2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan Metzmacher 2011-2012
5 Copyright (C) Michael Adam 2012
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "dbwrap/dbwrap.h"
27 #include "dbwrap/dbwrap_rbt.h"
28 #include "dbwrap/dbwrap_open.h"
29 #include "dbwrap/dbwrap_watch.h"
32 #include "auth/gensec/gensec.h"
33 #include "../lib/tsocket/tsocket.h"
34 #include "../libcli/security/security.h"
36 #include "lib/util/util_tdb.h"
37 #include "librpc/gen_ndr/ndr_smbXsrv.h"
39 #include "lib/util/tevent_ntstatus.h"
41 struct smbXsrv_session_table {
43 struct db_context *db_ctx;
46 uint32_t max_sessions;
47 uint32_t num_sessions;
50 struct db_context *db_ctx;
54 static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
55 uint64_t session_id, NTTIME now,
56 struct smbXsrv_session **session);
58 static struct db_context *smbXsrv_session_global_db_ctx = NULL;
60 NTSTATUS smbXsrv_session_global_init(void)
62 char *global_path = NULL;
63 struct db_context *db_ctx = NULL;
65 if (smbXsrv_session_global_db_ctx != NULL) {
70 * This contains secret information like session keys!
72 global_path = lock_path("smbXsrv_session_global.tdb");
73 if (global_path == NULL) {
74 return NT_STATUS_NO_MEMORY;
77 db_ctx = db_open(NULL, global_path,
81 TDB_INCOMPATIBLE_HASH,
82 O_RDWR | O_CREAT, 0600,
85 TALLOC_FREE(global_path);
89 status = map_nt_error_from_unix_common(errno);
94 smbXsrv_session_global_db_ctx = db_ctx;
101 * We need to store the keys in big endian so that dbwrap_rbt's memcmp
102 * has the same result as integer comparison between the uint32_t
105 * TODO: implement string based key
108 #define SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE sizeof(uint32_t)
110 static TDB_DATA smbXsrv_session_global_id_to_key(uint32_t id,
115 RSIVAL(key_buf, 0, id);
117 key = make_tdb_data(key_buf, SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE);
123 static NTSTATUS smbXsrv_session_global_key_to_id(TDB_DATA key, uint32_t *id)
126 return NT_STATUS_INVALID_PARAMETER;
129 if (key.dsize != SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE) {
130 return NT_STATUS_INTERNAL_DB_CORRUPTION;
133 *id = RIVAL(key.dptr, 0);
139 #define SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE sizeof(uint32_t)
141 static TDB_DATA smbXsrv_session_local_id_to_key(uint32_t id,
146 RSIVAL(key_buf, 0, id);
148 key = make_tdb_data(key_buf, SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE);
153 static NTSTATUS smbXsrv_session_local_key_to_id(TDB_DATA key, uint32_t *id)
156 return NT_STATUS_INVALID_PARAMETER;
159 if (key.dsize != SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE) {
160 return NT_STATUS_INTERNAL_DB_CORRUPTION;
163 *id = RIVAL(key.dptr, 0);
168 static void smbXsrv_session_close_loop(struct tevent_req *subreq);
170 static NTSTATUS smbXsrv_session_table_init(struct smbXsrv_connection *conn,
173 uint32_t max_sessions)
175 struct smbXsrv_client *client = conn->client;
176 struct smbXsrv_session_table *table;
178 struct tevent_req *subreq;
181 if (lowest_id > highest_id) {
182 return NT_STATUS_INTERNAL_ERROR;
185 max_range = highest_id;
186 max_range -= lowest_id;
189 if (max_sessions > max_range) {
190 return NT_STATUS_INTERNAL_ERROR;
193 table = talloc_zero(client, struct smbXsrv_session_table);
195 return NT_STATUS_NO_MEMORY;
198 table->local.db_ctx = db_open_rbt(table);
199 if (table->local.db_ctx == NULL) {
201 return NT_STATUS_NO_MEMORY;
203 table->local.lowest_id = lowest_id;
204 table->local.highest_id = highest_id;
205 table->local.max_sessions = max_sessions;
207 status = smbXsrv_session_global_init();
208 if (!NT_STATUS_IS_OK(status)) {
213 table->global.db_ctx = smbXsrv_session_global_db_ctx;
215 dbwrap_watch_db(table->global.db_ctx, client->msg_ctx);
217 subreq = messaging_read_send(table, client->ev_ctx, client->msg_ctx,
218 MSG_SMBXSRV_SESSION_CLOSE);
219 if (subreq == NULL) {
221 return NT_STATUS_NO_MEMORY;
223 tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
225 client->session_table = table;
229 static void smbXsrv_session_close_loop(struct tevent_req *subreq)
231 struct smbXsrv_client *client =
232 tevent_req_callback_data(subreq,
233 struct smbXsrv_client);
234 struct smbXsrv_session_table *table = client->session_table;
236 struct messaging_rec *rec = NULL;
237 struct smbXsrv_session_closeB close_blob;
238 enum ndr_err_code ndr_err;
239 struct smbXsrv_session_close0 *close_info0 = NULL;
240 struct smbXsrv_session *session = NULL;
242 struct timeval tv = timeval_current();
243 NTTIME now = timeval_to_nttime(&tv);
245 ret = messaging_read_recv(subreq, talloc_tos(), &rec);
251 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &close_blob,
252 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_closeB);
253 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
254 status = ndr_map_error2ntstatus(ndr_err);
255 DEBUG(1,("smbXsrv_session_close_loop: "
256 "ndr_pull_struct_blob - %s\n",
261 DEBUG(10,("smbXsrv_session_close_loop: MSG_SMBXSRV_SESSION_CLOSE\n"));
263 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
266 if (close_blob.version != SMBXSRV_VERSION_0) {
267 DEBUG(0,("smbXsrv_session_close_loop: "
268 "ignore invalid version %u\n", close_blob.version));
269 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
273 close_info0 = close_blob.info.info0;
274 if (close_info0 == NULL) {
275 DEBUG(0,("smbXsrv_session_close_loop: "
276 "ignore NULL info %u\n", close_blob.version));
277 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
281 status = smb2srv_session_lookup_raw(client->session_table,
282 close_info0->old_session_wire_id,
284 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
285 DEBUG(4,("smbXsrv_session_close_loop: "
286 "old_session_wire_id %llu not found\n",
287 (unsigned long long)close_info0->old_session_wire_id));
289 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
293 if (!NT_STATUS_IS_OK(status) &&
294 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
295 !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
296 DEBUG(1,("smbXsrv_session_close_loop: "
297 "old_session_wire_id %llu - %s\n",
298 (unsigned long long)close_info0->old_session_wire_id,
301 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
306 if (session->global->session_global_id != close_info0->old_session_global_id) {
307 DEBUG(1,("smbXsrv_session_close_loop: "
308 "old_session_wire_id %llu - global %u != %u\n",
309 (unsigned long long)close_info0->old_session_wire_id,
310 session->global->session_global_id,
311 close_info0->old_session_global_id));
313 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
318 if (session->global->creation_time != close_info0->old_creation_time) {
319 DEBUG(1,("smbXsrv_session_close_loop: "
320 "old_session_wire_id %llu - "
321 "creation %s (%llu) != %s (%llu)\n",
322 (unsigned long long)close_info0->old_session_wire_id,
323 nt_time_string(rec, session->global->creation_time),
324 (unsigned long long)session->global->creation_time,
325 nt_time_string(rec, close_info0->old_creation_time),
326 (unsigned long long)close_info0->old_creation_time));
328 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
334 * TODO: cancel all outstanding requests on the session
336 status = smbXsrv_session_logoff(session);
337 if (!NT_STATUS_IS_OK(status)) {
338 DEBUG(0, ("smbXsrv_session_close_loop: "
339 "smbXsrv_session_logoff(%llu) failed: %s\n",
340 (unsigned long long)session->global->session_wire_id,
343 NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
346 TALLOC_FREE(session);
351 subreq = messaging_read_send(table, client->ev_ctx, client->msg_ctx,
352 MSG_SMBXSRV_SESSION_CLOSE);
353 if (subreq == NULL) {
355 r = "messaging_read_send(MSG_SMBXSRV_SESSION_CLOSE) failed";
356 exit_server_cleanly(r);
359 tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
362 struct smb1srv_session_local_allocate_state {
363 const uint32_t lowest_id;
364 const uint32_t highest_id;
370 static int smb1srv_session_local_allocate_traverse(struct db_record *rec,
373 struct smb1srv_session_local_allocate_state *state =
374 (struct smb1srv_session_local_allocate_state *)private_data;
375 TDB_DATA key = dbwrap_record_get_key(rec);
379 status = smbXsrv_session_local_key_to_id(key, &id);
380 if (!NT_STATUS_IS_OK(status)) {
381 state->status = status;
385 if (id <= state->last_id) {
386 state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
391 if (id > state->useable_id) {
392 state->status = NT_STATUS_OK;
396 if (state->useable_id == state->highest_id) {
397 state->status = NT_STATUS_INSUFFICIENT_RESOURCES;
401 state->useable_id +=1;
405 static NTSTATUS smb1srv_session_local_allocate_id(struct db_context *db,
409 struct db_record **_rec,
412 struct smb1srv_session_local_allocate_state state = {
413 .lowest_id = lowest_id,
414 .highest_id = highest_id,
416 .useable_id = lowest_id,
417 .status = NT_STATUS_INTERNAL_ERROR,
427 if (lowest_id > highest_id) {
428 return NT_STATUS_INSUFFICIENT_RESOURCES;
432 * first we try randomly
434 range = (highest_id - lowest_id) + 1;
436 for (i = 0; i < (range / 2); i++) {
438 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
441 struct db_record *rec = NULL;
443 id = generate_random() % range;
446 if (id < lowest_id) {
449 if (id > highest_id) {
453 key = smbXsrv_session_local_id_to_key(id, key_buf);
455 rec = dbwrap_fetch_locked(db, mem_ctx, key);
457 return NT_STATUS_INSUFFICIENT_RESOURCES;
460 val = dbwrap_record_get_value(rec);
461 if (val.dsize != 0) {
472 * if the range is almost full,
473 * we traverse the whole table
474 * (this relies on sorted behavior of dbwrap_rbt)
476 status = dbwrap_traverse_read(db, smb1srv_session_local_allocate_traverse,
478 if (NT_STATUS_IS_OK(status)) {
479 if (NT_STATUS_IS_OK(state.status)) {
480 return NT_STATUS_INTERNAL_ERROR;
483 if (!NT_STATUS_EQUAL(state.status, NT_STATUS_INTERNAL_ERROR)) {
487 if (state.useable_id <= state.highest_id) {
488 state.status = NT_STATUS_OK;
490 return NT_STATUS_INSUFFICIENT_RESOURCES;
492 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION)) {
494 * Here we really expect NT_STATUS_INTERNAL_DB_CORRUPTION!
496 * If we get anything else it is an error, because it
497 * means we did not manage to find a free slot in
500 return NT_STATUS_INSUFFICIENT_RESOURCES;
503 if (NT_STATUS_IS_OK(state.status)) {
505 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
508 struct db_record *rec = NULL;
510 id = state.useable_id;
512 key = smbXsrv_session_local_id_to_key(id, key_buf);
514 rec = dbwrap_fetch_locked(db, mem_ctx, key);
516 return NT_STATUS_INSUFFICIENT_RESOURCES;
519 val = dbwrap_record_get_value(rec);
520 if (val.dsize != 0) {
522 return NT_STATUS_INTERNAL_DB_CORRUPTION;
533 struct smbXsrv_session_local_fetch_state {
534 struct smbXsrv_session *session;
538 static void smbXsrv_session_local_fetch_parser(TDB_DATA key, TDB_DATA data,
541 struct smbXsrv_session_local_fetch_state *state =
542 (struct smbXsrv_session_local_fetch_state *)private_data;
545 if (data.dsize != sizeof(ptr)) {
546 state->status = NT_STATUS_INTERNAL_DB_ERROR;
550 memcpy(&ptr, data.dptr, data.dsize);
551 state->session = talloc_get_type_abort(ptr, struct smbXsrv_session);
552 state->status = NT_STATUS_OK;
555 static NTSTATUS smbXsrv_session_local_lookup(struct smbXsrv_session_table *table,
556 uint32_t session_local_id,
558 struct smbXsrv_session **_session)
560 struct smbXsrv_session_local_fetch_state state = {
562 .status = NT_STATUS_INTERNAL_ERROR,
564 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
570 if (session_local_id == 0) {
571 return NT_STATUS_USER_SESSION_DELETED;
575 /* this might happen before the end of negprot */
576 return NT_STATUS_USER_SESSION_DELETED;
579 if (table->local.db_ctx == NULL) {
580 return NT_STATUS_INTERNAL_ERROR;
583 key = smbXsrv_session_local_id_to_key(session_local_id, key_buf);
585 status = dbwrap_parse_record(table->local.db_ctx, key,
586 smbXsrv_session_local_fetch_parser,
588 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
589 return NT_STATUS_USER_SESSION_DELETED;
590 } else if (!NT_STATUS_IS_OK(status)) {
593 if (!NT_STATUS_IS_OK(state.status)) {
597 if (NT_STATUS_EQUAL(state.session->status, NT_STATUS_USER_SESSION_DELETED)) {
598 return NT_STATUS_USER_SESSION_DELETED;
601 state.session->idle_time = now;
603 if (!NT_STATUS_IS_OK(state.session->status)) {
604 *_session = state.session;
605 return state.session->status;
608 if (now > state.session->global->expiration_time) {
609 state.session->status = NT_STATUS_NETWORK_SESSION_EXPIRED;
612 *_session = state.session;
613 return state.session->status;
616 static int smbXsrv_session_global_destructor(struct smbXsrv_session_global0 *global)
621 static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
625 struct smbXsrv_session_global0 **_g);
627 static NTSTATUS smbXsrv_session_global_allocate(struct db_context *db,
629 struct smbXsrv_session_global0 **_global)
632 struct smbXsrv_session_global0 *global = NULL;
633 uint32_t last_free = 0;
634 const uint32_t min_tries = 3;
638 global = talloc_zero(mem_ctx, struct smbXsrv_session_global0);
639 if (global == NULL) {
640 return NT_STATUS_NO_MEMORY;
642 talloc_set_destructor(global, smbXsrv_session_global_destructor);
645 * Here we just randomly try the whole 32-bit space
647 * We use just 32-bit, because we want to reuse the
650 for (i = 0; i < UINT32_MAX; i++) {
651 bool is_free = false;
652 bool was_free = false;
654 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
657 if (i >= min_tries && last_free != 0) {
660 id = generate_random();
665 if (id == UINT32_MAX) {
669 key = smbXsrv_session_global_id_to_key(id, key_buf);
671 global->db_rec = dbwrap_fetch_locked(db, mem_ctx, key);
672 if (global->db_rec == NULL) {
674 return NT_STATUS_INSUFFICIENT_RESOURCES;
677 smbXsrv_session_global_verify_record(global->db_rec,
683 TALLOC_FREE(global->db_rec);
687 if (!was_free && i < min_tries) {
689 * The session_id is free now,
690 * but was not free before.
692 * This happens if a smbd crashed
693 * and did not cleanup the record.
695 * If this is one of our first tries,
696 * then we try to find a real free one.
698 if (last_free == 0) {
701 TALLOC_FREE(global->db_rec);
705 global->session_global_id = id;
711 /* should not be reached */
713 return NT_STATUS_INTERNAL_ERROR;
716 static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
720 struct smbXsrv_session_global0 **_g)
725 struct smbXsrv_session_globalB global_blob;
726 enum ndr_err_code ndr_err;
727 struct smbXsrv_session_global0 *global = NULL;
729 TALLOC_CTX *frame = talloc_stackframe();
740 key = dbwrap_record_get_key(db_rec);
742 val = dbwrap_record_get_value(db_rec);
743 if (val.dsize == 0) {
752 blob = data_blob_const(val.dptr, val.dsize);
754 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
755 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
756 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
757 NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
758 DEBUG(1,("smbXsrv_session_global_verify_record: "
759 "key '%s' ndr_pull_struct_blob - %s\n",
760 hex_encode_talloc(frame, key.dptr, key.dsize),
766 DEBUG(10,("smbXsrv_session_global_verify_record\n"));
768 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
771 if (global_blob.version != SMBXSRV_VERSION_0) {
772 DEBUG(0,("smbXsrv_session_global_verify_record: "
773 "key '%s' use unsupported version %u\n",
774 hex_encode_talloc(frame, key.dptr, key.dsize),
775 global_blob.version));
776 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
781 global = global_blob.info.info0;
783 exists = serverid_exists(&global->channels[0].server_id);
785 DEBUG(2,("smbXsrv_session_global_verify_record: "
786 "key '%s' server_id %s does not exist.\n",
787 hex_encode_talloc(frame, key.dptr, key.dsize),
788 server_id_str(frame, &global->channels[0].server_id)));
790 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
793 dbwrap_record_delete(db_rec);
799 *_g = talloc_move(mem_ctx, &global);
804 static NTSTATUS smbXsrv_session_global_store(struct smbXsrv_session_global0 *global)
806 struct smbXsrv_session_globalB global_blob;
807 DATA_BLOB blob = data_blob_null;
811 enum ndr_err_code ndr_err;
814 * TODO: if we use other versions than '0'
815 * we would add glue code here, that would be able to
816 * store the information in the old format.
819 if (global->db_rec == NULL) {
820 return NT_STATUS_INTERNAL_ERROR;
823 key = dbwrap_record_get_key(global->db_rec);
824 val = dbwrap_record_get_value(global->db_rec);
826 ZERO_STRUCT(global_blob);
827 global_blob.version = smbXsrv_version_global_current();
828 if (val.dsize >= 8) {
829 global_blob.seqnum = IVAL(val.dptr, 4);
831 global_blob.seqnum += 1;
832 global_blob.info.info0 = global;
834 ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
835 (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_globalB);
836 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
837 status = ndr_map_error2ntstatus(ndr_err);
838 DEBUG(1,("smbXsrv_session_global_store: key '%s' ndr_push - %s\n",
839 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
841 TALLOC_FREE(global->db_rec);
845 val = make_tdb_data(blob.data, blob.length);
846 status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
847 if (!NT_STATUS_IS_OK(status)) {
848 DEBUG(1,("smbXsrv_session_global_store: key '%s' store - %s\n",
849 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
851 TALLOC_FREE(global->db_rec);
856 DEBUG(10,("smbXsrv_session_global_store: key '%s' stored\n",
857 hex_encode_talloc(global->db_rec, key.dptr, key.dsize)));
858 NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
861 TALLOC_FREE(global->db_rec);
866 struct smb2srv_session_close_previous_state {
867 struct tevent_context *ev;
868 struct smbXsrv_connection *connection;
869 struct dom_sid *current_sid;
870 uint64_t current_session_id;
871 struct db_record *db_rec;
874 static void smb2srv_session_close_previous_check(struct tevent_req *req);
875 static void smb2srv_session_close_previous_modified(struct tevent_req *subreq);
877 struct tevent_req *smb2srv_session_close_previous_send(TALLOC_CTX *mem_ctx,
878 struct tevent_context *ev,
879 struct smbXsrv_connection *conn,
880 struct auth_session_info *session_info,
881 uint64_t previous_session_id,
882 uint64_t current_session_id)
884 struct tevent_req *req;
885 struct smb2srv_session_close_previous_state *state;
886 uint32_t global_id = previous_session_id & UINT32_MAX;
887 uint64_t global_zeros = previous_session_id & 0xFFFFFFFF00000000LLU;
888 struct smbXsrv_session_table *table = conn->client->session_table;
889 struct security_token *current_token = NULL;
890 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
893 req = tevent_req_create(mem_ctx, &state,
894 struct smb2srv_session_close_previous_state);
899 state->connection = conn;
900 state->current_session_id = current_session_id;
902 if (global_zeros != 0) {
903 tevent_req_done(req);
904 return tevent_req_post(req, ev);
907 if (session_info == NULL) {
908 tevent_req_done(req);
909 return tevent_req_post(req, ev);
911 current_token = session_info->security_token;
913 if (current_token->num_sids > PRIMARY_USER_SID_INDEX) {
914 state->current_sid = ¤t_token->sids[PRIMARY_USER_SID_INDEX];
917 if (state->current_sid == NULL) {
918 tevent_req_done(req);
919 return tevent_req_post(req, ev);
922 if (!security_token_has_nt_authenticated_users(current_token)) {
924 tevent_req_done(req);
925 return tevent_req_post(req, ev);
928 key = smbXsrv_session_global_id_to_key(global_id, key_buf);
930 state->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
932 if (state->db_rec == NULL) {
933 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
934 return tevent_req_post(req, ev);
937 smb2srv_session_close_previous_check(req);
938 if (!tevent_req_is_in_progress(req)) {
939 return tevent_req_post(req, ev);
945 static void smb2srv_session_close_previous_check(struct tevent_req *req)
947 struct smb2srv_session_close_previous_state *state =
949 struct smb2srv_session_close_previous_state);
950 struct smbXsrv_connection *conn = state->connection;
952 struct security_token *previous_token = NULL;
953 struct smbXsrv_session_global0 *global = NULL;
954 enum ndr_err_code ndr_err;
955 struct smbXsrv_session_close0 close_info0;
956 struct smbXsrv_session_closeB close_blob;
957 struct tevent_req *subreq = NULL;
959 bool is_free = false;
961 smbXsrv_session_global_verify_record(state->db_rec,
968 TALLOC_FREE(state->db_rec);
969 tevent_req_done(req);
973 if (global->auth_session_info == NULL) {
974 TALLOC_FREE(state->db_rec);
975 tevent_req_done(req);
979 previous_token = global->auth_session_info->security_token;
981 if (!security_token_is_sid(previous_token, state->current_sid)) {
982 TALLOC_FREE(state->db_rec);
983 tevent_req_done(req);
987 subreq = dbwrap_record_watch_send(state, state->ev,
988 state->db_rec, conn->msg_ctx);
989 if (tevent_req_nomem(subreq, req)) {
990 TALLOC_FREE(state->db_rec);
993 tevent_req_set_callback(subreq,
994 smb2srv_session_close_previous_modified,
997 close_info0.old_session_global_id = global->session_global_id;
998 close_info0.old_session_wire_id = global->session_wire_id;
999 close_info0.old_creation_time = global->creation_time;
1000 close_info0.new_session_wire_id = state->current_session_id;
1002 ZERO_STRUCT(close_blob);
1003 close_blob.version = smbXsrv_version_global_current();
1004 close_blob.info.info0 = &close_info0;
1006 ndr_err = ndr_push_struct_blob(&blob, state, &close_blob,
1007 (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_closeB);
1008 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1009 TALLOC_FREE(state->db_rec);
1010 status = ndr_map_error2ntstatus(ndr_err);
1011 DEBUG(1,("smb2srv_session_close_previous_check: "
1012 "old_session[%llu] new_session[%llu] ndr_push - %s\n",
1013 (unsigned long long)close_info0.old_session_wire_id,
1014 (unsigned long long)close_info0.new_session_wire_id,
1015 nt_errstr(status)));
1016 tevent_req_nterror(req, status);
1020 status = messaging_send(conn->msg_ctx,
1021 global->channels[0].server_id,
1022 MSG_SMBXSRV_SESSION_CLOSE, &blob);
1023 TALLOC_FREE(state->db_rec);
1024 if (tevent_req_nterror(req, status)) {
1028 TALLOC_FREE(global);
1032 static void smb2srv_session_close_previous_modified(struct tevent_req *subreq)
1034 struct tevent_req *req =
1035 tevent_req_callback_data(subreq,
1037 struct smb2srv_session_close_previous_state *state =
1038 tevent_req_data(req,
1039 struct smb2srv_session_close_previous_state);
1042 status = dbwrap_record_watch_recv(subreq, state, &state->db_rec);
1043 TALLOC_FREE(subreq);
1044 if (tevent_req_nterror(req, status)) {
1048 smb2srv_session_close_previous_check(req);
1051 NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
1055 if (tevent_req_is_nterror(req, &status)) {
1056 tevent_req_received(req);
1060 tevent_req_received(req);
1061 return NT_STATUS_OK;
1064 static int smbXsrv_session_destructor(struct smbXsrv_session *session)
1068 status = smbXsrv_session_logoff(session);
1069 if (!NT_STATUS_IS_OK(status)) {
1070 DEBUG(0, ("smbXsrv_session_destructor: "
1071 "smbXsrv_session_logoff() failed: %s\n",
1072 nt_errstr(status)));
1075 TALLOC_FREE(session->global);
1080 NTSTATUS smbXsrv_session_create(struct smbXsrv_connection *conn,
1082 struct smbXsrv_session **_session)
1084 struct smbXsrv_session_table *table = conn->client->session_table;
1085 struct db_record *local_rec = NULL;
1086 struct smbXsrv_session *session = NULL;
1089 struct smbXsrv_session_global0 *global = NULL;
1090 struct smbXsrv_channel_global0 *channels = NULL;
1093 if (table->local.num_sessions >= table->local.max_sessions) {
1094 return NT_STATUS_INSUFFICIENT_RESOURCES;
1097 session = talloc_zero(table, struct smbXsrv_session);
1098 if (session == NULL) {
1099 return NT_STATUS_NO_MEMORY;
1101 session->table = table;
1102 session->idle_time = now;
1103 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1104 session->client = conn->client;
1106 status = smbXsrv_session_global_allocate(table->global.db_ctx,
1109 if (!NT_STATUS_IS_OK(status)) {
1110 TALLOC_FREE(session);
1113 session->global = global;
1115 if (conn->protocol >= PROTOCOL_SMB2_02) {
1116 uint64_t id = global->session_global_id;
1117 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
1120 global->connection_dialect = conn->smb2.server.dialect;
1122 global->session_wire_id = id;
1124 status = smb2srv_tcon_table_init(session);
1125 if (!NT_STATUS_IS_OK(status)) {
1126 TALLOC_FREE(session);
1130 session->local_id = global->session_global_id;
1132 key = smbXsrv_session_local_id_to_key(session->local_id, key_buf);
1134 local_rec = dbwrap_fetch_locked(table->local.db_ctx,
1136 if (local_rec == NULL) {
1137 TALLOC_FREE(session);
1138 return NT_STATUS_NO_MEMORY;
1141 val = dbwrap_record_get_value(local_rec);
1142 if (val.dsize != 0) {
1143 TALLOC_FREE(session);
1144 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1148 status = smb1srv_session_local_allocate_id(table->local.db_ctx,
1149 table->local.lowest_id,
1150 table->local.highest_id,
1153 &session->local_id);
1154 if (!NT_STATUS_IS_OK(status)) {
1155 TALLOC_FREE(session);
1159 global->session_wire_id = session->local_id;
1162 global->creation_time = now;
1163 global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
1165 global->num_channels = 1;
1166 channels = talloc_zero_array(global,
1167 struct smbXsrv_channel_global0,
1168 global->num_channels);
1169 if (channels == NULL) {
1170 TALLOC_FREE(session);
1171 return NT_STATUS_NO_MEMORY;
1173 global->channels = channels;
1175 channels[0].server_id = messaging_server_id(conn->msg_ctx);
1176 channels[0].local_address = tsocket_address_string(conn->local_address,
1178 if (channels[0].local_address == NULL) {
1179 TALLOC_FREE(session);
1180 return NT_STATUS_NO_MEMORY;
1182 channels[0].remote_address = tsocket_address_string(conn->remote_address,
1184 if (channels[0].remote_address == NULL) {
1185 TALLOC_FREE(session);
1186 return NT_STATUS_NO_MEMORY;
1188 channels[0].remote_name = talloc_strdup(channels, conn->remote_hostname);
1189 if (channels[0].remote_name == NULL) {
1190 TALLOC_FREE(session);
1191 return NT_STATUS_NO_MEMORY;
1193 channels[0].signing_key = data_blob_null;
1194 channels[0].connection = conn;
1197 val = make_tdb_data((uint8_t const *)&ptr, sizeof(ptr));
1198 status = dbwrap_record_store(local_rec, val, TDB_REPLACE);
1199 TALLOC_FREE(local_rec);
1200 if (!NT_STATUS_IS_OK(status)) {
1201 TALLOC_FREE(session);
1204 table->local.num_sessions += 1;
1206 talloc_set_destructor(session, smbXsrv_session_destructor);
1208 status = smbXsrv_session_global_store(global);
1209 if (!NT_STATUS_IS_OK(status)) {
1210 DEBUG(0,("smbXsrv_session_create: "
1211 "global_id (0x%08x) store failed - %s\n",
1212 session->global->session_global_id,
1213 nt_errstr(status)));
1214 TALLOC_FREE(session);
1219 struct smbXsrv_sessionB session_blob;
1221 ZERO_STRUCT(session_blob);
1222 session_blob.version = SMBXSRV_VERSION_0;
1223 session_blob.info.info0 = session;
1225 DEBUG(10,("smbXsrv_session_create: global_id (0x%08x) stored\n",
1226 session->global->session_global_id));
1227 NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1230 *_session = session;
1231 return NT_STATUS_OK;
1234 NTSTATUS smbXsrv_session_update(struct smbXsrv_session *session)
1236 struct smbXsrv_session_table *table = session->table;
1238 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
1241 if (session->global->db_rec != NULL) {
1242 DEBUG(0, ("smbXsrv_session_update(0x%08x): "
1243 "Called with db_rec != NULL'\n",
1244 session->global->session_global_id));
1245 return NT_STATUS_INTERNAL_ERROR;
1248 key = smbXsrv_session_global_id_to_key(
1249 session->global->session_global_id,
1252 session->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
1253 session->global, key);
1254 if (session->global->db_rec == NULL) {
1255 DEBUG(0, ("smbXsrv_session_update(0x%08x): "
1256 "Failed to lock global key '%s'\n",
1257 session->global->session_global_id,
1258 hex_encode_talloc(talloc_tos(), key.dptr,
1260 return NT_STATUS_INTERNAL_DB_ERROR;
1263 status = smbXsrv_session_global_store(session->global);
1264 if (!NT_STATUS_IS_OK(status)) {
1265 DEBUG(0,("smbXsrv_session_update: "
1266 "global_id (0x%08x) store failed - %s\n",
1267 session->global->session_global_id,
1268 nt_errstr(status)));
1273 struct smbXsrv_sessionB session_blob;
1275 ZERO_STRUCT(session_blob);
1276 session_blob.version = SMBXSRV_VERSION_0;
1277 session_blob.info.info0 = session;
1279 DEBUG(10,("smbXsrv_session_update: global_id (0x%08x) stored\n",
1280 session->global->session_global_id));
1281 NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1284 return NT_STATUS_OK;
1287 NTSTATUS smbXsrv_session_find_channel(const struct smbXsrv_session *session,
1288 const struct smbXsrv_connection *conn,
1289 struct smbXsrv_channel_global0 **_c)
1293 for (i=0; i < session->global->num_channels; i++) {
1294 struct smbXsrv_channel_global0 *c = &session->global->channels[i];
1296 if (c->connection == conn) {
1298 return NT_STATUS_OK;
1302 return NT_STATUS_USER_SESSION_DELETED;
1305 NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session)
1307 struct smbXsrv_session_table *table;
1308 struct db_record *local_rec = NULL;
1309 struct db_record *global_rec = NULL;
1310 struct smbd_server_connection *sconn = NULL;
1312 NTSTATUS error = NT_STATUS_OK;
1314 if (session->table == NULL) {
1315 return NT_STATUS_OK;
1318 table = session->table;
1319 session->table = NULL;
1321 sconn = session->client->sconn;
1322 session->client = NULL;
1323 session->status = NT_STATUS_USER_SESSION_DELETED;
1325 global_rec = session->global->db_rec;
1326 session->global->db_rec = NULL;
1327 if (global_rec == NULL) {
1328 uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
1331 key = smbXsrv_session_global_id_to_key(
1332 session->global->session_global_id,
1335 global_rec = dbwrap_fetch_locked(table->global.db_ctx,
1336 session->global, key);
1337 if (global_rec == NULL) {
1338 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1339 "Failed to lock global key '%s'\n",
1340 session->global->session_global_id,
1341 hex_encode_talloc(global_rec, key.dptr,
1343 error = NT_STATUS_INTERNAL_ERROR;
1347 if (global_rec != NULL) {
1348 status = dbwrap_record_delete(global_rec);
1349 if (!NT_STATUS_IS_OK(status)) {
1350 TDB_DATA key = dbwrap_record_get_key(global_rec);
1352 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1353 "failed to delete global key '%s': %s\n",
1354 session->global->session_global_id,
1355 hex_encode_talloc(global_rec, key.dptr,
1357 nt_errstr(status)));
1361 TALLOC_FREE(global_rec);
1363 local_rec = session->db_rec;
1364 if (local_rec == NULL) {
1365 uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
1368 key = smbXsrv_session_local_id_to_key(session->local_id,
1371 local_rec = dbwrap_fetch_locked(table->local.db_ctx,
1373 if (local_rec == NULL) {
1374 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1375 "Failed to lock local key '%s'\n",
1376 session->global->session_global_id,
1377 hex_encode_talloc(local_rec, key.dptr,
1379 error = NT_STATUS_INTERNAL_ERROR;
1383 if (local_rec != NULL) {
1384 status = dbwrap_record_delete(local_rec);
1385 if (!NT_STATUS_IS_OK(status)) {
1386 TDB_DATA key = dbwrap_record_get_key(local_rec);
1388 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1389 "failed to delete local key '%s': %s\n",
1390 session->global->session_global_id,
1391 hex_encode_talloc(local_rec, key.dptr,
1393 nt_errstr(status)));
1396 table->local.num_sessions -= 1;
1398 if (session->db_rec == NULL) {
1399 TALLOC_FREE(local_rec);
1401 session->db_rec = NULL;
1403 if (session->compat) {
1404 file_close_user(sconn, session->compat->vuid);
1407 if (session->tcon_table != NULL) {
1409 * Note: We only have a tcon_table for SMB2.
1411 status = smb2srv_tcon_disconnect_all(session);
1412 if (!NT_STATUS_IS_OK(status)) {
1413 DEBUG(0, ("smbXsrv_session_logoff(0x%08x): "
1414 "smb2srv_tcon_disconnect_all() failed: %s\n",
1415 session->global->session_global_id,
1416 nt_errstr(status)));
1421 if (session->compat) {
1422 invalidate_vuid(sconn, session->compat->vuid);
1423 session->compat = NULL;
1429 struct smbXsrv_session_logoff_all_state {
1430 NTSTATUS first_status;
1434 static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1435 void *private_data);
1437 NTSTATUS smbXsrv_session_logoff_all(struct smbXsrv_connection *conn)
1439 struct smbXsrv_session_table *table = conn->client->session_table;
1440 struct smbXsrv_session_logoff_all_state state;
1444 if (table == NULL) {
1445 DEBUG(10, ("smbXsrv_session_logoff_all: "
1446 "empty session_table, nothing to do.\n"));
1447 return NT_STATUS_OK;
1452 status = dbwrap_traverse(table->local.db_ctx,
1453 smbXsrv_session_logoff_all_callback,
1455 if (!NT_STATUS_IS_OK(status)) {
1456 DEBUG(0, ("smbXsrv_session_logoff_all: "
1457 "dbwrap_traverse() failed: %s\n",
1458 nt_errstr(status)));
1462 if (!NT_STATUS_IS_OK(state.first_status)) {
1463 DEBUG(0, ("smbXsrv_session_logoff_all: "
1464 "count[%d] errors[%d] first[%s]\n",
1465 count, state.errors,
1466 nt_errstr(state.first_status)));
1467 return state.first_status;
1470 return NT_STATUS_OK;
1473 static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1476 struct smbXsrv_session_logoff_all_state *state =
1477 (struct smbXsrv_session_logoff_all_state *)private_data;
1480 struct smbXsrv_session *session = NULL;
1483 val = dbwrap_record_get_value(local_rec);
1484 if (val.dsize != sizeof(ptr)) {
1485 status = NT_STATUS_INTERNAL_ERROR;
1486 if (NT_STATUS_IS_OK(state->first_status)) {
1487 state->first_status = status;
1493 memcpy(&ptr, val.dptr, val.dsize);
1494 session = talloc_get_type_abort(ptr, struct smbXsrv_session);
1496 session->db_rec = local_rec;
1497 status = smbXsrv_session_logoff(session);
1498 if (!NT_STATUS_IS_OK(status)) {
1499 if (NT_STATUS_IS_OK(state->first_status)) {
1500 state->first_status = status;
1509 NTSTATUS smb1srv_session_table_init(struct smbXsrv_connection *conn)
1512 * Allow a range from 1..65534 with 65534 values.
1514 return smbXsrv_session_table_init(conn, 1, UINT16_MAX - 1,
1518 NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
1519 uint16_t vuid, NTTIME now,
1520 struct smbXsrv_session **session)
1522 struct smbXsrv_session_table *table = conn->client->session_table;
1523 uint32_t local_id = vuid;
1525 return smbXsrv_session_local_lookup(table, local_id, now, session);
1528 NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn)
1531 * Allow a range from 1..4294967294 with 65534 (same as SMB1) values.
1533 return smbXsrv_session_table_init(conn, 1, UINT32_MAX - 1,
1537 static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
1538 uint64_t session_id, NTTIME now,
1539 struct smbXsrv_session **session)
1541 uint32_t local_id = session_id & UINT32_MAX;
1542 uint64_t local_zeros = session_id & 0xFFFFFFFF00000000LLU;
1544 if (local_zeros != 0) {
1545 return NT_STATUS_USER_SESSION_DELETED;
1548 return smbXsrv_session_local_lookup(table, local_id, now, session);
1551 NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn,
1552 uint64_t session_id, NTTIME now,
1553 struct smbXsrv_session **session)
1555 struct smbXsrv_session_table *table = conn->client->session_table;
1556 return smb2srv_session_lookup_raw(table, session_id, now, session);
1559 struct smbXsrv_session_global_traverse_state {
1560 int (*fn)(struct smbXsrv_session_global0 *, void *);
1564 static int smbXsrv_session_global_traverse_fn(struct db_record *rec, void *data)
1567 struct smbXsrv_session_global_traverse_state *state =
1568 (struct smbXsrv_session_global_traverse_state*)data;
1569 TDB_DATA key = dbwrap_record_get_key(rec);
1570 TDB_DATA val = dbwrap_record_get_value(rec);
1571 DATA_BLOB blob = data_blob_const(val.dptr, val.dsize);
1572 struct smbXsrv_session_globalB global_blob;
1573 enum ndr_err_code ndr_err;
1574 TALLOC_CTX *frame = talloc_stackframe();
1576 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
1577 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
1578 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1579 DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:"
1580 "key '%s' ndr_pull_struct_blob - %s\n",
1581 hex_encode_talloc(frame, key.dptr, key.dsize),
1582 ndr_errstr(ndr_err)));
1586 if (global_blob.version != SMBXSRV_VERSION_0) {
1587 DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:"
1588 "key '%s' unsuported version - %d\n",
1589 hex_encode_talloc(frame, key.dptr, key.dsize),
1590 (int)global_blob.version));
1594 global_blob.info.info0->db_rec = rec;
1595 ret = state->fn(global_blob.info.info0, state->private_data);
1601 NTSTATUS smbXsrv_session_global_traverse(
1602 int (*fn)(struct smbXsrv_session_global0 *, void *),
1608 struct smbXsrv_session_global_traverse_state state = {
1610 .private_data = private_data,
1614 status = smbXsrv_session_global_init();
1615 if (!NT_STATUS_IS_OK(status)) {
1617 DEBUG(0, ("Failed to initialize session_global: %s\n",
1618 nt_errstr(status)));
1622 status = dbwrap_traverse_read(smbXsrv_session_global_db_ctx,
1623 smbXsrv_session_global_traverse_fn,