[jcifs] OutOfBounds exception in authenticate
Michael B Allen
ioplex at gmail.com
Thu Apr 30 19:26:06 GMT 2009
On Thu, Apr 30, 2009 at 2:31 PM, erez <erez_levav at newyorklife.com> wrote:
> I have been using jcifs for a while in a pilot project to establish SSO
> between AD and another system. A couple of weeks ago, it stopped working.
> Since this code was not in daily use, it is hard to pinpoint what was the
> chain of events, and it maybe an upgrade of (some) parts of the system,
> but I see a new (and needless to say unimproved :) error:
>
> [4/23/09 16:18:49:295 EDT] 00000065 SystemErr R
> java.lang.ArrayIndexOutOfBoundsException
> at java.lang.System.arraycopy(Native Method)
> at jcifs.ntlmssp.Type2Message.toByteArray(Type2Message.java:261)
> at jcifs.http.NtlmSsp.authenticate(NtlmSsp.java:90)
> at nyl.security.ntlm.LookupWindowsSession.processSignonRequest
> (LookupWindowsSession.java:508)
> at
> nyl.security.ntlm.LookupWindowsSession.doGet(LookupWindowsSession.java:767)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
> at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
> at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest
> (ServletWrapper.java:762)
> at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest
> (CacheServletWrapper.java:89)
> at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1936)
> at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
> at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination
> (HttpInboundLink.java:472)
> at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation
> (HttpInboundLink.java:411)
> at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete
> (HttpICLReadCallback.java:101)
> at
> com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.
> complete(SSLReadServiceContext.java:1704)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.
> java:566)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:
> 619)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:
> 952)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:
> 1039)
> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)
>
> Looking at the code, it is not that complicated, from Tyep2Meesage.java,
> here are the lines:
>
> int data = 32;
> if (context != null) data += 8;
> if (targetInformation != null) data += 8;
> byte[] type2 = new byte[data + target.length +
> (targetInformation != null ? targetInformation.length : 0)];
> System.arraycopy(NTLMSSP_SIGNATURE, 0, type2, 0, 8);
> writeULong(type2, 8, 2);
> writeSecurityBuffer(type2, 12, data, target);
> writeULong(type2, 20, flags);
> =====> System.arraycopy(challenge != null ? challenge : new byte[8], 0,
> type2, 24, 8);
> if (context != null) System.arraycopy(context, 0, type2, 32, 8);
> if (targetInformation != null) {
> writeSecurityBuffer(type2, 40, data + target.length,
> targetInformation);
> }
> return type2;
> } catch (IOException ex) {
> throw new IllegalStateException(ex.getMessage());
> }
> }
>
> I marked the line that blows up above.
> Since I checked and "challenge" is not null, and is longer then 8 bytes,
> I can only assume it is "type2" that is the problem -- but why????
Maybe the problem is that suddenly your organization has switched to
NTLMv2 and that error is the effect of that on your particular use of
the code.
Note that the entire technique you are using is deprecated and will be
removed from JCIFS. See the blue text at the top of the NTLM HTTP
Filter documentation for details.
JCIFS does not support the server side of NTLM authentication. JCIFS
only supports what is required to act as a CIFS client.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the jcifs
mailing list