hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
713 stars 180 forks source link

issue when authenticating on latest library version 0.11.1 #643

Closed stanislawantoniak closed 3 years ago

stanislawantoniak commented 3 years ago

Hi, I have changed library version to latest 0.11.1 and now my code is failing when authenticating (it worked fine on 0.10.0). Any clue what can I fix? My code is quite straightforward and fully following Example A on main page.

[main] DEBUG com.hierynomus.protocol.commons.socket.ProxySocketFactory - Connecting to somehost.domainname.net/10.192.2.9:445 [main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Starting PacketReader on thread: Packet Reader for somehost.domainname.net [main] DEBUG com.hierynomus.smbj.connection.SMBProtocolNegotiator - Negotiating dialects [SMB_2_0_2, SMB_2_1, SMB_3_0, SMB_3_0_2, SMB_3_1_1] [main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 1) credits to SMB2_NEGOTIATE with message id << 0 >> [main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB2_NEGOTIATE with message id << 0 >> [main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 0 >> [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_NEGOTIATE with message id << 0 >> [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 1 credits for SMB2_NEGOTIATE with message id << 0 >>, now available: 1 credits [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 0 >> to SMB2_NEGOTIATE with message id << 0 >> [main] DEBUG com.hierynomus.smbj.connection.SMBProtocolNegotiator - Negotiated the following connection settings: ConnectionContext{ serverGuid=44e3bb9a-5263-4cdf-83db-6a508bd6ecc4, serverName='somehost.domainname.net', negotiatedProtocol=NegotiatedProtocol{dialect=SMB_3_1_1, maxTransactSize=8388608, maxReadSize=8388608, maxWriteSize=8388608}, clientGuid=ffb8b9f8-aaef-4347-81a5-1c3bbccbac10, clientCapabilities=[SMB2_GLOBAL_CAP_LARGE_MTU], serverCapabilities=[SMB2_GLOBAL_CAP_DFS, SMB2_GLOBAL_CAP_LEASING, SMB2_GLOBAL_CAP_LARGE_MTU], clientSecurityMode=1, serverSecurityMode=1, server='com.hierynomus.smbj.server.Server@16b4a017' } [main] INFO com.hierynomus.smbj.connection.PacketEncryptor - Initialized PacketEncryptor with Cipher << AES_128_GCM >> [main] INFO com.hierynomus.smbj.connection.Connection - Successfully connected to: somehost.domainname.net host connected: somehost.domainname.net [main] DEBUG com.hierynomus.smbj.auth.NtlmAuthenticator - Initialized Authentication of svc_account.tst using NTLM [main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 1) credits to SMB2_SESSION_SETUP with message id << 1 >> [main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB2_SESSION_SETUP with message id << 1 >> [main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 1 >> [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_SESSION_SETUP with message id << 1 >> [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 1 credits for SMB2_SESSION_SETUP with message id << 1 >>, now available: 1 credits [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 1 >> to SMB2_SESSION_SETUP with message id << 1 >> [main] DEBUG com.hierynomus.smbj.connection.SMBSessionBuilder - More processing required for authentication of svc_account.tst using com.hierynomus.smbj.auth.NtlmAuthenticator@2ff4f00f [main] DEBUG com.hierynomus.smbj.auth.NtlmAuthenticator - Received token: a1 82 01 05 30 82 01 01 a0 03 0a 01 01 a1 0c 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 81 eb 04 81 e8 4e 54 4c 4d 53 53 50 00 02 00 00 00 0e 00 0e 00 38 00 00 00 15 82 89 e2 79 12 95 82 e2 14 2a 05 00 00 00 00 00 00 00 00 a2 00 a2 00 46 00 00 00 0a 00 39 38 00 00 00 0f 4d 00 41 00 52 00 53 00 2d 00 41 00 44 00 02 00 0e 00 4d 00 41 00 52 00 53 00 2d 00 41 00 44 00 01 00 16 00 41 00 5a 00 52 00 2d 00 57 00 45 00 57 00 35 00 32 00 35 00 35 00 04 00 16 00 4d 00 61 00 72 00 73 00 2d 00 41 00 44 00 2e 00 4e 00 65 00 74 00 03 00 2e 00 41 00 5a 00 52 00 2d 00 57 00 45 00 57 00 35 00 32 00 35 00 35 00 2e 00 4d 00 61 00 72 00 73 00 2d 00 41 00 44 00 2e 00 4e 00 65 00 74 00 05 00 16 00 4d 00 61 00 72 00 73 00 2d 00 41 00 44 00 2e 00 4e 00 65 00 74 00 07 00 08 00 aa bf 66 b5 ca 56 d7 01 00 00 00 00 [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,1],] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,0],] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,1],] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,2],] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1Sequence[[ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,0],], ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,1],], ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,2],]]] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1Enumerated[1] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1ObjectIdentifier[1.3.6.1.4.1.311.2.2.10] [main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1OctetString[[78, 84, 76, 77, 83, 83, 80, 0, 2, 0, 0, 0, 14, 0, 14, 0, 56, 0, 0, 0, 21, -126, -119, -30, 121, 18, -107, -126, -30, 20, 42, 5, 0, 0, 0, 0, 0, 0, 0, 0, -94, 0, -94, 0, 70, 0, 0, 0, 10, 0, 57, 56, 0, 0, 0, 15, 77, 0, 65, 0, 82, 0, 83, 0, 45, 0, 65, 0, 68, 0, 2, 0, 14, 0, 77, 0, 65, 0, 82, 0, 83, 0, 45, 0, 65, 0, 68, 0, 1, 0, 22, 0, 65, 0, 90, 0, 82, 0, 45, 0, 87, 0, 69, 0, 87, 0, 53, 0, 50, 0, 53, 0, 53, 0, 4, 0, 22, 0, 77, 0, 97, 0, 114, 0, 115, 0, 45, 0, 65, 0, 68, 0, 46, 0, 78, 0, 101, 0, 116, 0, 3, 0, 46, 0, 65, 0, 90, 0, 82, 0, 45, 0, 87, 0, 69, 0, 87, 0, 53, 0, 50, 0, 53, 0, 53, 0, 46, 0, 77, 0, 97, 0, 114, 0, 115, 0, 45, 0, 65, 0, 68, 0, 46, 0, 78, 0, 101, 0, 116, 0, 5, 0, 22, 0, 77, 0, 97, 0, 114, 0, 115, 0, 45, 0, 65, 0, 68, 0, 46, 0, 78, 0, 101, 0, 116, 0, 7, 0, 8, 0, -86, -65, 102, -75, -54, 86, -41, 1, 0, 0, 0, 0]] [main] DEBUG com.hierynomus.ntlm.messages.NtlmChallenge - Windows version = WindowsVersion[WINDOWS_MAJOR_VERSION_10, WINDOWS_MINOR_VERSION_0, 14393, NTLMSSP_REVISION_W2K3] [main] DEBUG com.hierynomus.smbj.auth.NtlmAuthenticator - Received NTLM challenge from: MARS-AD [main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 1) credits to SMB2_SESSION_SETUP with message id << 2 >> [main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB2_SESSION_SETUP with message id << 2 >> [main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 2 >> [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_SESSION_SETUP with message id << 2 >> [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 511 credits for SMB2_SESSION_SETUP with message id << 2 >>, now available: 511 credits [Packet Reader for somehost.domainname.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 2 >> to SMB2_SESSION_SETUP with message id << 2 >> Exception in thread "main" java.lang.UnsupportedOperationException at com.hierynomus.security.jce.JceSecurityProvider.getDerivationFunction(JceSecurityProvider.java:64) at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKey(SMBSessionBuilder.java:302) at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKeys(SMBSessionBuilder.java:270) at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:162) at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:142) at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:109) at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:192) at com.mars.App.getShare(App.java:37) at com.mars.App.getFiles(App.java:75) at com.mars.App.getFileNames(App.java:65) at com.mars.Main.main(Main.java:53)

stanislawantoniak commented 3 years ago

Now I see that new version is able to negotiate SMB v 3.1.1 (negotiatedProtocol=NegotiatedProtocol{dialect=SMB_3_1_1) When I change config like .withDialects(SMB2Dialect.SMB_2_1) it works ok.

But still - why it does not work on SMB v 3? It should be seamless.

Any clue?

stanislawantoniak commented 3 years ago

Digging deeper - I see that is a delibarate exception cast in code. Missing implementation?

@Override
public DerivationFunction getDerivationFunction(String name) throws SecurityException {
    throw new UnsupportedOperationException();
}
neoxpert commented 3 years ago

getDerivationFunction sounds like something encryption related. Did You set the Bouncy Castle Security Provider in the SMBConfig?

stanislawantoniak commented 3 years ago

That was a good hint @neoxpert ! Thanks a lot!

Now it is failing with Exception in thread "main" com.hierynomus.smbj.common.SMBRuntimeException: ASYMMETRIC capability unsupported

Any clue?

yin19941005 commented 3 years ago

Hi @stanislawantoniak,

That was a good hint @neoxpert ! Thanks a lot!

Now it is failing with Exception in thread "main" com.hierynomus.smbj.common.SMBRuntimeException: ASYMMETRIC capability unsupported

Any clue?

I guess it related to #614 (Not sure)? I think your original issue got fixed.

hierynomus commented 3 years ago

Yes, this is indeed #614 that you're running into. Can we close this issue, as your original problem has been solved @stanislawantoniak

stanislawantoniak commented 3 years ago

solved with #615