Bug 7608 - Win7 SMB2 authentication causes smbd panic
Summary: Win7 SMB2 authentication causes smbd panic
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: SMB2 (show other bugs)
Version: 3.6.0pre1
Hardware: x64 Linux
: P3 normal
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
Depends on:
Reported: 2010-08-06 10:45 UTC by Zhang Nan
Modified: 2020-11-16 10:46 UTC (History)
0 users

See Also:

smbd log (2.51 KB, text/plain)
2010-08-06 10:47 UTC, Zhang Nan
no flags Details
smbd core dump (zipped) (163.64 KB, application/octet-stream)
2010-08-06 10:50 UTC, Zhang Nan
no flags Details
wireshark pcap file (4.25 KB, application/octet-stream)
2010-08-06 10:51 UTC, Zhang Nan
no flags Details
Fix that went into master and v3-6-test. (792 bytes, patch)
2010-08-09 18:18 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Zhang Nan 2010-08-06 10:45:43 UTC
I set up a Samba server on RHEL 5.4 using 3.6.0pre1 with "max protocol = SMB2". The authentication process always fail when I try to use a Win7 client (7100RC) to access a share.

Log shows smbd panic occurred and core dump points to line 643 in source3/smbd/smb2_sesssetup.c:

    643:	if (session->server_info->guest) {

It can be verified that session->server_info is a NULL pointer.

It seems that setup_ntlmssp_server_info() in smbd_smb2_spnego_auth() was not executed:

    788:	if (!NT_STATUS_IS_OK(status) &&
    790:		status = setup_ntlmssp_server_info(session, status);
    791:	}

When I comment out line 788, 789 and 791, Win7 can access the share.

Please take a look. Log, core dump and pcap will be attatched.

Comment 1 Zhang Nan 2010-08-06 10:47:07 UTC
Created attachment 5886 [details]
smbd log
Comment 2 Zhang Nan 2010-08-06 10:50:38 UTC
Created attachment 5887 [details]
smbd core dump (zipped)
Comment 3 Zhang Nan 2010-08-06 10:51:37 UTC
Created attachment 5888 [details]
wireshark pcap file
Comment 4 Jeremy Allison 2010-08-09 18:18:42 UTC
Created attachment 5896 [details]
Fix that went into master and v3-6-test.
Comment 5 Guenther Deschner 2010-08-10 06:23:15 UTC
Jeremy, is this an issue in 3.5 as well ?
Comment 6 Jeremy Allison 2010-08-10 11:08:42 UTC
No, this code went into the tree post 3.5.x.
Comment 7 Guenther Deschner 2010-08-10 13:13:58 UTC
Thanks Jeremy.