2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "smbprofile.h"
36 #include "rpc_server/spoolss/srv_spoolss_nt.h"
37 #include "libsmb/libsmb.h"
38 #include "../lib/util/tevent_ntstatus.h"
40 extern bool global_machine_password_needs_changing;
42 static void construct_reply_common(struct smb_request *req, const char *inbuf,
44 static struct pending_message_list *get_deferred_open_message_smb(
45 struct smbd_server_connection *sconn, uint64_t mid);
47 static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn)
51 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
55 sconn->smb1.echo_handler.ref_count++;
57 if (sconn->smb1.echo_handler.ref_count > 1) {
61 DEBUG(10,("pid[%d] wait for socket lock\n", (int)sys_getpid()));
65 sconn->smb1.echo_handler.socket_lock_fd,
66 SMB_F_SETLKW, 0, 0, F_WRLCK);
67 } while (!ok && (errno == EINTR));
70 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
74 DEBUG(10,("pid[%d] got for socket lock\n", (int)sys_getpid()));
79 void smbd_lock_socket(struct smbd_server_connection *sconn)
81 if (!smbd_lock_socket_internal(sconn)) {
82 exit_server_cleanly("failed to lock socket");
86 static bool smbd_unlock_socket_internal(struct smbd_server_connection *sconn)
90 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
94 sconn->smb1.echo_handler.ref_count--;
96 if (sconn->smb1.echo_handler.ref_count > 0) {
102 sconn->smb1.echo_handler.socket_lock_fd,
103 SMB_F_SETLKW, 0, 0, F_UNLCK);
104 } while (!ok && (errno == EINTR));
107 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
111 DEBUG(10,("pid[%d] unlocked socket\n", (int)sys_getpid()));
116 void smbd_unlock_socket(struct smbd_server_connection *sconn)
118 if (!smbd_unlock_socket_internal(sconn)) {
119 exit_server_cleanly("failed to unlock socket");
123 /* Accessor function for smb_read_error for smbd functions. */
125 /****************************************************************************
127 ****************************************************************************/
129 bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
130 bool do_signing, uint32_t seqnum,
132 struct smb_perfcount_data *pcd)
137 char *buf_out = buffer;
139 smbd_lock_socket(sconn);
142 /* Sign the outgoing packet if required. */
143 srv_calculate_sign_mac(sconn, buf_out, seqnum);
147 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
148 if (!NT_STATUS_IS_OK(status)) {
149 DEBUG(0, ("send_smb: SMB encryption failed "
150 "on outgoing packet! Error %s\n",
151 nt_errstr(status) ));
156 len = smb_len(buf_out) + 4;
158 ret = write_data(sconn->sock, buf_out+nwritten, len - nwritten);
161 char addr[INET6_ADDRSTRLEN];
163 * Try and give an error message saying what
166 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
167 (int)sys_getpid(), (int)len,
168 get_peer_addr(sconn->sock, addr, sizeof(addr)),
169 (int)ret, strerror(errno) ));
171 srv_free_enc_buffer(buf_out);
175 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
176 srv_free_enc_buffer(buf_out);
178 SMB_PERFCOUNT_END(pcd);
180 smbd_unlock_socket(sconn);
184 /*******************************************************************
185 Setup the word count and byte count for a smb message.
186 ********************************************************************/
188 int srv_set_message(char *buf,
193 if (zero && (num_words || num_bytes)) {
194 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
196 SCVAL(buf,smb_wct,num_words);
197 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
198 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
199 return (smb_size + num_words*2 + num_bytes);
202 static bool valid_smb_header(const uint8_t *inbuf)
204 if (is_encrypted_packet(inbuf)) {
208 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
209 * but it just looks weird to call strncmp for this one.
211 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
214 /* Socket functions for smbd packet processing. */
216 static bool valid_packet_size(size_t len)
219 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
220 * of header. Don't print the error if this fits.... JRA.
223 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
224 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
225 (unsigned long)len));
231 static NTSTATUS read_packet_remainder(int fd, char *buffer,
232 unsigned int timeout, ssize_t len)
240 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
241 if (!NT_STATUS_IS_OK(status)) {
242 char addr[INET6_ADDRSTRLEN];
243 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
245 get_peer_addr(fd, addr, sizeof(addr)),
251 /****************************************************************************
252 Attempt a zerocopy writeX read. We know here that len > smb_size-4
253 ****************************************************************************/
256 * Unfortunately, earlier versions of smbclient/libsmbclient
257 * don't send this "standard" writeX header. I've fixed this
258 * for 3.2 but we'll use the old method with earlier versions.
259 * Windows and CIFSFS at least use this standard size. Not
263 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
264 (2*14) + /* word count (including bcc) */ \
267 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
268 const char lenbuf[4],
269 struct smbd_server_connection *sconn,
272 unsigned int timeout,
276 /* Size of a WRITEX call (+4 byte len). */
277 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
278 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
282 memcpy(writeX_header, lenbuf, 4);
284 status = read_fd_with_timeout(
285 sock, writeX_header + 4,
286 STANDARD_WRITE_AND_X_HEADER_SIZE,
287 STANDARD_WRITE_AND_X_HEADER_SIZE,
290 if (!NT_STATUS_IS_OK(status)) {
291 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
293 tsocket_address_string(sconn->remote_address,
300 * Ok - now try and see if this is a possible
304 if (is_valid_writeX_buffer(sconn, (uint8_t *)writeX_header)) {
306 * If the data offset is beyond what
307 * we've read, drain the extra bytes.
309 uint16_t doff = SVAL(writeX_header,smb_vwv11);
312 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
313 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
314 if (drain_socket(sock, drain) != drain) {
315 smb_panic("receive_smb_raw_talloc_partial_read:"
316 " failed to drain pending bytes");
319 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
322 /* Spoof down the length and null out the bcc. */
323 set_message_bcc(writeX_header, 0);
324 newlen = smb_len(writeX_header);
326 /* Copy the header we've written. */
328 *buffer = (char *)talloc_memdup(mem_ctx,
330 sizeof(writeX_header));
332 if (*buffer == NULL) {
333 DEBUG(0, ("Could not allocate inbuf of length %d\n",
334 (int)sizeof(writeX_header)));
335 return NT_STATUS_NO_MEMORY;
338 /* Work out the remaining bytes. */
339 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
340 *len_ret = newlen + 4;
344 if (!valid_packet_size(len)) {
345 return NT_STATUS_INVALID_PARAMETER;
349 * Not a valid writeX call. Just do the standard
353 *buffer = talloc_array(mem_ctx, char, len+4);
355 if (*buffer == NULL) {
356 DEBUG(0, ("Could not allocate inbuf of length %d\n",
358 return NT_STATUS_NO_MEMORY;
361 /* Copy in what we already read. */
364 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
365 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
368 status = read_packet_remainder(
370 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
373 if (!NT_STATUS_IS_OK(status)) {
374 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
384 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
385 struct smbd_server_connection *sconn,
387 char **buffer, unsigned int timeout,
388 size_t *p_unread, size_t *plen)
392 int min_recv_size = lp_min_receive_file_size();
397 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
399 if (!NT_STATUS_IS_OK(status)) {
403 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
404 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
405 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
406 !srv_is_signing_active(sconn) &&
407 sconn->smb1.echo_handler.trusted_fde == NULL) {
409 return receive_smb_raw_talloc_partial_read(
410 mem_ctx, lenbuf, sconn, sock, buffer, timeout,
414 if (!valid_packet_size(len)) {
415 return NT_STATUS_INVALID_PARAMETER;
419 * The +4 here can't wrap, we've checked the length above already.
422 *buffer = talloc_array(mem_ctx, char, len+4);
424 if (*buffer == NULL) {
425 DEBUG(0, ("Could not allocate inbuf of length %d\n",
427 return NT_STATUS_NO_MEMORY;
430 memcpy(*buffer, lenbuf, sizeof(lenbuf));
432 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
433 if (!NT_STATUS_IS_OK(status)) {
441 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
442 struct smbd_server_connection *sconn,
444 char **buffer, unsigned int timeout,
445 size_t *p_unread, bool *p_encrypted,
448 bool trusted_channel)
453 *p_encrypted = false;
455 status = receive_smb_raw_talloc(mem_ctx, sconn, sock, buffer, timeout,
457 if (!NT_STATUS_IS_OK(status)) {
458 DEBUG(1, ("read_smb_length_return_keepalive failed for "
459 "client %s read error = %s.\n",
460 tsocket_address_string(sconn->remote_address,
466 if (is_encrypted_packet((uint8_t *)*buffer)) {
467 status = srv_decrypt_buffer(*buffer);
468 if (!NT_STATUS_IS_OK(status)) {
469 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
470 "incoming packet! Error %s\n",
471 nt_errstr(status) ));
477 /* Check the incoming SMB signature. */
478 if (!srv_check_sign_mac(sconn, *buffer, seqnum, trusted_channel)) {
479 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
480 "incoming packet!\n"));
481 return NT_STATUS_INVALID_NETWORK_RESPONSE;
489 * Initialize a struct smb_request from an inbuf
492 static bool init_smb_request(struct smb_request *req,
493 struct smbd_server_connection *sconn,
495 size_t unread_bytes, bool encrypted,
498 size_t req_size = smb_len(inbuf) + 4;
499 /* Ensure we have at least smb_size bytes. */
500 if (req_size < smb_size) {
501 DEBUG(0,("init_smb_request: invalid request size %u\n",
502 (unsigned int)req_size ));
505 req->cmd = CVAL(inbuf, smb_com);
506 req->flags2 = SVAL(inbuf, smb_flg2);
507 req->smbpid = SVAL(inbuf, smb_pid);
508 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
509 req->seqnum = seqnum;
510 req->vuid = SVAL(inbuf, smb_uid);
511 req->tid = SVAL(inbuf, smb_tid);
512 req->wct = CVAL(inbuf, smb_wct);
513 req->vwv = discard_const_p(uint16_t, (inbuf+smb_vwv));
514 req->buflen = smb_buflen(inbuf);
515 req->buf = (const uint8_t *)smb_buf_const(inbuf);
516 req->unread_bytes = unread_bytes;
517 req->encrypted = encrypted;
519 req->conn = conn_find(sconn,req->tid);
520 req->chain_fsp = NULL;
521 req->chain_outbuf = NULL;
524 smb_init_perfcount_data(&req->pcd);
526 /* Ensure we have at least wct words and 2 bytes of bcc. */
527 if (smb_size + req->wct*2 > req_size) {
528 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
529 (unsigned int)req->wct,
530 (unsigned int)req_size));
533 /* Ensure bcc is correct. */
534 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
535 DEBUG(0,("init_smb_request: invalid bcc number %u "
536 "(wct = %u, size %u)\n",
537 (unsigned int)req->buflen,
538 (unsigned int)req->wct,
539 (unsigned int)req_size));
547 static void process_smb(struct smbd_server_connection *conn,
548 uint8_t *inbuf, size_t nread, size_t unread_bytes,
549 uint32_t seqnum, bool encrypted,
550 struct smb_perfcount_data *deferred_pcd);
552 static void smbd_deferred_open_timer(struct event_context *ev,
553 struct timed_event *te,
554 struct timeval _tval,
557 struct pending_message_list *msg = talloc_get_type(private_data,
558 struct pending_message_list);
559 TALLOC_CTX *mem_ctx = talloc_tos();
560 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
563 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
566 exit_server("smbd_deferred_open_timer: talloc failed\n");
570 /* We leave this message on the queue so the open code can
571 know this is a retry. */
572 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
573 (unsigned long long)mid ));
575 /* Mark the message as processed so this is not
576 * re-processed in error. */
577 msg->processed = true;
579 process_smb(smbd_server_conn, inbuf,
581 msg->seqnum, msg->encrypted, &msg->pcd);
583 /* If it's still there and was processed, remove it. */
584 msg = get_deferred_open_message_smb(smbd_server_conn, mid);
585 if (msg && msg->processed) {
586 remove_deferred_open_message_smb(smbd_server_conn, mid);
590 /****************************************************************************
591 Function to push a message onto the tail of a linked list of smb messages ready
593 ****************************************************************************/
595 static bool push_queued_message(struct smb_request *req,
596 struct timeval request_time,
597 struct timeval end_time,
598 char *private_data, size_t private_len)
600 int msg_len = smb_len(req->inbuf) + 4;
601 struct pending_message_list *msg;
603 msg = talloc_zero(NULL, struct pending_message_list);
606 DEBUG(0,("push_message: malloc fail (1)\n"));
610 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
611 if(msg->buf.data == NULL) {
612 DEBUG(0,("push_message: malloc fail (2)\n"));
617 msg->request_time = request_time;
618 msg->seqnum = req->seqnum;
619 msg->encrypted = req->encrypted;
620 msg->processed = false;
621 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
624 msg->private_data = data_blob_talloc(msg, private_data,
626 if (msg->private_data.data == NULL) {
627 DEBUG(0,("push_message: malloc fail (3)\n"));
633 msg->te = event_add_timed(server_event_context(),
636 smbd_deferred_open_timer,
639 DEBUG(0,("push_message: event_add_timed failed\n"));
644 DLIST_ADD_END(req->sconn->deferred_open_queue, msg,
645 struct pending_message_list *);
647 DEBUG(10,("push_message: pushed message length %u on "
648 "deferred_open_queue\n", (unsigned int)msg_len));
653 /****************************************************************************
654 Function to delete a sharing violation open message by mid.
655 ****************************************************************************/
657 void remove_deferred_open_message_smb(struct smbd_server_connection *sconn,
660 struct pending_message_list *pml;
662 if (sconn->using_smb2) {
663 remove_deferred_open_message_smb2(sconn, mid);
667 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
668 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
669 DEBUG(10,("remove_deferred_open_message_smb: "
670 "deleting mid %llu len %u\n",
671 (unsigned long long)mid,
672 (unsigned int)pml->buf.length ));
673 DLIST_REMOVE(sconn->deferred_open_queue, pml);
680 /****************************************************************************
681 Move a sharing violation open retry message to the front of the list and
682 schedule it for immediate processing.
683 ****************************************************************************/
685 void schedule_deferred_open_message_smb(struct smbd_server_connection *sconn,
688 struct pending_message_list *pml;
691 if (sconn->using_smb2) {
692 schedule_deferred_open_message_smb2(sconn, mid);
696 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
697 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
699 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
702 (unsigned long long)msg_mid ));
704 if (mid == msg_mid) {
705 struct timed_event *te;
707 if (pml->processed) {
708 /* A processed message should not be
710 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
711 "message mid %llu was already processed\n",
712 (unsigned long long)msg_mid ));
716 DEBUG(10,("schedule_deferred_open_message_smb: "
717 "scheduling mid %llu\n",
718 (unsigned long long)mid ));
720 te = event_add_timed(server_event_context(),
723 smbd_deferred_open_timer,
726 DEBUG(10,("schedule_deferred_open_message_smb: "
727 "event_add_timed() failed, "
728 "skipping mid %llu\n",
729 (unsigned long long)msg_mid ));
732 TALLOC_FREE(pml->te);
734 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
739 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
740 "find message mid %llu\n",
741 (unsigned long long)mid ));
744 /****************************************************************************
745 Return true if this mid is on the deferred queue and was not yet processed.
746 ****************************************************************************/
748 bool open_was_deferred(struct smbd_server_connection *sconn, uint64_t mid)
750 struct pending_message_list *pml;
752 if (sconn->using_smb2) {
753 return open_was_deferred_smb2(sconn, mid);
756 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
757 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
764 /****************************************************************************
765 Return the message queued by this mid.
766 ****************************************************************************/
768 static struct pending_message_list *get_deferred_open_message_smb(
769 struct smbd_server_connection *sconn, uint64_t mid)
771 struct pending_message_list *pml;
773 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
774 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
781 /****************************************************************************
782 Get the state data queued by this mid.
783 ****************************************************************************/
785 bool get_deferred_open_message_state(struct smb_request *smbreq,
786 struct timeval *p_request_time,
789 struct pending_message_list *pml;
791 if (smbd_server_conn->using_smb2) {
792 return get_deferred_open_message_state_smb2(smbreq->smb2req,
797 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
801 if (p_request_time) {
802 *p_request_time = pml->request_time;
805 *pp_state = (void *)pml->private_data.data;
810 /****************************************************************************
811 Function to push a deferred open smb message onto a linked list of local smb
812 messages ready for processing.
813 ****************************************************************************/
815 bool push_deferred_open_message_smb(struct smb_request *req,
816 struct timeval request_time,
817 struct timeval timeout,
819 char *private_data, size_t priv_len)
821 struct timeval end_time;
824 return push_deferred_open_message_smb2(req->smb2req,
832 if (req->unread_bytes) {
833 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
834 "unread_bytes = %u\n",
835 (unsigned int)req->unread_bytes ));
836 smb_panic("push_deferred_open_message_smb: "
837 "logic error unread_bytes != 0" );
840 end_time = timeval_sum(&request_time, &timeout);
842 DEBUG(10,("push_deferred_open_message_smb: pushing message "
843 "len %u mid %llu timeout time [%u.%06u]\n",
844 (unsigned int) smb_len(req->inbuf)+4,
845 (unsigned long long)req->mid,
846 (unsigned int)end_time.tv_sec,
847 (unsigned int)end_time.tv_usec));
849 return push_queued_message(req, request_time, end_time,
850 private_data, priv_len);
853 static void smbd_sig_term_handler(struct tevent_context *ev,
854 struct tevent_signal *se,
860 exit_server_cleanly("termination signal");
863 void smbd_setup_sig_term_handler(void)
865 struct tevent_signal *se;
867 se = tevent_add_signal(server_event_context(),
868 server_event_context(),
870 smbd_sig_term_handler,
873 exit_server("failed to setup SIGTERM handler");
877 static void smbd_sig_hup_handler(struct tevent_context *ev,
878 struct tevent_signal *se,
884 struct messaging_context *msg_ctx = talloc_get_type_abort(
885 private_data, struct messaging_context);
886 change_to_root_user();
887 DEBUG(1,("Reloading services after SIGHUP\n"));
888 reload_services(msg_ctx, smbd_server_conn->sock, False);
890 printing_subsystem_update(ev, msg_ctx, true);
894 void smbd_setup_sig_hup_handler(struct tevent_context *ev,
895 struct messaging_context *msg_ctx)
897 struct tevent_signal *se;
899 se = tevent_add_signal(ev, ev, SIGHUP, 0, smbd_sig_hup_handler,
902 exit_server("failed to setup SIGHUP handler");
906 static NTSTATUS smbd_server_connection_loop_once(struct tevent_context *ev_ctx,
907 struct smbd_server_connection *conn)
914 timeout = SMBD_SELECT_TIMEOUT * 1000;
917 * Are there any timed events waiting ? If so, ensure we don't
918 * select for longer than it would take to wait for them.
921 event_add_to_poll_args(ev_ctx, conn, &conn->pfds, &num_pfds, &timeout);
923 /* Process a signal and timed events now... */
924 if (run_events_poll(ev_ctx, 0, NULL, 0)) {
925 return NT_STATUS_RETRY;
930 START_PROFILE(smbd_idle);
932 ret = sys_poll(conn->pfds, num_pfds, timeout);
935 END_PROFILE(smbd_idle);
940 if (errno == EINTR) {
941 return NT_STATUS_RETRY;
943 return map_nt_error_from_unix(errno);
946 retry = run_events_poll(ev_ctx, ret, conn->pfds, num_pfds);
948 return NT_STATUS_RETRY;
951 /* Did we timeout ? */
953 return NT_STATUS_RETRY;
956 /* should not be reached */
957 return NT_STATUS_INTERNAL_ERROR;
961 * Only allow 5 outstanding trans requests. We're allocating memory, so
965 NTSTATUS allow_new_trans(struct trans_state *list, uint64_t mid)
968 for (; list != NULL; list = list->next) {
970 if (list->mid == mid) {
971 return NT_STATUS_INVALID_PARAMETER;
977 return NT_STATUS_INSUFFICIENT_RESOURCES;
984 These flags determine some of the permissions required to do an operation
986 Note that I don't set NEED_WRITE on some write operations because they
987 are used by some brain-dead clients when printing, and I don't want to
988 force write permissions on print services.
990 #define AS_USER (1<<0)
991 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
992 #define TIME_INIT (1<<2)
993 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
994 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
995 #define DO_CHDIR (1<<6)
998 define a list of possible SMB messages and their corresponding
999 functions. Any message that has a NULL function is unimplemented -
1000 please feel free to contribute implementations!
1002 static const struct smb_message_struct {
1004 void (*fn)(struct smb_request *req);
1006 } smb_messages[256] = {
1008 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1009 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1010 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1011 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1012 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1013 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1014 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1015 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1016 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1017 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1018 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1019 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1020 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1021 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1022 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1023 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1024 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1025 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1026 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1027 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1028 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1029 /* 0x15 */ { NULL, NULL, 0 },
1030 /* 0x16 */ { NULL, NULL, 0 },
1031 /* 0x17 */ { NULL, NULL, 0 },
1032 /* 0x18 */ { NULL, NULL, 0 },
1033 /* 0x19 */ { NULL, NULL, 0 },
1034 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1035 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1036 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1037 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1038 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1039 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1040 /* 0x20 */ { "SMBwritec", NULL,0},
1041 /* 0x21 */ { NULL, NULL, 0 },
1042 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1043 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1044 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1045 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1046 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1047 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1048 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1049 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1050 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1051 /* 0x2b */ { "SMBecho",reply_echo,0},
1052 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1053 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1054 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1055 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1056 /* 0x30 */ { NULL, NULL, 0 },
1057 /* 0x31 */ { NULL, NULL, 0 },
1058 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1059 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
1060 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1061 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1062 /* 0x36 */ { NULL, NULL, 0 },
1063 /* 0x37 */ { NULL, NULL, 0 },
1064 /* 0x38 */ { NULL, NULL, 0 },
1065 /* 0x39 */ { NULL, NULL, 0 },
1066 /* 0x3a */ { NULL, NULL, 0 },
1067 /* 0x3b */ { NULL, NULL, 0 },
1068 /* 0x3c */ { NULL, NULL, 0 },
1069 /* 0x3d */ { NULL, NULL, 0 },
1070 /* 0x3e */ { NULL, NULL, 0 },
1071 /* 0x3f */ { NULL, NULL, 0 },
1072 /* 0x40 */ { NULL, NULL, 0 },
1073 /* 0x41 */ { NULL, NULL, 0 },
1074 /* 0x42 */ { NULL, NULL, 0 },
1075 /* 0x43 */ { NULL, NULL, 0 },
1076 /* 0x44 */ { NULL, NULL, 0 },
1077 /* 0x45 */ { NULL, NULL, 0 },
1078 /* 0x46 */ { NULL, NULL, 0 },
1079 /* 0x47 */ { NULL, NULL, 0 },
1080 /* 0x48 */ { NULL, NULL, 0 },
1081 /* 0x49 */ { NULL, NULL, 0 },
1082 /* 0x4a */ { NULL, NULL, 0 },
1083 /* 0x4b */ { NULL, NULL, 0 },
1084 /* 0x4c */ { NULL, NULL, 0 },
1085 /* 0x4d */ { NULL, NULL, 0 },
1086 /* 0x4e */ { NULL, NULL, 0 },
1087 /* 0x4f */ { NULL, NULL, 0 },
1088 /* 0x50 */ { NULL, NULL, 0 },
1089 /* 0x51 */ { NULL, NULL, 0 },
1090 /* 0x52 */ { NULL, NULL, 0 },
1091 /* 0x53 */ { NULL, NULL, 0 },
1092 /* 0x54 */ { NULL, NULL, 0 },
1093 /* 0x55 */ { NULL, NULL, 0 },
1094 /* 0x56 */ { NULL, NULL, 0 },
1095 /* 0x57 */ { NULL, NULL, 0 },
1096 /* 0x58 */ { NULL, NULL, 0 },
1097 /* 0x59 */ { NULL, NULL, 0 },
1098 /* 0x5a */ { NULL, NULL, 0 },
1099 /* 0x5b */ { NULL, NULL, 0 },
1100 /* 0x5c */ { NULL, NULL, 0 },
1101 /* 0x5d */ { NULL, NULL, 0 },
1102 /* 0x5e */ { NULL, NULL, 0 },
1103 /* 0x5f */ { NULL, NULL, 0 },
1104 /* 0x60 */ { NULL, NULL, 0 },
1105 /* 0x61 */ { NULL, NULL, 0 },
1106 /* 0x62 */ { NULL, NULL, 0 },
1107 /* 0x63 */ { NULL, NULL, 0 },
1108 /* 0x64 */ { NULL, NULL, 0 },
1109 /* 0x65 */ { NULL, NULL, 0 },
1110 /* 0x66 */ { NULL, NULL, 0 },
1111 /* 0x67 */ { NULL, NULL, 0 },
1112 /* 0x68 */ { NULL, NULL, 0 },
1113 /* 0x69 */ { NULL, NULL, 0 },
1114 /* 0x6a */ { NULL, NULL, 0 },
1115 /* 0x6b */ { NULL, NULL, 0 },
1116 /* 0x6c */ { NULL, NULL, 0 },
1117 /* 0x6d */ { NULL, NULL, 0 },
1118 /* 0x6e */ { NULL, NULL, 0 },
1119 /* 0x6f */ { NULL, NULL, 0 },
1120 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1121 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1122 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1123 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1124 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1125 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1126 /* 0x76 */ { NULL, NULL, 0 },
1127 /* 0x77 */ { NULL, NULL, 0 },
1128 /* 0x78 */ { NULL, NULL, 0 },
1129 /* 0x79 */ { NULL, NULL, 0 },
1130 /* 0x7a */ { NULL, NULL, 0 },
1131 /* 0x7b */ { NULL, NULL, 0 },
1132 /* 0x7c */ { NULL, NULL, 0 },
1133 /* 0x7d */ { NULL, NULL, 0 },
1134 /* 0x7e */ { NULL, NULL, 0 },
1135 /* 0x7f */ { NULL, NULL, 0 },
1136 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1137 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1138 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1139 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1140 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1141 /* 0x85 */ { NULL, NULL, 0 },
1142 /* 0x86 */ { NULL, NULL, 0 },
1143 /* 0x87 */ { NULL, NULL, 0 },
1144 /* 0x88 */ { NULL, NULL, 0 },
1145 /* 0x89 */ { NULL, NULL, 0 },
1146 /* 0x8a */ { NULL, NULL, 0 },
1147 /* 0x8b */ { NULL, NULL, 0 },
1148 /* 0x8c */ { NULL, NULL, 0 },
1149 /* 0x8d */ { NULL, NULL, 0 },
1150 /* 0x8e */ { NULL, NULL, 0 },
1151 /* 0x8f */ { NULL, NULL, 0 },
1152 /* 0x90 */ { NULL, NULL, 0 },
1153 /* 0x91 */ { NULL, NULL, 0 },
1154 /* 0x92 */ { NULL, NULL, 0 },
1155 /* 0x93 */ { NULL, NULL, 0 },
1156 /* 0x94 */ { NULL, NULL, 0 },
1157 /* 0x95 */ { NULL, NULL, 0 },
1158 /* 0x96 */ { NULL, NULL, 0 },
1159 /* 0x97 */ { NULL, NULL, 0 },
1160 /* 0x98 */ { NULL, NULL, 0 },
1161 /* 0x99 */ { NULL, NULL, 0 },
1162 /* 0x9a */ { NULL, NULL, 0 },
1163 /* 0x9b */ { NULL, NULL, 0 },
1164 /* 0x9c */ { NULL, NULL, 0 },
1165 /* 0x9d */ { NULL, NULL, 0 },
1166 /* 0x9e */ { NULL, NULL, 0 },
1167 /* 0x9f */ { NULL, NULL, 0 },
1168 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1169 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1170 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1171 /* 0xa3 */ { NULL, NULL, 0 },
1172 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1173 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1174 /* 0xa6 */ { NULL, NULL, 0 },
1175 /* 0xa7 */ { NULL, NULL, 0 },
1176 /* 0xa8 */ { NULL, NULL, 0 },
1177 /* 0xa9 */ { NULL, NULL, 0 },
1178 /* 0xaa */ { NULL, NULL, 0 },
1179 /* 0xab */ { NULL, NULL, 0 },
1180 /* 0xac */ { NULL, NULL, 0 },
1181 /* 0xad */ { NULL, NULL, 0 },
1182 /* 0xae */ { NULL, NULL, 0 },
1183 /* 0xaf */ { NULL, NULL, 0 },
1184 /* 0xb0 */ { NULL, NULL, 0 },
1185 /* 0xb1 */ { NULL, NULL, 0 },
1186 /* 0xb2 */ { NULL, NULL, 0 },
1187 /* 0xb3 */ { NULL, NULL, 0 },
1188 /* 0xb4 */ { NULL, NULL, 0 },
1189 /* 0xb5 */ { NULL, NULL, 0 },
1190 /* 0xb6 */ { NULL, NULL, 0 },
1191 /* 0xb7 */ { NULL, NULL, 0 },
1192 /* 0xb8 */ { NULL, NULL, 0 },
1193 /* 0xb9 */ { NULL, NULL, 0 },
1194 /* 0xba */ { NULL, NULL, 0 },
1195 /* 0xbb */ { NULL, NULL, 0 },
1196 /* 0xbc */ { NULL, NULL, 0 },
1197 /* 0xbd */ { NULL, NULL, 0 },
1198 /* 0xbe */ { NULL, NULL, 0 },
1199 /* 0xbf */ { NULL, NULL, 0 },
1200 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1201 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1202 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1203 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1204 /* 0xc4 */ { NULL, NULL, 0 },
1205 /* 0xc5 */ { NULL, NULL, 0 },
1206 /* 0xc6 */ { NULL, NULL, 0 },
1207 /* 0xc7 */ { NULL, NULL, 0 },
1208 /* 0xc8 */ { NULL, NULL, 0 },
1209 /* 0xc9 */ { NULL, NULL, 0 },
1210 /* 0xca */ { NULL, NULL, 0 },
1211 /* 0xcb */ { NULL, NULL, 0 },
1212 /* 0xcc */ { NULL, NULL, 0 },
1213 /* 0xcd */ { NULL, NULL, 0 },
1214 /* 0xce */ { NULL, NULL, 0 },
1215 /* 0xcf */ { NULL, NULL, 0 },
1216 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1217 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1218 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1219 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1220 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1221 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1222 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1223 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1224 /* 0xd8 */ { NULL, NULL, 0 },
1225 /* 0xd9 */ { NULL, NULL, 0 },
1226 /* 0xda */ { NULL, NULL, 0 },
1227 /* 0xdb */ { NULL, NULL, 0 },
1228 /* 0xdc */ { NULL, NULL, 0 },
1229 /* 0xdd */ { NULL, NULL, 0 },
1230 /* 0xde */ { NULL, NULL, 0 },
1231 /* 0xdf */ { NULL, NULL, 0 },
1232 /* 0xe0 */ { NULL, NULL, 0 },
1233 /* 0xe1 */ { NULL, NULL, 0 },
1234 /* 0xe2 */ { NULL, NULL, 0 },
1235 /* 0xe3 */ { NULL, NULL, 0 },
1236 /* 0xe4 */ { NULL, NULL, 0 },
1237 /* 0xe5 */ { NULL, NULL, 0 },
1238 /* 0xe6 */ { NULL, NULL, 0 },
1239 /* 0xe7 */ { NULL, NULL, 0 },
1240 /* 0xe8 */ { NULL, NULL, 0 },
1241 /* 0xe9 */ { NULL, NULL, 0 },
1242 /* 0xea */ { NULL, NULL, 0 },
1243 /* 0xeb */ { NULL, NULL, 0 },
1244 /* 0xec */ { NULL, NULL, 0 },
1245 /* 0xed */ { NULL, NULL, 0 },
1246 /* 0xee */ { NULL, NULL, 0 },
1247 /* 0xef */ { NULL, NULL, 0 },
1248 /* 0xf0 */ { NULL, NULL, 0 },
1249 /* 0xf1 */ { NULL, NULL, 0 },
1250 /* 0xf2 */ { NULL, NULL, 0 },
1251 /* 0xf3 */ { NULL, NULL, 0 },
1252 /* 0xf4 */ { NULL, NULL, 0 },
1253 /* 0xf5 */ { NULL, NULL, 0 },
1254 /* 0xf6 */ { NULL, NULL, 0 },
1255 /* 0xf7 */ { NULL, NULL, 0 },
1256 /* 0xf8 */ { NULL, NULL, 0 },
1257 /* 0xf9 */ { NULL, NULL, 0 },
1258 /* 0xfa */ { NULL, NULL, 0 },
1259 /* 0xfb */ { NULL, NULL, 0 },
1260 /* 0xfc */ { NULL, NULL, 0 },
1261 /* 0xfd */ { NULL, NULL, 0 },
1262 /* 0xfe */ { NULL, NULL, 0 },
1263 /* 0xff */ { NULL, NULL, 0 }
1267 /*******************************************************************
1268 allocate and initialize a reply packet
1269 ********************************************************************/
1271 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1272 const char *inbuf, char **outbuf, uint8_t num_words,
1276 * Protect against integer wrap
1278 if ((num_bytes > 0xffffff)
1279 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1281 if (asprintf(&msg, "num_bytes too large: %u",
1282 (unsigned)num_bytes) == -1) {
1283 msg = discard_const_p(char, "num_bytes too large");
1288 *outbuf = talloc_array(mem_ctx, char,
1289 smb_size + num_words*2 + num_bytes);
1290 if (*outbuf == NULL) {
1294 construct_reply_common(req, inbuf, *outbuf);
1295 srv_set_message(*outbuf, num_words, num_bytes, false);
1297 * Zero out the word area, the caller has to take care of the bcc area
1300 if (num_words != 0) {
1301 memset(*outbuf + smb_vwv0, 0, num_words*2);
1307 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1310 if (!create_outbuf(req, req, (const char *)req->inbuf, &outbuf, num_words,
1312 smb_panic("could not allocate output buffer\n");
1314 req->outbuf = (uint8_t *)outbuf;
1318 /*******************************************************************
1319 Dump a packet to a file.
1320 ********************************************************************/
1322 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1326 if (DEBUGLEVEL < 50) {
1330 if (len < 4) len = smb_len(data)+4;
1331 for (i=1;i<100;i++) {
1332 if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1333 type ? "req" : "resp") == -1) {
1336 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1337 if (fd != -1 || errno != EEXIST) break;
1340 ssize_t ret = write(fd, data, len);
1342 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1344 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1349 /****************************************************************************
1350 Prepare everything for calling the actual request function, and potentially
1351 call the request function via the "new" interface.
1353 Return False if the "legacy" function needs to be called, everything is
1356 Return True if we're done.
1358 I know this API sucks, but it is the one with the least code change I could
1360 ****************************************************************************/
1362 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1366 connection_struct *conn = NULL;
1367 struct smbd_server_connection *sconn = req->sconn;
1372 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1373 * so subtract 4 from it. */
1374 if (!valid_smb_header(req->inbuf)
1375 || (size < (smb_size - 4))) {
1376 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1377 smb_len(req->inbuf)));
1378 exit_server_cleanly("Non-SMB packet");
1381 if (smb_messages[type].fn == NULL) {
1382 DEBUG(0,("Unknown message type %d!\n",type));
1383 smb_dump("Unknown", 1, (const char *)req->inbuf, size);
1384 reply_unknown_new(req, type);
1388 flags = smb_messages[type].flags;
1390 /* In share mode security we must ignore the vuid. */
1391 session_tag = (lp_security() == SEC_SHARE)
1392 ? UID_FIELD_INVALID : req->vuid;
1395 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1396 (int)sys_getpid(), (unsigned long)conn));
1398 smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf, size);
1400 /* Ensure this value is replaced in the incoming packet. */
1401 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
1404 * Ensure the correct username is in current_user_info. This is a
1405 * really ugly bugfix for problems with multiple session_setup_and_X's
1406 * being done and allowing %U and %G substitutions to work correctly.
1407 * There is a reason this code is done here, don't move it unless you
1408 * know what you're doing... :-).
1412 if (session_tag != sconn->smb1.sessions.last_session_tag) {
1413 user_struct *vuser = NULL;
1415 sconn->smb1.sessions.last_session_tag = session_tag;
1416 if(session_tag != UID_FIELD_INVALID) {
1417 vuser = get_valid_user_struct(sconn, session_tag);
1419 set_current_user_info(
1420 vuser->session_info->unix_info->sanitized_username,
1421 vuser->session_info->unix_info->unix_name,
1422 vuser->session_info->info->domain_name);
1427 /* Does this call need to be run as the connected user? */
1428 if (flags & AS_USER) {
1430 /* Does this call need a valid tree connection? */
1433 * Amazingly, the error code depends on the command
1436 if (type == SMBntcreateX) {
1437 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1439 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1444 if (!change_to_user(conn,session_tag)) {
1445 DEBUG(0, ("Error: Could not change to user. Removing "
1446 "deferred open, mid=%llu.\n",
1447 (unsigned long long)req->mid));
1448 reply_force_doserror(req, ERRSRV, ERRbaduid);
1452 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1454 /* Does it need write permission? */
1455 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1456 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1460 /* IPC services are limited */
1461 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1462 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1466 /* This call needs to be run as root */
1467 change_to_root_user();
1470 /* load service specific parameters */
1472 if (req->encrypted) {
1473 conn->encrypted_tid = true;
1474 /* encrypted required from now on. */
1475 conn->encrypt_level = Required;
1476 } else if (ENCRYPTION_REQUIRED(conn)) {
1477 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1478 exit_server_cleanly("encryption required "
1484 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1485 (flags & (AS_USER|DO_CHDIR)
1487 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1490 conn->num_smb_operations++;
1493 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
1495 if (raddr == NULL) {
1496 reply_nterror(req, NT_STATUS_NO_MEMORY);
1500 /* does this protocol need to be run as guest? */
1501 if ((flags & AS_GUEST)
1502 && (!change_to_guest() ||
1503 !allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
1504 sconn->remote_hostname,
1506 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1510 smb_messages[type].fn(req);
1514 /****************************************************************************
1515 Construct a reply to the incoming packet.
1516 ****************************************************************************/
1518 static void construct_reply(struct smbd_server_connection *sconn,
1519 char *inbuf, int size, size_t unread_bytes,
1520 uint32_t seqnum, bool encrypted,
1521 struct smb_perfcount_data *deferred_pcd)
1523 connection_struct *conn;
1524 struct smb_request *req;
1526 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1527 smb_panic("could not allocate smb_request");
1530 if (!init_smb_request(req, sconn, (uint8 *)inbuf, unread_bytes,
1531 encrypted, seqnum)) {
1532 exit_server_cleanly("Invalid SMB request");
1535 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1537 /* we popped this message off the queue - keep original perf data */
1539 req->pcd = *deferred_pcd;
1541 SMB_PERFCOUNT_START(&req->pcd);
1542 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1543 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1546 conn = switch_message(req->cmd, req, size);
1548 if (req->unread_bytes) {
1549 /* writeX failed. drain socket. */
1550 if (drain_socket(req->sconn->sock, req->unread_bytes) !=
1551 req->unread_bytes) {
1552 smb_panic("failed to drain pending bytes");
1554 req->unread_bytes = 0;
1562 if (req->outbuf == NULL) {
1566 if (CVAL(req->outbuf,0) == 0) {
1567 show_msg((char *)req->outbuf);
1570 if (!srv_send_smb(req->sconn,
1571 (char *)req->outbuf,
1572 true, req->seqnum+1,
1573 IS_CONN_ENCRYPTED(conn)||req->encrypted,
1575 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1583 /****************************************************************************
1584 Process an smb from the client
1585 ****************************************************************************/
1586 static void process_smb(struct smbd_server_connection *sconn,
1587 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1588 uint32_t seqnum, bool encrypted,
1589 struct smb_perfcount_data *deferred_pcd)
1591 int msg_type = CVAL(inbuf,0);
1593 DO_PROFILE_INC(smb_count);
1595 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1597 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1598 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
1600 if (msg_type != NBSSmessage) {
1602 * NetBIOS session request, keepalive, etc.
1604 reply_special(sconn, (char *)inbuf, nread);
1608 if (sconn->using_smb2) {
1609 /* At this point we're not really using smb2,
1610 * we make the decision here.. */
1611 if (smbd_is_smb2_header(inbuf, nread)) {
1612 smbd_smb2_first_negprot(sconn, inbuf, nread);
1614 } else if (nread >= smb_size && valid_smb_header(inbuf)
1615 && CVAL(inbuf, smb_com) != 0x72) {
1616 /* This is a non-negprot SMB1 packet.
1617 Disable SMB2 from now on. */
1618 sconn->using_smb2 = false;
1622 show_msg((char *)inbuf);
1624 construct_reply(sconn, (char *)inbuf, nread, unread_bytes, seqnum,
1625 encrypted, deferred_pcd);
1629 sconn->num_requests++;
1631 /* The timeout_processing function isn't run nearly
1632 often enough to implement 'max log size' without
1633 overrunning the size of the file by many megabytes.
1634 This is especially true if we are running at debug
1635 level 10. Checking every 50 SMBs is a nice
1636 tradeoff of performance vs log file size overrun. */
1638 if ((sconn->num_requests % 50) == 0 &&
1639 need_to_check_log_size()) {
1640 change_to_root_user();
1645 /****************************************************************************
1646 Return a string containing the function name of a SMB command.
1647 ****************************************************************************/
1649 const char *smb_fn_name(int type)
1651 const char *unknown_name = "SMBunknown";
1653 if (smb_messages[type].name == NULL)
1654 return(unknown_name);
1656 return(smb_messages[type].name);
1659 /****************************************************************************
1660 Helper functions for contruct_reply.
1661 ****************************************************************************/
1663 void add_to_common_flags2(uint32 v)
1668 void remove_from_common_flags2(uint32 v)
1670 common_flags2 &= ~v;
1673 static void construct_reply_common(struct smb_request *req, const char *inbuf,
1676 srv_set_message(outbuf,0,0,false);
1678 SCVAL(outbuf, smb_com, req->cmd);
1679 SIVAL(outbuf,smb_rcls,0);
1680 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1681 SSVAL(outbuf,smb_flg2,
1682 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1684 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1686 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1687 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1688 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1689 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1692 void construct_reply_common_req(struct smb_request *req, char *outbuf)
1694 construct_reply_common(req, (const char *)req->inbuf, outbuf);
1698 * How many bytes have we already accumulated up to the current wct field
1702 size_t req_wct_ofs(struct smb_request *req)
1706 if (req->chain_outbuf == NULL) {
1709 buf_size = talloc_get_size(req->chain_outbuf);
1710 if ((buf_size % 4) != 0) {
1711 buf_size += (4 - (buf_size % 4));
1713 return buf_size - 4;
1717 * Hack around reply_nterror & friends not being aware of chained requests,
1718 * generating illegal (i.e. wct==0) chain replies.
1721 static void fixup_chain_error_packet(struct smb_request *req)
1723 uint8_t *outbuf = req->outbuf;
1725 reply_outbuf(req, 2, 0);
1726 memcpy(req->outbuf, outbuf, smb_wct);
1727 TALLOC_FREE(outbuf);
1728 SCVAL(req->outbuf, smb_vwv0, 0xff);
1732 * @brief Find the smb_cmd offset of the last command pushed
1733 * @param[in] buf The buffer we're building up
1734 * @retval Where can we put our next andx cmd?
1736 * While chaining requests, the "next" request we're looking at needs to put
1737 * its SMB_Command before the data the previous request already built up added
1738 * to the chain. Find the offset to the place where we have to put our cmd.
1741 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
1746 cmd = CVAL(buf, smb_com);
1748 SMB_ASSERT(is_andx_req(cmd));
1752 while (CVAL(buf, ofs) != 0xff) {
1754 if (!is_andx_req(CVAL(buf, ofs))) {
1759 * ofs is from start of smb header, so add the 4 length
1760 * bytes. The next cmd is right after the wct field.
1762 ofs = SVAL(buf, ofs+2) + 4 + 1;
1764 SMB_ASSERT(ofs+4 < talloc_get_size(buf));
1772 * @brief Do the smb chaining at a buffer level
1773 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
1774 * @param[in] smb_command The command that we want to issue
1775 * @param[in] wct How many words?
1776 * @param[in] vwv The words, already in network order
1777 * @param[in] bytes_alignment How shall we align "bytes"?
1778 * @param[in] num_bytes How many bytes?
1779 * @param[in] bytes The data the request ships
1781 * smb_splice_chain() adds the vwv and bytes to the request already present in
1785 static bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
1786 uint8_t wct, const uint16_t *vwv,
1787 size_t bytes_alignment,
1788 uint32_t num_bytes, const uint8_t *bytes)
1791 size_t old_size, new_size;
1793 size_t chain_padding = 0;
1794 size_t bytes_padding = 0;
1797 old_size = talloc_get_size(*poutbuf);
1800 * old_size == smb_wct means we're pushing the first request in for
1804 first_request = (old_size == smb_wct);
1806 if (!first_request && ((old_size % 4) != 0)) {
1808 * Align the wct field of subsequent requests to a 4-byte
1811 chain_padding = 4 - (old_size % 4);
1815 * After the old request comes the new wct field (1 byte), the vwv's
1816 * and the num_bytes field. After at we might need to align the bytes
1817 * given to us to "bytes_alignment", increasing the num_bytes value.
1820 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
1822 if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
1823 bytes_padding = bytes_alignment - (new_size % bytes_alignment);
1826 new_size += bytes_padding + num_bytes;
1828 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
1829 DEBUG(1, ("splice_chain: %u bytes won't fit\n",
1830 (unsigned)new_size));
1834 outbuf = talloc_realloc(NULL, *poutbuf, uint8_t, new_size);
1835 if (outbuf == NULL) {
1836 DEBUG(0, ("talloc failed\n"));
1841 if (first_request) {
1842 SCVAL(outbuf, smb_com, smb_command);
1844 size_t andx_cmd_ofs;
1846 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
1847 DEBUG(1, ("invalid command chain\n"));
1848 *poutbuf = talloc_realloc(
1849 NULL, *poutbuf, uint8_t, old_size);
1853 if (chain_padding != 0) {
1854 memset(outbuf + old_size, 0, chain_padding);
1855 old_size += chain_padding;
1858 SCVAL(outbuf, andx_cmd_ofs, smb_command);
1859 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
1865 * Push the chained request:
1870 SCVAL(outbuf, ofs, wct);
1877 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
1878 ofs += sizeof(uint16_t) * wct;
1884 SSVAL(outbuf, ofs, num_bytes + bytes_padding);
1885 ofs += sizeof(uint16_t);
1891 if (bytes_padding != 0) {
1892 memset(outbuf + ofs, 0, bytes_padding);
1893 ofs += bytes_padding;
1900 memcpy(outbuf + ofs, bytes, num_bytes);
1905 /****************************************************************************
1906 Construct a chained reply and add it to the already made reply
1907 ****************************************************************************/
1909 void chain_reply(struct smb_request *req)
1911 size_t smblen = smb_len(req->inbuf);
1912 size_t already_used, length_needed;
1914 uint32_t chain_offset; /* uint32_t to avoid overflow */
1917 const uint16_t *vwv;
1921 if (IVAL(req->outbuf, smb_rcls) != 0) {
1922 fixup_chain_error_packet(req);
1926 * Any of the AndX requests and replies have at least a wct of
1927 * 2. vwv[0] is the next command, vwv[1] is the offset from the
1928 * beginning of the SMB header to the next wct field.
1930 * None of the AndX requests put anything valuable in vwv[0] and [1],
1931 * so we can overwrite it here to form the chain.
1934 if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
1935 if (req->chain_outbuf == NULL) {
1936 req->chain_outbuf = talloc_realloc(
1937 req, req->outbuf, uint8_t,
1938 smb_len(req->outbuf) + 4);
1939 if (req->chain_outbuf == NULL) {
1940 smb_panic("talloc failed");
1948 * Here we assume that this is the end of the chain. For that we need
1949 * to set "next command" to 0xff and the offset to 0. If we later find
1950 * more commands in the chain, this will be overwritten again.
1953 SCVAL(req->outbuf, smb_vwv0, 0xff);
1954 SCVAL(req->outbuf, smb_vwv0+1, 0);
1955 SSVAL(req->outbuf, smb_vwv1, 0);
1957 if (req->chain_outbuf == NULL) {
1959 * In req->chain_outbuf we collect all the replies. Start the
1960 * chain by copying in the first reply.
1962 * We do the realloc because later on we depend on
1963 * talloc_get_size to determine the length of
1964 * chain_outbuf. The reply_xxx routines might have
1965 * over-allocated (reply_pipe_read_and_X used to be such an
1968 req->chain_outbuf = talloc_realloc(
1969 req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
1970 if (req->chain_outbuf == NULL) {
1971 smb_panic("talloc failed");
1976 * Update smb headers where subsequent chained commands
1977 * may have updated them.
1979 SSVAL(req->chain_outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
1980 SSVAL(req->chain_outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
1982 if (!smb_splice_chain(&req->chain_outbuf,
1983 CVAL(req->outbuf, smb_com),
1984 CVAL(req->outbuf, smb_wct),
1985 (uint16_t *)(req->outbuf + smb_vwv),
1986 0, smb_buflen(req->outbuf),
1987 (uint8_t *)smb_buf(req->outbuf))) {
1990 TALLOC_FREE(req->outbuf);
1994 * We use the old request's vwv field to grab the next chained command
1995 * and offset into the chained fields.
1998 chain_cmd = CVAL(req->vwv+0, 0);
1999 chain_offset = SVAL(req->vwv+1, 0);
2001 if (chain_cmd == 0xff) {
2003 * End of chain, no more requests from the client. So ship the
2006 smb_setlen((char *)(req->chain_outbuf),
2007 talloc_get_size(req->chain_outbuf) - 4);
2009 if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
2010 true, req->seqnum+1,
2011 IS_CONN_ENCRYPTED(req->conn)
2014 exit_server_cleanly("chain_reply: srv_send_smb "
2017 TALLOC_FREE(req->chain_outbuf);
2022 /* add a new perfcounter for this element of chain */
2023 SMB_PERFCOUNT_ADD(&req->pcd);
2024 SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd);
2025 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen);
2028 * Check if the client tries to fool us. The chain offset
2029 * needs to point beyond the current request in the chain, it
2030 * needs to strictly grow. Otherwise we might be tricked into
2031 * an endless loop always processing the same request over and
2032 * over again. We used to assume that vwv and the byte buffer
2033 * array in a chain are always attached, but OS/2 the
2034 * Write&X/Read&X chain puts the Read&X vwv array right behind
2035 * the Write&X vwv chain. The Write&X bcc array is put behind
2036 * the Read&X vwv array. So now we check whether the chain
2037 * offset points strictly behind the previous vwv
2038 * array. req->buf points right after the vwv array of the
2039 * previous request. See
2040 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for more
2044 already_used = PTR_DIFF(req->buf, smb_base(req->inbuf));
2045 if (chain_offset <= already_used) {
2050 * Next check: Make sure the chain offset does not point beyond the
2051 * overall smb request length.
2054 length_needed = chain_offset+1; /* wct */
2055 if (length_needed > smblen) {
2060 * Now comes the pointer magic. Goal here is to set up req->vwv and
2061 * req->buf correctly again to be able to call the subsequent
2062 * switch_message(). The chain offset (the former vwv[1]) points at
2063 * the new wct field.
2066 wct = CVAL(smb_base(req->inbuf), chain_offset);
2069 * Next consistency check: Make the new vwv array fits in the overall
2073 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
2074 if (length_needed > smblen) {
2077 vwv = (const uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
2080 * Now grab the new byte buffer....
2083 buflen = SVAL(vwv+wct, 0);
2086 * .. and check that it fits.
2089 length_needed += buflen;
2090 if (length_needed > smblen) {
2093 buf = (const uint8_t *)(vwv+wct+1);
2095 req->cmd = chain_cmd;
2097 req->vwv = discard_const_p(uint16_t, vwv);
2098 req->buflen = buflen;
2101 switch_message(chain_cmd, req, smblen);
2103 if (req->outbuf == NULL) {
2105 * This happens if the chained command has suspended itself or
2106 * if it has called srv_send_smb() itself.
2112 * We end up here if the chained command was not itself chained or
2113 * suspended, but for example a close() command. We now need to splice
2114 * the chained commands' outbuf into the already built up chain_outbuf
2115 * and ship the result.
2121 * We end up here if there's any error in the chain syntax. Report a
2122 * DOS error, just like Windows does.
2124 reply_force_doserror(req, ERRSRV, ERRerror);
2125 fixup_chain_error_packet(req);
2129 * This scary statement intends to set the
2130 * FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf
2131 * to the value req->outbuf carries
2133 SSVAL(req->chain_outbuf, smb_flg2,
2134 (SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
2135 | (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
2138 * Transfer the error codes from the subrequest to the main one
2140 SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
2141 SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err));
2143 if (!smb_splice_chain(&req->chain_outbuf,
2144 CVAL(req->outbuf, smb_com),
2145 CVAL(req->outbuf, smb_wct),
2146 (uint16_t *)(req->outbuf + smb_vwv),
2147 0, smb_buflen(req->outbuf),
2148 (uint8_t *)smb_buf(req->outbuf))) {
2149 exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
2151 TALLOC_FREE(req->outbuf);
2153 smb_setlen((char *)(req->chain_outbuf),
2154 talloc_get_size(req->chain_outbuf) - 4);
2156 show_msg((char *)(req->chain_outbuf));
2158 if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
2159 true, req->seqnum+1,
2160 IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
2162 exit_server_cleanly("chain_reply: srv_send_smb failed.");
2164 TALLOC_FREE(req->chain_outbuf);
2168 /****************************************************************************
2169 Check if services need reloading.
2170 ****************************************************************************/
2172 static void check_reload(struct smbd_server_connection *sconn, time_t t)
2175 if (last_smb_conf_reload_time == 0) {
2176 last_smb_conf_reload_time = t;
2179 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2180 reload_services(sconn->msg_ctx, sconn->sock, True);
2181 last_smb_conf_reload_time = t;
2185 static bool fd_is_readable(int fd)
2189 ret = poll_one_fd(fd, POLLIN|POLLHUP, 0, &revents);
2191 return ((ret > 0) && ((revents & (POLLIN|POLLHUP|POLLERR)) != 0));
2195 static void smbd_server_connection_write_handler(
2196 struct smbd_server_connection *sconn)
2198 /* TODO: make write nonblocking */
2201 static void smbd_server_connection_read_handler(
2202 struct smbd_server_connection *sconn, int fd)
2204 uint8_t *inbuf = NULL;
2205 size_t inbuf_len = 0;
2206 size_t unread_bytes = 0;
2207 bool encrypted = false;
2208 TALLOC_CTX *mem_ctx = talloc_tos();
2212 bool from_client = (sconn->sock == fd);
2215 smbd_lock_socket(sconn);
2217 if (lp_async_smb_echo_handler()) {
2219 if (fd_is_readable(sconn->smb1.echo_handler.trusted_fd)) {
2221 * This is the super-ugly hack to
2222 * prefer the packets forwarded by the
2223 * echo handler over the ones by the
2226 fd = sconn->smb1.echo_handler.trusted_fd;
2227 } else if (!fd_is_readable(fd)) {
2228 DEBUG(10,("the echo listener was faster\n"));
2229 smbd_unlock_socket(sconn);
2234 /* TODO: make this completely nonblocking */
2235 status = receive_smb_talloc(mem_ctx, sconn, fd,
2236 (char **)(void *)&inbuf,
2240 &inbuf_len, &seqnum,
2241 false /* trusted channel */);
2242 smbd_unlock_socket(sconn);
2244 /* TODO: make this completely nonblocking */
2245 status = receive_smb_talloc(mem_ctx, sconn, fd,
2246 (char **)(void *)&inbuf,
2250 &inbuf_len, &seqnum,
2251 true /* trusted channel */);
2254 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2257 if (NT_STATUS_IS_ERR(status)) {
2258 exit_server_cleanly("failed to receive smb request");
2260 if (!NT_STATUS_IS_OK(status)) {
2265 process_smb(sconn, inbuf, inbuf_len, unread_bytes,
2266 seqnum, encrypted, NULL);
2269 static void smbd_server_connection_handler(struct event_context *ev,
2270 struct fd_event *fde,
2274 struct smbd_server_connection *conn = talloc_get_type(private_data,
2275 struct smbd_server_connection);
2277 if (flags & EVENT_FD_WRITE) {
2278 smbd_server_connection_write_handler(conn);
2281 if (flags & EVENT_FD_READ) {
2282 smbd_server_connection_read_handler(conn, conn->sock);
2287 static void smbd_server_echo_handler(struct event_context *ev,
2288 struct fd_event *fde,
2292 struct smbd_server_connection *conn = talloc_get_type(private_data,
2293 struct smbd_server_connection);
2295 if (flags & EVENT_FD_WRITE) {
2296 smbd_server_connection_write_handler(conn);
2299 if (flags & EVENT_FD_READ) {
2300 smbd_server_connection_read_handler(
2301 conn, conn->smb1.echo_handler.trusted_fd);
2306 #ifdef CLUSTER_SUPPORT
2307 /****************************************************************************
2308 received when we should release a specific IP
2309 ****************************************************************************/
2310 static void release_ip(const char *ip, void *priv)
2312 const char *addr = (const char *)priv;
2313 const char *p = addr;
2315 if (strncmp("::ffff:", addr, 7) == 0) {
2319 DEBUG(10, ("Got release IP message for %s, "
2320 "our address is %s\n", ip, p));
2322 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2323 /* we can't afford to do a clean exit - that involves
2324 database writes, which would potentially mean we
2325 are still running after the failover has finished -
2326 we have to get rid of this process ID straight
2328 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2330 /* note we must exit with non-zero status so the unclean handler gets
2331 called in the parent, so that the brl database is tickled */
2336 static int client_get_tcp_info(int sock, struct sockaddr_storage *server,
2337 struct sockaddr_storage *client)
2340 length = sizeof(*server);
2341 if (getsockname(sock, (struct sockaddr *)server, &length) != 0) {
2344 length = sizeof(*client);
2345 if (getpeername(sock, (struct sockaddr *)client, &length) != 0) {
2353 * Send keepalive packets to our client
2355 static bool keepalive_fn(const struct timeval *now, void *private_data)
2357 struct smbd_server_connection *sconn = smbd_server_conn;
2360 if (sconn->using_smb2) {
2361 /* Don't do keepalives on an SMB2 connection. */
2365 smbd_lock_socket(smbd_server_conn);
2366 ret = send_keepalive(sconn->sock);
2367 smbd_unlock_socket(smbd_server_conn);
2370 char addr[INET6_ADDRSTRLEN];
2372 * Try and give an error message saying what
2375 DEBUG(0, ("send_keepalive failed for client %s. "
2376 "Error %s - exiting\n",
2377 get_peer_addr(sconn->sock, addr, sizeof(addr)),
2385 * Do the recurring check if we're idle
2387 static bool deadtime_fn(const struct timeval *now, void *private_data)
2389 struct smbd_server_connection *sconn =
2390 (struct smbd_server_connection *)private_data;
2392 if ((conn_num_open(sconn) == 0)
2393 || (conn_idle_all(sconn, now->tv_sec))) {
2394 DEBUG( 2, ( "Closing idle connection\n" ) );
2395 messaging_send(sconn->msg_ctx,
2396 messaging_server_id(sconn->msg_ctx),
2397 MSG_SHUTDOWN, &data_blob_null);
2405 * Do the recurring log file and smb.conf reload checks.
2408 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2410 struct smbd_server_connection *sconn = talloc_get_type_abort(
2411 private_data, struct smbd_server_connection);
2413 DEBUG(5, ("housekeeping\n"));
2415 change_to_root_user();
2417 /* update printer queue caches if necessary */
2418 update_monitored_printq_cache(sconn->msg_ctx);
2420 /* check if we need to reload services */
2421 check_reload(sconn, time_mono(NULL));
2423 /* Change machine password if neccessary. */
2424 attempt_machine_password_change();
2427 * Force a log file check.
2429 force_check_log_size();
2435 * Read an smb packet in the echo handler child, giving the parent
2436 * smbd one second to react once the socket becomes readable.
2439 struct smbd_echo_read_state {
2440 struct tevent_context *ev;
2441 struct smbd_server_connection *sconn;
2448 static void smbd_echo_read_readable(struct tevent_req *subreq);
2449 static void smbd_echo_read_waited(struct tevent_req *subreq);
2451 static struct tevent_req *smbd_echo_read_send(
2452 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
2453 struct smbd_server_connection *sconn)
2455 struct tevent_req *req, *subreq;
2456 struct smbd_echo_read_state *state;
2458 req = tevent_req_create(mem_ctx, &state,
2459 struct smbd_echo_read_state);
2464 state->sconn = sconn;
2466 subreq = wait_for_read_send(state, ev, sconn->sock);
2467 if (tevent_req_nomem(subreq, req)) {
2468 return tevent_req_post(req, ev);
2470 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2474 static void smbd_echo_read_readable(struct tevent_req *subreq)
2476 struct tevent_req *req = tevent_req_callback_data(
2477 subreq, struct tevent_req);
2478 struct smbd_echo_read_state *state = tevent_req_data(
2479 req, struct smbd_echo_read_state);
2483 ok = wait_for_read_recv(subreq, &err);
2484 TALLOC_FREE(subreq);
2486 tevent_req_nterror(req, map_nt_error_from_unix(err));
2491 * Give the parent smbd one second to step in
2494 subreq = tevent_wakeup_send(
2495 state, state->ev, timeval_current_ofs(1, 0));
2496 if (tevent_req_nomem(subreq, req)) {
2499 tevent_req_set_callback(subreq, smbd_echo_read_waited, req);
2502 static void smbd_echo_read_waited(struct tevent_req *subreq)
2504 struct tevent_req *req = tevent_req_callback_data(
2505 subreq, struct tevent_req);
2506 struct smbd_echo_read_state *state = tevent_req_data(
2507 req, struct smbd_echo_read_state);
2508 struct smbd_server_connection *sconn = state->sconn;
2514 ok = tevent_wakeup_recv(subreq);
2515 TALLOC_FREE(subreq);
2517 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
2521 ok = smbd_lock_socket_internal(sconn);
2523 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2524 DEBUG(0, ("%s: failed to lock socket\n", __location__));
2528 if (!fd_is_readable(sconn->sock)) {
2529 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
2530 (int)sys_getpid()));
2532 ok = smbd_unlock_socket_internal(sconn);
2534 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2535 DEBUG(1, ("%s: failed to unlock socket\n",
2540 subreq = wait_for_read_send(state, state->ev, sconn->sock);
2541 if (tevent_req_nomem(subreq, req)) {
2544 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2548 status = receive_smb_talloc(state, sconn, sconn->sock, &state->buf,
2554 false /* trusted_channel*/);
2556 if (tevent_req_nterror(req, status)) {
2557 tevent_req_nterror(req, status);
2558 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
2559 (int)sys_getpid(), nt_errstr(status)));
2563 ok = smbd_unlock_socket_internal(sconn);
2565 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2566 DEBUG(1, ("%s: failed to unlock socket\n", __location__));
2569 tevent_req_done(req);
2572 static NTSTATUS smbd_echo_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2573 char **pbuf, size_t *pbuflen, uint32_t *pseqnum)
2575 struct smbd_echo_read_state *state = tevent_req_data(
2576 req, struct smbd_echo_read_state);
2579 if (tevent_req_is_nterror(req, &status)) {
2582 *pbuf = talloc_move(mem_ctx, &state->buf);
2583 *pbuflen = state->buflen;
2584 *pseqnum = state->seqnum;
2585 return NT_STATUS_OK;
2588 struct smbd_echo_state {
2589 struct tevent_context *ev;
2590 struct iovec *pending;
2591 struct smbd_server_connection *sconn;
2594 struct tevent_fd *parent_fde;
2596 struct tevent_req *write_req;
2599 static void smbd_echo_writer_done(struct tevent_req *req);
2601 static void smbd_echo_activate_writer(struct smbd_echo_state *state)
2605 if (state->write_req != NULL) {
2609 num_pending = talloc_array_length(state->pending);
2610 if (num_pending == 0) {
2614 state->write_req = writev_send(state, state->ev, NULL,
2615 state->parent_pipe, false,
2616 state->pending, num_pending);
2617 if (state->write_req == NULL) {
2618 DEBUG(1, ("writev_send failed\n"));
2622 talloc_steal(state->write_req, state->pending);
2623 state->pending = NULL;
2625 tevent_req_set_callback(state->write_req, smbd_echo_writer_done,
2629 static void smbd_echo_writer_done(struct tevent_req *req)
2631 struct smbd_echo_state *state = tevent_req_callback_data(
2632 req, struct smbd_echo_state);
2636 written = writev_recv(req, &err);
2638 state->write_req = NULL;
2639 if (written == -1) {
2640 DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
2643 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)sys_getpid()));
2644 smbd_echo_activate_writer(state);
2647 static bool smbd_echo_reply(uint8_t *inbuf, size_t inbuf_len,
2650 struct smb_request req;
2651 uint16_t num_replies;
2656 if ((inbuf_len == 4) && (CVAL(inbuf, 0) == NBSSkeepalive)) {
2657 DEBUG(10, ("Got netbios keepalive\n"));
2664 if (inbuf_len < smb_size) {
2665 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
2668 if (!valid_smb_header(inbuf)) {
2669 DEBUG(10, ("Got invalid SMB header\n"));
2673 if (!init_smb_request(&req, smbd_server_conn, inbuf, 0, false,
2679 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req.cmd,
2680 smb_messages[req.cmd].name
2681 ? smb_messages[req.cmd].name : "unknown"));
2683 if (req.cmd != SMBecho) {
2690 num_replies = SVAL(req.vwv+0, 0);
2691 if (num_replies != 1) {
2692 /* Not a Windows "Hey, you're still there?" request */
2696 if (!create_outbuf(talloc_tos(), &req, (const char *)req.inbuf, &outbuf,
2698 DEBUG(10, ("create_outbuf failed\n"));
2701 req.outbuf = (uint8_t *)outbuf;
2703 SSVAL(req.outbuf, smb_vwv0, num_replies);
2705 if (req.buflen > 0) {
2706 memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
2709 out_len = smb_len(req.outbuf) + 4;
2711 ok = srv_send_smb(req.sconn,
2715 TALLOC_FREE(outbuf);
2723 static void smbd_echo_exit(struct tevent_context *ev,
2724 struct tevent_fd *fde, uint16_t flags,
2727 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
2731 static void smbd_echo_got_packet(struct tevent_req *req);
2733 static void smbd_echo_loop(struct smbd_server_connection *sconn,
2736 struct smbd_echo_state *state;
2737 struct tevent_req *read_req;
2739 state = talloc_zero(sconn, struct smbd_echo_state);
2740 if (state == NULL) {
2741 DEBUG(1, ("talloc failed\n"));
2744 state->sconn = sconn;
2745 state->parent_pipe = parent_pipe;
2746 state->ev = s3_tevent_context_init(state);
2747 if (state->ev == NULL) {
2748 DEBUG(1, ("tevent_context_init failed\n"));
2752 state->parent_fde = tevent_add_fd(state->ev, state, parent_pipe,
2753 TEVENT_FD_READ, smbd_echo_exit,
2755 if (state->parent_fde == NULL) {
2756 DEBUG(1, ("tevent_add_fd failed\n"));
2761 read_req = smbd_echo_read_send(state, state->ev, sconn);
2762 if (read_req == NULL) {
2763 DEBUG(1, ("smbd_echo_read_send failed\n"));
2767 tevent_req_set_callback(read_req, smbd_echo_got_packet, state);
2770 if (tevent_loop_once(state->ev) == -1) {
2771 DEBUG(1, ("tevent_loop_once failed: %s\n",
2779 static void smbd_echo_got_packet(struct tevent_req *req)
2781 struct smbd_echo_state *state = tevent_req_callback_data(
2782 req, struct smbd_echo_state);
2786 uint32_t seqnum = 0;
2789 status = smbd_echo_read_recv(req, state, &buf, &buflen, &seqnum);
2791 if (!NT_STATUS_IS_OK(status)) {
2792 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
2793 nt_errstr(status)));
2797 reply = smbd_echo_reply((uint8_t *)buf, buflen, seqnum);
2803 num_pending = talloc_array_length(state->pending);
2804 tmp = talloc_realloc(state, state->pending, struct iovec,
2807 DEBUG(1, ("talloc_realloc failed\n"));
2810 state->pending = tmp;
2812 if (buflen >= smb_size) {
2814 * place the seqnum in the packet so that the main process
2815 * can reply with signing
2817 SIVAL(buf, smb_ss_field, seqnum);
2818 SIVAL(buf, smb_ss_field+4, NT_STATUS_V(NT_STATUS_OK));
2821 iov = &state->pending[num_pending];
2822 iov->iov_base = buf;
2823 iov->iov_len = buflen;
2825 DEBUG(10,("echo_handler[%d]: forward to main\n",
2826 (int)sys_getpid()));
2827 smbd_echo_activate_writer(state);
2830 req = smbd_echo_read_send(state, state->ev, state->sconn);
2832 DEBUG(1, ("smbd_echo_read_send failed\n"));
2835 tevent_req_set_callback(req, smbd_echo_got_packet, state);
2840 * Handle SMBecho requests in a forked child process
2842 bool fork_echo_handler(struct smbd_server_connection *sconn)
2844 int listener_pipe[2];
2848 res = pipe(listener_pipe);
2850 DEBUG(1, ("pipe() failed: %s\n", strerror(errno)));
2853 sconn->smb1.echo_handler.socket_lock_fd = create_unlink_tmp(lp_lockdir());
2854 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
2855 DEBUG(1, ("Could not create lock fd: %s\n", strerror(errno)));
2863 close(listener_pipe[0]);
2864 set_blocking(listener_pipe[1], false);
2866 status = reinit_after_fork(sconn->msg_ctx,
2867 server_event_context(),
2868 procid_self(), false);
2869 if (!NT_STATUS_IS_OK(status)) {
2870 DEBUG(1, ("reinit_after_fork failed: %s\n",
2871 nt_errstr(status)));
2874 smbd_echo_loop(sconn, listener_pipe[1]);
2877 close(listener_pipe[1]);
2878 listener_pipe[1] = -1;
2879 sconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
2881 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)sys_getpid(), child));
2884 * Without smb signing this is the same as the normal smbd
2885 * listener. This needs to change once signing comes in.
2887 sconn->smb1.echo_handler.trusted_fde = event_add_fd(server_event_context(),
2889 sconn->smb1.echo_handler.trusted_fd,
2891 smbd_server_echo_handler,
2893 if (sconn->smb1.echo_handler.trusted_fde == NULL) {
2894 DEBUG(1, ("event_add_fd failed\n"));
2901 if (listener_pipe[0] != -1) {
2902 close(listener_pipe[0]);
2904 if (listener_pipe[1] != -1) {
2905 close(listener_pipe[1]);
2907 sconn->smb1.echo_handler.trusted_fd = -1;
2908 if (sconn->smb1.echo_handler.socket_lock_fd != -1) {
2909 close(sconn->smb1.echo_handler.socket_lock_fd);
2911 sconn->smb1.echo_handler.trusted_fd = -1;
2912 sconn->smb1.echo_handler.socket_lock_fd = -1;
2918 static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn,
2919 struct sockaddr_storage *srv,
2920 struct sockaddr_storage *clnt)
2922 struct ctdbd_connection *cconn;
2923 char tmp_addr[INET6_ADDRSTRLEN];
2926 cconn = messaging_ctdbd_connection();
2927 if (cconn == NULL) {
2928 return NT_STATUS_NO_MEMORY;
2931 client_socket_addr(sconn->sock, tmp_addr, sizeof(tmp_addr));
2932 addr = talloc_strdup(cconn, tmp_addr);
2934 return NT_STATUS_NO_MEMORY;
2936 return ctdbd_register_ips(cconn, srv, clnt, release_ip, addr);
2941 /****************************************************************************
2942 Process commands from the client
2943 ****************************************************************************/
2945 void smbd_process(struct tevent_context *ev_ctx,
2946 struct smbd_server_connection *sconn)
2948 TALLOC_CTX *frame = talloc_stackframe();
2949 struct sockaddr_storage ss;
2950 struct sockaddr *sa = NULL;
2951 socklen_t sa_socklen;
2952 struct tsocket_address *local_address = NULL;
2953 struct tsocket_address *remote_address = NULL;
2954 const char *remaddr = NULL;
2958 if (lp_maxprotocol() >= PROTOCOL_SMB2_02) {
2960 * We're not making the decision here,
2961 * we're just allowing the client
2962 * to decide between SMB1 and SMB2
2963 * with the first negprot
2966 sconn->using_smb2 = true;
2969 /* Ensure child is set to blocking mode */
2970 set_blocking(sconn->sock,True);
2972 set_socket_options(sconn->sock, "SO_KEEPALIVE");
2973 set_socket_options(sconn->sock, lp_socket_options());
2975 sa = (struct sockaddr *)(void *)&ss;
2976 sa_socklen = sizeof(ss);
2977 ret = getpeername(sconn->sock, sa, &sa_socklen);
2979 int level = (errno == ENOTCONN)?2:0;
2980 DEBUG(level,("getpeername() failed - %s\n", strerror(errno)));
2981 exit_server_cleanly("getpeername() failed.\n");
2983 ret = tsocket_address_bsd_from_sockaddr(sconn,
2987 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
2988 __location__, strerror(errno)));
2989 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
2992 sa = (struct sockaddr *)(void *)&ss;
2993 sa_socklen = sizeof(ss);
2994 ret = getsockname(sconn->sock, sa, &sa_socklen);
2996 int level = (errno == ENOTCONN)?2:0;
2997 DEBUG(level,("getsockname() failed - %s\n", strerror(errno)));
2998 exit_server_cleanly("getsockname() failed.\n");
3000 ret = tsocket_address_bsd_from_sockaddr(sconn,
3004 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3005 __location__, strerror(errno)));
3006 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3009 sconn->local_address = local_address;
3010 sconn->remote_address = remote_address;
3012 if (tsocket_address_is_inet(remote_address, "ip")) {
3013 remaddr = tsocket_address_inet_addr_string(
3014 sconn->remote_address,
3016 if (remaddr == NULL) {
3017 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3018 __location__, strerror(errno)));
3019 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3022 remaddr = "0.0.0.0";
3025 /* this is needed so that we get decent entries
3026 in smbstatus for port 445 connects */
3027 set_remote_machine_name(remaddr, false);
3028 reload_services(sconn->msg_ctx, sconn->sock, true);
3031 * Before the first packet, check the global hosts allow/ hosts deny
3032 * parameters before doing any parsing of packets passed to us by the
3033 * client. This prevents attacks on our parsing code from hosts not in
3034 * the hosts allow list.
3037 ret = get_remote_hostname(remote_address,
3041 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3042 __location__, strerror(errno)));
3043 exit_server_cleanly("get_remote_hostname failed.\n");
3045 if (strequal(rhost, "UNKNOWN")) {
3046 rhost = talloc_strdup(talloc_tos(), remaddr);
3048 sconn->remote_hostname = talloc_move(sconn, &rhost);
3050 if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
3051 sconn->remote_hostname,
3054 * send a negative session response "not listening on calling
3057 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
3058 DEBUG( 1, ("Connection denied from %s to %s\n",
3059 tsocket_address_string(remote_address, talloc_tos()),
3060 tsocket_address_string(local_address, talloc_tos())));
3061 (void)srv_send_smb(sconn,(char *)buf, false,
3063 exit_server_cleanly("connection denied");
3066 DEBUG(10, ("Connection allowed from %s to %s\n",
3067 tsocket_address_string(remote_address, talloc_tos()),
3068 tsocket_address_string(local_address, talloc_tos())));
3072 smb_perfcount_init();
3074 if (!init_account_policy()) {
3075 exit_server("Could not open account policy tdb.\n");
3078 if (*lp_rootdir()) {
3079 if (chroot(lp_rootdir()) != 0) {
3080 DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
3081 exit_server("Failed to chroot()");
3083 if (chdir("/") == -1) {
3084 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
3085 exit_server("Failed to chroot()");
3087 DEBUG(0,("Changed root to %s\n", lp_rootdir()));
3090 if (!srv_init_signing(sconn)) {
3091 exit_server("Failed to init smb_signing");
3095 if (!init_oplocks(sconn->msg_ctx))
3096 exit_server("Failed to init oplocks");
3098 /* register our message handlers */
3099 messaging_register(sconn->msg_ctx, NULL,
3100 MSG_SMB_FORCE_TDIS, msg_force_tdis);
3101 messaging_register(sconn->msg_ctx, NULL,
3102 MSG_SMB_CLOSE_FILE, msg_close_file);
3105 * Use the default MSG_DEBUG handler to avoid rebroadcasting
3106 * MSGs to all child processes
3108 messaging_deregister(sconn->msg_ctx,
3110 messaging_register(sconn->msg_ctx, NULL,
3111 MSG_DEBUG, debug_message);
3113 if ((lp_keepalive() != 0)
3114 && !(event_add_idle(ev_ctx, NULL,
3115 timeval_set(lp_keepalive(), 0),
3116 "keepalive", keepalive_fn,
3118 DEBUG(0, ("Could not add keepalive event\n"));
3122 if (!(event_add_idle(ev_ctx, NULL,
3123 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
3124 "deadtime", deadtime_fn, sconn))) {
3125 DEBUG(0, ("Could not add deadtime event\n"));
3129 if (!(event_add_idle(ev_ctx, NULL,
3130 timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
3131 "housekeeping", housekeeping_fn, sconn))) {
3132 DEBUG(0, ("Could not add housekeeping event\n"));
3136 #ifdef CLUSTER_SUPPORT
3138 if (lp_clustering()) {
3140 * We need to tell ctdb about our client's TCP
3141 * connection, so that for failover ctdbd can send
3142 * tickle acks, triggering a reconnection by the
3146 struct sockaddr_storage srv, clnt;
3148 if (client_get_tcp_info(sconn->sock, &srv, &clnt) == 0) {
3150 status = smbd_register_ips(sconn, &srv, &clnt);
3151 if (!NT_STATUS_IS_OK(status)) {
3152 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3153 nt_errstr(status)));
3157 DEBUG(0,("Unable to get tcp info for "
3158 "CTDB_CONTROL_TCP_CLIENT: %s\n",
3165 sconn->nbt.got_session = false;
3167 sconn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
3169 sconn->smb1.sessions.done_sesssetup = false;
3170 sconn->smb1.sessions.max_send = BUFFER_SIZE;
3171 sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
3172 /* users from session setup */
3173 sconn->smb1.sessions.session_userlist = NULL;
3174 /* workgroup from session setup. */
3175 sconn->smb1.sessions.session_workgroup = NULL;
3176 /* this holds info on user ids that are already validated for this VC */
3177 sconn->smb1.sessions.validated_users = NULL;
3178 sconn->smb1.sessions.next_vuid = VUID_OFFSET;
3179 sconn->smb1.sessions.num_validated_vuids = 0;
3182 if (!init_dptrs(sconn)) {
3183 exit_server("init_dptrs() failed");
3186 sconn->smb1.fde = event_add_fd(ev_ctx,
3190 smbd_server_connection_handler,
3192 if (!sconn->smb1.fde) {
3193 exit_server("failed to create smbd_server_connection fde");
3201 frame = talloc_stackframe_pool(8192);
3205 status = smbd_server_connection_loop_once(ev_ctx, sconn);
3206 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY) &&
3207 !NT_STATUS_IS_OK(status)) {
3208 DEBUG(3, ("smbd_server_connection_loop_once failed: %s,"
3209 " exiting\n", nt_errstr(status)));
3216 exit_server_cleanly(NULL);
git.samba.org / idra / samba.git / blob