+Mon Jan 19 22:06:54 EST 2004
+jcifs-0.7.19 released
+
+It was discovered that SmbComNTCreateAndX as well as SmbComReadAndx
+commands did not calculate MAC response signitures properly. In one case a
+field was not properly decoded and in the case of reading the payload,
+which is read directly from the stream into the supplied buffer as an
+optimization, was not being properly factored into the signature. These
+issues have been fixed.
+
+Wed Jan 7 19:24:59 EST 2004
+jcifs-0.7.18 released
+
+Only SMBs that follow authentication need to be actually signed if SMB
+signing is enabled. Because it was assumed that SMBs would follow
+authentication an Exception was coded to be thrown if password hashes are
+determined to be inadiquate to generate a MAC signing key. However because
+the NTLM HTTP Filter does not send additional SMBs, signing will never
+actually occur. The Exception is only generated if the password hashes are
+"externel" (meaning from the NTLM HTTP Filter) but this is precisely the
+case where signing will never occur. Therefore, the Exception coded to
+detect external password hashes has been removed so that additional SMBs
+will generate a signing error but the NTLM HTTP Filter will be permitted to
+proceed without error.
+
+The NtlmPasswordAuthencation class has also been made Serializable to
+permit certain containers to serialize the state of an HTTP session. It is
+not known however if the client will seamlessly re-authenticate when the
+NPA is de-serialized and discovered to be invalid. Regardless, the Filter
+will now work with these containers albeit possibly not to their greatest
+potential.
+
+
Tue Dec 23 03:43:15 EST 2003
jcifs-0.7.17 released
+Mon Jan 19 22:06:54 EST 2004
+jcifs-0.7.19 released
+
+SMB signature varification was not working properly and has been fixed.
+
+Wed Jan 7 19:24:59 EST 2004
+jcifs-0.7.18 released
+
+The NTLM HTTP Authentication Filter should now work with domain controllers
+that negotiate signing as well as without generating the benign "exception
+reading from socket input" Exception. Also, the NtlmPasswordAuthentication
+class is now Serializable to increase compatability with certain Servlet
+containers.
+
Tue Dec 23 03:43:15 EST 2003
jcifs-0.7.17 released
<target name="jar" depends="smb">
<copy file="src/jcifs/util/mime.map" tofile="build/jcifs/util/mime.map" overwrite="yes"/>
<copy file="src/jcifs/http/ne.css" tofile="build/jcifs/http/ne.css" overwrite="yes"/>
- <jar jarfile="jcifs-0.7.17.jar" basedir="build"/>
+ <jar jarfile="jcifs-0.7.19.jar" basedir="build"/>
</target>
<target name="tgz">
- <copy todir="dist_tmp/jcifs_0.7.17">
+ <copy todir="dist_tmp/jcifs_0.7.19">
<fileset dir="." excludes="ant,**/.*,build,jcifs.prp,**/*.tgz,**/*.zip"/>
</copy>
- <tar tarfile="jcifs-0.7.17.tar" basedir="dist_tmp"/>
- <gzip src="jcifs-0.7.17.tar" zipfile="jcifs-0.7.17.tgz"/>
- <delete file="jcifs-0.7.17.tar"/>
+ <tar tarfile="jcifs-0.7.19.tar" basedir="dist_tmp"/>
+ <gzip src="jcifs-0.7.19.tar" zipfile="jcifs-0.7.19.tgz"/>
+ <delete file="jcifs-0.7.19.tar"/>
<delete dir="dist_tmp"/>
</target>
<target name="zip">
- <copy todir="dist_tmp/jcifs_0.7.17">
+ <copy todir="dist_tmp/jcifs_0.7.19">
<fileset dir="." excludes="ant,**/.*,build,jcifs.prp,**/*.tgz,**/*.zip"/>
</copy>
<fixcrlf srcdir="dist_tmp" cr="add" tab="remove" tablength="4" excludes="**/*.jar,**/*.exe"/>
- <zip zipfile="jcifs-0.7.17.zip" basedir="dist_tmp"/>
+ <zip zipfile="jcifs-0.7.19.zip" basedir="dist_tmp"/>
<delete dir="dist_tmp"/>
</target>
import jcifs.util.MD4;
import jcifs.util.HMACT64;
import java.io.UnsupportedEncodingException;
+import java.io.Serializable;
import java.security.Principal;
import java.util.Random;
import java.util.Arrays;
* NtlmAuthenticator</a> for related information.
*/
-public final class NtlmPasswordAuthentication implements Principal {
+public final class NtlmPasswordAuthentication implements Principal, Serializable {
private static final int LM_COMPATIBILITY =
Config.getInt("jcifs.smb.lmCompatibility", 0);
bufferIndex += 8;
changeTime = readTime( buffer, bufferIndex );
bufferIndex += 8;
+/* file attributes */
+bufferIndex += 4;
allocationSize = readLong( buffer, bufferIndex );
bufferIndex += 8;
endOfFile = readLong( buffer, bufferIndex );
if( response.errorCode != 0 || e.hasMoreElements() == false ) {
((SmbComTransactionResponse)response).hasMore = false;
if( useSigning ) {
- response.verifyFailed = verify(rcv_buf, 0, response.length, response.verifySequence);
+ response.verifyFailed = verify(rcv_buf, 0, response);
}
response.notify();
} else {
}
Log.printHexDump( "smb received", rcv_buf, 0, response.length );
if( useSigning ) {
- response.verifyFailed = verify(rcv_buf, 0, response.length, response.verifySequence);
+ int length = response.length;
+ response.verifyFailed = verify(rcv_buf, 0, response);
}
response.notify();
void initSigning(NtlmPasswordAuthentication auth) throws SmbException {
if( auth.hashesExternal ) {
- if( server.signaturesRequired ) {
- throw new SmbException( SmbException.ERRCLI, SmbException.ERRioe,
- "Signing is required by the server but passwords are external." );
- }
useSigning = false;
return;
}
* @param offset The starting offset at which the SMB header begins.
* @param length The length of the SMB data starting at offset.
*/
- private boolean verify(byte[] data, int offset, int length, int verifySequence) throws IOException {
+ private boolean verify(byte[] data, int offset, ServerMessageBlock response) throws IOException {
if (macSigningKey == null) return false;
signingDigest.update(macSigningKey);
int index = offset;
signingDigest.update(data, index, ServerMessageBlock.SIGNATURE_OFFSET);
index += ServerMessageBlock.SIGNATURE_OFFSET;
byte[] sequence = new byte[8];
- ServerMessageBlock.writeInt4(verifySequence, sequence, 0);
+ ServerMessageBlock.writeInt4(response.verifySequence, sequence, 0);
signingDigest.update(sequence);
index += 8;
- signingDigest.update(data, index, length - ServerMessageBlock.SIGNATURE_OFFSET - 8);
+ if( response.command == ServerMessageBlock.SMB_COM_READ_ANDX ) {
+ /* SmbComReadAndXResponse reads directly from the stream into separate byte[] b.
+ */
+ SmbComReadAndXResponse raxr = (SmbComReadAndXResponse)response;
+ int length = response.length - raxr.dataLength;
+ signingDigest.update(data, index, length - ServerMessageBlock.SIGNATURE_OFFSET - 8);
+ signingDigest.update(raxr.b, raxr.off, raxr.dataLength);
+ } else {
+ signingDigest.update(data, index, response.length - ServerMessageBlock.SIGNATURE_OFFSET - 8);
+ }
byte[] signature = signingDigest.digest();
for (int i = 0; i < 8; i++) {
if (signature[i] != data[offset + ServerMessageBlock.SIGNATURE_OFFSET + i]) {
index = offset;
signingDigest.update(data, index, ServerMessageBlock.SIGNATURE_OFFSET);
index += ServerMessageBlock.SIGNATURE_OFFSET;
- ServerMessageBlock.writeInt4(verifySequence, sequence, 0);
+ ServerMessageBlock.writeInt4(response.verifySequence, sequence, 0);
signingDigest.update(sequence);
index += 8;
- signingDigest.update(data, index, length - ServerMessageBlock.SIGNATURE_OFFSET - 8);
+ signingDigest.update(data, index, response.length - ServerMessageBlock.SIGNATURE_OFFSET - 8);
signature = signingDigest.digest();
for (i = 0; i < 8; i++) {
if (signature[i] != data[offset + ServerMessageBlock.SIGNATURE_OFFSET + i]) {
projects / jcifs_without_docs.git / commitdiff