search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self check
[Samba.git] / source3 / utils / conn_tdb.c
blob9be3d51a32bd01a0bb776b1920564cef8711e3ed
1 /*
2 Unix SMB/CIFS implementation.
3 Low-level connections.tdb access functions
4 Copyright (C) Volker Lendecke 2007
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/filesys.h"
22 #include "smbd/globals.h"
23 #include "dbwrap/dbwrap.h"
24 #include "dbwrap/dbwrap_open.h"
25 #include "dbwrap/dbwrap_rbt.h"
26 #include "messages.h"
27 #include "conn_tdb.h"
28 #include "util_tdb.h"
29 #include "lib/util/string_wrappers.h"
30
31 struct connections_forall_state {
32 struct db_context *session_by_pid;
33 int (*fn)(const struct connections_key *key,
34 const struct connections_data *data,
35 void *private_data);
36 void *private_data;
37 int count;
38 };
39
40 struct connections_forall_session {
41 uid_t uid;
42 gid_t gid;
43 fstring machine;
44 fstring addr;
45 uint16_t cipher;
46 uint16_t dialect;
47 uint16_t signing;
48 uint8_t signing_flags;
49 };
50
51 static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
52 void *connections_forall_state)
53 {
54 NTSTATUS status;
55 struct connections_forall_state *state =
56 (struct connections_forall_state*)connections_forall_state;
57
58 uint32_t id = global->session_global_id;
59 struct connections_forall_session sess;
60
61 if (global->auth_session_info == NULL) {
62 sess.uid = -1;
63 sess.gid = -1;
64 } else {
65 sess.uid = global->auth_session_info->unix_token->uid;
66 sess.gid = global->auth_session_info->unix_token->gid;
67 }
68 fstrcpy(sess.machine, global->channels[0].remote_name);
69 fstrcpy(sess.addr, global->channels[0].remote_address);
70 sess.cipher = global->channels[0].encryption_cipher;
71 sess.signing = global->channels[0].signing_algo;
72 sess.dialect = global->connection_dialect;
73 sess.signing_flags = global->signing_flags;
74
75 status = dbwrap_store(state->session_by_pid,
76 make_tdb_data((void*)&id, sizeof(id)),
77 make_tdb_data((void*)&sess, sizeof(sess)),
78 TDB_INSERT);
79 if (!NT_STATUS_IS_OK(status)) {
80 DEBUG(0, ("Failed to store record: %s\n", nt_errstr(status)));
81 }
82 return 0;
83 }
84
85 static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
86 void *connections_forall_state)
87 {
88 NTSTATUS status;
89 struct connections_forall_state *state =
90 (struct connections_forall_state*)connections_forall_state;
91
92 struct connections_key key;
93 struct connections_data data;
94
95 uint32_t sess_id = global->session_global_id;
96 struct connections_forall_session sess = {
97 .uid = -1,
98 .gid = -1,
99 };
100
101 TDB_DATA val = tdb_null;
102
103 /*
104 * Note: that share_name is defined as array without a pointer.
105 * that's why it's always a valid pointer here.
106 */
107 if (strlen(global->share_name) == 0) {
108 /*
109 * when a smbXsrv_tcon is created it's created
110 * with empty share_name first in order to allocate
111 * an id, before filling in the details.
112 */
113 return 0;
114 }
115
116 status = dbwrap_fetch(state->session_by_pid, state,
117 make_tdb_data((void*)&sess_id, sizeof(sess_id)),
118 &val);
119 if (NT_STATUS_IS_OK(status)) {
120 memcpy((uint8_t *)&sess, val.dptr, val.dsize);
121 }
122
123 ZERO_STRUCT(key);
124 ZERO_STRUCT(data);
125
126 key.pid = data.pid = global->server_id;
127 key.cnum = data.cnum = global->tcon_global_id;
128 fstrcpy(key.name, global->share_name);
129 fstrcpy(data.servicename, global->share_name);
130 data.uid = sess.uid;
131 data.gid = sess.gid;
132 fstrcpy(data.addr, sess.addr);
133 fstrcpy(data.machine, sess.machine);
134 data.start = nt_time_to_unix(global->creation_time);
135 data.encryption_flags = global->encryption_flags;
136 data.cipher = sess.cipher;
137 data.dialect = sess.dialect;
138 data.signing = sess.signing;
139 data.signing_flags = global->signing_flags;
140
141 state->count++;
142
143 return state->fn(&key, &data, state->private_data);
144 }
145
146 int connections_forall_read(int (*fn)(const struct connections_key *key,
147 const struct connections_data *data,
148 void *private_data),
149 void *private_data)
150 {
151 TALLOC_CTX *frame = talloc_stackframe();
152 struct connections_forall_state *state =
153 talloc_zero(talloc_tos(), struct connections_forall_state);
154 NTSTATUS status;
155 int ret = -1;
156
157 state->session_by_pid = db_open_rbt(state);
158 state->fn = fn;
159 state->private_data = private_data;
160 status = smbXsrv_session_global_traverse(collect_sessions_fn, state);
161 if (!NT_STATUS_IS_OK(status)) {
162 DEBUG(0, ("Failed to traverse sessions: %s\n",
163 nt_errstr(status)));
164 goto done;
165 }
166
167 status = smbXsrv_tcon_global_traverse(traverse_tcon_fn, state);
168 if (!NT_STATUS_IS_OK(status)) {
169 DEBUG(0, ("Failed to traverse tree connects: %s\n",
170 nt_errstr(status)));
171 goto done;
172 }
173 ret = state->count;
174 done:
175 talloc_free(frame);
176 return ret;
177 }
Samba GIT mirror