ksmbd: not allow guest user on multichannel

commit 3353ab2df5f68dab7da8d5ebb427a2d265a1f2b2 upstream.

This patch return STATUS_NOT_SUPPORTED if binding session is guest.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20480
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index a8650b568bde50767dd74c05f3cd06ff937d8c24..decaef3592f43f289c7e7e543c90806aeed88f06 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1456,7 +1456,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
                 * Reuse session if anonymous try to connect
                 * on reauthetication.
                 */
-               if (ksmbd_anonymous_user(user)) {
+               if (conn->binding == false && ksmbd_anonymous_user(user)) {
                        ksmbd_free_user(user);
                        return 0;
                }
@@ -1470,7 +1470,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
                sess->user = user;
        }
 
-       if (user_guest(sess->user)) {
+       if (conn->binding == false && user_guest(sess->user)) {
                rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
        } else {
                struct authenticate_message *authblob;
@@ -1715,6 +1715,11 @@ int smb2_sess_setup(struct ksmbd_work *work)
                        goto out_err;
                }
 
+               if (user_guest(sess->user)) {
+                       rc = -EOPNOTSUPP;
+                       goto out_err;
+               }
+
                conn->binding = true;
        } else if ((conn->dialect < SMB30_PROT_ID ||
                    server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
@@ -1827,6 +1832,8 @@ out_err:
                rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED;
        else if (rc == -ENOMEM)
                rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
+       else if (rc == -EOPNOTSUPP)
+               rsp->hdr.Status = STATUS_NOT_SUPPORTED;
        else if (rc)
                rsp->hdr.Status = STATUS_LOGON_FAILURE;