From 9f1dfd8facaa59370afd93e89cc729de5cc3d9ba Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 17 Aug 2012 09:42:27 +0200 Subject: s3:smbd: don't disconnect the client when a share has "smb encrypt = required" It's not the client fault, if he doesn't know that encryption is required. We should just return ACCESS_DENIED and let the client work on other shares and open files on the current SMB connection. metze --- source3/smbd/process.c | 8 ++++++-- source3/smbd/trans2.c | 6 ++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/source3/smbd/process.c b/source3/smbd/process.c index f412f7b4cf..fd2c6a4b4a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1495,8 +1495,12 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req) conn->encrypt_level = SMB_SIGNING_REQUIRED; } else if (ENCRYPTION_REQUIRED(conn)) { if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) { - exit_server_cleanly("encryption required " - "on connection"); + DEBUG(1,("service[%s] requires encryption" + "%s ACCESS_DENIED. mid=%llu\n", + lp_servicename(talloc_tos(), SNUM(conn)), + smb_fn_name(type), + (unsigned long long)req->mid)); + reply_nterror(req, NT_STATUS_ACCESS_DENIED); return conn; } } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f09ad246b6..c703d918c6 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3553,8 +3553,7 @@ static void call_trans2qfsinfo(connection_struct *conn, DEBUG(0,("call_trans2qfsinfo: encryption required " "and info level 0x%x sent.\n", (unsigned int)info_level)); - exit_server_cleanly("encryption required " - "on connection"); + reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } } @@ -3624,8 +3623,7 @@ static void call_trans2setfsinfo(connection_struct *conn, DEBUG(0,("call_trans2setfsinfo: encryption required " "and info level 0x%x sent.\n", (unsigned int)info_level)); - exit_server_cleanly("encryption required " - "on connection"); + reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } } -- cgit