search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Convert receive_smb_raw_talloc_partial_read to NTSTATUS
[Samba/gebeck_regimport.git] / source3 / smbd / process.c
blob10ef67c2b220739674f8f909d083b18f7c70b98b
1 /*
2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 extern int smb_echo_count;
24
25 static enum smb_read_errors smb_read_error = SMB_READ_OK;
26
27 /*
28 * Size of data we can send to client. Set
29 * by the client for all protocols above CORE.
30 * Set by us for CORE protocol.
31 */
32 int max_send = BUFFER_SIZE;
33 /*
34 * Size of the data we can receive. Set by us.
35 * Can be modified by the max xmit parameter.
36 */
37 int max_recv = BUFFER_SIZE;
38
39 SIG_ATOMIC_T reload_after_sighup = 0;
40 SIG_ATOMIC_T got_sig_term = 0;
41 extern bool global_machine_password_needs_changing;
42 extern int max_send;
43
44 /* Accessor function for smb_read_error for smbd functions. */
45
46 enum smb_read_errors *get_srv_read_error(void)
47 {
48 return &smb_read_error;
49 }
50
51 /****************************************************************************
52 Send an smb to a fd.
53 ****************************************************************************/
54
55 bool srv_send_smb(int fd, char *buffer, bool do_encrypt)
56 {
57 size_t len;
58 size_t nwritten=0;
59 ssize_t ret;
60 char *buf_out = buffer;
61
62 /* Sign the outgoing packet if required. */
63 srv_calculate_sign_mac(buf_out);
64
65 if (do_encrypt) {
66 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
67 if (!NT_STATUS_IS_OK(status)) {
68 DEBUG(0, ("send_smb: SMB encryption failed "
69 "on outgoing packet! Error %s\n",
70 nt_errstr(status) ));
71 return false;
72 }
73 }
74
75 len = smb_len(buf_out) + 4;
76
77 while (nwritten < len) {
78 ret = write_data(fd,buf_out+nwritten,len - nwritten);
79 if (ret <= 0) {
80 DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
81 (int)len,(int)ret, strerror(errno) ));
82 srv_free_enc_buffer(buf_out);
83 return false;
84 }
85 nwritten += ret;
86 }
87
88 srv_free_enc_buffer(buf_out);
89 return true;
90 }
91
92 /*******************************************************************
93 Setup the word count and byte count for a smb message.
94 ********************************************************************/
95
96 int srv_set_message(char *buf,
97 int num_words,
98 int num_bytes,
99 bool zero)
100 {
101 if (zero && (num_words || num_bytes)) {
102 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
103 }
104 SCVAL(buf,smb_wct,num_words);
105 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
106 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
107 return (smb_size + num_words*2 + num_bytes);
108 }
109
110 static bool valid_smb_header(const uint8_t *inbuf)
111 {
112 if (is_encrypted_packet(inbuf)) {
113 return true;
114 }
115 return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
116 }
117
118 /* Socket functions for smbd packet processing. */
119
120 static bool valid_packet_size(size_t len)
121 {
122 /*
123 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
124 * of header. Don't print the error if this fits.... JRA.
125 */
126
127 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
128 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
129 (unsigned long)len));
130 if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
131 return false;
132 }
133 }
134 return true;
135 }
136
137 static NTSTATUS read_packet_remainder(int fd, char *buffer,
138 unsigned int timeout, ssize_t len)
139 {
140 if (len <= 0) {
141 return NT_STATUS_OK;
142 }
143
144 return read_socket_with_timeout_ntstatus(fd, buffer, len, len,
145 timeout, NULL);
146 }
147
148 /****************************************************************************
149 Attempt a zerocopy writeX read. We know here that len > smb_size-4
150 ****************************************************************************/
151
152 /*
153 * Unfortunately, earlier versions of smbclient/libsmbclient
154 * don't send this "standard" writeX header. I've fixed this
155 * for 3.2 but we'll use the old method with earlier versions.
156 * Windows and CIFSFS at least use this standard size. Not
157 * sure about MacOSX.
158 */
159
160 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
161 (2*14) + /* word count (including bcc) */ \
162 1 /* pad byte */)
163
164 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
165 const char lenbuf[4],
166 int fd, char **buffer,
167 unsigned int timeout,
168 size_t *p_unread,
169 size_t *len_ret)
170 {
171 /* Size of a WRITEX call (+4 byte len). */
172 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
173 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
174 ssize_t toread;
175 NTSTATUS status;
176
177 memcpy(writeX_header, lenbuf, sizeof(lenbuf));
178
179 status = read_socket_with_timeout_ntstatus(
180 fd, writeX_header + 4,
181 STANDARD_WRITE_AND_X_HEADER_SIZE,
182 STANDARD_WRITE_AND_X_HEADER_SIZE,
183 timeout, NULL);
184
185 if (!NT_STATUS_IS_OK(status)) {
186 return status;
187 }
188
189 /*
190 * Ok - now try and see if this is a possible
191 * valid writeX call.
192 */
193
194 if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
195 /*
196 * If the data offset is beyond what
197 * we've read, drain the extra bytes.
198 */
199 uint16_t doff = SVAL(writeX_header,smb_vwv11);
200 ssize_t newlen;
201
202 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
203 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
204 if (drain_socket(smbd_server_fd(), drain) != drain) {
205 smb_panic("receive_smb_raw_talloc_partial_read:"
206 " failed to drain pending bytes");
207 }
208 } else {
209 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
210 }
211
212 /* Spoof down the length and null out the bcc. */
213 set_message_bcc(writeX_header, 0);
214 newlen = smb_len(writeX_header);
215
216 /* Copy the header we've written. */
217
218 *buffer = (char *)TALLOC_MEMDUP(mem_ctx,
219 writeX_header,
220 sizeof(writeX_header));
221
222 if (*buffer == NULL) {
223 DEBUG(0, ("Could not allocate inbuf of length %d\n",
224 (int)sizeof(writeX_header)));
225 return NT_STATUS_NO_MEMORY;
226 }
227
228 /* Work out the remaining bytes. */
229 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
230 *len_ret = newlen + 4;
231 return NT_STATUS_OK;
232 }
233
234 if (!valid_packet_size(len)) {
235 return NT_STATUS_INVALID_PARAMETER;
236 }
237
238 /*
239 * Not a valid writeX call. Just do the standard
240 * talloc and return.
241 */
242
243 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
244
245 if (*buffer == NULL) {
246 DEBUG(0, ("Could not allocate inbuf of length %d\n",
247 (int)len+4));
248 return NT_STATUS_NO_MEMORY;
249 }
250
251 /* Copy in what we already read. */
252 memcpy(*buffer,
253 writeX_header,
254 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
255 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
256
257 if(toread > 0) {
258 status = read_packet_remainder(
259 fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
260 timeout, toread);
261
262 if (!NT_STATUS_IS_OK(status)) {
263 return status;
264 }
265 }
266
267 *len_ret = len + 4;
268 return NT_STATUS_OK;
269 }
270
271 static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
272 int fd,
273 char **buffer,
274 unsigned int timeout,
275 size_t *p_unread)
276 {
277 char lenbuf[4];
278 size_t len;
279 int min_recv_size = lp_min_receive_file_size();
280 NTSTATUS status;
281
282 set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
283 *p_unread = 0;
284
285 status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
286 if (!NT_STATUS_IS_OK(status)) {
287 DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
288
289 if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
290 set_smb_read_error(get_srv_read_error(), SMB_READ_EOF);
291 return -1;
292 }
293
294 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
295 set_smb_read_error(get_srv_read_error(),
296 SMB_READ_TIMEOUT);
297 return -1;
298 }
299
300 set_smb_read_error(get_srv_read_error(), SMB_READ_ERROR);
301 return -1;
302 }
303
304 if (CVAL(lenbuf,0) == 0 &&
305 min_recv_size &&
306 smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */
307 !srv_is_signing_active()) {
308
309 status = receive_smb_raw_talloc_partial_read(
310 mem_ctx, lenbuf, fd, buffer, timeout, p_unread, &len);
311
312 if (!NT_STATUS_IS_OK(status)) {
313
314 DEBUG(10, ("receive_smb_raw: %s\n",
315 nt_errstr(status)));
316
317 if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
318 set_smb_read_error(get_srv_read_error(),
319 SMB_READ_EOF);
320 return -1;
321 }
322
323 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
324 set_smb_read_error(get_srv_read_error(),
325 SMB_READ_TIMEOUT);
326 return -1;
327 }
328
329 set_smb_read_error(get_srv_read_error(),
330 SMB_READ_ERROR);
331 return -1;
332 }
333 }
334
335 if (!valid_packet_size(len)) {
336 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
337 return -1;
338 }
339
340 /*
341 * The +4 here can't wrap, we've checked the length above already.
342 */
343
344 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
345
346 if (*buffer == NULL) {
347 DEBUG(0, ("Could not allocate inbuf of length %d\n",
348 (int)len+4));
349 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
350 return -1;
351 }
352
353 memcpy(*buffer, lenbuf, sizeof(lenbuf));
354
355 status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
356 if (!NT_STATUS_IS_OK(status)) {
357 if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
358 set_smb_read_error(get_srv_read_error(),
359 SMB_READ_EOF);
360 return -1;
361 }
362
363 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
364 set_smb_read_error(get_srv_read_error(),
365 SMB_READ_TIMEOUT);
366 return -1;
367 }
368
369 set_smb_read_error(get_srv_read_error(),
370 SMB_READ_ERROR);
371 return -1;
372 }
373
374 return len + 4;
375 }
376
377 static ssize_t receive_smb_talloc(TALLOC_CTX *mem_ctx,
378 int fd,
379 char **buffer,
380 unsigned int timeout,
381 size_t *p_unread,
382 bool *p_encrypted)
383 {
384 ssize_t len;
385
386 *p_encrypted = false;
387
388 len = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout, p_unread);
389
390 if (len < 0) {
391 return -1;
392 }
393
394 if (is_encrypted_packet((uint8_t *)*buffer)) {
395 NTSTATUS status = srv_decrypt_buffer(*buffer);
396 if (!NT_STATUS_IS_OK(status)) {
397 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
398 "incoming packet! Error %s\n",
399 nt_errstr(status) ));
400 cond_set_smb_read_error(get_srv_read_error(),
401 SMB_READ_BAD_DECRYPT);
402 return -1;
403 }
404 *p_encrypted = true;
405 }
406
407 /* Check the incoming SMB signature. */
408 if (!srv_check_sign_mac(*buffer, true)) {
409 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
410 "incoming packet!\n"));
411 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_BAD_SIG);
412 return -1;
413 }
414
415 return len;
416 }
417
418 /*
419 * Initialize a struct smb_request from an inbuf
420 */
421
422 void init_smb_request(struct smb_request *req,
423 const uint8 *inbuf,
424 size_t unread_bytes,
425 bool encrypted)
426 {
427 size_t req_size = smb_len(inbuf) + 4;
428 /* Ensure we have at least smb_size bytes. */
429 if (req_size < smb_size) {
430 DEBUG(0,("init_smb_request: invalid request size %u\n",
431 (unsigned int)req_size ));
432 exit_server_cleanly("Invalid SMB request");
433 }
434 req->flags2 = SVAL(inbuf, smb_flg2);
435 req->smbpid = SVAL(inbuf, smb_pid);
436 req->mid = SVAL(inbuf, smb_mid);
437 req->vuid = SVAL(inbuf, smb_uid);
438 req->tid = SVAL(inbuf, smb_tid);
439 req->wct = CVAL(inbuf, smb_wct);
440 req->unread_bytes = unread_bytes;
441 req->encrypted = encrypted;
442 req->conn = conn_find(req->tid);
443
444 /* Ensure we have at least wct words and 2 bytes of bcc. */
445 if (smb_size + req->wct*2 > req_size) {
446 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
447 (unsigned int)req->wct,
448 (unsigned int)req_size));
449 exit_server_cleanly("Invalid SMB request");
450 }
451 /* Ensure bcc is correct. */
452 if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
453 DEBUG(0,("init_smb_request: invalid bcc number %u "
454 "(wct = %u, size %u)\n",
455 (unsigned int)smb_buflen(inbuf),
456 (unsigned int)req->wct,
457 (unsigned int)req_size));
458 exit_server_cleanly("Invalid SMB request");
459 }
460 req->inbuf = inbuf;
461 req->outbuf = NULL;
462 }
463
464 /****************************************************************************
465 structure to hold a linked list of queued messages.
466 for processing.
467 ****************************************************************************/
468
469 static struct pending_message_list *deferred_open_queue;
470
471 /****************************************************************************
472 Function to push a message onto the tail of a linked list of smb messages ready
473 for processing.
474 ****************************************************************************/
475
476 static bool push_queued_message(struct smb_request *req,
477 struct timeval request_time,
478 struct timeval end_time,
479 char *private_data, size_t private_len)
480 {
481 int msg_len = smb_len(req->inbuf) + 4;
482 struct pending_message_list *msg;
483
484 msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
485
486 if(msg == NULL) {
487 DEBUG(0,("push_message: malloc fail (1)\n"));
488 return False;
489 }
490
491 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
492 if(msg->buf.data == NULL) {
493 DEBUG(0,("push_message: malloc fail (2)\n"));
494 TALLOC_FREE(msg);
495 return False;
496 }
497
498 msg->request_time = request_time;
499 msg->end_time = end_time;
500 msg->encrypted = req->encrypted;
501
502 if (private_data) {
503 msg->private_data = data_blob_talloc(msg, private_data,
504 private_len);
505 if (msg->private_data.data == NULL) {
506 DEBUG(0,("push_message: malloc fail (3)\n"));
507 TALLOC_FREE(msg);
508 return False;
509 }
510 }
511
512 DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
513
514 DEBUG(10,("push_message: pushed message length %u on "
515 "deferred_open_queue\n", (unsigned int)msg_len));
516
517 return True;
518 }
519
520 /****************************************************************************
521 Function to delete a sharing violation open message by mid.
522 ****************************************************************************/
523
524 void remove_deferred_open_smb_message(uint16 mid)
525 {
526 struct pending_message_list *pml;
527
528 for (pml = deferred_open_queue; pml; pml = pml->next) {
529 if (mid == SVAL(pml->buf.data,smb_mid)) {
530 DEBUG(10,("remove_sharing_violation_open_smb_message: "
531 "deleting mid %u len %u\n",
532 (unsigned int)mid,
533 (unsigned int)pml->buf.length ));
534 DLIST_REMOVE(deferred_open_queue, pml);
535 TALLOC_FREE(pml);
536 return;
537 }
538 }
539 }
540
541 /****************************************************************************
542 Move a sharing violation open retry message to the front of the list and
543 schedule it for immediate processing.
544 ****************************************************************************/
545
546 void schedule_deferred_open_smb_message(uint16 mid)
547 {
548 struct pending_message_list *pml;
549 int i = 0;
550
551 for (pml = deferred_open_queue; pml; pml = pml->next) {
552 uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
553 DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
554 (unsigned int)msg_mid ));
555 if (mid == msg_mid) {
556 DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
557 mid ));
558 pml->end_time.tv_sec = 0;
559 pml->end_time.tv_usec = 0;
560 DLIST_PROMOTE(deferred_open_queue, pml);
561 return;
562 }
563 }
564
565 DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
566 mid ));
567 }
568
569 /****************************************************************************
570 Return true if this mid is on the deferred queue.
571 ****************************************************************************/
572
573 bool open_was_deferred(uint16 mid)
574 {
575 struct pending_message_list *pml;
576
577 for (pml = deferred_open_queue; pml; pml = pml->next) {
578 if (SVAL(pml->buf.data,smb_mid) == mid) {
579 return True;
580 }
581 }
582 return False;
583 }
584
585 /****************************************************************************
586 Return the message queued by this mid.
587 ****************************************************************************/
588
589 struct pending_message_list *get_open_deferred_message(uint16 mid)
590 {
591 struct pending_message_list *pml;
592
593 for (pml = deferred_open_queue; pml; pml = pml->next) {
594 if (SVAL(pml->buf.data,smb_mid) == mid) {
595 return pml;
596 }
597 }
598 return NULL;
599 }
600
601 /****************************************************************************
602 Function to push a deferred open smb message onto a linked list of local smb
603 messages ready for processing.
604 ****************************************************************************/
605
606 bool push_deferred_smb_message(struct smb_request *req,
607 struct timeval request_time,
608 struct timeval timeout,
609 char *private_data, size_t priv_len)
610 {
611 struct timeval end_time;
612
613 if (req->unread_bytes) {
614 DEBUG(0,("push_deferred_smb_message: logic error ! "
615 "unread_bytes = %u\n",
616 (unsigned int)req->unread_bytes ));
617 smb_panic("push_deferred_smb_message: "
618 "logic error unread_bytes != 0" );
619 }
620
621 end_time = timeval_sum(&request_time, &timeout);
622
623 DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
624 "timeout time [%u.%06u]\n",
625 (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
626 (unsigned int)end_time.tv_sec,
627 (unsigned int)end_time.tv_usec));
628
629 return push_queued_message(req, request_time, end_time,
630 private_data, priv_len);
631 }
632
633 struct idle_event {
634 struct timed_event *te;
635 struct timeval interval;
636 char *name;
637 bool (*handler)(const struct timeval *now, void *private_data);
638 void *private_data;
639 };
640
641 static void idle_event_handler(struct event_context *ctx,
642 struct timed_event *te,
643 const struct timeval *now,
644 void *private_data)
645 {
646 struct idle_event *event =
647 talloc_get_type_abort(private_data, struct idle_event);
648
649 TALLOC_FREE(event->te);
650
651 if (!event->handler(now, event->private_data)) {
652 /* Don't repeat, delete ourselves */
653 TALLOC_FREE(event);
654 return;
655 }
656
657 event->te = event_add_timed(ctx, event,
658 timeval_sum(now, &event->interval),
659 event->name,
660 idle_event_handler, event);
661
662 /* We can't do much but fail here. */
663 SMB_ASSERT(event->te != NULL);
664 }
665
666 struct idle_event *event_add_idle(struct event_context *event_ctx,
667 TALLOC_CTX *mem_ctx,
668 struct timeval interval,
669 const char *name,
670 bool (*handler)(const struct timeval *now,
671 void *private_data),
672 void *private_data)
673 {
674 struct idle_event *result;
675 struct timeval now = timeval_current();
676
677 result = TALLOC_P(mem_ctx, struct idle_event);
678 if (result == NULL) {
679 DEBUG(0, ("talloc failed\n"));
680 return NULL;
681 }
682
683 result->interval = interval;
684 result->handler = handler;
685 result->private_data = private_data;
686
687 if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
688 DEBUG(0, ("talloc failed\n"));
689 TALLOC_FREE(result);
690 return NULL;
691 }
692
693 result->te = event_add_timed(event_ctx, result,
694 timeval_sum(&now, &interval),
695 result->name,
696 idle_event_handler, result);
697 if (result->te == NULL) {
698 DEBUG(0, ("event_add_timed failed\n"));
699 TALLOC_FREE(result);
700 return NULL;
701 }
702
703 return result;
704 }
705
706 /****************************************************************************
707 Do all async processing in here. This includes kernel oplock messages, change
708 notify events etc.
709 ****************************************************************************/
710
711 static void async_processing(fd_set *pfds)
712 {
713 DEBUG(10,("async_processing: Doing async processing.\n"));
714
715 process_aio_queue();
716
717 process_kernel_oplocks(smbd_messaging_context(), pfds);
718
719 /* Do the aio check again after receive_local_message as it does a
720 select and may have eaten our signal. */
721 /* Is this till true? -- vl */
722 process_aio_queue();
723
724 if (got_sig_term) {
725 exit_server_cleanly("termination signal");
726 }
727
728 /* check for sighup processing */
729 if (reload_after_sighup) {
730 change_to_root_user();
731 DEBUG(1,("Reloading services after SIGHUP\n"));
732 reload_services(False);
733 reload_after_sighup = 0;
734 }
735 }
736
737 /****************************************************************************
738 Add a fd to the set we will be select(2)ing on.
739 ****************************************************************************/
740
741 static int select_on_fd(int fd, int maxfd, fd_set *fds)
742 {
743 if (fd != -1) {
744 FD_SET(fd, fds);
745 maxfd = MAX(maxfd, fd);
746 }
747
748 return maxfd;
749 }
750
751 /****************************************************************************
752 Do a select on an two fd's - with timeout.
753
754 If a local udp message has been pushed onto the
755 queue (this can only happen during oplock break
756 processing) call async_processing()
757
758 If a pending smb message has been pushed onto the
759 queue (this can only happen during oplock break
760 processing) return this next.
761
762 If the first smbfd is ready then read an smb from it.
763 if the second (loopback UDP) fd is ready then read a message
764 from it and setup the buffer header to identify the length
765 and from address.
766 Returns False on timeout or error.
767 Else returns True.
768
769 The timeout is in milliseconds
770 ****************************************************************************/
771
772 static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
773 char **buffer,
774 size_t *buffer_len,
775 int timeout,
776 size_t *p_unread,
777 bool *p_encrypted)
778 {
779 fd_set r_fds, w_fds;
780 int selrtn;
781 struct timeval to;
782 int maxfd = 0;
783 ssize_t len;
784
785 *p_unread = 0;
786 set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
787
788 again:
789
790 if (timeout >= 0) {
791 to.tv_sec = timeout / 1000;
792 to.tv_usec = (timeout % 1000) * 1000;
793 } else {
794 to.tv_sec = SMBD_SELECT_TIMEOUT;
795 to.tv_usec = 0;
796 }
797
798 /*
799 * Note that this call must be before processing any SMB
800 * messages as we need to synchronously process any messages
801 * we may have sent to ourselves from the previous SMB.
802 */
803 message_dispatch(smbd_messaging_context());
804
805 /*
806 * Check to see if we already have a message on the deferred open queue
807 * and it's time to schedule.
808 */
809 if(deferred_open_queue != NULL) {
810 bool pop_message = False;
811 struct pending_message_list *msg = deferred_open_queue;
812
813 if (timeval_is_zero(&msg->end_time)) {
814 pop_message = True;
815 } else {
816 struct timeval tv;
817 SMB_BIG_INT tdif;
818
819 GetTimeOfDay(&tv);
820 tdif = usec_time_diff(&msg->end_time, &tv);
821 if (tdif <= 0) {
822 /* Timed out. Schedule...*/
823 pop_message = True;
824 DEBUG(10,("receive_message_or_smb: queued message timed out.\n"));
825 } else {
826 /* Make a more accurate select timeout. */
827 to.tv_sec = tdif / 1000000;
828 to.tv_usec = tdif % 1000000;
829 DEBUG(10,("receive_message_or_smb: select with timeout of [%u.%06u]\n",
830 (unsigned int)to.tv_sec, (unsigned int)to.tv_usec ));
831 }
832 }
833
834 if (pop_message) {
835
836 *buffer = (char *)talloc_memdup(mem_ctx, msg->buf.data,
837 msg->buf.length);
838 if (*buffer == NULL) {
839 DEBUG(0, ("talloc failed\n"));
840 set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
841 return False;
842 }
843 *buffer_len = msg->buf.length;
844 *p_encrypted = msg->encrypted;
845
846 /* We leave this message on the queue so the open code can
847 know this is a retry. */
848 DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
849 return True;
850 }
851 }
852
853 /*
854 * Setup the select fd sets.
855 */
856
857 FD_ZERO(&r_fds);
858 FD_ZERO(&w_fds);
859
860 /*
861 * Ensure we process oplock break messages by preference.
862 * We have to do this before the select, after the select
863 * and if the select returns EINTR. This is due to the fact
864 * that the selects called from async_processing can eat an EINTR
865 * caused by a signal (we can't take the break message there).
866 * This is hideously complex - *MUST* be simplified for 3.0 ! JRA.
867 */
868
869 if (oplock_message_waiting(&r_fds)) {
870 DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n"));
871 async_processing(&r_fds);
872 /*
873 * After async processing we must go and do the select again, as
874 * the state of the flag in fds for the server file descriptor is
875 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
876 */
877 goto again;
878 }
879
880 /*
881 * Are there any timed events waiting ? If so, ensure we don't
882 * select for longer than it would take to wait for them.
883 */
884
885 {
886 struct timeval now;
887 GetTimeOfDay(&now);
888
889 event_add_to_select_args(smbd_event_context(), &now,
890 &r_fds, &w_fds, &to, &maxfd);
891 }
892
893 if (timeval_is_zero(&to)) {
894 /* Process a timed event now... */
895 if (run_events(smbd_event_context(), 0, NULL, NULL)) {
896 goto again;
897 }
898 }
899
900 {
901 int sav;
902 START_PROFILE(smbd_idle);
903
904 maxfd = select_on_fd(smbd_server_fd(), maxfd, &r_fds);
905 maxfd = select_on_fd(oplock_notify_fd(), maxfd, &r_fds);
906
907 selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
908 sav = errno;
909
910 END_PROFILE(smbd_idle);
911 errno = sav;
912 }
913
914 if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
915 goto again;
916 }
917
918 /* if we get EINTR then maybe we have received an oplock
919 signal - treat this as select returning 1. This is ugly, but
920 is the best we can do until the oplock code knows more about
921 signals */
922 if (selrtn == -1 && errno == EINTR) {
923 async_processing(&r_fds);
924 /*
925 * After async processing we must go and do the select again, as
926 * the state of the flag in fds for the server file descriptor is
927 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
928 */
929 goto again;
930 }
931
932 /* Check if error */
933 if (selrtn == -1) {
934 /* something is wrong. Maybe the socket is dead? */
935 set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
936 return False;
937 }
938
939 /* Did we timeout ? */
940 if (selrtn == 0) {
941 set_smb_read_error(get_srv_read_error(),SMB_READ_TIMEOUT);
942 return False;
943 }
944
945 /*
946 * Ensure we process oplock break messages by preference.
947 * This is IMPORTANT ! Otherwise we can starve other processes
948 * sending us an oplock break message. JRA.
949 */
950
951 if (oplock_message_waiting(&r_fds)) {
952 async_processing(&r_fds);
953 /*
954 * After async processing we must go and do the select again, as
955 * the state of the flag in fds for the server file descriptor is
956 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
957 */
958 goto again;
959 }
960
961 len = receive_smb_talloc(mem_ctx, smbd_server_fd(),
962 buffer, 0, p_unread, p_encrypted);
963
964 if (len == -1) {
965 return False;
966 }
967
968 *buffer_len = (size_t)len;
969
970 return True;
971 }
972
973 /*
974 * Only allow 5 outstanding trans requests. We're allocating memory, so
975 * prevent a DoS.
976 */
977
978 NTSTATUS allow_new_trans(struct trans_state *list, int mid)
979 {
980 int count = 0;
981 for (; list != NULL; list = list->next) {
982
983 if (list->mid == mid) {
984 return NT_STATUS_INVALID_PARAMETER;
985 }
986
987 count += 1;
988 }
989 if (count > 5) {
990 return NT_STATUS_INSUFFICIENT_RESOURCES;
991 }
992
993 return NT_STATUS_OK;
994 }
995
996 /****************************************************************************
997 We're terminating and have closed all our files/connections etc.
998 If there are any pending local messages we need to respond to them
999 before termination so that other smbds don't think we just died whilst
1000 holding oplocks.
1001 ****************************************************************************/
1002
1003 void respond_to_all_remaining_local_messages(void)
1004 {
1005 /*
1006 * Assert we have no exclusive open oplocks.
1007 */
1008
1009 if(get_number_of_exclusive_open_oplocks()) {
1010 DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
1011 get_number_of_exclusive_open_oplocks() ));
1012 return;
1013 }
1014
1015 process_kernel_oplocks(smbd_messaging_context(), NULL);
1016
1017 return;
1018 }
1019
1020
1021 /*
1022 These flags determine some of the permissions required to do an operation
1023
1024 Note that I don't set NEED_WRITE on some write operations because they
1025 are used by some brain-dead clients when printing, and I don't want to
1026 force write permissions on print services.
1027 */
1028 #define AS_USER (1<<0)
1029 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
1030 #define TIME_INIT (1<<2)
1031 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
1032 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
1033 #define DO_CHDIR (1<<6)
1034
1035 /*
1036 define a list of possible SMB messages and their corresponding
1037 functions. Any message that has a NULL function is unimplemented -
1038 please feel free to contribute implementations!
1039 */
1040 static const struct smb_message_struct {
1041 const char *name;
1042 void (*fn_new)(struct smb_request *req);
1043 int flags;
1044 } smb_messages[256] = {
1045
1046 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1047 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1048 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1049 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1050 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1051 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1052 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1053 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1054 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1055 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1056 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1057 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1058 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1059 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1060 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1061 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1062 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1063 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1064 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1065 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1066 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1067 /* 0x15 */ { NULL, NULL, 0 },
1068 /* 0x16 */ { NULL, NULL, 0 },
1069 /* 0x17 */ { NULL, NULL, 0 },
1070 /* 0x18 */ { NULL, NULL, 0 },
1071 /* 0x19 */ { NULL, NULL, 0 },
1072 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1073 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1074 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1075 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1076 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1077 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1078 /* 0x20 */ { "SMBwritec", NULL,0},
1079 /* 0x21 */ { NULL, NULL, 0 },
1080 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1081 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1082 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1083 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1084 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1085 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1086 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1087 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1088 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1089 /* 0x2b */ { "SMBecho",reply_echo,0},
1090 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1091 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1092 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1093 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1094 /* 0x30 */ { NULL, NULL, 0 },
1095 /* 0x31 */ { NULL, NULL, 0 },
1096 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1097 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER},
1098 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1099 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1100 /* 0x36 */ { NULL, NULL, 0 },
1101 /* 0x37 */ { NULL, NULL, 0 },
1102 /* 0x38 */ { NULL, NULL, 0 },
1103 /* 0x39 */ { NULL, NULL, 0 },
1104 /* 0x3a */ { NULL, NULL, 0 },
1105 /* 0x3b */ { NULL, NULL, 0 },
1106 /* 0x3c */ { NULL, NULL, 0 },
1107 /* 0x3d */ { NULL, NULL, 0 },
1108 /* 0x3e */ { NULL, NULL, 0 },
1109 /* 0x3f */ { NULL, NULL, 0 },
1110 /* 0x40 */ { NULL, NULL, 0 },
1111 /* 0x41 */ { NULL, NULL, 0 },
1112 /* 0x42 */ { NULL, NULL, 0 },
1113 /* 0x43 */ { NULL, NULL, 0 },
1114 /* 0x44 */ { NULL, NULL, 0 },
1115 /* 0x45 */ { NULL, NULL, 0 },
1116 /* 0x46 */ { NULL, NULL, 0 },
1117 /* 0x47 */ { NULL, NULL, 0 },
1118 /* 0x48 */ { NULL, NULL, 0 },
1119 /* 0x49 */ { NULL, NULL, 0 },
1120 /* 0x4a */ { NULL, NULL, 0 },
1121 /* 0x4b */ { NULL, NULL, 0 },
1122 /* 0x4c */ { NULL, NULL, 0 },
1123 /* 0x4d */ { NULL, NULL, 0 },
1124 /* 0x4e */ { NULL, NULL, 0 },
1125 /* 0x4f */ { NULL, NULL, 0 },
1126 /* 0x50 */ { NULL, NULL, 0 },
1127 /* 0x51 */ { NULL, NULL, 0 },
1128 /* 0x52 */ { NULL, NULL, 0 },
1129 /* 0x53 */ { NULL, NULL, 0 },
1130 /* 0x54 */ { NULL, NULL, 0 },
1131 /* 0x55 */ { NULL, NULL, 0 },
1132 /* 0x56 */ { NULL, NULL, 0 },
1133 /* 0x57 */ { NULL, NULL, 0 },
1134 /* 0x58 */ { NULL, NULL, 0 },
1135 /* 0x59 */ { NULL, NULL, 0 },
1136 /* 0x5a */ { NULL, NULL, 0 },
1137 /* 0x5b */ { NULL, NULL, 0 },
1138 /* 0x5c */ { NULL, NULL, 0 },
1139 /* 0x5d */ { NULL, NULL, 0 },
1140 /* 0x5e */ { NULL, NULL, 0 },
1141 /* 0x5f */ { NULL, NULL, 0 },
1142 /* 0x60 */ { NULL, NULL, 0 },
1143 /* 0x61 */ { NULL, NULL, 0 },
1144 /* 0x62 */ { NULL, NULL, 0 },
1145 /* 0x63 */ { NULL, NULL, 0 },
1146 /* 0x64 */ { NULL, NULL, 0 },
1147 /* 0x65 */ { NULL, NULL, 0 },
1148 /* 0x66 */ { NULL, NULL, 0 },
1149 /* 0x67 */ { NULL, NULL, 0 },
1150 /* 0x68 */ { NULL, NULL, 0 },
1151 /* 0x69 */ { NULL, NULL, 0 },
1152 /* 0x6a */ { NULL, NULL, 0 },
1153 /* 0x6b */ { NULL, NULL, 0 },
1154 /* 0x6c */ { NULL, NULL, 0 },
1155 /* 0x6d */ { NULL, NULL, 0 },
1156 /* 0x6e */ { NULL, NULL, 0 },
1157 /* 0x6f */ { NULL, NULL, 0 },
1158 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1159 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1160 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1161 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1162 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1163 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1164 /* 0x76 */ { NULL, NULL, 0 },
1165 /* 0x77 */ { NULL, NULL, 0 },
1166 /* 0x78 */ { NULL, NULL, 0 },
1167 /* 0x79 */ { NULL, NULL, 0 },
1168 /* 0x7a */ { NULL, NULL, 0 },
1169 /* 0x7b */ { NULL, NULL, 0 },
1170 /* 0x7c */ { NULL, NULL, 0 },
1171 /* 0x7d */ { NULL, NULL, 0 },
1172 /* 0x7e */ { NULL, NULL, 0 },
1173 /* 0x7f */ { NULL, NULL, 0 },
1174 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1175 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1176 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1177 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1178 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1179 /* 0x85 */ { NULL, NULL, 0 },
1180 /* 0x86 */ { NULL, NULL, 0 },
1181 /* 0x87 */ { NULL, NULL, 0 },
1182 /* 0x88 */ { NULL, NULL, 0 },
1183 /* 0x89 */ { NULL, NULL, 0 },
1184 /* 0x8a */ { NULL, NULL, 0 },
1185 /* 0x8b */ { NULL, NULL, 0 },
1186 /* 0x8c */ { NULL, NULL, 0 },
1187 /* 0x8d */ { NULL, NULL, 0 },
1188 /* 0x8e */ { NULL, NULL, 0 },
1189 /* 0x8f */ { NULL, NULL, 0 },
1190 /* 0x90 */ { NULL, NULL, 0 },
1191 /* 0x91 */ { NULL, NULL, 0 },
1192 /* 0x92 */ { NULL, NULL, 0 },
1193 /* 0x93 */ { NULL, NULL, 0 },
1194 /* 0x94 */ { NULL, NULL, 0 },
1195 /* 0x95 */ { NULL, NULL, 0 },
1196 /* 0x96 */ { NULL, NULL, 0 },
1197 /* 0x97 */ { NULL, NULL, 0 },
1198 /* 0x98 */ { NULL, NULL, 0 },
1199 /* 0x99 */ { NULL, NULL, 0 },
1200 /* 0x9a */ { NULL, NULL, 0 },
1201 /* 0x9b */ { NULL, NULL, 0 },
1202 /* 0x9c */ { NULL, NULL, 0 },
1203 /* 0x9d */ { NULL, NULL, 0 },
1204 /* 0x9e */ { NULL, NULL, 0 },
1205 /* 0x9f */ { NULL, NULL, 0 },
1206 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1207 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1208 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1209 /* 0xa3 */ { NULL, NULL, 0 },
1210 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1211 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1212 /* 0xa6 */ { NULL, NULL, 0 },
1213 /* 0xa7 */ { NULL, NULL, 0 },
1214 /* 0xa8 */ { NULL, NULL, 0 },
1215 /* 0xa9 */ { NULL, NULL, 0 },
1216 /* 0xaa */ { NULL, NULL, 0 },
1217 /* 0xab */ { NULL, NULL, 0 },
1218 /* 0xac */ { NULL, NULL, 0 },
1219 /* 0xad */ { NULL, NULL, 0 },
1220 /* 0xae */ { NULL, NULL, 0 },
1221 /* 0xaf */ { NULL, NULL, 0 },
1222 /* 0xb0 */ { NULL, NULL, 0 },
1223 /* 0xb1 */ { NULL, NULL, 0 },
1224 /* 0xb2 */ { NULL, NULL, 0 },
1225 /* 0xb3 */ { NULL, NULL, 0 },
1226 /* 0xb4 */ { NULL, NULL, 0 },
1227 /* 0xb5 */ { NULL, NULL, 0 },
1228 /* 0xb6 */ { NULL, NULL, 0 },
1229 /* 0xb7 */ { NULL, NULL, 0 },
1230 /* 0xb8 */ { NULL, NULL, 0 },
1231 /* 0xb9 */ { NULL, NULL, 0 },
1232 /* 0xba */ { NULL, NULL, 0 },
1233 /* 0xbb */ { NULL, NULL, 0 },
1234 /* 0xbc */ { NULL, NULL, 0 },
1235 /* 0xbd */ { NULL, NULL, 0 },
1236 /* 0xbe */ { NULL, NULL, 0 },
1237 /* 0xbf */ { NULL, NULL, 0 },
1238 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1239 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1240 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1241 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1242 /* 0xc4 */ { NULL, NULL, 0 },
1243 /* 0xc5 */ { NULL, NULL, 0 },
1244 /* 0xc6 */ { NULL, NULL, 0 },
1245 /* 0xc7 */ { NULL, NULL, 0 },
1246 /* 0xc8 */ { NULL, NULL, 0 },
1247 /* 0xc9 */ { NULL, NULL, 0 },
1248 /* 0xca */ { NULL, NULL, 0 },
1249 /* 0xcb */ { NULL, NULL, 0 },
1250 /* 0xcc */ { NULL, NULL, 0 },
1251 /* 0xcd */ { NULL, NULL, 0 },
1252 /* 0xce */ { NULL, NULL, 0 },
1253 /* 0xcf */ { NULL, NULL, 0 },
1254 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1255 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1256 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1257 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1258 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1259 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1260 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1261 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1262 /* 0xd8 */ { NULL, NULL, 0 },
1263 /* 0xd9 */ { NULL, NULL, 0 },
1264 /* 0xda */ { NULL, NULL, 0 },
1265 /* 0xdb */ { NULL, NULL, 0 },
1266 /* 0xdc */ { NULL, NULL, 0 },
1267 /* 0xdd */ { NULL, NULL, 0 },
1268 /* 0xde */ { NULL, NULL, 0 },
1269 /* 0xdf */ { NULL, NULL, 0 },
1270 /* 0xe0 */ { NULL, NULL, 0 },
1271 /* 0xe1 */ { NULL, NULL, 0 },
1272 /* 0xe2 */ { NULL, NULL, 0 },
1273 /* 0xe3 */ { NULL, NULL, 0 },
1274 /* 0xe4 */ { NULL, NULL, 0 },
1275 /* 0xe5 */ { NULL, NULL, 0 },
1276 /* 0xe6 */ { NULL, NULL, 0 },
1277 /* 0xe7 */ { NULL, NULL, 0 },
1278 /* 0xe8 */ { NULL, NULL, 0 },
1279 /* 0xe9 */ { NULL, NULL, 0 },
1280 /* 0xea */ { NULL, NULL, 0 },
1281 /* 0xeb */ { NULL, NULL, 0 },
1282 /* 0xec */ { NULL, NULL, 0 },
1283 /* 0xed */ { NULL, NULL, 0 },
1284 /* 0xee */ { NULL, NULL, 0 },
1285 /* 0xef */ { NULL, NULL, 0 },
1286 /* 0xf0 */ { NULL, NULL, 0 },
1287 /* 0xf1 */ { NULL, NULL, 0 },
1288 /* 0xf2 */ { NULL, NULL, 0 },
1289 /* 0xf3 */ { NULL, NULL, 0 },
1290 /* 0xf4 */ { NULL, NULL, 0 },
1291 /* 0xf5 */ { NULL, NULL, 0 },
1292 /* 0xf6 */ { NULL, NULL, 0 },
1293 /* 0xf7 */ { NULL, NULL, 0 },
1294 /* 0xf8 */ { NULL, NULL, 0 },
1295 /* 0xf9 */ { NULL, NULL, 0 },
1296 /* 0xfa */ { NULL, NULL, 0 },
1297 /* 0xfb */ { NULL, NULL, 0 },
1298 /* 0xfc */ { NULL, NULL, 0 },
1299 /* 0xfd */ { NULL, NULL, 0 },
1300 /* 0xfe */ { NULL, NULL, 0 },
1301 /* 0xff */ { NULL, NULL, 0 }
1302
1303 };
1304
1305 /*******************************************************************
1306 allocate and initialize a reply packet
1307 ********************************************************************/
1308
1309 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1310 {
1311 /*
1312 * Protect against integer wrap
1313 */
1314 if ((num_bytes > 0xffffff)
1315 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1316 char *msg;
1317 asprintf(&msg, "num_bytes too large: %u",
1318 (unsigned)num_bytes);
1319 smb_panic(msg);
1320 }
1321
1322 if (!(req->outbuf = TALLOC_ARRAY(
1323 req, uint8,
1324 smb_size + num_words*2 + num_bytes))) {
1325 smb_panic("could not allocate output buffer\n");
1326 }
1327
1328 construct_reply_common((char *)req->inbuf, (char *)req->outbuf);
1329 srv_set_message((char *)req->outbuf, num_words, num_bytes, false);
1330 /*
1331 * Zero out the word area, the caller has to take care of the bcc area
1332 * himself
1333 */
1334 if (num_words != 0) {
1335 memset(req->outbuf + smb_vwv0, 0, num_words*2);
1336 }
1337
1338 return;
1339 }
1340
1341
1342 /*******************************************************************
1343 Dump a packet to a file.
1344 ********************************************************************/
1345
1346 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1347 {
1348 int fd, i;
1349 char *fname = NULL;
1350 if (DEBUGLEVEL < 50) {
1351 return;
1352 }
1353
1354 if (len < 4) len = smb_len(data)+4;
1355 for (i=1;i<100;i++) {
1356 asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1357 type ? "req" : "resp");
1358 if (!fname) {
1359 return;
1360 }
1361 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1362 if (fd != -1 || errno != EEXIST) break;
1363 }
1364 if (fd != -1) {
1365 ssize_t ret = write(fd, data, len);
1366 if (ret != len)
1367 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1368 close(fd);
1369 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1370 }
1371 SAFE_FREE(fname);
1372 }
1373
1374 /****************************************************************************
1375 Prepare everything for calling the actual request function, and potentially
1376 call the request function via the "new" interface.
1377
1378 Return False if the "legacy" function needs to be called, everything is
1379 prepared.
1380
1381 Return True if we're done.
1382
1383 I know this API sucks, but it is the one with the least code change I could
1384 find.
1385 ****************************************************************************/
1386
1387 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1388 {
1389 int flags;
1390 uint16 session_tag;
1391 connection_struct *conn = NULL;
1392
1393 static uint16 last_session_tag = UID_FIELD_INVALID;
1394
1395 errno = 0;
1396
1397 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1398 * so subtract 4 from it. */
1399 if (!valid_smb_header(req->inbuf)
1400 || (size < (smb_size - 4))) {
1401 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1402 smb_len(req->inbuf)));
1403 exit_server_cleanly("Non-SMB packet");
1404 }
1405
1406 if (smb_messages[type].fn_new == NULL) {
1407 DEBUG(0,("Unknown message type %d!\n",type));
1408 smb_dump("Unknown", 1, (char *)req->inbuf, size);
1409 reply_unknown_new(req, type);
1410 return NULL;
1411 }
1412
1413 flags = smb_messages[type].flags;
1414
1415 /* In share mode security we must ignore the vuid. */
1416 session_tag = (lp_security() == SEC_SHARE)
1417 ? UID_FIELD_INVALID : req->vuid;
1418 conn = req->conn;
1419
1420 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1421 (int)sys_getpid(), (unsigned long)conn));
1422
1423 smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1424
1425 /* Ensure this value is replaced in the incoming packet. */
1426 SSVAL(req->inbuf,smb_uid,session_tag);
1427
1428 /*
1429 * Ensure the correct username is in current_user_info. This is a
1430 * really ugly bugfix for problems with multiple session_setup_and_X's
1431 * being done and allowing %U and %G substitutions to work correctly.
1432 * There is a reason this code is done here, don't move it unless you
1433 * know what you're doing... :-).
1434 * JRA.
1435 */
1436
1437 if (session_tag != last_session_tag) {
1438 user_struct *vuser = NULL;
1439
1440 last_session_tag = session_tag;
1441 if(session_tag != UID_FIELD_INVALID) {
1442 vuser = get_valid_user_struct(session_tag);
1443 if (vuser) {
1444 set_current_user_info(&vuser->user);
1445 }
1446 }
1447 }
1448
1449 /* Does this call need to be run as the connected user? */
1450 if (flags & AS_USER) {
1451
1452 /* Does this call need a valid tree connection? */
1453 if (!conn) {
1454 /*
1455 * Amazingly, the error code depends on the command
1456 * (from Samba4).
1457 */
1458 if (type == SMBntcreateX) {
1459 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1460 } else {
1461 reply_doserror(req, ERRSRV, ERRinvnid);
1462 }
1463 return NULL;
1464 }
1465
1466 if (!change_to_user(conn,session_tag)) {
1467 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
1468 return conn;
1469 }
1470
1471 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1472
1473 /* Does it need write permission? */
1474 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1475 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1476 return conn;
1477 }
1478
1479 /* IPC services are limited */
1480 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1481 reply_doserror(req, ERRSRV,ERRaccess);
1482 return conn;
1483 }
1484 } else {
1485 /* This call needs to be run as root */
1486 change_to_root_user();
1487 }
1488
1489 /* load service specific parameters */
1490 if (conn) {
1491 if (req->encrypted) {
1492 conn->encrypted_tid = true;
1493 /* encrypted required from now on. */
1494 conn->encrypt_level = Required;
1495 } else if (ENCRYPTION_REQUIRED(conn)) {
1496 uint8 com = CVAL(req->inbuf,smb_com);
1497 if (com != SMBtrans2 && com != SMBtranss2) {
1498 exit_server_cleanly("encryption required "
1499 "on connection");
1500 return conn;
1501 }
1502 }
1503
1504 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1505 (flags & (AS_USER|DO_CHDIR)
1506 ?True:False))) {
1507 reply_doserror(req, ERRSRV, ERRaccess);
1508 return conn;
1509 }
1510 conn->num_smb_operations++;
1511 }
1512
1513 /* does this protocol need to be run as guest? */
1514 if ((flags & AS_GUEST)
1515 && (!change_to_guest() ||
1516 !check_access(smbd_server_fd(), lp_hostsallow(-1),
1517 lp_hostsdeny(-1)))) {
1518 reply_doserror(req, ERRSRV, ERRaccess);
1519 return conn;
1520 }
1521
1522 smb_messages[type].fn_new(req);
1523 return req->conn;
1524 }
1525
1526 /****************************************************************************
1527 Construct a reply to the incoming packet.
1528 ****************************************************************************/
1529
1530 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
1531 {
1532 uint8 type = CVAL(inbuf,smb_com);
1533 connection_struct *conn;
1534 struct smb_request *req;
1535
1536 chain_size = 0;
1537 file_chain_reset();
1538 reset_chain_p();
1539
1540 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1541 smb_panic("could not allocate smb_request");
1542 }
1543 init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
1544
1545 conn = switch_message(type, req, size);
1546
1547 if (req->unread_bytes) {
1548 /* writeX failed. drain socket. */
1549 if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1550 req->unread_bytes) {
1551 smb_panic("failed to drain pending bytes");
1552 }
1553 req->unread_bytes = 0;
1554 }
1555
1556 if (req->outbuf == NULL) {
1557 return;
1558 }
1559
1560 if (CVAL(req->outbuf,0) == 0) {
1561 show_msg((char *)req->outbuf);
1562 }
1563
1564 if (!srv_send_smb(smbd_server_fd(),
1565 (char *)req->outbuf,
1566 IS_CONN_ENCRYPTED(conn)||req->encrypted)) {
1567 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1568 }
1569
1570 TALLOC_FREE(req);
1571
1572 return;
1573 }
1574
1575 /****************************************************************************
1576 Process an smb from the client
1577 ****************************************************************************/
1578
1579 static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool encrypted)
1580 {
1581 static int trans_num;
1582 int msg_type = CVAL(inbuf,0);
1583
1584 DO_PROFILE_INC(smb_count);
1585
1586 if (trans_num == 0) {
1587 char addr[INET6_ADDRSTRLEN];
1588
1589 /* on the first packet, check the global hosts allow/ hosts
1590 deny parameters before doing any parsing of the packet
1591 passed to us by the client. This prevents attacks on our
1592 parsing code from hosts not in the hosts allow list */
1593
1594 if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
1595 lp_hostsdeny(-1))) {
1596 /* send a negative session response "not listening on calling name" */
1597 static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1598 DEBUG( 1, ( "Connection denied from %s\n",
1599 client_addr(get_client_fd(),addr,sizeof(addr)) ) );
1600 (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
1601 exit_server_cleanly("connection denied");
1602 }
1603 }
1604
1605 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1606 smb_len(inbuf) ) );
1607 DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1608 (int)nread,
1609 (unsigned int)unread_bytes ));
1610
1611 if (msg_type != 0) {
1612 /*
1613 * NetBIOS session request, keepalive, etc.
1614 */
1615 reply_special(inbuf);
1616 return;
1617 }
1618
1619 show_msg(inbuf);
1620
1621 construct_reply(inbuf,nread,unread_bytes,encrypted);
1622
1623 trans_num++;
1624 }
1625
1626 /****************************************************************************
1627 Return a string containing the function name of a SMB command.
1628 ****************************************************************************/
1629
1630 const char *smb_fn_name(int type)
1631 {
1632 const char *unknown_name = "SMBunknown";
1633
1634 if (smb_messages[type].name == NULL)
1635 return(unknown_name);
1636
1637 return(smb_messages[type].name);
1638 }
1639
1640 /****************************************************************************
1641 Helper functions for contruct_reply.
1642 ****************************************************************************/
1643
1644 static uint32 common_flags2 = FLAGS2_LONG_PATH_COMPONENTS|FLAGS2_32_BIT_ERROR_CODES;
1645
1646 void add_to_common_flags2(uint32 v)
1647 {
1648 common_flags2 |= v;
1649 }
1650
1651 void remove_from_common_flags2(uint32 v)
1652 {
1653 common_flags2 &= ~v;
1654 }
1655
1656 void construct_reply_common(const char *inbuf, char *outbuf)
1657 {
1658 srv_set_message(outbuf,0,0,false);
1659
1660 SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
1661 SIVAL(outbuf,smb_rcls,0);
1662 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1663 SSVAL(outbuf,smb_flg2,
1664 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1665 common_flags2);
1666 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1667
1668 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1669 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1670 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1671 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1672 }
1673
1674 /****************************************************************************
1675 Construct a chained reply and add it to the already made reply
1676 ****************************************************************************/
1677
1678 void chain_reply(struct smb_request *req)
1679 {
1680 static char *orig_inbuf;
1681
1682 /*
1683 * Dirty little const_discard: We mess with req->inbuf, which is
1684 * declared as const. If maybe at some point this routine gets
1685 * rewritten, this const_discard could go away.
1686 */
1687 char *inbuf = CONST_DISCARD(char *, req->inbuf);
1688 int size = smb_len(req->inbuf)+4;
1689
1690 int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
1691 unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
1692 char *inbuf2;
1693 int outsize2;
1694 int new_size;
1695 char inbuf_saved[smb_wct];
1696 char *outbuf = (char *)req->outbuf;
1697 size_t outsize = smb_len(outbuf) + 4;
1698 size_t outsize_padded;
1699 size_t ofs, to_move;
1700
1701 struct smb_request *req2;
1702 size_t caller_outputlen;
1703 char *caller_output;
1704
1705 /* Maybe its not chained, or it's an error packet. */
1706 if (smb_com2 == 0xFF || SVAL(outbuf,smb_rcls) != 0) {
1707 SCVAL(outbuf,smb_vwv0,0xFF);
1708 return;
1709 }
1710
1711 if (chain_size == 0) {
1712 /* this is the first part of the chain */
1713 orig_inbuf = inbuf;
1714 }
1715
1716 /*
1717 * We need to save the output the caller added to the chain so that we
1718 * can splice it into the final output buffer later.
1719 */
1720
1721 caller_outputlen = outsize - smb_wct;
1722
1723 caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
1724
1725 if (caller_output == NULL) {
1726 /* TODO: NT_STATUS_NO_MEMORY */
1727 smb_panic("could not dup outbuf");
1728 }
1729
1730 /*
1731 * The original Win95 redirector dies on a reply to
1732 * a lockingX and read chain unless the chain reply is
1733 * 4 byte aligned. JRA.
1734 */
1735
1736 outsize_padded = (outsize + 3) & ~3;
1737
1738 /*
1739 * remember how much the caller added to the chain, only counting
1740 * stuff after the parameter words
1741 */
1742 chain_size += outsize_padded - smb_wct;
1743
1744 /*
1745 * work out pointers into the original packets. The
1746 * headers on these need to be filled in
1747 */
1748 inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
1749
1750 /* remember the original command type */
1751 smb_com1 = CVAL(orig_inbuf,smb_com);
1752
1753 /* save the data which will be overwritten by the new headers */
1754 memcpy(inbuf_saved,inbuf2,smb_wct);
1755
1756 /* give the new packet the same header as the last part of the SMB */
1757 memmove(inbuf2,inbuf,smb_wct);
1758
1759 /* create the in buffer */
1760 SCVAL(inbuf2,smb_com,smb_com2);
1761
1762 /* work out the new size for the in buffer. */
1763 new_size = size - (inbuf2 - inbuf);
1764 if (new_size < 0) {
1765 DEBUG(0,("chain_reply: chain packet size incorrect "
1766 "(orig size = %d, offset = %d)\n",
1767 size, (int)(inbuf2 - inbuf) ));
1768 exit_server_cleanly("Bad chained packet");
1769 return;
1770 }
1771
1772 /* And set it in the header. */
1773 smb_setlen(inbuf2, new_size - 4);
1774
1775 DEBUG(3,("Chained message\n"));
1776 show_msg(inbuf2);
1777
1778 if (!(req2 = talloc(talloc_tos(), struct smb_request))) {
1779 smb_panic("could not allocate smb_request");
1780 }
1781 init_smb_request(req2, (uint8 *)inbuf2,0, req->encrypted);
1782
1783 /* process the request */
1784 switch_message(smb_com2, req2, new_size);
1785
1786 /*
1787 * We don't accept deferred operations in chained requests.
1788 */
1789 SMB_ASSERT(req2->outbuf != NULL);
1790 outsize2 = smb_len(req2->outbuf)+4;
1791
1792 /*
1793 * Move away the new command output so that caller_output fits in,
1794 * copy in the caller_output saved above.
1795 */
1796
1797 SMB_ASSERT(outsize_padded >= smb_wct);
1798
1799 /*
1800 * "ofs" is the space we need for caller_output. Equal to
1801 * caller_outputlen plus the padding.
1802 */
1803
1804 ofs = outsize_padded - smb_wct;
1805
1806 /*
1807 * "to_move" is the amount of bytes the secondary routine gave us
1808 */
1809
1810 to_move = outsize2 - smb_wct;
1811
1812 if (to_move + ofs + smb_wct + chain_size > max_send) {
1813 smb_panic("replies too large -- would have to cut");
1814 }
1815
1816 /*
1817 * In the "new" API "outbuf" is allocated via reply_outbuf, just for
1818 * the first request in the chain. So we have to re-allocate it. In
1819 * the "old" API the only outbuf ever used is the global OutBuffer
1820 * which is always large enough.
1821 */
1822
1823 outbuf = TALLOC_REALLOC_ARRAY(NULL, outbuf, char,
1824 to_move + ofs + smb_wct);
1825 if (outbuf == NULL) {
1826 smb_panic("could not realloc outbuf");
1827 }
1828
1829 req->outbuf = (uint8 *)outbuf;
1830
1831 memmove(outbuf + smb_wct + ofs, req2->outbuf + smb_wct, to_move);
1832 memcpy(outbuf + smb_wct, caller_output, caller_outputlen);
1833
1834 /*
1835 * copy the new reply header over the old one but preserve the smb_com
1836 * field
1837 */
1838 memmove(outbuf, req2->outbuf, smb_wct);
1839 SCVAL(outbuf, smb_com, smb_com1);
1840
1841 /*
1842 * We've just copied in the whole "wct" area from the secondary
1843 * function. Fix up the chaining: com2 and the offset need to be
1844 * readjusted.
1845 */
1846
1847 SCVAL(outbuf, smb_vwv0, smb_com2);
1848 SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
1849
1850 if (outsize_padded > outsize) {
1851
1852 /*
1853 * Due to padding we have some uninitialized bytes after the
1854 * caller's output
1855 */
1856
1857 memset(outbuf + outsize, 0, outsize_padded - outsize);
1858 }
1859
1860 smb_setlen(outbuf, outsize2 + chain_size - 4);
1861
1862 /*
1863 * restore the saved data, being careful not to overwrite any data
1864 * from the reply header
1865 */
1866 memcpy(inbuf2,inbuf_saved,smb_wct);
1867
1868 SAFE_FREE(caller_output);
1869 TALLOC_FREE(req2);
1870
1871 return;
1872 }
1873
1874 /****************************************************************************
1875 Setup the needed select timeout in milliseconds.
1876 ****************************************************************************/
1877
1878 static int setup_select_timeout(void)
1879 {
1880 int select_timeout;
1881
1882 select_timeout = SMBD_SELECT_TIMEOUT*1000;
1883
1884 if (print_notify_messages_pending()) {
1885 select_timeout = MIN(select_timeout, 1000);
1886 }
1887
1888 return select_timeout;
1889 }
1890
1891 /****************************************************************************
1892 Check if services need reloading.
1893 ****************************************************************************/
1894
1895 void check_reload(time_t t)
1896 {
1897 static pid_t mypid = 0;
1898 static time_t last_smb_conf_reload_time = 0;
1899 static time_t last_printer_reload_time = 0;
1900 time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
1901
1902 if(last_smb_conf_reload_time == 0) {
1903 last_smb_conf_reload_time = t;
1904 /* Our printing subsystem might not be ready at smbd start up.
1905 Then no printer is available till the first printers check
1906 is performed. A lower initial interval circumvents this. */
1907 if ( printcap_cache_time > 60 )
1908 last_printer_reload_time = t - printcap_cache_time + 60;
1909 else
1910 last_printer_reload_time = t;
1911 }
1912
1913 if (mypid != getpid()) { /* First time or fork happened meanwhile */
1914 /* randomize over 60 second the printcap reload to avoid all
1915 * process hitting cupsd at the same time */
1916 int time_range = 60;
1917
1918 last_printer_reload_time += random() % time_range;
1919 mypid = getpid();
1920 }
1921
1922 if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) {
1923 reload_services(True);
1924 reload_after_sighup = False;
1925 last_smb_conf_reload_time = t;
1926 }
1927
1928 /* 'printcap cache time = 0' disable the feature */
1929
1930 if ( printcap_cache_time != 0 )
1931 {
1932 /* see if it's time to reload or if the clock has been set back */
1933
1934 if ( (t >= last_printer_reload_time+printcap_cache_time)
1935 || (t-last_printer_reload_time < 0) )
1936 {
1937 DEBUG( 3,( "Printcap cache time expired.\n"));
1938 reload_printers();
1939 last_printer_reload_time = t;
1940 }
1941 }
1942 }
1943
1944 /****************************************************************************
1945 Process any timeout housekeeping. Return False if the caller should exit.
1946 ****************************************************************************/
1947
1948 static bool timeout_processing(int *select_timeout,
1949 time_t *last_timeout_processing_time)
1950 {
1951 time_t t;
1952
1953 if (*get_srv_read_error() == SMB_READ_EOF) {
1954 DEBUG(3,("timeout_processing: End of file from client (client has disconnected).\n"));
1955 return false;
1956 }
1957
1958 if (*get_srv_read_error() == SMB_READ_ERROR) {
1959 DEBUG(3,("timeout_processing: receive_smb error (%s) Exiting\n",
1960 strerror(errno)));
1961 return false;
1962 }
1963
1964 if (*get_srv_read_error() == SMB_READ_BAD_SIG) {
1965 DEBUG(3,("timeout_processing: receive_smb error bad smb signature. Exiting\n"));
1966 return false;
1967 }
1968
1969 *last_timeout_processing_time = t = time(NULL);
1970
1971 /* become root again if waiting */
1972 change_to_root_user();
1973
1974 /* check if we need to reload services */
1975 check_reload(t);
1976
1977 if(global_machine_password_needs_changing &&
1978 /* for ADS we need to do a regular ADS password change, not a domain
1979 password change */
1980 lp_security() == SEC_DOMAIN) {
1981
1982 unsigned char trust_passwd_hash[16];
1983 time_t lct;
1984
1985 /*
1986 * We're in domain level security, and the code that
1987 * read the machine password flagged that the machine
1988 * password needs changing.
1989 */
1990
1991 /*
1992 * First, open the machine password file with an exclusive lock.
1993 */
1994
1995 if (secrets_lock_trust_account_password(lp_workgroup(), True) == False) {
1996 DEBUG(0,("process: unable to lock the machine account password for \
1997 machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
1998 return True;
1999 }
2000
2001 if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
2002 DEBUG(0,("process: unable to read the machine account password for \
2003 machine %s in domain %s.\n", global_myname(), lp_workgroup()));
2004 secrets_lock_trust_account_password(lp_workgroup(), False);
2005 return True;
2006 }
2007
2008 /*
2009 * Make sure someone else hasn't already done this.
2010 */
2011
2012 if(t < lct + lp_machine_password_timeout()) {
2013 global_machine_password_needs_changing = False;
2014 secrets_lock_trust_account_password(lp_workgroup(), False);
2015 return True;
2016 }
2017
2018 /* always just contact the PDC here */
2019
2020 change_trust_account_password( lp_workgroup(), NULL);
2021 global_machine_password_needs_changing = False;
2022 secrets_lock_trust_account_password(lp_workgroup(), False);
2023 }
2024
2025 /* update printer queue caches if necessary */
2026
2027 update_monitored_printq_cache();
2028
2029 /*
2030 * Now we are root, check if the log files need pruning.
2031 * Force a log file check.
2032 */
2033 force_check_log_size();
2034 check_log_size();
2035
2036 /* Send any queued printer notify message to interested smbd's. */
2037
2038 print_notify_send_messages(smbd_messaging_context(), 0);
2039
2040 /*
2041 * Modify the select timeout depending upon
2042 * what we have remaining in our queues.
2043 */
2044
2045 *select_timeout = setup_select_timeout();
2046
2047 return True;
2048 }
2049
2050 /****************************************************************************
2051 Process commands from the client
2052 ****************************************************************************/
2053
2054 void smbd_process(void)
2055 {
2056 time_t last_timeout_processing_time = time(NULL);
2057 unsigned int num_smbs = 0;
2058 size_t unread_bytes = 0;
2059
2060 max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
2061
2062 while (True) {
2063 int select_timeout = setup_select_timeout();
2064 int num_echos;
2065 char *inbuf;
2066 size_t inbuf_len;
2067 bool encrypted = false;
2068 TALLOC_CTX *frame = talloc_stackframe_pool(8192);
2069
2070 errno = 0;
2071
2072 /* Did someone ask for immediate checks on things like blocking locks ? */
2073 if (select_timeout == 0) {
2074 if(!timeout_processing(&select_timeout,
2075 &last_timeout_processing_time))
2076 return;
2077 num_smbs = 0; /* Reset smb counter. */
2078 }
2079
2080 run_events(smbd_event_context(), 0, NULL, NULL);
2081
2082 while (!receive_message_or_smb(talloc_tos(), &inbuf, &inbuf_len,
2083 select_timeout,
2084 &unread_bytes,
2085 &encrypted)) {
2086 if(!timeout_processing(&select_timeout,
2087 &last_timeout_processing_time))
2088 return;
2089 num_smbs = 0; /* Reset smb counter. */
2090 }
2091
2092
2093 /*
2094 * Ensure we do timeout processing if the SMB we just got was
2095 * only an echo request. This allows us to set the select
2096 * timeout in 'receive_message_or_smb()' to any value we like
2097 * without worrying that the client will send echo requests
2098 * faster than the select timeout, thus starving out the
2099 * essential processing (change notify, blocking locks) that
2100 * the timeout code does. JRA.
2101 */
2102 num_echos = smb_echo_count;
2103
2104 process_smb(inbuf, inbuf_len, unread_bytes, encrypted);
2105
2106 TALLOC_FREE(inbuf);
2107
2108 if (smb_echo_count != num_echos) {
2109 if(!timeout_processing( &select_timeout, &last_timeout_processing_time))
2110 return;
2111 num_smbs = 0; /* Reset smb counter. */
2112 }
2113
2114 num_smbs++;
2115
2116 /*
2117 * If we are getting smb requests in a constant stream
2118 * with no echos, make sure we attempt timeout processing
2119 * every select_timeout milliseconds - but only check for this
2120 * every 200 smb requests.
2121 */
2122
2123 if ((num_smbs % 200) == 0) {
2124 time_t new_check_time = time(NULL);
2125 if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
2126 if(!timeout_processing(
2127 &select_timeout,
2128 &last_timeout_processing_time))
2129 return;
2130 num_smbs = 0; /* Reset smb counter. */
2131 last_timeout_processing_time = new_check_time; /* Reset time. */
2132 }
2133 }
2134
2135 /* The timeout_processing function isn't run nearly
2136 often enough to implement 'max log size' without
2137 overrunning the size of the file by many megabytes.
2138 This is especially true if we are running at debug
2139 level 10. Checking every 50 SMBs is a nice
2140 tradeoff of performance vs log file size overrun. */
2141
2142 if ((num_smbs % 50) == 0 && need_to_check_log_size()) {
2143 change_to_root_user();
2144 check_log_size();
2145 }
2146 TALLOC_FREE(frame);
2147 }
2148 }
reg import