smbj v0.12.0 breaks Kerberos authentication

Question

smbj v0.12.0 breaks Kerberos authentication

bjoernlohrmann opened this issue a year ago · 4 comments

We will soon be rolling out smbj v0.12.0 as part of our software product. During testing we unfortunately found that the v0.12.0 release breaks Kerberos authentication.

This code results in a NullPointerException (in previous smbj versions this code works):

var builder = SmbConfig.builder() //
    .withMultiProtocolNegotiate(true);

var authContext = new GSSAuthenticationContext(...);

var client = new SMBClient(builder.build())//
    .connect(host, config.getFileserverPort()) //
    .authenticate(authContext);

java.lang.NullPointerException: Cannot read the array length because "buf" is null
	at com.hierynomus.protocol.commons.buffer.Buffer.putRawBytes(Buffer.java:316)
	at com.hierynomus.spnego.RawToken.write(RawToken.java:38)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.processAuthenticationToken(SMBSessionBuilder.java:200)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:165)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
	at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)

If have (only) tested this against ActitveDirectory and with file share (hosted by the ActiveDirectory DC).

I can offer support in testing bugfix branches against our setup but I am a little out of depth with regard to fixing the SMB protocol implementation myself.

Answer 1 · 2023-07-13T11:28:57.000Z

Oops... let me fix that!

Answer 2 · 2023-07-13T11:39:19.000Z

Fixed it by checking the null-ness of the token.

Answer 3 · 2023-07-13T11:41:00.000Z

0.12.1 is coming up!

Answer 4 · 2023-07-14T09:17:09.000Z

Thank you for the fast bugfix! I can confirm that for our tests v0.12.1 fixes the Kerberos issue.