[jcifs] Samba SMB password buffer overflow
Girish
girish at fusion-software.com
Sat Dec 4 05:52:10 MST 2010
We are trying to setup Jespa for SSO. We are getting following errors.
jespa.security.SecurityProviderException: Failed to locate authority for name:
FusionServer
# To use this example edit the properties.path init-param in the web.xml
#
# This example HttpSecurityService properties file uses the
# NtlmSecurityProvider to authenticate and authorize clients with an Active
# Directory authority.
#
# Note: This is the equivalent of example_ntlm_web.xml but loaded
# indirectly with the HttpSecurityService properties.path property in
# the web.xml.
provider.classname = jespa.ntlm.NtlmSecurityProvider
http.parameter.username.name = Administrator at FusionServer
http.parameter.password.name = XXXX#
http.parameter.logout.name = logout
http.parameter.anonymous.name = anon
fallback.location = /Login.jsp
excludes = /Login.jsp
#groups.allowed = W\\Domain Admins
#
# NtlmSecurityProvider properties
#
jespa.log.path = C://Fusion/log/jespa.log
jespa.log.level = 10
jespa.account.canonicalForm = 4
# Replace the following with properties determined in Step 1 of Installation
jespa.bindstr = FusionServer
jespa.dns.servers = 192.168.0.125
jespa.dns.site = WIN2003.FusionServer
jespa.service.acctname = Administrator at FusionServer
jespa.service.password = XXXX#
2010-12-04 17:48:13: HttpSecurityService:
{service.password.encrypted=tBuh2l11VwV/RM5dBzdZrfqenjg9T5SwXETITZP1ixXZvEhPnCpe
Uw==, log.level=10, dns.site=WIN2003.FusionServer, account.canonicalForm=4,
service.acctname=Administrator at FusionServer, dns.servers=192.168.0.125,
log.path=C://Fusion/log/jespa.log, bindstr=FusionServer}
2010-12-04 17:48:13: NtlmSecurityProvider: Administrator at FusionServer
2010-12-04 17:48:14: HttpSecurityService: name=HttpSecurityFilter,
http.parameter.username.name=Administrator at FusionServer,
http.parameter.password.name=XXXX#, http.parameter.logout.name=logout,
http.parameter.anonymous.name=anon, fallback.location=/Login.jsp,
excludes[/Login.jsp], groupsDenied[], groupsAllowed[],
propertiesPath=C:\bea\wlserver_10.3\samples\domains\wl_server\autodeploy\JespaEx
ample\WEB-INF/example_ntlm.prp
2010-12-04 17:49:19: HttpSecurityService: Excludes request path [/index.jsp]
2010-12-04 17:49:19: HttpSecurityService: Checking excludes expression
[/Login.jsp]
2010-12-04 17:49:19: HttpSecurityService: Exclude expression did not match
2010-12-04 17:49:19: HttpSecurityService: C: GET /JespaExample/index.jsp
2010-12-04 17:49:19: HttpSecurityService: Request Headers: Accept=image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/x-ms-application, application/x-ms-xbap, application/vnd.ms-
xpsdocument, application/xaml+xml, */* | Accept-Language=en-us | Accept-
Encoding=gzip, deflate | User-Agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) |
Host=192.168.0.127:7001 | Connection=Keep-Alive
2010-12-04 17:49:19: HttpSecurityService: Session Attributes:
2010-12-04 17:49:19: HttpSecurityService: Loading session state from session
ZCxTM6xHLRb8tNhYXPGxQQN9rln09LNSyG1R2v27x5WBGDptdhZp!-62011087!1291465159717
2010-12-04 17:49:19: HttpSecurityService: No provider state: isProtected=true
2010-12-04 17:49:19: HttpSecurityService: credential=null
2010-12-04 17:49:19: HttpSecurityService: isProtected=true, token=false,
credential=null, provider=null, isLogout=false, isAnonymous=false,
isChallengeRequired=true, isUnauthorized=true, isForbidden=false,
connectionId=192.168.0.126:3115, authContexts.size=0
2010-12-04 17:49:19: HttpSecurityService: S: 401 Unauthorized
2010-12-04 17:49:19: HttpSecurityService: WWW-Authenticate: NTLM
2010-12-04 17:49:19: HttpSecurityService: Excludes request path [/index.jsp]
2010-12-04 17:49:19: HttpSecurityService: Checking excludes expression
[/Login.jsp]
2010-12-04 17:49:19: HttpSecurityService: Exclude expression did not match
2010-12-04 17:49:19: HttpSecurityService: C: GET /JespaExample/index.jsp
2010-12-04 17:49:19: HttpSecurityService: Request Headers: Accept=image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/x-ms-application, application/x-ms-xbap, application/vnd.ms-
xpsdocument, application/xaml+xml, */* | Accept-Language=en-us | Accept-
Encoding=gzip, deflate | User-Agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) |
Host=192.168.0.127:7001 | Connection=Keep-Alive |
Cookie=JSESSIONID=ZCxTM6xHLRb8tNhYXPGxQQN9rln09LNSyG1R2v27x5WBGDptdhZp!-62011087
| Authorization=NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
2010-12-04 17:49:19: HttpSecurityService: Session Attributes:
2010-12-04 17:49:19: HttpSecurityService: Loading session state from session
ZCxTM6xHLRb8tNhYXPGxQQN9rln09LNSyG1R2v27x5WBGDptdhZp!-62011087!1291465159717
2010-12-04 17:49:19: HttpSecurityService: No provider state: isProtected=true
2010-12-04 17:49:19: HttpSecurityService: Authorization: NTLM
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
2010-12-04 17:49:19: HttpSecurityService: 192.168.0.126:3115: token.length=40
2010-12-04 17:49:19: HttpSecurityService: AuthContextPool: checking for expired
entries ...
2010-12-04 17:49:19: NtlmSecurityProvider: Administrator at FusionServer
2010-12-04 17:49:19: HttpSecurityService: AuthContext: 192.168.0.126:3115
2010-12-04 17:49:19: NtlmSecurityProvider: netlogonInstances: checking for
expired entries ...
2010-12-04 17:49:19: NETLOGON: FUSIONSERVER/MACBOOKPRO
2010-12-04 17:49:19: getDomainTrusts: Retrieving list of domains
#JCIFS PROPERTIES
#Sat Dec 04 17:49:19 IST 2010
java.vendor=Sun Microsystems Inc.
wli.home=C\:\\bea\\wlserver_10.3\\integration
sun.java.launcher=SUN_STANDARD
org.xml.sax.parser=weblogic.xml.jaxp.RegistryParser
sun.management.compiler=HotSpot Client Compiler
com.sun.xml.ws.api.streaming.XMLStreamReaderFactory.woodstox=true
os.name=Windows Vista
sun.boot.class.path=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\
\binary\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\\lib\\resources.jar;C\:\\User
s\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\binary\\com.sun.java.jdk.win
32.x86_1.6.0.013\\jre\\lib\\rt.jar;C\:\\Users\\girishthakkar\\AppData\\Local\\Ge
nuitec\\Common\\binary\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\\lib\\sunrsasi
gn.jar;C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\binary\\com.
sun.java.jdk.win32.x86_1.6.0.013\\jre\\lib\\jsse.jar;C\:\\Users\\girishthakkar\\
AppData\\Local\\Genuitec\\Common\\binary\\com.sun.java.jdk.win32.x86_1.6.0.013\\
jre\\lib\\jce.jar;C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\b
inary\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\\lib\\charsets.jar;C\:\\Users\\
girishthakkar\\AppData\\Local\\Genuitec\\Common\\binary\\com.sun.java.jdk.win32.
x86_1.6.0.013\\jre\\classes
sun.desktop=windows
java.vm.specification.vendor=Sun Microsystems Inc.
java.runtime.version=1.6.0_13-b03
weblogic.Name=examplesServer
user.name=girishthakkar
user.language=en
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
sun.boot.library.path=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Commo
n\\binary\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\\bin
java.version=1.6.0_13
user.timezone=Asia/Calcutta
sun.arch.data.model=32
javax.rmi.CORBA.UtilClass=weblogic.iiop.UtilDelegateImpl
java.endorsed.dirs=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\
binary\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\\lib\\endorsed
vde.home=C\:\\bea\\wlserver_10.3\\samples\\domains\\wl_server\\servers\\examples
Server\\data\\ldap
sun.cpu.isalist=pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86
sun.jnu.encoding=Cp1252
file.encoding.pkg=sun.io
BEA_HOME=C\:\\bea
file.separator=\\
java.specification.name=Java Platform API Specification
java.class.version=50.0
user.country=US
java.home=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\binary\\c
om.sun.java.jdk.win32.x86_1.6.0.013\\jre
platform.home=C\:\\bea\\wlserver_10.3
com.sun.xml.ws.api.streaming.XMLStreamWriterFactory.woodstox=true
java.vm.info=mixed mode
os.version=6.1
org.omg.CORBA.ORBSingletonClass=weblogic.corba.orb.ORB
path.separator=;
java.vm.version=11.3-b02
UserPointCompression=no
user.variant=
java.protocol.handler.pkgs=weblogic.utils|weblogic.utils|weblogic.utils|weblogic
.net
java.awt.printerjob=sun.awt.windows.WPrinterJob
java.security.policy=C\:\\bea\\wlserver_10.3\\server\\lib\\weblogic.policy
JAVA_HOME=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\binary\\c
om.sun.java.jdk.win32.x86_1.6.0.013
sun.io.unicode.encoding=UnicodeLittle
awt.toolkit=sun.awt.windows.WToolkit
java.naming.factory.url.pkgs=weblogic.jndi.factories\:weblogic.corba.j2ee.naming
.url\:weblogic.jndi.factories\:weblogic.corba.j2ee.naming.url
user.home=C\:\\Users\\girishthakkar
wls.home=C\:\\bea\\wlserver_10.3\\server
java.specification.vendor=Sun Microsystems Inc.
WLS_HOME=%WL_HOME%/server
org.xml.sax.driver=weblogic.xml.jaxp.RegistryXMLReader
java.library.path=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\b
inary\\com.sun.java.jdk.win32.x86_1.6.0.013\\bin;C\:\\Users\\girishthakkar\\AppD
ata\\Local\\Genuitec\\Common\\binary\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\
\bin;C\:\\bea\\wlserver_10.3\\server\\native\\win\\32;C\:\\bea\\wlserver_10.3\\s
erver\\bin;C\:\\bea\\wlserver_10.3\\server\\native\\win\\32\\oci920_8
java.vendor.url=http\://java.sun.com/
java.vm.vendor=Sun Microsystems Inc.
java.runtime.name=Java(TM) SE Runtime Environment
java.class.path=C\:\\bea/patch_weblogic1000/profiles/default/sys_manifest_classp
ath/weblogic_patch.jar;C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Comm
on\\binary\\com.sun.java.jdk.win32.x86_1.6.0.013/lib/tools.jar;C\:\\bea\\wlserve
r_10.3/server/lib/weblogic_sp.jar;C\:\\bea\\wlserver_10.3/server/lib/weblogic.ja
r;C\:\\bea\\wlserver_10.3/server/lib/webservices.jar;C\:\\bea/modules/org.apache
.ant_1.6.5/lib;C\:\\bea/modules/net.sf.antcontrib_1.0b2.0/lib;C\:\\bea\\wlserver
_10.3/common/eval/pointbase/lib/pbclient51.jar;C\:\\bea\\wlserver_10.3/server/li
b/xqrl.jar;C\:\\bea\\wlserver_10.3/integration/lib/util.jar;C\:\\bea\\wlserver_1
0.3/platform/lib/p13n/p13n-
schemas.jar;C\:\\bea\\wlserver_10.3/platform/lib/p13n/p13n-
common.jar;C\:\\bea\\wlserver_10.3/platform/lib/p13n/p13n_system.jar;C\:\\bea\\w
lserver_10.3/platform/lib/wlp/netuix_common.jar;C\:\\bea\\wlserver_10.3/platform
/lib/wlp/netuix_schemas.jar;C\:\\bea\\wlserver_10.3/platform/lib/wlp/netuix_syst
em.jar;C\:\\bea\\wlserver_10.3/platform/lib/wlp/wsrp-
client.jar;C\:\\bea\\wlserver_10.3/platform/lib/wlp/wsrp-common.jar
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.version=1.0
javax.rmi.CORBA.PortableRemoteObjectClass=weblogic.iiop.PortableRemoteObjectDele
gateImpl
sun.cpu.endian=little
sun.os.patch.level=
java.io.tmpdir=C\:\\Users\\GIRISH~1\\AppData\\Local\\Temp\\
java.vendor.url.bug=http\://java.sun.com/cgi-bin/bugreport.cgi
DOMAIN_HOME=C\:\\bea\\wlserver_10.3\\samples\\domains\\wl_server
os.arch=x86
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.ext.dirs=C\:\\Users\\girishthakkar\\AppData\\Local\\Genuitec\\Common\\binar
y\\com.sun.java.jdk.win32.x86_1.6.0.013\\jre\\lib\\ext;C\:\\Windows\\Sun\\Java\\
lib\\ext
user.dir=C\:\\bea\\wlserver_10.3\\samples\\domains\\wl_server
weblogic.ext.dirs=C\:\\bea\\patch_weblogic1000\\profiles\\default\\sysext_manife
st_classpath
line.separator=\r\n
java.vm.name=Java HotSpot(TM) Client VM
javax.xml.soap.MessageFactory=weblogic.webservice.core.soap.MessageFactoryImpl
weblogic.management.discover=false
org.omg.CORBA.ORBClass=weblogic.corba.orb.ORB
file.encoding=Cp1252
WL_HOME=C\:\\bea\\wlserver_10.3\\samples\\domains\\wl_server
javax.xml.rpc.ServiceFactory=weblogic.webservice.core.rpc.ServiceFactoryImpl
weblogic.classloader.preprocessor=weblogic.diagnostics.instrumentation.Diagnosti
cClassPreProcessor
com.sun.xml.ws.api.BindingID.SOAP_12.canGenerateWsdl=true
GuessPointCompression=yes
java.specification.version=1.6
2010-12-04 17:49:19: 0: Successfully opened Resource stream: jespa/license.key
2010-12-04 17:49:19: Jespa license.key: SN2106020101113|0|0|1295738172|Jespa 60
Day Trial Licensing Key||||||
2010-12-04 17:49:19: Jespa code-source:
/C:/bea/wlserver_10.3/samples/domains/wl_server/servers/examplesServer/tmp/_WL_u
ser/_appsdir_JespaExample_dir/lznoov/war/WEB-INF/lib/jespa-1.1.4.jar
2010-12-04 17:49:19: Jespa license.key decrypted successfully:
serialNumber: [SN2106020101113]
userLimit: [0]
groupLimit: [0]
expiration: [Sun Jan 23 04:46:12 IST 2011]
description: [Jespa 60 Day Trial Licensing Key]
2010-12-04 17:49:19: NtlmSecurityProvider: Administrator at FusionServer
2010-12-04 17:49:19: DNS: dnsContexts: checking for expired entries ...
2010-12-04 17:49:19: DNS: 192.168.0.125
2010-12-04 17:49:19: getAuthorityDnsNames: FusionServer capabilities=0x0007
2010-12-04 17:49:19: jespa.security.SecurityProviderException: Failed to locate
authority for name: FusionServer
2010-12-04 17:49:19: at
jespa.security.SecurityProvider.getAuthorityDnsNames(SecurityProvider.java:237)
2010-12-04 17:49:19: at
jespa.security.SecurityProvider.getProperty(SecurityProvider.java:289)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getProperty(NtlmSecurityProvider.java:431)
2010-12-04 17:49:19: at jespa.ntlm.Netlogon.getProperty(Netlogon.java:137)
2010-12-04 17:49:19: at
jespa.security.Properties.getProperty(Properties.java:204)
2010-12-04 17:49:19: at jespa.ntlm.Netlogon.connect(Netlogon.java:179)
2010-12-04 17:49:19: at
jespa.ntlm.Netlogon.getDomainTrusts0(Netlogon.java:377)
2010-12-04 17:49:19: at
jespa.ntlm.Netlogon.getDomainTrusts(Netlogon.java:440)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getDomain(NtlmSecurityProvider.java:1529)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getProperty(NtlmSecurityProvider.java:437)
2010-12-04 17:49:19: at
jespa.security.Properties.getProperty(Properties.java:204)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.acceptSecContext(NtlmSecurityProvider.java:1078)
2010-12-04 17:49:19: at
jespa.http.HttpSecurityService.doFilter(HttpSecurityService.java:1249)
2010-12-04 17:49:19: at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
2010-12-04 17:49:19: at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAp
pServletContext.java:3496)
2010-12-04 17:49:19: at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.ja
va:321)
2010-12-04 17:49:19: at
weblogic.security.service.SecurityManager.runAs(Unknown Source)
2010-12-04 17:49:19: at
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletConte
xt.java:2180)
2010-12-04 17:49:19: at
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java
:2086)
2010-12-04 17:49:19: at
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
2010-12-04 17:49:19: at
weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
2010-12-04 17:49:19: at
weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
2010-12-04 17:49:19: NETLOGON: Failed to retrieve names, retrying SRV lookup
with no dns.site
2010-12-04 17:49:19: NtlmSecurityProvider: Administrator at FusionServer
2010-12-04 17:49:19: getAuthorityDnsNames: FusionServer capabilities=0x0003
2010-12-04 17:49:19: HttpSecurityService: 192.168.0.126:3115: Authentication
failed: Failed to retrieve property: domain.netbios.name
2010-12-04 17:49:19: jespa.security.SecurityProviderException: Failed to
retrieve property: domain.netbios.name
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getProperty(NtlmSecurityProvider.java:439)
2010-12-04 17:49:19: at
jespa.security.Properties.getProperty(Properties.java:204)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.acceptSecContext(NtlmSecurityProvider.java:1078)
2010-12-04 17:49:19: at
jespa.http.HttpSecurityService.doFilter(HttpSecurityService.java:1249)
2010-12-04 17:49:19: at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
2010-12-04 17:49:19: at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAp
pServletContext.java:3496)
2010-12-04 17:49:19: at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.ja
va:321)
2010-12-04 17:49:19: at
weblogic.security.service.SecurityManager.runAs(Unknown Source)
2010-12-04 17:49:19: at
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletConte
xt.java:2180)
2010-12-04 17:49:19: at
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java
:2086)
2010-12-04 17:49:19: at
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
2010-12-04 17:49:19: at
weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
2010-12-04 17:49:19: at
weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
2010-12-04 17:49:19: Caused by: jespa.security.SecurityProviderException: Failed
to locate authority for name: FusionServer
2010-12-04 17:49:19: at
jespa.security.SecurityProvider.getAuthorityDnsNames(SecurityProvider.java:237)
2010-12-04 17:49:19: at
jespa.security.SecurityProvider.getProperty(SecurityProvider.java:289)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getProperty(NtlmSecurityProvider.java:431)
2010-12-04 17:49:19: at jespa.ntlm.Netlogon.getProperty(Netlogon.java:137)
2010-12-04 17:49:19: at
jespa.security.Properties.getProperty(Properties.java:204)
2010-12-04 17:49:19: at jespa.ntlm.Netlogon.connect(Netlogon.java:179)
2010-12-04 17:49:19: at
jespa.ntlm.Netlogon.getDomainTrusts0(Netlogon.java:377)
2010-12-04 17:49:19: at
jespa.ntlm.Netlogon.getDomainTrusts(Netlogon.java:440)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getDomain(NtlmSecurityProvider.java:1529)
2010-12-04 17:49:19: at
jespa.ntlm.NtlmSecurityProvider.getProperty(NtlmSecurityProvider.java:437)
2010-12-04 17:49:19: ... 12 more
2010-12-04 17:49:19: HttpSecurityService: credential=null
2010-12-04 17:49:19: HttpSecurityService: isProtected=true, token=false,
credential=null, provider=null, isLogout=false, isAnonymous=false,
isChallengeRequired=true, isUnauthorized=true, isForbidden=false,
connectionId=192.168.0.126:3115, authContexts.size=0
2010-12-04 17:49:19: HttpSecurityService: S: 401 Unauthorized
2010-12-04 17:49:19: HttpSecurityService: WWW-Authenticate: NTLM
More information about the jCIFS
mailing list