shithub: riscv

--- /dev/null

+++ b/sys/src/cmd/cifs/ChangeLog

@@ -1,0 +1,310 @@

+Mon Jan 16 12:36:20 GMT 2012

+sorting out UNICODE setup during negoiation for cifsd. Seems we where relying

+on a bug in windows. reworked in such a way that we support both.

+revalidated against win7, xp, samba v3.2, and cifsd.

+Tue Sep 21 17:17:13 BST 2010

+found the problem with cifs not connecting to Vista - there is a bug

+in windows, and a hotfix to sort it out.

+http://support.microsoft.com/kb/957441

+also fixed a bug in UNICODE handling - I was controlling Unicode

+enable on the server's capabilities rather than on the actual decided

+flags. I got away with this on windows but cinap's cifsd bit me.

+also, I wasn not careful to ensure the negoiate protocol list was

+ALWAYS packed in ascii (it used to respect the Unicode flags which

+it should not.

+if the Virtual file was empty I could end up following a nil pointer,

+we now fail on open in this case (for simplicity).

+couple of error messages made a bit clearer.

+Wed Jul 15 15:06:48 BST 2009

+learning more than I wanted to about how our windows server

+infrastructure works.

+It seems we have blades called se-blade-01 se-blade-02 etc and virtual

+servers called se-01 and se-02 etc.  the blades provide a hot spare

+system where the two physical blades can switch places at any time.

+You normally connect to a server, e.g.  se-01, this server will then

+contain dfs referals to other machines.  Sadly these refereals are in

+terms of physical blades and not in terms of virtual servers, so you

+cannot strcmp() the connected host name with the referals.

+Just to add more confusion, the IP addresses are dynamically mapped

+too so I cannot resolve the IP addresses.  The only way to tell if two

+names map to teh same host is to ingest the ARP table and lookup the

+IP addresses in that.  That will show if the two IPS and thus the two

+hosts are the same.

+This works only if you are on the same physical network of course.

+(sigh)

+Wed Jul 15 14:38:37 BST 2009

+Added case siginificance to cifs for most files this is easy, however

+for share names its hard as T2getallinfo() seems to return with the

+filename in lowercase for no good reason.  There is also a problem

+that the redirected share name may not have the same name as the

+directory it reprisents, so a simple strcmp() is not good enough.

+Instead I assume that if the windows translated path is just "/" then

+its a share and in that case I don't check the filename is what was

+expected, as the share name translation is case significant and will

+have enforced the change.

+The DFS stuff is still a mess and needs a rewrite but the lack of

+documentation from MS is a real problem.

+I also tried to return an error specifying the remote path to DFS

+links that point to another host (not currently supported), this

+doesn't work and I cannot tell why - there is some odd code in

+/sys/src/lib9p/srv.h:/^cloneandwalk/ which ignores errors if they

+occur on anything after the first walk, however removing this still

+resulted in the debug from -D (9pchatty mode) showing the walk

+succeeding - very odd.

+It would be nice one day to rework the DFS code so it tries to use the

+current if it is on the list, however pings are rare and RTT times are

+cached and in some topologies there might be a different host that is

+actually closer, so long term it would be better to be unbiased about

+it.

+Fri Oct 24 13:37:51 BST 2008

+Looked again at DFS, Microsoft have at last published the full

+protocol spec, so we have more of a chance of a proper client.

+Looking at my environment I now connect only to the root of the dfs

+tree, i.e.  I no longer do an autoconnect to all the available shares,

+so the connect is faster (good).  then I allow dfs to autoconnect on

+demand.

+I added some cacheing of ping RTTs so the autoconnect should be faster

+too.

+The cache doesn't fully work as expected as we only create cache

+entries on walk at present and not on any other operations.  This

+means cloning an existing fid and using it will not cause a

+re-evaluation of the cache even if it has expired.

+I think I can design dfs under plan9 to run in a single program -

+perhaps cifs becomes cifssrv and I have multiple attaches as required.

+I could also have a ctrl file which gets requests for new instances.

+Of failing that the srv instances themselves could do the mount of new

+sessions.  The only problem with this I see is that different hosts

+might need different command line options.  It could get messy tryiong

+to emulate this with attach specificers.

+must look at MAC signing again too, how to do validate my work?

+Tue Mar 18 14:58:30 GMT 2008

+made MID a variable rather than a constant, Windows servers restrict

+sessions to one per MID/user, thus a new session to a given server as

+user fred will kick off previous sessions.  I thought this was useful

+and seemed to be what Microsoft intended.  I have since found that in

+a complex DFS environment two IP addresses can point to the same

+server which supports the shares previously distributed across a pair

+of servers.  When you try to connect to these two servers the seccond

+connection is then hung up by the windows server as it has the same

+MID.  Mids are now made up on the fly.

+Mon Oct 30 11:03:36 GMT 2006

+Tried to extract the password expiry date from cifs - definitely no

+RAP call to do it, MS say its held in LDAP (sigh), it might be

+possible with a RPC call...  we are always one technology behind.

+Wed Oct 25 13:43:54 BST 2006

+CVS is now quite happy - tested for several months

+Fixed a bug in the linked list handling of open files (damm!)

+if all the attaches of a cifs filesystem where closed and then

+a new attach was made cifs(1) would suicide.

+Fri Aug 11 11:52:05 BST 2006

+Found another silly that caused CVS to get confused (I think this is

+the one, need to do some more testing, but it seems saner now).

+fsopen was referencing a perm member of the incomming 9p message which

+does not exist, and getting random numbers for permissions and

+creating readonly files somtimes.

+Thu Aug 10 10:34:14 BST 2006

+Bug in pdatetime() / gdatetime() - logic wrong way up for working

+around a bug in Win95 - obvious as touch(1)ing a file would give silly

+1907 dates.

+Not sure if I have broken win95 compatability but I no longer have any

+of them to test with.

+Tue Nov  8 11:02:48 GMT 2005

+Fixed a howler that prevented files in dfs mounted

+areas from being renamed

+I now attempt to automount shares that are referenced by

+DFS links but which do not exist. This is a bodge nescessary

+as RAP ShareEnum drops shares with names > 12 chars long.

+If I ever implement RCP then this problem will go away.

+Still have some problem with cvs updates on dfs mounted dirs,

+CVS controlled files (CVS/Template) appears to become unexpectedly

+readonly.

+DFS implementation is a mess and should be a seperate program,

+it makes the outrageous assumption that all the DFS links appear

+on and point to a single machine (works for me, sorry).

+MAC signing still doesn't work and I still cannot see why.

+------------------------------------------------------------

+Tarted up dfsrootinfo - now works properly.

+1/ I can find the domain controller (look up the domain name in dns,

+	I.E. _ldap._tcp.pdc._msdcs.snellwilcox.local).

+2/ I can find the domain name by doing a referral request for "" to the domain controller

+3/ I can find the DFS root servers by using these replies in another referral request

+However I cannot find the name of the share at the root of DFS

+I could also find the closest server by doing a DNS lookup for

+_ldap._tcp.SITENAME._sites.dc._msdcs.snellwilcox.local where sitenameis the site.

+Unfortunately this site name seems to come only from LDAP

+On the positive side it looks like jsut a dns lookup of snellwilcox.local

+will return entries in increasing "distance from you" order - I.E. pick the first one.

+Wed Sep 28 14:49:40 BST 2005

+Dfs almost works, needs to trim the requested name by the number of chars in 'used'

+Still reckon dfs should be a seperate program so I can do DFS lookups of "" and "domain"

+and do the binds of namespaces as they appear.

+looks like I can find the domain controller through DNS.

+Name mapping is starting to work but I have hit a problem. I am keeping the share pointer in the aux

+structure and this is wrong. I need to search the share table for the correct name when I resolve names

+I may also need to resolve a machine name table! Not sure if this is a good idea or not This would give

+a directory of machine names with shares under it and files under that.

+The alternative is to bind in seperate file servers on demand.

+/* FIXME: path+used - in T2getdfsreferral below is wrong - unicode means you cannot add pointers */

+T2setfilelength(Session *s, Share *sp, int fh, FInfo *fip) 	/* FIXME: maybe broken, needs tested. */

+Wed Sep 14 11:31:11 BST 2005

+Proper support for deleting opened files added. Added a Filetable synthetic file

+as part of the debug - probably junk this soon but I have left it in as it might

+help with some other debugging.

+Still have problems with cvs which I don't understand:

+	cvs [update aborted]: cannot write <CVS/Template file>: Permission denied

+Seems to be opening the file with 17 mode (truncate and write)

+causes the problem but its intermitant.

+Sept 8th

+cannot delet (or probably rename) open files. probably need to keep a seperate list

+of open file structures so all fids ont a file can be closed (and later reopened

+for rename()) by filename

+July 26

+	MAC signing still broken, only enabled with a compile option, see mkfile

+	mschap moved out of factotum temporarly so we can try to get MAC signing to work.

+	Openfile synthetic always seems to give permission denied

+	DFS only just started, need more info on how it is really implemented.

+	share enum disappointing - seems there really is no way to enumerate

+		shares with names that are more than 13 (correct ?) chars long.

+July 6 2005

+	new auth structure in place

+	NTLMv2 works fine.

+	MAC signing should work but doesn't.

+	The lm hash I generate for those protocols is rubbish. This means MAC

+	signing will not work with LM auth.

+	Currently cifs uses proto=pass rather than proto=mschap in an attempt to

+	get MAC signing to work. I need the internal hashes to generate the MAC key used

+	to sign packets and this is not exposed by factotum at present. I have got to get

+	MAC signing to work first, longer term I will alter the struct comming back from

+	factotum to add a MACkey field.

+	need to update code to do multiple trans2 calls so I can get full user and

+	node lists.

+	rpc looks like its not too difficult after all - see workbench.c - this would

+	allow more stats gathering and, more importantly  SID to name mapping.

+	maybe need to modify the rap calls so they malloc the structures required

+	and make sure they are properly freed after use.

+	dfs support is not really done yet, initial stab seems to work for /n/???/Dfsroot

+	DFS startup attaches to the domain - how to find the very first CIFS server?

+	DFS failure on walk(2) should result in a new attach, maybe via plumber

+	or perhaps just forking another instance of cifs.

+----------------------------------------------------------------

+aquarela fails

+	fixed server timestamp in negioate

+	bodged support of GENERRIC_READ/WRITE/EXECUTE in smb_com_open

+	added find_first+full_directory_info & find_next+full_directory_info

+	added smb_com_write_andx

+	allow set info to change attributes

+	trans2_set_file_information

+Win95 set file length using CIFSwrite won't work as that uses writeandx

+and write and x of zero buyes doesn't truncate the file.

+need to test large read and writes (IE > MTU) which

+are enabled by CAP_LARGE_READ and CAP_LARGE_WRITE,

+unfortunately I don't have a win32 machine with >= 2GB

+free space.

+We connect with the same multiplex ID and source machine name

+so a given server will drop old connections when new ones are made.

+There is a TRANS2 to change the name of an open file but is it

+worth it - I cannot do anything else to an open file.

+DEC Pathworks servers may add trailing whitespace to filenames. We don't

+dare strip this at present as whitespace is a vaid filename character

+these days. maybe we should have a commandline option for this. Experience

+will tell.

+Known CIFS problems

+~~~~~~~~~~~~~~~~~~~

+NT adds a trailing zero as part of the filename in findfirst/findnext,

+This is not a problem for us as we treat filenames as zero terminated anyway.

+Core Setattr function doesn't appear to work under Windows NT4

+It isn't possible to set datestamps on directories under Win95

+It is necessary to seek to EOF to get stat() to report the correct

+size for files that are open.

--- /dev/null

+++ b/sys/src/cmd/cifs/README.Vista

@@ -1,0 +1,11 @@

+Connection fails to Windows Vista or Windows 2008 server using NTLMv2 auth

+This is due to a bug in Windows, either use an alternative

+authentication strategy, or apply the Microsoft HotFix, which

+is just a matter of creating a new registry entry, see:

+	http://support.microsoft.com/kb/957441

+-Steve

+Tue Sep 21 17:05:48 BST 2010

--- /dev/null

+++ b/sys/src/cmd/cifs/To-do

@@ -1,0 +1,35 @@

+more complete (server crossing) DFS support,

+	This requires major changes. cifs should support multiple sessions

+	via attach specifiers. Much of the existing code should be library-ised

+	and a new app which sits above cifs used to resolve DFS referrals and

+	launch new cifs sessions as required.

+fix MAC signing

+	should work but doesn't

+also put modified mschap interface into factotum

+	This should give support for ntlmv2 auth  and mac signing

+Support for FindNotify() callbacks rather than 1 second timer for directory caching

+multithread the cifs

+	most of the work is done, but some global state

+	sitll exists and will need to be locked.

+sort out why can I not make multiple connections from the same server?

+	I already use a random number for the MUID already

+RPC protocol support

+	this will give file owner/group and ACLs/permissioms.

+DFS lookups should occur on every use not just on walks,

+	this should allow timeout and refresh of DFS referals.

+ping RTT measurment cache timeout

+seperate the virtual filesystems presented by attach specifier

+	print - print queue

+	state - status files, like Users and Sessions.

+	main - normal filesystem

--- /dev/null

+++ b/sys/src/cmd/cifs/patch.readme

@@ -1,0 +1,29 @@

+workarounds of unicode setup during protocol negoiation,

+seems to be a bug in windows.

+revalidated against fairly current samba, WinXP, Win7 and cinap's

+cifsd server for plan9.

+bug in virtual filesystem which could cause the filesystem to

+disappear if you looked in the Shares virtual file

+tweeks to Auth code (mainly tidying) and trying to get auth to work to

+vista.  turns out you need to apply a hotfix (regedit)

+http://support.microsoft.com/kb/957441 and cifs is happy with vista.

+major overhall of DFS code.  works much better but still does not

+cross servers and doesn't give any helpful messages when it fails :-(

+case significance is enforced by cifs, though you still cannot create

+Makefile and makefile as seperate entities.  This is enabled by

+default but can be disabled by a command line option.

+also fixed a bug in UNICODE handling, I got away with this on windows

+but cinap's cifsd drew blood.

+execute requests are always denied on cifs files.  Perhaps this too

+should be a command line option, but having plan9 executables on a

+windows server is a rarity IMHO.

+in CIFStreeconnect() removed ths strupr() call - trees are not neccessarly

+upper case, some servers are case significant on volume/share names.