[jcifs] Type1Message with no domain and workstation

Michael B Allen ioplex at gmail.com
Thu Jun 17 22:22:29 MDT 2010


Hi Michael,

I have added your observation to the TODO list as a possible NTLMSSP
domain / workstation field discrepancy for further investigation.

Thanks for the feedback.

Mike

On Wed, Jun 16, 2010 at 10:01 PM, michaelc <michaelc at idssoftware.com> wrote:
>
> Hi,
>
> Wireshark 1.2.8 shows that when FireFox 3.5 uses SSL Tunneling to CONNECT via
> Microsoft ISA 2006, it sends a Type1 Message with no domain and workstation.
> However, the security buffer do exist for these two field, making the total
> size of the NTLMSSP to be 32 bytes. This behavior is also confirmed by this
> article (right before the Type1 Message Exception):
>
>  http://davenport.sourceforge.net/ntlm.html#theType1Message
>
> The current 1.3.14 release jCIFS will send a malformed Type1Message if its
> constructor is like this:
>
>  message = new Type1Message(0, null, "");
>
> This message is only 16 bytes long, with the two security buffers omitted
> altogether. The Wireshark folks deem this NTLMSSP message malformed.
>
> It is time to move away from this Windows 95/98 style malformed Type1 message.
> Above is the fix (a great example of less is more). I can't paste the diff
> as it unless changing > to - and < to + to get around the "You seem to be
> top-posting. Don't do that."
>
> --Michael
>
> $ diff jcifs/ntlmssp/Type1Message.java
> ../../../jcifs_1.3.14/src/jcifs/ntlmssp/Type1Message.java
> 131a132
> -             boolean hostInfo = false;
> 133a135
> -                 hostInfo = true;
> 142a145
> -                 hostInfo = true;
> 151c154,155
> +             byte[] type1 = new byte[32 + domain.length + workstation.length];
> ---
> -             byte[] type1 = new byte[hostInfo ?
> -                     (32 + domain.length + workstation.length) : 16];
> 155,156c159,162
> +             writeSecurityBuffer(type1, 16, 32, domain);
> +             writeSecurityBuffer(type1, 24, 32 + domain.length, workstation);
> ---
> -             if (hostInfo) {
> -                 writeSecurityBuffer(type1, 16, 32, domain);
> -                 writeSecurityBuffer(type1, 24, 32 + domain.length,
>  workstation);
> -             }
>
>
>



-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/


More information about the jCIFS mailing list