]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
ksmbd: find bound sessions during reauthentication
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 2 Jul 2026 10:50:26 +0000 (19:50 +0900)
committerSteve French <stfrench@microsoft.com>
Mon, 6 Jul 2026 12:55:41 +0000 (07:55 -0500)
A session bound to an additional connection is stored in the session
channel list, but it is not added to that connection's local session table.
After the binding exchange completes, conn->binding is cleared.

A later SESSION_SETUP reauthentication on the bound channel only searches
the local session table. It fails to find the session and returns
STATUS_USER_SESSION_DELETED instead of processing authentication and
returning STATUS_LOGON_FAILURE for invalid credentials.

If the local lookup fails, look up the session globally and accept it only
when the current connection is registered in its channel list. This keeps
unbound connections from using the session while allowing reauthentication
on an established channel.

This fixes smb2.session.bind_invalid_auth.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/smb2pdu.c

index af4c3ad2673c7b875aa2fc2540fd7205237bb66f..a8665054151e2f5a2bbaea4cd7748d44a43d9c02 100644 (file)
@@ -2018,6 +2018,13 @@ int smb2_sess_setup(struct ksmbd_work *work)
        } else {
                sess = ksmbd_session_lookup(conn,
                                            le64_to_cpu(req->hdr.SessionId));
+               if (!sess) {
+                       sess = ksmbd_session_lookup_slowpath(le64_to_cpu(req->hdr.SessionId));
+                       if (sess && !lookup_chann_list(sess, conn)) {
+                               ksmbd_user_session_put(sess);
+                               sess = NULL;
+                       }
+               }
                if (!sess) {
                        rc = -ENOENT;
                        goto out_err;