2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "source3/smbd/smbXsrv_session.h"
27 #include "smbd/smbXsrv_open.h"
28 #include "librpc/gen_ndr/netlogon.h"
29 #include "../lib/async_req/async_sock.h"
30 #include "ctdbd_conn.h"
31 #include "../lib/util/select.h"
32 #include "printing/queue_process.h"
33 #include "system/select.h"
37 #include "lib/messages_ctdb.h"
38 #include "smbprofile.h"
39 #include "rpc_server/spoolss/srv_spoolss_nt.h"
40 #include "../lib/util/tevent_ntstatus.h"
41 #include "../libcli/security/dom_sid.h"
42 #include "../libcli/security/security_token.h"
43 #include "lib/id_cache.h"
44 #include "lib/util/sys_rw_data.h"
45 #include "system/threads.h"
46 #include "lib/pthreadpool/pthreadpool_tevent.h"
47 #include "util_event.h"
48 #include "libcli/smb/smbXcli_base.h"
49 #include "lib/util/time_basic.h"
50 #include "source3/lib/substitute.h"
51 #include "source3/smbd/dir.h"
53 /* Internal message queue for deferred opens. */
54 struct pending_message_list {
55 struct pending_message_list *next, *prev;
56 struct timeval request_time; /* When was this first issued? */
57 struct smbd_server_connection *sconn;
58 struct smbXsrv_connection *xconn;
59 struct tevent_timer *te;
64 struct deferred_open_record *open_rec;
67 static struct pending_message_list *get_deferred_open_message_smb(
68 struct smbd_server_connection *sconn, uint64_t mid);
70 #if !defined(WITH_SMB1SERVER)
71 bool smb1_srv_send(struct smbXsrv_connection *xconn,
79 len = smb_len_large(buffer) + 4;
80 ret = write_data(xconn->transport.sock, buffer, len);
85 /*******************************************************************
86 Setup the word count and byte count for a smb1 message.
87 ********************************************************************/
89 size_t srv_smb1_set_message(char *buf,
94 if (zero && (num_words || num_bytes)) {
95 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
97 SCVAL(buf,smb_wct,num_words);
98 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
99 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
100 return (smb_size + num_words*2 + num_bytes);
103 NTSTATUS read_packet_remainder(int fd, char *buffer,
104 unsigned int timeout, ssize_t len)
112 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
113 if (!NT_STATUS_IS_OK(status)) {
114 char addr[INET6_ADDRSTRLEN];
115 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
117 get_peer_addr(fd, addr, sizeof(addr)),
123 #if !defined(WITH_SMB1SERVER)
124 static NTSTATUS smb2_receive_raw_talloc(TALLOC_CTX *mem_ctx,
125 struct smbXsrv_connection *xconn,
127 char **buffer, unsigned int timeout,
128 size_t *p_unread, size_t *plen)
136 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
138 if (!NT_STATUS_IS_OK(status)) {
143 * The +4 here can't wrap, we've checked the length above already.
146 *buffer = talloc_array(mem_ctx, char, len+4);
148 if (*buffer == NULL) {
149 DEBUG(0, ("Could not allocate inbuf of length %d\n",
151 return NT_STATUS_NO_MEMORY;
154 memcpy(*buffer, lenbuf, sizeof(lenbuf));
156 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
157 if (!NT_STATUS_IS_OK(status)) {
165 static NTSTATUS smb2_receive_talloc(TALLOC_CTX *mem_ctx,
166 struct smbXsrv_connection *xconn,
168 char **buffer, unsigned int timeout,
169 size_t *p_unread, bool *p_encrypted,
172 bool trusted_channel)
177 *p_encrypted = false;
179 status = smb2_receive_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
181 if (!NT_STATUS_IS_OK(status)) {
182 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
183 ("smb2_receive_raw_talloc failed for client %s "
184 "read error = %s.\n",
185 smbXsrv_connection_dbg(xconn),
186 nt_errstr(status)) );
195 NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
196 struct smbXsrv_connection *xconn,
198 char **buffer, unsigned int timeout,
199 size_t *p_unread, bool *p_encrypted,
202 bool trusted_channel)
204 #if defined(WITH_SMB1SERVER)
205 return smb1_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
206 p_unread, p_encrypted, p_len, seqnum,
209 return smb2_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
210 p_unread, p_encrypted, p_len, seqnum,
215 /****************************************************************************
216 Function to delete a sharing violation open message by mid.
217 ****************************************************************************/
219 void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
222 struct smbd_server_connection *sconn = xconn->client->sconn;
223 struct pending_message_list *pml;
225 if (sconn->using_smb2) {
226 remove_deferred_open_message_smb2(xconn, mid);
230 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
231 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
232 DEBUG(10,("remove_deferred_open_message_smb: "
233 "deleting mid %llu len %u\n",
234 (unsigned long long)mid,
235 (unsigned int)pml->buf.length ));
236 DLIST_REMOVE(sconn->deferred_open_queue, pml);
243 static void smbd_deferred_open_timer(struct tevent_context *ev,
244 struct tevent_timer *te,
245 struct timeval _tval,
248 struct pending_message_list *msg = talloc_get_type(private_data,
249 struct pending_message_list);
250 struct smbd_server_connection *sconn = msg->sconn;
251 struct smbXsrv_connection *xconn = msg->xconn;
252 TALLOC_CTX *mem_ctx = talloc_tos();
253 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
256 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
259 exit_server("smbd_deferred_open_timer: talloc failed\n");
263 /* We leave this message on the queue so the open code can
264 know this is a retry. */
265 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
266 (unsigned long long)mid ));
268 /* Mark the message as processed so this is not
269 * re-processed in error. */
270 msg->processed = true;
279 /* If it's still there and was processed, remove it. */
280 msg = get_deferred_open_message_smb(sconn, mid);
281 if (msg && msg->processed) {
282 remove_deferred_open_message_smb(xconn, mid);
286 /****************************************************************************
287 Move a sharing violation open retry message to the front of the list and
288 schedule it for immediate processing.
289 ****************************************************************************/
291 bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
294 struct smbd_server_connection *sconn = xconn->client->sconn;
295 struct pending_message_list *pml;
298 if (sconn->using_smb2) {
299 return schedule_deferred_open_message_smb2(xconn, mid);
302 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
303 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
305 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
308 (unsigned long long)msg_mid ));
310 if (mid == msg_mid) {
311 struct tevent_timer *te;
313 if (pml->processed) {
314 /* A processed message should not be
316 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
317 "message mid %llu was already processed\n",
318 (unsigned long long)msg_mid ));
322 DEBUG(10,("schedule_deferred_open_message_smb: "
323 "scheduling mid %llu\n",
324 (unsigned long long)mid ));
327 * smbd_deferred_open_timer() calls
328 * process_smb() to redispatch the request
329 * including the required impersonation.
331 * So we can just use the raw tevent_context.
333 te = tevent_add_timer(xconn->client->raw_ev_ctx,
336 smbd_deferred_open_timer,
339 DEBUG(10,("schedule_deferred_open_message_smb: "
340 "event_add_timed() failed, "
341 "skipping mid %llu\n",
342 (unsigned long long)msg_mid ));
345 TALLOC_FREE(pml->te);
347 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
352 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
353 "find message mid %llu\n",
354 (unsigned long long)mid ));
359 /****************************************************************************
360 Return true if this mid is on the deferred queue and was not yet processed.
361 ****************************************************************************/
363 bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
365 struct smbd_server_connection *sconn = xconn->client->sconn;
366 struct pending_message_list *pml;
368 if (sconn->using_smb2) {
369 return open_was_deferred_smb2(xconn, mid);
372 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
373 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
380 /****************************************************************************
381 Return the message queued by this mid.
382 ****************************************************************************/
384 static struct pending_message_list *get_deferred_open_message_smb(
385 struct smbd_server_connection *sconn, uint64_t mid)
387 struct pending_message_list *pml;
389 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
390 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
397 /****************************************************************************
398 Get the state data queued by this mid.
399 ****************************************************************************/
401 bool get_deferred_open_message_state(struct smb_request *smbreq,
402 struct timeval *p_request_time,
403 struct deferred_open_record **open_rec)
405 struct pending_message_list *pml;
407 if (smbreq->sconn->using_smb2) {
408 return get_deferred_open_message_state_smb2(smbreq->smb2req,
413 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
417 if (p_request_time) {
418 *p_request_time = pml->request_time;
420 if (open_rec != NULL) {
421 *open_rec = pml->open_rec;
426 bool push_deferred_open_message_smb(struct smb_request *req,
427 struct timeval timeout,
429 struct deferred_open_record *open_rec)
431 #if defined(WITH_SMB1SERVER)
434 return push_deferred_open_message_smb2(req->smb2req,
439 #if defined(WITH_SMB1SERVER)
441 return push_deferred_open_message_smb1(req, timeout,
447 static void construct_smb1_reply_common(uint8_t cmd, const uint8_t *inbuf,
450 uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
451 uint16_t out_flags2 = common_flags2;
453 out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
454 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
455 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
457 srv_smb1_set_message(outbuf,0,0,false);
459 SCVAL(outbuf, smb_com, cmd);
460 SIVAL(outbuf,smb_rcls,0);
461 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
462 SSVAL(outbuf,smb_flg2, out_flags2);
463 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
464 memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
466 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
467 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
468 SSVAL(outbuf,smb_pidhigh,SVAL(inbuf,smb_pidhigh));
469 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
470 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
473 void construct_smb1_reply_common_req(struct smb_request *req, char *outbuf)
475 construct_smb1_reply_common(req->cmd, req->inbuf, outbuf);
478 /*******************************************************************
479 allocate and initialize a reply packet
480 ********************************************************************/
482 bool create_smb1_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
483 const uint8_t *inbuf, char **outbuf,
484 uint8_t num_words, uint32_t num_bytes)
486 size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
489 * Protect against integer wrap.
490 * The SMB layer reply can be up to 0xFFFFFF bytes.
492 if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
494 if (asprintf(&msg, "num_bytes too large: %u",
495 (unsigned)num_bytes) == -1) {
496 msg = discard_const_p(char, "num_bytes too large");
502 * Here we include the NBT header for now.
504 *outbuf = talloc_array(mem_ctx, char,
505 NBT_HDR_SIZE + smb_len);
506 if (*outbuf == NULL) {
510 construct_smb1_reply_common(req->cmd, inbuf, *outbuf);
511 srv_smb1_set_message(*outbuf, num_words, num_bytes, false);
513 * Zero out the word area, the caller has to take care of the bcc area
516 if (num_words != 0) {
517 memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
523 void reply_smb1_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
526 if (!create_smb1_outbuf(req, req, req->inbuf, &outbuf, num_words,
528 smb_panic("could not allocate output buffer\n");
530 req->outbuf = (uint8_t *)outbuf;
533 bool valid_smb1_header(const uint8_t *inbuf)
535 if (is_encrypted_packet(inbuf)) {
539 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
540 * but it just looks weird to call strncmp for this one.
542 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
545 /****************************************************************************
546 Process an smb from the client
547 ****************************************************************************/
549 static void process_smb2(struct smbXsrv_connection *xconn,
556 const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
557 size_t pdulen = nread - NBT_HDR_SIZE;
558 NTSTATUS status = smbd_smb2_process_negprot(xconn, 0, inpdu, pdulen);
559 if (!NT_STATUS_IS_OK(status)) {
560 exit_server_cleanly("SMB2 negprot fail");
564 void process_smb(struct smbXsrv_connection *xconn,
571 struct smbd_server_connection *sconn = xconn->client->sconn;
572 int msg_type = CVAL(inbuf,0);
574 DO_PROFILE_INC(request);
576 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
578 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
579 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
581 if (msg_type != NBSSmessage) {
583 * NetBIOS session request, keepalive, etc.
585 reply_special(xconn, (char *)inbuf, nread);
589 #if defined(WITH_SMB1SERVER)
590 if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
591 /* At this point we're not really using smb2,
592 * we make the decision here.. */
593 if (smbd_is_smb2_header(inbuf, nread)) {
602 #if defined(WITH_SMB1SERVER)
604 if (nread >= smb_size && valid_smb1_header(inbuf)
605 && CVAL(inbuf, smb_com) != 0x72) {
606 /* This is a non-negprot SMB1 packet.
607 Disable SMB2 from now on. */
608 lp_do_parameter(-1, "server max protocol", "NT1");
611 process_smb1(xconn, inbuf, nread, unread_bytes, seqnum, encrypted);
615 sconn->num_requests++;
617 /* The timeout_processing function isn't run nearly
618 often enough to implement 'max log size' without
619 overrunning the size of the file by many megabytes.
620 This is especially true if we are running at debug
621 level 10. Checking every 50 SMBs is a nice
622 tradeoff of performance vs log file size overrun. */
624 if ((sconn->num_requests % 50) == 0 &&
625 need_to_check_log_size()) {
626 change_to_root_user();
631 NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
632 enum protocol_types protocol)
636 conn->protocol = protocol;
638 if (conn->client->session_table != NULL) {
642 if (protocol >= PROTOCOL_SMB2_02) {
643 status = smb2srv_session_table_init(conn);
644 if (!NT_STATUS_IS_OK(status)) {
645 conn->protocol = PROTOCOL_NONE;
649 status = smb2srv_open_table_init(conn);
650 if (!NT_STATUS_IS_OK(status)) {
651 conn->protocol = PROTOCOL_NONE;
655 #if defined(WITH_SMB1SERVER)
656 status = smb1srv_session_table_init(conn);
657 if (!NT_STATUS_IS_OK(status)) {
658 conn->protocol = PROTOCOL_NONE;
662 status = smb1srv_tcon_table_init(conn);
663 if (!NT_STATUS_IS_OK(status)) {
664 conn->protocol = PROTOCOL_NONE;
668 status = smb1srv_open_table_init(conn);
669 if (!NT_STATUS_IS_OK(status)) {
670 conn->protocol = PROTOCOL_NONE;
674 conn->protocol = PROTOCOL_NONE;
675 return NT_STATUS_INVALID_NETWORK_RESPONSE;
679 set_Protocol(protocol);
684 * Create a debug string for the connection
686 * This is allocated to talloc_tos() or a string constant
687 * in certain corner cases. The returned string should
688 * hence not be free'd directly but only via the talloc stack.
690 const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
692 const char *ret = NULL;
695 struct GUID_txt_buf guid_buf = {};
698 * TODO: this can be improved further later...
701 raddr = tsocket_address_string(xconn->remote_address, talloc_tos());
703 return "<tsocket_address_string() failed>";
705 laddr = tsocket_address_string(xconn->local_address, talloc_tos());
707 return "<tsocket_address_string() failed>";
710 ret = talloc_asprintf(talloc_tos(),
711 "PID=%d,CLIENT=%s,channel=%"PRIu64",remote=%s,local=%s",
713 GUID_buf_string(&xconn->smb2.client.guid, &guid_buf),
720 return "<talloc_asprintf() failed>";
727 * Initialize a struct smb_request from an inbuf
730 bool init_smb1_request(struct smb_request *req,
731 struct smbd_server_connection *sconn,
732 struct smbXsrv_connection *xconn,
733 const uint8_t *inbuf,
734 size_t unread_bytes, bool encrypted,
737 struct smbXsrv_tcon *tcon;
740 size_t req_size = smb_len(inbuf) + 4;
742 /* Ensure we have at least smb_size bytes. */
743 if (req_size < smb_size) {
744 DEBUG(0,("init_smb1_request: invalid request size %u\n",
745 (unsigned int)req_size ));
749 *req = (struct smb_request) { .cmd = 0};
751 req->request_time = timeval_current();
752 now = timeval_to_nttime(&req->request_time);
754 req->cmd = CVAL(inbuf, smb_com);
755 req->flags2 = SVAL(inbuf, smb_flg2);
756 req->smbpid = SVAL(inbuf, smb_pid);
757 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
758 req->seqnum = seqnum;
759 req->vuid = SVAL(inbuf, smb_uid);
760 req->tid = SVAL(inbuf, smb_tid);
761 req->wct = CVAL(inbuf, smb_wct);
762 req->vwv = (const uint16_t *)(inbuf+smb_vwv);
763 req->buflen = smb_buflen(inbuf);
764 req->buf = (const uint8_t *)smb_buf_const(inbuf);
765 req->unread_bytes = unread_bytes;
766 req->encrypted = encrypted;
770 status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
771 if (NT_STATUS_IS_OK(status)) {
772 req->conn = tcon->compat;
775 req->posix_pathnames = lp_posix_pathnames();
777 /* Ensure we have at least wct words and 2 bytes of bcc. */
778 if (smb_size + req->wct*2 > req_size) {
779 DEBUG(0,("init_smb1_request: invalid wct number %u (size %u)\n",
780 (unsigned int)req->wct,
781 (unsigned int)req_size));
784 /* Ensure bcc is correct. */
785 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
786 DEBUG(0,("init_smb1_request: invalid bcc number %u "
787 "(wct = %u, size %u)\n",
788 (unsigned int)req->buflen,
789 (unsigned int)req->wct,
790 (unsigned int)req_size));
797 /****************************************************************************
798 Construct a reply to the incoming packet.
799 ****************************************************************************/
801 static void construct_reply_smb1negprot(struct smbXsrv_connection *xconn,
802 char *inbuf, int size,
805 struct smbd_server_connection *sconn = xconn->client->sconn;
806 struct smb_request *req;
809 if (!(req = talloc(talloc_tos(), struct smb_request))) {
810 smb_panic("could not allocate smb_request");
813 if (!init_smb1_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
815 exit_server_cleanly("Invalid SMB request");
818 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
820 status = smb2_multi_protocol_reply_negprot(req);
821 if (req->outbuf == NULL) {
823 * req->outbuf == NULL means we bootstrapped into SMB2.
827 if (!NT_STATUS_IS_OK(status)) {
828 if (!smb1_srv_send(req->xconn,
832 IS_CONN_ENCRYPTED(req->conn) ||
834 exit_server_cleanly("construct_reply_smb1negprot: "
835 "smb1_srv_send failed.");
839 /* This code path should only *ever* bootstrap into SMB2. */
840 exit_server_cleanly("Internal error SMB1negprot didn't reply "
841 "with an SMB2 packet");
845 static void smbd_server_connection_write_handler(
846 struct smbXsrv_connection *xconn)
848 /* TODO: make write nonblocking */
851 static void smbd_smb2_server_connection_read_handler(
852 struct smbXsrv_connection *xconn, int fd)
854 char lenbuf[NBT_HDR_SIZE];
856 uint8_t *buffer = NULL;
857 size_t bufferlen = 0;
859 uint8_t msg_type = 0;
861 /* Read the first 4 bytes - contains length of remainder. */
862 status = read_smb_length_return_keepalive(fd, lenbuf, 0, &len);
863 if (!NT_STATUS_IS_OK(status)) {
864 exit_server_cleanly("failed to receive request length");
868 /* Integer wrap check. */
869 if (len + NBT_HDR_SIZE < len) {
870 exit_server_cleanly("Invalid length on initial request");
875 * The +4 here can't wrap, we've checked the length above already.
877 bufferlen = len+NBT_HDR_SIZE;
879 buffer = talloc_array(talloc_tos(), uint8_t, bufferlen);
880 if (buffer == NULL) {
881 DBG_ERR("Could not allocate request inbuf of length %zu\n",
883 exit_server_cleanly("talloc fail");
887 /* Copy the NBT_HDR_SIZE length. */
888 memcpy(buffer, lenbuf, sizeof(lenbuf));
890 status = read_packet_remainder(fd, (char *)buffer+NBT_HDR_SIZE, 0, len);
891 if (!NT_STATUS_IS_OK(status)) {
892 exit_server_cleanly("Failed to read remainder of initial request");
896 /* Check the message type. */
897 msg_type = PULL_LE_U8(buffer,0);
898 if (msg_type == NBSSrequest) {
900 * clients can send this request before
901 * bootstrapping into SMB2. Cope with this
902 * message only, don't allow any other strange
905 reply_special(xconn, (char *)buffer, bufferlen);
906 xconn->client->sconn->num_requests++;
910 /* Only a 'normal' message type allowed now. */
911 if (msg_type != NBSSmessage) {
912 DBG_ERR("Invalid message type %d\n", msg_type);
913 exit_server_cleanly("Invalid message type for initial request");
917 /* Could this be an SMB1 negprot bootstrap into SMB2 ? */
918 if (bufferlen < smb_size) {
919 exit_server_cleanly("Invalid initial SMB1 or SMB2 packet");
922 if (valid_smb1_header(buffer)) {
923 /* Can *only* allow an SMB1 negprot here. */
924 uint8_t cmd = PULL_LE_U8(buffer, smb_com);
925 if (cmd != SMBnegprot) {
926 DBG_ERR("Incorrect SMB1 command 0x%hhx, "
927 "should be SMBnegprot (0x72)\n",
929 exit_server_cleanly("Invalid initial SMB1 packet");
931 /* Minimal process_smb(). */
932 show_msg((char *)buffer);
933 construct_reply_smb1negprot(xconn, (char *)buffer,
935 xconn->client->sconn->trans_num++;
936 xconn->client->sconn->num_requests++;
939 } else if (!smbd_is_smb2_header(buffer, bufferlen)) {
940 exit_server_cleanly("Invalid initial SMB2 packet");
944 /* Here we know we're a valid SMB2 packet. */
947 * Point at the start of the SMB2 PDU.
948 * len is the length of the SMB2 PDU.
951 status = smbd_smb2_process_negprot(xconn,
953 (const uint8_t *)buffer+NBT_HDR_SIZE,
955 if (!NT_STATUS_IS_OK(status)) {
956 exit_server_cleanly("SMB2 negprot fail");
961 static void smbd_server_connection_handler(struct tevent_context *ev,
962 struct tevent_fd *fde,
966 struct smbXsrv_connection *xconn =
967 talloc_get_type_abort(private_data,
968 struct smbXsrv_connection);
970 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
972 * we're not supposed to do any io
974 TEVENT_FD_NOT_READABLE(xconn->transport.fde);
975 TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
979 if (flags & TEVENT_FD_WRITE) {
980 smbd_server_connection_write_handler(xconn);
983 if (flags & TEVENT_FD_READ) {
984 #if defined(WITH_SMB1SERVER)
985 if (lp_server_min_protocol() > PROTOCOL_NT1) {
987 smbd_smb2_server_connection_read_handler(xconn,
988 xconn->transport.sock);
989 #if defined(WITH_SMB1SERVER)
991 smbd_smb1_server_connection_read_handler(xconn,
992 xconn->transport.sock);
999 struct smbd_release_ip_state {
1000 struct smbXsrv_connection *xconn;
1001 struct tevent_immediate *im;
1002 struct sockaddr_storage srv;
1003 struct sockaddr_storage clnt;
1004 char addr[INET6_ADDRSTRLEN];
1007 static int release_ip(struct tevent_context *ev,
1013 void *private_data);
1015 static int smbd_release_ip_state_destructor(struct smbd_release_ip_state *s)
1017 struct ctdbd_connection *cconn = messaging_ctdb_connection();
1018 struct smbXsrv_connection *xconn = s->xconn;
1020 if (cconn == NULL) {
1024 if (NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_CONNECTION_IN_USE)) {
1025 ctdbd_passed_ips(cconn, &s->srv, &s->clnt, release_ip, s);
1027 ctdbd_unregister_ips(cconn, &s->srv, &s->clnt, release_ip, s);
1033 static void smbd_release_ip_immediate(struct tevent_context *ctx,
1034 struct tevent_immediate *im,
1037 struct smbd_release_ip_state *state =
1038 talloc_get_type_abort(private_data,
1039 struct smbd_release_ip_state);
1040 struct smbXsrv_connection *xconn = state->xconn;
1042 if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
1044 * smbd_server_connection_terminate() already triggered ?
1049 smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
1052 /****************************************************************************
1053 received when we should release a specific IP
1054 ****************************************************************************/
1055 static int release_ip(struct tevent_context *ev,
1056 uint32_t src_vnn, uint32_t dst_vnn,
1058 const uint8_t *msg, size_t msglen,
1061 struct smbd_release_ip_state *state =
1062 talloc_get_type_abort(private_data,
1063 struct smbd_release_ip_state);
1064 struct smbXsrv_connection *xconn = state->xconn;
1066 const char *addr = state->addr;
1067 const char *p = addr;
1072 if (msg[msglen-1] != '\0') {
1076 ip = (const char *)msg;
1078 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
1079 /* avoid recursion */
1083 if (strncmp("::ffff:", addr, 7) == 0) {
1087 DEBUG(10, ("Got release IP message for %s, "
1088 "our address is %s\n", ip, p));
1090 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
1091 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
1094 * With SMB2 we should do a clean disconnect,
1095 * the previous_session_id in the session setup
1096 * will cleanup the old session, tcons and opens.
1098 * A clean disconnect is needed in order to support
1101 * Note: typically this is never triggered
1102 * as we got a TCP RST (triggered by ctdb event scripts)
1103 * before we get CTDB_SRVID_RELEASE_IP.
1105 * We used to call _exit(1) here, but as this was mostly never
1106 * triggered and has implication on our process model,
1107 * we can just use smbd_server_connection_terminate()
1110 * We don't call smbd_server_connection_terminate() directly
1111 * as we might be called from within ctdbd_migrate(),
1112 * we need to defer our action to the next event loop
1114 tevent_schedule_immediate(state->im,
1115 xconn->client->raw_ev_ctx,
1116 smbd_release_ip_immediate,
1120 * Make sure we don't get any io on the connection.
1122 xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
1123 return EADDRNOTAVAIL;
1129 static int match_cluster_movable_ip(uint32_t total_ip_count,
1130 const struct sockaddr_storage *ip,
1134 const struct sockaddr_storage *srv = private_data;
1135 struct samba_sockaddr pub_ip = {
1140 struct samba_sockaddr srv_ip = {
1146 if (is_movable_ip && sockaddr_equal(&pub_ip.u.sa, &srv_ip.u.sa)) {
1147 return EADDRNOTAVAIL;
1153 static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
1154 struct sockaddr_storage *srv,
1155 struct sockaddr_storage *clnt)
1157 struct smbd_release_ip_state *state;
1158 struct ctdbd_connection *cconn;
1161 cconn = messaging_ctdb_connection();
1162 if (cconn == NULL) {
1163 return NT_STATUS_NO_MEMORY;
1166 state = talloc_zero(xconn, struct smbd_release_ip_state);
1167 if (state == NULL) {
1168 return NT_STATUS_NO_MEMORY;
1170 state->xconn = xconn;
1171 state->im = tevent_create_immediate(state);
1172 if (state->im == NULL) {
1173 return NT_STATUS_NO_MEMORY;
1176 state->clnt = *clnt;
1177 if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
1178 return NT_STATUS_NO_MEMORY;
1181 if (xconn->client->server_multi_channel_enabled) {
1182 ret = ctdbd_public_ip_foreach(cconn,
1183 match_cluster_movable_ip,
1185 if (ret == EADDRNOTAVAIL) {
1186 xconn->has_cluster_movable_ip = true;
1187 DBG_DEBUG("cluster movable IP on %s\n",
1188 smbXsrv_connection_dbg(xconn));
1189 } else if (ret != 0) {
1190 DBG_ERR("failed to iterate cluster IPs: %s\n",
1192 return NT_STATUS_INTERNAL_ERROR;
1196 ret = ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
1198 return map_nt_error_from_unix(ret);
1201 talloc_set_destructor(state, smbd_release_ip_state_destructor);
1203 return NT_STATUS_OK;
1206 static int smbXsrv_connection_destructor(struct smbXsrv_connection *xconn)
1208 DBG_DEBUG("xconn[%s]\n", smbXsrv_connection_dbg(xconn));
1212 NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
1213 NTTIME now, struct smbXsrv_connection **_xconn)
1215 TALLOC_CTX *frame = talloc_stackframe();
1216 struct smbXsrv_connection *xconn;
1217 struct sockaddr_storage ss_srv;
1218 void *sp_srv = (void *)&ss_srv;
1219 struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
1220 struct sockaddr_storage ss_clnt;
1221 void *sp_clnt = (void *)&ss_clnt;
1222 struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
1223 socklen_t sa_socklen;
1224 struct tsocket_address *local_address = NULL;
1225 struct tsocket_address *remote_address = NULL;
1226 const char *remaddr = NULL;
1228 const char *rhost = NULL;
1234 DO_PROFILE_INC(connect);
1236 xconn = talloc_zero(client, struct smbXsrv_connection);
1237 if (xconn == NULL) {
1238 DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
1240 return NT_STATUS_NO_MEMORY;
1242 talloc_set_destructor(xconn, smbXsrv_connection_destructor);
1243 talloc_steal(frame, xconn);
1244 xconn->client = client;
1245 xconn->connect_time = now;
1246 if (client->next_channel_id != 0) {
1247 xconn->channel_id = client->next_channel_id++;
1250 xconn->transport.sock = sock_fd;
1251 #if defined(WITH_SMB1SERVER)
1252 smbd_echo_init(xconn);
1254 xconn->protocol = PROTOCOL_NONE;
1256 /* Ensure child is set to blocking mode */
1257 set_blocking(sock_fd,True);
1259 set_socket_options(sock_fd, "SO_KEEPALIVE");
1260 set_socket_options(sock_fd, lp_socket_options());
1262 sa_socklen = sizeof(ss_clnt);
1263 ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
1265 int saved_errno = errno;
1266 int level = (errno == ENOTCONN)?2:0;
1267 DEBUG(level,("getpeername() failed - %s\n",
1268 strerror(saved_errno)));
1270 return map_nt_error_from_unix_common(saved_errno);
1272 ret = tsocket_address_bsd_from_sockaddr(xconn,
1273 sa_clnt, sa_socklen,
1276 int saved_errno = errno;
1277 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
1278 __location__, strerror(saved_errno)));
1280 return map_nt_error_from_unix_common(saved_errno);
1283 sa_socklen = sizeof(ss_srv);
1284 ret = getsockname(sock_fd, sa_srv, &sa_socklen);
1286 int saved_errno = errno;
1287 int level = (errno == ENOTCONN)?2:0;
1288 DEBUG(level,("getsockname() failed - %s\n",
1289 strerror(saved_errno)));
1291 return map_nt_error_from_unix_common(saved_errno);
1293 ret = tsocket_address_bsd_from_sockaddr(xconn,
1297 int saved_errno = errno;
1298 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
1299 __location__, strerror(saved_errno)));
1301 return map_nt_error_from_unix_common(saved_errno);
1304 if (tsocket_address_is_inet(remote_address, "ip")) {
1305 remaddr = tsocket_address_inet_addr_string(remote_address,
1307 if (remaddr == NULL) {
1308 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1309 __location__, strerror(errno)));
1311 return NT_STATUS_NO_MEMORY;
1314 remaddr = "0.0.0.0";
1318 * Before the first packet, check the global hosts allow/ hosts deny
1319 * parameters before doing any parsing of packets passed to us by the
1320 * client. This prevents attacks on our parsing code from hosts not in
1321 * the hosts allow list.
1324 ret = get_remote_hostname(remote_address,
1327 int saved_errno = errno;
1328 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
1329 __location__, strerror(saved_errno)));
1331 return map_nt_error_from_unix_common(saved_errno);
1334 if (strequal(rhost, "UNKNOWN")) {
1338 xconn->local_address = local_address;
1339 xconn->remote_address = remote_address;
1340 xconn->remote_hostname = talloc_strdup(xconn, rhost);
1341 if (xconn->remote_hostname == NULL) {
1342 return NT_STATUS_NO_MEMORY;
1345 if (!srv_init_signing(xconn)) {
1346 DEBUG(0, ("Failed to init smb_signing\n"));
1348 return NT_STATUS_INTERNAL_ERROR;
1351 if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
1352 xconn->remote_hostname,
1354 DEBUG( 1, ("Connection denied from %s to %s\n",
1355 tsocket_address_string(remote_address, talloc_tos()),
1356 tsocket_address_string(local_address, talloc_tos())));
1359 * We return a valid xconn
1360 * so that the caller can return an error message
1363 DLIST_ADD_END(client->connections, xconn);
1364 talloc_steal(client, xconn);
1368 return NT_STATUS_NETWORK_ACCESS_DENIED;
1371 DEBUG(10, ("Connection allowed from %s to %s\n",
1372 tsocket_address_string(remote_address, talloc_tos()),
1373 tsocket_address_string(local_address, talloc_tos())));
1375 if (lp_clustering()) {
1377 * We need to tell ctdb about our client's TCP
1378 * connection, so that for failover ctdbd can send
1379 * tickle acks, triggering a reconnection by the
1384 status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
1385 if (!NT_STATUS_IS_OK(status)) {
1386 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
1387 nt_errstr(status)));
1391 tmp = lp_max_xmit();
1392 tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
1393 tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
1395 #if defined(WITH_SMB1SERVER)
1396 xconn->smb1.negprot.max_recv = tmp;
1398 xconn->smb1.sessions.done_sesssetup = false;
1399 xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
1402 xconn->transport.fde = tevent_add_fd(client->raw_ev_ctx,
1406 smbd_server_connection_handler,
1408 if (!xconn->transport.fde) {
1410 return NT_STATUS_NO_MEMORY;
1412 tevent_fd_set_auto_close(xconn->transport.fde);
1414 /* for now we only have one connection */
1415 DLIST_ADD_END(client->connections, xconn);
1416 talloc_steal(client, xconn);
1420 return NT_STATUS_OK;
1423 static bool uid_in_use(struct auth_session_info *session_info,
1426 if (session_info->unix_token->uid == uid) {
1432 static bool gid_in_use(struct auth_session_info *session_info,
1436 struct security_unix_token *utok = NULL;
1438 utok = session_info->unix_token;
1439 if (utok->gid == gid) {
1443 for(i = 0; i < utok->ngroups; i++) {
1444 if (utok->groups[i] == gid) {
1451 static bool sid_in_use(struct auth_session_info *session_info,
1452 const struct dom_sid *psid)
1454 struct security_token *tok = NULL;
1456 tok = session_info->security_token;
1459 * Not sure session_info->security_token can
1460 * ever be NULL. This check might be not
1465 if (security_token_has_sid(tok, psid)) {
1471 struct id_in_use_state {
1472 const struct id_cache_ref *id;
1476 static int id_in_use_cb(struct smbXsrv_session *session,
1479 struct id_in_use_state *state = (struct id_in_use_state *)
1481 struct auth_session_info *session_info =
1482 session->global->auth_session_info;
1484 switch(state->id->type) {
1486 state->match = uid_in_use(session_info, state->id->id.uid);
1489 state->match = gid_in_use(session_info, state->id->id.gid);
1492 state->match = sid_in_use(session_info, &state->id->id.sid);
1495 state->match = false;
1504 static bool id_in_use(struct smbd_server_connection *sconn,
1505 const struct id_cache_ref *id)
1507 struct id_in_use_state state;
1510 state = (struct id_in_use_state) {
1515 status = smbXsrv_session_local_traverse(sconn->client,
1518 if (!NT_STATUS_IS_OK(status)) {
1525 /****************************************************************************
1526 Check if services need reloading.
1527 ****************************************************************************/
1529 static void check_reload(struct smbd_server_connection *sconn, time_t t)
1532 if (last_smb_conf_reload_time == 0) {
1533 last_smb_conf_reload_time = t;
1536 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
1537 reload_services(sconn, conn_snum_used, true);
1538 last_smb_conf_reload_time = t;
1542 static void msg_kill_client_ip(struct messaging_context *msg_ctx,
1543 void *private_data, uint32_t msg_type,
1544 struct server_id server_id, DATA_BLOB *data)
1546 struct smbd_server_connection *sconn = talloc_get_type_abort(
1547 private_data, struct smbd_server_connection);
1548 const char *ip = (char *) data->data;
1551 DBG_DEBUG("Got kill request for client IP %s\n", ip);
1553 client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
1555 if (client_ip == NULL) {
1559 if (strequal(ip, client_ip)) {
1560 DBG_WARNING("Got kill client message for %s - "
1561 "exiting immediately\n", ip);
1562 exit_server_cleanly("Forced disconnect for client");
1565 TALLOC_FREE(client_ip);
1568 static void msg_kill_client_with_server_ip(struct messaging_context *msg_ctx,
1571 struct server_id server_id,
1574 struct smbd_server_connection *sconn = talloc_get_type_abort(
1575 private_data, struct smbd_server_connection);
1576 const char *ip = (char *) data->data;
1577 char *server_ip = NULL;
1578 TALLOC_CTX *ctx = NULL;
1580 DBG_NOTICE("Got kill request for source IP %s\n", ip);
1581 ctx = talloc_stackframe();
1583 server_ip = tsocket_address_inet_addr_string(sconn->local_address, ctx);
1584 if (server_ip == NULL) {
1588 if (strequal(ip, server_ip)) {
1590 "Got ip dropped message for %s - exiting immediately\n",
1593 exit_server_cleanly("Forced disconnect for client");
1601 * Do the recurring check if we're idle
1603 static bool deadtime_fn(const struct timeval *now, void *private_data)
1605 struct smbd_server_connection *sconn =
1606 (struct smbd_server_connection *)private_data;
1608 if ((conn_num_open(sconn) == 0)
1609 || (conn_idle_all(sconn, now->tv_sec))) {
1610 DEBUG( 2, ( "Closing idle connection\n" ) );
1611 messaging_send(sconn->msg_ctx,
1612 messaging_server_id(sconn->msg_ctx),
1613 MSG_SHUTDOWN, &data_blob_null);
1621 * Do the recurring log file and smb.conf reload checks.
1624 static bool housekeeping_fn(const struct timeval *now, void *private_data)
1626 struct smbd_server_connection *sconn = talloc_get_type_abort(
1627 private_data, struct smbd_server_connection);
1629 DEBUG(5, ("housekeeping\n"));
1631 change_to_root_user();
1633 /* check if we need to reload services */
1634 check_reload(sconn, time_mono(NULL));
1637 * Force a log file check.
1639 force_check_log_size();
1644 static void smbd_sig_term_handler(struct tevent_context *ev,
1645 struct tevent_signal *se,
1651 exit_server_cleanly("termination signal");
1654 static void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
1656 struct tevent_signal *se;
1658 se = tevent_add_signal(sconn->ev_ctx,
1661 smbd_sig_term_handler,
1664 exit_server("failed to setup SIGTERM handler");
1668 static void smbd_sig_hup_handler(struct tevent_context *ev,
1669 struct tevent_signal *se,
1675 struct smbd_server_connection *sconn =
1676 talloc_get_type_abort(private_data,
1677 struct smbd_server_connection);
1679 change_to_root_user();
1680 DEBUG(1,("Reloading services after SIGHUP\n"));
1681 reload_services(sconn, conn_snum_used, false);
1684 static void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
1686 struct tevent_signal *se;
1688 se = tevent_add_signal(sconn->ev_ctx,
1691 smbd_sig_hup_handler,
1694 exit_server("failed to setup SIGHUP handler");
1698 static void smbd_conf_updated(struct messaging_context *msg,
1701 struct server_id server_id,
1704 struct smbd_server_connection *sconn =
1705 talloc_get_type_abort(private_data,
1706 struct smbd_server_connection);
1708 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
1709 "updated. Reloading.\n"));
1710 change_to_root_user();
1711 reload_services(sconn, conn_snum_used, false);
1714 static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
1717 struct server_id server_id,
1720 const char *msg = (data && data->data)
1721 ? (const char *)data->data : "<NULL>";
1722 struct id_cache_ref id;
1723 struct smbd_server_connection *sconn =
1724 talloc_get_type_abort(private_data,
1725 struct smbd_server_connection);
1727 if (!id_cache_ref_parse(msg, &id)) {
1728 DEBUG(0, ("Invalid ?ID: %s\n", msg));
1732 if (id_in_use(sconn, &id)) {
1733 exit_server_cleanly(msg);
1735 id_cache_delete_from_cache(&id);
1738 struct smbd_tevent_trace_state {
1739 struct tevent_context *ev;
1741 SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
1744 static inline void smbd_tevent_trace_callback_before_loop_once(
1745 struct smbd_tevent_trace_state *state)
1747 talloc_free(state->frame);
1748 state->frame = talloc_stackframe_pool(8192);
1751 static inline void smbd_tevent_trace_callback_after_loop_once(
1752 struct smbd_tevent_trace_state *state)
1754 TALLOC_FREE(state->frame);
1757 static void smbd_tevent_trace_callback(enum tevent_trace_point point,
1760 struct smbd_tevent_trace_state *state =
1761 (struct smbd_tevent_trace_state *)private_data;
1764 case TEVENT_TRACE_BEFORE_WAIT:
1766 case TEVENT_TRACE_AFTER_WAIT:
1768 case TEVENT_TRACE_BEFORE_LOOP_ONCE:
1769 smbd_tevent_trace_callback_before_loop_once(state);
1771 case TEVENT_TRACE_AFTER_LOOP_ONCE:
1772 smbd_tevent_trace_callback_after_loop_once(state);
1779 static void smbd_tevent_trace_callback_profile(enum tevent_trace_point point,
1782 struct smbd_tevent_trace_state *state =
1783 (struct smbd_tevent_trace_state *)private_data;
1786 case TEVENT_TRACE_BEFORE_WAIT:
1787 if (!smbprofile_dump_pending()) {
1789 * If there's no dump pending
1790 * we don't want to schedule a new 1 sec timer.
1792 * Instead we want to sleep as long as nothing happens.
1794 smbprofile_dump_setup(NULL);
1796 SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
1798 case TEVENT_TRACE_AFTER_WAIT:
1799 SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
1800 if (!smbprofile_dump_pending()) {
1802 * We need to flush our state after sleeping
1803 * (hopefully a long time).
1807 * future profiling events should trigger timers
1808 * on our main event context.
1810 smbprofile_dump_setup(state->ev);
1813 case TEVENT_TRACE_BEFORE_LOOP_ONCE:
1814 smbd_tevent_trace_callback_before_loop_once(state);
1816 case TEVENT_TRACE_AFTER_LOOP_ONCE:
1817 smbd_tevent_trace_callback_after_loop_once(state);
1824 /****************************************************************************
1825 Process commands from the client
1826 ****************************************************************************/
1828 void smbd_process(struct tevent_context *ev_ctx,
1829 struct messaging_context *msg_ctx,
1833 struct smbd_tevent_trace_state trace_state = {
1835 .frame = talloc_stackframe(),
1837 const struct loadparm_substitution *lp_sub =
1838 loadparm_s3_global_substitution();
1839 struct smbXsrv_client *client = NULL;
1840 struct smbd_server_connection *sconn = NULL;
1841 struct smbXsrv_connection *xconn = NULL;
1842 const char *locaddr = NULL;
1843 const char *remaddr = NULL;
1846 struct timeval tv = timeval_current();
1847 NTTIME now = timeval_to_nttime(&tv);
1848 char *chroot_dir = NULL;
1851 status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
1852 if (!NT_STATUS_IS_OK(status)) {
1853 DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
1854 exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
1858 * TODO: remove this...:-)
1860 global_smbXsrv_client = client;
1862 sconn = talloc_zero(client, struct smbd_server_connection);
1863 if (sconn == NULL) {
1864 exit_server("failed to create smbd_server_connection");
1867 client->sconn = sconn;
1868 sconn->client = client;
1870 sconn->ev_ctx = ev_ctx;
1871 sconn->msg_ctx = msg_ctx;
1873 ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
1876 exit_server("pthreadpool_tevent_init() failed.");
1880 smbd_setup_sig_term_handler(sconn);
1881 smbd_setup_sig_hup_handler(sconn);
1884 status = smbd_add_connection(client, sock_fd, now, &xconn);
1885 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
1887 * send a negative session response "not listening on calling
1890 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1891 (void)smb1_srv_send(xconn, (char *)buf, false, 0, false);
1892 exit_server_cleanly("connection denied");
1893 } else if (!NT_STATUS_IS_OK(status)) {
1894 exit_server_cleanly(nt_errstr(status));
1897 sconn->local_address =
1898 tsocket_address_copy(xconn->local_address, sconn);
1899 if (sconn->local_address == NULL) {
1900 exit_server_cleanly("tsocket_address_copy() failed");
1902 sconn->remote_address =
1903 tsocket_address_copy(xconn->remote_address, sconn);
1904 if (sconn->remote_address == NULL) {
1905 exit_server_cleanly("tsocket_address_copy() failed");
1907 sconn->remote_hostname =
1908 talloc_strdup(sconn, xconn->remote_hostname);
1909 if (sconn->remote_hostname == NULL) {
1910 exit_server_cleanly("tsocket_strdup() failed");
1913 client->global->local_address =
1914 tsocket_address_string(sconn->local_address,
1916 if (client->global->local_address == NULL) {
1917 exit_server_cleanly("tsocket_address_string() failed");
1919 client->global->remote_address =
1920 tsocket_address_string(sconn->remote_address,
1922 if (client->global->remote_address == NULL) {
1923 exit_server_cleanly("tsocket_address_string() failed");
1925 client->global->remote_name =
1926 talloc_strdup(client->global, sconn->remote_hostname);
1927 if (client->global->remote_name == NULL) {
1928 exit_server_cleanly("tsocket_strdup() failed");
1931 if (tsocket_address_is_inet(sconn->local_address, "ip")) {
1932 locaddr = tsocket_address_inet_addr_string(
1933 sconn->local_address,
1935 if (locaddr == NULL) {
1936 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1937 __location__, strerror(errno)));
1938 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
1941 locaddr = "0.0.0.0";
1944 if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
1945 remaddr = tsocket_address_inet_addr_string(
1946 sconn->remote_address,
1948 if (remaddr == NULL) {
1949 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1950 __location__, strerror(errno)));
1951 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
1954 remaddr = "0.0.0.0";
1957 /* this is needed so that we get decent entries
1958 in smbstatus for port 445 connects */
1959 set_remote_machine_name(remaddr, false);
1960 reload_services(sconn, conn_snum_used, true);
1961 sub_set_socket_ids(remaddr,
1962 sconn->remote_hostname,
1965 if (lp_preload_modules()) {
1966 smb_load_all_modules_absoute_path(lp_preload_modules());
1969 if (!init_account_policy()) {
1970 exit_server("Could not open account policy tdb.\n");
1973 chroot_dir = lp_root_directory(talloc_tos(), lp_sub);
1974 if (chroot_dir[0] != '\0') {
1975 rc = chdir(chroot_dir);
1977 DBG_ERR("Failed to chdir to %s\n", chroot_dir);
1978 exit_server("Failed to chdir()");
1981 rc = chroot(chroot_dir);
1983 DBG_ERR("Failed to change root to %s\n", chroot_dir);
1984 exit_server("Failed to chroot()");
1986 DBG_WARNING("Changed root to %s\n", chroot_dir);
1988 TALLOC_FREE(chroot_dir);
1991 if (!file_init(sconn)) {
1992 exit_server("file_init() failed");
1996 if (!init_oplocks(sconn))
1997 exit_server("Failed to init oplocks");
1999 /* register our message handlers */
2000 messaging_register(sconn->msg_ctx, sconn,
2001 MSG_SMB_FORCE_TDIS, msg_force_tdis);
2005 MSG_SMB_FORCE_TDIS_DENIED,
2006 msg_force_tdis_denied);
2007 messaging_register(sconn->msg_ctx, sconn,
2008 MSG_SMB_CLOSE_FILE, msg_close_file);
2009 messaging_register(sconn->msg_ctx, sconn,
2010 MSG_SMB_FILE_RENAME, msg_file_was_renamed);
2012 id_cache_register_msgs(sconn->msg_ctx);
2013 messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
2014 messaging_register(sconn->msg_ctx, sconn,
2015 ID_CACHE_KILL, smbd_id_cache_kill);
2017 messaging_deregister(sconn->msg_ctx,
2018 MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
2019 messaging_register(sconn->msg_ctx, sconn,
2020 MSG_SMB_CONF_UPDATED, smbd_conf_updated);
2022 messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
2024 messaging_register(sconn->msg_ctx, sconn,
2025 MSG_SMB_KILL_CLIENT_IP,
2026 msg_kill_client_ip);
2028 messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
2031 * Use the default MSG_DEBUG handler to avoid rebroadcasting
2032 * MSGs to all child processes
2034 messaging_deregister(sconn->msg_ctx,
2036 messaging_register(sconn->msg_ctx, NULL,
2037 MSG_DEBUG, debug_message);
2039 messaging_deregister(sconn->msg_ctx, MSG_SMB_IP_DROPPED, NULL);
2040 messaging_register(sconn->msg_ctx,
2043 msg_kill_client_with_server_ip);
2045 #if defined(WITH_SMB1SERVER)
2046 if ((lp_keepalive() != 0) &&
2047 !(event_add_idle(ev_ctx,
2049 tevent_timeval_set(lp_keepalive(), 0),
2054 DEBUG(0, ("Could not add keepalive event\n"));
2059 if (!(event_add_idle(ev_ctx,
2061 tevent_timeval_set(IDLE_CLOSED_TIMEOUT, 0),
2066 DEBUG(0, ("Could not add deadtime event\n"));
2070 if (!(event_add_idle(ev_ctx,
2072 tevent_timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
2077 DEBUG(0, ("Could not add housekeeping event\n"));
2081 smbprofile_dump_setup(ev_ctx);
2083 if (!init_dptrs(sconn)) {
2084 exit_server("init_dptrs() failed");
2087 TALLOC_FREE(trace_state.frame);
2089 if (smbprofile_active()) {
2090 tevent_set_trace_callback(ev_ctx,
2091 smbd_tevent_trace_callback_profile,
2094 tevent_set_trace_callback(ev_ctx,
2095 smbd_tevent_trace_callback,
2099 ret = tevent_loop_wait(ev_ctx);
2101 DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
2102 " exiting\n", ret, strerror(errno)));
2105 TALLOC_FREE(trace_state.frame);
2107 exit_server_cleanly(NULL);
git.samba.org / samba.git / blob