]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
ksmbd: mark invalid session responses as signed
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 2 Jul 2026 10:37:53 +0000 (19:37 +0900)
committerSteve French <stfrench@microsoft.com>
Mon, 6 Jul 2026 12:55:41 +0000 (07:55 -0500)
When a signed request uses a session that is not registered on the
connection, ksmbd returns STATUS_USER_SESSION_DELETED before reaching the
normal response signing path. The response therefore lacks
SMB2_FLAGS_SIGNED.

Clients that require signing check this flag before handling
STATUS_USER_SESSION_DELETED and replace the server status with
STATUS_ACCESS_DENIED when it is absent. The protocol permits this error
response to skip signature verification because the connection has no
matching session key.

Preserve SMB2_FLAGS_SIGNED on the early error response when the request was
signed. This lets the client propagate STATUS_USER_SESSION_DELETED.
It fixes smb2.session.bind2.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/server.c

index 36a5ea4828ad699328e5a4737c483ce0e96a9a49..bc861ca4f0ccdf4fc7b142ba8029d0232c5eb159 100644 (file)
@@ -199,6 +199,12 @@ static void __handle_ksmbd_work(struct ksmbd_work *work,
                                else
                                        conn->ops->set_rsp_status(work,
                                                STATUS_USER_SESSION_DELETED);
+                               if (conn->ops->is_sign_req(work, conn->ops->get_cmd_val(work))) {
+                                       struct smb2_hdr *rsp_hdr;
+
+                                       rsp_hdr = ksmbd_resp_buf_curr(work);
+                                       rsp_hdr->Flags |= SMB2_FLAGS_SIGNED;
+                               }
                                goto send;
                        } else if (rc > 0) {
                                rc = conn->ops->get_ksmbd_tcon(work);