s3:smbd: don't disconnect the client when a share has "smb encrypt = required"

It's not the client fault, if he doesn't know that encryption is required.
We should just return ACCESS_DENIED and let the client work on other
shares and open files on the current SMB connection.

metze

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index f412f7b4cfb82fbdf1a145e33342c6df0340096e..fd2c6a4b4a88d14b1453b4e5f9cb020a904f027d 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1495,8 +1495,12 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req)
                        conn->encrypt_level = SMB_SIGNING_REQUIRED;
                } else if (ENCRYPTION_REQUIRED(conn)) {
                        if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
-                               exit_server_cleanly("encryption required "
-                                       "on connection");
+                               DEBUG(1,("service[%s] requires encryption"
+                                       "%s ACCESS_DENIED. mid=%llu\n",
+                                       lp_servicename(talloc_tos(), SNUM(conn)),
+                                       smb_fn_name(type),
+                                       (unsigned long long)req->mid));
+                               reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                                return conn;
                        }
                }

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f09ad246b648bbb8a8206151dcae8d1982ad1716..c703d918c6865d323ffe1273b4839111998d9395 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3553,8 +3553,7 @@ static void call_trans2qfsinfo(connection_struct *conn,
                        DEBUG(0,("call_trans2qfsinfo: encryption required "
                                "and info level 0x%x sent.\n",
                                (unsigned int)info_level));
-                       exit_server_cleanly("encryption required "
-                               "on connection");
+                       reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                        return;
                }
        }
@@ -3624,8 +3623,7 @@ static void call_trans2setfsinfo(connection_struct *conn,
                        DEBUG(0,("call_trans2setfsinfo: encryption required "
                                "and info level 0x%x sent.\n",
                                (unsigned int)info_level));
-                       exit_server_cleanly("encryption required "
-                               "on connection");
+                       reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                        return;
                }
        }