search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove an unused external reference
[Samba.git] / source / smbd / process.c
blob4672510d8d03f7a2ac224cf48947d3c3062ac4cb
1 /*
2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 extern int smb_echo_count;
24
25 static enum smb_read_errors smb_read_error = SMB_READ_OK;
26
27 /*
28 * Size of data we can send to client. Set
29 * by the client for all protocols above CORE.
30 * Set by us for CORE protocol.
31 */
32 int max_send = BUFFER_SIZE;
33 /*
34 * Size of the data we can receive. Set by us.
35 * Can be modified by the max xmit parameter.
36 */
37 int max_recv = BUFFER_SIZE;
38
39 SIG_ATOMIC_T reload_after_sighup = 0;
40 SIG_ATOMIC_T got_sig_term = 0;
41 extern bool global_machine_password_needs_changing;
42 extern int max_send;
43
44 /* Accessor function for smb_read_error for smbd functions. */
45
46 enum smb_read_errors *get_srv_read_error(void)
47 {
48 return &smb_read_error;
49 }
50
51 /****************************************************************************
52 Send an smb to a fd.
53 ****************************************************************************/
54
55 bool srv_send_smb(int fd, char *buffer, bool do_encrypt)
56 {
57 size_t len;
58 size_t nwritten=0;
59 ssize_t ret;
60 char *buf_out = buffer;
61
62 /* Sign the outgoing packet if required. */
63 srv_calculate_sign_mac(buf_out);
64
65 if (do_encrypt) {
66 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
67 if (!NT_STATUS_IS_OK(status)) {
68 DEBUG(0, ("send_smb: SMB encryption failed "
69 "on outgoing packet! Error %s\n",
70 nt_errstr(status) ));
71 return false;
72 }
73 }
74
75 len = smb_len(buf_out) + 4;
76
77 while (nwritten < len) {
78 ret = write_data(fd,buf_out+nwritten,len - nwritten);
79 if (ret <= 0) {
80 DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
81 (int)len,(int)ret, strerror(errno) ));
82 srv_free_enc_buffer(buf_out);
83 return false;
84 }
85 nwritten += ret;
86 }
87
88 srv_free_enc_buffer(buf_out);
89 return true;
90 }
91
92 /*******************************************************************
93 Setup the word count and byte count for a smb message.
94 ********************************************************************/
95
96 int srv_set_message(char *buf,
97 int num_words,
98 int num_bytes,
99 bool zero)
100 {
101 if (zero && (num_words || num_bytes)) {
102 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
103 }
104 SCVAL(buf,smb_wct,num_words);
105 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
106 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
107 return (smb_size + num_words*2 + num_bytes);
108 }
109
110 static bool valid_smb_header(const uint8_t *inbuf)
111 {
112 if (is_encrypted_packet(inbuf)) {
113 return true;
114 }
115 return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
116 }
117
118 /* Socket functions for smbd packet processing. */
119
120 static bool valid_packet_size(size_t len)
121 {
122 /*
123 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
124 * of header. Don't print the error if this fits.... JRA.
125 */
126
127 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
128 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
129 (unsigned long)len));
130 if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
131
132 /*
133 * Correct fix. smb_read_error may have already been
134 * set. Only set it here if not already set. Global
135 * variables still suck :-). JRA.
136 */
137
138 cond_set_smb_read_error(get_srv_read_error(),
139 SMB_READ_ERROR);
140 return false;
141 }
142 }
143 return true;
144 }
145
146 static ssize_t read_packet_remainder(int fd,
147 char *buffer,
148 unsigned int timeout,
149 ssize_t len)
150 {
151 ssize_t ret;
152
153 if(len <= 0) {
154 return len;
155 }
156
157 ret = read_socket_with_timeout(fd, buffer, len, len, timeout,
158 get_srv_read_error());
159
160 if (ret != len) {
161 cond_set_smb_read_error(get_srv_read_error(),
162 SMB_READ_ERROR);
163 return -1;
164 }
165
166 return len;
167 }
168
169 /****************************************************************************
170 Attempt a zerocopy writeX read. We know here that len > smb_size-4
171 ****************************************************************************/
172
173 /*
174 * Unfortunately, earlier versions of smbclient/libsmbclient
175 * don't send this "standard" writeX header. I've fixed this
176 * for 3.2 but we'll use the old method with earlier versions.
177 * Windows and CIFSFS at least use this standard size. Not
178 * sure about MacOSX.
179 */
180
181 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
182 (2*14) + /* word count (including bcc) */ \
183 1 /* pad byte */)
184
185 static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
186 const char lenbuf[4],
187 int fd,
188 char **buffer,
189 unsigned int timeout,
190 size_t *p_unread)
191 {
192 /* Size of a WRITEX call (+4 byte len). */
193 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
194 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
195 ssize_t toread;
196 ssize_t ret;
197
198 memcpy(writeX_header, lenbuf, sizeof(lenbuf));
199
200 ret = read_socket_with_timeout(fd, writeX_header + 4,
201 STANDARD_WRITE_AND_X_HEADER_SIZE,
202 STANDARD_WRITE_AND_X_HEADER_SIZE,
203 timeout, get_srv_read_error());
204
205 if (ret != STANDARD_WRITE_AND_X_HEADER_SIZE) {
206 cond_set_smb_read_error(get_srv_read_error(),
207 SMB_READ_ERROR);
208 return -1;
209 }
210
211 /*
212 * Ok - now try and see if this is a possible
213 * valid writeX call.
214 */
215
216 if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
217 /*
218 * If the data offset is beyond what
219 * we've read, drain the extra bytes.
220 */
221 uint16_t doff = SVAL(writeX_header,smb_vwv11);
222 ssize_t newlen;
223
224 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
225 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
226 if (drain_socket(smbd_server_fd(), drain) != drain) {
227 smb_panic("receive_smb_raw_talloc_partial_read:"
228 " failed to drain pending bytes");
229 }
230 } else {
231 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
232 }
233
234 /* Spoof down the length and null out the bcc. */
235 set_message_bcc(writeX_header, 0);
236 newlen = smb_len(writeX_header);
237
238 /* Copy the header we've written. */
239
240 *buffer = (char *)TALLOC_MEMDUP(mem_ctx,
241 writeX_header,
242 sizeof(writeX_header));
243
244 if (*buffer == NULL) {
245 DEBUG(0, ("Could not allocate inbuf of length %d\n",
246 (int)sizeof(writeX_header)));
247 cond_set_smb_read_error(get_srv_read_error(),
248 SMB_READ_ERROR);
249 return -1;
250 }
251
252 /* Work out the remaining bytes. */
253 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
254
255 return newlen + 4;
256 }
257
258 if (!valid_packet_size(len)) {
259 return -1;
260 }
261
262 /*
263 * Not a valid writeX call. Just do the standard
264 * talloc and return.
265 */
266
267 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
268
269 if (*buffer == NULL) {
270 DEBUG(0, ("Could not allocate inbuf of length %d\n",
271 (int)len+4));
272 cond_set_smb_read_error(get_srv_read_error(),
273 SMB_READ_ERROR);
274 return -1;
275 }
276
277 /* Copy in what we already read. */
278 memcpy(*buffer,
279 writeX_header,
280 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
281 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
282
283 if(toread > 0) {
284 ret = read_packet_remainder(fd,
285 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
286 timeout,
287 toread);
288 if (ret != toread) {
289 return -1;
290 }
291 }
292
293 return len + 4;
294 }
295
296 static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
297 int fd,
298 char **buffer,
299 unsigned int timeout,
300 size_t *p_unread)
301 {
302 char lenbuf[4];
303 ssize_t len,ret;
304 int min_recv_size = lp_min_receive_file_size();
305
306 set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
307 *p_unread = 0;
308
309 len = read_smb_length_return_keepalive(fd, lenbuf,
310 timeout, get_srv_read_error());
311 if (len < 0) {
312 DEBUG(10,("receive_smb_raw: length < 0!\n"));
313
314 /*
315 * Correct fix. smb_read_error may have already been
316 * set. Only set it here if not already set. Global
317 * variables still suck :-). JRA.
318 */
319
320 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
321 return -1;
322 }
323
324 if (CVAL(lenbuf,0) == 0 &&
325 min_recv_size &&
326 smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */
327 !srv_is_signing_active()) {
328
329 return receive_smb_raw_talloc_partial_read(mem_ctx,
330 lenbuf,
331 fd,
332 buffer,
333 timeout,
334 p_unread);
335 }
336
337 if (!valid_packet_size(len)) {
338 return -1;
339 }
340
341 /*
342 * The +4 here can't wrap, we've checked the length above already.
343 */
344
345 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
346
347 if (*buffer == NULL) {
348 DEBUG(0, ("Could not allocate inbuf of length %d\n",
349 (int)len+4));
350 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
351 return -1;
352 }
353
354 memcpy(*buffer, lenbuf, sizeof(lenbuf));
355
356 ret = read_packet_remainder(fd, (*buffer)+4, timeout, len);
357 if (ret != len) {
358 return -1;
359 }
360
361 return len + 4;
362 }
363
364 static ssize_t receive_smb_talloc(TALLOC_CTX *mem_ctx,
365 int fd,
366 char **buffer,
367 unsigned int timeout,
368 size_t *p_unread,
369 bool *p_encrypted)
370 {
371 ssize_t len;
372
373 *p_encrypted = false;
374
375 len = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout, p_unread);
376
377 if (len < 0) {
378 return -1;
379 }
380
381 if (is_encrypted_packet((uint8_t *)*buffer)) {
382 NTSTATUS status = srv_decrypt_buffer(*buffer);
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
385 "incoming packet! Error %s\n",
386 nt_errstr(status) ));
387 cond_set_smb_read_error(get_srv_read_error(),
388 SMB_READ_BAD_DECRYPT);
389 return -1;
390 }
391 *p_encrypted = true;
392 }
393
394 /* Check the incoming SMB signature. */
395 if (!srv_check_sign_mac(*buffer, true)) {
396 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
397 "incoming packet!\n"));
398 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_BAD_SIG);
399 return -1;
400 }
401
402 return len;
403 }
404
405 /*
406 * Initialize a struct smb_request from an inbuf
407 */
408
409 void init_smb_request(struct smb_request *req,
410 const uint8 *inbuf,
411 size_t unread_bytes,
412 bool encrypted)
413 {
414 size_t req_size = smb_len(inbuf) + 4;
415 /* Ensure we have at least smb_size bytes. */
416 if (req_size < smb_size) {
417 DEBUG(0,("init_smb_request: invalid request size %u\n",
418 (unsigned int)req_size ));
419 exit_server_cleanly("Invalid SMB request");
420 }
421 req->flags2 = SVAL(inbuf, smb_flg2);
422 req->smbpid = SVAL(inbuf, smb_pid);
423 req->mid = SVAL(inbuf, smb_mid);
424 req->vuid = SVAL(inbuf, smb_uid);
425 req->tid = SVAL(inbuf, smb_tid);
426 req->wct = CVAL(inbuf, smb_wct);
427 req->unread_bytes = unread_bytes;
428 req->encrypted = encrypted;
429 req->conn = conn_find(req->tid);
430
431 /* Ensure we have at least wct words and 2 bytes of bcc. */
432 if (smb_size + req->wct*2 > req_size) {
433 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
434 (unsigned int)req->wct,
435 (unsigned int)req_size));
436 exit_server_cleanly("Invalid SMB request");
437 }
438 /* Ensure bcc is correct. */
439 if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
440 DEBUG(0,("init_smb_request: invalid bcc number %u "
441 "(wct = %u, size %u)\n",
442 (unsigned int)smb_buflen(inbuf),
443 (unsigned int)req->wct,
444 (unsigned int)req_size));
445 exit_server_cleanly("Invalid SMB request");
446 }
447 req->inbuf = inbuf;
448 req->outbuf = NULL;
449 }
450
451 /****************************************************************************
452 structure to hold a linked list of queued messages.
453 for processing.
454 ****************************************************************************/
455
456 static struct pending_message_list *deferred_open_queue;
457
458 /****************************************************************************
459 Function to push a message onto the tail of a linked list of smb messages ready
460 for processing.
461 ****************************************************************************/
462
463 static bool push_queued_message(struct smb_request *req,
464 struct timeval request_time,
465 struct timeval end_time,
466 char *private_data, size_t private_len)
467 {
468 int msg_len = smb_len(req->inbuf) + 4;
469 struct pending_message_list *msg;
470
471 msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
472
473 if(msg == NULL) {
474 DEBUG(0,("push_message: malloc fail (1)\n"));
475 return False;
476 }
477
478 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
479 if(msg->buf.data == NULL) {
480 DEBUG(0,("push_message: malloc fail (2)\n"));
481 TALLOC_FREE(msg);
482 return False;
483 }
484
485 msg->request_time = request_time;
486 msg->end_time = end_time;
487 msg->encrypted = req->encrypted;
488
489 if (private_data) {
490 msg->private_data = data_blob_talloc(msg, private_data,
491 private_len);
492 if (msg->private_data.data == NULL) {
493 DEBUG(0,("push_message: malloc fail (3)\n"));
494 TALLOC_FREE(msg);
495 return False;
496 }
497 }
498
499 DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
500
501 DEBUG(10,("push_message: pushed message length %u on "
502 "deferred_open_queue\n", (unsigned int)msg_len));
503
504 return True;
505 }
506
507 /****************************************************************************
508 Function to delete a sharing violation open message by mid.
509 ****************************************************************************/
510
511 void remove_deferred_open_smb_message(uint16 mid)
512 {
513 struct pending_message_list *pml;
514
515 for (pml = deferred_open_queue; pml; pml = pml->next) {
516 if (mid == SVAL(pml->buf.data,smb_mid)) {
517 DEBUG(10,("remove_sharing_violation_open_smb_message: "
518 "deleting mid %u len %u\n",
519 (unsigned int)mid,
520 (unsigned int)pml->buf.length ));
521 DLIST_REMOVE(deferred_open_queue, pml);
522 TALLOC_FREE(pml);
523 return;
524 }
525 }
526 }
527
528 /****************************************************************************
529 Move a sharing violation open retry message to the front of the list and
530 schedule it for immediate processing.
531 ****************************************************************************/
532
533 void schedule_deferred_open_smb_message(uint16 mid)
534 {
535 struct pending_message_list *pml;
536 int i = 0;
537
538 for (pml = deferred_open_queue; pml; pml = pml->next) {
539 uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
540 DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
541 (unsigned int)msg_mid ));
542 if (mid == msg_mid) {
543 DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
544 mid ));
545 pml->end_time.tv_sec = 0;
546 pml->end_time.tv_usec = 0;
547 DLIST_PROMOTE(deferred_open_queue, pml);
548 return;
549 }
550 }
551
552 DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
553 mid ));
554 }
555
556 /****************************************************************************
557 Return true if this mid is on the deferred queue.
558 ****************************************************************************/
559
560 bool open_was_deferred(uint16 mid)
561 {
562 struct pending_message_list *pml;
563
564 for (pml = deferred_open_queue; pml; pml = pml->next) {
565 if (SVAL(pml->buf.data,smb_mid) == mid) {
566 return True;
567 }
568 }
569 return False;
570 }
571
572 /****************************************************************************
573 Return the message queued by this mid.
574 ****************************************************************************/
575
576 struct pending_message_list *get_open_deferred_message(uint16 mid)
577 {
578 struct pending_message_list *pml;
579
580 for (pml = deferred_open_queue; pml; pml = pml->next) {
581 if (SVAL(pml->buf.data,smb_mid) == mid) {
582 return pml;
583 }
584 }
585 return NULL;
586 }
587
588 /****************************************************************************
589 Function to push a deferred open smb message onto a linked list of local smb
590 messages ready for processing.
591 ****************************************************************************/
592
593 bool push_deferred_smb_message(struct smb_request *req,
594 struct timeval request_time,
595 struct timeval timeout,
596 char *private_data, size_t priv_len)
597 {
598 struct timeval end_time;
599
600 if (req->unread_bytes) {
601 DEBUG(0,("push_deferred_smb_message: logic error ! "
602 "unread_bytes = %u\n",
603 (unsigned int)req->unread_bytes ));
604 smb_panic("push_deferred_smb_message: "
605 "logic error unread_bytes != 0" );
606 }
607
608 end_time = timeval_sum(&request_time, &timeout);
609
610 DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
611 "timeout time [%u.%06u]\n",
612 (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
613 (unsigned int)end_time.tv_sec,
614 (unsigned int)end_time.tv_usec));
615
616 return push_queued_message(req, request_time, end_time,
617 private_data, priv_len);
618 }
619
620 struct idle_event {
621 struct timed_event *te;
622 struct timeval interval;
623 char *name;
624 bool (*handler)(const struct timeval *now, void *private_data);
625 void *private_data;
626 };
627
628 static void idle_event_handler(struct event_context *ctx,
629 struct timed_event *te,
630 const struct timeval *now,
631 void *private_data)
632 {
633 struct idle_event *event =
634 talloc_get_type_abort(private_data, struct idle_event);
635
636 TALLOC_FREE(event->te);
637
638 if (!event->handler(now, event->private_data)) {
639 /* Don't repeat, delete ourselves */
640 TALLOC_FREE(event);
641 return;
642 }
643
644 event->te = event_add_timed(ctx, event,
645 timeval_sum(now, &event->interval),
646 event->name,
647 idle_event_handler, event);
648
649 /* We can't do much but fail here. */
650 SMB_ASSERT(event->te != NULL);
651 }
652
653 struct idle_event *event_add_idle(struct event_context *event_ctx,
654 TALLOC_CTX *mem_ctx,
655 struct timeval interval,
656 const char *name,
657 bool (*handler)(const struct timeval *now,
658 void *private_data),
659 void *private_data)
660 {
661 struct idle_event *result;
662 struct timeval now = timeval_current();
663
664 result = TALLOC_P(mem_ctx, struct idle_event);
665 if (result == NULL) {
666 DEBUG(0, ("talloc failed\n"));
667 return NULL;
668 }
669
670 result->interval = interval;
671 result->handler = handler;
672 result->private_data = private_data;
673
674 if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
675 DEBUG(0, ("talloc failed\n"));
676 TALLOC_FREE(result);
677 return NULL;
678 }
679
680 result->te = event_add_timed(event_ctx, result,
681 timeval_sum(&now, &interval),
682 result->name,
683 idle_event_handler, result);
684 if (result->te == NULL) {
685 DEBUG(0, ("event_add_timed failed\n"));
686 TALLOC_FREE(result);
687 return NULL;
688 }
689
690 return result;
691 }
692
693 /****************************************************************************
694 Do all async processing in here. This includes kernel oplock messages, change
695 notify events etc.
696 ****************************************************************************/
697
698 static void async_processing(fd_set *pfds)
699 {
700 DEBUG(10,("async_processing: Doing async processing.\n"));
701
702 process_aio_queue();
703
704 process_kernel_oplocks(smbd_messaging_context(), pfds);
705
706 /* Do the aio check again after receive_local_message as it does a
707 select and may have eaten our signal. */
708 /* Is this till true? -- vl */
709 process_aio_queue();
710
711 if (got_sig_term) {
712 exit_server_cleanly("termination signal");
713 }
714
715 /* check for sighup processing */
716 if (reload_after_sighup) {
717 change_to_root_user();
718 DEBUG(1,("Reloading services after SIGHUP\n"));
719 reload_services(False);
720 reload_after_sighup = 0;
721 }
722 }
723
724 /****************************************************************************
725 Add a fd to the set we will be select(2)ing on.
726 ****************************************************************************/
727
728 static int select_on_fd(int fd, int maxfd, fd_set *fds)
729 {
730 if (fd != -1) {
731 FD_SET(fd, fds);
732 maxfd = MAX(maxfd, fd);
733 }
734
735 return maxfd;
736 }
737
738 /****************************************************************************
739 Do a select on an two fd's - with timeout.
740
741 If a local udp message has been pushed onto the
742 queue (this can only happen during oplock break
743 processing) call async_processing()
744
745 If a pending smb message has been pushed onto the
746 queue (this can only happen during oplock break
747 processing) return this next.
748
749 If the first smbfd is ready then read an smb from it.
750 if the second (loopback UDP) fd is ready then read a message
751 from it and setup the buffer header to identify the length
752 and from address.
753 Returns False on timeout or error.
754 Else returns True.
755
756 The timeout is in milliseconds
757 ****************************************************************************/
758
759 static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
760 char **buffer,
761 size_t *buffer_len,
762 int timeout,
763 size_t *p_unread,
764 bool *p_encrypted)
765 {
766 fd_set r_fds, w_fds;
767 int selrtn;
768 struct timeval to;
769 int maxfd = 0;
770 ssize_t len;
771
772 *p_unread = 0;
773 set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
774
775 again:
776
777 if (timeout >= 0) {
778 to.tv_sec = timeout / 1000;
779 to.tv_usec = (timeout % 1000) * 1000;
780 } else {
781 to.tv_sec = SMBD_SELECT_TIMEOUT;
782 to.tv_usec = 0;
783 }
784
785 /*
786 * Note that this call must be before processing any SMB
787 * messages as we need to synchronously process any messages
788 * we may have sent to ourselves from the previous SMB.
789 */
790 message_dispatch(smbd_messaging_context());
791
792 /*
793 * Check to see if we already have a message on the deferred open queue
794 * and it's time to schedule.
795 */
796 if(deferred_open_queue != NULL) {
797 bool pop_message = False;
798 struct pending_message_list *msg = deferred_open_queue;
799
800 if (timeval_is_zero(&msg->end_time)) {
801 pop_message = True;
802 } else {
803 struct timeval tv;
804 SMB_BIG_INT tdif;
805
806 GetTimeOfDay(&tv);
807 tdif = usec_time_diff(&msg->end_time, &tv);
808 if (tdif <= 0) {
809 /* Timed out. Schedule...*/
810 pop_message = True;
811 DEBUG(10,("receive_message_or_smb: queued message timed out.\n"));
812 } else {
813 /* Make a more accurate select timeout. */
814 to.tv_sec = tdif / 1000000;
815 to.tv_usec = tdif % 1000000;
816 DEBUG(10,("receive_message_or_smb: select with timeout of [%u.%06u]\n",
817 (unsigned int)to.tv_sec, (unsigned int)to.tv_usec ));
818 }
819 }
820
821 if (pop_message) {
822
823 *buffer = (char *)talloc_memdup(mem_ctx, msg->buf.data,
824 msg->buf.length);
825 if (*buffer == NULL) {
826 DEBUG(0, ("talloc failed\n"));
827 set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
828 return False;
829 }
830 *buffer_len = msg->buf.length;
831 *p_encrypted = msg->encrypted;
832
833 /* We leave this message on the queue so the open code can
834 know this is a retry. */
835 DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
836 return True;
837 }
838 }
839
840 /*
841 * Setup the select fd sets.
842 */
843
844 FD_ZERO(&r_fds);
845 FD_ZERO(&w_fds);
846
847 /*
848 * Ensure we process oplock break messages by preference.
849 * We have to do this before the select, after the select
850 * and if the select returns EINTR. This is due to the fact
851 * that the selects called from async_processing can eat an EINTR
852 * caused by a signal (we can't take the break message there).
853 * This is hideously complex - *MUST* be simplified for 3.0 ! JRA.
854 */
855
856 if (oplock_message_waiting(&r_fds)) {
857 DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n"));
858 async_processing(&r_fds);
859 /*
860 * After async processing we must go and do the select again, as
861 * the state of the flag in fds for the server file descriptor is
862 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
863 */
864 goto again;
865 }
866
867 /*
868 * Are there any timed events waiting ? If so, ensure we don't
869 * select for longer than it would take to wait for them.
870 */
871
872 {
873 struct timeval now;
874 GetTimeOfDay(&now);
875
876 event_add_to_select_args(smbd_event_context(), &now,
877 &r_fds, &w_fds, &to, &maxfd);
878 }
879
880 if (timeval_is_zero(&to)) {
881 /* Process a timed event now... */
882 if (run_events(smbd_event_context(), 0, NULL, NULL)) {
883 goto again;
884 }
885 }
886
887 {
888 int sav;
889 START_PROFILE(smbd_idle);
890
891 maxfd = select_on_fd(smbd_server_fd(), maxfd, &r_fds);
892 maxfd = select_on_fd(oplock_notify_fd(), maxfd, &r_fds);
893
894 selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
895 sav = errno;
896
897 END_PROFILE(smbd_idle);
898 errno = sav;
899 }
900
901 if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
902 goto again;
903 }
904
905 /* if we get EINTR then maybe we have received an oplock
906 signal - treat this as select returning 1. This is ugly, but
907 is the best we can do until the oplock code knows more about
908 signals */
909 if (selrtn == -1 && errno == EINTR) {
910 async_processing(&r_fds);
911 /*
912 * After async processing we must go and do the select again, as
913 * the state of the flag in fds for the server file descriptor is
914 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
915 */
916 goto again;
917 }
918
919 /* Check if error */
920 if (selrtn == -1) {
921 /* something is wrong. Maybe the socket is dead? */
922 set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
923 return False;
924 }
925
926 /* Did we timeout ? */
927 if (selrtn == 0) {
928 set_smb_read_error(get_srv_read_error(),SMB_READ_TIMEOUT);
929 return False;
930 }
931
932 /*
933 * Ensure we process oplock break messages by preference.
934 * This is IMPORTANT ! Otherwise we can starve other processes
935 * sending us an oplock break message. JRA.
936 */
937
938 if (oplock_message_waiting(&r_fds)) {
939 async_processing(&r_fds);
940 /*
941 * After async processing we must go and do the select again, as
942 * the state of the flag in fds for the server file descriptor is
943 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
944 */
945 goto again;
946 }
947
948 len = receive_smb_talloc(mem_ctx, smbd_server_fd(),
949 buffer, 0, p_unread, p_encrypted);
950
951 if (len == -1) {
952 return False;
953 }
954
955 *buffer_len = (size_t)len;
956
957 return True;
958 }
959
960 /*
961 * Only allow 5 outstanding trans requests. We're allocating memory, so
962 * prevent a DoS.
963 */
964
965 NTSTATUS allow_new_trans(struct trans_state *list, int mid)
966 {
967 int count = 0;
968 for (; list != NULL; list = list->next) {
969
970 if (list->mid == mid) {
971 return NT_STATUS_INVALID_PARAMETER;
972 }
973
974 count += 1;
975 }
976 if (count > 5) {
977 return NT_STATUS_INSUFFICIENT_RESOURCES;
978 }
979
980 return NT_STATUS_OK;
981 }
982
983 /****************************************************************************
984 We're terminating and have closed all our files/connections etc.
985 If there are any pending local messages we need to respond to them
986 before termination so that other smbds don't think we just died whilst
987 holding oplocks.
988 ****************************************************************************/
989
990 void respond_to_all_remaining_local_messages(void)
991 {
992 /*
993 * Assert we have no exclusive open oplocks.
994 */
995
996 if(get_number_of_exclusive_open_oplocks()) {
997 DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
998 get_number_of_exclusive_open_oplocks() ));
999 return;
1000 }
1001
1002 process_kernel_oplocks(smbd_messaging_context(), NULL);
1003
1004 return;
1005 }
1006
1007
1008 /*
1009 These flags determine some of the permissions required to do an operation
1010
1011 Note that I don't set NEED_WRITE on some write operations because they
1012 are used by some brain-dead clients when printing, and I don't want to
1013 force write permissions on print services.
1014 */
1015 #define AS_USER (1<<0)
1016 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
1017 #define TIME_INIT (1<<2)
1018 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
1019 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
1020 #define DO_CHDIR (1<<6)
1021
1022 /*
1023 define a list of possible SMB messages and their corresponding
1024 functions. Any message that has a NULL function is unimplemented -
1025 please feel free to contribute implementations!
1026 */
1027 static const struct smb_message_struct {
1028 const char *name;
1029 void (*fn_new)(struct smb_request *req);
1030 int flags;
1031 } smb_messages[256] = {
1032
1033 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1034 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1035 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1036 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1037 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1038 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1039 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1040 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1041 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1042 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1043 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1044 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1045 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1046 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1047 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1048 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1049 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1050 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1051 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1052 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1053 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1054 /* 0x15 */ { NULL, NULL, 0 },
1055 /* 0x16 */ { NULL, NULL, 0 },
1056 /* 0x17 */ { NULL, NULL, 0 },
1057 /* 0x18 */ { NULL, NULL, 0 },
1058 /* 0x19 */ { NULL, NULL, 0 },
1059 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1060 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1061 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1062 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1063 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1064 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1065 /* 0x20 */ { "SMBwritec", NULL,0},
1066 /* 0x21 */ { NULL, NULL, 0 },
1067 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1068 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1069 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1070 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1071 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1072 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1073 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1074 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1075 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1076 /* 0x2b */ { "SMBecho",reply_echo,0},
1077 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1078 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1079 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1080 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1081 /* 0x30 */ { NULL, NULL, 0 },
1082 /* 0x31 */ { NULL, NULL, 0 },
1083 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1084 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER},
1085 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1086 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1087 /* 0x36 */ { NULL, NULL, 0 },
1088 /* 0x37 */ { NULL, NULL, 0 },
1089 /* 0x38 */ { NULL, NULL, 0 },
1090 /* 0x39 */ { NULL, NULL, 0 },
1091 /* 0x3a */ { NULL, NULL, 0 },
1092 /* 0x3b */ { NULL, NULL, 0 },
1093 /* 0x3c */ { NULL, NULL, 0 },
1094 /* 0x3d */ { NULL, NULL, 0 },
1095 /* 0x3e */ { NULL, NULL, 0 },
1096 /* 0x3f */ { NULL, NULL, 0 },
1097 /* 0x40 */ { NULL, NULL, 0 },
1098 /* 0x41 */ { NULL, NULL, 0 },
1099 /* 0x42 */ { NULL, NULL, 0 },
1100 /* 0x43 */ { NULL, NULL, 0 },
1101 /* 0x44 */ { NULL, NULL, 0 },
1102 /* 0x45 */ { NULL, NULL, 0 },
1103 /* 0x46 */ { NULL, NULL, 0 },
1104 /* 0x47 */ { NULL, NULL, 0 },
1105 /* 0x48 */ { NULL, NULL, 0 },
1106 /* 0x49 */ { NULL, NULL, 0 },
1107 /* 0x4a */ { NULL, NULL, 0 },
1108 /* 0x4b */ { NULL, NULL, 0 },
1109 /* 0x4c */ { NULL, NULL, 0 },
1110 /* 0x4d */ { NULL, NULL, 0 },
1111 /* 0x4e */ { NULL, NULL, 0 },
1112 /* 0x4f */ { NULL, NULL, 0 },
1113 /* 0x50 */ { NULL, NULL, 0 },
1114 /* 0x51 */ { NULL, NULL, 0 },
1115 /* 0x52 */ { NULL, NULL, 0 },
1116 /* 0x53 */ { NULL, NULL, 0 },
1117 /* 0x54 */ { NULL, NULL, 0 },
1118 /* 0x55 */ { NULL, NULL, 0 },
1119 /* 0x56 */ { NULL, NULL, 0 },
1120 /* 0x57 */ { NULL, NULL, 0 },
1121 /* 0x58 */ { NULL, NULL, 0 },
1122 /* 0x59 */ { NULL, NULL, 0 },
1123 /* 0x5a */ { NULL, NULL, 0 },
1124 /* 0x5b */ { NULL, NULL, 0 },
1125 /* 0x5c */ { NULL, NULL, 0 },
1126 /* 0x5d */ { NULL, NULL, 0 },
1127 /* 0x5e */ { NULL, NULL, 0 },
1128 /* 0x5f */ { NULL, NULL, 0 },
1129 /* 0x60 */ { NULL, NULL, 0 },
1130 /* 0x61 */ { NULL, NULL, 0 },
1131 /* 0x62 */ { NULL, NULL, 0 },
1132 /* 0x63 */ { NULL, NULL, 0 },
1133 /* 0x64 */ { NULL, NULL, 0 },
1134 /* 0x65 */ { NULL, NULL, 0 },
1135 /* 0x66 */ { NULL, NULL, 0 },
1136 /* 0x67 */ { NULL, NULL, 0 },
1137 /* 0x68 */ { NULL, NULL, 0 },
1138 /* 0x69 */ { NULL, NULL, 0 },
1139 /* 0x6a */ { NULL, NULL, 0 },
1140 /* 0x6b */ { NULL, NULL, 0 },
1141 /* 0x6c */ { NULL, NULL, 0 },
1142 /* 0x6d */ { NULL, NULL, 0 },
1143 /* 0x6e */ { NULL, NULL, 0 },
1144 /* 0x6f */ { NULL, NULL, 0 },
1145 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1146 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1147 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1148 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1149 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1150 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1151 /* 0x76 */ { NULL, NULL, 0 },
1152 /* 0x77 */ { NULL, NULL, 0 },
1153 /* 0x78 */ { NULL, NULL, 0 },
1154 /* 0x79 */ { NULL, NULL, 0 },
1155 /* 0x7a */ { NULL, NULL, 0 },
1156 /* 0x7b */ { NULL, NULL, 0 },
1157 /* 0x7c */ { NULL, NULL, 0 },
1158 /* 0x7d */ { NULL, NULL, 0 },
1159 /* 0x7e */ { NULL, NULL, 0 },
1160 /* 0x7f */ { NULL, NULL, 0 },
1161 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1162 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1163 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1164 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1165 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1166 /* 0x85 */ { NULL, NULL, 0 },
1167 /* 0x86 */ { NULL, NULL, 0 },
1168 /* 0x87 */ { NULL, NULL, 0 },
1169 /* 0x88 */ { NULL, NULL, 0 },
1170 /* 0x89 */ { NULL, NULL, 0 },
1171 /* 0x8a */ { NULL, NULL, 0 },
1172 /* 0x8b */ { NULL, NULL, 0 },
1173 /* 0x8c */ { NULL, NULL, 0 },
1174 /* 0x8d */ { NULL, NULL, 0 },
1175 /* 0x8e */ { NULL, NULL, 0 },
1176 /* 0x8f */ { NULL, NULL, 0 },
1177 /* 0x90 */ { NULL, NULL, 0 },
1178 /* 0x91 */ { NULL, NULL, 0 },
1179 /* 0x92 */ { NULL, NULL, 0 },
1180 /* 0x93 */ { NULL, NULL, 0 },
1181 /* 0x94 */ { NULL, NULL, 0 },
1182 /* 0x95 */ { NULL, NULL, 0 },
1183 /* 0x96 */ { NULL, NULL, 0 },
1184 /* 0x97 */ { NULL, NULL, 0 },
1185 /* 0x98 */ { NULL, NULL, 0 },
1186 /* 0x99 */ { NULL, NULL, 0 },
1187 /* 0x9a */ { NULL, NULL, 0 },
1188 /* 0x9b */ { NULL, NULL, 0 },
1189 /* 0x9c */ { NULL, NULL, 0 },
1190 /* 0x9d */ { NULL, NULL, 0 },
1191 /* 0x9e */ { NULL, NULL, 0 },
1192 /* 0x9f */ { NULL, NULL, 0 },
1193 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1194 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1195 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1196 /* 0xa3 */ { NULL, NULL, 0 },
1197 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1198 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1199 /* 0xa6 */ { NULL, NULL, 0 },
1200 /* 0xa7 */ { NULL, NULL, 0 },
1201 /* 0xa8 */ { NULL, NULL, 0 },
1202 /* 0xa9 */ { NULL, NULL, 0 },
1203 /* 0xaa */ { NULL, NULL, 0 },
1204 /* 0xab */ { NULL, NULL, 0 },
1205 /* 0xac */ { NULL, NULL, 0 },
1206 /* 0xad */ { NULL, NULL, 0 },
1207 /* 0xae */ { NULL, NULL, 0 },
1208 /* 0xaf */ { NULL, NULL, 0 },
1209 /* 0xb0 */ { NULL, NULL, 0 },
1210 /* 0xb1 */ { NULL, NULL, 0 },
1211 /* 0xb2 */ { NULL, NULL, 0 },
1212 /* 0xb3 */ { NULL, NULL, 0 },
1213 /* 0xb4 */ { NULL, NULL, 0 },
1214 /* 0xb5 */ { NULL, NULL, 0 },
1215 /* 0xb6 */ { NULL, NULL, 0 },
1216 /* 0xb7 */ { NULL, NULL, 0 },
1217 /* 0xb8 */ { NULL, NULL, 0 },
1218 /* 0xb9 */ { NULL, NULL, 0 },
1219 /* 0xba */ { NULL, NULL, 0 },
1220 /* 0xbb */ { NULL, NULL, 0 },
1221 /* 0xbc */ { NULL, NULL, 0 },
1222 /* 0xbd */ { NULL, NULL, 0 },
1223 /* 0xbe */ { NULL, NULL, 0 },
1224 /* 0xbf */ { NULL, NULL, 0 },
1225 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1226 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1227 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1228 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1229 /* 0xc4 */ { NULL, NULL, 0 },
1230 /* 0xc5 */ { NULL, NULL, 0 },
1231 /* 0xc6 */ { NULL, NULL, 0 },
1232 /* 0xc7 */ { NULL, NULL, 0 },
1233 /* 0xc8 */ { NULL, NULL, 0 },
1234 /* 0xc9 */ { NULL, NULL, 0 },
1235 /* 0xca */ { NULL, NULL, 0 },
1236 /* 0xcb */ { NULL, NULL, 0 },
1237 /* 0xcc */ { NULL, NULL, 0 },
1238 /* 0xcd */ { NULL, NULL, 0 },
1239 /* 0xce */ { NULL, NULL, 0 },
1240 /* 0xcf */ { NULL, NULL, 0 },
1241 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1242 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1243 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1244 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1245 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1246 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1247 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1248 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1249 /* 0xd8 */ { NULL, NULL, 0 },
1250 /* 0xd9 */ { NULL, NULL, 0 },
1251 /* 0xda */ { NULL, NULL, 0 },
1252 /* 0xdb */ { NULL, NULL, 0 },
1253 /* 0xdc */ { NULL, NULL, 0 },
1254 /* 0xdd */ { NULL, NULL, 0 },
1255 /* 0xde */ { NULL, NULL, 0 },
1256 /* 0xdf */ { NULL, NULL, 0 },
1257 /* 0xe0 */ { NULL, NULL, 0 },
1258 /* 0xe1 */ { NULL, NULL, 0 },
1259 /* 0xe2 */ { NULL, NULL, 0 },
1260 /* 0xe3 */ { NULL, NULL, 0 },
1261 /* 0xe4 */ { NULL, NULL, 0 },
1262 /* 0xe5 */ { NULL, NULL, 0 },
1263 /* 0xe6 */ { NULL, NULL, 0 },
1264 /* 0xe7 */ { NULL, NULL, 0 },
1265 /* 0xe8 */ { NULL, NULL, 0 },
1266 /* 0xe9 */ { NULL, NULL, 0 },
1267 /* 0xea */ { NULL, NULL, 0 },
1268 /* 0xeb */ { NULL, NULL, 0 },
1269 /* 0xec */ { NULL, NULL, 0 },
1270 /* 0xed */ { NULL, NULL, 0 },
1271 /* 0xee */ { NULL, NULL, 0 },
1272 /* 0xef */ { NULL, NULL, 0 },
1273 /* 0xf0 */ { NULL, NULL, 0 },
1274 /* 0xf1 */ { NULL, NULL, 0 },
1275 /* 0xf2 */ { NULL, NULL, 0 },
1276 /* 0xf3 */ { NULL, NULL, 0 },
1277 /* 0xf4 */ { NULL, NULL, 0 },
1278 /* 0xf5 */ { NULL, NULL, 0 },
1279 /* 0xf6 */ { NULL, NULL, 0 },
1280 /* 0xf7 */ { NULL, NULL, 0 },
1281 /* 0xf8 */ { NULL, NULL, 0 },
1282 /* 0xf9 */ { NULL, NULL, 0 },
1283 /* 0xfa */ { NULL, NULL, 0 },
1284 /* 0xfb */ { NULL, NULL, 0 },
1285 /* 0xfc */ { NULL, NULL, 0 },
1286 /* 0xfd */ { NULL, NULL, 0 },
1287 /* 0xfe */ { NULL, NULL, 0 },
1288 /* 0xff */ { NULL, NULL, 0 }
1289
1290 };
1291
1292 /*******************************************************************
1293 allocate and initialize a reply packet
1294 ********************************************************************/
1295
1296 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1297 {
1298 /*
1299 * Protect against integer wrap
1300 */
1301 if ((num_bytes > 0xffffff)
1302 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1303 char *msg;
1304 asprintf(&msg, "num_bytes too large: %u",
1305 (unsigned)num_bytes);
1306 smb_panic(msg);
1307 }
1308
1309 if (!(req->outbuf = TALLOC_ARRAY(
1310 req, uint8,
1311 smb_size + num_words*2 + num_bytes))) {
1312 smb_panic("could not allocate output buffer\n");
1313 }
1314
1315 construct_reply_common((char *)req->inbuf, (char *)req->outbuf);
1316 srv_set_message((char *)req->outbuf, num_words, num_bytes, false);
1317 /*
1318 * Zero out the word area, the caller has to take care of the bcc area
1319 * himself
1320 */
1321 if (num_words != 0) {
1322 memset(req->outbuf + smb_vwv0, 0, num_words*2);
1323 }
1324
1325 return;
1326 }
1327
1328
1329 /*******************************************************************
1330 Dump a packet to a file.
1331 ********************************************************************/
1332
1333 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1334 {
1335 int fd, i;
1336 char *fname = NULL;
1337 if (DEBUGLEVEL < 50) {
1338 return;
1339 }
1340
1341 if (len < 4) len = smb_len(data)+4;
1342 for (i=1;i<100;i++) {
1343 asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1344 type ? "req" : "resp");
1345 if (!fname) {
1346 return;
1347 }
1348 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1349 if (fd != -1 || errno != EEXIST) break;
1350 }
1351 if (fd != -1) {
1352 ssize_t ret = write(fd, data, len);
1353 if (ret != len)
1354 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1355 close(fd);
1356 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1357 }
1358 SAFE_FREE(fname);
1359 }
1360
1361 /****************************************************************************
1362 Prepare everything for calling the actual request function, and potentially
1363 call the request function via the "new" interface.
1364
1365 Return False if the "legacy" function needs to be called, everything is
1366 prepared.
1367
1368 Return True if we're done.
1369
1370 I know this API sucks, but it is the one with the least code change I could
1371 find.
1372 ****************************************************************************/
1373
1374 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1375 {
1376 int flags;
1377 uint16 session_tag;
1378 connection_struct *conn = NULL;
1379
1380 static uint16 last_session_tag = UID_FIELD_INVALID;
1381
1382 errno = 0;
1383
1384 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1385 * so subtract 4 from it. */
1386 if (!valid_smb_header(req->inbuf)
1387 || (size < (smb_size - 4))) {
1388 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1389 smb_len(req->inbuf)));
1390 exit_server_cleanly("Non-SMB packet");
1391 }
1392
1393 if (smb_messages[type].fn_new == NULL) {
1394 DEBUG(0,("Unknown message type %d!\n",type));
1395 smb_dump("Unknown", 1, (char *)req->inbuf, size);
1396 reply_unknown_new(req, type);
1397 return NULL;
1398 }
1399
1400 flags = smb_messages[type].flags;
1401
1402 /* In share mode security we must ignore the vuid. */
1403 session_tag = (lp_security() == SEC_SHARE)
1404 ? UID_FIELD_INVALID : req->vuid;
1405 conn = req->conn;
1406
1407 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1408 (int)sys_getpid(), (unsigned long)conn));
1409
1410 smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1411
1412 /* Ensure this value is replaced in the incoming packet. */
1413 SSVAL(req->inbuf,smb_uid,session_tag);
1414
1415 /*
1416 * Ensure the correct username is in current_user_info. This is a
1417 * really ugly bugfix for problems with multiple session_setup_and_X's
1418 * being done and allowing %U and %G substitutions to work correctly.
1419 * There is a reason this code is done here, don't move it unless you
1420 * know what you're doing... :-).
1421 * JRA.
1422 */
1423
1424 if (session_tag != last_session_tag) {
1425 user_struct *vuser = NULL;
1426
1427 last_session_tag = session_tag;
1428 if(session_tag != UID_FIELD_INVALID) {
1429 vuser = get_valid_user_struct(session_tag);
1430 if (vuser) {
1431 set_current_user_info(&vuser->user);
1432 }
1433 }
1434 }
1435
1436 /* Does this call need to be run as the connected user? */
1437 if (flags & AS_USER) {
1438
1439 /* Does this call need a valid tree connection? */
1440 if (!conn) {
1441 /*
1442 * Amazingly, the error code depends on the command
1443 * (from Samba4).
1444 */
1445 if (type == SMBntcreateX) {
1446 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1447 } else {
1448 reply_doserror(req, ERRSRV, ERRinvnid);
1449 }
1450 return NULL;
1451 }
1452
1453 if (!change_to_user(conn,session_tag)) {
1454 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
1455 return conn;
1456 }
1457
1458 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1459
1460 /* Does it need write permission? */
1461 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1462 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1463 return conn;
1464 }
1465
1466 /* IPC services are limited */
1467 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1468 reply_doserror(req, ERRSRV,ERRaccess);
1469 return conn;
1470 }
1471 } else {
1472 /* This call needs to be run as root */
1473 change_to_root_user();
1474 }
1475
1476 /* load service specific parameters */
1477 if (conn) {
1478 if (req->encrypted) {
1479 conn->encrypted_tid = true;
1480 /* encrypted required from now on. */
1481 conn->encrypt_level = Required;
1482 } else if (ENCRYPTION_REQUIRED(conn)) {
1483 uint8 com = CVAL(req->inbuf,smb_com);
1484 if (com != SMBtrans2 && com != SMBtranss2) {
1485 exit_server_cleanly("encryption required "
1486 "on connection");
1487 return conn;
1488 }
1489 }
1490
1491 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1492 (flags & (AS_USER|DO_CHDIR)
1493 ?True:False))) {
1494 reply_doserror(req, ERRSRV, ERRaccess);
1495 return conn;
1496 }
1497 conn->num_smb_operations++;
1498 }
1499
1500 /* does this protocol need to be run as guest? */
1501 if ((flags & AS_GUEST)
1502 && (!change_to_guest() ||
1503 !check_access(smbd_server_fd(), lp_hostsallow(-1),
1504 lp_hostsdeny(-1)))) {
1505 reply_doserror(req, ERRSRV, ERRaccess);
1506 return conn;
1507 }
1508
1509 smb_messages[type].fn_new(req);
1510 return req->conn;
1511 }
1512
1513 /****************************************************************************
1514 Construct a reply to the incoming packet.
1515 ****************************************************************************/
1516
1517 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
1518 {
1519 uint8 type = CVAL(inbuf,smb_com);
1520 connection_struct *conn;
1521 struct smb_request *req;
1522
1523 chain_size = 0;
1524 file_chain_reset();
1525 reset_chain_p();
1526
1527 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1528 smb_panic("could not allocate smb_request");
1529 }
1530 init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
1531
1532 conn = switch_message(type, req, size);
1533
1534 if (req->unread_bytes) {
1535 /* writeX failed. drain socket. */
1536 if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1537 req->unread_bytes) {
1538 smb_panic("failed to drain pending bytes");
1539 }
1540 req->unread_bytes = 0;
1541 }
1542
1543 if (req->outbuf == NULL) {
1544 return;
1545 }
1546
1547 if (CVAL(req->outbuf,0) == 0) {
1548 show_msg((char *)req->outbuf);
1549 }
1550
1551 if (!srv_send_smb(smbd_server_fd(),
1552 (char *)req->outbuf,
1553 IS_CONN_ENCRYPTED(conn)||req->encrypted)) {
1554 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1555 }
1556
1557 TALLOC_FREE(req);
1558
1559 return;
1560 }
1561
1562 /****************************************************************************
1563 Process an smb from the client
1564 ****************************************************************************/
1565
1566 static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool encrypted)
1567 {
1568 static int trans_num;
1569 int msg_type = CVAL(inbuf,0);
1570
1571 DO_PROFILE_INC(smb_count);
1572
1573 if (trans_num == 0) {
1574 char addr[INET6_ADDRSTRLEN];
1575
1576 /* on the first packet, check the global hosts allow/ hosts
1577 deny parameters before doing any parsing of the packet
1578 passed to us by the client. This prevents attacks on our
1579 parsing code from hosts not in the hosts allow list */
1580
1581 if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
1582 lp_hostsdeny(-1))) {
1583 /* send a negative session response "not listening on calling name" */
1584 static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1585 DEBUG( 1, ( "Connection denied from %s\n",
1586 client_addr(get_client_fd(),addr,sizeof(addr)) ) );
1587 (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
1588 exit_server_cleanly("connection denied");
1589 }
1590 }
1591
1592 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1593 smb_len(inbuf) ) );
1594 DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1595 (int)nread,
1596 (unsigned int)unread_bytes ));
1597
1598 if (msg_type != 0) {
1599 /*
1600 * NetBIOS session request, keepalive, etc.
1601 */
1602 reply_special(inbuf);
1603 return;
1604 }
1605
1606 show_msg(inbuf);
1607
1608 construct_reply(inbuf,nread,unread_bytes,encrypted);
1609
1610 trans_num++;
1611 }
1612
1613 /****************************************************************************
1614 Return a string containing the function name of a SMB command.
1615 ****************************************************************************/
1616
1617 const char *smb_fn_name(int type)
1618 {
1619 const char *unknown_name = "SMBunknown";
1620
1621 if (smb_messages[type].name == NULL)
1622 return(unknown_name);
1623
1624 return(smb_messages[type].name);
1625 }
1626
1627 /****************************************************************************
1628 Helper functions for contruct_reply.
1629 ****************************************************************************/
1630
1631 static uint32 common_flags2 = FLAGS2_LONG_PATH_COMPONENTS|FLAGS2_32_BIT_ERROR_CODES;
1632
1633 void add_to_common_flags2(uint32 v)
1634 {
1635 common_flags2 |= v;
1636 }
1637
1638 void remove_from_common_flags2(uint32 v)
1639 {
1640 common_flags2 &= ~v;
1641 }
1642
1643 void construct_reply_common(const char *inbuf, char *outbuf)
1644 {
1645 srv_set_message(outbuf,0,0,false);
1646
1647 SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
1648 SIVAL(outbuf,smb_rcls,0);
1649 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1650 SSVAL(outbuf,smb_flg2,
1651 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1652 common_flags2);
1653 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1654
1655 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1656 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1657 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1658 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1659 }
1660
1661 /****************************************************************************
1662 Construct a chained reply and add it to the already made reply
1663 ****************************************************************************/
1664
1665 void chain_reply(struct smb_request *req)
1666 {
1667 static char *orig_inbuf;
1668
1669 /*
1670 * Dirty little const_discard: We mess with req->inbuf, which is
1671 * declared as const. If maybe at some point this routine gets
1672 * rewritten, this const_discard could go away.
1673 */
1674 char *inbuf = CONST_DISCARD(char *, req->inbuf);
1675 int size = smb_len(req->inbuf)+4;
1676
1677 int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
1678 unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
1679 char *inbuf2;
1680 int outsize2;
1681 int new_size;
1682 char inbuf_saved[smb_wct];
1683 char *outbuf = (char *)req->outbuf;
1684 size_t outsize = smb_len(outbuf) + 4;
1685 size_t outsize_padded;
1686 size_t ofs, to_move;
1687
1688 struct smb_request *req2;
1689 size_t caller_outputlen;
1690 char *caller_output;
1691
1692 /* Maybe its not chained, or it's an error packet. */
1693 if (smb_com2 == 0xFF || SVAL(outbuf,smb_rcls) != 0) {
1694 SCVAL(outbuf,smb_vwv0,0xFF);
1695 return;
1696 }
1697
1698 if (chain_size == 0) {
1699 /* this is the first part of the chain */
1700 orig_inbuf = inbuf;
1701 }
1702
1703 /*
1704 * We need to save the output the caller added to the chain so that we
1705 * can splice it into the final output buffer later.
1706 */
1707
1708 caller_outputlen = outsize - smb_wct;
1709
1710 caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
1711
1712 if (caller_output == NULL) {
1713 /* TODO: NT_STATUS_NO_MEMORY */
1714 smb_panic("could not dup outbuf");
1715 }
1716
1717 /*
1718 * The original Win95 redirector dies on a reply to
1719 * a lockingX and read chain unless the chain reply is
1720 * 4 byte aligned. JRA.
1721 */
1722
1723 outsize_padded = (outsize + 3) & ~3;
1724
1725 /*
1726 * remember how much the caller added to the chain, only counting
1727 * stuff after the parameter words
1728 */
1729 chain_size += outsize_padded - smb_wct;
1730
1731 /*
1732 * work out pointers into the original packets. The
1733 * headers on these need to be filled in
1734 */
1735 inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
1736
1737 /* remember the original command type */
1738 smb_com1 = CVAL(orig_inbuf,smb_com);
1739
1740 /* save the data which will be overwritten by the new headers */
1741 memcpy(inbuf_saved,inbuf2,smb_wct);
1742
1743 /* give the new packet the same header as the last part of the SMB */
1744 memmove(inbuf2,inbuf,smb_wct);
1745
1746 /* create the in buffer */
1747 SCVAL(inbuf2,smb_com,smb_com2);
1748
1749 /* work out the new size for the in buffer. */
1750 new_size = size - (inbuf2 - inbuf);
1751 if (new_size < 0) {
1752 DEBUG(0,("chain_reply: chain packet size incorrect "
1753 "(orig size = %d, offset = %d)\n",
1754 size, (int)(inbuf2 - inbuf) ));
1755 exit_server_cleanly("Bad chained packet");
1756 return;
1757 }
1758
1759 /* And set it in the header. */
1760 smb_setlen(inbuf2, new_size - 4);
1761
1762 DEBUG(3,("Chained message\n"));
1763 show_msg(inbuf2);
1764
1765 if (!(req2 = talloc(talloc_tos(), struct smb_request))) {
1766 smb_panic("could not allocate smb_request");
1767 }
1768 init_smb_request(req2, (uint8 *)inbuf2,0, req->encrypted);
1769
1770 /* process the request */
1771 switch_message(smb_com2, req2, new_size);
1772
1773 /*
1774 * We don't accept deferred operations in chained requests.
1775 */
1776 SMB_ASSERT(req2->outbuf != NULL);
1777 outsize2 = smb_len(req2->outbuf)+4;
1778
1779 /*
1780 * Move away the new command output so that caller_output fits in,
1781 * copy in the caller_output saved above.
1782 */
1783
1784 SMB_ASSERT(outsize_padded >= smb_wct);
1785
1786 /*
1787 * "ofs" is the space we need for caller_output. Equal to
1788 * caller_outputlen plus the padding.
1789 */
1790
1791 ofs = outsize_padded - smb_wct;
1792
1793 /*
1794 * "to_move" is the amount of bytes the secondary routine gave us
1795 */
1796
1797 to_move = outsize2 - smb_wct;
1798
1799 if (to_move + ofs + smb_wct + chain_size > max_send) {
1800 smb_panic("replies too large -- would have to cut");
1801 }
1802
1803 /*
1804 * In the "new" API "outbuf" is allocated via reply_outbuf, just for
1805 * the first request in the chain. So we have to re-allocate it. In
1806 * the "old" API the only outbuf ever used is the global OutBuffer
1807 * which is always large enough.
1808 */
1809
1810 outbuf = TALLOC_REALLOC_ARRAY(NULL, outbuf, char,
1811 to_move + ofs + smb_wct);
1812 if (outbuf == NULL) {
1813 smb_panic("could not realloc outbuf");
1814 }
1815
1816 req->outbuf = (uint8 *)outbuf;
1817
1818 memmove(outbuf + smb_wct + ofs, req2->outbuf + smb_wct, to_move);
1819 memcpy(outbuf + smb_wct, caller_output, caller_outputlen);
1820
1821 /*
1822 * copy the new reply header over the old one but preserve the smb_com
1823 * field
1824 */
1825 memmove(outbuf, req2->outbuf, smb_wct);
1826 SCVAL(outbuf, smb_com, smb_com1);
1827
1828 /*
1829 * We've just copied in the whole "wct" area from the secondary
1830 * function. Fix up the chaining: com2 and the offset need to be
1831 * readjusted.
1832 */
1833
1834 SCVAL(outbuf, smb_vwv0, smb_com2);
1835 SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
1836
1837 if (outsize_padded > outsize) {
1838
1839 /*
1840 * Due to padding we have some uninitialized bytes after the
1841 * caller's output
1842 */
1843
1844 memset(outbuf + outsize, 0, outsize_padded - outsize);
1845 }
1846
1847 smb_setlen(outbuf, outsize2 + chain_size - 4);
1848
1849 /*
1850 * restore the saved data, being careful not to overwrite any data
1851 * from the reply header
1852 */
1853 memcpy(inbuf2,inbuf_saved,smb_wct);
1854
1855 SAFE_FREE(caller_output);
1856 TALLOC_FREE(req2);
1857
1858 return;
1859 }
1860
1861 /****************************************************************************
1862 Setup the needed select timeout in milliseconds.
1863 ****************************************************************************/
1864
1865 static int setup_select_timeout(void)
1866 {
1867 int select_timeout;
1868
1869 select_timeout = SMBD_SELECT_TIMEOUT*1000;
1870
1871 if (print_notify_messages_pending()) {
1872 select_timeout = MIN(select_timeout, 1000);
1873 }
1874
1875 return select_timeout;
1876 }
1877
1878 /****************************************************************************
1879 Check if services need reloading.
1880 ****************************************************************************/
1881
1882 void check_reload(time_t t)
1883 {
1884 static pid_t mypid = 0;
1885 static time_t last_smb_conf_reload_time = 0;
1886 static time_t last_printer_reload_time = 0;
1887 time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
1888
1889 if(last_smb_conf_reload_time == 0) {
1890 last_smb_conf_reload_time = t;
1891 /* Our printing subsystem might not be ready at smbd start up.
1892 Then no printer is available till the first printers check
1893 is performed. A lower initial interval circumvents this. */
1894 if ( printcap_cache_time > 60 )
1895 last_printer_reload_time = t - printcap_cache_time + 60;
1896 else
1897 last_printer_reload_time = t;
1898 }
1899
1900 if (mypid != getpid()) { /* First time or fork happened meanwhile */
1901 /* randomize over 60 second the printcap reload to avoid all
1902 * process hitting cupsd at the same time */
1903 int time_range = 60;
1904
1905 last_printer_reload_time += random() % time_range;
1906 mypid = getpid();
1907 }
1908
1909 if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) {
1910 reload_services(True);
1911 reload_after_sighup = False;
1912 last_smb_conf_reload_time = t;
1913 }
1914
1915 /* 'printcap cache time = 0' disable the feature */
1916
1917 if ( printcap_cache_time != 0 )
1918 {
1919 /* see if it's time to reload or if the clock has been set back */
1920
1921 if ( (t >= last_printer_reload_time+printcap_cache_time)
1922 || (t-last_printer_reload_time < 0) )
1923 {
1924 DEBUG( 3,( "Printcap cache time expired.\n"));
1925 reload_printers();
1926 last_printer_reload_time = t;
1927 }
1928 }
1929 }
1930
1931 /****************************************************************************
1932 Process any timeout housekeeping. Return False if the caller should exit.
1933 ****************************************************************************/
1934
1935 static bool timeout_processing(int *select_timeout,
1936 time_t *last_timeout_processing_time)
1937 {
1938 time_t t;
1939
1940 if (*get_srv_read_error() == SMB_READ_EOF) {
1941 DEBUG(3,("timeout_processing: End of file from client (client has disconnected).\n"));
1942 return false;
1943 }
1944
1945 if (*get_srv_read_error() == SMB_READ_ERROR) {
1946 DEBUG(3,("timeout_processing: receive_smb error (%s) Exiting\n",
1947 strerror(errno)));
1948 return false;
1949 }
1950
1951 if (*get_srv_read_error() == SMB_READ_BAD_SIG) {
1952 DEBUG(3,("timeout_processing: receive_smb error bad smb signature. Exiting\n"));
1953 return false;
1954 }
1955
1956 *last_timeout_processing_time = t = time(NULL);
1957
1958 /* become root again if waiting */
1959 change_to_root_user();
1960
1961 /* check if we need to reload services */
1962 check_reload(t);
1963
1964 if(global_machine_password_needs_changing &&
1965 /* for ADS we need to do a regular ADS password change, not a domain
1966 password change */
1967 lp_security() == SEC_DOMAIN) {
1968
1969 unsigned char trust_passwd_hash[16];
1970 time_t lct;
1971
1972 /*
1973 * We're in domain level security, and the code that
1974 * read the machine password flagged that the machine
1975 * password needs changing.
1976 */
1977
1978 /*
1979 * First, open the machine password file with an exclusive lock.
1980 */
1981
1982 if (secrets_lock_trust_account_password(lp_workgroup(), True) == False) {
1983 DEBUG(0,("process: unable to lock the machine account password for \
1984 machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
1985 return True;
1986 }
1987
1988 if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
1989 DEBUG(0,("process: unable to read the machine account password for \
1990 machine %s in domain %s.\n", global_myname(), lp_workgroup()));
1991 secrets_lock_trust_account_password(lp_workgroup(), False);
1992 return True;
1993 }
1994
1995 /*
1996 * Make sure someone else hasn't already done this.
1997 */
1998
1999 if(t < lct + lp_machine_password_timeout()) {
2000 global_machine_password_needs_changing = False;
2001 secrets_lock_trust_account_password(lp_workgroup(), False);
2002 return True;
2003 }
2004
2005 /* always just contact the PDC here */
2006
2007 change_trust_account_password( lp_workgroup(), NULL);
2008 global_machine_password_needs_changing = False;
2009 secrets_lock_trust_account_password(lp_workgroup(), False);
2010 }
2011
2012 /* update printer queue caches if necessary */
2013
2014 update_monitored_printq_cache();
2015
2016 /*
2017 * Now we are root, check if the log files need pruning.
2018 * Force a log file check.
2019 */
2020 force_check_log_size();
2021 check_log_size();
2022
2023 /* Send any queued printer notify message to interested smbd's. */
2024
2025 print_notify_send_messages(smbd_messaging_context(), 0);
2026
2027 /*
2028 * Modify the select timeout depending upon
2029 * what we have remaining in our queues.
2030 */
2031
2032 *select_timeout = setup_select_timeout();
2033
2034 return True;
2035 }
2036
2037 /****************************************************************************
2038 Process commands from the client
2039 ****************************************************************************/
2040
2041 void smbd_process(void)
2042 {
2043 time_t last_timeout_processing_time = time(NULL);
2044 unsigned int num_smbs = 0;
2045 size_t unread_bytes = 0;
2046
2047 max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
2048
2049 while (True) {
2050 int select_timeout = setup_select_timeout();
2051 int num_echos;
2052 char *inbuf;
2053 size_t inbuf_len;
2054 bool encrypted = false;
2055 TALLOC_CTX *frame = talloc_stackframe_pool(8192);
2056
2057 errno = 0;
2058
2059 /* Did someone ask for immediate checks on things like blocking locks ? */
2060 if (select_timeout == 0) {
2061 if(!timeout_processing(&select_timeout,
2062 &last_timeout_processing_time))
2063 return;
2064 num_smbs = 0; /* Reset smb counter. */
2065 }
2066
2067 run_events(smbd_event_context(), 0, NULL, NULL);
2068
2069 while (!receive_message_or_smb(talloc_tos(), &inbuf, &inbuf_len,
2070 select_timeout,
2071 &unread_bytes,
2072 &encrypted)) {
2073 if(!timeout_processing(&select_timeout,
2074 &last_timeout_processing_time))
2075 return;
2076 num_smbs = 0; /* Reset smb counter. */
2077 }
2078
2079
2080 /*
2081 * Ensure we do timeout processing if the SMB we just got was
2082 * only an echo request. This allows us to set the select
2083 * timeout in 'receive_message_or_smb()' to any value we like
2084 * without worrying that the client will send echo requests
2085 * faster than the select timeout, thus starving out the
2086 * essential processing (change notify, blocking locks) that
2087 * the timeout code does. JRA.
2088 */
2089 num_echos = smb_echo_count;
2090
2091 process_smb(inbuf, inbuf_len, unread_bytes, encrypted);
2092
2093 TALLOC_FREE(inbuf);
2094
2095 if (smb_echo_count != num_echos) {
2096 if(!timeout_processing( &select_timeout, &last_timeout_processing_time))
2097 return;
2098 num_smbs = 0; /* Reset smb counter. */
2099 }
2100
2101 num_smbs++;
2102
2103 /*
2104 * If we are getting smb requests in a constant stream
2105 * with no echos, make sure we attempt timeout processing
2106 * every select_timeout milliseconds - but only check for this
2107 * every 200 smb requests.
2108 */
2109
2110 if ((num_smbs % 200) == 0) {
2111 time_t new_check_time = time(NULL);
2112 if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
2113 if(!timeout_processing(
2114 &select_timeout,
2115 &last_timeout_processing_time))
2116 return;
2117 num_smbs = 0; /* Reset smb counter. */
2118 last_timeout_processing_time = new_check_time; /* Reset time. */
2119 }
2120 }
2121
2122 /* The timeout_processing function isn't run nearly
2123 often enough to implement 'max log size' without
2124 overrunning the size of the file by many megabytes.
2125 This is especially true if we are running at debug
2126 level 10. Checking every 50 SMBs is a nice
2127 tradeoff of performance vs log file size overrun. */
2128
2129 if ((num_smbs % 50) == 0 && need_to_check_log_size()) {
2130 change_to_root_user();
2131 check_log_size();
2132 }
2133 TALLOC_FREE(frame);
2134 }
2135 }
Samba GIT mirror