s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224

(cherry picked from commit 4df1bfd07012dd3d2d2921281e6d6e309303b88d)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Aug 20 13:02:43 UTC 2024 on atb-devel-224

diff --git a/selftest/knownfail.d/samba3.smb2.session.krb5.expire2 b/selftest/knownfail.d/samba3.smb2.session.krb5.expire2
deleted file mode 100644 (file)
index 718d578..0000000
--- a/selftest/knownfail.d/samba3.smb2.session.krb5.expire2
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.session.krb5.expire2

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 886e6abced81d76d62e6d36b846b93eb760af9f7..c431008cf5ecca955112cb2d36f3b0b4d819fd75 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3051,6 +3051,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
        bool signing_required = false;
        bool encryption_desired = false;
        bool encryption_required = false;
+       bool session_expired = false;
 
        inhdr = SMBD_SMB2_IN_HDR_PTR(req);
 
@@ -3099,6 +3100,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                signing_required = x->global->signing_flags & SMBXSRV_SIGNING_REQUIRED;
                encryption_desired = x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED;
                encryption_required = x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED;
+               session_expired =
+                       NT_STATUS_EQUAL(session_status,
+                                       NT_STATUS_NETWORK_SESSION_EXPIRED);
        }
 
        req->async_internal = false;
@@ -3171,7 +3175,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                 * This check is mostly for giving the correct error code
                 * for compounded requests.
                 */
-               if (!NT_STATUS_IS_OK(session_status)) {
+               if (!session_expired && !NT_STATUS_IS_OK(session_status)) {
                        return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
                }
        } else {
@@ -3257,6 +3261,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                }
 
                if (!NT_STATUS_IS_OK(session_status)) {
+                       if (session_expired && opcode == SMB2_OP_CREATE) {
+                               req->compound_create_err = session_status;
+                       }
                        return smbd_smb2_request_error(req, session_status);
                }
        }
@@ -3308,11 +3315,18 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 skipped_signing:
 
        if (flags & SMB2_HDR_FLAG_CHAINED) {
+               if (!NT_STATUS_IS_OK(req->compound_create_err)) {
+                       return smbd_smb2_request_error(req,
+                                       req->compound_create_err);
+               }
                req->compound_related = true;
        }
 
        if (call->need_session) {
                if (!NT_STATUS_IS_OK(session_status)) {
+                       if (session_expired && opcode == SMB2_OP_CREATE) {
+                               req->compound_create_err = session_status;
+                       }
                        return smbd_smb2_request_error(req, session_status);
                }
        }