diff options
| author | Namjae Jeon <linkinjeon@kernel.org> | 2026-07-01 22:58:35 +0900 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2026-07-06 07:55:41 -0500 |
| commit | fbe0bb2b75eb3c61e8464486506253d1b471240b (patch) | |
| tree | ac81a88b7e7266bc9d6067d18af05a0daaf3b761 /rust/zerocopy/git@git.tavy.me:linux-stable.git | |
| parent | 8cdeaa50eae8dad34885515f62559ee83e7e8dda (diff) | |
ksmbd: validate SID namespace before mapping IDs
sid_to_id() currently treats the last subauthority of any owner or group
SID as a Unix uid or gid. For example, this maps Everyone (S-1-1-0) to
uid 0 and BUILTIN\Users (S-1-5-32-545) to gid 545.
When an SMB2 CREATE security descriptor contains those SIDs, ksmbd
attempts to change the newly created file to the bogus Unix ownership.
notify_change() then returns -EPERM, which makes smb2.create.aclfile fail
with NT_STATUS_SHARING_VIOLATION.
Validate the SID prefix before extracting its RID. Only server-domain
owner SIDs and S-1-22-2 Unix group SIDs have local ID representations.
Treat other valid Windows SIDs as unmapped so their original values can
still be preserved in the NT ACL xattr.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'rust/zerocopy/git@git.tavy.me:linux-stable.git')
0 files changed, 0 insertions, 0 deletions
