| Message ID | 20211215060206.8048-3-linkinjeon@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/3] ksmbd: set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO | expand |
2021년 12월 16일 (목) 오전 4:46, Namjae Jeon <linkinjeon@kernel.org>님이 작성: > > When RSS mode is enable, windows client do simultaneously send several > session requests to server. There is racy issue using > sess->ntlmssp.cryptkey on N connection : 1 session. So authetication > failed using wrong cryptkey on some session. This patch move cryptkey > to ksmbd_conn structure to use each cryptkey on connection. > > Tested-by: Ziwei Xie <zw.xie@high-flyer.cn> > Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> > --- Acked-by: Hyunchul Lee <hyc.lee@gmail.com> > fs/ksmbd/auth.c | 27 ++++++++++++++------------- > fs/ksmbd/auth.h | 10 +++++----- > fs/ksmbd/connection.h | 7 +------ > fs/ksmbd/mgmt/user_session.h | 1 - > fs/ksmbd/smb2pdu.c | 8 ++++---- > 5 files changed, 24 insertions(+), 29 deletions(-) > > diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c > index 3503b1c48cb4..dc3d061edda9 100644 > --- a/fs/ksmbd/auth.c > +++ b/fs/ksmbd/auth.c > @@ -215,7 +215,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, > * Return: 0 on success, error number on error > */ > int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, > - int blen, char *domain_name) > + int blen, char *domain_name, char *cryptkey) > { > char ntlmv2_hash[CIFS_ENCPWD_SIZE]; > char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; > @@ -256,7 +256,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, > goto out; > } > > - memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE); > + memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE); > memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen); > > rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len); > @@ -295,7 +295,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, > * Return: 0 on success, error number on error > */ > int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, > - int blob_len, struct ksmbd_session *sess) > + int blob_len, struct ksmbd_conn *conn, > + struct ksmbd_session *sess) > { > char *domain_name; > unsigned int nt_off, dn_off; > @@ -324,7 +325,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, > > /* TODO : use domain name that imported from configuration file */ > domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off, > - dn_len, true, sess->conn->local_nls); > + dn_len, true, conn->local_nls); > if (IS_ERR(domain_name)) > return PTR_ERR(domain_name); > > @@ -333,7 +334,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, > domain_name); > ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off), > nt_len - CIFS_ENCPWD_SIZE, > - domain_name); > + domain_name, conn->ntlmssp.cryptkey); > kfree(domain_name); > return ret; > } > @@ -347,7 +348,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, > * > */ > int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, > - int blob_len, struct ksmbd_session *sess) > + int blob_len, struct ksmbd_conn *conn) > { > if (blob_len < sizeof(struct negotiate_message)) { > ksmbd_debug(AUTH, "negotiate blob len %d too small\n", > @@ -361,7 +362,7 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, > return -EINVAL; > } > > - sess->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); > + conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); > return 0; > } > > @@ -375,14 +376,14 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, > */ > unsigned int > ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, > - struct ksmbd_session *sess) > + struct ksmbd_conn *conn) > { > struct target_info *tinfo; > wchar_t *name; > __u8 *target_name; > unsigned int flags, blob_off, blob_len, type, target_info_len = 0; > int len, uni_len, conv_len; > - int cflags = sess->ntlmssp.client_flags; > + int cflags = conn->ntlmssp.client_flags; > > memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8); > chgblob->MessageType = NtLmChallenge; > @@ -403,7 +404,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, > if (cflags & NTLMSSP_REQUEST_TARGET) > flags |= NTLMSSP_REQUEST_TARGET; > > - if (sess->conn->use_spnego && > + if (conn->use_spnego && > (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) > flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC; > > @@ -414,7 +415,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, > return -ENOMEM; > > conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, > - sess->conn->local_nls); > + conn->local_nls); > if (conv_len < 0 || conv_len > len) { > kfree(name); > return -EINVAL; > @@ -430,8 +431,8 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, > chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off); > > /* Initialize random conn challenge */ > - get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64)); > - memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey, > + get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64)); > + memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey, > CIFS_CRYPTO_KEY_SIZE); > > /* Add Target Information to security buffer */ > diff --git a/fs/ksmbd/auth.h b/fs/ksmbd/auth.h > index 9c2d4badd05d..95629651cf26 100644 > --- a/fs/ksmbd/auth.h > +++ b/fs/ksmbd/auth.h > @@ -38,16 +38,16 @@ struct kvec; > int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, > unsigned int nvec, int enc); > void ksmbd_copy_gss_neg_header(void *buf); > -int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf); > int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, > - int blen, char *domain_name); > + int blen, char *domain_name, char *cryptkey); > int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, > - int blob_len, struct ksmbd_session *sess); > + int blob_len, struct ksmbd_conn *conn, > + struct ksmbd_session *sess); > int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, > - int blob_len, struct ksmbd_session *sess); > + int blob_len, struct ksmbd_conn *conn); > unsigned int > ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, > - struct ksmbd_session *sess); > + struct ksmbd_conn *conn); > int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, > int in_len, char *out_blob, int *out_len); > int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, > diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h > index e5403c587a58..72dfd155b5bf 100644 > --- a/fs/ksmbd/connection.h > +++ b/fs/ksmbd/connection.h > @@ -72,12 +72,7 @@ struct ksmbd_conn { > int connection_type; > struct ksmbd_stats stats; > char ClientGUID[SMB2_CLIENT_GUID_SIZE]; > - union { > - /* pending trans request table */ > - struct trans_state *recent_trans; > - /* Used by ntlmssp */ > - char *ntlmssp_cryptkey; > - }; > + struct ntlmssp_auth ntlmssp; > > spinlock_t llist_lock; > struct list_head lock_list; > diff --git a/fs/ksmbd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h > index 82289c3cbd2b..e241f16a3851 100644 > --- a/fs/ksmbd/mgmt/user_session.h > +++ b/fs/ksmbd/mgmt/user_session.h > @@ -45,7 +45,6 @@ struct ksmbd_session { > int state; > __u8 *Preauth_HashValue; > > - struct ntlmssp_auth ntlmssp; > char sess_key[CIFS_KEY_SIZE]; > > struct hlist_node hlist; > diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c > index 4f938f038a65..68e5773b5b19 100644 > --- a/fs/ksmbd/smb2pdu.c > +++ b/fs/ksmbd/smb2pdu.c > @@ -1282,7 +1282,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, > int sz, rc; > > ksmbd_debug(SMB, "negotiate phase\n"); > - rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->sess); > + rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->conn); > if (rc) > return rc; > > @@ -1292,7 +1292,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, > memset(chgblob, 0, sizeof(struct challenge_message)); > > if (!work->conn->use_spnego) { > - sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); > + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn); > if (sz < 0) > return -ENOMEM; > > @@ -1308,7 +1308,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, > return -ENOMEM; > > chgblob = (struct challenge_message *)neg_blob; > - sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); > + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn); > if (sz < 0) { > rc = -ENOMEM; > goto out; > @@ -1450,7 +1450,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) > > authblob = user_authblob(conn, req); > sz = le16_to_cpu(req->SecurityBufferLength); > - rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess); > + rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess); > if (rc) { > set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); > ksmbd_debug(SMB, "authentication failed\n"); > -- > 2.25.1 >
diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index 3503b1c48cb4..dc3d061edda9 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -215,7 +215,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, * Return: 0 on success, error number on error */ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name) + int blen, char *domain_name, char *cryptkey) { char ntlmv2_hash[CIFS_ENCPWD_SIZE]; char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; @@ -256,7 +256,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, goto out; } - memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE); + memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE); memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen); rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len); @@ -295,7 +295,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, * Return: 0 on success, error number on error */ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, struct ksmbd_session *sess) + int blob_len, struct ksmbd_conn *conn, + struct ksmbd_session *sess) { char *domain_name; unsigned int nt_off, dn_off; @@ -324,7 +325,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, /* TODO : use domain name that imported from configuration file */ domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off, - dn_len, true, sess->conn->local_nls); + dn_len, true, conn->local_nls); if (IS_ERR(domain_name)) return PTR_ERR(domain_name); @@ -333,7 +334,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, domain_name); ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off), nt_len - CIFS_ENCPWD_SIZE, - domain_name); + domain_name, conn->ntlmssp.cryptkey); kfree(domain_name); return ret; } @@ -347,7 +348,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, * */ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, struct ksmbd_session *sess) + int blob_len, struct ksmbd_conn *conn) { if (blob_len < sizeof(struct negotiate_message)) { ksmbd_debug(AUTH, "negotiate blob len %d too small\n", @@ -361,7 +362,7 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, return -EINVAL; } - sess->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); + conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); return 0; } @@ -375,14 +376,14 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, */ unsigned int ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, - struct ksmbd_session *sess) + struct ksmbd_conn *conn) { struct target_info *tinfo; wchar_t *name; __u8 *target_name; unsigned int flags, blob_off, blob_len, type, target_info_len = 0; int len, uni_len, conv_len; - int cflags = sess->ntlmssp.client_flags; + int cflags = conn->ntlmssp.client_flags; memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8); chgblob->MessageType = NtLmChallenge; @@ -403,7 +404,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, if (cflags & NTLMSSP_REQUEST_TARGET) flags |= NTLMSSP_REQUEST_TARGET; - if (sess->conn->use_spnego && + if (conn->use_spnego && (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC; @@ -414,7 +415,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, return -ENOMEM; conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, - sess->conn->local_nls); + conn->local_nls); if (conv_len < 0 || conv_len > len) { kfree(name); return -EINVAL; @@ -430,8 +431,8 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off); /* Initialize random conn challenge */ - get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64)); - memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey, + get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64)); + memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE); /* Add Target Information to security buffer */ diff --git a/fs/ksmbd/auth.h b/fs/ksmbd/auth.h index 9c2d4badd05d..95629651cf26 100644 --- a/fs/ksmbd/auth.h +++ b/fs/ksmbd/auth.h @@ -38,16 +38,16 @@ struct kvec; int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, unsigned int nvec, int enc); void ksmbd_copy_gss_neg_header(void *buf); -int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf); int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name); + int blen, char *domain_name, char *cryptkey); int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, struct ksmbd_session *sess); + int blob_len, struct ksmbd_conn *conn, + struct ksmbd_session *sess); int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, struct ksmbd_session *sess); + int blob_len, struct ksmbd_conn *conn); unsigned int ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, - struct ksmbd_session *sess); + struct ksmbd_conn *conn); int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, int in_len, char *out_blob, int *out_len); int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index e5403c587a58..72dfd155b5bf 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -72,12 +72,7 @@ struct ksmbd_conn { int connection_type; struct ksmbd_stats stats; char ClientGUID[SMB2_CLIENT_GUID_SIZE]; - union { - /* pending trans request table */ - struct trans_state *recent_trans; - /* Used by ntlmssp */ - char *ntlmssp_cryptkey; - }; + struct ntlmssp_auth ntlmssp; spinlock_t llist_lock; struct list_head lock_list; diff --git a/fs/ksmbd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h index 82289c3cbd2b..e241f16a3851 100644 --- a/fs/ksmbd/mgmt/user_session.h +++ b/fs/ksmbd/mgmt/user_session.h @@ -45,7 +45,6 @@ struct ksmbd_session { int state; __u8 *Preauth_HashValue; - struct ntlmssp_auth ntlmssp; char sess_key[CIFS_KEY_SIZE]; struct hlist_node hlist; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 4f938f038a65..68e5773b5b19 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1282,7 +1282,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, int sz, rc; ksmbd_debug(SMB, "negotiate phase\n"); - rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->sess); + rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->conn); if (rc) return rc; @@ -1292,7 +1292,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, memset(chgblob, 0, sizeof(struct challenge_message)); if (!work->conn->use_spnego) { - sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn); if (sz < 0) return -ENOMEM; @@ -1308,7 +1308,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, return -ENOMEM; chgblob = (struct challenge_message *)neg_blob; - sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn); if (sz < 0) { rc = -ENOMEM; goto out; @@ -1450,7 +1450,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) authblob = user_authblob(conn, req); sz = le16_to_cpu(req->SecurityBufferLength); - rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess); + rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess); if (rc) { set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); ksmbd_debug(SMB, "authentication failed\n");