2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "smbprofile.h"
36 #include "rpc_server/spoolss/srv_spoolss_nt.h"
37 #include "libsmb/libsmb.h"
38 #include "../lib/util/tevent_ntstatus.h"
39 #include "../libcli/security/dom_sid.h"
40 #include "../libcli/security/security_token.h"
41 #include "lib/id_cache.h"
42 #include "lib/sys_rw_data.h"
44 #include "system/threads.h"
46 /* Internal message queue for deferred opens. */
47 struct pending_message_list {
48 struct pending_message_list *next, *prev;
49 struct timeval request_time; /* When was this first issued? */
50 struct smbd_server_connection *sconn;
51 struct smbXsrv_connection *xconn;
52 struct tevent_timer *te;
53 struct smb_perfcount_data pcd;
58 struct deferred_open_record *open_rec;
61 static void construct_reply_common(uint8_t cmd, const uint8_t *inbuf,
63 static struct pending_message_list *get_deferred_open_message_smb(
64 struct smbd_server_connection *sconn, uint64_t mid);
65 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf);
67 static void smbd_echo_init(struct smbXsrv_connection *xconn)
69 xconn->smb1.echo_handler.trusted_fd = -1;
70 xconn->smb1.echo_handler.socket_lock_fd = -1;
71 #ifdef HAVE_ROBUST_MUTEXES
72 xconn->smb1.echo_handler.socket_mutex = NULL;
76 static bool smbd_echo_active(struct smbXsrv_connection *xconn)
78 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
82 #ifdef HAVE_ROBUST_MUTEXES
83 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
91 static bool smbd_lock_socket_internal(struct smbXsrv_connection *xconn)
93 if (!smbd_echo_active(xconn)) {
97 xconn->smb1.echo_handler.ref_count++;
99 if (xconn->smb1.echo_handler.ref_count > 1) {
103 DEBUG(10,("pid[%d] wait for socket lock\n", (int)getpid()));
105 #ifdef HAVE_ROBUST_MUTEXES
106 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
109 while (ret == EINTR) {
110 ret = pthread_mutex_lock(
111 xconn->smb1.echo_handler.socket_mutex);
117 DEBUG(1, ("pthread_mutex_lock failed: %s\n",
124 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
129 xconn->smb1.echo_handler.socket_lock_fd,
130 F_SETLKW, 0, 0, F_WRLCK);
131 } while (!ok && (errno == EINTR));
134 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
139 DEBUG(10,("pid[%d] got socket lock\n", (int)getpid()));
144 void smbd_lock_socket(struct smbXsrv_connection *xconn)
146 if (!smbd_lock_socket_internal(xconn)) {
147 exit_server_cleanly("failed to lock socket");
151 static bool smbd_unlock_socket_internal(struct smbXsrv_connection *xconn)
153 if (!smbd_echo_active(xconn)) {
157 xconn->smb1.echo_handler.ref_count--;
159 if (xconn->smb1.echo_handler.ref_count > 0) {
163 #ifdef HAVE_ROBUST_MUTEXES
164 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
167 while (ret == EINTR) {
168 ret = pthread_mutex_unlock(
169 xconn->smb1.echo_handler.socket_mutex);
175 DEBUG(1, ("pthread_mutex_unlock failed: %s\n",
182 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
187 xconn->smb1.echo_handler.socket_lock_fd,
188 F_SETLKW, 0, 0, F_UNLCK);
189 } while (!ok && (errno == EINTR));
192 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
197 DEBUG(10,("pid[%d] unlocked socket\n", (int)getpid()));
202 void smbd_unlock_socket(struct smbXsrv_connection *xconn)
204 if (!smbd_unlock_socket_internal(xconn)) {
205 exit_server_cleanly("failed to unlock socket");
209 /* Accessor function for smb_read_error for smbd functions. */
211 /****************************************************************************
213 ****************************************************************************/
215 bool srv_send_smb(struct smbXsrv_connection *xconn, char *buffer,
216 bool do_signing, uint32_t seqnum,
218 struct smb_perfcount_data *pcd)
222 char *buf_out = buffer;
224 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
226 * we're not supposed to do any io
231 smbd_lock_socket(xconn);
234 /* Sign the outgoing packet if required. */
235 srv_calculate_sign_mac(xconn, buf_out, seqnum);
239 NTSTATUS status = srv_encrypt_buffer(xconn, buffer, &buf_out);
240 if (!NT_STATUS_IS_OK(status)) {
241 DEBUG(0, ("send_smb: SMB encryption failed "
242 "on outgoing packet! Error %s\n",
243 nt_errstr(status) ));
249 len = smb_len_large(buf_out) + 4;
251 ret = write_data(xconn->transport.sock, buf_out, len);
253 int saved_errno = errno;
255 * Try and give an error message saying what
258 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
259 (int)getpid(), (int)len,
260 smbXsrv_connection_dbg(xconn),
261 (int)ret, strerror(saved_errno)));
264 srv_free_enc_buffer(xconn, buf_out);
268 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
269 srv_free_enc_buffer(xconn, buf_out);
271 SMB_PERFCOUNT_END(pcd);
273 smbd_unlock_socket(xconn);
277 /*******************************************************************
278 Setup the word count and byte count for a smb message.
279 ********************************************************************/
281 int srv_set_message(char *buf,
286 if (zero && (num_words || num_bytes)) {
287 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
289 SCVAL(buf,smb_wct,num_words);
290 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
291 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
292 return (smb_size + num_words*2 + num_bytes);
295 static bool valid_smb_header(const uint8_t *inbuf)
297 if (is_encrypted_packet(inbuf)) {
301 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
302 * but it just looks weird to call strncmp for this one.
304 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
307 /* Socket functions for smbd packet processing. */
309 static bool valid_packet_size(size_t len)
312 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
313 * of header. Don't print the error if this fits.... JRA.
316 if (len > (LARGE_WRITEX_BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
317 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
318 (unsigned long)len));
324 static NTSTATUS read_packet_remainder(int fd, char *buffer,
325 unsigned int timeout, ssize_t len)
333 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
334 if (!NT_STATUS_IS_OK(status)) {
335 char addr[INET6_ADDRSTRLEN];
336 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
338 get_peer_addr(fd, addr, sizeof(addr)),
344 /****************************************************************************
345 Attempt a zerocopy writeX read. We know here that len > smb_size-4
346 ****************************************************************************/
349 * Unfortunately, earlier versions of smbclient/libsmbclient
350 * don't send this "standard" writeX header. I've fixed this
351 * for 3.2 but we'll use the old method with earlier versions.
352 * Windows and CIFSFS at least use this standard size. Not
356 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
357 (2*14) + /* word count (including bcc) */ \
360 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
361 const char lenbuf[4],
362 struct smbXsrv_connection *xconn,
365 unsigned int timeout,
369 /* Size of a WRITEX call (+4 byte len). */
370 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
371 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
375 memcpy(writeX_header, lenbuf, 4);
377 status = read_fd_with_timeout(
378 sock, writeX_header + 4,
379 STANDARD_WRITE_AND_X_HEADER_SIZE,
380 STANDARD_WRITE_AND_X_HEADER_SIZE,
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
386 smbXsrv_connection_dbg(xconn),
392 * Ok - now try and see if this is a possible
396 if (is_valid_writeX_buffer(xconn, (uint8_t *)writeX_header)) {
398 * If the data offset is beyond what
399 * we've read, drain the extra bytes.
401 uint16_t doff = SVAL(writeX_header,smb_vwv11);
404 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
405 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
406 if (drain_socket(sock, drain) != drain) {
407 smb_panic("receive_smb_raw_talloc_partial_read:"
408 " failed to drain pending bytes");
411 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
414 /* Spoof down the length and null out the bcc. */
415 set_message_bcc(writeX_header, 0);
416 newlen = smb_len(writeX_header);
418 /* Copy the header we've written. */
420 *buffer = (char *)talloc_memdup(mem_ctx,
422 sizeof(writeX_header));
424 if (*buffer == NULL) {
425 DEBUG(0, ("Could not allocate inbuf of length %d\n",
426 (int)sizeof(writeX_header)));
427 return NT_STATUS_NO_MEMORY;
430 /* Work out the remaining bytes. */
431 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
432 *len_ret = newlen + 4;
436 if (!valid_packet_size(len)) {
437 return NT_STATUS_INVALID_PARAMETER;
441 * Not a valid writeX call. Just do the standard
445 *buffer = talloc_array(mem_ctx, char, len+4);
447 if (*buffer == NULL) {
448 DEBUG(0, ("Could not allocate inbuf of length %d\n",
450 return NT_STATUS_NO_MEMORY;
453 /* Copy in what we already read. */
456 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
457 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
460 status = read_packet_remainder(
462 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
465 if (!NT_STATUS_IS_OK(status)) {
466 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
476 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
477 struct smbXsrv_connection *xconn,
479 char **buffer, unsigned int timeout,
480 size_t *p_unread, size_t *plen)
484 int min_recv_size = lp_min_receive_file_size();
489 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
491 if (!NT_STATUS_IS_OK(status)) {
495 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
496 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
497 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
498 !srv_is_signing_active(xconn) &&
499 xconn->smb1.echo_handler.trusted_fde == NULL) {
501 return receive_smb_raw_talloc_partial_read(
502 mem_ctx, lenbuf, xconn, sock, buffer, timeout,
506 if (!valid_packet_size(len)) {
507 return NT_STATUS_INVALID_PARAMETER;
511 * The +4 here can't wrap, we've checked the length above already.
514 *buffer = talloc_array(mem_ctx, char, len+4);
516 if (*buffer == NULL) {
517 DEBUG(0, ("Could not allocate inbuf of length %d\n",
519 return NT_STATUS_NO_MEMORY;
522 memcpy(*buffer, lenbuf, sizeof(lenbuf));
524 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
525 if (!NT_STATUS_IS_OK(status)) {
533 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
534 struct smbXsrv_connection *xconn,
536 char **buffer, unsigned int timeout,
537 size_t *p_unread, bool *p_encrypted,
540 bool trusted_channel)
545 *p_encrypted = false;
547 status = receive_smb_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
549 if (!NT_STATUS_IS_OK(status)) {
550 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
551 ("receive_smb_raw_talloc failed for client %s "
552 "read error = %s.\n",
553 smbXsrv_connection_dbg(xconn),
554 nt_errstr(status)) );
558 if (is_encrypted_packet((uint8_t *)*buffer)) {
559 status = srv_decrypt_buffer(xconn, *buffer);
560 if (!NT_STATUS_IS_OK(status)) {
561 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
562 "incoming packet! Error %s\n",
563 nt_errstr(status) ));
569 /* Check the incoming SMB signature. */
570 if (!srv_check_sign_mac(xconn, *buffer, seqnum, trusted_channel)) {
571 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
572 "incoming packet!\n"));
573 return NT_STATUS_INVALID_NETWORK_RESPONSE;
581 * Initialize a struct smb_request from an inbuf
584 static bool init_smb_request(struct smb_request *req,
585 struct smbd_server_connection *sconn,
586 struct smbXsrv_connection *xconn,
587 const uint8_t *inbuf,
588 size_t unread_bytes, bool encrypted,
591 struct smbXsrv_tcon *tcon;
594 size_t req_size = smb_len(inbuf) + 4;
596 /* Ensure we have at least smb_size bytes. */
597 if (req_size < smb_size) {
598 DEBUG(0,("init_smb_request: invalid request size %u\n",
599 (unsigned int)req_size ));
603 req->request_time = timeval_current();
604 now = timeval_to_nttime(&req->request_time);
606 req->cmd = CVAL(inbuf, smb_com);
607 req->flags2 = SVAL(inbuf, smb_flg2);
608 req->smbpid = SVAL(inbuf, smb_pid);
609 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
610 req->seqnum = seqnum;
611 req->vuid = SVAL(inbuf, smb_uid);
612 req->tid = SVAL(inbuf, smb_tid);
613 req->wct = CVAL(inbuf, smb_wct);
614 req->vwv = (const uint16_t *)(inbuf+smb_vwv);
615 req->buflen = smb_buflen(inbuf);
616 req->buf = (const uint8_t *)smb_buf_const(inbuf);
617 req->unread_bytes = unread_bytes;
618 req->encrypted = encrypted;
623 status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
624 if (NT_STATUS_IS_OK(status)) {
625 req->conn = tcon->compat;
628 req->chain_fsp = NULL;
630 req->priv_paths = NULL;
632 smb_init_perfcount_data(&req->pcd);
634 /* Ensure we have at least wct words and 2 bytes of bcc. */
635 if (smb_size + req->wct*2 > req_size) {
636 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
637 (unsigned int)req->wct,
638 (unsigned int)req_size));
641 /* Ensure bcc is correct. */
642 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
643 DEBUG(0,("init_smb_request: invalid bcc number %u "
644 "(wct = %u, size %u)\n",
645 (unsigned int)req->buflen,
646 (unsigned int)req->wct,
647 (unsigned int)req_size));
655 static void process_smb(struct smbXsrv_connection *xconn,
656 uint8_t *inbuf, size_t nread, size_t unread_bytes,
657 uint32_t seqnum, bool encrypted,
658 struct smb_perfcount_data *deferred_pcd);
660 static void smbd_deferred_open_timer(struct tevent_context *ev,
661 struct tevent_timer *te,
662 struct timeval _tval,
665 struct pending_message_list *msg = talloc_get_type(private_data,
666 struct pending_message_list);
667 struct smbd_server_connection *sconn = msg->sconn;
668 struct smbXsrv_connection *xconn = msg->xconn;
669 TALLOC_CTX *mem_ctx = talloc_tos();
670 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
673 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
676 exit_server("smbd_deferred_open_timer: talloc failed\n");
680 /* We leave this message on the queue so the open code can
681 know this is a retry. */
682 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
683 (unsigned long long)mid ));
685 /* Mark the message as processed so this is not
686 * re-processed in error. */
687 msg->processed = true;
689 process_smb(xconn, inbuf,
691 msg->seqnum, msg->encrypted, &msg->pcd);
693 /* If it's still there and was processed, remove it. */
694 msg = get_deferred_open_message_smb(sconn, mid);
695 if (msg && msg->processed) {
696 remove_deferred_open_message_smb(xconn, mid);
700 /****************************************************************************
701 Function to push a message onto the tail of a linked list of smb messages ready
703 ****************************************************************************/
705 static bool push_queued_message(struct smb_request *req,
706 struct timeval request_time,
707 struct timeval end_time,
708 struct deferred_open_record *open_rec)
710 int msg_len = smb_len(req->inbuf) + 4;
711 struct pending_message_list *msg;
713 msg = talloc_zero(NULL, struct pending_message_list);
716 DEBUG(0,("push_message: malloc fail (1)\n"));
719 msg->sconn = req->sconn;
720 msg->xconn = req->xconn;
722 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
723 if(msg->buf.data == NULL) {
724 DEBUG(0,("push_message: malloc fail (2)\n"));
729 msg->request_time = request_time;
730 msg->seqnum = req->seqnum;
731 msg->encrypted = req->encrypted;
732 msg->processed = false;
733 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
736 msg->open_rec = talloc_move(msg, &open_rec);
740 msg->te = tevent_add_timer(msg->sconn->ev_ctx,
743 smbd_deferred_open_timer,
746 DEBUG(0,("push_message: event_add_timed failed\n"));
752 DLIST_ADD_END(req->sconn->deferred_open_queue, msg,
753 struct pending_message_list *);
755 DEBUG(10,("push_message: pushed message length %u on "
756 "deferred_open_queue\n", (unsigned int)msg_len));
761 /****************************************************************************
762 Function to delete a sharing violation open message by mid.
763 ****************************************************************************/
765 void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
768 struct smbd_server_connection *sconn = xconn->client->sconn;
769 struct pending_message_list *pml;
771 if (sconn->using_smb2) {
772 remove_deferred_open_message_smb2(xconn, mid);
776 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
777 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
778 DEBUG(10,("remove_deferred_open_message_smb: "
779 "deleting mid %llu len %u\n",
780 (unsigned long long)mid,
781 (unsigned int)pml->buf.length ));
782 DLIST_REMOVE(sconn->deferred_open_queue, pml);
789 /****************************************************************************
790 Move a sharing violation open retry message to the front of the list and
791 schedule it for immediate processing.
792 ****************************************************************************/
794 bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
797 struct smbd_server_connection *sconn = xconn->client->sconn;
798 struct pending_message_list *pml;
801 if (sconn->using_smb2) {
802 return schedule_deferred_open_message_smb2(xconn, mid);
805 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
806 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
808 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
811 (unsigned long long)msg_mid ));
813 if (mid == msg_mid) {
814 struct tevent_timer *te;
816 if (pml->processed) {
817 /* A processed message should not be
819 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
820 "message mid %llu was already processed\n",
821 (unsigned long long)msg_mid ));
825 DEBUG(10,("schedule_deferred_open_message_smb: "
826 "scheduling mid %llu\n",
827 (unsigned long long)mid ));
829 te = tevent_add_timer(pml->sconn->ev_ctx,
832 smbd_deferred_open_timer,
835 DEBUG(10,("schedule_deferred_open_message_smb: "
836 "event_add_timed() failed, "
837 "skipping mid %llu\n",
838 (unsigned long long)msg_mid ));
841 TALLOC_FREE(pml->te);
843 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
848 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
849 "find message mid %llu\n",
850 (unsigned long long)mid ));
855 /****************************************************************************
856 Return true if this mid is on the deferred queue and was not yet processed.
857 ****************************************************************************/
859 bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
861 struct smbd_server_connection *sconn = xconn->client->sconn;
862 struct pending_message_list *pml;
864 if (sconn->using_smb2) {
865 return open_was_deferred_smb2(xconn, mid);
868 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
869 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
876 /****************************************************************************
877 Return the message queued by this mid.
878 ****************************************************************************/
880 static struct pending_message_list *get_deferred_open_message_smb(
881 struct smbd_server_connection *sconn, uint64_t mid)
883 struct pending_message_list *pml;
885 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
886 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
893 /****************************************************************************
894 Get the state data queued by this mid.
895 ****************************************************************************/
897 bool get_deferred_open_message_state(struct smb_request *smbreq,
898 struct timeval *p_request_time,
899 struct deferred_open_record **open_rec)
901 struct pending_message_list *pml;
903 if (smbreq->sconn->using_smb2) {
904 return get_deferred_open_message_state_smb2(smbreq->smb2req,
909 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
913 if (p_request_time) {
914 *p_request_time = pml->request_time;
916 if (open_rec != NULL) {
917 *open_rec = pml->open_rec;
922 /****************************************************************************
923 Function to push a deferred open smb message onto a linked list of local smb
924 messages ready for processing.
925 ****************************************************************************/
927 bool push_deferred_open_message_smb(struct smb_request *req,
928 struct timeval request_time,
929 struct timeval timeout,
931 struct deferred_open_record *open_rec)
933 struct timeval end_time;
936 return push_deferred_open_message_smb2(req->smb2req,
943 if (req->unread_bytes) {
944 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
945 "unread_bytes = %u\n",
946 (unsigned int)req->unread_bytes ));
947 smb_panic("push_deferred_open_message_smb: "
948 "logic error unread_bytes != 0" );
951 end_time = timeval_sum(&request_time, &timeout);
953 DEBUG(10,("push_deferred_open_message_smb: pushing message "
954 "len %u mid %llu timeout time [%u.%06u]\n",
955 (unsigned int) smb_len(req->inbuf)+4,
956 (unsigned long long)req->mid,
957 (unsigned int)end_time.tv_sec,
958 (unsigned int)end_time.tv_usec));
960 return push_queued_message(req, request_time, end_time, open_rec);
963 static void smbd_sig_term_handler(struct tevent_context *ev,
964 struct tevent_signal *se,
970 exit_server_cleanly("termination signal");
973 void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
975 struct tevent_signal *se;
977 se = tevent_add_signal(sconn->ev_ctx,
980 smbd_sig_term_handler,
983 exit_server("failed to setup SIGTERM handler");
987 static void smbd_sig_hup_handler(struct tevent_context *ev,
988 struct tevent_signal *se,
994 struct smbd_server_connection *sconn =
995 talloc_get_type_abort(private_data,
996 struct smbd_server_connection);
998 change_to_root_user();
999 DEBUG(1,("Reloading services after SIGHUP\n"));
1000 reload_services(sconn, conn_snum_used, false);
1003 void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
1005 struct tevent_signal *se;
1007 se = tevent_add_signal(sconn->ev_ctx,
1010 smbd_sig_hup_handler,
1013 exit_server("failed to setup SIGHUP handler");
1017 static void smbd_conf_updated(struct messaging_context *msg,
1020 struct server_id server_id,
1023 struct smbd_server_connection *sconn =
1024 talloc_get_type_abort(private_data,
1025 struct smbd_server_connection);
1027 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
1028 "updated. Reloading.\n"));
1029 change_to_root_user();
1030 reload_services(sconn, conn_snum_used, false);
1034 * Only allow 5 outstanding trans requests. We're allocating memory, so
1038 NTSTATUS allow_new_trans(struct trans_state *list, uint64_t mid)
1041 for (; list != NULL; list = list->next) {
1043 if (list->mid == mid) {
1044 return NT_STATUS_INVALID_PARAMETER;
1050 return NT_STATUS_INSUFFICIENT_RESOURCES;
1053 return NT_STATUS_OK;
1057 These flags determine some of the permissions required to do an operation
1059 Note that I don't set NEED_WRITE on some write operations because they
1060 are used by some brain-dead clients when printing, and I don't want to
1061 force write permissions on print services.
1063 #define AS_USER (1<<0)
1064 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
1065 #define TIME_INIT (1<<2)
1066 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
1067 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
1068 #define DO_CHDIR (1<<6)
1071 define a list of possible SMB messages and their corresponding
1072 functions. Any message that has a NULL function is unimplemented -
1073 please feel free to contribute implementations!
1075 static const struct smb_message_struct {
1077 void (*fn)(struct smb_request *req);
1079 } smb_messages[256] = {
1081 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1082 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1083 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1084 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1085 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1086 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1087 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1088 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1089 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1090 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1091 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1092 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1093 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1094 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1095 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1096 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1097 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1098 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1099 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1100 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1101 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1102 /* 0x15 */ { NULL, NULL, 0 },
1103 /* 0x16 */ { NULL, NULL, 0 },
1104 /* 0x17 */ { NULL, NULL, 0 },
1105 /* 0x18 */ { NULL, NULL, 0 },
1106 /* 0x19 */ { NULL, NULL, 0 },
1107 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1108 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1109 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1110 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1111 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1112 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1113 /* 0x20 */ { "SMBwritec", NULL,0},
1114 /* 0x21 */ { NULL, NULL, 0 },
1115 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1116 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1117 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1118 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1119 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1120 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1121 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1122 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1123 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1124 /* 0x2b */ { "SMBecho",reply_echo,0},
1125 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1126 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1127 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1128 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1129 /* 0x30 */ { NULL, NULL, 0 },
1130 /* 0x31 */ { NULL, NULL, 0 },
1131 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1132 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
1133 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1134 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1135 /* 0x36 */ { NULL, NULL, 0 },
1136 /* 0x37 */ { NULL, NULL, 0 },
1137 /* 0x38 */ { NULL, NULL, 0 },
1138 /* 0x39 */ { NULL, NULL, 0 },
1139 /* 0x3a */ { NULL, NULL, 0 },
1140 /* 0x3b */ { NULL, NULL, 0 },
1141 /* 0x3c */ { NULL, NULL, 0 },
1142 /* 0x3d */ { NULL, NULL, 0 },
1143 /* 0x3e */ { NULL, NULL, 0 },
1144 /* 0x3f */ { NULL, NULL, 0 },
1145 /* 0x40 */ { NULL, NULL, 0 },
1146 /* 0x41 */ { NULL, NULL, 0 },
1147 /* 0x42 */ { NULL, NULL, 0 },
1148 /* 0x43 */ { NULL, NULL, 0 },
1149 /* 0x44 */ { NULL, NULL, 0 },
1150 /* 0x45 */ { NULL, NULL, 0 },
1151 /* 0x46 */ { NULL, NULL, 0 },
1152 /* 0x47 */ { NULL, NULL, 0 },
1153 /* 0x48 */ { NULL, NULL, 0 },
1154 /* 0x49 */ { NULL, NULL, 0 },
1155 /* 0x4a */ { NULL, NULL, 0 },
1156 /* 0x4b */ { NULL, NULL, 0 },
1157 /* 0x4c */ { NULL, NULL, 0 },
1158 /* 0x4d */ { NULL, NULL, 0 },
1159 /* 0x4e */ { NULL, NULL, 0 },
1160 /* 0x4f */ { NULL, NULL, 0 },
1161 /* 0x50 */ { NULL, NULL, 0 },
1162 /* 0x51 */ { NULL, NULL, 0 },
1163 /* 0x52 */ { NULL, NULL, 0 },
1164 /* 0x53 */ { NULL, NULL, 0 },
1165 /* 0x54 */ { NULL, NULL, 0 },
1166 /* 0x55 */ { NULL, NULL, 0 },
1167 /* 0x56 */ { NULL, NULL, 0 },
1168 /* 0x57 */ { NULL, NULL, 0 },
1169 /* 0x58 */ { NULL, NULL, 0 },
1170 /* 0x59 */ { NULL, NULL, 0 },
1171 /* 0x5a */ { NULL, NULL, 0 },
1172 /* 0x5b */ { NULL, NULL, 0 },
1173 /* 0x5c */ { NULL, NULL, 0 },
1174 /* 0x5d */ { NULL, NULL, 0 },
1175 /* 0x5e */ { NULL, NULL, 0 },
1176 /* 0x5f */ { NULL, NULL, 0 },
1177 /* 0x60 */ { NULL, NULL, 0 },
1178 /* 0x61 */ { NULL, NULL, 0 },
1179 /* 0x62 */ { NULL, NULL, 0 },
1180 /* 0x63 */ { NULL, NULL, 0 },
1181 /* 0x64 */ { NULL, NULL, 0 },
1182 /* 0x65 */ { NULL, NULL, 0 },
1183 /* 0x66 */ { NULL, NULL, 0 },
1184 /* 0x67 */ { NULL, NULL, 0 },
1185 /* 0x68 */ { NULL, NULL, 0 },
1186 /* 0x69 */ { NULL, NULL, 0 },
1187 /* 0x6a */ { NULL, NULL, 0 },
1188 /* 0x6b */ { NULL, NULL, 0 },
1189 /* 0x6c */ { NULL, NULL, 0 },
1190 /* 0x6d */ { NULL, NULL, 0 },
1191 /* 0x6e */ { NULL, NULL, 0 },
1192 /* 0x6f */ { NULL, NULL, 0 },
1193 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1194 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1195 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1196 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1197 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1198 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1199 /* 0x76 */ { NULL, NULL, 0 },
1200 /* 0x77 */ { NULL, NULL, 0 },
1201 /* 0x78 */ { NULL, NULL, 0 },
1202 /* 0x79 */ { NULL, NULL, 0 },
1203 /* 0x7a */ { NULL, NULL, 0 },
1204 /* 0x7b */ { NULL, NULL, 0 },
1205 /* 0x7c */ { NULL, NULL, 0 },
1206 /* 0x7d */ { NULL, NULL, 0 },
1207 /* 0x7e */ { NULL, NULL, 0 },
1208 /* 0x7f */ { NULL, NULL, 0 },
1209 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1210 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1211 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1212 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1213 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1214 /* 0x85 */ { NULL, NULL, 0 },
1215 /* 0x86 */ { NULL, NULL, 0 },
1216 /* 0x87 */ { NULL, NULL, 0 },
1217 /* 0x88 */ { NULL, NULL, 0 },
1218 /* 0x89 */ { NULL, NULL, 0 },
1219 /* 0x8a */ { NULL, NULL, 0 },
1220 /* 0x8b */ { NULL, NULL, 0 },
1221 /* 0x8c */ { NULL, NULL, 0 },
1222 /* 0x8d */ { NULL, NULL, 0 },
1223 /* 0x8e */ { NULL, NULL, 0 },
1224 /* 0x8f */ { NULL, NULL, 0 },
1225 /* 0x90 */ { NULL, NULL, 0 },
1226 /* 0x91 */ { NULL, NULL, 0 },
1227 /* 0x92 */ { NULL, NULL, 0 },
1228 /* 0x93 */ { NULL, NULL, 0 },
1229 /* 0x94 */ { NULL, NULL, 0 },
1230 /* 0x95 */ { NULL, NULL, 0 },
1231 /* 0x96 */ { NULL, NULL, 0 },
1232 /* 0x97 */ { NULL, NULL, 0 },
1233 /* 0x98 */ { NULL, NULL, 0 },
1234 /* 0x99 */ { NULL, NULL, 0 },
1235 /* 0x9a */ { NULL, NULL, 0 },
1236 /* 0x9b */ { NULL, NULL, 0 },
1237 /* 0x9c */ { NULL, NULL, 0 },
1238 /* 0x9d */ { NULL, NULL, 0 },
1239 /* 0x9e */ { NULL, NULL, 0 },
1240 /* 0x9f */ { NULL, NULL, 0 },
1241 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1242 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1243 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1244 /* 0xa3 */ { NULL, NULL, 0 },
1245 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1246 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1247 /* 0xa6 */ { NULL, NULL, 0 },
1248 /* 0xa7 */ { NULL, NULL, 0 },
1249 /* 0xa8 */ { NULL, NULL, 0 },
1250 /* 0xa9 */ { NULL, NULL, 0 },
1251 /* 0xaa */ { NULL, NULL, 0 },
1252 /* 0xab */ { NULL, NULL, 0 },
1253 /* 0xac */ { NULL, NULL, 0 },
1254 /* 0xad */ { NULL, NULL, 0 },
1255 /* 0xae */ { NULL, NULL, 0 },
1256 /* 0xaf */ { NULL, NULL, 0 },
1257 /* 0xb0 */ { NULL, NULL, 0 },
1258 /* 0xb1 */ { NULL, NULL, 0 },
1259 /* 0xb2 */ { NULL, NULL, 0 },
1260 /* 0xb3 */ { NULL, NULL, 0 },
1261 /* 0xb4 */ { NULL, NULL, 0 },
1262 /* 0xb5 */ { NULL, NULL, 0 },
1263 /* 0xb6 */ { NULL, NULL, 0 },
1264 /* 0xb7 */ { NULL, NULL, 0 },
1265 /* 0xb8 */ { NULL, NULL, 0 },
1266 /* 0xb9 */ { NULL, NULL, 0 },
1267 /* 0xba */ { NULL, NULL, 0 },
1268 /* 0xbb */ { NULL, NULL, 0 },
1269 /* 0xbc */ { NULL, NULL, 0 },
1270 /* 0xbd */ { NULL, NULL, 0 },
1271 /* 0xbe */ { NULL, NULL, 0 },
1272 /* 0xbf */ { NULL, NULL, 0 },
1273 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1274 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1275 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1276 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1277 /* 0xc4 */ { NULL, NULL, 0 },
1278 /* 0xc5 */ { NULL, NULL, 0 },
1279 /* 0xc6 */ { NULL, NULL, 0 },
1280 /* 0xc7 */ { NULL, NULL, 0 },
1281 /* 0xc8 */ { NULL, NULL, 0 },
1282 /* 0xc9 */ { NULL, NULL, 0 },
1283 /* 0xca */ { NULL, NULL, 0 },
1284 /* 0xcb */ { NULL, NULL, 0 },
1285 /* 0xcc */ { NULL, NULL, 0 },
1286 /* 0xcd */ { NULL, NULL, 0 },
1287 /* 0xce */ { NULL, NULL, 0 },
1288 /* 0xcf */ { NULL, NULL, 0 },
1289 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1290 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1291 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1292 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1293 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1294 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1295 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1296 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1297 /* 0xd8 */ { NULL, NULL, 0 },
1298 /* 0xd9 */ { NULL, NULL, 0 },
1299 /* 0xda */ { NULL, NULL, 0 },
1300 /* 0xdb */ { NULL, NULL, 0 },
1301 /* 0xdc */ { NULL, NULL, 0 },
1302 /* 0xdd */ { NULL, NULL, 0 },
1303 /* 0xde */ { NULL, NULL, 0 },
1304 /* 0xdf */ { NULL, NULL, 0 },
1305 /* 0xe0 */ { NULL, NULL, 0 },
1306 /* 0xe1 */ { NULL, NULL, 0 },
1307 /* 0xe2 */ { NULL, NULL, 0 },
1308 /* 0xe3 */ { NULL, NULL, 0 },
1309 /* 0xe4 */ { NULL, NULL, 0 },
1310 /* 0xe5 */ { NULL, NULL, 0 },
1311 /* 0xe6 */ { NULL, NULL, 0 },
1312 /* 0xe7 */ { NULL, NULL, 0 },
1313 /* 0xe8 */ { NULL, NULL, 0 },
1314 /* 0xe9 */ { NULL, NULL, 0 },
1315 /* 0xea */ { NULL, NULL, 0 },
1316 /* 0xeb */ { NULL, NULL, 0 },
1317 /* 0xec */ { NULL, NULL, 0 },
1318 /* 0xed */ { NULL, NULL, 0 },
1319 /* 0xee */ { NULL, NULL, 0 },
1320 /* 0xef */ { NULL, NULL, 0 },
1321 /* 0xf0 */ { NULL, NULL, 0 },
1322 /* 0xf1 */ { NULL, NULL, 0 },
1323 /* 0xf2 */ { NULL, NULL, 0 },
1324 /* 0xf3 */ { NULL, NULL, 0 },
1325 /* 0xf4 */ { NULL, NULL, 0 },
1326 /* 0xf5 */ { NULL, NULL, 0 },
1327 /* 0xf6 */ { NULL, NULL, 0 },
1328 /* 0xf7 */ { NULL, NULL, 0 },
1329 /* 0xf8 */ { NULL, NULL, 0 },
1330 /* 0xf9 */ { NULL, NULL, 0 },
1331 /* 0xfa */ { NULL, NULL, 0 },
1332 /* 0xfb */ { NULL, NULL, 0 },
1333 /* 0xfc */ { NULL, NULL, 0 },
1334 /* 0xfd */ { NULL, NULL, 0 },
1335 /* 0xfe */ { NULL, NULL, 0 },
1336 /* 0xff */ { NULL, NULL, 0 }
1340 /*******************************************************************
1341 allocate and initialize a reply packet
1342 ********************************************************************/
1344 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1345 const uint8_t *inbuf, char **outbuf,
1346 uint8_t num_words, uint32_t num_bytes)
1348 size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
1351 * Protect against integer wrap.
1352 * The SMB layer reply can be up to 0xFFFFFF bytes.
1354 if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
1356 if (asprintf(&msg, "num_bytes too large: %u",
1357 (unsigned)num_bytes) == -1) {
1358 msg = discard_const_p(char, "num_bytes too large");
1364 * Here we include the NBT header for now.
1366 *outbuf = talloc_array(mem_ctx, char,
1367 NBT_HDR_SIZE + smb_len);
1368 if (*outbuf == NULL) {
1372 construct_reply_common(req->cmd, inbuf, *outbuf);
1373 srv_set_message(*outbuf, num_words, num_bytes, false);
1375 * Zero out the word area, the caller has to take care of the bcc area
1378 if (num_words != 0) {
1379 memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
1385 void reply_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
1388 if (!create_outbuf(req, req, req->inbuf, &outbuf, num_words,
1390 smb_panic("could not allocate output buffer\n");
1392 req->outbuf = (uint8_t *)outbuf;
1396 /*******************************************************************
1397 Dump a packet to a file.
1398 ********************************************************************/
1400 static void smb_dump(const char *name, int type, const char *data)
1405 if (DEBUGLEVEL < 50) {
1409 len = smb_len_tcp(data)+4;
1410 for (i=1;i<100;i++) {
1411 fname = talloc_asprintf(talloc_tos(),
1415 type ? "req" : "resp");
1416 if (fname == NULL) {
1419 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1420 if (fd != -1 || errno != EEXIST) break;
1424 ssize_t ret = write(fd, data, len);
1426 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1428 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1433 /****************************************************************************
1434 Prepare everything for calling the actual request function, and potentially
1435 call the request function via the "new" interface.
1437 Return False if the "legacy" function needs to be called, everything is
1440 Return True if we're done.
1442 I know this API sucks, but it is the one with the least code change I could
1444 ****************************************************************************/
1446 static connection_struct *switch_message(uint8_t type, struct smb_request *req)
1449 uint64_t session_tag;
1450 connection_struct *conn = NULL;
1451 struct smbXsrv_connection *xconn = req->xconn;
1452 NTTIME now = timeval_to_nttime(&req->request_time);
1453 struct smbXsrv_session *session = NULL;
1458 if (!xconn->smb1.negprot.done) {
1461 * Without a negprot the request must
1462 * either be a negprot, or one of the
1463 * evil old SMB mailslot messaging types.
1471 exit_server_cleanly("The first request "
1472 "should be a negprot");
1476 if (smb_messages[type].fn == NULL) {
1477 DEBUG(0,("Unknown message type %d!\n",type));
1478 smb_dump("Unknown", 1, (const char *)req->inbuf);
1479 reply_unknown_new(req, type);
1483 flags = smb_messages[type].flags;
1485 /* In share mode security we must ignore the vuid. */
1486 session_tag = req->vuid;
1489 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1490 (int)getpid(), (unsigned long)conn));
1492 smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf);
1494 /* Ensure this value is replaced in the incoming packet. */
1495 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
1498 * Ensure the correct username is in current_user_info. This is a
1499 * really ugly bugfix for problems with multiple session_setup_and_X's
1500 * being done and allowing %U and %G substitutions to work correctly.
1501 * There is a reason this code is done here, don't move it unless you
1502 * know what you're doing... :-).
1507 * lookup an existing session
1509 * Note: for now we only check for NT_STATUS_NETWORK_SESSION_EXPIRED
1510 * here, the main check is still in change_to_user()
1512 status = smb1srv_session_lookup(xconn,
1516 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
1519 status = NT_STATUS_OK;
1522 DEBUG(1,("Error: session %llu is expired, mid=%llu.\n",
1523 (unsigned long long)session_tag,
1524 (unsigned long long)req->mid));
1525 reply_nterror(req, NT_STATUS_NETWORK_SESSION_EXPIRED);
1530 if (session_tag != xconn->client->last_session_id) {
1531 struct user_struct *vuser = NULL;
1533 xconn->client->last_session_id = session_tag;
1535 vuser = session->compat;
1538 set_current_user_info(
1539 vuser->session_info->unix_info->sanitized_username,
1540 vuser->session_info->unix_info->unix_name,
1541 vuser->session_info->info->domain_name);
1545 /* Does this call need to be run as the connected user? */
1546 if (flags & AS_USER) {
1548 /* Does this call need a valid tree connection? */
1551 * Amazingly, the error code depends on the command
1554 if (type == SMBntcreateX) {
1555 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1557 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1562 if (!change_to_user(conn,session_tag)) {
1563 DEBUG(0, ("Error: Could not change to user. Removing "
1564 "deferred open, mid=%llu.\n",
1565 (unsigned long long)req->mid));
1566 reply_force_doserror(req, ERRSRV, ERRbaduid);
1570 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1572 /* Does it need write permission? */
1573 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1574 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1578 /* IPC services are limited */
1579 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1580 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1584 /* This call needs to be run as root */
1585 change_to_root_user();
1588 /* load service specific parameters */
1590 if (req->encrypted) {
1591 conn->encrypted_tid = true;
1592 /* encrypted required from now on. */
1593 conn->encrypt_level = SMB_SIGNING_REQUIRED;
1594 } else if (ENCRYPTION_REQUIRED(conn)) {
1595 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1596 DEBUG(1,("service[%s] requires encryption"
1597 "%s ACCESS_DENIED. mid=%llu\n",
1598 lp_servicename(talloc_tos(), SNUM(conn)),
1600 (unsigned long long)req->mid));
1601 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1606 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1607 (flags & (AS_USER|DO_CHDIR)
1609 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1612 conn->num_smb_operations++;
1616 * Does this protocol need to be run as guest? (Only archane
1617 * messenger service requests have this...)
1619 if (flags & AS_GUEST) {
1623 if (!change_to_guest()) {
1624 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1628 raddr = tsocket_address_inet_addr_string(xconn->remote_address,
1630 if (raddr == NULL) {
1631 reply_nterror(req, NT_STATUS_NO_MEMORY);
1636 * Haven't we checked this in smbd_process already???
1639 ok = allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
1640 xconn->remote_hostname, raddr);
1644 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1649 smb_messages[type].fn(req);
1653 /****************************************************************************
1654 Construct a reply to the incoming packet.
1655 ****************************************************************************/
1657 static void construct_reply(struct smbXsrv_connection *xconn,
1658 char *inbuf, int size, size_t unread_bytes,
1659 uint32_t seqnum, bool encrypted,
1660 struct smb_perfcount_data *deferred_pcd)
1662 struct smbd_server_connection *sconn = xconn->client->sconn;
1663 struct smb_request *req;
1665 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1666 smb_panic("could not allocate smb_request");
1669 if (!init_smb_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
1670 encrypted, seqnum)) {
1671 exit_server_cleanly("Invalid SMB request");
1674 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1676 /* we popped this message off the queue - keep original perf data */
1678 req->pcd = *deferred_pcd;
1680 SMB_PERFCOUNT_START(&req->pcd);
1681 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1682 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1685 req->conn = switch_message(req->cmd, req);
1687 if (req->outbuf == NULL) {
1689 * Request has suspended itself, will come
1694 if (CVAL(req->outbuf,0) == 0) {
1695 show_msg((char *)req->outbuf);
1697 smb_request_done(req);
1700 static void construct_reply_chain(struct smbXsrv_connection *xconn,
1701 char *inbuf, int size, uint32_t seqnum,
1703 struct smb_perfcount_data *deferred_pcd)
1705 struct smb_request **reqs = NULL;
1706 struct smb_request *req;
1710 ok = smb1_parse_chain(talloc_tos(), (uint8_t *)inbuf, xconn, encrypted,
1711 seqnum, &reqs, &num_reqs);
1713 char errbuf[smb_size];
1714 error_packet(errbuf, 0, 0, NT_STATUS_INVALID_PARAMETER,
1715 __LINE__, __FILE__);
1716 if (!srv_send_smb(xconn, errbuf, true, seqnum, encrypted,
1718 exit_server_cleanly("construct_reply_chain: "
1719 "srv_send_smb failed.");
1725 req->inbuf = (uint8_t *)talloc_move(reqs, &inbuf);
1727 req->conn = switch_message(req->cmd, req);
1729 if (req->outbuf == NULL) {
1731 * Request has suspended itself, will come
1736 smb_request_done(req);
1740 * To be called from an async SMB handler that is potentially chained
1741 * when it is finished for shipping.
1744 void smb_request_done(struct smb_request *req)
1746 struct smb_request **reqs = NULL;
1747 struct smb_request *first_req;
1748 size_t i, num_reqs, next_index;
1751 if (req->chain == NULL) {
1757 num_reqs = talloc_array_length(reqs);
1759 for (i=0; i<num_reqs; i++) {
1760 if (reqs[i] == req) {
1764 if (i == num_reqs) {
1766 * Invalid chain, should not happen
1768 status = NT_STATUS_INTERNAL_ERROR;
1773 while ((next_index < num_reqs) && (IVAL(req->outbuf, smb_rcls) == 0)) {
1774 struct smb_request *next = reqs[next_index];
1775 struct smbXsrv_tcon *tcon;
1776 NTTIME now = timeval_to_nttime(&req->request_time);
1778 next->vuid = SVAL(req->outbuf, smb_uid);
1779 next->tid = SVAL(req->outbuf, smb_tid);
1780 status = smb1srv_tcon_lookup(req->xconn, req->tid,
1782 if (NT_STATUS_IS_OK(status)) {
1783 req->conn = tcon->compat;
1787 next->chain_fsp = req->chain_fsp;
1788 next->inbuf = req->inbuf;
1791 req->conn = switch_message(req->cmd, req);
1793 if (req->outbuf == NULL) {
1795 * Request has suspended itself, will come
1803 first_req = reqs[0];
1805 for (i=1; i<next_index; i++) {
1808 ok = smb_splice_chain(&first_req->outbuf, reqs[i]->outbuf);
1810 status = NT_STATUS_INTERNAL_ERROR;
1815 SSVAL(first_req->outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
1816 SSVAL(first_req->outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
1819 * This scary statement intends to set the
1820 * FLAGS2_32_BIT_ERROR_CODES flg2 field in first_req->outbuf
1821 * to the value last_req->outbuf carries
1823 SSVAL(first_req->outbuf, smb_flg2,
1824 (SVAL(first_req->outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
1825 |(SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
1828 * Transfer the error codes from the subrequest to the main one
1830 SSVAL(first_req->outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
1831 SSVAL(first_req->outbuf, smb_err, SVAL(req->outbuf, smb_err));
1834 first_req->outbuf, talloc_get_size(first_req->outbuf) - 4);
1837 if (!srv_send_smb(first_req->xconn,
1838 (char *)first_req->outbuf,
1839 true, first_req->seqnum+1,
1840 IS_CONN_ENCRYPTED(req->conn)||first_req->encrypted,
1842 exit_server_cleanly("construct_reply_chain: srv_send_smb "
1845 TALLOC_FREE(req); /* non-chained case */
1846 TALLOC_FREE(reqs); /* chained case */
1851 char errbuf[smb_size];
1852 error_packet(errbuf, 0, 0, status, __LINE__, __FILE__);
1853 if (!srv_send_smb(req->xconn, errbuf, true,
1854 req->seqnum+1, req->encrypted,
1856 exit_server_cleanly("construct_reply_chain: "
1857 "srv_send_smb failed.");
1860 TALLOC_FREE(req); /* non-chained case */
1861 TALLOC_FREE(reqs); /* chained case */
1864 /****************************************************************************
1865 Process an smb from the client
1866 ****************************************************************************/
1867 static void process_smb(struct smbXsrv_connection *xconn,
1868 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1869 uint32_t seqnum, bool encrypted,
1870 struct smb_perfcount_data *deferred_pcd)
1872 struct smbd_server_connection *sconn = xconn->client->sconn;
1873 int msg_type = CVAL(inbuf,0);
1875 DO_PROFILE_INC(request);
1877 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1879 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1880 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
1882 if (msg_type != NBSSmessage) {
1884 * NetBIOS session request, keepalive, etc.
1886 reply_special(xconn, (char *)inbuf, nread);
1890 if (sconn->using_smb2) {
1891 /* At this point we're not really using smb2,
1892 * we make the decision here.. */
1893 if (smbd_is_smb2_header(inbuf, nread)) {
1894 const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
1895 size_t pdulen = nread - NBT_HDR_SIZE;
1896 smbd_smb2_first_negprot(xconn, inpdu, pdulen);
1898 } else if (nread >= smb_size && valid_smb_header(inbuf)
1899 && CVAL(inbuf, smb_com) != 0x72) {
1900 /* This is a non-negprot SMB1 packet.
1901 Disable SMB2 from now on. */
1902 sconn->using_smb2 = false;
1906 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1907 * so subtract 4 from it. */
1908 if ((nread < (smb_size - 4)) || !valid_smb_header(inbuf)) {
1909 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1912 /* special magic for immediate exit */
1914 (IVAL(inbuf, 4) == 0x74697865) &&
1915 lp_parm_bool(-1, "smbd", "suicide mode", false)) {
1916 uint8_t exitcode = CVAL(inbuf, 8);
1917 DEBUG(1, ("Exiting immediately with code %d\n",
1922 exit_server_cleanly("Non-SMB packet");
1925 show_msg((char *)inbuf);
1927 if ((unread_bytes == 0) && smb1_is_chain(inbuf)) {
1928 construct_reply_chain(xconn, (char *)inbuf, nread,
1929 seqnum, encrypted, deferred_pcd);
1931 construct_reply(xconn, (char *)inbuf, nread, unread_bytes,
1932 seqnum, encrypted, deferred_pcd);
1938 sconn->num_requests++;
1940 /* The timeout_processing function isn't run nearly
1941 often enough to implement 'max log size' without
1942 overrunning the size of the file by many megabytes.
1943 This is especially true if we are running at debug
1944 level 10. Checking every 50 SMBs is a nice
1945 tradeoff of performance vs log file size overrun. */
1947 if ((sconn->num_requests % 50) == 0 &&
1948 need_to_check_log_size()) {
1949 change_to_root_user();
1954 /****************************************************************************
1955 Return a string containing the function name of a SMB command.
1956 ****************************************************************************/
1958 const char *smb_fn_name(int type)
1960 const char *unknown_name = "SMBunknown";
1962 if (smb_messages[type].name == NULL)
1963 return(unknown_name);
1965 return(smb_messages[type].name);
1968 /****************************************************************************
1969 Helper functions for contruct_reply.
1970 ****************************************************************************/
1972 void add_to_common_flags2(uint32_t v)
1977 void remove_from_common_flags2(uint32_t v)
1979 common_flags2 &= ~v;
1982 static void construct_reply_common(uint8_t cmd, const uint8_t *inbuf,
1985 uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
1986 uint16_t out_flags2 = common_flags2;
1988 out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
1989 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
1990 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
1992 srv_set_message(outbuf,0,0,false);
1994 SCVAL(outbuf, smb_com, cmd);
1995 SIVAL(outbuf,smb_rcls,0);
1996 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1997 SSVAL(outbuf,smb_flg2, out_flags2);
1998 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1999 memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
2001 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
2002 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
2003 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
2004 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
2007 void construct_reply_common_req(struct smb_request *req, char *outbuf)
2009 construct_reply_common(req->cmd, req->inbuf, outbuf);
2013 * @brief Find the smb_cmd offset of the last command pushed
2014 * @param[in] buf The buffer we're building up
2015 * @retval Where can we put our next andx cmd?
2017 * While chaining requests, the "next" request we're looking at needs to put
2018 * its SMB_Command before the data the previous request already built up added
2019 * to the chain. Find the offset to the place where we have to put our cmd.
2022 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
2027 cmd = CVAL(buf, smb_com);
2029 if (!is_andx_req(cmd)) {
2035 while (CVAL(buf, ofs) != 0xff) {
2037 if (!is_andx_req(CVAL(buf, ofs))) {
2042 * ofs is from start of smb header, so add the 4 length
2043 * bytes. The next cmd is right after the wct field.
2045 ofs = SVAL(buf, ofs+2) + 4 + 1;
2047 if (ofs+4 >= talloc_get_size(buf)) {
2057 * @brief Do the smb chaining at a buffer level
2058 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
2059 * @param[in] andx_buf Buffer to be appended
2062 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
2064 uint8_t smb_command = CVAL(andx_buf, smb_com);
2065 uint8_t wct = CVAL(andx_buf, smb_wct);
2066 const uint16_t *vwv = (const uint16_t *)(andx_buf + smb_vwv);
2067 uint32_t num_bytes = smb_buflen(andx_buf);
2068 const uint8_t *bytes = (const uint8_t *)smb_buf_const(andx_buf);
2071 size_t old_size, new_size;
2073 size_t chain_padding = 0;
2074 size_t andx_cmd_ofs;
2077 old_size = talloc_get_size(*poutbuf);
2079 if ((old_size % 4) != 0) {
2081 * Align the wct field of subsequent requests to a 4-byte
2084 chain_padding = 4 - (old_size % 4);
2088 * After the old request comes the new wct field (1 byte), the vwv's
2089 * and the num_bytes field.
2092 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
2093 new_size += num_bytes;
2095 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
2096 DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
2097 (unsigned)new_size));
2101 outbuf = talloc_realloc(NULL, *poutbuf, uint8_t, new_size);
2102 if (outbuf == NULL) {
2103 DEBUG(0, ("talloc failed\n"));
2108 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
2109 DEBUG(1, ("invalid command chain\n"));
2110 *poutbuf = talloc_realloc(NULL, *poutbuf, uint8_t, old_size);
2114 if (chain_padding != 0) {
2115 memset(outbuf + old_size, 0, chain_padding);
2116 old_size += chain_padding;
2119 SCVAL(outbuf, andx_cmd_ofs, smb_command);
2120 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
2125 * Push the chained request:
2130 SCVAL(outbuf, ofs, wct);
2137 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
2142 * Read&X has an offset into its data buffer at
2143 * vwv[6]. reply_read_andx has no idea anymore that it's
2144 * running from within a chain, so we have to fix up the
2147 * Although it looks disgusting at this place, I want to keep
2148 * it here. The alternative would be to push knowledge about
2149 * the andx chain down into read&x again.
2152 if (smb_command == SMBreadX) {
2153 uint8_t *bytes_addr;
2157 * Invalid read&x response
2162 bytes_addr = outbuf + ofs /* vwv start */
2163 + sizeof(uint16_t) * wct /* vwv array */
2164 + sizeof(uint16_t) /* bcc */
2165 + 1; /* padding byte */
2167 SSVAL(outbuf + ofs, 6 * sizeof(uint16_t),
2168 bytes_addr - outbuf - 4);
2171 ofs += sizeof(uint16_t) * wct;
2177 SSVAL(outbuf, ofs, num_bytes);
2178 ofs += sizeof(uint16_t);
2184 memcpy(outbuf + ofs, bytes, num_bytes);
2189 bool smb1_is_chain(const uint8_t *buf)
2191 uint8_t cmd, wct, andx_cmd;
2193 cmd = CVAL(buf, smb_com);
2194 if (!is_andx_req(cmd)) {
2197 wct = CVAL(buf, smb_wct);
2201 andx_cmd = CVAL(buf, smb_vwv);
2202 return (andx_cmd != 0xFF);
2205 bool smb1_walk_chain(const uint8_t *buf,
2206 bool (*fn)(uint8_t cmd,
2207 uint8_t wct, const uint16_t *vwv,
2208 uint16_t num_bytes, const uint8_t *bytes,
2209 void *private_data),
2212 size_t smblen = smb_len(buf);
2213 const char *smb_buf = smb_base(buf);
2214 uint8_t cmd, chain_cmd;
2216 const uint16_t *vwv;
2218 const uint8_t *bytes;
2220 cmd = CVAL(buf, smb_com);
2221 wct = CVAL(buf, smb_wct);
2222 vwv = (const uint16_t *)(buf + smb_vwv);
2223 num_bytes = smb_buflen(buf);
2224 bytes = (const uint8_t *)smb_buf_const(buf);
2226 if (!fn(cmd, wct, vwv, num_bytes, bytes, private_data)) {
2230 if (!is_andx_req(cmd)) {
2237 chain_cmd = CVAL(vwv, 0);
2239 while (chain_cmd != 0xff) {
2240 uint32_t chain_offset; /* uint32_t to avoid overflow */
2241 size_t length_needed;
2242 ptrdiff_t vwv_offset;
2244 chain_offset = SVAL(vwv+1, 0);
2247 * Check if the client tries to fool us. The chain
2248 * offset needs to point beyond the current request in
2249 * the chain, it needs to strictly grow. Otherwise we
2250 * might be tricked into an endless loop always
2251 * processing the same request over and over again. We
2252 * used to assume that vwv and the byte buffer array
2253 * in a chain are always attached, but OS/2 the
2254 * Write&X/Read&X chain puts the Read&X vwv array
2255 * right behind the Write&X vwv chain. The Write&X bcc
2256 * array is put behind the Read&X vwv array. So now we
2257 * check whether the chain offset points strictly
2258 * behind the previous vwv array. req->buf points
2259 * right after the vwv array of the previous
2261 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for
2265 vwv_offset = ((const char *)vwv - smb_buf);
2266 if (chain_offset <= vwv_offset) {
2271 * Next check: Make sure the chain offset does not
2272 * point beyond the overall smb request length.
2275 length_needed = chain_offset+1; /* wct */
2276 if (length_needed > smblen) {
2281 * Now comes the pointer magic. Goal here is to set up
2282 * vwv and buf correctly again. The chain offset (the
2283 * former vwv[1]) points at the new wct field.
2286 wct = CVAL(smb_buf, chain_offset);
2288 if (is_andx_req(chain_cmd) && (wct < 2)) {
2293 * Next consistency check: Make the new vwv array fits
2294 * in the overall smb request.
2297 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
2298 if (length_needed > smblen) {
2301 vwv = (const uint16_t *)(smb_buf + chain_offset + 1);
2304 * Now grab the new byte buffer....
2307 num_bytes = SVAL(vwv+wct, 0);
2310 * .. and check that it fits.
2313 length_needed += num_bytes;
2314 if (length_needed > smblen) {
2317 bytes = (const uint8_t *)(vwv+wct+1);
2319 if (!fn(chain_cmd, wct, vwv, num_bytes, bytes, private_data)) {
2323 if (!is_andx_req(chain_cmd)) {
2326 chain_cmd = CVAL(vwv, 0);
2331 static bool smb1_chain_length_cb(uint8_t cmd,
2332 uint8_t wct, const uint16_t *vwv,
2333 uint16_t num_bytes, const uint8_t *bytes,
2336 unsigned *count = (unsigned *)private_data;
2341 unsigned smb1_chain_length(const uint8_t *buf)
2345 if (!smb1_walk_chain(buf, smb1_chain_length_cb, &count)) {
2351 struct smb1_parse_chain_state {
2352 TALLOC_CTX *mem_ctx;
2354 struct smbd_server_connection *sconn;
2355 struct smbXsrv_connection *xconn;
2359 struct smb_request **reqs;
2363 static bool smb1_parse_chain_cb(uint8_t cmd,
2364 uint8_t wct, const uint16_t *vwv,
2365 uint16_t num_bytes, const uint8_t *bytes,
2368 struct smb1_parse_chain_state *state =
2369 (struct smb1_parse_chain_state *)private_data;
2370 struct smb_request **reqs;
2371 struct smb_request *req;
2374 reqs = talloc_realloc(state->mem_ctx, state->reqs,
2375 struct smb_request *, state->num_reqs+1);
2381 req = talloc(reqs, struct smb_request);
2386 ok = init_smb_request(req, state->sconn, state->xconn, state->buf, 0,
2387 state->encrypted, state->seqnum);
2394 req->buflen = num_bytes;
2397 reqs[state->num_reqs] = req;
2398 state->num_reqs += 1;
2402 bool smb1_parse_chain(TALLOC_CTX *mem_ctx, const uint8_t *buf,
2403 struct smbXsrv_connection *xconn,
2404 bool encrypted, uint32_t seqnum,
2405 struct smb_request ***reqs, unsigned *num_reqs)
2407 struct smbd_server_connection *sconn = NULL;
2408 struct smb1_parse_chain_state state;
2411 if (xconn != NULL) {
2412 sconn = xconn->client->sconn;
2415 state.mem_ctx = mem_ctx;
2417 state.sconn = sconn;
2418 state.xconn = xconn;
2419 state.encrypted = encrypted;
2420 state.seqnum = seqnum;
2424 if (!smb1_walk_chain(buf, smb1_parse_chain_cb, &state)) {
2425 TALLOC_FREE(state.reqs);
2428 for (i=0; i<state.num_reqs; i++) {
2429 state.reqs[i]->chain = state.reqs;
2432 *num_reqs = state.num_reqs;
2436 /****************************************************************************
2437 Check if services need reloading.
2438 ****************************************************************************/
2440 static void check_reload(struct smbd_server_connection *sconn, time_t t)
2443 if (last_smb_conf_reload_time == 0) {
2444 last_smb_conf_reload_time = t;
2447 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2448 reload_services(sconn, conn_snum_used, true);
2449 last_smb_conf_reload_time = t;
2453 static bool fd_is_readable(int fd)
2457 ret = poll_one_fd(fd, POLLIN|POLLHUP, 0, &revents);
2459 return ((ret > 0) && ((revents & (POLLIN|POLLHUP|POLLERR)) != 0));
2463 static void smbd_server_connection_write_handler(
2464 struct smbXsrv_connection *xconn)
2466 /* TODO: make write nonblocking */
2469 static void smbd_server_connection_read_handler(
2470 struct smbXsrv_connection *xconn, int fd)
2472 uint8_t *inbuf = NULL;
2473 size_t inbuf_len = 0;
2474 size_t unread_bytes = 0;
2475 bool encrypted = false;
2476 TALLOC_CTX *mem_ctx = talloc_tos();
2480 bool async_echo = lp_async_smb_echo_handler();
2481 bool from_client = false;
2484 if (fd_is_readable(xconn->smb1.echo_handler.trusted_fd)) {
2486 * This is the super-ugly hack to prefer the packets
2487 * forwarded by the echo handler over the ones by the
2490 fd = xconn->smb1.echo_handler.trusted_fd;
2494 from_client = (xconn->transport.sock == fd);
2496 if (async_echo && from_client) {
2497 smbd_lock_socket(xconn);
2499 if (!fd_is_readable(fd)) {
2500 DEBUG(10,("the echo listener was faster\n"));
2501 smbd_unlock_socket(xconn);
2506 /* TODO: make this completely nonblocking */
2507 status = receive_smb_talloc(mem_ctx, xconn, fd,
2508 (char **)(void *)&inbuf,
2512 &inbuf_len, &seqnum,
2513 !from_client /* trusted channel */);
2515 if (async_echo && from_client) {
2516 smbd_unlock_socket(xconn);
2519 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2522 if (NT_STATUS_IS_ERR(status)) {
2523 exit_server_cleanly("failed to receive smb request");
2525 if (!NT_STATUS_IS_OK(status)) {
2530 process_smb(xconn, inbuf, inbuf_len, unread_bytes,
2531 seqnum, encrypted, NULL);
2534 static void smbd_server_connection_handler(struct tevent_context *ev,
2535 struct tevent_fd *fde,
2539 struct smbXsrv_connection *xconn =
2540 talloc_get_type_abort(private_data,
2541 struct smbXsrv_connection);
2543 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2545 * we're not supposed to do any io
2547 TEVENT_FD_NOT_READABLE(xconn->transport.fde);
2548 TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
2552 if (flags & TEVENT_FD_WRITE) {
2553 smbd_server_connection_write_handler(xconn);
2556 if (flags & TEVENT_FD_READ) {
2557 smbd_server_connection_read_handler(xconn, xconn->transport.sock);
2562 static void smbd_server_echo_handler(struct tevent_context *ev,
2563 struct tevent_fd *fde,
2567 struct smbXsrv_connection *xconn =
2568 talloc_get_type_abort(private_data,
2569 struct smbXsrv_connection);
2571 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2573 * we're not supposed to do any io
2575 TEVENT_FD_NOT_READABLE(xconn->smb1.echo_handler.trusted_fde);
2576 TEVENT_FD_NOT_WRITEABLE(xconn->smb1.echo_handler.trusted_fde);
2580 if (flags & TEVENT_FD_WRITE) {
2581 smbd_server_connection_write_handler(xconn);
2584 if (flags & TEVENT_FD_READ) {
2585 smbd_server_connection_read_handler(
2586 xconn, xconn->smb1.echo_handler.trusted_fd);
2591 struct smbd_release_ip_state {
2592 struct smbXsrv_connection *xconn;
2593 struct tevent_immediate *im;
2594 char addr[INET6_ADDRSTRLEN];
2597 static void smbd_release_ip_immediate(struct tevent_context *ctx,
2598 struct tevent_immediate *im,
2601 struct smbd_release_ip_state *state =
2602 talloc_get_type_abort(private_data,
2603 struct smbd_release_ip_state);
2604 struct smbXsrv_connection *xconn = state->xconn;
2606 if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
2608 * smbd_server_connection_terminate() already triggered ?
2613 smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
2616 /****************************************************************************
2617 received when we should release a specific IP
2618 ****************************************************************************/
2619 static bool release_ip(const char *ip, void *priv)
2621 struct smbd_release_ip_state *state =
2622 talloc_get_type_abort(priv,
2623 struct smbd_release_ip_state);
2624 struct smbXsrv_connection *xconn = state->xconn;
2625 const char *addr = state->addr;
2626 const char *p = addr;
2628 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2629 /* avoid recursion */
2633 if (strncmp("::ffff:", addr, 7) == 0) {
2637 DEBUG(10, ("Got release IP message for %s, "
2638 "our address is %s\n", ip, p));
2640 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2641 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2644 * With SMB2 we should do a clean disconnect,
2645 * the previous_session_id in the session setup
2646 * will cleanup the old session, tcons and opens.
2648 * A clean disconnect is needed in order to support
2651 * Note: typically this is never triggered
2652 * as we got a TCP RST (triggered by ctdb event scripts)
2653 * before we get CTDB_SRVID_RELEASE_IP.
2655 * We used to call _exit(1) here, but as this was mostly never
2656 * triggered and has implication on our process model,
2657 * we can just use smbd_server_connection_terminate()
2660 * We don't call smbd_server_connection_terminate() directly
2661 * as we might be called from within ctdbd_migrate(),
2662 * we need to defer our action to the next event loop
2664 tevent_schedule_immediate(state->im, xconn->ev_ctx,
2665 smbd_release_ip_immediate, state);
2668 * Make sure we don't get any io on the connection.
2670 xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
2677 static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
2678 struct sockaddr_storage *srv,
2679 struct sockaddr_storage *clnt)
2681 struct smbd_release_ip_state *state;
2682 struct ctdbd_connection *cconn;
2684 cconn = messaging_ctdbd_connection();
2685 if (cconn == NULL) {
2686 return NT_STATUS_NO_MEMORY;
2689 state = talloc_zero(xconn, struct smbd_release_ip_state);
2690 if (state == NULL) {
2691 return NT_STATUS_NO_MEMORY;
2693 state->xconn = xconn;
2694 state->im = tevent_create_immediate(state);
2695 if (state->im == NULL) {
2696 return NT_STATUS_NO_MEMORY;
2698 if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
2699 return NT_STATUS_NO_MEMORY;
2702 return ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
2705 static void msg_kill_client_ip(struct messaging_context *msg_ctx,
2706 void *private_data, uint32_t msg_type,
2707 struct server_id server_id, DATA_BLOB *data)
2709 struct smbd_server_connection *sconn = talloc_get_type_abort(
2710 private_data, struct smbd_server_connection);
2711 const char *ip = (char *) data->data;
2714 DBG_DEBUG("Got kill request for client IP %s\n", ip);
2716 client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
2718 if (client_ip == NULL) {
2722 if (strequal(ip, client_ip)) {
2723 DBG_WARNING("Got kill client message for %s - "
2724 "exiting immediately\n", ip);
2725 exit_server_cleanly("Forced disconnect for client");
2728 TALLOC_FREE(client_ip);
2732 * Send keepalive packets to our client
2734 static bool keepalive_fn(const struct timeval *now, void *private_data)
2736 struct smbd_server_connection *sconn = talloc_get_type_abort(
2737 private_data, struct smbd_server_connection);
2738 struct smbXsrv_connection *xconn = NULL;
2741 if (sconn->using_smb2) {
2742 /* Don't do keepalives on an SMB2 connection. */
2747 * With SMB1 we only have 1 connection
2749 xconn = sconn->client->connections;
2750 smbd_lock_socket(xconn);
2751 ret = send_keepalive(xconn->transport.sock);
2752 smbd_unlock_socket(xconn);
2755 int saved_errno = errno;
2757 * Try and give an error message saying what
2760 DEBUG(0, ("send_keepalive failed for client %s. "
2761 "Error %s - exiting\n",
2762 smbXsrv_connection_dbg(xconn),
2763 strerror(saved_errno)));
2764 errno = saved_errno;
2771 * Do the recurring check if we're idle
2773 static bool deadtime_fn(const struct timeval *now, void *private_data)
2775 struct smbd_server_connection *sconn =
2776 (struct smbd_server_connection *)private_data;
2778 if ((conn_num_open(sconn) == 0)
2779 || (conn_idle_all(sconn, now->tv_sec))) {
2780 DEBUG( 2, ( "Closing idle connection\n" ) );
2781 messaging_send(sconn->msg_ctx,
2782 messaging_server_id(sconn->msg_ctx),
2783 MSG_SHUTDOWN, &data_blob_null);
2791 * Do the recurring log file and smb.conf reload checks.
2794 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2796 struct smbd_server_connection *sconn = talloc_get_type_abort(
2797 private_data, struct smbd_server_connection);
2799 DEBUG(5, ("housekeeping\n"));
2801 change_to_root_user();
2803 /* update printer queue caches if necessary */
2804 update_monitored_printq_cache(sconn->msg_ctx);
2806 /* check if we need to reload services */
2807 check_reload(sconn, time_mono(NULL));
2810 * Force a log file check.
2812 force_check_log_size();
2818 * Read an smb packet in the echo handler child, giving the parent
2819 * smbd one second to react once the socket becomes readable.
2822 struct smbd_echo_read_state {
2823 struct tevent_context *ev;
2824 struct smbXsrv_connection *xconn;
2831 static void smbd_echo_read_readable(struct tevent_req *subreq);
2832 static void smbd_echo_read_waited(struct tevent_req *subreq);
2834 static struct tevent_req *smbd_echo_read_send(
2835 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
2836 struct smbXsrv_connection *xconn)
2838 struct tevent_req *req, *subreq;
2839 struct smbd_echo_read_state *state;
2841 req = tevent_req_create(mem_ctx, &state,
2842 struct smbd_echo_read_state);
2847 state->xconn = xconn;
2849 subreq = wait_for_read_send(state, ev, xconn->transport.sock);
2850 if (tevent_req_nomem(subreq, req)) {
2851 return tevent_req_post(req, ev);
2853 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2857 static void smbd_echo_read_readable(struct tevent_req *subreq)
2859 struct tevent_req *req = tevent_req_callback_data(
2860 subreq, struct tevent_req);
2861 struct smbd_echo_read_state *state = tevent_req_data(
2862 req, struct smbd_echo_read_state);
2866 ok = wait_for_read_recv(subreq, &err);
2867 TALLOC_FREE(subreq);
2869 tevent_req_nterror(req, map_nt_error_from_unix(err));
2874 * Give the parent smbd one second to step in
2877 subreq = tevent_wakeup_send(
2878 state, state->ev, timeval_current_ofs(1, 0));
2879 if (tevent_req_nomem(subreq, req)) {
2882 tevent_req_set_callback(subreq, smbd_echo_read_waited, req);
2885 static void smbd_echo_read_waited(struct tevent_req *subreq)
2887 struct tevent_req *req = tevent_req_callback_data(
2888 subreq, struct tevent_req);
2889 struct smbd_echo_read_state *state = tevent_req_data(
2890 req, struct smbd_echo_read_state);
2891 struct smbXsrv_connection *xconn = state->xconn;
2897 ok = tevent_wakeup_recv(subreq);
2898 TALLOC_FREE(subreq);
2900 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
2904 ok = smbd_lock_socket_internal(xconn);
2906 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2907 DEBUG(0, ("%s: failed to lock socket\n", __location__));
2911 if (!fd_is_readable(xconn->transport.sock)) {
2912 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
2915 ok = smbd_unlock_socket_internal(xconn);
2917 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2918 DEBUG(1, ("%s: failed to unlock socket\n",
2923 subreq = wait_for_read_send(state, state->ev,
2924 xconn->transport.sock);
2925 if (tevent_req_nomem(subreq, req)) {
2928 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2932 status = receive_smb_talloc(state, xconn,
2933 xconn->transport.sock,
2940 false /* trusted_channel*/);
2942 if (tevent_req_nterror(req, status)) {
2943 tevent_req_nterror(req, status);
2944 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
2945 (int)getpid(), nt_errstr(status)));
2949 ok = smbd_unlock_socket_internal(xconn);
2951 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2952 DEBUG(1, ("%s: failed to unlock socket\n", __location__));
2955 tevent_req_done(req);
2958 static NTSTATUS smbd_echo_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2959 char **pbuf, size_t *pbuflen, uint32_t *pseqnum)
2961 struct smbd_echo_read_state *state = tevent_req_data(
2962 req, struct smbd_echo_read_state);
2965 if (tevent_req_is_nterror(req, &status)) {
2968 *pbuf = talloc_move(mem_ctx, &state->buf);
2969 *pbuflen = state->buflen;
2970 *pseqnum = state->seqnum;
2971 return NT_STATUS_OK;
2974 struct smbd_echo_state {
2975 struct tevent_context *ev;
2976 struct iovec *pending;
2977 struct smbd_server_connection *sconn;
2978 struct smbXsrv_connection *xconn;
2981 struct tevent_fd *parent_fde;
2983 struct tevent_req *write_req;
2986 static void smbd_echo_writer_done(struct tevent_req *req);
2988 static void smbd_echo_activate_writer(struct smbd_echo_state *state)
2992 if (state->write_req != NULL) {
2996 num_pending = talloc_array_length(state->pending);
2997 if (num_pending == 0) {
3001 state->write_req = writev_send(state, state->ev, NULL,
3002 state->parent_pipe, false,
3003 state->pending, num_pending);
3004 if (state->write_req == NULL) {
3005 DEBUG(1, ("writev_send failed\n"));
3009 talloc_steal(state->write_req, state->pending);
3010 state->pending = NULL;
3012 tevent_req_set_callback(state->write_req, smbd_echo_writer_done,
3016 static void smbd_echo_writer_done(struct tevent_req *req)
3018 struct smbd_echo_state *state = tevent_req_callback_data(
3019 req, struct smbd_echo_state);
3023 written = writev_recv(req, &err);
3025 state->write_req = NULL;
3026 if (written == -1) {
3027 DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
3030 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)getpid()));
3031 smbd_echo_activate_writer(state);
3034 static bool smbd_echo_reply(struct smbd_echo_state *state,
3035 uint8_t *inbuf, size_t inbuf_len,
3038 struct smb_request req;
3039 uint16_t num_replies;
3043 if ((inbuf_len == 4) && (CVAL(inbuf, 0) == NBSSkeepalive)) {
3044 DEBUG(10, ("Got netbios keepalive\n"));
3051 if (inbuf_len < smb_size) {
3052 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
3055 if (!valid_smb_header(inbuf)) {
3056 DEBUG(10, ("Got invalid SMB header\n"));
3060 if (!init_smb_request(&req, state->sconn, state->xconn, inbuf, 0, false,
3066 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req.cmd,
3067 smb_messages[req.cmd].name
3068 ? smb_messages[req.cmd].name : "unknown"));
3070 if (req.cmd != SMBecho) {
3077 num_replies = SVAL(req.vwv+0, 0);
3078 if (num_replies != 1) {
3079 /* Not a Windows "Hey, you're still there?" request */
3083 if (!create_outbuf(talloc_tos(), &req, req.inbuf, &outbuf,
3085 DEBUG(10, ("create_outbuf failed\n"));
3088 req.outbuf = (uint8_t *)outbuf;
3090 SSVAL(req.outbuf, smb_vwv0, num_replies);
3092 if (req.buflen > 0) {
3093 memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
3096 ok = srv_send_smb(req.xconn,
3100 TALLOC_FREE(outbuf);
3108 static void smbd_echo_exit(struct tevent_context *ev,
3109 struct tevent_fd *fde, uint16_t flags,
3112 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
3116 static void smbd_echo_got_packet(struct tevent_req *req);
3118 static void smbd_echo_loop(struct smbXsrv_connection *xconn,
3121 struct smbd_echo_state *state;
3122 struct tevent_req *read_req;
3124 state = talloc_zero(xconn, struct smbd_echo_state);
3125 if (state == NULL) {
3126 DEBUG(1, ("talloc failed\n"));
3129 state->xconn = xconn;
3130 state->parent_pipe = parent_pipe;
3131 state->ev = s3_tevent_context_init(state);
3132 if (state->ev == NULL) {
3133 DEBUG(1, ("tevent_context_init failed\n"));
3137 state->parent_fde = tevent_add_fd(state->ev, state, parent_pipe,
3138 TEVENT_FD_READ, smbd_echo_exit,
3140 if (state->parent_fde == NULL) {
3141 DEBUG(1, ("tevent_add_fd failed\n"));
3146 read_req = smbd_echo_read_send(state, state->ev, xconn);
3147 if (read_req == NULL) {
3148 DEBUG(1, ("smbd_echo_read_send failed\n"));
3152 tevent_req_set_callback(read_req, smbd_echo_got_packet, state);
3155 if (tevent_loop_once(state->ev) == -1) {
3156 DEBUG(1, ("tevent_loop_once failed: %s\n",
3164 static void smbd_echo_got_packet(struct tevent_req *req)
3166 struct smbd_echo_state *state = tevent_req_callback_data(
3167 req, struct smbd_echo_state);
3171 uint32_t seqnum = 0;
3174 status = smbd_echo_read_recv(req, state, &buf, &buflen, &seqnum);
3176 if (!NT_STATUS_IS_OK(status)) {
3177 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
3178 nt_errstr(status)));
3182 reply = smbd_echo_reply(state, (uint8_t *)buf, buflen, seqnum);
3188 num_pending = talloc_array_length(state->pending);
3189 tmp = talloc_realloc(state, state->pending, struct iovec,
3192 DEBUG(1, ("talloc_realloc failed\n"));
3195 state->pending = tmp;
3197 if (buflen >= smb_size) {
3199 * place the seqnum in the packet so that the main process
3200 * can reply with signing
3202 SIVAL(buf, smb_ss_field, seqnum);
3203 SIVAL(buf, smb_ss_field+4, NT_STATUS_V(NT_STATUS_OK));
3206 iov = &state->pending[num_pending];
3207 iov->iov_base = talloc_move(state->pending, &buf);
3208 iov->iov_len = buflen;
3210 DEBUG(10,("echo_handler[%d]: forward to main\n",
3212 smbd_echo_activate_writer(state);
3215 req = smbd_echo_read_send(state, state->ev, state->xconn);
3217 DEBUG(1, ("smbd_echo_read_send failed\n"));
3220 tevent_req_set_callback(req, smbd_echo_got_packet, state);
3225 * Handle SMBecho requests in a forked child process
3227 bool fork_echo_handler(struct smbXsrv_connection *xconn)
3229 int listener_pipe[2];
3232 bool use_mutex = false;
3234 res = pipe(listener_pipe);
3236 DEBUG(1, ("pipe() failed: %s\n", strerror(errno)));
3240 #ifdef HAVE_ROBUST_MUTEXES
3241 use_mutex = tdb_runtime_check_for_robust_mutexes();
3244 pthread_mutexattr_t a;
3246 xconn->smb1.echo_handler.socket_mutex =
3247 anonymous_shared_allocate(sizeof(pthread_mutex_t));
3248 if (xconn->smb1.echo_handler.socket_mutex == NULL) {
3249 DEBUG(1, ("Could not create mutex shared memory: %s\n",
3254 res = pthread_mutexattr_init(&a);
3256 DEBUG(1, ("pthread_mutexattr_init failed: %s\n",
3260 res = pthread_mutexattr_settype(&a, PTHREAD_MUTEX_ERRORCHECK);
3262 DEBUG(1, ("pthread_mutexattr_settype failed: %s\n",
3264 pthread_mutexattr_destroy(&a);
3267 res = pthread_mutexattr_setpshared(&a, PTHREAD_PROCESS_SHARED);
3269 DEBUG(1, ("pthread_mutexattr_setpshared failed: %s\n",
3271 pthread_mutexattr_destroy(&a);
3274 res = pthread_mutexattr_setrobust(&a, PTHREAD_MUTEX_ROBUST);
3276 DEBUG(1, ("pthread_mutexattr_setrobust failed: "
3277 "%s\n", strerror(res)));
3278 pthread_mutexattr_destroy(&a);
3281 res = pthread_mutex_init(xconn->smb1.echo_handler.socket_mutex,
3283 pthread_mutexattr_destroy(&a);
3285 DEBUG(1, ("pthread_mutex_init failed: %s\n",
3293 xconn->smb1.echo_handler.socket_lock_fd =
3294 create_unlink_tmp(lp_lock_directory());
3295 if (xconn->smb1.echo_handler.socket_lock_fd == -1) {
3296 DEBUG(1, ("Could not create lock fd: %s\n",
3306 close(listener_pipe[0]);
3307 set_blocking(listener_pipe[1], false);
3309 status = smbd_reinit_after_fork(xconn->msg_ctx, xconn->ev_ctx, true);
3310 if (!NT_STATUS_IS_OK(status)) {
3311 DEBUG(1, ("reinit_after_fork failed: %s\n",
3312 nt_errstr(status)));
3315 smbd_echo_loop(xconn, listener_pipe[1]);
3318 close(listener_pipe[1]);
3319 listener_pipe[1] = -1;
3320 xconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
3322 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)getpid(), (int)child));
3325 * Without smb signing this is the same as the normal smbd
3326 * listener. This needs to change once signing comes in.
3328 xconn->smb1.echo_handler.trusted_fde = tevent_add_fd(xconn->ev_ctx,
3330 xconn->smb1.echo_handler.trusted_fd,
3332 smbd_server_echo_handler,
3334 if (xconn->smb1.echo_handler.trusted_fde == NULL) {
3335 DEBUG(1, ("event_add_fd failed\n"));
3342 if (listener_pipe[0] != -1) {
3343 close(listener_pipe[0]);
3345 if (listener_pipe[1] != -1) {
3346 close(listener_pipe[1]);
3348 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
3349 close(xconn->smb1.echo_handler.socket_lock_fd);
3351 #ifdef HAVE_ROBUST_MUTEXES
3352 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
3353 pthread_mutex_destroy(xconn->smb1.echo_handler.socket_mutex);
3354 anonymous_shared_free(xconn->smb1.echo_handler.socket_mutex);
3357 smbd_echo_init(xconn);
3362 static bool uid_in_use(const struct user_struct *user, uid_t uid)
3365 if (user->session_info &&
3366 (user->session_info->unix_token->uid == uid)) {
3374 static bool gid_in_use(const struct user_struct *user, gid_t gid)
3377 if (user->session_info != NULL) {
3379 struct security_unix_token *utok;
3381 utok = user->session_info->unix_token;
3382 if (utok->gid == gid) {
3385 for(i=0; i<utok->ngroups; i++) {
3386 if (utok->groups[i] == gid) {
3396 static bool sid_in_use(const struct user_struct *user,
3397 const struct dom_sid *psid)
3400 struct security_token *tok;
3402 if (user->session_info == NULL) {
3405 tok = user->session_info->security_token;
3408 * Not sure session_info->security_token can
3409 * ever be NULL. This check might be not
3414 if (security_token_has_sid(tok, psid)) {
3422 static bool id_in_use(const struct user_struct *user,
3423 const struct id_cache_ref *id)
3427 return uid_in_use(user, id->id.uid);
3429 return gid_in_use(user, id->id.gid);
3431 return sid_in_use(user, &id->id.sid);
3438 static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
3441 struct server_id server_id,
3444 const char *msg = (data && data->data)
3445 ? (const char *)data->data : "<NULL>";
3446 struct id_cache_ref id;
3447 struct smbd_server_connection *sconn =
3448 talloc_get_type_abort(private_data,
3449 struct smbd_server_connection);
3451 if (!id_cache_ref_parse(msg, &id)) {
3452 DEBUG(0, ("Invalid ?ID: %s\n", msg));
3456 if (id_in_use(sconn->users, &id)) {
3457 exit_server_cleanly(msg);
3459 id_cache_delete_from_cache(&id);
3462 NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
3463 enum protocol_types protocol)
3467 set_Protocol(protocol);
3468 conn->protocol = protocol;
3470 if (protocol >= PROTOCOL_SMB2_02) {
3471 status = smb2srv_session_table_init(conn);
3472 if (!NT_STATUS_IS_OK(status)) {
3476 status = smb2srv_open_table_init(conn);
3477 if (!NT_STATUS_IS_OK(status)) {
3481 status = smb1srv_session_table_init(conn);
3482 if (!NT_STATUS_IS_OK(status)) {
3486 status = smb1srv_tcon_table_init(conn);
3487 if (!NT_STATUS_IS_OK(status)) {
3491 status = smb1srv_open_table_init(conn);
3492 if (!NT_STATUS_IS_OK(status)) {
3497 return NT_STATUS_OK;
3500 struct smbd_tevent_trace_state {
3501 struct tevent_context *ev;
3503 SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
3506 static void smbd_tevent_trace_callback(enum tevent_trace_point point,
3509 struct smbd_tevent_trace_state *state =
3510 (struct smbd_tevent_trace_state *)private_data;
3513 case TEVENT_TRACE_BEFORE_WAIT:
3514 if (!smbprofile_dump_pending()) {
3516 * If there's no dump pending
3517 * we don't want to schedule a new 1 sec timer.
3519 * Instead we want to sleep as long as nothing happens.
3521 smbprofile_dump_setup(NULL);
3523 SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
3525 case TEVENT_TRACE_AFTER_WAIT:
3526 SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
3527 if (!smbprofile_dump_pending()) {
3529 * We need to flush our state after sleeping
3530 * (hopefully a long time).
3534 * future profiling events should trigger timers
3535 * on our main event context.
3537 smbprofile_dump_setup(state->ev);
3540 case TEVENT_TRACE_BEFORE_LOOP_ONCE:
3541 TALLOC_FREE(state->frame);
3542 state->frame = talloc_stackframe_pool(8192);
3544 case TEVENT_TRACE_AFTER_LOOP_ONCE:
3545 TALLOC_FREE(state->frame);
3553 * Create a debug string for the connection
3555 * This is allocated to talloc_tos() or a string constant
3556 * in certain corner cases. The returned string should
3557 * hence not be free'd directly but only via the talloc stack.
3559 const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
3564 * TODO: this can be improved later
3565 * maybe including the client guid or more
3567 ret = tsocket_address_string(xconn->remote_address, talloc_tos());
3569 return "<tsocket_address_string() failed>";
3575 NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
3576 struct smbXsrv_connection **_xconn)
3578 TALLOC_CTX *frame = talloc_stackframe();
3579 struct smbXsrv_connection *xconn;
3580 struct sockaddr_storage ss_srv;
3581 void *sp_srv = (void *)&ss_srv;
3582 struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
3583 struct sockaddr_storage ss_clnt;
3584 void *sp_clnt = (void *)&ss_clnt;
3585 struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
3586 socklen_t sa_socklen;
3587 struct tsocket_address *local_address = NULL;
3588 struct tsocket_address *remote_address = NULL;
3589 const char *remaddr = NULL;
3591 const char *rhost = NULL;
3597 DO_PROFILE_INC(connect);
3599 xconn = talloc_zero(client, struct smbXsrv_connection);
3600 if (xconn == NULL) {
3601 DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
3603 return NT_STATUS_NO_MEMORY;
3605 talloc_steal(frame, xconn);
3607 xconn->ev_ctx = client->ev_ctx;
3608 xconn->msg_ctx = client->msg_ctx;
3609 xconn->transport.sock = sock_fd;
3610 smbd_echo_init(xconn);
3611 xconn->protocol = PROTOCOL_NONE;
3613 /* Ensure child is set to blocking mode */
3614 set_blocking(sock_fd,True);
3616 set_socket_options(sock_fd, "SO_KEEPALIVE");
3617 set_socket_options(sock_fd, lp_socket_options());
3619 sa_socklen = sizeof(ss_clnt);
3620 ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
3622 int saved_errno = errno;
3623 int level = (errno == ENOTCONN)?2:0;
3624 DEBUG(level,("getpeername() failed - %s\n",
3625 strerror(saved_errno)));
3627 return map_nt_error_from_unix_common(saved_errno);
3629 ret = tsocket_address_bsd_from_sockaddr(xconn,
3630 sa_clnt, sa_socklen,
3633 int saved_errno = errno;
3634 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3635 __location__, strerror(saved_errno)));
3637 return map_nt_error_from_unix_common(saved_errno);
3640 sa_socklen = sizeof(ss_srv);
3641 ret = getsockname(sock_fd, sa_srv, &sa_socklen);
3643 int saved_errno = errno;
3644 int level = (errno == ENOTCONN)?2:0;
3645 DEBUG(level,("getsockname() failed - %s\n",
3646 strerror(saved_errno)));
3648 return map_nt_error_from_unix_common(saved_errno);
3650 ret = tsocket_address_bsd_from_sockaddr(xconn,
3654 int saved_errno = errno;
3655 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3656 __location__, strerror(saved_errno)));
3658 return map_nt_error_from_unix_common(saved_errno);
3661 if (tsocket_address_is_inet(remote_address, "ip")) {
3662 remaddr = tsocket_address_inet_addr_string(remote_address,
3664 if (remaddr == NULL) {
3665 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3666 __location__, strerror(errno)));
3668 return NT_STATUS_NO_MEMORY;
3671 remaddr = "0.0.0.0";
3675 * Before the first packet, check the global hosts allow/ hosts deny
3676 * parameters before doing any parsing of packets passed to us by the
3677 * client. This prevents attacks on our parsing code from hosts not in
3678 * the hosts allow list.
3681 ret = get_remote_hostname(remote_address,
3684 int saved_errno = errno;
3685 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3686 __location__, strerror(saved_errno)));
3688 return map_nt_error_from_unix_common(saved_errno);
3691 if (strequal(rhost, "UNKNOWN")) {
3695 xconn->local_address = local_address;
3696 xconn->remote_address = remote_address;
3697 xconn->remote_hostname = talloc_strdup(xconn, rhost);
3698 if (xconn->remote_hostname == NULL) {
3699 return NT_STATUS_NO_MEMORY;
3702 if (!srv_init_signing(xconn)) {
3703 DEBUG(0, ("Failed to init smb_signing\n"));
3705 return NT_STATUS_INTERNAL_ERROR;
3708 if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
3709 xconn->remote_hostname,
3711 DEBUG( 1, ("Connection denied from %s to %s\n",
3712 tsocket_address_string(remote_address, talloc_tos()),
3713 tsocket_address_string(local_address, talloc_tos())));
3716 * We return a valid xconn
3717 * so that the caller can return an error message
3720 client->connections = xconn;
3721 xconn->client = client;
3722 talloc_steal(client, xconn);
3726 return NT_STATUS_NETWORK_ACCESS_DENIED;
3729 DEBUG(10, ("Connection allowed from %s to %s\n",
3730 tsocket_address_string(remote_address, talloc_tos()),
3731 tsocket_address_string(local_address, talloc_tos())));
3733 if (lp_clustering()) {
3735 * We need to tell ctdb about our client's TCP
3736 * connection, so that for failover ctdbd can send
3737 * tickle acks, triggering a reconnection by the
3742 status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
3743 if (!NT_STATUS_IS_OK(status)) {
3744 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3745 nt_errstr(status)));
3749 tmp = lp_max_xmit();
3750 tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
3751 tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
3753 xconn->smb1.negprot.max_recv = tmp;
3755 xconn->smb1.sessions.done_sesssetup = false;
3756 xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
3758 xconn->transport.fde = tevent_add_fd(client->ev_ctx,
3762 smbd_server_connection_handler,
3764 if (!xconn->transport.fde) {
3766 return NT_STATUS_NO_MEMORY;
3769 /* for now we only have one connection */
3770 DLIST_ADD_END(client->connections, xconn, NULL);
3771 xconn->client = client;
3772 talloc_steal(client, xconn);
3776 return NT_STATUS_OK;
3779 /****************************************************************************
3780 Process commands from the client
3781 ****************************************************************************/
3783 void smbd_process(struct tevent_context *ev_ctx,
3784 struct messaging_context *msg_ctx,
3788 struct smbd_tevent_trace_state trace_state = {
3790 .frame = talloc_stackframe(),
3792 struct smbXsrv_client *client = NULL;
3793 struct smbd_server_connection *sconn = NULL;
3794 struct smbXsrv_connection *xconn = NULL;
3795 const char *locaddr = NULL;
3796 const char *remaddr = NULL;
3800 client = talloc_zero(ev_ctx, struct smbXsrv_client);
3801 if (client == NULL) {
3802 DEBUG(0,("talloc_zero(struct smbXsrv_client)\n"));
3803 exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
3807 * TODO: remove this...:-)
3809 global_smbXsrv_client = client;
3811 client->ev_ctx = ev_ctx;
3812 client->msg_ctx = msg_ctx;
3814 sconn = talloc_zero(client, struct smbd_server_connection);
3815 if (sconn == NULL) {
3816 exit_server("failed to create smbd_server_connection");
3819 client->sconn = sconn;
3820 sconn->client = client;
3822 sconn->ev_ctx = ev_ctx;
3823 sconn->msg_ctx = msg_ctx;
3825 if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
3827 * We're not making the decision here,
3828 * we're just allowing the client
3829 * to decide between SMB1 and SMB2
3830 * with the first negprot
3833 sconn->using_smb2 = true;
3837 smbd_setup_sig_term_handler(sconn);
3838 smbd_setup_sig_hup_handler(sconn);
3840 if (!serverid_register(messaging_server_id(msg_ctx),
3841 FLAG_MSG_GENERAL|FLAG_MSG_SMBD
3843 |FLAG_MSG_PRINT_GENERAL)) {
3844 exit_server_cleanly("Could not register myself in "
3849 status = smbd_add_connection(client, sock_fd, &xconn);
3850 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
3852 * send a negative session response "not listening on calling
3855 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
3856 (void)srv_send_smb(xconn,(char *)buf, false,
3858 exit_server_cleanly("connection denied");
3859 } else if (!NT_STATUS_IS_OK(status)) {
3860 exit_server_cleanly(nt_errstr(status));
3863 sconn->local_address =
3864 tsocket_address_copy(xconn->local_address, sconn);
3865 if (sconn->local_address == NULL) {
3866 exit_server_cleanly("tsocket_address_copy() failed");
3868 sconn->remote_address =
3869 tsocket_address_copy(xconn->remote_address, sconn);
3870 if (sconn->remote_address == NULL) {
3871 exit_server_cleanly("tsocket_address_copy() failed");
3873 sconn->remote_hostname =
3874 talloc_strdup(sconn, xconn->remote_hostname);
3875 if (sconn->remote_hostname == NULL) {
3876 exit_server_cleanly("tsocket_strdup() failed");
3879 if (tsocket_address_is_inet(sconn->local_address, "ip")) {
3880 locaddr = tsocket_address_inet_addr_string(
3881 sconn->local_address,
3883 if (locaddr == NULL) {
3884 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3885 __location__, strerror(errno)));
3886 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3889 locaddr = "0.0.0.0";
3892 if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
3893 remaddr = tsocket_address_inet_addr_string(
3894 sconn->remote_address,
3896 if (remaddr == NULL) {
3897 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3898 __location__, strerror(errno)));
3899 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3902 remaddr = "0.0.0.0";
3905 /* this is needed so that we get decent entries
3906 in smbstatus for port 445 connects */
3907 set_remote_machine_name(remaddr, false);
3908 reload_services(sconn, conn_snum_used, true);
3909 sub_set_socket_ids(remaddr,
3910 sconn->remote_hostname,
3913 if (lp_preload_modules()) {
3914 smb_load_modules(lp_preload_modules());
3917 smb_perfcount_init();
3919 if (!init_account_policy()) {
3920 exit_server("Could not open account policy tdb.\n");
3923 if (*lp_root_directory(talloc_tos())) {
3924 if (chroot(lp_root_directory(talloc_tos())) != 0) {
3925 DEBUG(0,("Failed to change root to %s\n",
3926 lp_root_directory(talloc_tos())));
3927 exit_server("Failed to chroot()");
3929 if (chdir("/") == -1) {
3930 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_root_directory(talloc_tos())));
3931 exit_server("Failed to chroot()");
3933 DEBUG(0,("Changed root to %s\n", lp_root_directory(talloc_tos())));
3936 if (!file_init(sconn)) {
3937 exit_server("file_init() failed");
3941 if (!init_oplocks(sconn))
3942 exit_server("Failed to init oplocks");
3944 /* register our message handlers */
3945 messaging_register(sconn->msg_ctx, sconn,
3946 MSG_SMB_FORCE_TDIS, msg_force_tdis);
3947 messaging_register(sconn->msg_ctx, sconn,
3948 MSG_SMB_CLOSE_FILE, msg_close_file);
3949 messaging_register(sconn->msg_ctx, sconn,
3950 MSG_SMB_FILE_RENAME, msg_file_was_renamed);
3952 id_cache_register_msgs(sconn->msg_ctx);
3953 messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
3954 messaging_register(sconn->msg_ctx, sconn,
3955 ID_CACHE_KILL, smbd_id_cache_kill);
3957 messaging_deregister(sconn->msg_ctx,
3958 MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
3959 messaging_register(sconn->msg_ctx, sconn,
3960 MSG_SMB_CONF_UPDATED, smbd_conf_updated);
3962 messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
3964 messaging_register(sconn->msg_ctx, sconn,
3965 MSG_SMB_KILL_CLIENT_IP,
3966 msg_kill_client_ip);
3968 messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
3971 * Use the default MSG_DEBUG handler to avoid rebroadcasting
3972 * MSGs to all child processes
3974 messaging_deregister(sconn->msg_ctx,
3976 messaging_register(sconn->msg_ctx, NULL,
3977 MSG_DEBUG, debug_message);
3979 if ((lp_keepalive() != 0)
3980 && !(event_add_idle(ev_ctx, NULL,
3981 timeval_set(lp_keepalive(), 0),
3982 "keepalive", keepalive_fn,
3984 DEBUG(0, ("Could not add keepalive event\n"));
3988 if (!(event_add_idle(ev_ctx, NULL,
3989 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
3990 "deadtime", deadtime_fn, sconn))) {
3991 DEBUG(0, ("Could not add deadtime event\n"));
3995 if (!(event_add_idle(ev_ctx, NULL,
3996 timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
3997 "housekeeping", housekeeping_fn, sconn))) {
3998 DEBUG(0, ("Could not add housekeeping event\n"));
4002 smbprofile_dump_setup(ev_ctx);
4004 if (!init_dptrs(sconn)) {
4005 exit_server("init_dptrs() failed");
4008 TALLOC_FREE(trace_state.frame);
4010 tevent_set_trace_callback(ev_ctx, smbd_tevent_trace_callback,
4013 ret = tevent_loop_wait(ev_ctx);
4015 DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
4016 " exiting\n", ret, strerror(errno)));
4019 TALLOC_FREE(trace_state.frame);
4021 exit_server_cleanly(NULL);
4024 bool req_is_in_chain(const struct smb_request *req)
4026 if (req->vwv != (const uint16_t *)(req->inbuf+smb_vwv)) {
4028 * We're right now handling a subsequent request, so we must
4034 if (!is_andx_req(req->cmd)) {
4040 * Okay, an illegal request, but definitely not chained :-)
4045 return (CVAL(req->vwv+0, 0) != 0xFF);
git.samba.org / metze / samba / wip.git / blob