search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove the old chain_reply code
[Samba/ekacnet.git] / source3 / smbd / process.c
blob0c076b3a53555110e0c1bebdc630136d52b574d6
1 /*
2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/globals.h"
23
24 extern bool global_machine_password_needs_changing;
25
26 static void construct_reply_common(struct smb_request *req, const char *inbuf,
27 char *outbuf);
28
29 /* Accessor function for smb_read_error for smbd functions. */
30
31 /****************************************************************************
32 Send an smb to a fd.
33 ****************************************************************************/
34
35 bool srv_send_smb(int fd, char *buffer, bool do_encrypt)
36 {
37 size_t len;
38 size_t nwritten=0;
39 ssize_t ret;
40 char *buf_out = buffer;
41
42 /* Sign the outgoing packet if required. */
43 srv_calculate_sign_mac(buf_out);
44
45 if (do_encrypt) {
46 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
47 if (!NT_STATUS_IS_OK(status)) {
48 DEBUG(0, ("send_smb: SMB encryption failed "
49 "on outgoing packet! Error %s\n",
50 nt_errstr(status) ));
51 return false;
52 }
53 }
54
55 len = smb_len(buf_out) + 4;
56
57 while (nwritten < len) {
58 ret = write_data(fd,buf_out+nwritten,len - nwritten);
59 if (ret <= 0) {
60 DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
61 (int)len,(int)ret, strerror(errno) ));
62 srv_free_enc_buffer(buf_out);
63 return false;
64 }
65 nwritten += ret;
66 }
67
68 srv_free_enc_buffer(buf_out);
69 return true;
70 }
71
72 /*******************************************************************
73 Setup the word count and byte count for a smb message.
74 ********************************************************************/
75
76 int srv_set_message(char *buf,
77 int num_words,
78 int num_bytes,
79 bool zero)
80 {
81 if (zero && (num_words || num_bytes)) {
82 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
83 }
84 SCVAL(buf,smb_wct,num_words);
85 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
86 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
87 return (smb_size + num_words*2 + num_bytes);
88 }
89
90 static bool valid_smb_header(const uint8_t *inbuf)
91 {
92 if (is_encrypted_packet(inbuf)) {
93 return true;
94 }
95 /*
96 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
97 * but it just looks weird to call strncmp for this one.
98 */
99 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
100 }
101
102 /* Socket functions for smbd packet processing. */
103
104 static bool valid_packet_size(size_t len)
105 {
106 /*
107 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
108 * of header. Don't print the error if this fits.... JRA.
109 */
110
111 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
112 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
113 (unsigned long)len));
114 return false;
115 }
116 return true;
117 }
118
119 static NTSTATUS read_packet_remainder(int fd, char *buffer,
120 unsigned int timeout, ssize_t len)
121 {
122 if (len <= 0) {
123 return NT_STATUS_OK;
124 }
125
126 return read_socket_with_timeout(fd, buffer, len, len, timeout, NULL);
127 }
128
129 /****************************************************************************
130 Attempt a zerocopy writeX read. We know here that len > smb_size-4
131 ****************************************************************************/
132
133 /*
134 * Unfortunately, earlier versions of smbclient/libsmbclient
135 * don't send this "standard" writeX header. I've fixed this
136 * for 3.2 but we'll use the old method with earlier versions.
137 * Windows and CIFSFS at least use this standard size. Not
138 * sure about MacOSX.
139 */
140
141 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
142 (2*14) + /* word count (including bcc) */ \
143 1 /* pad byte */)
144
145 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
146 const char lenbuf[4],
147 int fd, char **buffer,
148 unsigned int timeout,
149 size_t *p_unread,
150 size_t *len_ret)
151 {
152 /* Size of a WRITEX call (+4 byte len). */
153 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
154 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
155 ssize_t toread;
156 NTSTATUS status;
157
158 memcpy(writeX_header, lenbuf, 4);
159
160 status = read_socket_with_timeout(
161 fd, writeX_header + 4,
162 STANDARD_WRITE_AND_X_HEADER_SIZE,
163 STANDARD_WRITE_AND_X_HEADER_SIZE,
164 timeout, NULL);
165
166 if (!NT_STATUS_IS_OK(status)) {
167 return status;
168 }
169
170 /*
171 * Ok - now try and see if this is a possible
172 * valid writeX call.
173 */
174
175 if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
176 /*
177 * If the data offset is beyond what
178 * we've read, drain the extra bytes.
179 */
180 uint16_t doff = SVAL(writeX_header,smb_vwv11);
181 ssize_t newlen;
182
183 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
184 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
185 if (drain_socket(smbd_server_fd(), drain) != drain) {
186 smb_panic("receive_smb_raw_talloc_partial_read:"
187 " failed to drain pending bytes");
188 }
189 } else {
190 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
191 }
192
193 /* Spoof down the length and null out the bcc. */
194 set_message_bcc(writeX_header, 0);
195 newlen = smb_len(writeX_header);
196
197 /* Copy the header we've written. */
198
199 *buffer = (char *)TALLOC_MEMDUP(mem_ctx,
200 writeX_header,
201 sizeof(writeX_header));
202
203 if (*buffer == NULL) {
204 DEBUG(0, ("Could not allocate inbuf of length %d\n",
205 (int)sizeof(writeX_header)));
206 return NT_STATUS_NO_MEMORY;
207 }
208
209 /* Work out the remaining bytes. */
210 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
211 *len_ret = newlen + 4;
212 return NT_STATUS_OK;
213 }
214
215 if (!valid_packet_size(len)) {
216 return NT_STATUS_INVALID_PARAMETER;
217 }
218
219 /*
220 * Not a valid writeX call. Just do the standard
221 * talloc and return.
222 */
223
224 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
225
226 if (*buffer == NULL) {
227 DEBUG(0, ("Could not allocate inbuf of length %d\n",
228 (int)len+4));
229 return NT_STATUS_NO_MEMORY;
230 }
231
232 /* Copy in what we already read. */
233 memcpy(*buffer,
234 writeX_header,
235 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
236 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
237
238 if(toread > 0) {
239 status = read_packet_remainder(
240 fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
241 timeout, toread);
242
243 if (!NT_STATUS_IS_OK(status)) {
244 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
245 nt_errstr(status)));
246 return status;
247 }
248 }
249
250 *len_ret = len + 4;
251 return NT_STATUS_OK;
252 }
253
254 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
255 char **buffer, unsigned int timeout,
256 size_t *p_unread, size_t *plen)
257 {
258 char lenbuf[4];
259 size_t len;
260 int min_recv_size = lp_min_receive_file_size();
261 NTSTATUS status;
262
263 *p_unread = 0;
264
265 status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
266 if (!NT_STATUS_IS_OK(status)) {
267 DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
268 return status;
269 }
270
271 if (CVAL(lenbuf,0) == 0 &&
272 min_recv_size &&
273 smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */
274 !srv_is_signing_active()) {
275
276 return receive_smb_raw_talloc_partial_read(
277 mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
278 }
279
280 if (!valid_packet_size(len)) {
281 return NT_STATUS_INVALID_PARAMETER;
282 }
283
284 /*
285 * The +4 here can't wrap, we've checked the length above already.
286 */
287
288 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
289
290 if (*buffer == NULL) {
291 DEBUG(0, ("Could not allocate inbuf of length %d\n",
292 (int)len+4));
293 return NT_STATUS_NO_MEMORY;
294 }
295
296 memcpy(*buffer, lenbuf, sizeof(lenbuf));
297
298 status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
299 if (!NT_STATUS_IS_OK(status)) {
300 return status;
301 }
302
303 *plen = len + 4;
304 return NT_STATUS_OK;
305 }
306
307 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd,
308 char **buffer, unsigned int timeout,
309 size_t *p_unread, bool *p_encrypted,
310 size_t *p_len)
311 {
312 size_t len = 0;
313 NTSTATUS status;
314
315 *p_encrypted = false;
316
317 status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
318 p_unread, &len);
319 if (!NT_STATUS_IS_OK(status)) {
320 return status;
321 }
322
323 if (is_encrypted_packet((uint8_t *)*buffer)) {
324 status = srv_decrypt_buffer(*buffer);
325 if (!NT_STATUS_IS_OK(status)) {
326 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
327 "incoming packet! Error %s\n",
328 nt_errstr(status) ));
329 return status;
330 }
331 *p_encrypted = true;
332 }
333
334 /* Check the incoming SMB signature. */
335 if (!srv_check_sign_mac(*buffer, true)) {
336 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
337 "incoming packet!\n"));
338 return NT_STATUS_INVALID_NETWORK_RESPONSE;
339 }
340
341 *p_len = len;
342 return NT_STATUS_OK;
343 }
344
345 /*
346 * Initialize a struct smb_request from an inbuf
347 */
348
349 void init_smb_request(struct smb_request *req,
350 const uint8 *inbuf,
351 size_t unread_bytes,
352 bool encrypted)
353 {
354 size_t req_size = smb_len(inbuf) + 4;
355 /* Ensure we have at least smb_size bytes. */
356 if (req_size < smb_size) {
357 DEBUG(0,("init_smb_request: invalid request size %u\n",
358 (unsigned int)req_size ));
359 exit_server_cleanly("Invalid SMB request");
360 }
361 req->cmd = CVAL(inbuf, smb_com);
362 req->flags2 = SVAL(inbuf, smb_flg2);
363 req->smbpid = SVAL(inbuf, smb_pid);
364 req->mid = SVAL(inbuf, smb_mid);
365 req->vuid = SVAL(inbuf, smb_uid);
366 req->tid = SVAL(inbuf, smb_tid);
367 req->wct = CVAL(inbuf, smb_wct);
368 req->vwv = (uint16_t *)(inbuf+smb_vwv);
369 req->buflen = smb_buflen(inbuf);
370 req->buf = (const uint8_t *)smb_buf(inbuf);
371 req->unread_bytes = unread_bytes;
372 req->encrypted = encrypted;
373 req->conn = conn_find(req->tid);
374 req->chain_fsp = NULL;
375 req->chain_outbuf = NULL;
376
377 /* Ensure we have at least wct words and 2 bytes of bcc. */
378 if (smb_size + req->wct*2 > req_size) {
379 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
380 (unsigned int)req->wct,
381 (unsigned int)req_size));
382 exit_server_cleanly("Invalid SMB request");
383 }
384 /* Ensure bcc is correct. */
385 if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) {
386 DEBUG(0,("init_smb_request: invalid bcc number %u "
387 "(wct = %u, size %u)\n",
388 (unsigned int)req->buflen,
389 (unsigned int)req->wct,
390 (unsigned int)req_size));
391 exit_server_cleanly("Invalid SMB request");
392 }
393 req->outbuf = NULL;
394 }
395
396 static void process_smb(struct smbd_server_connection *conn,
397 uint8_t *inbuf, size_t nread, size_t unread_bytes,
398 bool encrypted);
399
400 static void smbd_deferred_open_timer(struct event_context *ev,
401 struct timed_event *te,
402 struct timeval _tval,
403 void *private_data)
404 {
405 struct pending_message_list *msg = talloc_get_type(private_data,
406 struct pending_message_list);
407 TALLOC_CTX *mem_ctx = talloc_tos();
408 uint8_t *inbuf;
409
410 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
411 msg->buf.length);
412 if (inbuf == NULL) {
413 exit_server("smbd_deferred_open_timer: talloc failed\n");
414 return;
415 }
416
417 /* We leave this message on the queue so the open code can
418 know this is a retry. */
419 DEBUG(5,("smbd_deferred_open_timer: trigger mid %u.\n",
420 (unsigned int)SVAL(msg->buf.data,smb_mid)));
421
422 process_smb(smbd_server_conn, inbuf,
423 msg->buf.length, 0,
424 msg->encrypted);
425 }
426
427 /****************************************************************************
428 Function to push a message onto the tail of a linked list of smb messages ready
429 for processing.
430 ****************************************************************************/
431
432 static bool push_queued_message(struct smb_request *req,
433 struct timeval request_time,
434 struct timeval end_time,
435 char *private_data, size_t private_len)
436 {
437 int msg_len = smb_len(req->inbuf) + 4;
438 struct pending_message_list *msg;
439
440 msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
441
442 if(msg == NULL) {
443 DEBUG(0,("push_message: malloc fail (1)\n"));
444 return False;
445 }
446
447 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
448 if(msg->buf.data == NULL) {
449 DEBUG(0,("push_message: malloc fail (2)\n"));
450 TALLOC_FREE(msg);
451 return False;
452 }
453
454 msg->request_time = request_time;
455 msg->encrypted = req->encrypted;
456
457 if (private_data) {
458 msg->private_data = data_blob_talloc(msg, private_data,
459 private_len);
460 if (msg->private_data.data == NULL) {
461 DEBUG(0,("push_message: malloc fail (3)\n"));
462 TALLOC_FREE(msg);
463 return False;
464 }
465 }
466
467 msg->te = event_add_timed(smbd_event_context(),
468 msg,
469 end_time,
470 smbd_deferred_open_timer,
471 msg);
472 if (!msg->te) {
473 DEBUG(0,("push_message: event_add_timed failed\n"));
474 TALLOC_FREE(msg);
475 return false;
476 }
477
478 DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
479
480 DEBUG(10,("push_message: pushed message length %u on "
481 "deferred_open_queue\n", (unsigned int)msg_len));
482
483 return True;
484 }
485
486 /****************************************************************************
487 Function to delete a sharing violation open message by mid.
488 ****************************************************************************/
489
490 void remove_deferred_open_smb_message(uint16 mid)
491 {
492 struct pending_message_list *pml;
493
494 for (pml = deferred_open_queue; pml; pml = pml->next) {
495 if (mid == SVAL(pml->buf.data,smb_mid)) {
496 DEBUG(10,("remove_sharing_violation_open_smb_message: "
497 "deleting mid %u len %u\n",
498 (unsigned int)mid,
499 (unsigned int)pml->buf.length ));
500 DLIST_REMOVE(deferred_open_queue, pml);
501 TALLOC_FREE(pml);
502 return;
503 }
504 }
505 }
506
507 /****************************************************************************
508 Move a sharing violation open retry message to the front of the list and
509 schedule it for immediate processing.
510 ****************************************************************************/
511
512 void schedule_deferred_open_smb_message(uint16 mid)
513 {
514 struct pending_message_list *pml;
515 int i = 0;
516
517 for (pml = deferred_open_queue; pml; pml = pml->next) {
518 uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
519
520 DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
521 (unsigned int)msg_mid ));
522
523 if (mid == msg_mid) {
524 struct timed_event *te;
525
526 DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
527 mid ));
528
529 te = event_add_timed(smbd_event_context(),
530 pml,
531 timeval_zero(),
532 smbd_deferred_open_timer,
533 pml);
534 if (!te) {
535 DEBUG(10,("schedule_deferred_open_smb_message: "
536 "event_add_timed() failed, skipping mid %u\n",
537 mid ));
538 }
539
540 TALLOC_FREE(pml->te);
541 pml->te = te;
542 DLIST_PROMOTE(deferred_open_queue, pml);
543 return;
544 }
545 }
546
547 DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
548 mid ));
549 }
550
551 /****************************************************************************
552 Return true if this mid is on the deferred queue.
553 ****************************************************************************/
554
555 bool open_was_deferred(uint16 mid)
556 {
557 struct pending_message_list *pml;
558
559 for (pml = deferred_open_queue; pml; pml = pml->next) {
560 if (SVAL(pml->buf.data,smb_mid) == mid) {
561 return True;
562 }
563 }
564 return False;
565 }
566
567 /****************************************************************************
568 Return the message queued by this mid.
569 ****************************************************************************/
570
571 struct pending_message_list *get_open_deferred_message(uint16 mid)
572 {
573 struct pending_message_list *pml;
574
575 for (pml = deferred_open_queue; pml; pml = pml->next) {
576 if (SVAL(pml->buf.data,smb_mid) == mid) {
577 return pml;
578 }
579 }
580 return NULL;
581 }
582
583 /****************************************************************************
584 Function to push a deferred open smb message onto a linked list of local smb
585 messages ready for processing.
586 ****************************************************************************/
587
588 bool push_deferred_smb_message(struct smb_request *req,
589 struct timeval request_time,
590 struct timeval timeout,
591 char *private_data, size_t priv_len)
592 {
593 struct timeval end_time;
594
595 if (req->unread_bytes) {
596 DEBUG(0,("push_deferred_smb_message: logic error ! "
597 "unread_bytes = %u\n",
598 (unsigned int)req->unread_bytes ));
599 smb_panic("push_deferred_smb_message: "
600 "logic error unread_bytes != 0" );
601 }
602
603 end_time = timeval_sum(&request_time, &timeout);
604
605 DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
606 "timeout time [%u.%06u]\n",
607 (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
608 (unsigned int)end_time.tv_sec,
609 (unsigned int)end_time.tv_usec));
610
611 return push_queued_message(req, request_time, end_time,
612 private_data, priv_len);
613 }
614
615 struct idle_event {
616 struct timed_event *te;
617 struct timeval interval;
618 char *name;
619 bool (*handler)(const struct timeval *now, void *private_data);
620 void *private_data;
621 };
622
623 static void smbd_idle_event_handler(struct event_context *ctx,
624 struct timed_event *te,
625 struct timeval now,
626 void *private_data)
627 {
628 struct idle_event *event =
629 talloc_get_type_abort(private_data, struct idle_event);
630
631 TALLOC_FREE(event->te);
632
633 DEBUG(10,("smbd_idle_event_handler: %s %p called\n",
634 event->name, event->te));
635
636 if (!event->handler(&now, event->private_data)) {
637 DEBUG(10,("smbd_idle_event_handler: %s %p stopped\n",
638 event->name, event->te));
639 /* Don't repeat, delete ourselves */
640 TALLOC_FREE(event);
641 return;
642 }
643
644 DEBUG(10,("smbd_idle_event_handler: %s %p rescheduled\n",
645 event->name, event->te));
646
647 event->te = event_add_timed(ctx, event,
648 timeval_sum(&now, &event->interval),
649 smbd_idle_event_handler, event);
650
651 /* We can't do much but fail here. */
652 SMB_ASSERT(event->te != NULL);
653 }
654
655 struct idle_event *event_add_idle(struct event_context *event_ctx,
656 TALLOC_CTX *mem_ctx,
657 struct timeval interval,
658 const char *name,
659 bool (*handler)(const struct timeval *now,
660 void *private_data),
661 void *private_data)
662 {
663 struct idle_event *result;
664 struct timeval now = timeval_current();
665
666 result = TALLOC_P(mem_ctx, struct idle_event);
667 if (result == NULL) {
668 DEBUG(0, ("talloc failed\n"));
669 return NULL;
670 }
671
672 result->interval = interval;
673 result->handler = handler;
674 result->private_data = private_data;
675
676 if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
677 DEBUG(0, ("talloc failed\n"));
678 TALLOC_FREE(result);
679 return NULL;
680 }
681
682 result->te = event_add_timed(event_ctx, result,
683 timeval_sum(&now, &interval),
684 smbd_idle_event_handler, result);
685 if (result->te == NULL) {
686 DEBUG(0, ("event_add_timed failed\n"));
687 TALLOC_FREE(result);
688 return NULL;
689 }
690
691 DEBUG(10,("event_add_idle: %s %p\n", result->name, result->te));
692 return result;
693 }
694
695 /****************************************************************************
696 Do all async processing in here. This includes kernel oplock messages, change
697 notify events etc.
698 ****************************************************************************/
699
700 static void async_processing(fd_set *pfds)
701 {
702 DEBUG(10,("async_processing: Doing async processing.\n"));
703
704 process_aio_queue();
705
706 process_kernel_oplocks(smbd_messaging_context(), pfds);
707
708 /* Do the aio check again after receive_local_message as it does a
709 select and may have eaten our signal. */
710 /* Is this till true? -- vl */
711 process_aio_queue();
712
713 if (got_sig_term) {
714 exit_server_cleanly("termination signal");
715 }
716
717 /* check for sighup processing */
718 if (reload_after_sighup) {
719 change_to_root_user();
720 DEBUG(1,("Reloading services after SIGHUP\n"));
721 reload_services(False);
722 reload_after_sighup = 0;
723 }
724 }
725
726 /****************************************************************************
727 Add a fd to the set we will be select(2)ing on.
728 ****************************************************************************/
729
730 static int select_on_fd(int fd, int maxfd, fd_set *fds)
731 {
732 if (fd != -1) {
733 FD_SET(fd, fds);
734 maxfd = MAX(maxfd, fd);
735 }
736
737 return maxfd;
738 }
739
740 /****************************************************************************
741 Do a select on an two fd's - with timeout.
742
743 If a local udp message has been pushed onto the
744 queue (this can only happen during oplock break
745 processing) call async_processing()
746
747 If a pending smb message has been pushed onto the
748 queue (this can only happen during oplock break
749 processing) return this next.
750
751 If the first smbfd is ready then read an smb from it.
752 if the second (loopback UDP) fd is ready then read a message
753 from it and setup the buffer header to identify the length
754 and from address.
755 Returns False on timeout or error.
756 Else returns True.
757
758 The timeout is in milliseconds
759 ****************************************************************************/
760
761 static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *conn)
762 {
763 fd_set r_fds, w_fds;
764 int selrtn;
765 struct timeval to;
766 int maxfd = 0;
767
768 to.tv_sec = SMBD_SELECT_TIMEOUT;
769 to.tv_usec = 0;
770
771 /*
772 * Note that this call must be before processing any SMB
773 * messages as we need to synchronously process any messages
774 * we may have sent to ourselves from the previous SMB.
775 */
776 message_dispatch(smbd_messaging_context());
777
778 /*
779 * Setup the select fd sets.
780 */
781
782 FD_ZERO(&r_fds);
783 FD_ZERO(&w_fds);
784
785 /*
786 * Ensure we process oplock break messages by preference.
787 * We have to do this before the select, after the select
788 * and if the select returns EINTR. This is due to the fact
789 * that the selects called from async_processing can eat an EINTR
790 * caused by a signal (we can't take the break message there).
791 * This is hideously complex - *MUST* be simplified for 3.0 ! JRA.
792 */
793
794 if (oplock_message_waiting(&r_fds)) {
795 DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n"));
796 async_processing(&r_fds);
797 /*
798 * After async processing we must go and do the select again, as
799 * the state of the flag in fds for the server file descriptor is
800 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
801 */
802 return NT_STATUS_RETRY;
803 }
804
805 /*
806 * Are there any timed events waiting ? If so, ensure we don't
807 * select for longer than it would take to wait for them.
808 */
809
810 {
811 struct timeval now;
812 GetTimeOfDay(&now);
813
814 event_add_to_select_args(smbd_event_context(), &now,
815 &r_fds, &w_fds, &to, &maxfd);
816 }
817
818 if (timeval_is_zero(&to)) {
819 /* Process a timed event now... */
820 if (run_events(smbd_event_context(), 0, NULL, NULL)) {
821 return NT_STATUS_RETRY;
822 }
823 }
824
825 {
826 int sav;
827 START_PROFILE(smbd_idle);
828
829 maxfd = select_on_fd(oplock_notify_fd(), maxfd, &r_fds);
830
831 selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
832 sav = errno;
833
834 END_PROFILE(smbd_idle);
835 errno = sav;
836 }
837
838 if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
839 return NT_STATUS_RETRY;
840 }
841
842 /* if we get EINTR then maybe we have received an oplock
843 signal - treat this as select returning 1. This is ugly, but
844 is the best we can do until the oplock code knows more about
845 signals */
846 if (selrtn == -1 && errno == EINTR) {
847 async_processing(&r_fds);
848 /*
849 * After async processing we must go and do the select again, as
850 * the state of the flag in fds for the server file descriptor is
851 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
852 */
853 return NT_STATUS_RETRY;
854 }
855
856 /* Check if error */
857 if (selrtn == -1) {
858 /* something is wrong. Maybe the socket is dead? */
859 return map_nt_error_from_unix(errno);
860 }
861
862 /* Did we timeout ? */
863 if (selrtn == 0) {
864 return NT_STATUS_RETRY;
865 }
866
867 /*
868 * Ensure we process oplock break messages by preference.
869 * This is IMPORTANT ! Otherwise we can starve other processes
870 * sending us an oplock break message. JRA.
871 */
872
873 if (oplock_message_waiting(&r_fds)) {
874 async_processing(&r_fds);
875 /*
876 * After async processing we must go and do the select again, as
877 * the state of the flag in fds for the server file descriptor is
878 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
879 */
880 return NT_STATUS_RETRY;
881 }
882
883 /*
884 * We've just woken up from a protentially long select sleep.
885 * Ensure we process local messages as we need to synchronously
886 * process any messages from other smbd's to avoid file rename race
887 * conditions. This call is cheap if there are no messages waiting.
888 * JRA.
889 */
890 message_dispatch(smbd_messaging_context());
891
892 return NT_STATUS_OK;
893 }
894
895 /*
896 * Only allow 5 outstanding trans requests. We're allocating memory, so
897 * prevent a DoS.
898 */
899
900 NTSTATUS allow_new_trans(struct trans_state *list, int mid)
901 {
902 int count = 0;
903 for (; list != NULL; list = list->next) {
904
905 if (list->mid == mid) {
906 return NT_STATUS_INVALID_PARAMETER;
907 }
908
909 count += 1;
910 }
911 if (count > 5) {
912 return NT_STATUS_INSUFFICIENT_RESOURCES;
913 }
914
915 return NT_STATUS_OK;
916 }
917
918 /****************************************************************************
919 We're terminating and have closed all our files/connections etc.
920 If there are any pending local messages we need to respond to them
921 before termination so that other smbds don't think we just died whilst
922 holding oplocks.
923 ****************************************************************************/
924
925 void respond_to_all_remaining_local_messages(void)
926 {
927 /*
928 * Assert we have no exclusive open oplocks.
929 */
930
931 if(get_number_of_exclusive_open_oplocks()) {
932 DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
933 get_number_of_exclusive_open_oplocks() ));
934 return;
935 }
936
937 process_kernel_oplocks(smbd_messaging_context(), NULL);
938
939 return;
940 }
941
942
943 /*
944 These flags determine some of the permissions required to do an operation
945
946 Note that I don't set NEED_WRITE on some write operations because they
947 are used by some brain-dead clients when printing, and I don't want to
948 force write permissions on print services.
949 */
950 #define AS_USER (1<<0)
951 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
952 #define TIME_INIT (1<<2)
953 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
954 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
955 #define DO_CHDIR (1<<6)
956
957 /*
958 define a list of possible SMB messages and their corresponding
959 functions. Any message that has a NULL function is unimplemented -
960 please feel free to contribute implementations!
961 */
962 static const struct smb_message_struct {
963 const char *name;
964 void (*fn)(struct smb_request *req);
965 int flags;
966 } smb_messages[256] = {
967
968 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
969 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
970 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
971 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
972 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
973 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
974 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
975 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
976 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
977 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
978 /* 0x0a */ { "SMBread",reply_read,AS_USER},
979 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
980 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
981 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
982 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
983 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
984 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
985 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
986 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
987 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
988 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
989 /* 0x15 */ { NULL, NULL, 0 },
990 /* 0x16 */ { NULL, NULL, 0 },
991 /* 0x17 */ { NULL, NULL, 0 },
992 /* 0x18 */ { NULL, NULL, 0 },
993 /* 0x19 */ { NULL, NULL, 0 },
994 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
995 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
996 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
997 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
998 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
999 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1000 /* 0x20 */ { "SMBwritec", NULL,0},
1001 /* 0x21 */ { NULL, NULL, 0 },
1002 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1003 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1004 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1005 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1006 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1007 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1008 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1009 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1010 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1011 /* 0x2b */ { "SMBecho",reply_echo,0},
1012 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1013 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1014 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1015 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1016 /* 0x30 */ { NULL, NULL, 0 },
1017 /* 0x31 */ { NULL, NULL, 0 },
1018 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1019 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER},
1020 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1021 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1022 /* 0x36 */ { NULL, NULL, 0 },
1023 /* 0x37 */ { NULL, NULL, 0 },
1024 /* 0x38 */ { NULL, NULL, 0 },
1025 /* 0x39 */ { NULL, NULL, 0 },
1026 /* 0x3a */ { NULL, NULL, 0 },
1027 /* 0x3b */ { NULL, NULL, 0 },
1028 /* 0x3c */ { NULL, NULL, 0 },
1029 /* 0x3d */ { NULL, NULL, 0 },
1030 /* 0x3e */ { NULL, NULL, 0 },
1031 /* 0x3f */ { NULL, NULL, 0 },
1032 /* 0x40 */ { NULL, NULL, 0 },
1033 /* 0x41 */ { NULL, NULL, 0 },
1034 /* 0x42 */ { NULL, NULL, 0 },
1035 /* 0x43 */ { NULL, NULL, 0 },
1036 /* 0x44 */ { NULL, NULL, 0 },
1037 /* 0x45 */ { NULL, NULL, 0 },
1038 /* 0x46 */ { NULL, NULL, 0 },
1039 /* 0x47 */ { NULL, NULL, 0 },
1040 /* 0x48 */ { NULL, NULL, 0 },
1041 /* 0x49 */ { NULL, NULL, 0 },
1042 /* 0x4a */ { NULL, NULL, 0 },
1043 /* 0x4b */ { NULL, NULL, 0 },
1044 /* 0x4c */ { NULL, NULL, 0 },
1045 /* 0x4d */ { NULL, NULL, 0 },
1046 /* 0x4e */ { NULL, NULL, 0 },
1047 /* 0x4f */ { NULL, NULL, 0 },
1048 /* 0x50 */ { NULL, NULL, 0 },
1049 /* 0x51 */ { NULL, NULL, 0 },
1050 /* 0x52 */ { NULL, NULL, 0 },
1051 /* 0x53 */ { NULL, NULL, 0 },
1052 /* 0x54 */ { NULL, NULL, 0 },
1053 /* 0x55 */ { NULL, NULL, 0 },
1054 /* 0x56 */ { NULL, NULL, 0 },
1055 /* 0x57 */ { NULL, NULL, 0 },
1056 /* 0x58 */ { NULL, NULL, 0 },
1057 /* 0x59 */ { NULL, NULL, 0 },
1058 /* 0x5a */ { NULL, NULL, 0 },
1059 /* 0x5b */ { NULL, NULL, 0 },
1060 /* 0x5c */ { NULL, NULL, 0 },
1061 /* 0x5d */ { NULL, NULL, 0 },
1062 /* 0x5e */ { NULL, NULL, 0 },
1063 /* 0x5f */ { NULL, NULL, 0 },
1064 /* 0x60 */ { NULL, NULL, 0 },
1065 /* 0x61 */ { NULL, NULL, 0 },
1066 /* 0x62 */ { NULL, NULL, 0 },
1067 /* 0x63 */ { NULL, NULL, 0 },
1068 /* 0x64 */ { NULL, NULL, 0 },
1069 /* 0x65 */ { NULL, NULL, 0 },
1070 /* 0x66 */ { NULL, NULL, 0 },
1071 /* 0x67 */ { NULL, NULL, 0 },
1072 /* 0x68 */ { NULL, NULL, 0 },
1073 /* 0x69 */ { NULL, NULL, 0 },
1074 /* 0x6a */ { NULL, NULL, 0 },
1075 /* 0x6b */ { NULL, NULL, 0 },
1076 /* 0x6c */ { NULL, NULL, 0 },
1077 /* 0x6d */ { NULL, NULL, 0 },
1078 /* 0x6e */ { NULL, NULL, 0 },
1079 /* 0x6f */ { NULL, NULL, 0 },
1080 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1081 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1082 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1083 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1084 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1085 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1086 /* 0x76 */ { NULL, NULL, 0 },
1087 /* 0x77 */ { NULL, NULL, 0 },
1088 /* 0x78 */ { NULL, NULL, 0 },
1089 /* 0x79 */ { NULL, NULL, 0 },
1090 /* 0x7a */ { NULL, NULL, 0 },
1091 /* 0x7b */ { NULL, NULL, 0 },
1092 /* 0x7c */ { NULL, NULL, 0 },
1093 /* 0x7d */ { NULL, NULL, 0 },
1094 /* 0x7e */ { NULL, NULL, 0 },
1095 /* 0x7f */ { NULL, NULL, 0 },
1096 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1097 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1098 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1099 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1100 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1101 /* 0x85 */ { NULL, NULL, 0 },
1102 /* 0x86 */ { NULL, NULL, 0 },
1103 /* 0x87 */ { NULL, NULL, 0 },
1104 /* 0x88 */ { NULL, NULL, 0 },
1105 /* 0x89 */ { NULL, NULL, 0 },
1106 /* 0x8a */ { NULL, NULL, 0 },
1107 /* 0x8b */ { NULL, NULL, 0 },
1108 /* 0x8c */ { NULL, NULL, 0 },
1109 /* 0x8d */ { NULL, NULL, 0 },
1110 /* 0x8e */ { NULL, NULL, 0 },
1111 /* 0x8f */ { NULL, NULL, 0 },
1112 /* 0x90 */ { NULL, NULL, 0 },
1113 /* 0x91 */ { NULL, NULL, 0 },
1114 /* 0x92 */ { NULL, NULL, 0 },
1115 /* 0x93 */ { NULL, NULL, 0 },
1116 /* 0x94 */ { NULL, NULL, 0 },
1117 /* 0x95 */ { NULL, NULL, 0 },
1118 /* 0x96 */ { NULL, NULL, 0 },
1119 /* 0x97 */ { NULL, NULL, 0 },
1120 /* 0x98 */ { NULL, NULL, 0 },
1121 /* 0x99 */ { NULL, NULL, 0 },
1122 /* 0x9a */ { NULL, NULL, 0 },
1123 /* 0x9b */ { NULL, NULL, 0 },
1124 /* 0x9c */ { NULL, NULL, 0 },
1125 /* 0x9d */ { NULL, NULL, 0 },
1126 /* 0x9e */ { NULL, NULL, 0 },
1127 /* 0x9f */ { NULL, NULL, 0 },
1128 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1129 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1130 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1131 /* 0xa3 */ { NULL, NULL, 0 },
1132 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1133 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1134 /* 0xa6 */ { NULL, NULL, 0 },
1135 /* 0xa7 */ { NULL, NULL, 0 },
1136 /* 0xa8 */ { NULL, NULL, 0 },
1137 /* 0xa9 */ { NULL, NULL, 0 },
1138 /* 0xaa */ { NULL, NULL, 0 },
1139 /* 0xab */ { NULL, NULL, 0 },
1140 /* 0xac */ { NULL, NULL, 0 },
1141 /* 0xad */ { NULL, NULL, 0 },
1142 /* 0xae */ { NULL, NULL, 0 },
1143 /* 0xaf */ { NULL, NULL, 0 },
1144 /* 0xb0 */ { NULL, NULL, 0 },
1145 /* 0xb1 */ { NULL, NULL, 0 },
1146 /* 0xb2 */ { NULL, NULL, 0 },
1147 /* 0xb3 */ { NULL, NULL, 0 },
1148 /* 0xb4 */ { NULL, NULL, 0 },
1149 /* 0xb5 */ { NULL, NULL, 0 },
1150 /* 0xb6 */ { NULL, NULL, 0 },
1151 /* 0xb7 */ { NULL, NULL, 0 },
1152 /* 0xb8 */ { NULL, NULL, 0 },
1153 /* 0xb9 */ { NULL, NULL, 0 },
1154 /* 0xba */ { NULL, NULL, 0 },
1155 /* 0xbb */ { NULL, NULL, 0 },
1156 /* 0xbc */ { NULL, NULL, 0 },
1157 /* 0xbd */ { NULL, NULL, 0 },
1158 /* 0xbe */ { NULL, NULL, 0 },
1159 /* 0xbf */ { NULL, NULL, 0 },
1160 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1161 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1162 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1163 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1164 /* 0xc4 */ { NULL, NULL, 0 },
1165 /* 0xc5 */ { NULL, NULL, 0 },
1166 /* 0xc6 */ { NULL, NULL, 0 },
1167 /* 0xc7 */ { NULL, NULL, 0 },
1168 /* 0xc8 */ { NULL, NULL, 0 },
1169 /* 0xc9 */ { NULL, NULL, 0 },
1170 /* 0xca */ { NULL, NULL, 0 },
1171 /* 0xcb */ { NULL, NULL, 0 },
1172 /* 0xcc */ { NULL, NULL, 0 },
1173 /* 0xcd */ { NULL, NULL, 0 },
1174 /* 0xce */ { NULL, NULL, 0 },
1175 /* 0xcf */ { NULL, NULL, 0 },
1176 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1177 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1178 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1179 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1180 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1181 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1182 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1183 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1184 /* 0xd8 */ { NULL, NULL, 0 },
1185 /* 0xd9 */ { NULL, NULL, 0 },
1186 /* 0xda */ { NULL, NULL, 0 },
1187 /* 0xdb */ { NULL, NULL, 0 },
1188 /* 0xdc */ { NULL, NULL, 0 },
1189 /* 0xdd */ { NULL, NULL, 0 },
1190 /* 0xde */ { NULL, NULL, 0 },
1191 /* 0xdf */ { NULL, NULL, 0 },
1192 /* 0xe0 */ { NULL, NULL, 0 },
1193 /* 0xe1 */ { NULL, NULL, 0 },
1194 /* 0xe2 */ { NULL, NULL, 0 },
1195 /* 0xe3 */ { NULL, NULL, 0 },
1196 /* 0xe4 */ { NULL, NULL, 0 },
1197 /* 0xe5 */ { NULL, NULL, 0 },
1198 /* 0xe6 */ { NULL, NULL, 0 },
1199 /* 0xe7 */ { NULL, NULL, 0 },
1200 /* 0xe8 */ { NULL, NULL, 0 },
1201 /* 0xe9 */ { NULL, NULL, 0 },
1202 /* 0xea */ { NULL, NULL, 0 },
1203 /* 0xeb */ { NULL, NULL, 0 },
1204 /* 0xec */ { NULL, NULL, 0 },
1205 /* 0xed */ { NULL, NULL, 0 },
1206 /* 0xee */ { NULL, NULL, 0 },
1207 /* 0xef */ { NULL, NULL, 0 },
1208 /* 0xf0 */ { NULL, NULL, 0 },
1209 /* 0xf1 */ { NULL, NULL, 0 },
1210 /* 0xf2 */ { NULL, NULL, 0 },
1211 /* 0xf3 */ { NULL, NULL, 0 },
1212 /* 0xf4 */ { NULL, NULL, 0 },
1213 /* 0xf5 */ { NULL, NULL, 0 },
1214 /* 0xf6 */ { NULL, NULL, 0 },
1215 /* 0xf7 */ { NULL, NULL, 0 },
1216 /* 0xf8 */ { NULL, NULL, 0 },
1217 /* 0xf9 */ { NULL, NULL, 0 },
1218 /* 0xfa */ { NULL, NULL, 0 },
1219 /* 0xfb */ { NULL, NULL, 0 },
1220 /* 0xfc */ { NULL, NULL, 0 },
1221 /* 0xfd */ { NULL, NULL, 0 },
1222 /* 0xfe */ { NULL, NULL, 0 },
1223 /* 0xff */ { NULL, NULL, 0 }
1224
1225 };
1226
1227 /*******************************************************************
1228 allocate and initialize a reply packet
1229 ********************************************************************/
1230
1231 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1232 const char *inbuf, char **outbuf, uint8_t num_words,
1233 uint32_t num_bytes)
1234 {
1235 /*
1236 * Protect against integer wrap
1237 */
1238 if ((num_bytes > 0xffffff)
1239 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1240 char *msg;
1241 if (asprintf(&msg, "num_bytes too large: %u",
1242 (unsigned)num_bytes) == -1) {
1243 msg = CONST_DISCARD(char *, "num_bytes too large");
1244 }
1245 smb_panic(msg);
1246 }
1247
1248 *outbuf = TALLOC_ARRAY(mem_ctx, char,
1249 smb_size + num_words*2 + num_bytes);
1250 if (*outbuf == NULL) {
1251 return false;
1252 }
1253
1254 construct_reply_common(req, inbuf, *outbuf);
1255 srv_set_message(*outbuf, num_words, num_bytes, false);
1256 /*
1257 * Zero out the word area, the caller has to take care of the bcc area
1258 * himself
1259 */
1260 if (num_words != 0) {
1261 memset(*outbuf + smb_vwv0, 0, num_words*2);
1262 }
1263
1264 return true;
1265 }
1266
1267 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1268 {
1269 char *outbuf;
1270 if (!create_outbuf(req, req, (char *)req->inbuf, &outbuf, num_words,
1271 num_bytes)) {
1272 smb_panic("could not allocate output buffer\n");
1273 }
1274 req->outbuf = (uint8_t *)outbuf;
1275 }
1276
1277
1278 /*******************************************************************
1279 Dump a packet to a file.
1280 ********************************************************************/
1281
1282 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1283 {
1284 int fd, i;
1285 char *fname = NULL;
1286 if (DEBUGLEVEL < 50) {
1287 return;
1288 }
1289
1290 if (len < 4) len = smb_len(data)+4;
1291 for (i=1;i<100;i++) {
1292 if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1293 type ? "req" : "resp") == -1) {
1294 return;
1295 }
1296 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1297 if (fd != -1 || errno != EEXIST) break;
1298 }
1299 if (fd != -1) {
1300 ssize_t ret = write(fd, data, len);
1301 if (ret != len)
1302 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1303 close(fd);
1304 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1305 }
1306 SAFE_FREE(fname);
1307 }
1308
1309 /****************************************************************************
1310 Prepare everything for calling the actual request function, and potentially
1311 call the request function via the "new" interface.
1312
1313 Return False if the "legacy" function needs to be called, everything is
1314 prepared.
1315
1316 Return True if we're done.
1317
1318 I know this API sucks, but it is the one with the least code change I could
1319 find.
1320 ****************************************************************************/
1321
1322 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1323 {
1324 int flags;
1325 uint16 session_tag;
1326 connection_struct *conn = NULL;
1327
1328 errno = 0;
1329
1330 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1331 * so subtract 4 from it. */
1332 if (!valid_smb_header(req->inbuf)
1333 || (size < (smb_size - 4))) {
1334 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1335 smb_len(req->inbuf)));
1336 exit_server_cleanly("Non-SMB packet");
1337 }
1338
1339 if (smb_messages[type].fn == NULL) {
1340 DEBUG(0,("Unknown message type %d!\n",type));
1341 smb_dump("Unknown", 1, (char *)req->inbuf, size);
1342 reply_unknown_new(req, type);
1343 return NULL;
1344 }
1345
1346 flags = smb_messages[type].flags;
1347
1348 /* In share mode security we must ignore the vuid. */
1349 session_tag = (lp_security() == SEC_SHARE)
1350 ? UID_FIELD_INVALID : req->vuid;
1351 conn = req->conn;
1352
1353 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1354 (int)sys_getpid(), (unsigned long)conn));
1355
1356 smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1357
1358 /* Ensure this value is replaced in the incoming packet. */
1359 SSVAL(req->inbuf,smb_uid,session_tag);
1360
1361 /*
1362 * Ensure the correct username is in current_user_info. This is a
1363 * really ugly bugfix for problems with multiple session_setup_and_X's
1364 * being done and allowing %U and %G substitutions to work correctly.
1365 * There is a reason this code is done here, don't move it unless you
1366 * know what you're doing... :-).
1367 * JRA.
1368 */
1369
1370 if (session_tag != last_session_tag) {
1371 user_struct *vuser = NULL;
1372
1373 last_session_tag = session_tag;
1374 if(session_tag != UID_FIELD_INVALID) {
1375 vuser = get_valid_user_struct(session_tag);
1376 if (vuser) {
1377 set_current_user_info(
1378 vuser->server_info->sanitized_username,
1379 vuser->server_info->unix_name,
1380 pdb_get_fullname(vuser->server_info
1381 ->sam_account),
1382 pdb_get_domain(vuser->server_info
1383 ->sam_account));
1384 }
1385 }
1386 }
1387
1388 /* Does this call need to be run as the connected user? */
1389 if (flags & AS_USER) {
1390
1391 /* Does this call need a valid tree connection? */
1392 if (!conn) {
1393 /*
1394 * Amazingly, the error code depends on the command
1395 * (from Samba4).
1396 */
1397 if (type == SMBntcreateX) {
1398 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1399 } else {
1400 reply_doserror(req, ERRSRV, ERRinvnid);
1401 }
1402 return NULL;
1403 }
1404
1405 if (!change_to_user(conn,session_tag)) {
1406 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
1407 remove_deferred_open_smb_message(req->mid);
1408 return conn;
1409 }
1410
1411 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1412
1413 /* Does it need write permission? */
1414 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1415 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1416 return conn;
1417 }
1418
1419 /* IPC services are limited */
1420 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1421 reply_doserror(req, ERRSRV,ERRaccess);
1422 return conn;
1423 }
1424 } else {
1425 /* This call needs to be run as root */
1426 change_to_root_user();
1427 }
1428
1429 /* load service specific parameters */
1430 if (conn) {
1431 if (req->encrypted) {
1432 conn->encrypted_tid = true;
1433 /* encrypted required from now on. */
1434 conn->encrypt_level = Required;
1435 } else if (ENCRYPTION_REQUIRED(conn)) {
1436 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1437 exit_server_cleanly("encryption required "
1438 "on connection");
1439 return conn;
1440 }
1441 }
1442
1443 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1444 (flags & (AS_USER|DO_CHDIR)
1445 ?True:False))) {
1446 reply_doserror(req, ERRSRV, ERRaccess);
1447 return conn;
1448 }
1449 conn->num_smb_operations++;
1450 }
1451
1452 /* does this protocol need to be run as guest? */
1453 if ((flags & AS_GUEST)
1454 && (!change_to_guest() ||
1455 !check_access(smbd_server_fd(), lp_hostsallow(-1),
1456 lp_hostsdeny(-1)))) {
1457 reply_doserror(req, ERRSRV, ERRaccess);
1458 return conn;
1459 }
1460
1461 smb_messages[type].fn(req);
1462 return req->conn;
1463 }
1464
1465 /****************************************************************************
1466 Construct a reply to the incoming packet.
1467 ****************************************************************************/
1468
1469 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
1470 {
1471 connection_struct *conn;
1472 struct smb_request *req;
1473
1474 chain_size = 0;
1475
1476 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1477 smb_panic("could not allocate smb_request");
1478 }
1479 init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
1480 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1481
1482 conn = switch_message(req->cmd, req, size);
1483
1484 if (req->unread_bytes) {
1485 /* writeX failed. drain socket. */
1486 if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1487 req->unread_bytes) {
1488 smb_panic("failed to drain pending bytes");
1489 }
1490 req->unread_bytes = 0;
1491 }
1492
1493 if (req->outbuf == NULL) {
1494 return;
1495 }
1496
1497 if (CVAL(req->outbuf,0) == 0) {
1498 show_msg((char *)req->outbuf);
1499 }
1500
1501 if (!srv_send_smb(smbd_server_fd(),
1502 (char *)req->outbuf,
1503 IS_CONN_ENCRYPTED(conn)||req->encrypted)) {
1504 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1505 }
1506
1507 TALLOC_FREE(req);
1508
1509 return;
1510 }
1511
1512 /****************************************************************************
1513 Process an smb from the client
1514 ****************************************************************************/
1515
1516 static void process_smb(struct smbd_server_connection *conn,
1517 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1518 bool encrypted)
1519 {
1520 int msg_type = CVAL(inbuf,0);
1521
1522 DO_PROFILE_INC(smb_count);
1523
1524 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1525 smb_len(inbuf) ) );
1526 DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1527 (int)nread,
1528 (unsigned int)unread_bytes ));
1529
1530 if (msg_type != 0) {
1531 /*
1532 * NetBIOS session request, keepalive, etc.
1533 */
1534 reply_special((char *)inbuf);
1535 goto done;
1536 }
1537
1538 show_msg((char *)inbuf);
1539
1540 construct_reply((char *)inbuf,nread,unread_bytes,encrypted);
1541
1542 trans_num++;
1543
1544 done:
1545 conn->num_requests++;
1546
1547 /* The timeout_processing function isn't run nearly
1548 often enough to implement 'max log size' without
1549 overrunning the size of the file by many megabytes.
1550 This is especially true if we are running at debug
1551 level 10. Checking every 50 SMBs is a nice
1552 tradeoff of performance vs log file size overrun. */
1553
1554 if ((conn->num_requests % 50) == 0 &&
1555 need_to_check_log_size()) {
1556 change_to_root_user();
1557 check_log_size();
1558 }
1559 }
1560
1561 /****************************************************************************
1562 Return a string containing the function name of a SMB command.
1563 ****************************************************************************/
1564
1565 const char *smb_fn_name(int type)
1566 {
1567 const char *unknown_name = "SMBunknown";
1568
1569 if (smb_messages[type].name == NULL)
1570 return(unknown_name);
1571
1572 return(smb_messages[type].name);
1573 }
1574
1575 /****************************************************************************
1576 Helper functions for contruct_reply.
1577 ****************************************************************************/
1578
1579 void add_to_common_flags2(uint32 v)
1580 {
1581 common_flags2 |= v;
1582 }
1583
1584 void remove_from_common_flags2(uint32 v)
1585 {
1586 common_flags2 &= ~v;
1587 }
1588
1589 static void construct_reply_common(struct smb_request *req, const char *inbuf,
1590 char *outbuf)
1591 {
1592 srv_set_message(outbuf,0,0,false);
1593
1594 SCVAL(outbuf, smb_com, req->cmd);
1595 SIVAL(outbuf,smb_rcls,0);
1596 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1597 SSVAL(outbuf,smb_flg2,
1598 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1599 common_flags2);
1600 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1601
1602 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1603 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1604 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1605 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1606 }
1607
1608 void construct_reply_common_req(struct smb_request *req, char *outbuf)
1609 {
1610 construct_reply_common(req, (char *)req->inbuf, outbuf);
1611 }
1612
1613 /*
1614 * How many bytes have we already accumulated up to the current wct field
1615 * offset?
1616 */
1617
1618 size_t req_wct_ofs(struct smb_request *req)
1619 {
1620 size_t buf_size;
1621
1622 if (req->chain_outbuf == NULL) {
1623 return smb_wct - 4;
1624 }
1625 buf_size = talloc_get_size(req->chain_outbuf);
1626 if ((buf_size % 4) != 0) {
1627 buf_size += (4 - (buf_size % 4));
1628 }
1629 return buf_size - 4;
1630 }
1631
1632 /*
1633 * Hack around reply_nterror & friends not being aware of chained requests,
1634 * generating illegal (i.e. wct==0) chain replies.
1635 */
1636
1637 static void fixup_chain_error_packet(struct smb_request *req)
1638 {
1639 uint8_t *outbuf = req->outbuf;
1640 req->outbuf = NULL;
1641 reply_outbuf(req, 2, 0);
1642 memcpy(req->outbuf, outbuf, smb_wct);
1643 TALLOC_FREE(outbuf);
1644 SCVAL(req->outbuf, smb_vwv0, 0xff);
1645 }
1646
1647 /****************************************************************************
1648 Construct a chained reply and add it to the already made reply
1649 ****************************************************************************/
1650
1651 void chain_reply(struct smb_request *req)
1652 {
1653 size_t smblen = smb_len(req->inbuf);
1654 size_t already_used, length_needed;
1655 uint8_t chain_cmd;
1656 uint32_t chain_offset; /* uint32_t to avoid overflow */
1657
1658 uint8_t wct;
1659 uint16_t *vwv;
1660 uint16_t buflen;
1661 uint8_t *buf;
1662
1663 if (IVAL(req->outbuf, smb_rcls) != 0) {
1664 fixup_chain_error_packet(req);
1665 }
1666
1667 /*
1668 * Any of the AndX requests and replies have at least a wct of
1669 * 2. vwv[0] is the next command, vwv[1] is the offset from the
1670 * beginning of the SMB header to the next wct field.
1671 *
1672 * None of the AndX requests put anything valuable in vwv[0] and [1],
1673 * so we can overwrite it here to form the chain.
1674 */
1675
1676 if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
1677 goto error;
1678 }
1679
1680 /*
1681 * Here we assume that this is the end of the chain. For that we need
1682 * to set "next command" to 0xff and the offset to 0. If we later find
1683 * more commands in the chain, this will be overwritten again.
1684 */
1685
1686 SCVAL(req->outbuf, smb_vwv0, 0xff);
1687 SCVAL(req->outbuf, smb_vwv0+1, 0);
1688 SSVAL(req->outbuf, smb_vwv1, 0);
1689
1690 if (req->chain_outbuf == NULL) {
1691 /*
1692 * In req->chain_outbuf we collect all the replies. Start the
1693 * chain by copying in the first reply.
1694 */
1695 req->chain_outbuf = req->outbuf;
1696 req->outbuf = NULL;
1697 } else {
1698 if (!smb_splice_chain(&req->chain_outbuf,
1699 CVAL(req->outbuf, smb_com),
1700 CVAL(req->outbuf, smb_wct),
1701 (uint16_t *)(req->outbuf + smb_vwv),
1702 0, smb_buflen(req->outbuf),
1703 (uint8_t *)smb_buf(req->outbuf))) {
1704 goto error;
1705 }
1706 TALLOC_FREE(req->outbuf);
1707 }
1708
1709 /*
1710 * We use the old request's vwv field to grab the next chained command
1711 * and offset into the chained fields.
1712 */
1713
1714 chain_cmd = CVAL(req->vwv+0, 0);
1715 chain_offset = SVAL(req->vwv+1, 0);
1716
1717 if (chain_cmd == 0xff) {
1718 /*
1719 * End of chain, no more requests from the client. So ship the
1720 * replies.
1721 */
1722 smb_setlen((char *)(req->chain_outbuf),
1723 talloc_get_size(req->chain_outbuf) - 4);
1724 if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf,
1725 IS_CONN_ENCRYPTED(req->conn)
1726 ||req->encrypted)) {
1727 exit_server_cleanly("chain_reply: srv_send_smb "
1728 "failed.");
1729 }
1730 return;
1731 }
1732
1733 /*
1734 * Check if the client tries to fool us. The request so far uses the
1735 * space to the end of the byte buffer in the request just
1736 * processed. The chain_offset can't point into that area. If that was
1737 * the case, we could end up with an endless processing of the chain,
1738 * we would always handle the same request.
1739 */
1740
1741 already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf));
1742 if (chain_offset < already_used) {
1743 goto error;
1744 }
1745
1746 /*
1747 * Next check: Make sure the chain offset does not point beyond the
1748 * overall smb request length.
1749 */
1750
1751 length_needed = chain_offset+1; /* wct */
1752 if (length_needed > smblen) {
1753 goto error;
1754 }
1755
1756 /*
1757 * Now comes the pointer magic. Goal here is to set up req->vwv and
1758 * req->buf correctly again to be able to call the subsequent
1759 * switch_message(). The chain offset (the former vwv[1]) points at
1760 * the new wct field.
1761 */
1762
1763 wct = CVAL(smb_base(req->inbuf), chain_offset);
1764
1765 /*
1766 * Next consistency check: Make the new vwv array fits in the overall
1767 * smb request.
1768 */
1769
1770 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
1771 if (length_needed > smblen) {
1772 goto error;
1773 }
1774 vwv = (uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
1775
1776 /*
1777 * Now grab the new byte buffer....
1778 */
1779
1780 buflen = SVAL(vwv+wct, 0);
1781
1782 /*
1783 * .. and check that it fits.
1784 */
1785
1786 length_needed += buflen;
1787 if (length_needed > smblen) {
1788 goto error;
1789 }
1790 buf = (uint8_t *)(vwv+wct+1);
1791
1792 req->cmd = chain_cmd;
1793 req->wct = wct;
1794 req->vwv = vwv;
1795 req->buflen = buflen;
1796 req->buf = buf;
1797
1798 switch_message(chain_cmd, req, smblen);
1799
1800 if (req->outbuf == NULL) {
1801 /*
1802 * This happens if the chained command has suspended itself or
1803 * if it has called srv_send_smb() itself.
1804 */
1805 return;
1806 }
1807
1808 /*
1809 * We end up here if the chained command was not itself chained or
1810 * suspended, but for example a close() command. We now need to splice
1811 * the chained commands' outbuf into the already built up chain_outbuf
1812 * and ship the result.
1813 */
1814 goto done;
1815
1816 error:
1817 /*
1818 * We end up here if there's any error in the chain syntax. Report a
1819 * DOS error, just like Windows does.
1820 */
1821 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
1822 fixup_chain_error_packet(req);
1823
1824 done:
1825 if (!smb_splice_chain(&req->chain_outbuf,
1826 CVAL(req->outbuf, smb_com),
1827 CVAL(req->outbuf, smb_wct),
1828 (uint16_t *)(req->outbuf + smb_vwv),
1829 0, smb_buflen(req->outbuf),
1830 (uint8_t *)smb_buf(req->outbuf))) {
1831 exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
1832 }
1833 TALLOC_FREE(req->outbuf);
1834
1835 smb_setlen((char *)(req->chain_outbuf),
1836 talloc_get_size(req->chain_outbuf) - 4);
1837
1838 show_msg((char *)(req->chain_outbuf));
1839
1840 if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf,
1841 IS_CONN_ENCRYPTED(req->conn)||req->encrypted)) {
1842 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1843 }
1844 }
1845
1846 /****************************************************************************
1847 Check if services need reloading.
1848 ****************************************************************************/
1849
1850 void check_reload(time_t t)
1851 {
1852 time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
1853
1854 if(last_smb_conf_reload_time == 0) {
1855 last_smb_conf_reload_time = t;
1856 /* Our printing subsystem might not be ready at smbd start up.
1857 Then no printer is available till the first printers check
1858 is performed. A lower initial interval circumvents this. */
1859 if ( printcap_cache_time > 60 )
1860 last_printer_reload_time = t - printcap_cache_time + 60;
1861 else
1862 last_printer_reload_time = t;
1863 }
1864
1865 if (mypid != getpid()) { /* First time or fork happened meanwhile */
1866 /* randomize over 60 second the printcap reload to avoid all
1867 * process hitting cupsd at the same time */
1868 int time_range = 60;
1869
1870 last_printer_reload_time += random() % time_range;
1871 mypid = getpid();
1872 }
1873
1874 if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) {
1875 reload_services(True);
1876 reload_after_sighup = False;
1877 last_smb_conf_reload_time = t;
1878 }
1879
1880 /* 'printcap cache time = 0' disable the feature */
1881
1882 if ( printcap_cache_time != 0 )
1883 {
1884 /* see if it's time to reload or if the clock has been set back */
1885
1886 if ( (t >= last_printer_reload_time+printcap_cache_time)
1887 || (t-last_printer_reload_time < 0) )
1888 {
1889 DEBUG( 3,( "Printcap cache time expired.\n"));
1890 reload_printers();
1891 last_printer_reload_time = t;
1892 }
1893 }
1894 }
1895
1896 static void smbd_server_connection_write_handler(struct smbd_server_connection *conn)
1897 {
1898 /* TODO: make write nonblocking */
1899 }
1900
1901 static void smbd_server_connection_read_handler(struct smbd_server_connection *conn)
1902 {
1903 uint8_t *inbuf = NULL;
1904 size_t inbuf_len = 0;
1905 size_t unread_bytes = 0;
1906 bool encrypted = false;
1907 TALLOC_CTX *mem_ctx = talloc_tos();
1908 NTSTATUS status;
1909
1910 /* TODO: make this completely nonblocking */
1911
1912 status = receive_smb_talloc(mem_ctx, smbd_server_fd(),
1913 (char **)(void *)&inbuf,
1914 0, /* timeout */
1915 &unread_bytes,
1916 &encrypted,
1917 &inbuf_len);
1918 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
1919 goto process;
1920 }
1921 if (NT_STATUS_IS_ERR(status)) {
1922 exit_server_cleanly("failed to receive smb request");
1923 }
1924 if (!NT_STATUS_IS_OK(status)) {
1925 return;
1926 }
1927
1928 process:
1929 process_smb(conn, inbuf, inbuf_len, unread_bytes, encrypted);
1930 }
1931
1932 static void smbd_server_connection_handler(struct event_context *ev,
1933 struct fd_event *fde,
1934 uint16_t flags,
1935 void *private_data)
1936 {
1937 struct smbd_server_connection *conn = talloc_get_type(private_data,
1938 struct smbd_server_connection);
1939
1940 if (flags & EVENT_FD_WRITE) {
1941 smbd_server_connection_write_handler(conn);
1942 } else if (flags & EVENT_FD_READ) {
1943 smbd_server_connection_read_handler(conn);
1944 }
1945 }
1946
1947 /****************************************************************************
1948 Process commands from the client
1949 ****************************************************************************/
1950
1951 void smbd_process(void)
1952 {
1953 /*
1954 * Before the first packet, check the global hosts allow/ hosts deny
1955 * parameters before doing any parsing of packets passed to us by the
1956 * client. This prevents attacks on our parsing code from hosts not in
1957 * the hosts allow list.
1958 */
1959
1960 if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
1961 lp_hostsdeny(-1))) {
1962 char addr[INET6_ADDRSTRLEN];
1963
1964 /*
1965 * send a negative session response "not listening on calling
1966 * name"
1967 */
1968 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1969 DEBUG( 1, ("Connection denied from %s\n",
1970 client_addr(get_client_fd(),addr,sizeof(addr)) ) );
1971 (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
1972 exit_server_cleanly("connection denied");
1973 }
1974
1975 max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
1976
1977 smbd_server_conn = talloc_zero(smbd_event_context(), struct smbd_server_connection);
1978 if (!smbd_server_conn) {
1979 exit_server("failed to create smbd_server_connection");
1980 }
1981 smbd_server_conn->fde = event_add_fd(smbd_event_context(),
1982 smbd_server_conn,
1983 smbd_server_fd(),
1984 EVENT_FD_READ,
1985 smbd_server_connection_handler,
1986 smbd_server_conn);
1987 if (!smbd_server_conn->fde) {
1988 exit_server("failed to create smbd_server_connection fde");
1989 }
1990
1991 while (True) {
1992 NTSTATUS status;
1993 TALLOC_CTX *frame = talloc_stackframe_pool(8192);
1994
1995 errno = 0;
1996
1997 status = smbd_server_connection_loop_once(smbd_server_conn);
1998 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY) &&
1999 !NT_STATUS_IS_OK(status)) {
2000 DEBUG(3, ("smbd_server_connection_loop_once failed: %s,"
2001 " exiting\n", nt_errstr(status)));
2002 return;
2003 }
2004
2005 TALLOC_FREE(frame);
2006 }
2007 }