search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
traffic_packets: provision request data for packet_drsuapi_13
[Samba.git] / source3 / smbd / smbXsrv_session.c
blob121ff264a9cc7f7a4242eb57b562ed90bec4e474
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright (C) Stefan Metzmacher 2011-2012
5 Copyright (C) Michael Adam 2012
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/filesys.h"
23 #include <tevent.h>
24 #include "lib/util/server_id.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "dbwrap/dbwrap.h"
28 #include "dbwrap/dbwrap_rbt.h"
29 #include "dbwrap/dbwrap_open.h"
30 #include "dbwrap/dbwrap_watch.h"
31 #include "session.h"
32 #include "auth.h"
33 #include "auth/gensec/gensec.h"
34 #include "../lib/tsocket/tsocket.h"
35 #include "../libcli/security/security.h"
36 #include "messages.h"
37 #include "lib/util/util_tdb.h"
38 #include "librpc/gen_ndr/ndr_smbXsrv.h"
39 #include "serverid.h"
40 #include "lib/util/tevent_ntstatus.h"
41
42 struct smbXsrv_session_table {
43 struct {
44 struct db_context *db_ctx;
45 uint32_t lowest_id;
46 uint32_t highest_id;
47 uint32_t max_sessions;
48 uint32_t num_sessions;
49 } local;
50 struct {
51 struct db_context *db_ctx;
52 } global;
53 };
54
55 static struct db_context *smbXsrv_session_global_db_ctx = NULL;
56
57 NTSTATUS smbXsrv_session_global_init(struct messaging_context *msg_ctx)
58 {
59 char *global_path = NULL;
60 struct db_context *backend = NULL;
61 struct db_context *db_ctx = NULL;
62
63 if (smbXsrv_session_global_db_ctx != NULL) {
64 return NT_STATUS_OK;
65 }
66
67 /*
68 * This contains secret information like session keys!
69 */
70 global_path = lock_path("smbXsrv_session_global.tdb");
71 if (global_path == NULL) {
72 return NT_STATUS_NO_MEMORY;
73 }
74
75 backend = db_open(NULL, global_path,
76 0, /* hash_size */
77 TDB_DEFAULT |
78 TDB_CLEAR_IF_FIRST |
79 TDB_INCOMPATIBLE_HASH,
80 O_RDWR | O_CREAT, 0600,
81 DBWRAP_LOCK_ORDER_1,
82 DBWRAP_FLAG_NONE);
83 TALLOC_FREE(global_path);
84 if (backend == NULL) {
85 NTSTATUS status;
86
87 status = map_nt_error_from_unix_common(errno);
88
89 return status;
90 }
91
92 db_ctx = db_open_watched(NULL, backend, server_messaging_context());
93 if (db_ctx == NULL) {
94 TALLOC_FREE(backend);
95 return NT_STATUS_NO_MEMORY;
96 }
97
98 smbXsrv_session_global_db_ctx = db_ctx;
99
100 return NT_STATUS_OK;
101 }
102
103 /*
104 * NOTE:
105 * We need to store the keys in big endian so that dbwrap_rbt's memcmp
106 * has the same result as integer comparison between the uint32_t
107 * values.
108 *
109 * TODO: implement string based key
110 */
111
112 #define SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE sizeof(uint32_t)
113
114 static TDB_DATA smbXsrv_session_global_id_to_key(uint32_t id,
115 uint8_t *key_buf)
116 {
117 TDB_DATA key;
118
119 RSIVAL(key_buf, 0, id);
120
121 key = make_tdb_data(key_buf, SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE);
122
123 return key;
124 }
125
126 #if 0
127 static NTSTATUS smbXsrv_session_global_key_to_id(TDB_DATA key, uint32_t *id)
128 {
129 if (id == NULL) {
130 return NT_STATUS_INVALID_PARAMETER;
131 }
132
133 if (key.dsize != SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE) {
134 return NT_STATUS_INTERNAL_DB_CORRUPTION;
135 }
136
137 *id = RIVAL(key.dptr, 0);
138
139 return NT_STATUS_OK;
140 }
141 #endif
142
143 #define SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE sizeof(uint32_t)
144
145 static TDB_DATA smbXsrv_session_local_id_to_key(uint32_t id,
146 uint8_t *key_buf)
147 {
148 TDB_DATA key;
149
150 RSIVAL(key_buf, 0, id);
151
152 key = make_tdb_data(key_buf, SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE);
153
154 return key;
155 }
156
157 static NTSTATUS smbXsrv_session_local_key_to_id(TDB_DATA key, uint32_t *id)
158 {
159 if (id == NULL) {
160 return NT_STATUS_INVALID_PARAMETER;
161 }
162
163 if (key.dsize != SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE) {
164 return NT_STATUS_INTERNAL_DB_CORRUPTION;
165 }
166
167 *id = RIVAL(key.dptr, 0);
168
169 return NT_STATUS_OK;
170 }
171
172 static struct db_record *smbXsrv_session_global_fetch_locked(
173 struct db_context *db,
174 uint32_t id,
175 TALLOC_CTX *mem_ctx)
176 {
177 TDB_DATA key;
178 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
179 struct db_record *rec = NULL;
180
181 key = smbXsrv_session_global_id_to_key(id, key_buf);
182
183 rec = dbwrap_fetch_locked(db, mem_ctx, key);
184
185 if (rec == NULL) {
186 DBG_DEBUG("Failed to lock global id 0x%08x, key '%s'\n", id,
187 hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
188 }
189
190 return rec;
191 }
192
193 static struct db_record *smbXsrv_session_local_fetch_locked(
194 struct db_context *db,
195 uint32_t id,
196 TALLOC_CTX *mem_ctx)
197 {
198 TDB_DATA key;
199 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
200 struct db_record *rec = NULL;
201
202 key = smbXsrv_session_local_id_to_key(id, key_buf);
203
204 rec = dbwrap_fetch_locked(db, mem_ctx, key);
205
206 if (rec == NULL) {
207 DBG_DEBUG("Failed to lock local id 0x%08x, key '%s'\n", id,
208 hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
209 }
210
211 return rec;
212 }
213
214 static void smbXsrv_session_close_loop(struct tevent_req *subreq);
215
216 static NTSTATUS smbXsrv_session_table_init(struct smbXsrv_connection *conn,
217 uint32_t lowest_id,
218 uint32_t highest_id,
219 uint32_t max_sessions)
220 {
221 struct smbXsrv_client *client = conn->client;
222 struct smbXsrv_session_table *table;
223 NTSTATUS status;
224 struct tevent_req *subreq;
225 uint64_t max_range;
226
227 if (lowest_id > highest_id) {
228 return NT_STATUS_INTERNAL_ERROR;
229 }
230
231 max_range = highest_id;
232 max_range -= lowest_id;
233 max_range += 1;
234
235 if (max_sessions > max_range) {
236 return NT_STATUS_INTERNAL_ERROR;
237 }
238
239 table = talloc_zero(client, struct smbXsrv_session_table);
240 if (table == NULL) {
241 return NT_STATUS_NO_MEMORY;
242 }
243
244 table->local.db_ctx = db_open_rbt(table);
245 if (table->local.db_ctx == NULL) {
246 TALLOC_FREE(table);
247 return NT_STATUS_NO_MEMORY;
248 }
249 table->local.lowest_id = lowest_id;
250 table->local.highest_id = highest_id;
251 table->local.max_sessions = max_sessions;
252
253 status = smbXsrv_session_global_init(client->msg_ctx);
254 if (!NT_STATUS_IS_OK(status)) {
255 TALLOC_FREE(table);
256 return status;
257 }
258
259 table->global.db_ctx = smbXsrv_session_global_db_ctx;
260
261 subreq = messaging_read_send(table, client->ev_ctx, client->msg_ctx,
262 MSG_SMBXSRV_SESSION_CLOSE);
263 if (subreq == NULL) {
264 TALLOC_FREE(table);
265 return NT_STATUS_NO_MEMORY;
266 }
267 tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
268
269 client->session_table = table;
270 return NT_STATUS_OK;
271 }
272
273 static void smbXsrv_session_close_shutdown_done(struct tevent_req *subreq);
274
275 static void smbXsrv_session_close_loop(struct tevent_req *subreq)
276 {
277 struct smbXsrv_client *client =
278 tevent_req_callback_data(subreq,
279 struct smbXsrv_client);
280 struct smbXsrv_session_table *table = client->session_table;
281 int ret;
282 struct messaging_rec *rec = NULL;
283 struct smbXsrv_session_closeB close_blob;
284 enum ndr_err_code ndr_err;
285 struct smbXsrv_session_close0 *close_info0 = NULL;
286 struct smbXsrv_session *session = NULL;
287 NTSTATUS status;
288 struct timeval tv = timeval_current();
289 NTTIME now = timeval_to_nttime(&tv);
290
291 ret = messaging_read_recv(subreq, talloc_tos(), &rec);
292 TALLOC_FREE(subreq);
293 if (ret != 0) {
294 goto next;
295 }
296
297 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &close_blob,
298 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_closeB);
299 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
300 status = ndr_map_error2ntstatus(ndr_err);
301 DEBUG(1,("smbXsrv_session_close_loop: "
302 "ndr_pull_struct_blob - %s\n",
303 nt_errstr(status)));
304 goto next;
305 }
306
307 DEBUG(10,("smbXsrv_session_close_loop: MSG_SMBXSRV_SESSION_CLOSE\n"));
308 if (DEBUGLVL(10)) {
309 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
310 }
311
312 if (close_blob.version != SMBXSRV_VERSION_0) {
313 DEBUG(0,("smbXsrv_session_close_loop: "
314 "ignore invalid version %u\n", close_blob.version));
315 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
316 goto next;
317 }
318
319 close_info0 = close_blob.info.info0;
320 if (close_info0 == NULL) {
321 DEBUG(0,("smbXsrv_session_close_loop: "
322 "ignore NULL info %u\n", close_blob.version));
323 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
324 goto next;
325 }
326
327 status = smb2srv_session_lookup_client(client,
328 close_info0->old_session_wire_id,
329 now, &session);
330 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
331 DEBUG(4,("smbXsrv_session_close_loop: "
332 "old_session_wire_id %llu not found\n",
333 (unsigned long long)close_info0->old_session_wire_id));
334 if (DEBUGLVL(4)) {
335 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
336 }
337 goto next;
338 }
339 if (!NT_STATUS_IS_OK(status) &&
340 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
341 !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
342 DEBUG(1,("smbXsrv_session_close_loop: "
343 "old_session_wire_id %llu - %s\n",
344 (unsigned long long)close_info0->old_session_wire_id,
345 nt_errstr(status)));
346 if (DEBUGLVL(1)) {
347 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
348 }
349 goto next;
350 }
351
352 if (session->global->session_global_id != close_info0->old_session_global_id) {
353 DEBUG(1,("smbXsrv_session_close_loop: "
354 "old_session_wire_id %llu - global %u != %u\n",
355 (unsigned long long)close_info0->old_session_wire_id,
356 session->global->session_global_id,
357 close_info0->old_session_global_id));
358 if (DEBUGLVL(1)) {
359 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
360 }
361 goto next;
362 }
363
364 if (session->global->creation_time != close_info0->old_creation_time) {
365 DEBUG(1,("smbXsrv_session_close_loop: "
366 "old_session_wire_id %llu - "
367 "creation %s (%llu) != %s (%llu)\n",
368 (unsigned long long)close_info0->old_session_wire_id,
369 nt_time_string(rec, session->global->creation_time),
370 (unsigned long long)session->global->creation_time,
371 nt_time_string(rec, close_info0->old_creation_time),
372 (unsigned long long)close_info0->old_creation_time));
373 if (DEBUGLVL(1)) {
374 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
375 }
376 goto next;
377 }
378
379 subreq = smb2srv_session_shutdown_send(session, client->ev_ctx,
380 session, NULL);
381 if (subreq == NULL) {
382 status = NT_STATUS_NO_MEMORY;
383 DEBUG(0, ("smbXsrv_session_close_loop: "
384 "smb2srv_session_shutdown_send(%llu) failed: %s\n",
385 (unsigned long long)session->global->session_wire_id,
386 nt_errstr(status)));
387 if (DEBUGLVL(1)) {
388 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
389 }
390 goto next;
391 }
392 tevent_req_set_callback(subreq,
393 smbXsrv_session_close_shutdown_done,
394 session);
395
396 next:
397 TALLOC_FREE(rec);
398
399 subreq = messaging_read_send(table, client->ev_ctx, client->msg_ctx,
400 MSG_SMBXSRV_SESSION_CLOSE);
401 if (subreq == NULL) {
402 const char *r;
403 r = "messaging_read_send(MSG_SMBXSRV_SESSION_CLOSE) failed";
404 exit_server_cleanly(r);
405 return;
406 }
407 tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
408 }
409
410 static void smbXsrv_session_close_shutdown_done(struct tevent_req *subreq)
411 {
412 struct smbXsrv_session *session =
413 tevent_req_callback_data(subreq,
414 struct smbXsrv_session);
415 NTSTATUS status;
416
417 status = smb2srv_session_shutdown_recv(subreq);
418 TALLOC_FREE(subreq);
419 if (!NT_STATUS_IS_OK(status)) {
420 DEBUG(0, ("smbXsrv_session_close_loop: "
421 "smb2srv_session_shutdown_recv(%llu) failed: %s\n",
422 (unsigned long long)session->global->session_wire_id,
423 nt_errstr(status)));
424 }
425
426 status = smbXsrv_session_logoff(session);
427 if (!NT_STATUS_IS_OK(status)) {
428 DEBUG(0, ("smbXsrv_session_close_loop: "
429 "smbXsrv_session_logoff(%llu) failed: %s\n",
430 (unsigned long long)session->global->session_wire_id,
431 nt_errstr(status)));
432 }
433
434 TALLOC_FREE(session);
435 }
436
437 struct smb1srv_session_local_allocate_state {
438 const uint32_t lowest_id;
439 const uint32_t highest_id;
440 uint32_t last_id;
441 uint32_t useable_id;
442 NTSTATUS status;
443 };
444
445 static int smb1srv_session_local_allocate_traverse(struct db_record *rec,
446 void *private_data)
447 {
448 struct smb1srv_session_local_allocate_state *state =
449 (struct smb1srv_session_local_allocate_state *)private_data;
450 TDB_DATA key = dbwrap_record_get_key(rec);
451 uint32_t id = 0;
452 NTSTATUS status;
453
454 status = smbXsrv_session_local_key_to_id(key, &id);
455 if (!NT_STATUS_IS_OK(status)) {
456 state->status = status;
457 return -1;
458 }
459
460 if (id <= state->last_id) {
461 state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
462 return -1;
463 }
464 state->last_id = id;
465
466 if (id > state->useable_id) {
467 state->status = NT_STATUS_OK;
468 return -1;
469 }
470
471 if (state->useable_id == state->highest_id) {
472 state->status = NT_STATUS_INSUFFICIENT_RESOURCES;
473 return -1;
474 }
475
476 state->useable_id +=1;
477 return 0;
478 }
479
480 static NTSTATUS smb1srv_session_local_allocate_id(struct db_context *db,
481 uint32_t lowest_id,
482 uint32_t highest_id,
483 TALLOC_CTX *mem_ctx,
484 struct db_record **_rec,
485 uint32_t *_id)
486 {
487 struct smb1srv_session_local_allocate_state state = {
488 .lowest_id = lowest_id,
489 .highest_id = highest_id,
490 .last_id = 0,
491 .useable_id = lowest_id,
492 .status = NT_STATUS_INTERNAL_ERROR,
493 };
494 uint32_t i;
495 uint32_t range;
496 NTSTATUS status;
497 int count = 0;
498
499 *_rec = NULL;
500 *_id = 0;
501
502 if (lowest_id > highest_id) {
503 return NT_STATUS_INSUFFICIENT_RESOURCES;
504 }
505
506 /*
507 * first we try randomly
508 */
509 range = (highest_id - lowest_id) + 1;
510
511 for (i = 0; i < (range / 2); i++) {
512 uint32_t id;
513 TDB_DATA val;
514 struct db_record *rec = NULL;
515
516 id = generate_random() % range;
517 id += lowest_id;
518
519 if (id < lowest_id) {
520 id = lowest_id;
521 }
522 if (id > highest_id) {
523 id = highest_id;
524 }
525
526 rec = smbXsrv_session_local_fetch_locked(db, id, mem_ctx);
527 if (rec == NULL) {
528 return NT_STATUS_INSUFFICIENT_RESOURCES;
529 }
530
531 val = dbwrap_record_get_value(rec);
532 if (val.dsize != 0) {
533 TALLOC_FREE(rec);
534 continue;
535 }
536
537 *_rec = rec;
538 *_id = id;
539 return NT_STATUS_OK;
540 }
541
542 /*
543 * if the range is almost full,
544 * we traverse the whole table
545 * (this relies on sorted behavior of dbwrap_rbt)
546 */
547 status = dbwrap_traverse_read(db, smb1srv_session_local_allocate_traverse,
548 &state, &count);
549 if (NT_STATUS_IS_OK(status)) {
550 if (NT_STATUS_IS_OK(state.status)) {
551 return NT_STATUS_INTERNAL_ERROR;
552 }
553
554 if (!NT_STATUS_EQUAL(state.status, NT_STATUS_INTERNAL_ERROR)) {
555 return state.status;
556 }
557
558 if (state.useable_id <= state.highest_id) {
559 state.status = NT_STATUS_OK;
560 } else {
561 return NT_STATUS_INSUFFICIENT_RESOURCES;
562 }
563 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION)) {
564 /*
565 * Here we really expect NT_STATUS_INTERNAL_DB_CORRUPTION!
566 *
567 * If we get anything else it is an error, because it
568 * means we did not manage to find a free slot in
569 * the db.
570 */
571 return NT_STATUS_INSUFFICIENT_RESOURCES;
572 }
573
574 if (NT_STATUS_IS_OK(state.status)) {
575 uint32_t id;
576 TDB_DATA val;
577 struct db_record *rec = NULL;
578
579 id = state.useable_id;
580
581 rec = smbXsrv_session_local_fetch_locked(db, id, mem_ctx);
582 if (rec == NULL) {
583 return NT_STATUS_INSUFFICIENT_RESOURCES;
584 }
585
586 val = dbwrap_record_get_value(rec);
587 if (val.dsize != 0) {
588 TALLOC_FREE(rec);
589 return NT_STATUS_INTERNAL_DB_CORRUPTION;
590 }
591
592 *_rec = rec;
593 *_id = id;
594 return NT_STATUS_OK;
595 }
596
597 return state.status;
598 }
599
600 struct smbXsrv_session_local_fetch_state {
601 struct smbXsrv_session *session;
602 NTSTATUS status;
603 };
604
605 static void smbXsrv_session_local_fetch_parser(TDB_DATA key, TDB_DATA data,
606 void *private_data)
607 {
608 struct smbXsrv_session_local_fetch_state *state =
609 (struct smbXsrv_session_local_fetch_state *)private_data;
610 void *ptr;
611
612 if (data.dsize != sizeof(ptr)) {
613 state->status = NT_STATUS_INTERNAL_DB_ERROR;
614 return;
615 }
616
617 memcpy(&ptr, data.dptr, data.dsize);
618 state->session = talloc_get_type_abort(ptr, struct smbXsrv_session);
619 state->status = NT_STATUS_OK;
620 }
621
622 static NTSTATUS smbXsrv_session_local_lookup(struct smbXsrv_session_table *table,
623 /* conn: optional */
624 struct smbXsrv_connection *conn,
625 uint32_t session_local_id,
626 NTTIME now,
627 struct smbXsrv_session **_session)
628 {
629 struct smbXsrv_session_local_fetch_state state = {
630 .session = NULL,
631 .status = NT_STATUS_INTERNAL_ERROR,
632 };
633 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
634 TDB_DATA key;
635 NTSTATUS status;
636
637 *_session = NULL;
638
639 if (session_local_id == 0) {
640 return NT_STATUS_USER_SESSION_DELETED;
641 }
642
643 if (table == NULL) {
644 /* this might happen before the end of negprot */
645 return NT_STATUS_USER_SESSION_DELETED;
646 }
647
648 if (table->local.db_ctx == NULL) {
649 return NT_STATUS_INTERNAL_ERROR;
650 }
651
652 key = smbXsrv_session_local_id_to_key(session_local_id, key_buf);
653
654 status = dbwrap_parse_record(table->local.db_ctx, key,
655 smbXsrv_session_local_fetch_parser,
656 &state);
657 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
658 return NT_STATUS_USER_SESSION_DELETED;
659 } else if (!NT_STATUS_IS_OK(status)) {
660 return status;
661 }
662 if (!NT_STATUS_IS_OK(state.status)) {
663 return state.status;
664 }
665
666 if (NT_STATUS_EQUAL(state.session->status, NT_STATUS_USER_SESSION_DELETED)) {
667 return NT_STATUS_USER_SESSION_DELETED;
668 }
669
670 /*
671 * If a connection is specified check if the session is
672 * valid on the channel.
673 */
674 if (conn != NULL) {
675 struct smbXsrv_channel_global0 *c = NULL;
676
677 status = smbXsrv_session_find_channel(state.session, conn, &c);
678 if (!NT_STATUS_IS_OK(status)) {
679 return status;
680 }
681 }
682
683 state.session->idle_time = now;
684
685 if (!NT_STATUS_IS_OK(state.session->status)) {
686 *_session = state.session;
687 return state.session->status;
688 }
689
690 if (now > state.session->global->expiration_time) {
691 state.session->status = NT_STATUS_NETWORK_SESSION_EXPIRED;
692 }
693
694 *_session = state.session;
695 return state.session->status;
696 }
697
698 static int smbXsrv_session_global_destructor(struct smbXsrv_session_global0 *global)
699 {
700 return 0;
701 }
702
703 static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
704 bool *is_free,
705 bool *was_free,
706 TALLOC_CTX *mem_ctx,
707 struct smbXsrv_session_global0 **_g);
708
709 static NTSTATUS smbXsrv_session_global_allocate(struct db_context *db,
710 TALLOC_CTX *mem_ctx,
711 struct smbXsrv_session_global0 **_global)
712 {
713 uint32_t i;
714 struct smbXsrv_session_global0 *global = NULL;
715 uint32_t last_free = 0;
716 const uint32_t min_tries = 3;
717
718 *_global = NULL;
719
720 global = talloc_zero(mem_ctx, struct smbXsrv_session_global0);
721 if (global == NULL) {
722 return NT_STATUS_NO_MEMORY;
723 }
724 talloc_set_destructor(global, smbXsrv_session_global_destructor);
725
726 /*
727 * Here we just randomly try the whole 32-bit space
728 *
729 * We use just 32-bit, because we want to reuse the
730 * ID for SRVSVC.
731 */
732 for (i = 0; i < UINT32_MAX; i++) {
733 bool is_free = false;
734 bool was_free = false;
735 uint32_t id;
736
737 if (i >= min_tries && last_free != 0) {
738 id = last_free;
739 } else {
740 id = generate_random();
741 }
742 if (id == 0) {
743 id++;
744 }
745 if (id == UINT32_MAX) {
746 id--;
747 }
748
749 global->db_rec = smbXsrv_session_global_fetch_locked(db, id,
750 mem_ctx);
751 if (global->db_rec == NULL) {
752 talloc_free(global);
753 return NT_STATUS_INSUFFICIENT_RESOURCES;
754 }
755
756 smbXsrv_session_global_verify_record(global->db_rec,
757 &is_free,
758 &was_free,
759 NULL, NULL);
760
761 if (!is_free) {
762 TALLOC_FREE(global->db_rec);
763 continue;
764 }
765
766 if (!was_free && i < min_tries) {
767 /*
768 * The session_id is free now,
769 * but was not free before.
770 *
771 * This happens if a smbd crashed
772 * and did not cleanup the record.
773 *
774 * If this is one of our first tries,
775 * then we try to find a real free one.
776 */
777 if (last_free == 0) {
778 last_free = id;
779 }
780 TALLOC_FREE(global->db_rec);
781 continue;
782 }
783
784 global->session_global_id = id;
785
786 *_global = global;
787 return NT_STATUS_OK;
788 }
789
790 /* should not be reached */
791 talloc_free(global);
792 return NT_STATUS_INTERNAL_ERROR;
793 }
794
795 static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
796 bool *is_free,
797 bool *was_free,
798 TALLOC_CTX *mem_ctx,
799 struct smbXsrv_session_global0 **_g)
800 {
801 TDB_DATA key;
802 TDB_DATA val;
803 DATA_BLOB blob;
804 struct smbXsrv_session_globalB global_blob;
805 enum ndr_err_code ndr_err;
806 struct smbXsrv_session_global0 *global = NULL;
807 bool exists;
808 TALLOC_CTX *frame = talloc_stackframe();
809
810 *is_free = false;
811
812 if (was_free) {
813 *was_free = false;
814 }
815 if (_g) {
816 *_g = NULL;
817 }
818
819 key = dbwrap_record_get_key(db_rec);
820
821 val = dbwrap_record_get_value(db_rec);
822 if (val.dsize == 0) {
823 TALLOC_FREE(frame);
824 *is_free = true;
825 if (was_free) {
826 *was_free = true;
827 }
828 return;
829 }
830
831 blob = data_blob_const(val.dptr, val.dsize);
832
833 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
834 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
835 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
836 NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
837 DEBUG(1,("smbXsrv_session_global_verify_record: "
838 "key '%s' ndr_pull_struct_blob - %s\n",
839 hex_encode_talloc(frame, key.dptr, key.dsize),
840 nt_errstr(status)));
841 TALLOC_FREE(frame);
842 *is_free = true;
843 if (was_free) {
844 *was_free = true;
845 }
846 return;
847 }
848
849 DEBUG(10,("smbXsrv_session_global_verify_record\n"));
850 if (DEBUGLVL(10)) {
851 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
852 }
853
854 if (global_blob.version != SMBXSRV_VERSION_0) {
855 DEBUG(0,("smbXsrv_session_global_verify_record: "
856 "key '%s' use unsupported version %u\n",
857 hex_encode_talloc(frame, key.dptr, key.dsize),
858 global_blob.version));
859 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
860 TALLOC_FREE(frame);
861 *is_free = true;
862 if (was_free) {
863 *was_free = true;
864 }
865 return;
866 }
867
868 global = global_blob.info.info0;
869
870 exists = serverid_exists(&global->channels[0].server_id);
871 if (!exists) {
872 struct server_id_buf idbuf;
873 DEBUG(2,("smbXsrv_session_global_verify_record: "
874 "key '%s' server_id %s does not exist.\n",
875 hex_encode_talloc(frame, key.dptr, key.dsize),
876 server_id_str_buf(global->channels[0].server_id,
877 &idbuf)));
878 if (DEBUGLVL(2)) {
879 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
880 }
881 TALLOC_FREE(frame);
882 dbwrap_record_delete(db_rec);
883 *is_free = true;
884 return;
885 }
886
887 if (_g) {
888 *_g = talloc_move(mem_ctx, &global);
889 }
890 TALLOC_FREE(frame);
891 }
892
893 static NTSTATUS smbXsrv_session_global_store(struct smbXsrv_session_global0 *global)
894 {
895 struct smbXsrv_session_globalB global_blob;
896 DATA_BLOB blob = data_blob_null;
897 TDB_DATA key;
898 TDB_DATA val;
899 NTSTATUS status;
900 enum ndr_err_code ndr_err;
901
902 /*
903 * TODO: if we use other versions than '0'
904 * we would add glue code here, that would be able to
905 * store the information in the old format.
906 */
907
908 if (global->db_rec == NULL) {
909 return NT_STATUS_INTERNAL_ERROR;
910 }
911
912 key = dbwrap_record_get_key(global->db_rec);
913 val = dbwrap_record_get_value(global->db_rec);
914
915 ZERO_STRUCT(global_blob);
916 global_blob.version = smbXsrv_version_global_current();
917 if (val.dsize >= 8) {
918 global_blob.seqnum = IVAL(val.dptr, 4);
919 }
920 global_blob.seqnum += 1;
921 global_blob.info.info0 = global;
922
923 ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
924 (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_globalB);
925 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
926 status = ndr_map_error2ntstatus(ndr_err);
927 DEBUG(1,("smbXsrv_session_global_store: key '%s' ndr_push - %s\n",
928 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
929 nt_errstr(status)));
930 TALLOC_FREE(global->db_rec);
931 return status;
932 }
933
934 val = make_tdb_data(blob.data, blob.length);
935 status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
936 if (!NT_STATUS_IS_OK(status)) {
937 DEBUG(1,("smbXsrv_session_global_store: key '%s' store - %s\n",
938 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
939 nt_errstr(status)));
940 TALLOC_FREE(global->db_rec);
941 return status;
942 }
943
944 if (DEBUGLVL(10)) {
945 DEBUG(10,("smbXsrv_session_global_store: key '%s' stored\n",
946 hex_encode_talloc(global->db_rec, key.dptr, key.dsize)));
947 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
948 }
949
950 TALLOC_FREE(global->db_rec);
951
952 return NT_STATUS_OK;
953 }
954
955 struct smb2srv_session_close_previous_state {
956 struct tevent_context *ev;
957 struct smbXsrv_connection *connection;
958 struct dom_sid *current_sid;
959 uint64_t previous_session_id;
960 uint64_t current_session_id;
961 struct db_record *db_rec;
962 };
963
964 static void smb2srv_session_close_previous_check(struct tevent_req *req);
965 static void smb2srv_session_close_previous_modified(struct tevent_req *subreq);
966
967 struct tevent_req *smb2srv_session_close_previous_send(TALLOC_CTX *mem_ctx,
968 struct tevent_context *ev,
969 struct smbXsrv_connection *conn,
970 struct auth_session_info *session_info,
971 uint64_t previous_session_id,
972 uint64_t current_session_id)
973 {
974 struct tevent_req *req;
975 struct smb2srv_session_close_previous_state *state;
976 uint32_t global_id = previous_session_id & UINT32_MAX;
977 uint64_t global_zeros = previous_session_id & 0xFFFFFFFF00000000LLU;
978 struct smbXsrv_session_table *table = conn->client->session_table;
979 struct security_token *current_token = NULL;
980
981 req = tevent_req_create(mem_ctx, &state,
982 struct smb2srv_session_close_previous_state);
983 if (req == NULL) {
984 return NULL;
985 }
986 state->ev = ev;
987 state->connection = conn;
988 state->previous_session_id = previous_session_id;
989 state->current_session_id = current_session_id;
990
991 if (global_zeros != 0) {
992 tevent_req_done(req);
993 return tevent_req_post(req, ev);
994 }
995
996 if (session_info == NULL) {
997 tevent_req_done(req);
998 return tevent_req_post(req, ev);
999 }
1000 current_token = session_info->security_token;
1001
1002 if (current_token->num_sids > PRIMARY_USER_SID_INDEX) {
1003 state->current_sid = &current_token->sids[PRIMARY_USER_SID_INDEX];
1004 }
1005
1006 if (state->current_sid == NULL) {
1007 tevent_req_done(req);
1008 return tevent_req_post(req, ev);
1009 }
1010
1011 if (!security_token_has_nt_authenticated_users(current_token)) {
1012 /* TODO */
1013 tevent_req_done(req);
1014 return tevent_req_post(req, ev);
1015 }
1016
1017 state->db_rec = smbXsrv_session_global_fetch_locked(
1018 table->global.db_ctx,
1019 global_id,
1020 state /* TALLOC_CTX */);
1021 if (state->db_rec == NULL) {
1022 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
1023 return tevent_req_post(req, ev);
1024 }
1025
1026 smb2srv_session_close_previous_check(req);
1027 if (!tevent_req_is_in_progress(req)) {
1028 return tevent_req_post(req, ev);
1029 }
1030
1031 return req;
1032 }
1033
1034 static void smb2srv_session_close_previous_check(struct tevent_req *req)
1035 {
1036 struct smb2srv_session_close_previous_state *state =
1037 tevent_req_data(req,
1038 struct smb2srv_session_close_previous_state);
1039 struct smbXsrv_connection *conn = state->connection;
1040 DATA_BLOB blob;
1041 struct security_token *previous_token = NULL;
1042 struct smbXsrv_session_global0 *global = NULL;
1043 enum ndr_err_code ndr_err;
1044 struct smbXsrv_session_close0 close_info0;
1045 struct smbXsrv_session_closeB close_blob;
1046 struct tevent_req *subreq = NULL;
1047 NTSTATUS status;
1048 bool is_free = false;
1049
1050 smbXsrv_session_global_verify_record(state->db_rec,
1051 &is_free,
1052 NULL,
1053 state,
1054 &global);
1055
1056 if (is_free) {
1057 TALLOC_FREE(state->db_rec);
1058 tevent_req_done(req);
1059 return;
1060 }
1061
1062 if (global->auth_session_info == NULL) {
1063 TALLOC_FREE(state->db_rec);
1064 tevent_req_done(req);
1065 return;
1066 }
1067
1068 previous_token = global->auth_session_info->security_token;
1069
1070 if (!security_token_is_sid(previous_token, state->current_sid)) {
1071 TALLOC_FREE(state->db_rec);
1072 tevent_req_done(req);
1073 return;
1074 }
1075
1076 subreq = dbwrap_watched_watch_send(state, state->ev, state->db_rec,
1077 (struct server_id){0});
1078 if (tevent_req_nomem(subreq, req)) {
1079 TALLOC_FREE(state->db_rec);
1080 return;
1081 }
1082 tevent_req_set_callback(subreq,
1083 smb2srv_session_close_previous_modified,
1084 req);
1085
1086 close_info0.old_session_global_id = global->session_global_id;
1087 close_info0.old_session_wire_id = global->session_wire_id;
1088 close_info0.old_creation_time = global->creation_time;
1089 close_info0.new_session_wire_id = state->current_session_id;
1090
1091 ZERO_STRUCT(close_blob);
1092 close_blob.version = smbXsrv_version_global_current();
1093 close_blob.info.info0 = &close_info0;
1094
1095 ndr_err = ndr_push_struct_blob(&blob, state, &close_blob,
1096 (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_closeB);
1097 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1098 TALLOC_FREE(state->db_rec);
1099 status = ndr_map_error2ntstatus(ndr_err);
1100 DEBUG(1,("smb2srv_session_close_previous_check: "
1101 "old_session[%llu] new_session[%llu] ndr_push - %s\n",
1102 (unsigned long long)close_info0.old_session_wire_id,
1103 (unsigned long long)close_info0.new_session_wire_id,
1104 nt_errstr(status)));
1105 tevent_req_nterror(req, status);
1106 return;
1107 }
1108
1109 status = messaging_send(conn->msg_ctx,
1110 global->channels[0].server_id,
1111 MSG_SMBXSRV_SESSION_CLOSE, &blob);
1112 TALLOC_FREE(state->db_rec);
1113 if (tevent_req_nterror(req, status)) {
1114 return;
1115 }
1116
1117 TALLOC_FREE(global);
1118 return;
1119 }
1120
1121 static void smb2srv_session_close_previous_modified(struct tevent_req *subreq)
1122 {
1123 struct tevent_req *req =
1124 tevent_req_callback_data(subreq,
1125 struct tevent_req);
1126 struct smb2srv_session_close_previous_state *state =
1127 tevent_req_data(req,
1128 struct smb2srv_session_close_previous_state);
1129 uint32_t global_id;
1130 NTSTATUS status;
1131
1132 status = dbwrap_watched_watch_recv(subreq, NULL, NULL);
1133 TALLOC_FREE(subreq);
1134 if (tevent_req_nterror(req, status)) {
1135 return;
1136 }
1137
1138 global_id = state->previous_session_id & UINT32_MAX;
1139
1140 state->db_rec = smbXsrv_session_global_fetch_locked(
1141 state->connection->client->session_table->global.db_ctx,
1142 global_id, state /* TALLOC_CTX */);
1143
1144 smb2srv_session_close_previous_check(req);
1145 }
1146
1147 NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
1148 {
1149 NTSTATUS status;
1150
1151 if (tevent_req_is_nterror(req, &status)) {
1152 tevent_req_received(req);
1153 return status;
1154 }
1155
1156 tevent_req_received(req);
1157 return NT_STATUS_OK;
1158 }
1159
1160 static NTSTATUS smbXsrv_session_clear_and_logoff(struct smbXsrv_session *session)
1161 {
1162 NTSTATUS status;
1163 struct smbXsrv_connection *xconn = NULL;
1164
1165 if (session->client != NULL) {
1166 xconn = session->client->connections;
1167 }
1168
1169 for (; xconn != NULL; xconn = xconn->next) {
1170 struct smbd_smb2_request *preq;
1171
1172 for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
1173 if (preq->session != session) {
1174 continue;
1175 }
1176
1177 preq->session = NULL;
1178 /*
1179 * If we no longer have a session we can't
1180 * sign or encrypt replies.
1181 */
1182 preq->do_signing = false;
1183 preq->do_encryption = false;
1184 preq->preauth = NULL;
1185 }
1186 }
1187
1188 status = smbXsrv_session_logoff(session);
1189 return status;
1190 }
1191
1192 static int smbXsrv_session_destructor(struct smbXsrv_session *session)
1193 {
1194 NTSTATUS status;
1195
1196 status = smbXsrv_session_clear_and_logoff(session);
1197 if (!NT_STATUS_IS_OK(status)) {
1198 DEBUG(0, ("smbXsrv_session_destructor: "
1199 "smbXsrv_session_logoff() failed: %s\n",
1200 nt_errstr(status)));
1201 }
1202
1203 TALLOC_FREE(session->global);
1204
1205 return 0;
1206 }
1207
1208 NTSTATUS smbXsrv_session_create(struct smbXsrv_connection *conn,
1209 NTTIME now,
1210 struct smbXsrv_session **_session)
1211 {
1212 struct smbXsrv_session_table *table = conn->client->session_table;
1213 struct db_record *local_rec = NULL;
1214 struct smbXsrv_session *session = NULL;
1215 void *ptr = NULL;
1216 TDB_DATA val;
1217 struct smbXsrv_session_global0 *global = NULL;
1218 struct smbXsrv_channel_global0 *channel = NULL;
1219 NTSTATUS status;
1220
1221 if (table->local.num_sessions >= table->local.max_sessions) {
1222 return NT_STATUS_INSUFFICIENT_RESOURCES;
1223 }
1224
1225 session = talloc_zero(table, struct smbXsrv_session);
1226 if (session == NULL) {
1227 return NT_STATUS_NO_MEMORY;
1228 }
1229 session->table = table;
1230 session->idle_time = now;
1231 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1232 session->client = conn->client;
1233
1234 status = smbXsrv_session_global_allocate(table->global.db_ctx,
1235 session,
1236 &global);
1237 if (!NT_STATUS_IS_OK(status)) {
1238 TALLOC_FREE(session);
1239 return status;
1240 }
1241 session->global = global;
1242
1243 if (conn->protocol >= PROTOCOL_SMB2_02) {
1244 uint64_t id = global->session_global_id;
1245
1246 global->connection_dialect = conn->smb2.server.dialect;
1247
1248 global->session_wire_id = id;
1249
1250 status = smb2srv_tcon_table_init(session);
1251 if (!NT_STATUS_IS_OK(status)) {
1252 TALLOC_FREE(session);
1253 return status;
1254 }
1255
1256 session->local_id = global->session_global_id;
1257
1258 local_rec = smbXsrv_session_local_fetch_locked(
1259 table->local.db_ctx,
1260 session->local_id,
1261 session /* TALLOC_CTX */);
1262 if (local_rec == NULL) {
1263 TALLOC_FREE(session);
1264 return NT_STATUS_NO_MEMORY;
1265 }
1266
1267 val = dbwrap_record_get_value(local_rec);
1268 if (val.dsize != 0) {
1269 TALLOC_FREE(session);
1270 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1271 }
1272 } else {
1273
1274 status = smb1srv_session_local_allocate_id(table->local.db_ctx,
1275 table->local.lowest_id,
1276 table->local.highest_id,
1277 session,
1278 &local_rec,
1279 &session->local_id);
1280 if (!NT_STATUS_IS_OK(status)) {
1281 TALLOC_FREE(session);
1282 return status;
1283 }
1284
1285 global->session_wire_id = session->local_id;
1286 }
1287
1288 global->creation_time = now;
1289 global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
1290
1291 status = smbXsrv_session_add_channel(session, conn, &channel);
1292 if (!NT_STATUS_IS_OK(status)) {
1293 TALLOC_FREE(session);
1294 return status;
1295 }
1296
1297 ptr = session;
1298 val = make_tdb_data((uint8_t const *)&ptr, sizeof(ptr));
1299 status = dbwrap_record_store(local_rec, val, TDB_REPLACE);
1300 TALLOC_FREE(local_rec);
1301 if (!NT_STATUS_IS_OK(status)) {
1302 TALLOC_FREE(session);
1303 return status;
1304 }
1305 table->local.num_sessions += 1;
1306
1307 talloc_set_destructor(session, smbXsrv_session_destructor);
1308
1309 status = smbXsrv_session_global_store(global);
1310 if (!NT_STATUS_IS_OK(status)) {
1311 DEBUG(0,("smbXsrv_session_create: "
1312 "global_id (0x%08x) store failed - %s\n",
1313 session->global->session_global_id,
1314 nt_errstr(status)));
1315 TALLOC_FREE(session);
1316 return status;
1317 }
1318
1319 if (DEBUGLVL(10)) {
1320 struct smbXsrv_sessionB session_blob;
1321
1322 ZERO_STRUCT(session_blob);
1323 session_blob.version = SMBXSRV_VERSION_0;
1324 session_blob.info.info0 = session;
1325
1326 DEBUG(10,("smbXsrv_session_create: global_id (0x%08x) stored\n",
1327 session->global->session_global_id));
1328 NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1329 }
1330
1331 *_session = session;
1332 return NT_STATUS_OK;
1333 }
1334
1335 NTSTATUS smbXsrv_session_add_channel(struct smbXsrv_session *session,
1336 struct smbXsrv_connection *conn,
1337 struct smbXsrv_channel_global0 **_c)
1338 {
1339 struct smbXsrv_session_global0 *global = session->global;
1340 struct smbXsrv_channel_global0 *c = NULL;
1341
1342 if (global->num_channels > 31) {
1343 /*
1344 * Windows 2012 and 2012R2 allow up to 32 channels
1345 */
1346 return NT_STATUS_INSUFFICIENT_RESOURCES;
1347 }
1348
1349 c = talloc_realloc(global,
1350 global->channels,
1351 struct smbXsrv_channel_global0,
1352 global->num_channels + 1);
1353 if (c == NULL) {
1354 return NT_STATUS_NO_MEMORY;
1355 }
1356 global->channels = c;
1357
1358 c = &global->channels[global->num_channels];
1359 ZERO_STRUCTP(c);
1360
1361 c->server_id = messaging_server_id(conn->msg_ctx);
1362 c->local_address = tsocket_address_string(conn->local_address,
1363 global->channels);
1364 if (c->local_address == NULL) {
1365 return NT_STATUS_NO_MEMORY;
1366 }
1367 c->remote_address = tsocket_address_string(conn->remote_address,
1368 global->channels);
1369 if (c->remote_address == NULL) {
1370 return NT_STATUS_NO_MEMORY;
1371 }
1372 c->remote_name = talloc_strdup(global->channels,
1373 conn->remote_hostname);
1374 if (c->remote_name == NULL) {
1375 return NT_STATUS_NO_MEMORY;
1376 }
1377 c->connection = conn;
1378
1379 global->num_channels += 1;
1380
1381 *_c = c;
1382 return NT_STATUS_OK;
1383 }
1384
1385 NTSTATUS smbXsrv_session_update(struct smbXsrv_session *session)
1386 {
1387 struct smbXsrv_session_table *table = session->table;
1388 NTSTATUS status;
1389
1390 if (session->global->db_rec != NULL) {
1391 DEBUG(0, ("smbXsrv_session_update(0x%08x): "
1392 "Called with db_rec != NULL'\n",
1393 session->global->session_global_id));
1394 return NT_STATUS_INTERNAL_ERROR;
1395 }
1396
1397 session->global->db_rec = smbXsrv_session_global_fetch_locked(
1398 table->global.db_ctx,
1399 session->global->session_global_id,
1400 session->global /* TALLOC_CTX */);
1401 if (session->global->db_rec == NULL) {
1402 return NT_STATUS_INTERNAL_DB_ERROR;
1403 }
1404
1405 status = smbXsrv_session_global_store(session->global);
1406 if (!NT_STATUS_IS_OK(status)) {
1407 DEBUG(0,("smbXsrv_session_update: "
1408 "global_id (0x%08x) store failed - %s\n",
1409 session->global->session_global_id,
1410 nt_errstr(status)));
1411 return status;
1412 }
1413
1414 if (DEBUGLVL(10)) {
1415 struct smbXsrv_sessionB session_blob;
1416
1417 ZERO_STRUCT(session_blob);
1418 session_blob.version = SMBXSRV_VERSION_0;
1419 session_blob.info.info0 = session;
1420
1421 DEBUG(10,("smbXsrv_session_update: global_id (0x%08x) stored\n",
1422 session->global->session_global_id));
1423 NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1424 }
1425
1426 return NT_STATUS_OK;
1427 }
1428
1429 NTSTATUS smbXsrv_session_find_channel(const struct smbXsrv_session *session,
1430 const struct smbXsrv_connection *conn,
1431 struct smbXsrv_channel_global0 **_c)
1432 {
1433 uint32_t i;
1434
1435 for (i=0; i < session->global->num_channels; i++) {
1436 struct smbXsrv_channel_global0 *c = &session->global->channels[i];
1437
1438 if (c->connection == conn) {
1439 *_c = c;
1440 return NT_STATUS_OK;
1441 }
1442 }
1443
1444 return NT_STATUS_USER_SESSION_DELETED;
1445 }
1446
1447 NTSTATUS smbXsrv_session_find_auth(const struct smbXsrv_session *session,
1448 const struct smbXsrv_connection *conn,
1449 NTTIME now,
1450 struct smbXsrv_session_auth0 **_a)
1451 {
1452 struct smbXsrv_session_auth0 *a;
1453
1454 for (a = session->pending_auth; a != NULL; a = a->next) {
1455 if (a->connection == conn) {
1456 if (now != 0) {
1457 a->idle_time = now;
1458 }
1459 *_a = a;
1460 return NT_STATUS_OK;
1461 }
1462 }
1463
1464 return NT_STATUS_USER_SESSION_DELETED;
1465 }
1466
1467 static int smbXsrv_session_auth0_destructor(struct smbXsrv_session_auth0 *a)
1468 {
1469 if (a->session == NULL) {
1470 return 0;
1471 }
1472
1473 DLIST_REMOVE(a->session->pending_auth, a);
1474 a->session = NULL;
1475 return 0;
1476 }
1477
1478 NTSTATUS smbXsrv_session_create_auth(struct smbXsrv_session *session,
1479 struct smbXsrv_connection *conn,
1480 NTTIME now,
1481 uint8_t in_flags,
1482 uint8_t in_security_mode,
1483 struct smbXsrv_session_auth0 **_a)
1484 {
1485 struct smbXsrv_session_auth0 *a;
1486 NTSTATUS status;
1487
1488 status = smbXsrv_session_find_auth(session, conn, 0, &a);
1489 if (NT_STATUS_IS_OK(status)) {
1490 return NT_STATUS_INTERNAL_ERROR;
1491 }
1492
1493 a = talloc_zero(session, struct smbXsrv_session_auth0);
1494 if (a == NULL) {
1495 return NT_STATUS_NO_MEMORY;
1496 }
1497 a->session = session;
1498 a->connection = conn;
1499 a->in_flags = in_flags;
1500 a->in_security_mode = in_security_mode;
1501 a->creation_time = now;
1502 a->idle_time = now;
1503
1504 if (conn->protocol >= PROTOCOL_SMB3_10) {
1505 a->preauth = talloc(a, struct smbXsrv_preauth);
1506 if (a->preauth == NULL) {
1507 TALLOC_FREE(session);
1508 return NT_STATUS_NO_MEMORY;
1509 }
1510 *a->preauth = conn->smb2.preauth;
1511 }
1512
1513 talloc_set_destructor(a, smbXsrv_session_auth0_destructor);
1514 DLIST_ADD_END(session->pending_auth, a);
1515
1516 *_a = a;
1517 return NT_STATUS_OK;
1518 }
1519
1520 struct smb2srv_session_shutdown_state {
1521 struct tevent_queue *wait_queue;
1522 };
1523
1524 static void smb2srv_session_shutdown_wait_done(struct tevent_req *subreq);
1525
1526 struct tevent_req *smb2srv_session_shutdown_send(TALLOC_CTX *mem_ctx,
1527 struct tevent_context *ev,
1528 struct smbXsrv_session *session,
1529 struct smbd_smb2_request *current_req)
1530 {
1531 struct tevent_req *req;
1532 struct smb2srv_session_shutdown_state *state;
1533 struct tevent_req *subreq;
1534 struct smbXsrv_connection *xconn = NULL;
1535 size_t len = 0;
1536
1537 /*
1538 * Make sure that no new request will be able to use this session.
1539 */
1540 session->status = NT_STATUS_USER_SESSION_DELETED;
1541
1542 req = tevent_req_create(mem_ctx, &state,
1543 struct smb2srv_session_shutdown_state);
1544 if (req == NULL) {
1545 return NULL;
1546 }
1547
1548 state->wait_queue = tevent_queue_create(state, "smb2srv_session_shutdown_queue");
1549 if (tevent_req_nomem(state->wait_queue, req)) {
1550 return tevent_req_post(req, ev);
1551 }
1552
1553 for (xconn = session->client->connections; xconn != NULL; xconn = xconn->next) {
1554 struct smbd_smb2_request *preq;
1555
1556 for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
1557 if (preq == current_req) {
1558 /* Can't cancel current request. */
1559 continue;
1560 }
1561 if (preq->session != session) {
1562 /* Request on different session. */
1563 continue;
1564 }
1565
1566 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
1567 preq->session = NULL;
1568 /*
1569 * If we no longer have a session we can't
1570 * sign or encrypt replies.
1571 */
1572 preq->do_signing = false;
1573 preq->do_encryption = false;
1574 preq->preauth = NULL;
1575
1576 if (preq->subreq != NULL) {
1577 tevent_req_cancel(preq->subreq);
1578 }
1579 continue;
1580 }
1581
1582 /*
1583 * Never cancel anything in a compound
1584 * request. Way too hard to deal with
1585 * the result.
1586 */
1587 if (!preq->compound_related && preq->subreq != NULL) {
1588 tevent_req_cancel(preq->subreq);
1589 }
1590
1591 /*
1592 * Now wait until the request is finished.
1593 *
1594 * We don't set a callback, as we just want to block the
1595 * wait queue and the talloc_free() of the request will
1596 * remove the item from the wait queue.
1597 */
1598 subreq = tevent_queue_wait_send(preq, ev, state->wait_queue);
1599 if (tevent_req_nomem(subreq, req)) {
1600 return tevent_req_post(req, ev);
1601 }
1602 }
1603 }
1604
1605 len = tevent_queue_length(state->wait_queue);
1606 if (len == 0) {
1607 tevent_req_done(req);
1608 return tevent_req_post(req, ev);
1609 }
1610
1611 /*
1612 * Now we add our own waiter to the end of the queue,
1613 * this way we get notified when all pending requests are finished
1614 * and send to the socket.
1615 */
1616 subreq = tevent_queue_wait_send(state, ev, state->wait_queue);
1617 if (tevent_req_nomem(subreq, req)) {
1618 return tevent_req_post(req, ev);
1619 }
1620 tevent_req_set_callback(subreq, smb2srv_session_shutdown_wait_done, req);
1621
1622 return req;
1623 }
1624
1625 static void smb2srv_session_shutdown_wait_done(struct tevent_req *subreq)
1626 {
1627 struct tevent_req *req =
1628 tevent_req_callback_data(subreq,
1629 struct tevent_req);
1630
1631 tevent_queue_wait_recv(subreq);
1632 TALLOC_FREE(subreq);
1633
1634 tevent_req_done(req);
1635 }
1636
1637 NTSTATUS smb2srv_session_shutdown_recv(struct tevent_req *req)
1638 {
1639 return tevent_req_simple_recv_ntstatus(req);
1640 }
1641
1642 NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session)
1643 {
1644 struct smbXsrv_session_table *table;
1645 struct db_record *local_rec = NULL;
1646 struct db_record *global_rec = NULL;
1647 struct smbd_server_connection *sconn = NULL;
1648 NTSTATUS status;
1649 NTSTATUS error = NT_STATUS_OK;
1650
1651 if (session->table == NULL) {
1652 return NT_STATUS_OK;
1653 }
1654
1655 table = session->table;
1656 session->table = NULL;
1657
1658 sconn = session->client->sconn;
1659 session->client = NULL;
1660 session->status = NT_STATUS_USER_SESSION_DELETED;
1661
1662 global_rec = session->global->db_rec;
1663 session->global->db_rec = NULL;
1664 if (global_rec == NULL) {
1665 global_rec = smbXsrv_session_global_fetch_locked(
1666 table->global.db_ctx,
1667 session->global->session_global_id,
1668 session->global /* TALLOC_CTX */);
1669 if (global_rec == NULL) {
1670 error = NT_STATUS_INTERNAL_ERROR;
1671 }
1672 }
1673
1674 if (global_rec != NULL) {
1675 status = dbwrap_record_delete(global_rec);
1676 if (!NT_STATUS_IS_OK(status)) {
1677 TDB_DATA key = dbwrap_record_get_key(global_rec);
1678
1679 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1680 "failed to delete global key '%s': %s\n",
1681 session->global->session_global_id,
1682 hex_encode_talloc(global_rec, key.dptr,
1683 key.dsize),
1684 nt_errstr(status)));
1685 error = status;
1686 }
1687 }
1688 TALLOC_FREE(global_rec);
1689
1690 local_rec = session->db_rec;
1691 if (local_rec == NULL) {
1692 local_rec = smbXsrv_session_local_fetch_locked(
1693 table->local.db_ctx,
1694 session->local_id,
1695 session /* TALLOC_CTX */);
1696 if (local_rec == NULL) {
1697 error = NT_STATUS_INTERNAL_ERROR;
1698 }
1699 }
1700
1701 if (local_rec != NULL) {
1702 status = dbwrap_record_delete(local_rec);
1703 if (!NT_STATUS_IS_OK(status)) {
1704 TDB_DATA key = dbwrap_record_get_key(local_rec);
1705
1706 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1707 "failed to delete local key '%s': %s\n",
1708 session->global->session_global_id,
1709 hex_encode_talloc(local_rec, key.dptr,
1710 key.dsize),
1711 nt_errstr(status)));
1712 error = status;
1713 }
1714 table->local.num_sessions -= 1;
1715 }
1716 if (session->db_rec == NULL) {
1717 TALLOC_FREE(local_rec);
1718 }
1719 session->db_rec = NULL;
1720
1721 if (session->compat) {
1722 file_close_user(sconn, session->compat->vuid);
1723 }
1724
1725 if (session->tcon_table != NULL) {
1726 /*
1727 * Note: We only have a tcon_table for SMB2.
1728 */
1729 status = smb2srv_tcon_disconnect_all(session);
1730 if (!NT_STATUS_IS_OK(status)) {
1731 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1732 "smb2srv_tcon_disconnect_all() failed: %s\n",
1733 session->global->session_global_id,
1734 nt_errstr(status)));
1735 error = status;
1736 }
1737 }
1738
1739 if (session->compat) {
1740 invalidate_vuid(sconn, session->compat->vuid);
1741 session->compat = NULL;
1742 }
1743
1744 return error;
1745 }
1746
1747 struct smbXsrv_session_logoff_all_state {
1748 NTSTATUS first_status;
1749 int errors;
1750 };
1751
1752 static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1753 void *private_data);
1754
1755 NTSTATUS smbXsrv_session_logoff_all(struct smbXsrv_connection *conn)
1756 {
1757 struct smbXsrv_session_table *table = conn->client->session_table;
1758 struct smbXsrv_session_logoff_all_state state;
1759 NTSTATUS status;
1760 int count = 0;
1761
1762 if (table == NULL) {
1763 DEBUG(10, ("smbXsrv_session_logoff_all: "
1764 "empty session_table, nothing to do.\n"));
1765 return NT_STATUS_OK;
1766 }
1767
1768 ZERO_STRUCT(state);
1769
1770 status = dbwrap_traverse(table->local.db_ctx,
1771 smbXsrv_session_logoff_all_callback,
1772 &state, &count);
1773 if (!NT_STATUS_IS_OK(status)) {
1774 DEBUG(0, ("smbXsrv_session_logoff_all: "
1775 "dbwrap_traverse() failed: %s\n",
1776 nt_errstr(status)));
1777 return status;
1778 }
1779
1780 if (!NT_STATUS_IS_OK(state.first_status)) {
1781 DEBUG(0, ("smbXsrv_session_logoff_all: "
1782 "count[%d] errors[%d] first[%s]\n",
1783 count, state.errors,
1784 nt_errstr(state.first_status)));
1785 return state.first_status;
1786 }
1787
1788 return NT_STATUS_OK;
1789 }
1790
1791 static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1792 void *private_data)
1793 {
1794 struct smbXsrv_session_logoff_all_state *state =
1795 (struct smbXsrv_session_logoff_all_state *)private_data;
1796 TDB_DATA val;
1797 void *ptr = NULL;
1798 struct smbXsrv_session *session = NULL;
1799 NTSTATUS status;
1800
1801 val = dbwrap_record_get_value(local_rec);
1802 if (val.dsize != sizeof(ptr)) {
1803 status = NT_STATUS_INTERNAL_ERROR;
1804 if (NT_STATUS_IS_OK(state->first_status)) {
1805 state->first_status = status;
1806 }
1807 state->errors++;
1808 return 0;
1809 }
1810
1811 memcpy(&ptr, val.dptr, val.dsize);
1812 session = talloc_get_type_abort(ptr, struct smbXsrv_session);
1813
1814 session->db_rec = local_rec;
1815
1816 status = smbXsrv_session_clear_and_logoff(session);
1817 if (!NT_STATUS_IS_OK(status)) {
1818 if (NT_STATUS_IS_OK(state->first_status)) {
1819 state->first_status = status;
1820 }
1821 state->errors++;
1822 return 0;
1823 }
1824
1825 return 0;
1826 }
1827
1828 NTSTATUS smb1srv_session_table_init(struct smbXsrv_connection *conn)
1829 {
1830 /*
1831 * Allow a range from 1..65534 with 65534 values.
1832 */
1833 return smbXsrv_session_table_init(conn, 1, UINT16_MAX - 1,
1834 UINT16_MAX - 1);
1835 }
1836
1837 NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
1838 uint16_t vuid, NTTIME now,
1839 struct smbXsrv_session **session)
1840 {
1841 struct smbXsrv_session_table *table = conn->client->session_table;
1842 uint32_t local_id = vuid;
1843
1844 return smbXsrv_session_local_lookup(table, conn, local_id, now,
1845 session);
1846 }
1847
1848 NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn)
1849 {
1850 /*
1851 * Allow a range from 1..4294967294 with 65534 (same as SMB1) values.
1852 */
1853 return smbXsrv_session_table_init(conn, 1, UINT32_MAX - 1,
1854 UINT16_MAX - 1);
1855 }
1856
1857 static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
1858 /* conn: optional */
1859 struct smbXsrv_connection *conn,
1860 uint64_t session_id, NTTIME now,
1861 struct smbXsrv_session **session)
1862 {
1863 uint32_t local_id = session_id & UINT32_MAX;
1864 uint64_t local_zeros = session_id & 0xFFFFFFFF00000000LLU;
1865
1866 if (local_zeros != 0) {
1867 return NT_STATUS_USER_SESSION_DELETED;
1868 }
1869
1870 return smbXsrv_session_local_lookup(table, conn, local_id, now,
1871 session);
1872 }
1873
1874 NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn,
1875 uint64_t session_id, NTTIME now,
1876 struct smbXsrv_session **session)
1877 {
1878 struct smbXsrv_session_table *table = conn->client->session_table;
1879 return smb2srv_session_lookup_raw(table, conn, session_id, now,
1880 session);
1881 }
1882
1883 NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client,
1884 uint64_t session_id, NTTIME now,
1885 struct smbXsrv_session **session)
1886 {
1887 struct smbXsrv_session_table *table = client->session_table;
1888 return smb2srv_session_lookup_raw(table, NULL, session_id, now,
1889 session);
1890 }
1891
1892 struct smbXsrv_session_global_traverse_state {
1893 int (*fn)(struct smbXsrv_session_global0 *, void *);
1894 void *private_data;
1895 };
1896
1897 static int smbXsrv_session_global_traverse_fn(struct db_record *rec, void *data)
1898 {
1899 int ret = -1;
1900 struct smbXsrv_session_global_traverse_state *state =
1901 (struct smbXsrv_session_global_traverse_state*)data;
1902 TDB_DATA key = dbwrap_record_get_key(rec);
1903 TDB_DATA val = dbwrap_record_get_value(rec);
1904 DATA_BLOB blob = data_blob_const(val.dptr, val.dsize);
1905 struct smbXsrv_session_globalB global_blob;
1906 enum ndr_err_code ndr_err;
1907 TALLOC_CTX *frame = talloc_stackframe();
1908
1909 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
1910 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
1911 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1912 DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:"
1913 "key '%s' ndr_pull_struct_blob - %s\n",
1914 hex_encode_talloc(frame, key.dptr, key.dsize),
1915 ndr_errstr(ndr_err)));
1916 goto done;
1917 }
1918
1919 if (global_blob.version != SMBXSRV_VERSION_0) {
1920 DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:"
1921 "key '%s' unsupported version - %d\n",
1922 hex_encode_talloc(frame, key.dptr, key.dsize),
1923 (int)global_blob.version));
1924 goto done;
1925 }
1926
1927 global_blob.info.info0->db_rec = rec;
1928 ret = state->fn(global_blob.info.info0, state->private_data);
1929 done:
1930 TALLOC_FREE(frame);
1931 return ret;
1932 }
1933
1934 NTSTATUS smbXsrv_session_global_traverse(
1935 int (*fn)(struct smbXsrv_session_global0 *, void *),
1936 void *private_data)
1937 {
1938
1939 NTSTATUS status;
1940 int count = 0;
1941 struct smbXsrv_session_global_traverse_state state = {
1942 .fn = fn,
1943 .private_data = private_data,
1944 };
1945
1946 become_root();
1947 status = smbXsrv_session_global_init(NULL);
1948 if (!NT_STATUS_IS_OK(status)) {
1949 unbecome_root();
1950 DEBUG(0, ("Failed to initialize session_global: %s\n",
1951 nt_errstr(status)));
1952 return status;
1953 }
1954
1955 status = dbwrap_traverse_read(smbXsrv_session_global_db_ctx,
1956 smbXsrv_session_global_traverse_fn,
1957 &state,
1958 &count);
1959 unbecome_root();
1960
1961 return status;
1962 }
Samba GIT mirror