search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Support storing statd-callout state in cluster filesystem
[samba4-gss.git] / source4 / smb_server / smb / negprot.c
blobad400a076c00db1fd4af16e7813c9a905e453888
1 /*
2 Unix SMB/CIFS implementation.
3 negprot reply code
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/filesys.h"
22 #include "auth/credentials/credentials.h"
23 #include "auth/gensec/gensec.h"
24 #include "auth/auth.h"
25 #include "smb_server/smb_server.h"
26 #include "libcli/smb2/smb2.h"
27 #include "smb_server/smb2/smb2_server.h"
28 #include "samba/service_stream.h"
29 #include "lib/stream/packet.h"
30 #include "param/param.h"
31
32
33 /* initialise the auth_context for this server and return the cryptkey */
34 static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8])
35 {
36 NTSTATUS nt_status;
37
38 /* multiple negprots are not permitted */
39 if (smb_conn->negotiate.auth_context) {
40 DEBUG(3,("get challenge: is this a secondary negprot? auth_context is non-NULL!\n"));
41 return NT_STATUS_FOOBAR;
42 }
43
44 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
45
46 nt_status = auth_context_create(smb_conn,
47 smb_conn->connection->event.ctx,
48 smb_conn->connection->msg_ctx,
49 smb_conn->lp_ctx,
50 &smb_conn->negotiate.auth_context);
51 if (!NT_STATUS_IS_OK(nt_status)) {
52 DEBUG(0, ("auth_context_create() returned %s\n", nt_errstr(nt_status)));
53 return nt_status;
54 }
55
56 nt_status = auth_get_challenge(smb_conn->negotiate.auth_context, buff);
57 if (!NT_STATUS_IS_OK(nt_status)) {
58 DEBUG(0, ("auth_get_challenge() returned %s\n", nt_errstr(nt_status)));
59 return nt_status;
60 }
61
62 return NT_STATUS_OK;
63 }
64
65 /****************************************************************************
66 Reply for the core protocol.
67 ****************************************************************************/
68 static void reply_corep(struct smbsrv_request *req, uint16_t choice)
69 {
70 smbsrv_setup_reply(req, 1, 0);
71
72 SSVAL(req->out.vwv, VWV(0), choice);
73
74 req->smb_conn->negotiate.protocol = PROTOCOL_CORE;
75
76 if (req->smb_conn->signing.mandatory_signing) {
77 smbsrv_terminate_connection(req->smb_conn,
78 "CORE does not support SMB signing, and it is mandatory\n");
79 return;
80 }
81
82 smbsrv_send_reply(req);
83 }
84
85 /****************************************************************************
86 Reply for the coreplus protocol.
87 this is quite incomplete - we only fill in a small part of the reply, but as nobody uses
88 this any more it probably doesn't matter
89 ****************************************************************************/
90 static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
91 {
92 uint16_t raw;
93 if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
94 raw = 0;
95 } else {
96 raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
97 (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
98 }
99
100 smbsrv_setup_reply(req, 13, 0);
101
102 /* Reply, SMBlockread, SMBwritelock supported. */
103 SCVAL(req->out.hdr,HDR_FLG,
104 CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
105
106 SSVAL(req->out.vwv, VWV(0), choice);
107 SSVAL(req->out.vwv, VWV(1), 0x1); /* user level security, don't encrypt */
108
109 /* tell redirector we support
110 readbraw and writebraw (possibly) */
111 SSVAL(req->out.vwv, VWV(5), raw);
112
113 req->smb_conn->negotiate.protocol = PROTOCOL_COREPLUS;
114
115 if (req->smb_conn->signing.mandatory_signing) {
116 smbsrv_terminate_connection(req->smb_conn,
117 "COREPLUS does not support SMB signing, and it is mandatory\n");
118 return;
119 }
120
121 smbsrv_send_reply(req);
122 }
123
124 /****************************************************************************
125 Reply for the lanman 1.0 protocol.
126 ****************************************************************************/
127 static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
128 {
129 int secword=0;
130 time_t t = req->request_time.tv_sec;
131 uint16_t raw;
132
133 if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
134 raw = 0;
135 } else {
136 raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
137 (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
138 }
139
140 req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
141
142 if (req->smb_conn->negotiate.encrypted_passwords)
143 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
144
145 req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN1;
146
147 smbsrv_setup_reply(req, 13, req->smb_conn->negotiate.encrypted_passwords ? 8 : 0);
148
149 /* SMBlockread, SMBwritelock supported. */
150 SCVAL(req->out.hdr,HDR_FLG,
151 CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
152
153 SSVAL(req->out.vwv, VWV(0), choice);
154 SSVAL(req->out.vwv, VWV(1), secword);
155 SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
156 SSVAL(req->out.vwv, VWV(3), lpcfg_max_mux(req->smb_conn->lp_ctx));
157 SSVAL(req->out.vwv, VWV(4), 1);
158 SSVAL(req->out.vwv, VWV(5), raw);
159 SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.pid);
160 srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
161 SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
162 SIVAL(req->out.vwv, VWV(11), 0); /* reserved */
163
164 /* Create a token value and add it to the outgoing packet. */
165 if (req->smb_conn->negotiate.encrypted_passwords) {
166 NTSTATUS nt_status;
167
168 SSVAL(req->out.vwv, VWV(11), 8);
169
170 nt_status = get_challenge(req->smb_conn, req->out.data);
171 if (!NT_STATUS_IS_OK(nt_status)) {
172 smbsrv_terminate_connection(req->smb_conn, "LANMAN1 get_challenge failed\n");
173 return;
174 }
175 }
176
177 if (req->smb_conn->signing.mandatory_signing) {
178 smbsrv_terminate_connection(req->smb_conn,
179 "LANMAN1 does not support SMB signing, and it is mandatory\n");
180 return;
181 }
182
183 smbsrv_send_reply(req);
184 }
185
186 /****************************************************************************
187 Reply for the lanman 2.0 protocol.
188 ****************************************************************************/
189 static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
190 {
191 int secword=0;
192 time_t t = req->request_time.tv_sec;
193 uint16_t raw;
194 if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
195 raw = 0;
196 } else {
197 raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
198 (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
199 }
200
201 req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
202
203 if (req->smb_conn->negotiate.encrypted_passwords)
204 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
205
206 req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN2;
207
208 smbsrv_setup_reply(req, 13, 0);
209
210 SSVAL(req->out.vwv, VWV(0), choice);
211 SSVAL(req->out.vwv, VWV(1), secword);
212 SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
213 SSVAL(req->out.vwv, VWV(3), lpcfg_max_mux(req->smb_conn->lp_ctx));
214 SSVAL(req->out.vwv, VWV(4), 1);
215 SSVAL(req->out.vwv, VWV(5), raw);
216 SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.pid);
217 srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
218 SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
219 SIVAL(req->out.vwv, VWV(11), 0);
220
221 /* Create a token value and add it to the outgoing packet. */
222 if (req->smb_conn->negotiate.encrypted_passwords) {
223 SSVAL(req->out.vwv, VWV(11), 8);
224 req_grow_data(req, 8);
225 get_challenge(req->smb_conn, req->out.data);
226 }
227
228 req_push_str(req, NULL, lpcfg_workgroup(req->smb_conn->lp_ctx), -1, STR_TERMINATE);
229
230 if (req->smb_conn->signing.mandatory_signing) {
231 smbsrv_terminate_connection(req->smb_conn,
232 "LANMAN2 does not support SMB signing, and it is mandatory\n");
233 return;
234 }
235
236 smbsrv_send_reply(req);
237 }
238
239 static void reply_nt1_orig(struct smbsrv_request *req)
240 {
241 /* Create a token value and add it to the outgoing packet. */
242 if (req->smb_conn->negotiate.encrypted_passwords) {
243 req_grow_data(req, 8);
244 /* note that we do not send a challenge at all if
245 we are using plaintext */
246 get_challenge(req->smb_conn, req->out.ptr);
247 req->out.ptr += 8;
248 SCVAL(req->out.vwv+1, VWV(16), 8);
249 }
250 req_push_str(req, NULL, lpcfg_workgroup(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
251 req_push_str(req, NULL, lpcfg_netbios_name(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
252 DEBUG(3,("not using extended security (SPNEGO or NTLMSSP)\n"));
253 }
254
255 /*
256 try to determine if the filesystem supports large files
257 */
258 static bool large_file_support(const char *path)
259 {
260 int fd;
261 ssize_t ret;
262 char c;
263
264 fd = open(path, O_RDWR|O_CREAT, 0600);
265 unlink(path);
266 if (fd == -1) {
267 /* have to assume large files are OK */
268 return true;
269 }
270 ret = pread(fd, &c, 1, ((uint64_t)1)<<32);
271 close(fd);
272 return ret == 0;
273 }
274
275 /****************************************************************************
276 Reply for the nt protocol.
277 ****************************************************************************/
278 static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
279 {
280 /* dual names + lock_and_read + nt SMBs + remote API calls */
281 int capabilities;
282 int secword=0;
283 time_t t = req->request_time.tv_sec;
284 NTTIME nttime;
285 bool negotiate_spnego = false;
286 char *large_test_path;
287
288 unix_to_nt_time(&nttime, t);
289
290 capabilities =
291 CAP_NT_FIND | CAP_LOCK_AND_READ |
292 CAP_LEVEL_II_OPLOCKS | CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
293
294 req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
295
296 /* do spnego in user level security if the client
297 supports it and we can do encrypted passwords */
298
299 if (req->smb_conn->negotiate.encrypted_passwords &&
300 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
301 negotiate_spnego = true;
302 capabilities |= CAP_EXTENDED_SECURITY;
303 }
304
305 if (lpcfg_large_readwrite(req->smb_conn->lp_ctx)) {
306 capabilities |= CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS;
307 }
308
309 large_test_path = lpcfg_lock_path(req, req->smb_conn->lp_ctx, "large_test.dat");
310 if (large_file_support(large_test_path)) {
311 capabilities |= CAP_LARGE_FILES;
312 }
313
314 if (!lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx) &&
315 lpcfg_read_raw(req->smb_conn->lp_ctx) &&
316 lpcfg_write_raw(req->smb_conn->lp_ctx)) {
317 capabilities |= CAP_RAW_MODE;
318 }
319
320 /* allow for disabling unicode */
321 if (lpcfg_unicode(req->smb_conn->lp_ctx)) {
322 capabilities |= CAP_UNICODE;
323 }
324
325 if (lpcfg_nt_status_support(req->smb_conn->lp_ctx)) {
326 capabilities |= CAP_STATUS32;
327 }
328
329 if (lpcfg_host_msdfs(req->smb_conn->lp_ctx)) {
330 capabilities |= CAP_DFS;
331 }
332
333 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
334
335 if (req->smb_conn->negotiate.encrypted_passwords) {
336 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
337 }
338
339 if (req->smb_conn->signing.allow_smb_signing) {
340 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
341 }
342
343 if (req->smb_conn->signing.mandatory_signing) {
344 secword |= NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
345 }
346
347 req->smb_conn->negotiate.protocol = PROTOCOL_NT1;
348
349 smbsrv_setup_reply(req, 17, 0);
350
351 SSVAL(req->out.vwv, VWV(0), choice);
352 SCVAL(req->out.vwv, VWV(1), secword);
353
354 /* notice the strange +1 on vwv here? That's because
355 this is the one and only SMB packet that is malformed in
356 the specification - all the command words after the secword
357 are offset by 1 byte */
358 SSVAL(req->out.vwv+1, VWV(1), lpcfg_max_mux(req->smb_conn->lp_ctx));
359 SSVAL(req->out.vwv+1, VWV(2), 1); /* num vcs */
360 SIVAL(req->out.vwv+1, VWV(3), req->smb_conn->negotiate.max_recv);
361 SIVAL(req->out.vwv+1, VWV(5), 0x10000); /* raw size. full 64k */
362 SIVAL(req->out.vwv+1, VWV(7), req->smb_conn->connection->server_id.pid); /* session key */
363
364 SIVAL(req->out.vwv+1, VWV(9), capabilities);
365 push_nttime(req->out.vwv+1, VWV(11), nttime);
366 SSVALS(req->out.vwv+1,VWV(15), req->smb_conn->negotiate.zone_offset/60);
367
368 if (!negotiate_spnego) {
369 reply_nt1_orig(req);
370 } else {
371 struct cli_credentials *server_credentials;
372 struct gensec_security *gensec_security;
373 DATA_BLOB null_data_blob = data_blob(NULL, 0);
374 DATA_BLOB blob = data_blob_null;
375 const char *oid;
376 NTSTATUS nt_status;
377
378 server_credentials =
379 cli_credentials_init_server(req, req->smb_conn->lp_ctx);
380 if (server_credentials == NULL) {
381 DBG_DEBUG("Failed to obtain server credentials, "
382 "perhaps a standalone server?\n");
383 /*
384 * Create anon server credentials for for the
385 * spoolss.notify test.
386 */
387 server_credentials = cli_credentials_init_anon(req);
388 if (server_credentials == NULL) {
389 smbsrv_terminate_connection(req->smb_conn,
390 "Failed to init server credentials\n");
391 return;
392 }
393 }
394
395 nt_status = samba_server_gensec_start(req,
396 req->smb_conn->connection->event.ctx,
397 req->smb_conn->connection->msg_ctx,
398 req->smb_conn->lp_ctx,
399 server_credentials,
400 "cifs",
401 &gensec_security);
402
403 if (!NT_STATUS_IS_OK(nt_status)) {
404 DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
405 smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
406 return;
407 }
408
409 if (req->smb_conn->negotiate.auth_context) {
410 smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
411 return;
412 }
413 req->smb_conn->negotiate.server_credentials = talloc_reparent(req, req->smb_conn, server_credentials);
414
415 oid = GENSEC_OID_SPNEGO;
416 nt_status = gensec_start_mech_by_oid(gensec_security, oid);
417
418 if (NT_STATUS_IS_OK(nt_status)) {
419 /* Get and push the proposed OID list into the packets */
420 nt_status = gensec_update(gensec_security, req,
421 null_data_blob, &blob);
422
423 if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
424 DEBUG(1, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
425 }
426 }
427
428 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
429 DEBUG(3,("using SPNEGO\n"));
430 } else {
431 DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status)));
432 oid = GENSEC_OID_NTLMSSP;
433 nt_status = gensec_start_mech_by_oid(gensec_security, oid);
434
435 if (!NT_STATUS_IS_OK(nt_status)) {
436 DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status)));
437 reply_nt1_orig(req);
438 return;
439 }
440 /* NTLMSSP is a client-first exchange */
441 blob = data_blob(NULL, 0);
442 DEBUG(3,("using raw-NTLMSSP\n"));
443 }
444
445 req->smb_conn->negotiate.oid = oid;
446
447 req_grow_data(req, blob.length + 16);
448 /* a NOT very random guid, perhaps we should get it
449 * from the credentials (kitchen sink...) */
450 memset(req->out.ptr, '\0', 16);
451 req->out.ptr += 16;
452
453 memcpy(req->out.ptr, blob.data, blob.length);
454 SCVAL(req->out.vwv+1, VWV(16), blob.length + 16);
455 req->out.ptr += blob.length;
456 }
457
458 smbsrv_send_reply_nosign(req);
459 }
460
461 /****************************************************************************
462 Reply for the SMB2 2.001 protocol
463 ****************************************************************************/
464 static void reply_smb2(struct smbsrv_request *req, uint16_t choice)
465 {
466 struct smbsrv_connection *smb_conn = req->smb_conn;
467 NTSTATUS status;
468
469 talloc_free(smb_conn->sessions.idtree_vuid);
470 ZERO_STRUCT(smb_conn->sessions);
471 talloc_free(smb_conn->smb_tcons.idtree_tid);
472 ZERO_STRUCT(smb_conn->smb_tcons);
473 ZERO_STRUCT(smb_conn->signing);
474
475 /* reply with a SMB2 packet */
476 status = smbsrv_init_smb2_connection(smb_conn);
477 if (!NT_STATUS_IS_OK(status)) {
478 smbsrv_terminate_connection(smb_conn, nt_errstr(status));
479 talloc_free(req);
480 return;
481 }
482 packet_set_callback(smb_conn->packet, smbsrv_recv_smb2_request);
483 smb2srv_reply_smb_negprot(req);
484 req = NULL;
485 }
486
487 /* List of supported protocols, most desired first */
488 static const struct {
489 const char *proto_name;
490 const char *short_name;
491 void (*proto_reply_fn)(struct smbsrv_request *req, uint16_t choice);
492 int protocol_level;
493 } supported_protocols[] = {
494 {"SMB 2.002", "SMB2", reply_smb2, PROTOCOL_SMB2_02},
495 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
496 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
497 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
498 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
499 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
500 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
501 {"Windows for Workgroups 3.1a", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
502 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
503 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
504 {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
505 {"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE},
506 {NULL,NULL,NULL,0},
507 };
508
509 /****************************************************************************
510 Reply to a negprot.
511 ****************************************************************************/
512
513 void smbsrv_reply_negprot(struct smbsrv_request *req)
514 {
515 int protocol;
516 uint8_t *p;
517 uint32_t protos_count = 0;
518 const char **protos = NULL;
519
520 if (req->smb_conn->negotiate.done_negprot) {
521 smbsrv_terminate_connection(req->smb_conn, "multiple negprot's are not permitted");
522 return;
523 }
524 req->smb_conn->negotiate.done_negprot = true;
525
526 p = req->in.data;
527 while (true) {
528 size_t len;
529
530 protos = talloc_realloc(req, protos, const char *, protos_count + 1);
531 if (!protos) {
532 smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
533 return;
534 }
535 protos[protos_count] = NULL;
536 len = req_pull_ascii4(&req->in.bufinfo, &protos[protos_count], p, STR_ASCII|STR_TERMINATE);
537 p += len;
538 if (len == 0 || !protos[protos_count]) break;
539
540 DEBUG(5,("Requested protocol [%d][%s]\n", protos_count, protos[protos_count]));
541 protos_count++;
542 }
543
544 /* Check for protocols, most desirable first */
545 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
546 int i;
547
548 if (supported_protocols[protocol].protocol_level > lpcfg_server_max_protocol(req->smb_conn->lp_ctx))
549 continue;
550 if (supported_protocols[protocol].protocol_level < lpcfg_server_min_protocol(req->smb_conn->lp_ctx))
551 continue;
552
553 for (i = 0; i < protos_count; i++) {
554 if (strcmp(supported_protocols[protocol].proto_name, protos[i]) != 0) continue;
555
556 supported_protocols[protocol].proto_reply_fn(req, i);
557 DEBUG(3,("Selected protocol [%d][%s]\n",
558 i, supported_protocols[protocol].proto_name));
559 return;
560 }
561 }
562
563 smbsrv_terminate_connection(req->smb_conn, "No protocol supported !");
564 }
GSS-enabled samba4