tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

smb: server: stop sending fake security descriptors

in smb2_get_info_sec, a dummy security descriptor (SD) is returned if
the requested information is not supported.

the code is currently wrong, as DACL_PROTECTED is set in the type field,
but there is no DACL is present.

instead of faking a security, report a STATUS_NOT_SUPPORTED error.

this seems to fix a "Error 0x80090006: Invalid Signature" on file
transfers with Windows 11 clients (25H2, build 26200.8246).

capturing traffic shows that the client is sending a GET_INFO/SEC_INFO
request, with the additional_info field set to 0x20
(ATTRIBUTE_SECURITY_INFORMATION). Returning an empty SD
(with only SELF_RELATIVE set) does not fix the error.

Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

authored by

Marios Makassikis and committed by
Steve French 5efb579e b0da97c0

+2 -15
+2 -15
fs/smb/server/smb2pdu.c
··· 5746 5746 ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n", 5747 5747 addition_info); 5748 5748 5749 - pntsd = kzalloc(ALIGN(sizeof(struct smb_ntsd), 8), 5750 - KSMBD_DEFAULT_GFP); 5751 - if (!pntsd) 5752 - return -ENOMEM; 5753 - 5754 - pntsd->revision = cpu_to_le16(1); 5755 - pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED); 5756 - pntsd->osidoffset = 0; 5757 - pntsd->gsidoffset = 0; 5758 - pntsd->sacloffset = 0; 5759 - pntsd->dacloffset = 0; 5760 - 5761 - secdesclen = sizeof(struct smb_ntsd); 5762 - goto iov_pin; 5749 + rsp->hdr.Status = STATUS_NOT_SUPPORTED; 5750 + return -EINVAL; 5763 5751 } 5764 5752 5765 5753 if (work->next_smb2_rcv_hdr_off) { ··· 5814 5826 if (rc) 5815 5827 goto err_out; 5816 5828 5817 - iov_pin: 5818 5829 rsp->OutputBufferLength = cpu_to_le32(secdesclen); 5819 5830 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), 5820 5831 rsp, work->response_buf);