mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3:smb2_tcon: Add check to prevent non-DFS clients from connecting to an msdfs proxy.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 7 05:05:22 CEST 2018 on sn-devel-144
This commit is contained in:
parent
de48619c15
commit
5bba8c393d
@ -270,6 +270,21 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
|
||||
return NT_STATUS_BAD_NETWORK_NAME;
|
||||
}
|
||||
|
||||
/* Handle non-DFS clients attempting connections to msdfs proxy */
|
||||
if (lp_host_msdfs()) {
|
||||
char *proxy = lp_msdfs_proxy(talloc_tos(), snum);
|
||||
|
||||
if ((proxy != NULL) && (*proxy != '\0')) {
|
||||
DBG_NOTICE("refusing connection to dfs proxy share "
|
||||
"'%s' (pointing to %s)\n",
|
||||
service,
|
||||
proxy);
|
||||
TALLOC_FREE(proxy);
|
||||
return NT_STATUS_BAD_NETWORK_NAME;
|
||||
}
|
||||
TALLOC_FREE(proxy);
|
||||
}
|
||||
|
||||
if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) &&
|
||||
(conn->smb2.server.cipher != 0))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user