1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s3:smb2_tcon: Add check to prevent non-DFS clients from connecting to an msdfs proxy.

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr  7 05:05:22 CEST 2018 on sn-devel-144
This commit is contained in:
Ralph Wuerthner 2018-03-29 10:00:41 +02:00 committed by Jeremy Allison
parent de48619c15
commit 5bba8c393d

View File

@ -270,6 +270,21 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
return NT_STATUS_BAD_NETWORK_NAME;
}
/* Handle non-DFS clients attempting connections to msdfs proxy */
if (lp_host_msdfs()) {
char *proxy = lp_msdfs_proxy(talloc_tos(), snum);
if ((proxy != NULL) && (*proxy != '\0')) {
DBG_NOTICE("refusing connection to dfs proxy share "
"'%s' (pointing to %s)\n",
service,
proxy);
TALLOC_FREE(proxy);
return NT_STATUS_BAD_NETWORK_NAME;
}
TALLOC_FREE(proxy);
}
if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) &&
(conn->smb2.server.cipher != 0))
{