Windows 7 client continuously reloads directory when signing is enabled under: Local Security Policy Microsoft Network client: Digitally sign communications (always) New bug from https://bugzilla.samba.org/show_bug.cgi?id=8219 The following patch from other bug may be required to debug this issue: https://bugzilla.samba.org/attachment.cgi?id=6643 Relevant comments from https://bugzilla.samba.org/show_bug.cgi?id=8219: ####################################### Eric Solheim 2011-06-29 14:27:02 UTC Created attachment 6647 [details] New logs after patch is applied The proposed patch by Jeremy fixed the panic but samba still refreshes and is not usable. Attached is the log with and without Valgrind. (Without Valgrind it gives up after many fast refreshes. With Valgrind it runs much slower so I don't know if it eventually gives up or not) Let me know if you want me to submit this as a new bug since technically the panic is fixed. Also the problem disappeared when I disabled the following Local Security Policy Microsoft Network client: Digitially sign communications (always) So it can be tested by enabling this parameter. As a side my environment also enables the following registry setting: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services\LanmanWorkstation\Parameters\RequreSecuritySignature See http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2.aspx Although it now appears to have an easy workaround, please look into this bug for 3.6.0 as I cannot dictate the Security Policy for the company.[reply] [-] Comment 19 Jeremy Allison 2011-06-29 16:40:48 UTC The key is this snippet from the log, which keeps repeating: [2011/06/29 09:36:55.930569, 10] smbd/smb2_server.c:472(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, granted 1, total granted 30 [2011/06/29 09:36:55.930632, 5] smbd/smb2_signing.c:73(smb2_signing_sign_pdu) signed SMB2 message smb2_send_async_interim_response: nreq->current_idx = 4 smb2_send_async_interim_response: returning 4 vectors req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 64 req->out.vector[2].iov_len = 88 req->out.vector[3].iov_len = 88 [2011/06/29 09:36:55.930794, 10] smbd/smb2_server.c:472(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, granted 1, total granted 31 [2011/06/29 09:36:55.930842, 10] smbd/smb2_server.c:582(smbd_server_connection_terminate_ex) smbd_server_connection_terminate_ex: reason[NT_STATUS_INVALID_PARAMETER] at smbd/smb2_server.c:1542 I'm guessing this is coming from this code in smbd/smb2_signing.c: 27 NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key, 28 struct iovec *vector, 29 int count) 30 { 31 uint8_t *hdr; 32 uint64_t session_id; 33 struct HMACSHA256Context m; 34 uint8_t res[SHA256_DIGEST_LENGTH]; 35 int i; 36 37 if (count < 2) { 38 return NT_STATUS_INVALID_PARAMETER; 39 } 40 41 if (vector[0].iov_len != SMB2_HDR_BODY) { 42 return NT_STATUS_INVALID_PARAMETER; 43 } As we always call smb2_signing_sign_pdu() with a count parameter of 3, I'm guessing it's the vector[0].iov_len != SMB2_HDR_BODY check that is triggering here. I'm happy with you opening this as a new bug, as it's different from the crash bug, but it certainly seems that signing when sending an interim asynchronous response is failing here. Jeremy. #############################
Created attachment 6649 [details] Logs with and without Valgrind Logs with and without Valgrind
I have already attached the bugfix for this to bug #8219 as this attachment: https://attachments.samba.org/attachment.cgi?id=6650 Can you please test this and if it fixes the problem we'll close both bugs together. In the meantime I'm going to add bug #8219 as a dependency for this bug. Jeremy.
As noted in 8219 the fix worked on my end. (In reply to comment #2) > I have already attached the bugfix for this to bug #8219 as this attachment: > https://attachments.samba.org/attachment.cgi?id=6650 > Can you please test this and if it fixes the problem we'll close both bugs > together. > In the meantime I'm going to add bug #8219 as a dependency for this bug. > Jeremy.