JCIFS

The Java CIFS Client Library

JCIFS is an Open Source client library that implements the CIFS/SMB networking protocol in 100% Java. CIFS is the standard file sharing protocol on the Microsoft Windows platform (e.g. Map Network Drive ...). This client is used extensively in production on large Intranets.

Links

Download
JCIFS NTLM HTTP Authentication
The FAQ
Mailing List Archive (GMANE)
Obtaining a Network Packet Capture

Developer Information

JCIFS API Documentation
Setting Client Properties
Setting Name Resolution Properties
Using JCIFS to Connect to Win32 Named Pipes
JCIFS Exceptions and NtlmAuthenticator
Using JCIFS NTLM Authentication for HTTP Connections
JCIFS is Licensed Under the LGPL

Related Java Projects

j-interop - Java COM Interop (uses Jarapac)
sharehound - CIFS network search engine
IntegraTUM WebDisk - HTTP to CIFS gateway
jcifs-ext - JCIFS Extensions
Jarapac - DCE/RPC in Java
The Jacob Project - Java/COM Bridge
JNBridge - Java/.NET Bridge
J-Integra - DCE/RPC in Java
Davenport - WebDAV to CIFS gateway
Alfresco JLAN Shared File Drive Interface

CIFS Authorities

http://www.samba.org/
http://www.samba-tng.org/

Other CIFS Utilities and Tools

Samba for Amiga
Sharity-Lite
SMB Browse for MacOSX
Xamba Network Integration Project

MSRPC

Rpcdump utility for querying RPC servers
OpenGroup DCE/RPC Specification
OpenGroup DCE/RPC Specification - NDR
What OLE Is Really About

Kerberos

RFC1510 - Kerberos V5 Specification
How a Kerberos Logon Works in Win2K
JGSS Example
Kerberos Explained
W2K PAC Specification

Technical Documentation

"Implementing CIFS" (complete online book)
Annotated CIFS Specification: draft-leach-cifs-v1-spec-02.html
SNIA CIFS Technical Reference (V1.0)
The NTLM Authentication Protocol
A .NET Developer's Guide to Windows Security
Windows System Error Codes
Windows Network Management Error Codes
rfc1001 - NetBIOS Concepts and Methods
rfc1002 - NetBIOS Detailed Specifications
CIFS Explained (A whitepaper by John Kleven)
SMB URL draft specification V07
NetBIOS, NetBEUI, NBF, SMB, CIFS networking links page
Microsoft Writeup on WINS behavior
Microsoft Writeup on WINS under W2K
Microsoft Server Documentation on Browsing WANs using WINS
Windows IT Library: NT Network Plumbing
Thursby Software's CIFS pages
Linux Mag: Understanding the Network Neighborhood

Other

Join the JCIFS Mailing List
Browse the Source
Batching
http://www.gnu.org/
http://www.opensource.org/
Microsoft's CIFS Mailing List Archives

News

jcifs-1.3.18 released / Minor Fixes
posted by Mike, October 29, 2014
This release includes minor fixes such as for a ConcurrentModificationException that could occur when initializing JCIFS classes.

jcifs-1.3.17 released / SO_TIMEOUT Fixed, Connect Timeout Control Added
posted by Mike, October 18, 2011
The jcifs.smb.client.soTimeout property, which controls how long the client will wait to read data from a server, was broken in the previous release (1.3.16). Not only was it broken but no SO_TIMEOUT was specified at all meaning if a server became unresponsive, JCIFS could hang for an uncontrollably long time. This behavior of this property has been restored.

Additionally, a new jcifs.smb.client.connTimeout has been added which specifies the number of milliseconds that the client will wait to connect to a server (how long it will wait for a response to the TCP SYN). This can be very useful when trying to communicate with many servers in parallel.

jcifs-1.3.16 released / SO_TIMEOUT, Disconnect Improvements, copyTo() Exceptions and more
posted by Mike, June 25, 2011
This release includes the following minor fixes and improvements:
  • JCIFS now uses the InetSocketAddress class to explicitly bind and set the SO_TIMEOUT on client sockets before they are connected. This makes the SO_TIMEOUT effective when the target server socket is not listening and the client OS socket implementation takes a long time for the dropped SYN to timeout. This may significantly reduce resource consumption in applications that use multiple threads to constantly query servers that may not be listening.
  • When disconnecting a transport, new clauses have been added to better reset transport state whereas previously transports could get stuck in a disconnected state for unnecessarily long periods of time.
  • A new property jcifs.smb.client.ignoreCopyToException has been added. When set to "true" (the default), the SmbFile.copyTo() method will ignore (but log) exceptions trying to copy individual files or directories (such as because of a permissions error). To maintain backward compatibility, the default value of this property is "true" (exceptions are ignored). Setting this property to "false" will cause any exception that occurs trying to copy an individual file or directory to be thrown out of copyTo and abort the copy operation at the point of failure.
  • If an authentication exception occurs trying to connect to a server that has multiple IP addresses, JCIFS will not attempt to connect to more than one IP addresses because doing so could result in an account lockout.
  • The SID resolver code incorrectly resolved SIDs of an ACE in blocks of at most 10 where it should have used a limit of 64. This performance issue has been fixed.
  • JCIFS will not throw the artifical "Access is denied" error if the special NtlmPasswordCredential.ANONYMOUS credential is used explicitly (whereas normally JCIFS will deliberately throw an SmbAuthException if a login results in a guest login or if the anonymous identity is used).
  • The NetrServerEnum2 RAP call used incorrect parameter descriptiors which could result in "SmbException: 2320" errors trying to list domains and servers from the local NetBIOS browse service.
  • The NTLMSSP AUTHENTICATE_MESSAGE (aka "Type 2 Message") encoding routine incorrectly left out the TargetName field (although this had no effect on CIFS client behavior).

The JCIFS Team would like to thank IOPLEX Software for contributing to this work.

jcifs-1.3.15 released / Minor DcerpcHandle Locking Adjustments
posted by Mike, October 7
Minor adjustments have been applied to DcerpcHandle locking routines in the SID class to fix sporadic occurances of "All pipe instances are busy" errors under high load.

The JCIFS Team would like to thank Vivísimo, Inc. for supporting this work. Vivísimo provides enterprises with innovative search solutions to find, access, and manipulate all content. For consumer web searches, Vivísimo offers Clusty.com.

jcifs-1.3.14 released / NetBIOS Node Status Disabled and Named Pipe Errors
posted by Mike, February 11, 2010
JCIFS will no longer do a NetBIOS Node Status to determine the server hostname because it seems some servers no longer respond to it. Under high load "All pipe instances are busy" errors could occur. This has been fixed by adding a lock to ensure that the MSRPC bind and pipe open request are performed together.

jcifs-1.3.13 released / Deadlock Fixed, OSX Snow Leopard, and EMC
posted by Mike, January 5, 2010
Locking throughout the transport layer has been rewritten. This should fix the long standing deadlock that has been reported in the past. Note that these are significant changes to the I/O layer. The package should be tested carefully before being deployed.

The size of the transient input buffer used to read the SMB_COM_NEGOTIATE response has been doubled to accommodate a security blob (as observed with OSX Snow Leopard). A signing issue reading data from an EMC server has been fixed. NTLMSSP logging has been improved.

The JCIFS Team would like to thank Stoneware, Inc. for supporting this work. Stoneware, Inc. provides innovative software that enables organizations to build their own 'private' cloud for simplified access to all of their web, Windows or hosted applications and services.

JCIFS U.S. Export Control Classification Numbers (ECCN)
posted by Mike, August 27, 2009
JCIFS uses cryptography including RC4 128 (for NTLMv2) and AES 256 (for Kerberos) for authentication, digital signatures and encryption. Products that use cryptography and which are exported from the U.S. to other countries are supposed to obtain an export classification. The United States Department of Commerce Bureau of Industry and Security (BIS) has issued two ECCNs for the JCIFS package:
5D002.C.1 License Exception TSU
5D992.C (for binary only distribution of "mass market" software)
For commercial products that ship JCIFS in binary form, you will need to reference the second ECCN in your export classification requests. For further information such as CCATS numbers, please contact ioplex@gmail.com.

The JCIFS Team would like to thank BIS for their excellent service and patience.

jcifs-1.3.12 released / Two NullPointerExceptions Fixed and DFS
posted by Mike, August 14, 2009
If NtlmPasswordAuthentication.ANONYMOUS was used, CAP_EXTENDED_SECURITY could be incorrectly turned off resulting in a NullPointerException. If a DFS server did not return any referrals, a NullPointerException could occur. Both of these exceptions have been corrected. Also, JCIFS could become confused when connecting to a server that also happened to be a DFS root server. This issue has been fixed.

jcifs-1.3.11 released / NTLMv2 Calculation Correction
posted by Mike, July 21, 2009
The nTOWFv2 computation for NTLMv2 authentication was slightly wrong in that it upper-cased the domain. This had no effect on JCIFS but it has been corrected for technical accuracy.

jcifs-1.3.10 released / Bugfix for SmbException: The parameter is incorrect
posted by Mike, June 4, 2009
This release fixes a bug that could sporadically trigger a "The parameter is incorrect" error.

The JCIFS Team would like to thank IOPLEX Software for contributing to this work. IOPLEX Software has many years of experience with HTTP Single Sign-On, Kerberos, NTLM, Active Directory, MSRPC and related networking protocols.

jcifs-1.3.9 released / Robust Retry of Replicated DFS Targets, copyTo Fix, UTF-16LE, and More
posted by Mike, May 30, 2009
This package adds the following fixes:
  • JCIFS will now iteratively try multiple replicated DFS targets if some are not enabled (whereas previously JCIFS would quit if the first root target was not accessible)
  • Fixed "Invalid operation for ????? service" error when querying DFS
  • SmbFile.copyTo will now copy files larger than 4GB
  • All instances of UnicodeLittleUnmarked have been changed to UTF-16LE (for platforms like Android)

The JCIFS Team would like to thank MetaCarta, Inc. for supporting this work. MetaCarta, Inc., a provider of geographic intelligence solutions, offers users map-driven geographic search, geographic referencing, and data visualization capabilities.

jcifs-1.3.0 released / NTLMv2 Support
posted by Mike, Oct 25, 2008
NTLMv2 has been fully implemented and will be used by default.

To emulate the old behavior you must set jcifs.lmCompatibility = 0 and jcifs.smb.client.useExtendedSecurity = false (new defaults are 3 and true respectively).

NTLMv2 and NTLMv1 over NTLMSSP has been fairly well tested with and without SMB signing negotiated and various NTLMSSP flags (e.g. NTLMSSP_NEGOTIATE_NTLM2).

Note: The NTLM HTTP Filter does not and can never support NTLMv2 as it uses a main-in-the-middle technique that is broken by NTLMSSP's "target information" used in computing password hashes. However, the existing Filter should continue to work.

The JCIFS Team would like to thank MetaCarta, Inc. for supporting this work. MetaCarta, Inc., a provider of geographic intelligence solutions, offers users map-driven geographic search, geographic referencing, and data visualization capabilities.