 its giving the same problem.
>>
>> We are using the jcifs_1.3.0 jar file for our work.
>>
>> When we debugged with packet capture with wireshark we found that always
>> the jcifs client communicates with the different username and password
>> (its not taking the username and password which we have put in our
>> program for the proxy)
>>
>> i.e when we set the Config.setProperty("jcifs.smb.client.username",
>> user);
>>> Config.setProperty("jcifs.smb.client.password", password);
>>
>> in our program its not taking the same when negotiating with the proxy
>> server ,,,so the proxy server is always denying the request for the
>> webpage.
>>
>>
>> Regards,
>> Nagaraja
>>
>>
>>
>> Michael B Allen wrote:
>>>
>>> Hi Nagaraja,
>>>
>>> Just set jcifs.lmCompatibility = 0 and
>>> jcifs.smb.client.useExtendedSecurity = false. That should cause JCIFS
>>> to use the old NTLMv1 behavior which is known to work with
>>> NtlmHttpURLConnection.
>>>
>>> I have made a note of the NtlmHttpURLConnection w/ NTLMv2 issue but I
>>> have not addressed anything in the jcifs.http* packages as they will
>>> be removed in JCIFS 2.x. If I happen-stance across the issue I will
>>> fix it in 1.3 but otherwise, at this point, it is only important to
>>> JCIFS that NTLMv2 work correctly with the CIFS protocol. The other
>>> HTTP protocol stuff is only supported with NTLMv1. Instead, JCIFS will
>>> expose the NTLM implementation (v1 and v2) sufficiently so that other
>>> projects can handle other protocols. For example, the Apache HTTP
>>> client could use JCIFS to implement proper NTLM authentication
>>> behavior and in fact already does use some JCIFS code (albeit rather
>>> sloppily).
>>>
>>> However, this issue sounds like it could be a problem with the NTLMv2
>>> code in general. If you would like to send me a packet capture, I will
>>> make sure that the NTLMv2 code can handle the various NTLMSSP flags
>>> and target information. That may or may not fix this issue.
>>>
>>> Mike
>>>
>>> On Thu, Nov 6, 2008 at 7:35 AM, Nagaraja Joshi
>>> <joshinagaraja at rediffmail.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> We are using a sample java program which uses JCIFS library to
>>>> communicate
>>>> using NTLMV2 authentication to a proxy server.
>>>>
>>>> Also we are using the proxy server credentails to communicate through
>>>> our
>>>> sample program (i.e IAS proxy which uses NTLMV2 Authentication)
>>>>
>>>> However we are facing this issue when we execute the sample program :
>>>>
>>>> Exception in thread "main" java.lang.NullPointerException
>>>> at
>>>> jcifs.smb.NtlmPasswordAuthentication.getNTLMv2Response(NtlmPasswordAuthentication.java:246)
>>>> at
>>>> jcifs.ntlmssp.Type3Message.getNTLMv2Response(Type3Message.java:584)
>>>> at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:229)
>>>> at
>>>> jcifs.http.NtlmHttpURLConnection.attemptNegotiation(NtlmHttpURLConnection.java:566)
>>>> at
>>>> jcifs.http.NtlmHttpURLConnection.doHandshake(NtlmHttpURLConnection.java:452)
>>>> at
>>>> jcifs.http.NtlmHttpURLConnection.handshake(NtlmHttpURLConnection.java:103)
>>>> at
>>>> jcifs.http.NtlmHttpURLConnection.getInputStream(NtlmHttpURLConnection.java:240)
>>>> at java.net.URL.openStream(Unknown Source)
>>>> at JCIFS.main(JCIFS.java:60)
>>>>
>>>> The above problem is caused due to targetInfo value passed to the
>>>> public
>>>> static byte[] getNTLMv2Response( ) method of the
>>>> NtlmPasswordAuthentication.java file becoming null.
>>>>
>>>> The following line is causing the issue :
>>>>
>>>> byte[] temp = new byte[28 + targetInfo.length]; //here targetInfo is
>>>> becoming null.
>>>>
>>>> Heres the Sample Program which we used to execute the same :
>>>>
>>>>
>>>>
>>>> import java.io.*;
>>>>
>>>> import java.net.*;
>>>>
>>>> import jcifs.*;
>>>>
>>>> public class JCIFS {
>>>>
>>>> public static void main(String[] args) throws Exception {
>>>>
>>>> // Normally set this outside application.
>>>> // Note that as a side effect due to the way handlers are
>>>> located,
>>>> // you can also achieve this by simply doing:
>>>> Config.registerSmbURLHandler();
>>>> // which we already do to register the smb handler.
>>>> // String pkgs =
>>>> System.getProperty("java.protocol.handler.pkgs");
>>>> // pkgs = (pkgs != null) ? "http|" + pkgs : "http";
>>>> //System.setProperty("java.protocol.handler.pkgs", pkgs);
>>>>
>>>> String proxy = "64.104.136.241"; //IAS proxy
>>>> or
>>>> any proxy which is used to configure NTLMV2 authentication
>>>> String port = "8080"; //IAS
>>>> proxy or any proxy port
>>>> System.setProperty("http.proxyHost",proxy);
>>>> System.setProperty("http.proxyPort",port);
>>>>
>>>>
>>>> //
>>>>
>>>> /* if (args == null || args.length < 4) {
>>>> System.out.println("NtlmHttpClient <url> <domain> <user>
>>>> <password>");
>>>> System.exit(1);
>>>> }*/
>>>> // String location = "http://www.cisco.com/";
>>>> String location = "http://www.cisco.com/";
>>>> String domain = "cisco";
>>>> String user = "nagaraja";
>>>> String password = "nagaraja";
>>>>
>>>> // can also specify these in the URL, i.e.
>>>> // http://DOMAIN%5cuser:password@host/dir/file.html
>>>> // which will override these properties
>>>> Config.setProperty("jcifs.smb.client.domain", domain);
>>>> Config.setProperty("jcifs.smb.client.username", user);
>>>> Config.setProperty("jcifs.smb.client.password", password);
>>>> Config.setProperty("jcifs.smb.lmCompatibility ", "3");
>>>> Config.setProperty("jcifs.http.domainController","cisco");
>>>> // Config.setProperty("jcifs.smb.client.useUnicode ", "false");
>>>>
>>>> /* try {
>>>>
>>>> Config.setProperty("jcifs.netbios.hostname","64.103.135.182");
>>>>
>>>> System.out.println("host
>>>> name"+Config.getProperty("jcifs.netbios.hostname",InetAddress.getLocalHost().getHostName()));
>>>> } catch (Exception ex) { }
>>>> //URL url = new URL(location);*/
>>>>
>>>> URL url = new URL("http://www.cisco.com/");
>>>>
>>>> BufferedReader reader = new BufferedReader(
>>>> new InputStreamReader(url.openStream()));
>>>> String line;
>>>> while ((line = reader.readLine()) != null) {
>>>> System.out.println(line);
>>>> }
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> It will be great if some body can help us on this.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20360187.html
>>>> Sent from the Samba - jcifs mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Michael B Allen
>>> PHP Active Directory SPNEGO SSO
>>> http://www.ioplex.com/
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20418173.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.
More information about the jcifs
mailing list