mirror of
https://github.com/torvalds/linux.git
synced 2024-11-26 22:21:42 +00:00
ksmbd: fix multi session connection failure
When RSS mode is enable, windows client do simultaneously send several session requests to server. There is racy issue using sess->ntlmssp.cryptkey on N connection : 1 session. So authetication failed using wrong cryptkey on some session. This patch move cryptkey to ksmbd_conn structure to use each cryptkey on connection. Tested-by: Ziwei Xie <zw.xie@high-flyer.cn> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
parent
71cd9cb680
commit
ce53d36537
@ -215,7 +215,7 @@ out:
|
||||
* Return: 0 on success, error number on error
|
||||
*/
|
||||
int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,
|
||||
int blen, char *domain_name)
|
||||
int blen, char *domain_name, char *cryptkey)
|
||||
{
|
||||
char ntlmv2_hash[CIFS_ENCPWD_SIZE];
|
||||
char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
|
||||
@ -256,7 +256,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,
|
||||
goto out;
|
||||
}
|
||||
|
||||
memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE);
|
||||
memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
|
||||
memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
|
||||
|
||||
rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
|
||||
@ -295,7 +295,8 @@ out:
|
||||
* Return: 0 on success, error number on error
|
||||
*/
|
||||
int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
|
||||
int blob_len, struct ksmbd_session *sess)
|
||||
int blob_len, struct ksmbd_conn *conn,
|
||||
struct ksmbd_session *sess)
|
||||
{
|
||||
char *domain_name;
|
||||
unsigned int nt_off, dn_off;
|
||||
@ -324,7 +325,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
|
||||
|
||||
/* TODO : use domain name that imported from configuration file */
|
||||
domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
|
||||
dn_len, true, sess->conn->local_nls);
|
||||
dn_len, true, conn->local_nls);
|
||||
if (IS_ERR(domain_name))
|
||||
return PTR_ERR(domain_name);
|
||||
|
||||
@ -333,7 +334,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
|
||||
domain_name);
|
||||
ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off),
|
||||
nt_len - CIFS_ENCPWD_SIZE,
|
||||
domain_name);
|
||||
domain_name, conn->ntlmssp.cryptkey);
|
||||
kfree(domain_name);
|
||||
return ret;
|
||||
}
|
||||
@ -347,7 +348,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
|
||||
*
|
||||
*/
|
||||
int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
|
||||
int blob_len, struct ksmbd_session *sess)
|
||||
int blob_len, struct ksmbd_conn *conn)
|
||||
{
|
||||
if (blob_len < sizeof(struct negotiate_message)) {
|
||||
ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
|
||||
@ -361,7 +362,7 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
sess->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
|
||||
conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -375,14 +376,14 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
|
||||
*/
|
||||
unsigned int
|
||||
ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
|
||||
struct ksmbd_session *sess)
|
||||
struct ksmbd_conn *conn)
|
||||
{
|
||||
struct target_info *tinfo;
|
||||
wchar_t *name;
|
||||
__u8 *target_name;
|
||||
unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
|
||||
int len, uni_len, conv_len;
|
||||
int cflags = sess->ntlmssp.client_flags;
|
||||
int cflags = conn->ntlmssp.client_flags;
|
||||
|
||||
memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
|
||||
chgblob->MessageType = NtLmChallenge;
|
||||
@ -403,7 +404,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
|
||||
if (cflags & NTLMSSP_REQUEST_TARGET)
|
||||
flags |= NTLMSSP_REQUEST_TARGET;
|
||||
|
||||
if (sess->conn->use_spnego &&
|
||||
if (conn->use_spnego &&
|
||||
(cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
|
||||
flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
|
||||
|
||||
@ -414,7 +415,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
|
||||
return -ENOMEM;
|
||||
|
||||
conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
|
||||
sess->conn->local_nls);
|
||||
conn->local_nls);
|
||||
if (conv_len < 0 || conv_len > len) {
|
||||
kfree(name);
|
||||
return -EINVAL;
|
||||
@ -430,8 +431,8 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
|
||||
chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
|
||||
|
||||
/* Initialize random conn challenge */
|
||||
get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64));
|
||||
memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey,
|
||||
get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
|
||||
memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
|
||||
CIFS_CRYPTO_KEY_SIZE);
|
||||
|
||||
/* Add Target Information to security buffer */
|
||||
|
@ -38,16 +38,16 @@ struct kvec;
|
||||
int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,
|
||||
unsigned int nvec, int enc);
|
||||
void ksmbd_copy_gss_neg_header(void *buf);
|
||||
int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf);
|
||||
int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,
|
||||
int blen, char *domain_name);
|
||||
int blen, char *domain_name, char *cryptkey);
|
||||
int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
|
||||
int blob_len, struct ksmbd_session *sess);
|
||||
int blob_len, struct ksmbd_conn *conn,
|
||||
struct ksmbd_session *sess);
|
||||
int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
|
||||
int blob_len, struct ksmbd_session *sess);
|
||||
int blob_len, struct ksmbd_conn *conn);
|
||||
unsigned int
|
||||
ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
|
||||
struct ksmbd_session *sess);
|
||||
struct ksmbd_conn *conn);
|
||||
int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
|
||||
int in_len, char *out_blob, int *out_len);
|
||||
int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
|
||||
|
@ -72,12 +72,7 @@ struct ksmbd_conn {
|
||||
int connection_type;
|
||||
struct ksmbd_stats stats;
|
||||
char ClientGUID[SMB2_CLIENT_GUID_SIZE];
|
||||
union {
|
||||
/* pending trans request table */
|
||||
struct trans_state *recent_trans;
|
||||
/* Used by ntlmssp */
|
||||
char *ntlmssp_cryptkey;
|
||||
};
|
||||
struct ntlmssp_auth ntlmssp;
|
||||
|
||||
spinlock_t llist_lock;
|
||||
struct list_head lock_list;
|
||||
|
@ -45,7 +45,6 @@ struct ksmbd_session {
|
||||
int state;
|
||||
__u8 *Preauth_HashValue;
|
||||
|
||||
struct ntlmssp_auth ntlmssp;
|
||||
char sess_key[CIFS_KEY_SIZE];
|
||||
|
||||
struct hlist_node hlist;
|
||||
|
@ -1301,7 +1301,7 @@ static int ntlm_negotiate(struct ksmbd_work *work,
|
||||
int sz, rc;
|
||||
|
||||
ksmbd_debug(SMB, "negotiate phase\n");
|
||||
rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->sess);
|
||||
rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->conn);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
@ -1311,7 +1311,7 @@ static int ntlm_negotiate(struct ksmbd_work *work,
|
||||
memset(chgblob, 0, sizeof(struct challenge_message));
|
||||
|
||||
if (!work->conn->use_spnego) {
|
||||
sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess);
|
||||
sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn);
|
||||
if (sz < 0)
|
||||
return -ENOMEM;
|
||||
|
||||
@ -1327,7 +1327,7 @@ static int ntlm_negotiate(struct ksmbd_work *work,
|
||||
return -ENOMEM;
|
||||
|
||||
chgblob = (struct challenge_message *)neg_blob;
|
||||
sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess);
|
||||
sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn);
|
||||
if (sz < 0) {
|
||||
rc = -ENOMEM;
|
||||
goto out;
|
||||
@ -1470,7 +1470,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)
|
||||
|
||||
authblob = user_authblob(conn, req);
|
||||
sz = le16_to_cpu(req->SecurityBufferLength);
|
||||
rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess);
|
||||
rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess);
|
||||
if (rc) {
|
||||
set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD);
|
||||
ksmbd_debug(SMB, "authentication failed\n");
|
||||
|
Loading…
Reference in New Issue
Block a user