Patch - Bug 4400: 4k security blob limit in SessionSetupAndX requires multiple round trip SessionSetupAndX messages

Todd Stecher todd.stecher at
Fri Feb 16 21:40:09 GMT 2007

SMB headers have a finite limit on the SecurityBlob field of 4k.   
Being a member of 500 groups creates a SPNEGO blob which is about  
5200 bytes long.  If a Windows server sees a SMB message with such a  
large blob, it rejects the message and closes the connection.

During SessionSetupAndX commands processed during join operations,  
the Windows server ends up rejecting the command, closing the  
socket.  That is the root cause of this bug.

The correct behavior is to fragment the security blob over multiple  
SessionSetupAndX commands until the Security Blob has been sent.  The  
server will gather each 4k segment until it knows the message is  
complete.  The SPNEGO message is ASN1 encoded, so the server can  
determine the length by the first 4-8 bytes of the first message, and  
continue round tripping until the entire security blob is gathered.

Note:  This fix only addresses client behavior (where Samba is acting  
as a client in a CIFS transaction).  Metze from is tackling  
the reverse scenario, where a large-group'd client is attempting to  
authenticate to a Samba server.



(btw - we're hiring Windows interop developers ;)...

Todd Stecher | Windows Interop Dev
Isilon Systems    P +1-206-315-7500     F  +1-206-315-7501    D +1-206-315-7638    M +1-425-205-1180

More information about the samba-technical mailing list