311 lines
12 KiB
Plaintext
311 lines
12 KiB
Plaintext
Mon Jan 16 12:36:20 GMT 2012
|
|
sorting out UNICODE setup during negoiation for cifsd. Seems we where relying
|
|
on a bug in windows. reworked in such a way that we support both.
|
|
|
|
revalidated against win7, xp, samba v3.2, and cifsd.
|
|
|
|
Tue Sep 21 17:17:13 BST 2010
|
|
found the problem with cifs not connecting to Vista - there is a bug
|
|
in windows, and a hotfix to sort it out.
|
|
|
|
http://support.microsoft.com/kb/957441
|
|
|
|
also fixed a bug in UNICODE handling - I was controlling Unicode
|
|
enable on the server's capabilities rather than on the actual decided
|
|
flags. I got away with this on windows but cinap's cifsd bit me.
|
|
|
|
also, I wasn not careful to ensure the negoiate protocol list was
|
|
ALWAYS packed in ascii (it used to respect the Unicode flags which
|
|
it should not.
|
|
|
|
if the Virtual file was empty I could end up following a nil pointer,
|
|
we now fail on open in this case (for simplicity).
|
|
|
|
couple of error messages made a bit clearer.
|
|
|
|
Wed Jul 15 15:06:48 BST 2009
|
|
learning more than I wanted to about how our windows server
|
|
infrastructure works.
|
|
|
|
It seems we have blades called se-blade-01 se-blade-02 etc and virtual
|
|
servers called se-01 and se-02 etc. the blades provide a hot spare
|
|
system where the two physical blades can switch places at any time.
|
|
You normally connect to a server, e.g. se-01, this server will then
|
|
contain dfs referals to other machines. Sadly these refereals are in
|
|
terms of physical blades and not in terms of virtual servers, so you
|
|
cannot strcmp() the connected host name with the referals.
|
|
|
|
Just to add more confusion, the IP addresses are dynamically mapped
|
|
too so I cannot resolve the IP addresses. The only way to tell if two
|
|
names map to teh same host is to ingest the ARP table and lookup the
|
|
IP addresses in that. That will show if the two IPS and thus the two
|
|
hosts are the same.
|
|
|
|
This works only if you are on the same physical network of course.
|
|
|
|
(sigh)
|
|
|
|
|
|
Wed Jul 15 14:38:37 BST 2009
|
|
Added case siginificance to cifs for most files this is easy, however
|
|
for share names its hard as T2getallinfo() seems to return with the
|
|
filename in lowercase for no good reason. There is also a problem
|
|
that the redirected share name may not have the same name as the
|
|
directory it reprisents, so a simple strcmp() is not good enough.
|
|
Instead I assume that if the windows translated path is just "/" then
|
|
its a share and in that case I don't check the filename is what was
|
|
expected, as the share name translation is case significant and will
|
|
have enforced the change.
|
|
|
|
The DFS stuff is still a mess and needs a rewrite but the lack of
|
|
documentation from MS is a real problem.
|
|
|
|
I also tried to return an error specifying the remote path to DFS
|
|
links that point to another host (not currently supported), this
|
|
doesn't work and I cannot tell why - there is some odd code in
|
|
/sys/src/lib9p/srv.h:/^cloneandwalk/ which ignores errors if they
|
|
occur on anything after the first walk, however removing this still
|
|
resulted in the debug from -D (9pchatty mode) showing the walk
|
|
succeeding - very odd.
|
|
|
|
It would be nice one day to rework the DFS code so it tries to use the
|
|
current if it is on the list, however pings are rare and RTT times are
|
|
cached and in some topologies there might be a different host that is
|
|
actually closer, so long term it would be better to be unbiased about
|
|
it.
|
|
|
|
Fri Oct 24 13:37:51 BST 2008
|
|
Looked again at DFS, Microsoft have at last published the full
|
|
protocol spec, so we have more of a chance of a proper client.
|
|
|
|
Looking at my environment I now connect only to the root of the dfs
|
|
tree, i.e. I no longer do an autoconnect to all the available shares,
|
|
so the connect is faster (good). then I allow dfs to autoconnect on
|
|
demand.
|
|
|
|
I added some cacheing of ping RTTs so the autoconnect should be faster
|
|
too.
|
|
|
|
The cache doesn't fully work as expected as we only create cache
|
|
entries on walk at present and not on any other operations. This
|
|
means cloning an existing fid and using it will not cause a
|
|
re-evaluation of the cache even if it has expired.
|
|
|
|
I think I can design dfs under plan9 to run in a single program -
|
|
perhaps cifs becomes cifssrv and I have multiple attaches as required.
|
|
I could also have a ctrl file which gets requests for new instances.
|
|
Of failing that the srv instances themselves could do the mount of new
|
|
sessions. The only problem with this I see is that different hosts
|
|
might need different command line options. It could get messy tryiong
|
|
to emulate this with attach specificers.
|
|
|
|
must look at MAC signing again too, how to do validate my work?
|
|
|
|
Tue Mar 18 14:58:30 GMT 2008
|
|
made MID a variable rather than a constant, Windows servers restrict
|
|
sessions to one per MID/user, thus a new session to a given server as
|
|
user fred will kick off previous sessions. I thought this was useful
|
|
and seemed to be what Microsoft intended. I have since found that in
|
|
a complex DFS environment two IP addresses can point to the same
|
|
server which supports the shares previously distributed across a pair
|
|
of servers. When you try to connect to these two servers the seccond
|
|
connection is then hung up by the windows server as it has the same
|
|
MID. Mids are now made up on the fly.
|
|
|
|
Mon Oct 30 11:03:36 GMT 2006
|
|
Tried to extract the password expiry date from cifs - definitely no
|
|
RAP call to do it, MS say its held in LDAP (sigh), it might be
|
|
possible with a RPC call... we are always one technology behind.
|
|
|
|
Wed Oct 25 13:43:54 BST 2006
|
|
|
|
CVS is now quite happy - tested for several months
|
|
|
|
Fixed a bug in the linked list handling of open files (damm!)
|
|
if all the attaches of a cifs filesystem where closed and then
|
|
a new attach was made cifs(1) would suicide.
|
|
|
|
Fri Aug 11 11:52:05 BST 2006
|
|
|
|
Found another silly that caused CVS to get confused (I think this is
|
|
the one, need to do some more testing, but it seems saner now).
|
|
|
|
fsopen was referencing a perm member of the incomming 9p message which
|
|
does not exist, and getting random numbers for permissions and
|
|
creating readonly files somtimes.
|
|
|
|
Thu Aug 10 10:34:14 BST 2006
|
|
|
|
Bug in pdatetime() / gdatetime() - logic wrong way up for working
|
|
around a bug in Win95 - obvious as touch(1)ing a file would give silly
|
|
1907 dates.
|
|
|
|
Not sure if I have broken win95 compatability but I no longer have any
|
|
of them to test with.
|
|
|
|
Tue Nov 8 11:02:48 GMT 2005
|
|
|
|
Fixed a howler that prevented files in dfs mounted
|
|
areas from being renamed
|
|
|
|
I now attempt to automount shares that are referenced by
|
|
DFS links but which do not exist. This is a bodge nescessary
|
|
as RAP ShareEnum drops shares with names > 12 chars long.
|
|
If I ever implement RCP then this problem will go away.
|
|
|
|
Still have some problem with cvs updates on dfs mounted dirs,
|
|
CVS controlled files (CVS/Template) appears to become unexpectedly
|
|
readonly.
|
|
|
|
DFS implementation is a mess and should be a seperate program,
|
|
it makes the outrageous assumption that all the DFS links appear
|
|
on and point to a single machine (works for me, sorry).
|
|
|
|
MAC signing still doesn't work and I still cannot see why.
|
|
|
|
|
|
------------------------------------------------------------
|
|
Tarted up dfsrootinfo - now works properly.
|
|
|
|
1/ I can find the domain controller (look up the domain name in dns,
|
|
I.E. _ldap._tcp.pdc._msdcs.snellwilcox.local).
|
|
|
|
2/ I can find the domain name by doing a referral request for "" to the domain controller
|
|
|
|
3/ I can find the DFS root servers by using these replies in another referral request
|
|
|
|
However I cannot find the name of the share at the root of DFS
|
|
|
|
I could also find the closest server by doing a DNS lookup for
|
|
_ldap._tcp.SITENAME._sites.dc._msdcs.snellwilcox.local where sitenameis the site.
|
|
Unfortunately this site name seems to come only from LDAP
|
|
|
|
On the positive side it looks like jsut a dns lookup of snellwilcox.local
|
|
will return entries in increasing "distance from you" order - I.E. pick the first one.
|
|
|
|
Wed Sep 28 14:49:40 BST 2005
|
|
|
|
Dfs almost works, needs to trim the requested name by the number of chars in 'used'
|
|
|
|
Still reckon dfs should be a seperate program so I can do DFS lookups of "" and "domain"
|
|
and do the binds of namespaces as they appear.
|
|
|
|
looks like I can find the domain controller through DNS.
|
|
|
|
|
|
Name mapping is starting to work but I have hit a problem. I am keeping the share pointer in the aux
|
|
structure and this is wrong. I need to search the share table for the correct name when I resolve names
|
|
I may also need to resolve a machine name table! Not sure if this is a good idea or not This would give
|
|
a directory of machine names with shares under it and files under that.
|
|
The alternative is to bind in seperate file servers on demand.
|
|
|
|
/* FIXME: path+used - in T2getdfsreferral below is wrong - unicode means you cannot add pointers */
|
|
T2setfilelength(Session *s, Share *sp, int fh, FInfo *fip) /* FIXME: maybe broken, needs tested. */
|
|
|
|
|
|
Wed Sep 14 11:31:11 BST 2005
|
|
|
|
|
|
Proper support for deleting opened files added. Added a Filetable synthetic file
|
|
as part of the debug - probably junk this soon but I have left it in as it might
|
|
help with some other debugging.
|
|
|
|
Still have problems with cvs which I don't understand:
|
|
|
|
cvs [update aborted]: cannot write <CVS/Template file>: Permission denied
|
|
|
|
Seems to be opening the file with 17 mode (truncate and write)
|
|
causes the problem but its intermitant.
|
|
|
|
Sept 8th
|
|
|
|
cannot delet (or probably rename) open files. probably need to keep a seperate list
|
|
of open file structures so all fids ont a file can be closed (and later reopened
|
|
for rename()) by filename
|
|
|
|
July 26
|
|
MAC signing still broken, only enabled with a compile option, see mkfile
|
|
|
|
mschap moved out of factotum temporarly so we can try to get MAC signing to work.
|
|
|
|
Openfile synthetic always seems to give permission denied
|
|
|
|
DFS only just started, need more info on how it is really implemented.
|
|
|
|
share enum disappointing - seems there really is no way to enumerate
|
|
shares with names that are more than 13 (correct ?) chars long.
|
|
|
|
|
|
July 6 2005
|
|
new auth structure in place
|
|
|
|
NTLMv2 works fine.
|
|
|
|
MAC signing should work but doesn't.
|
|
|
|
The lm hash I generate for those protocols is rubbish. This means MAC
|
|
signing will not work with LM auth.
|
|
|
|
Currently cifs uses proto=pass rather than proto=mschap in an attempt to
|
|
get MAC signing to work. I need the internal hashes to generate the MAC key used
|
|
to sign packets and this is not exposed by factotum at present. I have got to get
|
|
MAC signing to work first, longer term I will alter the struct comming back from
|
|
factotum to add a MACkey field.
|
|
|
|
need to update code to do multiple trans2 calls so I can get full user and
|
|
node lists.
|
|
|
|
rpc looks like its not too difficult after all - see workbench.c - this would
|
|
allow more stats gathering and, more importantly SID to name mapping.
|
|
|
|
maybe need to modify the rap calls so they malloc the structures required
|
|
and make sure they are properly freed after use.
|
|
|
|
dfs support is not really done yet, initial stab seems to work for /n/???/Dfsroot
|
|
|
|
DFS startup attaches to the domain - how to find the very first CIFS server?
|
|
|
|
DFS failure on walk(2) should result in a new attach, maybe via plumber
|
|
or perhaps just forking another instance of cifs.
|
|
|
|
----------------------------------------------------------------
|
|
|
|
aquarela fails
|
|
fixed server timestamp in negioate
|
|
bodged support of GENERRIC_READ/WRITE/EXECUTE in smb_com_open
|
|
added find_first+full_directory_info & find_next+full_directory_info
|
|
added smb_com_write_andx
|
|
allow set info to change attributes
|
|
trans2_set_file_information
|
|
|
|
Win95 set file length using CIFSwrite won't work as that uses writeandx
|
|
and write and x of zero buyes doesn't truncate the file.
|
|
|
|
need to test large read and writes (IE > MTU) which
|
|
are enabled by CAP_LARGE_READ and CAP_LARGE_WRITE,
|
|
unfortunately I don't have a win32 machine with >= 2GB
|
|
free space.
|
|
|
|
We connect with the same multiplex ID and source machine name
|
|
so a given server will drop old connections when new ones are made.
|
|
|
|
There is a TRANS2 to change the name of an open file but is it
|
|
worth it - I cannot do anything else to an open file.
|
|
|
|
DEC Pathworks servers may add trailing whitespace to filenames. We don't
|
|
dare strip this at present as whitespace is a vaid filename character
|
|
these days. maybe we should have a commandline option for this. Experience
|
|
will tell.
|
|
|
|
Known CIFS problems
|
|
~~~~~~~~~~~~~~~~~~~
|
|
NT adds a trailing zero as part of the filename in findfirst/findnext,
|
|
This is not a problem for us as we treat filenames as zero terminated anyway.
|
|
|
|
Core Setattr function doesn't appear to work under Windows NT4
|
|
|
|
It isn't possible to set datestamps on directories under Win95
|
|
|
|
It is necessary to seek to EOF to get stat() to report the correct
|
|
size for files that are open.
|