hierynomus
commented
12 months ago @dkocher Which version? I fixed a similar bug for anonymous authentication in v0.12.2, and I thought I had checked guest then also.
Open dkocher opened 12 months ago
hierynomus
commented
12 months ago @dkocher Which version? I fixed a similar bug for anonymous authentication in v0.12.2, and I thought I had checked guest then also.
dkocher
commented
12 months ago @dkocher Which version? I fixed a similar bug for anonymous authentication in v0.12.2, and I thought I had checked guest then also.
Running 0.12.2.
hierynomus
commented
11 months ago @dkocher Which authenticator are you using?
dkocher
commented
11 months ago @dkocher Which authenticator are you using?
This is using NtlmAuthenticator.
karthik-119
commented
11 months ago Even, I'm facing the same Nullpointer exception when trying with anonymous login:
java.lang.NullPointerException
at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKey(SMBSessionBuilder.java:324)
at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKeys(SMBSessionBuilder.java:290)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:174)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:152)
at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)It is happening after upgrade to smbj library 0.12.2 and my target server Windows 11 (protocol: SMB_3_1_1), I've tried to allow insecure guest logons as well in my Local group policy editor.
Not sure if this is relevant but found this while debugging that this can be the cause:
if (!ctx.authContext.isAnonymous() && !ctx.authContext.isGuest()) {
context.setSessionKey(new SecretKeySpec(ctx.sessionKey, HMAC_SHA256_ALGORITHM));
}session key is set to context when it is neither anonymous nor guest, meaning only for user context, thus later in the derivekeys, this ended up in NullPointer.
Is there any update on the issue, whether if it's server configuration issue or bug in the actual code?
dkocher
commented
11 months ago @karthik-119 points out this may be a regression of 4633709a.
hierynomus
commented
11 months ago @dkocher @karthik-119 Can you try with the fix from https://github.com/hierynomus/smbj/pull/800?
bubbleguuum
commented
11 months ago I tested and:
So that issue has already been fixed by a commit post v0.12.2 it seems.
hierynomus
commented
11 months ago @bubbleguuum Now that's even weirder, as Git doesn't show any change which could have anything to do with that on the current master branch 🤔
bubbleguuum
commented
11 months ago Yes please disregard, I did my testing wrong (was actually using v0.11.1 instead of git master!). Will do it again properly with the PR applied.
bubbleguuum
commented
11 months ago Still crashing using master git + the 1 line PR.
Double checked that everything is correct this time, with even a logged "LALA" line just before the if (ctx.sessionKey != null) { line change:
smb: resolved FOOBAR -> 192.168.1.157
PacketEncryptor I Initialized PacketEncryptor with Cipher << AES_128_CCM >>
Connection I Successfully connected to: 192.168.1.157
SMBShareInfo I smb: \\FOOBAR\: NegotiatedProtocol{dialect=SMB_3_0_2, maxTransactSize=8388608, maxReadSize=8388608, maxWriteSize=8388608}
SMBSessionBuilder I LALA
SMBShareInfo W java.lang.NullPointerException: Attempt to invoke interface method 'byte[] javax.crypto.SecretKey.getEncoded()' on a null object reference
W at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKey(SMBSessionBuilder.java:326)
W at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKeys(SMBSessionBuilder.java:294)
W at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:176)
W at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:152)
W at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
W at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)
...
@dkocher @karthik-119 Can you try with the fix from #800?
@hierynomus , let me try to verify the fix.
karthik-119
commented
11 months ago I realized that this project needs to be built with gradle which I'm not used to and have no correct configuration on my system. I'm afraid I can't verify the fix when it is still on issue branch.
Is there any possibility to build the project using maven?
hierynomus
commented
11 months ago There should be no need to set it up. You can use ./gradlew build to build the project. This will use the Gradle wrapper. There is no Maven build files included
karthik-119
commented
11 months ago Yes, I did the same but see errors (Java version: 1.8):
hierynomus
commented
11 months ago For building you need to use Java11 (or higher)
karthik-119
commented
11 months ago Thanks, I'm able to build project with Java 11, can you please update Readme, it still says Java 7? thanks.
I'll test the jar and update results here.
karthik-119
commented
11 months ago Verified and can still see same NullPointerException.
java.lang.NullPointerException
at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKey(SMBSessionBuilder.java:324)
at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKeys(SMBSessionBuilder.java:290)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:174)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:152)
at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)I think the issue is within NtlmAuthenticatior logic itself (in doAuthenticate()):
// [MS-NLMP] 3.2.2 -- Special case for anonymous authentication
if (context.isAnonymous()) {
NtlmAuthenticate msg = new NtlmAuthenticate(null, null, context.getUsername(), context.getDomain(),
config.getWorkstationName(), null, negotiateFlags, config.getWindowsVersion());
response.setNegToken(negTokenTarg(msg));
return response;
}for anonymous context, response neither have any session key set nor sessions flags updated later in authentication logic of SMBSessionBuilder.
Compared to older 11.x version where for anonymous context, session key is set based on ntlm server challenge response. On the other hand, in the deriveKeys() logic, you make checks for smb3
if (dialect.isSmb3x() &&
!response.getSessionFlags().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_NULL) &&
!response.getSessionFlags().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_GUEST)) {where it looks like this logic is not required for anonymous or guest context but session flags for response is not updated anywhere if that is proven.
((Note: I'm no expert in smb subject or this lib code, just trying to infer based on my understanding in debug sessions, I might be wrong in my statements, please correct me))
hellivan
commented
8 months ago Any update on this?
HubertOT
commented
7 months ago Indeed any update on this issue? As karthik-119 mentioned within method derivedKeys the sessionFlags are checked for anonymous (SMB2_SESSION_FLAG_IS_NULL) or guest (SMB2_SESSION_FLAG_IS_GUEST) login request.
Using SMBj 0.11.5 when an anonymous logon (no username nor password set) was done the sessionFlag SMB2_SESSION_FLAG_IS_GUEST was set and the logon succeeded. Doubt if this was for the correct reason, would have expected that sessionFlag "SMB2_SESSION_FLAG_IS_NULL" was set instead of "SMB2_SESSION_FLAG_IS_GUEST". However with SMBj 0.12.x it fails as none of these sessionFlags are set, hence for signing it is tried to set the deriveKey, based on context. The context however does not contain a sessionKey as it's an anonymous login which is not able to sign or encrypt.
Attempting to authenticate as guest using
AuthenticationContext.guest()results in an exceptionThe server is running
SMB_3_1_1(Windows Server 2022)