Bug 7558 - SMB2-COMPOUND-INVALID1 fails with signing=required
Summary: SMB2-COMPOUND-INVALID1 fails with signing=required
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: smbtorture (show other bugs)
Version: unspecified
Hardware: x64 Linux
: P3 minor (vote)
Target Milestone: ---
Assignee: Steven Danneman
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-06 12:51 UTC by Derrick Pallas
Modified: 2012-06-04 11:11 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Derrick Pallas 2010-07-06 12:51:01 UTC
In source4/torture/smb2/compound.cc, test_compound_invalid1(...) it says

    /* TODO: check why this fails with --signing=required */
    CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);

Because the first message in the chain is marked as related, the SessionID in the message is ignored but there is no way to infer it. With signing=enabled, there is no way to verify the signature because there is no SessionID. Since signature verification happens before other kinds of validation, the server responds with status=NT_STATUS_ACCESS_DENIED instead of the expected NT_STATUS_INVALID_PARAMETER.

Therefore, SMB2-COMPOUND-INVALID1 should either be skipped when signing=enabled or should expect status=NT_STATUS_ACCESS_DENIED.
Comment 1 Matthias Dieter Wallnöfer 2010-09-11 12:33:19 UTC
Steve, another SMB2 torture bug for you.
Comment 2 Stefan Metzmacher 2011-07-15 15:33:44 UTC
I think we need to try to support related session_id inheritance also on the client side.
Comment 3 Matthias Dieter Wallnöfer 2012-03-27 14:41:17 UTC
Metze, is there some update in this case?
Comment 4 Stefan Metzmacher 2012-03-27 14:45:24 UTC
I think it's fixed now, after the rewrite to use the new smbXcli_* code.