From 052649c8f76dd65368f9e1d727a99193e97b8a48 Mon Sep 17 00:00:00 2001
From: Felix Schumacher <p0354740@isib001.(none)>
Date: Wed, 6 Aug 2008 16:20:59 +0200
Subject: [PATCH] jcifs-0.9.8 from tgz

Thu Sep  2 18:45:35 EDT 2004
jcifs-0.9.8 released

If  the  special  "GUEST"  account is not disabled (almost always is) it is
possible  for  a  bogus  username  to  be  authenticated successfully. This
problem was only partially fixed previously. A clause was incorrectly added
that  was  intended  to  allow  the  username  "guest"  to be authenticated
successfully.  It  is  now  not possible for "guest" to be authenticated at
all.

A  log  message  has  been  added to the NtlmHttpFilter that will be logged
whenever  an  SmbAuthException is triggered and the jcifs.util.log.loglevel
is  greater  than 1. For example, to enable logging authentication failures
with the filter add the following to the filter section in your web.xml.

    <init-param>
        <param-name>jcifs.util.loglevel</param-name>
        <param-value>2</param-value>
    </init-param>

An  ArrayIndexOutOfBoundsException  that  could occur if NTLMv2 is used but
lmCompatibility was not set to 3 accordingly has been fixed.
---
 README.txt                                | 23 +++++++++++++++++++++++
 build.xml                                 | 10 +++++-----
 examples/web.xml                          | 31 ++++++-------------------------
 src/jcifs/Config.java                     | 30 ++++++++++++++++++++----------
 src/jcifs/http/NtlmHttpFilter.java        | 18 ++++++++++++++++++
 src/jcifs/smb/SmbComSessionSetupAndX.java | 10 ++++++----
 src/jcifs/smb/SmbSession.java             |  2 +-
 src/jcifs/util/Hexdump.java               |  9 ++++++++-
 8 files changed, 87 insertions(+), 46 deletions(-)

diff --git a/README.txt b/README.txt
index ee31da1..5cee51e 100644
--- a/README.txt
+++ b/README.txt
@@ -1,3 +1,26 @@
+Thu Sep  2 18:45:35 EDT 2004
+jcifs-0.9.8 released
+
+If  the  special  "GUEST"  account is not disabled (almost always is) it is
+possible  for  a  bogus  username  to  be  authenticated successfully. This
+problem was only partially fixed previously. A clause was incorrectly added
+that  was  intended  to  allow  the  username  "guest"  to be authenticated
+successfully.  It  is  now  not possible for "guest" to be authenticated at
+all.
+
+A  log  message  has  been  added to the NtlmHttpFilter that will be logged
+whenever  an  SmbAuthException is triggered and the jcifs.util.log.loglevel
+is  greater  than 1. For example, to enable logging authentication failures
+with the filter add the following to the filter section in your web.xml. 
+
+    <init-param>
+        <param-name>jcifs.util.loglevel</param-name>
+        <param-value>2</param-value>
+    </init-param>
+
+An  ArrayIndexOutOfBoundsException  that  could occur if NTLMv2 is used but
+lmCompatibility was not set to 3 accordingly has been fixed. 
+
 Tue Aug 10 21:25:03 EDT 2004
 jcifs-0.9.7 released
 
diff --git a/build.xml b/build.xml
index 17b06a8..c860524 100644
--- a/build.xml
+++ b/build.xml
@@ -1,6 +1,6 @@
 <project name="jcifs" default="usage" basedir=".">
 
-    <property name="version" value="0.9.7"/>
+    <property name="version" value="0.9.8"/>
 
     <target name="usage">
         <echo>
@@ -181,8 +181,8 @@ dependencies: Checks that all class dependencies are met.
     <target name="docs">
         <style basedir="docs" destdir="docs" extension=".html" style="plain.xsl"
                 includes="pipes.xml,faq.xml,wins.xml,capture.xml,httpclient.xml,resolver.xml,authhandler.xml,ntlmhttpauth.xml">
-<param name="date" expression="Aug 11, 2004"/>
-<param name="lib" expression="jcifs-0.9.7"/>
+<param name="date" expression="Sep 3, 2004"/>
+<param name="lib" expression="jcifs-0.9.8"/>
 <param name="title" expression="JCIFS"/>
 <param name="copyright" expression="The JCIFS Project"/>
 <param name="edge" expression="#808080"/>
@@ -195,8 +195,8 @@ dependencies: Checks that all class dependencies are met.
         </style>
         <style basedir="docs" destdir="docs" extension=".html" style="proj.xsl"
                 includes="index.xml">
-<param name="date" expression="Aug 11, 2004"/>
-<param name="lib" expression="jcifs-0.9.7"/>
+<param name="date" expression="Sep 3, 2004"/>
+<param name="lib" expression="jcifs-0.9.8"/>
 <param name="title" expression="JCIFS"/>
 <param name="copyright" expression="The JCIFS Project"/>
 <param name="edge" expression="#808080"/>
diff --git a/examples/web.xml b/examples/web.xml
index a9ed68d..c8676ed 100644
--- a/examples/web.xml
+++ b/examples/web.xml
@@ -1,39 +1,20 @@
 <web-app id='/'>
 
-<!--
--->
-<filter
-    filter-name='ntlm'
-    filter-class='jcifs.http.NtlmHttpFilter'>
+<filter filter-name='ntlm' filter-class='jcifs.http.NtlmHttpFilter'>
     <init-param>
         <param-name>jcifs.smb.client.domain</param-name>
         <param-value>MYDOMAIN</param-value>
     </init-param>
-</filter>
-<filter-mapping
-    url-pattern='/*'
-    filter-name='ntlm'/>
-
-<!--
-<servlet
-    servlet-name='NetworkExplorer'
-    servlet-class='jcifs.http.NetworkExplorer'>
-    <init-param>
-        <param-name>jcifs.resolveOrder</param-name>
-        <param-value>WINS,DNS</param-value>
-    </init-param>
     <init-param>
         <param-name>jcifs.netbios.wins</param-name>
         <param-value>164.215.78.56,196.141.101.3</param-value>
     </init-param>
     <init-param>
-        <param-name>jcifs.smb.client.domain</param-name>
-        <param-value>MYDOMAIN</param-value>
+        <param-name>jcifs.util.loglevel</param-name>
+        <param-value>2</param-value>
     </init-param>
-</servlet>
-<servlet-mapping
-    servlet-name='NetworkExplorer'
-    url-pattern='/ne/*'/>
--->
+</filter>
+
+<filter-mapping url-pattern='/*' filter-name='ntlm'/>
 
 </web-app>
diff --git a/src/jcifs/Config.java b/src/jcifs/Config.java
index 6a4419e..35a5959 100644
--- a/src/jcifs/Config.java
+++ b/src/jcifs/Config.java
@@ -89,11 +89,11 @@ public class Config {
      * URL class the following exception will occur:
      * <blockquote><pre>
      * Exception MalformedURLException: unknown protocol: smb
-     *       at java.net.URL.<init>(URL.java:480)
-     *       at java.net.URL.<init>(URL.java:376)
-     *       at java.net.URL.<init>(URL.java:330)
-     *       at jcifs.smb.SmbFile.<init>(SmbFile.java:355)
-     *       ...
+     *     at java.net.URL.<init>(URL.java:480)
+     *     at java.net.URL.<init>(URL.java:376)
+     *     at java.net.URL.<init>(URL.java:330)
+     *     at jcifs.smb.SmbFile.<init>(SmbFile.java:355)
+     *     ...
      * </pre><blockquote>
      */
 
@@ -106,11 +106,11 @@ public class Config {
         }
         pkgs = System.getProperty( "java.protocol.handler.pkgs" );
         if( pkgs == null ) {
-            pkgs = "jcifs";
-        } else {
+            System.setProperty( "java.protocol.handler.pkgs", "jcifs" );
+        } else if( pkgs.indexOf( "jcifs" ) == -1 ) {
             pkgs += "|jcifs";
+            System.setProperty( "java.protocol.handler.pkgs", pkgs );
         }
-        System.setProperty( "java.protocol.handler.pkgs", pkgs );
     }
 
     // supress javadoc constructor summary by removing 'protected'
@@ -127,7 +127,12 @@ public class Config {
 
     public static void setProperties( Properties prp ) {
         Config.prp = new Properties( prp );
-        Config.prp.putAll( System.getProperties() );
+        try {
+            Config.prp.putAll( System.getProperties() );
+        } catch( SecurityException se ) {
+            if( log.level > 1 )
+                log.println( "SecurityException: jcifs will ignore System properties" );
+        }
     }
 
     /**
@@ -139,7 +144,12 @@ public class Config {
         if( in != null ) {
             prp.load( in );
         }
-        prp.putAll( System.getProperties() );
+        try {
+            prp.putAll( System.getProperties() );
+        } catch( SecurityException se ) {
+            if( log.level > 1 )
+                log.println( "SecurityException: jcifs will ignore System properties" );
+        }
     }
 
     public static void store( OutputStream out, String header ) throws IOException {
diff --git a/src/jcifs/http/NtlmHttpFilter.java b/src/jcifs/http/NtlmHttpFilter.java
index 74023b4..5b020c5 100644
--- a/src/jcifs/http/NtlmHttpFilter.java
+++ b/src/jcifs/http/NtlmHttpFilter.java
@@ -31,6 +31,7 @@ import jcifs.smb.SmbSession;
 import jcifs.smb.NtlmPasswordAuthentication;
 import jcifs.smb.SmbAuthException;
 import jcifs.util.Base64;
+import jcifs.util.LogStream;
 import jcifs.netbios.NbtAddress;
 
 /**
@@ -44,6 +45,7 @@ import jcifs.netbios.NbtAddress;
 
 public class NtlmHttpFilter implements Filter {
 
+    private static LogStream log = LogStream.getInstance();
 
     private String defaultDomain;
     private String domainController;
@@ -54,6 +56,7 @@ public class NtlmHttpFilter implements Filter {
 
     public void init( FilterConfig filterConfig ) throws ServletException {
         String name;
+        int level;
 
         /* Set jcifs properties we know we want; soTimeout and cachePolicy to 10min.
          */
@@ -79,6 +82,16 @@ public class NtlmHttpFilter implements Filter {
                 Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
         realm = Config.getProperty("jcifs.http.basicRealm");
         if (realm == null) realm = "jCIFS";
+
+        if(( level = Config.getInt( "jcifs.util.loglevel", -1 )) != -1 ) {
+            LogStream.setLevel( level );
+        }
+        if( log.level > 2 ) {
+            try {
+                Config.store( log, "JCIFS PROPERTIES" );
+            } catch( IOException ioe ) {
+            }
+        }
     }
 
     public void destroy() {
@@ -129,6 +142,11 @@ public class NtlmHttpFilter implements Filter {
                 SmbSession.logon( dc, ntlm );
 
             } catch( SmbAuthException sae ) {
+                if( log.level > 1 ) {
+                    log.println( "NtlmHttpFilter: " + ntlm.getName() +
+                            ": 0x" + jcifs.util.Hexdump.toHexString( sae.getNtStatus(), 8 ) +
+                            ": " + sae );
+                }
                 if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) {
                     /* Server challenge no longer valid for
                      * externally supplied password hashes.
diff --git a/src/jcifs/smb/SmbComSessionSetupAndX.java b/src/jcifs/smb/SmbComSessionSetupAndX.java
index 6063a05..efe4123 100644
--- a/src/jcifs/smb/SmbComSessionSetupAndX.java
+++ b/src/jcifs/smb/SmbComSessionSetupAndX.java
@@ -56,12 +56,14 @@ class SmbComSessionSetupAndX extends AndXServerMessageBlock {
         if( session.transport.server.security == SECURITY_USER &&
                         ( auth.hashesExternal || auth.password.length() > 0 )) {
             if( session.transport.server.encryptedPasswords ) {
-                // encrypted
                 accountPassword = auth.getAnsiHash( session.transport.server.encryptionKey );
+                passwordLength = accountPassword.length;
                 unicodePassword = auth.getUnicodeHash( session.transport.server.encryptionKey );
-                passwordLength = unicodePasswordLength = 24;
-                // fix for win9x clients
-                if (unicodePassword.length == 0) unicodePasswordLength = 0;
+                unicodePasswordLength = unicodePassword.length;
+                // prohibit HTTP auth attempts for the null session
+                if (unicodePasswordLength == 0 && passwordLength == 0) {
+                    throw new RuntimeException("Null setup prohibited.");
+                }
             } else if( DISABLE_PLAIN_TEXT_PASSWORDS ) {
                 throw new RuntimeException( "Plain text passwords are disabled" );
             } else if( useUnicode ) {
diff --git a/src/jcifs/smb/SmbSession.java b/src/jcifs/smb/SmbSession.java
index 56a6298..00d8caf 100644
--- a/src/jcifs/smb/SmbSession.java
+++ b/src/jcifs/smb/SmbSession.java
@@ -188,7 +188,7 @@ synchronized( transport() ) {
         request.auth = auth;
         transport.send( request, response );
 
-        if( response.isLoggedInAsGuest && "GUEST".equals( auth.username )) {
+        if( response.isLoggedInAsGuest ) {
             throw new SmbAuthException( NtStatus.NT_STATUS_LOGON_FAILURE );
         }
 
diff --git a/src/jcifs/util/Hexdump.java b/src/jcifs/util/Hexdump.java
index 95a783c..c76ef28 100644
--- a/src/jcifs/util/Hexdump.java
+++ b/src/jcifs/util/Hexdump.java
@@ -55,6 +55,10 @@ public class Hexdump {
  */
 
     public static void hexdump( PrintStream ps, byte[] src, int srcIndex, int length ) {
+        if( length == 0 ) {
+            return;
+        }
+
         int s = length % 16;
         int r = ( s == 0 ) ? length / 16 : length / 16 + 1;
         char[] c = new char[r * (74 + NL_LENGTH)];
@@ -134,7 +138,10 @@ public class Hexdump {
 
     public static void toHexChars( int val, char dst[], int dstIndex, int size ) {
         while( size > 0 ) {
-            dst[dstIndex + size - 1] = HEX_DIGITS[val & 0x000F];
+            int i = dstIndex + size - 1;
+            if( i < dst.length ) {
+                dst[i] = HEX_DIGITS[val & 0x000F];
+            }
             if( val != 0 ) {
                 val >>>= 4;
             }
-- 
2.11.0