s3: Limit the number of unexpected clients to 200

DoS protection like the max winbind clients. Settable by
nmbd:unexpected_clients

diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index 7ec5800e69af468be643cba8062e5201656f27d6..4543ffe7c65d20a177292b296341abe3ae74a9bd 100644 (file)
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -481,6 +481,15 @@ static void nb_packet_server_listener(struct tevent_context *ev,
 
        DLIST_ADD(server->clients, client);
        server->num_clients += 1;
+
+       if (server->num_clients > server->max_clients) {
+               DEBUG(10, ("Too many clients, dropping oldest\n"));
+
+               /*
+                * no TALLOC_FREE here, don't mess with the list structs
+                */
+               talloc_free(server->clients->prev);
+       }
 }
 
 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,

diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index ec5225a5ecacbc16c02319fe8885f86529b45f63..c2a5204fac9a9eb157cc1b85e71c41552ba20377 100644 (file)
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -37,8 +37,10 @@ bool nmbd_init_packet_server(void)
 {
        NTSTATUS status;
 
-       status = nb_packet_server_create(NULL, nmbd_event_context(), 0,
-                                        &packet_server);
+       status = nb_packet_server_create(
+               NULL, nmbd_event_context(),
+               lp_parm_int(-1, "nmbd", "unexpected_clients", 200),
+               &packet_server);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("ERROR: nb_packet_server_create failed: %s\n",
                          nt_errstr(status)));