summaryrefslogtreecommitdiffstats
path: root/source3/smbd/process.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/process.c')
-rw-r--r--source3/smbd/process.c29
1 files changed, 27 insertions, 2 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index eb182199926..461fa99f398 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -769,6 +769,30 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
return(outsize);
}
+/****************************************************************************
+ Keep track of the number of running smbd's. This functionality is used to
+ 'hard' limit Samba overhead on resource constrained systems.
+****************************************************************************/
+static BOOL smbd_process_limit(void)
+{
+ int total_smbds;
+
+ if (lp_max_smbd_processes()) {
+
+ /* Always add one to the smbd process count, as exit_server() always
+ * subtracts one.
+ */
+ tdb_lock_bystring(conn_tdb_ctx(), "INFO/total_smbds");
+ total_smbds = tdb_fetch_int(conn_tdb_ctx(), "INFO/total_smbds");
+ total_smbds = total_smbds < 0 ? 1 : total_smbds + 1;
+ tdb_store_int(conn_tdb_ctx(), "INFO/total_smbds", total_smbds);
+ tdb_unlock_bystring(conn_tdb_ctx(), "INFO/total_smbds");
+
+ return total_smbds > lp_max_smbd_processes();
+ }
+ else
+ return False;
+}
/****************************************************************************
process an smb from the client - split out from the process() code so
@@ -792,8 +816,9 @@ void process_smb(char *inbuf, char *outbuf)
deny parameters before doing any parsing of the packet
passed to us by the client. This prevents attacks on our
parsing code from hosts not in the hosts allow list */
- if (!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) {
- /* send a negative session response "not listining on calling
+ if (smbd_process_limit() ||
+ !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) {
+ /* send a negative session response "not listening on calling
name" */
static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
DEBUG( 1, ( "Connection denied from %s\n",
generated by cgit (git 2.34.1) at 2024-11-19 20:15:00 +0000