git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Sun, 12 Apr 2026 13:16:16 +0000 (22:16 +0900)
committer	Steve French <stfrench@microsoft.com>
	Sun, 12 Apr 2026 23:07:54 +0000 (18:07 -0500)
commit	49110a8ce654bbe56bef7c5e44cce31f4b102b8a
tree	b1cc65e6ec6171f508413fa8f51e31103bb91e40	tree \| snapshot
parent	235e32320a470fcd3998fb3774f2290a0eb302a1	commit \| diff

ksmbd: validate owner of durable handle on reconnect

Currently, ksmbd does not verify if the user attempting to reconnect
to a durable handle is the same user who originally opened the file.
This allows any authenticated user to hijack an orphaned durable handle
by predicting or brute-forcing the persistent ID.

According to MS-SMB2, the server MUST verify that the SecurityContext
of the reconnect request matches the SecurityContext associated with
the existing open.
Add a durable_owner structure to ksmbd_file to store the original opener's
UID, GID, and account name. and catpure the owner information when a file
handle becomes orphaned. and implementing ksmbd_vfs_compare_durable_owner()
to validate the identity of the requester during SMB2_CREATE (DHnC).

Fixes: c8efcc786146 ("ksmbd: add support for durable handles v1/v2")
Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com>
Reported-by: Navaneeth K <knavaneeth786@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

fs/smb/server/mgmt/user_session.c		diff \| blob \| blame \| history
fs/smb/server/oplock.c		diff \| blob \| blame \| history
fs/smb/server/oplock.h		diff \| blob \| blame \| history
fs/smb/server/smb2pdu.c		diff \| blob \| blame \| history
fs/smb/server/vfs_cache.c		diff \| blob \| blame \| history
fs/smb/server/vfs_cache.h		diff \| blob \| blame \| history