Apple has a bug in credit handling with their smbfs, it seems :-)

Jeremy Allison jra at samba.org
Wed Jan 23 21:03:18 UTC 2019


On Wed, Jan 23, 2019 at 09:36:48PM +0100, Stefan Metzmacher wrote:
> Am 23.01.19 um 21:34 schrieb Jeremy Allison:
> > On Wed, Jan 23, 2019 at 09:16:31PM +0100, Stefan Metzmacher wrote:
> >> Am 23.01.19 um 20:44 schrieb Jeremy Allison via samba-technical:
> >>> On Mon, Jan 21, 2019 at 07:22:48PM -0800, Richard Sharpe via samba-technical wrote:
> >>>> Hi folks,
> >>>>
> >>>> Apple has a bug in their handling of credits when Samba returns
> >>>> STATUS_PENDING for a SESSION SETUP request.
> >>>>
> >>>> Such responses only seem to occur when the Samba server is under heavy load.
> >>>>
> >>>> Samba issues one credit in such cases, and, as per the spec issues
> >>>> zero credits in the final successful response to the SESSION SETUP.
> >>>>
> >>>> The Mac then issues a TREE CREATE, consuming one credit and getting one credit.
> >>>>
> >>>> The Mac then issues a compound CREATE and CLOSE. This is a protocol
> >>>> violation and Samba drops the connection.
> >>>>
> >>>> I have communicated this issue to Apple, but I also created the
> >>>> attached patch to mitigate the issue while Apple thinks about fixing
> >>>> their code.
> >>>>
> >>>> Is it worth doing this? Is it going to work?
> >>>
> >>> So this is sending credits on the SESSION SETUP
> >>> interim reply, and then also on the final SESSION SETUP
> >>> reply, yeah ?
> >>>
> >>> Have you tested this against the Apple client ?
> >>>
> >>> It's really ugly and a protocol violation :-).
> >>>
> >>> How often does this problem occur ? If it did
> >>> go in it'd have to be configured off by default
> >>> but I'm not convinced yet :-).
> >>
> >> I'd propose to skip the STATUS_PENDING using
> >> smb2_request_set_async_internal() and leave the credit handling as is.
> > 
> > Trouble with that is the client may then timeout.
> 
> I think that's what windows also does that, but we should retest that
> with a Samba dc and sleep(60) in SamLogon*.

If that's the Windows behavior that makes sense
that the Mac would be expecting that rather
than the intermediate response with credits.

I bet Apple only tested sessionsetup timeout
against the Windows server, and so our response
makes them go down an untested codepath (credits
granted on intermediate sessionsetup reply) and
that's what triggered the Mac client bug.

Just my guess :-).



More information about the samba-technical mailing list