Bug 11670 - winbind doesn't handle expired sessions correctly
Summary: winbind doesn't handle expired sessions correctly
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-01-12 22:24 UTC by Jeremy Allison
Modified: 2016-01-18 08:27 UTC (History)
2 users (show)

See Also:

git-am fix for 4.3.next. (33.19 KB, patch)
2016-01-13 22:28 UTC, Jeremy Allison
cs: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2016-01-12 22:24:21 UTC
Date: Thu, 7 Jan 2016 16:11:37 -0700
From: Christof Schmitt <cs@samba.org>
To: samba-technical@lists.samba.org
Subject: [PATCHES] Handle expired sessions in winbindd
User-Agent: Mutt/1.5.20 (2009-12-10)

[-- Attachment #1 [details] --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.9K --]

A SMB session from winbind to the DC can expire any time, when trying to
connect to a pipe or when issuing a RPC call. Depending on which
codepath receives the corresponding error code (SESSION_EXPIRED or
IO_DEVICE_ERROR for RPC calls), the error is surfaced to the winbindd
client, and can e.g. fail a SESSION_SETUP in smbd. This happened
recently in a member server that is seeing many short-lived SMB
connections and occassionally some of the getpwnam calls to winbindd
fail due to the expired sessions.

The attached patches catch the error and retry the same request on a new
connection. The first patch is a hack to use the admember selftest
environment for some testing. I was not sure of the best approach of
getting some test coverage here. Maybe change the config of admember to
use short-lived tickets, or create a new admember2 environment that uses
a short ticket lifetime.

Comment 1 Jeremy Allison 2016-01-12 22:25:08 UTC
Patchset has been pushed to master. Will back-port to 4.3.x when complete.
Comment 2 Jeremy Allison 2016-01-13 22:28:01 UTC
Created attachment 11772 [details]
git-am fix for 4.3.next.

Cherry-picked from master for 4.3.next.
Comment 3 Jeremy Allison 2016-01-13 22:54:14 UTC
Reassigning to Karolin for inclusion in 4.3.next.
Comment 4 Karolin Seeger 2016-01-14 09:27:18 UTC
Pushed to v4-3-test.
Comment 5 Karolin Seeger 2016-01-18 08:27:41 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to v4-3-test.
Closing out bug report.