Bug 13624 - STATUS_SESSION_EXPIRED error is returned unencrypted, if the request was encrypted
STATUS_SESSION_EXPIRED error is returned unencrypted, if the request was encr...
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.9.0
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
: 13921 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-18 14:46 UTC by Stefan Metzmacher
Modified: 2019-07-22 09:37 UTC (History)
6 users (show)

See Also:


Attachments
Possible patches for master (1.93 KB, patch)
2018-10-01 08:47 UTC, Stefan Metzmacher
no flags Details
Patches for v4-9-test (9.33 KB, patch)
2018-10-09 14:33 UTC, Stefan Metzmacher
jra: review+
Details
Patches for v4-8-test (9.12 KB, patch)
2018-10-09 14:34 UTC, Stefan Metzmacher
jra: review+
Details
Patches for v4-7-test (9.12 KB, patch)
2018-10-09 14:34 UTC, Stefan Metzmacher
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2018-09-18 14:46:18 UTC
If clients use SMB3 encryption and the kerberos authenticated session expires,
clients disconnect the connection instead of doing a reauthentication.
Comment 1 Amit Kumar 2018-10-01 07:47:01 UTC
Hey Stefan Metzmacher!

What configuration and smbclient command line oyu are using?

smb.conf
..
   min protocol = SMB3
   smb encrypt = yes

# smbclient -k //hostname/myshare -e -mSMB3 -d 10
smb: \> ls
dos_clean_name [\*]
unix_clean_name [\*]
encrypt SMB2 message
decrypt SMB2 message
encrypt SMB2 message
decrypt SMB2 message
  .                                   D        0  Mon Oct  1 12:07:18 2018
  ..                                 DR        0  Mon Oct  1 12:07:12 2018
  file1                               N        0  Mon Oct  1 12:07:18 2018
encrypt SMB2 message
decrypt SMB2 message
encrypt SMB2 message
decrypt SMB2 message
encrypt SMB2 message
decrypt SMB2 message
encrypt SMB2 message
decrypt SMB2 message
encrypt SMB2 message
decrypt SMB2 message

		13973504 blocks of size 1024. 11805284 blocks available
Total bytes listed: 0
smb: \> 

Still SMB2 messages exchanged
Comment 2 Stefan Metzmacher 2018-10-01 08:47:16 UTC
Created attachment 14505 [details]
Possible patches for master
Comment 3 Stefan Metzmacher 2018-10-01 10:01:07 UTC
(In reply to amitkuma from comment #1)

With the attached patches (against an unpatched server):
bin/smbtorture -Uadministrator%A1b2C3d4 --realm W4EDOM-L4.BASE -W W4EDOM-L4 -k yes //ub1404-163.w4edom-l4.base/torture smb2.session.expire2e
smbtorture 4.10.0pre1-DEVELOPERBUILD
Using seed 1538388008
time: 2018-10-01 10:00:08.490614
test: expire2e
time: 2018-10-01 10:00:08.492142
query info => OK
lock => OK
1st notify => PENDING
sleep 10 seconds
query info => EXPIRED
time: 2018-10-01 10:00:18.573290
failure: expire2e [
../source4/torture/smb2/session.c:1351: status was NT_STATUS_ACCESS_DENIED, expected NT_STATUS_NETWORK_SESSION_EXPIRED: smb2_getinfo_file returned unexpected status
]
Comment 4 Stefan Metzmacher 2018-10-09 14:33:52 UTC
Created attachment 14519 [details]
Patches for v4-9-test
Comment 5 Stefan Metzmacher 2018-10-09 14:34:24 UTC
Created attachment 14520 [details]
Patches for v4-8-test
Comment 6 Stefan Metzmacher 2018-10-09 14:34:55 UTC
Created attachment 14521 [details]
Patches for v4-7-test
Comment 7 Jeremy Allison 2018-10-09 18:04:48 UTC
Re-assigning to Karolin for inclusion in 4.9.next, 4.8.next, 4.7.next.
Comment 8 Karolin Seeger 2018-10-10 09:04:55 UTC
(In reply to Jeremy Allison from comment #7)
Pushed to autobuild-v4-{9,8,7}-test.
Comment 9 Karolin Seeger 2018-10-11 10:12:56 UTC
(In reply to Karolin Seeger from comment #8)
Pushed to all branches.
Closing out bug report.

Thanks!
Comment 10 Stefan Metzmacher 2019-07-22 09:31:58 UTC
*** Bug 13921 has been marked as a duplicate of this bug. ***