2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan Metzmacher 2014
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/filesys.h"
23 #include "lib/util/server_id.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "dbwrap/dbwrap.h"
27 #include "dbwrap/dbwrap_rbt.h"
28 #include "dbwrap/dbwrap_open.h"
29 #include "dbwrap/dbwrap_watch.h"
32 #include "auth/gensec/gensec.h"
33 #include "../lib/tsocket/tsocket.h"
34 #include "../libcli/security/security.h"
36 #include "lib/util/util_tdb.h"
37 #include "librpc/gen_ndr/ndr_smbXsrv.h"
39 #include "lib/util/tevent_ntstatus.h"
40 #include "lib/util/iov_buf.h"
41 #include "lib/global_contexts.h"
42 #include "source3/include/util_tdb.h"
44 struct smbXsrv_client_table {
50 struct db_context *db_ctx;
54 static struct db_context *smbXsrv_client_global_db_ctx = NULL;
56 NTSTATUS smbXsrv_client_global_init(void)
58 char *global_path = NULL;
59 struct db_context *backend = NULL;
60 struct db_context *db_ctx = NULL;
62 if (smbXsrv_client_global_db_ctx != NULL) {
67 * This contains secret information like client keys!
69 global_path = lock_path(talloc_tos(), "smbXsrv_client_global.tdb");
70 if (global_path == NULL) {
71 return NT_STATUS_NO_MEMORY;
74 backend = db_open(NULL, global_path,
78 TDB_INCOMPATIBLE_HASH,
79 O_RDWR | O_CREAT, 0600,
82 TALLOC_FREE(global_path);
83 if (backend == NULL) {
84 NTSTATUS status = map_nt_error_from_unix_common(errno);
88 db_ctx = db_open_watched(NULL, &backend, global_messaging_context());
91 return NT_STATUS_NO_MEMORY;
94 smbXsrv_client_global_db_ctx = db_ctx;
99 #define SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE 16
101 static TDB_DATA smbXsrv_client_global_id_to_key(const struct GUID *client_guid,
104 TDB_DATA key = { .dsize = 0, };
105 struct GUID_ndr_buf buf = { .buf = {0}, };
107 GUID_to_ndr_buf(client_guid, &buf);
108 memcpy(key_buf, buf.buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
110 key = make_tdb_data(key_buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
115 static struct db_record *smbXsrv_client_global_fetch_locked(
116 struct db_context *db,
117 const struct GUID *client_guid,
121 uint8_t key_buf[SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE];
122 struct db_record *rec = NULL;
124 key = smbXsrv_client_global_id_to_key(client_guid, key_buf);
126 rec = dbwrap_fetch_locked(db, mem_ctx, key);
129 struct GUID_txt_buf buf;
130 DBG_DEBUG("Failed to lock guid [%s], key '%s'\n",
131 GUID_buf_string(client_guid, &buf),
138 static NTSTATUS smbXsrv_client_table_create(TALLOC_CTX *mem_ctx,
139 struct messaging_context *msg_ctx,
140 uint32_t max_clients,
141 struct smbXsrv_client_table **_table)
143 struct smbXsrv_client_table *table;
146 if (max_clients > 1) {
147 return NT_STATUS_INTERNAL_ERROR;
150 table = talloc_zero(mem_ctx, struct smbXsrv_client_table);
152 return NT_STATUS_NO_MEMORY;
155 table->local.max_clients = max_clients;
157 status = smbXsrv_client_global_init();
158 if (!NT_STATUS_IS_OK(status)) {
163 table->global.db_ctx = smbXsrv_client_global_db_ctx;
169 static int smbXsrv_client_global_destructor(struct smbXsrv_client_global0 *global)
174 static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
178 const struct server_id *dead_server_id,
179 struct smbXsrv_client_global0 **_g,
185 struct smbXsrv_client_globalB global_blob;
186 enum ndr_err_code ndr_err;
187 struct smbXsrv_client_global0 *global = NULL;
190 TALLOC_CTX *frame = talloc_stackframe();
204 key = dbwrap_record_get_key(db_rec);
206 val = dbwrap_record_get_value(db_rec);
207 if (val.dsize == 0) {
216 blob = data_blob_const(val.dptr, val.dsize);
218 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
219 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_client_globalB);
220 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
221 NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
222 DBG_WARNING("key '%s' ndr_pull_struct_blob - %s\n",
229 DBG_DEBUG("client_global:\n");
230 if (DEBUGLVL(DBGLVL_DEBUG)) {
231 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
234 if (global_blob.version != SMBXSRV_VERSION_0) {
235 DBG_ERR("key '%s' uses unsupported version %u\n",
237 global_blob.version);
238 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
243 global = global_blob.info.info0;
245 dead = server_id_equal(dead_server_id, &global->server_id);
247 struct server_id_buf tmp;
249 DBG_NOTICE("key '%s' server_id %s is already dead.\n",
251 server_id_str_buf(global->server_id, &tmp));
252 if (DEBUGLVL(DBGLVL_NOTICE)) {
253 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
256 dbwrap_record_delete(db_rec);
261 exists = serverid_exists(&global->server_id);
263 struct server_id_buf tmp;
265 DBG_NOTICE("key '%s' server_id %s does not exist.\n",
267 server_id_str_buf(global->server_id, &tmp));
268 if (DEBUGLVL(DBGLVL_NOTICE)) {
269 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
272 dbwrap_record_delete(db_rec);
278 *_g = talloc_move(mem_ctx, &global);
281 *pseqnum = global_blob.seqnum;
286 static NTSTATUS smb2srv_client_connection_pass(struct smbd_smb2_request *smb2req,
287 struct smbXsrv_client_global0 *global)
290 enum ndr_err_code ndr_err;
292 struct smbXsrv_connection_pass0 pass_info0;
293 struct smbXsrv_connection_passB pass_blob;
297 pass_info0 = (struct smbXsrv_connection_pass0) {
298 .client_guid = global->client_guid,
299 .src_server_id = smb2req->xconn->client->global->server_id,
300 .xconn_connect_time = smb2req->xconn->client->global->initial_connect_time,
301 .dst_server_id = global->server_id,
302 .client_connect_time = global->initial_connect_time,
305 reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
307 return NT_STATUS_INVALID_BUFFER_SIZE;
310 pass_info0.negotiate_request.length = reqlen;
311 pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
313 if (pass_info0.negotiate_request.data == NULL) {
314 return NT_STATUS_NO_MEMORY;
316 iov_buf(smb2req->in.vector, smb2req->in.vector_count,
317 pass_info0.negotiate_request.data,
318 pass_info0.negotiate_request.length);
320 ZERO_STRUCT(pass_blob);
321 pass_blob.version = smbXsrv_version_global_current();
322 pass_blob.info.info0 = &pass_info0;
324 if (DEBUGLVL(DBGLVL_DEBUG)) {
325 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
328 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &pass_blob,
329 (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_passB);
330 data_blob_free(&pass_info0.negotiate_request);
331 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
332 status = ndr_map_error2ntstatus(ndr_err);
336 iov.iov_base = blob.data;
337 iov.iov_len = blob.length;
339 status = messaging_send_iov(smb2req->xconn->client->msg_ctx,
341 MSG_SMBXSRV_CONNECTION_PASS,
343 &smb2req->xconn->transport.sock, 1);
344 data_blob_free(&blob);
345 if (!NT_STATUS_IS_OK(status)) {
352 static NTSTATUS smb2srv_client_connection_drop(struct smbd_smb2_request *smb2req,
353 struct smbXsrv_client_global0 *global)
356 enum ndr_err_code ndr_err;
358 struct smbXsrv_connection_drop0 drop_info0;
359 struct smbXsrv_connection_dropB drop_blob;
362 drop_info0 = (struct smbXsrv_connection_drop0) {
363 .client_guid = global->client_guid,
364 .src_server_id = smb2req->xconn->client->global->server_id,
365 .xconn_connect_time = smb2req->xconn->client->global->initial_connect_time,
366 .dst_server_id = global->server_id,
367 .client_connect_time = global->initial_connect_time,
370 ZERO_STRUCT(drop_blob);
371 drop_blob.version = smbXsrv_version_global_current();
372 drop_blob.info.info0 = &drop_info0;
374 if (DEBUGLVL(DBGLVL_DEBUG)) {
375 NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
378 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &drop_blob,
379 (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_dropB);
380 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
381 status = ndr_map_error2ntstatus(ndr_err);
385 iov.iov_base = blob.data;
386 iov.iov_len = blob.length;
388 status = messaging_send_iov(smb2req->xconn->client->msg_ctx,
390 MSG_SMBXSRV_CONNECTION_DROP,
393 data_blob_free(&blob);
394 if (!NT_STATUS_IS_OK(status)) {
401 static NTSTATUS smbXsrv_client_global_store(struct smbXsrv_client_global0 *global)
403 struct smbXsrv_client_globalB global_blob;
404 DATA_BLOB blob = data_blob_null;
408 enum ndr_err_code ndr_err;
409 bool saved_stored = global->stored;
412 * TODO: if we use other versions than '0'
413 * we would add glue code here, that would be able to
414 * store the information in the old format.
417 SMB_ASSERT(global->local_address != NULL);
418 SMB_ASSERT(global->remote_address != NULL);
419 SMB_ASSERT(global->remote_name != NULL);
421 if (global->db_rec == NULL) {
422 return NT_STATUS_INTERNAL_ERROR;
425 key = dbwrap_record_get_key(global->db_rec);
426 val = dbwrap_record_get_value(global->db_rec);
428 global_blob = (struct smbXsrv_client_globalB) {
429 .version = smbXsrv_version_global_current(),
430 .info.info0 = global,
432 if (val.dsize >= 8) {
433 global_blob.seqnum = IVAL(val.dptr, 4);
435 global_blob.seqnum += 1;
437 global->stored = true;
438 ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
439 (ndr_push_flags_fn_t)ndr_push_smbXsrv_client_globalB);
440 global->stored = saved_stored;
441 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
442 status = ndr_map_error2ntstatus(ndr_err);
443 DBG_WARNING("key '%s' ndr_push - %s\n",
446 TALLOC_FREE(global->db_rec);
450 val = make_tdb_data(blob.data, blob.length);
451 status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
452 if (!NT_STATUS_IS_OK(status)) {
453 DBG_WARNING("key '%s' store - %s\n",
456 TALLOC_FREE(global->db_rec);
460 global->stored = true;
462 if (DEBUGLVL(DBGLVL_DEBUG)) {
463 DBG_DEBUG("key '%s' stored\n",
465 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
468 TALLOC_FREE(global->db_rec);
473 struct smb2srv_client_mc_negprot_state {
474 struct tevent_context *ev;
475 struct smbd_smb2_request *smb2req;
476 struct db_record *db_rec;
477 struct server_id sent_server_id;
478 uint64_t watch_instance;
479 uint32_t last_seqnum;
480 struct tevent_req *filter_subreq;
483 static void smb2srv_client_mc_negprot_cleanup(struct tevent_req *req,
484 enum tevent_req_state req_state)
486 struct smb2srv_client_mc_negprot_state *state =
488 struct smb2srv_client_mc_negprot_state);
490 if (state->db_rec != NULL) {
491 dbwrap_watched_watch_remove_instance(state->db_rec,
492 state->watch_instance);
493 state->watch_instance = 0;
494 TALLOC_FREE(state->db_rec);
498 static void smb2srv_client_mc_negprot_next(struct tevent_req *req);
499 static bool smb2srv_client_mc_negprot_filter(struct messaging_rec *rec, void *private_data);
500 static void smb2srv_client_mc_negprot_done(struct tevent_req *subreq);
501 static void smb2srv_client_mc_negprot_watched(struct tevent_req *subreq);
503 struct tevent_req *smb2srv_client_mc_negprot_send(TALLOC_CTX *mem_ctx,
504 struct tevent_context *ev,
505 struct smbd_smb2_request *smb2req)
507 struct tevent_req *req = NULL;
508 struct smb2srv_client_mc_negprot_state *state = NULL;
510 req = tevent_req_create(mem_ctx, &state,
511 struct smb2srv_client_mc_negprot_state);
516 state->smb2req = smb2req;
518 tevent_req_set_cleanup_fn(req, smb2srv_client_mc_negprot_cleanup);
520 server_id_set_disconnected(&state->sent_server_id);
522 smb2srv_client_mc_negprot_next(req);
524 if (!tevent_req_is_in_progress(req)) {
525 return tevent_req_post(req, ev);
531 static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
533 struct smb2srv_client_mc_negprot_state *state =
535 struct smb2srv_client_mc_negprot_state);
536 struct smbXsrv_connection *xconn = state->smb2req->xconn;
537 struct smbXsrv_client *client = xconn->client;
538 struct smbXsrv_client_table *table = client->table;
539 struct GUID client_guid = xconn->smb2.client.guid;
540 struct smbXsrv_client_global0 *global = NULL;
541 bool is_free = false;
542 struct tevent_req *subreq = NULL;
545 struct server_id last_server_id = { .pid = 0, };
547 SMB_ASSERT(state->db_rec == NULL);
548 state->db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx,
551 if (state->db_rec == NULL) {
552 tevent_req_nterror(req, NT_STATUS_INTERNAL_DB_ERROR);
559 smbXsrv_client_global_verify_record(state->db_rec,
567 dbwrap_watched_watch_remove_instance(state->db_rec,
568 state->watch_instance);
569 state->watch_instance = 0;
572 * This stores the new client information in
573 * smbXsrv_client_global.tdb
575 client->global->client_guid = xconn->smb2.client.guid;
577 client->global->db_rec = state->db_rec;
578 state->db_rec = NULL;
579 status = smbXsrv_client_global_store(client->global);
580 SMB_ASSERT(client->global->db_rec == NULL);
581 if (!NT_STATUS_IS_OK(status)) {
582 struct GUID_txt_buf buf;
583 DBG_ERR("client_guid[%s] store failed - %s\n",
584 GUID_buf_string(&client->global->client_guid,
587 tevent_req_nterror(req, status);
591 if (DEBUGLVL(DBGLVL_DEBUG)) {
592 struct smbXsrv_clientB client_blob = {
593 .version = SMBXSRV_VERSION_0,
594 .info.info0 = client,
596 struct GUID_txt_buf buf;
598 DBG_DEBUG("client_guid[%s] stored\n",
599 GUID_buf_string(&client->global->client_guid,
601 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
604 xconn->smb2.client.guid_verified = true;
605 tevent_req_done(req);
609 if (global == NULL) {
611 * most likely ndr_pull_struct_blob() failed
613 tevent_req_nterror(req, NT_STATUS_INTERNAL_DB_CORRUPTION);
617 if (server_id_equal(&state->sent_server_id, &global->server_id)) {
619 * We hit a race with other concurrent connections,
620 * which have woken us.
622 * We already sent the pass or drop message to
623 * the process, so we need to wait for a
624 * response and not pass the connection
625 * again! Otherwise the process would
626 * receive the same tcp connection via
627 * more than one file descriptor and
628 * create more than one smbXsrv_connection
629 * structure for the same tcp connection,
630 * which means the client would see more
631 * than one SMB2 negprot response to its
632 * single SMB2 netprot request and we
633 * as server get the session keys and
634 * message id validation wrong
639 server_id_set_disconnected(&state->sent_server_id);
642 * If last_server_id is set, we expect
643 * smbXsrv_client_global_verify_record()
644 * to detect the already dead global->server_id
645 * as state->db_rec is still locked and its
646 * value didn't change.
648 SMB_ASSERT(last_server_id.pid == 0);
649 last_server_id = global->server_id;
651 TALLOC_FREE(state->filter_subreq);
652 if (procid_is_local(&global->server_id)) {
653 subreq = messaging_filtered_read_send(state,
656 smb2srv_client_mc_negprot_filter,
658 if (tevent_req_nomem(subreq, req)) {
661 tevent_req_set_callback(subreq, smb2srv_client_mc_negprot_done, req);
662 state->filter_subreq = subreq;
665 if (procid_is_local(&global->server_id)) {
666 status = smb2srv_client_connection_pass(state->smb2req,
668 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
670 * We remembered last_server_id = global->server_id
671 * above, so we'll treat it as dead in the
672 * next round to smbXsrv_client_global_verify_record().
676 state->sent_server_id = global->server_id;
677 if (tevent_req_nterror(req, status)) {
681 status = smb2srv_client_connection_drop(state->smb2req,
683 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
685 * We remembered last_server_id = global->server_id
686 * above, so we'll treat it as dead in the
687 * next round to smbXsrv_client_global_verify_record().
691 state->sent_server_id = global->server_id;
692 if (tevent_req_nterror(req, status)) {
700 * If the record changed, but we are not happy with the change yet,
701 * we better remove ourself from the waiter list
702 * (most likely the first position)
703 * and re-add us at the end of the list.
705 * This gives other waiters a change
708 * Otherwise we'll keep our waiter instance alive,
709 * keep waiting (most likely at first position).
710 * It means the order of watchers stays fair.
712 if (state->last_seqnum != seqnum) {
713 state->last_seqnum = seqnum;
714 dbwrap_watched_watch_remove_instance(state->db_rec,
715 state->watch_instance);
716 state->watch_instance =
717 dbwrap_watched_watch_add_instance(state->db_rec);
720 subreq = dbwrap_watched_watch_send(state,
723 state->watch_instance,
725 if (tevent_req_nomem(subreq, req)) {
728 tevent_req_set_callback(subreq, smb2srv_client_mc_negprot_watched, req);
731 TALLOC_FREE(state->db_rec);
735 static bool smb2srv_client_mc_negprot_filter(struct messaging_rec *rec, void *private_data)
737 if (rec->msg_type != MSG_SMBXSRV_CONNECTION_PASSED) {
741 if (rec->num_fds != 0) {
748 static void smb2srv_client_mc_negprot_done(struct tevent_req *subreq)
750 struct tevent_req *req =
751 tevent_req_callback_data(subreq,
753 struct smb2srv_client_mc_negprot_state *state =
755 struct smb2srv_client_mc_negprot_state);
756 struct smbXsrv_connection *xconn = state->smb2req->xconn;
757 struct smbXsrv_client *client = xconn->client;
758 struct messaging_rec *rec = NULL;
759 struct smbXsrv_connection_passB passed_blob;
760 enum ndr_err_code ndr_err;
761 struct smbXsrv_connection_pass0 *passed_info0 = NULL;
765 SMB_ASSERT(state->filter_subreq == subreq);
766 state->filter_subreq = NULL;
768 ret = messaging_filtered_read_recv(subreq, state, &rec);
771 status = map_nt_error_from_unix_common(ret);
772 DBG_ERR("messaging_filtered_read_recv() - %s\n",
774 tevent_req_nterror(req, status);
778 DBG_DEBUG("MSG_SMBXSRV_CONNECTION_PASSED: received...\n");
780 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &passed_blob,
781 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_passB);
782 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
783 status = ndr_map_error2ntstatus(ndr_err);
784 DBG_ERR("ndr_pull_struct_blob - %s\n", nt_errstr(status));
785 tevent_req_nterror(req, status);
789 if (DEBUGLVL(DBGLVL_DEBUG)) {
790 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
793 if (passed_blob.version != SMBXSRV_VERSION_0) {
794 DBG_ERR("ignore invalid version %u\n", passed_blob.version);
795 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
796 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
800 passed_info0 = passed_blob.info.info0;
801 if (passed_info0 == NULL) {
802 DBG_ERR("ignore NULL info %u\n", passed_blob.version);
803 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
804 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
808 if (!GUID_equal(&xconn->smb2.client.guid, &passed_info0->client_guid)) {
809 struct GUID_txt_buf buf1, buf2;
811 DBG_ERR("client's client_guid [%s] != passed guid [%s]\n",
812 GUID_buf_string(&xconn->smb2.client.guid,
814 GUID_buf_string(&passed_info0->client_guid,
816 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
817 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
821 if (client->global->initial_connect_time !=
822 passed_info0->xconn_connect_time)
824 DBG_ERR("client's initial connect time [%s] (%llu) != "
825 "passed xconn connect time [%s] (%llu)\n",
826 nt_time_string(talloc_tos(),
827 client->global->initial_connect_time),
828 (unsigned long long)client->global->initial_connect_time,
829 nt_time_string(talloc_tos(),
830 passed_info0->xconn_connect_time),
831 (unsigned long long)passed_info0->xconn_connect_time);
832 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
833 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
837 if (passed_info0->negotiate_request.length != 0) {
838 DBG_ERR("negotiate_request.length[%zu]\n",
839 passed_info0->negotiate_request.length);
840 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
841 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
845 tevent_req_nterror(req, NT_STATUS_MESSAGE_RETRIEVED);
848 static void smb2srv_client_mc_negprot_watched(struct tevent_req *subreq)
850 struct tevent_req *req =
851 tevent_req_callback_data(subreq,
853 struct smb2srv_client_mc_negprot_state *state =
855 struct smb2srv_client_mc_negprot_state);
857 uint64_t instance = 0;
859 status = dbwrap_watched_watch_recv(subreq, &instance, NULL, NULL);
861 if (tevent_req_nterror(req, status)) {
865 state->watch_instance = instance;
867 smb2srv_client_mc_negprot_next(req);
870 NTSTATUS smb2srv_client_mc_negprot_recv(struct tevent_req *req)
872 return tevent_req_simple_recv_ntstatus(req);
875 static NTSTATUS smbXsrv_client_global_remove(struct smbXsrv_client_global0 *global)
881 * TODO: if we use other versions than '0'
882 * we would add glue code here, that would be able to
883 * store the information in the old format.
886 if (global->db_rec == NULL) {
887 return NT_STATUS_INTERNAL_ERROR;
890 key = dbwrap_record_get_key(global->db_rec);
892 status = dbwrap_record_delete(global->db_rec);
893 if (!NT_STATUS_IS_OK(status)) {
894 DBG_WARNING("key '%s' delete - %s\n",
897 TALLOC_FREE(global->db_rec);
900 global->stored = false;
901 DBG_DEBUG("key '%s' delete\n", tdb_data_dbg(key));
903 TALLOC_FREE(global->db_rec);
908 static int smbXsrv_client_destructor(struct smbXsrv_client *client)
912 status = smbXsrv_client_remove(client);
913 if (!NT_STATUS_IS_OK(status)) {
914 DBG_ERR("smbXsrv_client_remove() failed: %s\n",
918 TALLOC_FREE(client->global);
923 static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data);
924 static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq);
925 static bool smbXsrv_client_connection_drop_filter(struct messaging_rec *rec, void *private_data);
926 static void smbXsrv_client_connection_drop_loop(struct tevent_req *subreq);
928 NTSTATUS smbXsrv_client_create(TALLOC_CTX *mem_ctx,
929 struct tevent_context *ev_ctx,
930 struct messaging_context *msg_ctx,
932 struct smbXsrv_client **_client)
934 struct smbXsrv_client_table *table;
935 struct smbXsrv_client *client = NULL;
936 struct smbXsrv_client_global0 *global = NULL;
938 struct tevent_req *subreq = NULL;
940 status = smbXsrv_client_table_create(mem_ctx,
944 if (!NT_STATUS_IS_OK(status)) {
948 if (table->local.num_clients >= table->local.max_clients) {
950 return NT_STATUS_INSUFFICIENT_RESOURCES;
953 client = talloc_zero(mem_ctx, struct smbXsrv_client);
954 if (client == NULL) {
956 return NT_STATUS_NO_MEMORY;
958 client->raw_ev_ctx = ev_ctx;
959 client->msg_ctx = msg_ctx;
961 client->server_multi_channel_enabled =
962 smbXsrv_server_multi_channel_enabled();
963 if (client->server_multi_channel_enabled) {
964 client->next_channel_id = 1;
966 client->table = talloc_move(client, &table);
967 table = client->table;
969 global = talloc_zero(client, struct smbXsrv_client_global0);
970 if (global == NULL) {
972 return NT_STATUS_NO_MEMORY;
974 talloc_set_destructor(global, smbXsrv_client_global_destructor);
975 client->global = global;
977 global->initial_connect_time = now;
979 global->server_id = messaging_server_id(client->msg_ctx);
981 table->local.num_clients += 1;
983 talloc_set_destructor(client, smbXsrv_client_destructor);
985 if (DEBUGLVL(DBGLVL_DEBUG)) {
986 struct smbXsrv_clientB client_blob = {
987 .version = SMBXSRV_VERSION_0,
988 .info.info0 = client,
990 struct GUID_txt_buf buf;
992 DBG_DEBUG("client_guid[%s] created\n",
993 GUID_buf_string(&global->client_guid, &buf));
994 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
997 subreq = messaging_filtered_read_send(client,
1000 smbXsrv_client_connection_pass_filter,
1002 if (subreq == NULL) {
1003 TALLOC_FREE(client);
1004 return NT_STATUS_NO_MEMORY;
1006 tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
1007 client->connection_pass_subreq = subreq;
1009 subreq = messaging_filtered_read_send(client,
1012 smbXsrv_client_connection_drop_filter,
1014 if (subreq == NULL) {
1015 TALLOC_FREE(client);
1016 return NT_STATUS_NO_MEMORY;
1018 tevent_req_set_callback(subreq, smbXsrv_client_connection_drop_loop, client);
1019 client->connection_drop_subreq = subreq;
1022 return NT_STATUS_OK;
1025 static NTSTATUS smb2srv_client_connection_passed(struct smbXsrv_client *client,
1026 const struct smbXsrv_connection_pass0 *recv_info0)
1029 enum ndr_err_code ndr_err;
1031 struct smbXsrv_connection_pass0 passed_info0;
1032 struct smbXsrv_connection_passB passed_blob;
1036 * We echo back the message with a cleared negotiate_request
1038 passed_info0 = *recv_info0;
1039 passed_info0.negotiate_request = data_blob_null;
1041 ZERO_STRUCT(passed_blob);
1042 passed_blob.version = smbXsrv_version_global_current();
1043 passed_blob.info.info0 = &passed_info0;
1045 if (DEBUGLVL(DBGLVL_DEBUG)) {
1046 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
1049 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &passed_blob,
1050 (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_passB);
1051 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1052 status = ndr_map_error2ntstatus(ndr_err);
1056 iov.iov_base = blob.data;
1057 iov.iov_len = blob.length;
1059 status = messaging_send_iov(client->msg_ctx,
1060 recv_info0->src_server_id,
1061 MSG_SMBXSRV_CONNECTION_PASSED,
1064 data_blob_free(&blob);
1065 if (!NT_STATUS_IS_OK(status)) {
1069 return NT_STATUS_OK;
1072 static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data)
1074 if (rec->msg_type != MSG_SMBXSRV_CONNECTION_PASS) {
1078 if (rec->num_fds != 1) {
1085 static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq)
1087 struct smbXsrv_client *client =
1088 tevent_req_callback_data(subreq,
1089 struct smbXsrv_client);
1090 struct smbXsrv_connection *xconn = NULL;
1092 struct messaging_rec *rec = NULL;
1093 struct smbXsrv_connection_passB pass_blob;
1094 enum ndr_err_code ndr_err;
1095 struct smbXsrv_connection_pass0 *pass_info0 = NULL;
1100 client->connection_pass_subreq = NULL;
1102 ret = messaging_filtered_read_recv(subreq, talloc_tos(), &rec);
1103 TALLOC_FREE(subreq);
1108 if (rec->num_fds != 1) {
1109 DBG_ERR("MSG_SMBXSRV_CONNECTION_PASS: num_fds[%u]\n",
1114 sock_fd = rec->fds[0];
1115 DBG_DEBUG("MSG_SMBXSRV_CONNECTION_PASS: got sock_fd[%d]\n", sock_fd);
1117 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &pass_blob,
1118 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_passB);
1119 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1120 status = ndr_map_error2ntstatus(ndr_err);
1121 DBG_WARNING("ndr_pull_struct_blob - %s\n", nt_errstr(status));
1125 if (DEBUGLVL(DBGLVL_DEBUG)) {
1126 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1129 if (pass_blob.version != SMBXSRV_VERSION_0) {
1130 DBG_ERR("ignore invalid version %u\n", pass_blob.version);
1131 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1135 pass_info0 = pass_blob.info.info0;
1136 if (pass_info0 == NULL) {
1137 DBG_ERR("ignore NULL info %u\n", pass_blob.version);
1138 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1142 if (!GUID_equal(&client->global->client_guid, &pass_info0->client_guid))
1144 struct GUID_txt_buf buf1, buf2;
1146 DBG_WARNING("client's client_guid [%s] != passed guid [%s]\n",
1147 GUID_buf_string(&client->global->client_guid,
1149 GUID_buf_string(&pass_info0->client_guid,
1151 if (DEBUGLVL(DBGLVL_WARNING)) {
1152 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1157 if (client->global->initial_connect_time !=
1158 pass_info0->client_connect_time)
1160 DBG_WARNING("client's initial connect time [%s] (%llu) != "
1161 "passed initial connect time [%s] (%llu)\n",
1162 nt_time_string(talloc_tos(),
1163 client->global->initial_connect_time),
1164 (unsigned long long)client->global->initial_connect_time,
1165 nt_time_string(talloc_tos(),
1166 pass_info0->client_connect_time),
1167 (unsigned long long)pass_info0->client_connect_time);
1168 if (DEBUGLVL(DBGLVL_WARNING)) {
1169 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1174 if (pass_info0->negotiate_request.length < SMB2_HDR_BODY) {
1175 DBG_WARNING("negotiate_request.length[%zu]\n",
1176 pass_info0->negotiate_request.length);
1177 if (DEBUGLVL(DBGLVL_WARNING)) {
1178 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1183 status = smb2srv_client_connection_passed(client, pass_info0);
1184 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1186 * We hit a race where, the client dropped the connection
1187 * while the socket was passed to us and the origin
1188 * process already existed.
1190 DBG_DEBUG("smb2srv_client_connection_passed() ignore %s\n",
1192 status = NT_STATUS_OK;
1194 if (!NT_STATUS_IS_OK(status)) {
1195 const char *r = "smb2srv_client_connection_passed() failed";
1196 DBG_ERR("%s => %s\n", r, nt_errstr(status));
1197 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1198 exit_server_cleanly(r);
1202 status = smbd_add_connection(client,
1204 pass_info0->xconn_connect_time,
1206 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
1208 smbd_server_connection_terminate(xconn, nt_errstr(status));
1210 if (!NT_STATUS_IS_OK(status)) {
1211 DBG_ERR("smbd_add_connection => %s\n", nt_errstr(status));
1212 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1218 * Set seq_low to mid received in negprot
1220 seq_low = BVAL(pass_info0->negotiate_request.data,
1221 SMB2_HDR_MESSAGE_ID);
1223 xconn->smb2.client.guid_verified = true;
1224 smbd_smb2_process_negprot(xconn, seq_low,
1225 pass_info0->negotiate_request.data,
1226 pass_info0->negotiate_request.length);
1232 for (fd_idx = 0; fd_idx < rec->num_fds; fd_idx++) {
1233 sock_fd = rec->fds[fd_idx];
1241 subreq = messaging_filtered_read_send(client,
1244 smbXsrv_client_connection_pass_filter,
1246 if (subreq == NULL) {
1248 r = "messaging_read_send(MSG_SMBXSRV_CONNECTION_PASS failed";
1249 exit_server_cleanly(r);
1252 tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
1253 client->connection_pass_subreq = subreq;
1256 static bool smbXsrv_client_connection_drop_filter(struct messaging_rec *rec, void *private_data)
1258 if (rec->msg_type != MSG_SMBXSRV_CONNECTION_DROP) {
1262 if (rec->num_fds != 0) {
1269 static void smbXsrv_client_connection_drop_loop(struct tevent_req *subreq)
1271 struct smbXsrv_client *client =
1272 tevent_req_callback_data(subreq,
1273 struct smbXsrv_client);
1275 struct messaging_rec *rec = NULL;
1276 struct smbXsrv_connection_dropB drop_blob;
1277 enum ndr_err_code ndr_err;
1278 struct smbXsrv_connection_drop0 *drop_info0 = NULL;
1279 struct server_id_buf src_server_id_buf = {};
1282 client->connection_drop_subreq = NULL;
1284 ret = messaging_filtered_read_recv(subreq, talloc_tos(), &rec);
1285 TALLOC_FREE(subreq);
1290 if (rec->num_fds != 0) {
1291 DBG_ERR("MSG_SMBXSRV_CONNECTION_DROP: num_fds[%u]\n",
1296 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &drop_blob,
1297 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_dropB);
1298 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1299 status = ndr_map_error2ntstatus(ndr_err);
1300 DBG_WARNING("ndr_pull_struct_blob - %s\n", nt_errstr(status));
1304 if (DEBUGLVL(DBGLVL_DEBUG)) {
1305 NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1308 if (drop_blob.version != SMBXSRV_VERSION_0) {
1309 DBG_ERR("ignore invalid version %u\n", drop_blob.version);
1310 NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1314 drop_info0 = drop_blob.info.info0;
1315 if (drop_info0 == NULL) {
1316 DBG_ERR("ignore NULL info %u\n", drop_blob.version);
1317 NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1321 if (!GUID_equal(&client->global->client_guid, &drop_info0->client_guid))
1323 struct GUID_txt_buf buf1, buf2;
1325 DBG_WARNING("client's client_guid [%s] != dropped guid [%s]\n",
1326 GUID_buf_string(&client->global->client_guid,
1328 GUID_buf_string(&drop_info0->client_guid,
1330 if (DEBUGLVL(DBGLVL_WARNING)) {
1331 NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1336 if (client->global->initial_connect_time !=
1337 drop_info0->client_connect_time)
1339 DBG_WARNING("client's initial connect time [%s] (%llu) != "
1340 "dropped initial connect time [%s] (%llu)\n",
1341 nt_time_string(talloc_tos(),
1342 client->global->initial_connect_time),
1343 (unsigned long long)client->global->initial_connect_time,
1344 nt_time_string(talloc_tos(),
1345 drop_info0->client_connect_time),
1346 (unsigned long long)drop_info0->client_connect_time);
1347 if (DEBUGLVL(DBGLVL_WARNING)) {
1348 NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1354 * Disconnect all client connections, which means we will tear down all
1355 * sessions, tcons and non-durable opens. At the end we will remove our
1356 * smbXsrv_client_global.tdb record, which will wake up the watcher on
1357 * the other node in order to let it take over the client.
1359 * The client will have to reopen all sessions, tcons and durable opens.
1361 smbd_server_disconnect_client(client,
1362 server_id_str_buf(drop_info0->src_server_id, &src_server_id_buf));
1370 for (fd_idx = 0; fd_idx < rec->num_fds; fd_idx++) {
1371 sock_fd = rec->fds[fd_idx];
1379 subreq = messaging_filtered_read_send(client,
1382 smbXsrv_client_connection_drop_filter,
1384 if (subreq == NULL) {
1386 r = "messaging_read_send(MSG_SMBXSRV_CONNECTION_DROP failed";
1387 exit_server_cleanly(r);
1390 tevent_req_set_callback(subreq, smbXsrv_client_connection_drop_loop, client);
1391 client->connection_drop_subreq = subreq;
1394 NTSTATUS smbXsrv_client_remove(struct smbXsrv_client *client)
1396 struct smbXsrv_client_table *table = client->table;
1399 if (client->global->db_rec != NULL) {
1400 struct GUID_txt_buf buf;
1401 DBG_ERR("client_guid[%s]: Called with db_rec != NULL'\n",
1402 GUID_buf_string(&client->global->client_guid,
1404 return NT_STATUS_INTERNAL_ERROR;
1407 if (!client->global->stored) {
1408 return NT_STATUS_OK;
1411 TALLOC_FREE(client->connection_pass_subreq);
1412 TALLOC_FREE(client->connection_drop_subreq);
1414 client->global->db_rec = smbXsrv_client_global_fetch_locked(
1415 table->global.db_ctx,
1416 &client->global->client_guid,
1417 client->global /* TALLOC_CTX */);
1418 if (client->global->db_rec == NULL) {
1419 return NT_STATUS_INTERNAL_DB_ERROR;
1422 status = smbXsrv_client_global_remove(client->global);
1423 if (!NT_STATUS_IS_OK(status)) {
1424 struct GUID_txt_buf buf;
1425 DBG_ERR("client_guid[%s] store failed - %s\n",
1426 GUID_buf_string(&client->global->client_guid, &buf),
1431 if (DEBUGLVL(DBGLVL_DEBUG)) {
1432 struct smbXsrv_clientB client_blob = {
1433 .version = SMBXSRV_VERSION_0,
1434 .info.info0 = client,
1436 struct GUID_txt_buf buf;
1438 DBG_DEBUG("client_guid[%s] removed\n",
1439 GUID_buf_string(&client->global->client_guid, &buf));
1440 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
1443 return NT_STATUS_OK;
git.samba.org / samba.git / blob