Null pointer when authenticating as anonymous

[L-JINBIN]

Similar as #792

Caused by: java.lang.NullPointerException: Attempt to invoke interface method 'byte[] javax.crypto.SecretKey.getEncoded()' on a null object reference
	at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKey(SMBSessionBuilder.java:326)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKeys(SMBSessionBuilder.java:292)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:175)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:153)
	at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:120)
	at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:206)

The problem still exists in version 0.14.0. The reason for this problem is that SessionContext.sessionKey is null. I traced its assignment upwards and found that it comes from BuilderContext.sessionKey, which comes from AuthenticateResponse.sessionKey.

AuthenticateResponse.sessionKey is assigned in the NtlmAuthenticator.doAuthenticate() method

private AuthenticateResponse doAuthenticate(...) throws SpnegoException {

    ......

    // [MS-NLMP] 3.2.2 -- Special case for anonymous authentication
    if (context.isAnonymous()) {
        NtlmAuthenticate msg = new NtlmAuthenticate(null, null, context.getUsername(), context.getDomain(),
            config.getWorkstationName(), null, negotiateFlags, config.getWindowsVersion());
        response.setNegToken(negTokenTarg(msg));
        return response;
    }

    ......

    response.setSessionKey(exportedSessionKey);
    logger.trace("Sending NTLM authenticate message: {}", msg);
    response.setNegToken(negTokenTarg(msg));
    response.setNegotiateFlags(negotiateFlags);
    return response;
}

The problem is that when the logged-in user is Anonymous, response.setSessionKey() is not called, which eventually causes SessionContext.sessionKey to be null

I tried commenting out the isAnonymous judgment, and everything worked fine, but I'm not sure if it will cause new problems

private AuthenticateResponse doAuthenticate(...) throws SpnegoException {

    ......

//    // [MS-NLMP] 3.2.2 -- Special case for anonymous authentication
//    if (context.isAnonymous()) {
//        NtlmAuthenticate msg = new NtlmAuthenticate(null, null, context.getUsername(), context.getDomain(),
//            config.getWorkstationName(), null, negotiateFlags, config.getWindowsVersion());
//        response.setNegToken(negTokenTarg(msg));
//        return response;
//    }

    ......

}

@hierynomus

[qq528]

same problem ，AuthenticationContext.anonymous() not work. How fixed it?

[ivaeg3]

@qq528 while I'm waiting for the bug to be fixed, I'm doing this:

AuthenticationContext ac = new AuthenticationContext(
        Optional.ofNullable(config.getUsername()).orElse("user"),
        Optional.ofNullable(config.getPassword()).orElse("password").toCharArray(),
        null);

[L-JINBIN]

@qq528 @ivaeg3 The author seems to have stopped maintaining it. This is my final solution, and I'm sure it works and won't cause any new problems.

com.hierynomus.smbj.auth.NtlmAuthenticator

private AuthenticateResponse doAuthenticate(...) throws SpnegoException {

    ......

    // [MS-NLMP] 3.2.2 -- Special case for anonymous authentication
//    if (context.isAnonymous()) {
    if (context.isAnonymous() && !connectionContext.getNegotiatedProtocol().getDialect().isSmb3x()) {
        NtlmAuthenticate msg = new NtlmAuthenticate(null, null, context.getUsername(), context.getDomain(),
                config.getWorkstationName(), null, negotiateFlags, config.getWindowsVersion());
        response.setNegToken(negTokenTarg(msg));
        return response;
    }

    ......

}

This code for handling special cases only applies to SMB2. Using it in SMB3 will cause the problems we are talking about.