2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "smbprofile.h"
36 #include "rpc_server/spoolss/srv_spoolss_nt.h"
37 #include "libsmb/libsmb.h"
38 #include "../lib/util/tevent_ntstatus.h"
39 #include "../libcli/security/dom_sid.h"
40 #include "../libcli/security/security_token.h"
41 #include "lib/id_cache.h"
44 extern bool global_machine_password_needs_changing
;
46 /* Internal message queue for deferred opens. */
47 struct pending_message_list
{
48 struct pending_message_list
*next
, *prev
;
49 struct timeval request_time
; /* When was this first issued? */
50 struct smbd_server_connection
*sconn
;
51 struct timed_event
*te
;
52 struct smb_perfcount_data pcd
;
57 DATA_BLOB private_data
;
60 static void construct_reply_common(struct smb_request
*req
, const char *inbuf
,
62 static struct pending_message_list
*get_deferred_open_message_smb(
63 struct smbd_server_connection
*sconn
, uint64_t mid
);
64 static bool smb_splice_chain(uint8_t **poutbuf
, const uint8_t *andx_buf
);
66 static bool smbd_lock_socket_internal(struct smbd_server_connection
*sconn
)
70 if (sconn
->smb1
.echo_handler
.socket_lock_fd
== -1) {
74 sconn
->smb1
.echo_handler
.ref_count
++;
76 if (sconn
->smb1
.echo_handler
.ref_count
> 1) {
80 DEBUG(10,("pid[%d] wait for socket lock\n", (int)getpid()));
84 sconn
->smb1
.echo_handler
.socket_lock_fd
,
85 F_SETLKW
, 0, 0, F_WRLCK
);
86 } while (!ok
&& (errno
== EINTR
));
89 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno
)));
93 DEBUG(10,("pid[%d] got for socket lock\n", (int)getpid()));
98 void smbd_lock_socket(struct smbd_server_connection
*sconn
)
100 if (!smbd_lock_socket_internal(sconn
)) {
101 exit_server_cleanly("failed to lock socket");
105 static bool smbd_unlock_socket_internal(struct smbd_server_connection
*sconn
)
109 if (sconn
->smb1
.echo_handler
.socket_lock_fd
== -1) {
113 sconn
->smb1
.echo_handler
.ref_count
--;
115 if (sconn
->smb1
.echo_handler
.ref_count
> 0) {
121 sconn
->smb1
.echo_handler
.socket_lock_fd
,
122 F_SETLKW
, 0, 0, F_UNLCK
);
123 } while (!ok
&& (errno
== EINTR
));
126 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno
)));
130 DEBUG(10,("pid[%d] unlocked socket\n", (int)getpid()));
135 void smbd_unlock_socket(struct smbd_server_connection
*sconn
)
137 if (!smbd_unlock_socket_internal(sconn
)) {
138 exit_server_cleanly("failed to unlock socket");
142 /* Accessor function for smb_read_error for smbd functions. */
144 /****************************************************************************
146 ****************************************************************************/
148 bool srv_send_smb(struct smbd_server_connection
*sconn
, char *buffer
,
149 bool do_signing
, uint32_t seqnum
,
151 struct smb_perfcount_data
*pcd
)
156 char *buf_out
= buffer
;
158 smbd_lock_socket(sconn
);
161 /* Sign the outgoing packet if required. */
162 srv_calculate_sign_mac(sconn
, buf_out
, seqnum
);
166 NTSTATUS status
= srv_encrypt_buffer(sconn
, buffer
, &buf_out
);
167 if (!NT_STATUS_IS_OK(status
)) {
168 DEBUG(0, ("send_smb: SMB encryption failed "
169 "on outgoing packet! Error %s\n",
170 nt_errstr(status
) ));
175 len
= smb_len(buf_out
) + 4;
177 ret
= write_data(sconn
->sock
, buf_out
+nwritten
, len
- nwritten
);
180 char addr
[INET6_ADDRSTRLEN
];
182 * Try and give an error message saying what
185 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
186 (int)getpid(), (int)len
,
187 get_peer_addr(sconn
->sock
, addr
, sizeof(addr
)),
188 (int)ret
, strerror(errno
) ));
190 srv_free_enc_buffer(sconn
, buf_out
);
194 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd
, len
);
195 srv_free_enc_buffer(sconn
, buf_out
);
197 SMB_PERFCOUNT_END(pcd
);
199 smbd_unlock_socket(sconn
);
203 /*******************************************************************
204 Setup the word count and byte count for a smb message.
205 ********************************************************************/
207 int srv_set_message(char *buf
,
212 if (zero
&& (num_words
|| num_bytes
)) {
213 memset(buf
+ smb_size
,'\0',num_words
*2 + num_bytes
);
215 SCVAL(buf
,smb_wct
,num_words
);
216 SSVAL(buf
,smb_vwv
+ num_words
*SIZEOFWORD
,num_bytes
);
217 smb_setlen(buf
,(smb_size
+ num_words
*2 + num_bytes
- 4));
218 return (smb_size
+ num_words
*2 + num_bytes
);
221 static bool valid_smb_header(struct smbd_server_connection
*sconn
,
222 const uint8_t *inbuf
)
224 if (is_encrypted_packet(sconn
, inbuf
)) {
228 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
229 * but it just looks weird to call strncmp for this one.
231 return (IVAL(smb_base(inbuf
), 0) == 0x424D53FF);
234 /* Socket functions for smbd packet processing. */
236 static bool valid_packet_size(size_t len
)
239 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
240 * of header. Don't print the error if this fits.... JRA.
243 if (len
> (BUFFER_SIZE
+ LARGE_WRITEX_HDR_SIZE
)) {
244 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
245 (unsigned long)len
));
251 static NTSTATUS
read_packet_remainder(int fd
, char *buffer
,
252 unsigned int timeout
, ssize_t len
)
260 status
= read_fd_with_timeout(fd
, buffer
, len
, len
, timeout
, NULL
);
261 if (!NT_STATUS_IS_OK(status
)) {
262 char addr
[INET6_ADDRSTRLEN
];
263 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
265 get_peer_addr(fd
, addr
, sizeof(addr
)),
271 /****************************************************************************
272 Attempt a zerocopy writeX read. We know here that len > smb_size-4
273 ****************************************************************************/
276 * Unfortunately, earlier versions of smbclient/libsmbclient
277 * don't send this "standard" writeX header. I've fixed this
278 * for 3.2 but we'll use the old method with earlier versions.
279 * Windows and CIFSFS at least use this standard size. Not
283 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
284 (2*14) + /* word count (including bcc) */ \
287 static NTSTATUS
receive_smb_raw_talloc_partial_read(TALLOC_CTX
*mem_ctx
,
288 const char lenbuf
[4],
289 struct smbd_server_connection
*sconn
,
292 unsigned int timeout
,
296 /* Size of a WRITEX call (+4 byte len). */
297 char writeX_header
[4 + STANDARD_WRITE_AND_X_HEADER_SIZE
];
298 ssize_t len
= smb_len_large(lenbuf
); /* Could be a UNIX large writeX. */
302 memcpy(writeX_header
, lenbuf
, 4);
304 status
= read_fd_with_timeout(
305 sock
, writeX_header
+ 4,
306 STANDARD_WRITE_AND_X_HEADER_SIZE
,
307 STANDARD_WRITE_AND_X_HEADER_SIZE
,
310 if (!NT_STATUS_IS_OK(status
)) {
311 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
313 tsocket_address_string(sconn
->remote_address
,
320 * Ok - now try and see if this is a possible
324 if (is_valid_writeX_buffer(sconn
, (uint8_t *)writeX_header
)) {
326 * If the data offset is beyond what
327 * we've read, drain the extra bytes.
329 uint16_t doff
= SVAL(writeX_header
,smb_vwv11
);
332 if (doff
> STANDARD_WRITE_AND_X_HEADER_SIZE
) {
333 size_t drain
= doff
- STANDARD_WRITE_AND_X_HEADER_SIZE
;
334 if (drain_socket(sock
, drain
) != drain
) {
335 smb_panic("receive_smb_raw_talloc_partial_read:"
336 " failed to drain pending bytes");
339 doff
= STANDARD_WRITE_AND_X_HEADER_SIZE
;
342 /* Spoof down the length and null out the bcc. */
343 set_message_bcc(writeX_header
, 0);
344 newlen
= smb_len(writeX_header
);
346 /* Copy the header we've written. */
348 *buffer
= (char *)talloc_memdup(mem_ctx
,
350 sizeof(writeX_header
));
352 if (*buffer
== NULL
) {
353 DEBUG(0, ("Could not allocate inbuf of length %d\n",
354 (int)sizeof(writeX_header
)));
355 return NT_STATUS_NO_MEMORY
;
358 /* Work out the remaining bytes. */
359 *p_unread
= len
- STANDARD_WRITE_AND_X_HEADER_SIZE
;
360 *len_ret
= newlen
+ 4;
364 if (!valid_packet_size(len
)) {
365 return NT_STATUS_INVALID_PARAMETER
;
369 * Not a valid writeX call. Just do the standard
373 *buffer
= talloc_array(mem_ctx
, char, len
+4);
375 if (*buffer
== NULL
) {
376 DEBUG(0, ("Could not allocate inbuf of length %d\n",
378 return NT_STATUS_NO_MEMORY
;
381 /* Copy in what we already read. */
384 4 + STANDARD_WRITE_AND_X_HEADER_SIZE
);
385 toread
= len
- STANDARD_WRITE_AND_X_HEADER_SIZE
;
388 status
= read_packet_remainder(
390 (*buffer
) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE
,
393 if (!NT_STATUS_IS_OK(status
)) {
394 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
404 static NTSTATUS
receive_smb_raw_talloc(TALLOC_CTX
*mem_ctx
,
405 struct smbd_server_connection
*sconn
,
407 char **buffer
, unsigned int timeout
,
408 size_t *p_unread
, size_t *plen
)
412 int min_recv_size
= lp_min_receive_file_size();
417 status
= read_smb_length_return_keepalive(sock
, lenbuf
, timeout
,
419 if (!NT_STATUS_IS_OK(status
)) {
423 if (CVAL(lenbuf
,0) == 0 && min_recv_size
&&
424 (smb_len_large(lenbuf
) > /* Could be a UNIX large writeX. */
425 (min_recv_size
+ STANDARD_WRITE_AND_X_HEADER_SIZE
)) &&
426 !srv_is_signing_active(sconn
) &&
427 sconn
->smb1
.echo_handler
.trusted_fde
== NULL
) {
429 return receive_smb_raw_talloc_partial_read(
430 mem_ctx
, lenbuf
, sconn
, sock
, buffer
, timeout
,
434 if (!valid_packet_size(len
)) {
435 return NT_STATUS_INVALID_PARAMETER
;
439 * The +4 here can't wrap, we've checked the length above already.
442 *buffer
= talloc_array(mem_ctx
, char, len
+4);
444 if (*buffer
== NULL
) {
445 DEBUG(0, ("Could not allocate inbuf of length %d\n",
447 return NT_STATUS_NO_MEMORY
;
450 memcpy(*buffer
, lenbuf
, sizeof(lenbuf
));
452 status
= read_packet_remainder(sock
, (*buffer
)+4, timeout
, len
);
453 if (!NT_STATUS_IS_OK(status
)) {
461 static NTSTATUS
receive_smb_talloc(TALLOC_CTX
*mem_ctx
,
462 struct smbd_server_connection
*sconn
,
464 char **buffer
, unsigned int timeout
,
465 size_t *p_unread
, bool *p_encrypted
,
468 bool trusted_channel
)
473 *p_encrypted
= false;
475 status
= receive_smb_raw_talloc(mem_ctx
, sconn
, sock
, buffer
, timeout
,
477 if (!NT_STATUS_IS_OK(status
)) {
478 DEBUG(NT_STATUS_EQUAL(status
, NT_STATUS_END_OF_FILE
)?5:1,
479 ("receive_smb_raw_talloc failed for client %s "
480 "read error = %s.\n",
481 tsocket_address_string(sconn
->remote_address
,
483 nt_errstr(status
)) );
487 if (is_encrypted_packet(sconn
, (uint8_t *)*buffer
)) {
488 status
= srv_decrypt_buffer(sconn
, *buffer
);
489 if (!NT_STATUS_IS_OK(status
)) {
490 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
491 "incoming packet! Error %s\n",
492 nt_errstr(status
) ));
498 /* Check the incoming SMB signature. */
499 if (!srv_check_sign_mac(sconn
, *buffer
, seqnum
, trusted_channel
)) {
500 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
501 "incoming packet!\n"));
502 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
510 * Initialize a struct smb_request from an inbuf
513 static bool init_smb_request(struct smb_request
*req
,
514 struct smbd_server_connection
*sconn
,
516 size_t unread_bytes
, bool encrypted
,
519 struct smbXsrv_tcon
*tcon
;
522 size_t req_size
= smb_len(inbuf
) + 4;
524 /* Ensure we have at least smb_size bytes. */
525 if (req_size
< smb_size
) {
526 DEBUG(0,("init_smb_request: invalid request size %u\n",
527 (unsigned int)req_size
));
531 req
->request_time
= timeval_current();
532 now
= timeval_to_nttime(&req
->request_time
);
534 req
->cmd
= CVAL(inbuf
, smb_com
);
535 req
->flags2
= SVAL(inbuf
, smb_flg2
);
536 req
->smbpid
= SVAL(inbuf
, smb_pid
);
537 req
->mid
= (uint64_t)SVAL(inbuf
, smb_mid
);
538 req
->seqnum
= seqnum
;
539 req
->vuid
= SVAL(inbuf
, smb_uid
);
540 req
->tid
= SVAL(inbuf
, smb_tid
);
541 req
->wct
= CVAL(inbuf
, smb_wct
);
542 req
->vwv
= (const uint16_t *)(inbuf
+smb_vwv
);
543 req
->buflen
= smb_buflen(inbuf
);
544 req
->buf
= (const uint8_t *)smb_buf_const(inbuf
);
545 req
->unread_bytes
= unread_bytes
;
546 req
->encrypted
= encrypted
;
548 status
= smb1srv_tcon_lookup(sconn
->conn
, req
->tid
, now
, &tcon
);
549 if (NT_STATUS_IS_OK(status
)) {
550 req
->conn
= tcon
->compat
;
554 req
->chain_fsp
= NULL
;
556 req
->priv_paths
= NULL
;
558 smb_init_perfcount_data(&req
->pcd
);
560 /* Ensure we have at least wct words and 2 bytes of bcc. */
561 if (smb_size
+ req
->wct
*2 > req_size
) {
562 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
563 (unsigned int)req
->wct
,
564 (unsigned int)req_size
));
567 /* Ensure bcc is correct. */
568 if (((const uint8_t *)smb_buf_const(inbuf
)) + req
->buflen
> inbuf
+ req_size
) {
569 DEBUG(0,("init_smb_request: invalid bcc number %u "
570 "(wct = %u, size %u)\n",
571 (unsigned int)req
->buflen
,
572 (unsigned int)req
->wct
,
573 (unsigned int)req_size
));
581 static void process_smb(struct smbd_server_connection
*conn
,
582 uint8_t *inbuf
, size_t nread
, size_t unread_bytes
,
583 uint32_t seqnum
, bool encrypted
,
584 struct smb_perfcount_data
*deferred_pcd
);
586 static void smbd_deferred_open_timer(struct event_context
*ev
,
587 struct timed_event
*te
,
588 struct timeval _tval
,
591 struct pending_message_list
*msg
= talloc_get_type(private_data
,
592 struct pending_message_list
);
593 struct smbd_server_connection
*sconn
= msg
->sconn
;
594 TALLOC_CTX
*mem_ctx
= talloc_tos();
595 uint64_t mid
= (uint64_t)SVAL(msg
->buf
.data
,smb_mid
);
598 inbuf
= (uint8_t *)talloc_memdup(mem_ctx
, msg
->buf
.data
,
601 exit_server("smbd_deferred_open_timer: talloc failed\n");
605 /* We leave this message on the queue so the open code can
606 know this is a retry. */
607 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
608 (unsigned long long)mid
));
610 /* Mark the message as processed so this is not
611 * re-processed in error. */
612 msg
->processed
= true;
614 process_smb(sconn
, inbuf
,
616 msg
->seqnum
, msg
->encrypted
, &msg
->pcd
);
618 /* If it's still there and was processed, remove it. */
619 msg
= get_deferred_open_message_smb(sconn
, mid
);
620 if (msg
&& msg
->processed
) {
621 remove_deferred_open_message_smb(sconn
, mid
);
625 /****************************************************************************
626 Function to push a message onto the tail of a linked list of smb messages ready
628 ****************************************************************************/
630 static bool push_queued_message(struct smb_request
*req
,
631 struct timeval request_time
,
632 struct timeval end_time
,
633 char *private_data
, size_t private_len
)
635 int msg_len
= smb_len(req
->inbuf
) + 4;
636 struct pending_message_list
*msg
;
638 msg
= talloc_zero(NULL
, struct pending_message_list
);
641 DEBUG(0,("push_message: malloc fail (1)\n"));
644 msg
->sconn
= req
->sconn
;
646 msg
->buf
= data_blob_talloc(msg
, req
->inbuf
, msg_len
);
647 if(msg
->buf
.data
== NULL
) {
648 DEBUG(0,("push_message: malloc fail (2)\n"));
653 msg
->request_time
= request_time
;
654 msg
->seqnum
= req
->seqnum
;
655 msg
->encrypted
= req
->encrypted
;
656 msg
->processed
= false;
657 SMB_PERFCOUNT_DEFER_OP(&req
->pcd
, &msg
->pcd
);
660 msg
->private_data
= data_blob_talloc(msg
, private_data
,
662 if (msg
->private_data
.data
== NULL
) {
663 DEBUG(0,("push_message: malloc fail (3)\n"));
669 msg
->te
= tevent_add_timer(msg
->sconn
->ev_ctx
,
672 smbd_deferred_open_timer
,
675 DEBUG(0,("push_message: event_add_timed failed\n"));
680 DLIST_ADD_END(req
->sconn
->deferred_open_queue
, msg
,
681 struct pending_message_list
*);
683 DEBUG(10,("push_message: pushed message length %u on "
684 "deferred_open_queue\n", (unsigned int)msg_len
));
689 /****************************************************************************
690 Function to delete a sharing violation open message by mid.
691 ****************************************************************************/
693 void remove_deferred_open_message_smb(struct smbd_server_connection
*sconn
,
696 struct pending_message_list
*pml
;
698 if (sconn
->using_smb2
) {
699 remove_deferred_open_message_smb2(sconn
, mid
);
703 for (pml
= sconn
->deferred_open_queue
; pml
; pml
= pml
->next
) {
704 if (mid
== (uint64_t)SVAL(pml
->buf
.data
,smb_mid
)) {
705 DEBUG(10,("remove_deferred_open_message_smb: "
706 "deleting mid %llu len %u\n",
707 (unsigned long long)mid
,
708 (unsigned int)pml
->buf
.length
));
709 DLIST_REMOVE(sconn
->deferred_open_queue
, pml
);
716 /****************************************************************************
717 Move a sharing violation open retry message to the front of the list and
718 schedule it for immediate processing.
719 ****************************************************************************/
721 void schedule_deferred_open_message_smb(struct smbd_server_connection
*sconn
,
724 struct pending_message_list
*pml
;
727 if (sconn
->using_smb2
) {
728 schedule_deferred_open_message_smb2(sconn
, mid
);
732 for (pml
= sconn
->deferred_open_queue
; pml
; pml
= pml
->next
) {
733 uint64_t msg_mid
= (uint64_t)SVAL(pml
->buf
.data
,smb_mid
);
735 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
738 (unsigned long long)msg_mid
));
740 if (mid
== msg_mid
) {
741 struct timed_event
*te
;
743 if (pml
->processed
) {
744 /* A processed message should not be
746 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
747 "message mid %llu was already processed\n",
748 (unsigned long long)msg_mid
));
752 DEBUG(10,("schedule_deferred_open_message_smb: "
753 "scheduling mid %llu\n",
754 (unsigned long long)mid
));
756 te
= tevent_add_timer(pml
->sconn
->ev_ctx
,
759 smbd_deferred_open_timer
,
762 DEBUG(10,("schedule_deferred_open_message_smb: "
763 "event_add_timed() failed, "
764 "skipping mid %llu\n",
765 (unsigned long long)msg_mid
));
768 TALLOC_FREE(pml
->te
);
770 DLIST_PROMOTE(sconn
->deferred_open_queue
, pml
);
775 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
776 "find message mid %llu\n",
777 (unsigned long long)mid
));
780 /****************************************************************************
781 Return true if this mid is on the deferred queue and was not yet processed.
782 ****************************************************************************/
784 bool open_was_deferred(struct smbd_server_connection
*sconn
, uint64_t mid
)
786 struct pending_message_list
*pml
;
788 if (sconn
->using_smb2
) {
789 return open_was_deferred_smb2(sconn
, mid
);
792 for (pml
= sconn
->deferred_open_queue
; pml
; pml
= pml
->next
) {
793 if (((uint64_t)SVAL(pml
->buf
.data
,smb_mid
)) == mid
&& !pml
->processed
) {
800 /****************************************************************************
801 Return the message queued by this mid.
802 ****************************************************************************/
804 static struct pending_message_list
*get_deferred_open_message_smb(
805 struct smbd_server_connection
*sconn
, uint64_t mid
)
807 struct pending_message_list
*pml
;
809 for (pml
= sconn
->deferred_open_queue
; pml
; pml
= pml
->next
) {
810 if (((uint64_t)SVAL(pml
->buf
.data
,smb_mid
)) == mid
) {
817 /****************************************************************************
818 Get the state data queued by this mid.
819 ****************************************************************************/
821 bool get_deferred_open_message_state(struct smb_request
*smbreq
,
822 struct timeval
*p_request_time
,
825 struct pending_message_list
*pml
;
827 if (smbreq
->sconn
->using_smb2
) {
828 return get_deferred_open_message_state_smb2(smbreq
->smb2req
,
833 pml
= get_deferred_open_message_smb(smbreq
->sconn
, smbreq
->mid
);
837 if (p_request_time
) {
838 *p_request_time
= pml
->request_time
;
841 *pp_state
= (void *)pml
->private_data
.data
;
846 /****************************************************************************
847 Function to push a deferred open smb message onto a linked list of local smb
848 messages ready for processing.
849 ****************************************************************************/
851 bool push_deferred_open_message_smb(struct smb_request
*req
,
852 struct timeval request_time
,
853 struct timeval timeout
,
855 char *private_data
, size_t priv_len
)
857 struct timeval end_time
;
860 return push_deferred_open_message_smb2(req
->smb2req
,
868 if (req
->unread_bytes
) {
869 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
870 "unread_bytes = %u\n",
871 (unsigned int)req
->unread_bytes
));
872 smb_panic("push_deferred_open_message_smb: "
873 "logic error unread_bytes != 0" );
876 end_time
= timeval_sum(&request_time
, &timeout
);
878 DEBUG(10,("push_deferred_open_message_smb: pushing message "
879 "len %u mid %llu timeout time [%u.%06u]\n",
880 (unsigned int) smb_len(req
->inbuf
)+4,
881 (unsigned long long)req
->mid
,
882 (unsigned int)end_time
.tv_sec
,
883 (unsigned int)end_time
.tv_usec
));
885 return push_queued_message(req
, request_time
, end_time
,
886 private_data
, priv_len
);
889 static void smbd_sig_term_handler(struct tevent_context
*ev
,
890 struct tevent_signal
*se
,
896 exit_server_cleanly("termination signal");
899 void smbd_setup_sig_term_handler(struct smbd_server_connection
*sconn
)
901 struct tevent_signal
*se
;
903 se
= tevent_add_signal(sconn
->ev_ctx
,
906 smbd_sig_term_handler
,
909 exit_server("failed to setup SIGTERM handler");
913 static void smbd_sig_hup_handler(struct tevent_context
*ev
,
914 struct tevent_signal
*se
,
920 struct smbd_server_connection
*sconn
=
921 talloc_get_type_abort(private_data
,
922 struct smbd_server_connection
);
924 change_to_root_user();
925 DEBUG(1,("Reloading services after SIGHUP\n"));
926 reload_services(sconn
, conn_snum_used
, false);
929 void smbd_setup_sig_hup_handler(struct smbd_server_connection
*sconn
)
931 struct tevent_signal
*se
;
933 se
= tevent_add_signal(sconn
->ev_ctx
,
936 smbd_sig_hup_handler
,
939 exit_server("failed to setup SIGHUP handler");
943 static void smbd_conf_updated(struct messaging_context
*msg
,
946 struct server_id server_id
,
949 struct smbd_server_connection
*sconn
=
950 talloc_get_type_abort(private_data
,
951 struct smbd_server_connection
);
953 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
954 "updated. Reloading.\n"));
955 change_to_root_user();
956 reload_services(sconn
, conn_snum_used
, false);
960 * Only allow 5 outstanding trans requests. We're allocating memory, so
964 NTSTATUS
allow_new_trans(struct trans_state
*list
, uint64_t mid
)
967 for (; list
!= NULL
; list
= list
->next
) {
969 if (list
->mid
== mid
) {
970 return NT_STATUS_INVALID_PARAMETER
;
976 return NT_STATUS_INSUFFICIENT_RESOURCES
;
983 These flags determine some of the permissions required to do an operation
985 Note that I don't set NEED_WRITE on some write operations because they
986 are used by some brain-dead clients when printing, and I don't want to
987 force write permissions on print services.
989 #define AS_USER (1<<0)
990 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
991 #define TIME_INIT (1<<2)
992 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
993 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
994 #define DO_CHDIR (1<<6)
997 define a list of possible SMB messages and their corresponding
998 functions. Any message that has a NULL function is unimplemented -
999 please feel free to contribute implementations!
1001 static const struct smb_message_struct
{
1003 void (*fn
)(struct smb_request
*req
);
1005 } smb_messages
[256] = {
1007 /* 0x00 */ { "SMBmkdir",reply_mkdir
,AS_USER
| NEED_WRITE
},
1008 /* 0x01 */ { "SMBrmdir",reply_rmdir
,AS_USER
| NEED_WRITE
},
1009 /* 0x02 */ { "SMBopen",reply_open
,AS_USER
},
1010 /* 0x03 */ { "SMBcreate",reply_mknew
,AS_USER
},
1011 /* 0x04 */ { "SMBclose",reply_close
,AS_USER
| CAN_IPC
},
1012 /* 0x05 */ { "SMBflush",reply_flush
,AS_USER
},
1013 /* 0x06 */ { "SMBunlink",reply_unlink
,AS_USER
| NEED_WRITE
},
1014 /* 0x07 */ { "SMBmv",reply_mv
,AS_USER
| NEED_WRITE
},
1015 /* 0x08 */ { "SMBgetatr",reply_getatr
,AS_USER
},
1016 /* 0x09 */ { "SMBsetatr",reply_setatr
,AS_USER
| NEED_WRITE
},
1017 /* 0x0a */ { "SMBread",reply_read
,AS_USER
},
1018 /* 0x0b */ { "SMBwrite",reply_write
,AS_USER
| CAN_IPC
},
1019 /* 0x0c */ { "SMBlock",reply_lock
,AS_USER
},
1020 /* 0x0d */ { "SMBunlock",reply_unlock
,AS_USER
},
1021 /* 0x0e */ { "SMBctemp",reply_ctemp
,AS_USER
},
1022 /* 0x0f */ { "SMBmknew",reply_mknew
,AS_USER
},
1023 /* 0x10 */ { "SMBcheckpath",reply_checkpath
,AS_USER
},
1024 /* 0x11 */ { "SMBexit",reply_exit
,DO_CHDIR
},
1025 /* 0x12 */ { "SMBlseek",reply_lseek
,AS_USER
},
1026 /* 0x13 */ { "SMBlockread",reply_lockread
,AS_USER
},
1027 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock
,AS_USER
},
1028 /* 0x15 */ { NULL
, NULL
, 0 },
1029 /* 0x16 */ { NULL
, NULL
, 0 },
1030 /* 0x17 */ { NULL
, NULL
, 0 },
1031 /* 0x18 */ { NULL
, NULL
, 0 },
1032 /* 0x19 */ { NULL
, NULL
, 0 },
1033 /* 0x1a */ { "SMBreadbraw",reply_readbraw
,AS_USER
},
1034 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx
,AS_USER
},
1035 /* 0x1c */ { "SMBreadBs",reply_readbs
,AS_USER
},
1036 /* 0x1d */ { "SMBwritebraw",reply_writebraw
,AS_USER
},
1037 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx
,AS_USER
},
1038 /* 0x1f */ { "SMBwriteBs",reply_writebs
,AS_USER
},
1039 /* 0x20 */ { "SMBwritec", NULL
,0},
1040 /* 0x21 */ { NULL
, NULL
, 0 },
1041 /* 0x22 */ { "SMBsetattrE",reply_setattrE
,AS_USER
| NEED_WRITE
},
1042 /* 0x23 */ { "SMBgetattrE",reply_getattrE
,AS_USER
},
1043 /* 0x24 */ { "SMBlockingX",reply_lockingX
,AS_USER
},
1044 /* 0x25 */ { "SMBtrans",reply_trans
,AS_USER
| CAN_IPC
},
1045 /* 0x26 */ { "SMBtranss",reply_transs
,AS_USER
| CAN_IPC
},
1046 /* 0x27 */ { "SMBioctl",reply_ioctl
,0},
1047 /* 0x28 */ { "SMBioctls", NULL
,AS_USER
},
1048 /* 0x29 */ { "SMBcopy",reply_copy
,AS_USER
| NEED_WRITE
},
1049 /* 0x2a */ { "SMBmove", NULL
,AS_USER
| NEED_WRITE
},
1050 /* 0x2b */ { "SMBecho",reply_echo
,0},
1051 /* 0x2c */ { "SMBwriteclose",reply_writeclose
,AS_USER
},
1052 /* 0x2d */ { "SMBopenX",reply_open_and_X
,AS_USER
| CAN_IPC
},
1053 /* 0x2e */ { "SMBreadX",reply_read_and_X
,AS_USER
| CAN_IPC
},
1054 /* 0x2f */ { "SMBwriteX",reply_write_and_X
,AS_USER
| CAN_IPC
},
1055 /* 0x30 */ { NULL
, NULL
, 0 },
1056 /* 0x31 */ { NULL
, NULL
, 0 },
1057 /* 0x32 */ { "SMBtrans2",reply_trans2
, AS_USER
| CAN_IPC
},
1058 /* 0x33 */ { "SMBtranss2",reply_transs2
, AS_USER
| CAN_IPC
},
1059 /* 0x34 */ { "SMBfindclose",reply_findclose
,AS_USER
},
1060 /* 0x35 */ { "SMBfindnclose",reply_findnclose
,AS_USER
},
1061 /* 0x36 */ { NULL
, NULL
, 0 },
1062 /* 0x37 */ { NULL
, NULL
, 0 },
1063 /* 0x38 */ { NULL
, NULL
, 0 },
1064 /* 0x39 */ { NULL
, NULL
, 0 },
1065 /* 0x3a */ { NULL
, NULL
, 0 },
1066 /* 0x3b */ { NULL
, NULL
, 0 },
1067 /* 0x3c */ { NULL
, NULL
, 0 },
1068 /* 0x3d */ { NULL
, NULL
, 0 },
1069 /* 0x3e */ { NULL
, NULL
, 0 },
1070 /* 0x3f */ { NULL
, NULL
, 0 },
1071 /* 0x40 */ { NULL
, NULL
, 0 },
1072 /* 0x41 */ { NULL
, NULL
, 0 },
1073 /* 0x42 */ { NULL
, NULL
, 0 },
1074 /* 0x43 */ { NULL
, NULL
, 0 },
1075 /* 0x44 */ { NULL
, NULL
, 0 },
1076 /* 0x45 */ { NULL
, NULL
, 0 },
1077 /* 0x46 */ { NULL
, NULL
, 0 },
1078 /* 0x47 */ { NULL
, NULL
, 0 },
1079 /* 0x48 */ { NULL
, NULL
, 0 },
1080 /* 0x49 */ { NULL
, NULL
, 0 },
1081 /* 0x4a */ { NULL
, NULL
, 0 },
1082 /* 0x4b */ { NULL
, NULL
, 0 },
1083 /* 0x4c */ { NULL
, NULL
, 0 },
1084 /* 0x4d */ { NULL
, NULL
, 0 },
1085 /* 0x4e */ { NULL
, NULL
, 0 },
1086 /* 0x4f */ { NULL
, NULL
, 0 },
1087 /* 0x50 */ { NULL
, NULL
, 0 },
1088 /* 0x51 */ { NULL
, NULL
, 0 },
1089 /* 0x52 */ { NULL
, NULL
, 0 },
1090 /* 0x53 */ { NULL
, NULL
, 0 },
1091 /* 0x54 */ { NULL
, NULL
, 0 },
1092 /* 0x55 */ { NULL
, NULL
, 0 },
1093 /* 0x56 */ { NULL
, NULL
, 0 },
1094 /* 0x57 */ { NULL
, NULL
, 0 },
1095 /* 0x58 */ { NULL
, NULL
, 0 },
1096 /* 0x59 */ { NULL
, NULL
, 0 },
1097 /* 0x5a */ { NULL
, NULL
, 0 },
1098 /* 0x5b */ { NULL
, NULL
, 0 },
1099 /* 0x5c */ { NULL
, NULL
, 0 },
1100 /* 0x5d */ { NULL
, NULL
, 0 },
1101 /* 0x5e */ { NULL
, NULL
, 0 },
1102 /* 0x5f */ { NULL
, NULL
, 0 },
1103 /* 0x60 */ { NULL
, NULL
, 0 },
1104 /* 0x61 */ { NULL
, NULL
, 0 },
1105 /* 0x62 */ { NULL
, NULL
, 0 },
1106 /* 0x63 */ { NULL
, NULL
, 0 },
1107 /* 0x64 */ { NULL
, NULL
, 0 },
1108 /* 0x65 */ { NULL
, NULL
, 0 },
1109 /* 0x66 */ { NULL
, NULL
, 0 },
1110 /* 0x67 */ { NULL
, NULL
, 0 },
1111 /* 0x68 */ { NULL
, NULL
, 0 },
1112 /* 0x69 */ { NULL
, NULL
, 0 },
1113 /* 0x6a */ { NULL
, NULL
, 0 },
1114 /* 0x6b */ { NULL
, NULL
, 0 },
1115 /* 0x6c */ { NULL
, NULL
, 0 },
1116 /* 0x6d */ { NULL
, NULL
, 0 },
1117 /* 0x6e */ { NULL
, NULL
, 0 },
1118 /* 0x6f */ { NULL
, NULL
, 0 },
1119 /* 0x70 */ { "SMBtcon",reply_tcon
,0},
1120 /* 0x71 */ { "SMBtdis",reply_tdis
,DO_CHDIR
},
1121 /* 0x72 */ { "SMBnegprot",reply_negprot
,0},
1122 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X
,0},
1123 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX
, 0}, /* ulogoff doesn't give a valid TID */
1124 /* 0x75 */ { "SMBtconX",reply_tcon_and_X
,0},
1125 /* 0x76 */ { NULL
, NULL
, 0 },
1126 /* 0x77 */ { NULL
, NULL
, 0 },
1127 /* 0x78 */ { NULL
, NULL
, 0 },
1128 /* 0x79 */ { NULL
, NULL
, 0 },
1129 /* 0x7a */ { NULL
, NULL
, 0 },
1130 /* 0x7b */ { NULL
, NULL
, 0 },
1131 /* 0x7c */ { NULL
, NULL
, 0 },
1132 /* 0x7d */ { NULL
, NULL
, 0 },
1133 /* 0x7e */ { NULL
, NULL
, 0 },
1134 /* 0x7f */ { NULL
, NULL
, 0 },
1135 /* 0x80 */ { "SMBdskattr",reply_dskattr
,AS_USER
},
1136 /* 0x81 */ { "SMBsearch",reply_search
,AS_USER
},
1137 /* 0x82 */ { "SMBffirst",reply_search
,AS_USER
},
1138 /* 0x83 */ { "SMBfunique",reply_search
,AS_USER
},
1139 /* 0x84 */ { "SMBfclose",reply_fclose
,AS_USER
},
1140 /* 0x85 */ { NULL
, NULL
, 0 },
1141 /* 0x86 */ { NULL
, NULL
, 0 },
1142 /* 0x87 */ { NULL
, NULL
, 0 },
1143 /* 0x88 */ { NULL
, NULL
, 0 },
1144 /* 0x89 */ { NULL
, NULL
, 0 },
1145 /* 0x8a */ { NULL
, NULL
, 0 },
1146 /* 0x8b */ { NULL
, NULL
, 0 },
1147 /* 0x8c */ { NULL
, NULL
, 0 },
1148 /* 0x8d */ { NULL
, NULL
, 0 },
1149 /* 0x8e */ { NULL
, NULL
, 0 },
1150 /* 0x8f */ { NULL
, NULL
, 0 },
1151 /* 0x90 */ { NULL
, NULL
, 0 },
1152 /* 0x91 */ { NULL
, NULL
, 0 },
1153 /* 0x92 */ { NULL
, NULL
, 0 },
1154 /* 0x93 */ { NULL
, NULL
, 0 },
1155 /* 0x94 */ { NULL
, NULL
, 0 },
1156 /* 0x95 */ { NULL
, NULL
, 0 },
1157 /* 0x96 */ { NULL
, NULL
, 0 },
1158 /* 0x97 */ { NULL
, NULL
, 0 },
1159 /* 0x98 */ { NULL
, NULL
, 0 },
1160 /* 0x99 */ { NULL
, NULL
, 0 },
1161 /* 0x9a */ { NULL
, NULL
, 0 },
1162 /* 0x9b */ { NULL
, NULL
, 0 },
1163 /* 0x9c */ { NULL
, NULL
, 0 },
1164 /* 0x9d */ { NULL
, NULL
, 0 },
1165 /* 0x9e */ { NULL
, NULL
, 0 },
1166 /* 0x9f */ { NULL
, NULL
, 0 },
1167 /* 0xa0 */ { "SMBnttrans",reply_nttrans
, AS_USER
| CAN_IPC
},
1168 /* 0xa1 */ { "SMBnttranss",reply_nttranss
, AS_USER
| CAN_IPC
},
1169 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X
, AS_USER
| CAN_IPC
},
1170 /* 0xa3 */ { NULL
, NULL
, 0 },
1171 /* 0xa4 */ { "SMBntcancel",reply_ntcancel
, 0 },
1172 /* 0xa5 */ { "SMBntrename",reply_ntrename
, AS_USER
| NEED_WRITE
},
1173 /* 0xa6 */ { NULL
, NULL
, 0 },
1174 /* 0xa7 */ { NULL
, NULL
, 0 },
1175 /* 0xa8 */ { NULL
, NULL
, 0 },
1176 /* 0xa9 */ { NULL
, NULL
, 0 },
1177 /* 0xaa */ { NULL
, NULL
, 0 },
1178 /* 0xab */ { NULL
, NULL
, 0 },
1179 /* 0xac */ { NULL
, NULL
, 0 },
1180 /* 0xad */ { NULL
, NULL
, 0 },
1181 /* 0xae */ { NULL
, NULL
, 0 },
1182 /* 0xaf */ { NULL
, NULL
, 0 },
1183 /* 0xb0 */ { NULL
, NULL
, 0 },
1184 /* 0xb1 */ { NULL
, NULL
, 0 },
1185 /* 0xb2 */ { NULL
, NULL
, 0 },
1186 /* 0xb3 */ { NULL
, NULL
, 0 },
1187 /* 0xb4 */ { NULL
, NULL
, 0 },
1188 /* 0xb5 */ { NULL
, NULL
, 0 },
1189 /* 0xb6 */ { NULL
, NULL
, 0 },
1190 /* 0xb7 */ { NULL
, NULL
, 0 },
1191 /* 0xb8 */ { NULL
, NULL
, 0 },
1192 /* 0xb9 */ { NULL
, NULL
, 0 },
1193 /* 0xba */ { NULL
, NULL
, 0 },
1194 /* 0xbb */ { NULL
, NULL
, 0 },
1195 /* 0xbc */ { NULL
, NULL
, 0 },
1196 /* 0xbd */ { NULL
, NULL
, 0 },
1197 /* 0xbe */ { NULL
, NULL
, 0 },
1198 /* 0xbf */ { NULL
, NULL
, 0 },
1199 /* 0xc0 */ { "SMBsplopen",reply_printopen
,AS_USER
},
1200 /* 0xc1 */ { "SMBsplwr",reply_printwrite
,AS_USER
},
1201 /* 0xc2 */ { "SMBsplclose",reply_printclose
,AS_USER
},
1202 /* 0xc3 */ { "SMBsplretq",reply_printqueue
,AS_USER
},
1203 /* 0xc4 */ { NULL
, NULL
, 0 },
1204 /* 0xc5 */ { NULL
, NULL
, 0 },
1205 /* 0xc6 */ { NULL
, NULL
, 0 },
1206 /* 0xc7 */ { NULL
, NULL
, 0 },
1207 /* 0xc8 */ { NULL
, NULL
, 0 },
1208 /* 0xc9 */ { NULL
, NULL
, 0 },
1209 /* 0xca */ { NULL
, NULL
, 0 },
1210 /* 0xcb */ { NULL
, NULL
, 0 },
1211 /* 0xcc */ { NULL
, NULL
, 0 },
1212 /* 0xcd */ { NULL
, NULL
, 0 },
1213 /* 0xce */ { NULL
, NULL
, 0 },
1214 /* 0xcf */ { NULL
, NULL
, 0 },
1215 /* 0xd0 */ { "SMBsends",reply_sends
,AS_GUEST
},
1216 /* 0xd1 */ { "SMBsendb", NULL
,AS_GUEST
},
1217 /* 0xd2 */ { "SMBfwdname", NULL
,AS_GUEST
},
1218 /* 0xd3 */ { "SMBcancelf", NULL
,AS_GUEST
},
1219 /* 0xd4 */ { "SMBgetmac", NULL
,AS_GUEST
},
1220 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt
,AS_GUEST
},
1221 /* 0xd6 */ { "SMBsendend",reply_sendend
,AS_GUEST
},
1222 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt
,AS_GUEST
},
1223 /* 0xd8 */ { NULL
, NULL
, 0 },
1224 /* 0xd9 */ { NULL
, NULL
, 0 },
1225 /* 0xda */ { NULL
, NULL
, 0 },
1226 /* 0xdb */ { NULL
, NULL
, 0 },
1227 /* 0xdc */ { NULL
, NULL
, 0 },
1228 /* 0xdd */ { NULL
, NULL
, 0 },
1229 /* 0xde */ { NULL
, NULL
, 0 },
1230 /* 0xdf */ { NULL
, NULL
, 0 },
1231 /* 0xe0 */ { NULL
, NULL
, 0 },
1232 /* 0xe1 */ { NULL
, NULL
, 0 },
1233 /* 0xe2 */ { NULL
, NULL
, 0 },
1234 /* 0xe3 */ { NULL
, NULL
, 0 },
1235 /* 0xe4 */ { NULL
, NULL
, 0 },
1236 /* 0xe5 */ { NULL
, NULL
, 0 },
1237 /* 0xe6 */ { NULL
, NULL
, 0 },
1238 /* 0xe7 */ { NULL
, NULL
, 0 },
1239 /* 0xe8 */ { NULL
, NULL
, 0 },
1240 /* 0xe9 */ { NULL
, NULL
, 0 },
1241 /* 0xea */ { NULL
, NULL
, 0 },
1242 /* 0xeb */ { NULL
, NULL
, 0 },
1243 /* 0xec */ { NULL
, NULL
, 0 },
1244 /* 0xed */ { NULL
, NULL
, 0 },
1245 /* 0xee */ { NULL
, NULL
, 0 },
1246 /* 0xef */ { NULL
, NULL
, 0 },
1247 /* 0xf0 */ { NULL
, NULL
, 0 },
1248 /* 0xf1 */ { NULL
, NULL
, 0 },
1249 /* 0xf2 */ { NULL
, NULL
, 0 },
1250 /* 0xf3 */ { NULL
, NULL
, 0 },
1251 /* 0xf4 */ { NULL
, NULL
, 0 },
1252 /* 0xf5 */ { NULL
, NULL
, 0 },
1253 /* 0xf6 */ { NULL
, NULL
, 0 },
1254 /* 0xf7 */ { NULL
, NULL
, 0 },
1255 /* 0xf8 */ { NULL
, NULL
, 0 },
1256 /* 0xf9 */ { NULL
, NULL
, 0 },
1257 /* 0xfa */ { NULL
, NULL
, 0 },
1258 /* 0xfb */ { NULL
, NULL
, 0 },
1259 /* 0xfc */ { NULL
, NULL
, 0 },
1260 /* 0xfd */ { NULL
, NULL
, 0 },
1261 /* 0xfe */ { NULL
, NULL
, 0 },
1262 /* 0xff */ { NULL
, NULL
, 0 }
1266 /*******************************************************************
1267 allocate and initialize a reply packet
1268 ********************************************************************/
1270 static bool create_outbuf(TALLOC_CTX
*mem_ctx
, struct smb_request
*req
,
1271 const char *inbuf
, char **outbuf
, uint8_t num_words
,
1275 * Protect against integer wrap
1277 if ((num_bytes
> 0xffffff)
1278 || ((num_bytes
+ smb_size
+ num_words
*2) > 0xffffff)) {
1280 if (asprintf(&msg
, "num_bytes too large: %u",
1281 (unsigned)num_bytes
) == -1) {
1282 msg
= discard_const_p(char, "num_bytes too large");
1287 *outbuf
= talloc_array(mem_ctx
, char,
1288 smb_size
+ num_words
*2 + num_bytes
);
1289 if (*outbuf
== NULL
) {
1293 construct_reply_common(req
, inbuf
, *outbuf
);
1294 srv_set_message(*outbuf
, num_words
, num_bytes
, false);
1296 * Zero out the word area, the caller has to take care of the bcc area
1299 if (num_words
!= 0) {
1300 memset(*outbuf
+ smb_vwv0
, 0, num_words
*2);
1306 void reply_outbuf(struct smb_request
*req
, uint8 num_words
, uint32 num_bytes
)
1309 if (!create_outbuf(req
, req
, (const char *)req
->inbuf
, &outbuf
, num_words
,
1311 smb_panic("could not allocate output buffer\n");
1313 req
->outbuf
= (uint8_t *)outbuf
;
1317 /*******************************************************************
1318 Dump a packet to a file.
1319 ********************************************************************/
1321 static void smb_dump(const char *name
, int type
, const char *data
)
1326 if (DEBUGLEVEL
< 50) {
1330 len
= smb_len_tcp(data
)+4;
1331 for (i
=1;i
<100;i
++) {
1332 fname
= talloc_asprintf(talloc_tos(),
1336 type
? "req" : "resp");
1337 if (fname
== NULL
) {
1340 fd
= open(fname
, O_WRONLY
|O_CREAT
|O_EXCL
, 0644);
1341 if (fd
!= -1 || errno
!= EEXIST
) break;
1345 ssize_t ret
= write(fd
, data
, len
);
1347 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret
));
1349 DEBUG(0,("created %s len %lu\n", fname
, (unsigned long)len
));
1354 /****************************************************************************
1355 Prepare everything for calling the actual request function, and potentially
1356 call the request function via the "new" interface.
1358 Return False if the "legacy" function needs to be called, everything is
1361 Return True if we're done.
1363 I know this API sucks, but it is the one with the least code change I could
1365 ****************************************************************************/
1367 static connection_struct
*switch_message(uint8 type
, struct smb_request
*req
)
1370 uint64_t session_tag
;
1371 connection_struct
*conn
= NULL
;
1372 struct smbd_server_connection
*sconn
= req
->sconn
;
1376 if (smb_messages
[type
].fn
== NULL
) {
1377 DEBUG(0,("Unknown message type %d!\n",type
));
1378 smb_dump("Unknown", 1, (const char *)req
->inbuf
);
1379 reply_unknown_new(req
, type
);
1383 flags
= smb_messages
[type
].flags
;
1385 /* In share mode security we must ignore the vuid. */
1386 session_tag
= req
->vuid
;
1389 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type
),
1390 (int)getpid(), (unsigned long)conn
));
1392 smb_dump(smb_fn_name(type
), 1, (const char *)req
->inbuf
);
1394 /* Ensure this value is replaced in the incoming packet. */
1395 SSVAL(discard_const_p(uint8_t, req
->inbuf
),smb_uid
,session_tag
);
1398 * Ensure the correct username is in current_user_info. This is a
1399 * really ugly bugfix for problems with multiple session_setup_and_X's
1400 * being done and allowing %U and %G substitutions to work correctly.
1401 * There is a reason this code is done here, don't move it unless you
1402 * know what you're doing... :-).
1406 if (session_tag
!= sconn
->smb1
.sessions
.last_session_tag
) {
1407 struct user_struct
*vuser
= NULL
;
1409 sconn
->smb1
.sessions
.last_session_tag
= session_tag
;
1410 if(session_tag
!= UID_FIELD_INVALID
) {
1411 vuser
= get_valid_user_struct(sconn
, session_tag
);
1413 set_current_user_info(
1414 vuser
->session_info
->unix_info
->sanitized_username
,
1415 vuser
->session_info
->unix_info
->unix_name
,
1416 vuser
->session_info
->info
->domain_name
);
1421 /* Does this call need to be run as the connected user? */
1422 if (flags
& AS_USER
) {
1424 /* Does this call need a valid tree connection? */
1427 * Amazingly, the error code depends on the command
1430 if (type
== SMBntcreateX
) {
1431 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
1433 reply_nterror(req
, NT_STATUS_NETWORK_NAME_DELETED
);
1438 if (!change_to_user(conn
,session_tag
)) {
1439 DEBUG(0, ("Error: Could not change to user. Removing "
1440 "deferred open, mid=%llu.\n",
1441 (unsigned long long)req
->mid
));
1442 reply_force_doserror(req
, ERRSRV
, ERRbaduid
);
1446 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1448 /* Does it need write permission? */
1449 if ((flags
& NEED_WRITE
) && !CAN_WRITE(conn
)) {
1450 reply_nterror(req
, NT_STATUS_MEDIA_WRITE_PROTECTED
);
1454 /* IPC services are limited */
1455 if (IS_IPC(conn
) && !(flags
& CAN_IPC
)) {
1456 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1460 /* This call needs to be run as root */
1461 change_to_root_user();
1464 /* load service specific parameters */
1466 if (req
->encrypted
) {
1467 conn
->encrypted_tid
= true;
1468 /* encrypted required from now on. */
1469 conn
->encrypt_level
= Required
;
1470 } else if (ENCRYPTION_REQUIRED(conn
)) {
1471 if (req
->cmd
!= SMBtrans2
&& req
->cmd
!= SMBtranss2
) {
1472 exit_server_cleanly("encryption required "
1478 if (!set_current_service(conn
,SVAL(req
->inbuf
,smb_flg
),
1479 (flags
& (AS_USER
|DO_CHDIR
)
1481 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1484 conn
->num_smb_operations
++;
1488 * Does this protocol need to be run as guest? (Only archane
1489 * messenger service requests have this...)
1491 if (flags
& AS_GUEST
) {
1495 if (!change_to_guest()) {
1496 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1500 raddr
= tsocket_address_inet_addr_string(sconn
->remote_address
,
1502 if (raddr
== NULL
) {
1503 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1508 * Haven't we checked this in smbd_process already???
1511 ok
= allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
1512 sconn
->remote_hostname
, raddr
);
1516 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1521 smb_messages
[type
].fn(req
);
1525 /****************************************************************************
1526 Construct a reply to the incoming packet.
1527 ****************************************************************************/
1529 static void construct_reply(struct smbd_server_connection
*sconn
,
1530 char *inbuf
, int size
, size_t unread_bytes
,
1531 uint32_t seqnum
, bool encrypted
,
1532 struct smb_perfcount_data
*deferred_pcd
)
1534 connection_struct
*conn
;
1535 struct smb_request
*req
;
1537 if (!(req
= talloc(talloc_tos(), struct smb_request
))) {
1538 smb_panic("could not allocate smb_request");
1541 if (!init_smb_request(req
, sconn
, (uint8
*)inbuf
, unread_bytes
,
1542 encrypted
, seqnum
)) {
1543 exit_server_cleanly("Invalid SMB request");
1546 req
->inbuf
= (uint8_t *)talloc_move(req
, &inbuf
);
1548 /* we popped this message off the queue - keep original perf data */
1550 req
->pcd
= *deferred_pcd
;
1552 SMB_PERFCOUNT_START(&req
->pcd
);
1553 SMB_PERFCOUNT_SET_OP(&req
->pcd
, req
->cmd
);
1554 SMB_PERFCOUNT_SET_MSGLEN_IN(&req
->pcd
, size
);
1557 conn
= switch_message(req
->cmd
, req
);
1559 if (req
->outbuf
== NULL
) {
1563 if (CVAL(req
->outbuf
,0) == 0) {
1564 show_msg((char *)req
->outbuf
);
1567 if (!srv_send_smb(req
->sconn
,
1568 (char *)req
->outbuf
,
1569 true, req
->seqnum
+1,
1570 IS_CONN_ENCRYPTED(conn
)||req
->encrypted
,
1572 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1580 static void construct_reply_chain(struct smbd_server_connection
*sconn
,
1581 char *inbuf
, int size
, uint32_t seqnum
,
1583 struct smb_perfcount_data
*deferred_pcd
)
1585 struct smb_request
**reqs
= NULL
;
1586 struct smb_request
*req
;
1590 ok
= smb1_parse_chain(talloc_tos(), (uint8_t *)inbuf
, sconn
, encrypted
,
1591 seqnum
, &reqs
, &num_reqs
);
1593 char errbuf
[smb_size
];
1594 error_packet(errbuf
, 0, 0, NT_STATUS_INVALID_PARAMETER
,
1595 __LINE__
, __FILE__
);
1596 if (!srv_send_smb(sconn
, errbuf
, true, seqnum
, encrypted
,
1598 exit_server_cleanly("construct_reply_chain: "
1599 "srv_send_smb failed.");
1605 req
->inbuf
= (uint8_t *)talloc_move(reqs
, &inbuf
);
1607 req
->conn
= switch_message(req
->cmd
, req
);
1609 if (req
->outbuf
== NULL
) {
1611 * Request has suspended itself, will come
1616 smb_request_done(req
);
1620 * To be called from an async SMB handler that is potentially chained
1621 * when it is finished for shipping.
1624 void smb_request_done(struct smb_request
*req
)
1626 struct smb_request
**reqs
= NULL
;
1627 struct smb_request
*first_req
;
1628 size_t i
, num_reqs
, next_index
;
1631 if (req
->chain
== NULL
) {
1637 num_reqs
= talloc_array_length(reqs
);
1639 for (i
=0; i
<num_reqs
; i
++) {
1640 if (reqs
[i
] == req
) {
1644 if (i
== num_reqs
) {
1646 * Invalid chain, should not happen
1648 status
= NT_STATUS_INTERNAL_ERROR
;
1653 while ((next_index
< num_reqs
) && (IVAL(req
->outbuf
, smb_rcls
) == 0)) {
1654 struct smb_request
*next
= reqs
[next_index
];
1655 struct smbXsrv_tcon
*tcon
;
1656 NTTIME now
= timeval_to_nttime(&req
->request_time
);
1658 next
->vuid
= SVAL(req
->outbuf
, smb_uid
);
1659 next
->tid
= SVAL(req
->outbuf
, smb_tid
);
1660 status
= smb1srv_tcon_lookup(req
->sconn
->conn
, req
->tid
,
1662 if (NT_STATUS_IS_OK(status
)) {
1663 req
->conn
= tcon
->compat
;
1667 next
->chain_fsp
= req
->chain_fsp
;
1668 next
->inbuf
= (uint8_t *)req
->inbuf
;
1671 req
->conn
= switch_message(req
->cmd
, req
);
1673 if (req
->outbuf
== NULL
) {
1675 * Request has suspended itself, will come
1683 first_req
= reqs
[0];
1685 for (i
=1; i
<next_index
; i
++) {
1688 ok
= smb_splice_chain(&first_req
->outbuf
, reqs
[i
]->outbuf
);
1690 status
= NT_STATUS_INTERNAL_ERROR
;
1695 SSVAL(first_req
->outbuf
, smb_uid
, SVAL(req
->outbuf
, smb_uid
));
1696 SSVAL(first_req
->outbuf
, smb_tid
, SVAL(req
->outbuf
, smb_tid
));
1699 * This scary statement intends to set the
1700 * FLAGS2_32_BIT_ERROR_CODES flg2 field in first_req->outbuf
1701 * to the value last_req->outbuf carries
1703 SSVAL(first_req
->outbuf
, smb_flg2
,
1704 (SVAL(first_req
->outbuf
, smb_flg2
) & ~FLAGS2_32_BIT_ERROR_CODES
)
1705 |(SVAL(req
->outbuf
, smb_flg2
) & FLAGS2_32_BIT_ERROR_CODES
));
1708 * Transfer the error codes from the subrequest to the main one
1710 SSVAL(first_req
->outbuf
, smb_rcls
, SVAL(req
->outbuf
, smb_rcls
));
1711 SSVAL(first_req
->outbuf
, smb_err
, SVAL(req
->outbuf
, smb_err
));
1714 first_req
->outbuf
, talloc_get_size(first_req
->outbuf
) - 4);
1717 if (!srv_send_smb(first_req
->sconn
,
1718 (char *)first_req
->outbuf
,
1719 true, first_req
->seqnum
+1,
1720 IS_CONN_ENCRYPTED(req
->conn
)||first_req
->encrypted
,
1722 exit_server_cleanly("construct_reply_chain: srv_send_smb "
1725 TALLOC_FREE(req
); /* non-chained case */
1726 TALLOC_FREE(reqs
); /* chained case */
1731 char errbuf
[smb_size
];
1732 error_packet(errbuf
, 0, 0, status
, __LINE__
, __FILE__
);
1733 if (!srv_send_smb(req
->sconn
, errbuf
, true,
1734 req
->seqnum
+1, req
->encrypted
,
1736 exit_server_cleanly("construct_reply_chain: "
1737 "srv_send_smb failed.");
1740 TALLOC_FREE(req
); /* non-chained case */
1741 TALLOC_FREE(reqs
); /* chained case */
1744 /****************************************************************************
1745 Process an smb from the client
1746 ****************************************************************************/
1747 static void process_smb(struct smbd_server_connection
*sconn
,
1748 uint8_t *inbuf
, size_t nread
, size_t unread_bytes
,
1749 uint32_t seqnum
, bool encrypted
,
1750 struct smb_perfcount_data
*deferred_pcd
)
1752 int msg_type
= CVAL(inbuf
,0);
1754 DO_PROFILE_INC(smb_count
);
1756 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type
,
1758 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1759 sconn
->trans_num
, (int)nread
, (unsigned int)unread_bytes
));
1761 if (msg_type
!= NBSSmessage
) {
1763 * NetBIOS session request, keepalive, etc.
1765 reply_special(sconn
, (char *)inbuf
, nread
);
1769 if (sconn
->using_smb2
) {
1770 /* At this point we're not really using smb2,
1771 * we make the decision here.. */
1772 if (smbd_is_smb2_header(inbuf
, nread
)) {
1773 smbd_smb2_first_negprot(sconn
, inbuf
, nread
);
1775 } else if (nread
>= smb_size
&& valid_smb_header(sconn
, inbuf
)
1776 && CVAL(inbuf
, smb_com
) != 0x72) {
1777 /* This is a non-negprot SMB1 packet.
1778 Disable SMB2 from now on. */
1779 sconn
->using_smb2
= false;
1783 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1784 * so subtract 4 from it. */
1785 if ((nread
< (smb_size
- 4)) || !valid_smb_header(sconn
, inbuf
)) {
1786 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1789 /* special magic for immediate exit */
1791 (IVAL(inbuf
, 4) == 0x74697865) &&
1792 lp_parm_bool(-1, "smbd", "suicide mode", false)) {
1793 uint8_t exitcode
= CVAL(inbuf
, 8);
1794 DEBUG(1, ("Exiting immediately with code %d\n",
1799 exit_server_cleanly("Non-SMB packet");
1802 show_msg((char *)inbuf
);
1804 if ((unread_bytes
== 0) && smb1_is_chain(inbuf
)) {
1805 construct_reply_chain(sconn
, (char *)inbuf
, nread
,
1806 seqnum
, encrypted
, deferred_pcd
);
1808 construct_reply(sconn
, (char *)inbuf
, nread
, unread_bytes
,
1809 seqnum
, encrypted
, deferred_pcd
);
1815 sconn
->num_requests
++;
1817 /* The timeout_processing function isn't run nearly
1818 often enough to implement 'max log size' without
1819 overrunning the size of the file by many megabytes.
1820 This is especially true if we are running at debug
1821 level 10. Checking every 50 SMBs is a nice
1822 tradeoff of performance vs log file size overrun. */
1824 if ((sconn
->num_requests
% 50) == 0 &&
1825 need_to_check_log_size()) {
1826 change_to_root_user();
1831 /****************************************************************************
1832 Return a string containing the function name of a SMB command.
1833 ****************************************************************************/
1835 const char *smb_fn_name(int type
)
1837 const char *unknown_name
= "SMBunknown";
1839 if (smb_messages
[type
].name
== NULL
)
1840 return(unknown_name
);
1842 return(smb_messages
[type
].name
);
1845 /****************************************************************************
1846 Helper functions for contruct_reply.
1847 ****************************************************************************/
1849 void add_to_common_flags2(uint32 v
)
1854 void remove_from_common_flags2(uint32 v
)
1856 common_flags2
&= ~v
;
1859 static void construct_reply_common(struct smb_request
*req
, const char *inbuf
,
1862 uint16_t in_flags2
= SVAL(inbuf
,smb_flg2
);
1863 uint16_t out_flags2
= common_flags2
;
1865 out_flags2
|= in_flags2
& FLAGS2_UNICODE_STRINGS
;
1866 out_flags2
|= in_flags2
& FLAGS2_SMB_SECURITY_SIGNATURES
;
1867 out_flags2
|= in_flags2
& FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
;
1869 srv_set_message(outbuf
,0,0,false);
1871 SCVAL(outbuf
, smb_com
, req
->cmd
);
1872 SIVAL(outbuf
,smb_rcls
,0);
1873 SCVAL(outbuf
,smb_flg
, FLAG_REPLY
| (CVAL(inbuf
,smb_flg
) & FLAG_CASELESS_PATHNAMES
));
1874 SSVAL(outbuf
,smb_flg2
, out_flags2
);
1875 memset(outbuf
+smb_pidhigh
,'\0',(smb_tid
-smb_pidhigh
));
1876 memcpy(outbuf
+smb_ss_field
, inbuf
+smb_ss_field
, 8);
1878 SSVAL(outbuf
,smb_tid
,SVAL(inbuf
,smb_tid
));
1879 SSVAL(outbuf
,smb_pid
,SVAL(inbuf
,smb_pid
));
1880 SSVAL(outbuf
,smb_uid
,SVAL(inbuf
,smb_uid
));
1881 SSVAL(outbuf
,smb_mid
,SVAL(inbuf
,smb_mid
));
1884 void construct_reply_common_req(struct smb_request
*req
, char *outbuf
)
1886 construct_reply_common(req
, (const char *)req
->inbuf
, outbuf
);
1890 * @brief Find the smb_cmd offset of the last command pushed
1891 * @param[in] buf The buffer we're building up
1892 * @retval Where can we put our next andx cmd?
1894 * While chaining requests, the "next" request we're looking at needs to put
1895 * its SMB_Command before the data the previous request already built up added
1896 * to the chain. Find the offset to the place where we have to put our cmd.
1899 static bool find_andx_cmd_ofs(uint8_t *buf
, size_t *pofs
)
1904 cmd
= CVAL(buf
, smb_com
);
1906 if (!is_andx_req(cmd
)) {
1912 while (CVAL(buf
, ofs
) != 0xff) {
1914 if (!is_andx_req(CVAL(buf
, ofs
))) {
1919 * ofs is from start of smb header, so add the 4 length
1920 * bytes. The next cmd is right after the wct field.
1922 ofs
= SVAL(buf
, ofs
+2) + 4 + 1;
1924 if (ofs
+4 >= talloc_get_size(buf
)) {
1934 * @brief Do the smb chaining at a buffer level
1935 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
1936 * @param[in] andx_buf Buffer to be appended
1939 static bool smb_splice_chain(uint8_t **poutbuf
, const uint8_t *andx_buf
)
1941 uint8_t smb_command
= CVAL(andx_buf
, smb_com
);
1942 uint8_t wct
= CVAL(andx_buf
, smb_wct
);
1943 const uint16_t *vwv
= (const uint16_t *)(andx_buf
+ smb_vwv
);
1944 uint32_t num_bytes
= smb_buflen(andx_buf
);
1945 const uint8_t *bytes
= (const uint8_t *)smb_buf_const(andx_buf
);
1948 size_t old_size
, new_size
;
1950 size_t chain_padding
= 0;
1951 size_t andx_cmd_ofs
;
1954 old_size
= talloc_get_size(*poutbuf
);
1956 if ((old_size
% 4) != 0) {
1958 * Align the wct field of subsequent requests to a 4-byte
1961 chain_padding
= 4 - (old_size
% 4);
1965 * After the old request comes the new wct field (1 byte), the vwv's
1966 * and the num_bytes field.
1969 new_size
= old_size
+ chain_padding
+ 1 + wct
* sizeof(uint16_t) + 2;
1970 new_size
+= num_bytes
;
1972 if ((smb_command
!= SMBwriteX
) && (new_size
> 0xffff)) {
1973 DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
1974 (unsigned)new_size
));
1978 outbuf
= talloc_realloc(NULL
, *poutbuf
, uint8_t, new_size
);
1979 if (outbuf
== NULL
) {
1980 DEBUG(0, ("talloc failed\n"));
1985 if (!find_andx_cmd_ofs(outbuf
, &andx_cmd_ofs
)) {
1986 DEBUG(1, ("invalid command chain\n"));
1987 *poutbuf
= talloc_realloc(NULL
, *poutbuf
, uint8_t, old_size
);
1991 if (chain_padding
!= 0) {
1992 memset(outbuf
+ old_size
, 0, chain_padding
);
1993 old_size
+= chain_padding
;
1996 SCVAL(outbuf
, andx_cmd_ofs
, smb_command
);
1997 SSVAL(outbuf
, andx_cmd_ofs
+ 2, old_size
- 4);
2002 * Push the chained request:
2007 SCVAL(outbuf
, ofs
, wct
);
2014 memcpy(outbuf
+ ofs
, vwv
, sizeof(uint16_t) * wct
);
2019 * Read&X has an offset into its data buffer at
2020 * vwv[6]. reply_read_andx has no idea anymore that it's
2021 * running from within a chain, so we have to fix up the
2024 * Although it looks disgusting at this place, I want to keep
2025 * it here. The alternative would be to push knowledge about
2026 * the andx chain down into read&x again.
2029 if (smb_command
== SMBreadX
) {
2030 uint8_t *bytes_addr
;
2034 * Invalid read&x response
2039 bytes_addr
= outbuf
+ ofs
/* vwv start */
2040 + sizeof(uint16_t) * wct
/* vwv array */
2041 + sizeof(uint16_t); /* bcc */
2043 SSVAL(outbuf
+ ofs
, 6 * sizeof(uint16_t),
2044 bytes_addr
- outbuf
- 4);
2047 ofs
+= sizeof(uint16_t) * wct
;
2053 SSVAL(outbuf
, ofs
, num_bytes
);
2054 ofs
+= sizeof(uint16_t);
2060 memcpy(outbuf
+ ofs
, bytes
, num_bytes
);
2065 bool smb1_is_chain(const uint8_t *buf
)
2067 uint8_t cmd
, wct
, andx_cmd
;
2069 cmd
= CVAL(buf
, smb_com
);
2070 if (!is_andx_req(cmd
)) {
2073 wct
= CVAL(buf
, smb_wct
);
2077 andx_cmd
= CVAL(buf
, smb_vwv
);
2078 return (andx_cmd
!= 0xFF);
2081 bool smb1_walk_chain(const uint8_t *buf
,
2082 bool (*fn
)(uint8_t cmd
,
2083 uint8_t wct
, const uint16_t *vwv
,
2084 uint16_t num_bytes
, const uint8_t *bytes
,
2085 void *private_data
),
2088 size_t smblen
= smb_len(buf
);
2089 const char *smb_buf
= smb_base(buf
);
2090 uint8_t cmd
, chain_cmd
;
2092 const uint16_t *vwv
;
2094 const uint8_t *bytes
;
2096 cmd
= CVAL(buf
, smb_com
);
2097 wct
= CVAL(buf
, smb_wct
);
2098 vwv
= (const uint16_t *)(buf
+ smb_vwv
);
2099 num_bytes
= smb_buflen(buf
);
2100 bytes
= (uint8_t *)smb_buf_const(buf
);
2102 if (!fn(cmd
, wct
, vwv
, num_bytes
, bytes
, private_data
)) {
2106 if (!is_andx_req(cmd
)) {
2113 chain_cmd
= CVAL(vwv
, 0);
2115 while (chain_cmd
!= 0xff) {
2116 uint32_t chain_offset
; /* uint32_t to avoid overflow */
2117 size_t length_needed
;
2118 ptrdiff_t vwv_offset
;
2120 chain_offset
= SVAL(vwv
+1, 0);
2123 * Check if the client tries to fool us. The chain
2124 * offset needs to point beyond the current request in
2125 * the chain, it needs to strictly grow. Otherwise we
2126 * might be tricked into an endless loop always
2127 * processing the same request over and over again. We
2128 * used to assume that vwv and the byte buffer array
2129 * in a chain are always attached, but OS/2 the
2130 * Write&X/Read&X chain puts the Read&X vwv array
2131 * right behind the Write&X vwv chain. The Write&X bcc
2132 * array is put behind the Read&X vwv array. So now we
2133 * check whether the chain offset points strictly
2134 * behind the previous vwv array. req->buf points
2135 * right after the vwv array of the previous
2137 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for
2141 vwv_offset
= ((const char *)vwv
- smb_buf
);
2142 if (chain_offset
<= vwv_offset
) {
2147 * Next check: Make sure the chain offset does not
2148 * point beyond the overall smb request length.
2151 length_needed
= chain_offset
+1; /* wct */
2152 if (length_needed
> smblen
) {
2157 * Now comes the pointer magic. Goal here is to set up
2158 * vwv and buf correctly again. The chain offset (the
2159 * former vwv[1]) points at the new wct field.
2162 wct
= CVAL(smb_buf
, chain_offset
);
2164 if (is_andx_req(chain_cmd
) && (wct
< 2)) {
2169 * Next consistency check: Make the new vwv array fits
2170 * in the overall smb request.
2173 length_needed
+= (wct
+1)*sizeof(uint16_t); /* vwv+buflen */
2174 if (length_needed
> smblen
) {
2177 vwv
= (const uint16_t *)(smb_buf
+ chain_offset
+ 1);
2180 * Now grab the new byte buffer....
2183 num_bytes
= SVAL(vwv
+wct
, 0);
2186 * .. and check that it fits.
2189 length_needed
+= num_bytes
;
2190 if (length_needed
> smblen
) {
2193 bytes
= (const uint8_t *)(vwv
+wct
+1);
2195 if (!fn(chain_cmd
, wct
, vwv
, num_bytes
, bytes
, private_data
)) {
2199 if (!is_andx_req(chain_cmd
)) {
2202 chain_cmd
= CVAL(vwv
, 0);
2207 static bool smb1_chain_length_cb(uint8_t cmd
,
2208 uint8_t wct
, const uint16_t *vwv
,
2209 uint16_t num_bytes
, const uint8_t *bytes
,
2212 unsigned *count
= (unsigned *)private_data
;
2217 unsigned smb1_chain_length(const uint8_t *buf
)
2221 if (!smb1_walk_chain(buf
, smb1_chain_length_cb
, &count
)) {
2227 struct smb1_parse_chain_state
{
2228 TALLOC_CTX
*mem_ctx
;
2230 struct smbd_server_connection
*sconn
;
2234 struct smb_request
**reqs
;
2238 static bool smb1_parse_chain_cb(uint8_t cmd
,
2239 uint8_t wct
, const uint16_t *vwv
,
2240 uint16_t num_bytes
, const uint8_t *bytes
,
2243 struct smb1_parse_chain_state
*state
=
2244 (struct smb1_parse_chain_state
*)private_data
;
2245 struct smb_request
**reqs
;
2246 struct smb_request
*req
;
2249 reqs
= talloc_realloc(state
->mem_ctx
, state
->reqs
,
2250 struct smb_request
*, state
->num_reqs
+1);
2256 req
= talloc(reqs
, struct smb_request
);
2261 ok
= init_smb_request(req
, state
->sconn
, state
->buf
, 0,
2262 state
->encrypted
, state
->seqnum
);
2269 req
->buflen
= num_bytes
;
2272 reqs
[state
->num_reqs
] = req
;
2273 state
->num_reqs
+= 1;
2277 bool smb1_parse_chain(TALLOC_CTX
*mem_ctx
, const uint8_t *buf
,
2278 struct smbd_server_connection
*sconn
,
2279 bool encrypted
, uint32_t seqnum
,
2280 struct smb_request
***reqs
, unsigned *num_reqs
)
2282 struct smb1_parse_chain_state state
;
2285 state
.mem_ctx
= mem_ctx
;
2287 state
.sconn
= sconn
;
2288 state
.encrypted
= encrypted
;
2289 state
.seqnum
= seqnum
;
2293 if (!smb1_walk_chain(buf
, smb1_parse_chain_cb
, &state
)) {
2294 TALLOC_FREE(state
.reqs
);
2297 for (i
=0; i
<state
.num_reqs
; i
++) {
2298 state
.reqs
[i
]->chain
= state
.reqs
;
2301 *num_reqs
= state
.num_reqs
;
2305 /****************************************************************************
2306 Check if services need reloading.
2307 ****************************************************************************/
2309 static void check_reload(struct smbd_server_connection
*sconn
, time_t t
)
2312 if (last_smb_conf_reload_time
== 0) {
2313 last_smb_conf_reload_time
= t
;
2316 if (t
>= last_smb_conf_reload_time
+SMBD_RELOAD_CHECK
) {
2317 reload_services(sconn
, conn_snum_used
, true);
2318 last_smb_conf_reload_time
= t
;
2322 static bool fd_is_readable(int fd
)
2326 ret
= poll_one_fd(fd
, POLLIN
|POLLHUP
, 0, &revents
);
2328 return ((ret
> 0) && ((revents
& (POLLIN
|POLLHUP
|POLLERR
)) != 0));
2332 static void smbd_server_connection_write_handler(
2333 struct smbd_server_connection
*sconn
)
2335 /* TODO: make write nonblocking */
2338 static void smbd_server_connection_read_handler(
2339 struct smbd_server_connection
*sconn
, int fd
)
2341 uint8_t *inbuf
= NULL
;
2342 size_t inbuf_len
= 0;
2343 size_t unread_bytes
= 0;
2344 bool encrypted
= false;
2345 TALLOC_CTX
*mem_ctx
= talloc_tos();
2351 if (lp_async_smb_echo_handler()
2352 && fd_is_readable(sconn
->smb1
.echo_handler
.trusted_fd
)) {
2354 * This is the super-ugly hack to prefer the packets
2355 * forwarded by the echo handler over the ones by the
2358 fd
= sconn
->smb1
.echo_handler
.trusted_fd
;
2361 from_client
= (sconn
->sock
== fd
);
2364 smbd_lock_socket(sconn
);
2366 if (!fd_is_readable(fd
)) {
2367 DEBUG(10,("the echo listener was faster\n"));
2368 smbd_unlock_socket(sconn
);
2373 /* TODO: make this completely nonblocking */
2374 status
= receive_smb_talloc(mem_ctx
, sconn
, fd
,
2375 (char **)(void *)&inbuf
,
2379 &inbuf_len
, &seqnum
,
2380 false /* trusted channel */);
2383 smbd_unlock_socket(sconn
);
2386 if (NT_STATUS_EQUAL(status
, NT_STATUS_RETRY
)) {
2389 if (NT_STATUS_IS_ERR(status
)) {
2390 exit_server_cleanly("failed to receive smb request");
2392 if (!NT_STATUS_IS_OK(status
)) {
2397 process_smb(sconn
, inbuf
, inbuf_len
, unread_bytes
,
2398 seqnum
, encrypted
, NULL
);
2401 static void smbd_server_connection_handler(struct event_context
*ev
,
2402 struct fd_event
*fde
,
2406 struct smbd_server_connection
*conn
= talloc_get_type(private_data
,
2407 struct smbd_server_connection
);
2409 if (flags
& EVENT_FD_WRITE
) {
2410 smbd_server_connection_write_handler(conn
);
2413 if (flags
& EVENT_FD_READ
) {
2414 smbd_server_connection_read_handler(conn
, conn
->sock
);
2419 static void smbd_server_echo_handler(struct event_context
*ev
,
2420 struct fd_event
*fde
,
2424 struct smbd_server_connection
*conn
= talloc_get_type(private_data
,
2425 struct smbd_server_connection
);
2427 if (flags
& EVENT_FD_WRITE
) {
2428 smbd_server_connection_write_handler(conn
);
2431 if (flags
& EVENT_FD_READ
) {
2432 smbd_server_connection_read_handler(
2433 conn
, conn
->smb1
.echo_handler
.trusted_fd
);
2438 #ifdef CLUSTER_SUPPORT
2439 /****************************************************************************
2440 received when we should release a specific IP
2441 ****************************************************************************/
2442 static void release_ip(const char *ip
, void *priv
)
2444 const char *addr
= (const char *)priv
;
2445 const char *p
= addr
;
2447 if (strncmp("::ffff:", addr
, 7) == 0) {
2451 DEBUG(10, ("Got release IP message for %s, "
2452 "our address is %s\n", ip
, p
));
2454 if ((strcmp(p
, ip
) == 0) || ((p
!= addr
) && strcmp(addr
, ip
) == 0)) {
2455 /* we can't afford to do a clean exit - that involves
2456 database writes, which would potentially mean we
2457 are still running after the failover has finished -
2458 we have to get rid of this process ID straight
2460 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2462 /* note we must exit with non-zero status so the unclean handler gets
2463 called in the parent, so that the brl database is tickled */
2468 static int client_get_tcp_info(int sock
, struct sockaddr_storage
*server
,
2469 struct sockaddr_storage
*client
)
2472 length
= sizeof(*server
);
2473 if (getsockname(sock
, (struct sockaddr
*)server
, &length
) != 0) {
2476 length
= sizeof(*client
);
2477 if (getpeername(sock
, (struct sockaddr
*)client
, &length
) != 0) {
2485 * Send keepalive packets to our client
2487 static bool keepalive_fn(const struct timeval
*now
, void *private_data
)
2489 struct smbd_server_connection
*sconn
= talloc_get_type_abort(
2490 private_data
, struct smbd_server_connection
);
2493 if (sconn
->using_smb2
) {
2494 /* Don't do keepalives on an SMB2 connection. */
2498 smbd_lock_socket(sconn
);
2499 ret
= send_keepalive(sconn
->sock
);
2500 smbd_unlock_socket(sconn
);
2503 char addr
[INET6_ADDRSTRLEN
];
2505 * Try and give an error message saying what
2508 DEBUG(0, ("send_keepalive failed for client %s. "
2509 "Error %s - exiting\n",
2510 get_peer_addr(sconn
->sock
, addr
, sizeof(addr
)),
2518 * Do the recurring check if we're idle
2520 static bool deadtime_fn(const struct timeval
*now
, void *private_data
)
2522 struct smbd_server_connection
*sconn
=
2523 (struct smbd_server_connection
*)private_data
;
2525 if ((conn_num_open(sconn
) == 0)
2526 || (conn_idle_all(sconn
, now
->tv_sec
))) {
2527 DEBUG( 2, ( "Closing idle connection\n" ) );
2528 messaging_send(sconn
->msg_ctx
,
2529 messaging_server_id(sconn
->msg_ctx
),
2530 MSG_SHUTDOWN
, &data_blob_null
);
2538 * Do the recurring log file and smb.conf reload checks.
2541 static bool housekeeping_fn(const struct timeval
*now
, void *private_data
)
2543 struct smbd_server_connection
*sconn
= talloc_get_type_abort(
2544 private_data
, struct smbd_server_connection
);
2546 DEBUG(5, ("housekeeping\n"));
2548 change_to_root_user();
2550 /* update printer queue caches if necessary */
2551 update_monitored_printq_cache(sconn
->msg_ctx
);
2553 /* check if we need to reload services */
2554 check_reload(sconn
, time_mono(NULL
));
2556 /* Change machine password if neccessary. */
2557 attempt_machine_password_change();
2560 * Force a log file check.
2562 force_check_log_size();
2568 * Read an smb packet in the echo handler child, giving the parent
2569 * smbd one second to react once the socket becomes readable.
2572 struct smbd_echo_read_state
{
2573 struct tevent_context
*ev
;
2574 struct smbd_server_connection
*sconn
;
2581 static void smbd_echo_read_readable(struct tevent_req
*subreq
);
2582 static void smbd_echo_read_waited(struct tevent_req
*subreq
);
2584 static struct tevent_req
*smbd_echo_read_send(
2585 TALLOC_CTX
*mem_ctx
, struct tevent_context
*ev
,
2586 struct smbd_server_connection
*sconn
)
2588 struct tevent_req
*req
, *subreq
;
2589 struct smbd_echo_read_state
*state
;
2591 req
= tevent_req_create(mem_ctx
, &state
,
2592 struct smbd_echo_read_state
);
2597 state
->sconn
= sconn
;
2599 subreq
= wait_for_read_send(state
, ev
, sconn
->sock
);
2600 if (tevent_req_nomem(subreq
, req
)) {
2601 return tevent_req_post(req
, ev
);
2603 tevent_req_set_callback(subreq
, smbd_echo_read_readable
, req
);
2607 static void smbd_echo_read_readable(struct tevent_req
*subreq
)
2609 struct tevent_req
*req
= tevent_req_callback_data(
2610 subreq
, struct tevent_req
);
2611 struct smbd_echo_read_state
*state
= tevent_req_data(
2612 req
, struct smbd_echo_read_state
);
2616 ok
= wait_for_read_recv(subreq
, &err
);
2617 TALLOC_FREE(subreq
);
2619 tevent_req_nterror(req
, map_nt_error_from_unix(err
));
2624 * Give the parent smbd one second to step in
2627 subreq
= tevent_wakeup_send(
2628 state
, state
->ev
, timeval_current_ofs(1, 0));
2629 if (tevent_req_nomem(subreq
, req
)) {
2632 tevent_req_set_callback(subreq
, smbd_echo_read_waited
, req
);
2635 static void smbd_echo_read_waited(struct tevent_req
*subreq
)
2637 struct tevent_req
*req
= tevent_req_callback_data(
2638 subreq
, struct tevent_req
);
2639 struct smbd_echo_read_state
*state
= tevent_req_data(
2640 req
, struct smbd_echo_read_state
);
2641 struct smbd_server_connection
*sconn
= state
->sconn
;
2647 ok
= tevent_wakeup_recv(subreq
);
2648 TALLOC_FREE(subreq
);
2650 tevent_req_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
2654 ok
= smbd_lock_socket_internal(sconn
);
2656 tevent_req_nterror(req
, map_nt_error_from_unix(errno
));
2657 DEBUG(0, ("%s: failed to lock socket\n", __location__
));
2661 if (!fd_is_readable(sconn
->sock
)) {
2662 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
2665 ok
= smbd_unlock_socket_internal(sconn
);
2667 tevent_req_nterror(req
, map_nt_error_from_unix(errno
));
2668 DEBUG(1, ("%s: failed to unlock socket\n",
2673 subreq
= wait_for_read_send(state
, state
->ev
, sconn
->sock
);
2674 if (tevent_req_nomem(subreq
, req
)) {
2677 tevent_req_set_callback(subreq
, smbd_echo_read_readable
, req
);
2681 status
= receive_smb_talloc(state
, sconn
, sconn
->sock
, &state
->buf
,
2687 false /* trusted_channel*/);
2689 if (tevent_req_nterror(req
, status
)) {
2690 tevent_req_nterror(req
, status
);
2691 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
2692 (int)getpid(), nt_errstr(status
)));
2696 ok
= smbd_unlock_socket_internal(sconn
);
2698 tevent_req_nterror(req
, map_nt_error_from_unix(errno
));
2699 DEBUG(1, ("%s: failed to unlock socket\n", __location__
));
2702 tevent_req_done(req
);
2705 static NTSTATUS
smbd_echo_read_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
2706 char **pbuf
, size_t *pbuflen
, uint32_t *pseqnum
)
2708 struct smbd_echo_read_state
*state
= tevent_req_data(
2709 req
, struct smbd_echo_read_state
);
2712 if (tevent_req_is_nterror(req
, &status
)) {
2715 *pbuf
= talloc_move(mem_ctx
, &state
->buf
);
2716 *pbuflen
= state
->buflen
;
2717 *pseqnum
= state
->seqnum
;
2718 return NT_STATUS_OK
;
2721 struct smbd_echo_state
{
2722 struct tevent_context
*ev
;
2723 struct iovec
*pending
;
2724 struct smbd_server_connection
*sconn
;
2727 struct tevent_fd
*parent_fde
;
2729 struct tevent_req
*write_req
;
2732 static void smbd_echo_writer_done(struct tevent_req
*req
);
2734 static void smbd_echo_activate_writer(struct smbd_echo_state
*state
)
2738 if (state
->write_req
!= NULL
) {
2742 num_pending
= talloc_array_length(state
->pending
);
2743 if (num_pending
== 0) {
2747 state
->write_req
= writev_send(state
, state
->ev
, NULL
,
2748 state
->parent_pipe
, false,
2749 state
->pending
, num_pending
);
2750 if (state
->write_req
== NULL
) {
2751 DEBUG(1, ("writev_send failed\n"));
2755 talloc_steal(state
->write_req
, state
->pending
);
2756 state
->pending
= NULL
;
2758 tevent_req_set_callback(state
->write_req
, smbd_echo_writer_done
,
2762 static void smbd_echo_writer_done(struct tevent_req
*req
)
2764 struct smbd_echo_state
*state
= tevent_req_callback_data(
2765 req
, struct smbd_echo_state
);
2769 written
= writev_recv(req
, &err
);
2771 state
->write_req
= NULL
;
2772 if (written
== -1) {
2773 DEBUG(1, ("writev to parent failed: %s\n", strerror(err
)));
2776 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)getpid()));
2777 smbd_echo_activate_writer(state
);
2780 static bool smbd_echo_reply(struct smbd_echo_state
*state
,
2781 uint8_t *inbuf
, size_t inbuf_len
,
2784 struct smb_request req
;
2785 uint16_t num_replies
;
2789 if ((inbuf_len
== 4) && (CVAL(inbuf
, 0) == NBSSkeepalive
)) {
2790 DEBUG(10, ("Got netbios keepalive\n"));
2797 if (inbuf_len
< smb_size
) {
2798 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len
));
2801 if (!valid_smb_header(state
->sconn
, inbuf
)) {
2802 DEBUG(10, ("Got invalid SMB header\n"));
2806 if (!init_smb_request(&req
, state
->sconn
, inbuf
, 0, false,
2812 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req
.cmd
,
2813 smb_messages
[req
.cmd
].name
2814 ? smb_messages
[req
.cmd
].name
: "unknown"));
2816 if (req
.cmd
!= SMBecho
) {
2823 num_replies
= SVAL(req
.vwv
+0, 0);
2824 if (num_replies
!= 1) {
2825 /* Not a Windows "Hey, you're still there?" request */
2829 if (!create_outbuf(talloc_tos(), &req
, (const char *)req
.inbuf
, &outbuf
,
2831 DEBUG(10, ("create_outbuf failed\n"));
2834 req
.outbuf
= (uint8_t *)outbuf
;
2836 SSVAL(req
.outbuf
, smb_vwv0
, num_replies
);
2838 if (req
.buflen
> 0) {
2839 memcpy(smb_buf(req
.outbuf
), req
.buf
, req
.buflen
);
2842 ok
= srv_send_smb(req
.sconn
,
2846 TALLOC_FREE(outbuf
);
2854 static void smbd_echo_exit(struct tevent_context
*ev
,
2855 struct tevent_fd
*fde
, uint16_t flags
,
2858 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
2862 static void smbd_echo_got_packet(struct tevent_req
*req
);
2864 static void smbd_echo_loop(struct smbd_server_connection
*sconn
,
2867 struct smbd_echo_state
*state
;
2868 struct tevent_req
*read_req
;
2870 state
= talloc_zero(sconn
, struct smbd_echo_state
);
2871 if (state
== NULL
) {
2872 DEBUG(1, ("talloc failed\n"));
2875 state
->sconn
= sconn
;
2876 state
->parent_pipe
= parent_pipe
;
2877 state
->ev
= s3_tevent_context_init(state
);
2878 if (state
->ev
== NULL
) {
2879 DEBUG(1, ("tevent_context_init failed\n"));
2883 state
->parent_fde
= tevent_add_fd(state
->ev
, state
, parent_pipe
,
2884 TEVENT_FD_READ
, smbd_echo_exit
,
2886 if (state
->parent_fde
== NULL
) {
2887 DEBUG(1, ("tevent_add_fd failed\n"));
2892 read_req
= smbd_echo_read_send(state
, state
->ev
, sconn
);
2893 if (read_req
== NULL
) {
2894 DEBUG(1, ("smbd_echo_read_send failed\n"));
2898 tevent_req_set_callback(read_req
, smbd_echo_got_packet
, state
);
2901 if (tevent_loop_once(state
->ev
) == -1) {
2902 DEBUG(1, ("tevent_loop_once failed: %s\n",
2910 static void smbd_echo_got_packet(struct tevent_req
*req
)
2912 struct smbd_echo_state
*state
= tevent_req_callback_data(
2913 req
, struct smbd_echo_state
);
2917 uint32_t seqnum
= 0;
2920 status
= smbd_echo_read_recv(req
, state
, &buf
, &buflen
, &seqnum
);
2922 if (!NT_STATUS_IS_OK(status
)) {
2923 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
2924 nt_errstr(status
)));
2928 reply
= smbd_echo_reply(state
, (uint8_t *)buf
, buflen
, seqnum
);
2934 num_pending
= talloc_array_length(state
->pending
);
2935 tmp
= talloc_realloc(state
, state
->pending
, struct iovec
,
2938 DEBUG(1, ("talloc_realloc failed\n"));
2941 state
->pending
= tmp
;
2943 if (buflen
>= smb_size
) {
2945 * place the seqnum in the packet so that the main process
2946 * can reply with signing
2948 SIVAL(buf
, smb_ss_field
, seqnum
);
2949 SIVAL(buf
, smb_ss_field
+4, NT_STATUS_V(NT_STATUS_OK
));
2952 iov
= &state
->pending
[num_pending
];
2953 iov
->iov_base
= buf
;
2954 iov
->iov_len
= buflen
;
2956 DEBUG(10,("echo_handler[%d]: forward to main\n",
2958 smbd_echo_activate_writer(state
);
2961 req
= smbd_echo_read_send(state
, state
->ev
, state
->sconn
);
2963 DEBUG(1, ("smbd_echo_read_send failed\n"));
2966 tevent_req_set_callback(req
, smbd_echo_got_packet
, state
);
2971 * Handle SMBecho requests in a forked child process
2973 bool fork_echo_handler(struct smbd_server_connection
*sconn
)
2975 int listener_pipe
[2];
2979 res
= pipe(listener_pipe
);
2981 DEBUG(1, ("pipe() failed: %s\n", strerror(errno
)));
2984 sconn
->smb1
.echo_handler
.socket_lock_fd
= create_unlink_tmp(lp_lockdir());
2985 if (sconn
->smb1
.echo_handler
.socket_lock_fd
== -1) {
2986 DEBUG(1, ("Could not create lock fd: %s\n", strerror(errno
)));
2994 close(listener_pipe
[0]);
2995 set_blocking(listener_pipe
[1], false);
2997 status
= reinit_after_fork(sconn
->msg_ctx
,
3000 if (!NT_STATUS_IS_OK(status
)) {
3001 DEBUG(1, ("reinit_after_fork failed: %s\n",
3002 nt_errstr(status
)));
3005 smbd_echo_loop(sconn
, listener_pipe
[1]);
3008 close(listener_pipe
[1]);
3009 listener_pipe
[1] = -1;
3010 sconn
->smb1
.echo_handler
.trusted_fd
= listener_pipe
[0];
3012 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)getpid(), child
));
3015 * Without smb signing this is the same as the normal smbd
3016 * listener. This needs to change once signing comes in.
3018 sconn
->smb1
.echo_handler
.trusted_fde
= tevent_add_fd(sconn
->ev_ctx
,
3020 sconn
->smb1
.echo_handler
.trusted_fd
,
3022 smbd_server_echo_handler
,
3024 if (sconn
->smb1
.echo_handler
.trusted_fde
== NULL
) {
3025 DEBUG(1, ("event_add_fd failed\n"));
3032 if (listener_pipe
[0] != -1) {
3033 close(listener_pipe
[0]);
3035 if (listener_pipe
[1] != -1) {
3036 close(listener_pipe
[1]);
3038 sconn
->smb1
.echo_handler
.trusted_fd
= -1;
3039 if (sconn
->smb1
.echo_handler
.socket_lock_fd
!= -1) {
3040 close(sconn
->smb1
.echo_handler
.socket_lock_fd
);
3042 sconn
->smb1
.echo_handler
.trusted_fd
= -1;
3043 sconn
->smb1
.echo_handler
.socket_lock_fd
= -1;
3049 static NTSTATUS
smbd_register_ips(struct smbd_server_connection
*sconn
,
3050 struct sockaddr_storage
*srv
,
3051 struct sockaddr_storage
*clnt
)
3053 struct ctdbd_connection
*cconn
;
3054 char tmp_addr
[INET6_ADDRSTRLEN
];
3057 cconn
= messaging_ctdbd_connection();
3058 if (cconn
== NULL
) {
3059 return NT_STATUS_NO_MEMORY
;
3062 if (client_socket_addr(sconn
->sock
, tmp_addr
, sizeof(tmp_addr
)) == NULL
) {
3063 return NT_STATUS_NO_MEMORY
;
3065 addr
= talloc_strdup(cconn
, tmp_addr
);
3067 return NT_STATUS_NO_MEMORY
;
3069 return ctdbd_register_ips(cconn
, srv
, clnt
, release_ip
, addr
);
3074 static bool uid_in_use(const struct user_struct
*user
, uid_t uid
)
3077 if (user
->session_info
&&
3078 (user
->session_info
->unix_token
->uid
== uid
)) {
3086 static bool gid_in_use(const struct user_struct
*user
, gid_t gid
)
3089 if (user
->session_info
!= NULL
) {
3091 struct security_unix_token
*utok
;
3093 utok
= user
->session_info
->unix_token
;
3094 if (utok
->gid
== gid
) {
3097 for(i
=0; i
<utok
->ngroups
; i
++) {
3098 if (utok
->groups
[i
] == gid
) {
3108 static bool sid_in_use(const struct user_struct
*user
,
3109 const struct dom_sid
*psid
)
3112 struct security_token
*tok
;
3114 if (user
->session_info
== NULL
) {
3117 tok
= user
->session_info
->security_token
;
3120 * Not sure session_info->security_token can
3121 * ever be NULL. This check might be not
3126 if (security_token_has_sid(tok
, psid
)) {
3134 static bool id_in_use(const struct user_struct
*user
,
3135 const struct id_cache_ref
*id
)
3139 return uid_in_use(user
, id
->id
.uid
);
3141 return gid_in_use(user
, id
->id
.gid
);
3143 return sid_in_use(user
, &id
->id
.sid
);
3150 static void smbd_id_cache_kill(struct messaging_context
*msg_ctx
,
3153 struct server_id server_id
,
3156 const char *msg
= (data
&& data
->data
)
3157 ? (const char *)data
->data
: "<NULL>";
3158 struct id_cache_ref id
;
3159 struct smbd_server_connection
*sconn
=
3160 talloc_get_type_abort(private_data
,
3161 struct smbd_server_connection
);
3163 if (!id_cache_ref_parse(msg
, &id
)) {
3164 DEBUG(0, ("Invalid ?ID: %s\n", msg
));
3168 if (id_in_use(sconn
->users
, &id
)) {
3169 exit_server_cleanly(msg
);
3171 id_cache_delete_from_cache(&id
);
3174 NTSTATUS
smbXsrv_connection_init_tables(struct smbXsrv_connection
*conn
,
3175 enum protocol_types protocol
)
3179 set_Protocol(protocol
);
3180 conn
->protocol
= protocol
;
3182 if (protocol
>= PROTOCOL_SMB2_02
) {
3183 status
= smb2srv_session_table_init(conn
);
3184 if (!NT_STATUS_IS_OK(status
)) {
3188 status
= smb1srv_session_table_init(conn
);
3189 if (!NT_STATUS_IS_OK(status
)) {
3193 status
= smb1srv_tcon_table_init(conn
);
3194 if (!NT_STATUS_IS_OK(status
)) {
3199 return NT_STATUS_OK
;
3202 static void smbd_tevent_trace_callback(enum tevent_trace_point point
,
3205 struct smbXsrv_connection
*conn
=
3206 talloc_get_type_abort(private_data
,
3207 struct smbXsrv_connection
);
3210 case TEVENT_TRACE_BEFORE_WAIT
:
3212 * This just removes compiler warning
3213 * without profile support
3215 conn
->smbd_idle_profstamp
= 0;
3216 START_PROFILE_STAMP(smbd_idle
, conn
->smbd_idle_profstamp
);
3218 case TEVENT_TRACE_AFTER_WAIT
:
3219 END_PROFILE_STAMP(smbd_idle
, conn
->smbd_idle_profstamp
);
3224 /****************************************************************************
3225 Process commands from the client
3226 ****************************************************************************/
3228 void smbd_process(struct tevent_context
*ev_ctx
,
3229 struct messaging_context
*msg_ctx
,
3233 TALLOC_CTX
*frame
= talloc_stackframe();
3234 struct smbXsrv_connection
*conn
;
3235 struct smbd_server_connection
*sconn
;
3236 struct sockaddr_storage ss
;
3237 struct sockaddr
*sa
= NULL
;
3238 socklen_t sa_socklen
;
3239 struct tsocket_address
*local_address
= NULL
;
3240 struct tsocket_address
*remote_address
= NULL
;
3241 const char *locaddr
= NULL
;
3242 const char *remaddr
= NULL
;
3246 conn
= talloc_zero(ev_ctx
, struct smbXsrv_connection
);
3248 DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
3249 exit_server_cleanly("talloc_zero(struct smbXsrv_connection).\n");
3252 conn
->ev_ctx
= ev_ctx
;
3253 conn
->msg_ctx
= msg_ctx
;
3255 sconn
= talloc_zero(conn
, struct smbd_server_connection
);
3257 exit_server("failed to create smbd_server_connection");
3260 conn
->sconn
= sconn
;
3264 * TODO: remove this...:-)
3266 global_smbXsrv_connection
= conn
;
3268 sconn
->ev_ctx
= ev_ctx
;
3269 sconn
->msg_ctx
= msg_ctx
;
3270 sconn
->sock
= sock_fd
;
3271 sconn
->smb1
.echo_handler
.trusted_fd
= -1;
3272 sconn
->smb1
.echo_handler
.socket_lock_fd
= -1;
3275 smbd_setup_sig_term_handler(sconn
);
3276 smbd_setup_sig_hup_handler(sconn
);
3278 if (!serverid_register(messaging_server_id(msg_ctx
),
3279 FLAG_MSG_GENERAL
|FLAG_MSG_SMBD
3281 |FLAG_MSG_PRINT_GENERAL
)) {
3282 exit_server_cleanly("Could not register myself in "
3287 if (lp_srv_maxprotocol() >= PROTOCOL_SMB2_02
) {
3289 * We're not making the decision here,
3290 * we're just allowing the client
3291 * to decide between SMB1 and SMB2
3292 * with the first negprot
3295 sconn
->using_smb2
= true;
3298 /* Ensure child is set to blocking mode */
3299 set_blocking(sconn
->sock
,True
);
3301 set_socket_options(sconn
->sock
, "SO_KEEPALIVE");
3302 set_socket_options(sconn
->sock
, lp_socket_options());
3304 sa
= (struct sockaddr
*)(void *)&ss
;
3305 sa_socklen
= sizeof(ss
);
3306 ret
= getpeername(sconn
->sock
, sa
, &sa_socklen
);
3308 int level
= (errno
== ENOTCONN
)?2:0;
3309 DEBUG(level
,("getpeername() failed - %s\n", strerror(errno
)));
3310 exit_server_cleanly("getpeername() failed.\n");
3312 ret
= tsocket_address_bsd_from_sockaddr(sconn
,
3316 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3317 __location__
, strerror(errno
)));
3318 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3321 sa
= (struct sockaddr
*)(void *)&ss
;
3322 sa_socklen
= sizeof(ss
);
3323 ret
= getsockname(sconn
->sock
, sa
, &sa_socklen
);
3325 int level
= (errno
== ENOTCONN
)?2:0;
3326 DEBUG(level
,("getsockname() failed - %s\n", strerror(errno
)));
3327 exit_server_cleanly("getsockname() failed.\n");
3329 ret
= tsocket_address_bsd_from_sockaddr(sconn
,
3333 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3334 __location__
, strerror(errno
)));
3335 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3338 sconn
->local_address
= local_address
;
3339 sconn
->remote_address
= remote_address
;
3341 if (tsocket_address_is_inet(local_address
, "ip")) {
3342 locaddr
= tsocket_address_inet_addr_string(
3343 sconn
->local_address
,
3345 if (locaddr
== NULL
) {
3346 DEBUG(0,("%s: tsocket_address_inet_addr_string local failed - %s\n",
3347 __location__
, strerror(errno
)));
3348 exit_server_cleanly("tsocket_address_inet_addr_string local failed.\n");
3351 locaddr
= "0.0.0.0";
3354 if (tsocket_address_is_inet(remote_address
, "ip")) {
3355 remaddr
= tsocket_address_inet_addr_string(
3356 sconn
->remote_address
,
3358 if (remaddr
== NULL
) {
3359 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3360 __location__
, strerror(errno
)));
3361 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3364 remaddr
= "0.0.0.0";
3367 /* this is needed so that we get decent entries
3368 in smbstatus for port 445 connects */
3369 set_remote_machine_name(remaddr
, false);
3370 reload_services(sconn
, conn_snum_used
, true);
3373 * Before the first packet, check the global hosts allow/ hosts deny
3374 * parameters before doing any parsing of packets passed to us by the
3375 * client. This prevents attacks on our parsing code from hosts not in
3376 * the hosts allow list.
3379 ret
= get_remote_hostname(remote_address
,
3383 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3384 __location__
, strerror(errno
)));
3385 exit_server_cleanly("get_remote_hostname failed.\n");
3387 if (strequal(rhost
, "UNKNOWN")) {
3388 rhost
= talloc_strdup(talloc_tos(), remaddr
);
3390 sconn
->remote_hostname
= talloc_move(sconn
, &rhost
);
3392 sub_set_socket_ids(remaddr
,
3393 sconn
->remote_hostname
,
3396 if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
3397 sconn
->remote_hostname
,
3400 * send a negative session response "not listening on calling
3403 unsigned char buf
[5] = {0x83, 0, 0, 1, 0x81};
3404 DEBUG( 1, ("Connection denied from %s to %s\n",
3405 tsocket_address_string(remote_address
, talloc_tos()),
3406 tsocket_address_string(local_address
, talloc_tos())));
3407 (void)srv_send_smb(sconn
,(char *)buf
, false,
3409 exit_server_cleanly("connection denied");
3412 DEBUG(10, ("Connection allowed from %s to %s\n",
3413 tsocket_address_string(remote_address
, talloc_tos()),
3414 tsocket_address_string(local_address
, talloc_tos())));
3416 if (lp_preload_modules()) {
3417 smb_load_modules(lp_preload_modules());
3420 smb_perfcount_init();
3422 if (!init_account_policy()) {
3423 exit_server("Could not open account policy tdb.\n");
3426 if (*lp_rootdir()) {
3427 if (chroot(lp_rootdir()) != 0) {
3428 DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
3429 exit_server("Failed to chroot()");
3431 if (chdir("/") == -1) {
3432 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
3433 exit_server("Failed to chroot()");
3435 DEBUG(0,("Changed root to %s\n", lp_rootdir()));
3438 if (!srv_init_signing(sconn
)) {
3439 exit_server("Failed to init smb_signing");
3442 if (!file_init(sconn
)) {
3443 exit_server("file_init() failed");
3447 if (!init_oplocks(sconn
))
3448 exit_server("Failed to init oplocks");
3450 /* register our message handlers */
3451 messaging_register(sconn
->msg_ctx
, sconn
,
3452 MSG_SMB_FORCE_TDIS
, msg_force_tdis
);
3453 messaging_register(sconn
->msg_ctx
, sconn
,
3454 MSG_SMB_CLOSE_FILE
, msg_close_file
);
3455 messaging_register(sconn
->msg_ctx
, sconn
,
3456 MSG_SMB_FILE_RENAME
, msg_file_was_renamed
);
3458 id_cache_register_msgs(sconn
->msg_ctx
);
3459 messaging_deregister(sconn
->msg_ctx
, ID_CACHE_KILL
, NULL
);
3460 messaging_register(sconn
->msg_ctx
, sconn
,
3461 ID_CACHE_KILL
, smbd_id_cache_kill
);
3463 messaging_deregister(sconn
->msg_ctx
,
3464 MSG_SMB_CONF_UPDATED
, sconn
->ev_ctx
);
3465 messaging_register(sconn
->msg_ctx
, sconn
,
3466 MSG_SMB_CONF_UPDATED
, smbd_conf_updated
);
3469 * Use the default MSG_DEBUG handler to avoid rebroadcasting
3470 * MSGs to all child processes
3472 messaging_deregister(sconn
->msg_ctx
,
3474 messaging_register(sconn
->msg_ctx
, NULL
,
3475 MSG_DEBUG
, debug_message
);
3477 if ((lp_keepalive() != 0)
3478 && !(event_add_idle(ev_ctx
, NULL
,
3479 timeval_set(lp_keepalive(), 0),
3480 "keepalive", keepalive_fn
,
3482 DEBUG(0, ("Could not add keepalive event\n"));
3486 if (!(event_add_idle(ev_ctx
, NULL
,
3487 timeval_set(IDLE_CLOSED_TIMEOUT
, 0),
3488 "deadtime", deadtime_fn
, sconn
))) {
3489 DEBUG(0, ("Could not add deadtime event\n"));
3493 if (!(event_add_idle(ev_ctx
, NULL
,
3494 timeval_set(SMBD_HOUSEKEEPING_INTERVAL
, 0),
3495 "housekeeping", housekeeping_fn
, sconn
))) {
3496 DEBUG(0, ("Could not add housekeeping event\n"));
3500 #ifdef CLUSTER_SUPPORT
3502 if (lp_clustering()) {
3504 * We need to tell ctdb about our client's TCP
3505 * connection, so that for failover ctdbd can send
3506 * tickle acks, triggering a reconnection by the
3510 struct sockaddr_storage srv
, clnt
;
3512 if (client_get_tcp_info(sconn
->sock
, &srv
, &clnt
) == 0) {
3514 status
= smbd_register_ips(sconn
, &srv
, &clnt
);
3515 if (!NT_STATUS_IS_OK(status
)) {
3516 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3517 nt_errstr(status
)));
3521 DEBUG(0,("Unable to get tcp info for "
3522 "CTDB_CONTROL_TCP_CLIENT: %s\n",
3529 sconn
->nbt
.got_session
= false;
3531 sconn
->smb1
.negprot
.max_recv
= MIN(lp_max_xmit(),BUFFER_SIZE
);
3533 sconn
->smb1
.sessions
.done_sesssetup
= false;
3534 sconn
->smb1
.sessions
.max_send
= BUFFER_SIZE
;
3535 sconn
->smb1
.sessions
.last_session_tag
= UID_FIELD_INVALID
;
3537 if (!init_dptrs(sconn
)) {
3538 exit_server("init_dptrs() failed");
3541 sconn
->smb1
.fde
= event_add_fd(ev_ctx
,
3545 smbd_server_connection_handler
,
3547 if (!sconn
->smb1
.fde
) {
3548 exit_server("failed to create smbd_server_connection fde");
3551 sconn
->conn
->local_address
= sconn
->local_address
;
3552 sconn
->conn
->remote_address
= sconn
->remote_address
;
3553 sconn
->conn
->remote_hostname
= sconn
->remote_hostname
;
3554 sconn
->conn
->protocol
= PROTOCOL_NONE
;
3558 tevent_set_trace_callback(ev_ctx
, smbd_tevent_trace_callback
, conn
);
3561 frame
= talloc_stackframe_pool(8192);
3564 if (tevent_loop_once(ev_ctx
) == -1) {
3565 if (errno
!= EINTR
) {
3566 DEBUG(3, ("tevent_loop_once failed: %s,"
3567 " exiting\n", strerror(errno
) ));
3575 exit_server_cleanly(NULL
);
3578 bool req_is_in_chain(struct smb_request
*req
)
3580 if (req
->vwv
!= (const uint16_t *)(req
->inbuf
+smb_vwv
)) {
3582 * We're right now handling a subsequent request, so we must
3588 if (!is_andx_req(req
->cmd
)) {
3594 * Okay, an illegal request, but definitely not chained :-)
3599 return (CVAL(req
->vwv
+0, 0) != 0xFF);