ksmbd: not allow guest user on multichannel

[ Upstream commit 3353ab2df5f68dab7da8d5ebb427a2d265a1f2b2 ]

This patch return STATUS_NOT_SUPPORTED if binding session is guest.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20480
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 61d6d4b6b56acc1eaa8bf717d24e370b48a607c8..51d495688f45e6e3b419af79bfa24727f841f3dd 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1462,7 +1462,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
                 * Reuse session if anonymous try to connect
                 * on reauthetication.
                 */
-               if (ksmbd_anonymous_user(user)) {
+               if (conn->binding == false && ksmbd_anonymous_user(user)) {
                        ksmbd_free_user(user);
                        return 0;
                }
@@ -1476,7 +1476,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
                sess->user = user;
        }
 
-       if (user_guest(sess->user)) {
+       if (conn->binding == false && user_guest(sess->user)) {
                rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
        } else {
                struct authenticate_message *authblob;
@@ -1720,6 +1720,11 @@ int smb2_sess_setup(struct ksmbd_work *work)
                        goto out_err;
                }
 
+               if (user_guest(sess->user)) {
+                       rc = -EOPNOTSUPP;
+                       goto out_err;
+               }
+
                conn->binding = true;
        } else if ((conn->dialect < SMB30_PROT_ID ||
                    server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
@@ -1831,6 +1836,8 @@ int smb2_sess_setup(struct ksmbd_work *work)
                rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED;
        else if (rc == -ENOMEM)
                rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
+       else if (rc == -EOPNOTSUPP)
+               rsp->hdr.Status = STATUS_NOT_SUPPORTED;
        else if (rc)
                rsp->hdr.Status = STATUS_LOGON_FAILURE;