Can not mount from cifs vfs client built with gcc 3.3.1 due to compiler...

Can not mount from cifs vfs client built with gcc 3.3.1 due to compiler optimization of unsafe global variable. Remove unsafe global variable.

fs/cifs/CHANGES

+Verison 0.95
+------------
+Fix unsafe global variable usage and password hash failure on gcc 3.3.1
+ 
 Version 0.94
 ------------
 Fix to list processing in reopen_files. Fix reconnection when server hung

fs/cifs/README

-The CIFS VFS support for Linux supports many advanced network filesystem
-features such as heirarchical dfs like namespace, hardlinks, locking and more.
-It was designed to comply with the SNIA CIFS Technical Reference (which supersedes
-the 1992 X/Open SMB Standard) as well as to perform best practice practical
-interoperability with Windows 2000, Windows XP, Samba and equivalent 
+The CIFS VFS support for Linux supports many advanced network filesystem 
+features such as heirarchical dfs like namespace, hardlinks, locking and more.  
+It was designed to comply with the SNIA CIFS Technical Reference (which 
+supersedes the 1992 X/Open SMB Standard) as well as to perform best practice 
+practical interoperability with Windows 2000, Windows XP, Samba and equivalent 
 servers.  
 
-For questions or bug reports please contact sfrench@samba.org (sfrench@us.ibm.com)
+For questions or bug reports please contact:
+    sfrench@samba.org (sfrench@us.ibm.com) 
 
 Build instructions:
 ==================
 For Linux 2.4:
-1a) Get the linux kernel source with cifs vfs already in it
-from bitkeeper via bk://cifs.bkbits.net/linux-2.4
-or
-1b) Get the kernel source (e.g.from http://www.kernel.org)
+1) Get the kernel source (e.g.from http://www.kernel.org)
 and download the cifs vfs source (see the project page
 at http://us1.samba.org/samba/Linux_CIFS_client.html)
 and change directory into the top of the kernel directory
 then patch the kernel (e.g. "patch -p1 < cifs_24.patch") 
 to add the cifs vfs to your kernel configure options if
 it has not already been added (e.g. current SuSE and UL
-users do not need to do not need that patch since the cifs vfs is
+users do not need to apply the cifs_24.patch since the cifs vfs is
 already in the kernel configure menu) and then
 mkdir linux/fs/cifs and then copy the current cifs vfs files from
 the cifs download to your kernel build directory e.g.
+
 	cp <cifs_download_dir>/fs/cifs/* to <kernel_download_dir>/fs/cifs
+	
 2) make menuconfig (or make xconfig)
 3) select cifs from within the network filesystem choices
 4) save and exit
@@ -54,55 +54,71 @@ would simply type "make install").
 If you do not have the utility mount.cifs (in the Samba 3.0 source tree and on 
 the CIFS VFS web site) copy it to the same directory in which mount.smbfs and 
 similar files reside (usually /sbin).  Although the helper software is required, 
-mount.cifs is recommended.  Eventually the Samba 3.0 utility program "net" 
-may also be helpful since it may someday provide easier mount syntax for users used 
-to Windows e.g.
-	 net use <mount point> <UNC name or cifs URL> 	 
-Note that running Winbind on all of your Linux clients is useful in 
-in mapping Uids and Gids consistently to the proper network user.
-
-Samba Considerations
-====================
-To get the maximum benefit from the CIFS VFS, we recommend using a server that
-supports the SNIA CIFS Unix Extensions standard (e.g. Samba 2.2.5 or later or 
-Samba 3.0) but the CIFS vfs works fine with a wide variety of CIFS servers. 
-Note that uid, gid and file permissions will display default values if you do
-not have a server that supports the Unix extensions for CIFS (such as Samba 2.2.3 or
-later).   To enable the Unix CIFS Extensions in the Samba server, add the line:
+mount.cifs is recommended.  Eventually the Samba 3.0 utility program "net" may 
+also be helpful since it may someday provide easier mount syntax for users used 
+to Windows e.g.  net use <mount point> <UNC name or cifs URL> Note that running 
+Winbind on all of your Linux clients is useful in in mapping Uids and Gids 
+consistently to the proper network user.  The mount.cifs mount helper can be
+trivially built from Samba 3.0 or later source e.g. by executing:
+
+	gcc samba/source/client/mount.cifs.c -o mount.cifs
+	
+There is a corresponding manual page for cifs mounting in the Samba 3.0 and
+later source tree in docs/manpages/mount.cifs.8 
+
+Samba Considerations 
+==================== 
+To get the maximum benefit from the CIFS VFS, we recommend using a server that 
+supports the SNIA CIFS Unix Extensions standard (e.g.  Samba 2.2.5 or later or 
+Samba 3.0) but the CIFS vfs works fine with a wide variety of CIFS servers.  
+Note that uid, gid and file permissions will display default values if you do 
+not have a server that supports the Unix extensions for CIFS (such as Samba 
+2.2.3 or later).  To enable the Unix CIFS Extensions in the Samba server, add 
+the line: 
+
 	unix extensions = yes
-to your smb.conf file on the server.  Note that the following smb.conf settings are
-also useful (on the Samba server) when the majority of clients are Unix
-or Linux:
+	
+to your smb.conf file on the server.  Note that the following smb.conf settings 
+are also useful (on the Samba server) when the majority of clients are Unix or 
+Linux: 
+
 	case sensitive = yes
-	delete readonly = yes
-Some administrators also change the "map archive" and the "create mask" parameters
-from their default values.  Creating special devices (mknod) remotely may require
-specifying a mkdev function to Samba. For more information on these see the manual  
-pages ("man smb.conf") on the Samba server system.  Note that the cifs vfs, unlike the
-smbfs vfs, does not read the smb.conf on the client system (the few optional settings
-are passed in on mount via -o parameters instead).  Note that Samba 2.2.7 or later
-includes a fix that allows the CIFS VFS to delete open files (required for strict
-POSIX compliance).  Windows Servers already supported this feature.
+	delete readonly = yes 
+ 
+Some administrators also change the "map archive" and the "create mask" 
+parameters from their default values.  Creating special devices (mknod) remotely 
+may require specifying a mkdev function to Samba.  For more information on these 
+see the manual pages ("man smb.conf") on the Samba server system.  Note that the 
+cifs vfs, unlike the smbfs vfs, does not read the smb.conf on the client system 
+(the few optional settings are passed in on mount via -o parameters instead).  
+Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete 
+open files (required for strict POSIX compliance).  Windows Servers already 
+supported this feature.  
 
 Use instructions:
 ================
-Once the CIFS VFS support is built into the kernel or installed as a module (cifs.o),
-you can use mount syntax like the following to access Samba or Windows servers:
+Once the CIFS VFS support is built into the kernel or installed as a module 
+(cifs.o), you can use mount syntax like the following to access Samba or Windows 
+servers: 
+
   mount -t cifs //9.53.216.11/e$ /mnt -o user=myname,pass=mypassword
+  
 after -o the following cifs vfs specific options are supported:
+
   user=<username>
   pass=<password>
   domain=<domain name>
+  
 TCP names (in addition to ip addresses) will be available when the mount helper
 (mount.cifs) is complete
 
 Restrictions
 ============
-Servers must support the NTLM SMB dialect (which is the most recent, supported by Samba
-and Windows NT, 2000 and XP and many other SMB/CIFS servers) and servers must support
-either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC 1001/1002 support for
-"Netbios-Over-TCP/IP."  Neither of these is likely to be a problem as most servers
-support this.  IPv6 support is planned for the future.  
+Servers must support the NTLM SMB dialect (which is the most recent, supported 
+by Samba and Windows NT, 2000 and XP and many other SMB/CIFS servers) and 
+servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC 
+1001/1002 support for "Netbios-Over-TCP/IP." Neither of these is likely to be a 
+problem as most servers support this.  IPv6 support is planned for the future.  
 
 CIFS VFS Mount Options
 ======================
@@ -178,17 +194,22 @@ Configuration pseudo-files:
   OplockEnabled		If set to one, safe distributed caching enabled.
 			(default 1)
 
-These experimental features and tracing can be enabled by changing flags in /proc/fs/cifs
-(after the cifs module has been installed or built into the kernel, e.g. insmod cifs). 
-To enable a feature set it to 1 e.g. to enable tracing to the kernel message log
-type:
+These experimental features and tracing can be enabled by changing flags in 
+/proc/fs/cifs (after the cifs module has been installed or built into the 
+kernel, e.g.  insmod cifs).  To enable a feature set it to 1 e.g.  to enable 
+tracing to the kernel message log type: 
+
 	echo 1 > /proc/fs/cifs/cifsFYI
+	
 and for more extensive tracing including the start of smb requests and responses
+
 	echo 1 > /proc/fs/cifs/traceSMB
-Also note that "cat /proc/fs/cifs/DebugData" will display some information about the
-active sessions and the shares that are mounted. NTLMv2 enablement and packet
-signing will not work since they the implementation is not quite complete. Do not enable
-these flags unless you are doing specific testing.  Enabling extended security works to
-Windows 2000 Workstations and XP but not to Windows 2000 server or Samba since it does not
-usually send "raw NTLMSSP" (instead it sends NTLMSSP encapsulated in SPNEGO/GSSAPI, which
-support is not complete in the CIFS VFS yet).
+	
+Also note that "cat /proc/fs/cifs/DebugData" will display some information about 
+the active sessions and the shares that are mounted.  NTLMv2 enablement and 
+packet signing will not work since they the implementation is not quite 
+complete.  Do not enable these flags unless you are doing specific testing.  
+Enabling extended security works to Windows 2000 Workstations and XP but not to 
+Windows 2000 server or Samba since it does not usually send "raw NTLMSSP" 
+(instead it sends NTLMSSP encapsulated in SPNEGO/GSSAPI, which support is not 
+complete in the CIFS VFS yet).  

fs/cifs/cifsglob.h

@@ -175,12 +175,12 @@ struct cifsTconInfo {
 	struct cifsSesInfo *ses;	/* pointer to session associated with */
 	char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource (in ASCII not UTF) */
 	char *nativeFileSystem;
-	__u16 tid;		/* The 2 byte transaction id */
+	__u16 tid;		/* The 2 byte tree id */
 	__u16 Flags;		/* optional support bits */
 	enum statusEnum tidStatus;
-	atomic_t useCount;	/* how many mounts (explicit or implicit refer to this share */
+	atomic_t useCount;	/* how many mounts (explicit or implicit) to this share */
 	FILE_SYSTEM_DEVICE_INFO fsDevInfo;
-	FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo;	/* note file system name may be truncated - but very unlikely */
+	FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo;	/* ok if file system name truncated */
 	FILE_SYSTEM_UNIX_INFO fsUnixInfo;
 	/* BB add field for back pointer to sb struct? */
 };

fs/cifs/md4.c

@@ -3,7 +3,7 @@
    Version 1.9.
    a implementation of MD4 designed for use in the SMB authentication protocol
    Copyright (C) Andrew Tridgell 1997-1998.
-   Modified by Steve French (sfrench@us.ibm.com) 2002
+   Modified by Steve French (sfrench@us.ibm.com) 2002-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,13 +21,7 @@
 */
 #include <linux/module.h>
 #include <linux/fs.h>
-
-/* NOTE: This code makes no attempt to be fast! 
-
-   It assumes that a int is at least 32 bits long
-*/
-
-static __u32 A, B, C, D;
+/* NOTE: This code makes no attempt to be fast! */
 
 static __u32
 F(__u32 X, __u32 Y, __u32 Z)
@@ -54,25 +48,26 @@ lshift(__u32 x, int s)
 	return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s));
 }
 
-#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s)
-#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (__u32)0x5A827999,s)
-#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (__u32)0x6ED9EBA1,s)
+#define ROUND1(a,b,c,d,k,s) (*a) = lshift((*a) + F(*b,*c,*d) + X[k], s)
+#define ROUND2(a,b,c,d,k,s) (*a) = lshift((*a) + G(*b,*c,*d) + X[k] + (__u32)0x5A827999,s)
+#define ROUND3(a,b,c,d,k,s) (*a) = lshift((*a) + H(*b,*c,*d) + X[k] + (__u32)0x6ED9EBA1,s)
 
 /* this applies md4 to 64 byte chunks */
 static void
-mdfour64(__u32 * M)
+mdfour64(__u32 * M, __u32 * A, __u32 *B, __u32 * C, __u32 *D)
 {
 	int j;
 	__u32 AA, BB, CC, DD;
 	__u32 X[16];
 
+
 	for (j = 0; j < 16; j++)
 		X[j] = M[j];
 
-	AA = A;
-	BB = B;
-	CC = C;
-	DD = D;
+	AA = *A;
+	BB = *B;
+	CC = *C;
+	DD = *D;
 
 	ROUND1(A, B, C, D, 0, 3);
 	ROUND1(D, A, B, C, 1, 7);
@@ -125,15 +120,15 @@ mdfour64(__u32 * M)
 	ROUND3(C, D, A, B, 7, 11);
 	ROUND3(B, C, D, A, 15, 15);
 
-	A += AA;
-	B += BB;
-	C += CC;
-	D += DD;
+	*A += AA;
+	*B += BB;
+	*C += CC;
+	*D += DD;
 
-	A &= 0xFFFFFFFF;
-	B &= 0xFFFFFFFF;
-	C &= 0xFFFFFFFF;
-	D &= 0xFFFFFFFF;
+	*A &= 0xFFFFFFFF;
+	*B &= 0xFFFFFFFF;
+	*C &= 0xFFFFFFFF;
+	*D &= 0xFFFFFFFF;
 
 	for (j = 0; j < 16; j++)
 		X[j] = 0;
@@ -166,15 +161,14 @@ mdfour(unsigned char *out, unsigned char *in, int n)
 	__u32 M[16];
 	__u32 b = n * 8;
 	int i;
-
-	A = 0x67452301;
-	B = 0xefcdab89;
-	C = 0x98badcfe;
-	D = 0x10325476;
+	__u32 A = 0x67452301;
+	__u32 B = 0xefcdab89;
+	__u32 C = 0x98badcfe;
+	__u32 D = 0x10325476;
 
 	while (n > 64) {
 		copy64(M, in);
-		mdfour64(M);
+		mdfour64(M,&A,&B, &C, &D);
 		in += 64;
 		n -= 64;
 	}
@@ -187,13 +181,13 @@ mdfour(unsigned char *out, unsigned char *in, int n)
 	if (n <= 55) {
 		copy4(buf + 56, b);
 		copy64(M, buf);
-		mdfour64(M);
+		mdfour64(M, &A, &B, &C, &D);
 	} else {
 		copy4(buf + 120, b);
 		copy64(M, buf);
-		mdfour64(M);
+		mdfour64(M, &A, &B, &C, &D);
 		copy64(M, buf + 64);
-		mdfour64(M);
+		mdfour64(M, &A, &B, &C, &D);
 	}
 
 	for (i = 0; i < 128; i++)

fs/cifs/smbencrypt.c

@@ -23,8 +23,6 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-extern int DEBUGLEVEL;
-
 #include <linux/module.h>
 #include <linux/fs.h>
 #include <linux/string.h>
@@ -96,12 +94,6 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
 
 	SMBOWFencrypt(p21, c8, p24);
 	
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("SMBencrypt: lm#, challenge, response\n"));
-	dump_data(100, (char *) p21, 16);
-	dump_data(100, (char *) c8, 8);
-	dump_data(100, (char *) p24, 24);
-#endif
 	memset(p14,0,15);
 	memset(p21,0,21);
 }
@@ -179,12 +171,6 @@ nt_lm_owf_gen(char *pwd, unsigned char nt_p16[16], unsigned char p16[16])
 	memset(nt_p16, '\0', 16);
 	E_md4hash(passwd, nt_p16);
 
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n"));
-	dump_data(120, passwd, strlen(passwd));
-	dump_data(100, (char *) nt_p16, 16);
-#endif
-
 	/* Mangle the passwords into Lanman format */
 	passwd[14] = '\0';
 /*	strupper(passwd); */
@@ -194,11 +180,6 @@ nt_lm_owf_gen(char *pwd, unsigned char nt_p16[16], unsigned char p16[16])
 	memset(p16, '\0', 16);
 	E_P16((unsigned char *) passwd, (unsigned char *) p16);
 
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n"));
-	dump_data(120, passwd, strlen(passwd));
-	dump_data(100, (char *) p16, 16);
-#endif
 	/* clear out local copy of user's password (just being paranoid). */
 	memset(passwd, '\0', sizeof (passwd));
 }
@@ -235,13 +216,6 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
 	hmac_md5_update((const unsigned char *) dom_u, domain_l * 2, &ctx);
 	hmac_md5_final(kr_buf, &ctx);
 
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
-	dump_data(100, user_u, user_l * 2);
-	dump_data(100, dom_u, domain_l * 2);
-	dump_data(100, owf, 16);
-	dump_data(100, kr_buf, 16);
-#endif
 	kfree(user_u);
 }
 
@@ -270,12 +244,6 @@ NTLMSSPOWFencrypt(unsigned char passwd[8],
 	memset(p21 + 8, 0xbd, 8);
 
 	E_P24(p21, ntlmchalresp, p24);
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n"));
-	dump_data(100, (char *) p21, 21);
-	dump_data(100, (char *) ntlmchalresp, 8);
-	dump_data(100, (char *) p24, 24);
-#endif
 }
 
 /* Does the NT MD4 hash then des encryption. */
@@ -289,13 +257,6 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
 
 	E_md4hash(passwd, p21);
 	SMBOWFencrypt(p21, c8, p24);
-
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n"));
-	dump_data(100, (char *) p21, 16);
-	dump_data(100, (char *) c8, 8);
-	dump_data(100, (char *) p24, 24);
-#endif
 }
 
 /* Does the md5 encryption from the NT hash for NTLMv2. */
@@ -310,37 +271,6 @@ SMBOWFencrypt_ntv2(const unsigned char kr[16],
         hmac_md5_update(srv_chal->data, srv_chal->length, &ctx);
         hmac_md5_update(cli_chal->data, cli_chal->length, &ctx);
         hmac_md5_final(resp_buf, &ctx);
-
-#ifdef DEBUG_PASSWORD
-        DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
-        dump_data(100, srv_chal->data, srv_chal->length);
-        dump_data(100, cli_chal->data, cli_chal->length);
-        dump_data(100, resp_buf, 16);
-#endif
-}
-
-static struct data_blob LMv2_generate_response(const unsigned char ntlm_v2_hash[16],
-                                        const struct data_blob * server_chal)
-{
-        unsigned char lmv2_response[16];
-	struct data_blob lmv2_client_data/* = data_blob(NULL, 8)*/; /* BB Fix BB */
-        struct data_blob final_response /* = data_blob(NULL, 24)*/; /* BB Fix BB */
-
-        /* LMv2 */
-        /* client-supplied random data */
-        get_random_bytes(lmv2_client_data.data, lmv2_client_data.length);
-        /* Given that data, and the challenge from the server, generate a response */
-        SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &lmv2_client_data, lmv2_response);
-        memcpy(final_response.data, lmv2_response, sizeof(lmv2_response));
-
-        /* after the first 16 bytes is the random data we generated above,
-           so the server can verify us with it */
-        memcpy(final_response.data+sizeof(lmv2_response),
-               lmv2_client_data.data, lmv2_client_data.length);
-
-/*        data_blob_free(&lmv2_client_data); */ /* BB fix BB */
-
-        return final_response;
 }
 
 void
@@ -352,11 +282,6 @@ SMBsesskeygen_ntv2(const unsigned char kr[16],
 	hmac_md5_init_limK_to_64(kr, 16, &ctx);
 	hmac_md5_update(nt_resp, 16, &ctx);
 	hmac_md5_final((unsigned char *) sess_key, &ctx);
-
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("SMBsesskeygen_ntv2:\n"));
-	dump_data(100, sess_key, 16);
-#endif
 }
 
 void
@@ -364,11 +289,6 @@ SMBsesskeygen_ntv1(const unsigned char kr[16],
 		   const unsigned char *nt_resp, __u8 sess_key[16])
 {
 	mdfour((unsigned char *) sess_key, (unsigned char *) kr, 16);
-
-#ifdef DEBUG_PASSWORD
-	DEBUG(100, ("SMBsesskeygen_ntv1:\n"));
-	dump_data(100, sess_key, 16);
-#endif
 }
 
 /***********************************************************
@@ -391,39 +311,3 @@ encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
 	return TRUE;
 }
 
-int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
-                      const struct data_blob *server_chal,
-                      const struct data_blob *names_blob,
-                      struct data_blob *lm_response, struct data_blob *nt_response,
-                      struct data_blob *nt_session_key,struct nls_table * nls_codepage)
-{
-        unsigned char nt_hash[16];
-        unsigned char ntlm_v2_hash[16];
-        E_md4hash(password, nt_hash);
-
-        /* We don't use the NT# directly.  Instead we use it mashed up with
-           the username and domain.
-           This prevents username swapping during the auth exchange
-        */
-        ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash,nls_codepage);
-
-        if (nt_response) {
-/*                *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
-                                                        names_blob); */ /* BB fix BB */
-                if (nt_session_key) {
-/*                        *nt_session_key = data_blob(NULL, 16); */ /* BB fix BB */
-
-                        /* The NTLMv2 calculations also provide a session key, for signing etc later */
-                        /* use only the first 16 bytes of nt_response for session key */
-                        SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
-                }
-        }
-
-        /* LMv2 */
-
-        if (lm_response) {
-                *lm_response = LMv2_generate_response(ntlm_v2_hash, server_chal);
-        }
-
-        return TRUE;
-}