From: Felix Schumacher Date: Thu, 6 Aug 2009 15:41:55 +0000 (+0200) Subject: jcifs-1.3.12c from tgz X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=eceb834f93b446a1cda669aa4cab23af724adbeb;p=jcifs_without_docs.git jcifs-1.3.12c from tgz Tue Aug 4 14:31:47 EDT 2009 jcifs-1.3.12c If NtlmPasswordAuthentication.ANONYMOUS was used, CAP_EXTENDED_SECURITY could be incorrectly turned off resulting in a NullPointerException in SmbComSessionSetupAndX.java. If a DC does not return any domain referrals, a NullPointerException could occur. Both of these NPEs have been fixed. --- diff --git a/README.txt b/README.txt index 919af5d..9faf634 100644 --- a/README.txt +++ b/README.txt @@ -1,3 +1,11 @@ +Tue Aug 4 14:31:47 EDT 2009 +jcifs-1.3.12c + +If NtlmPasswordAuthentication.ANONYMOUS was used, CAP_EXTENDED_SECURITY +could be incorrectly turned off resulting in a NullPointerException in +SmbComSessionSetupAndX.java. If a DC does not return any domain referrals, +a NullPointerException could occur. Both of these NPEs have been fixed. + Tue Jul 21 11:19:39 EDT 2009 jcifs-1.3.11 diff --git a/build.xml b/build.xml index 0796b3c..361af62 100644 --- a/build.xml +++ b/build.xml @@ -1,7 +1,7 @@ - - + + diff --git a/examples/10883563.doc b/examples/10883563.doc new file mode 100644 index 0000000..62644d9 --- /dev/null +++ b/examples/10883563.doc @@ -0,0 +1,6 @@ +C:\tmp>ktpass /princ HTTP/www.foo.net@WIN.NET /ptype KRB5_NT_PRINCIPAL /desonly /pass asj7j112233hh4455 /mapuser test2 +Targeting domain controller: ts0.win.net +Using legacy password setting method +Successfully mapped HTTP/www.foo.net to test2. +Key created. +Account test2 has been set for DES-only encryption. \ No newline at end of file diff --git a/examples/runtests.sh b/examples/runtests.sh index d648054..6cd4e6e 100644 --- a/examples/runtests.sh +++ b/examples/runtests.sh @@ -6,15 +6,15 @@ PROPERTIES=../../user2.prp RUN="${JAVA_HOME}/bin/java -cp ${CLASSPATH} -Djcifs.properties=${PROPERTIES}" #SERVER=192.168.2.110 -#SERVER=dc1.w.net -#SHARE=tmp -#DIR=test +SERVER=dc1.w.net +SHARE=tmp +DIR=test # Domain-based DFS #SERVER=192.168.2.110 -SERVER=w.net -SHARE=root2 -DIR=test +#SERVER=w.net +#SHARE=root2 +#DIR=test # smb://fs1.w.net/DFSStandaloneRoot/DFSStandaloneLink/test/ # smb://dc1.w.net/root2/link2/test/ diff --git a/src/jcifs/smb/Dfs.java b/src/jcifs/smb/Dfs.java index 20ffda6..14cd715 100644 --- a/src/jcifs/smb/Dfs.java +++ b/src/jcifs/smb/Dfs.java @@ -64,15 +64,17 @@ public class Dfs { CacheEntry entry = new CacheEntry(Dfs.TTL * 10L); DfsReferral dr = trans.getDfsReferrals(auth, "", 0); - DfsReferral start = dr; - do { - String domain = dr.server.toLowerCase(); - entry.map.put(domain, new HashMap()); - dr = dr.next; - } while (dr != start); - - _domains = entry; - return _domains.map; + if (dr != null) { + DfsReferral start = dr; + do { + String domain = dr.server.toLowerCase(); + entry.map.put(domain, new HashMap()); + dr = dr.next; + } while (dr != start); + + _domains = entry; + return _domains.map; + } } catch (IOException ioe) { if (log.level >= 3) ioe.printStackTrace(log); diff --git a/src/jcifs/smb/SmbComSessionSetupAndX.java b/src/jcifs/smb/SmbComSessionSetupAndX.java index 35cfe00..a7d3bff 100644 --- a/src/jcifs/smb/SmbComSessionSetupAndX.java +++ b/src/jcifs/smb/SmbComSessionSetupAndX.java @@ -29,7 +29,7 @@ class SmbComSessionSetupAndX extends AndXServerMessageBlock { Config.getBoolean( "jcifs.smb.client.disablePlainTextPasswords", true ); private byte[] lmHash, ntHash, blob = null; - private int sessionKey; + private int sessionKey, capabilities; private String accountName, primaryDomain; SmbSession session; @@ -42,6 +42,7 @@ class SmbComSessionSetupAndX extends AndXServerMessageBlock { this.cred = cred; sessionKey = session.transport.sessionKey; + capabilities = session.transport.capabilities; if (session.transport.server.security == SECURITY_USER) { if (cred instanceof NtlmPasswordAuthentication) { @@ -50,6 +51,7 @@ class SmbComSessionSetupAndX extends AndXServerMessageBlock { if (auth == NtlmPasswordAuthentication.ANONYMOUS) { lmHash = new byte[0]; ntHash = new byte[0]; + capabilities &= ~SmbConstants.CAP_EXTENDED_SECURITY; } else if (session.transport.server.encryptedPasswords) { lmHash = auth.getAnsiHash( session.transport.server.encryptionKey ); ntHash = auth.getUnicodeHash( session.transport.server.encryptionKey ); @@ -125,7 +127,7 @@ class SmbComSessionSetupAndX extends AndXServerMessageBlock { dst[dstIndex++] = (byte)0x00; dst[dstIndex++] = (byte)0x00; dst[dstIndex++] = (byte)0x00; - writeInt4( session.transport.capabilities, dst, dstIndex ); + writeInt4( capabilities, dst, dstIndex ); dstIndex += 4; return dstIndex - start; @@ -165,7 +167,7 @@ class SmbComSessionSetupAndX extends AndXServerMessageBlock { ",sessionKey=" + sessionKey + ",lmHash.length=" + (lmHash == null ? 0 : lmHash.length) + ",ntHash.length=" + (ntHash == null ? 0 : ntHash.length) + - ",capabilities=" + session.transport.capabilities + + ",capabilities=" + capabilities + ",accountName=" + accountName + ",primaryDomain=" + primaryDomain + ",NATIVE_OS=" + session.transport.NATIVE_OS + diff --git a/src/jcifs/smb/SmbSession.java b/src/jcifs/smb/SmbSession.java index a2da7e0..20f345b 100644 --- a/src/jcifs/smb/SmbSession.java +++ b/src/jcifs/smb/SmbSession.java @@ -264,10 +264,8 @@ synchronized( transport() ) { do { switch (state) { case 10: /* NTLM */ - if (auth == NtlmPasswordAuthentication.ANONYMOUS) - transport.capabilities &= ~SmbConstants.CAP_EXTENDED_SECURITY; - - if (transport.hasCapability(SmbConstants.CAP_EXTENDED_SECURITY)) { + if (auth != NtlmPasswordAuthentication.ANONYMOUS && + transport.hasCapability(SmbConstants.CAP_EXTENDED_SECURITY)) { state = 20; /* NTLMSSP */ break; }