Bug 11122 - Samba 4.2 doesn't handle durable handle reconnect with different user properly
Summary: Samba 4.2 doesn't handle durable handle reconnect with different user properly
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.2.0rc4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-26 02:16 UTC by Steve French
Modified: 2016-11-15 19:02 UTC (History)
2 users (show)

See Also:

Attachments
wireshark trace to Samba 4.2 of durable handle reconnect (41.51 KB, application/x-pcapng)
2015-02-26 02:18 UTC, Steve French 		no flags Details
wireshark trace of Windows 2012R2 handling this correctly and returning access denied (44.33 KB, application/octet-stream)
2015-02-26 04:10 UTC, Steve French 		no flags Details
fix to return access denied when wrong user reconnects to durable handle (502 bytes, patch)
2015-02-26 08:26 UTC, Steve French 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Steve French 2015-02-26 02:16:28 UTC 
We don't return access denied when wrong user tries to reconnect to durable handle.

2015-02-25 20:08:52.584 [TestInProgress] Microsoft.Protocols.TestSuites.FileSharing.SMB2.TestSuite.DurableHandleV2.DurableHandleV2_Reconnect_WithDifferentDurableOwner
2015-02-25 20:08:52.600 [Comment] Test reconnect with DurableHandleV2 and different durable owner.
2015-02-25 20:08:52.669 [Comment] Client connects to server and opens file with a durable handle
2015-02-25 20:09:00.349 [Comment] Client opens the same file and reconnects the durable handle
 CREATE should not be successful if the DurableOwner is different, actually server returns STATUS_OBJECT_NAME_NOT_FOUND.
2015-02-25 20:09:04.969 [CheckFailed] Assert.AreEqual failed on requirement MS-SMB2_R4. Expected: <3221225506>, Actual: <3221225524>. Server should return error STATUS_ACCESS_DENIED
2015-02-25 20:09:04.976 [Comment]    at Microsoft.Protocols.TestTools.DefaultTestSite.CaptureRequirementIfAreEqual[T](T expected, T actual, Int32 requirementId, String description, RequirementType requirementType)

2015-02-25 20:09:05.255 [TestFailed] Microsoft.Protocols.TestSuites.FileSharing.SMB2.TestSuite.DurableHandleV2.DurableHandleV2_Reconnect_WithDifferentDurableOwner
Comment 1 Steve French 2015-02-26 02:18:43 UTC 
Created attachment 10795 [details]
wireshark trace to Samba 4.2 of durable handle reconnect

Note frame 47 should have returned access denied
Comment 2 Steve French 2015-02-26 04:10:12 UTC 
Created attachment 10796 [details]
wireshark trace of Windows 2012R2 handling this correctly and returning access denied
Comment 3 Steve French 2015-02-26 08:26:50 UTC 
Created attachment 10797 [details]
fix to return access denied when wrong user reconnects to durable handle

tested with Microsoft automated tests and fixes the problem with the durable reconnect tests
Comment 4 Steve French 2015-02-26 08:32:42 UTC 
See MMS-SMB2 section 3.3.5.9.7

10.If the user represented by Session.SecurityContext is not the same user denoted by Open.DurableOwner, the server MUST fail the request with STATUS_ACCESS_DENIED and proceed as specified in "Failed Open Handling"
Comment 5 Steve French 2016-11-15 19:02:22 UTC 
Looks like this hasn't been merged/fixed, need to rerun test to make sure.