#include "includes.h"
-extern struct auth_context *negprot_global_auth_context;
extern int smb_echo_count;
-const int total_buffer_size = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
-static enum smb_read_errors smb_read_error = SMB_READ_OK;
-
/*
* Size of data we can send to client. Set
* by the client for all protocols above CORE.
/* Accessor function for smb_read_error for smbd functions. */
-enum smb_read_errors *get_srv_read_error(void)
-{
- return &smb_read_error;
-}
-
/****************************************************************************
Send an smb to a fd.
****************************************************************************/
if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
DEBUG(0,("Invalid packet length! (%lu bytes).\n",
(unsigned long)len));
- if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
-
- /*
- * Correct fix. smb_read_error may have already been
- * set. Only set it here if not already set. Global
- * variables still suck :-). JRA.
- */
-
- cond_set_smb_read_error(get_srv_read_error(),
- SMB_READ_ERROR);
- return false;
- }
+ return false;
}
return true;
}
-static ssize_t read_packet_remainder(int fd,
- char *buffer,
- unsigned int timeout,
- ssize_t len)
+static NTSTATUS read_packet_remainder(int fd, char *buffer,
+ unsigned int timeout, ssize_t len)
{
- ssize_t ret;
-
- if(len <= 0) {
- return len;
- }
-
- if (timeout > 0) {
- ret = read_socket_with_timeout(fd,
- buffer,
- len,
- len,
- timeout,
- get_srv_read_error());
- } else {
- ret = read_data(fd, buffer, len, get_srv_read_error());
+ if (len <= 0) {
+ return NT_STATUS_OK;
}
- if (ret != len) {
- cond_set_smb_read_error(get_srv_read_error(),
- SMB_READ_ERROR);
- return -1;
- }
-
- return len;
+ return read_socket_with_timeout(fd, buffer, len, len, timeout, NULL);
}
/****************************************************************************
(2*14) + /* word count (including bcc) */ \
1 /* pad byte */)
-static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
- const char lenbuf[4],
- int fd,
- char **buffer,
- unsigned int timeout,
- size_t *p_unread)
+static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
+ const char lenbuf[4],
+ int fd, char **buffer,
+ unsigned int timeout,
+ size_t *p_unread,
+ size_t *len_ret)
{
/* Size of a WRITEX call (+4 byte len). */
char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
ssize_t toread;
- ssize_t ret;
+ NTSTATUS status;
- memcpy(writeX_header, lenbuf, sizeof(lenbuf));
+ memcpy(writeX_header, lenbuf, 4);
- if (timeout > 0) {
- ret = read_socket_with_timeout(fd,
- writeX_header + 4,
- STANDARD_WRITE_AND_X_HEADER_SIZE,
- STANDARD_WRITE_AND_X_HEADER_SIZE,
- timeout,
- get_srv_read_error());
- } else {
- ret = read_data(fd,
- writeX_header+4,
- STANDARD_WRITE_AND_X_HEADER_SIZE,
- get_srv_read_error());
- }
+ status = read_socket_with_timeout(
+ fd, writeX_header + 4,
+ STANDARD_WRITE_AND_X_HEADER_SIZE,
+ STANDARD_WRITE_AND_X_HEADER_SIZE,
+ timeout, NULL);
- if (ret != STANDARD_WRITE_AND_X_HEADER_SIZE) {
- cond_set_smb_read_error(get_srv_read_error(),
- SMB_READ_ERROR);
- return -1;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/*
if (*buffer == NULL) {
DEBUG(0, ("Could not allocate inbuf of length %d\n",
(int)sizeof(writeX_header)));
- cond_set_smb_read_error(get_srv_read_error(),
- SMB_READ_ERROR);
- return -1;
+ return NT_STATUS_NO_MEMORY;
}
/* Work out the remaining bytes. */
*p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
-
- return newlen + 4;
+ *len_ret = newlen + 4;
+ return NT_STATUS_OK;
}
if (!valid_packet_size(len)) {
- return -1;
+ return NT_STATUS_INVALID_PARAMETER;
}
/*
if (*buffer == NULL) {
DEBUG(0, ("Could not allocate inbuf of length %d\n",
(int)len+4));
- cond_set_smb_read_error(get_srv_read_error(),
- SMB_READ_ERROR);
- return -1;
+ return NT_STATUS_NO_MEMORY;
}
/* Copy in what we already read. */
toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
if(toread > 0) {
- ret = read_packet_remainder(fd,
- (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
- timeout,
- toread);
- if (ret != toread) {
- return -1;
+ status = read_packet_remainder(
+ fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
+ timeout, toread);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
+ nt_errstr(status)));
+ return status;
}
}
- return len + 4;
+ *len_ret = len + 4;
+ return NT_STATUS_OK;
}
-static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
- int fd,
- char **buffer,
- unsigned int timeout,
- size_t *p_unread)
+static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
+ char **buffer, unsigned int timeout,
+ size_t *p_unread, size_t *plen)
{
char lenbuf[4];
- ssize_t len,ret;
+ size_t len;
int min_recv_size = lp_min_receive_file_size();
+ NTSTATUS status;
- set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
*p_unread = 0;
- len = read_smb_length_return_keepalive(fd, lenbuf,
- timeout, get_srv_read_error());
- if (len < 0) {
- DEBUG(10,("receive_smb_raw: length < 0!\n"));
-
- /*
- * Correct fix. smb_read_error may have already been
- * set. Only set it here if not already set. Global
- * variables still suck :-). JRA.
- */
-
- cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
- return -1;
+ status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
+ return status;
}
if (CVAL(lenbuf,0) == 0 &&
min_recv_size &&
- smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */
+ smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */
!srv_is_signing_active()) {
- return receive_smb_raw_talloc_partial_read(mem_ctx,
- lenbuf,
- fd,
- buffer,
- timeout,
- p_unread);
+ return receive_smb_raw_talloc_partial_read(
+ mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
}
if (!valid_packet_size(len)) {
- return -1;
+ return NT_STATUS_INVALID_PARAMETER;
}
/*
if (*buffer == NULL) {
DEBUG(0, ("Could not allocate inbuf of length %d\n",
(int)len+4));
- cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
- return -1;
+ return NT_STATUS_NO_MEMORY;
}
memcpy(*buffer, lenbuf, sizeof(lenbuf));
- ret = read_packet_remainder(fd, (*buffer)+4, timeout, len);
- if (ret != len) {
- return -1;
+ status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return len + 4;
+ *plen = len + 4;
+ return NT_STATUS_OK;
}
-static ssize_t receive_smb_talloc(TALLOC_CTX *mem_ctx,
- int fd,
- char **buffer,
- unsigned int timeout,
- size_t *p_unread,
- bool *p_encrypted)
+static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd,
+ char **buffer, unsigned int timeout,
+ size_t *p_unread, bool *p_encrypted,
+ size_t *p_len)
{
- ssize_t len;
+ size_t len = 0;
+ NTSTATUS status;
*p_encrypted = false;
- len = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout, p_unread);
-
- if (len < 0) {
- return -1;
+ status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
+ p_unread, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if (is_encrypted_packet((uint8_t *)*buffer)) {
- NTSTATUS status = srv_decrypt_buffer(*buffer);
+ status = srv_decrypt_buffer(*buffer);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
"incoming packet! Error %s\n",
nt_errstr(status) ));
- cond_set_smb_read_error(get_srv_read_error(),
- SMB_READ_BAD_DECRYPT);
- return -1;
+ return status;
}
*p_encrypted = true;
}
if (!srv_check_sign_mac(*buffer, true)) {
DEBUG(0, ("receive_smb: SMB Signature verification failed on "
"incoming packet!\n"));
- cond_set_smb_read_error(get_srv_read_error(),SMB_READ_BAD_SIG);
- return -1;
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- return len;
+ *p_len = len;
+ return NT_STATUS_OK;
}
/*
msg->request_time = request_time;
msg->end_time = end_time;
msg->encrypted = req->encrypted;
+ msg->processed = false;
if (private_data) {
msg->private_data = data_blob_talloc(msg, private_data,
DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
(unsigned int)msg_mid ));
if (mid == msg_mid) {
+
+ if (pml->processed) {
+ /* A processed message should not be
+ * rescheduled. */
+ DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
+ "message mid %u was already processed\n",
+ (unsigned int)msg_mid ));
+ continue;
+ }
+
DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
mid ));
pml->end_time.tv_sec = 0;
}
/****************************************************************************
- Return true if this mid is on the deferred queue.
+ Return true if this mid is on the deferred queue and was not yet processed.
****************************************************************************/
bool open_was_deferred(uint16 mid)
struct pending_message_list *pml;
for (pml = deferred_open_queue; pml; pml = pml->next) {
- if (SVAL(pml->buf.data,smb_mid) == mid) {
+ if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
return True;
}
}
The timeout is in milliseconds
****************************************************************************/
-static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
- char **buffer,
- size_t *buffer_len,
- int timeout,
- size_t *p_unread,
- bool *p_encrypted)
+static NTSTATUS receive_message_or_smb(TALLOC_CTX *mem_ctx, char **buffer,
+ size_t *buffer_len, int timeout,
+ size_t *p_unread, bool *p_encrypted)
{
fd_set r_fds, w_fds;
int selrtn;
struct timeval to;
int maxfd = 0;
- ssize_t len;
+ size_t len = 0;
+ NTSTATUS status;
*p_unread = 0;
- set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
again:
msg->buf.length);
if (*buffer == NULL) {
DEBUG(0, ("talloc failed\n"));
- set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
*buffer_len = msg->buf.length;
*p_encrypted = msg->encrypted;
/* We leave this message on the queue so the open code can
know this is a retry. */
DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
- return True;
+
+ /* Mark the message as processed so this is not
+ * re-processed in error. */
+ msg->processed = true;
+ return NT_STATUS_OK;
}
}
/* Check if error */
if (selrtn == -1) {
/* something is wrong. Maybe the socket is dead? */
- set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
- return False;
- }
-
+ return map_nt_error_from_unix(errno);
+ }
+
/* Did we timeout ? */
if (selrtn == 0) {
- set_smb_read_error(get_srv_read_error(),SMB_READ_TIMEOUT);
- return False;
+ return NT_STATUS_IO_TIMEOUT;
}
/*
goto again;
}
- len = receive_smb_talloc(mem_ctx, smbd_server_fd(),
- buffer, 0, p_unread, p_encrypted);
+ /*
+ * We've just woken up from a protentially long select sleep.
+ * Ensure we process local messages as we need to synchronously
+ * process any messages from other smbd's to avoid file rename race
+ * conditions. This call is cheap if there are no messages waiting.
+ * JRA.
+ */
+ message_dispatch(smbd_messaging_context());
- if (len == -1) {
- return False;
+ status = receive_smb_talloc(mem_ctx, smbd_server_fd(), buffer, 0,
+ p_unread, p_encrypted, &len);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- *buffer_len = (size_t)len;
+ *buffer_len = len;
- return True;
+ return NT_STATUS_OK;
}
/*
/* 0x30 */ { NULL, NULL, 0 },
/* 0x31 */ { NULL, NULL, 0 },
/* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
-/* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER},
+/* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC},
/* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
/* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
/* 0x36 */ { NULL, NULL, 0 },
if ((num_bytes > 0xffffff)
|| ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
char *msg;
- asprintf(&msg, "num_bytes too large: %u",
- (unsigned)num_bytes);
+ if (asprintf(&msg, "num_bytes too large: %u",
+ (unsigned)num_bytes) == -1) {
+ msg = CONST_DISCARD(char *, "num_bytes too large");
+ }
smb_panic(msg);
}
if (len < 4) len = smb_len(data)+4;
for (i=1;i<100;i++) {
- asprintf(&fname, "/tmp/%s.%d.%s", name, i,
- type ? "req" : "resp");
- if (!fname) {
+ if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
+ type ? "req" : "resp") == -1) {
return;
}
fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
{
+ struct pending_message_list *pml = NULL;
uint8 type = CVAL(inbuf,smb_com);
connection_struct *conn;
struct smb_request *req;
conn = switch_message(type, req, size);
+ /* If this was a deferred message and it's still there and
+ * was processed, remove it. */
+ pml = get_open_deferred_message(req->mid);
+ if (pml && pml->processed) {
+ remove_deferred_open_smb_message(req->mid);
+ }
+
if (req->unread_bytes) {
/* writeX failed. drain socket. */
if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
char *outbuf = (char *)req->outbuf;
size_t outsize = smb_len(outbuf) + 4;
size_t outsize_padded;
+ size_t padding;
size_t ofs, to_move;
struct smb_request *req2;
*/
outsize_padded = (outsize + 3) & ~3;
+ padding = outsize_padded - outsize;
/*
* remember how much the caller added to the chain, only counting
* stuff after the parameter words
*/
- chain_size += outsize_padded - smb_wct;
+ chain_size += (outsize_padded - smb_wct);
/*
* work out pointers into the original packets. The
SCVAL(outbuf, smb_vwv0, smb_com2);
SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
- if (outsize_padded > outsize) {
+ if (padding != 0) {
/*
* Due to padding we have some uninitialized bytes after the
* caller's output
*/
- memset(outbuf + outsize, 0, outsize_padded - outsize);
+ memset(outbuf + outsize, 0, padding);
}
- smb_setlen(outbuf, outsize2 + chain_size - 4);
+ smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4);
/*
* restore the saved data, being careful not to overwrite any data
SAFE_FREE(caller_output);
TALLOC_FREE(req2);
+ /*
+ * Reset the chain_size for our caller's offset calculations
+ */
+
+ chain_size -= (outsize_padded - smb_wct);
+
return;
}
Process any timeout housekeeping. Return False if the caller should exit.
****************************************************************************/
-static bool timeout_processing(int *select_timeout,
+static void timeout_processing(int *select_timeout,
time_t *last_timeout_processing_time)
{
time_t t;
- if (*get_srv_read_error() == SMB_READ_EOF) {
- DEBUG(3,("timeout_processing: End of file from client (client has disconnected).\n"));
- return false;
- }
-
- if (*get_srv_read_error() == SMB_READ_ERROR) {
- DEBUG(3,("timeout_processing: receive_smb error (%s) Exiting\n",
- strerror(errno)));
- return false;
- }
-
- if (*get_srv_read_error() == SMB_READ_BAD_SIG) {
- DEBUG(3,("timeout_processing: receive_smb error bad smb signature. Exiting\n"));
- return false;
- }
-
*last_timeout_processing_time = t = time(NULL);
/* become root again if waiting */
unsigned char trust_passwd_hash[16];
time_t lct;
+ void *lock;
/*
* We're in domain level security, and the code that
* First, open the machine password file with an exclusive lock.
*/
- if (secrets_lock_trust_account_password(lp_workgroup(), True) == False) {
+ lock = secrets_get_trust_account_lock(NULL, lp_workgroup());
+
+ if (lock == NULL) {
DEBUG(0,("process: unable to lock the machine account password for \
machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
- return True;
+ return;
}
if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
DEBUG(0,("process: unable to read the machine account password for \
machine %s in domain %s.\n", global_myname(), lp_workgroup()));
- secrets_lock_trust_account_password(lp_workgroup(), False);
- return True;
+ TALLOC_FREE(lock);
+ return;
}
/*
if(t < lct + lp_machine_password_timeout()) {
global_machine_password_needs_changing = False;
- secrets_lock_trust_account_password(lp_workgroup(), False);
- return True;
+ TALLOC_FREE(lock);
+ return;
}
/* always just contact the PDC here */
change_trust_account_password( lp_workgroup(), NULL);
global_machine_password_needs_changing = False;
- secrets_lock_trust_account_password(lp_workgroup(), False);
+ TALLOC_FREE(lock);
}
/* update printer queue caches if necessary */
*select_timeout = setup_select_timeout();
- return True;
+ return;
}
/****************************************************************************
while (True) {
int select_timeout = setup_select_timeout();
int num_echos;
- char *inbuf;
- size_t inbuf_len;
+ char *inbuf = NULL;
+ size_t inbuf_len = 0;
bool encrypted = false;
TALLOC_CTX *frame = talloc_stackframe_pool(8192);
/* Did someone ask for immediate checks on things like blocking locks ? */
if (select_timeout == 0) {
- if(!timeout_processing(&select_timeout,
- &last_timeout_processing_time))
- return;
+ timeout_processing(&select_timeout,
+ &last_timeout_processing_time);
num_smbs = 0; /* Reset smb counter. */
}
run_events(smbd_event_context(), 0, NULL, NULL);
- while (!receive_message_or_smb(NULL, &inbuf, &inbuf_len,
- select_timeout,
- &unread_bytes,
- &encrypted)) {
- if(!timeout_processing(&select_timeout,
- &last_timeout_processing_time))
- return;
+ while (True) {
+ NTSTATUS status;
+
+ status = receive_message_or_smb(
+ talloc_tos(), &inbuf, &inbuf_len,
+ select_timeout, &unread_bytes, &encrypted);
+
+ if (NT_STATUS_IS_OK(status)) {
+ break;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ timeout_processing(
+ &select_timeout,
+ &last_timeout_processing_time);
+ continue;
+ }
+
+ DEBUG(3, ("receive_message_or_smb failed: %s, "
+ "exiting\n", nt_errstr(status)));
+ return;
+
num_smbs = 0; /* Reset smb counter. */
}
TALLOC_FREE(inbuf);
if (smb_echo_count != num_echos) {
- if(!timeout_processing( &select_timeout, &last_timeout_processing_time))
- return;
+ timeout_processing(&select_timeout,
+ &last_timeout_processing_time);
num_smbs = 0; /* Reset smb counter. */
}
if ((num_smbs % 200) == 0) {
time_t new_check_time = time(NULL);
if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
- if(!timeout_processing(
- &select_timeout,
- &last_timeout_processing_time))
- return;
+ timeout_processing(
+ &select_timeout,
+ &last_timeout_processing_time);
num_smbs = 0; /* Reset smb counter. */
last_timeout_processing_time = new_check_time; /* Reset time. */
}