summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-09-23 06:37:35 +0200
committerStefan Metzmacher <metze@samba.org>2011-09-23 12:30:50 +0200
commit5494856294384df4360d85e68abc03c43dc16e06 (patch)
treee44e982e13c2fae2949fbd826344667f992c99a4
parent02d83d8fd4d21825110fd7da1ccb570a26e66ca6 (diff)
downloadsamba-5494856294384df4360d85e68abc03c43dc16e06.tar.gz
samba-5494856294384df4360d85e68abc03c43dc16e06.tar.bz2
samba-5494856294384df4360d85e68abc03c43dc16e06.zip
s3:smbd: disconnect the socket if we got an unexpected request
If we got a SMB2_OP_NEGPROT after the protocol is already negotiated or if we got a non SMB2_OP_NEGPROT before the protocol was negotiated we should close the connection (as windows does). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Sep 23 12:30:50 CEST 2011 on sn-devel-104
-rw-r--r--source3/smbd/smb2_negprot.c1
-rw-r--r--source3/smbd/smb2_server.c20
2 files changed, 20 insertions, 1 deletions
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 15bff823ef..c5ac2d553a 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -101,7 +101,6 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
uint32_t max_read = lp_smb2_max_read();
uint32_t max_write = lp_smb2_max_write();
-/* TODO: drop the connection with INVALID_PARAMETER */
status = smbd_smb2_request_verify_sizes(req, 0x24);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 368f342dd5..35da2af977 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1333,6 +1333,26 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
smb2_opcode_name(opcode),
(unsigned long long)mid));
+ if (get_Protocol() >= PROTOCOL_SMB2_02) {
+ /*
+ * once the protocol is negotiated
+ * SMB2_OP_NEGPROT is not allowed anymore
+ */
+ if (opcode == SMB2_OP_NEGPROT) {
+ /* drop the connection */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else {
+ /*
+ * if the protocol is not negotiated yet
+ * only SMB2_OP_NEGPROT is allowed.
+ */
+ if (opcode != SMB2_OP_NEGPROT) {
+ /* drop the connection */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
allowed_flags = SMB2_HDR_FLAG_CHAINED |
SMB2_HDR_FLAG_SIGNED |
SMB2_HDR_FLAG_DFS;