ksmbd: validate owner of durable handle on reconnect

		return;

	delete_proc_session(sess);

	ksmbd_tree_conn_session_logoff(sess);

	ksmbd_destroy_file_table(sess);

	if (sess->user)

		ksmbd_free_user(sess->user);

	ksmbd_tree_conn_session_logoff(sess);

	ksmbd_destroy_file_table(&sess->file_table);

	ksmbd_launch_ksmbd_durable_scavenger();

	ksmbd_session_rpc_clear_list(sess);

	free_channel_list(sess);

		goto out;

	}

	ksmbd_destroy_file_table(&prev_sess->file_table);

	ksmbd_destroy_file_table(prev_sess);

	prev_sess->state = SMB2_SESSION_EXPIRED;

	ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_SETUP);

	ksmbd_launch_ksmbd_durable_scavenger();

			      struct ksmbd_share_config *share,

			      struct ksmbd_file *fp,

			      struct lease_ctx_info *lctx,

			      struct ksmbd_user *user,

			      char *name)

{

	struct oplock_info *opinfo = opinfo_get(fp);

	if (!opinfo)

		return 0;

	if (ksmbd_vfs_compare_durable_owner(fp, user) == false) {

		ksmbd_debug(SMB, "Durable handle reconnect failed: owner mismatch\n");

		ret = -EBADF;

		goto out;

	}

	if (opinfo->is_lease == false) {

		if (lctx) {

			pr_err("create context include lease\n");

			      struct ksmbd_share_config *share,

			      struct ksmbd_file *fp,

			      struct lease_ctx_info *lctx,

			      struct ksmbd_user *user,

			      char *name);

#endif /* __KSMBD_OPLOCK_H */

		}

		if (dh_info.reconnected == true) {

			rc = smb2_check_durable_oplock(conn, share, dh_info.fp, lc, name);

			rc = smb2_check_durable_oplock(conn, share, dh_info.fp,

					lc, sess->user, name);

			if (rc) {

				ksmbd_put_durable_fd(dh_info.fp);

				goto err_out2;

#include "misc.h"

#include "mgmt/tree_connect.h"

#include "mgmt/user_session.h"

#include "mgmt/user_config.h"

#include "smb_common.h"

#include "server.h"

#include "smb2pdu.h"

	if (ksmbd_stream_fd(fp))

		kfree(fp->stream.name);

	kfree(fp->owner.name);

	kmem_cache_free(filp_cache, fp);

}

}

static int

__close_file_table_ids(struct ksmbd_file_table *ft,

__close_file_table_ids(struct ksmbd_session *sess,

		       struct ksmbd_tree_connect *tcon,

		       bool (*skip)(struct ksmbd_tree_connect *tcon,

				    struct ksmbd_file *fp))

				    struct ksmbd_file *fp,

				    struct ksmbd_user *user))

{

	struct ksmbd_file_table *ft = &sess->file_table;

	struct ksmbd_file *fp;

	unsigned int id = 0;

	int num = 0;

			break;

		}

		if (skip(tcon, fp) ||

		if (skip(tcon, fp, sess->user) ||

		    !atomic_dec_and_test(&fp->refcount)) {

			id++;

			write_unlock(&ft->lock);

}

static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon,

			       struct ksmbd_file *fp)

			       struct ksmbd_file *fp,

			       struct ksmbd_user *user)

{

	return fp->tcon != tcon;

}

	kthread_stop(server_conf.dh_task);

}

/*

 * ksmbd_vfs_copy_durable_owner - Copy owner info for durable reconnect

 * @fp: ksmbd file pointer to store owner info

 * @user: user pointer to copy from

 *

 * This function binds the current user's identity to the file handle

 * to satisfy MS-SMB2 Step 8 (SecurityContext matching) during reconnect.

 *

 * Return: 0 on success, or negative error code on failure

 */

static int ksmbd_vfs_copy_durable_owner(struct ksmbd_file *fp,

		struct ksmbd_user *user)

{

	if (!user)

		return -EINVAL;

	/* Duplicate the user name to ensure identity persistence */

	fp->owner.name = kstrdup(user->name, GFP_KERNEL);

	if (!fp->owner.name)

		return -ENOMEM;

	fp->owner.uid = user->uid;

	fp->owner.gid = user->gid;

	return 0;

}

/**

 * ksmbd_vfs_compare_durable_owner - Verify if the requester is original owner

 * @fp: existing ksmbd file pointer

 * @user: user pointer of the reconnect requester

 *

 * Compares the UID, GID, and name of the current requester against the

 * original owner stored in the file handle.

 *

 * Return: true if the user matches, false otherwise

 */

bool ksmbd_vfs_compare_durable_owner(struct ksmbd_file *fp,

		struct ksmbd_user *user)

{

	if (!user || !fp->owner.name)

		return false;

	/* Check if the UID and GID match first (fast path) */

	if (fp->owner.uid != user->uid || fp->owner.gid != user->gid)

		return false;

	/* Validate the account name to ensure the same SecurityContext */

	if (strcmp(fp->owner.name, user->name))

		return false;

	return true;

}

static bool session_fd_check(struct ksmbd_tree_connect *tcon,

			     struct ksmbd_file *fp)

			     struct ksmbd_file *fp, struct ksmbd_user *user)

{

	struct ksmbd_inode *ci;

	struct oplock_info *op;

	if (!is_reconnectable(fp))

		return false;

	if (ksmbd_vfs_copy_durable_owner(fp, user))

		return false;

	conn = fp->conn;

	ci = fp->f_ci;

	down_write(&ci->m_lock);

void ksmbd_close_tree_conn_fds(struct ksmbd_work *work)

{

	int num = __close_file_table_ids(&work->sess->file_table,

	int num = __close_file_table_ids(work->sess,

					 work->tcon,

					 tree_conn_fd_check);

void ksmbd_close_session_fds(struct ksmbd_work *work)

{

	int num = __close_file_table_ids(&work->sess->file_table,

	int num = __close_file_table_ids(work->sess,

					 work->tcon,

					 session_fd_check);

	}

	up_write(&ci->m_lock);

	fp->owner.uid = fp->owner.gid = 0;

	kfree(fp->owner.name);

	fp->owner.name = NULL;

	return 0;

}

	return 0;

}

void ksmbd_destroy_file_table(struct ksmbd_file_table *ft)

void ksmbd_destroy_file_table(struct ksmbd_session *sess)

{

	struct ksmbd_file_table *ft = &sess->file_table;

	if (!ft->idr)

		return;

	__close_file_table_ids(ft, NULL, session_fd_check);

	__close_file_table_ids(sess, NULL, session_fd_check);

	idr_destroy(ft->idr);

	kfree(ft->idr);

	ft->idr = NULL;