summaryrefslogtreecommitdiff
path: root/source4/smbd
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-09-24 03:34:55 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:59:07 -0500
commitfe45888e228d1452b8301b3b074794bd443a7fa5 (patch)
treec59bffe228cff9b125810effdc88383689236202 /source4/smbd
parent5d4fc1284ea662029f509a88ca49a2a5812f78f1 (diff)
downloadsamba-fe45888e228d1452b8301b3b074794bd443a7fa5.tar.gz
samba-fe45888e228d1452b8301b3b074794bd443a7fa5.tar.bz2
samba-fe45888e228d1452b8301b3b074794bd443a7fa5.zip
r2581: added "hosts allow" and "hosts deny" checking in smbd. I needed this
as my box keeps getting hit by viruses spreading on my companies internal network, which screws up my debug log badly (sigh). metze, I'm not sure if you think access.c should go in the socket library or not. It is closely tied to the socket functions, but you may prefer it separate. The access.c code is a port from Samba3, but with some cleanups to make it (slighly) less ugly. (This used to be commit 058b2fd99e3957d7d2a9544fd27071f1122eab68)
Diffstat (limited to 'source4/smbd')
-rw-r--r--source4/smbd/service.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/smbd/service.c b/source4/smbd/service.c
index 323bc62a85..278a763657 100644
--- a/source4/smbd/service.c
+++ b/source4/smbd/service.c
@@ -226,6 +226,11 @@ struct server_connection *server_setup_connection(struct event_context *ev, stru
srv_conn->event.fde = event_add_fd(ev,&fde);
srv_conn->event.idle = event_add_timed(ev,&idle);
+ if (!socket_check_access(sock, "smbd", lp_hostsallow(-1), lp_hostsdeny(-1))) {
+ server_terminate_connection(srv_conn, "denied by access rules");
+ return NULL;
+ }
+
return srv_conn;
}