git.michaelhowe.org Git - packages/o/openafs.git/commit

Windows: Workaround Win7 SMB Reconnect Bug

The SMB specification permits the server to save a round trip
in the GSS negotiation by sending an initial security blob.
Unfortunately, doing so trips a bug in Windows 7 and Server 2008 R2
whereby the SMB 1.x redirector drops the blob on the floor after
the first connection to the server and simply attempts to reuse
the previous authentication context.  This bug can be avoided by
the server sending no security blob in the SMB_COM_NEGOTIATE
response.  This forces the client to send an initial GSS init_sec_context
blob under all circumstances which works around the bug in Microsoft's
code.

Do not call smb_NegotiateExtendedSecurity(&secBlob, &secBlobLength);

As a result of the SMB 1.x bug, all attempts to reconnect fail due to
SMB connection resets.  The SMB 1.x redirector will retry indefinitely
but all processes with outstanding requests to \\AFS will block until
the machine is rebooted.

Reviewed-on: http://gerrit.openafs.org/6846
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
(cherry picked from commit 28a33f8492098c23f7c3c58763ace93b82ea80a7)

Change-Id: I424b8a8f76c3ee5a70e0886a169c4a7175ff5e47
Reviewed-on: http://gerrit.openafs.org/6849
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>

author	Jeffrey Altman <jaltman@your-file-system.com>
	Wed, 29 Feb 2012 18:07:47 +0000 (13:07 -0500)
committer	Jeffrey Altman <jaltman@secure-endpoints.com>
	Thu, 1 Mar 2012 14:19:25 +0000 (06:19 -0800)
commit	2c4618adc47fa1336a4636bd328c0dad0194c9d2
tree	9ad0ac84b97be98809db13ab2d7b41877202ea09	tree \| snapshot
parent	13546c8d03b9dfaa753523e320f7ef901bc24c8b	commit \| diff