]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
ksmbd: use the session dialect for rejected binding signatures
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 2 Jul 2026 12:16:50 +0000 (21:16 +0900)
committerSteve French <stfrench@microsoft.com>
Mon, 6 Jul 2026 12:55:41 +0000 (07:55 -0500)
commitf49bca41c12f9f79d39dbf0779d0c672d74b09fe
tree0060685838586ec07542ff0305f6df807ff7b07c
parent3e67423336f08a28e9efaac66e842210f9421484
ksmbd: use the session dialect for rejected binding signatures

When an SMB3 session is referenced by a binding request on an SMB2.1
connection, the request is signed with the existing session's SMB3 signing
algorithm. ksmbd instead verifies it with the new connection's SMB2.1 HMAC
algorithm, so verification fails and the client receives
STATUS_ACCESS_DENIED instead of STATUS_REQUEST_NOT_ACCEPTED.

Select the signing verifier from the referenced session dialect. Permit a
signed SESSION_SETUP without an established channel to use the SMB3 session
signing key for verification. This is limited to SESSION_SETUP so other
unbound requests remain rejected.

The rejected response must use the same existing session algorithm. When an
SMB3 session is referenced on an SMB2.1 connection, sign the SESSION_SETUP
response with the SMB3 signing path rather than the connection's SMB2.1
path.

This fixes smb2.session.bind_negative_smb3to2s.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/server.c
fs/smb/server/smb2pdu.c