11774 SMB2 does not support reauthentication
Review Request #2366 — Created Oct. 3, 2019 and updated
| Information | |
|---|---|
| andy_js | |
| illumos-gate | |
| 11774 | |
| Reviewers | |
| general | |
SMB2 clients should be allowed to send SESSION SETUP again to reauthenticate, but when a client tries to reauthenticate now it fails with STATUS_USER_SESSION_DELETED.
Prior to this change the BVT_SessionMgmt_Reauthentication test included in the Windows Protocol Test Suites was failing. With the change applied it now passes.
- 1
- 0
- 0
- 0
- 1
| Description | From | Last Updated |
|---|---|---|
| Actually, I'm not sure this is sufficient to bring the state of the user object back to "logging on". Have ... |
gwr
|
-
Otherwise looks good.
-
usr/src/uts/common/fs/smbsrv/smb_authenticate.c (Diff revision 1) A comment here about this being the re-authentication case would be helpful, including how we know that's the case (ssnid != 0 and finding a session in state LOGGED_ON)
-
Here too, please don't rush to integration on this change.
I'll explain why with some design notes in the issue.
-
-
usr/src/uts/common/fs/smbsrv/smb_authenticate.c (Diff revision 2) Actually, I'm not sure this is sufficient to bring the state of the user object back to "logging on".
Have you checked whethere the subsequent smb_user_logon call leaks stuff? It might, becuase smb_user_logon is not expecting the user details (names, cred etc) to be there with the current set of state transitions. Also, see my notes in the issue:
https://www.illumos.org/issues/11774