mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 22:54:01 +00:00
Code Issues Releases Wiki Activity

ksmbd: not allow guest user on multichannel

Browse source 
[ Upstream commit 3353ab2df5 ]

This patch return STATUS_NOT_SUPPORTED if binding session is guest.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20480
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Namjae Jeon 2023-05-03 08:45:08 +09:00 committed by Greg Kroah-Hartman
parent 4f9baa0667
commit ed76d3a891
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
fs/ksmbd/smb2pdu.c
View file

@ -1462,7 +1462,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
* Reuse session if anonymous try to connect * Reuse session if anonymous try to connect
* on reauthetication. * on reauthetication.
*/ */
if (ksmbd_anonymous_user(user)) { if (conn->binding == false && ksmbd_anonymous_user(user)) {
ksmbd_free_user(user); ksmbd_free_user(user);
return 0; return 0;
} }
@ -1476,7 +1476,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
sess->user = user; sess->user = user;
} }
if (user_guest(sess->user)) { if (conn->binding == false && user_guest(sess->user)) {
rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE; rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
} else { } else {
struct authenticate_message *authblob; struct authenticate_message *authblob;
@ -1720,6 +1720,11 @@ int smb2_sess_setup(struct ksmbd_work *work)
goto out_err; goto out_err;
} }
if (user_guest(sess->user)) {
rc = -EOPNOTSUPP;
goto out_err;
}
conn->binding = true; conn->binding = true;
} else if ((conn->dialect < SMB30_PROT_ID || } else if ((conn->dialect < SMB30_PROT_ID ||
server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
@ -1831,6 +1836,8 @@ int smb2_sess_setup(struct ksmbd_work *work)
rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED; rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED;
else if (rc == -ENOMEM) else if (rc == -ENOMEM)
rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
else if (rc == -EOPNOTSUPP)
rsp->hdr.Status = STATUS_NOT_SUPPORTED;
else if (rc) else if (rc)
rsp->hdr.Status = STATUS_LOGON_FAILURE; rsp->hdr.Status = STATUS_LOGON_FAILURE;