2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/globals.h"
23 #include "../librpc/gen_ndr/srv_dfs.h"
24 #include "../librpc/gen_ndr/srv_dssetup.h"
25 #include "../librpc/gen_ndr/srv_echo.h"
26 #include "../librpc/gen_ndr/srv_eventlog.h"
27 #include "../librpc/gen_ndr/srv_initshutdown.h"
28 #include "../librpc/gen_ndr/srv_lsa.h"
29 #include "../librpc/gen_ndr/srv_netlogon.h"
30 #include "../librpc/gen_ndr/srv_ntsvcs.h"
31 #include "../librpc/gen_ndr/srv_samr.h"
32 #include "../librpc/gen_ndr/srv_spoolss.h"
33 #include "../librpc/gen_ndr/srv_srvsvc.h"
34 #include "../librpc/gen_ndr/srv_svcctl.h"
35 #include "../librpc/gen_ndr/srv_winreg.h"
36 #include "../librpc/gen_ndr/srv_wkssvc.h"
38 extern bool global_machine_password_needs_changing;
40 static void construct_reply_common(struct smb_request *req, const char *inbuf,
43 /* Accessor function for smb_read_error for smbd functions. */
45 /****************************************************************************
47 ****************************************************************************/
49 bool srv_send_smb(int fd, char *buffer,
50 bool do_signing, uint32_t seqnum,
52 struct smb_perfcount_data *pcd)
57 char *buf_out = buffer;
60 /* Sign the outgoing packet if required. */
61 srv_calculate_sign_mac(smbd_server_conn, buf_out, seqnum);
65 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
66 if (!NT_STATUS_IS_OK(status)) {
67 DEBUG(0, ("send_smb: SMB encryption failed "
68 "on outgoing packet! Error %s\n",
74 len = smb_len(buf_out) + 4;
76 ret = write_data(fd,buf_out+nwritten,len - nwritten);
78 DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
79 (int)len,(int)ret, strerror(errno) ));
80 srv_free_enc_buffer(buf_out);
84 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
85 srv_free_enc_buffer(buf_out);
87 SMB_PERFCOUNT_END(pcd);
91 /*******************************************************************
92 Setup the word count and byte count for a smb message.
93 ********************************************************************/
95 int srv_set_message(char *buf,
100 if (zero && (num_words || num_bytes)) {
101 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
103 SCVAL(buf,smb_wct,num_words);
104 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
105 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
106 return (smb_size + num_words*2 + num_bytes);
109 static bool valid_smb_header(const uint8_t *inbuf)
111 if (is_encrypted_packet(inbuf)) {
115 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
116 * but it just looks weird to call strncmp for this one.
118 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
121 /* Socket functions for smbd packet processing. */
123 static bool valid_packet_size(size_t len)
126 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
127 * of header. Don't print the error if this fits.... JRA.
130 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
131 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
132 (unsigned long)len));
138 static NTSTATUS read_packet_remainder(int fd, char *buffer,
139 unsigned int timeout, ssize_t len)
145 return read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
148 /****************************************************************************
149 Attempt a zerocopy writeX read. We know here that len > smb_size-4
150 ****************************************************************************/
153 * Unfortunately, earlier versions of smbclient/libsmbclient
154 * don't send this "standard" writeX header. I've fixed this
155 * for 3.2 but we'll use the old method with earlier versions.
156 * Windows and CIFSFS at least use this standard size. Not
160 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
161 (2*14) + /* word count (including bcc) */ \
164 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
165 const char lenbuf[4],
166 int fd, char **buffer,
167 unsigned int timeout,
171 /* Size of a WRITEX call (+4 byte len). */
172 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
173 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
177 memcpy(writeX_header, lenbuf, 4);
179 status = read_fd_with_timeout(
180 fd, writeX_header + 4,
181 STANDARD_WRITE_AND_X_HEADER_SIZE,
182 STANDARD_WRITE_AND_X_HEADER_SIZE,
185 if (!NT_STATUS_IS_OK(status)) {
190 * Ok - now try and see if this is a possible
194 if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
196 * If the data offset is beyond what
197 * we've read, drain the extra bytes.
199 uint16_t doff = SVAL(writeX_header,smb_vwv11);
202 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
203 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
204 if (drain_socket(smbd_server_fd(), drain) != drain) {
205 smb_panic("receive_smb_raw_talloc_partial_read:"
206 " failed to drain pending bytes");
209 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
212 /* Spoof down the length and null out the bcc. */
213 set_message_bcc(writeX_header, 0);
214 newlen = smb_len(writeX_header);
216 /* Copy the header we've written. */
218 *buffer = (char *)TALLOC_MEMDUP(mem_ctx,
220 sizeof(writeX_header));
222 if (*buffer == NULL) {
223 DEBUG(0, ("Could not allocate inbuf of length %d\n",
224 (int)sizeof(writeX_header)));
225 return NT_STATUS_NO_MEMORY;
228 /* Work out the remaining bytes. */
229 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
230 *len_ret = newlen + 4;
234 if (!valid_packet_size(len)) {
235 return NT_STATUS_INVALID_PARAMETER;
239 * Not a valid writeX call. Just do the standard
243 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
245 if (*buffer == NULL) {
246 DEBUG(0, ("Could not allocate inbuf of length %d\n",
248 return NT_STATUS_NO_MEMORY;
251 /* Copy in what we already read. */
254 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
255 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
258 status = read_packet_remainder(
259 fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
262 if (!NT_STATUS_IS_OK(status)) {
263 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
273 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
274 char **buffer, unsigned int timeout,
275 size_t *p_unread, size_t *plen)
279 int min_recv_size = lp_min_receive_file_size();
284 status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
285 if (!NT_STATUS_IS_OK(status)) {
286 DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
290 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
291 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
292 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
293 !srv_is_signing_active(smbd_server_conn)) {
295 return receive_smb_raw_talloc_partial_read(
296 mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
299 if (!valid_packet_size(len)) {
300 return NT_STATUS_INVALID_PARAMETER;
304 * The +4 here can't wrap, we've checked the length above already.
307 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
309 if (*buffer == NULL) {
310 DEBUG(0, ("Could not allocate inbuf of length %d\n",
312 return NT_STATUS_NO_MEMORY;
315 memcpy(*buffer, lenbuf, sizeof(lenbuf));
317 status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
318 if (!NT_STATUS_IS_OK(status)) {
326 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd,
327 char **buffer, unsigned int timeout,
328 size_t *p_unread, bool *p_encrypted,
335 *p_encrypted = false;
337 status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
339 if (!NT_STATUS_IS_OK(status)) {
343 if (is_encrypted_packet((uint8_t *)*buffer)) {
344 status = srv_decrypt_buffer(*buffer);
345 if (!NT_STATUS_IS_OK(status)) {
346 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
347 "incoming packet! Error %s\n",
348 nt_errstr(status) ));
354 /* Check the incoming SMB signature. */
355 if (!srv_check_sign_mac(smbd_server_conn, *buffer, seqnum)) {
356 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
357 "incoming packet!\n"));
358 return NT_STATUS_INVALID_NETWORK_RESPONSE;
366 * Initialize a struct smb_request from an inbuf
369 static void init_smb_request(struct smb_request *req, const uint8 *inbuf,
370 size_t unread_bytes, bool encrypted,
373 struct smbd_server_connection *sconn = smbd_server_conn;
374 size_t req_size = smb_len(inbuf) + 4;
375 /* Ensure we have at least smb_size bytes. */
376 if (req_size < smb_size) {
377 DEBUG(0,("init_smb_request: invalid request size %u\n",
378 (unsigned int)req_size ));
379 exit_server_cleanly("Invalid SMB request");
381 req->cmd = CVAL(inbuf, smb_com);
382 req->flags2 = SVAL(inbuf, smb_flg2);
383 req->smbpid = SVAL(inbuf, smb_pid);
384 req->mid = SVAL(inbuf, smb_mid);
385 req->seqnum = seqnum;
386 req->vuid = SVAL(inbuf, smb_uid);
387 req->tid = SVAL(inbuf, smb_tid);
388 req->wct = CVAL(inbuf, smb_wct);
389 req->vwv = (uint16_t *)(inbuf+smb_vwv);
390 req->buflen = smb_buflen(inbuf);
391 req->buf = (const uint8_t *)smb_buf(inbuf);
392 req->unread_bytes = unread_bytes;
393 req->encrypted = encrypted;
394 req->conn = conn_find(sconn,req->tid);
395 req->chain_fsp = NULL;
396 req->chain_outbuf = NULL;
398 smb_init_perfcount_data(&req->pcd);
400 /* Ensure we have at least wct words and 2 bytes of bcc. */
401 if (smb_size + req->wct*2 > req_size) {
402 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
403 (unsigned int)req->wct,
404 (unsigned int)req_size));
405 exit_server_cleanly("Invalid SMB request");
407 /* Ensure bcc is correct. */
408 if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) {
409 DEBUG(0,("init_smb_request: invalid bcc number %u "
410 "(wct = %u, size %u)\n",
411 (unsigned int)req->buflen,
412 (unsigned int)req->wct,
413 (unsigned int)req_size));
414 exit_server_cleanly("Invalid SMB request");
420 static void process_smb(struct smbd_server_connection *conn,
421 uint8_t *inbuf, size_t nread, size_t unread_bytes,
422 uint32_t seqnum, bool encrypted,
423 struct smb_perfcount_data *deferred_pcd);
425 static void smbd_deferred_open_timer(struct event_context *ev,
426 struct timed_event *te,
427 struct timeval _tval,
430 struct pending_message_list *msg = talloc_get_type(private_data,
431 struct pending_message_list);
432 TALLOC_CTX *mem_ctx = talloc_tos();
433 uint16_t mid = SVAL(msg->buf.data,smb_mid);
436 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
439 exit_server("smbd_deferred_open_timer: talloc failed\n");
443 /* We leave this message on the queue so the open code can
444 know this is a retry. */
445 DEBUG(5,("smbd_deferred_open_timer: trigger mid %u.\n",
446 (unsigned int)mid ));
448 /* Mark the message as processed so this is not
449 * re-processed in error. */
450 msg->processed = true;
452 process_smb(smbd_server_conn, inbuf,
454 msg->seqnum, msg->encrypted, &msg->pcd);
456 /* If it's still there and was processed, remove it. */
457 msg = get_open_deferred_message(mid);
458 if (msg && msg->processed) {
459 remove_deferred_open_smb_message(mid);
463 /****************************************************************************
464 Function to push a message onto the tail of a linked list of smb messages ready
466 ****************************************************************************/
468 static bool push_queued_message(struct smb_request *req,
469 struct timeval request_time,
470 struct timeval end_time,
471 char *private_data, size_t private_len)
473 int msg_len = smb_len(req->inbuf) + 4;
474 struct pending_message_list *msg;
476 msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
479 DEBUG(0,("push_message: malloc fail (1)\n"));
483 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
484 if(msg->buf.data == NULL) {
485 DEBUG(0,("push_message: malloc fail (2)\n"));
490 msg->request_time = request_time;
491 msg->seqnum = req->seqnum;
492 msg->encrypted = req->encrypted;
493 msg->processed = false;
494 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
497 msg->private_data = data_blob_talloc(msg, private_data,
499 if (msg->private_data.data == NULL) {
500 DEBUG(0,("push_message: malloc fail (3)\n"));
506 msg->te = event_add_timed(smbd_event_context(),
509 smbd_deferred_open_timer,
512 DEBUG(0,("push_message: event_add_timed failed\n"));
517 DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
519 DEBUG(10,("push_message: pushed message length %u on "
520 "deferred_open_queue\n", (unsigned int)msg_len));
525 /****************************************************************************
526 Function to delete a sharing violation open message by mid.
527 ****************************************************************************/
529 void remove_deferred_open_smb_message(uint16 mid)
531 struct pending_message_list *pml;
533 for (pml = deferred_open_queue; pml; pml = pml->next) {
534 if (mid == SVAL(pml->buf.data,smb_mid)) {
535 DEBUG(10,("remove_deferred_open_smb_message: "
536 "deleting mid %u len %u\n",
538 (unsigned int)pml->buf.length ));
539 DLIST_REMOVE(deferred_open_queue, pml);
546 /****************************************************************************
547 Move a sharing violation open retry message to the front of the list and
548 schedule it for immediate processing.
549 ****************************************************************************/
551 void schedule_deferred_open_smb_message(uint16 mid)
553 struct pending_message_list *pml;
556 for (pml = deferred_open_queue; pml; pml = pml->next) {
557 uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
559 DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
560 (unsigned int)msg_mid ));
562 if (mid == msg_mid) {
563 struct timed_event *te;
565 if (pml->processed) {
566 /* A processed message should not be
568 DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
569 "message mid %u was already processed\n",
574 DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
577 te = event_add_timed(smbd_event_context(),
580 smbd_deferred_open_timer,
583 DEBUG(10,("schedule_deferred_open_smb_message: "
584 "event_add_timed() failed, skipping mid %u\n",
588 TALLOC_FREE(pml->te);
590 DLIST_PROMOTE(deferred_open_queue, pml);
595 DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
599 /****************************************************************************
600 Return true if this mid is on the deferred queue and was not yet processed.
601 ****************************************************************************/
603 bool open_was_deferred(uint16 mid)
605 struct pending_message_list *pml;
607 for (pml = deferred_open_queue; pml; pml = pml->next) {
608 if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
615 /****************************************************************************
616 Return the message queued by this mid.
617 ****************************************************************************/
619 struct pending_message_list *get_open_deferred_message(uint16 mid)
621 struct pending_message_list *pml;
623 for (pml = deferred_open_queue; pml; pml = pml->next) {
624 if (SVAL(pml->buf.data,smb_mid) == mid) {
631 /****************************************************************************
632 Function to push a deferred open smb message onto a linked list of local smb
633 messages ready for processing.
634 ****************************************************************************/
636 bool push_deferred_smb_message(struct smb_request *req,
637 struct timeval request_time,
638 struct timeval timeout,
639 char *private_data, size_t priv_len)
641 struct timeval end_time;
643 if (req->unread_bytes) {
644 DEBUG(0,("push_deferred_smb_message: logic error ! "
645 "unread_bytes = %u\n",
646 (unsigned int)req->unread_bytes ));
647 smb_panic("push_deferred_smb_message: "
648 "logic error unread_bytes != 0" );
651 end_time = timeval_sum(&request_time, &timeout);
653 DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
654 "timeout time [%u.%06u]\n",
655 (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
656 (unsigned int)end_time.tv_sec,
657 (unsigned int)end_time.tv_usec));
659 return push_queued_message(req, request_time, end_time,
660 private_data, priv_len);
664 struct timed_event *te;
665 struct timeval interval;
667 bool (*handler)(const struct timeval *now, void *private_data);
671 static void smbd_idle_event_handler(struct event_context *ctx,
672 struct timed_event *te,
676 struct idle_event *event =
677 talloc_get_type_abort(private_data, struct idle_event);
679 TALLOC_FREE(event->te);
681 DEBUG(10,("smbd_idle_event_handler: %s %p called\n",
682 event->name, event->te));
684 if (!event->handler(&now, event->private_data)) {
685 DEBUG(10,("smbd_idle_event_handler: %s %p stopped\n",
686 event->name, event->te));
687 /* Don't repeat, delete ourselves */
692 DEBUG(10,("smbd_idle_event_handler: %s %p rescheduled\n",
693 event->name, event->te));
695 event->te = event_add_timed(ctx, event,
696 timeval_sum(&now, &event->interval),
697 smbd_idle_event_handler, event);
699 /* We can't do much but fail here. */
700 SMB_ASSERT(event->te != NULL);
703 struct idle_event *event_add_idle(struct event_context *event_ctx,
705 struct timeval interval,
707 bool (*handler)(const struct timeval *now,
711 struct idle_event *result;
712 struct timeval now = timeval_current();
714 result = TALLOC_P(mem_ctx, struct idle_event);
715 if (result == NULL) {
716 DEBUG(0, ("talloc failed\n"));
720 result->interval = interval;
721 result->handler = handler;
722 result->private_data = private_data;
724 if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
725 DEBUG(0, ("talloc failed\n"));
730 result->te = event_add_timed(event_ctx, result,
731 timeval_sum(&now, &interval),
732 smbd_idle_event_handler, result);
733 if (result->te == NULL) {
734 DEBUG(0, ("event_add_timed failed\n"));
739 DEBUG(10,("event_add_idle: %s %p\n", result->name, result->te));
743 static void smbd_sig_term_handler(struct tevent_context *ev,
744 struct tevent_signal *se,
750 exit_server_cleanly("termination signal");
753 void smbd_setup_sig_term_handler(void)
755 struct tevent_signal *se;
757 se = tevent_add_signal(smbd_event_context(),
758 smbd_event_context(),
760 smbd_sig_term_handler,
763 exit_server("failed to setup SIGTERM handler");
767 static void smbd_sig_hup_handler(struct tevent_context *ev,
768 struct tevent_signal *se,
774 change_to_root_user();
775 DEBUG(1,("Reloading services after SIGHUP\n"));
776 reload_services(False);
779 void smbd_setup_sig_hup_handler(void)
781 struct tevent_signal *se;
783 se = tevent_add_signal(smbd_event_context(),
784 smbd_event_context(),
786 smbd_sig_hup_handler,
789 exit_server("failed to setup SIGHUP handler");
793 static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *conn)
800 to.tv_sec = SMBD_SELECT_TIMEOUT;
804 * Setup the select fd sets.
811 * Are there any timed events waiting ? If so, ensure we don't
812 * select for longer than it would take to wait for them.
819 event_add_to_select_args(smbd_event_context(), &now,
820 &r_fds, &w_fds, &to, &maxfd);
823 /* Process a signal and timed events now... */
824 if (run_events(smbd_event_context(), 0, NULL, NULL)) {
825 return NT_STATUS_RETRY;
830 START_PROFILE(smbd_idle);
832 selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
835 END_PROFILE(smbd_idle);
839 if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
840 return NT_STATUS_RETRY;
845 /* something is wrong. Maybe the socket is dead? */
846 return map_nt_error_from_unix(errno);
849 /* Did we timeout ? */
851 return NT_STATUS_RETRY;
854 /* should not be reached */
855 return NT_STATUS_INTERNAL_ERROR;
859 * Only allow 5 outstanding trans requests. We're allocating memory, so
863 NTSTATUS allow_new_trans(struct trans_state *list, int mid)
866 for (; list != NULL; list = list->next) {
868 if (list->mid == mid) {
869 return NT_STATUS_INVALID_PARAMETER;
875 return NT_STATUS_INSUFFICIENT_RESOURCES;
882 These flags determine some of the permissions required to do an operation
884 Note that I don't set NEED_WRITE on some write operations because they
885 are used by some brain-dead clients when printing, and I don't want to
886 force write permissions on print services.
888 #define AS_USER (1<<0)
889 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
890 #define TIME_INIT (1<<2)
891 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
892 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
893 #define DO_CHDIR (1<<6)
896 define a list of possible SMB messages and their corresponding
897 functions. Any message that has a NULL function is unimplemented -
898 please feel free to contribute implementations!
900 static const struct smb_message_struct {
902 void (*fn)(struct smb_request *req);
904 } smb_messages[256] = {
906 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
907 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
908 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
909 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
910 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
911 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
912 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
913 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
914 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
915 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
916 /* 0x0a */ { "SMBread",reply_read,AS_USER},
917 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
918 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
919 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
920 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
921 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
922 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
923 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
924 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
925 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
926 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
927 /* 0x15 */ { NULL, NULL, 0 },
928 /* 0x16 */ { NULL, NULL, 0 },
929 /* 0x17 */ { NULL, NULL, 0 },
930 /* 0x18 */ { NULL, NULL, 0 },
931 /* 0x19 */ { NULL, NULL, 0 },
932 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
933 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
934 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
935 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
936 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
937 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
938 /* 0x20 */ { "SMBwritec", NULL,0},
939 /* 0x21 */ { NULL, NULL, 0 },
940 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
941 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
942 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
943 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
944 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
945 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
946 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
947 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
948 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
949 /* 0x2b */ { "SMBecho",reply_echo,0},
950 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
951 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
952 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
953 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
954 /* 0x30 */ { NULL, NULL, 0 },
955 /* 0x31 */ { NULL, NULL, 0 },
956 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
957 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
958 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
959 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
960 /* 0x36 */ { NULL, NULL, 0 },
961 /* 0x37 */ { NULL, NULL, 0 },
962 /* 0x38 */ { NULL, NULL, 0 },
963 /* 0x39 */ { NULL, NULL, 0 },
964 /* 0x3a */ { NULL, NULL, 0 },
965 /* 0x3b */ { NULL, NULL, 0 },
966 /* 0x3c */ { NULL, NULL, 0 },
967 /* 0x3d */ { NULL, NULL, 0 },
968 /* 0x3e */ { NULL, NULL, 0 },
969 /* 0x3f */ { NULL, NULL, 0 },
970 /* 0x40 */ { NULL, NULL, 0 },
971 /* 0x41 */ { NULL, NULL, 0 },
972 /* 0x42 */ { NULL, NULL, 0 },
973 /* 0x43 */ { NULL, NULL, 0 },
974 /* 0x44 */ { NULL, NULL, 0 },
975 /* 0x45 */ { NULL, NULL, 0 },
976 /* 0x46 */ { NULL, NULL, 0 },
977 /* 0x47 */ { NULL, NULL, 0 },
978 /* 0x48 */ { NULL, NULL, 0 },
979 /* 0x49 */ { NULL, NULL, 0 },
980 /* 0x4a */ { NULL, NULL, 0 },
981 /* 0x4b */ { NULL, NULL, 0 },
982 /* 0x4c */ { NULL, NULL, 0 },
983 /* 0x4d */ { NULL, NULL, 0 },
984 /* 0x4e */ { NULL, NULL, 0 },
985 /* 0x4f */ { NULL, NULL, 0 },
986 /* 0x50 */ { NULL, NULL, 0 },
987 /* 0x51 */ { NULL, NULL, 0 },
988 /* 0x52 */ { NULL, NULL, 0 },
989 /* 0x53 */ { NULL, NULL, 0 },
990 /* 0x54 */ { NULL, NULL, 0 },
991 /* 0x55 */ { NULL, NULL, 0 },
992 /* 0x56 */ { NULL, NULL, 0 },
993 /* 0x57 */ { NULL, NULL, 0 },
994 /* 0x58 */ { NULL, NULL, 0 },
995 /* 0x59 */ { NULL, NULL, 0 },
996 /* 0x5a */ { NULL, NULL, 0 },
997 /* 0x5b */ { NULL, NULL, 0 },
998 /* 0x5c */ { NULL, NULL, 0 },
999 /* 0x5d */ { NULL, NULL, 0 },
1000 /* 0x5e */ { NULL, NULL, 0 },
1001 /* 0x5f */ { NULL, NULL, 0 },
1002 /* 0x60 */ { NULL, NULL, 0 },
1003 /* 0x61 */ { NULL, NULL, 0 },
1004 /* 0x62 */ { NULL, NULL, 0 },
1005 /* 0x63 */ { NULL, NULL, 0 },
1006 /* 0x64 */ { NULL, NULL, 0 },
1007 /* 0x65 */ { NULL, NULL, 0 },
1008 /* 0x66 */ { NULL, NULL, 0 },
1009 /* 0x67 */ { NULL, NULL, 0 },
1010 /* 0x68 */ { NULL, NULL, 0 },
1011 /* 0x69 */ { NULL, NULL, 0 },
1012 /* 0x6a */ { NULL, NULL, 0 },
1013 /* 0x6b */ { NULL, NULL, 0 },
1014 /* 0x6c */ { NULL, NULL, 0 },
1015 /* 0x6d */ { NULL, NULL, 0 },
1016 /* 0x6e */ { NULL, NULL, 0 },
1017 /* 0x6f */ { NULL, NULL, 0 },
1018 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1019 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1020 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1021 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1022 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1023 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1024 /* 0x76 */ { NULL, NULL, 0 },
1025 /* 0x77 */ { NULL, NULL, 0 },
1026 /* 0x78 */ { NULL, NULL, 0 },
1027 /* 0x79 */ { NULL, NULL, 0 },
1028 /* 0x7a */ { NULL, NULL, 0 },
1029 /* 0x7b */ { NULL, NULL, 0 },
1030 /* 0x7c */ { NULL, NULL, 0 },
1031 /* 0x7d */ { NULL, NULL, 0 },
1032 /* 0x7e */ { NULL, NULL, 0 },
1033 /* 0x7f */ { NULL, NULL, 0 },
1034 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1035 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1036 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1037 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1038 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1039 /* 0x85 */ { NULL, NULL, 0 },
1040 /* 0x86 */ { NULL, NULL, 0 },
1041 /* 0x87 */ { NULL, NULL, 0 },
1042 /* 0x88 */ { NULL, NULL, 0 },
1043 /* 0x89 */ { NULL, NULL, 0 },
1044 /* 0x8a */ { NULL, NULL, 0 },
1045 /* 0x8b */ { NULL, NULL, 0 },
1046 /* 0x8c */ { NULL, NULL, 0 },
1047 /* 0x8d */ { NULL, NULL, 0 },
1048 /* 0x8e */ { NULL, NULL, 0 },
1049 /* 0x8f */ { NULL, NULL, 0 },
1050 /* 0x90 */ { NULL, NULL, 0 },
1051 /* 0x91 */ { NULL, NULL, 0 },
1052 /* 0x92 */ { NULL, NULL, 0 },
1053 /* 0x93 */ { NULL, NULL, 0 },
1054 /* 0x94 */ { NULL, NULL, 0 },
1055 /* 0x95 */ { NULL, NULL, 0 },
1056 /* 0x96 */ { NULL, NULL, 0 },
1057 /* 0x97 */ { NULL, NULL, 0 },
1058 /* 0x98 */ { NULL, NULL, 0 },
1059 /* 0x99 */ { NULL, NULL, 0 },
1060 /* 0x9a */ { NULL, NULL, 0 },
1061 /* 0x9b */ { NULL, NULL, 0 },
1062 /* 0x9c */ { NULL, NULL, 0 },
1063 /* 0x9d */ { NULL, NULL, 0 },
1064 /* 0x9e */ { NULL, NULL, 0 },
1065 /* 0x9f */ { NULL, NULL, 0 },
1066 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1067 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1068 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1069 /* 0xa3 */ { NULL, NULL, 0 },
1070 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1071 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1072 /* 0xa6 */ { NULL, NULL, 0 },
1073 /* 0xa7 */ { NULL, NULL, 0 },
1074 /* 0xa8 */ { NULL, NULL, 0 },
1075 /* 0xa9 */ { NULL, NULL, 0 },
1076 /* 0xaa */ { NULL, NULL, 0 },
1077 /* 0xab */ { NULL, NULL, 0 },
1078 /* 0xac */ { NULL, NULL, 0 },
1079 /* 0xad */ { NULL, NULL, 0 },
1080 /* 0xae */ { NULL, NULL, 0 },
1081 /* 0xaf */ { NULL, NULL, 0 },
1082 /* 0xb0 */ { NULL, NULL, 0 },
1083 /* 0xb1 */ { NULL, NULL, 0 },
1084 /* 0xb2 */ { NULL, NULL, 0 },
1085 /* 0xb3 */ { NULL, NULL, 0 },
1086 /* 0xb4 */ { NULL, NULL, 0 },
1087 /* 0xb5 */ { NULL, NULL, 0 },
1088 /* 0xb6 */ { NULL, NULL, 0 },
1089 /* 0xb7 */ { NULL, NULL, 0 },
1090 /* 0xb8 */ { NULL, NULL, 0 },
1091 /* 0xb9 */ { NULL, NULL, 0 },
1092 /* 0xba */ { NULL, NULL, 0 },
1093 /* 0xbb */ { NULL, NULL, 0 },
1094 /* 0xbc */ { NULL, NULL, 0 },
1095 /* 0xbd */ { NULL, NULL, 0 },
1096 /* 0xbe */ { NULL, NULL, 0 },
1097 /* 0xbf */ { NULL, NULL, 0 },
1098 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1099 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1100 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1101 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1102 /* 0xc4 */ { NULL, NULL, 0 },
1103 /* 0xc5 */ { NULL, NULL, 0 },
1104 /* 0xc6 */ { NULL, NULL, 0 },
1105 /* 0xc7 */ { NULL, NULL, 0 },
1106 /* 0xc8 */ { NULL, NULL, 0 },
1107 /* 0xc9 */ { NULL, NULL, 0 },
1108 /* 0xca */ { NULL, NULL, 0 },
1109 /* 0xcb */ { NULL, NULL, 0 },
1110 /* 0xcc */ { NULL, NULL, 0 },
1111 /* 0xcd */ { NULL, NULL, 0 },
1112 /* 0xce */ { NULL, NULL, 0 },
1113 /* 0xcf */ { NULL, NULL, 0 },
1114 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1115 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1116 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1117 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1118 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1119 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1120 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1121 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1122 /* 0xd8 */ { NULL, NULL, 0 },
1123 /* 0xd9 */ { NULL, NULL, 0 },
1124 /* 0xda */ { NULL, NULL, 0 },
1125 /* 0xdb */ { NULL, NULL, 0 },
1126 /* 0xdc */ { NULL, NULL, 0 },
1127 /* 0xdd */ { NULL, NULL, 0 },
1128 /* 0xde */ { NULL, NULL, 0 },
1129 /* 0xdf */ { NULL, NULL, 0 },
1130 /* 0xe0 */ { NULL, NULL, 0 },
1131 /* 0xe1 */ { NULL, NULL, 0 },
1132 /* 0xe2 */ { NULL, NULL, 0 },
1133 /* 0xe3 */ { NULL, NULL, 0 },
1134 /* 0xe4 */ { NULL, NULL, 0 },
1135 /* 0xe5 */ { NULL, NULL, 0 },
1136 /* 0xe6 */ { NULL, NULL, 0 },
1137 /* 0xe7 */ { NULL, NULL, 0 },
1138 /* 0xe8 */ { NULL, NULL, 0 },
1139 /* 0xe9 */ { NULL, NULL, 0 },
1140 /* 0xea */ { NULL, NULL, 0 },
1141 /* 0xeb */ { NULL, NULL, 0 },
1142 /* 0xec */ { NULL, NULL, 0 },
1143 /* 0xed */ { NULL, NULL, 0 },
1144 /* 0xee */ { NULL, NULL, 0 },
1145 /* 0xef */ { NULL, NULL, 0 },
1146 /* 0xf0 */ { NULL, NULL, 0 },
1147 /* 0xf1 */ { NULL, NULL, 0 },
1148 /* 0xf2 */ { NULL, NULL, 0 },
1149 /* 0xf3 */ { NULL, NULL, 0 },
1150 /* 0xf4 */ { NULL, NULL, 0 },
1151 /* 0xf5 */ { NULL, NULL, 0 },
1152 /* 0xf6 */ { NULL, NULL, 0 },
1153 /* 0xf7 */ { NULL, NULL, 0 },
1154 /* 0xf8 */ { NULL, NULL, 0 },
1155 /* 0xf9 */ { NULL, NULL, 0 },
1156 /* 0xfa */ { NULL, NULL, 0 },
1157 /* 0xfb */ { NULL, NULL, 0 },
1158 /* 0xfc */ { NULL, NULL, 0 },
1159 /* 0xfd */ { NULL, NULL, 0 },
1160 /* 0xfe */ { NULL, NULL, 0 },
1161 /* 0xff */ { NULL, NULL, 0 }
1165 /*******************************************************************
1166 allocate and initialize a reply packet
1167 ********************************************************************/
1169 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1170 const char *inbuf, char **outbuf, uint8_t num_words,
1174 * Protect against integer wrap
1176 if ((num_bytes > 0xffffff)
1177 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1179 if (asprintf(&msg, "num_bytes too large: %u",
1180 (unsigned)num_bytes) == -1) {
1181 msg = CONST_DISCARD(char *, "num_bytes too large");
1186 *outbuf = TALLOC_ARRAY(mem_ctx, char,
1187 smb_size + num_words*2 + num_bytes);
1188 if (*outbuf == NULL) {
1192 construct_reply_common(req, inbuf, *outbuf);
1193 srv_set_message(*outbuf, num_words, num_bytes, false);
1195 * Zero out the word area, the caller has to take care of the bcc area
1198 if (num_words != 0) {
1199 memset(*outbuf + smb_vwv0, 0, num_words*2);
1205 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1208 if (!create_outbuf(req, req, (char *)req->inbuf, &outbuf, num_words,
1210 smb_panic("could not allocate output buffer\n");
1212 req->outbuf = (uint8_t *)outbuf;
1216 /*******************************************************************
1217 Dump a packet to a file.
1218 ********************************************************************/
1220 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1224 if (DEBUGLEVEL < 50) {
1228 if (len < 4) len = smb_len(data)+4;
1229 for (i=1;i<100;i++) {
1230 if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1231 type ? "req" : "resp") == -1) {
1234 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1235 if (fd != -1 || errno != EEXIST) break;
1238 ssize_t ret = write(fd, data, len);
1240 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1242 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1247 /****************************************************************************
1248 Prepare everything for calling the actual request function, and potentially
1249 call the request function via the "new" interface.
1251 Return False if the "legacy" function needs to be called, everything is
1254 Return True if we're done.
1256 I know this API sucks, but it is the one with the least code change I could
1258 ****************************************************************************/
1260 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1264 connection_struct *conn = NULL;
1265 struct smbd_server_connection *sconn = smbd_server_conn;
1269 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1270 * so subtract 4 from it. */
1271 if (!valid_smb_header(req->inbuf)
1272 || (size < (smb_size - 4))) {
1273 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1274 smb_len(req->inbuf)));
1275 exit_server_cleanly("Non-SMB packet");
1278 if (smb_messages[type].fn == NULL) {
1279 DEBUG(0,("Unknown message type %d!\n",type));
1280 smb_dump("Unknown", 1, (char *)req->inbuf, size);
1281 reply_unknown_new(req, type);
1285 flags = smb_messages[type].flags;
1287 /* In share mode security we must ignore the vuid. */
1288 session_tag = (lp_security() == SEC_SHARE)
1289 ? UID_FIELD_INVALID : req->vuid;
1292 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1293 (int)sys_getpid(), (unsigned long)conn));
1295 smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1297 /* Ensure this value is replaced in the incoming packet. */
1298 SSVAL(req->inbuf,smb_uid,session_tag);
1301 * Ensure the correct username is in current_user_info. This is a
1302 * really ugly bugfix for problems with multiple session_setup_and_X's
1303 * being done and allowing %U and %G substitutions to work correctly.
1304 * There is a reason this code is done here, don't move it unless you
1305 * know what you're doing... :-).
1309 if (session_tag != sconn->smb1.sessions.last_session_tag) {
1310 user_struct *vuser = NULL;
1312 sconn->smb1.sessions.last_session_tag = session_tag;
1313 if(session_tag != UID_FIELD_INVALID) {
1314 vuser = get_valid_user_struct(sconn, session_tag);
1316 set_current_user_info(
1317 vuser->server_info->sanitized_username,
1318 vuser->server_info->unix_name,
1319 pdb_get_domain(vuser->server_info
1325 /* Does this call need to be run as the connected user? */
1326 if (flags & AS_USER) {
1328 /* Does this call need a valid tree connection? */
1331 * Amazingly, the error code depends on the command
1334 if (type == SMBntcreateX) {
1335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1337 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1342 if (!change_to_user(conn,session_tag)) {
1343 DEBUG(0, ("Error: Could not change to user. Removing "
1344 "deferred open, mid=%d.\n", req->mid));
1345 reply_force_doserror(req, ERRSRV, ERRbaduid);
1349 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1351 /* Does it need write permission? */
1352 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1353 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1357 /* IPC services are limited */
1358 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1359 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1363 /* This call needs to be run as root */
1364 change_to_root_user();
1367 /* load service specific parameters */
1369 if (req->encrypted) {
1370 conn->encrypted_tid = true;
1371 /* encrypted required from now on. */
1372 conn->encrypt_level = Required;
1373 } else if (ENCRYPTION_REQUIRED(conn)) {
1374 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1375 exit_server_cleanly("encryption required "
1381 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1382 (flags & (AS_USER|DO_CHDIR)
1384 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1387 conn->num_smb_operations++;
1390 /* does this protocol need to be run as guest? */
1391 if ((flags & AS_GUEST)
1392 && (!change_to_guest() ||
1393 !check_access(smbd_server_fd(), lp_hostsallow(-1),
1394 lp_hostsdeny(-1)))) {
1395 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1399 smb_messages[type].fn(req);
1403 /****************************************************************************
1404 Construct a reply to the incoming packet.
1405 ****************************************************************************/
1407 static void construct_reply(char *inbuf, int size, size_t unread_bytes,
1408 uint32_t seqnum, bool encrypted,
1409 struct smb_perfcount_data *deferred_pcd)
1411 connection_struct *conn;
1412 struct smb_request *req;
1414 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1415 smb_panic("could not allocate smb_request");
1418 init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted, seqnum);
1419 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1421 /* we popped this message off the queue - keep original perf data */
1423 req->pcd = *deferred_pcd;
1425 SMB_PERFCOUNT_START(&req->pcd);
1426 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1427 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1430 conn = switch_message(req->cmd, req, size);
1432 if (req->unread_bytes) {
1433 /* writeX failed. drain socket. */
1434 if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1435 req->unread_bytes) {
1436 smb_panic("failed to drain pending bytes");
1438 req->unread_bytes = 0;
1446 if (req->outbuf == NULL) {
1450 if (CVAL(req->outbuf,0) == 0) {
1451 show_msg((char *)req->outbuf);
1454 if (!srv_send_smb(smbd_server_fd(),
1455 (char *)req->outbuf,
1456 true, req->seqnum+1,
1457 IS_CONN_ENCRYPTED(conn)||req->encrypted,
1459 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1467 /****************************************************************************
1468 Process an smb from the client
1469 ****************************************************************************/
1470 static void process_smb(struct smbd_server_connection *conn,
1471 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1472 uint32_t seqnum, bool encrypted,
1473 struct smb_perfcount_data *deferred_pcd)
1475 int msg_type = CVAL(inbuf,0);
1477 DO_PROFILE_INC(smb_count);
1479 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1481 DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1483 (unsigned int)unread_bytes ));
1485 if (msg_type != 0) {
1487 * NetBIOS session request, keepalive, etc.
1489 reply_special((char *)inbuf);
1493 if (smbd_server_conn->allow_smb2) {
1494 if (smbd_is_smb2_header(inbuf, nread)) {
1495 smbd_smb2_first_negprot(smbd_server_conn, inbuf, nread);
1498 smbd_server_conn->allow_smb2 = false;
1501 show_msg((char *)inbuf);
1503 construct_reply((char *)inbuf,nread,unread_bytes,seqnum,encrypted,deferred_pcd);
1507 conn->smb1.num_requests++;
1509 /* The timeout_processing function isn't run nearly
1510 often enough to implement 'max log size' without
1511 overrunning the size of the file by many megabytes.
1512 This is especially true if we are running at debug
1513 level 10. Checking every 50 SMBs is a nice
1514 tradeoff of performance vs log file size overrun. */
1516 if ((conn->smb1.num_requests % 50) == 0 &&
1517 need_to_check_log_size()) {
1518 change_to_root_user();
1523 /****************************************************************************
1524 Return a string containing the function name of a SMB command.
1525 ****************************************************************************/
1527 const char *smb_fn_name(int type)
1529 const char *unknown_name = "SMBunknown";
1531 if (smb_messages[type].name == NULL)
1532 return(unknown_name);
1534 return(smb_messages[type].name);
1537 /****************************************************************************
1538 Helper functions for contruct_reply.
1539 ****************************************************************************/
1541 void add_to_common_flags2(uint32 v)
1546 void remove_from_common_flags2(uint32 v)
1548 common_flags2 &= ~v;
1551 static void construct_reply_common(struct smb_request *req, const char *inbuf,
1554 srv_set_message(outbuf,0,0,false);
1556 SCVAL(outbuf, smb_com, req->cmd);
1557 SIVAL(outbuf,smb_rcls,0);
1558 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1559 SSVAL(outbuf,smb_flg2,
1560 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1562 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1564 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1565 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1566 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1567 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1570 void construct_reply_common_req(struct smb_request *req, char *outbuf)
1572 construct_reply_common(req, (char *)req->inbuf, outbuf);
1576 * How many bytes have we already accumulated up to the current wct field
1580 size_t req_wct_ofs(struct smb_request *req)
1584 if (req->chain_outbuf == NULL) {
1587 buf_size = talloc_get_size(req->chain_outbuf);
1588 if ((buf_size % 4) != 0) {
1589 buf_size += (4 - (buf_size % 4));
1591 return buf_size - 4;
1595 * Hack around reply_nterror & friends not being aware of chained requests,
1596 * generating illegal (i.e. wct==0) chain replies.
1599 static void fixup_chain_error_packet(struct smb_request *req)
1601 uint8_t *outbuf = req->outbuf;
1603 reply_outbuf(req, 2, 0);
1604 memcpy(req->outbuf, outbuf, smb_wct);
1605 TALLOC_FREE(outbuf);
1606 SCVAL(req->outbuf, smb_vwv0, 0xff);
1610 * @brief Find the smb_cmd offset of the last command pushed
1611 * @param[in] buf The buffer we're building up
1612 * @retval Where can we put our next andx cmd?
1614 * While chaining requests, the "next" request we're looking at needs to put
1615 * its SMB_Command before the data the previous request already built up added
1616 * to the chain. Find the offset to the place where we have to put our cmd.
1619 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
1624 cmd = CVAL(buf, smb_com);
1626 SMB_ASSERT(is_andx_req(cmd));
1630 while (CVAL(buf, ofs) != 0xff) {
1632 if (!is_andx_req(CVAL(buf, ofs))) {
1637 * ofs is from start of smb header, so add the 4 length
1638 * bytes. The next cmd is right after the wct field.
1640 ofs = SVAL(buf, ofs+2) + 4 + 1;
1642 SMB_ASSERT(ofs+4 < talloc_get_size(buf));
1650 * @brief Do the smb chaining at a buffer level
1651 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
1652 * @param[in] smb_command The command that we want to issue
1653 * @param[in] wct How many words?
1654 * @param[in] vwv The words, already in network order
1655 * @param[in] bytes_alignment How shall we align "bytes"?
1656 * @param[in] num_bytes How many bytes?
1657 * @param[in] bytes The data the request ships
1659 * smb_splice_chain() adds the vwv and bytes to the request already present in
1663 static bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
1664 uint8_t wct, const uint16_t *vwv,
1665 size_t bytes_alignment,
1666 uint32_t num_bytes, const uint8_t *bytes)
1669 size_t old_size, new_size;
1671 size_t chain_padding = 0;
1672 size_t bytes_padding = 0;
1675 old_size = talloc_get_size(*poutbuf);
1678 * old_size == smb_wct means we're pushing the first request in for
1682 first_request = (old_size == smb_wct);
1684 if (!first_request && ((old_size % 4) != 0)) {
1686 * Align the wct field of subsequent requests to a 4-byte
1689 chain_padding = 4 - (old_size % 4);
1693 * After the old request comes the new wct field (1 byte), the vwv's
1694 * and the num_bytes field. After at we might need to align the bytes
1695 * given to us to "bytes_alignment", increasing the num_bytes value.
1698 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
1700 if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
1701 bytes_padding = bytes_alignment - (new_size % bytes_alignment);
1704 new_size += bytes_padding + num_bytes;
1706 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
1707 DEBUG(1, ("splice_chain: %u bytes won't fit\n",
1708 (unsigned)new_size));
1712 outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, uint8_t, new_size);
1713 if (outbuf == NULL) {
1714 DEBUG(0, ("talloc failed\n"));
1719 if (first_request) {
1720 SCVAL(outbuf, smb_com, smb_command);
1722 size_t andx_cmd_ofs;
1724 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
1725 DEBUG(1, ("invalid command chain\n"));
1726 *poutbuf = TALLOC_REALLOC_ARRAY(
1727 NULL, *poutbuf, uint8_t, old_size);
1731 if (chain_padding != 0) {
1732 memset(outbuf + old_size, 0, chain_padding);
1733 old_size += chain_padding;
1736 SCVAL(outbuf, andx_cmd_ofs, smb_command);
1737 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
1743 * Push the chained request:
1748 SCVAL(outbuf, ofs, wct);
1755 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
1756 ofs += sizeof(uint16_t) * wct;
1762 SSVAL(outbuf, ofs, num_bytes + bytes_padding);
1763 ofs += sizeof(uint16_t);
1769 if (bytes_padding != 0) {
1770 memset(outbuf + ofs, 0, bytes_padding);
1771 ofs += bytes_padding;
1778 memcpy(outbuf + ofs, bytes, num_bytes);
1783 /****************************************************************************
1784 Construct a chained reply and add it to the already made reply
1785 ****************************************************************************/
1787 void chain_reply(struct smb_request *req)
1789 size_t smblen = smb_len(req->inbuf);
1790 size_t already_used, length_needed;
1792 uint32_t chain_offset; /* uint32_t to avoid overflow */
1799 if (IVAL(req->outbuf, smb_rcls) != 0) {
1800 fixup_chain_error_packet(req);
1804 * Any of the AndX requests and replies have at least a wct of
1805 * 2. vwv[0] is the next command, vwv[1] is the offset from the
1806 * beginning of the SMB header to the next wct field.
1808 * None of the AndX requests put anything valuable in vwv[0] and [1],
1809 * so we can overwrite it here to form the chain.
1812 if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
1813 if (req->chain_outbuf == NULL) {
1814 req->chain_outbuf = TALLOC_REALLOC_ARRAY(
1815 req, req->outbuf, uint8_t,
1816 smb_len(req->outbuf) + 4);
1817 if (req->chain_outbuf == NULL) {
1818 smb_panic("talloc failed");
1826 * Here we assume that this is the end of the chain. For that we need
1827 * to set "next command" to 0xff and the offset to 0. If we later find
1828 * more commands in the chain, this will be overwritten again.
1831 SCVAL(req->outbuf, smb_vwv0, 0xff);
1832 SCVAL(req->outbuf, smb_vwv0+1, 0);
1833 SSVAL(req->outbuf, smb_vwv1, 0);
1835 if (req->chain_outbuf == NULL) {
1837 * In req->chain_outbuf we collect all the replies. Start the
1838 * chain by copying in the first reply.
1840 * We do the realloc because later on we depend on
1841 * talloc_get_size to determine the length of
1842 * chain_outbuf. The reply_xxx routines might have
1843 * over-allocated (reply_pipe_read_and_X used to be such an
1846 req->chain_outbuf = TALLOC_REALLOC_ARRAY(
1847 req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
1848 if (req->chain_outbuf == NULL) {
1849 smb_panic("talloc failed");
1854 * Update smb headers where subsequent chained commands
1855 * may have updated them.
1857 SCVAL(req->chain_outbuf, smb_tid, CVAL(req->outbuf, smb_tid));
1858 SCVAL(req->chain_outbuf, smb_uid, CVAL(req->outbuf, smb_uid));
1860 if (!smb_splice_chain(&req->chain_outbuf,
1861 CVAL(req->outbuf, smb_com),
1862 CVAL(req->outbuf, smb_wct),
1863 (uint16_t *)(req->outbuf + smb_vwv),
1864 0, smb_buflen(req->outbuf),
1865 (uint8_t *)smb_buf(req->outbuf))) {
1868 TALLOC_FREE(req->outbuf);
1872 * We use the old request's vwv field to grab the next chained command
1873 * and offset into the chained fields.
1876 chain_cmd = CVAL(req->vwv+0, 0);
1877 chain_offset = SVAL(req->vwv+1, 0);
1879 if (chain_cmd == 0xff) {
1881 * End of chain, no more requests from the client. So ship the
1884 smb_setlen((char *)(req->chain_outbuf),
1885 talloc_get_size(req->chain_outbuf) - 4);
1887 if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf,
1888 true, req->seqnum+1,
1889 IS_CONN_ENCRYPTED(req->conn)
1892 exit_server_cleanly("chain_reply: srv_send_smb "
1895 TALLOC_FREE(req->chain_outbuf);
1900 /* add a new perfcounter for this element of chain */
1901 SMB_PERFCOUNT_ADD(&req->pcd);
1902 SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd);
1903 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen);
1906 * Check if the client tries to fool us. The request so far uses the
1907 * space to the end of the byte buffer in the request just
1908 * processed. The chain_offset can't point into that area. If that was
1909 * the case, we could end up with an endless processing of the chain,
1910 * we would always handle the same request.
1913 already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf));
1914 if (chain_offset < already_used) {
1919 * Next check: Make sure the chain offset does not point beyond the
1920 * overall smb request length.
1923 length_needed = chain_offset+1; /* wct */
1924 if (length_needed > smblen) {
1929 * Now comes the pointer magic. Goal here is to set up req->vwv and
1930 * req->buf correctly again to be able to call the subsequent
1931 * switch_message(). The chain offset (the former vwv[1]) points at
1932 * the new wct field.
1935 wct = CVAL(smb_base(req->inbuf), chain_offset);
1938 * Next consistency check: Make the new vwv array fits in the overall
1942 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
1943 if (length_needed > smblen) {
1946 vwv = (uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
1949 * Now grab the new byte buffer....
1952 buflen = SVAL(vwv+wct, 0);
1955 * .. and check that it fits.
1958 length_needed += buflen;
1959 if (length_needed > smblen) {
1962 buf = (uint8_t *)(vwv+wct+1);
1964 req->cmd = chain_cmd;
1967 req->buflen = buflen;
1970 switch_message(chain_cmd, req, smblen);
1972 if (req->outbuf == NULL) {
1974 * This happens if the chained command has suspended itself or
1975 * if it has called srv_send_smb() itself.
1981 * We end up here if the chained command was not itself chained or
1982 * suspended, but for example a close() command. We now need to splice
1983 * the chained commands' outbuf into the already built up chain_outbuf
1984 * and ship the result.
1990 * We end up here if there's any error in the chain syntax. Report a
1991 * DOS error, just like Windows does.
1993 reply_force_doserror(req, ERRSRV, ERRerror);
1994 fixup_chain_error_packet(req);
1998 * This scary statement intends to set the
1999 * FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf
2000 * to the value req->outbuf carries
2002 SSVAL(req->chain_outbuf, smb_flg2,
2003 (SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
2004 | (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
2007 * Transfer the error codes from the subrequest to the main one
2009 SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
2010 SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err));
2012 if (!smb_splice_chain(&req->chain_outbuf,
2013 CVAL(req->outbuf, smb_com),
2014 CVAL(req->outbuf, smb_wct),
2015 (uint16_t *)(req->outbuf + smb_vwv),
2016 0, smb_buflen(req->outbuf),
2017 (uint8_t *)smb_buf(req->outbuf))) {
2018 exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
2020 TALLOC_FREE(req->outbuf);
2022 smb_setlen((char *)(req->chain_outbuf),
2023 talloc_get_size(req->chain_outbuf) - 4);
2025 show_msg((char *)(req->chain_outbuf));
2027 if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf,
2028 true, req->seqnum+1,
2029 IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
2031 exit_server_cleanly("construct_reply: srv_send_smb failed.");
2033 TALLOC_FREE(req->chain_outbuf);
2037 /****************************************************************************
2038 Check if services need reloading.
2039 ****************************************************************************/
2041 void check_reload(time_t t)
2043 time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
2045 if(last_smb_conf_reload_time == 0) {
2046 last_smb_conf_reload_time = t;
2047 /* Our printing subsystem might not be ready at smbd start up.
2048 Then no printer is available till the first printers check
2049 is performed. A lower initial interval circumvents this. */
2050 if ( printcap_cache_time > 60 )
2051 last_printer_reload_time = t - printcap_cache_time + 60;
2053 last_printer_reload_time = t;
2056 if (mypid != getpid()) { /* First time or fork happened meanwhile */
2057 /* randomize over 60 second the printcap reload to avoid all
2058 * process hitting cupsd at the same time */
2059 int time_range = 60;
2061 last_printer_reload_time += random() % time_range;
2065 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2066 reload_services(True);
2067 last_smb_conf_reload_time = t;
2070 /* 'printcap cache time = 0' disable the feature */
2072 if ( printcap_cache_time != 0 )
2074 /* see if it's time to reload or if the clock has been set back */
2076 if ( (t >= last_printer_reload_time+printcap_cache_time)
2077 || (t-last_printer_reload_time < 0) )
2079 DEBUG( 3,( "Printcap cache time expired.\n"));
2081 last_printer_reload_time = t;
2086 static void smbd_server_connection_write_handler(struct smbd_server_connection *conn)
2088 /* TODO: make write nonblocking */
2091 static void smbd_server_connection_read_handler(struct smbd_server_connection *conn)
2093 uint8_t *inbuf = NULL;
2094 size_t inbuf_len = 0;
2095 size_t unread_bytes = 0;
2096 bool encrypted = false;
2097 TALLOC_CTX *mem_ctx = talloc_tos();
2101 /* TODO: make this completely nonblocking */
2103 status = receive_smb_talloc(mem_ctx, smbd_server_fd(),
2104 (char **)(void *)&inbuf,
2108 &inbuf_len, &seqnum);
2109 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2112 if (NT_STATUS_IS_ERR(status)) {
2113 exit_server_cleanly("failed to receive smb request");
2115 if (!NT_STATUS_IS_OK(status)) {
2120 process_smb(conn, inbuf, inbuf_len, unread_bytes,
2121 seqnum, encrypted, NULL);
2124 static void smbd_server_connection_handler(struct event_context *ev,
2125 struct fd_event *fde,
2129 struct smbd_server_connection *conn = talloc_get_type(private_data,
2130 struct smbd_server_connection);
2132 if (flags & EVENT_FD_WRITE) {
2133 smbd_server_connection_write_handler(conn);
2134 } else if (flags & EVENT_FD_READ) {
2135 smbd_server_connection_read_handler(conn);
2140 /****************************************************************************
2141 received when we should release a specific IP
2142 ****************************************************************************/
2143 static void release_ip(const char *ip, void *priv)
2145 char addr[INET6_ADDRSTRLEN];
2148 client_socket_addr(get_client_fd(),addr,sizeof(addr));
2150 if (strncmp("::ffff:", addr, 7) == 0) {
2154 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2155 /* we can't afford to do a clean exit - that involves
2156 database writes, which would potentially mean we
2157 are still running after the failover has finished -
2158 we have to get rid of this process ID straight
2160 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2162 /* note we must exit with non-zero status so the unclean handler gets
2163 called in the parent, so that the brl database is tickled */
2168 static void msg_release_ip(struct messaging_context *msg_ctx, void *private_data,
2169 uint32_t msg_type, struct server_id server_id, DATA_BLOB *data)
2171 release_ip((char *)data->data, NULL);
2174 #ifdef CLUSTER_SUPPORT
2175 static int client_get_tcp_info(struct sockaddr_storage *server,
2176 struct sockaddr_storage *client)
2179 if (server_fd == -1) {
2182 length = sizeof(*server);
2183 if (getsockname(server_fd, (struct sockaddr *)server, &length) != 0) {
2186 length = sizeof(*client);
2187 if (getpeername(server_fd, (struct sockaddr *)client, &length) != 0) {
2195 * Send keepalive packets to our client
2197 static bool keepalive_fn(const struct timeval *now, void *private_data)
2199 if (!send_keepalive(smbd_server_fd())) {
2200 DEBUG( 2, ( "Keepalive failed - exiting.\n" ) );
2207 * Do the recurring check if we're idle
2209 static bool deadtime_fn(const struct timeval *now, void *private_data)
2211 struct smbd_server_connection *sconn = smbd_server_conn;
2212 if ((conn_num_open(sconn) == 0)
2213 || (conn_idle_all(sconn, now->tv_sec))) {
2214 DEBUG( 2, ( "Closing idle connection\n" ) );
2215 messaging_send(smbd_messaging_context(), procid_self(),
2216 MSG_SHUTDOWN, &data_blob_null);
2224 * Do the recurring log file and smb.conf reload checks.
2227 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2229 change_to_root_user();
2231 /* update printer queue caches if necessary */
2232 update_monitored_printq_cache();
2234 /* check if we need to reload services */
2235 check_reload(time(NULL));
2237 /* Change machine password if neccessary. */
2238 attempt_machine_password_change();
2241 * Force a log file check.
2243 force_check_log_size();
2248 /****************************************************************************
2249 Process commands from the client
2250 ****************************************************************************/
2252 void smbd_process(void)
2254 TALLOC_CTX *frame = talloc_stackframe();
2255 char remaddr[INET6_ADDRSTRLEN];
2257 if (lp_maxprotocol() == PROTOCOL_SMB2 &&
2258 lp_security() != SEC_SHARE) {
2259 smbd_server_conn->allow_smb2 = true;
2262 /* Ensure child is set to blocking mode */
2263 set_blocking(smbd_server_fd(),True);
2265 set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
2266 set_socket_options(smbd_server_fd(), lp_socket_options());
2268 /* this is needed so that we get decent entries
2269 in smbstatus for port 445 connects */
2270 set_remote_machine_name(get_peer_addr(smbd_server_fd(),
2274 reload_services(true);
2277 * Before the first packet, check the global hosts allow/ hosts deny
2278 * parameters before doing any parsing of packets passed to us by the
2279 * client. This prevents attacks on our parsing code from hosts not in
2280 * the hosts allow list.
2283 if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
2284 lp_hostsdeny(-1))) {
2285 char addr[INET6_ADDRSTRLEN];
2288 * send a negative session response "not listening on calling
2291 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
2292 DEBUG( 1, ("Connection denied from %s\n",
2293 client_addr(get_client_fd(),addr,sizeof(addr)) ) );
2294 (void)srv_send_smb(smbd_server_fd(),(char *)buf, false,
2296 exit_server_cleanly("connection denied");
2303 smb_perfcount_init();
2305 if (!init_account_policy()) {
2306 exit_server("Could not open account policy tdb.\n");
2309 if (*lp_rootdir()) {
2310 if (chroot(lp_rootdir()) != 0) {
2311 DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
2312 exit_server("Failed to chroot()");
2314 if (chdir("/") == -1) {
2315 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
2316 exit_server("Failed to chroot()");
2318 DEBUG(0,("Changed root to %s\n", lp_rootdir()));
2321 if (!srv_init_signing(smbd_server_conn)) {
2322 exit_server("Failed to init smb_signing");
2326 if (!init_oplocks(smbd_messaging_context()))
2327 exit_server("Failed to init oplocks");
2329 /* Setup aio signal handler. */
2330 initialize_async_io_handler();
2332 /* register our message handlers */
2333 messaging_register(smbd_messaging_context(), NULL,
2334 MSG_SMB_FORCE_TDIS, msg_force_tdis);
2335 messaging_register(smbd_messaging_context(), NULL,
2336 MSG_SMB_RELEASE_IP, msg_release_ip);
2337 messaging_register(smbd_messaging_context(), NULL,
2338 MSG_SMB_CLOSE_FILE, msg_close_file);
2341 * Use the default MSG_DEBUG handler to avoid rebroadcasting
2342 * MSGs to all child processes
2344 messaging_deregister(smbd_messaging_context(),
2346 messaging_register(smbd_messaging_context(), NULL,
2347 MSG_DEBUG, debug_message);
2349 if ((lp_keepalive() != 0)
2350 && !(event_add_idle(smbd_event_context(), NULL,
2351 timeval_set(lp_keepalive(), 0),
2352 "keepalive", keepalive_fn,
2354 DEBUG(0, ("Could not add keepalive event\n"));
2358 if (!(event_add_idle(smbd_event_context(), NULL,
2359 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
2360 "deadtime", deadtime_fn, NULL))) {
2361 DEBUG(0, ("Could not add deadtime event\n"));
2365 if (!(event_add_idle(smbd_event_context(), NULL,
2366 timeval_set(SMBD_SELECT_TIMEOUT, 0),
2367 "housekeeping", housekeeping_fn, NULL))) {
2368 DEBUG(0, ("Could not add housekeeping event\n"));
2372 #ifdef CLUSTER_SUPPORT
2374 if (lp_clustering()) {
2376 * We need to tell ctdb about our client's TCP
2377 * connection, so that for failover ctdbd can send
2378 * tickle acks, triggering a reconnection by the
2382 struct sockaddr_storage srv, clnt;
2384 if (client_get_tcp_info(&srv, &clnt) == 0) {
2388 status = ctdbd_register_ips(
2389 messaging_ctdbd_connection(),
2390 &srv, &clnt, release_ip, NULL);
2392 if (!NT_STATUS_IS_OK(status)) {
2393 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
2394 nt_errstr(status)));
2398 DEBUG(0,("Unable to get tcp info for "
2399 "CTDB_CONTROL_TCP_CLIENT: %s\n",
2406 smbd_server_conn->nbt.got_session = false;
2408 smbd_server_conn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
2410 smbd_server_conn->smb1.sessions.done_sesssetup = false;
2411 smbd_server_conn->smb1.sessions.max_send = BUFFER_SIZE;
2412 smbd_server_conn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
2413 /* users from session setup */
2414 smbd_server_conn->smb1.sessions.session_userlist = NULL;
2415 /* workgroup from session setup. */
2416 smbd_server_conn->smb1.sessions.session_workgroup = NULL;
2417 /* this holds info on user ids that are already validated for this VC */
2418 smbd_server_conn->smb1.sessions.validated_users = NULL;
2419 smbd_server_conn->smb1.sessions.next_vuid = VUID_OFFSET;
2420 smbd_server_conn->smb1.sessions.num_validated_vuids = 0;
2421 #ifdef HAVE_NETGROUP
2422 smbd_server_conn->smb1.sessions.my_yp_domain = NULL;
2425 conn_init(smbd_server_conn);
2426 if (!init_dptrs(smbd_server_conn)) {
2427 exit_server("init_dptrs() failed");
2430 smbd_server_conn->smb1.fde = event_add_fd(smbd_event_context(),
2434 smbd_server_connection_handler,
2436 if (!smbd_server_conn->smb1.fde) {
2437 exit_server("failed to create smbd_server_connection fde");
2445 frame = talloc_stackframe_pool(8192);
2449 status = smbd_server_connection_loop_once(smbd_server_conn);
2450 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY) &&
2451 !NT_STATUS_IS_OK(status)) {
2452 DEBUG(3, ("smbd_server_connection_loop_once failed: %s,"
2453 " exiting\n", nt_errstr(status)));
2460 exit_server_cleanly(NULL);
2463 bool req_is_in_chain(struct smb_request *req)
2465 if (req->vwv != (uint16_t *)(req->inbuf+smb_vwv)) {
2467 * We're right now handling a subsequent request, so we must
2473 if (!is_andx_req(req->cmd)) {
2479 * Okay, an illegal request, but definitely not chained :-)
2484 return (CVAL(req->vwv+0, 0) != 0xFF);
git.samba.org / samba.git / blob