ksmbd: not allow guest user on multichannel

This patch return STATUS_NOT_SUPPORTED if binding session is guest.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20480
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 234ab5f..26db1dc 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1431,7 +1431,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
                 * Reuse session if anonymous try to connect
                 * on reauthetication.
                 */
-               if (ksmbd_anonymous_user(user)) {
+               if (conn->binding == false && ksmbd_anonymous_user(user)) {
                        ksmbd_free_user(user);
                        return 0;
                }
@@ -1445,7 +1445,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
                sess->user = user;
        }
 
-       if (user_guest(sess->user)) {
+       if (conn->binding == false && user_guest(sess->user)) {
                rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
        } else {
                struct authenticate_message *authblob;
@@ -1687,6 +1687,11 @@ int smb2_sess_setup(struct ksmbd_work *work)
                        goto out_err;
                }
 
+               if (user_guest(sess->user)) {
+                       rc = -EOPNOTSUPP;
+                       goto out_err;
+               }
+
                conn->binding = true;
        } else if ((conn->dialect < SMB30_PROT_ID ||
                    server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
@@ -1811,6 +1816,8 @@ out_err:
                rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED;
        else if (rc == -ENOMEM)
                rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
+       else if (rc == -EOPNOTSUPP)
+               rsp->hdr.Status = STATUS_NOT_SUPPORTED;
        else if (rc)
                rsp->hdr.Status = STATUS_LOGON_FAILURE;