[PATCH CIFS] use CryptoAPI MD4/MD5

Steven French sfrench at us.ibm.com
Fri Oct 3 04:33:16 GMT 2003





The problem is that the mids don't necessarily increase by one so it is
hard to tell which request came first - and especially hard to block
waiting for them if requests are signed out of order and one is delayed.
I might need to move allocation of the mid number to inside the semaphore
which may need to be grabbed around the call to sign the smb and the call
to send the SMB (but not around all of SendReceive as an earlier suggestion
- since that could block for more than 20 seconds)


Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com


                                                                                                              
                      "Michael B Allen"                                                                       
                      <mba2000 at ioplex.c        To:       Steven French/Austin/IBM at IBMUS                       
                      om>                      cc:       "Erlend Aasland" <erlend-a at ux.his.no>, "Samba        
                                                Technical Mailing List " <samba-technical at samba.org>, "James  
                      10/02/2003 11:22          Morris " <jmorris at intercode.com.au>, "Matt Mackall"           
                      PM                        <mpm at selenic.com>                                             
                                               Subject:  Re: [PATCH CIFS] use CryptoAPI MD4/MD5               
                                                                                                              
                                                                                                              




> Case 1) requests are signed out of order (request two is signed first
even
> though it has a higher mid) but sent in order over TCP
> Case 2) request one gets signed before request two but request two gets
sent before request one on the TCP socket
>
> At least case two probably would cause the server to invalidate the
frame
> due to unexpected signature and drop the session

Clearly signing and sending will need to be performed without interference
from each other.

As for sorting out the responses I just put the verify sequence value in
the response object (which is always one more than the sign sequence
value) and put the reponse object into a table by mid. So responses can be
received in any order. I don't know if this applies to cifsfs though.

Here's a thread about this sort of thing:

  http://lists.samba.org/pipermail/jcifs/2003-September/002595.html

Mike

--
A program should be written to  model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the  potential for it  to be applied  to tasks that are
conceptually similar and, more  important, to tasks that have not
yet been conceived.









More information about the samba-technical mailing list