1 files changed, 31 insertions, 15 deletions

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index f61ad5d247..113131828f 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1351,7 +1351,6 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req)
 	uint16 session_tag;
 	connection_struct *conn = NULL;
 	struct smbd_server_connection *sconn = req->sconn;
-	char *raddr;
 
 	errno = 0;
 
@@ -1466,21 +1465,38 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req)
 		conn->num_smb_operations++;
 	}
 
-	raddr = tsocket_address_inet_addr_string(sconn->remote_address,
-						 talloc_tos());
-	if (raddr == NULL) {
-		reply_nterror(req, NT_STATUS_NO_MEMORY);
-		return conn;
-	}
+	/*
+	 * Does this protocol need to be run as guest? (Only archane
+	 * messenger service requests have this...)
+	 */
+	if (flags & AS_GUEST) {
+		char *raddr;
+		bool ok;
+
+		if (!change_to_guest()) {
+			reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return conn;
+		}
+
+		raddr = tsocket_address_inet_addr_string(sconn->remote_address,
+							 talloc_tos());
+		if (raddr == NULL) {
+			reply_nterror(req, NT_STATUS_NO_MEMORY);
+			return conn;
+		}
+
+		/*
+		 * Haven't we checked this in smbd_process already???
+		 */
+
+		ok = allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
+				  sconn->remote_hostname, raddr);
+		TALLOC_FREE(raddr);
 
-	/* does this protocol need to be run as guest? */
-	if ((flags & AS_GUEST)
-	    && (!change_to_guest() ||
-		!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
-			      sconn->remote_hostname,
-			      raddr))) {
-		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
-		return conn;
+		if (!ok) {
+			reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return conn;
+		}
 	}
 
 	smb_messages[type].fn(req);