search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for CVE-2009-2906.
[Samba.git] / source / smbd / process.c
blobc53bfda2219a6be756479b7afb09e1adff590c02
1 /*
2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 extern int smb_echo_count;
24
25 /*
26 * Size of data we can send to client. Set
27 * by the client for all protocols above CORE.
28 * Set by us for CORE protocol.
29 */
30 int max_send = BUFFER_SIZE;
31 /*
32 * Size of the data we can receive. Set by us.
33 * Can be modified by the max xmit parameter.
34 */
35 int max_recv = BUFFER_SIZE;
36
37 SIG_ATOMIC_T reload_after_sighup = 0;
38 SIG_ATOMIC_T got_sig_term = 0;
39 extern bool global_machine_password_needs_changing;
40 extern int max_send;
41
42 /* Accessor function for smb_read_error for smbd functions. */
43
44 /****************************************************************************
45 Send an smb to a fd.
46 ****************************************************************************/
47
48 bool srv_send_smb(int fd, char *buffer, bool do_encrypt)
49 {
50 size_t len;
51 size_t nwritten=0;
52 ssize_t ret;
53 char *buf_out = buffer;
54
55 /* Sign the outgoing packet if required. */
56 srv_calculate_sign_mac(buf_out);
57
58 if (do_encrypt) {
59 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
60 if (!NT_STATUS_IS_OK(status)) {
61 DEBUG(0, ("send_smb: SMB encryption failed "
62 "on outgoing packet! Error %s\n",
63 nt_errstr(status) ));
64 return false;
65 }
66 }
67
68 len = smb_len(buf_out) + 4;
69
70 while (nwritten < len) {
71 ret = write_data(fd,buf_out+nwritten,len - nwritten);
72 if (ret <= 0) {
73 DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
74 (int)len,(int)ret, strerror(errno) ));
75 srv_free_enc_buffer(buf_out);
76 return false;
77 }
78 nwritten += ret;
79 }
80
81 srv_free_enc_buffer(buf_out);
82 return true;
83 }
84
85 /*******************************************************************
86 Setup the word count and byte count for a smb message.
87 ********************************************************************/
88
89 int srv_set_message(char *buf,
90 int num_words,
91 int num_bytes,
92 bool zero)
93 {
94 if (zero && (num_words || num_bytes)) {
95 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
96 }
97 SCVAL(buf,smb_wct,num_words);
98 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
99 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
100 return (smb_size + num_words*2 + num_bytes);
101 }
102
103 static bool valid_smb_header(const uint8_t *inbuf)
104 {
105 if (is_encrypted_packet(inbuf)) {
106 return true;
107 }
108 return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
109 }
110
111 /* Socket functions for smbd packet processing. */
112
113 static bool valid_packet_size(size_t len)
114 {
115 /*
116 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
117 * of header. Don't print the error if this fits.... JRA.
118 */
119
120 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
121 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
122 (unsigned long)len));
123 return false;
124 }
125 return true;
126 }
127
128 static NTSTATUS read_packet_remainder(int fd, char *buffer,
129 unsigned int timeout, ssize_t len)
130 {
131 if (len <= 0) {
132 return NT_STATUS_OK;
133 }
134
135 return read_socket_with_timeout(fd, buffer, len, len, timeout, NULL);
136 }
137
138 /****************************************************************************
139 Attempt a zerocopy writeX read. We know here that len > smb_size-4
140 ****************************************************************************/
141
142 /*
143 * Unfortunately, earlier versions of smbclient/libsmbclient
144 * don't send this "standard" writeX header. I've fixed this
145 * for 3.2 but we'll use the old method with earlier versions.
146 * Windows and CIFSFS at least use this standard size. Not
147 * sure about MacOSX.
148 */
149
150 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
151 (2*14) + /* word count (including bcc) */ \
152 1 /* pad byte */)
153
154 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
155 const char lenbuf[4],
156 int fd, char **buffer,
157 unsigned int timeout,
158 size_t *p_unread,
159 size_t *len_ret)
160 {
161 /* Size of a WRITEX call (+4 byte len). */
162 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
163 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
164 ssize_t toread;
165 NTSTATUS status;
166
167 memcpy(writeX_header, lenbuf, 4);
168
169 status = read_socket_with_timeout(
170 fd, writeX_header + 4,
171 STANDARD_WRITE_AND_X_HEADER_SIZE,
172 STANDARD_WRITE_AND_X_HEADER_SIZE,
173 timeout, NULL);
174
175 if (!NT_STATUS_IS_OK(status)) {
176 return status;
177 }
178
179 /*
180 * Ok - now try and see if this is a possible
181 * valid writeX call.
182 */
183
184 if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
185 /*
186 * If the data offset is beyond what
187 * we've read, drain the extra bytes.
188 */
189 uint16_t doff = SVAL(writeX_header,smb_vwv11);
190 ssize_t newlen;
191
192 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
193 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
194 if (drain_socket(smbd_server_fd(), drain) != drain) {
195 smb_panic("receive_smb_raw_talloc_partial_read:"
196 " failed to drain pending bytes");
197 }
198 } else {
199 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
200 }
201
202 /* Spoof down the length and null out the bcc. */
203 set_message_bcc(writeX_header, 0);
204 newlen = smb_len(writeX_header);
205
206 /* Copy the header we've written. */
207
208 *buffer = (char *)TALLOC_MEMDUP(mem_ctx,
209 writeX_header,
210 sizeof(writeX_header));
211
212 if (*buffer == NULL) {
213 DEBUG(0, ("Could not allocate inbuf of length %d\n",
214 (int)sizeof(writeX_header)));
215 return NT_STATUS_NO_MEMORY;
216 }
217
218 /* Work out the remaining bytes. */
219 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
220 *len_ret = newlen + 4;
221 return NT_STATUS_OK;
222 }
223
224 if (!valid_packet_size(len)) {
225 return NT_STATUS_INVALID_PARAMETER;
226 }
227
228 /*
229 * Not a valid writeX call. Just do the standard
230 * talloc and return.
231 */
232
233 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
234
235 if (*buffer == NULL) {
236 DEBUG(0, ("Could not allocate inbuf of length %d\n",
237 (int)len+4));
238 return NT_STATUS_NO_MEMORY;
239 }
240
241 /* Copy in what we already read. */
242 memcpy(*buffer,
243 writeX_header,
244 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
245 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
246
247 if(toread > 0) {
248 status = read_packet_remainder(
249 fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
250 timeout, toread);
251
252 if (!NT_STATUS_IS_OK(status)) {
253 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
254 nt_errstr(status)));
255 return status;
256 }
257 }
258
259 *len_ret = len + 4;
260 return NT_STATUS_OK;
261 }
262
263 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
264 char **buffer, unsigned int timeout,
265 size_t *p_unread, size_t *plen)
266 {
267 char lenbuf[4];
268 size_t len;
269 int min_recv_size = lp_min_receive_file_size();
270 NTSTATUS status;
271
272 *p_unread = 0;
273
274 status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
275 if (!NT_STATUS_IS_OK(status)) {
276 DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
277 return status;
278 }
279
280 if (CVAL(lenbuf,0) == 0 &&
281 min_recv_size &&
282 smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */
283 !srv_is_signing_active()) {
284
285 return receive_smb_raw_talloc_partial_read(
286 mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
287 }
288
289 if (!valid_packet_size(len)) {
290 return NT_STATUS_INVALID_PARAMETER;
291 }
292
293 /*
294 * The +4 here can't wrap, we've checked the length above already.
295 */
296
297 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
298
299 if (*buffer == NULL) {
300 DEBUG(0, ("Could not allocate inbuf of length %d\n",
301 (int)len+4));
302 return NT_STATUS_NO_MEMORY;
303 }
304
305 memcpy(*buffer, lenbuf, sizeof(lenbuf));
306
307 status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
308 if (!NT_STATUS_IS_OK(status)) {
309 return status;
310 }
311
312 *plen = len + 4;
313 return NT_STATUS_OK;
314 }
315
316 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd,
317 char **buffer, unsigned int timeout,
318 size_t *p_unread, bool *p_encrypted,
319 size_t *p_len)
320 {
321 size_t len = 0;
322 NTSTATUS status;
323
324 *p_encrypted = false;
325
326 status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
327 p_unread, &len);
328 if (!NT_STATUS_IS_OK(status)) {
329 return status;
330 }
331
332 if (is_encrypted_packet((uint8_t *)*buffer)) {
333 status = srv_decrypt_buffer(*buffer);
334 if (!NT_STATUS_IS_OK(status)) {
335 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
336 "incoming packet! Error %s\n",
337 nt_errstr(status) ));
338 return status;
339 }
340 *p_encrypted = true;
341 }
342
343 /* Check the incoming SMB signature. */
344 if (!srv_check_sign_mac(*buffer, true)) {
345 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
346 "incoming packet!\n"));
347 return NT_STATUS_INVALID_NETWORK_RESPONSE;
348 }
349
350 *p_len = len;
351 return NT_STATUS_OK;
352 }
353
354 /*
355 * Initialize a struct smb_request from an inbuf
356 */
357
358 void init_smb_request(struct smb_request *req,
359 const uint8 *inbuf,
360 size_t unread_bytes,
361 bool encrypted)
362 {
363 size_t req_size = smb_len(inbuf) + 4;
364 /* Ensure we have at least smb_size bytes. */
365 if (req_size < smb_size) {
366 DEBUG(0,("init_smb_request: invalid request size %u\n",
367 (unsigned int)req_size ));
368 exit_server_cleanly("Invalid SMB request");
369 }
370 req->flags2 = SVAL(inbuf, smb_flg2);
371 req->smbpid = SVAL(inbuf, smb_pid);
372 req->mid = SVAL(inbuf, smb_mid);
373 req->vuid = SVAL(inbuf, smb_uid);
374 req->tid = SVAL(inbuf, smb_tid);
375 req->wct = CVAL(inbuf, smb_wct);
376 req->unread_bytes = unread_bytes;
377 req->encrypted = encrypted;
378 req->conn = conn_find(req->tid);
379
380 /* Ensure we have at least wct words and 2 bytes of bcc. */
381 if (smb_size + req->wct*2 > req_size) {
382 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
383 (unsigned int)req->wct,
384 (unsigned int)req_size));
385 exit_server_cleanly("Invalid SMB request");
386 }
387 /* Ensure bcc is correct. */
388 if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
389 DEBUG(0,("init_smb_request: invalid bcc number %u "
390 "(wct = %u, size %u)\n",
391 (unsigned int)smb_buflen(inbuf),
392 (unsigned int)req->wct,
393 (unsigned int)req_size));
394 exit_server_cleanly("Invalid SMB request");
395 }
396 req->inbuf = inbuf;
397 req->outbuf = NULL;
398 }
399
400 /****************************************************************************
401 structure to hold a linked list of queued messages.
402 for processing.
403 ****************************************************************************/
404
405 static struct pending_message_list *deferred_open_queue;
406
407 /****************************************************************************
408 Function to push a message onto the tail of a linked list of smb messages ready
409 for processing.
410 ****************************************************************************/
411
412 static bool push_queued_message(struct smb_request *req,
413 struct timeval request_time,
414 struct timeval end_time,
415 char *private_data, size_t private_len)
416 {
417 int msg_len = smb_len(req->inbuf) + 4;
418 struct pending_message_list *msg;
419
420 msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
421
422 if(msg == NULL) {
423 DEBUG(0,("push_message: malloc fail (1)\n"));
424 return False;
425 }
426
427 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
428 if(msg->buf.data == NULL) {
429 DEBUG(0,("push_message: malloc fail (2)\n"));
430 TALLOC_FREE(msg);
431 return False;
432 }
433
434 msg->request_time = request_time;
435 msg->end_time = end_time;
436 msg->encrypted = req->encrypted;
437 msg->processed = false;
438
439 if (private_data) {
440 msg->private_data = data_blob_talloc(msg, private_data,
441 private_len);
442 if (msg->private_data.data == NULL) {
443 DEBUG(0,("push_message: malloc fail (3)\n"));
444 TALLOC_FREE(msg);
445 return False;
446 }
447 }
448
449 DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
450
451 DEBUG(10,("push_message: pushed message length %u on "
452 "deferred_open_queue\n", (unsigned int)msg_len));
453
454 return True;
455 }
456
457 /****************************************************************************
458 Function to delete a sharing violation open message by mid.
459 ****************************************************************************/
460
461 void remove_deferred_open_smb_message(uint16 mid)
462 {
463 struct pending_message_list *pml;
464
465 for (pml = deferred_open_queue; pml; pml = pml->next) {
466 if (mid == SVAL(pml->buf.data,smb_mid)) {
467 DEBUG(10,("remove_sharing_violation_open_smb_message: "
468 "deleting mid %u len %u\n",
469 (unsigned int)mid,
470 (unsigned int)pml->buf.length ));
471 DLIST_REMOVE(deferred_open_queue, pml);
472 TALLOC_FREE(pml);
473 return;
474 }
475 }
476 }
477
478 /****************************************************************************
479 Move a sharing violation open retry message to the front of the list and
480 schedule it for immediate processing.
481 ****************************************************************************/
482
483 void schedule_deferred_open_smb_message(uint16 mid)
484 {
485 struct pending_message_list *pml;
486 int i = 0;
487
488 for (pml = deferred_open_queue; pml; pml = pml->next) {
489 uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
490 DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
491 (unsigned int)msg_mid ));
492 if (mid == msg_mid) {
493
494 if (pml->processed) {
495 /* A processed message should not be
496 * rescheduled. */
497 DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
498 "message mid %u was already processed\n",
499 (unsigned int)msg_mid ));
500 continue;
501 }
502
503 DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
504 mid ));
505 pml->end_time.tv_sec = 0;
506 pml->end_time.tv_usec = 0;
507 DLIST_PROMOTE(deferred_open_queue, pml);
508 return;
509 }
510 }
511
512 DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
513 mid ));
514 }
515
516 /****************************************************************************
517 Return true if this mid is on the deferred queue and was not yet processed.
518 ****************************************************************************/
519
520 bool open_was_deferred(uint16 mid)
521 {
522 struct pending_message_list *pml;
523
524 for (pml = deferred_open_queue; pml; pml = pml->next) {
525 if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
526 return True;
527 }
528 }
529 return False;
530 }
531
532 /****************************************************************************
533 Return the message queued by this mid.
534 ****************************************************************************/
535
536 struct pending_message_list *get_open_deferred_message(uint16 mid)
537 {
538 struct pending_message_list *pml;
539
540 for (pml = deferred_open_queue; pml; pml = pml->next) {
541 if (SVAL(pml->buf.data,smb_mid) == mid) {
542 return pml;
543 }
544 }
545 return NULL;
546 }
547
548 /****************************************************************************
549 Function to push a deferred open smb message onto a linked list of local smb
550 messages ready for processing.
551 ****************************************************************************/
552
553 bool push_deferred_smb_message(struct smb_request *req,
554 struct timeval request_time,
555 struct timeval timeout,
556 char *private_data, size_t priv_len)
557 {
558 struct timeval end_time;
559
560 if (req->unread_bytes) {
561 DEBUG(0,("push_deferred_smb_message: logic error ! "
562 "unread_bytes = %u\n",
563 (unsigned int)req->unread_bytes ));
564 smb_panic("push_deferred_smb_message: "
565 "logic error unread_bytes != 0" );
566 }
567
568 end_time = timeval_sum(&request_time, &timeout);
569
570 DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
571 "timeout time [%u.%06u]\n",
572 (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
573 (unsigned int)end_time.tv_sec,
574 (unsigned int)end_time.tv_usec));
575
576 return push_queued_message(req, request_time, end_time,
577 private_data, priv_len);
578 }
579
580 struct idle_event {
581 struct timed_event *te;
582 struct timeval interval;
583 char *name;
584 bool (*handler)(const struct timeval *now, void *private_data);
585 void *private_data;
586 };
587
588 static void idle_event_handler(struct event_context *ctx,
589 struct timed_event *te,
590 const struct timeval *now,
591 void *private_data)
592 {
593 struct idle_event *event =
594 talloc_get_type_abort(private_data, struct idle_event);
595
596 TALLOC_FREE(event->te);
597
598 if (!event->handler(now, event->private_data)) {
599 /* Don't repeat, delete ourselves */
600 TALLOC_FREE(event);
601 return;
602 }
603
604 event->te = event_add_timed(ctx, event,
605 timeval_sum(now, &event->interval),
606 event->name,
607 idle_event_handler, event);
608
609 /* We can't do much but fail here. */
610 SMB_ASSERT(event->te != NULL);
611 }
612
613 struct idle_event *event_add_idle(struct event_context *event_ctx,
614 TALLOC_CTX *mem_ctx,
615 struct timeval interval,
616 const char *name,
617 bool (*handler)(const struct timeval *now,
618 void *private_data),
619 void *private_data)
620 {
621 struct idle_event *result;
622 struct timeval now = timeval_current();
623
624 result = TALLOC_P(mem_ctx, struct idle_event);
625 if (result == NULL) {
626 DEBUG(0, ("talloc failed\n"));
627 return NULL;
628 }
629
630 result->interval = interval;
631 result->handler = handler;
632 result->private_data = private_data;
633
634 if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
635 DEBUG(0, ("talloc failed\n"));
636 TALLOC_FREE(result);
637 return NULL;
638 }
639
640 result->te = event_add_timed(event_ctx, result,
641 timeval_sum(&now, &interval),
642 result->name,
643 idle_event_handler, result);
644 if (result->te == NULL) {
645 DEBUG(0, ("event_add_timed failed\n"));
646 TALLOC_FREE(result);
647 return NULL;
648 }
649
650 return result;
651 }
652
653 /****************************************************************************
654 Do all async processing in here. This includes kernel oplock messages, change
655 notify events etc.
656 ****************************************************************************/
657
658 static void async_processing(fd_set *pfds)
659 {
660 DEBUG(10,("async_processing: Doing async processing.\n"));
661
662 process_aio_queue();
663
664 process_kernel_oplocks(smbd_messaging_context(), pfds);
665
666 /* Do the aio check again after receive_local_message as it does a
667 select and may have eaten our signal. */
668 /* Is this till true? -- vl */
669 process_aio_queue();
670
671 if (got_sig_term) {
672 exit_server_cleanly("termination signal");
673 }
674
675 /* check for sighup processing */
676 if (reload_after_sighup) {
677 change_to_root_user();
678 DEBUG(1,("Reloading services after SIGHUP\n"));
679 reload_services(False);
680 reload_after_sighup = 0;
681 }
682 }
683
684 /****************************************************************************
685 Add a fd to the set we will be select(2)ing on.
686 ****************************************************************************/
687
688 static int select_on_fd(int fd, int maxfd, fd_set *fds)
689 {
690 if (fd != -1) {
691 FD_SET(fd, fds);
692 maxfd = MAX(maxfd, fd);
693 }
694
695 return maxfd;
696 }
697
698 /****************************************************************************
699 Do a select on an two fd's - with timeout.
700
701 If a local udp message has been pushed onto the
702 queue (this can only happen during oplock break
703 processing) call async_processing()
704
705 If a pending smb message has been pushed onto the
706 queue (this can only happen during oplock break
707 processing) return this next.
708
709 If the first smbfd is ready then read an smb from it.
710 if the second (loopback UDP) fd is ready then read a message
711 from it and setup the buffer header to identify the length
712 and from address.
713 Returns False on timeout or error.
714 Else returns True.
715
716 The timeout is in milliseconds
717 ****************************************************************************/
718
719 static NTSTATUS receive_message_or_smb(TALLOC_CTX *mem_ctx, char **buffer,
720 size_t *buffer_len, int timeout,
721 size_t *p_unread, bool *p_encrypted)
722 {
723 fd_set r_fds, w_fds;
724 int selrtn;
725 struct timeval to;
726 int maxfd = 0;
727 size_t len = 0;
728 NTSTATUS status;
729
730 *p_unread = 0;
731
732 again:
733
734 if (timeout >= 0) {
735 to.tv_sec = timeout / 1000;
736 to.tv_usec = (timeout % 1000) * 1000;
737 } else {
738 to.tv_sec = SMBD_SELECT_TIMEOUT;
739 to.tv_usec = 0;
740 }
741
742 /*
743 * Note that this call must be before processing any SMB
744 * messages as we need to synchronously process any messages
745 * we may have sent to ourselves from the previous SMB.
746 */
747 message_dispatch(smbd_messaging_context());
748
749 /*
750 * Check to see if we already have a message on the deferred open queue
751 * and it's time to schedule.
752 */
753 if(deferred_open_queue != NULL) {
754 bool pop_message = False;
755 struct pending_message_list *msg = deferred_open_queue;
756
757 if (timeval_is_zero(&msg->end_time)) {
758 pop_message = True;
759 } else {
760 struct timeval tv;
761 SMB_BIG_INT tdif;
762
763 GetTimeOfDay(&tv);
764 tdif = usec_time_diff(&msg->end_time, &tv);
765 if (tdif <= 0) {
766 /* Timed out. Schedule...*/
767 pop_message = True;
768 DEBUG(10,("receive_message_or_smb: queued message timed out.\n"));
769 } else {
770 /* Make a more accurate select timeout. */
771 to.tv_sec = tdif / 1000000;
772 to.tv_usec = tdif % 1000000;
773 DEBUG(10,("receive_message_or_smb: select with timeout of [%u.%06u]\n",
774 (unsigned int)to.tv_sec, (unsigned int)to.tv_usec ));
775 }
776 }
777
778 if (pop_message) {
779
780 *buffer = (char *)talloc_memdup(mem_ctx, msg->buf.data,
781 msg->buf.length);
782 if (*buffer == NULL) {
783 DEBUG(0, ("talloc failed\n"));
784 return NT_STATUS_NO_MEMORY;
785 }
786 *buffer_len = msg->buf.length;
787 *p_encrypted = msg->encrypted;
788
789 /* We leave this message on the queue so the open code can
790 know this is a retry. */
791 DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
792
793 /* Mark the message as processed so this is not
794 * re-processed in error. */
795 msg->processed = true;
796 return NT_STATUS_OK;
797 }
798 }
799
800 /*
801 * Setup the select fd sets.
802 */
803
804 FD_ZERO(&r_fds);
805 FD_ZERO(&w_fds);
806
807 /*
808 * Ensure we process oplock break messages by preference.
809 * We have to do this before the select, after the select
810 * and if the select returns EINTR. This is due to the fact
811 * that the selects called from async_processing can eat an EINTR
812 * caused by a signal (we can't take the break message there).
813 * This is hideously complex - *MUST* be simplified for 3.0 ! JRA.
814 */
815
816 if (oplock_message_waiting(&r_fds)) {
817 DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n"));
818 async_processing(&r_fds);
819 /*
820 * After async processing we must go and do the select again, as
821 * the state of the flag in fds for the server file descriptor is
822 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
823 */
824 goto again;
825 }
826
827 /*
828 * Are there any timed events waiting ? If so, ensure we don't
829 * select for longer than it would take to wait for them.
830 */
831
832 {
833 struct timeval now;
834 GetTimeOfDay(&now);
835
836 event_add_to_select_args(smbd_event_context(), &now,
837 &r_fds, &w_fds, &to, &maxfd);
838 }
839
840 if (timeval_is_zero(&to)) {
841 /* Process a timed event now... */
842 if (run_events(smbd_event_context(), 0, NULL, NULL)) {
843 goto again;
844 }
845 }
846
847 {
848 int sav;
849 START_PROFILE(smbd_idle);
850
851 maxfd = select_on_fd(smbd_server_fd(), maxfd, &r_fds);
852 maxfd = select_on_fd(oplock_notify_fd(), maxfd, &r_fds);
853
854 selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
855 sav = errno;
856
857 END_PROFILE(smbd_idle);
858 errno = sav;
859 }
860
861 if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
862 goto again;
863 }
864
865 /* if we get EINTR then maybe we have received an oplock
866 signal - treat this as select returning 1. This is ugly, but
867 is the best we can do until the oplock code knows more about
868 signals */
869 if (selrtn == -1 && errno == EINTR) {
870 async_processing(&r_fds);
871 /*
872 * After async processing we must go and do the select again, as
873 * the state of the flag in fds for the server file descriptor is
874 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
875 */
876 goto again;
877 }
878
879 /* Check if error */
880 if (selrtn == -1) {
881 /* something is wrong. Maybe the socket is dead? */
882 return map_nt_error_from_unix(errno);
883 }
884
885 /* Did we timeout ? */
886 if (selrtn == 0) {
887 return NT_STATUS_IO_TIMEOUT;
888 }
889
890 /*
891 * Ensure we process oplock break messages by preference.
892 * This is IMPORTANT ! Otherwise we can starve other processes
893 * sending us an oplock break message. JRA.
894 */
895
896 if (oplock_message_waiting(&r_fds)) {
897 async_processing(&r_fds);
898 /*
899 * After async processing we must go and do the select again, as
900 * the state of the flag in fds for the server file descriptor is
901 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
902 */
903 goto again;
904 }
905
906 /*
907 * We've just woken up from a protentially long select sleep.
908 * Ensure we process local messages as we need to synchronously
909 * process any messages from other smbd's to avoid file rename race
910 * conditions. This call is cheap if there are no messages waiting.
911 * JRA.
912 */
913 message_dispatch(smbd_messaging_context());
914
915 status = receive_smb_talloc(mem_ctx, smbd_server_fd(), buffer, 0,
916 p_unread, p_encrypted, &len);
917
918 if (!NT_STATUS_IS_OK(status)) {
919 return status;
920 }
921
922 *buffer_len = len;
923
924 return NT_STATUS_OK;
925 }
926
927 /*
928 * Only allow 5 outstanding trans requests. We're allocating memory, so
929 * prevent a DoS.
930 */
931
932 NTSTATUS allow_new_trans(struct trans_state *list, int mid)
933 {
934 int count = 0;
935 for (; list != NULL; list = list->next) {
936
937 if (list->mid == mid) {
938 return NT_STATUS_INVALID_PARAMETER;
939 }
940
941 count += 1;
942 }
943 if (count > 5) {
944 return NT_STATUS_INSUFFICIENT_RESOURCES;
945 }
946
947 return NT_STATUS_OK;
948 }
949
950 /****************************************************************************
951 We're terminating and have closed all our files/connections etc.
952 If there are any pending local messages we need to respond to them
953 before termination so that other smbds don't think we just died whilst
954 holding oplocks.
955 ****************************************************************************/
956
957 void respond_to_all_remaining_local_messages(void)
958 {
959 /*
960 * Assert we have no exclusive open oplocks.
961 */
962
963 if(get_number_of_exclusive_open_oplocks()) {
964 DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
965 get_number_of_exclusive_open_oplocks() ));
966 return;
967 }
968
969 process_kernel_oplocks(smbd_messaging_context(), NULL);
970
971 return;
972 }
973
974
975 /*
976 These flags determine some of the permissions required to do an operation
977
978 Note that I don't set NEED_WRITE on some write operations because they
979 are used by some brain-dead clients when printing, and I don't want to
980 force write permissions on print services.
981 */
982 #define AS_USER (1<<0)
983 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
984 #define TIME_INIT (1<<2)
985 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
986 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
987 #define DO_CHDIR (1<<6)
988
989 /*
990 define a list of possible SMB messages and their corresponding
991 functions. Any message that has a NULL function is unimplemented -
992 please feel free to contribute implementations!
993 */
994 static const struct smb_message_struct {
995 const char *name;
996 void (*fn_new)(struct smb_request *req);
997 int flags;
998 } smb_messages[256] = {
999
1000 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1001 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1002 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1003 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1004 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1005 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1006 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1007 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1008 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1009 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1010 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1011 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1012 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1013 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1014 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1015 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1016 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1017 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1018 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1019 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1020 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1021 /* 0x15 */ { NULL, NULL, 0 },
1022 /* 0x16 */ { NULL, NULL, 0 },
1023 /* 0x17 */ { NULL, NULL, 0 },
1024 /* 0x18 */ { NULL, NULL, 0 },
1025 /* 0x19 */ { NULL, NULL, 0 },
1026 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1027 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1028 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1029 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1030 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1031 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1032 /* 0x20 */ { "SMBwritec", NULL,0},
1033 /* 0x21 */ { NULL, NULL, 0 },
1034 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1035 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1036 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1037 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1038 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1039 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1040 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1041 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1042 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1043 /* 0x2b */ { "SMBecho",reply_echo,0},
1044 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1045 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1046 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1047 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1048 /* 0x30 */ { NULL, NULL, 0 },
1049 /* 0x31 */ { NULL, NULL, 0 },
1050 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1051 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC},
1052 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1053 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1054 /* 0x36 */ { NULL, NULL, 0 },
1055 /* 0x37 */ { NULL, NULL, 0 },
1056 /* 0x38 */ { NULL, NULL, 0 },
1057 /* 0x39 */ { NULL, NULL, 0 },
1058 /* 0x3a */ { NULL, NULL, 0 },
1059 /* 0x3b */ { NULL, NULL, 0 },
1060 /* 0x3c */ { NULL, NULL, 0 },
1061 /* 0x3d */ { NULL, NULL, 0 },
1062 /* 0x3e */ { NULL, NULL, 0 },
1063 /* 0x3f */ { NULL, NULL, 0 },
1064 /* 0x40 */ { NULL, NULL, 0 },
1065 /* 0x41 */ { NULL, NULL, 0 },
1066 /* 0x42 */ { NULL, NULL, 0 },
1067 /* 0x43 */ { NULL, NULL, 0 },
1068 /* 0x44 */ { NULL, NULL, 0 },
1069 /* 0x45 */ { NULL, NULL, 0 },
1070 /* 0x46 */ { NULL, NULL, 0 },
1071 /* 0x47 */ { NULL, NULL, 0 },
1072 /* 0x48 */ { NULL, NULL, 0 },
1073 /* 0x49 */ { NULL, NULL, 0 },
1074 /* 0x4a */ { NULL, NULL, 0 },
1075 /* 0x4b */ { NULL, NULL, 0 },
1076 /* 0x4c */ { NULL, NULL, 0 },
1077 /* 0x4d */ { NULL, NULL, 0 },
1078 /* 0x4e */ { NULL, NULL, 0 },
1079 /* 0x4f */ { NULL, NULL, 0 },
1080 /* 0x50 */ { NULL, NULL, 0 },
1081 /* 0x51 */ { NULL, NULL, 0 },
1082 /* 0x52 */ { NULL, NULL, 0 },
1083 /* 0x53 */ { NULL, NULL, 0 },
1084 /* 0x54 */ { NULL, NULL, 0 },
1085 /* 0x55 */ { NULL, NULL, 0 },
1086 /* 0x56 */ { NULL, NULL, 0 },
1087 /* 0x57 */ { NULL, NULL, 0 },
1088 /* 0x58 */ { NULL, NULL, 0 },
1089 /* 0x59 */ { NULL, NULL, 0 },
1090 /* 0x5a */ { NULL, NULL, 0 },
1091 /* 0x5b */ { NULL, NULL, 0 },
1092 /* 0x5c */ { NULL, NULL, 0 },
1093 /* 0x5d */ { NULL, NULL, 0 },
1094 /* 0x5e */ { NULL, NULL, 0 },
1095 /* 0x5f */ { NULL, NULL, 0 },
1096 /* 0x60 */ { NULL, NULL, 0 },
1097 /* 0x61 */ { NULL, NULL, 0 },
1098 /* 0x62 */ { NULL, NULL, 0 },
1099 /* 0x63 */ { NULL, NULL, 0 },
1100 /* 0x64 */ { NULL, NULL, 0 },
1101 /* 0x65 */ { NULL, NULL, 0 },
1102 /* 0x66 */ { NULL, NULL, 0 },
1103 /* 0x67 */ { NULL, NULL, 0 },
1104 /* 0x68 */ { NULL, NULL, 0 },
1105 /* 0x69 */ { NULL, NULL, 0 },
1106 /* 0x6a */ { NULL, NULL, 0 },
1107 /* 0x6b */ { NULL, NULL, 0 },
1108 /* 0x6c */ { NULL, NULL, 0 },
1109 /* 0x6d */ { NULL, NULL, 0 },
1110 /* 0x6e */ { NULL, NULL, 0 },
1111 /* 0x6f */ { NULL, NULL, 0 },
1112 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1113 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1114 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1115 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1116 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1117 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1118 /* 0x76 */ { NULL, NULL, 0 },
1119 /* 0x77 */ { NULL, NULL, 0 },
1120 /* 0x78 */ { NULL, NULL, 0 },
1121 /* 0x79 */ { NULL, NULL, 0 },
1122 /* 0x7a */ { NULL, NULL, 0 },
1123 /* 0x7b */ { NULL, NULL, 0 },
1124 /* 0x7c */ { NULL, NULL, 0 },
1125 /* 0x7d */ { NULL, NULL, 0 },
1126 /* 0x7e */ { NULL, NULL, 0 },
1127 /* 0x7f */ { NULL, NULL, 0 },
1128 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1129 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1130 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1131 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1132 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1133 /* 0x85 */ { NULL, NULL, 0 },
1134 /* 0x86 */ { NULL, NULL, 0 },
1135 /* 0x87 */ { NULL, NULL, 0 },
1136 /* 0x88 */ { NULL, NULL, 0 },
1137 /* 0x89 */ { NULL, NULL, 0 },
1138 /* 0x8a */ { NULL, NULL, 0 },
1139 /* 0x8b */ { NULL, NULL, 0 },
1140 /* 0x8c */ { NULL, NULL, 0 },
1141 /* 0x8d */ { NULL, NULL, 0 },
1142 /* 0x8e */ { NULL, NULL, 0 },
1143 /* 0x8f */ { NULL, NULL, 0 },
1144 /* 0x90 */ { NULL, NULL, 0 },
1145 /* 0x91 */ { NULL, NULL, 0 },
1146 /* 0x92 */ { NULL, NULL, 0 },
1147 /* 0x93 */ { NULL, NULL, 0 },
1148 /* 0x94 */ { NULL, NULL, 0 },
1149 /* 0x95 */ { NULL, NULL, 0 },
1150 /* 0x96 */ { NULL, NULL, 0 },
1151 /* 0x97 */ { NULL, NULL, 0 },
1152 /* 0x98 */ { NULL, NULL, 0 },
1153 /* 0x99 */ { NULL, NULL, 0 },
1154 /* 0x9a */ { NULL, NULL, 0 },
1155 /* 0x9b */ { NULL, NULL, 0 },
1156 /* 0x9c */ { NULL, NULL, 0 },
1157 /* 0x9d */ { NULL, NULL, 0 },
1158 /* 0x9e */ { NULL, NULL, 0 },
1159 /* 0x9f */ { NULL, NULL, 0 },
1160 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1161 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1162 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1163 /* 0xa3 */ { NULL, NULL, 0 },
1164 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1165 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1166 /* 0xa6 */ { NULL, NULL, 0 },
1167 /* 0xa7 */ { NULL, NULL, 0 },
1168 /* 0xa8 */ { NULL, NULL, 0 },
1169 /* 0xa9 */ { NULL, NULL, 0 },
1170 /* 0xaa */ { NULL, NULL, 0 },
1171 /* 0xab */ { NULL, NULL, 0 },
1172 /* 0xac */ { NULL, NULL, 0 },
1173 /* 0xad */ { NULL, NULL, 0 },
1174 /* 0xae */ { NULL, NULL, 0 },
1175 /* 0xaf */ { NULL, NULL, 0 },
1176 /* 0xb0 */ { NULL, NULL, 0 },
1177 /* 0xb1 */ { NULL, NULL, 0 },
1178 /* 0xb2 */ { NULL, NULL, 0 },
1179 /* 0xb3 */ { NULL, NULL, 0 },
1180 /* 0xb4 */ { NULL, NULL, 0 },
1181 /* 0xb5 */ { NULL, NULL, 0 },
1182 /* 0xb6 */ { NULL, NULL, 0 },
1183 /* 0xb7 */ { NULL, NULL, 0 },
1184 /* 0xb8 */ { NULL, NULL, 0 },
1185 /* 0xb9 */ { NULL, NULL, 0 },
1186 /* 0xba */ { NULL, NULL, 0 },
1187 /* 0xbb */ { NULL, NULL, 0 },
1188 /* 0xbc */ { NULL, NULL, 0 },
1189 /* 0xbd */ { NULL, NULL, 0 },
1190 /* 0xbe */ { NULL, NULL, 0 },
1191 /* 0xbf */ { NULL, NULL, 0 },
1192 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1193 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1194 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1195 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1196 /* 0xc4 */ { NULL, NULL, 0 },
1197 /* 0xc5 */ { NULL, NULL, 0 },
1198 /* 0xc6 */ { NULL, NULL, 0 },
1199 /* 0xc7 */ { NULL, NULL, 0 },
1200 /* 0xc8 */ { NULL, NULL, 0 },
1201 /* 0xc9 */ { NULL, NULL, 0 },
1202 /* 0xca */ { NULL, NULL, 0 },
1203 /* 0xcb */ { NULL, NULL, 0 },
1204 /* 0xcc */ { NULL, NULL, 0 },
1205 /* 0xcd */ { NULL, NULL, 0 },
1206 /* 0xce */ { NULL, NULL, 0 },
1207 /* 0xcf */ { NULL, NULL, 0 },
1208 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1209 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1210 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1211 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1212 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1213 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1214 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1215 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1216 /* 0xd8 */ { NULL, NULL, 0 },
1217 /* 0xd9 */ { NULL, NULL, 0 },
1218 /* 0xda */ { NULL, NULL, 0 },
1219 /* 0xdb */ { NULL, NULL, 0 },
1220 /* 0xdc */ { NULL, NULL, 0 },
1221 /* 0xdd */ { NULL, NULL, 0 },
1222 /* 0xde */ { NULL, NULL, 0 },
1223 /* 0xdf */ { NULL, NULL, 0 },
1224 /* 0xe0 */ { NULL, NULL, 0 },
1225 /* 0xe1 */ { NULL, NULL, 0 },
1226 /* 0xe2 */ { NULL, NULL, 0 },
1227 /* 0xe3 */ { NULL, NULL, 0 },
1228 /* 0xe4 */ { NULL, NULL, 0 },
1229 /* 0xe5 */ { NULL, NULL, 0 },
1230 /* 0xe6 */ { NULL, NULL, 0 },
1231 /* 0xe7 */ { NULL, NULL, 0 },
1232 /* 0xe8 */ { NULL, NULL, 0 },
1233 /* 0xe9 */ { NULL, NULL, 0 },
1234 /* 0xea */ { NULL, NULL, 0 },
1235 /* 0xeb */ { NULL, NULL, 0 },
1236 /* 0xec */ { NULL, NULL, 0 },
1237 /* 0xed */ { NULL, NULL, 0 },
1238 /* 0xee */ { NULL, NULL, 0 },
1239 /* 0xef */ { NULL, NULL, 0 },
1240 /* 0xf0 */ { NULL, NULL, 0 },
1241 /* 0xf1 */ { NULL, NULL, 0 },
1242 /* 0xf2 */ { NULL, NULL, 0 },
1243 /* 0xf3 */ { NULL, NULL, 0 },
1244 /* 0xf4 */ { NULL, NULL, 0 },
1245 /* 0xf5 */ { NULL, NULL, 0 },
1246 /* 0xf6 */ { NULL, NULL, 0 },
1247 /* 0xf7 */ { NULL, NULL, 0 },
1248 /* 0xf8 */ { NULL, NULL, 0 },
1249 /* 0xf9 */ { NULL, NULL, 0 },
1250 /* 0xfa */ { NULL, NULL, 0 },
1251 /* 0xfb */ { NULL, NULL, 0 },
1252 /* 0xfc */ { NULL, NULL, 0 },
1253 /* 0xfd */ { NULL, NULL, 0 },
1254 /* 0xfe */ { NULL, NULL, 0 },
1255 /* 0xff */ { NULL, NULL, 0 }
1256
1257 };
1258
1259 /*******************************************************************
1260 allocate and initialize a reply packet
1261 ********************************************************************/
1262
1263 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1264 {
1265 /*
1266 * Protect against integer wrap
1267 */
1268 if ((num_bytes > 0xffffff)
1269 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1270 char *msg;
1271 if (asprintf(&msg, "num_bytes too large: %u",
1272 (unsigned)num_bytes) == -1) {
1273 msg = CONST_DISCARD(char *, "num_bytes too large");
1274 }
1275 smb_panic(msg);
1276 }
1277
1278 if (!(req->outbuf = TALLOC_ARRAY(
1279 req, uint8,
1280 smb_size + num_words*2 + num_bytes))) {
1281 smb_panic("could not allocate output buffer\n");
1282 }
1283
1284 construct_reply_common((char *)req->inbuf, (char *)req->outbuf);
1285 srv_set_message((char *)req->outbuf, num_words, num_bytes, false);
1286 /*
1287 * Zero out the word area, the caller has to take care of the bcc area
1288 * himself
1289 */
1290 if (num_words != 0) {
1291 memset(req->outbuf + smb_vwv0, 0, num_words*2);
1292 }
1293
1294 return;
1295 }
1296
1297
1298 /*******************************************************************
1299 Dump a packet to a file.
1300 ********************************************************************/
1301
1302 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1303 {
1304 int fd, i;
1305 char *fname = NULL;
1306 if (DEBUGLEVEL < 50) {
1307 return;
1308 }
1309
1310 if (len < 4) len = smb_len(data)+4;
1311 for (i=1;i<100;i++) {
1312 if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1313 type ? "req" : "resp") == -1) {
1314 return;
1315 }
1316 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1317 if (fd != -1 || errno != EEXIST) break;
1318 }
1319 if (fd != -1) {
1320 ssize_t ret = write(fd, data, len);
1321 if (ret != len)
1322 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1323 close(fd);
1324 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1325 }
1326 SAFE_FREE(fname);
1327 }
1328
1329 /****************************************************************************
1330 Prepare everything for calling the actual request function, and potentially
1331 call the request function via the "new" interface.
1332
1333 Return False if the "legacy" function needs to be called, everything is
1334 prepared.
1335
1336 Return True if we're done.
1337
1338 I know this API sucks, but it is the one with the least code change I could
1339 find.
1340 ****************************************************************************/
1341
1342 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1343 {
1344 int flags;
1345 uint16 session_tag;
1346 connection_struct *conn = NULL;
1347
1348 static uint16 last_session_tag = UID_FIELD_INVALID;
1349
1350 errno = 0;
1351
1352 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1353 * so subtract 4 from it. */
1354 if (!valid_smb_header(req->inbuf)
1355 || (size < (smb_size - 4))) {
1356 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1357 smb_len(req->inbuf)));
1358 exit_server_cleanly("Non-SMB packet");
1359 }
1360
1361 if (smb_messages[type].fn_new == NULL) {
1362 DEBUG(0,("Unknown message type %d!\n",type));
1363 smb_dump("Unknown", 1, (char *)req->inbuf, size);
1364 reply_unknown_new(req, type);
1365 return NULL;
1366 }
1367
1368 flags = smb_messages[type].flags;
1369
1370 /* In share mode security we must ignore the vuid. */
1371 session_tag = (lp_security() == SEC_SHARE)
1372 ? UID_FIELD_INVALID : req->vuid;
1373 conn = req->conn;
1374
1375 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1376 (int)sys_getpid(), (unsigned long)conn));
1377
1378 smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1379
1380 /* Ensure this value is replaced in the incoming packet. */
1381 SSVAL(req->inbuf,smb_uid,session_tag);
1382
1383 /*
1384 * Ensure the correct username is in current_user_info. This is a
1385 * really ugly bugfix for problems with multiple session_setup_and_X's
1386 * being done and allowing %U and %G substitutions to work correctly.
1387 * There is a reason this code is done here, don't move it unless you
1388 * know what you're doing... :-).
1389 * JRA.
1390 */
1391
1392 if (session_tag != last_session_tag) {
1393 user_struct *vuser = NULL;
1394
1395 last_session_tag = session_tag;
1396 if(session_tag != UID_FIELD_INVALID) {
1397 vuser = get_valid_user_struct(session_tag);
1398 if (vuser) {
1399 set_current_user_info(&vuser->user);
1400 }
1401 }
1402 }
1403
1404 /* Does this call need to be run as the connected user? */
1405 if (flags & AS_USER) {
1406
1407 /* Does this call need a valid tree connection? */
1408 if (!conn) {
1409 /*
1410 * Amazingly, the error code depends on the command
1411 * (from Samba4).
1412 */
1413 if (type == SMBntcreateX) {
1414 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1415 } else {
1416 reply_doserror(req, ERRSRV, ERRinvnid);
1417 }
1418 return NULL;
1419 }
1420
1421 if (!change_to_user(conn,session_tag)) {
1422 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
1423 return conn;
1424 }
1425
1426 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1427
1428 /* Does it need write permission? */
1429 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1430 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1431 return conn;
1432 }
1433
1434 /* IPC services are limited */
1435 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1436 reply_doserror(req, ERRSRV,ERRaccess);
1437 return conn;
1438 }
1439 } else {
1440 /* This call needs to be run as root */
1441 change_to_root_user();
1442 }
1443
1444 /* load service specific parameters */
1445 if (conn) {
1446 if (req->encrypted) {
1447 conn->encrypted_tid = true;
1448 /* encrypted required from now on. */
1449 conn->encrypt_level = Required;
1450 } else if (ENCRYPTION_REQUIRED(conn)) {
1451 uint8 com = CVAL(req->inbuf,smb_com);
1452 if (com != SMBtrans2 && com != SMBtranss2) {
1453 exit_server_cleanly("encryption required "
1454 "on connection");
1455 return conn;
1456 }
1457 }
1458
1459 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1460 (flags & (AS_USER|DO_CHDIR)
1461 ?True:False))) {
1462 reply_doserror(req, ERRSRV, ERRaccess);
1463 return conn;
1464 }
1465 conn->num_smb_operations++;
1466 }
1467
1468 /* does this protocol need to be run as guest? */
1469 if ((flags & AS_GUEST)
1470 && (!change_to_guest() ||
1471 !check_access(smbd_server_fd(), lp_hostsallow(-1),
1472 lp_hostsdeny(-1)))) {
1473 reply_doserror(req, ERRSRV, ERRaccess);
1474 return conn;
1475 }
1476
1477 smb_messages[type].fn_new(req);
1478 return req->conn;
1479 }
1480
1481 /****************************************************************************
1482 Construct a reply to the incoming packet.
1483 ****************************************************************************/
1484
1485 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
1486 {
1487 struct pending_message_list *pml = NULL;
1488 uint8 type = CVAL(inbuf,smb_com);
1489 connection_struct *conn;
1490 struct smb_request *req;
1491
1492 chain_size = 0;
1493 file_chain_reset();
1494 reset_chain_p();
1495
1496 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1497 smb_panic("could not allocate smb_request");
1498 }
1499 init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
1500
1501 conn = switch_message(type, req, size);
1502
1503 /* If this was a deferred message and it's still there and
1504 * was processed, remove it. */
1505 pml = get_open_deferred_message(req->mid);
1506 if (pml && pml->processed) {
1507 remove_deferred_open_smb_message(req->mid);
1508 }
1509
1510 if (req->unread_bytes) {
1511 /* writeX failed. drain socket. */
1512 if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1513 req->unread_bytes) {
1514 smb_panic("failed to drain pending bytes");
1515 }
1516 req->unread_bytes = 0;
1517 }
1518
1519 if (req->outbuf == NULL) {
1520 return;
1521 }
1522
1523 if (CVAL(req->outbuf,0) == 0) {
1524 show_msg((char *)req->outbuf);
1525 }
1526
1527 if (!srv_send_smb(smbd_server_fd(),
1528 (char *)req->outbuf,
1529 IS_CONN_ENCRYPTED(conn)||req->encrypted)) {
1530 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1531 }
1532
1533 TALLOC_FREE(req);
1534
1535 return;
1536 }
1537
1538 /****************************************************************************
1539 Process an smb from the client
1540 ****************************************************************************/
1541
1542 static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool encrypted)
1543 {
1544 static int trans_num;
1545 int msg_type = CVAL(inbuf,0);
1546
1547 DO_PROFILE_INC(smb_count);
1548
1549 if (trans_num == 0) {
1550 char addr[INET6_ADDRSTRLEN];
1551
1552 /* on the first packet, check the global hosts allow/ hosts
1553 deny parameters before doing any parsing of the packet
1554 passed to us by the client. This prevents attacks on our
1555 parsing code from hosts not in the hosts allow list */
1556
1557 if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
1558 lp_hostsdeny(-1))) {
1559 /* send a negative session response "not listening on calling name" */
1560 static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1561 DEBUG( 1, ( "Connection denied from %s\n",
1562 client_addr(get_client_fd(),addr,sizeof(addr)) ) );
1563 (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
1564 exit_server_cleanly("connection denied");
1565 }
1566 }
1567
1568 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1569 smb_len(inbuf) ) );
1570 DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1571 (int)nread,
1572 (unsigned int)unread_bytes ));
1573
1574 if (msg_type != 0) {
1575 /*
1576 * NetBIOS session request, keepalive, etc.
1577 */
1578 reply_special(inbuf);
1579 return;
1580 }
1581
1582 show_msg(inbuf);
1583
1584 construct_reply(inbuf,nread,unread_bytes,encrypted);
1585
1586 trans_num++;
1587 }
1588
1589 /****************************************************************************
1590 Return a string containing the function name of a SMB command.
1591 ****************************************************************************/
1592
1593 const char *smb_fn_name(int type)
1594 {
1595 const char *unknown_name = "SMBunknown";
1596
1597 if (smb_messages[type].name == NULL)
1598 return(unknown_name);
1599
1600 return(smb_messages[type].name);
1601 }
1602
1603 /****************************************************************************
1604 Helper functions for contruct_reply.
1605 ****************************************************************************/
1606
1607 static uint32 common_flags2 = FLAGS2_LONG_PATH_COMPONENTS|FLAGS2_32_BIT_ERROR_CODES;
1608
1609 void add_to_common_flags2(uint32 v)
1610 {
1611 common_flags2 |= v;
1612 }
1613
1614 void remove_from_common_flags2(uint32 v)
1615 {
1616 common_flags2 &= ~v;
1617 }
1618
1619 void construct_reply_common(const char *inbuf, char *outbuf)
1620 {
1621 srv_set_message(outbuf,0,0,false);
1622
1623 SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
1624 SIVAL(outbuf,smb_rcls,0);
1625 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1626 SSVAL(outbuf,smb_flg2,
1627 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1628 common_flags2);
1629 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1630
1631 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1632 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1633 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1634 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1635 }
1636
1637 /****************************************************************************
1638 Construct a chained reply and add it to the already made reply
1639 ****************************************************************************/
1640
1641 void chain_reply(struct smb_request *req)
1642 {
1643 static char *orig_inbuf;
1644
1645 /*
1646 * Dirty little const_discard: We mess with req->inbuf, which is
1647 * declared as const. If maybe at some point this routine gets
1648 * rewritten, this const_discard could go away.
1649 */
1650 char *inbuf = CONST_DISCARD(char *, req->inbuf);
1651 int size = smb_len(req->inbuf)+4;
1652
1653 int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
1654 unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
1655 char *inbuf2;
1656 int outsize2;
1657 int new_size;
1658 char inbuf_saved[smb_wct];
1659 char *outbuf = (char *)req->outbuf;
1660 size_t outsize = smb_len(outbuf) + 4;
1661 size_t outsize_padded;
1662 size_t padding;
1663 size_t ofs, to_move;
1664
1665 struct smb_request *req2;
1666 size_t caller_outputlen;
1667 char *caller_output;
1668
1669 /* Maybe its not chained, or it's an error packet. */
1670 if (smb_com2 == 0xFF || SVAL(outbuf,smb_rcls) != 0) {
1671 SCVAL(outbuf,smb_vwv0,0xFF);
1672 return;
1673 }
1674
1675 if (chain_size == 0) {
1676 /* this is the first part of the chain */
1677 orig_inbuf = inbuf;
1678 }
1679
1680 /*
1681 * We need to save the output the caller added to the chain so that we
1682 * can splice it into the final output buffer later.
1683 */
1684
1685 caller_outputlen = outsize - smb_wct;
1686
1687 caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
1688
1689 if (caller_output == NULL) {
1690 /* TODO: NT_STATUS_NO_MEMORY */
1691 smb_panic("could not dup outbuf");
1692 }
1693
1694 /*
1695 * The original Win95 redirector dies on a reply to
1696 * a lockingX and read chain unless the chain reply is
1697 * 4 byte aligned. JRA.
1698 */
1699
1700 outsize_padded = (outsize + 3) & ~3;
1701 padding = outsize_padded - outsize;
1702
1703 /*
1704 * remember how much the caller added to the chain, only counting
1705 * stuff after the parameter words
1706 */
1707 chain_size += (outsize_padded - smb_wct);
1708
1709 /*
1710 * work out pointers into the original packets. The
1711 * headers on these need to be filled in
1712 */
1713 inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
1714
1715 /* remember the original command type */
1716 smb_com1 = CVAL(orig_inbuf,smb_com);
1717
1718 /* save the data which will be overwritten by the new headers */
1719 memcpy(inbuf_saved,inbuf2,smb_wct);
1720
1721 /* give the new packet the same header as the last part of the SMB */
1722 memmove(inbuf2,inbuf,smb_wct);
1723
1724 /* create the in buffer */
1725 SCVAL(inbuf2,smb_com,smb_com2);
1726
1727 /* work out the new size for the in buffer. */
1728 new_size = size - (inbuf2 - inbuf);
1729 if (new_size < 0) {
1730 DEBUG(0,("chain_reply: chain packet size incorrect "
1731 "(orig size = %d, offset = %d)\n",
1732 size, (int)(inbuf2 - inbuf) ));
1733 exit_server_cleanly("Bad chained packet");
1734 return;
1735 }
1736
1737 /* And set it in the header. */
1738 smb_setlen(inbuf2, new_size - 4);
1739
1740 DEBUG(3,("Chained message\n"));
1741 show_msg(inbuf2);
1742
1743 if (!(req2 = talloc(talloc_tos(), struct smb_request))) {
1744 smb_panic("could not allocate smb_request");
1745 }
1746 init_smb_request(req2, (uint8 *)inbuf2,0, req->encrypted);
1747
1748 /* process the request */
1749 switch_message(smb_com2, req2, new_size);
1750
1751 /*
1752 * We don't accept deferred operations in chained requests.
1753 */
1754 SMB_ASSERT(req2->outbuf != NULL);
1755 outsize2 = smb_len(req2->outbuf)+4;
1756
1757 /*
1758 * Move away the new command output so that caller_output fits in,
1759 * copy in the caller_output saved above.
1760 */
1761
1762 SMB_ASSERT(outsize_padded >= smb_wct);
1763
1764 /*
1765 * "ofs" is the space we need for caller_output. Equal to
1766 * caller_outputlen plus the padding.
1767 */
1768
1769 ofs = outsize_padded - smb_wct;
1770
1771 /*
1772 * "to_move" is the amount of bytes the secondary routine gave us
1773 */
1774
1775 to_move = outsize2 - smb_wct;
1776
1777 if (to_move + ofs + smb_wct + chain_size > max_send) {
1778 smb_panic("replies too large -- would have to cut");
1779 }
1780
1781 /*
1782 * In the "new" API "outbuf" is allocated via reply_outbuf, just for
1783 * the first request in the chain. So we have to re-allocate it. In
1784 * the "old" API the only outbuf ever used is the global OutBuffer
1785 * which is always large enough.
1786 */
1787
1788 outbuf = TALLOC_REALLOC_ARRAY(NULL, outbuf, char,
1789 to_move + ofs + smb_wct);
1790 if (outbuf == NULL) {
1791 smb_panic("could not realloc outbuf");
1792 }
1793
1794 req->outbuf = (uint8 *)outbuf;
1795
1796 memmove(outbuf + smb_wct + ofs, req2->outbuf + smb_wct, to_move);
1797 memcpy(outbuf + smb_wct, caller_output, caller_outputlen);
1798
1799 /*
1800 * copy the new reply header over the old one but preserve the smb_com
1801 * field
1802 */
1803 memmove(outbuf, req2->outbuf, smb_wct);
1804 SCVAL(outbuf, smb_com, smb_com1);
1805
1806 /*
1807 * We've just copied in the whole "wct" area from the secondary
1808 * function. Fix up the chaining: com2 and the offset need to be
1809 * readjusted.
1810 */
1811
1812 SCVAL(outbuf, smb_vwv0, smb_com2);
1813 SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
1814
1815 if (padding != 0) {
1816
1817 /*
1818 * Due to padding we have some uninitialized bytes after the
1819 * caller's output
1820 */
1821
1822 memset(outbuf + outsize, 0, padding);
1823 }
1824
1825 smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4);
1826
1827 /*
1828 * restore the saved data, being careful not to overwrite any data
1829 * from the reply header
1830 */
1831 memcpy(inbuf2,inbuf_saved,smb_wct);
1832
1833 SAFE_FREE(caller_output);
1834 TALLOC_FREE(req2);
1835
1836 /*
1837 * Reset the chain_size for our caller's offset calculations
1838 */
1839
1840 chain_size -= (outsize_padded - smb_wct);
1841
1842 return;
1843 }
1844
1845 /****************************************************************************
1846 Setup the needed select timeout in milliseconds.
1847 ****************************************************************************/
1848
1849 static int setup_select_timeout(void)
1850 {
1851 int select_timeout;
1852
1853 select_timeout = SMBD_SELECT_TIMEOUT*1000;
1854
1855 if (print_notify_messages_pending()) {
1856 select_timeout = MIN(select_timeout, 1000);
1857 }
1858
1859 return select_timeout;
1860 }
1861
1862 /****************************************************************************
1863 Check if services need reloading.
1864 ****************************************************************************/
1865
1866 void check_reload(time_t t)
1867 {
1868 static pid_t mypid = 0;
1869 static time_t last_smb_conf_reload_time = 0;
1870 static time_t last_printer_reload_time = 0;
1871 time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
1872
1873 if(last_smb_conf_reload_time == 0) {
1874 last_smb_conf_reload_time = t;
1875 /* Our printing subsystem might not be ready at smbd start up.
1876 Then no printer is available till the first printers check
1877 is performed. A lower initial interval circumvents this. */
1878 if ( printcap_cache_time > 60 )
1879 last_printer_reload_time = t - printcap_cache_time + 60;
1880 else
1881 last_printer_reload_time = t;
1882 }
1883
1884 if (mypid != getpid()) { /* First time or fork happened meanwhile */
1885 /* randomize over 60 second the printcap reload to avoid all
1886 * process hitting cupsd at the same time */
1887 int time_range = 60;
1888
1889 last_printer_reload_time += random() % time_range;
1890 mypid = getpid();
1891 }
1892
1893 if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) {
1894 reload_services(True);
1895 reload_after_sighup = False;
1896 last_smb_conf_reload_time = t;
1897 }
1898
1899 /* 'printcap cache time = 0' disable the feature */
1900
1901 if ( printcap_cache_time != 0 )
1902 {
1903 /* see if it's time to reload or if the clock has been set back */
1904
1905 if ( (t >= last_printer_reload_time+printcap_cache_time)
1906 || (t-last_printer_reload_time < 0) )
1907 {
1908 DEBUG( 3,( "Printcap cache time expired.\n"));
1909 reload_printers();
1910 last_printer_reload_time = t;
1911 }
1912 }
1913 }
1914
1915 /****************************************************************************
1916 Process any timeout housekeeping. Return False if the caller should exit.
1917 ****************************************************************************/
1918
1919 static void timeout_processing(int *select_timeout,
1920 time_t *last_timeout_processing_time)
1921 {
1922 time_t t;
1923
1924 *last_timeout_processing_time = t = time(NULL);
1925
1926 /* become root again if waiting */
1927 change_to_root_user();
1928
1929 /* check if we need to reload services */
1930 check_reload(t);
1931
1932 if(global_machine_password_needs_changing &&
1933 /* for ADS we need to do a regular ADS password change, not a domain
1934 password change */
1935 lp_security() == SEC_DOMAIN) {
1936
1937 unsigned char trust_passwd_hash[16];
1938 time_t lct;
1939 void *lock;
1940
1941 /*
1942 * We're in domain level security, and the code that
1943 * read the machine password flagged that the machine
1944 * password needs changing.
1945 */
1946
1947 /*
1948 * First, open the machine password file with an exclusive lock.
1949 */
1950
1951 lock = secrets_get_trust_account_lock(NULL, lp_workgroup());
1952
1953 if (lock == NULL) {
1954 DEBUG(0,("process: unable to lock the machine account password for \
1955 machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
1956 return;
1957 }
1958
1959 if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
1960 DEBUG(0,("process: unable to read the machine account password for \
1961 machine %s in domain %s.\n", global_myname(), lp_workgroup()));
1962 TALLOC_FREE(lock);
1963 return;
1964 }
1965
1966 /*
1967 * Make sure someone else hasn't already done this.
1968 */
1969
1970 if(t < lct + lp_machine_password_timeout()) {
1971 global_machine_password_needs_changing = False;
1972 TALLOC_FREE(lock);
1973 return;
1974 }
1975
1976 /* always just contact the PDC here */
1977
1978 change_trust_account_password( lp_workgroup(), NULL);
1979 global_machine_password_needs_changing = False;
1980 TALLOC_FREE(lock);
1981 }
1982
1983 /* update printer queue caches if necessary */
1984
1985 update_monitored_printq_cache();
1986
1987 /*
1988 * Now we are root, check if the log files need pruning.
1989 * Force a log file check.
1990 */
1991 force_check_log_size();
1992 check_log_size();
1993
1994 /* Send any queued printer notify message to interested smbd's. */
1995
1996 print_notify_send_messages(smbd_messaging_context(), 0);
1997
1998 /*
1999 * Modify the select timeout depending upon
2000 * what we have remaining in our queues.
2001 */
2002
2003 *select_timeout = setup_select_timeout();
2004
2005 return;
2006 }
2007
2008 /****************************************************************************
2009 Process commands from the client
2010 ****************************************************************************/
2011
2012 void smbd_process(void)
2013 {
2014 time_t last_timeout_processing_time = time(NULL);
2015 unsigned int num_smbs = 0;
2016 size_t unread_bytes = 0;
2017
2018 max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
2019
2020 while (True) {
2021 int select_timeout = setup_select_timeout();
2022 int num_echos;
2023 char *inbuf = NULL;
2024 size_t inbuf_len = 0;
2025 bool encrypted = false;
2026 TALLOC_CTX *frame = talloc_stackframe_pool(8192);
2027
2028 errno = 0;
2029
2030 /* Did someone ask for immediate checks on things like blocking locks ? */
2031 if (select_timeout == 0) {
2032 timeout_processing(&select_timeout,
2033 &last_timeout_processing_time);
2034 num_smbs = 0; /* Reset smb counter. */
2035 }
2036
2037 run_events(smbd_event_context(), 0, NULL, NULL);
2038
2039 while (True) {
2040 NTSTATUS status;
2041
2042 status = receive_message_or_smb(
2043 talloc_tos(), &inbuf, &inbuf_len,
2044 select_timeout, &unread_bytes, &encrypted);
2045
2046 if (NT_STATUS_IS_OK(status)) {
2047 break;
2048 }
2049
2050 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
2051 timeout_processing(
2052 &select_timeout,
2053 &last_timeout_processing_time);
2054 continue;
2055 }
2056
2057 DEBUG(3, ("receive_message_or_smb failed: %s, "
2058 "exiting\n", nt_errstr(status)));
2059 return;
2060
2061 num_smbs = 0; /* Reset smb counter. */
2062 }
2063
2064
2065 /*
2066 * Ensure we do timeout processing if the SMB we just got was
2067 * only an echo request. This allows us to set the select
2068 * timeout in 'receive_message_or_smb()' to any value we like
2069 * without worrying that the client will send echo requests
2070 * faster than the select timeout, thus starving out the
2071 * essential processing (change notify, blocking locks) that
2072 * the timeout code does. JRA.
2073 */
2074 num_echos = smb_echo_count;
2075
2076 process_smb(inbuf, inbuf_len, unread_bytes, encrypted);
2077
2078 TALLOC_FREE(inbuf);
2079
2080 if (smb_echo_count != num_echos) {
2081 timeout_processing(&select_timeout,
2082 &last_timeout_processing_time);
2083 num_smbs = 0; /* Reset smb counter. */
2084 }
2085
2086 num_smbs++;
2087
2088 /*
2089 * If we are getting smb requests in a constant stream
2090 * with no echos, make sure we attempt timeout processing
2091 * every select_timeout milliseconds - but only check for this
2092 * every 200 smb requests.
2093 */
2094
2095 if ((num_smbs % 200) == 0) {
2096 time_t new_check_time = time(NULL);
2097 if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
2098 timeout_processing(
2099 &select_timeout,
2100 &last_timeout_processing_time);
2101 num_smbs = 0; /* Reset smb counter. */
2102 last_timeout_processing_time = new_check_time; /* Reset time. */
2103 }
2104 }
2105
2106 /* The timeout_processing function isn't run nearly
2107 often enough to implement 'max log size' without
2108 overrunning the size of the file by many megabytes.
2109 This is especially true if we are running at debug
2110 level 10. Checking every 50 SMBs is a nice
2111 tradeoff of performance vs log file size overrun. */
2112
2113 if ((num_smbs % 50) == 0 && need_to_check_log_size()) {
2114 change_to_root_user();
2115 check_log_size();
2116 }
2117 TALLOC_FREE(frame);
2118 }
2119 }
Samba GIT mirror