Thu Sep 2 18:45:35 EDT 2004
jcifs-0.9.8 released
If the special "GUEST" account is not disabled (almost always is) it is
possible for a bogus username to be authenticated successfully. This
problem was only partially fixed previously. A clause was incorrectly added
that was intended to allow the username "guest" to be authenticated
successfully. It is now not possible for "guest" to be authenticated at
all.
A log message has been added to the NtlmHttpFilter that will be logged
whenever an SmbAuthException is triggered and the jcifs.util.log.loglevel
is greater than 1. For example, to enable logging authentication failures
with the filter add the following to the filter section in your web.xml.
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>2</param-value>
</init-param>
An ArrayIndexOutOfBoundsException that could occur if NTLMv2 is used but
lmCompatibility was not set to 3 accordingly has been fixed.
+Thu Sep 2 18:45:35 EDT 2004
+jcifs-0.9.8 released
+
+If the special "GUEST" account is not disabled (almost always is) it is
+possible for a bogus username to be authenticated successfully. This
+problem was only partially fixed previously. A clause was incorrectly added
+that was intended to allow the username "guest" to be authenticated
+successfully. It is now not possible for "guest" to be authenticated at
+all.
+
+A log message has been added to the NtlmHttpFilter that will be logged
+whenever an SmbAuthException is triggered and the jcifs.util.log.loglevel
+is greater than 1. For example, to enable logging authentication failures
+with the filter add the following to the filter section in your web.xml.
+
+ <init-param>
+ <param-name>jcifs.util.loglevel</param-name>
+ <param-value>2</param-value>
+ </init-param>
+
+An ArrayIndexOutOfBoundsException that could occur if NTLMv2 is used but
+lmCompatibility was not set to 3 accordingly has been fixed.
+
Tue Aug 10 21:25:03 EDT 2004
jcifs-0.9.7 released
<project name="jcifs" default="usage" basedir=".">
- <property name="version" value="0.9.7"/>
+ <property name="version" value="0.9.8"/>
<target name="usage">
<echo>
<target name="docs">
<style basedir="docs" destdir="docs" extension=".html" style="plain.xsl"
includes="pipes.xml,faq.xml,wins.xml,capture.xml,httpclient.xml,resolver.xml,authhandler.xml,ntlmhttpauth.xml">
-<param name="date" expression="Aug 11, 2004"/>
-<param name="lib" expression="jcifs-0.9.7"/>
+<param name="date" expression="Sep 3, 2004"/>
+<param name="lib" expression="jcifs-0.9.8"/>
<param name="title" expression="JCIFS"/>
<param name="copyright" expression="The JCIFS Project"/>
<param name="edge" expression="#808080"/>
</style>
<style basedir="docs" destdir="docs" extension=".html" style="proj.xsl"
includes="index.xml">
-<param name="date" expression="Aug 11, 2004"/>
-<param name="lib" expression="jcifs-0.9.7"/>
+<param name="date" expression="Sep 3, 2004"/>
+<param name="lib" expression="jcifs-0.9.8"/>
<param name="title" expression="JCIFS"/>
<param name="copyright" expression="The JCIFS Project"/>
<param name="edge" expression="#808080"/>
<web-app id='/'>
-<!--
--->
-<filter
- filter-name='ntlm'
- filter-class='jcifs.http.NtlmHttpFilter'>
+<filter filter-name='ntlm' filter-class='jcifs.http.NtlmHttpFilter'>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>MYDOMAIN</param-value>
</init-param>
-</filter>
-<filter-mapping
- url-pattern='/*'
- filter-name='ntlm'/>
-
-<!--
-<servlet
- servlet-name='NetworkExplorer'
- servlet-class='jcifs.http.NetworkExplorer'>
- <init-param>
- <param-name>jcifs.resolveOrder</param-name>
- <param-value>WINS,DNS</param-value>
- </init-param>
<init-param>
<param-name>jcifs.netbios.wins</param-name>
<param-value>164.215.78.56,196.141.101.3</param-value>
</init-param>
<init-param>
- <param-name>jcifs.smb.client.domain</param-name>
- <param-value>MYDOMAIN</param-value>
+ <param-name>jcifs.util.loglevel</param-name>
+ <param-value>2</param-value>
</init-param>
-</servlet>
-<servlet-mapping
- servlet-name='NetworkExplorer'
- url-pattern='/ne/*'/>
--->
+</filter>
+
+<filter-mapping url-pattern='/*' filter-name='ntlm'/>
</web-app>
* URL class the following exception will occur:
* <blockquote><pre>
* Exception MalformedURLException: unknown protocol: smb
- * at java.net.URL.<init>(URL.java:480)
- * at java.net.URL.<init>(URL.java:376)
- * at java.net.URL.<init>(URL.java:330)
- * at jcifs.smb.SmbFile.<init>(SmbFile.java:355)
- * ...
+ * at java.net.URL.<init>(URL.java:480)
+ * at java.net.URL.<init>(URL.java:376)
+ * at java.net.URL.<init>(URL.java:330)
+ * at jcifs.smb.SmbFile.<init>(SmbFile.java:355)
+ * ...
* </pre><blockquote>
*/
}
pkgs = System.getProperty( "java.protocol.handler.pkgs" );
if( pkgs == null ) {
- pkgs = "jcifs";
- } else {
+ System.setProperty( "java.protocol.handler.pkgs", "jcifs" );
+ } else if( pkgs.indexOf( "jcifs" ) == -1 ) {
pkgs += "|jcifs";
+ System.setProperty( "java.protocol.handler.pkgs", pkgs );
}
- System.setProperty( "java.protocol.handler.pkgs", pkgs );
}
// supress javadoc constructor summary by removing 'protected'
public static void setProperties( Properties prp ) {
Config.prp = new Properties( prp );
- Config.prp.putAll( System.getProperties() );
+ try {
+ Config.prp.putAll( System.getProperties() );
+ } catch( SecurityException se ) {
+ if( log.level > 1 )
+ log.println( "SecurityException: jcifs will ignore System properties" );
+ }
}
/**
if( in != null ) {
prp.load( in );
}
- prp.putAll( System.getProperties() );
+ try {
+ prp.putAll( System.getProperties() );
+ } catch( SecurityException se ) {
+ if( log.level > 1 )
+ log.println( "SecurityException: jcifs will ignore System properties" );
+ }
}
public static void store( OutputStream out, String header ) throws IOException {
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.util.Base64;
+import jcifs.util.LogStream;
import jcifs.netbios.NbtAddress;
/**
public class NtlmHttpFilter implements Filter {
+ private static LogStream log = LogStream.getInstance();
private String defaultDomain;
private String domainController;
public void init( FilterConfig filterConfig ) throws ServletException {
String name;
+ int level;
/* Set jcifs properties we know we want; soTimeout and cachePolicy to 10min.
*/
Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
realm = Config.getProperty("jcifs.http.basicRealm");
if (realm == null) realm = "jCIFS";
+
+ if(( level = Config.getInt( "jcifs.util.loglevel", -1 )) != -1 ) {
+ LogStream.setLevel( level );
+ }
+ if( log.level > 2 ) {
+ try {
+ Config.store( log, "JCIFS PROPERTIES" );
+ } catch( IOException ioe ) {
+ }
+ }
}
public void destroy() {
SmbSession.logon( dc, ntlm );
} catch( SmbAuthException sae ) {
+ if( log.level > 1 ) {
+ log.println( "NtlmHttpFilter: " + ntlm.getName() +
+ ": 0x" + jcifs.util.Hexdump.toHexString( sae.getNtStatus(), 8 ) +
+ ": " + sae );
+ }
if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) {
/* Server challenge no longer valid for
* externally supplied password hashes.
if( session.transport.server.security == SECURITY_USER &&
( auth.hashesExternal || auth.password.length() > 0 )) {
if( session.transport.server.encryptedPasswords ) {
- // encrypted
accountPassword = auth.getAnsiHash( session.transport.server.encryptionKey );
+ passwordLength = accountPassword.length;
unicodePassword = auth.getUnicodeHash( session.transport.server.encryptionKey );
- passwordLength = unicodePasswordLength = 24;
- // fix for win9x clients
- if (unicodePassword.length == 0) unicodePasswordLength = 0;
+ unicodePasswordLength = unicodePassword.length;
+ // prohibit HTTP auth attempts for the null session
+ if (unicodePasswordLength == 0 && passwordLength == 0) {
+ throw new RuntimeException("Null setup prohibited.");
+ }
} else if( DISABLE_PLAIN_TEXT_PASSWORDS ) {
throw new RuntimeException( "Plain text passwords are disabled" );
} else if( useUnicode ) {
request.auth = auth;
transport.send( request, response );
- if( response.isLoggedInAsGuest && "GUEST".equals( auth.username )) {
+ if( response.isLoggedInAsGuest ) {
throw new SmbAuthException( NtStatus.NT_STATUS_LOGON_FAILURE );
}
*/
public static void hexdump( PrintStream ps, byte[] src, int srcIndex, int length ) {
+ if( length == 0 ) {
+ return;
+ }
+
int s = length % 16;
int r = ( s == 0 ) ? length / 16 : length / 16 + 1;
char[] c = new char[r * (74 + NL_LENGTH)];
public static void toHexChars( int val, char dst[], int dstIndex, int size ) {
while( size > 0 ) {
- dst[dstIndex + size - 1] = HEX_DIGITS[val & 0x000F];
+ int i = dstIndex + size - 1;
+ if( i < dst.length ) {
+ dst[i] = HEX_DIGITS[val & 0x000F];
+ }
if( val != 0 ) {
val >>>= 4;
}
projects / jcifs_without_docs.git / commitdiff