mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
moved access.c into lib/ from smbd/ as it is needed by testparm. I
modified it not to need any smbd specific structures and instead pass
things from smbd.
(This used to be commit 162141d3b3
)
This commit is contained in:
parent
fa88efbbac
commit
670c6addc3
@ -87,7 +87,7 @@ LIB_OBJ = lib/charcnv.o lib/charset.o lib/debug.o lib/fault.o \
|
||||
lib/getsmbpass.o lib/interface.o lib/kanji.o lib/md4.o \
|
||||
lib/membuffer.o lib/netmask.o lib/pidfile.o lib/replace.o \
|
||||
lib/signal.o lib/slprintf.o lib/system.o lib/time.o lib/ufc.o \
|
||||
lib/util.o lib/genrand.o lib/username.o
|
||||
lib/util.o lib/genrand.o lib/username.o lib/access.o
|
||||
|
||||
UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \
|
||||
ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o
|
||||
@ -119,7 +119,7 @@ LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \
|
||||
PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \
|
||||
passdb/pass_check.o
|
||||
|
||||
SMBD_OBJ1 = smbd/server.o smbd/access.o smbd/chgpasswd.o smbd/connection.o \
|
||||
SMBD_OBJ1 = smbd/server.o smbd/chgpasswd.o smbd/connection.o \
|
||||
smbd/dfree.o smbd/dir.o smbd/password.o \
|
||||
smbd/groupname.o smbd/ipc.o smbd/ldap.o smbd/mangle.o \
|
||||
smbd/message.o smbd/nispass.o smbd/nttrans.o \
|
||||
@ -164,7 +164,6 @@ STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \
|
||||
$(UBIQX_OBJ) $(LIB_OBJ)
|
||||
|
||||
TESTPARM_OBJ = utils/testparm.o \
|
||||
smbd/access.o \
|
||||
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
|
||||
|
||||
TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(UBIQX_OBJ) \
|
||||
|
@ -1844,8 +1844,9 @@ BOOL api_wkssvc_rpc(pipes_struct *p, prs_struct *data);
|
||||
|
||||
/*The following definitions come from smbd/access.c */
|
||||
|
||||
BOOL check_access(int snum);
|
||||
BOOL allow_access(char *deny_list,char *allow_list,char *cname,char *caddr);
|
||||
BOOL allow_access(char *deny_list,char *allow_list,
|
||||
char *cname,char *caddr);
|
||||
BOOL check_access(int sock, char *allow_list, char *deny_list);
|
||||
|
||||
/*The following definitions come from smbd/chgpasswd.c */
|
||||
|
||||
|
@ -1,163 +1,115 @@
|
||||
/*
|
||||
This module is an adaption of code from the tcpd-1.4 package written
|
||||
by Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||||
This module is an adaption of code from the tcpd-1.4 package written
|
||||
by Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||||
|
||||
The code is used here with permission.
|
||||
The code is used here with permission.
|
||||
|
||||
The code has been considerably changed from the original. Bug reports
|
||||
should be sent to samba-bugs@samba.anu.edu.au
|
||||
The code has been considerably changed from the original. Bug reports
|
||||
should be sent to samba-bugs@samba.anu.edu.au
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#define ALLOW_PURE_ADDRESSES
|
||||
|
||||
extern int DEBUGLEVEL;
|
||||
|
||||
#ifndef INADDR_NONE
|
||||
#define INADDR_NONE ((uint32)~0)
|
||||
#endif
|
||||
|
||||
|
||||
#define Good True
|
||||
#define Bad False
|
||||
|
||||
#define CLIENT_MATCH client_match
|
||||
|
||||
/* Delimiters for lists of daemons or clients. */
|
||||
static char *sep = ", \t";
|
||||
|
||||
static char sep[] = ", \t";
|
||||
|
||||
/* Constants to be used in assignments only, not in comparisons... */
|
||||
|
||||
#define YES 1
|
||||
#define NO 0
|
||||
#define FAIL (-1)
|
||||
|
||||
/* Forward declarations. */
|
||||
static int list_match(char *list,char *item, int (*match_fn)(char *, char *));
|
||||
static int client_match(char *tok,char *item);
|
||||
static int string_match(char *tok,char *s);
|
||||
static int masked_match(char *tok, char *slash, char *s);
|
||||
|
||||
/* Size of logical line buffer. */
|
||||
#define BUFLEN 2048
|
||||
|
||||
/* return true if access should be allowed to a service*/
|
||||
BOOL check_access(int snum)
|
||||
/* masked_match - match address against netnumber/netmask */
|
||||
static int masked_match(char *tok, char *slash, char *s)
|
||||
{
|
||||
char *denyl,*allowl;
|
||||
BOOL ret = False;
|
||||
uint32 net;
|
||||
uint32 mask;
|
||||
uint32 addr;
|
||||
|
||||
denyl = lp_hostsdeny(snum);
|
||||
if (denyl) denyl = strdup(denyl);
|
||||
|
||||
allowl = lp_hostsallow(snum);
|
||||
if (allowl) allowl = strdup(allowl);
|
||||
|
||||
if ((!denyl || *denyl==0) && (!allowl || *allowl==0))
|
||||
ret = True;
|
||||
|
||||
if (!ret)
|
||||
{
|
||||
extern int Client;
|
||||
if (allow_access(denyl,allowl,client_name(Client),client_addr(Client)))
|
||||
{
|
||||
if (snum >= 0)
|
||||
DEBUG(2,("Allowed connection from %s (%s) to %s\n",
|
||||
client_name(Client),client_addr(Client),
|
||||
lp_servicename(snum)));
|
||||
ret = True;
|
||||
}
|
||||
else
|
||||
if (snum >= 0)
|
||||
DEBUG( 0, ( "Denied connection from %s (%s) to %s\n",
|
||||
client_name(Client),client_addr(Client),
|
||||
lp_servicename(snum) ) );
|
||||
}
|
||||
|
||||
if (denyl) free(denyl);
|
||||
if (allowl) free(allowl);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
||||
/* return true if access should be allowed */
|
||||
BOOL allow_access(char *deny_list,char *allow_list,char *cname,char *caddr)
|
||||
{
|
||||
char *client[2];
|
||||
|
||||
client[0] = cname;
|
||||
client[1] = caddr;
|
||||
|
||||
/* if theres no deny list and no allow list then allow access */
|
||||
if ((!deny_list || *deny_list == 0) && (!allow_list || *allow_list == 0))
|
||||
return(True);
|
||||
|
||||
/* if there is an allow list but no deny list then allow only hosts
|
||||
on the allow list */
|
||||
if (!deny_list || *deny_list == 0)
|
||||
return(list_match(allow_list,(char *)client,CLIENT_MATCH));
|
||||
|
||||
/* if theres a deny list but no allow list then allow
|
||||
all hosts not on the deny list */
|
||||
if (!allow_list || *allow_list == 0)
|
||||
return(!list_match(deny_list,(char *)client,CLIENT_MATCH));
|
||||
|
||||
/* if there are both type of list then allow all hosts on the allow list */
|
||||
if (list_match(allow_list,(char *)client,CLIENT_MATCH))
|
||||
return (True);
|
||||
|
||||
/* if there are both type of list and it's not on the allow then
|
||||
allow it if its not on the deny */
|
||||
if (list_match(deny_list,(char *)client,CLIENT_MATCH))
|
||||
if ((addr = interpret_addr(s)) == INADDR_NONE)
|
||||
return (False);
|
||||
|
||||
return (True);
|
||||
*slash = 0;
|
||||
net = interpret_addr(tok);
|
||||
*slash = '/';
|
||||
if (net == INADDR_NONE ||
|
||||
(mask = interpret_addr(slash + 1)) == INADDR_NONE) {
|
||||
DEBUG(0,("access: bad net/mask access control: %s", tok));
|
||||
return (False);
|
||||
}
|
||||
return ((addr & mask) == net);
|
||||
}
|
||||
|
||||
/* list_match - match an item against a list of tokens with exceptions */
|
||||
/* (All modifications are marked with the initials "jkf") */
|
||||
static int list_match(char *list,char *item, int (*match_fn)(char *, char *))
|
||||
/* string_match - match string against token */
|
||||
static int string_match(char *tok,char *s)
|
||||
{
|
||||
char *tok;
|
||||
char *listcopy; /* jkf */
|
||||
int match = NO;
|
||||
int tok_len;
|
||||
int str_len;
|
||||
char *cut;
|
||||
|
||||
/*
|
||||
* jkf@soton.ac.uk -- 31 August 1994 -- Stop list_match()
|
||||
* overwriting the list given as its first parameter.
|
||||
*/
|
||||
/* Return True if a token has the magic value "ALL". Return
|
||||
* FAIL if the token is "FAIL". If the token starts with a "."
|
||||
* (domain name), return True if it matches the last fields of
|
||||
* the string. If the token has the magic value "LOCAL",
|
||||
* return True if the string does not contain a "."
|
||||
* character. If the token ends on a "." (network number),
|
||||
* return True if it matches the first fields of the
|
||||
* string. If the token begins with a "@" (netgroup name),
|
||||
* return True if the string is a (host) member of the
|
||||
* netgroup. Return True if the token fully matches the
|
||||
* string. If the token is a netnumber/netmask pair, return
|
||||
* True if the address is a member of the specified subnet. */
|
||||
|
||||
/* jkf -- can get called recursively with NULL list */
|
||||
listcopy = (list == 0) ? (char *)0 : strdup(list);
|
||||
if (tok[0] == '.') { /* domain: match last fields */
|
||||
if ((str_len = strlen(s)) > (tok_len = strlen(tok))
|
||||
&& strcasecmp(tok, s + str_len - tok_len) == 0)
|
||||
return (True);
|
||||
} else if (tok[0] == '@') { /* netgroup: look it up */
|
||||
#ifdef HAVE_NETGROUP
|
||||
static char *mydomain = NULL;
|
||||
char *hostname = NULL;
|
||||
BOOL netgroup_ok = False;
|
||||
|
||||
/*
|
||||
* Process tokens one at a time. We have exhausted all possible matches
|
||||
* when we reach an "EXCEPT" token or the end of the list. If we do find
|
||||
* a match, look for an "EXCEPT" list and recurse to determine whether
|
||||
* the match is affected by any exceptions.
|
||||
*/
|
||||
if (!mydomain) yp_get_default_domain(&mydomain);
|
||||
|
||||
for (tok = strtok(listcopy, sep); tok ; tok = strtok(NULL, sep)) {
|
||||
if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
|
||||
break;
|
||||
if ((match = (*match_fn) (tok, item))) /* YES or FAIL */
|
||||
break;
|
||||
}
|
||||
/* Process exceptions to YES or FAIL matches. */
|
||||
|
||||
if (match != NO) {
|
||||
while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT"))
|
||||
/* VOID */ ;
|
||||
if (tok == 0 || list_match((char *) 0, item, match_fn) == NO) {
|
||||
if (listcopy != 0) free(listcopy); /* jkf */
|
||||
return (match);
|
||||
if (!mydomain) {
|
||||
DEBUG(0,("Unable to get default yp domain.\n"));
|
||||
return False;
|
||||
}
|
||||
if (!(hostname = strdup(s))) {
|
||||
DEBUG(1,("out of memory for strdup!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (listcopy != 0) free(listcopy); /* jkf */
|
||||
return (NO);
|
||||
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
|
||||
|
||||
DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n",
|
||||
hostname,
|
||||
mydomain,
|
||||
tok+1,
|
||||
BOOLSTR(netgroup_ok)));
|
||||
|
||||
free(hostname);
|
||||
|
||||
if (netgroup_ok) return(True);
|
||||
#else
|
||||
DEBUG(0,("access: netgroup support is not configured\n"));
|
||||
return (False);
|
||||
#endif
|
||||
} else if (strcasecmp(tok, "ALL") == 0) { /* all: match any */
|
||||
return (True);
|
||||
} else if (strcasecmp(tok, "FAIL") == 0) { /* fail: match any */
|
||||
return (FAIL);
|
||||
} else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
|
||||
if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0)
|
||||
return (True);
|
||||
} else if (!strcasecmp(tok, s)) { /* match host name or address */
|
||||
return (True);
|
||||
} else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */
|
||||
if (strncmp(tok, s, tok_len) == 0)
|
||||
return (True);
|
||||
} else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */
|
||||
if (isdigit(s[0]) && masked_match(tok, cut, s))
|
||||
return (True);
|
||||
}
|
||||
return (False);
|
||||
}
|
||||
|
||||
|
||||
@ -178,113 +130,114 @@ static int client_match(char *tok,char *item)
|
||||
return (match);
|
||||
}
|
||||
|
||||
/* string_match - match string against token */
|
||||
static int string_match(char *tok,char *s)
|
||||
/* list_match - match an item against a list of tokens with exceptions */
|
||||
/* (All modifications are marked with the initials "jkf") */
|
||||
static int list_match(char *list,char *item, int (*match_fn)(char *, char *))
|
||||
{
|
||||
int tok_len;
|
||||
int str_len;
|
||||
char *cut;
|
||||
char *tok;
|
||||
char *listcopy; /* jkf */
|
||||
int match = False;
|
||||
|
||||
/*
|
||||
* Return YES if a token has the magic value "ALL". Return FAIL if the
|
||||
* token is "FAIL". If the token starts with a "." (domain name), return
|
||||
* YES if it matches the last fields of the string. If the token has the
|
||||
* magic value "LOCAL", return YES if the string does not contain a "."
|
||||
* character. If the token ends on a "." (network number), return YES if
|
||||
* it matches the first fields of the string. If the token begins with a
|
||||
* "@" (netgroup name), return YES if the string is a (host) member of
|
||||
* the netgroup. Return YES if the token fully matches the string. If the
|
||||
* token is a netnumber/netmask pair, return YES if the address is a
|
||||
* member of the specified subnet.
|
||||
* jkf@soton.ac.uk -- 31 August 1994 -- Stop list_match()
|
||||
* overwriting the list given as its first parameter.
|
||||
*/
|
||||
|
||||
if (tok[0] == '.') { /* domain: match last fields */
|
||||
if ((str_len = strlen(s)) > (tok_len = strlen(tok))
|
||||
&& strcasecmp(tok, s + str_len - tok_len) == 0)
|
||||
return (YES);
|
||||
} else if (tok[0] == '@') { /* netgroup: look it up */
|
||||
#ifdef HAVE_NETGROUP
|
||||
static char *mydomain = NULL;
|
||||
char *hostname = NULL;
|
||||
BOOL netgroup_ok = False;
|
||||
/* jkf -- can get called recursively with NULL list */
|
||||
listcopy = (list == 0) ? (char *)0 : strdup(list);
|
||||
|
||||
if (!mydomain) yp_get_default_domain(&mydomain);
|
||||
/*
|
||||
* Process tokens one at a time. We have exhausted all possible matches
|
||||
* when we reach an "EXCEPT" token or the end of the list. If we do find
|
||||
* a match, look for an "EXCEPT" list and recurse to determine whether
|
||||
* the match is affected by any exceptions.
|
||||
*/
|
||||
|
||||
if (!mydomain) {
|
||||
DEBUG(0,("Unable to get default yp domain.\n"));
|
||||
return NO;
|
||||
}
|
||||
if (!(hostname = strdup(s))) {
|
||||
DEBUG(1,("out of memory for strdup!\n"));
|
||||
return NO;
|
||||
for (tok = strtok(listcopy, sep); tok ; tok = strtok(NULL, sep)) {
|
||||
if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
|
||||
break;
|
||||
if ((match = (*match_fn) (tok, item))) /* True or FAIL */
|
||||
break;
|
||||
}
|
||||
/* Process exceptions to True or FAIL matches. */
|
||||
|
||||
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
|
||||
|
||||
DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n",
|
||||
hostname,
|
||||
mydomain,
|
||||
tok+1,
|
||||
BOOLSTR(netgroup_ok)));
|
||||
|
||||
#ifdef NETGROUP_INSECURE
|
||||
/* if you really want netgroups that match non qualified names
|
||||
then define NETGROUP_INSECURE. It can, however, be a big
|
||||
security hole */
|
||||
{
|
||||
char *clnt_domain;
|
||||
if (!netgroup_ok && (clnt_domain=strchr(hostname,'.'))) {
|
||||
*clnt_domain++ = '\0';
|
||||
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
|
||||
if (match != False) {
|
||||
while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT"))
|
||||
/* VOID */ ;
|
||||
if (tok == 0 || list_match((char *) 0, item, match_fn) == False) {
|
||||
if (listcopy != 0) free(listcopy); /* jkf */
|
||||
return (match);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
free(hostname);
|
||||
|
||||
if (netgroup_ok) return(YES);
|
||||
#else
|
||||
DEBUG(0,("access: netgroup support is not configured\n"));
|
||||
return (NO);
|
||||
#endif
|
||||
} else if (strcasecmp(tok, "ALL") == 0) { /* all: match any */
|
||||
return (YES);
|
||||
} else if (strcasecmp(tok, "FAIL") == 0) { /* fail: match any */
|
||||
return (FAIL);
|
||||
} else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
|
||||
if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0)
|
||||
return (YES);
|
||||
} else if (!strcasecmp(tok, s)) { /* match host name or address */
|
||||
return (YES);
|
||||
} else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */
|
||||
if (strncmp(tok, s, tok_len) == 0)
|
||||
return (YES);
|
||||
} else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */
|
||||
if (isdigit(s[0]) && masked_match(tok, cut, s))
|
||||
return (YES);
|
||||
}
|
||||
return (NO);
|
||||
if (listcopy != 0) free(listcopy); /* jkf */
|
||||
return (False);
|
||||
}
|
||||
|
||||
/* masked_match - match address against netnumber/netmask */
|
||||
static int masked_match(char *tok, char *slash, char *s)
|
||||
|
||||
/* return true if access should be allowed */
|
||||
BOOL allow_access(char *deny_list,char *allow_list,
|
||||
char *cname,char *caddr)
|
||||
{
|
||||
uint32 net;
|
||||
uint32 mask;
|
||||
uint32 addr;
|
||||
char *client[2];
|
||||
|
||||
if ((addr = interpret_addr(s)) == INADDR_NONE)
|
||||
return (NO);
|
||||
*slash = 0;
|
||||
net = interpret_addr(tok);
|
||||
*slash = '/';
|
||||
if (net == INADDR_NONE || (mask = interpret_addr(slash + 1)) == INADDR_NONE) {
|
||||
DEBUG(0,("access: bad net/mask access control: %s", tok));
|
||||
return (NO);
|
||||
client[0] = cname;
|
||||
client[1] = caddr;
|
||||
|
||||
/* if theres no deny list and no allow list then allow access */
|
||||
if ((!deny_list || *deny_list == 0) &&
|
||||
(!allow_list || *allow_list == 0)) {
|
||||
return(True);
|
||||
}
|
||||
return ((addr & mask) == net);
|
||||
|
||||
/* if there is an allow list but no deny list then allow only hosts
|
||||
on the allow list */
|
||||
if (!deny_list || *deny_list == 0)
|
||||
return(list_match(allow_list,(char *)client,client_match));
|
||||
|
||||
/* if theres a deny list but no allow list then allow
|
||||
all hosts not on the deny list */
|
||||
if (!allow_list || *allow_list == 0)
|
||||
return(!list_match(deny_list,(char *)client,client_match));
|
||||
|
||||
/* if there are both type of list then allow all hosts on the
|
||||
allow list */
|
||||
if (list_match(allow_list,(char *)client,client_match))
|
||||
return (True);
|
||||
|
||||
/* if there are both type of list and it's not on the allow then
|
||||
allow it if its not on the deny */
|
||||
if (list_match(deny_list,(char *)client,client_match))
|
||||
return (False);
|
||||
|
||||
return (True);
|
||||
}
|
||||
|
||||
/* return true if access should be allowed to a service for a socket */
|
||||
BOOL check_access(int sock, char *allow_list, char *deny_list)
|
||||
{
|
||||
BOOL ret = False;
|
||||
|
||||
if (deny_list) deny_list = strdup(deny_list);
|
||||
if (allow_list) allow_list = strdup(allow_list);
|
||||
|
||||
if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) {
|
||||
ret = True;
|
||||
}
|
||||
|
||||
if (!ret) {
|
||||
if (allow_access(deny_list,allow_list,
|
||||
client_name(sock),client_addr(sock))) {
|
||||
DEBUG(2,("Allowed connection from %s (%s)\n",
|
||||
client_name(sock),client_addr(sock)));
|
||||
ret = True;
|
||||
} else {
|
||||
DEBUG(0,("Denied connection from %s (%s)\n",
|
||||
client_name(sock),client_addr(sock)));
|
||||
}
|
||||
}
|
||||
|
||||
if (deny_list) free(deny_list);
|
||||
if (allow_list) free(allow_list);
|
||||
return(ret);
|
||||
}
|
||||
|
@ -2679,7 +2679,7 @@ static void process_smb(char *inbuf, char *outbuf)
|
||||
deny parameters before doing any parsing of the packet
|
||||
passed to us by the client. This prevents attacks on our
|
||||
parsing code from hosts not in the hosts allow list */
|
||||
if (!check_access(-1)) {
|
||||
if (!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1))) {
|
||||
/* send a negative session response "not listining on calling
|
||||
name" */
|
||||
static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
|
||||
@ -3459,6 +3459,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
|
||||
connection_struct *pcon;
|
||||
BOOL guest = False;
|
||||
BOOL force = False;
|
||||
extern int Client;
|
||||
|
||||
strlower(service);
|
||||
|
||||
@ -3503,7 +3504,8 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
|
||||
}
|
||||
}
|
||||
|
||||
if (!lp_snum_ok(snum) || !check_access(snum)) {
|
||||
if (!lp_snum_ok(snum) ||
|
||||
!check_access(Client, lp_hostsallow(snum), lp_hostsdeny(snum))) {
|
||||
return(-4);
|
||||
}
|
||||
|
||||
@ -4649,6 +4651,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
|
||||
static int num_smb_messages =
|
||||
sizeof(smb_messages) / sizeof(struct smb_message_struct);
|
||||
int match;
|
||||
extern int Client;
|
||||
|
||||
#if PROFILING
|
||||
struct timeval msg_start_time;
|
||||
@ -4756,8 +4759,11 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
|
||||
return(ERROR(ERRSRV,ERRaccess));
|
||||
|
||||
/* does this protocol need to be run as guest? */
|
||||
if ((flags & AS_GUEST) && (!become_guest() || !check_access(-1)))
|
||||
if ((flags & AS_GUEST) &&
|
||||
(!become_guest() ||
|
||||
!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1)))) {
|
||||
return(ERROR(ERRSRV,ERRaccess));
|
||||
}
|
||||
|
||||
last_inbuf = inbuf;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user