summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorNamjae Jeon <linkinjeon@kernel.org>2026-07-02 21:16:50 +0900
committerSteve French <stfrench@microsoft.com>2026-07-06 07:55:41 -0500
commitf49bca41c12f9f79d39dbf0779d0c672d74b09fe (patch)
tree0060685838586ec07542ff0305f6df807ff7b07c /scripts
parent3e67423336f08a28e9efaac66e842210f9421484 (diff)
downloadlinux-f49bca41c12f9f79d39dbf0779d0c672d74b09fe.tar.gz
linux-f49bca41c12f9f79d39dbf0779d0c672d74b09fe.zip
ksmbd: use the session dialect for rejected binding signatures
When an SMB3 session is referenced by a binding request on an SMB2.1 connection, the request is signed with the existing session's SMB3 signing algorithm. ksmbd instead verifies it with the new connection's SMB2.1 HMAC algorithm, so verification fails and the client receives STATUS_ACCESS_DENIED instead of STATUS_REQUEST_NOT_ACCEPTED. Select the signing verifier from the referenced session dialect. Permit a signed SESSION_SETUP without an established channel to use the SMB3 session signing key for verification. This is limited to SESSION_SETUP so other unbound requests remain rejected. The rejected response must use the same existing session algorithm. When an SMB3 session is referenced on an SMB2.1 connection, sign the SESSION_SETUP response with the SMB3 signing path rather than the connection's SMB2.1 path. This fixes smb2.session.bind_negative_smb3to2s. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions