diff options
author | Jeremy Allison <jra@samba.org> | 2007-12-29 22:36:49 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2007-12-29 22:36:49 -0800 |
commit | bd3521457ce9d899d42fdea32993a42c906070c7 (patch) | |
tree | 6e9ebb1fa2b565703e5bf4b1238c10783c175610 | |
parent | df450fc090071b3645ecede5d15685e68e209d99 (diff) | |
download | samba-bd3521457ce9d899d42fdea32993a42c906070c7.tar.gz samba-bd3521457ce9d899d42fdea32993a42c906070c7.tar.bz2 samba-bd3521457ce9d899d42fdea32993a42c906070c7.zip |
Allow encryption context setup on IPC$.
Jeremy.
(This used to be commit 5d424cb3060af89bde50bc7fe2989e3c1b8e91b2)
-rw-r--r-- | source3/smbd/trans2.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 21bde12056..656925502b 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2430,7 +2430,8 @@ static void call_trans2qfsinfo(connection_struct *conn, info_level = SVAL(params,0); - if (conn->encrypt_level == Required && SVAL(req->inbuf,4) != 0x45FF ) { + if (IS_IPC(conn) || + (conn->encrypt_level == Required && SVAL(req->inbuf,4) != 0x45FF )) { if (info_level != SMB_QUERY_CIFS_UNIX_INFO) { DEBUG(0,("call_trans2qfsinfo: encryption required " "and info level 0x%x sent.\n", @@ -2981,6 +2982,17 @@ static void call_trans2setfsinfo(connection_struct *conn, info_level = SVAL(params,2); + if (IS_IPC(conn)) { + if (info_level != SMB_REQUEST_TRANSPORT_ENCRYPTION && + info_level != SMB_SET_CIFS_UNIX_INFO) { + DEBUG(0,("call_trans2setfsinfo: not an allowed " + "info level (0x%x) on IPC$.\n", + (unsigned int)info_level)); + reply_nterror(req, NT_STATUS_ACCESS_DENIED); + return; + } + } + if (conn->encrypt_level == Required && SVAL(req->inbuf,4) != 0x45FF ) { if (info_level != SMB_REQUEST_TRANSPORT_ENCRYPTION) { DEBUG(0,("call_trans2setfsinfo: encryption required " @@ -7276,12 +7288,20 @@ void reply_trans2(connection_struct *conn, struct smb_request *req) return; } - if (IS_IPC(conn) && (tran_call != TRANSACT2_OPEN) - && (tran_call != TRANSACT2_GET_DFS_REFERRAL) - && (tran_call != TRANSACT2_QFILEINFO)) { - reply_doserror(req, ERRSRV, ERRaccess); - END_PROFILE(SMBtrans2); - return; + if (IS_IPC(conn)) { + switch (tran_call) { + /* List the allowed trans2 calls on IPC$ */ + case TRANSACT2_OPEN: + case TRANSACT2_GET_DFS_REFERRAL: + case TRANSACT2_QFILEINFO: + case TRANSACT2_QFSINFO: + case TRANSACT2_SETFSINFO: + break; + default: + reply_doserror(req, ERRSRV, ERRaccess); + END_PROFILE(SMBtrans2); + return; + } } if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { |