Bug 9625 - reauth-capable client fails to access shares on windows member in trusted domain
Summary: reauth-capable client fails to access shares on windows member in trusted domain
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.0.1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-01 15:58 UTC by Michael Adam
Modified: 2013-02-07 08:50 UTC (History)
3 users (show)

See Also:


Attachments
patch for v3-6-test (1.50 KB, patch)
2013-02-01 16:29 UTC, Michael Adam
obnox: review+
metze: review+
Details
patch for v4-0-test (1.69 KB, patch)
2013-02-04 21:15 UTC, Michael Adam
obnox: review+
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Adam 2013-02-01 15:58:00 UTC
Setup:

- Two samba3-style domains DOM1 and DOM2 with mutual trust.
- user2 in DOM2
- Windows member server FS1 in DOM1. with a share "SHARE1"
- reauth capable member workstation WKS2 in DOM2.

Problem:
  Trying to access //FS1/SHARE1 with DOM2\user2 from WKS2
  fails with error STATUS_SESSION_EXPIRED (NT code 0xc000035c).

Analysis:
  The reason is that the time stamp acct_expiry timestamp
  is not converted correctly in the wbcAuthUserInfo_to_netr_SamInfo3() function.

  It is left as unix time stamp instead of nttime.
  Hence, the timestamp, when interpreted as nttime, is very
  far in the past and the session is treated as expired.

Note:
  - smbclient does not set the CAP_DYNAMIC_REAUTH flag in session setup,
    hence the server does not send session expired.
  - samba does not correctly inspect the expiry fileds
    and hence does not expire the session for a reauth-capable client
    (which is a different bug to be filed).
Comment 1 Michael Adam 2013-02-01 16:17:45 UTC
Patch for master is in autobuild.
Comment 2 Michael Adam 2013-02-01 16:29:35 UTC
Created attachment 8524 [details]
patch for v3-6-test

Patch for v3-6-test.
Comment 3 Michael Adam 2013-02-01 16:36:56 UTC
Patch for v4-0-test will follow as cherry-pick after master autobuild has succeeded.
Comment 4 Michael Adam 2013-02-04 21:15:26 UTC
Created attachment 8531 [details]
patch for v4-0-test

cherry-picked from master
Comment 5 Michael Adam 2013-02-04 21:17:17 UTC
assigning to metze for review
Comment 6 Stefan Metzmacher 2013-02-05 07:01:54 UTC
Comment on attachment 8531 [details]
patch for v4-0-test

Looks good
Comment 7 Stefan Metzmacher 2013-02-05 07:02:16 UTC
Comment on attachment 8524 [details]
patch for v3-6-test

Looks good
Comment 8 Karolin Seeger 2013-02-06 10:20:04 UTC
Pushed to v3-6-test and autobuild-v4-0-test.
Comment 9 Karolin Seeger 2013-02-07 08:50:53 UTC
Pushed to v4-0-test.
Closing out bug report.

Thanks!