[jcifs] SMB Signing Sequence Counters
Christopher R. Hertel
crh at ubiqx.mn.org
Fri Sep 12 13:54:18 EST 2003
Just a general note. At the CIFS conference Tridge was telling me that
sequence number incrementation does not always follow logical rules. He had
details, but we were in a swimming pool and I couldn't write them down. I
will bug him about the quirks when we get to that point.
Things to look for: Oplock breaks and other out-of-sequence packets may
behave oddly.
Chris -)-----
...who realizes that what he wrote above isn't particularly helpful.
Michael B Allen wrote:
>
> Eric wrote:
> > It also gets strange since multiple threads can be throwing stuff
> > at us (that's why I put separate sequence counters for signing and
> > verifying; I had a single counter, but it all fell apart under
> > multithreading because I would get i.e. 2 consecutive requests and
> > lose sequence).
>
> What would the sequence numbers be for the below 3 SMBs? From looking at
> your code it looks like it should be something like the following:
>
> send: SMB1 sign 0
> send: SMB2 sign 2
> send: SMB3 sign 4
> recv: SMB3 vrfy 5
> recv: SMB1 vrfy 1
> recv: SMB2 vrfy 3
>
> Is the verify sequence number of the response always 1 more than the
> sequence number used to sign it's request (as shown above)?
>
> If so, would it make more sense to put the verify sequence value in the
> ServerMessageBlock class (i.e. keep the state with the object it
> represents)?
>
> We don't need the signingLock. If my reasoning is correct we can have one
> signSequence counter and set a verifySequence in the response object. Then
> we do all signing/verifying from within the snd_buf/rcv_buf locks. We can
> initialize things as necessary from within this lock as well. That will
> give us the concurrency we need and considering snd_buf and rcv_buf are
> static it prevents their contents from changing during signing/verifying
> (which I think might be a problem with the current code).
>
> Mike
>
> PS: java.util.Random is much faster. I also moved it to where
> clientChallenge was actually required. BTW, I failed to mention yesterday
> that there were serveral other threads in the monitor dump that looked
> like they were trying to generate some kind of seed value. I also wonder
> if Java 1.3 has the JCE providers that Java 1.4 has.
>
> --
> A program should be written to model the concepts of the task it
> performs rather than the physical world or a process because this
> maximizes the potential for it to be applied to tasks that are
> conceptually similar and, more important, to tasks that have not
> yet been conceived.
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the jcifs
mailing list