diff options
| author | Namjae Jeon <linkinjeon@kernel.org> | 2026-07-02 20:07:25 +0900 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2026-07-06 07:55:41 -0500 |
| commit | 1c5daa2ea924be89d78b5525510bcf3a3eb9735c (patch) | |
| tree | f045818121ce3dc2008fe41e9779cbf3255b63b7 /rust/zerocopy/git@git.tavy.me:linux-stable.git | |
| parent | faf8578c77f3d846aca9cd882c293e03eafcc6df (diff) | |
ksmbd: handle channel binding with a different user
When an authenticated user tries to bind a channel to a session owned by a
different user, ksmbd returns STATUS_LOGON_FAILURE. Windows instead rejects
this attempt with STATUS_ACCESS_DENIED. The supplied credentials are valid
but cannot be used with the existing session.
Use a distinct internal error for a user mismatch in both NTLM and Kerberos
authentication and map it to STATUS_ACCESS_DENIED during SESSION_SETUP.
Keep ordinary authentication failures mapped to STATUS_LOGON_FAILURE.
A failed SMB 3.1.1 binding also leaves its preauthentication context on the
connection. A subsequent binding attempt for the same session reuses the
stale hash and derives an incorrect channel signing key. Remove the binding
preauthentication context on failure so a valid retry starts with a fresh
hash.
This fixes smb2.session.bind_different_user.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'rust/zerocopy/git@git.tavy.me:linux-stable.git')
0 files changed, 0 insertions, 0 deletions
