#include "rpc_server/spoolss/srv_spoolss_nt.h"
#include "libsmb/libsmb.h"
#include "../lib/util/tevent_ntstatus.h"
-
-extern bool global_machine_password_needs_changing;
+#include "../libcli/security/dom_sid.h"
+#include "../libcli/security/security_token.h"
+#include "lib/id_cache.h"
+#include "serverid.h"
+
+/* Internal message queue for deferred opens. */
+struct pending_message_list {
+ struct pending_message_list *next, *prev;
+ struct timeval request_time; /* When was this first issued? */
+ struct smbd_server_connection *sconn;
+ struct timed_event *te;
+ struct smb_perfcount_data pcd;
+ uint32_t seqnum;
+ bool encrypted;
+ bool processed;
+ DATA_BLOB buf;
+ DATA_BLOB private_data;
+};
static void construct_reply_common(struct smb_request *req, const char *inbuf,
char *outbuf);
static struct pending_message_list *get_deferred_open_message_smb(
struct smbd_server_connection *sconn, uint64_t mid);
+static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf);
static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn)
{
return true;
}
- DEBUG(10,("pid[%d] wait for socket lock\n", (int)sys_getpid()));
+ DEBUG(10,("pid[%d] wait for socket lock\n", (int)getpid()));
do {
ok = fcntl_lock(
sconn->smb1.echo_handler.socket_lock_fd,
- SMB_F_SETLKW, 0, 0, F_WRLCK);
+ F_SETLKW, 0, 0, F_WRLCK);
} while (!ok && (errno == EINTR));
if (!ok) {
return false;
}
- DEBUG(10,("pid[%d] got for socket lock\n", (int)sys_getpid()));
+ DEBUG(10,("pid[%d] got for socket lock\n", (int)getpid()));
return true;
}
do {
ok = fcntl_lock(
sconn->smb1.echo_handler.socket_lock_fd,
- SMB_F_SETLKW, 0, 0, F_UNLCK);
+ F_SETLKW, 0, 0, F_UNLCK);
} while (!ok && (errno == EINTR));
if (!ok) {
return false;
}
- DEBUG(10,("pid[%d] unlocked socket\n", (int)sys_getpid()));
+ DEBUG(10,("pid[%d] unlocked socket\n", (int)getpid()));
return true;
}
* client failed.
*/
DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
- (int)sys_getpid(), (int)len,
+ (int)getpid(), (int)len,
get_peer_addr(sconn->sock, addr, sizeof(addr)),
(int)ret, strerror(errno) ));
status = receive_smb_raw_talloc(mem_ctx, sconn, sock, buffer, timeout,
p_unread, &len);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("read_smb_length_return_keepalive failed for "
- "client %s read error = %s.\n",
- tsocket_address_string(sconn->remote_address,
- talloc_tos()),
- nt_errstr(status)));
+ DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
+ ("receive_smb_raw_talloc failed for client %s "
+ "read error = %s.\n",
+ tsocket_address_string(sconn->remote_address,
+ talloc_tos()),
+ nt_errstr(status)) );
return status;
}
size_t unread_bytes, bool encrypted,
uint32_t seqnum)
{
+ struct smbXsrv_tcon *tcon;
+ NTSTATUS status;
+ NTTIME now;
size_t req_size = smb_len(inbuf) + 4;
+
/* Ensure we have at least smb_size bytes. */
if (req_size < smb_size) {
DEBUG(0,("init_smb_request: invalid request size %u\n",
(unsigned int)req_size ));
return false;
}
+
+ req->request_time = timeval_current();
+ now = timeval_to_nttime(&req->request_time);
+
req->cmd = CVAL(inbuf, smb_com);
req->flags2 = SVAL(inbuf, smb_flg2);
req->smbpid = SVAL(inbuf, smb_pid);
req->vuid = SVAL(inbuf, smb_uid);
req->tid = SVAL(inbuf, smb_tid);
req->wct = CVAL(inbuf, smb_wct);
- req->vwv = discard_const_p(uint16_t, (inbuf+smb_vwv));
+ req->vwv = (const uint16_t *)(inbuf+smb_vwv);
req->buflen = smb_buflen(inbuf);
req->buf = (const uint8_t *)smb_buf_const(inbuf);
req->unread_bytes = unread_bytes;
req->encrypted = encrypted;
req->sconn = sconn;
- req->conn = conn_find(sconn,req->tid);
+ status = smb1srv_tcon_lookup(sconn->conn, req->tid, now, &tcon);
+ if (NT_STATUS_IS_OK(status)) {
+ req->conn = tcon->compat;
+ } else {
+ req->conn = NULL;
+ }
req->chain_fsp = NULL;
- req->chain_outbuf = NULL;
- req->done = false;
req->smb2req = NULL;
+ req->priv_paths = NULL;
+ req->chain = NULL;
smb_init_perfcount_data(&req->pcd);
/* Ensure we have at least wct words and 2 bytes of bcc. */
{
struct pending_message_list *msg = talloc_get_type(private_data,
struct pending_message_list);
+ struct smbd_server_connection *sconn = msg->sconn;
TALLOC_CTX *mem_ctx = talloc_tos();
uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
uint8_t *inbuf;
* re-processed in error. */
msg->processed = true;
- process_smb(smbd_server_conn, inbuf,
+ process_smb(sconn, inbuf,
msg->buf.length, 0,
msg->seqnum, msg->encrypted, &msg->pcd);
/* If it's still there and was processed, remove it. */
- msg = get_deferred_open_message_smb(smbd_server_conn, mid);
+ msg = get_deferred_open_message_smb(sconn, mid);
if (msg && msg->processed) {
- remove_deferred_open_message_smb(smbd_server_conn, mid);
+ remove_deferred_open_message_smb(sconn, mid);
}
}
DEBUG(0,("push_message: malloc fail (1)\n"));
return False;
}
+ msg->sconn = req->sconn;
msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
if(msg->buf.data == NULL) {
}
}
- msg->te = event_add_timed(server_event_context(),
- msg,
- end_time,
- smbd_deferred_open_timer,
- msg);
+ msg->te = tevent_add_timer(msg->sconn->ev_ctx,
+ msg,
+ end_time,
+ smbd_deferred_open_timer,
+ msg);
if (!msg->te) {
DEBUG(0,("push_message: event_add_timed failed\n"));
TALLOC_FREE(msg);
schedule it for immediate processing.
****************************************************************************/
-void schedule_deferred_open_message_smb(struct smbd_server_connection *sconn,
+bool schedule_deferred_open_message_smb(struct smbd_server_connection *sconn,
uint64_t mid)
{
struct pending_message_list *pml;
int i = 0;
if (sconn->using_smb2) {
- schedule_deferred_open_message_smb2(sconn, mid);
- return;
+ return schedule_deferred_open_message_smb2(sconn, mid);
}
for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
"scheduling mid %llu\n",
(unsigned long long)mid ));
- te = event_add_timed(server_event_context(),
- pml,
- timeval_zero(),
- smbd_deferred_open_timer,
- pml);
+ te = tevent_add_timer(pml->sconn->ev_ctx,
+ pml,
+ timeval_zero(),
+ smbd_deferred_open_timer,
+ pml);
if (!te) {
DEBUG(10,("schedule_deferred_open_message_smb: "
"event_add_timed() failed, "
TALLOC_FREE(pml->te);
pml->te = te;
DLIST_PROMOTE(sconn->deferred_open_queue, pml);
- return;
+ return true;
}
}
DEBUG(10,("schedule_deferred_open_message_smb: failed to "
"find message mid %llu\n",
(unsigned long long)mid ));
+
+ return false;
}
/****************************************************************************
{
struct pending_message_list *pml;
- if (smbd_server_conn->using_smb2) {
+ if (smbreq->sconn->using_smb2) {
return get_deferred_open_message_state_smb2(smbreq->smb2req,
p_request_time,
pp_state);
exit_server_cleanly("termination signal");
}
-void smbd_setup_sig_term_handler(void)
+void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
{
struct tevent_signal *se;
- se = tevent_add_signal(server_event_context(),
- server_event_context(),
+ se = tevent_add_signal(sconn->ev_ctx,
+ sconn,
SIGTERM, 0,
smbd_sig_term_handler,
- NULL);
+ sconn);
if (!se) {
exit_server("failed to setup SIGTERM handler");
}
void *siginfo,
void *private_data)
{
- struct messaging_context *msg_ctx = talloc_get_type_abort(
- private_data, struct messaging_context);
+ struct smbd_server_connection *sconn =
+ talloc_get_type_abort(private_data,
+ struct smbd_server_connection);
+
change_to_root_user();
DEBUG(1,("Reloading services after SIGHUP\n"));
- reload_services(msg_ctx, smbd_server_conn->sock, False);
- if (am_parent) {
- printing_subsystem_update(ev, msg_ctx, true);
- }
+ reload_services(sconn, conn_snum_used, false);
}
-void smbd_setup_sig_hup_handler(struct tevent_context *ev,
- struct messaging_context *msg_ctx)
+void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
{
struct tevent_signal *se;
- se = tevent_add_signal(ev, ev, SIGHUP, 0, smbd_sig_hup_handler,
- msg_ctx);
+ se = tevent_add_signal(sconn->ev_ctx,
+ sconn,
+ SIGHUP, 0,
+ smbd_sig_hup_handler,
+ sconn);
if (!se) {
exit_server("failed to setup SIGHUP handler");
}
}
-static NTSTATUS smbd_server_connection_loop_once(struct tevent_context *ev_ctx,
- struct smbd_server_connection *conn)
+static void smbd_conf_updated(struct messaging_context *msg,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data)
{
- int timeout;
- int num_pfds = 0;
- int ret;
- bool retry;
-
- timeout = SMBD_SELECT_TIMEOUT * 1000;
-
- /*
- * Are there any timed events waiting ? If so, ensure we don't
- * select for longer than it would take to wait for them.
- */
-
- event_add_to_poll_args(ev_ctx, conn, &conn->pfds, &num_pfds, &timeout);
-
- /* Process a signal and timed events now... */
- if (run_events_poll(ev_ctx, 0, NULL, 0)) {
- return NT_STATUS_RETRY;
- }
-
- {
- int sav;
- START_PROFILE(smbd_idle);
-
- ret = sys_poll(conn->pfds, num_pfds, timeout);
- sav = errno;
-
- END_PROFILE(smbd_idle);
- errno = sav;
- }
-
- if (ret == -1) {
- if (errno == EINTR) {
- return NT_STATUS_RETRY;
- }
- return map_nt_error_from_unix(errno);
- }
-
- retry = run_events_poll(ev_ctx, ret, conn->pfds, num_pfds);
- if (retry) {
- return NT_STATUS_RETRY;
- }
-
- /* Did we timeout ? */
- if (ret == 0) {
- return NT_STATUS_RETRY;
- }
+ struct smbd_server_connection *sconn =
+ talloc_get_type_abort(private_data,
+ struct smbd_server_connection);
- /* should not be reached */
- return NT_STATUS_INTERNAL_ERROR;
+ DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
+ "updated. Reloading.\n"));
+ change_to_root_user();
+ reload_services(sconn, conn_snum_used, false);
}
/*
Dump a packet to a file.
********************************************************************/
-static void smb_dump(const char *name, int type, const char *data, ssize_t len)
+static void smb_dump(const char *name, int type, const char *data)
{
+ size_t len;
int fd, i;
char *fname = NULL;
if (DEBUGLEVEL < 50) {
return;
}
- if (len < 4) len = smb_len(data)+4;
+ len = smb_len_tcp(data)+4;
for (i=1;i<100;i++) {
- if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
- type ? "req" : "resp") == -1) {
+ fname = talloc_asprintf(talloc_tos(),
+ "/tmp/%s.%d.%s",
+ name,
+ i,
+ type ? "req" : "resp");
+ if (fname == NULL) {
return;
}
fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
if (fd != -1 || errno != EEXIST) break;
+ TALLOC_FREE(fname);
}
if (fd != -1) {
ssize_t ret = write(fd, data, len);
close(fd);
DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
}
- SAFE_FREE(fname);
+ TALLOC_FREE(fname);
}
/****************************************************************************
find.
****************************************************************************/
-static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
+static connection_struct *switch_message(uint8 type, struct smb_request *req)
{
int flags;
- uint16 session_tag;
+ uint64_t session_tag;
connection_struct *conn = NULL;
struct smbd_server_connection *sconn = req->sconn;
- char *raddr;
+ NTTIME now = timeval_to_nttime(&req->request_time);
+ struct smbXsrv_session *session = NULL;
+ NTSTATUS status;
errno = 0;
- /* Make sure this is an SMB packet. smb_size contains NetBIOS header
- * so subtract 4 from it. */
- if (!valid_smb_header(sconn, req->inbuf)
- || (size < (smb_size - 4))) {
- DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
- smb_len(req->inbuf)));
- exit_server_cleanly("Non-SMB packet");
- }
-
if (smb_messages[type].fn == NULL) {
DEBUG(0,("Unknown message type %d!\n",type));
- smb_dump("Unknown", 1, (const char *)req->inbuf, size);
+ smb_dump("Unknown", 1, (const char *)req->inbuf);
reply_unknown_new(req, type);
return NULL;
}
flags = smb_messages[type].flags;
/* In share mode security we must ignore the vuid. */
- session_tag = (lp_security() == SEC_SHARE)
- ? UID_FIELD_INVALID : req->vuid;
+ session_tag = req->vuid;
conn = req->conn;
DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
- (int)sys_getpid(), (unsigned long)conn));
+ (int)getpid(), (unsigned long)conn));
- smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf, size);
+ smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf);
/* Ensure this value is replaced in the incoming packet. */
SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
* JRA.
*/
+ /*
+ * lookup an existing session
+ *
+ * Note: for now we only check for NT_STATUS_NETWORK_SESSION_EXPIRED
+ * here, the main check is still in change_to_user()
+ */
+ status = smb1srv_session_lookup(sconn->conn,
+ session_tag,
+ now,
+ &session);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+ switch (type) {
+ case SMBsesssetupX:
+ status = NT_STATUS_OK;
+ break;
+ default:
+ DEBUG(1,("Error: session %llu is expired, mid=%llu.\n",
+ (unsigned long long)session_tag,
+ (unsigned long long)req->mid));
+ reply_nterror(req, NT_STATUS_NETWORK_SESSION_EXPIRED);
+ return conn;
+ }
+ }
+
if (session_tag != sconn->smb1.sessions.last_session_tag) {
- user_struct *vuser = NULL;
+ struct user_struct *vuser = NULL;
sconn->smb1.sessions.last_session_tag = session_tag;
- if(session_tag != UID_FIELD_INVALID) {
- vuser = get_valid_user_struct(sconn, session_tag);
- if (vuser) {
- set_current_user_info(
- vuser->session_info->unix_info->sanitized_username,
- vuser->session_info->unix_info->unix_name,
- vuser->session_info->info->domain_name);
- }
+ if (session) {
+ vuser = session->compat;
+ }
+ if (vuser) {
+ set_current_user_info(
+ vuser->session_info->unix_info->sanitized_username,
+ vuser->session_info->unix_info->unix_name,
+ vuser->session_info->info->domain_name);
}
}
conn->num_smb_operations++;
}
- raddr = tsocket_address_inet_addr_string(sconn->remote_address,
- talloc_tos());
- if (raddr == NULL) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- return conn;
- }
+ /*
+ * Does this protocol need to be run as guest? (Only archane
+ * messenger service requests have this...)
+ */
+ if (flags & AS_GUEST) {
+ char *raddr;
+ bool ok;
- /* does this protocol need to be run as guest? */
- if ((flags & AS_GUEST)
- && (!change_to_guest() ||
- !allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
- sconn->remote_hostname,
- raddr))) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
- return conn;
+ if (!change_to_guest()) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return conn;
+ }
+
+ raddr = tsocket_address_inet_addr_string(sconn->remote_address,
+ talloc_tos());
+ if (raddr == NULL) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return conn;
+ }
+
+ /*
+ * Haven't we checked this in smbd_process already???
+ */
+
+ ok = allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
+ sconn->remote_hostname, raddr);
+ TALLOC_FREE(raddr);
+
+ if (!ok) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return conn;
+ }
}
smb_messages[type].fn(req);
SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
}
- conn = switch_message(req->cmd, req, size);
-
- if (req->unread_bytes) {
- /* writeX failed. drain socket. */
- if (drain_socket(req->sconn->sock, req->unread_bytes) !=
- req->unread_bytes) {
- smb_panic("failed to drain pending bytes");
- }
- req->unread_bytes = 0;
- }
-
- if (req->done) {
- TALLOC_FREE(req);
- return;
- }
+ conn = switch_message(req->cmd, req);
if (req->outbuf == NULL) {
return;
return;
}
+static void construct_reply_chain(struct smbd_server_connection *sconn,
+ char *inbuf, int size, uint32_t seqnum,
+ bool encrypted,
+ struct smb_perfcount_data *deferred_pcd)
+{
+ struct smb_request **reqs = NULL;
+ struct smb_request *req;
+ unsigned num_reqs;
+ bool ok;
+
+ ok = smb1_parse_chain(talloc_tos(), (uint8_t *)inbuf, sconn, encrypted,
+ seqnum, &reqs, &num_reqs);
+ if (!ok) {
+ char errbuf[smb_size];
+ error_packet(errbuf, 0, 0, NT_STATUS_INVALID_PARAMETER,
+ __LINE__, __FILE__);
+ if (!srv_send_smb(sconn, errbuf, true, seqnum, encrypted,
+ NULL)) {
+ exit_server_cleanly("construct_reply_chain: "
+ "srv_send_smb failed.");
+ }
+ return;
+ }
+
+ req = reqs[0];
+ req->inbuf = (uint8_t *)talloc_move(reqs, &inbuf);
+
+ req->conn = switch_message(req->cmd, req);
+
+ if (req->outbuf == NULL) {
+ /*
+ * Request has suspended itself, will come
+ * back here.
+ */
+ return;
+ }
+ smb_request_done(req);
+}
+
+/*
+ * To be called from an async SMB handler that is potentially chained
+ * when it is finished for shipping.
+ */
+
+void smb_request_done(struct smb_request *req)
+{
+ struct smb_request **reqs = NULL;
+ struct smb_request *first_req;
+ size_t i, num_reqs, next_index;
+ NTSTATUS status;
+
+ if (req->chain == NULL) {
+ first_req = req;
+ goto shipit;
+ }
+
+ reqs = req->chain;
+ num_reqs = talloc_array_length(reqs);
+
+ for (i=0; i<num_reqs; i++) {
+ if (reqs[i] == req) {
+ break;
+ }
+ }
+ if (i == num_reqs) {
+ /*
+ * Invalid chain, should not happen
+ */
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto error;
+ }
+ next_index = i+1;
+
+ while ((next_index < num_reqs) && (IVAL(req->outbuf, smb_rcls) == 0)) {
+ struct smb_request *next = reqs[next_index];
+ struct smbXsrv_tcon *tcon;
+ NTTIME now = timeval_to_nttime(&req->request_time);
+
+ next->vuid = SVAL(req->outbuf, smb_uid);
+ next->tid = SVAL(req->outbuf, smb_tid);
+ status = smb1srv_tcon_lookup(req->sconn->conn, req->tid,
+ now, &tcon);
+ if (NT_STATUS_IS_OK(status)) {
+ req->conn = tcon->compat;
+ } else {
+ req->conn = NULL;
+ }
+ next->chain_fsp = req->chain_fsp;
+ next->inbuf = (uint8_t *)req->inbuf;
+
+ req = next;
+ req->conn = switch_message(req->cmd, req);
+
+ if (req->outbuf == NULL) {
+ /*
+ * Request has suspended itself, will come
+ * back here.
+ */
+ return;
+ }
+ next_index += 1;
+ }
+
+ first_req = reqs[0];
+
+ for (i=1; i<next_index; i++) {
+ bool ok;
+
+ ok = smb_splice_chain(&first_req->outbuf, reqs[i]->outbuf);
+ if (!ok) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto error;
+ }
+ }
+
+ SSVAL(first_req->outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
+ SSVAL(first_req->outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
+
+ /*
+ * This scary statement intends to set the
+ * FLAGS2_32_BIT_ERROR_CODES flg2 field in first_req->outbuf
+ * to the value last_req->outbuf carries
+ */
+ SSVAL(first_req->outbuf, smb_flg2,
+ (SVAL(first_req->outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
+ |(SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
+
+ /*
+ * Transfer the error codes from the subrequest to the main one
+ */
+ SSVAL(first_req->outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
+ SSVAL(first_req->outbuf, smb_err, SVAL(req->outbuf, smb_err));
+
+ _smb_setlen_large(
+ first_req->outbuf, talloc_get_size(first_req->outbuf) - 4);
+
+shipit:
+ if (!srv_send_smb(first_req->sconn,
+ (char *)first_req->outbuf,
+ true, first_req->seqnum+1,
+ IS_CONN_ENCRYPTED(req->conn)||first_req->encrypted,
+ &first_req->pcd)) {
+ exit_server_cleanly("construct_reply_chain: srv_send_smb "
+ "failed.");
+ }
+ TALLOC_FREE(req); /* non-chained case */
+ TALLOC_FREE(reqs); /* chained case */
+ return;
+
+error:
+ {
+ char errbuf[smb_size];
+ error_packet(errbuf, 0, 0, status, __LINE__, __FILE__);
+ if (!srv_send_smb(req->sconn, errbuf, true,
+ req->seqnum+1, req->encrypted,
+ NULL)) {
+ exit_server_cleanly("construct_reply_chain: "
+ "srv_send_smb failed.");
+ }
+ }
+ TALLOC_FREE(req); /* non-chained case */
+ TALLOC_FREE(reqs); /* chained case */
+}
+
/****************************************************************************
Process an smb from the client
****************************************************************************/
}
}
+ /* Make sure this is an SMB packet. smb_size contains NetBIOS header
+ * so subtract 4 from it. */
+ if ((nread < (smb_size - 4)) || !valid_smb_header(sconn, inbuf)) {
+ DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
+ smb_len(inbuf)));
+
+ /* special magic for immediate exit */
+ if ((nread == 9) &&
+ (IVAL(inbuf, 4) == 0x74697865) &&
+ lp_parm_bool(-1, "smbd", "suicide mode", false)) {
+ uint8_t exitcode = CVAL(inbuf, 8);
+ DEBUG(1, ("Exiting immediately with code %d\n",
+ (int)exitcode));
+ exit(exitcode);
+ }
+
+ exit_server_cleanly("Non-SMB packet");
+ }
+
show_msg((char *)inbuf);
- construct_reply(sconn, (char *)inbuf, nread, unread_bytes, seqnum,
- encrypted, deferred_pcd);
+ if ((unread_bytes == 0) && smb1_is_chain(inbuf)) {
+ construct_reply_chain(sconn, (char *)inbuf, nread,
+ seqnum, encrypted, deferred_pcd);
+ } else {
+ construct_reply(sconn, (char *)inbuf, nread, unread_bytes,
+ seqnum, encrypted, deferred_pcd);
+ }
+
sconn->trans_num++;
done:
static void construct_reply_common(struct smb_request *req, const char *inbuf,
char *outbuf)
{
+ uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
+ uint16_t out_flags2 = common_flags2;
+
+ out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
+ out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
+ out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
+
srv_set_message(outbuf,0,0,false);
SCVAL(outbuf, smb_com, req->cmd);
SIVAL(outbuf,smb_rcls,0);
SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
- SSVAL(outbuf,smb_flg2,
- (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
- common_flags2);
+ SSVAL(outbuf,smb_flg2, out_flags2);
memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
+ memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
construct_reply_common(req, (const char *)req->inbuf, outbuf);
}
-/*
- * How many bytes have we already accumulated up to the current wct field
- * offset?
- */
-
-size_t req_wct_ofs(struct smb_request *req)
-{
- size_t buf_size;
-
- if (req->chain_outbuf == NULL) {
- return smb_wct - 4;
- }
- buf_size = talloc_get_size(req->chain_outbuf);
- if ((buf_size % 4) != 0) {
- buf_size += (4 - (buf_size % 4));
- }
- return buf_size - 4;
-}
-
-/*
- * Hack around reply_nterror & friends not being aware of chained requests,
- * generating illegal (i.e. wct==0) chain replies.
- */
-
-static void fixup_chain_error_packet(struct smb_request *req)
-{
- uint8_t *outbuf = req->outbuf;
- req->outbuf = NULL;
- reply_outbuf(req, 2, 0);
- memcpy(req->outbuf, outbuf, smb_wct);
- TALLOC_FREE(outbuf);
- SCVAL(req->outbuf, smb_vwv0, 0xff);
-}
-
/**
* @brief Find the smb_cmd offset of the last command pushed
* @param[in] buf The buffer we're building up
cmd = CVAL(buf, smb_com);
- SMB_ASSERT(is_andx_req(cmd));
+ if (!is_andx_req(cmd)) {
+ return false;
+ }
ofs = smb_vwv0;
*/
ofs = SVAL(buf, ofs+2) + 4 + 1;
- SMB_ASSERT(ofs+4 < talloc_get_size(buf));
+ if (ofs+4 >= talloc_get_size(buf)) {
+ return false;
+ }
}
*pofs = ofs;
/**
* @brief Do the smb chaining at a buffer level
* @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
- * @param[in] smb_command The command that we want to issue
- * @param[in] wct How many words?
- * @param[in] vwv The words, already in network order
- * @param[in] bytes_alignment How shall we align "bytes"?
- * @param[in] num_bytes How many bytes?
- * @param[in] bytes The data the request ships
- *
- * smb_splice_chain() adds the vwv and bytes to the request already present in
- * *poutbuf.
+ * @param[in] andx_buf Buffer to be appended
*/
-static bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
- uint8_t wct, const uint16_t *vwv,
- size_t bytes_alignment,
- uint32_t num_bytes, const uint8_t *bytes)
+static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
{
+ uint8_t smb_command = CVAL(andx_buf, smb_com);
+ uint8_t wct = CVAL(andx_buf, smb_wct);
+ const uint16_t *vwv = (const uint16_t *)(andx_buf + smb_vwv);
+ uint32_t num_bytes = smb_buflen(andx_buf);
+ const uint8_t *bytes = (const uint8_t *)smb_buf_const(andx_buf);
+
uint8_t *outbuf;
size_t old_size, new_size;
size_t ofs;
size_t chain_padding = 0;
- size_t bytes_padding = 0;
- bool first_request;
-
- old_size = talloc_get_size(*poutbuf);
+ size_t andx_cmd_ofs;
- /*
- * old_size == smb_wct means we're pushing the first request in for
- * libsmb/
- */
- first_request = (old_size == smb_wct);
+ old_size = talloc_get_size(*poutbuf);
- if (!first_request && ((old_size % 4) != 0)) {
+ if ((old_size % 4) != 0) {
/*
* Align the wct field of subsequent requests to a 4-byte
* boundary
/*
* After the old request comes the new wct field (1 byte), the vwv's
- * and the num_bytes field. After at we might need to align the bytes
- * given to us to "bytes_alignment", increasing the num_bytes value.
+ * and the num_bytes field.
*/
new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
-
- if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
- bytes_padding = bytes_alignment - (new_size % bytes_alignment);
- }
-
- new_size += bytes_padding + num_bytes;
+ new_size += num_bytes;
if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
- DEBUG(1, ("splice_chain: %u bytes won't fit\n",
+ DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
(unsigned)new_size));
return false;
}
}
*poutbuf = outbuf;
- if (first_request) {
- SCVAL(outbuf, smb_com, smb_command);
- } else {
- size_t andx_cmd_ofs;
-
- if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
- DEBUG(1, ("invalid command chain\n"));
- *poutbuf = talloc_realloc(
- NULL, *poutbuf, uint8_t, old_size);
- return false;
- }
-
- if (chain_padding != 0) {
- memset(outbuf + old_size, 0, chain_padding);
- old_size += chain_padding;
- }
+ if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
+ DEBUG(1, ("invalid command chain\n"));
+ *poutbuf = talloc_realloc(NULL, *poutbuf, uint8_t, old_size);
+ return false;
+ }
- SCVAL(outbuf, andx_cmd_ofs, smb_command);
- SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
+ if (chain_padding != 0) {
+ memset(outbuf + old_size, 0, chain_padding);
+ old_size += chain_padding;
}
+ SCVAL(outbuf, andx_cmd_ofs, smb_command);
+ SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
+
ofs = old_size;
/*
*/
memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
- ofs += sizeof(uint16_t) * wct;
/*
- * bcc (byte count)
+ * HACK ALERT
+ *
+ * Read&X has an offset into its data buffer at
+ * vwv[6]. reply_read_andx has no idea anymore that it's
+ * running from within a chain, so we have to fix up the
+ * offset here.
+ *
+ * Although it looks disgusting at this place, I want to keep
+ * it here. The alternative would be to push knowledge about
+ * the andx chain down into read&x again.
*/
- SSVAL(outbuf, ofs, num_bytes + bytes_padding);
- ofs += sizeof(uint16_t);
+ if (smb_command == SMBreadX) {
+ uint8_t *bytes_addr;
+
+ if (wct < 7) {
+ /*
+ * Invalid read&x response
+ */
+ return false;
+ }
+
+ bytes_addr = outbuf + ofs /* vwv start */
+ + sizeof(uint16_t) * wct /* vwv array */
+ + sizeof(uint16_t); /* bcc */
+
+ SSVAL(outbuf + ofs, 6 * sizeof(uint16_t),
+ bytes_addr - outbuf - 4);
+ }
+
+ ofs += sizeof(uint16_t) * wct;
/*
- * padding
+ * bcc (byte count)
*/
- if (bytes_padding != 0) {
- memset(outbuf + ofs, 0, bytes_padding);
- ofs += bytes_padding;
- }
+ SSVAL(outbuf, ofs, num_bytes);
+ ofs += sizeof(uint16_t);
/*
* The bytes field
return true;
}
-/****************************************************************************
- Construct a chained reply and add it to the already made reply
-****************************************************************************/
-
-void chain_reply(struct smb_request *req)
+bool smb1_is_chain(const uint8_t *buf)
{
- size_t smblen = smb_len(req->inbuf);
- size_t already_used, length_needed;
- uint8_t chain_cmd;
- uint32_t chain_offset; /* uint32_t to avoid overflow */
+ uint8_t cmd, wct, andx_cmd;
+
+ cmd = CVAL(buf, smb_com);
+ if (!is_andx_req(cmd)) {
+ return false;
+ }
+ wct = CVAL(buf, smb_wct);
+ if (wct < 2) {
+ return false;
+ }
+ andx_cmd = CVAL(buf, smb_vwv);
+ return (andx_cmd != 0xFF);
+}
+bool smb1_walk_chain(const uint8_t *buf,
+ bool (*fn)(uint8_t cmd,
+ uint8_t wct, const uint16_t *vwv,
+ uint16_t num_bytes, const uint8_t *bytes,
+ void *private_data),
+ void *private_data)
+{
+ size_t smblen = smb_len(buf);
+ const char *smb_buf = smb_base(buf);
+ uint8_t cmd, chain_cmd;
uint8_t wct;
const uint16_t *vwv;
- uint16_t buflen;
- const uint8_t *buf;
+ uint16_t num_bytes;
+ const uint8_t *bytes;
- if (IVAL(req->outbuf, smb_rcls) != 0) {
- fixup_chain_error_packet(req);
- }
+ cmd = CVAL(buf, smb_com);
+ wct = CVAL(buf, smb_wct);
+ vwv = (const uint16_t *)(buf + smb_vwv);
+ num_bytes = smb_buflen(buf);
+ bytes = (uint8_t *)smb_buf_const(buf);
- /*
- * Any of the AndX requests and replies have at least a wct of
- * 2. vwv[0] is the next command, vwv[1] is the offset from the
- * beginning of the SMB header to the next wct field.
- *
- * None of the AndX requests put anything valuable in vwv[0] and [1],
- * so we can overwrite it here to form the chain.
- */
+ if (!fn(cmd, wct, vwv, num_bytes, bytes, private_data)) {
+ return false;
+ }
- if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
- if (req->chain_outbuf == NULL) {
- req->chain_outbuf = talloc_realloc(
- req, req->outbuf, uint8_t,
- smb_len(req->outbuf) + 4);
- if (req->chain_outbuf == NULL) {
- smb_panic("talloc failed");
- }
- }
- req->outbuf = NULL;
- goto error;
+ if (!is_andx_req(cmd)) {
+ return true;
+ }
+ if (wct < 2) {
+ return false;
}
- /*
- * Here we assume that this is the end of the chain. For that we need
- * to set "next command" to 0xff and the offset to 0. If we later find
- * more commands in the chain, this will be overwritten again.
- */
+ chain_cmd = CVAL(vwv, 0);
- SCVAL(req->outbuf, smb_vwv0, 0xff);
- SCVAL(req->outbuf, smb_vwv0+1, 0);
- SSVAL(req->outbuf, smb_vwv1, 0);
+ while (chain_cmd != 0xff) {
+ uint32_t chain_offset; /* uint32_t to avoid overflow */
+ size_t length_needed;
+ ptrdiff_t vwv_offset;
+
+ chain_offset = SVAL(vwv+1, 0);
- if (req->chain_outbuf == NULL) {
/*
- * In req->chain_outbuf we collect all the replies. Start the
- * chain by copying in the first reply.
- *
- * We do the realloc because later on we depend on
- * talloc_get_size to determine the length of
- * chain_outbuf. The reply_xxx routines might have
- * over-allocated (reply_pipe_read_and_X used to be such an
- * example).
+ * Check if the client tries to fool us. The chain
+ * offset needs to point beyond the current request in
+ * the chain, it needs to strictly grow. Otherwise we
+ * might be tricked into an endless loop always
+ * processing the same request over and over again. We
+ * used to assume that vwv and the byte buffer array
+ * in a chain are always attached, but OS/2 the
+ * Write&X/Read&X chain puts the Read&X vwv array
+ * right behind the Write&X vwv chain. The Write&X bcc
+ * array is put behind the Read&X vwv array. So now we
+ * check whether the chain offset points strictly
+ * behind the previous vwv array. req->buf points
+ * right after the vwv array of the previous
+ * request. See
+ * https://bugzilla.samba.org/show_bug.cgi?id=8360 for
+ * more information.
+ */
+
+ vwv_offset = ((const char *)vwv - smb_buf);
+ if (chain_offset <= vwv_offset) {
+ return false;
+ }
+
+ /*
+ * Next check: Make sure the chain offset does not
+ * point beyond the overall smb request length.
*/
- req->chain_outbuf = talloc_realloc(
- req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
- if (req->chain_outbuf == NULL) {
- smb_panic("talloc failed");
+
+ length_needed = chain_offset+1; /* wct */
+ if (length_needed > smblen) {
+ return false;
}
- req->outbuf = NULL;
- } else {
+
/*
- * Update smb headers where subsequent chained commands
- * may have updated them.
+ * Now comes the pointer magic. Goal here is to set up
+ * vwv and buf correctly again. The chain offset (the
+ * former vwv[1]) points at the new wct field.
*/
- SSVAL(req->chain_outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
- SSVAL(req->chain_outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
-
- if (!smb_splice_chain(&req->chain_outbuf,
- CVAL(req->outbuf, smb_com),
- CVAL(req->outbuf, smb_wct),
- (uint16_t *)(req->outbuf + smb_vwv),
- 0, smb_buflen(req->outbuf),
- (uint8_t *)smb_buf(req->outbuf))) {
- goto error;
+
+ wct = CVAL(smb_buf, chain_offset);
+
+ if (is_andx_req(chain_cmd) && (wct < 2)) {
+ return false;
}
- TALLOC_FREE(req->outbuf);
- }
- /*
- * We use the old request's vwv field to grab the next chained command
- * and offset into the chained fields.
- */
+ /*
+ * Next consistency check: Make the new vwv array fits
+ * in the overall smb request.
+ */
- chain_cmd = CVAL(req->vwv+0, 0);
- chain_offset = SVAL(req->vwv+1, 0);
+ length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
+ if (length_needed > smblen) {
+ return false;
+ }
+ vwv = (const uint16_t *)(smb_buf + chain_offset + 1);
- if (chain_cmd == 0xff) {
/*
- * End of chain, no more requests from the client. So ship the
- * replies.
+ * Now grab the new byte buffer....
*/
- smb_setlen((char *)(req->chain_outbuf),
- talloc_get_size(req->chain_outbuf) - 4);
-
- if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
- true, req->seqnum+1,
- IS_CONN_ENCRYPTED(req->conn)
- ||req->encrypted,
- &req->pcd)) {
- exit_server_cleanly("chain_reply: srv_send_smb "
- "failed.");
- }
- TALLOC_FREE(req->chain_outbuf);
- req->done = true;
- return;
- }
- /* add a new perfcounter for this element of chain */
- SMB_PERFCOUNT_ADD(&req->pcd);
- SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd);
- SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen);
+ num_bytes = SVAL(vwv+wct, 0);
- /*
- * Check if the client tries to fool us. The chain offset
- * needs to point beyond the current request in the chain, it
- * needs to strictly grow. Otherwise we might be tricked into
- * an endless loop always processing the same request over and
- * over again. We used to assume that vwv and the byte buffer
- * array in a chain are always attached, but OS/2 the
- * Write&X/Read&X chain puts the Read&X vwv array right behind
- * the Write&X vwv chain. The Write&X bcc array is put behind
- * the Read&X vwv array. So now we check whether the chain
- * offset points strictly behind the previous vwv
- * array. req->buf points right after the vwv array of the
- * previous request. See
- * https://bugzilla.samba.org/show_bug.cgi?id=8360 for more
- * information.
- */
+ /*
+ * .. and check that it fits.
+ */
- already_used = PTR_DIFF(req->buf, smb_base(req->inbuf));
- if (chain_offset <= already_used) {
- goto error;
- }
+ length_needed += num_bytes;
+ if (length_needed > smblen) {
+ return false;
+ }
+ bytes = (const uint8_t *)(vwv+wct+1);
- /*
- * Next check: Make sure the chain offset does not point beyond the
- * overall smb request length.
- */
+ if (!fn(chain_cmd, wct, vwv, num_bytes, bytes, private_data)) {
+ return false;
+ }
- length_needed = chain_offset+1; /* wct */
- if (length_needed > smblen) {
- goto error;
+ if (!is_andx_req(chain_cmd)) {
+ return true;
+ }
+ chain_cmd = CVAL(vwv, 0);
}
+ return true;
+}
- /*
- * Now comes the pointer magic. Goal here is to set up req->vwv and
- * req->buf correctly again to be able to call the subsequent
- * switch_message(). The chain offset (the former vwv[1]) points at
- * the new wct field.
- */
-
- wct = CVAL(smb_base(req->inbuf), chain_offset);
+static bool smb1_chain_length_cb(uint8_t cmd,
+ uint8_t wct, const uint16_t *vwv,
+ uint16_t num_bytes, const uint8_t *bytes,
+ void *private_data)
+{
+ unsigned *count = (unsigned *)private_data;
+ *count += 1;
+ return true;
+}
- /*
- * Next consistency check: Make the new vwv array fits in the overall
- * smb request.
- */
+unsigned smb1_chain_length(const uint8_t *buf)
+{
+ unsigned count = 0;
- length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
- if (length_needed > smblen) {
- goto error;
+ if (!smb1_walk_chain(buf, smb1_chain_length_cb, &count)) {
+ return 0;
}
- vwv = (const uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
+ return count;
+}
- /*
- * Now grab the new byte buffer....
- */
+struct smb1_parse_chain_state {
+ TALLOC_CTX *mem_ctx;
+ const uint8_t *buf;
+ struct smbd_server_connection *sconn;
+ bool encrypted;
+ uint32_t seqnum;
- buflen = SVAL(vwv+wct, 0);
+ struct smb_request **reqs;
+ unsigned num_reqs;
+};
- /*
- * .. and check that it fits.
- */
+static bool smb1_parse_chain_cb(uint8_t cmd,
+ uint8_t wct, const uint16_t *vwv,
+ uint16_t num_bytes, const uint8_t *bytes,
+ void *private_data)
+{
+ struct smb1_parse_chain_state *state =
+ (struct smb1_parse_chain_state *)private_data;
+ struct smb_request **reqs;
+ struct smb_request *req;
+ bool ok;
- length_needed += buflen;
- if (length_needed > smblen) {
- goto error;
+ reqs = talloc_realloc(state->mem_ctx, state->reqs,
+ struct smb_request *, state->num_reqs+1);
+ if (reqs == NULL) {
+ return false;
}
- buf = (const uint8_t *)(vwv+wct+1);
-
- req->cmd = chain_cmd;
- req->wct = wct;
- req->vwv = discard_const_p(uint16_t, vwv);
- req->buflen = buflen;
- req->buf = buf;
+ state->reqs = reqs;
- switch_message(chain_cmd, req, smblen);
-
- if (req->outbuf == NULL) {
- /*
- * This happens if the chained command has suspended itself or
- * if it has called srv_send_smb() itself.
- */
- return;
+ req = talloc(reqs, struct smb_request);
+ if (req == NULL) {
+ return false;
}
- /*
- * We end up here if the chained command was not itself chained or
- * suspended, but for example a close() command. We now need to splice
- * the chained commands' outbuf into the already built up chain_outbuf
- * and ship the result.
- */
- goto done;
+ ok = init_smb_request(req, state->sconn, state->buf, 0,
+ state->encrypted, state->seqnum);
+ if (!ok) {
+ return false;
+ }
+ req->cmd = cmd;
+ req->wct = wct;
+ req->vwv = vwv;
+ req->buflen = num_bytes;
+ req->buf = bytes;
- error:
- /*
- * We end up here if there's any error in the chain syntax. Report a
- * DOS error, just like Windows does.
- */
- reply_force_doserror(req, ERRSRV, ERRerror);
- fixup_chain_error_packet(req);
+ reqs[state->num_reqs] = req;
+ state->num_reqs += 1;
+ return true;
+}
- done:
- /*
- * This scary statement intends to set the
- * FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf
- * to the value req->outbuf carries
- */
- SSVAL(req->chain_outbuf, smb_flg2,
- (SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
- | (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
+bool smb1_parse_chain(TALLOC_CTX *mem_ctx, const uint8_t *buf,
+ struct smbd_server_connection *sconn,
+ bool encrypted, uint32_t seqnum,
+ struct smb_request ***reqs, unsigned *num_reqs)
+{
+ struct smb1_parse_chain_state state;
+ unsigned i;
- /*
- * Transfer the error codes from the subrequest to the main one
- */
- SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
- SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err));
+ state.mem_ctx = mem_ctx;
+ state.buf = buf;
+ state.sconn = sconn;
+ state.encrypted = encrypted;
+ state.seqnum = seqnum;
+ state.reqs = NULL;
+ state.num_reqs = 0;
- if (!smb_splice_chain(&req->chain_outbuf,
- CVAL(req->outbuf, smb_com),
- CVAL(req->outbuf, smb_wct),
- (uint16_t *)(req->outbuf + smb_vwv),
- 0, smb_buflen(req->outbuf),
- (uint8_t *)smb_buf(req->outbuf))) {
- exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
+ if (!smb1_walk_chain(buf, smb1_parse_chain_cb, &state)) {
+ TALLOC_FREE(state.reqs);
+ return false;
}
- TALLOC_FREE(req->outbuf);
-
- smb_setlen((char *)(req->chain_outbuf),
- talloc_get_size(req->chain_outbuf) - 4);
-
- show_msg((char *)(req->chain_outbuf));
-
- if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
- true, req->seqnum+1,
- IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
- &req->pcd)) {
- exit_server_cleanly("chain_reply: srv_send_smb failed.");
+ for (i=0; i<state.num_reqs; i++) {
+ state.reqs[i]->chain = state.reqs;
}
- TALLOC_FREE(req->chain_outbuf);
- req->done = true;
+ *reqs = state.reqs;
+ *num_reqs = state.num_reqs;
+ return true;
}
/****************************************************************************
}
if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
- reload_services(sconn->msg_ctx, sconn->sock, True);
+ reload_services(sconn, conn_snum_used, true);
last_smb_conf_reload_time = t;
}
}
NTSTATUS status;
uint32_t seqnum;
- bool from_client = (sconn->sock == fd);
+ bool from_client;
+
+ if (lp_async_smb_echo_handler()
+ && fd_is_readable(sconn->smb1.echo_handler.trusted_fd)) {
+ /*
+ * This is the super-ugly hack to prefer the packets
+ * forwarded by the echo handler over the ones by the
+ * client directly
+ */
+ fd = sconn->smb1.echo_handler.trusted_fd;
+ }
+
+ from_client = (sconn->sock == fd);
if (from_client) {
smbd_lock_socket(sconn);
- if (lp_async_smb_echo_handler()) {
-
- if (fd_is_readable(sconn->smb1.echo_handler.trusted_fd)) {
- /*
- * This is the super-ugly hack to
- * prefer the packets forwarded by the
- * echo handler over the ones by the
- * client directly
- */
- fd = sconn->smb1.echo_handler.trusted_fd;
- } else if (!fd_is_readable(fd)) {
- DEBUG(10,("the echo listener was faster\n"));
- smbd_unlock_socket(sconn);
- return;
- }
+ if (!fd_is_readable(fd)) {
+ DEBUG(10,("the echo listener was faster\n"));
+ smbd_unlock_socket(sconn);
+ return;
}
+ }
+
+ /* TODO: make this completely nonblocking */
+ status = receive_smb_talloc(mem_ctx, sconn, fd,
+ (char **)(void *)&inbuf,
+ 0, /* timeout */
+ &unread_bytes,
+ &encrypted,
+ &inbuf_len, &seqnum,
+ false /* trusted channel */);
- /* TODO: make this completely nonblocking */
- status = receive_smb_talloc(mem_ctx, sconn, fd,
- (char **)(void *)&inbuf,
- 0, /* timeout */
- &unread_bytes,
- &encrypted,
- &inbuf_len, &seqnum,
- false /* trusted channel */);
+ if (from_client) {
smbd_unlock_socket(sconn);
- } else {
- /* TODO: make this completely nonblocking */
- status = receive_smb_talloc(mem_ctx, sconn, fd,
- (char **)(void *)&inbuf,
- 0, /* timeout */
- &unread_bytes,
- &encrypted,
- &inbuf_len, &seqnum,
- true /* trusted channel */);
}
if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
}
#ifdef CLUSTER_SUPPORT
+
+struct smbd_release_ip_state {
+ struct smbd_server_connection *sconn;
+ char addr[INET6_ADDRSTRLEN];
+};
+
/****************************************************************************
received when we should release a specific IP
****************************************************************************/
static void release_ip(const char *ip, void *priv)
{
- const char *addr = (const char *)priv;
+ struct smbd_release_ip_state *state =
+ talloc_get_type_abort(priv,
+ struct smbd_release_ip_state);
+ const char *addr = state->addr;
const char *p = addr;
if (strncmp("::ffff:", addr, 7) == 0) {
"our address is %s\n", ip, p));
if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
- /* we can't afford to do a clean exit - that involves
- database writes, which would potentially mean we
- are still running after the failover has finished -
- we have to get rid of this process ID straight
- away */
DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
ip));
- /* note we must exit with non-zero status so the unclean handler gets
- called in the parent, so that the brl database is tickled */
- _exit(1);
+ /*
+ * With SMB2 we should do a clean disconnect,
+ * the previous_session_id in the session setup
+ * will cleanup the old session, tcons and opens.
+ *
+ * A clean disconnect is needed in order to support
+ * durable handles.
+ *
+ * Note: typically this is never triggered
+ * as we got a TCP RST (triggered by ctdb event scripts)
+ * before we get CTDB_SRVID_RELEASE_IP.
+ *
+ * We used to call _exit(1) here, but as this was mostly never
+ * triggered and has implication on our process model,
+ * we can just use smbd_server_connection_terminate()
+ * (also for SMB1).
+ */
+ smbd_server_connection_terminate(state->sconn,
+ "CTDB_SRVID_RELEASE_IP");
+ return;
+ }
+}
+
+static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn,
+ struct sockaddr_storage *srv,
+ struct sockaddr_storage *clnt)
+{
+ struct smbd_release_ip_state *state;
+ struct ctdbd_connection *cconn;
+
+ cconn = messaging_ctdbd_connection();
+ if (cconn == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ state = talloc_zero(sconn, struct smbd_release_ip_state);
+ if (state == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ state->sconn = sconn;
+ if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
+
+ return ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
}
static int client_get_tcp_info(int sock, struct sockaddr_storage *server,
*/
static bool keepalive_fn(const struct timeval *now, void *private_data)
{
- struct smbd_server_connection *sconn = smbd_server_conn;
+ struct smbd_server_connection *sconn = talloc_get_type_abort(
+ private_data, struct smbd_server_connection);
bool ret;
if (sconn->using_smb2) {
return false;
}
- smbd_lock_socket(smbd_server_conn);
+ smbd_lock_socket(sconn);
ret = send_keepalive(sconn->sock);
- smbd_unlock_socket(smbd_server_conn);
+ smbd_unlock_socket(sconn);
if (!ret) {
char addr[INET6_ADDRSTRLEN];
/* check if we need to reload services */
check_reload(sconn, time_mono(NULL));
- /* Change machine password if neccessary. */
- attempt_machine_password_change();
-
/*
* Force a log file check.
*/
if (!fd_is_readable(sconn->sock)) {
DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
- (int)sys_getpid()));
+ (int)getpid()));
ok = smbd_unlock_socket_internal(sconn);
if (!ok) {
if (tevent_req_nterror(req, status)) {
tevent_req_nterror(req, status);
DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
- (int)sys_getpid(), nt_errstr(status)));
+ (int)getpid(), nt_errstr(status)));
return;
}
DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
exit(1);
}
- DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)sys_getpid()));
+ DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)getpid()));
smbd_echo_activate_writer(state);
}
-static bool smbd_echo_reply(uint8_t *inbuf, size_t inbuf_len,
+static bool smbd_echo_reply(struct smbd_echo_state *state,
+ uint8_t *inbuf, size_t inbuf_len,
uint32_t seqnum)
{
struct smb_request req;
uint16_t num_replies;
- size_t out_len;
char *outbuf;
bool ok;
DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
return false;
}
- if (!valid_smb_header(smbd_server_conn, inbuf)) {
+ if (!valid_smb_header(state->sconn, inbuf)) {
DEBUG(10, ("Got invalid SMB header\n"));
return false;
}
- if (!init_smb_request(&req, smbd_server_conn, inbuf, 0, false,
+ if (!init_smb_request(&req, state->sconn, inbuf, 0, false,
seqnum)) {
return false;
}
memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
}
- out_len = smb_len(req.outbuf) + 4;
-
ok = srv_send_smb(req.sconn,
(char *)outbuf,
true, seqnum+1,
exit(1);
}
- reply = smbd_echo_reply((uint8_t *)buf, buflen, seqnum);
+ reply = smbd_echo_reply(state, (uint8_t *)buf, buflen, seqnum);
if (!reply) {
size_t num_pending;
struct iovec *tmp;
iov->iov_len = buflen;
DEBUG(10,("echo_handler[%d]: forward to main\n",
- (int)sys_getpid()));
+ (int)getpid()));
smbd_echo_activate_writer(state);
}
goto fail;
}
- child = sys_fork();
+ child = fork();
if (child == 0) {
NTSTATUS status;
set_blocking(listener_pipe[1], false);
status = reinit_after_fork(sconn->msg_ctx,
- server_event_context(),
- procid_self(), false);
+ sconn->ev_ctx,
+ false);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("reinit_after_fork failed: %s\n",
nt_errstr(status)));
listener_pipe[1] = -1;
sconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
- DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)sys_getpid(), child));
+ DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)getpid(), child));
/*
* Without smb signing this is the same as the normal smbd
* listener. This needs to change once signing comes in.
*/
- sconn->smb1.echo_handler.trusted_fde = event_add_fd(server_event_context(),
+ sconn->smb1.echo_handler.trusted_fde = tevent_add_fd(sconn->ev_ctx,
sconn,
sconn->smb1.echo_handler.trusted_fd,
- EVENT_FD_READ,
+ TEVENT_FD_READ,
smbd_server_echo_handler,
sconn);
if (sconn->smb1.echo_handler.trusted_fde == NULL) {
return false;
}
-#if CLUSTER_SUPPORT
+static bool uid_in_use(const struct user_struct *user, uid_t uid)
+{
+ while (user) {
+ if (user->session_info &&
+ (user->session_info->unix_token->uid == uid)) {
+ return true;
+ }
+ user = user->next;
+ }
+ return false;
+}
-static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn,
- struct sockaddr_storage *srv,
- struct sockaddr_storage *clnt)
+static bool gid_in_use(const struct user_struct *user, gid_t gid)
{
- struct ctdbd_connection *cconn;
- char tmp_addr[INET6_ADDRSTRLEN];
- char *addr;
+ while (user) {
+ if (user->session_info != NULL) {
+ int i;
+ struct security_unix_token *utok;
- cconn = messaging_ctdbd_connection();
- if (cconn == NULL) {
- return NT_STATUS_NO_MEMORY;
+ utok = user->session_info->unix_token;
+ if (utok->gid == gid) {
+ return true;
+ }
+ for(i=0; i<utok->ngroups; i++) {
+ if (utok->groups[i] == gid) {
+ return true;
+ }
+ }
+ }
+ user = user->next;
}
+ return false;
+}
- client_socket_addr(sconn->sock, tmp_addr, sizeof(tmp_addr));
- addr = talloc_strdup(cconn, tmp_addr);
- if (addr == NULL) {
- return NT_STATUS_NO_MEMORY;
+static bool sid_in_use(const struct user_struct *user,
+ const struct dom_sid *psid)
+{
+ while (user) {
+ struct security_token *tok;
+
+ if (user->session_info == NULL) {
+ continue;
+ }
+ tok = user->session_info->security_token;
+ if (tok == NULL) {
+ /*
+ * Not sure session_info->security_token can
+ * ever be NULL. This check might be not
+ * necessary.
+ */
+ continue;
+ }
+ if (security_token_has_sid(tok, psid)) {
+ return true;
+ }
+ user = user->next;
}
- return ctdbd_register_ips(cconn, srv, clnt, release_ip, addr);
+ return false;
}
-#endif
+static bool id_in_use(const struct user_struct *user,
+ const struct id_cache_ref *id)
+{
+ switch(id->type) {
+ case UID:
+ return uid_in_use(user, id->id.uid);
+ case GID:
+ return gid_in_use(user, id->id.gid);
+ case SID:
+ return sid_in_use(user, &id->id.sid);
+ default:
+ break;
+ }
+ return false;
+}
+
+static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data)
+{
+ const char *msg = (data && data->data)
+ ? (const char *)data->data : "<NULL>";
+ struct id_cache_ref id;
+ struct smbd_server_connection *sconn =
+ talloc_get_type_abort(private_data,
+ struct smbd_server_connection);
+
+ if (!id_cache_ref_parse(msg, &id)) {
+ DEBUG(0, ("Invalid ?ID: %s\n", msg));
+ return;
+ }
+
+ if (id_in_use(sconn->users, &id)) {
+ exit_server_cleanly(msg);
+ }
+ id_cache_delete_from_cache(&id);
+}
+
+NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
+ enum protocol_types protocol)
+{
+ NTSTATUS status;
+
+ set_Protocol(protocol);
+ conn->protocol = protocol;
+
+ if (protocol >= PROTOCOL_SMB2_02) {
+ status = smb2srv_session_table_init(conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = smb2srv_open_table_init(conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else {
+ status = smb1srv_session_table_init(conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = smb1srv_tcon_table_init(conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = smb1srv_open_table_init(conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+static void smbd_tevent_trace_callback(enum tevent_trace_point point,
+ void *private_data)
+{
+ struct smbXsrv_connection *conn =
+ talloc_get_type_abort(private_data,
+ struct smbXsrv_connection);
+
+ switch (point) {
+ case TEVENT_TRACE_BEFORE_WAIT:
+ /*
+ * This just removes compiler warning
+ * without profile support
+ */
+ conn->smbd_idle_profstamp = 0;
+ START_PROFILE_STAMP(smbd_idle, conn->smbd_idle_profstamp);
+ break;
+ case TEVENT_TRACE_AFTER_WAIT:
+ END_PROFILE_STAMP(smbd_idle, conn->smbd_idle_profstamp);
+ break;
+ }
+}
/****************************************************************************
Process commands from the client
****************************************************************************/
void smbd_process(struct tevent_context *ev_ctx,
- struct smbd_server_connection *sconn)
+ struct messaging_context *msg_ctx,
+ int sock_fd,
+ bool interactive)
{
TALLOC_CTX *frame = talloc_stackframe();
+ struct smbXsrv_connection *conn;
+ struct smbd_server_connection *sconn;
struct sockaddr_storage ss;
struct sockaddr *sa = NULL;
socklen_t sa_socklen;
struct tsocket_address *local_address = NULL;
struct tsocket_address *remote_address = NULL;
+ const char *locaddr = NULL;
const char *remaddr = NULL;
char *rhost;
int ret;
- if (lp_maxprotocol() >= PROTOCOL_SMB2_02) {
+ conn = talloc_zero(ev_ctx, struct smbXsrv_connection);
+ if (conn == NULL) {
+ DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
+ exit_server_cleanly("talloc_zero(struct smbXsrv_connection).\n");
+ }
+
+ conn->ev_ctx = ev_ctx;
+ conn->msg_ctx = msg_ctx;
+
+ sconn = talloc_zero(conn, struct smbd_server_connection);
+ if (!sconn) {
+ exit_server("failed to create smbd_server_connection");
+ }
+
+ conn->sconn = sconn;
+ sconn->conn = conn;
+
+ /*
+ * TODO: remove this...:-)
+ */
+ global_smbXsrv_connection = conn;
+
+ sconn->ev_ctx = ev_ctx;
+ sconn->msg_ctx = msg_ctx;
+ sconn->sock = sock_fd;
+ sconn->smb1.echo_handler.trusted_fd = -1;
+ sconn->smb1.echo_handler.socket_lock_fd = -1;
+
+ if (!interactive) {
+ smbd_setup_sig_term_handler(sconn);
+ smbd_setup_sig_hup_handler(sconn);
+
+ if (!serverid_register(messaging_server_id(msg_ctx),
+ FLAG_MSG_GENERAL|FLAG_MSG_SMBD
+ |FLAG_MSG_DBWRAP
+ |FLAG_MSG_PRINT_GENERAL)) {
+ exit_server_cleanly("Could not register myself in "
+ "serverid.tdb");
+ }
+ }
+
+ if (lp_srv_maxprotocol() >= PROTOCOL_SMB2_02) {
/*
* We're not making the decision here,
* we're just allowing the client
sconn->local_address = local_address;
sconn->remote_address = remote_address;
+ if (tsocket_address_is_inet(local_address, "ip")) {
+ locaddr = tsocket_address_inet_addr_string(
+ sconn->local_address,
+ talloc_tos());
+ if (locaddr == NULL) {
+ DEBUG(0,("%s: tsocket_address_inet_addr_string local failed - %s\n",
+ __location__, strerror(errno)));
+ exit_server_cleanly("tsocket_address_inet_addr_string local failed.\n");
+ }
+ } else {
+ locaddr = "0.0.0.0";
+ }
+
if (tsocket_address_is_inet(remote_address, "ip")) {
remaddr = tsocket_address_inet_addr_string(
sconn->remote_address,
/* this is needed so that we get decent entries
in smbstatus for port 445 connects */
set_remote_machine_name(remaddr, false);
- reload_services(sconn->msg_ctx, sconn->sock, true);
+ reload_services(sconn, conn_snum_used, true);
/*
* Before the first packet, check the global hosts allow/ hosts deny
}
sconn->remote_hostname = talloc_move(sconn, &rhost);
+ sub_set_socket_ids(remaddr,
+ sconn->remote_hostname,
+ locaddr);
+
if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
sconn->remote_hostname,
remaddr)) {
tsocket_address_string(remote_address, talloc_tos()),
tsocket_address_string(local_address, talloc_tos())));
- init_modules();
+ if (lp_preload_modules()) {
+ smb_load_modules(lp_preload_modules());
+ }
smb_perfcount_init();
exit_server("Could not open account policy tdb.\n");
}
- if (*lp_rootdir()) {
- if (chroot(lp_rootdir()) != 0) {
- DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
+ if (*lp_rootdir(talloc_tos())) {
+ if (chroot(lp_rootdir(talloc_tos())) != 0) {
+ DEBUG(0,("Failed to change root to %s\n",
+ lp_rootdir(talloc_tos())));
exit_server("Failed to chroot()");
}
if (chdir("/") == -1) {
- DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
+ DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir(talloc_tos())));
exit_server("Failed to chroot()");
}
- DEBUG(0,("Changed root to %s\n", lp_rootdir()));
+ DEBUG(0,("Changed root to %s\n", lp_rootdir(talloc_tos())));
}
if (!srv_init_signing(sconn)) {
exit_server("Failed to init smb_signing");
}
+ if (!file_init(sconn)) {
+ exit_server("file_init() failed");
+ }
+
/* Setup oplocks */
- if (!init_oplocks(sconn->msg_ctx))
+ if (!init_oplocks(sconn))
exit_server("Failed to init oplocks");
/* register our message handlers */
- messaging_register(sconn->msg_ctx, NULL,
+ messaging_register(sconn->msg_ctx, sconn,
MSG_SMB_FORCE_TDIS, msg_force_tdis);
- messaging_register(sconn->msg_ctx, NULL,
+ messaging_register(sconn->msg_ctx, sconn,
MSG_SMB_CLOSE_FILE, msg_close_file);
+ messaging_register(sconn->msg_ctx, sconn,
+ MSG_SMB_FILE_RENAME, msg_file_was_renamed);
+
+ id_cache_register_msgs(sconn->msg_ctx);
+ messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
+ messaging_register(sconn->msg_ctx, sconn,
+ ID_CACHE_KILL, smbd_id_cache_kill);
+
+ messaging_deregister(sconn->msg_ctx,
+ MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
+ messaging_register(sconn->msg_ctx, sconn,
+ MSG_SMB_CONF_UPDATED, smbd_conf_updated);
/*
* Use the default MSG_DEBUG handler to avoid rebroadcasting
&& !(event_add_idle(ev_ctx, NULL,
timeval_set(lp_keepalive(), 0),
"keepalive", keepalive_fn,
- NULL))) {
+ sconn))) {
DEBUG(0, ("Could not add keepalive event\n"));
exit(1);
}
sconn->nbt.got_session = false;
- sconn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
+ sconn->smb1.negprot.max_recv = MIN(lp_max_xmit(),BUFFER_SIZE);
sconn->smb1.sessions.done_sesssetup = false;
sconn->smb1.sessions.max_send = BUFFER_SIZE;
sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
- /* users from session setup */
- sconn->smb1.sessions.session_userlist = NULL;
- /* workgroup from session setup. */
- sconn->smb1.sessions.session_workgroup = NULL;
- /* this holds info on user ids that are already validated for this VC */
- sconn->smb1.sessions.validated_users = NULL;
- sconn->smb1.sessions.next_vuid = VUID_OFFSET;
- sconn->smb1.sessions.num_validated_vuids = 0;
-
- conn_init(sconn);
+
if (!init_dptrs(sconn)) {
exit_server("init_dptrs() failed");
}
exit_server("failed to create smbd_server_connection fde");
}
+ sconn->conn->local_address = sconn->local_address;
+ sconn->conn->remote_address = sconn->remote_address;
+ sconn->conn->remote_hostname = sconn->remote_hostname;
+ sconn->conn->protocol = PROTOCOL_NONE;
+
TALLOC_FREE(frame);
- while (True) {
- NTSTATUS status;
+ tevent_set_trace_callback(ev_ctx, smbd_tevent_trace_callback, conn);
+ while (True) {
frame = talloc_stackframe_pool(8192);
errno = 0;
-
- status = smbd_server_connection_loop_once(ev_ctx, sconn);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY) &&
- !NT_STATUS_IS_OK(status)) {
- DEBUG(3, ("smbd_server_connection_loop_once failed: %s,"
- " exiting\n", nt_errstr(status)));
- break;
+ if (tevent_loop_once(ev_ctx) == -1) {
+ if (errno != EINTR) {
+ DEBUG(3, ("tevent_loop_once failed: %s,"
+ " exiting\n", strerror(errno) ));
+ break;
+ }
}
TALLOC_FREE(frame);
git.samba.org / samba.git / blobdiff