summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-08-17 09:42:27 +0200
committerStefan Metzmacher <metze@samba.org>2012-08-17 14:51:57 +0200
commit9f1dfd8facaa59370afd93e89cc729de5cc3d9ba (patch)
treebaf1f747dc2e9e7a2f8c5086156ec539e85ddbf6 /source3/smbd
parente5d4e8df6b8186b71aa72dd7817f5579b44fee2f (diff)
downloadsamba-9f1dfd8facaa59370afd93e89cc729de5cc3d9ba.tar.gz
samba-9f1dfd8facaa59370afd93e89cc729de5cc3d9ba.tar.bz2
samba-9f1dfd8facaa59370afd93e89cc729de5cc3d9ba.zip
s3:smbd: don't disconnect the client when a share has "smb encrypt = required"
It's not the client fault, if he doesn't know that encryption is required. We should just return ACCESS_DENIED and let the client work on other shares and open files on the current SMB connection. metze
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/process.c8
-rw-r--r--source3/smbd/trans2.c6
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index f412f7b4cf..fd2c6a4b4a 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1495,8 +1495,12 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req)
conn->encrypt_level = SMB_SIGNING_REQUIRED;
} else if (ENCRYPTION_REQUIRED(conn)) {
if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
- exit_server_cleanly("encryption required "
- "on connection");
+ DEBUG(1,("service[%s] requires encryption"
+ "%s ACCESS_DENIED. mid=%llu\n",
+ lp_servicename(talloc_tos(), SNUM(conn)),
+ smb_fn_name(type),
+ (unsigned long long)req->mid));
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return conn;
}
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f09ad246b6..c703d918c6 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3553,8 +3553,7 @@ static void call_trans2qfsinfo(connection_struct *conn,
DEBUG(0,("call_trans2qfsinfo: encryption required "
"and info level 0x%x sent.\n",
(unsigned int)info_level));
- exit_server_cleanly("encryption required "
- "on connection");
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
}
@@ -3624,8 +3623,7 @@ static void call_trans2setfsinfo(connection_struct *conn,
DEBUG(0,("call_trans2setfsinfo: encryption required "
"and info level 0x%x sent.\n",
(unsigned int)info_level));
- exit_server_cleanly("encryption required "
- "on connection");
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
}