From 8f39db825940c75cd3e4c84cbdaf6442c0fb01ec Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 Oct 2012 14:18:20 +0200 Subject: [PATCH 1/3] libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175) This should be a short term hack until the upper layers have implemented re-authentication. Signed-off-by: Stefan Metzmacher --- libcli/smb/smbXcli_base.c | 34 ++++++++++++++++++++++++++++++++++ libcli/smb/smbXcli_base.h | 1 + 2 files changed, 35 insertions(+) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 02d02276..c547515 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -157,6 +157,13 @@ struct smbXcli_session { struct { DATA_BLOB signing_key; } smb2_channel; + + /* + * this should be a short term hack + * until the upper layers have implemented + * re-authentication. + */ + bool disconnect_expired; }; struct smbXcli_tcon { @@ -1970,6 +1977,17 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn, cmd = CVAL(inhdr, HDR_COM); status = smb1cli_pull_raw_error(inhdr); + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) && + (state->session != NULL) && state->session->disconnect_expired) + { + /* + * this should be a short term hack + * until the upper layers have implemented + * re-authentication. + */ + return status; + } + if (state->smb1.chained_requests == NULL) { if (num_iov != 3) { return NT_STATUS_INVALID_NETWORK_RESPONSE; @@ -3442,6 +3460,17 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn, } } + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) && + (session != NULL) && session->disconnect_expired) + { + /* + * this should be a short term hack + * until the upper layers have implemented + * re-authentication. + */ + return status; + } + smbXcli_req_unset_pending(req); /* @@ -4483,6 +4512,11 @@ NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, return NT_STATUS_OK; } +void smbXcli_session_set_disconnect_expired(struct smbXcli_session *session) +{ + session->disconnect_expired = true; +} + uint16_t smb1cli_session_current_id(struct smbXcli_session *session) { return session->smb1.session_id; diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index 03cb280..b720bc6 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -263,6 +263,7 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx, NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key); +void smbXcli_session_set_disconnect_expired(struct smbXcli_session *session); uint16_t smb1cli_session_current_id(struct smbXcli_session* session); void smb1cli_session_set_id(struct smbXcli_session* session, uint16_t session_id); -- 1.7.9.5 From d27f30f6687c52ae87636f7b4c91dd9c7cc8fd08 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 Oct 2012 14:31:20 +0200 Subject: [PATCH 2/3] s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175) Signed-off-by: Stefan Metzmacher --- source3/winbindd/winbindd_cm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 0639be1..c403b32 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -979,6 +979,17 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, session_setup_done: + /* + * This should be a short term hack until + * dynamic re-authentication is implemented. + * + * See Bug 9175 - winbindd doesn't recover from + * NT_STATUS_NETWORK_SESSION_EXPIRED + */ + if (smbXcli_conn_protocol((*cli)->conn) >= PROTOCOL_SMB2_02) { + smbXcli_session_set_disconnect_expired((*cli)->smb2.session); + } + /* cache the server name for later connections */ saf_store(domain->name, controller); -- 1.7.9.5 From 899a8c2391e5d4270c758bdcc4880899b8aeae74 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 Oct 2012 14:35:41 +0200 Subject: [PATCH 3/3] s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175) We should use the latest supported dialect. Signed-off-by: Stefan Metzmacher --- source3/winbindd/winbindd_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index c403b32..79b5839 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -832,7 +832,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, cli_set_timeout(*cli, 10000); /* 10 seconds */ result = smbXcli_negprot((*cli)->conn, (*cli)->timeout, PROTOCOL_CORE, - PROTOCOL_SMB2_02); + PROTOCOL_LATEST); if (!NT_STATUS_IS_OK(result)) { DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result))); -- 1.7.9.5