9625 – reauth-capable client fails to access shares on windows member in trusted domain

Bug 9625 - reauth-capable client fails to access shares on windows member in trusted domain

Summary: reauth-capable client fails to access shares on windows member in trusted domain

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.0.1
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-01 15:58 UTC by Michael Adam
Modified:	2013-02-07 08:50 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
patch for v3-6-test (1.50 KB, patch) 2013-02-01 16:29 UTC, Michael Adam	obnox: review+ metze: review+	Details
patch for v4-0-test (1.69 KB, patch) 2013-02-04 21:15 UTC, Michael Adam	obnox: review+ metze: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Adam 2013-02-01 15:58:00 UTC

Setup:

- Two samba3-style domains DOM1 and DOM2 with mutual trust.
- user2 in DOM2
- Windows member server FS1 in DOM1. with a share "SHARE1"
- reauth capable member workstation WKS2 in DOM2.

Problem:
  Trying to access //FS1/SHARE1 with DOM2\user2 from WKS2
  fails with error STATUS_SESSION_EXPIRED (NT code 0xc000035c).

Analysis:
  The reason is that the time stamp acct_expiry timestamp
  is not converted correctly in the wbcAuthUserInfo_to_netr_SamInfo3() function.

  It is left as unix time stamp instead of nttime.
  Hence, the timestamp, when interpreted as nttime, is very
  far in the past and the session is treated as expired.

Note:
  - smbclient does not set the CAP_DYNAMIC_REAUTH flag in session setup,
    hence the server does not send session expired.
  - samba does not correctly inspect the expiry fileds
    and hence does not expire the session for a reauth-capable client
    (which is a different bug to be filed).

Comment 1 Michael Adam 2013-02-01 16:17:45 UTC

Patch for master is in autobuild.

Comment 2 Michael Adam 2013-02-01 16:29:35 UTC

Created attachment 8524 [details]
patch for v3-6-test

Patch for v3-6-test.

Comment 3 Michael Adam 2013-02-01 16:36:56 UTC

Patch for v4-0-test will follow as cherry-pick after master autobuild has succeeded.

Comment 4 Michael Adam 2013-02-04 21:15:26 UTC

Created attachment 8531 [details]
patch for v4-0-test

cherry-picked from master

Comment 5 Michael Adam 2013-02-04 21:17:17 UTC

assigning to metze for review

Comment 6 Stefan Metzmacher 2013-02-05 07:01:54 UTC

Comment on attachment 8531 [details]
patch for v4-0-test

Looks good

Comment 7 Stefan Metzmacher 2013-02-05 07:02:16 UTC

Comment on attachment 8524 [details]
patch for v3-6-test

Looks good

Comment 8 Karolin Seeger 2013-02-06 10:20:04 UTC

Pushed to v3-6-test and autobuild-v4-0-test.

Comment 9 Karolin Seeger 2013-02-07 08:50:53 UTC

Pushed to v4-0-test.
Closing out bug report.

Thanks!