iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ksmbd: fix guest connection failure with nautilus

Browse Source 
MS-SMB2 describe session sign like the following.
Session.SigningRequired MUST be set to TRUE under the following conditions:
 - If the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode
   field of the client request.
 - If the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags
   field and Session.IsAnonymous is FALSE and either Connection.ShouldSign
   or global RequireMessageSigning is TRUE.

When trying guest account connection using nautilus, The login failure
happened on session setup. ksmbd does not allow this connection
when the user is a guest and the connection sign is set. Just do not set
session sign instead of error response as described in the specification.
And this change improves the guest connection in Nautilus.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Namjae Jeon 2022-01-17 22:16:01 +09:00 committed by Steve French
parent b207602fb0
commit ac090d9c90
1 changed files with 30 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fs/ksmbd/smb2pdu.c
View File

@ -1464,11 +1464,6 @@ static int ntlm_authenticate(struct ksmbd_work *work)
} }
if (user_guest(sess->user)) { if (user_guest(sess->user)) {
if (conn->sign) {
ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n");
return -EPERM;
}
rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE; rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
} else { } else {
struct authenticate_message *authblob; struct authenticate_message *authblob;
@ -1481,6 +1476,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
ksmbd_debug(SMB, "authentication failed\n"); ksmbd_debug(SMB, "authentication failed\n");
return -EPERM; return -EPERM;
} }
}
/* /*
* If session state is SMB2_SESSION_VALID, We can assume * If session state is SMB2_SESSION_VALID, We can assume
@ -1493,7 +1489,8 @@ static int ntlm_authenticate(struct ksmbd_work *work)
return 0; return 0;
} }
if ((conn->sign || server_conf.enforced_signing) || if ((rsp->SessionFlags != SMB2_SESSION_FLAG_IS_GUEST_LE &&
(conn->sign || server_conf.enforced_signing)) ||
(req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
sess->sign = true; sess->sign = true;
@ -1513,7 +1510,6 @@ static int ntlm_authenticate(struct ksmbd_work *work)
*/ */
sess->sign = false; sess->sign = false;
} }
}
binding_session: binding_session:
if (conn->dialect >= SMB30_PROT_ID) { if (conn->dialect >= SMB30_PROT_ID) {