In smbd_smb2_reauth_generic_return we talloc_move() session_info to session->global->auth_session_info which sets session_info to NULL. This means security_session_user_level(NULL, NULL) will always return SECURITY_ANONYMOUS so we never sign the session setup response.
Ping ? Do we have a patch for this ? Looks like it was an issue for HPE in their server product.
Howdy! Yes, we have a patch, but for upstream we also need a test to ensure we don't regresss. I have this in my work queue...
Created attachment 14603 [details] WIP patch for master, needs test
Comment on attachment 14603 [details] WIP patch for master, needs test Patch LGTM, pretty obvious now I see it :-). A test would be nice, but is gravy in this case :-).
(In reply to Jeremy Allison from comment #4) Turns out we already have a test: smb2.session.expire1s. Wait... if we have test, why doesn't it fail? Ha! Looks like we have two more bugs here: 1. the client doesn't reset the signing state after it gets NT_STATUS_NETWORK_SESSION_EXPIRED, so it keeps using the signing key on reauth. That means the reauth session setup is signed (with an invalid, expired key), which brings us to 2. the server doesn't reset keys when the session expires, so when it receives the session setup request with an invalid signature, it validates the signature with the expired key, so validation passes. Then as the request was signed, we also sign the response, this time with the new key.
(In reply to Ralph Böhme from comment #5) oh, reauth keeps the keys, so that's not the problem. Looks like in the client just don't check the signature of a session setup reauth response, so the test doesn't catch the missing signature. Windows client is more picky here, so I guess we have to adjust libcli_smb_common so we can then check this in torture tests.
Created attachment 14623 [details] WIP patch for master with test I'm slowly getting there....
Oh man, I'm glad you're on this ! I missed the fact we already have a test that wasn't working :-).
Created attachment 14629 [details] WIP patch for master with test So close...
Created attachment 14659 [details] Patch for 4.8 and 4.9 cherry-picked from master
Karolin, please add the patches to the relevant branches. Thanks!
(In reply to Andreas Schneider from comment #11) Pushed to autobuild-v4-{9,8}-test.
(In reply to Karolin Seeger from comment #12) Pushed to both branches. Closing out bug report. Thanks!