2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "smbprofile.h"
36 #include "rpc_server/spoolss/srv_spoolss_nt.h"
37 #include "libsmb/libsmb.h"
38 #include "../lib/util/tevent_ntstatus.h"
39 #include "../libcli/security/dom_sid.h"
40 #include "../libcli/security/security_token.h"
41 #include "lib/id_cache.h"
43 extern bool global_machine_password_needs_changing;
45 /* Internal message queue for deferred opens. */
46 struct pending_message_list {
47 struct pending_message_list *next, *prev;
48 struct timeval request_time; /* When was this first issued? */
49 struct smbd_server_connection *sconn;
50 struct timed_event *te;
51 struct smb_perfcount_data pcd;
56 DATA_BLOB private_data;
59 static void construct_reply_common(struct smb_request *req, const char *inbuf,
61 static struct pending_message_list *get_deferred_open_message_smb(
62 struct smbd_server_connection *sconn, uint64_t mid);
64 static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn)
68 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
72 sconn->smb1.echo_handler.ref_count++;
74 if (sconn->smb1.echo_handler.ref_count > 1) {
78 DEBUG(10,("pid[%d] wait for socket lock\n", (int)sys_getpid()));
82 sconn->smb1.echo_handler.socket_lock_fd,
83 SMB_F_SETLKW, 0, 0, F_WRLCK);
84 } while (!ok && (errno == EINTR));
87 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
91 DEBUG(10,("pid[%d] got for socket lock\n", (int)sys_getpid()));
96 void smbd_lock_socket(struct smbd_server_connection *sconn)
98 if (!smbd_lock_socket_internal(sconn)) {
99 exit_server_cleanly("failed to lock socket");
103 static bool smbd_unlock_socket_internal(struct smbd_server_connection *sconn)
107 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
111 sconn->smb1.echo_handler.ref_count--;
113 if (sconn->smb1.echo_handler.ref_count > 0) {
119 sconn->smb1.echo_handler.socket_lock_fd,
120 SMB_F_SETLKW, 0, 0, F_UNLCK);
121 } while (!ok && (errno == EINTR));
124 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
128 DEBUG(10,("pid[%d] unlocked socket\n", (int)sys_getpid()));
133 void smbd_unlock_socket(struct smbd_server_connection *sconn)
135 if (!smbd_unlock_socket_internal(sconn)) {
136 exit_server_cleanly("failed to unlock socket");
140 /* Accessor function for smb_read_error for smbd functions. */
142 /****************************************************************************
144 ****************************************************************************/
146 bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
147 bool do_signing, uint32_t seqnum,
149 struct smb_perfcount_data *pcd)
154 char *buf_out = buffer;
156 smbd_lock_socket(sconn);
159 /* Sign the outgoing packet if required. */
160 srv_calculate_sign_mac(sconn, buf_out, seqnum);
164 NTSTATUS status = srv_encrypt_buffer(sconn, buffer, &buf_out);
165 if (!NT_STATUS_IS_OK(status)) {
166 DEBUG(0, ("send_smb: SMB encryption failed "
167 "on outgoing packet! Error %s\n",
168 nt_errstr(status) ));
173 len = smb_len(buf_out) + 4;
175 ret = write_data(sconn->sock, buf_out+nwritten, len - nwritten);
178 char addr[INET6_ADDRSTRLEN];
180 * Try and give an error message saying what
183 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
184 (int)sys_getpid(), (int)len,
185 get_peer_addr(sconn->sock, addr, sizeof(addr)),
186 (int)ret, strerror(errno) ));
188 srv_free_enc_buffer(sconn, buf_out);
192 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
193 srv_free_enc_buffer(sconn, buf_out);
195 SMB_PERFCOUNT_END(pcd);
197 smbd_unlock_socket(sconn);
201 /*******************************************************************
202 Setup the word count and byte count for a smb message.
203 ********************************************************************/
205 int srv_set_message(char *buf,
210 if (zero && (num_words || num_bytes)) {
211 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
213 SCVAL(buf,smb_wct,num_words);
214 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
215 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
216 return (smb_size + num_words*2 + num_bytes);
219 static bool valid_smb_header(struct smbd_server_connection *sconn,
220 const uint8_t *inbuf)
222 if (is_encrypted_packet(sconn, inbuf)) {
226 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
227 * but it just looks weird to call strncmp for this one.
229 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
232 /* Socket functions for smbd packet processing. */
234 static bool valid_packet_size(size_t len)
237 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
238 * of header. Don't print the error if this fits.... JRA.
241 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
242 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
243 (unsigned long)len));
249 static NTSTATUS read_packet_remainder(int fd, char *buffer,
250 unsigned int timeout, ssize_t len)
258 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
259 if (!NT_STATUS_IS_OK(status)) {
260 char addr[INET6_ADDRSTRLEN];
261 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
263 get_peer_addr(fd, addr, sizeof(addr)),
269 /****************************************************************************
270 Attempt a zerocopy writeX read. We know here that len > smb_size-4
271 ****************************************************************************/
274 * Unfortunately, earlier versions of smbclient/libsmbclient
275 * don't send this "standard" writeX header. I've fixed this
276 * for 3.2 but we'll use the old method with earlier versions.
277 * Windows and CIFSFS at least use this standard size. Not
281 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
282 (2*14) + /* word count (including bcc) */ \
285 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
286 const char lenbuf[4],
287 struct smbd_server_connection *sconn,
290 unsigned int timeout,
294 /* Size of a WRITEX call (+4 byte len). */
295 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
296 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
300 memcpy(writeX_header, lenbuf, 4);
302 status = read_fd_with_timeout(
303 sock, writeX_header + 4,
304 STANDARD_WRITE_AND_X_HEADER_SIZE,
305 STANDARD_WRITE_AND_X_HEADER_SIZE,
308 if (!NT_STATUS_IS_OK(status)) {
309 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
311 tsocket_address_string(sconn->remote_address,
318 * Ok - now try and see if this is a possible
322 if (is_valid_writeX_buffer(sconn, (uint8_t *)writeX_header)) {
324 * If the data offset is beyond what
325 * we've read, drain the extra bytes.
327 uint16_t doff = SVAL(writeX_header,smb_vwv11);
330 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
331 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
332 if (drain_socket(sock, drain) != drain) {
333 smb_panic("receive_smb_raw_talloc_partial_read:"
334 " failed to drain pending bytes");
337 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
340 /* Spoof down the length and null out the bcc. */
341 set_message_bcc(writeX_header, 0);
342 newlen = smb_len(writeX_header);
344 /* Copy the header we've written. */
346 *buffer = (char *)talloc_memdup(mem_ctx,
348 sizeof(writeX_header));
350 if (*buffer == NULL) {
351 DEBUG(0, ("Could not allocate inbuf of length %d\n",
352 (int)sizeof(writeX_header)));
353 return NT_STATUS_NO_MEMORY;
356 /* Work out the remaining bytes. */
357 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
358 *len_ret = newlen + 4;
362 if (!valid_packet_size(len)) {
363 return NT_STATUS_INVALID_PARAMETER;
367 * Not a valid writeX call. Just do the standard
371 *buffer = talloc_array(mem_ctx, char, len+4);
373 if (*buffer == NULL) {
374 DEBUG(0, ("Could not allocate inbuf of length %d\n",
376 return NT_STATUS_NO_MEMORY;
379 /* Copy in what we already read. */
382 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
383 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
386 status = read_packet_remainder(
388 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
391 if (!NT_STATUS_IS_OK(status)) {
392 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
402 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
403 struct smbd_server_connection *sconn,
405 char **buffer, unsigned int timeout,
406 size_t *p_unread, size_t *plen)
410 int min_recv_size = lp_min_receive_file_size();
415 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
417 if (!NT_STATUS_IS_OK(status)) {
421 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
422 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
423 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
424 !srv_is_signing_active(sconn) &&
425 sconn->smb1.echo_handler.trusted_fde == NULL) {
427 return receive_smb_raw_talloc_partial_read(
428 mem_ctx, lenbuf, sconn, sock, buffer, timeout,
432 if (!valid_packet_size(len)) {
433 return NT_STATUS_INVALID_PARAMETER;
437 * The +4 here can't wrap, we've checked the length above already.
440 *buffer = talloc_array(mem_ctx, char, len+4);
442 if (*buffer == NULL) {
443 DEBUG(0, ("Could not allocate inbuf of length %d\n",
445 return NT_STATUS_NO_MEMORY;
448 memcpy(*buffer, lenbuf, sizeof(lenbuf));
450 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
451 if (!NT_STATUS_IS_OK(status)) {
459 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
460 struct smbd_server_connection *sconn,
462 char **buffer, unsigned int timeout,
463 size_t *p_unread, bool *p_encrypted,
466 bool trusted_channel)
471 *p_encrypted = false;
473 status = receive_smb_raw_talloc(mem_ctx, sconn, sock, buffer, timeout,
475 if (!NT_STATUS_IS_OK(status)) {
476 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
477 ("receive_smb_raw_talloc failed for client %s "
478 "read error = %s.\n",
479 tsocket_address_string(sconn->remote_address,
481 nt_errstr(status)) );
485 if (is_encrypted_packet(sconn, (uint8_t *)*buffer)) {
486 status = srv_decrypt_buffer(sconn, *buffer);
487 if (!NT_STATUS_IS_OK(status)) {
488 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
489 "incoming packet! Error %s\n",
490 nt_errstr(status) ));
496 /* Check the incoming SMB signature. */
497 if (!srv_check_sign_mac(sconn, *buffer, seqnum, trusted_channel)) {
498 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
499 "incoming packet!\n"));
500 return NT_STATUS_INVALID_NETWORK_RESPONSE;
508 * Initialize a struct smb_request from an inbuf
511 static bool init_smb_request(struct smb_request *req,
512 struct smbd_server_connection *sconn,
514 size_t unread_bytes, bool encrypted,
517 size_t req_size = smb_len(inbuf) + 4;
518 /* Ensure we have at least smb_size bytes. */
519 if (req_size < smb_size) {
520 DEBUG(0,("init_smb_request: invalid request size %u\n",
521 (unsigned int)req_size ));
524 req->cmd = CVAL(inbuf, smb_com);
525 req->flags2 = SVAL(inbuf, smb_flg2);
526 req->smbpid = SVAL(inbuf, smb_pid);
527 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
528 req->seqnum = seqnum;
529 req->vuid = SVAL(inbuf, smb_uid);
530 req->tid = SVAL(inbuf, smb_tid);
531 req->wct = CVAL(inbuf, smb_wct);
532 req->vwv = (const uint16_t *)(inbuf+smb_vwv);
533 req->buflen = smb_buflen(inbuf);
534 req->buf = (const uint8_t *)smb_buf_const(inbuf);
535 req->unread_bytes = unread_bytes;
536 req->encrypted = encrypted;
538 req->conn = conn_find(sconn,req->tid);
539 req->chain_fsp = NULL;
540 req->chain_outbuf = NULL;
543 req->priv_paths = NULL;
544 smb_init_perfcount_data(&req->pcd);
546 /* Ensure we have at least wct words and 2 bytes of bcc. */
547 if (smb_size + req->wct*2 > req_size) {
548 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
549 (unsigned int)req->wct,
550 (unsigned int)req_size));
553 /* Ensure bcc is correct. */
554 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
555 DEBUG(0,("init_smb_request: invalid bcc number %u "
556 "(wct = %u, size %u)\n",
557 (unsigned int)req->buflen,
558 (unsigned int)req->wct,
559 (unsigned int)req_size));
567 static void process_smb(struct smbd_server_connection *conn,
568 uint8_t *inbuf, size_t nread, size_t unread_bytes,
569 uint32_t seqnum, bool encrypted,
570 struct smb_perfcount_data *deferred_pcd);
572 static void smbd_deferred_open_timer(struct event_context *ev,
573 struct timed_event *te,
574 struct timeval _tval,
577 struct pending_message_list *msg = talloc_get_type(private_data,
578 struct pending_message_list);
579 struct smbd_server_connection *sconn = msg->sconn;
580 TALLOC_CTX *mem_ctx = talloc_tos();
581 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
584 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
587 exit_server("smbd_deferred_open_timer: talloc failed\n");
591 /* We leave this message on the queue so the open code can
592 know this is a retry. */
593 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
594 (unsigned long long)mid ));
596 /* Mark the message as processed so this is not
597 * re-processed in error. */
598 msg->processed = true;
600 process_smb(sconn, inbuf,
602 msg->seqnum, msg->encrypted, &msg->pcd);
604 /* If it's still there and was processed, remove it. */
605 msg = get_deferred_open_message_smb(sconn, mid);
606 if (msg && msg->processed) {
607 remove_deferred_open_message_smb(sconn, mid);
611 /****************************************************************************
612 Function to push a message onto the tail of a linked list of smb messages ready
614 ****************************************************************************/
616 static bool push_queued_message(struct smb_request *req,
617 struct timeval request_time,
618 struct timeval end_time,
619 char *private_data, size_t private_len)
621 int msg_len = smb_len(req->inbuf) + 4;
622 struct pending_message_list *msg;
624 msg = talloc_zero(NULL, struct pending_message_list);
627 DEBUG(0,("push_message: malloc fail (1)\n"));
630 msg->sconn = req->sconn;
632 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
633 if(msg->buf.data == NULL) {
634 DEBUG(0,("push_message: malloc fail (2)\n"));
639 msg->request_time = request_time;
640 msg->seqnum = req->seqnum;
641 msg->encrypted = req->encrypted;
642 msg->processed = false;
643 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
646 msg->private_data = data_blob_talloc(msg, private_data,
648 if (msg->private_data.data == NULL) {
649 DEBUG(0,("push_message: malloc fail (3)\n"));
655 msg->te = tevent_add_timer(msg->sconn->ev_ctx,
658 smbd_deferred_open_timer,
661 DEBUG(0,("push_message: event_add_timed failed\n"));
666 DLIST_ADD_END(req->sconn->deferred_open_queue, msg,
667 struct pending_message_list *);
669 DEBUG(10,("push_message: pushed message length %u on "
670 "deferred_open_queue\n", (unsigned int)msg_len));
675 /****************************************************************************
676 Function to delete a sharing violation open message by mid.
677 ****************************************************************************/
679 void remove_deferred_open_message_smb(struct smbd_server_connection *sconn,
682 struct pending_message_list *pml;
684 if (sconn->using_smb2) {
685 remove_deferred_open_message_smb2(sconn, mid);
689 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
690 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
691 DEBUG(10,("remove_deferred_open_message_smb: "
692 "deleting mid %llu len %u\n",
693 (unsigned long long)mid,
694 (unsigned int)pml->buf.length ));
695 DLIST_REMOVE(sconn->deferred_open_queue, pml);
702 /****************************************************************************
703 Move a sharing violation open retry message to the front of the list and
704 schedule it for immediate processing.
705 ****************************************************************************/
707 void schedule_deferred_open_message_smb(struct smbd_server_connection *sconn,
710 struct pending_message_list *pml;
713 if (sconn->using_smb2) {
714 schedule_deferred_open_message_smb2(sconn, mid);
718 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
719 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
721 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
724 (unsigned long long)msg_mid ));
726 if (mid == msg_mid) {
727 struct timed_event *te;
729 if (pml->processed) {
730 /* A processed message should not be
732 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
733 "message mid %llu was already processed\n",
734 (unsigned long long)msg_mid ));
738 DEBUG(10,("schedule_deferred_open_message_smb: "
739 "scheduling mid %llu\n",
740 (unsigned long long)mid ));
742 te = tevent_add_timer(pml->sconn->ev_ctx,
745 smbd_deferred_open_timer,
748 DEBUG(10,("schedule_deferred_open_message_smb: "
749 "event_add_timed() failed, "
750 "skipping mid %llu\n",
751 (unsigned long long)msg_mid ));
754 TALLOC_FREE(pml->te);
756 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
761 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
762 "find message mid %llu\n",
763 (unsigned long long)mid ));
766 /****************************************************************************
767 Return true if this mid is on the deferred queue and was not yet processed.
768 ****************************************************************************/
770 bool open_was_deferred(struct smbd_server_connection *sconn, uint64_t mid)
772 struct pending_message_list *pml;
774 if (sconn->using_smb2) {
775 return open_was_deferred_smb2(sconn, mid);
778 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
779 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
786 /****************************************************************************
787 Return the message queued by this mid.
788 ****************************************************************************/
790 static struct pending_message_list *get_deferred_open_message_smb(
791 struct smbd_server_connection *sconn, uint64_t mid)
793 struct pending_message_list *pml;
795 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
796 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
803 /****************************************************************************
804 Get the state data queued by this mid.
805 ****************************************************************************/
807 bool get_deferred_open_message_state(struct smb_request *smbreq,
808 struct timeval *p_request_time,
811 struct pending_message_list *pml;
813 if (smbreq->sconn->using_smb2) {
814 return get_deferred_open_message_state_smb2(smbreq->smb2req,
819 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
823 if (p_request_time) {
824 *p_request_time = pml->request_time;
827 *pp_state = (void *)pml->private_data.data;
832 /****************************************************************************
833 Function to push a deferred open smb message onto a linked list of local smb
834 messages ready for processing.
835 ****************************************************************************/
837 bool push_deferred_open_message_smb(struct smb_request *req,
838 struct timeval request_time,
839 struct timeval timeout,
841 char *private_data, size_t priv_len)
843 struct timeval end_time;
846 return push_deferred_open_message_smb2(req->smb2req,
854 if (req->unread_bytes) {
855 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
856 "unread_bytes = %u\n",
857 (unsigned int)req->unread_bytes ));
858 smb_panic("push_deferred_open_message_smb: "
859 "logic error unread_bytes != 0" );
862 end_time = timeval_sum(&request_time, &timeout);
864 DEBUG(10,("push_deferred_open_message_smb: pushing message "
865 "len %u mid %llu timeout time [%u.%06u]\n",
866 (unsigned int) smb_len(req->inbuf)+4,
867 (unsigned long long)req->mid,
868 (unsigned int)end_time.tv_sec,
869 (unsigned int)end_time.tv_usec));
871 return push_queued_message(req, request_time, end_time,
872 private_data, priv_len);
875 static void smbd_sig_term_handler(struct tevent_context *ev,
876 struct tevent_signal *se,
882 exit_server_cleanly("termination signal");
885 void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
887 struct tevent_signal *se;
889 se = tevent_add_signal(sconn->ev_ctx,
892 smbd_sig_term_handler,
895 exit_server("failed to setup SIGTERM handler");
899 static void smbd_sig_hup_handler(struct tevent_context *ev,
900 struct tevent_signal *se,
906 struct smbd_server_connection *sconn =
907 talloc_get_type_abort(private_data,
908 struct smbd_server_connection);
910 change_to_root_user();
911 DEBUG(1,("Reloading services after SIGHUP\n"));
912 reload_services(sconn, conn_snum_used, false);
915 void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
917 struct tevent_signal *se;
919 se = tevent_add_signal(sconn->ev_ctx,
922 smbd_sig_hup_handler,
925 exit_server("failed to setup SIGHUP handler");
929 static void smbd_conf_updated(struct messaging_context *msg,
932 struct server_id server_id,
935 struct smbd_server_connection *sconn =
936 talloc_get_type_abort(private_data,
937 struct smbd_server_connection);
939 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
940 "updated. Reloading.\n"));
941 change_to_root_user();
942 reload_services(sconn, conn_snum_used, false);
946 * Only allow 5 outstanding trans requests. We're allocating memory, so
950 NTSTATUS allow_new_trans(struct trans_state *list, uint64_t mid)
953 for (; list != NULL; list = list->next) {
955 if (list->mid == mid) {
956 return NT_STATUS_INVALID_PARAMETER;
962 return NT_STATUS_INSUFFICIENT_RESOURCES;
969 These flags determine some of the permissions required to do an operation
971 Note that I don't set NEED_WRITE on some write operations because they
972 are used by some brain-dead clients when printing, and I don't want to
973 force write permissions on print services.
975 #define AS_USER (1<<0)
976 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
977 #define TIME_INIT (1<<2)
978 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
979 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
980 #define DO_CHDIR (1<<6)
983 define a list of possible SMB messages and their corresponding
984 functions. Any message that has a NULL function is unimplemented -
985 please feel free to contribute implementations!
987 static const struct smb_message_struct {
989 void (*fn)(struct smb_request *req);
991 } smb_messages[256] = {
993 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
994 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
995 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
996 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
997 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
998 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
999 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1000 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1001 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1002 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1003 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1004 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1005 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1006 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1007 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1008 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1009 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1010 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1011 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1012 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1013 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1014 /* 0x15 */ { NULL, NULL, 0 },
1015 /* 0x16 */ { NULL, NULL, 0 },
1016 /* 0x17 */ { NULL, NULL, 0 },
1017 /* 0x18 */ { NULL, NULL, 0 },
1018 /* 0x19 */ { NULL, NULL, 0 },
1019 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1020 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1021 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1022 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1023 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1024 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1025 /* 0x20 */ { "SMBwritec", NULL,0},
1026 /* 0x21 */ { NULL, NULL, 0 },
1027 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1028 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1029 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1030 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1031 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1032 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1033 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1034 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1035 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1036 /* 0x2b */ { "SMBecho",reply_echo,0},
1037 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1038 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1039 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1040 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1041 /* 0x30 */ { NULL, NULL, 0 },
1042 /* 0x31 */ { NULL, NULL, 0 },
1043 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1044 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
1045 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1046 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1047 /* 0x36 */ { NULL, NULL, 0 },
1048 /* 0x37 */ { NULL, NULL, 0 },
1049 /* 0x38 */ { NULL, NULL, 0 },
1050 /* 0x39 */ { NULL, NULL, 0 },
1051 /* 0x3a */ { NULL, NULL, 0 },
1052 /* 0x3b */ { NULL, NULL, 0 },
1053 /* 0x3c */ { NULL, NULL, 0 },
1054 /* 0x3d */ { NULL, NULL, 0 },
1055 /* 0x3e */ { NULL, NULL, 0 },
1056 /* 0x3f */ { NULL, NULL, 0 },
1057 /* 0x40 */ { NULL, NULL, 0 },
1058 /* 0x41 */ { NULL, NULL, 0 },
1059 /* 0x42 */ { NULL, NULL, 0 },
1060 /* 0x43 */ { NULL, NULL, 0 },
1061 /* 0x44 */ { NULL, NULL, 0 },
1062 /* 0x45 */ { NULL, NULL, 0 },
1063 /* 0x46 */ { NULL, NULL, 0 },
1064 /* 0x47 */ { NULL, NULL, 0 },
1065 /* 0x48 */ { NULL, NULL, 0 },
1066 /* 0x49 */ { NULL, NULL, 0 },
1067 /* 0x4a */ { NULL, NULL, 0 },
1068 /* 0x4b */ { NULL, NULL, 0 },
1069 /* 0x4c */ { NULL, NULL, 0 },
1070 /* 0x4d */ { NULL, NULL, 0 },
1071 /* 0x4e */ { NULL, NULL, 0 },
1072 /* 0x4f */ { NULL, NULL, 0 },
1073 /* 0x50 */ { NULL, NULL, 0 },
1074 /* 0x51 */ { NULL, NULL, 0 },
1075 /* 0x52 */ { NULL, NULL, 0 },
1076 /* 0x53 */ { NULL, NULL, 0 },
1077 /* 0x54 */ { NULL, NULL, 0 },
1078 /* 0x55 */ { NULL, NULL, 0 },
1079 /* 0x56 */ { NULL, NULL, 0 },
1080 /* 0x57 */ { NULL, NULL, 0 },
1081 /* 0x58 */ { NULL, NULL, 0 },
1082 /* 0x59 */ { NULL, NULL, 0 },
1083 /* 0x5a */ { NULL, NULL, 0 },
1084 /* 0x5b */ { NULL, NULL, 0 },
1085 /* 0x5c */ { NULL, NULL, 0 },
1086 /* 0x5d */ { NULL, NULL, 0 },
1087 /* 0x5e */ { NULL, NULL, 0 },
1088 /* 0x5f */ { NULL, NULL, 0 },
1089 /* 0x60 */ { NULL, NULL, 0 },
1090 /* 0x61 */ { NULL, NULL, 0 },
1091 /* 0x62 */ { NULL, NULL, 0 },
1092 /* 0x63 */ { NULL, NULL, 0 },
1093 /* 0x64 */ { NULL, NULL, 0 },
1094 /* 0x65 */ { NULL, NULL, 0 },
1095 /* 0x66 */ { NULL, NULL, 0 },
1096 /* 0x67 */ { NULL, NULL, 0 },
1097 /* 0x68 */ { NULL, NULL, 0 },
1098 /* 0x69 */ { NULL, NULL, 0 },
1099 /* 0x6a */ { NULL, NULL, 0 },
1100 /* 0x6b */ { NULL, NULL, 0 },
1101 /* 0x6c */ { NULL, NULL, 0 },
1102 /* 0x6d */ { NULL, NULL, 0 },
1103 /* 0x6e */ { NULL, NULL, 0 },
1104 /* 0x6f */ { NULL, NULL, 0 },
1105 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1106 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1107 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1108 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1109 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1110 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1111 /* 0x76 */ { NULL, NULL, 0 },
1112 /* 0x77 */ { NULL, NULL, 0 },
1113 /* 0x78 */ { NULL, NULL, 0 },
1114 /* 0x79 */ { NULL, NULL, 0 },
1115 /* 0x7a */ { NULL, NULL, 0 },
1116 /* 0x7b */ { NULL, NULL, 0 },
1117 /* 0x7c */ { NULL, NULL, 0 },
1118 /* 0x7d */ { NULL, NULL, 0 },
1119 /* 0x7e */ { NULL, NULL, 0 },
1120 /* 0x7f */ { NULL, NULL, 0 },
1121 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1122 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1123 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1124 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1125 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1126 /* 0x85 */ { NULL, NULL, 0 },
1127 /* 0x86 */ { NULL, NULL, 0 },
1128 /* 0x87 */ { NULL, NULL, 0 },
1129 /* 0x88 */ { NULL, NULL, 0 },
1130 /* 0x89 */ { NULL, NULL, 0 },
1131 /* 0x8a */ { NULL, NULL, 0 },
1132 /* 0x8b */ { NULL, NULL, 0 },
1133 /* 0x8c */ { NULL, NULL, 0 },
1134 /* 0x8d */ { NULL, NULL, 0 },
1135 /* 0x8e */ { NULL, NULL, 0 },
1136 /* 0x8f */ { NULL, NULL, 0 },
1137 /* 0x90 */ { NULL, NULL, 0 },
1138 /* 0x91 */ { NULL, NULL, 0 },
1139 /* 0x92 */ { NULL, NULL, 0 },
1140 /* 0x93 */ { NULL, NULL, 0 },
1141 /* 0x94 */ { NULL, NULL, 0 },
1142 /* 0x95 */ { NULL, NULL, 0 },
1143 /* 0x96 */ { NULL, NULL, 0 },
1144 /* 0x97 */ { NULL, NULL, 0 },
1145 /* 0x98 */ { NULL, NULL, 0 },
1146 /* 0x99 */ { NULL, NULL, 0 },
1147 /* 0x9a */ { NULL, NULL, 0 },
1148 /* 0x9b */ { NULL, NULL, 0 },
1149 /* 0x9c */ { NULL, NULL, 0 },
1150 /* 0x9d */ { NULL, NULL, 0 },
1151 /* 0x9e */ { NULL, NULL, 0 },
1152 /* 0x9f */ { NULL, NULL, 0 },
1153 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1154 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1155 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1156 /* 0xa3 */ { NULL, NULL, 0 },
1157 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1158 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1159 /* 0xa6 */ { NULL, NULL, 0 },
1160 /* 0xa7 */ { NULL, NULL, 0 },
1161 /* 0xa8 */ { NULL, NULL, 0 },
1162 /* 0xa9 */ { NULL, NULL, 0 },
1163 /* 0xaa */ { NULL, NULL, 0 },
1164 /* 0xab */ { NULL, NULL, 0 },
1165 /* 0xac */ { NULL, NULL, 0 },
1166 /* 0xad */ { NULL, NULL, 0 },
1167 /* 0xae */ { NULL, NULL, 0 },
1168 /* 0xaf */ { NULL, NULL, 0 },
1169 /* 0xb0 */ { NULL, NULL, 0 },
1170 /* 0xb1 */ { NULL, NULL, 0 },
1171 /* 0xb2 */ { NULL, NULL, 0 },
1172 /* 0xb3 */ { NULL, NULL, 0 },
1173 /* 0xb4 */ { NULL, NULL, 0 },
1174 /* 0xb5 */ { NULL, NULL, 0 },
1175 /* 0xb6 */ { NULL, NULL, 0 },
1176 /* 0xb7 */ { NULL, NULL, 0 },
1177 /* 0xb8 */ { NULL, NULL, 0 },
1178 /* 0xb9 */ { NULL, NULL, 0 },
1179 /* 0xba */ { NULL, NULL, 0 },
1180 /* 0xbb */ { NULL, NULL, 0 },
1181 /* 0xbc */ { NULL, NULL, 0 },
1182 /* 0xbd */ { NULL, NULL, 0 },
1183 /* 0xbe */ { NULL, NULL, 0 },
1184 /* 0xbf */ { NULL, NULL, 0 },
1185 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1186 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1187 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1188 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1189 /* 0xc4 */ { NULL, NULL, 0 },
1190 /* 0xc5 */ { NULL, NULL, 0 },
1191 /* 0xc6 */ { NULL, NULL, 0 },
1192 /* 0xc7 */ { NULL, NULL, 0 },
1193 /* 0xc8 */ { NULL, NULL, 0 },
1194 /* 0xc9 */ { NULL, NULL, 0 },
1195 /* 0xca */ { NULL, NULL, 0 },
1196 /* 0xcb */ { NULL, NULL, 0 },
1197 /* 0xcc */ { NULL, NULL, 0 },
1198 /* 0xcd */ { NULL, NULL, 0 },
1199 /* 0xce */ { NULL, NULL, 0 },
1200 /* 0xcf */ { NULL, NULL, 0 },
1201 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1202 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1203 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1204 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1205 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1206 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1207 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1208 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1209 /* 0xd8 */ { NULL, NULL, 0 },
1210 /* 0xd9 */ { NULL, NULL, 0 },
1211 /* 0xda */ { NULL, NULL, 0 },
1212 /* 0xdb */ { NULL, NULL, 0 },
1213 /* 0xdc */ { NULL, NULL, 0 },
1214 /* 0xdd */ { NULL, NULL, 0 },
1215 /* 0xde */ { NULL, NULL, 0 },
1216 /* 0xdf */ { NULL, NULL, 0 },
1217 /* 0xe0 */ { NULL, NULL, 0 },
1218 /* 0xe1 */ { NULL, NULL, 0 },
1219 /* 0xe2 */ { NULL, NULL, 0 },
1220 /* 0xe3 */ { NULL, NULL, 0 },
1221 /* 0xe4 */ { NULL, NULL, 0 },
1222 /* 0xe5 */ { NULL, NULL, 0 },
1223 /* 0xe6 */ { NULL, NULL, 0 },
1224 /* 0xe7 */ { NULL, NULL, 0 },
1225 /* 0xe8 */ { NULL, NULL, 0 },
1226 /* 0xe9 */ { NULL, NULL, 0 },
1227 /* 0xea */ { NULL, NULL, 0 },
1228 /* 0xeb */ { NULL, NULL, 0 },
1229 /* 0xec */ { NULL, NULL, 0 },
1230 /* 0xed */ { NULL, NULL, 0 },
1231 /* 0xee */ { NULL, NULL, 0 },
1232 /* 0xef */ { NULL, NULL, 0 },
1233 /* 0xf0 */ { NULL, NULL, 0 },
1234 /* 0xf1 */ { NULL, NULL, 0 },
1235 /* 0xf2 */ { NULL, NULL, 0 },
1236 /* 0xf3 */ { NULL, NULL, 0 },
1237 /* 0xf4 */ { NULL, NULL, 0 },
1238 /* 0xf5 */ { NULL, NULL, 0 },
1239 /* 0xf6 */ { NULL, NULL, 0 },
1240 /* 0xf7 */ { NULL, NULL, 0 },
1241 /* 0xf8 */ { NULL, NULL, 0 },
1242 /* 0xf9 */ { NULL, NULL, 0 },
1243 /* 0xfa */ { NULL, NULL, 0 },
1244 /* 0xfb */ { NULL, NULL, 0 },
1245 /* 0xfc */ { NULL, NULL, 0 },
1246 /* 0xfd */ { NULL, NULL, 0 },
1247 /* 0xfe */ { NULL, NULL, 0 },
1248 /* 0xff */ { NULL, NULL, 0 }
1252 /*******************************************************************
1253 allocate and initialize a reply packet
1254 ********************************************************************/
1256 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1257 const char *inbuf, char **outbuf, uint8_t num_words,
1261 * Protect against integer wrap
1263 if ((num_bytes > 0xffffff)
1264 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1266 if (asprintf(&msg, "num_bytes too large: %u",
1267 (unsigned)num_bytes) == -1) {
1268 msg = discard_const_p(char, "num_bytes too large");
1273 *outbuf = talloc_array(mem_ctx, char,
1274 smb_size + num_words*2 + num_bytes);
1275 if (*outbuf == NULL) {
1279 construct_reply_common(req, inbuf, *outbuf);
1280 srv_set_message(*outbuf, num_words, num_bytes, false);
1282 * Zero out the word area, the caller has to take care of the bcc area
1285 if (num_words != 0) {
1286 memset(*outbuf + smb_vwv0, 0, num_words*2);
1292 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1295 if (!create_outbuf(req, req, (const char *)req->inbuf, &outbuf, num_words,
1297 smb_panic("could not allocate output buffer\n");
1299 req->outbuf = (uint8_t *)outbuf;
1303 /*******************************************************************
1304 Dump a packet to a file.
1305 ********************************************************************/
1307 static void smb_dump(const char *name, int type, const char *data)
1312 if (DEBUGLEVEL < 50) {
1316 len = smb_len_tcp(data)+4;
1317 for (i=1;i<100;i++) {
1318 if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1319 type ? "req" : "resp") == -1) {
1322 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1323 if (fd != -1 || errno != EEXIST) break;
1326 ssize_t ret = write(fd, data, len);
1328 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1330 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1335 /****************************************************************************
1336 Prepare everything for calling the actual request function, and potentially
1337 call the request function via the "new" interface.
1339 Return False if the "legacy" function needs to be called, everything is
1342 Return True if we're done.
1344 I know this API sucks, but it is the one with the least code change I could
1346 ****************************************************************************/
1348 static connection_struct *switch_message(uint8 type, struct smb_request *req)
1352 connection_struct *conn = NULL;
1353 struct smbd_server_connection *sconn = req->sconn;
1358 if (smb_messages[type].fn == NULL) {
1359 DEBUG(0,("Unknown message type %d!\n",type));
1360 smb_dump("Unknown", 1, (const char *)req->inbuf);
1361 reply_unknown_new(req, type);
1365 flags = smb_messages[type].flags;
1367 /* In share mode security we must ignore the vuid. */
1368 session_tag = req->vuid;
1371 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1372 (int)sys_getpid(), (unsigned long)conn));
1374 smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf);
1376 /* Ensure this value is replaced in the incoming packet. */
1377 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
1380 * Ensure the correct username is in current_user_info. This is a
1381 * really ugly bugfix for problems with multiple session_setup_and_X's
1382 * being done and allowing %U and %G substitutions to work correctly.
1383 * There is a reason this code is done here, don't move it unless you
1384 * know what you're doing... :-).
1388 if (session_tag != sconn->smb1.sessions.last_session_tag) {
1389 user_struct *vuser = NULL;
1391 sconn->smb1.sessions.last_session_tag = session_tag;
1392 if(session_tag != UID_FIELD_INVALID) {
1393 vuser = get_valid_user_struct(sconn, session_tag);
1395 set_current_user_info(
1396 vuser->session_info->unix_info->sanitized_username,
1397 vuser->session_info->unix_info->unix_name,
1398 vuser->session_info->info->domain_name);
1403 /* Does this call need to be run as the connected user? */
1404 if (flags & AS_USER) {
1406 /* Does this call need a valid tree connection? */
1409 * Amazingly, the error code depends on the command
1412 if (type == SMBntcreateX) {
1413 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1415 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1420 if (!change_to_user(conn,session_tag)) {
1421 DEBUG(0, ("Error: Could not change to user. Removing "
1422 "deferred open, mid=%llu.\n",
1423 (unsigned long long)req->mid));
1424 reply_force_doserror(req, ERRSRV, ERRbaduid);
1428 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1430 /* Does it need write permission? */
1431 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1432 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1436 /* IPC services are limited */
1437 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1438 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1442 /* This call needs to be run as root */
1443 change_to_root_user();
1446 /* load service specific parameters */
1448 if (req->encrypted) {
1449 conn->encrypted_tid = true;
1450 /* encrypted required from now on. */
1451 conn->encrypt_level = Required;
1452 } else if (ENCRYPTION_REQUIRED(conn)) {
1453 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1454 exit_server_cleanly("encryption required "
1460 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1461 (flags & (AS_USER|DO_CHDIR)
1463 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1466 conn->num_smb_operations++;
1469 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
1471 if (raddr == NULL) {
1472 reply_nterror(req, NT_STATUS_NO_MEMORY);
1476 /* does this protocol need to be run as guest? */
1477 if ((flags & AS_GUEST)
1478 && (!change_to_guest() ||
1479 !allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
1480 sconn->remote_hostname,
1482 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1486 smb_messages[type].fn(req);
1490 /****************************************************************************
1491 Construct a reply to the incoming packet.
1492 ****************************************************************************/
1494 static void construct_reply(struct smbd_server_connection *sconn,
1495 char *inbuf, int size, size_t unread_bytes,
1496 uint32_t seqnum, bool encrypted,
1497 struct smb_perfcount_data *deferred_pcd)
1499 connection_struct *conn;
1500 struct smb_request *req;
1502 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1503 smb_panic("could not allocate smb_request");
1506 if (!init_smb_request(req, sconn, (uint8 *)inbuf, unread_bytes,
1507 encrypted, seqnum)) {
1508 exit_server_cleanly("Invalid SMB request");
1511 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1513 /* we popped this message off the queue - keep original perf data */
1515 req->pcd = *deferred_pcd;
1517 SMB_PERFCOUNT_START(&req->pcd);
1518 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1519 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1522 conn = switch_message(req->cmd, req);
1529 if (req->outbuf == NULL) {
1533 if (CVAL(req->outbuf,0) == 0) {
1534 show_msg((char *)req->outbuf);
1537 if (!srv_send_smb(req->sconn,
1538 (char *)req->outbuf,
1539 true, req->seqnum+1,
1540 IS_CONN_ENCRYPTED(conn)||req->encrypted,
1542 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1550 /****************************************************************************
1551 Process an smb from the client
1552 ****************************************************************************/
1553 static void process_smb(struct smbd_server_connection *sconn,
1554 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1555 uint32_t seqnum, bool encrypted,
1556 struct smb_perfcount_data *deferred_pcd)
1558 int msg_type = CVAL(inbuf,0);
1560 DO_PROFILE_INC(smb_count);
1562 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1564 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1565 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
1567 if (msg_type != NBSSmessage) {
1569 * NetBIOS session request, keepalive, etc.
1571 reply_special(sconn, (char *)inbuf, nread);
1575 if (sconn->using_smb2) {
1576 /* At this point we're not really using smb2,
1577 * we make the decision here.. */
1578 if (smbd_is_smb2_header(inbuf, nread)) {
1579 smbd_smb2_first_negprot(sconn, inbuf, nread);
1581 } else if (nread >= smb_size && valid_smb_header(sconn, inbuf)
1582 && CVAL(inbuf, smb_com) != 0x72) {
1583 /* This is a non-negprot SMB1 packet.
1584 Disable SMB2 from now on. */
1585 sconn->using_smb2 = false;
1589 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1590 * so subtract 4 from it. */
1591 if ((nread < (smb_size - 4)) || !valid_smb_header(sconn, inbuf)) {
1592 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1595 /* special magic for immediate exit */
1597 (IVAL(inbuf, 4) == 0x74697865) &&
1598 lp_parm_bool(-1, "smbd", "suicide mode", false)) {
1599 uint8_t exitcode = CVAL(inbuf, 8);
1600 DEBUG(1, ("Exiting immediately with code %d\n",
1605 exit_server_cleanly("Non-SMB packet");
1608 show_msg((char *)inbuf);
1610 construct_reply(sconn, (char *)inbuf, nread, unread_bytes, seqnum,
1611 encrypted, deferred_pcd);
1615 sconn->num_requests++;
1617 /* The timeout_processing function isn't run nearly
1618 often enough to implement 'max log size' without
1619 overrunning the size of the file by many megabytes.
1620 This is especially true if we are running at debug
1621 level 10. Checking every 50 SMBs is a nice
1622 tradeoff of performance vs log file size overrun. */
1624 if ((sconn->num_requests % 50) == 0 &&
1625 need_to_check_log_size()) {
1626 change_to_root_user();
1631 /****************************************************************************
1632 Return a string containing the function name of a SMB command.
1633 ****************************************************************************/
1635 const char *smb_fn_name(int type)
1637 const char *unknown_name = "SMBunknown";
1639 if (smb_messages[type].name == NULL)
1640 return(unknown_name);
1642 return(smb_messages[type].name);
1645 /****************************************************************************
1646 Helper functions for contruct_reply.
1647 ****************************************************************************/
1649 void add_to_common_flags2(uint32 v)
1654 void remove_from_common_flags2(uint32 v)
1656 common_flags2 &= ~v;
1659 static void construct_reply_common(struct smb_request *req, const char *inbuf,
1662 uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
1663 uint16_t out_flags2 = common_flags2;
1665 out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
1666 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
1667 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
1669 srv_set_message(outbuf,0,0,false);
1671 SCVAL(outbuf, smb_com, req->cmd);
1672 SIVAL(outbuf,smb_rcls,0);
1673 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1674 SSVAL(outbuf,smb_flg2, out_flags2);
1675 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1676 memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
1678 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1679 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1680 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1681 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1684 void construct_reply_common_req(struct smb_request *req, char *outbuf)
1686 construct_reply_common(req, (const char *)req->inbuf, outbuf);
1690 * How many bytes have we already accumulated up to the current wct field
1694 size_t req_wct_ofs(struct smb_request *req)
1698 if (req->chain_outbuf == NULL) {
1701 buf_size = talloc_get_size(req->chain_outbuf);
1702 if ((buf_size % 4) != 0) {
1703 buf_size += (4 - (buf_size % 4));
1705 return buf_size - 4;
1709 * Hack around reply_nterror & friends not being aware of chained requests,
1710 * generating illegal (i.e. wct==0) chain replies.
1713 static void fixup_chain_error_packet(struct smb_request *req)
1715 uint8_t *outbuf = req->outbuf;
1717 reply_outbuf(req, 2, 0);
1718 memcpy(req->outbuf, outbuf, smb_wct);
1719 TALLOC_FREE(outbuf);
1720 SCVAL(req->outbuf, smb_vwv0, 0xff);
1724 * @brief Find the smb_cmd offset of the last command pushed
1725 * @param[in] buf The buffer we're building up
1726 * @retval Where can we put our next andx cmd?
1728 * While chaining requests, the "next" request we're looking at needs to put
1729 * its SMB_Command before the data the previous request already built up added
1730 * to the chain. Find the offset to the place where we have to put our cmd.
1733 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
1738 cmd = CVAL(buf, smb_com);
1740 if (!is_andx_req(cmd)) {
1746 while (CVAL(buf, ofs) != 0xff) {
1748 if (!is_andx_req(CVAL(buf, ofs))) {
1753 * ofs is from start of smb header, so add the 4 length
1754 * bytes. The next cmd is right after the wct field.
1756 ofs = SVAL(buf, ofs+2) + 4 + 1;
1758 if (ofs+4 >= talloc_get_size(buf)) {
1768 * @brief Do the smb chaining at a buffer level
1769 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
1770 * @param[in] andx_buf Buffer to be appended
1773 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
1775 uint8_t smb_command = CVAL(andx_buf, smb_com);
1776 uint8_t wct = CVAL(andx_buf, smb_wct);
1777 const uint16_t *vwv = (const uint16_t *)(andx_buf + smb_vwv);
1778 uint32_t num_bytes = smb_buflen(andx_buf);
1779 const uint8_t *bytes = (const uint8_t *)smb_buf_const(andx_buf);
1782 size_t old_size, new_size;
1784 size_t chain_padding = 0;
1785 size_t andx_cmd_ofs;
1788 old_size = talloc_get_size(*poutbuf);
1790 if ((old_size % 4) != 0) {
1792 * Align the wct field of subsequent requests to a 4-byte
1795 chain_padding = 4 - (old_size % 4);
1799 * After the old request comes the new wct field (1 byte), the vwv's
1800 * and the num_bytes field.
1803 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
1804 new_size += num_bytes;
1806 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
1807 DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
1808 (unsigned)new_size));
1812 outbuf = talloc_realloc(NULL, *poutbuf, uint8_t, new_size);
1813 if (outbuf == NULL) {
1814 DEBUG(0, ("talloc failed\n"));
1819 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
1820 DEBUG(1, ("invalid command chain\n"));
1821 *poutbuf = talloc_realloc(NULL, *poutbuf, uint8_t, old_size);
1825 if (chain_padding != 0) {
1826 memset(outbuf + old_size, 0, chain_padding);
1827 old_size += chain_padding;
1830 SCVAL(outbuf, andx_cmd_ofs, smb_command);
1831 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
1836 * Push the chained request:
1841 SCVAL(outbuf, ofs, wct);
1848 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
1849 ofs += sizeof(uint16_t) * wct;
1855 SSVAL(outbuf, ofs, num_bytes);
1856 ofs += sizeof(uint16_t);
1862 memcpy(outbuf + ofs, bytes, num_bytes);
1867 /****************************************************************************
1868 Construct a chained reply and add it to the already made reply
1869 ****************************************************************************/
1871 void chain_reply(struct smb_request *req)
1873 size_t smblen = smb_len(req->inbuf);
1874 size_t already_used, length_needed;
1876 uint32_t chain_offset; /* uint32_t to avoid overflow */
1879 const uint16_t *vwv;
1883 if (IVAL(req->outbuf, smb_rcls) != 0) {
1884 fixup_chain_error_packet(req);
1888 * Any of the AndX requests and replies have at least a wct of
1889 * 2. vwv[0] is the next command, vwv[1] is the offset from the
1890 * beginning of the SMB header to the next wct field.
1892 * None of the AndX requests put anything valuable in vwv[0] and [1],
1893 * so we can overwrite it here to form the chain.
1896 if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
1897 if (req->chain_outbuf == NULL) {
1898 req->chain_outbuf = talloc_realloc(
1899 req, req->outbuf, uint8_t,
1900 smb_len(req->outbuf) + 4);
1901 if (req->chain_outbuf == NULL) {
1902 smb_panic("talloc failed");
1910 * Here we assume that this is the end of the chain. For that we need
1911 * to set "next command" to 0xff and the offset to 0. If we later find
1912 * more commands in the chain, this will be overwritten again.
1915 SCVAL(req->outbuf, smb_vwv0, 0xff);
1916 SCVAL(req->outbuf, smb_vwv0+1, 0);
1917 SSVAL(req->outbuf, smb_vwv1, 0);
1919 if (req->chain_outbuf == NULL) {
1921 * In req->chain_outbuf we collect all the replies. Start the
1922 * chain by copying in the first reply.
1924 * We do the realloc because later on we depend on
1925 * talloc_get_size to determine the length of
1926 * chain_outbuf. The reply_xxx routines might have
1927 * over-allocated (reply_pipe_read_and_X used to be such an
1930 req->chain_outbuf = talloc_realloc(
1931 req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
1932 if (req->chain_outbuf == NULL) {
1933 smb_panic("talloc failed");
1938 * Update smb headers where subsequent chained commands
1939 * may have updated them.
1941 SSVAL(req->chain_outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
1942 SSVAL(req->chain_outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
1944 if (!smb_splice_chain(&req->chain_outbuf, req->outbuf)) {
1947 TALLOC_FREE(req->outbuf);
1951 * We use the old request's vwv field to grab the next chained command
1952 * and offset into the chained fields.
1955 chain_cmd = CVAL(req->vwv+0, 0);
1956 chain_offset = SVAL(req->vwv+1, 0);
1958 if (chain_cmd == 0xff) {
1960 * End of chain, no more requests from the client. So ship the
1963 smb_setlen((char *)(req->chain_outbuf),
1964 talloc_get_size(req->chain_outbuf) - 4);
1966 if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
1967 true, req->seqnum+1,
1968 IS_CONN_ENCRYPTED(req->conn)
1971 exit_server_cleanly("chain_reply: srv_send_smb "
1974 TALLOC_FREE(req->chain_outbuf);
1979 /* add a new perfcounter for this element of chain */
1980 SMB_PERFCOUNT_ADD(&req->pcd);
1981 SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd);
1982 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen);
1985 * Check if the client tries to fool us. The chain offset
1986 * needs to point beyond the current request in the chain, it
1987 * needs to strictly grow. Otherwise we might be tricked into
1988 * an endless loop always processing the same request over and
1989 * over again. We used to assume that vwv and the byte buffer
1990 * array in a chain are always attached, but OS/2 the
1991 * Write&X/Read&X chain puts the Read&X vwv array right behind
1992 * the Write&X vwv chain. The Write&X bcc array is put behind
1993 * the Read&X vwv array. So now we check whether the chain
1994 * offset points strictly behind the previous vwv
1995 * array. req->buf points right after the vwv array of the
1996 * previous request. See
1997 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for more
2001 already_used = PTR_DIFF(req->buf, smb_base(req->inbuf));
2002 if (chain_offset <= already_used) {
2007 * Next check: Make sure the chain offset does not point beyond the
2008 * overall smb request length.
2011 length_needed = chain_offset+1; /* wct */
2012 if (length_needed > smblen) {
2017 * Now comes the pointer magic. Goal here is to set up req->vwv and
2018 * req->buf correctly again to be able to call the subsequent
2019 * switch_message(). The chain offset (the former vwv[1]) points at
2020 * the new wct field.
2023 wct = CVAL(smb_base(req->inbuf), chain_offset);
2026 * Next consistency check: Make the new vwv array fits in the overall
2030 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
2031 if (length_needed > smblen) {
2034 vwv = (const uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
2037 * Now grab the new byte buffer....
2040 buflen = SVAL(vwv+wct, 0);
2043 * .. and check that it fits.
2046 length_needed += buflen;
2047 if (length_needed > smblen) {
2050 buf = (const uint8_t *)(vwv+wct+1);
2052 req->cmd = chain_cmd;
2054 req->vwv = discard_const_p(uint16_t, vwv);
2055 req->buflen = buflen;
2058 switch_message(chain_cmd, req);
2060 if (req->outbuf == NULL) {
2062 * This happens if the chained command has suspended itself or
2063 * if it has called srv_send_smb() itself.
2069 * We end up here if the chained command was not itself chained or
2070 * suspended, but for example a close() command. We now need to splice
2071 * the chained commands' outbuf into the already built up chain_outbuf
2072 * and ship the result.
2078 * We end up here if there's any error in the chain syntax. Report a
2079 * DOS error, just like Windows does.
2081 reply_force_doserror(req, ERRSRV, ERRerror);
2082 fixup_chain_error_packet(req);
2086 * This scary statement intends to set the
2087 * FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf
2088 * to the value req->outbuf carries
2090 SSVAL(req->chain_outbuf, smb_flg2,
2091 (SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
2092 | (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
2095 * Transfer the error codes from the subrequest to the main one
2097 SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
2098 SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err));
2100 if (!smb_splice_chain(&req->chain_outbuf, req->outbuf)) {
2101 exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
2103 TALLOC_FREE(req->outbuf);
2105 smb_setlen((char *)(req->chain_outbuf),
2106 talloc_get_size(req->chain_outbuf) - 4);
2108 show_msg((char *)(req->chain_outbuf));
2110 if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
2111 true, req->seqnum+1,
2112 IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
2114 exit_server_cleanly("chain_reply: srv_send_smb failed.");
2116 TALLOC_FREE(req->chain_outbuf);
2120 /****************************************************************************
2121 Check if services need reloading.
2122 ****************************************************************************/
2124 static void check_reload(struct smbd_server_connection *sconn, time_t t)
2127 if (last_smb_conf_reload_time == 0) {
2128 last_smb_conf_reload_time = t;
2131 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2132 reload_services(sconn, conn_snum_used, true);
2133 last_smb_conf_reload_time = t;
2137 static bool fd_is_readable(int fd)
2141 ret = poll_one_fd(fd, POLLIN|POLLHUP, 0, &revents);
2143 return ((ret > 0) && ((revents & (POLLIN|POLLHUP|POLLERR)) != 0));
2147 static void smbd_server_connection_write_handler(
2148 struct smbd_server_connection *sconn)
2150 /* TODO: make write nonblocking */
2153 static void smbd_server_connection_read_handler(
2154 struct smbd_server_connection *sconn, int fd)
2156 uint8_t *inbuf = NULL;
2157 size_t inbuf_len = 0;
2158 size_t unread_bytes = 0;
2159 bool encrypted = false;
2160 TALLOC_CTX *mem_ctx = talloc_tos();
2166 if (lp_async_smb_echo_handler()
2167 && fd_is_readable(sconn->smb1.echo_handler.trusted_fd)) {
2169 * This is the super-ugly hack to prefer the packets
2170 * forwarded by the echo handler over the ones by the
2173 fd = sconn->smb1.echo_handler.trusted_fd;
2176 from_client = (sconn->sock == fd);
2179 smbd_lock_socket(sconn);
2181 if (!fd_is_readable(fd)) {
2182 DEBUG(10,("the echo listener was faster\n"));
2183 smbd_unlock_socket(sconn);
2188 /* TODO: make this completely nonblocking */
2189 status = receive_smb_talloc(mem_ctx, sconn, fd,
2190 (char **)(void *)&inbuf,
2194 &inbuf_len, &seqnum,
2195 false /* trusted channel */);
2198 smbd_unlock_socket(sconn);
2201 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2204 if (NT_STATUS_IS_ERR(status)) {
2205 exit_server_cleanly("failed to receive smb request");
2207 if (!NT_STATUS_IS_OK(status)) {
2212 process_smb(sconn, inbuf, inbuf_len, unread_bytes,
2213 seqnum, encrypted, NULL);
2216 static void smbd_server_connection_handler(struct event_context *ev,
2217 struct fd_event *fde,
2221 struct smbd_server_connection *conn = talloc_get_type(private_data,
2222 struct smbd_server_connection);
2224 if (flags & EVENT_FD_WRITE) {
2225 smbd_server_connection_write_handler(conn);
2228 if (flags & EVENT_FD_READ) {
2229 smbd_server_connection_read_handler(conn, conn->sock);
2234 static void smbd_server_echo_handler(struct event_context *ev,
2235 struct fd_event *fde,
2239 struct smbd_server_connection *conn = talloc_get_type(private_data,
2240 struct smbd_server_connection);
2242 if (flags & EVENT_FD_WRITE) {
2243 smbd_server_connection_write_handler(conn);
2246 if (flags & EVENT_FD_READ) {
2247 smbd_server_connection_read_handler(
2248 conn, conn->smb1.echo_handler.trusted_fd);
2253 #ifdef CLUSTER_SUPPORT
2254 /****************************************************************************
2255 received when we should release a specific IP
2256 ****************************************************************************/
2257 static void release_ip(const char *ip, void *priv)
2259 const char *addr = (const char *)priv;
2260 const char *p = addr;
2262 if (strncmp("::ffff:", addr, 7) == 0) {
2266 DEBUG(10, ("Got release IP message for %s, "
2267 "our address is %s\n", ip, p));
2269 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2270 /* we can't afford to do a clean exit - that involves
2271 database writes, which would potentially mean we
2272 are still running after the failover has finished -
2273 we have to get rid of this process ID straight
2275 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2277 /* note we must exit with non-zero status so the unclean handler gets
2278 called in the parent, so that the brl database is tickled */
2283 static int client_get_tcp_info(int sock, struct sockaddr_storage *server,
2284 struct sockaddr_storage *client)
2287 length = sizeof(*server);
2288 if (getsockname(sock, (struct sockaddr *)server, &length) != 0) {
2291 length = sizeof(*client);
2292 if (getpeername(sock, (struct sockaddr *)client, &length) != 0) {
2300 * Send keepalive packets to our client
2302 static bool keepalive_fn(const struct timeval *now, void *private_data)
2304 struct smbd_server_connection *sconn = talloc_get_type_abort(
2305 private_data, struct smbd_server_connection);
2308 if (sconn->using_smb2) {
2309 /* Don't do keepalives on an SMB2 connection. */
2313 smbd_lock_socket(sconn);
2314 ret = send_keepalive(sconn->sock);
2315 smbd_unlock_socket(sconn);
2318 char addr[INET6_ADDRSTRLEN];
2320 * Try and give an error message saying what
2323 DEBUG(0, ("send_keepalive failed for client %s. "
2324 "Error %s - exiting\n",
2325 get_peer_addr(sconn->sock, addr, sizeof(addr)),
2333 * Do the recurring check if we're idle
2335 static bool deadtime_fn(const struct timeval *now, void *private_data)
2337 struct smbd_server_connection *sconn =
2338 (struct smbd_server_connection *)private_data;
2340 if ((conn_num_open(sconn) == 0)
2341 || (conn_idle_all(sconn, now->tv_sec))) {
2342 DEBUG( 2, ( "Closing idle connection\n" ) );
2343 messaging_send(sconn->msg_ctx,
2344 messaging_server_id(sconn->msg_ctx),
2345 MSG_SHUTDOWN, &data_blob_null);
2353 * Do the recurring log file and smb.conf reload checks.
2356 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2358 struct smbd_server_connection *sconn = talloc_get_type_abort(
2359 private_data, struct smbd_server_connection);
2361 DEBUG(5, ("housekeeping\n"));
2363 change_to_root_user();
2365 /* update printer queue caches if necessary */
2366 update_monitored_printq_cache(sconn->msg_ctx);
2368 /* check if we need to reload services */
2369 check_reload(sconn, time_mono(NULL));
2371 /* Change machine password if neccessary. */
2372 attempt_machine_password_change();
2375 * Force a log file check.
2377 force_check_log_size();
2383 * Read an smb packet in the echo handler child, giving the parent
2384 * smbd one second to react once the socket becomes readable.
2387 struct smbd_echo_read_state {
2388 struct tevent_context *ev;
2389 struct smbd_server_connection *sconn;
2396 static void smbd_echo_read_readable(struct tevent_req *subreq);
2397 static void smbd_echo_read_waited(struct tevent_req *subreq);
2399 static struct tevent_req *smbd_echo_read_send(
2400 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
2401 struct smbd_server_connection *sconn)
2403 struct tevent_req *req, *subreq;
2404 struct smbd_echo_read_state *state;
2406 req = tevent_req_create(mem_ctx, &state,
2407 struct smbd_echo_read_state);
2412 state->sconn = sconn;
2414 subreq = wait_for_read_send(state, ev, sconn->sock);
2415 if (tevent_req_nomem(subreq, req)) {
2416 return tevent_req_post(req, ev);
2418 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2422 static void smbd_echo_read_readable(struct tevent_req *subreq)
2424 struct tevent_req *req = tevent_req_callback_data(
2425 subreq, struct tevent_req);
2426 struct smbd_echo_read_state *state = tevent_req_data(
2427 req, struct smbd_echo_read_state);
2431 ok = wait_for_read_recv(subreq, &err);
2432 TALLOC_FREE(subreq);
2434 tevent_req_nterror(req, map_nt_error_from_unix(err));
2439 * Give the parent smbd one second to step in
2442 subreq = tevent_wakeup_send(
2443 state, state->ev, timeval_current_ofs(1, 0));
2444 if (tevent_req_nomem(subreq, req)) {
2447 tevent_req_set_callback(subreq, smbd_echo_read_waited, req);
2450 static void smbd_echo_read_waited(struct tevent_req *subreq)
2452 struct tevent_req *req = tevent_req_callback_data(
2453 subreq, struct tevent_req);
2454 struct smbd_echo_read_state *state = tevent_req_data(
2455 req, struct smbd_echo_read_state);
2456 struct smbd_server_connection *sconn = state->sconn;
2462 ok = tevent_wakeup_recv(subreq);
2463 TALLOC_FREE(subreq);
2465 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
2469 ok = smbd_lock_socket_internal(sconn);
2471 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2472 DEBUG(0, ("%s: failed to lock socket\n", __location__));
2476 if (!fd_is_readable(sconn->sock)) {
2477 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
2478 (int)sys_getpid()));
2480 ok = smbd_unlock_socket_internal(sconn);
2482 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2483 DEBUG(1, ("%s: failed to unlock socket\n",
2488 subreq = wait_for_read_send(state, state->ev, sconn->sock);
2489 if (tevent_req_nomem(subreq, req)) {
2492 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2496 status = receive_smb_talloc(state, sconn, sconn->sock, &state->buf,
2502 false /* trusted_channel*/);
2504 if (tevent_req_nterror(req, status)) {
2505 tevent_req_nterror(req, status);
2506 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
2507 (int)sys_getpid(), nt_errstr(status)));
2511 ok = smbd_unlock_socket_internal(sconn);
2513 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2514 DEBUG(1, ("%s: failed to unlock socket\n", __location__));
2517 tevent_req_done(req);
2520 static NTSTATUS smbd_echo_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2521 char **pbuf, size_t *pbuflen, uint32_t *pseqnum)
2523 struct smbd_echo_read_state *state = tevent_req_data(
2524 req, struct smbd_echo_read_state);
2527 if (tevent_req_is_nterror(req, &status)) {
2530 *pbuf = talloc_move(mem_ctx, &state->buf);
2531 *pbuflen = state->buflen;
2532 *pseqnum = state->seqnum;
2533 return NT_STATUS_OK;
2536 struct smbd_echo_state {
2537 struct tevent_context *ev;
2538 struct iovec *pending;
2539 struct smbd_server_connection *sconn;
2542 struct tevent_fd *parent_fde;
2544 struct tevent_req *write_req;
2547 static void smbd_echo_writer_done(struct tevent_req *req);
2549 static void smbd_echo_activate_writer(struct smbd_echo_state *state)
2553 if (state->write_req != NULL) {
2557 num_pending = talloc_array_length(state->pending);
2558 if (num_pending == 0) {
2562 state->write_req = writev_send(state, state->ev, NULL,
2563 state->parent_pipe, false,
2564 state->pending, num_pending);
2565 if (state->write_req == NULL) {
2566 DEBUG(1, ("writev_send failed\n"));
2570 talloc_steal(state->write_req, state->pending);
2571 state->pending = NULL;
2573 tevent_req_set_callback(state->write_req, smbd_echo_writer_done,
2577 static void smbd_echo_writer_done(struct tevent_req *req)
2579 struct smbd_echo_state *state = tevent_req_callback_data(
2580 req, struct smbd_echo_state);
2584 written = writev_recv(req, &err);
2586 state->write_req = NULL;
2587 if (written == -1) {
2588 DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
2591 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)sys_getpid()));
2592 smbd_echo_activate_writer(state);
2595 static bool smbd_echo_reply(struct smbd_echo_state *state,
2596 uint8_t *inbuf, size_t inbuf_len,
2599 struct smb_request req;
2600 uint16_t num_replies;
2604 if ((inbuf_len == 4) && (CVAL(inbuf, 0) == NBSSkeepalive)) {
2605 DEBUG(10, ("Got netbios keepalive\n"));
2612 if (inbuf_len < smb_size) {
2613 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
2616 if (!valid_smb_header(state->sconn, inbuf)) {
2617 DEBUG(10, ("Got invalid SMB header\n"));
2621 if (!init_smb_request(&req, state->sconn, inbuf, 0, false,
2627 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req.cmd,
2628 smb_messages[req.cmd].name
2629 ? smb_messages[req.cmd].name : "unknown"));
2631 if (req.cmd != SMBecho) {
2638 num_replies = SVAL(req.vwv+0, 0);
2639 if (num_replies != 1) {
2640 /* Not a Windows "Hey, you're still there?" request */
2644 if (!create_outbuf(talloc_tos(), &req, (const char *)req.inbuf, &outbuf,
2646 DEBUG(10, ("create_outbuf failed\n"));
2649 req.outbuf = (uint8_t *)outbuf;
2651 SSVAL(req.outbuf, smb_vwv0, num_replies);
2653 if (req.buflen > 0) {
2654 memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
2657 ok = srv_send_smb(req.sconn,
2661 TALLOC_FREE(outbuf);
2669 static void smbd_echo_exit(struct tevent_context *ev,
2670 struct tevent_fd *fde, uint16_t flags,
2673 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
2677 static void smbd_echo_got_packet(struct tevent_req *req);
2679 static void smbd_echo_loop(struct smbd_server_connection *sconn,
2682 struct smbd_echo_state *state;
2683 struct tevent_req *read_req;
2685 state = talloc_zero(sconn, struct smbd_echo_state);
2686 if (state == NULL) {
2687 DEBUG(1, ("talloc failed\n"));
2690 state->sconn = sconn;
2691 state->parent_pipe = parent_pipe;
2692 state->ev = s3_tevent_context_init(state);
2693 if (state->ev == NULL) {
2694 DEBUG(1, ("tevent_context_init failed\n"));
2698 state->parent_fde = tevent_add_fd(state->ev, state, parent_pipe,
2699 TEVENT_FD_READ, smbd_echo_exit,
2701 if (state->parent_fde == NULL) {
2702 DEBUG(1, ("tevent_add_fd failed\n"));
2707 read_req = smbd_echo_read_send(state, state->ev, sconn);
2708 if (read_req == NULL) {
2709 DEBUG(1, ("smbd_echo_read_send failed\n"));
2713 tevent_req_set_callback(read_req, smbd_echo_got_packet, state);
2716 if (tevent_loop_once(state->ev) == -1) {
2717 DEBUG(1, ("tevent_loop_once failed: %s\n",
2725 static void smbd_echo_got_packet(struct tevent_req *req)
2727 struct smbd_echo_state *state = tevent_req_callback_data(
2728 req, struct smbd_echo_state);
2732 uint32_t seqnum = 0;
2735 status = smbd_echo_read_recv(req, state, &buf, &buflen, &seqnum);
2737 if (!NT_STATUS_IS_OK(status)) {
2738 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
2739 nt_errstr(status)));
2743 reply = smbd_echo_reply(state, (uint8_t *)buf, buflen, seqnum);
2749 num_pending = talloc_array_length(state->pending);
2750 tmp = talloc_realloc(state, state->pending, struct iovec,
2753 DEBUG(1, ("talloc_realloc failed\n"));
2756 state->pending = tmp;
2758 if (buflen >= smb_size) {
2760 * place the seqnum in the packet so that the main process
2761 * can reply with signing
2763 SIVAL(buf, smb_ss_field, seqnum);
2764 SIVAL(buf, smb_ss_field+4, NT_STATUS_V(NT_STATUS_OK));
2767 iov = &state->pending[num_pending];
2768 iov->iov_base = buf;
2769 iov->iov_len = buflen;
2771 DEBUG(10,("echo_handler[%d]: forward to main\n",
2772 (int)sys_getpid()));
2773 smbd_echo_activate_writer(state);
2776 req = smbd_echo_read_send(state, state->ev, state->sconn);
2778 DEBUG(1, ("smbd_echo_read_send failed\n"));
2781 tevent_req_set_callback(req, smbd_echo_got_packet, state);
2786 * Handle SMBecho requests in a forked child process
2788 bool fork_echo_handler(struct smbd_server_connection *sconn)
2790 int listener_pipe[2];
2794 res = pipe(listener_pipe);
2796 DEBUG(1, ("pipe() failed: %s\n", strerror(errno)));
2799 sconn->smb1.echo_handler.socket_lock_fd = create_unlink_tmp(lp_lockdir());
2800 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
2801 DEBUG(1, ("Could not create lock fd: %s\n", strerror(errno)));
2809 close(listener_pipe[0]);
2810 set_blocking(listener_pipe[1], false);
2812 status = reinit_after_fork(sconn->msg_ctx,
2815 if (!NT_STATUS_IS_OK(status)) {
2816 DEBUG(1, ("reinit_after_fork failed: %s\n",
2817 nt_errstr(status)));
2820 smbd_echo_loop(sconn, listener_pipe[1]);
2823 close(listener_pipe[1]);
2824 listener_pipe[1] = -1;
2825 sconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
2827 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)sys_getpid(), child));
2830 * Without smb signing this is the same as the normal smbd
2831 * listener. This needs to change once signing comes in.
2833 sconn->smb1.echo_handler.trusted_fde = tevent_add_fd(sconn->ev_ctx,
2835 sconn->smb1.echo_handler.trusted_fd,
2837 smbd_server_echo_handler,
2839 if (sconn->smb1.echo_handler.trusted_fde == NULL) {
2840 DEBUG(1, ("event_add_fd failed\n"));
2847 if (listener_pipe[0] != -1) {
2848 close(listener_pipe[0]);
2850 if (listener_pipe[1] != -1) {
2851 close(listener_pipe[1]);
2853 sconn->smb1.echo_handler.trusted_fd = -1;
2854 if (sconn->smb1.echo_handler.socket_lock_fd != -1) {
2855 close(sconn->smb1.echo_handler.socket_lock_fd);
2857 sconn->smb1.echo_handler.trusted_fd = -1;
2858 sconn->smb1.echo_handler.socket_lock_fd = -1;
2864 static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn,
2865 struct sockaddr_storage *srv,
2866 struct sockaddr_storage *clnt)
2868 struct ctdbd_connection *cconn;
2869 char tmp_addr[INET6_ADDRSTRLEN];
2872 cconn = messaging_ctdbd_connection();
2873 if (cconn == NULL) {
2874 return NT_STATUS_NO_MEMORY;
2877 client_socket_addr(sconn->sock, tmp_addr, sizeof(tmp_addr));
2878 addr = talloc_strdup(cconn, tmp_addr);
2880 return NT_STATUS_NO_MEMORY;
2882 return ctdbd_register_ips(cconn, srv, clnt, release_ip, addr);
2887 static bool uid_in_use(const struct user_struct *user, uid_t uid)
2890 if (user->session_info &&
2891 (user->session_info->unix_token->uid == uid)) {
2899 static bool gid_in_use(const struct user_struct *user, gid_t gid)
2902 if (user->session_info != NULL) {
2904 struct security_unix_token *utok;
2906 utok = user->session_info->unix_token;
2907 if (utok->gid == gid) {
2910 for(i=0; i<utok->ngroups; i++) {
2911 if (utok->groups[i] == gid) {
2921 static bool sid_in_use(const struct user_struct *user,
2922 const struct dom_sid *psid)
2925 struct security_token *tok;
2927 if (user->session_info == NULL) {
2930 tok = user->session_info->security_token;
2933 * Not sure session_info->security_token can
2934 * ever be NULL. This check might be not
2939 if (security_token_has_sid(tok, psid)) {
2947 static bool id_in_use(const struct user_struct *user,
2948 const struct id_cache_ref *id)
2952 return uid_in_use(user, id->id.uid);
2954 return gid_in_use(user, id->id.gid);
2956 return sid_in_use(user, &id->id.sid);
2963 static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
2966 struct server_id server_id,
2969 const char *msg = (data && data->data)
2970 ? (const char *)data->data : "<NULL>";
2971 struct user_struct *validated_users;
2972 struct id_cache_ref id;
2973 struct smbd_server_connection *sconn =
2974 talloc_get_type_abort(private_data,
2975 struct smbd_server_connection);
2977 validated_users = sconn->smb1.sessions.validated_users;
2979 if (!id_cache_ref_parse(msg, &id)) {
2980 DEBUG(0, ("Invalid ?ID: %s\n", msg));
2984 if (id_in_use(validated_users, &id)) {
2985 exit_server_cleanly(msg);
2987 id_cache_delete_from_cache(&id);
2990 /****************************************************************************
2991 Process commands from the client
2992 ****************************************************************************/
2994 void smbd_process(struct tevent_context *ev_ctx,
2995 struct smbd_server_connection *sconn)
2997 TALLOC_CTX *frame = talloc_stackframe();
2998 struct sockaddr_storage ss;
2999 struct sockaddr *sa = NULL;
3000 socklen_t sa_socklen;
3001 struct tsocket_address *local_address = NULL;
3002 struct tsocket_address *remote_address = NULL;
3003 const char *locaddr = NULL;
3004 const char *remaddr = NULL;
3008 if (lp_srv_maxprotocol() >= PROTOCOL_SMB2_02) {
3010 * We're not making the decision here,
3011 * we're just allowing the client
3012 * to decide between SMB1 and SMB2
3013 * with the first negprot
3016 sconn->using_smb2 = true;
3019 /* Ensure child is set to blocking mode */
3020 set_blocking(sconn->sock,True);
3022 set_socket_options(sconn->sock, "SO_KEEPALIVE");
3023 set_socket_options(sconn->sock, lp_socket_options());
3025 sa = (struct sockaddr *)(void *)&ss;
3026 sa_socklen = sizeof(ss);
3027 ret = getpeername(sconn->sock, sa, &sa_socklen);
3029 int level = (errno == ENOTCONN)?2:0;
3030 DEBUG(level,("getpeername() failed - %s\n", strerror(errno)));
3031 exit_server_cleanly("getpeername() failed.\n");
3033 ret = tsocket_address_bsd_from_sockaddr(sconn,
3037 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3038 __location__, strerror(errno)));
3039 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3042 sa = (struct sockaddr *)(void *)&ss;
3043 sa_socklen = sizeof(ss);
3044 ret = getsockname(sconn->sock, sa, &sa_socklen);
3046 int level = (errno == ENOTCONN)?2:0;
3047 DEBUG(level,("getsockname() failed - %s\n", strerror(errno)));
3048 exit_server_cleanly("getsockname() failed.\n");
3050 ret = tsocket_address_bsd_from_sockaddr(sconn,
3054 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3055 __location__, strerror(errno)));
3056 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3059 sconn->local_address = local_address;
3060 sconn->remote_address = remote_address;
3062 if (tsocket_address_is_inet(local_address, "ip")) {
3063 locaddr = tsocket_address_inet_addr_string(
3064 sconn->local_address,
3066 if (locaddr == NULL) {
3067 DEBUG(0,("%s: tsocket_address_inet_addr_string local failed - %s\n",
3068 __location__, strerror(errno)));
3069 exit_server_cleanly("tsocket_address_inet_addr_string local failed.\n");
3072 locaddr = "0.0.0.0";
3075 if (tsocket_address_is_inet(remote_address, "ip")) {
3076 remaddr = tsocket_address_inet_addr_string(
3077 sconn->remote_address,
3079 if (remaddr == NULL) {
3080 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3081 __location__, strerror(errno)));
3082 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3085 remaddr = "0.0.0.0";
3088 /* this is needed so that we get decent entries
3089 in smbstatus for port 445 connects */
3090 set_remote_machine_name(remaddr, false);
3091 reload_services(sconn, conn_snum_used, true);
3094 * Before the first packet, check the global hosts allow/ hosts deny
3095 * parameters before doing any parsing of packets passed to us by the
3096 * client. This prevents attacks on our parsing code from hosts not in
3097 * the hosts allow list.
3100 ret = get_remote_hostname(remote_address,
3104 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3105 __location__, strerror(errno)));
3106 exit_server_cleanly("get_remote_hostname failed.\n");
3108 if (strequal(rhost, "UNKNOWN")) {
3109 rhost = talloc_strdup(talloc_tos(), remaddr);
3111 sconn->remote_hostname = talloc_move(sconn, &rhost);
3113 sub_set_socket_ids(remaddr,
3114 sconn->remote_hostname,
3117 if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
3118 sconn->remote_hostname,
3121 * send a negative session response "not listening on calling
3124 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
3125 DEBUG( 1, ("Connection denied from %s to %s\n",
3126 tsocket_address_string(remote_address, talloc_tos()),
3127 tsocket_address_string(local_address, talloc_tos())));
3128 (void)srv_send_smb(sconn,(char *)buf, false,
3130 exit_server_cleanly("connection denied");
3133 DEBUG(10, ("Connection allowed from %s to %s\n",
3134 tsocket_address_string(remote_address, talloc_tos()),
3135 tsocket_address_string(local_address, talloc_tos())));
3139 smb_perfcount_init();
3141 if (!init_account_policy()) {
3142 exit_server("Could not open account policy tdb.\n");
3145 if (*lp_rootdir()) {
3146 if (chroot(lp_rootdir()) != 0) {
3147 DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
3148 exit_server("Failed to chroot()");
3150 if (chdir("/") == -1) {
3151 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
3152 exit_server("Failed to chroot()");
3154 DEBUG(0,("Changed root to %s\n", lp_rootdir()));
3157 if (!srv_init_signing(sconn)) {
3158 exit_server("Failed to init smb_signing");
3162 if (!init_oplocks(sconn))
3163 exit_server("Failed to init oplocks");
3165 /* register our message handlers */
3166 messaging_register(sconn->msg_ctx, sconn,
3167 MSG_SMB_FORCE_TDIS, msg_force_tdis);
3168 messaging_register(sconn->msg_ctx, sconn,
3169 MSG_SMB_CLOSE_FILE, msg_close_file);
3170 messaging_register(sconn->msg_ctx, sconn,
3171 MSG_SMB_FILE_RENAME, msg_file_was_renamed);
3173 id_cache_register_msgs(sconn->msg_ctx);
3174 messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
3175 messaging_register(sconn->msg_ctx, sconn,
3176 ID_CACHE_KILL, smbd_id_cache_kill);
3178 messaging_deregister(sconn->msg_ctx,
3179 MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
3180 messaging_register(sconn->msg_ctx, sconn,
3181 MSG_SMB_CONF_UPDATED, smbd_conf_updated);
3184 * Use the default MSG_DEBUG handler to avoid rebroadcasting
3185 * MSGs to all child processes
3187 messaging_deregister(sconn->msg_ctx,
3189 messaging_register(sconn->msg_ctx, NULL,
3190 MSG_DEBUG, debug_message);
3192 if ((lp_keepalive() != 0)
3193 && !(event_add_idle(ev_ctx, NULL,
3194 timeval_set(lp_keepalive(), 0),
3195 "keepalive", keepalive_fn,
3197 DEBUG(0, ("Could not add keepalive event\n"));
3201 if (!(event_add_idle(ev_ctx, NULL,
3202 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
3203 "deadtime", deadtime_fn, sconn))) {
3204 DEBUG(0, ("Could not add deadtime event\n"));
3208 if (!(event_add_idle(ev_ctx, NULL,
3209 timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
3210 "housekeeping", housekeeping_fn, sconn))) {
3211 DEBUG(0, ("Could not add housekeeping event\n"));
3215 #ifdef CLUSTER_SUPPORT
3217 if (lp_clustering()) {
3219 * We need to tell ctdb about our client's TCP
3220 * connection, so that for failover ctdbd can send
3221 * tickle acks, triggering a reconnection by the
3225 struct sockaddr_storage srv, clnt;
3227 if (client_get_tcp_info(sconn->sock, &srv, &clnt) == 0) {
3229 status = smbd_register_ips(sconn, &srv, &clnt);
3230 if (!NT_STATUS_IS_OK(status)) {
3231 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3232 nt_errstr(status)));
3236 DEBUG(0,("Unable to get tcp info for "
3237 "CTDB_CONTROL_TCP_CLIENT: %s\n",
3244 sconn->nbt.got_session = false;
3246 sconn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
3248 sconn->smb1.sessions.done_sesssetup = false;
3249 sconn->smb1.sessions.max_send = BUFFER_SIZE;
3250 sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
3251 /* this holds info on user ids that are already validated for this VC */
3252 sconn->smb1.sessions.validated_users = NULL;
3253 sconn->smb1.sessions.next_vuid = VUID_OFFSET;
3254 sconn->smb1.sessions.num_validated_vuids = 0;
3257 if (!init_dptrs(sconn)) {
3258 exit_server("init_dptrs() failed");
3261 sconn->smb1.fde = event_add_fd(ev_ctx,
3265 smbd_server_connection_handler,
3267 if (!sconn->smb1.fde) {
3268 exit_server("failed to create smbd_server_connection fde");
3274 frame = talloc_stackframe_pool(8192);
3277 if (tevent_loop_once(ev_ctx) == -1) {
3278 if (errno != EINTR) {
3279 DEBUG(3, ("tevent_loop_once failed: %s,"
3280 " exiting\n", strerror(errno) ));
3288 exit_server_cleanly(NULL);
3291 bool req_is_in_chain(struct smb_request *req)
3293 if (req->vwv != (const uint16_t *)(req->inbuf+smb_vwv)) {
3295 * We're right now handling a subsequent request, so we must
3301 if (!is_andx_req(req->cmd)) {
3307 * Okay, an illegal request, but definitely not chained :-)
3312 return (CVAL(req->vwv+0, 0) != 0xFF);