smbd: return EACCESS when Durable Handle is reconnected with different user

MS-SMB2 3.3.5.9.7 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context

10.  If the user represented by Session.SecurityContext is not the same user
denoted by Open.DurableOwner, the server MUST fail the request with
STATUS_ACCESS_DENIED and proceed as specified in "Failed Open Handling"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11122

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jun  6 17:15:45 UTC 2025 on atb-devel-224

diff --git a/selftest/knownfail.d/samba3.smb2.durable-open b/selftest/knownfail.d/samba3.smb2.durable-open
deleted file mode 100644 (file)
index b6536e2..0000000
--- a/selftest/knownfail.d/samba3.smb2.durable-open
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.durable-open.reopen6\(nt4_dc\)

diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index a2364137aaf618abe692221ab9fda58726c0c493..c939bbd39c329735ebf0cbaabb9210126b5b3647 100644 (file)
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1219,7 +1219,8 @@ static void smb2srv_open_recreate_fn(
                DBG_NOTICE("global owner %s not in our token in %s\n",
                           dom_sid_str_buf(&global->open_owner, &buf),
                           tdb_data_dbg(key));
-               goto not_found;
+               state->status = NT_STATUS_ACCESS_DENIED;
+               return;
        }
 
        if (!global->durable) {