8279 – Signing when sending an interim asynchronous response fails

Bug 8279 - Signing when sending an interim asynchronous response fails

Summary: Signing when sending an interim asynchronous response fails

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	SMB2 (show other bugs)
Version:	3.6.0rc2
Hardware:	All Windows 7

Importance:	P5 critical
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:	8219
Blocks:
	Show dependency tree / graph

Reported:	2011-06-29 16:57 UTC by Eric Solheim
Modified:	2011-07-06 16:29 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Logs with and without Valgrind (49.42 KB, application/x-gzip-compressed) 2011-06-29 16:58 UTC, Eric Solheim	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eric Solheim 2011-06-29 16:57:31 UTC

Windows 7 client continuously reloads directory when signing is enabled under:

Local Security Policy Microsoft Network client: Digitally sign communications (always)

New bug from https://bugzilla.samba.org/show_bug.cgi?id=8219
The following patch from other bug may be required to debug this issue: https://bugzilla.samba.org/attachment.cgi?id=6643



Relevant comments from https://bugzilla.samba.org/show_bug.cgi?id=8219:
#######################################
Eric Solheim 2011-06-29 14:27:02 UTC 
Created attachment 6647 [details]
New logs after patch is applied

The proposed patch by Jeremy fixed the panic but samba still refreshes and is
not usable.

Attached is the log with and without Valgrind.
(Without Valgrind it gives up after many fast refreshes. 
With Valgrind it runs much slower so I don't know if it eventually gives up or
not)

Let me know if you want me to submit this as a new bug since technically the
panic is fixed.

Also the problem disappeared when I disabled the following Local Security
Policy Microsoft Network client: Digitially sign communications (always)

So it can be tested by enabling this parameter.

As a side my environment also enables the following registry setting:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services\LanmanWorkstation\Parameters\RequreSecuritySignature

See
http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2.aspx

Although it now appears to have an easy workaround, 
please look into this bug for 3.6.0 as I cannot dictate the Security Policy for
the company.[reply] [-] Comment 19 Jeremy Allison 2011-06-29 16:40:48 UTC 
The key is this snippet from the log, which keeps repeating:

[2011/06/29 09:36:55.930569, 10]
smbd/smb2_server.c:472(smb2_set_operation_credit)
  smb2_set_operation_credit: requested 1, granted 1, total granted 30
[2011/06/29 09:36:55.930632,  5] smbd/smb2_signing.c:73(smb2_signing_sign_pdu)
  signed SMB2 message
  smb2_send_async_interim_response: nreq->current_idx = 4
  smb2_send_async_interim_response: returning 4 vectors
      req->out.vector[0].iov_len = 4
      req->out.vector[1].iov_len = 64
      req->out.vector[2].iov_len = 88
      req->out.vector[3].iov_len = 88
[2011/06/29 09:36:55.930794, 10]
smbd/smb2_server.c:472(smb2_set_operation_credit)
  smb2_set_operation_credit: requested 1, granted 1, total granted 31
[2011/06/29 09:36:55.930842, 10]
smbd/smb2_server.c:582(smbd_server_connection_terminate_ex)
  smbd_server_connection_terminate_ex: reason[NT_STATUS_INVALID_PARAMETER] at
smbd/smb2_server.c:1542

I'm guessing this is coming from this code in smbd/smb2_signing.c:

27 NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key,
 28                                struct iovec *vector,
 29                                int count)
 30 {
 31         uint8_t *hdr;
 32         uint64_t session_id;
 33         struct HMACSHA256Context m;
 34         uint8_t res[SHA256_DIGEST_LENGTH];
 35         int i;
 36 
 37         if (count < 2) {
 38                 return NT_STATUS_INVALID_PARAMETER;
 39         }
 40 
 41         if (vector[0].iov_len != SMB2_HDR_BODY) {
 42                 return NT_STATUS_INVALID_PARAMETER;
 43         }

As we always call smb2_signing_sign_pdu() with a count parameter of 3, I'm
guessing it's the vector[0].iov_len != SMB2_HDR_BODY check that is triggering
here.

I'm happy with you opening this as a new bug, as it's different from the crash
bug, but it certainly seems that signing when sending an interim asynchronous
response is failing here.

Jeremy.
#############################

Comment 1 Eric Solheim 2011-06-29 16:58:42 UTC

Created attachment 6649 [details]
Logs with and without Valgrind

Logs with and without Valgrind

Comment 2 Jeremy Allison 2011-06-29 17:02:54 UTC

I have already attached the bugfix for this to bug #8219 as this attachment:

https://attachments.samba.org/attachment.cgi?id=6650

Can you please test this and if it fixes the problem we'll close both bugs together.

In the meantime I'm going to add bug #8219 as a dependency for this bug.

Jeremy.

Comment 3 Eric Solheim 2011-06-29 19:11:12 UTC

As noted in 8219 the fix worked on my end.

(In reply to comment #2)
> I have already attached the bugfix for this to bug #8219 as this attachment:
> https://attachments.samba.org/attachment.cgi?id=6650
> Can you please test this and if it fixes the problem we'll close both bugs
> together.
> In the meantime I'm going to add bug #8219 as a dependency for this bug.
> Jeremy.