search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup()
[Samba.git] / source3 / smbd / smbXsrv_session.c
blob256d8203a56397d883b65f889811123864b38904
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright (C) Stefan Metzmacher 2011-2012
5 Copyright (C) Michael Adam 2012
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/filesys.h"
23 #include <tevent.h>
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "dbwrap/dbwrap.h"
27 #include "dbwrap/dbwrap_rbt.h"
28 #include "dbwrap/dbwrap_open.h"
29 #include "dbwrap/dbwrap_watch.h"
30 #include "session.h"
31 #include "auth.h"
32 #include "auth/gensec/gensec.h"
33 #include "../lib/tsocket/tsocket.h"
34 #include "../libcli/security/security.h"
35 #include "messages.h"
36 #include "lib/util/util_tdb.h"
37 #include "librpc/gen_ndr/ndr_smbXsrv.h"
38 #include "serverid.h"
39 #include "lib/util/tevent_ntstatus.h"
40
41 struct smbXsrv_session_table {
42 struct {
43 struct db_context *db_ctx;
44 uint32_t lowest_id;
45 uint32_t highest_id;
46 uint32_t max_sessions;
47 uint32_t num_sessions;
48 } local;
49 struct {
50 struct db_context *db_ctx;
51 } global;
52 };
53
54 static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
55 uint64_t session_id, NTTIME now,
56 struct smbXsrv_session **session);
57
58 static struct db_context *smbXsrv_session_global_db_ctx = NULL;
59
60 NTSTATUS smbXsrv_session_global_init(void)
61 {
62 char *global_path = NULL;
63 struct db_context *db_ctx = NULL;
64
65 if (smbXsrv_session_global_db_ctx != NULL) {
66 return NT_STATUS_OK;
67 }
68
69 /*
70 * This contains secret information like session keys!
71 */
72 global_path = lock_path("smbXsrv_session_global.tdb");
73 if (global_path == NULL) {
74 return NT_STATUS_NO_MEMORY;
75 }
76
77 db_ctx = db_open(NULL, global_path,
78 0, /* hash_size */
79 TDB_DEFAULT |
80 TDB_CLEAR_IF_FIRST |
81 TDB_INCOMPATIBLE_HASH,
82 O_RDWR | O_CREAT, 0600,
83 DBWRAP_LOCK_ORDER_1,
84 DBWRAP_FLAG_NONE);
85 TALLOC_FREE(global_path);
86 if (db_ctx == NULL) {
87 NTSTATUS status;
88
89 status = map_nt_error_from_unix_common(errno);
90
91 return status;
92 }
93
94 smbXsrv_session_global_db_ctx = db_ctx;
95
96 return NT_STATUS_OK;
97 }
98
99 /*
100 * NOTE:
101 * We need to store the keys in big endian so that dbwrap_rbt's memcmp
102 * has the same result as integer comparison between the uint32_t
103 * values.
104 *
105 * TODO: implement string based key
106 */
107
108 #define SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE sizeof(uint32_t)
109
110 static TDB_DATA smbXsrv_session_global_id_to_key(uint32_t id,
111 uint8_t *key_buf)
112 {
113 TDB_DATA key;
114
115 RSIVAL(key_buf, 0, id);
116
117 key = make_tdb_data(key_buf, SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE);
118
119 return key;
120 }
121
122 #if 0
123 static NTSTATUS smbXsrv_session_global_key_to_id(TDB_DATA key, uint32_t *id)
124 {
125 if (id == NULL) {
126 return NT_STATUS_INVALID_PARAMETER;
127 }
128
129 if (key.dsize != SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE) {
130 return NT_STATUS_INTERNAL_DB_CORRUPTION;
131 }
132
133 *id = RIVAL(key.dptr, 0);
134
135 return NT_STATUS_OK;
136 }
137 #endif
138
139 #define SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE sizeof(uint32_t)
140
141 static TDB_DATA smbXsrv_session_local_id_to_key(uint32_t id,
142 uint8_t *key_buf)
143 {
144 TDB_DATA key;
145
146 RSIVAL(key_buf, 0, id);
147
148 key = make_tdb_data(key_buf, SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE);
149
150 return key;
151 }
152
153 static NTSTATUS smbXsrv_session_local_key_to_id(TDB_DATA key, uint32_t *id)
154 {
155 if (id == NULL) {
156 return NT_STATUS_INVALID_PARAMETER;
157 }
158
159 if (key.dsize != SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE) {
160 return NT_STATUS_INTERNAL_DB_CORRUPTION;
161 }
162
163 *id = RIVAL(key.dptr, 0);
164
165 return NT_STATUS_OK;
166 }
167
168 static void smbXsrv_session_close_loop(struct tevent_req *subreq);
169
170 static NTSTATUS smbXsrv_session_table_init(struct smbXsrv_connection *conn,
171 uint32_t lowest_id,
172 uint32_t highest_id,
173 uint32_t max_sessions)
174 {
175 struct smbXsrv_client *client = conn->client;
176 struct smbXsrv_session_table *table;
177 NTSTATUS status;
178 struct tevent_req *subreq;
179 uint64_t max_range;
180
181 if (lowest_id > highest_id) {
182 return NT_STATUS_INTERNAL_ERROR;
183 }
184
185 max_range = highest_id;
186 max_range -= lowest_id;
187 max_range += 1;
188
189 if (max_sessions > max_range) {
190 return NT_STATUS_INTERNAL_ERROR;
191 }
192
193 table = talloc_zero(client, struct smbXsrv_session_table);
194 if (table == NULL) {
195 return NT_STATUS_NO_MEMORY;
196 }
197
198 table->local.db_ctx = db_open_rbt(table);
199 if (table->local.db_ctx == NULL) {
200 TALLOC_FREE(table);
201 return NT_STATUS_NO_MEMORY;
202 }
203 table->local.lowest_id = lowest_id;
204 table->local.highest_id = highest_id;
205 table->local.max_sessions = max_sessions;
206
207 status = smbXsrv_session_global_init();
208 if (!NT_STATUS_IS_OK(status)) {
209 TALLOC_FREE(table);
210 return status;
211 }
212
213 table->global.db_ctx = smbXsrv_session_global_db_ctx;
214
215 dbwrap_watch_db(table->global.db_ctx, client->msg_ctx);
216
217 subreq = messaging_read_send(table, client->ev_ctx, client->msg_ctx,
218 MSG_SMBXSRV_SESSION_CLOSE);
219 if (subreq == NULL) {
220 TALLOC_FREE(table);
221 return NT_STATUS_NO_MEMORY;
222 }
223 tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
224
225 client->session_table = table;
226 return NT_STATUS_OK;
227 }
228
229 static void smbXsrv_session_close_shutdown_done(struct tevent_req *subreq);
230
231 static void smbXsrv_session_close_loop(struct tevent_req *subreq)
232 {
233 struct smbXsrv_client *client =
234 tevent_req_callback_data(subreq,
235 struct smbXsrv_client);
236 struct smbXsrv_session_table *table = client->session_table;
237 int ret;
238 struct messaging_rec *rec = NULL;
239 struct smbXsrv_session_closeB close_blob;
240 enum ndr_err_code ndr_err;
241 struct smbXsrv_session_close0 *close_info0 = NULL;
242 struct smbXsrv_session *session = NULL;
243 NTSTATUS status;
244 struct timeval tv = timeval_current();
245 NTTIME now = timeval_to_nttime(&tv);
246
247 ret = messaging_read_recv(subreq, talloc_tos(), &rec);
248 TALLOC_FREE(subreq);
249 if (ret != 0) {
250 goto next;
251 }
252
253 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &close_blob,
254 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_closeB);
255 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
256 status = ndr_map_error2ntstatus(ndr_err);
257 DEBUG(1,("smbXsrv_session_close_loop: "
258 "ndr_pull_struct_blob - %s\n",
259 nt_errstr(status)));
260 goto next;
261 }
262
263 DEBUG(10,("smbXsrv_session_close_loop: MSG_SMBXSRV_SESSION_CLOSE\n"));
264 if (DEBUGLVL(10)) {
265 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
266 }
267
268 if (close_blob.version != SMBXSRV_VERSION_0) {
269 DEBUG(0,("smbXsrv_session_close_loop: "
270 "ignore invalid version %u\n", close_blob.version));
271 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
272 goto next;
273 }
274
275 close_info0 = close_blob.info.info0;
276 if (close_info0 == NULL) {
277 DEBUG(0,("smbXsrv_session_close_loop: "
278 "ignore NULL info %u\n", close_blob.version));
279 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
280 goto next;
281 }
282
283 status = smb2srv_session_lookup_raw(client->session_table,
284 close_info0->old_session_wire_id,
285 now, &session);
286 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
287 DEBUG(4,("smbXsrv_session_close_loop: "
288 "old_session_wire_id %llu not found\n",
289 (unsigned long long)close_info0->old_session_wire_id));
290 if (DEBUGLVL(4)) {
291 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
292 }
293 goto next;
294 }
295 if (!NT_STATUS_IS_OK(status) &&
296 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
297 !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
298 DEBUG(1,("smbXsrv_session_close_loop: "
299 "old_session_wire_id %llu - %s\n",
300 (unsigned long long)close_info0->old_session_wire_id,
301 nt_errstr(status)));
302 if (DEBUGLVL(1)) {
303 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
304 }
305 goto next;
306 }
307
308 if (session->global->session_global_id != close_info0->old_session_global_id) {
309 DEBUG(1,("smbXsrv_session_close_loop: "
310 "old_session_wire_id %llu - global %u != %u\n",
311 (unsigned long long)close_info0->old_session_wire_id,
312 session->global->session_global_id,
313 close_info0->old_session_global_id));
314 if (DEBUGLVL(1)) {
315 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
316 }
317 goto next;
318 }
319
320 if (session->global->creation_time != close_info0->old_creation_time) {
321 DEBUG(1,("smbXsrv_session_close_loop: "
322 "old_session_wire_id %llu - "
323 "creation %s (%llu) != %s (%llu)\n",
324 (unsigned long long)close_info0->old_session_wire_id,
325 nt_time_string(rec, session->global->creation_time),
326 (unsigned long long)session->global->creation_time,
327 nt_time_string(rec, close_info0->old_creation_time),
328 (unsigned long long)close_info0->old_creation_time));
329 if (DEBUGLVL(1)) {
330 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
331 }
332 goto next;
333 }
334
335 subreq = smb2srv_session_shutdown_send(session, client->ev_ctx,
336 session, NULL);
337 if (subreq == NULL) {
338 status = NT_STATUS_NO_MEMORY;
339 DEBUG(0, ("smbXsrv_session_close_loop: "
340 "smb2srv_session_shutdown_send(%llu) failed: %s\n",
341 (unsigned long long)session->global->session_wire_id,
342 nt_errstr(status)));
343 if (DEBUGLVL(1)) {
344 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
345 }
346 goto next;
347 }
348 tevent_req_set_callback(subreq,
349 smbXsrv_session_close_shutdown_done,
350 session);
351
352 next:
353 TALLOC_FREE(rec);
354
355 subreq = messaging_read_send(table, client->ev_ctx, client->msg_ctx,
356 MSG_SMBXSRV_SESSION_CLOSE);
357 if (subreq == NULL) {
358 const char *r;
359 r = "messaging_read_send(MSG_SMBXSRV_SESSION_CLOSE) failed";
360 exit_server_cleanly(r);
361 return;
362 }
363 tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
364 }
365
366 static void smbXsrv_session_close_shutdown_done(struct tevent_req *subreq)
367 {
368 struct smbXsrv_session *session =
369 tevent_req_callback_data(subreq,
370 struct smbXsrv_session);
371 NTSTATUS status;
372
373 status = smb2srv_session_shutdown_recv(subreq);
374 TALLOC_FREE(subreq);
375 if (!NT_STATUS_IS_OK(status)) {
376 DEBUG(0, ("smbXsrv_session_close_loop: "
377 "smb2srv_session_shutdown_recv(%llu) failed: %s\n",
378 (unsigned long long)session->global->session_wire_id,
379 nt_errstr(status)));
380 }
381
382 status = smbXsrv_session_logoff(session);
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(0, ("smbXsrv_session_close_loop: "
385 "smbXsrv_session_logoff(%llu) failed: %s\n",
386 (unsigned long long)session->global->session_wire_id,
387 nt_errstr(status)));
388 }
389
390 TALLOC_FREE(session);
391 }
392
393 struct smb1srv_session_local_allocate_state {
394 const uint32_t lowest_id;
395 const uint32_t highest_id;
396 uint32_t last_id;
397 uint32_t useable_id;
398 NTSTATUS status;
399 };
400
401 static int smb1srv_session_local_allocate_traverse(struct db_record *rec,
402 void *private_data)
403 {
404 struct smb1srv_session_local_allocate_state *state =
405 (struct smb1srv_session_local_allocate_state *)private_data;
406 TDB_DATA key = dbwrap_record_get_key(rec);
407 uint32_t id = 0;
408 NTSTATUS status;
409
410 status = smbXsrv_session_local_key_to_id(key, &id);
411 if (!NT_STATUS_IS_OK(status)) {
412 state->status = status;
413 return -1;
414 }
415
416 if (id <= state->last_id) {
417 state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
418 return -1;
419 }
420 state->last_id = id;
421
422 if (id > state->useable_id) {
423 state->status = NT_STATUS_OK;
424 return -1;
425 }
426
427 if (state->useable_id == state->highest_id) {
428 state->status = NT_STATUS_INSUFFICIENT_RESOURCES;
429 return -1;
430 }
431
432 state->useable_id +=1;
433 return 0;
434 }
435
436 static NTSTATUS smb1srv_session_local_allocate_id(struct db_context *db,
437 uint32_t lowest_id,
438 uint32_t highest_id,
439 TALLOC_CTX *mem_ctx,
440 struct db_record **_rec,
441 uint32_t *_id)
442 {
443 struct smb1srv_session_local_allocate_state state = {
444 .lowest_id = lowest_id,
445 .highest_id = highest_id,
446 .last_id = 0,
447 .useable_id = lowest_id,
448 .status = NT_STATUS_INTERNAL_ERROR,
449 };
450 uint32_t i;
451 uint32_t range;
452 NTSTATUS status;
453 int count = 0;
454
455 *_rec = NULL;
456 *_id = 0;
457
458 if (lowest_id > highest_id) {
459 return NT_STATUS_INSUFFICIENT_RESOURCES;
460 }
461
462 /*
463 * first we try randomly
464 */
465 range = (highest_id - lowest_id) + 1;
466
467 for (i = 0; i < (range / 2); i++) {
468 uint32_t id;
469 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
470 TDB_DATA key;
471 TDB_DATA val;
472 struct db_record *rec = NULL;
473
474 id = generate_random() % range;
475 id += lowest_id;
476
477 if (id < lowest_id) {
478 id = lowest_id;
479 }
480 if (id > highest_id) {
481 id = highest_id;
482 }
483
484 key = smbXsrv_session_local_id_to_key(id, key_buf);
485
486 rec = dbwrap_fetch_locked(db, mem_ctx, key);
487 if (rec == NULL) {
488 return NT_STATUS_INSUFFICIENT_RESOURCES;
489 }
490
491 val = dbwrap_record_get_value(rec);
492 if (val.dsize != 0) {
493 TALLOC_FREE(rec);
494 continue;
495 }
496
497 *_rec = rec;
498 *_id = id;
499 return NT_STATUS_OK;
500 }
501
502 /*
503 * if the range is almost full,
504 * we traverse the whole table
505 * (this relies on sorted behavior of dbwrap_rbt)
506 */
507 status = dbwrap_traverse_read(db, smb1srv_session_local_allocate_traverse,
508 &state, &count);
509 if (NT_STATUS_IS_OK(status)) {
510 if (NT_STATUS_IS_OK(state.status)) {
511 return NT_STATUS_INTERNAL_ERROR;
512 }
513
514 if (!NT_STATUS_EQUAL(state.status, NT_STATUS_INTERNAL_ERROR)) {
515 return state.status;
516 }
517
518 if (state.useable_id <= state.highest_id) {
519 state.status = NT_STATUS_OK;
520 } else {
521 return NT_STATUS_INSUFFICIENT_RESOURCES;
522 }
523 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION)) {
524 /*
525 * Here we really expect NT_STATUS_INTERNAL_DB_CORRUPTION!
526 *
527 * If we get anything else it is an error, because it
528 * means we did not manage to find a free slot in
529 * the db.
530 */
531 return NT_STATUS_INSUFFICIENT_RESOURCES;
532 }
533
534 if (NT_STATUS_IS_OK(state.status)) {
535 uint32_t id;
536 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
537 TDB_DATA key;
538 TDB_DATA val;
539 struct db_record *rec = NULL;
540
541 id = state.useable_id;
542
543 key = smbXsrv_session_local_id_to_key(id, key_buf);
544
545 rec = dbwrap_fetch_locked(db, mem_ctx, key);
546 if (rec == NULL) {
547 return NT_STATUS_INSUFFICIENT_RESOURCES;
548 }
549
550 val = dbwrap_record_get_value(rec);
551 if (val.dsize != 0) {
552 TALLOC_FREE(rec);
553 return NT_STATUS_INTERNAL_DB_CORRUPTION;
554 }
555
556 *_rec = rec;
557 *_id = id;
558 return NT_STATUS_OK;
559 }
560
561 return state.status;
562 }
563
564 struct smbXsrv_session_local_fetch_state {
565 struct smbXsrv_session *session;
566 NTSTATUS status;
567 };
568
569 static void smbXsrv_session_local_fetch_parser(TDB_DATA key, TDB_DATA data,
570 void *private_data)
571 {
572 struct smbXsrv_session_local_fetch_state *state =
573 (struct smbXsrv_session_local_fetch_state *)private_data;
574 void *ptr;
575
576 if (data.dsize != sizeof(ptr)) {
577 state->status = NT_STATUS_INTERNAL_DB_ERROR;
578 return;
579 }
580
581 memcpy(&ptr, data.dptr, data.dsize);
582 state->session = talloc_get_type_abort(ptr, struct smbXsrv_session);
583 state->status = NT_STATUS_OK;
584 }
585
586 static NTSTATUS smbXsrv_session_local_lookup(struct smbXsrv_session_table *table,
587 /* conn: optional */
588 struct smbXsrv_connection *conn,
589 uint32_t session_local_id,
590 NTTIME now,
591 struct smbXsrv_session **_session)
592 {
593 struct smbXsrv_session_local_fetch_state state = {
594 .session = NULL,
595 .status = NT_STATUS_INTERNAL_ERROR,
596 };
597 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
598 TDB_DATA key;
599 NTSTATUS status;
600
601 *_session = NULL;
602
603 if (session_local_id == 0) {
604 return NT_STATUS_USER_SESSION_DELETED;
605 }
606
607 if (table == NULL) {
608 /* this might happen before the end of negprot */
609 return NT_STATUS_USER_SESSION_DELETED;
610 }
611
612 if (table->local.db_ctx == NULL) {
613 return NT_STATUS_INTERNAL_ERROR;
614 }
615
616 key = smbXsrv_session_local_id_to_key(session_local_id, key_buf);
617
618 status = dbwrap_parse_record(table->local.db_ctx, key,
619 smbXsrv_session_local_fetch_parser,
620 &state);
621 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
622 return NT_STATUS_USER_SESSION_DELETED;
623 } else if (!NT_STATUS_IS_OK(status)) {
624 return status;
625 }
626 if (!NT_STATUS_IS_OK(state.status)) {
627 return state.status;
628 }
629
630 if (NT_STATUS_EQUAL(state.session->status, NT_STATUS_USER_SESSION_DELETED)) {
631 return NT_STATUS_USER_SESSION_DELETED;
632 }
633
634 /*
635 * If a connection is specified check if the session is
636 * valid on the channel.
637 */
638 if (conn != NULL) {
639 struct smbXsrv_channel_global0 *c = NULL;
640
641 status = smbXsrv_session_find_channel(state.session, conn, &c);
642 if (!NT_STATUS_IS_OK(status)) {
643 return status;
644 }
645 }
646
647 state.session->idle_time = now;
648
649 if (!NT_STATUS_IS_OK(state.session->status)) {
650 *_session = state.session;
651 return state.session->status;
652 }
653
654 if (now > state.session->global->expiration_time) {
655 state.session->status = NT_STATUS_NETWORK_SESSION_EXPIRED;
656 }
657
658 *_session = state.session;
659 return state.session->status;
660 }
661
662 static int smbXsrv_session_global_destructor(struct smbXsrv_session_global0 *global)
663 {
664 return 0;
665 }
666
667 static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
668 bool *is_free,
669 bool *was_free,
670 TALLOC_CTX *mem_ctx,
671 struct smbXsrv_session_global0 **_g);
672
673 static NTSTATUS smbXsrv_session_global_allocate(struct db_context *db,
674 TALLOC_CTX *mem_ctx,
675 struct smbXsrv_session_global0 **_global)
676 {
677 uint32_t i;
678 struct smbXsrv_session_global0 *global = NULL;
679 uint32_t last_free = 0;
680 const uint32_t min_tries = 3;
681
682 *_global = NULL;
683
684 global = talloc_zero(mem_ctx, struct smbXsrv_session_global0);
685 if (global == NULL) {
686 return NT_STATUS_NO_MEMORY;
687 }
688 talloc_set_destructor(global, smbXsrv_session_global_destructor);
689
690 /*
691 * Here we just randomly try the whole 32-bit space
692 *
693 * We use just 32-bit, because we want to reuse the
694 * ID for SRVSVC.
695 */
696 for (i = 0; i < UINT32_MAX; i++) {
697 bool is_free = false;
698 bool was_free = false;
699 uint32_t id;
700 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
701 TDB_DATA key;
702
703 if (i >= min_tries && last_free != 0) {
704 id = last_free;
705 } else {
706 id = generate_random();
707 }
708 if (id == 0) {
709 id++;
710 }
711 if (id == UINT32_MAX) {
712 id--;
713 }
714
715 key = smbXsrv_session_global_id_to_key(id, key_buf);
716
717 global->db_rec = dbwrap_fetch_locked(db, mem_ctx, key);
718 if (global->db_rec == NULL) {
719 talloc_free(global);
720 return NT_STATUS_INSUFFICIENT_RESOURCES;
721 }
722
723 smbXsrv_session_global_verify_record(global->db_rec,
724 &is_free,
725 &was_free,
726 NULL, NULL);
727
728 if (!is_free) {
729 TALLOC_FREE(global->db_rec);
730 continue;
731 }
732
733 if (!was_free && i < min_tries) {
734 /*
735 * The session_id is free now,
736 * but was not free before.
737 *
738 * This happens if a smbd crashed
739 * and did not cleanup the record.
740 *
741 * If this is one of our first tries,
742 * then we try to find a real free one.
743 */
744 if (last_free == 0) {
745 last_free = id;
746 }
747 TALLOC_FREE(global->db_rec);
748 continue;
749 }
750
751 global->session_global_id = id;
752
753 *_global = global;
754 return NT_STATUS_OK;
755 }
756
757 /* should not be reached */
758 talloc_free(global);
759 return NT_STATUS_INTERNAL_ERROR;
760 }
761
762 static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
763 bool *is_free,
764 bool *was_free,
765 TALLOC_CTX *mem_ctx,
766 struct smbXsrv_session_global0 **_g)
767 {
768 TDB_DATA key;
769 TDB_DATA val;
770 DATA_BLOB blob;
771 struct smbXsrv_session_globalB global_blob;
772 enum ndr_err_code ndr_err;
773 struct smbXsrv_session_global0 *global = NULL;
774 bool exists;
775 TALLOC_CTX *frame = talloc_stackframe();
776
777 *is_free = false;
778
779 if (was_free) {
780 *was_free = false;
781 }
782 if (_g) {
783 *_g = NULL;
784 }
785
786 key = dbwrap_record_get_key(db_rec);
787
788 val = dbwrap_record_get_value(db_rec);
789 if (val.dsize == 0) {
790 TALLOC_FREE(frame);
791 *is_free = true;
792 if (was_free) {
793 *was_free = true;
794 }
795 return;
796 }
797
798 blob = data_blob_const(val.dptr, val.dsize);
799
800 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
801 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
802 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
803 NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
804 DEBUG(1,("smbXsrv_session_global_verify_record: "
805 "key '%s' ndr_pull_struct_blob - %s\n",
806 hex_encode_talloc(frame, key.dptr, key.dsize),
807 nt_errstr(status)));
808 TALLOC_FREE(frame);
809 return;
810 }
811
812 DEBUG(10,("smbXsrv_session_global_verify_record\n"));
813 if (DEBUGLVL(10)) {
814 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
815 }
816
817 if (global_blob.version != SMBXSRV_VERSION_0) {
818 DEBUG(0,("smbXsrv_session_global_verify_record: "
819 "key '%s' use unsupported version %u\n",
820 hex_encode_talloc(frame, key.dptr, key.dsize),
821 global_blob.version));
822 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
823 TALLOC_FREE(frame);
824 return;
825 }
826
827 global = global_blob.info.info0;
828
829 exists = serverid_exists(&global->channels[0].server_id);
830 if (!exists) {
831 struct server_id_buf idbuf;
832 DEBUG(2,("smbXsrv_session_global_verify_record: "
833 "key '%s' server_id %s does not exist.\n",
834 hex_encode_talloc(frame, key.dptr, key.dsize),
835 server_id_str_buf(global->channels[0].server_id,
836 &idbuf)));
837 if (DEBUGLVL(2)) {
838 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
839 }
840 TALLOC_FREE(frame);
841 dbwrap_record_delete(db_rec);
842 *is_free = true;
843 return;
844 }
845
846 if (_g) {
847 *_g = talloc_move(mem_ctx, &global);
848 }
849 TALLOC_FREE(frame);
850 }
851
852 static NTSTATUS smbXsrv_session_global_store(struct smbXsrv_session_global0 *global)
853 {
854 struct smbXsrv_session_globalB global_blob;
855 DATA_BLOB blob = data_blob_null;
856 TDB_DATA key;
857 TDB_DATA val;
858 NTSTATUS status;
859 enum ndr_err_code ndr_err;
860
861 /*
862 * TODO: if we use other versions than '0'
863 * we would add glue code here, that would be able to
864 * store the information in the old format.
865 */
866
867 if (global->db_rec == NULL) {
868 return NT_STATUS_INTERNAL_ERROR;
869 }
870
871 key = dbwrap_record_get_key(global->db_rec);
872 val = dbwrap_record_get_value(global->db_rec);
873
874 ZERO_STRUCT(global_blob);
875 global_blob.version = smbXsrv_version_global_current();
876 if (val.dsize >= 8) {
877 global_blob.seqnum = IVAL(val.dptr, 4);
878 }
879 global_blob.seqnum += 1;
880 global_blob.info.info0 = global;
881
882 ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
883 (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_globalB);
884 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
885 status = ndr_map_error2ntstatus(ndr_err);
886 DEBUG(1,("smbXsrv_session_global_store: key '%s' ndr_push - %s\n",
887 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
888 nt_errstr(status)));
889 TALLOC_FREE(global->db_rec);
890 return status;
891 }
892
893 val = make_tdb_data(blob.data, blob.length);
894 status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
895 if (!NT_STATUS_IS_OK(status)) {
896 DEBUG(1,("smbXsrv_session_global_store: key '%s' store - %s\n",
897 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
898 nt_errstr(status)));
899 TALLOC_FREE(global->db_rec);
900 return status;
901 }
902
903 if (DEBUGLVL(10)) {
904 DEBUG(10,("smbXsrv_session_global_store: key '%s' stored\n",
905 hex_encode_talloc(global->db_rec, key.dptr, key.dsize)));
906 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
907 }
908
909 TALLOC_FREE(global->db_rec);
910
911 return NT_STATUS_OK;
912 }
913
914 struct smb2srv_session_close_previous_state {
915 struct tevent_context *ev;
916 struct smbXsrv_connection *connection;
917 struct dom_sid *current_sid;
918 uint64_t current_session_id;
919 struct db_record *db_rec;
920 };
921
922 static void smb2srv_session_close_previous_check(struct tevent_req *req);
923 static void smb2srv_session_close_previous_modified(struct tevent_req *subreq);
924
925 struct tevent_req *smb2srv_session_close_previous_send(TALLOC_CTX *mem_ctx,
926 struct tevent_context *ev,
927 struct smbXsrv_connection *conn,
928 struct auth_session_info *session_info,
929 uint64_t previous_session_id,
930 uint64_t current_session_id)
931 {
932 struct tevent_req *req;
933 struct smb2srv_session_close_previous_state *state;
934 uint32_t global_id = previous_session_id & UINT32_MAX;
935 uint64_t global_zeros = previous_session_id & 0xFFFFFFFF00000000LLU;
936 struct smbXsrv_session_table *table = conn->client->session_table;
937 struct security_token *current_token = NULL;
938 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
939 TDB_DATA key;
940
941 req = tevent_req_create(mem_ctx, &state,
942 struct smb2srv_session_close_previous_state);
943 if (req == NULL) {
944 return NULL;
945 }
946 state->ev = ev;
947 state->connection = conn;
948 state->current_session_id = current_session_id;
949
950 if (global_zeros != 0) {
951 tevent_req_done(req);
952 return tevent_req_post(req, ev);
953 }
954
955 if (session_info == NULL) {
956 tevent_req_done(req);
957 return tevent_req_post(req, ev);
958 }
959 current_token = session_info->security_token;
960
961 if (current_token->num_sids > PRIMARY_USER_SID_INDEX) {
962 state->current_sid = &current_token->sids[PRIMARY_USER_SID_INDEX];
963 }
964
965 if (state->current_sid == NULL) {
966 tevent_req_done(req);
967 return tevent_req_post(req, ev);
968 }
969
970 if (!security_token_has_nt_authenticated_users(current_token)) {
971 /* TODO */
972 tevent_req_done(req);
973 return tevent_req_post(req, ev);
974 }
975
976 key = smbXsrv_session_global_id_to_key(global_id, key_buf);
977
978 state->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
979 state, key);
980 if (state->db_rec == NULL) {
981 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
982 return tevent_req_post(req, ev);
983 }
984
985 smb2srv_session_close_previous_check(req);
986 if (!tevent_req_is_in_progress(req)) {
987 return tevent_req_post(req, ev);
988 }
989
990 return req;
991 }
992
993 static void smb2srv_session_close_previous_check(struct tevent_req *req)
994 {
995 struct smb2srv_session_close_previous_state *state =
996 tevent_req_data(req,
997 struct smb2srv_session_close_previous_state);
998 struct smbXsrv_connection *conn = state->connection;
999 DATA_BLOB blob;
1000 struct security_token *previous_token = NULL;
1001 struct smbXsrv_session_global0 *global = NULL;
1002 enum ndr_err_code ndr_err;
1003 struct smbXsrv_session_close0 close_info0;
1004 struct smbXsrv_session_closeB close_blob;
1005 struct tevent_req *subreq = NULL;
1006 NTSTATUS status;
1007 bool is_free = false;
1008
1009 smbXsrv_session_global_verify_record(state->db_rec,
1010 &is_free,
1011 NULL,
1012 state,
1013 &global);
1014
1015 if (is_free) {
1016 TALLOC_FREE(state->db_rec);
1017 tevent_req_done(req);
1018 return;
1019 }
1020
1021 if (global->auth_session_info == NULL) {
1022 TALLOC_FREE(state->db_rec);
1023 tevent_req_done(req);
1024 return;
1025 }
1026
1027 previous_token = global->auth_session_info->security_token;
1028
1029 if (!security_token_is_sid(previous_token, state->current_sid)) {
1030 TALLOC_FREE(state->db_rec);
1031 tevent_req_done(req);
1032 return;
1033 }
1034
1035 subreq = dbwrap_record_watch_send(state, state->ev,
1036 state->db_rec, conn->msg_ctx);
1037 if (tevent_req_nomem(subreq, req)) {
1038 TALLOC_FREE(state->db_rec);
1039 return;
1040 }
1041 tevent_req_set_callback(subreq,
1042 smb2srv_session_close_previous_modified,
1043 req);
1044
1045 close_info0.old_session_global_id = global->session_global_id;
1046 close_info0.old_session_wire_id = global->session_wire_id;
1047 close_info0.old_creation_time = global->creation_time;
1048 close_info0.new_session_wire_id = state->current_session_id;
1049
1050 ZERO_STRUCT(close_blob);
1051 close_blob.version = smbXsrv_version_global_current();
1052 close_blob.info.info0 = &close_info0;
1053
1054 ndr_err = ndr_push_struct_blob(&blob, state, &close_blob,
1055 (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_closeB);
1056 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1057 TALLOC_FREE(state->db_rec);
1058 status = ndr_map_error2ntstatus(ndr_err);
1059 DEBUG(1,("smb2srv_session_close_previous_check: "
1060 "old_session[%llu] new_session[%llu] ndr_push - %s\n",
1061 (unsigned long long)close_info0.old_session_wire_id,
1062 (unsigned long long)close_info0.new_session_wire_id,
1063 nt_errstr(status)));
1064 tevent_req_nterror(req, status);
1065 return;
1066 }
1067
1068 status = messaging_send(conn->msg_ctx,
1069 global->channels[0].server_id,
1070 MSG_SMBXSRV_SESSION_CLOSE, &blob);
1071 TALLOC_FREE(state->db_rec);
1072 if (tevent_req_nterror(req, status)) {
1073 return;
1074 }
1075
1076 TALLOC_FREE(global);
1077 return;
1078 }
1079
1080 static void smb2srv_session_close_previous_modified(struct tevent_req *subreq)
1081 {
1082 struct tevent_req *req =
1083 tevent_req_callback_data(subreq,
1084 struct tevent_req);
1085 struct smb2srv_session_close_previous_state *state =
1086 tevent_req_data(req,
1087 struct smb2srv_session_close_previous_state);
1088 NTSTATUS status;
1089
1090 status = dbwrap_record_watch_recv(subreq, state, &state->db_rec);
1091 TALLOC_FREE(subreq);
1092 if (tevent_req_nterror(req, status)) {
1093 return;
1094 }
1095
1096 smb2srv_session_close_previous_check(req);
1097 }
1098
1099 NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
1100 {
1101 NTSTATUS status;
1102
1103 if (tevent_req_is_nterror(req, &status)) {
1104 tevent_req_received(req);
1105 return status;
1106 }
1107
1108 tevent_req_received(req);
1109 return NT_STATUS_OK;
1110 }
1111
1112 static NTSTATUS smbXsrv_session_clear_and_logoff(struct smbXsrv_session *session)
1113 {
1114 NTSTATUS status;
1115 struct smbXsrv_connection *xconn = NULL;
1116
1117 if (session->client != NULL) {
1118 xconn = session->client->connections;
1119 }
1120
1121 for (; xconn != NULL; xconn = xconn->next) {
1122 struct smbd_smb2_request *preq;
1123
1124 for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
1125 if (preq->session != session) {
1126 continue;
1127 }
1128
1129 preq->session = NULL;
1130 /*
1131 * If we no longer have a session we can't
1132 * sign or encrypt replies.
1133 */
1134 preq->do_signing = false;
1135 preq->do_encryption = false;
1136 preq->preauth = NULL;
1137 }
1138 }
1139
1140 status = smbXsrv_session_logoff(session);
1141 return status;
1142 }
1143
1144 static int smbXsrv_session_destructor(struct smbXsrv_session *session)
1145 {
1146 NTSTATUS status;
1147
1148 status = smbXsrv_session_clear_and_logoff(session);
1149 if (!NT_STATUS_IS_OK(status)) {
1150 DEBUG(0, ("smbXsrv_session_destructor: "
1151 "smbXsrv_session_logoff() failed: %s\n",
1152 nt_errstr(status)));
1153 }
1154
1155 TALLOC_FREE(session->global);
1156
1157 return 0;
1158 }
1159
1160 NTSTATUS smbXsrv_session_create(struct smbXsrv_connection *conn,
1161 NTTIME now,
1162 struct smbXsrv_session **_session)
1163 {
1164 struct smbXsrv_session_table *table = conn->client->session_table;
1165 struct db_record *local_rec = NULL;
1166 struct smbXsrv_session *session = NULL;
1167 void *ptr = NULL;
1168 TDB_DATA val;
1169 struct smbXsrv_session_global0 *global = NULL;
1170 struct smbXsrv_channel_global0 *channels = NULL;
1171 NTSTATUS status;
1172
1173 if (table->local.num_sessions >= table->local.max_sessions) {
1174 return NT_STATUS_INSUFFICIENT_RESOURCES;
1175 }
1176
1177 session = talloc_zero(table, struct smbXsrv_session);
1178 if (session == NULL) {
1179 return NT_STATUS_NO_MEMORY;
1180 }
1181 session->table = table;
1182 session->idle_time = now;
1183 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1184 session->client = conn->client;
1185
1186 if (conn->protocol >= PROTOCOL_SMB3_10) {
1187 session->preauth = talloc(session, struct smbXsrv_preauth);
1188 if (session->preauth == NULL) {
1189 TALLOC_FREE(session);
1190 return NT_STATUS_NO_MEMORY;
1191 }
1192 *session->preauth = conn->smb2.preauth;
1193 }
1194
1195 status = smbXsrv_session_global_allocate(table->global.db_ctx,
1196 session,
1197 &global);
1198 if (!NT_STATUS_IS_OK(status)) {
1199 TALLOC_FREE(session);
1200 return status;
1201 }
1202 session->global = global;
1203
1204 if (conn->protocol >= PROTOCOL_SMB2_02) {
1205 uint64_t id = global->session_global_id;
1206 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
1207 TDB_DATA key;
1208
1209 global->connection_dialect = conn->smb2.server.dialect;
1210
1211 global->session_wire_id = id;
1212
1213 status = smb2srv_tcon_table_init(session);
1214 if (!NT_STATUS_IS_OK(status)) {
1215 TALLOC_FREE(session);
1216 return status;
1217 }
1218
1219 session->local_id = global->session_global_id;
1220
1221 key = smbXsrv_session_local_id_to_key(session->local_id, key_buf);
1222
1223 local_rec = dbwrap_fetch_locked(table->local.db_ctx,
1224 session, key);
1225 if (local_rec == NULL) {
1226 TALLOC_FREE(session);
1227 return NT_STATUS_NO_MEMORY;
1228 }
1229
1230 val = dbwrap_record_get_value(local_rec);
1231 if (val.dsize != 0) {
1232 TALLOC_FREE(session);
1233 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1234 }
1235 } else {
1236
1237 status = smb1srv_session_local_allocate_id(table->local.db_ctx,
1238 table->local.lowest_id,
1239 table->local.highest_id,
1240 session,
1241 &local_rec,
1242 &session->local_id);
1243 if (!NT_STATUS_IS_OK(status)) {
1244 TALLOC_FREE(session);
1245 return status;
1246 }
1247
1248 global->session_wire_id = session->local_id;
1249 }
1250
1251 global->creation_time = now;
1252 global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
1253
1254 global->num_channels = 1;
1255 channels = talloc_zero_array(global,
1256 struct smbXsrv_channel_global0,
1257 global->num_channels);
1258 if (channels == NULL) {
1259 TALLOC_FREE(session);
1260 return NT_STATUS_NO_MEMORY;
1261 }
1262 global->channels = channels;
1263
1264 channels[0].server_id = messaging_server_id(conn->msg_ctx);
1265 channels[0].local_address = tsocket_address_string(conn->local_address,
1266 channels);
1267 if (channels[0].local_address == NULL) {
1268 TALLOC_FREE(session);
1269 return NT_STATUS_NO_MEMORY;
1270 }
1271 channels[0].remote_address = tsocket_address_string(conn->remote_address,
1272 channels);
1273 if (channels[0].remote_address == NULL) {
1274 TALLOC_FREE(session);
1275 return NT_STATUS_NO_MEMORY;
1276 }
1277 channels[0].remote_name = talloc_strdup(channels, conn->remote_hostname);
1278 if (channels[0].remote_name == NULL) {
1279 TALLOC_FREE(session);
1280 return NT_STATUS_NO_MEMORY;
1281 }
1282 channels[0].signing_key = data_blob_null;
1283 channels[0].connection = conn;
1284
1285 ptr = session;
1286 val = make_tdb_data((uint8_t const *)&ptr, sizeof(ptr));
1287 status = dbwrap_record_store(local_rec, val, TDB_REPLACE);
1288 TALLOC_FREE(local_rec);
1289 if (!NT_STATUS_IS_OK(status)) {
1290 TALLOC_FREE(session);
1291 return status;
1292 }
1293 table->local.num_sessions += 1;
1294
1295 talloc_set_destructor(session, smbXsrv_session_destructor);
1296
1297 status = smbXsrv_session_global_store(global);
1298 if (!NT_STATUS_IS_OK(status)) {
1299 DEBUG(0,("smbXsrv_session_create: "
1300 "global_id (0x%08x) store failed - %s\n",
1301 session->global->session_global_id,
1302 nt_errstr(status)));
1303 TALLOC_FREE(session);
1304 return status;
1305 }
1306
1307 if (DEBUGLVL(10)) {
1308 struct smbXsrv_sessionB session_blob;
1309
1310 ZERO_STRUCT(session_blob);
1311 session_blob.version = SMBXSRV_VERSION_0;
1312 session_blob.info.info0 = session;
1313
1314 DEBUG(10,("smbXsrv_session_create: global_id (0x%08x) stored\n",
1315 session->global->session_global_id));
1316 NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1317 }
1318
1319 *_session = session;
1320 return NT_STATUS_OK;
1321 }
1322
1323 NTSTATUS smbXsrv_session_update(struct smbXsrv_session *session)
1324 {
1325 struct smbXsrv_session_table *table = session->table;
1326 NTSTATUS status;
1327 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
1328 TDB_DATA key;
1329
1330 if (session->global->db_rec != NULL) {
1331 DEBUG(0, ("smbXsrv_session_update(0x%08x): "
1332 "Called with db_rec != NULL'\n",
1333 session->global->session_global_id));
1334 return NT_STATUS_INTERNAL_ERROR;
1335 }
1336
1337 key = smbXsrv_session_global_id_to_key(
1338 session->global->session_global_id,
1339 key_buf);
1340
1341 session->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
1342 session->global, key);
1343 if (session->global->db_rec == NULL) {
1344 DEBUG(0, ("smbXsrv_session_update(0x%08x): "
1345 "Failed to lock global key '%s'\n",
1346 session->global->session_global_id,
1347 hex_encode_talloc(talloc_tos(), key.dptr,
1348 key.dsize)));
1349 return NT_STATUS_INTERNAL_DB_ERROR;
1350 }
1351
1352 status = smbXsrv_session_global_store(session->global);
1353 if (!NT_STATUS_IS_OK(status)) {
1354 DEBUG(0,("smbXsrv_session_update: "
1355 "global_id (0x%08x) store failed - %s\n",
1356 session->global->session_global_id,
1357 nt_errstr(status)));
1358 return status;
1359 }
1360
1361 if (DEBUGLVL(10)) {
1362 struct smbXsrv_sessionB session_blob;
1363
1364 ZERO_STRUCT(session_blob);
1365 session_blob.version = SMBXSRV_VERSION_0;
1366 session_blob.info.info0 = session;
1367
1368 DEBUG(10,("smbXsrv_session_update: global_id (0x%08x) stored\n",
1369 session->global->session_global_id));
1370 NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1371 }
1372
1373 return NT_STATUS_OK;
1374 }
1375
1376 NTSTATUS smbXsrv_session_find_channel(const struct smbXsrv_session *session,
1377 const struct smbXsrv_connection *conn,
1378 struct smbXsrv_channel_global0 **_c)
1379 {
1380 uint32_t i;
1381
1382 for (i=0; i < session->global->num_channels; i++) {
1383 struct smbXsrv_channel_global0 *c = &session->global->channels[i];
1384
1385 if (c->connection == conn) {
1386 *_c = c;
1387 return NT_STATUS_OK;
1388 }
1389 }
1390
1391 return NT_STATUS_USER_SESSION_DELETED;
1392 }
1393
1394 struct smb2srv_session_shutdown_state {
1395 struct tevent_queue *wait_queue;
1396 };
1397
1398 static void smb2srv_session_shutdown_wait_done(struct tevent_req *subreq);
1399
1400 struct tevent_req *smb2srv_session_shutdown_send(TALLOC_CTX *mem_ctx,
1401 struct tevent_context *ev,
1402 struct smbXsrv_session *session,
1403 struct smbd_smb2_request *current_req)
1404 {
1405 struct tevent_req *req;
1406 struct smb2srv_session_shutdown_state *state;
1407 struct tevent_req *subreq;
1408 struct smbXsrv_connection *xconn = NULL;
1409 size_t len = 0;
1410
1411 /*
1412 * Make sure that no new request will be able to use this session.
1413 */
1414 session->status = NT_STATUS_USER_SESSION_DELETED;
1415
1416 req = tevent_req_create(mem_ctx, &state,
1417 struct smb2srv_session_shutdown_state);
1418 if (req == NULL) {
1419 return NULL;
1420 }
1421
1422 state->wait_queue = tevent_queue_create(state, "smb2srv_session_shutdown_queue");
1423 if (tevent_req_nomem(state->wait_queue, req)) {
1424 return tevent_req_post(req, ev);
1425 }
1426
1427 for (xconn = session->client->connections; xconn != NULL; xconn = xconn->next) {
1428 struct smbd_smb2_request *preq;
1429
1430 for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
1431 if (preq == current_req) {
1432 /* Can't cancel current request. */
1433 continue;
1434 }
1435 if (preq->session != session) {
1436 /* Request on different session. */
1437 continue;
1438 }
1439
1440 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
1441 preq->session = NULL;
1442 /*
1443 * If we no longer have a session we can't
1444 * sign or encrypt replies.
1445 */
1446 preq->do_signing = false;
1447 preq->do_encryption = false;
1448 preq->preauth = NULL;
1449
1450 if (preq->subreq != NULL) {
1451 tevent_req_cancel(preq->subreq);
1452 }
1453 continue;
1454 }
1455
1456 /*
1457 * Never cancel anything in a compound
1458 * request. Way too hard to deal with
1459 * the result.
1460 */
1461 if (!preq->compound_related && preq->subreq != NULL) {
1462 tevent_req_cancel(preq->subreq);
1463 }
1464
1465 /*
1466 * Now wait until the request is finished.
1467 *
1468 * We don't set a callback, as we just want to block the
1469 * wait queue and the talloc_free() of the request will
1470 * remove the item from the wait queue.
1471 */
1472 subreq = tevent_queue_wait_send(preq, ev, state->wait_queue);
1473 if (tevent_req_nomem(subreq, req)) {
1474 return tevent_req_post(req, ev);
1475 }
1476 }
1477 }
1478
1479 len = tevent_queue_length(state->wait_queue);
1480 if (len == 0) {
1481 tevent_req_done(req);
1482 return tevent_req_post(req, ev);
1483 }
1484
1485 /*
1486 * Now we add our own waiter to the end of the queue,
1487 * this way we get notified when all pending requests are finished
1488 * and send to the socket.
1489 */
1490 subreq = tevent_queue_wait_send(state, ev, state->wait_queue);
1491 if (tevent_req_nomem(subreq, req)) {
1492 return tevent_req_post(req, ev);
1493 }
1494 tevent_req_set_callback(subreq, smb2srv_session_shutdown_wait_done, req);
1495
1496 return req;
1497 }
1498
1499 static void smb2srv_session_shutdown_wait_done(struct tevent_req *subreq)
1500 {
1501 struct tevent_req *req =
1502 tevent_req_callback_data(subreq,
1503 struct tevent_req);
1504
1505 tevent_queue_wait_recv(subreq);
1506 TALLOC_FREE(subreq);
1507
1508 tevent_req_done(req);
1509 }
1510
1511 NTSTATUS smb2srv_session_shutdown_recv(struct tevent_req *req)
1512 {
1513 return tevent_req_simple_recv_ntstatus(req);
1514 }
1515
1516 NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session)
1517 {
1518 struct smbXsrv_session_table *table;
1519 struct db_record *local_rec = NULL;
1520 struct db_record *global_rec = NULL;
1521 struct smbd_server_connection *sconn = NULL;
1522 NTSTATUS status;
1523 NTSTATUS error = NT_STATUS_OK;
1524
1525 if (session->table == NULL) {
1526 return NT_STATUS_OK;
1527 }
1528
1529 table = session->table;
1530 session->table = NULL;
1531
1532 sconn = session->client->sconn;
1533 session->client = NULL;
1534 session->status = NT_STATUS_USER_SESSION_DELETED;
1535
1536 global_rec = session->global->db_rec;
1537 session->global->db_rec = NULL;
1538 if (global_rec == NULL) {
1539 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
1540 TDB_DATA key;
1541
1542 key = smbXsrv_session_global_id_to_key(
1543 session->global->session_global_id,
1544 key_buf);
1545
1546 global_rec = dbwrap_fetch_locked(table->global.db_ctx,
1547 session->global, key);
1548 if (global_rec == NULL) {
1549 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1550 "Failed to lock global key '%s'\n",
1551 session->global->session_global_id,
1552 hex_encode_talloc(global_rec, key.dptr,
1553 key.dsize)));
1554 error = NT_STATUS_INTERNAL_ERROR;
1555 }
1556 }
1557
1558 if (global_rec != NULL) {
1559 status = dbwrap_record_delete(global_rec);
1560 if (!NT_STATUS_IS_OK(status)) {
1561 TDB_DATA key = dbwrap_record_get_key(global_rec);
1562
1563 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1564 "failed to delete global key '%s': %s\n",
1565 session->global->session_global_id,
1566 hex_encode_talloc(global_rec, key.dptr,
1567 key.dsize),
1568 nt_errstr(status)));
1569 error = status;
1570 }
1571 }
1572 TALLOC_FREE(global_rec);
1573
1574 local_rec = session->db_rec;
1575 if (local_rec == NULL) {
1576 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
1577 TDB_DATA key;
1578
1579 key = smbXsrv_session_local_id_to_key(session->local_id,
1580 key_buf);
1581
1582 local_rec = dbwrap_fetch_locked(table->local.db_ctx,
1583 session, key);
1584 if (local_rec == NULL) {
1585 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1586 "Failed to lock local key '%s'\n",
1587 session->global->session_global_id,
1588 hex_encode_talloc(local_rec, key.dptr,
1589 key.dsize)));
1590 error = NT_STATUS_INTERNAL_ERROR;
1591 }
1592 }
1593
1594 if (local_rec != NULL) {
1595 status = dbwrap_record_delete(local_rec);
1596 if (!NT_STATUS_IS_OK(status)) {
1597 TDB_DATA key = dbwrap_record_get_key(local_rec);
1598
1599 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1600 "failed to delete local key '%s': %s\n",
1601 session->global->session_global_id,
1602 hex_encode_talloc(local_rec, key.dptr,
1603 key.dsize),
1604 nt_errstr(status)));
1605 error = status;
1606 }
1607 table->local.num_sessions -= 1;
1608 }
1609 if (session->db_rec == NULL) {
1610 TALLOC_FREE(local_rec);
1611 }
1612 session->db_rec = NULL;
1613
1614 if (session->compat) {
1615 file_close_user(sconn, session->compat->vuid);
1616 }
1617
1618 if (session->tcon_table != NULL) {
1619 /*
1620 * Note: We only have a tcon_table for SMB2.
1621 */
1622 status = smb2srv_tcon_disconnect_all(session);
1623 if (!NT_STATUS_IS_OK(status)) {
1624 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1625 "smb2srv_tcon_disconnect_all() failed: %s\n",
1626 session->global->session_global_id,
1627 nt_errstr(status)));
1628 error = status;
1629 }
1630 }
1631
1632 if (session->compat) {
1633 invalidate_vuid(sconn, session->compat->vuid);
1634 session->compat = NULL;
1635 }
1636
1637 return error;
1638 }
1639
1640 struct smbXsrv_session_logoff_all_state {
1641 NTSTATUS first_status;
1642 int errors;
1643 };
1644
1645 static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1646 void *private_data);
1647
1648 NTSTATUS smbXsrv_session_logoff_all(struct smbXsrv_connection *conn)
1649 {
1650 struct smbXsrv_session_table *table = conn->client->session_table;
1651 struct smbXsrv_session_logoff_all_state state;
1652 NTSTATUS status;
1653 int count = 0;
1654
1655 if (table == NULL) {
1656 DEBUG(10, ("smbXsrv_session_logoff_all: "
1657 "empty session_table, nothing to do.\n"));
1658 return NT_STATUS_OK;
1659 }
1660
1661 ZERO_STRUCT(state);
1662
1663 status = dbwrap_traverse(table->local.db_ctx,
1664 smbXsrv_session_logoff_all_callback,
1665 &state, &count);
1666 if (!NT_STATUS_IS_OK(status)) {
1667 DEBUG(0, ("smbXsrv_session_logoff_all: "
1668 "dbwrap_traverse() failed: %s\n",
1669 nt_errstr(status)));
1670 return status;
1671 }
1672
1673 if (!NT_STATUS_IS_OK(state.first_status)) {
1674 DEBUG(0, ("smbXsrv_session_logoff_all: "
1675 "count[%d] errors[%d] first[%s]\n",
1676 count, state.errors,
1677 nt_errstr(state.first_status)));
1678 return state.first_status;
1679 }
1680
1681 return NT_STATUS_OK;
1682 }
1683
1684 static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1685 void *private_data)
1686 {
1687 struct smbXsrv_session_logoff_all_state *state =
1688 (struct smbXsrv_session_logoff_all_state *)private_data;
1689 TDB_DATA val;
1690 void *ptr = NULL;
1691 struct smbXsrv_session *session = NULL;
1692 NTSTATUS status;
1693
1694 val = dbwrap_record_get_value(local_rec);
1695 if (val.dsize != sizeof(ptr)) {
1696 status = NT_STATUS_INTERNAL_ERROR;
1697 if (NT_STATUS_IS_OK(state->first_status)) {
1698 state->first_status = status;
1699 }
1700 state->errors++;
1701 return 0;
1702 }
1703
1704 memcpy(&ptr, val.dptr, val.dsize);
1705 session = talloc_get_type_abort(ptr, struct smbXsrv_session);
1706
1707 session->db_rec = local_rec;
1708
1709 status = smbXsrv_session_clear_and_logoff(session);
1710 if (!NT_STATUS_IS_OK(status)) {
1711 if (NT_STATUS_IS_OK(state->first_status)) {
1712 state->first_status = status;
1713 }
1714 state->errors++;
1715 return 0;
1716 }
1717
1718 return 0;
1719 }
1720
1721 NTSTATUS smb1srv_session_table_init(struct smbXsrv_connection *conn)
1722 {
1723 /*
1724 * Allow a range from 1..65534 with 65534 values.
1725 */
1726 return smbXsrv_session_table_init(conn, 1, UINT16_MAX - 1,
1727 UINT16_MAX - 1);
1728 }
1729
1730 NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
1731 uint16_t vuid, NTTIME now,
1732 struct smbXsrv_session **session)
1733 {
1734 struct smbXsrv_session_table *table = conn->client->session_table;
1735 uint32_t local_id = vuid;
1736
1737 return smbXsrv_session_local_lookup(table, conn, local_id, now,
1738 session);
1739 }
1740
1741 NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn)
1742 {
1743 /*
1744 * Allow a range from 1..4294967294 with 65534 (same as SMB1) values.
1745 */
1746 return smbXsrv_session_table_init(conn, 1, UINT32_MAX - 1,
1747 UINT16_MAX - 1);
1748 }
1749
1750 static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
1751 uint64_t session_id, NTTIME now,
1752 struct smbXsrv_session **session)
1753 {
1754 uint32_t local_id = session_id & UINT32_MAX;
1755 uint64_t local_zeros = session_id & 0xFFFFFFFF00000000LLU;
1756
1757 if (local_zeros != 0) {
1758 return NT_STATUS_USER_SESSION_DELETED;
1759 }
1760
1761 return smbXsrv_session_local_lookup(table, NULL, local_id, now,
1762 session);
1763 }
1764
1765 NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn,
1766 uint64_t session_id, NTTIME now,
1767 struct smbXsrv_session **session)
1768 {
1769 struct smbXsrv_session_table *table = conn->client->session_table;
1770 return smb2srv_session_lookup_raw(table, session_id, now, session);
1771 }
1772
1773 struct smbXsrv_session_global_traverse_state {
1774 int (*fn)(struct smbXsrv_session_global0 *, void *);
1775 void *private_data;
1776 };
1777
1778 static int smbXsrv_session_global_traverse_fn(struct db_record *rec, void *data)
1779 {
1780 int ret = -1;
1781 struct smbXsrv_session_global_traverse_state *state =
1782 (struct smbXsrv_session_global_traverse_state*)data;
1783 TDB_DATA key = dbwrap_record_get_key(rec);
1784 TDB_DATA val = dbwrap_record_get_value(rec);
1785 DATA_BLOB blob = data_blob_const(val.dptr, val.dsize);
1786 struct smbXsrv_session_globalB global_blob;
1787 enum ndr_err_code ndr_err;
1788 TALLOC_CTX *frame = talloc_stackframe();
1789
1790 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
1791 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
1792 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1793 DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:"
1794 "key '%s' ndr_pull_struct_blob - %s\n",
1795 hex_encode_talloc(frame, key.dptr, key.dsize),
1796 ndr_errstr(ndr_err)));
1797 goto done;
1798 }
1799
1800 if (global_blob.version != SMBXSRV_VERSION_0) {
1801 DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:"
1802 "key '%s' unsuported version - %d\n",
1803 hex_encode_talloc(frame, key.dptr, key.dsize),
1804 (int)global_blob.version));
1805 goto done;
1806 }
1807
1808 global_blob.info.info0->db_rec = rec;
1809 ret = state->fn(global_blob.info.info0, state->private_data);
1810 done:
1811 TALLOC_FREE(frame);
1812 return ret;
1813 }
1814
1815 NTSTATUS smbXsrv_session_global_traverse(
1816 int (*fn)(struct smbXsrv_session_global0 *, void *),
1817 void *private_data)
1818 {
1819
1820 NTSTATUS status;
1821 int count = 0;
1822 struct smbXsrv_session_global_traverse_state state = {
1823 .fn = fn,
1824 .private_data = private_data,
1825 };
1826
1827 become_root();
1828 status = smbXsrv_session_global_init();
1829 if (!NT_STATUS_IS_OK(status)) {
1830 unbecome_root();
1831 DEBUG(0, ("Failed to initialize session_global: %s\n",
1832 nt_errstr(status)));
1833 return status;
1834 }
1835
1836 status = dbwrap_traverse_read(smbXsrv_session_global_db_ctx,
1837 smbXsrv_session_global_traverse_fn,
1838 &state,
1839 &count);
1840 unbecome_root();
1841
1842 return status;
1843 }
Samba GIT mirror