ksmbd: throttle session setup failures to avoid dictionary attacks

 */

struct ksmbd_logout_request {

	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */

	__u32	account_flags;

};

/*

#define KSMBD_USER_FLAG_BAD_UID		BIT(2)

#define KSMBD_USER_FLAG_BAD_USER	BIT(3)

#define KSMBD_USER_FLAG_GUEST_ACCOUNT	BIT(4)

#define KSMBD_USER_FLAG_DELAY_SESSION	BIT(5)

/*

 * Share config flags.

void ksmbd_free_user(struct ksmbd_user *user)

{

	ksmbd_ipc_logout_request(user->name);

	ksmbd_ipc_logout_request(user->name, user->flags);

	kfree(user->name);

	kfree(user->passkey);

	kfree(user);

	size_t			passkey_sz;

	char			*passkey;

	unsigned int		failed_login_count;

};

static inline bool user_guest(struct ksmbd_user *user)

		conn->mechToken = NULL;

	}

	if (rc < 0 && sess) {

	if (rc < 0) {

		/*

		 * SecurityBufferOffset should be set to zero

		 * in session setup error response.

		 */

		rsp->SecurityBufferOffset = 0;

		if (sess) {

			bool try_delay = false;

			/*

			 * To avoid dictionary attacks (repeated session setups rapidly sent) to

			 * connect to server, ksmbd make a delay of a 5 seconds on session setup

			 * failure to make it harder to send enough random connection requests

			 * to break into a server.

			 */

			if (sess->user && sess->user->flags & KSMBD_USER_FLAG_DELAY_SESSION)

				try_delay = true;

			ksmbd_session_destroy(sess);

			work->sess = NULL;

			if (try_delay)

				ssleep(5);

		}

	}

	return rc;

	return ret;

}

int ksmbd_ipc_logout_request(const char *account)

int ksmbd_ipc_logout_request(const char *account, int flags)

{

	struct ksmbd_ipc_msg *msg;

	struct ksmbd_logout_request *req;

	msg->type = KSMBD_EVENT_LOGOUT_REQUEST;

	req = (struct ksmbd_logout_request *)msg->payload;

	req->account_flags = flags;

	strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ);

	ret = ipc_msg_send(msg);