Bug 15676 - Fix clock skew error message and memory cache clock skew recovery
Summary: Fix clock skew error message and memory cache clock skew recovery
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-04 15:04 UTC by Ralph Böhme
Modified: 2024-08-15 12:14 UTC (History)
2 users (show)

See Also:

Attachments
Patch for v4-20-test (2.31 KB, text/plain)
2024-07-09 11:08 UTC, Stefan Metzmacher 		jsutton: review+
Details
Patch for v4-19-test (2.31 KB, text/plain)
2024-07-09 12:16 UTC, Stefan Metzmacher 		jsutton: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2024-07-04 15:04:42 UTC 
When using smbclient with Heimdal Kerberos, clock skew on the client is not taken into account in the TGS-REQ causing a KRB5KRB_AP_ERR_SKEW KRB-ERR response. There are two problems:

* clock skew adjustment should be done for the TGS-REQ, but this is not implemented in the memory ccache in Heimdal (it is correctly implemented in the file ccache)

* the error is reported as "FAST fast response is missing FX-FAST" instead of the expected "Clock skew too great" error message
Comment 1 Samba QA Contact 2024-07-05 10:03:03 UTC 
This bug was referenced in samba master:

e4d6a19e49260af22bffd2a417119489719ba364
Comment 2 Stefan Metzmacher 2024-07-09 11:08:05 UTC 
Created attachment 18369 [details]
Patch for v4-20-test
Comment 3 Stefan Metzmacher 2024-07-09 12:16:59 UTC 
Created attachment 18370 [details]
Patch for v4-19-test
Comment 4 Jule Anger 2024-07-10 08:05:13 UTC 
Pushed to autobuild-v4-{20,19}-test.
Comment 5 Samba QA Contact 2024-07-10 09:15:03 UTC 
This bug was referenced in samba v4-20-test:

f4604a86fe1251b86b6f08a7fb3843a65092724d
Comment 6 Samba QA Contact 2024-07-10 13:30:04 UTC 
This bug was referenced in samba v4-19-test:

8d08c8141344afe91052a258c22fae1ec886d8db
Comment 7 Jule Anger 2024-07-17 08:36:34 UTC 
Closing out bug report.

Thanks!
Comment 8 Samba QA Contact 2024-08-02 12:14:16 UTC 
This bug was referenced in samba v4-20-stable (Release samba-4.20.3):

f4604a86fe1251b86b6f08a7fb3843a65092724d
Comment 9 Samba QA Contact 2024-08-15 12:14:53 UTC 
This bug was referenced in samba v4-19-stable (Release samba-4.19.8):

8d08c8141344afe91052a258c22fae1ec886d8db