NTLM Authentication with W2003 Server / Bug

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

NTLM Authentication with W2003 Server / Bug

K.Streng
Hello folks,

I found a bug in jcifs.smb.SmbTransport.

For a SingleSignOn solution with the IExplorer, i programmed a class based on
the file NtlmHttpFilter.java. It works fine with W2000 Server, because with
the switch to W2003 Server the logon fails with the second user.

Corresponding with the manual, I changed ssnLimit to 1 – with the result that
nobody can’t logon because iCIFS throw out the exception
NT_STATUS_ACCESS_VIOLATION.

This causes from the handshake of the NTLM HTTP protocol (3 messages). Because
with each call of the Method “SmbTransport” the first if-condition blocks and
forced the creation of a new “conn”-object although the authentication are not
complete.

The append patch solves this problem by eliminating the first if-condition. I
believe the second if-condition (… conn.sessions.size() < SSN_LIMIT) are
sufficient for the correct handling of SMB signing key for W2003 Server.

K. Streng.



--- jcifs_1.2.7\src\jcifs\smb\SmbTransport.java Fri Nov 18 17:21:00 2005
+++ .\jcifs\src\jcifs\smb\SmbTransport.java Wed Nov 30 21:07:38 2005
@@ -42,14 +42,12 @@
         SmbTransport conn;
 
         synchronized( CONNECTIONS ) {
-            if( SSN_LIMIT != 1 ) {
-                ListIterator iter = CONNECTIONS.listIterator();
-                while( iter.hasNext() ) {
-                    conn = (SmbTransport)iter.next();
-                    if( conn.matches( address, port, localAddr, localPort ) &&
-                            ( SSN_LIMIT == 0 || conn.sessions.size() <
SSN_LIMIT )) {
-                        return conn;
-                    }
+            ListIterator iter = CONNECTIONS.listIterator();
+            while( iter.hasNext() ) {
+                conn = (SmbTransport)iter.next();
+                if( conn.matches( address, port, localAddr, localPort ) &&
+                        ( SSN_LIMIT == 0 || conn.sessions.size() <
SSN_LIMIT )) {
+                    return conn;
                 }
             }