diff options
| author | Jeremy Allison <jra@samba.org> | 2007-12-27 23:51:03 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2007-12-27 23:51:03 -0800 |
| commit | afce2b245a8ff137a4ecea547c3cfb65ab58dc15 (patch) | |
| tree | 56c8f1258e0f042977b2f0defef53f96b9f6bfe8 /source3/smbd/process.c | |
| parent | 33f01360e0a40f6d1fa03035979d816ff9198d85 (diff) | |
| download | samba-afce2b245a8ff137a4ecea547c3cfb65ab58dc15.tar.gz samba-afce2b245a8ff137a4ecea547c3cfb65ab58dc15.tar.bz2 samba-afce2b245a8ff137a4ecea547c3cfb65ab58dc15.zip | |
Add the capability to set "smb encrypt = required"
on a share (or global) and have the server reply with
ACCESS_DENIED for all non-encrypted traffic (except
that used to query encryption requirements and set
encryption state).
Jeremy.
(This used to be commit d241bfa57729bb934ada6beabf842a2ca7b4f8a2)
Diffstat (limited to 'source3/smbd/process.c')
| -rw-r--r-- | source3/smbd/process.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 1260d52c77..48a6d18bc9 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1457,6 +1457,16 @@ static void switch_message(uint8 type, struct smb_request *req, int size) reply_doserror(req, ERRSRV, ERRaccess); return; } + + if (conn->encrypt_level == Required && SVAL(req->inbuf,4) != 0x45FF ) { + /* An encrypted packet has 0xFF 'E' at offset 4 + * which is little endian 0x45FF */ + uint8 com = CVAL(req->inbuf,smb_com); + if (com != SMBtrans2 && com != SMBtranss2) { + reply_nterror(req, NT_STATUS_ACCESS_DENIED); + return; + } + } conn->num_smb_operations++; } |