Patch - Bug 4400: 4k security blob limit in SessionSetupAndX
requires multiple round trip SessionSetupAndX messages
Todd Stecher
todd.stecher at isilon.com
Fri Feb 16 21:40:09 GMT 2007
https://bugzilla.samba.org/show_bug.cgi?id=4400
SMB headers have a finite limit on the SecurityBlob field of 4k.
Being a member of 500 groups creates a SPNEGO blob which is about
5200 bytes long. If a Windows server sees a SMB message with such a
large blob, it rejects the message and closes the connection.
During SessionSetupAndX commands processed during join operations,
the Windows server ends up rejecting the command, closing the
socket. That is the root cause of this bug.
The correct behavior is to fragment the security blob over multiple
SessionSetupAndX commands until the Security Blob has been sent. The
server will gather each 4k segment until it knows the message is
complete. The SPNEGO message is ASN1 encoded, so the server can
determine the length by the first 4-8 bytes of the first message, and
continue round tripping until the entire security blob is gathered.
Note: This fix only addresses client behavior (where Samba is acting
as a client in a CIFS transaction). Metze from Samba.org is tackling
the reverse scenario, where a large-group'd client is attempting to
authenticate to a Samba server.
Thanks!
Todd
(btw - we're hiring Windows interop developers ;)...
Todd Stecher | Windows Interop Dev
Isilon Systems P +1-206-315-7500 F +1-206-315-7501
www.isilon.com D +1-206-315-7638 M +1-425-205-1180

More information about the samba-technical
mailing list