From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 22 Dec 2023 20:50:57 +0000 (+0100)
Subject: s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
X-Git-Tag: talloc-2.4.2~130
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=475784d63e9381e8a76cd666842686c1b8d2d0b4;p=thirdparty%2Fsamba.git

s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED

This is better than NT_STATUS_USER_SESSION_DELETED, as it means the
client can keep it's session alive. Otherwise a windows client believes
the whole session is gone and all other channels are invalid.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e15a83d765a..ac71e550264 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -754,8 +754,14 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 		if (NT_STATUS_EQUAL(status, NT_STATUS_BAD_LOGON_SESSION_STATE)) {
 			/*
 			 * This comes from smb2srv_session_lookup_global().
+			 * And it's a cross node/cross smbd session bind,
+			 * which can't work in our architecture.
+			 *
+			 * Returning NT_STATUS_REQUEST_NOT_ACCEPTED is better
+			 * than NT_STATUS_USER_SESSION_DELETED in order to
+			 * avoid a completely new session.
 			 */
-			tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED);
+			tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
 			return tevent_req_post(req, ev);
 		}