JCIFS

The Java CIFS Client Library

JCIFS is an Open Source client library that implements the CIFS/SMB networking protocol in 100% Java. CIFS is the standard file sharing protocol on the Microsoft Windows platform (e.g. Map Network Drive ...). This client is used extensively in production on large Intranets.

Links

Download
JCIFS NTLM HTTP Authentication
The FAQ
Obtaining a Network Packet Capture

Developer Information

JCIFS API Documentation
Setting Client Properties
Setting Name Resolution Properties
Using JCIFS to Connect to Win32 Named Pipes
JCIFS Exceptions and NtlmAuthenticator
Using JCIFS NTLM Authentication for HTTP Connections
JCIFS is Licensed Under the LGPL

Related Java Projects

jcifs-ng - A cleaned-up and improved version of the jCIFS library w/ SMB2 support
smbj - Server Message Block (SMB2, SMB3) implementation in Java
j-interop - Java COM Interop (uses Jarapac)
sharehound - CIFS network search engine
IntegraTUM WebDisk - HTTP to CIFS gateway
Jarapac - DCE/RPC in Java
The Jacob Project - Java/COM Bridge
JNBridge - Java/.NET Bridge
J-Integra - DCE/RPC in Java
Davenport - WebDAV to CIFS gateway
Alfresco JLAN Shared File Drive Interface

CIFS Authorities

http://www.samba.org/

Other CIFS Utilities and Tools

Samba for Amiga
Sharity-Lite
SMB Browse for MacOSX
Xamba Network Integration Project

MSRPC

Rpcdump utility for querying RPC servers
OpenGroup DCE/RPC Specification
OpenGroup DCE/RPC Specification - NDR
What OLE Is Really About

Kerberos

RFC1510 - Kerberos V5 Specification
How a Kerberos Logon Works in Win2K
JGSS Example
Kerberos Explained
W2K PAC Specification

Technical Documentation

"Implementing CIFS" (complete online book)
Annotated CIFS Specification: draft-leach-cifs-v1-spec-02.html
SNIA CIFS Technical Reference (V1.0)
The NTLM Authentication Protocol
A .NET Developer's Guide to Windows Security
Windows System Error Codes
Windows Network Management Error Codes
rfc1001 - NetBIOS Concepts and Methods
rfc1002 - NetBIOS Detailed Specifications
CIFS Explained (A whitepaper by John Kleven)
SMB URL draft specification V07
NetBIOS, NetBEUI, NBF, SMB, CIFS networking links page
Microsoft Writeup on WINS behavior
Microsoft Writeup on WINS under W2K
Microsoft Server Documentation on Browsing WANs using WINS
Windows IT Library: NT Network Plumbing
Thursby Software's CIFS pages
Linux Mag: Understanding the Network Neighborhood

Other

Browse the Source
Batching
http://www.gnu.org/
http://www.opensource.org/

News

jCIFS Has Moved!
posted by Mike, October 20, 2018
This is the new official home page of the original jCIFS library. If you're just looking for the jCIFS jar, this is the place to get it. See the Download link to the left.

Thanks to the Samba organization for hosting the jCIFS project for 18 years!

If you're looking for the latest and greatest open source Java SMB library, this is not it. JCIFS has been in maintenance-mode-only for several years and although what it does support works fine (SMB1, NTLMv2, midlc, MSRPC and various utility classes), jCIFS does not support the newer SMB2/3 variants of the SMB protocol which is slowly becoming required (Windows 10 requires SMB2/3). JCIFS only supports SMB1 but Microsoft has deprecated SMB1 in their products. So if SMB1 is disabled on your network, JCIFS' file related operations will NOT work.

Fortunately there are multiple new open source SMB Java projects to try including the following:

Any questions regarding jCIFS can be directed to ioplex@gmail.com.

jcifs-1.3.19 released / NTLMv2 Initiator Security Vulnerability Fixed
posted by Mike, December 21, 2017
This release fixes what is believed to be a moderate security issue. All NTLM initiators / clients using JCIFS should upgrade their JCIFS jar. Credit goes to Moritz Bechler for identifying and reporting this flaw.

jcifs-1.3.18 released / Minor Fixes
posted by Mike, October 29, 2014
This release includes minor fixes such as for a ConcurrentModificationException that could occur when initializing JCIFS classes.

jcifs-1.3.16 released / SO_TIMEOUT, Disconnect Improvements, copyTo() Exceptions and more
posted by Mike, June 25, 2011
This release includes the following minor fixes and improvements:
  • JCIFS now uses the InetSocketAddress class to explicitly bind and set the SO_TIMEOUT on client sockets before they are connected. This makes the SO_TIMEOUT effective when the target server socket is not listening and the client OS socket implementation takes a long time for the dropped SYN to timeout. This may significantly reduce resource consumption in applications that use multiple threads to constantly query servers that may not be listening.
  • When disconnecting a transport, new clauses have been added to better reset transport state whereas previously transports could get stuck in a disconnected state for unnecessarily long periods of time.
  • A new property jcifs.smb.client.ignoreCopyToException has been added. When set to "true" (the default), the SmbFile.copyTo() method will ignore (but log) exceptions trying to copy individual files or directories (such as because of a permissions error). To maintain backward compatibility, the default value of this property is "true" (exceptions are ignored). Setting this property to "false" will cause any exception that occurs trying to copy an individual file or directory to be thrown out of copyTo and abort the copy operation at the point of failure.
  • If an authentication exception occurs trying to connect to a server that has multiple IP addresses, JCIFS will not attempt to connect to more than one IP addresses because doing so could result in an account lockout.
  • The SID resolver code incorrectly resolved SIDs of an ACE in blocks of at most 10 where it should have used a limit of 64. This performance issue has been fixed.
  • JCIFS will not throw the artifical "Access is denied" error if the special NtlmPasswordCredential.ANONYMOUS credential is used explicitly (whereas normally JCIFS will deliberately throw an SmbAuthException if a login results in a guest login or if the anonymous identity is used).
  • The NetrServerEnum2 RAP call used incorrect parameter descriptiors which could result in "SmbException: 2320" errors trying to list domains and servers from the local NetBIOS browse service.
  • The NTLMSSP AUTHENTICATE_MESSAGE (aka "Type 2 Message") encoding routine incorrectly left out the TargetName field (although this had no effect on CIFS client behavior).

The JCIFS Team would like to thank IOPLEX Software for contributing to this work.

JCIFS U.S. Export Control Classification Numbers (ECCN)
posted by Mike, August 27, 2009
JCIFS uses cryptography including RC4 128 (for NTLMv2) and AES 256 (for Kerberos) for authentication, digital signatures and encryption. Products that use cryptography and which are exported from the U.S. to other countries are supposed to obtain an export classification. The United States Department of Commerce Bureau of Industry and Security (BIS) has issued two ECCNs for the JCIFS package:
5D002.C.1 License Exception TSU
5D992.C (for binary only distribution of "mass market" software)
For commercial products that ship JCIFS in binary form, you will need to reference the second ECCN in your export classification requests. For further information such as CCATS numbers, please contact ioplex@gmail.com.

The JCIFS Team would like to thank BIS for their excellent service and patience.

jcifs-1.3.12 released / Two NullPointerExceptions Fixed and DFS
posted by Mike, August 14, 2009
If NtlmPasswordAuthentication.ANONYMOUS was used, CAP_EXTENDED_SECURITY could be incorrectly turned off resulting in a NullPointerException. If a DFS server did not return any referrals, a NullPointerException could occur. Both of these exceptions have been corrected. Also, JCIFS could become confused when connecting to a server that also happened to be a DFS root server. This issue has been fixed.

jcifs-1.3.0 released / NTLMv2 Support
posted by Mike, Oct 25, 2008
NTLMv2 has been fully implemented and will be used by default.

To emulate the old behavior you must set jcifs.lmCompatibility = 0 and jcifs.smb.client.useExtendedSecurity = false (new defaults are 3 and true respectively).

NTLMv2 and NTLMv1 over NTLMSSP has been fairly well tested with and without SMB signing negotiated and various NTLMSSP flags (e.g. NTLMSSP_NEGOTIATE_NTLM2).

Note: The NTLM HTTP Filter does not and can never support NTLMv2 as it uses a main-in-the-middle technique that is broken by NTLMSSP's "target information" used in computing password hashes. However, the existing Filter should continue to work.

The JCIFS Team would like to thank MetaCarta, Inc. for supporting this work. MetaCarta, Inc., a provider of geographic intelligence solutions, offers users map-driven geographic search, geographic referencing, and data visualization capabilities.