From: Felix Schumacher Date: Wed, 6 Aug 2008 14:40:48 +0000 (+0200) Subject: jcifs-1.2.12 from tgz X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=d8e249219621fb399274abf6f62fdf1eaf783412;p=jcifs_without_docs.git jcifs-1.2.12 from tgz Thu Dec 21 12:20:14 EST 2006 jcifs-1.2.12b2 released / getSecurity Bugfix The NtTransQuerySecurityDesc request could specify a data buffer that could be too small for the response. As a result the response was not decoded properly and an error would occur. The response will now be decoded properly if the buffer is too small and the buffer size has been increased from 4096 to 32768. Thu Dec 14 21:01:46 EST 2006 jcifs-1.2.12b released / DFS Bugfix and SID Adjustments Again The getSecurity() method did not work over DFS. A very small but potentially significant change has been made to the DFS code. I do not have a sophisticated DFS test environment so please pay special attention to JCIFS with DFS and report any problems to the JCIFS mailing list. The toString() method of the SID class has been changed back to the old behavior of returning only the numeric SID representation. This was done not only for backward compatibility with previous versions of JCIFS but because conceptually the textual representation of a SID is not it's resolved account name. A new toDisplayString method has been added to return the resolved Windows ACL editor text (as toString() did in the 1.2.11 release). The toSidString() method has been removed. The getDomainName() and getAccountName() methods have not changed. --- diff --git a/README.txt b/README.txt index 5e02bf1..417f94b 100644 --- a/README.txt +++ b/README.txt @@ -1,3 +1,38 @@ +Thu Dec 21 12:20:14 EST 2006 +jcifs-1.2.12b2 released / getSecurity Bugfix + +The NtTransQuerySecurityDesc request could specify a data buffer that +could be too small for the response. As a result the response was not +decoded properly and an error would occur. The response will now be +decoded properly if the buffer is too small and the buffer size has been +increased from 4096 to 32768. + +Thu Dec 14 21:01:46 EST 2006 +jcifs-1.2.12b released / DFS Bugfix and SID Adjustments Again + +The getSecurity() method did not work over DFS. A very small but +potentially significant change has been made to the DFS code. I do not +have a sophisticated DFS test environment so please pay special attention +to JCIFS with DFS and report any problems to the JCIFS mailing list. + +The toString() method of the SID class has been changed back to the +old behavior of returning only the numeric SID representation. This +was done not only for backward compatibility with previous versions of +JCIFS but because conceptually the textual representation of a SID is +not it's resolved account name. A new toDisplayString method has been +added to return the resolved Windows ACL editor text (as toString() did +in the 1.2.11 release). The toSidString() method has been removed. The +getDomainName() and getAccountName() methods have not changed. + +Sat Dec 9 01:09:43 EST 2006 +jcifs-1.2.11 released / SID Class Adjustments + +The 1.2.11 release is now final. No serious problems have been reported +with the new SID resolution code however some minor adjustments have been +made with respect to values returned when a SID has not been resolved +(e.g. the associated account was deleted). The SID class API documentation +has been updated accordingly. + Wed Nov 29 11:34:01 EST 2006 jcifs-1.2.11b released / SID Resolution diff --git a/build.xml b/build.xml index 01931d9..2bea7a4 100644 --- a/build.xml +++ b/build.xml @@ -1,7 +1,7 @@ - - + + diff --git a/patches/README.txt b/patches/README.txt index 036e78e..538a146 100644 --- a/patches/README.txt +++ b/patches/README.txt @@ -2,6 +2,23 @@ These patches are not supported. They are provided here only for your conveinience. If you port a patch to a newer version of jCIFS please resubmit it to the mailing list. +DnsSrv.patch + +This patch adds JNDI _ldap._tcp.dc._msdcs. lookups so that the +NtlmHttpFilter can use load balancing without jcifs.netbios.wins. + +urlfix.patch + +This patch fixes a bug in URL handling that caused the credentials within +URLs to be unescaped twice causing an authentication error. + +Specifically if using a URL like smb://user:p%25ss@server/path/to/file +where the password should be 'p%ss' it gets unescaped but child SmbFiles +derived from this URL will unsuccessfully try to unescape p%ss again. + +Note: Applications should not use credentials in URLs. Use the +NtlmPasswordAuthentication class instead. + LargeReadWrite.patch: This patch adds two SMBs that supposedly improves read and write diff --git a/patches/urlfix.patch b/patches/urlfix.patch new file mode 100644 index 0000000..e6c0254 --- /dev/null +++ b/patches/urlfix.patch @@ -0,0 +1,144 @@ +diff -Nuar old-src/jcifs/smb/Handler.java src/jcifs/smb/Handler.java +--- old-src/jcifs/smb/Handler.java 2006-12-09 00:31:24.000000000 -0500 ++++ src/jcifs/smb/Handler.java 2006-12-13 06:44:50.813474600 -0500 +@@ -23,50 +23,12 @@ + import java.net.URLStreamHandler; + import java.io.IOException; + import java.io.UnsupportedEncodingException; +- + import java.io.PrintStream; + + public class Handler extends URLStreamHandler { + + static final URLStreamHandler SMB_HANDLER = new Handler(); + +- static String unescape( String str ) throws NumberFormatException, UnsupportedEncodingException { +- char ch; +- int i, j, state, len; +- char[] out; +- byte[] b = new byte[1]; +- +- if( str == null ) { +- return null; +- } +- +- len = str.length(); +- out = new char[len]; +- state = 0; +- for( i = j = 0; i < len; i++ ) { +- switch( state ) { +- case 0: +- ch = str.charAt( i ); +- if( ch == '%' ) { +- state = 1; +- } else { +- out[j++] = ch; +- } +- break; +- case 1: +- /* Get ASCII hex value and convert to platform dependant +- * encoding like EBCDIC perhaps +- */ +- b[0] = (byte)(Integer.parseInt( str.substring( i, i + 2 ), 16 ) & 0xFF); +- out[j++] = (new String( b, 0, 1, "ASCII" )).charAt( 0 ); +- i++; +- state = 0; +- } +- } +- +- return new String( out, 0, j ); +- } +- + protected int getDefaultPort() { + return SmbConstants.DEFAULT_PORT; + } +@@ -75,7 +37,7 @@ + } + protected void parseURL( URL u, String spec, int start, int limit ) { + String host = u.getHost(); +- String userinfo, path, ref; ++ String path, ref; + int port; + + if( spec.equals( "smb://" )) { +@@ -87,13 +49,8 @@ + limit += 2; + } + super.parseURL( u, spec, start, limit ); +- userinfo = u.getUserInfo(); + path = u.getPath(); + ref = u.getRef(); +- try { +- userinfo = unescape( userinfo ); +- } catch( UnsupportedEncodingException uee ) { +- } + if (ref != null) { + path += '#' + ref; + } +@@ -102,7 +59,7 @@ + port = getDefaultPort(); + } + setURL( u, "smb", u.getHost(), port, +- u.getAuthority(), userinfo, ++ u.getAuthority(), u.getUserInfo(), + path, u.getQuery(), null ); + } + } +diff -Nuar old-src/jcifs/smb/NtlmPasswordAuthentication.java src/jcifs/smb/NtlmPasswordAuthentication.java +--- old-src/jcifs/smb/NtlmPasswordAuthentication.java 2006-12-09 00:31:24.000000000 -0500 ++++ src/jcifs/smb/NtlmPasswordAuthentication.java 2006-12-13 06:45:36.884587400 -0500 +@@ -186,6 +186,10 @@ + domain = username = password = null; + + if( userInfo != null ) { ++ try { ++ userInfo = unescape( userInfo ); ++ } catch( UnsupportedEncodingException uee ) { ++ } + int i, u, end; + char c; + +@@ -440,5 +444,43 @@ + public String toString() { + return getName(); + } ++ ++ static String unescape( String str ) throws NumberFormatException, UnsupportedEncodingException { ++ char ch; ++ int i, j, state, len; ++ char[] out; ++ byte[] b = new byte[1]; ++ ++ if( str == null ) { ++ return null; ++ } ++ ++ len = str.length(); ++ out = new char[len]; ++ state = 0; ++ for( i = j = 0; i < len; i++ ) { ++ switch( state ) { ++ case 0: ++ ch = str.charAt( i ); ++ if( ch == '%' ) { ++ state = 1; ++ } else { ++ out[j++] = ch; ++ } ++ break; ++ case 1: ++ /* Get ASCII hex value and convert to platform dependant ++ * encoding like EBCDIC perhaps ++ */ ++ b[0] = (byte)(Integer.parseInt( str.substring( i, i + 2 ), 16 ) & 0xFF); ++ out[j++] = (new String( b, 0, 1, "ASCII" )).charAt( 0 ); ++ i++; ++ state = 0; ++ } ++ } ++ ++ return new String( out, 0, j ); ++ } ++ + } + diff --git a/src/jcifs/smb/ACE.java b/src/jcifs/smb/ACE.java index 789688e..3b305c4 100644 --- a/src/jcifs/smb/ACE.java +++ b/src/jcifs/smb/ACE.java @@ -171,7 +171,7 @@ public class ACE { StringBuffer sb = new StringBuffer(); sb.append( isAllow() ? "Allow " : "Deny " ); - appendCol(sb, sid.toString(), 25); + appendCol(sb, sid.toDisplayString(), 25); sb.append( " 0x" ).append( Hexdump.toHexString( access, 8 )).append(' '); sb.append(isInherited() ? "Inherited " : "Direct "); appendCol(sb, getApplyToText(), 34); diff --git a/src/jcifs/smb/NtStatus.java b/src/jcifs/smb/NtStatus.java index 14197e3..83274a5 100644 --- a/src/jcifs/smb/NtStatus.java +++ b/src/jcifs/smb/NtStatus.java @@ -34,6 +34,7 @@ public interface NtStatus { public static final int NT_STATUS_NO_SUCH_DEVICE = 0xC000000e; public static final int NT_STATUS_NO_SUCH_FILE = 0xC000000f; public static final int NT_STATUS_ACCESS_DENIED = 0xC0000022; + public static final int NT_STATUS_BUFFER_TOO_SMALL = 0xC0000023; public static final int NT_STATUS_OBJECT_NAME_INVALID = 0xC0000033; public static final int NT_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034; public static final int NT_STATUS_OBJECT_NAME_COLLISION = 0xC0000035; @@ -65,6 +66,7 @@ public interface NtStatus { public static final int NT_STATUS_NETWORK_ACCESS_DENIED = 0xC00000ca; public static final int NT_STATUS_BAD_NETWORK_NAME = 0xC00000cc; public static final int NT_STATUS_REQUEST_NOT_ACCEPTED = 0xC00000d0; + public static final int NT_STATUS_CANT_ACCESS_DOMAIN_INFO = 0xC00000da; public static final int NT_STATUS_NOT_A_DIRECTORY = 0xC0000103; public static final int NT_STATUS_CANNOT_DELETE = 0xC0000121; public static final int NT_STATUS_PIPE_BROKEN = 0xC000014b; @@ -86,6 +88,7 @@ public interface NtStatus { NT_STATUS_NO_SUCH_DEVICE, NT_STATUS_NO_SUCH_FILE, NT_STATUS_ACCESS_DENIED, + NT_STATUS_BUFFER_TOO_SMALL, NT_STATUS_OBJECT_NAME_INVALID, NT_STATUS_OBJECT_NAME_NOT_FOUND, NT_STATUS_OBJECT_NAME_COLLISION, @@ -117,6 +120,7 @@ public interface NtStatus { NT_STATUS_NETWORK_ACCESS_DENIED, NT_STATUS_BAD_NETWORK_NAME, NT_STATUS_REQUEST_NOT_ACCEPTED, + NT_STATUS_CANT_ACCESS_DOMAIN_INFO, NT_STATUS_NOT_A_DIRECTORY, NT_STATUS_CANNOT_DELETE, NT_STATUS_PIPE_BROKEN, @@ -139,6 +143,7 @@ public interface NtStatus { "The system cannot find the file specified.", "The system cannot find the file specified.", "Access is denied.", + "The data area passed to a system call is too small.", "The filename, directory name, or volume label syntax is incorrect.", "The system cannot find the file specified.", "Cannot create a file when that file already exists.", @@ -170,6 +175,7 @@ public interface NtStatus { "Network access is denied.", "The network name cannot be found.", "No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.", + "Indicates a Windows NT Server could not be contacted or that objects within the domain are protected such that necessary information could not be retrieved.", "The directory name is invalid.", "Access is denied.", "The pipe has been ended.", diff --git a/src/jcifs/smb/NtTransQuerySecurityDesc.java b/src/jcifs/smb/NtTransQuerySecurityDesc.java index 7522e8b..57daa98 100644 --- a/src/jcifs/smb/NtTransQuerySecurityDesc.java +++ b/src/jcifs/smb/NtTransQuerySecurityDesc.java @@ -33,7 +33,7 @@ class NtTransQuerySecurityDesc extends SmbComNtTransaction { setupCount = 0; totalDataCount = 0; maxParameterCount = 4; - maxDataCount = 4096; + maxDataCount = 32768; maxSetupCount = (byte)0x00; } diff --git a/src/jcifs/smb/NtTransQuerySecurityDescResponse.java b/src/jcifs/smb/NtTransQuerySecurityDescResponse.java index cde45e6..92e03b1 100644 --- a/src/jcifs/smb/NtTransQuerySecurityDescResponse.java +++ b/src/jcifs/smb/NtTransQuerySecurityDescResponse.java @@ -46,6 +46,9 @@ class NtTransQuerySecurityDescResponse extends SmbComNtTransactionResponse { int readDataWireFormat( byte[] buffer, int bufferIndex, int len ) { int start = bufferIndex; + if (errorCode != 0) + return 4; + bufferIndex++; // revision bufferIndex++; type = readInt2(buffer, bufferIndex); diff --git a/src/jcifs/smb/SID.java b/src/jcifs/smb/SID.java index bb3f55c..cb65b28 100644 --- a/src/jcifs/smb/SID.java +++ b/src/jcifs/smb/SID.java @@ -34,12 +34,12 @@ import jcifs.dcerpc.msrpc.*; *

* Consider the following output of examples/SidLookup.java: * 

- *       toString: WNET\Domain Admins
- *    toSidString: S-1-5-21-4133388617-793952518-2001621813-512
- *        getType: 2
- *    getTypeText: Domain group
- *  getDomainName: WNET
- * getAccountName: Domain Admins
+ *        toString: S-1-5-21-4133388617-793952518-2001621813-512
+ * toDisplayString: WNET\Domain Admins
+ *         getType: 2
+ *     getTypeText: Domain group
+ *   getDomainName: WNET
+ *  getAccountName: Domain Admins
  *
*/ @@ -133,7 +133,7 @@ public class SID extends rpc.sid_t { * * @param authorityServerName The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority. * @param auth The credentials that should be used to communicate with the named server. As usual, null indicates that default credentials should be used. - * @param sids The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toString, getDomainName, and getAccountName methods. + * @param sids The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toDisplayString, getDomainName, and getAccountName methods. */ static public void resolveSids(String authorityServerName, NtlmPasswordAuthentication auth, @@ -278,7 +278,7 @@ public class SID extends rpc.sid_t { if (origin_server != null) resolveWeak(); if (type == SID_TYPE_UNKNOWN) { - String full = toSidString(); + String full = toString(); return full.substring(0, full.length() - getAccountName().length() - 1); } return domainName; @@ -334,7 +334,7 @@ public class SID extends rpc.sid_t { * Return the numeric representation of this sid such as * S-1-5-21-1496946806-2192648263-3843101252-1029. */ - public String toSidString() { + public String toString() { String ret = "S-" + (revision & 0xFF) + "-"; if (identifier_authority[0] != (byte)0 || identifier_authority[1] != (byte)0) { @@ -370,9 +370,9 @@ public class SID extends rpc.sid_t { * If the SID has been resolved but it is a builtin account, * only the name component will be returned (e.g. SYSTEM). * If the sid cannot be resolved the numeric representation from - * toSidString() is returned. + * toString() is returned. */ - public String toString() { + public String toDisplayString() { if (origin_server != null) resolveWeak(); if (domainName != null) { @@ -384,7 +384,7 @@ public class SID extends rpc.sid_t { type == SID_TYPE_WKN_GRP || domainName.equals("BUILTIN")) { if (type == SID_TYPE_UNKNOWN) { - str = toSidString(); + str = toString(); } else { str = acctName; } @@ -394,7 +394,7 @@ public class SID extends rpc.sid_t { return str; } - return toSidString(); + return toString(); } void resolve(String authorityServerName, diff --git a/src/jcifs/smb/SmbFile.java b/src/jcifs/smb/SmbFile.java index 9b26b17..5f09ced 100644 --- a/src/jcifs/smb/SmbFile.java +++ b/src/jcifs/smb/SmbFile.java @@ -680,7 +680,7 @@ public class SmbFile extends URLConnection implements SmbConstants { log.println( dr ); dfsReferral = dr; - request.path = getDfsUncPath0(); + request.path = unc = getDfsUncPath0(); } request.flags2 |= ServerMessageBlock.FLAGS2_RESOLVE_PATHS_IN_DFS; } else { @@ -2604,10 +2604,12 @@ public class SmbFile extends URLConnection implements SmbConstants { * their numeric representation to their corresponding account names. */ public ACE[] getSecurity(boolean resolveSids) throws IOException { - int f = open0( O_RDONLY, READ_CONTROL, 0, isDirectory() ? 1 : 0 ); + int f; int ai; ACE[] aces; + f = open0( O_RDONLY, READ_CONTROL, 0, isDirectory() ? 1 : 0 ); + /* * NtTrans Query Security Desc Request / Response */