reply_sesssetup_and_X_spnego in Samba 3.6.x allows a non-zero (V)UID for a new Session Setup

Richard Sharpe realrichardsharpe at
Wed Feb 20 11:49:22 MST 2013


Samba 3.6.x fails the following smbtorture test:

smbtorture 4.1.0pre1-DEVELOPERBUILD
Using seed 1361385618
time: 2013-02-20 10:40:19.087230
test: session1
time: 2013-02-20 10:40:19.090190
Remote OS: Unix, Lan Manager: Samba 3.6.12
create a second security context on the same transport
create a third security context on the same transport, with given vuid
vuid1=100 vuid2=101 vuid3=102
time: 2013-02-20 10:40:19.689054
failure: session1 [
../source4/torture/raw/context.c:123: status was NT_STATUS_OK,
expected ERRSRV:ERRbaduid: ../source4/torture/raw/context.c:123

This seems to happen because of the following code in reply_sesssetup_and_X:

        /* Do we have a valid vuid now ? */
        if (!is_partial_auth_vuid(sconn, vuid)) {
                /* No, start a new authentication setup. */
                vuid = register_initial_vuid(sconn);
                if (vuid == UID_FIELD_INVALID) {
                        reply_nterror(req, nt_status_squash(

If we don't have a valid VUID at that point and it is not 0, we should
reject the auth attempt with ERRSRV:ERRbaduid. At least that is what
W2K08 does.

Richard Sharpe

More information about the samba-technical mailing list