]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
ksmbd: mark invalid session responses as signed
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 2 Jul 2026 10:37:53 +0000 (19:37 +0900)
committerSteve French <stfrench@microsoft.com>
Mon, 6 Jul 2026 12:55:41 +0000 (07:55 -0500)
commit9e8ad620ddfde5a5f4ef58372e3805e9388cb0f4
tree54e367ac4f59c50d8dcbe3d3fcf7004b738d2e0f
parent216c5aba4ebde1a6e85d7831c0cf39a9a2ad7a38
ksmbd: mark invalid session responses as signed

When a signed request uses a session that is not registered on the
connection, ksmbd returns STATUS_USER_SESSION_DELETED before reaching the
normal response signing path. The response therefore lacks
SMB2_FLAGS_SIGNED.

Clients that require signing check this flag before handling
STATUS_USER_SESSION_DELETED and replace the server status with
STATUS_ACCESS_DENIED when it is absent. The protocol permits this error
response to skip signature verification because the connection has no
matching session key.

Preserve SMB2_FLAGS_SIGNED on the early error response when the request was
signed. This lets the client propagate STATUS_USER_SESSION_DELETED.
It fixes smb2.session.bind2.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/server.c