[jcifs] Anonymous access to samba servers
Michael B Allen
ioplex at gmail.com
Fri Jun 24 21:35:52 MDT 2011
The 1.3.16 release will NOT throw the artificial "Access denied"
exception if the NtlmPasswordAuthentication.ANONYMOUS credential is
used explicitly (although this has not been actually tested with an
anonymous share).
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
On Wed, Nov 3, 2010 at 3:33 PM, Michael B Allen <ioplex at gmail.com> wrote:
> Hi David,
>
> It could be a long time before the change actually makes it into JCIFS
> but I have added this to the TODO.
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
>
> On Tue, Nov 2, 2010 at 10:45 AM, David Kaelbling
> <dkaelbling at blackducksoftware.com> wrote:
>> Hi Mike,
>>
>> Changing sessionSetup to not throw the fake exception if
>> auth == NtlmPasswordAuthentication.ANONYMOUS looks good
>> enough to me! After doing that I can access Samba servers when
>> I specify ANONYMOUS explicitly. The behavior for Windows servers
>> is unchanged; they throw "Access is denied" unless I used GUEST.
>>
>> I'd be happy to test a pre-release build if you decide to make one.
>>
>> Thanks,
>> David
>>
>> --
>> David Kaelbling
>> Senior Software Engineer
>> Black Duck Software, Inc.
>>
>> dkaelbling at blackducksoftware.com
>> T +1.781.810.2041
>> F +1.781.891.5145
>>
>> http://www.blackducksoftware.com
>> ________________________________________
>> From: Michael B Allen [ioplex at gmail.com]
>> Sent: Tuesday, November 02, 2010 3:29 AM
>> To: David Kaelbling
>> Cc: jcifs at lists.samba.org
>> Subject: Re: [jcifs] Anonymous access to samba servers
>>
>> Hi David,
>>
>> JCIFS is hard coded to never do anonymous because the whole concept of
>> failing over to anonymous is horrible. But if you explicitly use
>> NtlmPasswordAuthentication.ANONYMOUS, that should probably be allowed
>> to work. I suspect there should be an additional condition in the
>> sessionSetup method where the "fake" exception is thrown that checks
>> auth != NtlmPasswordAuthentication.ANONYMOUS. Then it will work. Try
>> it. If it works for you, let me know and I'll add it to the TODO list.
>>
>> Mike
>>
>> On Mon, Nov 1, 2010 at 3:36 PM, David Kaelbling
>> <dkaelbling at blackducksoftware.com> wrote:
>>> Hi,
>>>
>>> I'm having trouble getting anonymous access to Samba servers to work. I
>>> couldn't find a solution in the archives, so here goes....
>>>
>>> I'm using jcifs 1.3.15, Samba 3.0.33-3.29.el5_5.1, and Java 1.6.0_13 on
>>> a Linux box. The smb.conf is pretty minimal, and is attached.
>>> "smbclient -N //donald/public/ -c 'ls'" works, sending:
>>> Session Setup AndX Request, User: anonymous
>>>
>>> jcifs-1.3.15/examples/List throws SmbAuthException(Logon Failure) from
>>> SmbTransport.checkStatus(). It sends:
>>> Session Setup AndX Request, NTLMSSP_AUTH, User: ?\GUEST
>>>
>>> I tried changing List.java to pass NtlmPasswordAuthentication.ANONYMOUS
>>> in the SmbFile constructor, after which it sends:
>>> Session Setup AndX Request, User: anonymous;
>>> Tree Connect AndX, Path: \\donald\PUBLIC
>>>
>>> The server is happy with that -- it returns "Guest: Logged in as GUEST".
>>> But then SmbSession.sessionSetup() throws a fake login failure in line
>>> 332.
>>>
>>> Is the logic in sessionSetup for state 10 right? Around like 295 it
>>> forces NTLMSSP if auth is not ("","",""), but at line 329 is rejects
>>> anonymous login if auth.username was not "GUEST". It seems like there
>>> are two different definitions for ANONYMOUS in use here!
>>>
>>> Any clues would be appreciated :-)
>>>
>>> - Thanks
>>> David
More information about the jCIFS
mailing list