CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an Internet Protocol-based file-sharing protocol.
The Common Internet File System (CIFS) is the standard way that computer users share files across corporate intranets and the Internet. An enhanced version of the Microsoft open, cross-platform Server Message Block (SMB) protocol, CIFS is a native file-sharing protocol in Windows 2000.
CIFS defines a series of commands used to pass information between networked computers. The redirector packages requests meant for remote computers in a CIFS structure. CIFS can be sent over a network to remote devices. The redirector also uses CIFS to make requests to the protocol stack of the local computer. The CIFS messages can be broadly classified as follows:
- Connection establishment messages consist of commands that start and end a redirector connection to a shared resource at the server.
- Namespace and File Manipulation messages are used by the redirector to gain access to files at the server and to read and write them.
- Printer messages are used by the redirector to send data to a print queue at a server and to get status information about the print queue.
- Miscellaneous messages are used by the redirector to write to mailslots and named pipes.
Some of the platforms that CIFS supports are:
- Microsoft Windows 2000, Microsoft® Windows NT®, Microsoft® Windows® 98, Microsoft® Windows® 95
- Microsoft® OS/2 LAN Manager
- Microsoft® Windows® for Workgroups
- UNIX
- VMS
- Macintosh
- IBM LAN Server
- DEC PATHWORKS
- Microsoft® LAN Manager for UNIX
- 3Com 3+Open
- MS-Net
CIFS complements Hypertext Transfer Protocol (HTTP) while providing more sophisticated file sharing and file transfer than older protocols, such as FTP. CIFS is shown servicing a user request for data from a networked server in Figure B.17.
Figure B.17 CIFS Architecture
When there is a request to open a shared file, the I/O calls the redirector, which in turn requests the redirector to choose the appropriate transport protocol. For NetBIOS requests, NetBIOS is encapsulated in the IP protocol and transported over the network to appropriate server. The request is passed up to the server, which sends data back to satisfy the request.
Components in the redirector provide support for CIFS, such as:
- Rdbss.sys
All kernel-level interactions are encapsulated in this driver. This
includes all cache managers, memory managers, and requests for remote
file systems so the specified protocol can use the requested server. - Mrxsmb.sys
This mini-redirector for CIFS has commands specific to CIFS.
- Mrxnfs.sys
This mini-redirector for the Network File System (NFS) provides support for NFS. Mrxnfs.sys is included in Services for Unix.
In Windows NT 4.0, Windows Internet Name Service (WINS), and Domain
Name System (DNS) name resolution was accomplished by using TCP port
134. Extensions to CIFS and NetBT now allow connections directly over
TCP/IP with the use of TCP port 445. Both means of resolution are still
available in Windows 2000. It is possible to disable either or both of
these services in the registry.
Features that CIFS offers are:
Integrity and Concurrency
CIFS allows multiple clients to access and update the same file while
preventing conflicts by providing file sharing and file locking. File
sharing and file locking is the process of allowing one user to access a
file at a time and blocking access to all other users. These sharing
and locking mechanisms can be used over the Internet and intranets. They
also permit aggressive caching and read-ahead and write-behind without
loss of integrity. File caches of buffers must be cleared before the
file is usable by other clients. These capabilities ensure that only one
copy of a file can be active at a time, preventing data corruption.
Optimization for Slow Links
The CIFS protocol has been tuned to run well over slow-speed dial-up
lines. The effect is improved performance for users who access the
Internet using a modem.
Security
CIFS servers support both anonymous transfers and secure,
authenticated access to named files. File and directory security
policies are easy to administer.
Performance and Scalability
CIFS servers are highly integrated with the operating system, and are tuned for maximum system performance.
Unicode File Names
File names can be in any character set, not just character sets designed for English or Western European languages.
Global File Names
Users do not have to mount remote file systems, but can refer to them
directly with globally significant names (names that can be located
anywhere on the Internet), instead of ones that have only local
significance (on a local computer or LAN). Distributed File Systems
(DFS) allows users to construct an enterprise-wide namespace. Uniform
Naming Convention (UNC) file names are supported so a drive letter does
not need to be created before remote files can be accessed.
At its peak, CIFS was supported by operating systems (OSes) such as Windows, Linux and Unix. CIFS used the client-server programming model in which a client program makes a request of a server program -- usually in another computer -- to access a file or pass a message to a program that runs in the server computer. The server takes the requested action and returns a response.
CIFS is now considered obsolete, because most modern data storage systems use the more robust Server Message Block (SMB) 2.0 and 3.0 file-sharing protocols, which were major upgrades to CIFS.
CIFS/SMB and the Network File System (NFS) are the two major protocols used in network-attached storage systems.
CIFS vs. NFS
Developed by Sun Microsystems in the 1980s, NFS is now managed by the Internet Engineering Task Force. NFS was originally used more in Unix and Linux OSes, while CIFS and SMB were used for Windows, but most major NAS vendors now support both protocols.
NFS is a client-server application that permits transparent file sharing between servers, desktops, laptops and other devices. Using NFS, users can store, view and update files remotely as though they were on their own computer. With CIFS/SMB, a client program requests a file from a server program located on another computer, and the server responds. This makes CIFS a chattier protocol than NFS.
CIFS vs. SMB 2.0, 3.0
The SMB applications-layer network protocol has been around since the 1980s. Developed at IBM, SMB allowed computers to read and write files over a local area network. Although CIFS and SMB are often used interchangeably, the CIFS protocol was introduced by Microsoft in early Windows OSes as an updated version of SMB.
CIFS used the internet‘s TCP/IP protocol and was viewed as a complement to existing internet application protocols, such as the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP). However, CIFS was considered a chatty protocol that was buggy and had issues with network latency. The protocol was also hard to maintain and not very secure because of the large number of commands and subcommands it processed. It was replaced when Microsoft introduced SMB in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2. Updated versions of the protocol were subsequently used in Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008.
SMB 2.0, introduced in the Windows OS in 2006, provided performance improvements over SMB 1.0 by reducing the number of commands and subcommands from more than 100 to 19. The 2.0 specification packs multiple actions into a single request to reduce the number of round-trip requests made between the client and server.
SMB 3.0 was introduced in Windows 8 and Windows Server 2012, and launched SMB Direct, SMB Multichannel and SMB Transport Failover. It also introduced better security mechanisms, such as end-to-end encryption and the Advanced Encryption Standard (AES) algorithm.
SMB 3.1.1, which became available in Windows 10 and Windows Server 2016, supports military-grade AES 128 GCM and AES 128 CCM encryption. It also uses the SHA-512 hash for preauthentication integrity checks.
The Samba project played a major role in making SMB compatible with Unix. Samba is a free software implementation of the CIFS/SMB networking protocols that supports Microsoft Windows Server Domain, Active Directory and Microsoft Windows NT domains. With Samba, Unix-like OSes can interoperate with Windows and provided file and print services to Windows clients.
========================================================
服务器消息区块(Server Message Block,缩写为SMB),又称网络文件共享系统(Common Internet File System,缩写为CIFS, /?s?fs/),一种应用层网络传输协议,由微软开发,主要功能是使网络上的机器能够共享计算机文件、打印机、串行端口和通讯等资源。它也提供经认证的行程间通讯机能。它主要用在装有Microsoft Windows的机器上,在这样的机器上被称为Microsoft Windows Network。
经过Unix服务器厂商重新开发后,它可以用于连接Unix服务器和Windows客户机,执行打印和文件共享等任务。与功能类似的网络文件系统(NFS)相比,NFS的消息格式是固定长度,而CIFS的消息格式大多数是可变长度,这增加了协议的复杂性。CIFS消息一般使用NetBIOS或TCP协议传送,分别使用不同的端口139或445,目前倾向于使用445端口。CIFS的消息包括一个信头(32字节)和消息体(1个或多个,可变长)。
特性
SMB可以以不同方式运行在会话层或者更低的网络层之上:
- 直接运行在 TCP 上 port 445;[1]
- 通过使用 NetBIOS API, 它可以运行在几种不同的 transports:[2]
- 基于 UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP);
- 基于一些传统协议,例如 NBF (incorrectly referred to as NetBEUI[原創研究?]).
SMB的 "进程间通信" (IPC) 系统提供 命名管道s 机制,它使得程序员可以方便的实现继承认证(客户端第一次连接SMB服务获取认证信息后)。
一些服务的操作基于命名管道机制, 例如那些 Microsoft 内部实现的基于SMB的 DCE/RPC, 被称为基于SMB的 MSRPC, 同时允许 MSRPC 客户端程序 处理认证过程(借助SMB服务提供的认证服务实现), 但是只在MSRPC客户端程序上下文中有效。
SMB 签名: Windows NT 4.0 Service Pack 3 及后续版本提供了基于数字签名的SMB连接机制。常用的官方术语叫做“SMB 签名”。其他被同时被使用的官方术语有
一些未翻譯的非現代漢語已進行隐藏,歡迎參與翻譯。显示▼
Server Message Block version 2 (SMB2) 旨在通过将SMB signals合并为一个数据包来减轻这个性能限制[來源請求]。
SMB 支持 机会锁 — 一种特殊的锁机制 — 来提升性能。
SMB 服务是 Microsoft‘s Distributed File System 实现的基础.
历史
SMB最初是IBM的贝瑞·费根鲍姆(Barry Feigenbaum)研制的,其目的是将DOS操作系统中的本地文件接口“中断13”改造为网络文件系统。后来微软对这个发展进行了重大更改,这个更改后的版本也是最常见的版本。微软将SMB协议与它和3Com一起发展的网络管理程序结合在一起,并在Windows for Workgroups和后来的Windows版本中不断加入新的功能。
SMB一开始的设计是在NetBIOS协议上运行的(而NetBIOS本身则运行在NetBEUI、IPX/SPX或TCP/IP协议上),Windows 2000引入了SMB直接在TCP/IP上运行的功能。在这里我们必须区分SMB协议和运行在这个协议上的SMB业务,以及NetBIOS和使用SMB作为认证隧道的DCE/RPC业务。此外我们还要区分主要(但不仅仅)直接使用NetBIOS数据报的“网络邻居”协议。
1996年,约于升阳推出WebNFS的同时[7],微软提出将SMB改称为Common Internet File System[8]。此外微软还加入了许多新的功能,比如符号链接、硬链接、提高文件的大小。微软还试图支持直接联系,不依靠NetBIOS,不过这个试图依然处于尝试阶段,并需要继续完善。微软向互联网工程工作小组提出了部分定义作为互联网草案[9]。不过这些提案现在均已过期。
由于SMB协议对于与占主要地位的Microsoft Windows平台通讯时的重要性,而目前该平台使用的SMB协议与初始的版本相比有巨大的改变,因此Samba项目就是被创立来逆向工程来提供一个与SMB软件兼容的自由软件,使得非微软操作系统也能够使用它。
在Windows Vista中微软又推出了Server Message Block 2.0,后又在Windows 7中做了改进,截至2012年依次发布的主版本有 2.1 和 3.0。
SMB 2.0
2006年,Microsoft 随着 Windows Vista 的发布 引入了新的SMB版本 (SMB 2.0 or SMB2) [10] ...
SMB 2.1
SMB 2.1, 随 Windows 7 和 Server 2008 R2 引入, 主要是通过引入新的机会锁机制来提升性能。[11]
SMB 3.0
SMB 3.0 (previously named SMB 2.2)[12]在Windows 8[12] 和 Windows Server 2012[12]中引入。它带来几项重大改变,例如 the SMB Direct Protocol (SMB over RDMA) 和 SMB Multichannel (multiple connections per SMB session),[13][14] ...
实现
客户端-服务器端结构
SMB使用点对点的通讯方式,一个客户端向一个服务器提出请求,服务器相应地回答。SMB协议中的一部分专门用来处理对文件系统的访问,使得客户端可以访问一个文件服务器。SMB也有行程間通訊的部分。SMB协议尤其适用于局部子网,但是也可以被用来通过万维网来链接不同的子网。Microsoft Windows的文件和打印机分享主要使用这个功能。
SMB服务器向网络上的客户端提供文件系统和其它资源。客户端电脑也可能有其自己的、不共享的硬盘,但是可能也想使用服务器上分享的文件系统和打印机。这是SMB为什么这么出名和广泛地被使用的原因。SMB普及的另一个原因是它使用适合NT网域的协议,至少提供基于NT网域式的认证。NT网域协议是一个微软远程过程调用服务,几乎只能被SMB进程间通讯的命名管道使用。几乎所有SMB服务器的实现使用NT网域来认证用户是否可以访问一个资源。
性能问题
一般认为SMB协议会占用很多网络带宽,因为每个客户端均在整个子网内广播其存在。但是SMB本身并不使用广播。SMB造成的广播问题实际上是NetBIOS的服务定位协议造成的。一般来说Microsoft Windows服务器使用NetBIOS来协议和定位服务。而NetBIOS则定时向一个特定的服务器广播一个服务的存在。对于一个少于20个服务器的网络来说这个方式是可行的。但是随服务器数目的增加广播造成的交通会导致问题。通过适当地实现WINS定位协议这个问题可以被缓和。WINS使用更高级的系统来确定和中央化服务需求,但是造成自己的设计和保管网络的问题。動態DNS是另一个解决方法。微软本身推荐在微软的活动目录环境下使用動態DNS。网络延迟对SMB协议的速度有非常大的冲击。在服务器之间网络延迟大的情况下通过SMB来更换档案夹非常明显地反映了这个问题。比如在通过万维网使用虛擬私人網路时网络延迟就会比较大,这时使用SMB就很恼人。
微软的更改
微软在实现其SMB时添加了许多功能,比如微软引入了NTLMv2,因为原来的第1版使用的DES容易被破解。此外因早年美國政府對於高等加密軟體限制出口,NT 4.0在美国以外僅使用40比特位加密,以今天的标准来说容易被解密。
特点
SMB的行程間通訊机制值得一提。通过这个系统,它提供命名管道。这个机制是最早的、程序员可以使用的少数行程間通訊之一,它继承客户端联系SMB服务器时的认证来提供服务。命名管道继承认证是一个独特和透明的机制,因此使用Windows API的程序员和Windows的用户均将它看作是自然的。
有些服务使用命名管道,比如使用通过SMB的微软远程过程调用的程序,也允许微软远程过程调用客户端程序进行自己的认证,并且由此掩盖SMB服务器的认证。但是这个掩盖只在客户端程序的认证成功的情况下才生效。
另一个特点是SMB对文件使用一种特殊的、被称为伺机锁定的锁定机构来提高速度。
微软的分布式文件系统实现就基于SMB。
其他实现和版本
以下列出的包括SMB客户端、服务器以及不同的扩展SMB的协议。
- 自由软件Samba重新实现SMB和微软的扩展,包括服务器和命令行客户端。
- Samba-TNG是一款Samba的衍生版本。
- Linux内核包括两个SMB客户端实施,它们使用虚拟文件系统通过标准文件系统应用程序接口提供接触SMB服务器上的文件。
- ONStor公司实施了其自己的SMB,这个实施也支持NFS协议。
- Novell NetWare版本6以上提供CIFS服务器实施,使得Microsoft Network客户端可以解除NetWare的文件。
- FreeBSD、NetBSD和Mac OS X均包含使用它们自己的虚拟文件系统的SMB客户端。
- FreeNAS是一个小型的網路儲存設備服务,其目的在于使得用户可以重新使用老电脑作为文件服务器。它支持CIFS/Samba协议。
- 维尔软件公司实施过一个SMB。
- Network Appliance有一个SMB服务器的实施。
安全
多年以来,微软实现的其直接依赖的协议与组件都存在着许多安全漏洞。其他供应商的安全漏洞主要在于缺乏对较新的身份验证协议(例如NTLMv2和Kerberos赞成如NTLMv1、LanMan或纯文本密码)的支持。实时攻击跟踪表明SMB是入侵企图的主要攻击媒介之一,例如2014年索尼影业遭黑客攻击事件,以及2017年的WannaCry勒索軟體攻击。
资料链接
- Direct hosting of SMB over TCP/IP. Microsoft. 2007-10-11 [2009-11-01].
- Richard Sharpe. Just what is SMB?. 8 October 2002 [18 July 2011].
- MSKB887429: Overview of Server Message Block signing. Microsoft Corporation. 2007-11-30 [2012-10-24].
Security Signatures (SMB sequence numbers)
- Jesper M. Johansson. How to Shoot Yourself in the Foot with Security, Part 1. Microsoft Corporation. 2005-09-08 [2012-10-24].
This article addresses [...] Server Message Block (SMB) message signing.
- MSKB887429: Overview of Server Message Block signing. Microsoft Corporation. 2007-11-30 [2012-10-24].
By default, SMB signing is required for incoming SMB sessions on Windows Server 2003-based domain controllers.
- Jose Barreto. The Basics of SMB Signing (covering both SMB1 and SMB2). Microsoft TechNet Server & Management Blogs. 2010-12-01 [2012-10-24].
This security mechanism in the SMB protocol helps avoid issues like tampering of packets and "man in the middle" attacks. [...] SMB signing is available in all currently supported versions of Windows, but it’s only enabled by default on Domain Controllers. This is recommended for Domain Controllers because SMB is the protocol used by clients to download Group Policy information. SMB signing provides a way to ensure that the client is receiving genuine Group Policy.
- [1]
- CIFS: A Common Internet File System,Paul Leach和Dan Perry。
- Navjot Virk and Prashanth Prahalad. What‘s new in SMB in Windows Vista. Chk Your Dsks. MSDN. March 10, 2006 [2006-05-01].
- Implementing an End-User Data Centralization Solution. Microsoft: 10–11. 2009-10-21 [2009-11-02].
- Jeffrey Snover. Windows Server Blog: SMB 2.2 is now SMB 3.0. Microsoft. 19 April 2012 [14 June 2012].
- Jose Barreto. SNIA Tutorial on the SMB Protocol (PDF). Storage Networking Industry Association. 19 October 2012 [28 November 2012].
- Thomas Pfenning. The Future of File Protocols - SMB 2.2 in the Datacenter (PDF).
- MS02-070: Flaw in SMB Signing May Permit Group Policy to Be Modified. 微软. December 1, 2007 [November 1, 2009].
- MS09-001: Vulnerabilities in SMB could allow remote code execution. 微软. January 13, 2009 [November 1, 2009].,
- Sicherheitstacho.eu. 德国电信. March 7, 2013 [March 7, 2013].
- Alert (TA14-353A) Targeted Destructive Malware. US-CERT.
- Sony Hackers Used Server Message Block (SMB) Worm Tool.
WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit. eWeek. [13 May 2017].