Fri Nov 18 17:08:56 EST 2005
jcifs-1.2.7 released / Transport Error, Filter Changes, Integer Overflow,
User Contributed Patches, and More

This release consists of the following changes:

 o Some debugging printlns left over from the last release have been
   removed.
 o Added setContentLength(0) to two other places for the NTLM HTTP
   Filter. This is required for HTTP 1.0 clients (e.g. Google appliance
   servers).
 o The name service code will now properly resolve DNS names that begin
   with digits.
 o Several instances of possible integer overflow have been fixed.
 o A patch for large read and write support has been added to the patches
   directory. A patch for reading security descriptors has been added
   to the patches directory.
 o If a transport was in error due to a connection timeout it could
   remain in the error state indefinitely. This issue has been fixed.

Fri Oct  7 19:47:53 EDT 2005
jcifs-1.2.6 released / Session Management and Filter Fix

It  was  discovered  that redundant sessions could be created. This problem
has  been  fixed  but  the  fix  is to not remove sessions from the list of
sessions  for a transport which is somewhat of a waste of memory. This will
probably  need  to  be  revisited. It has been advised that the Filter call
setStatus() before setContentLength(0). This change has been implemented. 

Fri Sep 30 23:28:51 EDT 2005
jcifs-1.2.5  released  /  Filter Exceptions, Stressing the Transport Layer,
  and DFS Deadlock Fixed 

This release of the JCIFS client consists of the following changes.

o It  was discovered that a flaw in session expiration could cause sessions
  to expire prematurely. This has been repaired.
o If   the   jcifs.netbios.hostname   property  is  set,  the  client  will
  communicate  using  only  NetBIOS  over  port  139.  This is required for
  environments that implement a policy restricting users to logging in from
  certain computers.
o Under  stress  the  client  could  incorrectly attempt to use the invalid
  "NULL" transport. This has been fixed.
o Filter  users  could experience exceptions due to using the port 0 rather
  than the default CIFS port.
o The  client  should  now  handle partial reads and socket exceptions more
  gracefully.
o Under  stress, the DFS referral query could cause the client to deadlock.
  This has been fixed. 

Wed Sep 21 01:53:28 EDT 2005
jcifs-1.2.4  released / Timeout Transport Exception, Bogus Signature Error,
  and More 

A  NetBIOS  keep-alive  message  (received  after  ~10 minutes) would break
message  processesing  with a timedout waiting for response Exception. This
has been fixed.

JCIFS  would  fail  to  validate  responses with a status that is not zero.
Assuming  we are calculating the verfication signature correctly I can only
assume  the  affected  servers choose not to generate the correct signature
for  error  responses  (perhaps for DOS reasons). Because JCIFS checked the
signature  before  the  message  status,  an error response would fail with
"signature  verification  failure".  This behavior has been changed so that
signatures are not verified if the status is non zero.

It  was  discovered  that the new transport (as of 1.2.x) could not cleanly
recover  from  temporary  server  failure  (e.g.  a restart). This has been
fixed. Methods will still throw Exceptions but moment the server comes back
online the client gracefully recover. 

Wed Aug 24 13:29:44 EDT 2005
jcifs-1.2.3 released / Port 445 Fixed

A  mistake  in  the 1.2.2 release broke port 445 communication entirely. It
has  been  fixed.  The  exact error (with a sufficiently high loglevel) was
"Invalid payload size: 1". 

Sat Aug 20 00:26:11 EDT 2005
jcifs-1.2.2  released  / Exception  "cannot  assign requested address" Fixed,
  Clusters, NetApp Filer, and More 

There have been a number of small fixes. These are:

o The  "cannot  assign  requested address" exception caused by trying to bind
  the local address 127.0.0.1 has been fixed.
o In  a  cluster  environment  the  NTLM HTTP Filter could fail with "account
  currently  disabled"  or  "Access  denied"  errors due to a deserialization
  issue  of  "preauthentication"  credentials  stored in the HttpSession. The
  initialization  of  default  credentials has been changed however it is not
  clear  that  the  change  will have any effect as I do not have a clustered
  environment in which to test.
o The  combination  of  plain text passwords and Unicode (largely specific to
  Samba 3) has been fixed.
o A  bogus debugging statement has been discovered and removed. Who left that
  in there?!
o A  Socket.shutdownOutput()  call  has  been  added to doDisconnect as it is
  believed  to  reduce  spurrious  RST frames observed when abruptly shutting
  down  transports.  These  are  believed  to  be harmless but they have been
  associated with unsightly messages in Samba log files.
o The  copyTo()  method  will now check to see if the source path is a child,
  parent  or  equal  to  the  destination  path  and if so throw a Source and
  destination paths overlap exception.
o An  additional  debugging  statement has been added to the NTLM HTTP Filter
  domain controller interrogation code.
o The  getDiskFreeSpace  call  could  fail  with  NetApp  Filer.  It has been
  repaired. 

Sun Jul  3 23:33:03 EDT 2005
jcifs-1.2.1 released

The  SMB  signing  code was totally broken in the last release. It has been
reparied.  The  setAttributes  method did not work on directories. This has
been  fixed  and  the masks used to filter setAttributes/getAttributes have
been  optimized  to allow getting and setting all possible attributes based
on   observed  XP  behavior.  The  getType()  method  would  always  return
TYPE_SHARE  if the SmbFiles were obtained through the listFiles() method on
a  workgroup  or  server URL. This issue has been fixed - getType() may now
return TYPE_PRINTER and TYPE_NAMEDPIPE. 

Sun May 22 18:22:32 EDT 2005
jcifs-1.2.0 released

This release is jcifs-1.1.11trans2 with the following modifications.

Named  pipes  were broken when DCE transactions where added with 1.x. Call,
Transact,  CreateFile,  and  DCE  named  pipe  calls should now all work as
expected.  The  NetBIOS name resolution code will now use the last resource
record of a name query response if there are more than one. This appears to
be more correct in at least one instance (VMWare adapters on my workstation
at work are appearing first).

Also note the trans releases below. 

Mon May  9 18:49:24 EDT 2005
jcifs-1.1.11trans2 released

Socket  exception  handling  was  non-existant and reads would actually not
read anything but 0's. These issues and other small issues have been fixed.

Wed May  4 22:31:28 EDT 2005
jcifs-1.1.11trans released

This  "transitional" release has all the 1.1.10 and 1.1.11 fixes as well as
more  work  on  the transport layer. The last trans release had a silly mid
rollover  bug.  I  have  also emiminated a deadlock condition. These issues
have  been  fixed.  Also  the  client  will  not  properly try port 445 and
fallback  to  139  as necessary. This *could* be stable enough that I might
try to promote this to 1.2.0. 

Thu Apr  7 23:02:48 EDT 2005
jcifs-1.1.9trans released

This  is  a 'transitional' or 'transport rewrite' release. It's stock 1.1.9
but  the  transport layer has been refactored and reduced (actually totally
rewritten  -  SmbTransport.java is less than half the size of it's previous
version).  It  may  still  not be "correct" because I believe the high-load
concurrency  issue  may have to do with how sessions and trees are created.
That  is  another step that delves into how Principles will be handled so I
thought  I  would  release  this  as is because it seems pretty stable so I
thought  I  would  put it out there as a reference point. To give people an
insentive  to  actually  use it I have changed the port to 445, applied the
share reconnect fix from Darren and the getDiskFreeSpace patch from Thomas.
Also if you really need the dial to go to 11, preliminary testing indicates
this transport is a few percent faster. 

Feb 28 03:09:31 EST 2005
jcifs-1.1.9 released

When  multiplexing  I/O, if socket buffers fill up such that packets can be
read  in fragments (i.e. high load), it was possible for the 4 byte NetBIOS
header  to be read incorrectly resulting in a bogus "unexpected EOF reading
netbios  session header" exception. This problem has been fixed. Also, some
small javadoc updates have been applied. 

Thu Feb 10 22:29:12 EST 2005
jcifs-1.1.8 released

The  blocked  thread  bug  wasn't quite fixed in the last release. A lookup
exception  (e.g. caused by an unresponsive domain controller) could leave a
thread  blocked  if  many  requests  are  being  processed  simultaneously.
Similarly  the  fix for the DC lookup code wasn't complete enough to handle
the  unusual  scenario  where  all  DCs  are unresponsive. Also, a malfomed
NetBIOS  name  query  response  could cause the name service thread to exit
incorrectly.  These  issues  have  been fixed. Finally, the URL handling of
smb://@/ (meaning "null" credentials) has been fixed. 

Sun Jan 16 17:30:17 EST 2005
jcifs-1.1.7 released

A  bug  introduced  in  a  recent  release that could cause threads to wait
indefinately  has  been  fixed.  After  time  many threads could be blocked
resulting  in  wasted  resources.  The  DC lookup code has been modified to
gracefully  handle  WINS  returning  an  empty  list (e.g. due to temporary
network failure). A simple fix has been applied that premits SMB signatures
to work without specifying preauthentication credentials. The getAttributes
method  will  now  return 31 bits of attributes whereas previously it would
mask  off the lower 6 bits that JCIFS actually makes use of. A bug has been
fixed  that under certain conditions prevented copyTo() from copying entire
shares.  A try/catch block has been added to copyTo() to permit the copy to
continue if an error occurs. 

Mon Dec 27 17:53:42 EST 2004
jcifs-1.1.6 released

If  a variable length 8 bit encodings such as Big5 is used the NTCreateAndX
command    could    fail.    This    bug    has    been    fixed.   If   an
SmbFile{Input,Output}Stream  was closed, a subsequent operation could cause
the  file to be reopened. This behavior is now blocked such that operations
performed   on  a  stream  after  it  has  been  closed  will  generate  an
IOException.  Some  transport  layer  synchronization  has been adjusted. A
getPrincipal  method  has  been  added  to  SmbFile  that  will  return the
NtlmPasswordAuthentication  object  used  to  create  the file or pipe. The
documentation has been updated regarding transparent NTLM authentication in
Mozilla, the available method of SmbFileInputStream. 

Thu Dec 16 21:57:23 EST 2004
jcifs-1.1.5 released

It was discovered that an ArrayIndexOutOfBoundsException could occur if the
list  of domain controllers returned by NbtAddress.getAllByName was shorter
than  the  list  returned  in  the previous call (possibly because the WINS
query  timed  out  and switched to an alternate WINS server). All NTLM HTTP
Authentication Filter users should upgrade to prevent this error. Also, the
value  of  jcifs.netbios.cachePolicy  set  by the NTLM HTTP Filter if it is
not specified has been doubled to 20 minutes. Finally, some log levels have
been  increased  such that running with jcifs.util.loglevel = 3 temporarily
is  actually  reasonable in a production environment (must use loglevel > 3
to see individual SMB messages and loglevel > 5 to get hexdumps). 

Tue Dec  7 18:34:35 EST 2004
jcifs-1.1.4 released

Two  bugs  regarding  the  upcasing of domain and username fields with LMv2
authentication   (used   with   lmCompatibility   =  3)  have  been  fixed.
Additionally  the  firstCalledName/nextCalledName  methods changed in 1.1.0
have been changed back to the old behavior. The change was not warranted as
it did not emulate Windows behavior. 

Tue Nov 30 19:20:57 EST 2004
jcifs-1.1.3 released

A concurrency error was introduced with the getChallengeForDomain code used
by the NTLM HTTP Filter. This has been fixed. 

Sun Oct 31 00:58:04 EDT 2004
jcifs-1.1.1 released

The  jcifs.smb.client.logonShare  (and  thus  the JCIFSACL NTLM HTTP Filter
example)  did  not  work. It would not restrict users to those found in the
ACL it would permit all authenticated users. This has been fixed.

A  bug  was  discovered  and  fixed  in  the named pipe code. If a specific
sequence  of reads were performed the pipe could become corrupted. This fix
is necessary for multi-pdu DCE requests to work.

A small bug in the new NbtAddress.getAllByName method has been repaired. It
will now broadcast for a name if a WINS address was not provided. 

jcifs-1.1.0 released

The behavior of the firstCalledName/nextCalledName methods has been changed
to try SMBSERVER* first, then the NetBIOS hostname, then the 0x20 name from
a Node Status. It is pretty universal now that SMBSERVER* rules the day and
most  servers  return  failure  with  the  NetBIOS  name  so  this behavior
eliminates a round trip during session establishment.

The  NbtAddress.getByName method has been implemented. This will return the
full  list of RDATA for a name query response. Currently I believe only the
0x1C  domain  lookup  actually  returns  multiple  results.  Note  this  is
different from getAllByAddress which does a node status.

The  socket code in SmbTransport has been modified to open the socket using
the transport thread. This permits the caller of the transport to call wait
for  RESPONSE_TIMEOUT.  This is great if your application has a tendency to
try  to connect to hosts that do not exist. Normally that would take over a
minute  to  timeout. The single threaded SmbCrawler actually performs quite
well with the right properties set.

An SmbSession.getChallengeForDomain() method has been added that returns an
NtlmChallenge  object containing the byte[] challenge and UniAddress of the
domain  controller  from  which  it came. This method will rotate through a
list  of  at  most  jcifs.netbios.lookupRespLimit  addresses  and will only
return  a  challenge  for a responsive server. Unresponsive servers will be
removed from the list until the jcifs.netbios.cachePolicy has expired. This
function  is  used  by  the  NTLM  HTTP  Filter  to  locate suitable domain
controllers.

Because  of  the above rotation there is a greater potential for transports
to  remain  open. Sessions with no activity (this is particularly true with
the  NTLM  HTTP  Filter which really only touches the session once when the
user is authenticated) will be logged off after jcifs.smb.client.soTimeout.

A  read  bug that only manafested itself with a certain EMC server has been
fixed. 

Mon Sep  6 20:44:14 EDT 2004
jcifs-1.0.1 released

The  GUEST  account  fix  broke  guest  access  entirely  for machines that
deliberately  want  it.  So  this  is  the  original  fix but with the test
condition corrected. 

Mon Sep  6 14:59:26 EDT 2004
jcifs-1.0.0 released

Other  than  minor  changes  in  packaging  this code is identical to 0.9.8
released  3 days ago. From now one all development will continue in the 2.0
(?) branch so that the 1.x series remains as stable as possible. 

Thu Sep  2 18:45:35 EDT 2004
jcifs-0.9.8 released

If  the  special  "GUEST"  account is not disabled (almost always is) it is
possible  for  a  bogus  username  to  be  authenticated successfully. This
problem was only partially fixed previously. A clause was incorrectly added
that  was  intended  to  allow  the  username  "guest"  to be authenticated
successfully.  It  is  now  not possible for "guest" to be authenticated at
all.

A  log  message  has  been  added to the NtlmHttpFilter that will be logged
whenever  an  SmbAuthException is triggered and the jcifs.util.log.loglevel
is  greater  than 1. For example, to enable logging authentication failures
with the filter add the following to the filter section in your web.xml. 

    <init-param>
        <param-name>jcifs.util.loglevel</param-name>
        <param-value>2</param-value>
    </init-param>

An  ArrayIndexOutOfBoundsException  that  could occur if NTLMv2 is used but
lmCompatibility was not set to 3 accordingly has been fixed. 

Tue Aug 10 21:25:03 EDT 2004
jcifs-0.9.7 released

It  was  decided that the NTLM HTTP Filter should not set Connection: close
headers,  a  new  SmbFile  constructor has been added and a rogue debugging
statement has been removed. 

--8<--

                                JCIFS
                     The Java CIFS Client Library
                        http://jcifs.samba.org

JCIFS  is  an  Open  Source  client  library  that  implements the CIFS/SMB
networking  protocol  in  100%  Java.  CIFS  is  the  standard file sharing
protocol  on  the  Microsoft Windows platform (e.g. Map Network Drive ...).
This client is used extensively in production on large Intranets. 

REQUIREMENTS:

JCIFS jar file - http://jcifs.samba.org/src/
Java 1.3 or above - http://java.sun.com/products/

INSTALLATION:

Just  add  the  jar  file to you classpath as you would with any other jar.
More specifically:

UNIX:

Go  to  http://jcifs.samba.org and download the latest jar. If you download
the  tgz archive you also get the source code and javadoc API documentation
(see  critical properties discussed on the Overview page). Put it someplace
reasonable and extract it. For example: 

  $ gunzip jcifs-1.0.0.tgz
  $ tar -xvf jcifs-1.0.0.tar

Add  the  jar  to  your classpath. There are two ways to do this. One is to
explicitly set it on the command line when you run your application like:

  $ java -cp myjars/jcifs-1.0.0.jar MyApplication

but  a  more  robust  solution  is  to  export  it  in  your  ~/.profile or
~/.bash_profile like: 

  CLASSPATH=$CLASSPATH:/home/produser/myapp/myjars/jcifs-1.0.0.jar
  export CLASSPATH

WINDOWS:

Go  to  http://jcifs.samba.org and download the latest jar. If you download
the  zip archive you also get the source code and javadoc API documentation
(see  critical properties discussed on the Overview page). Put it someplace
reasonable and extract it with something like Winzip.

Add  the  jar  to  your classpath. There are two ways to do this. One is to
explicitly set it on the command line when you run your application like:

  C:\> java -cp myjars\jcifs-1.0.0.jar MyApplication

but  a  more robust solution would be to change your system environment but
I'm not confident I can tell you accurately how to do that.

It  is  also  common  that  the CLASSPATH be specified in a shell script or
batch file. See the build.bat batch file that runs the Ant build tool as an
example.

USING JCIFS:

In  general  the  public  API  is  extremely simple. The jcifs.smb.SmbFile,
jcifs.smb.SmbFileInputStream, and jcifs.smb.SmbFileOutputStream classes are
analogous     to    the    java.io.File,    java.io.FileInputStream,    and
java.io.FileOutputStream  classes so if you know how to use those it should
be  obvious how to use jCIFS provided you set any necessary properties(such
as WINS) and understand the smb:// URL syntax.

Here's an example to retrieve a file: 

  import jcifs.smb.*;

  jcifs.Config.setProperty( "jcifs.netbios.wins", "192.168.1.230" );
  SmbFileInputStream in = new SmbFileInputStream(
       "smb://dom;user:pass@host/c/My Documents/report.txt" );
  byte[] b = new byte[8192];
  int n;
  while(( n = in.read( b )) > 0 ) {
      System.out.write( b, 0, n );
  }

You can also write, rename, list contents of a directory, enumerate shares,
communicate with Win32 Named Pipe Servers, ...etc.

The  protocol  handler  for  java.net.URL  is also in place which means you
retrieve  files  using the URL class as you would with other protocols. For
example: 

  jcifs.Config.registerSmbURLHandler(); //ensure protocol handler is loaded
  URL url = new URL( "smb://dom;user:pass@host/share/dir/file.doc" );
  InputStream in = url.openStream();

This  will  also work with whatever else uses the URL class internally. For
example  if you use RMI you can serve class files from an SMB share and use
the codebase property:

  -Djava.rmi.server.codebase=smb://mymachine/c/download/myapp.jar

There  are many example programs in the jcifs_1.0.0/examples/ directory. To
execute the Put example you might do: 

  $ java -cp examples:jcifs-1.0.0.jar -Djcifs.properties=jcifs.prp \
                  Put smb://dom;usr:pass@host/share/dir/file.doc
  ##########
  582K transfered

See the API documentation and supplimentary documents in the docs directory
or on the JCIFS website. 

BUILDING JCIFS FROM SOURCE:

The Ant build tool is required to build JCIFS:

   http://jakarta.apache.org/ant/

After  installing Ant just run 'ant' in the JCIFS directory. It should read
the  build.xml  and  present  a  list  of targets. To build a new jar after
modifying the source for example simply type 'ant jar'. 

ACKNOWLEDGEMENTS

Special thanks to Eric Glass for work on NTLM, the NTLM HTTP Authentication
Filter,  and  RPCs.  Thanks  is  also  due  to  the  Samba organization and
Christopher  R.  Hertel  for starting the JCIFS project. Finally, thanks to
users who diagnose problems and provide the critical feedback and solutions
that make the Open Source model great. 
