JCIFS

The Java CIFS Client Library

JCIFS is an Open Source client library that implements the CIFS/SMB networking protocol in 100% Java. CIFS is the standard file sharing protocol on the Microsoft Windows platform (e.g. Map Network Drive ...). This client is used extensively in production on large Intranets.

Links

JCIFS NTLM HTTP Authentication
The FAQ
Mailing List Archive (GMANE)
Obtaining a Network Packet Capture

Developer Information

JCIFS API Documentation
Setting Client Properties
Setting Name Resolution Properties
Using JCIFS to Connect to Win32 Named Pipes
JCIFS Exceptions and NtlmAuthenticator
Using JCIFS NTLM Authentication for HTTP Connections
JCIFS is Licensed Under the LGPL

Related Java Projects

IntegraTUM WebDisk - HTTP to CIFS gateway
jcifs-ext - JCIFS Extensions
Jarapac - DCE/RPC in Java
The Jacob Project - Java/COM Bridge
JNBridge - Java/.NET Bridge
J-Integra - DCE/RPC in Java
Davenport - WebDAV to CIFS gateway
Starlasoft's JLAN Client and Server

CIFS Authorities

http://www.samba.org/
http://www.samba-tng.org/

Other CIFS Utilities and Tools

Samba for Amiga
Sharity-Lite
SMB Browse for MacOSX
Xamba Network Integration Project

MSRPC

Rpcdump utility for querying RPC servers
OpenGroup DCE/RPC Specification
OpenGroup DCE/RPC Specification - NDR
What OLE Is Really About

Kerberos

RFC1510 - Kerberos V5 Specification
How a Kerberos Logon Works in Win2K
JGSS Example
Kerberos Explained
W2K PAC Specification

Technical Documentation

"Implementing CIFS" (complete online book)
Annotated CIFS Specification: draft-leach-cifs-v1-spec-02.html
SNIA CIFS Technical Reference (V1.0)
The NTLM Authentication Protocol
A .NET Developer's Guide to Windows Security
Windows System Error Codes
Windows Network Management Error Codes
rfc1001 - NetBIOS Concepts and Methods
rfc1002 - NetBIOS Detailed Specifications
CIFS Explained (A whitepaper by John Kleven)
SMB URL draft specification V07
NetBIOS, NetBEUI, NBF, SMB, CIFS networking links page
Microsoft Writeup on WINS behavior
Microsoft Writeup on WINS under W2K
Microsoft Server Documentation on Browsing WANs using WINS
Windows IT Library: NT Network Plumbing
Thursby Software's CIFS pages
Linux Mag: Understanding the Network Neighborhood

Other

Join the JCIFS Mailing List
Browse the Source
Batching
GNU Library General Public License
http://www.gnu.org/
http://www.opensource.org/
Microsoft's CIFS Mailing List Archives

News

jcifs-1.2.7 released / Transport Error, Filter Changes, Integer Overflow, User Contributed Patches, and More
posted by Mike, Nov 18, 2005
This release consists of the following changes. Happy Thanksgiving.
  • Some debugging printlns left over from the last release have been removed.
  • Added setContentLength(0) to two other places for the NTLM HTTP Filter. This is required for HTTP 1.0 clients (e.g. Google appliance servers).
  • The name service code will now properly resolve DNS names that begin with digits.
  • Several instances of possible integer overflow have been fixed.
  • A patch for large read and write support has been added to the patches directory. A patch for reading security descriptors has been added to the patches directory.
  • If a transport was in error due to a connection timeout it could remain in the error state indefinitely. This issue has been fixed.

jcifs-1.2.6 released / Session Management and Filter Fix
posted by Mike, Oct 7, 2005
It was discovered that redundant sessions could be created. This problem has been fixed but the fix is to simply not remove sessions from the list of sessions for a transport which is a waste of memory after time (although most users should not case as the number of sessions is proportional to the number of distinct credentials used). This will probably need to be revisited in the future. It has been advised that the Filter should call setStatus() before setContentLength(0). This change has been implemented.

jcifs-1.2.5 released / Filter Exceptions, Stressing the Transport Layer, and DFS Deadlock Fixed
posted by Mike, Oct 1, 2005
This release of the JCIFS client consists of the following changes.
  • It was discovered that a flaw in session expiration could cause sessions to expire prematurely. This has been repaired.
  • If the jcifs.netbios.hostname property is set, the client will communicate using only NetBIOS over port 139. This is required for environments that implement a policy restricting users to logging in from certain computers.
  • Under stress the client could incorrectly attempt to use the invalid "NULL" transport. This has been fixed.
  • Filter users could experience exceptions due to using the port 0 rather than the default CIFS port.
  • The client should now handle partial reads and socket exceptions more gracefully.
  • Under stress, the DFS referral query could cause the client to deadlock. This has been fixed.

jcifs-1.2.4 released / Timedout Waiting for Response Exception, Bogus Signature Error, and More
posted by Mike, Sep 21, 2005
A NetBIOS keep-alive message (received after ~10 minutes) would break message processesing with a timedout waiting for response Exception. This has been fixed.

JCIFS would fail to validate responses with a status that is not zero. Assuming we are calculating the verfication signature correctly I can only assume the affected servers choose not to generate the correct signature for error responses (perhaps for DOS reasons). Because JCIFS checked the signature before the message status, an error response would fail with "signature verification failure". This behavior has been changed so that signatures are not verified if the status is non zero.

It was discovered that the new transport (as of 1.2.x) could not cleanly recover from temporary server failure (e.g. a restart). This has been fixed. Methods will still throw Exceptions but the moment the server comes back online the client should gracefully recover.

jcifs-1.2.3 released / Port 445 Fixed
posted by Mike, Aug 24, 2005
A mistake in the 1.2.2 release broke port 445 communication entirely. It has been fixed. The exact error (with a sufficiently high loglevel) was "Invalid payload size: 1".

jcifs-1.2.2 released / Exception "cannot assign requested address" Fixed, Clusters, NetApp Filer, and More
posted by Mike, Aug 19, 2005
There have been a number of small fixes. These are:
  • The "cannot assign requested address" exception caused by trying to bind the local address 127.0.0.1 has been fixed.
  • In a cluster environment the NTLM HTTP Filter could fail with "account currently disabled" or "Access denied" errors due to a deserialization issue of "preauthentication" credentials stored in the HttpSession. The initialization of default credentials has been changed however it is not clear that the change will have any effect as I do not have a clustered environment in which to test.
  • The combination of plain text passwords and Unicode (largely specific to Samba 3) has been fixed.
  • A bogus debugging statement has been discovered and removed. Who left that in there?!
  • A Socket.shutdownOutput() call has been added to doDisconnect as it is believed to reduce spurrious RST frames observed when abruptly shutting down transports. These are believed to be harmless but they have been associated with unsightly messages in Samba log files.
  • The copyTo() method will now check to see if the source path is a child, parent or equal to the destination path and if so throw a Source and destination paths overlap exception.
  • An additional debugging statement has been added to the NTLM HTTP Filter domain controller interrogation code.
  • The getDiskFreeSpace call could fail with NetApp Filer. It has been repaired.

jcifs-1.2.1 released / Signing, setAttributes, getType, and More
posted by Mike, Jul 4, 2005
The SMB signing code was totally broken in the last release makeing 1.2.0 useless in many environments. It has been reparied. The setAttributes method did not work on directories. This has been fixed and the masks used to filter attributes been optimized to allow getting and setting all possible attributes based on observed XP behavior. The getType() method would always return TYPE_SHARE if the SmbFiles were obtained through the listFiles() method. This issue has been fixed - getType() may now also return TYPE_PRINTER and TYPE_NAMEDPIPE (this has been broken for a long time BTW). There have been a variety of other subtle fixes.

jcifs-1.2.0 released / New Transport Layer, Port 445, getDiskFreeSpace
posted by Mike, May 22, 2005
The transport layer (the code that multiplexes requests from muliple threads over sockets) has occasionally caused trouble over the years. In general it was too complex. To remedy this problem the transport was rewritten and a forked 1.1.19 was released as the "trans" branch. This branch appears to be at stable enough that it is being released as 1.2.

The biggest change in this release should not be visible to users (hopefully) although some new features have managed to sneak in as a result of this merger. These new features are:
  • The client will now attempt to connect to port 445 as opposed to port 139. If this connection fails the client will fall-back to port 139.
  • If a share was disabled while jCIFS was connected an error would occur even if the share was reenabled before the client tried to access it. This has been fixed so that the client will reconnect and complete the current operation transparently.
  • The getDiskFreeSpace() method could report the wrong value for very large volumes. This has been fixed by adding a new info-level.
  • Named pipes were broken by changes for DCE/RPC transactions. They have been repaired.
  • The NetBIOS name resolution code will now use the last resource record in a name query response rather than the first. This appears to be more correct (at least with WMWare adapters on my XP workstation).
  • The client is generally faster because the transport is simpler. The amount of code for the transport is less than half of what it used to be.
Developers writing Java network clients may want to look at the jcifs.util.transport.* classes.

jcifs-1.1.11 released / File Corruption Bugfix
posted by Mike, May 4, 2005
If a file is opened with SmbFileOutputStream, written to, and then the client waits for jcifs.smb.client.soTimeout without any communication to the target, a subsequent write could zero the contents of the file before the current file index resulting in file corruption. This problem has been fixed. And alternative to upgrading is to use RandomAccessFile which does not have this problem.

Also in the download area is the "trans" release. This version has a completely rewritten transport layer, proper port 445+139 support as well as the beginnings of new features destined for 2.0. Use with caution - it's green.

jcifs-1.1.10 released / DC Lookup Rewrite
posted by Mike, Apr 17, 2005
The code used by the NTLM HTTP Filter to lookup and rotate through domain controllers has been considerably simplified. The NtlmChallenge class is now Serializeable, the timeout for rebuilding the filters DC list has been increased from 20 minutes to 10 hours, and the jcifs.netbios.lookupRespLimit default has been reduced to 3.

jcifs-1.1.9 released / Read Error
posted by Mike, Feb 28, 2005
When multiplexing I/O, if socket buffers fill up such that packets can be read in fragments (i.e. high load), it was possible for the 4 byte NetBIOS header to be read incorrectly resulting in a bogus unexpected EOF reading netbios session header exception. This problem has been fixed. Also, some small javadoc updates have been applied.

jcifs-1.1.8 released / Blocked Threads Again, DC Lookups, Name Service, and More
posted by Mike, Feb 11, 2005
The blocked thread bug wasn't quite fixed in the last release. A lookup exception (e.g. caused by an unresponsive domain controller) could leave a thread blocked if many requests are being processed simultaneously. Similarly the fix for the DC lookup code wasn't complete enough to handle the unusual scenario where all DCs are unresponsive. Also, a malfomed NetBIOS name query response could cause the name service thread to exit incorrectly. These issues have been fixed. Finally, the URL handling of smb://@/ (meaning "null" credentials) has been fixed.

jcifs-1.1.7 released / Blocked Threads, DC Lookups, Signatures, and Other Fixes
posted by Mike, Jan 16, 2005
A bug introduced in a recent release that could cause threads to wait indefinately has been fixed. After time many threads could be blocked resulting in wasted resources. The DC lookup code has been modified to gracefully handle WINS returning an empty list (e.g. due to temporary network failure). A simple fix has been applied that premits SMB signatures to work without specifying preauthentication credentials. The getAttributes() method will now return 31 bits of attributes whereas previously it would mask the lower 6 bits that JCIFS actually uses. A bug has been fixed that under certain conditions prevented copyTo() from copying entire shares. A try/catch block has been added to copyTo() to permit the copy to continue if an error occurs.

jcifs-1.1.6 released / Minor Adjustments
posted by Mike, Dec 27, 2004
If a variable length 8 bit encoding such as Big5 was used the NTCreateAndX command could fail. This bug has been fixed. If an SmbFile{Input,Output}Stream was closed, a subsequent operation could cause the file to be reopened. This behavior is now blocked such that operations performed on a stream after it has been closed will generate an IOException (to conform to java.io streams behavior). Some transport layer synchronization has been adjusted. A getPrincipal method has been added to SmbFile that will return the NtlmPasswordAuthentication object used as credentials for the file or pipe. An adjustment has been made to the NbtAddress.firstCalledName method that streamlines communication with domain controllers. The documentation has been updated regarding transparent NTLM authentication in Mozilla and the available() method of SmbFileInputStream.