[HELP?] Weird problem with SMB client code

Tim Beale timbeale at catalyst.net.nz
Tue Jan 8 20:55:27 UTC 2019 

Thanks for the feedback. I've updated the error message, and filed a
separate bug so the change can be backported. Updated patch attached.

On 8/01/19 8:16 PM, Volker Lendecke wrote:
> On Tue, Jan 08, 2019 at 01:30:31PM +1300, Tim Beale via samba-technical wrote:
>> diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
>> index 40480c8..df3b31c 100644
>> --- a/libcli/smb/smbXcli_base.c
>> +++ b/libcli/smb/smbXcli_base.c
>> @@ -3231,6 +3231,8 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
>>  
>>  		avail = MIN(avail, state->conn->smb2.cur_credits);
>>  		if (avail < charge) {
>> +			DBG_ERR("Insufficient credits. %lu available, %u needed\n",
>> +				avail, charge);
> Can you use '%"PRIu64"' and '%"PRIu16"' for the format specifiers?
> This avoids portability problems in the future.
>
> Thanks,
>
> Volker
>
-------------- next part --------------
From 22ae2e232c93d5ce1e67542caf8f67e1f393fc06 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon, 7 Jan 2019 12:06:15 +1300
Subject: [PATCH 1/2] libcli: Add error log if insufficient SMB2 credits

Although it's unusual to hit this case, I was seeing it happen while
working on the SMB python bindings. Even with debug level 10, there was
nothing coming out to help pin down the source of the
NT_STATUS_INTERNAL_ERROR.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 libcli/smb/smbXcli_base.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 40480c8..a237bf1 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3231,6 +3231,9 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
 
 		avail = MIN(avail, state->conn->smb2.cur_credits);
 		if (avail < charge) {
+			DBG_ERR("Insufficient credits. "
+				"%"PRIu64" available, %"PRIu16" needed\n",
+				avail, charge);
 			return NT_STATUS_INTERNAL_ERROR;
 		}
 
-- 
2.7.4


From b687ec0bb3e3b79d1606c0ebf54dcccac548a935 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon, 7 Jan 2019 15:28:12 +1300
Subject: [PATCH 2/2] s3:libsmb: cli_smb2_list() can sometimes fail initially
 on a connection

cli_smb2_list() appears to be a slightly unique SMB operation in that it
specifies the max transaction size for the response buffer size. The
Python bindings highlighted a problem where if cli_smb2_list() were one
of the first operations performed on the SMBv2 connection, it would fail
due to insufficient credits. Because the response buffer size is
(potentially) so much larger, it requires more credits (128) compared
with other SMB operations.

When talking to a samba DC, the connection credits seem to start off at
1, then increase by 32 for every SMB reply we receive back from the
server. After cli_full_connection(), the connection has 65 credits. The
cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but
this is still less than the 128 that smb2cli_query_directory() requires.

This problem doesn't happen for smbclient because the cli_cm_open() API
it uses ends up sending more messages, and so the connection has more
credits.

This patch changes cli_smb2_list(), so it requests a smaller response
buffer size if it doesn't have enough credits available for the max
transaction size. smb2cli_query_directory() is already in a loop, so it
can span multiple SMB messages if for some reason the transaction size
isn't big enough for the listings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 source3/libsmb/cli_smb2_fnum.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 6cba442..3a64438 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -919,7 +919,9 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
 	TALLOC_CTX *frame = talloc_stackframe();
 	TALLOC_CTX *subframe = NULL;
 	bool mask_has_wild;
-	uint32_t max_trans = smb2cli_conn_max_trans_size(cli->conn);
+	uint32_t max_trans;
+	uint32_t max_avail_len;
+	bool ok;
 
 	if (smbXcli_conn_has_async_calls(cli->conn)) {
 		/*
@@ -968,6 +970,16 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
 		goto fail;
 	}
 
+	/*
+	 * ideally, use the max transaction size, but don't send a request
+	 * bigger than we have credits available for
+	 */
+	max_trans = smb2cli_conn_max_trans_size(cli->conn);
+	ok = smb2cli_conn_req_possible(cli->conn, &max_avail_len);
+	if (ok) {
+		max_trans = MIN(max_trans, max_avail_len);
+	}
+
 	do {
 		uint8_t *dir_data = NULL;
 		uint32_t dir_data_length = 0;
-- 
2.7.4

More information about the samba-technical mailing list