commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriele Bulfon <gbul...@sonicle.com>
Subject VFS smb bug
Date Mon, 28 Aug 2006 10:25:17 GMT
Hello,
I think I found a very simple bug inside the VFS code implementation for 
SMB.

I was trying to implement an UserAuthenticator interface to pass 
credentials during SMB logon when the SMB url has none inside it.
I had hard times finding documentations about it, but after a bit of 
hacking inside the source code I could find how to do it. Here is the 
code I implemented:

import org.apache.commons.vfs.*;
import org.apache.commons.vfs.impl.*;
import org.apache.commons.vfs.util.*;

public class TestVFS implements UserAuthenticator {
   
    static final char username[]={'u','s','e','r'};
    static final char password[]={'p','a','s','s'};

    public static void main(String[] args) throws Exception {
       
        TestVFS authenticator=new TestVFS();
        FileSystemOptions opts=new FileSystemOptions();
        
DefaultFileSystemConfigBuilder.getInstance().setUserAuthenticator(opts,authenticator);
        FileObject 
fo=VFS.getManager().resolveFile("smb://smbhost/.",opts); //to get a list 
of shares
        FileObject list[]=fo.getChildren();
        for(FileObject child: list) {
            System.out.println("child: "+child.getName());
        }
        System.exit(0);
    }

    public UserAuthenticationData 
requestAuthentication(UserAuthenticationData.Type[] types) {
        UserAuthenticationData data=new UserAuthenticationData();
        for(UserAuthenticationData.Type type: types) {
            if (type.equals(UserAuthenticationData.USERNAME)) 
data.setData(UserAuthenticationData.USERNAME,username);
            else if (type.equals(UserAuthenticationData.PASSWORD)) 
data.setData(UserAuthenticationData.PASSWORD,password);
        }
        return data;
    }
}

The implementation seems to work fine, because the calls to 
"requestAuthentication" are ok.
But then you discover that the call to "resolveFile" will fail unless 
user and password are the same.
The reason is inside 
org.apache.commons.vfs.provider.smb.SmbFileObject.createSmbFile(...),
where the :
    auth=new NtlmPasswordAuthentication(domain,user,password);
is actually created as:
    auth=new NtlmPasswordAuthentication(domain,user,user);

Here is the wrong code (look at how the constant USERNAME is used on 
both arguments, and it is used only for delegated credentials):

            auth = new NtlmPasswordAuthentication(
                UserAuthenticatorUtils.toString(
                    UserAuthenticatorUtils.getData(
                        authData,
                        UserAuthenticationData.DOMAIN,
                        
UserAuthenticatorUtils.toChar(smbFileName.getDomain()))),
                UserAuthenticatorUtils.toString(
                    UserAuthenticatorUtils.getData(
                        authData,
                        UserAuthenticationData.USERNAME,
                        
UserAuthenticatorUtils.toChar(smbFileName.getUserName()))),
                UserAuthenticatorUtils.toString(
                    UserAuthenticatorUtils.getData(
                        authData,
                        UserAuthenticationData.USERNAME,
                        
UserAuthenticatorUtils.toChar(smbFileName.getPassword()))));


Can anyone correct the last USERNAME into PASSWORD and post it soon?

Last but not least, the code suggests me that delegated credentials will 
come before any credential present inside the smb url.
IMHO, I feel that url encoded credentials should be checked before 
deciding to use the UserAuthenticator.
This would let me have a list of free-form urls, some containing 
credentials and some not:
- the ones missing credentials will be authenticated by my authenticator
- the other ones will use the url encoded credentials.
What do you think?

Thanks a lot,
Gabriele Bulfon.


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message