Disable SMB2 for 3.6?

Stefan (metze) Metzmacher metze at samba.org
Thu Jul 7 08:56:13 MDT 2011


Am 07.07.2011 16:54, schrieb Volker Lendecke:
> 
> On Thu, Jul 07, 2011 at 04:48:52PM +0200, Stefan (metze) Metzmacher wrote:
>>> In response to a user bug report I've discovered a deep
>>> architectural flaw in our SMB2 server: The credential
>>> handling is not cleanly done in a central place but spread
>>> out over way too many places. The symptom is that a
>>> secondary tcon happens to be called as the user who has
>>> issued the last SMB2 request, not as root as it has been
>>> done in SMB1. This breaks quite some assumptions deep inside
>>> our code. Finding such an architectural flaw at this late
>>> stage in the release process scares me to death. So I would
>>> strongly recommend that we disable compiling SMB2 in by
>>> default and only enable it as highly experimental for 3.6.0.
>>
>> This patch should fix the problem:
>> http://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=f2806cca536de82739
> 
> It might fix it, but the fact that this went undetected for
> so long makes this non-shippable IMO.

That's up to you and Jeremy...
For me the default of "max protocol = NT1" is enough.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110707/eff98d77/attachment.pgp>


More information about the samba-technical mailing list