Commit 4fc07981 authored by Steve French's avatar Steve French

Can not mount from cifs vfs client built with gcc 3.3.1 due to compiler...

Can not mount from cifs vfs client built with gcc 3.3.1 due to compiler optimization of unsafe global variable. Remove unsafe global variable.
parent a1e10d3a
Verison 0.95
------------
Fix unsafe global variable usage and password hash failure on gcc 3.3.1
Version 0.94
------------
Fix to list processing in reopen_files. Fix reconnection when server hung
......
The CIFS VFS support for Linux supports many advanced network filesystem
features such as heirarchical dfs like namespace, hardlinks, locking and more.
It was designed to comply with the SNIA CIFS Technical Reference (which supersedes
the 1992 X/Open SMB Standard) as well as to perform best practice practical
interoperability with Windows 2000, Windows XP, Samba and equivalent
It was designed to comply with the SNIA CIFS Technical Reference (which
supersedes the 1992 X/Open SMB Standard) as well as to perform best practice
practical interoperability with Windows 2000, Windows XP, Samba and equivalent
servers.
For questions or bug reports please contact sfrench@samba.org (sfrench@us.ibm.com)
For questions or bug reports please contact:
sfrench@samba.org (sfrench@us.ibm.com)
Build instructions:
==================
For Linux 2.4:
1a) Get the linux kernel source with cifs vfs already in it
from bitkeeper via bk://cifs.bkbits.net/linux-2.4
or
1b) Get the kernel source (e.g.from http://www.kernel.org)
1) Get the kernel source (e.g.from http://www.kernel.org)
and download the cifs vfs source (see the project page
at http://us1.samba.org/samba/Linux_CIFS_client.html)
and change directory into the top of the kernel directory
then patch the kernel (e.g. "patch -p1 < cifs_24.patch")
to add the cifs vfs to your kernel configure options if
it has not already been added (e.g. current SuSE and UL
users do not need to do not need that patch since the cifs vfs is
users do not need to apply the cifs_24.patch since the cifs vfs is
already in the kernel configure menu) and then
mkdir linux/fs/cifs and then copy the current cifs vfs files from
the cifs download to your kernel build directory e.g.
cp <cifs_download_dir>/fs/cifs/* to <kernel_download_dir>/fs/cifs
2) make menuconfig (or make xconfig)
3) select cifs from within the network filesystem choices
4) save and exit
......@@ -54,12 +54,17 @@ would simply type "make install").
If you do not have the utility mount.cifs (in the Samba 3.0 source tree and on
the CIFS VFS web site) copy it to the same directory in which mount.smbfs and
similar files reside (usually /sbin). Although the helper software is required,
mount.cifs is recommended. Eventually the Samba 3.0 utility program "net"
may also be helpful since it may someday provide easier mount syntax for users used
to Windows e.g.
net use <mount point> <UNC name or cifs URL>
Note that running Winbind on all of your Linux clients is useful in
in mapping Uids and Gids consistently to the proper network user.
mount.cifs is recommended. Eventually the Samba 3.0 utility program "net" may
also be helpful since it may someday provide easier mount syntax for users used
to Windows e.g. net use <mount point> <UNC name or cifs URL> Note that running
Winbind on all of your Linux clients is useful in in mapping Uids and Gids
consistently to the proper network user. The mount.cifs mount helper can be
trivially built from Samba 3.0 or later source e.g. by executing:
gcc samba/source/client/mount.cifs.c -o mount.cifs
There is a corresponding manual page for cifs mounting in the Samba 3.0 and
later source tree in docs/manpages/mount.cifs.8
Samba Considerations
====================
......@@ -67,42 +72,53 @@ To get the maximum benefit from the CIFS VFS, we recommend using a server that
supports the SNIA CIFS Unix Extensions standard (e.g. Samba 2.2.5 or later or
Samba 3.0) but the CIFS vfs works fine with a wide variety of CIFS servers.
Note that uid, gid and file permissions will display default values if you do
not have a server that supports the Unix extensions for CIFS (such as Samba 2.2.3 or
later). To enable the Unix CIFS Extensions in the Samba server, add the line:
not have a server that supports the Unix extensions for CIFS (such as Samba
2.2.3 or later). To enable the Unix CIFS Extensions in the Samba server, add
the line:
unix extensions = yes
to your smb.conf file on the server. Note that the following smb.conf settings are
also useful (on the Samba server) when the majority of clients are Unix
or Linux:
to your smb.conf file on the server. Note that the following smb.conf settings
are also useful (on the Samba server) when the majority of clients are Unix or
Linux:
case sensitive = yes
delete readonly = yes
Some administrators also change the "map archive" and the "create mask" parameters
from their default values. Creating special devices (mknod) remotely may require
specifying a mkdev function to Samba. For more information on these see the manual
pages ("man smb.conf") on the Samba server system. Note that the cifs vfs, unlike the
smbfs vfs, does not read the smb.conf on the client system (the few optional settings
are passed in on mount via -o parameters instead). Note that Samba 2.2.7 or later
includes a fix that allows the CIFS VFS to delete open files (required for strict
POSIX compliance). Windows Servers already supported this feature.
Some administrators also change the "map archive" and the "create mask"
parameters from their default values. Creating special devices (mknod) remotely
may require specifying a mkdev function to Samba. For more information on these
see the manual pages ("man smb.conf") on the Samba server system. Note that the
cifs vfs, unlike the smbfs vfs, does not read the smb.conf on the client system
(the few optional settings are passed in on mount via -o parameters instead).
Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete
open files (required for strict POSIX compliance). Windows Servers already
supported this feature.
Use instructions:
================
Once the CIFS VFS support is built into the kernel or installed as a module (cifs.o),
you can use mount syntax like the following to access Samba or Windows servers:
Once the CIFS VFS support is built into the kernel or installed as a module
(cifs.o), you can use mount syntax like the following to access Samba or Windows
servers:
mount -t cifs //9.53.216.11/e$ /mnt -o user=myname,pass=mypassword
after -o the following cifs vfs specific options are supported:
user=<username>
pass=<password>
domain=<domain name>
TCP names (in addition to ip addresses) will be available when the mount helper
(mount.cifs) is complete
Restrictions
============
Servers must support the NTLM SMB dialect (which is the most recent, supported by Samba
and Windows NT, 2000 and XP and many other SMB/CIFS servers) and servers must support
either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC 1001/1002 support for
"Netbios-Over-TCP/IP." Neither of these is likely to be a problem as most servers
support this. IPv6 support is planned for the future.
Servers must support the NTLM SMB dialect (which is the most recent, supported
by Samba and Windows NT, 2000 and XP and many other SMB/CIFS servers) and
servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC
1001/1002 support for "Netbios-Over-TCP/IP." Neither of these is likely to be a
problem as most servers support this. IPv6 support is planned for the future.
CIFS VFS Mount Options
======================
......@@ -178,17 +194,22 @@ Configuration pseudo-files:
OplockEnabled If set to one, safe distributed caching enabled.
(default 1)
These experimental features and tracing can be enabled by changing flags in /proc/fs/cifs
(after the cifs module has been installed or built into the kernel, e.g. insmod cifs).
To enable a feature set it to 1 e.g. to enable tracing to the kernel message log
type:
These experimental features and tracing can be enabled by changing flags in
/proc/fs/cifs (after the cifs module has been installed or built into the
kernel, e.g. insmod cifs). To enable a feature set it to 1 e.g. to enable
tracing to the kernel message log type:
echo 1 > /proc/fs/cifs/cifsFYI
and for more extensive tracing including the start of smb requests and responses
echo 1 > /proc/fs/cifs/traceSMB
Also note that "cat /proc/fs/cifs/DebugData" will display some information about the
active sessions and the shares that are mounted. NTLMv2 enablement and packet
signing will not work since they the implementation is not quite complete. Do not enable
these flags unless you are doing specific testing. Enabling extended security works to
Windows 2000 Workstations and XP but not to Windows 2000 server or Samba since it does not
usually send "raw NTLMSSP" (instead it sends NTLMSSP encapsulated in SPNEGO/GSSAPI, which
support is not complete in the CIFS VFS yet).
Also note that "cat /proc/fs/cifs/DebugData" will display some information about
the active sessions and the shares that are mounted. NTLMv2 enablement and
packet signing will not work since they the implementation is not quite
complete. Do not enable these flags unless you are doing specific testing.
Enabling extended security works to Windows 2000 Workstations and XP but not to
Windows 2000 server or Samba since it does not usually send "raw NTLMSSP"
(instead it sends NTLMSSP encapsulated in SPNEGO/GSSAPI, which support is not
complete in the CIFS VFS yet).
......@@ -175,12 +175,12 @@ struct cifsTconInfo {
struct cifsSesInfo *ses; /* pointer to session associated with */
char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource (in ASCII not UTF) */
char *nativeFileSystem;
__u16 tid; /* The 2 byte transaction id */
__u16 tid; /* The 2 byte tree id */
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
atomic_t useCount; /* how many mounts (explicit or implicit refer to this share */
atomic_t useCount; /* how many mounts (explicit or implicit) to this share */
FILE_SYSTEM_DEVICE_INFO fsDevInfo;
FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* note file system name may be truncated - but very unlikely */
FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* ok if file system name truncated */
FILE_SYSTEM_UNIX_INFO fsUnixInfo;
/* BB add field for back pointer to sb struct? */
};
......
......@@ -3,7 +3,7 @@
Version 1.9.
a implementation of MD4 designed for use in the SMB authentication protocol
Copyright (C) Andrew Tridgell 1997-1998.
Modified by Steve French (sfrench@us.ibm.com) 2002
Modified by Steve French (sfrench@us.ibm.com) 2002-2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -21,13 +21,7 @@
*/
#include <linux/module.h>
#include <linux/fs.h>
/* NOTE: This code makes no attempt to be fast!
It assumes that a int is at least 32 bits long
*/
static __u32 A, B, C, D;
/* NOTE: This code makes no attempt to be fast! */
static __u32
F(__u32 X, __u32 Y, __u32 Z)
......@@ -54,25 +48,26 @@ lshift(__u32 x, int s)
return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s));
}
#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s)
#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (__u32)0x5A827999,s)
#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (__u32)0x6ED9EBA1,s)
#define ROUND1(a,b,c,d,k,s) (*a) = lshift((*a) + F(*b,*c,*d) + X[k], s)
#define ROUND2(a,b,c,d,k,s) (*a) = lshift((*a) + G(*b,*c,*d) + X[k] + (__u32)0x5A827999,s)
#define ROUND3(a,b,c,d,k,s) (*a) = lshift((*a) + H(*b,*c,*d) + X[k] + (__u32)0x6ED9EBA1,s)
/* this applies md4 to 64 byte chunks */
static void
mdfour64(__u32 * M)
mdfour64(__u32 * M, __u32 * A, __u32 *B, __u32 * C, __u32 *D)
{
int j;
__u32 AA, BB, CC, DD;
__u32 X[16];
for (j = 0; j < 16; j++)
X[j] = M[j];
AA = A;
BB = B;
CC = C;
DD = D;
AA = *A;
BB = *B;
CC = *C;
DD = *D;
ROUND1(A, B, C, D, 0, 3);
ROUND1(D, A, B, C, 1, 7);
......@@ -125,15 +120,15 @@ mdfour64(__u32 * M)
ROUND3(C, D, A, B, 7, 11);
ROUND3(B, C, D, A, 15, 15);
A += AA;
B += BB;
C += CC;
D += DD;
*A += AA;
*B += BB;
*C += CC;
*D += DD;
A &= 0xFFFFFFFF;
B &= 0xFFFFFFFF;
C &= 0xFFFFFFFF;
D &= 0xFFFFFFFF;
*A &= 0xFFFFFFFF;
*B &= 0xFFFFFFFF;
*C &= 0xFFFFFFFF;
*D &= 0xFFFFFFFF;
for (j = 0; j < 16; j++)
X[j] = 0;
......@@ -166,15 +161,14 @@ mdfour(unsigned char *out, unsigned char *in, int n)
__u32 M[16];
__u32 b = n * 8;
int i;
A = 0x67452301;
B = 0xefcdab89;
C = 0x98badcfe;
D = 0x10325476;
__u32 A = 0x67452301;
__u32 B = 0xefcdab89;
__u32 C = 0x98badcfe;
__u32 D = 0x10325476;
while (n > 64) {
copy64(M, in);
mdfour64(M);
mdfour64(M,&A,&B, &C, &D);
in += 64;
n -= 64;
}
......@@ -187,13 +181,13 @@ mdfour(unsigned char *out, unsigned char *in, int n)
if (n <= 55) {
copy4(buf + 56, b);
copy64(M, buf);
mdfour64(M);
mdfour64(M, &A, &B, &C, &D);
} else {
copy4(buf + 120, b);
copy64(M, buf);
mdfour64(M);
mdfour64(M, &A, &B, &C, &D);
copy64(M, buf + 64);
mdfour64(M);
mdfour64(M, &A, &B, &C, &D);
}
for (i = 0; i < 128; i++)
......
......@@ -23,8 +23,6 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
extern int DEBUGLEVEL;
#include <linux/module.h>
#include <linux/fs.h>
#include <linux/string.h>
......@@ -96,12 +94,6 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
SMBOWFencrypt(p21, c8, p24);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBencrypt: lm#, challenge, response\n"));
dump_data(100, (char *) p21, 16);
dump_data(100, (char *) c8, 8);
dump_data(100, (char *) p24, 24);
#endif
memset(p14,0,15);
memset(p21,0,21);
}
......@@ -179,12 +171,6 @@ nt_lm_owf_gen(char *pwd, unsigned char nt_p16[16], unsigned char p16[16])
memset(nt_p16, '\0', 16);
E_md4hash(passwd, nt_p16);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n"));
dump_data(120, passwd, strlen(passwd));
dump_data(100, (char *) nt_p16, 16);
#endif
/* Mangle the passwords into Lanman format */
passwd[14] = '\0';
/* strupper(passwd); */
......@@ -194,11 +180,6 @@ nt_lm_owf_gen(char *pwd, unsigned char nt_p16[16], unsigned char p16[16])
memset(p16, '\0', 16);
E_P16((unsigned char *) passwd, (unsigned char *) p16);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n"));
dump_data(120, passwd, strlen(passwd));
dump_data(100, (char *) p16, 16);
#endif
/* clear out local copy of user's password (just being paranoid). */
memset(passwd, '\0', sizeof (passwd));
}
......@@ -235,13 +216,6 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
hmac_md5_update((const unsigned char *) dom_u, domain_l * 2, &ctx);
hmac_md5_final(kr_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
dump_data(100, user_u, user_l * 2);
dump_data(100, dom_u, domain_l * 2);
dump_data(100, owf, 16);
dump_data(100, kr_buf, 16);
#endif
kfree(user_u);
}
......@@ -270,12 +244,6 @@ NTLMSSPOWFencrypt(unsigned char passwd[8],
memset(p21 + 8, 0xbd, 8);
E_P24(p21, ntlmchalresp, p24);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n"));
dump_data(100, (char *) p21, 21);
dump_data(100, (char *) ntlmchalresp, 8);
dump_data(100, (char *) p24, 24);
#endif
}
/* Does the NT MD4 hash then des encryption. */
......@@ -289,13 +257,6 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
E_md4hash(passwd, p21);
SMBOWFencrypt(p21, c8, p24);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n"));
dump_data(100, (char *) p21, 16);
dump_data(100, (char *) c8, 8);
dump_data(100, (char *) p24, 24);
#endif
}
/* Does the md5 encryption from the NT hash for NTLMv2. */
......@@ -310,37 +271,6 @@ SMBOWFencrypt_ntv2(const unsigned char kr[16],
hmac_md5_update(srv_chal->data, srv_chal->length, &ctx);
hmac_md5_update(cli_chal->data, cli_chal->length, &ctx);
hmac_md5_final(resp_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
dump_data(100, srv_chal->data, srv_chal->length);
dump_data(100, cli_chal->data, cli_chal->length);
dump_data(100, resp_buf, 16);
#endif
}
static struct data_blob LMv2_generate_response(const unsigned char ntlm_v2_hash[16],
const struct data_blob * server_chal)
{
unsigned char lmv2_response[16];
struct data_blob lmv2_client_data/* = data_blob(NULL, 8)*/; /* BB Fix BB */
struct data_blob final_response /* = data_blob(NULL, 24)*/; /* BB Fix BB */
/* LMv2 */
/* client-supplied random data */
get_random_bytes(lmv2_client_data.data, lmv2_client_data.length);
/* Given that data, and the challenge from the server, generate a response */
SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &lmv2_client_data, lmv2_response);
memcpy(final_response.data, lmv2_response, sizeof(lmv2_response));
/* after the first 16 bytes is the random data we generated above,
so the server can verify us with it */
memcpy(final_response.data+sizeof(lmv2_response),
lmv2_client_data.data, lmv2_client_data.length);
/* data_blob_free(&lmv2_client_data); */ /* BB fix BB */
return final_response;
}
void
......@@ -352,11 +282,6 @@ SMBsesskeygen_ntv2(const unsigned char kr[16],
hmac_md5_init_limK_to_64(kr, 16, &ctx);
hmac_md5_update(nt_resp, 16, &ctx);
hmac_md5_final((unsigned char *) sess_key, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBsesskeygen_ntv2:\n"));
dump_data(100, sess_key, 16);
#endif
}
void
......@@ -364,11 +289,6 @@ SMBsesskeygen_ntv1(const unsigned char kr[16],
const unsigned char *nt_resp, __u8 sess_key[16])
{
mdfour((unsigned char *) sess_key, (unsigned char *) kr, 16);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBsesskeygen_ntv1:\n"));
dump_data(100, sess_key, 16);
#endif
}
/***********************************************************
......@@ -391,39 +311,3 @@ encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
return TRUE;
}
int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
const struct data_blob *server_chal,
const struct data_blob *names_blob,
struct data_blob *lm_response, struct data_blob *nt_response,
struct data_blob *nt_session_key,struct nls_table * nls_codepage)
{
unsigned char nt_hash[16];
unsigned char ntlm_v2_hash[16];
E_md4hash(password, nt_hash);
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
This prevents username swapping during the auth exchange
*/
ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash,nls_codepage);
if (nt_response) {
/* *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
names_blob); */ /* BB fix BB */
if (nt_session_key) {
/* *nt_session_key = data_blob(NULL, 16); */ /* BB fix BB */
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
}
}
/* LMv2 */
if (lm_response) {
*lm_response = LMv2_generate_response(ntlm_v2_hash, server_chal);
}
return TRUE;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment