hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
713 stars 180 forks source link

smbj v0.12.0 breaks Kerberos authentication #775

Closed bjoernlohrmann closed 1 year ago

bjoernlohrmann commented 1 year ago

We will soon be rolling out smbj v0.12.0 as part of our software product. During testing we unfortunately found that the v0.12.0 release breaks Kerberos authentication.

This code results in a NullPointerException (in previous smbj versions this code works):

var builder = SmbConfig.builder() //
    .withMultiProtocolNegotiate(true);

var authContext = new GSSAuthenticationContext(...);

var client = new SMBClient(builder.build())//
    .connect(host, config.getFileserverPort()) //
    .authenticate(authContext);
java.lang.NullPointerException: Cannot read the array length because "buf" is null
    at com.hierynomus.protocol.commons.buffer.Buffer.putRawBytes(Buffer.java:316)
    at com.hierynomus.spnego.RawToken.write(RawToken.java:38)
    at com.hierynomus.smbj.connection.SMBSessionBuilder.processAuthenticationToken(SMBSessionBuilder.java:200)
    at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:165)
    at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
    at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)

If have (only) tested this against ActitveDirectory and with file share (hosted by the ActiveDirectory DC).

I can offer support in testing bugfix branches against our setup but I am a little out of depth with regard to fixing the SMB protocol implementation myself.

hierynomus commented 1 year ago

Oops... let me fix that!

hierynomus commented 1 year ago

Fixed it by checking the null-ness of the token.

hierynomus commented 1 year ago

0.12.1 is coming up!

bjoernlohrmann commented 1 year ago

Thank you for the fast bugfix! I can confirm that for our tests v0.12.1 fixes the Kerberos issue.