source3/smbd/conn.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Manage connections_struct structures
   4    Copyright (C) Andrew Tridgell 1998
   5    Copyright (C) Alexander Bokovoy 2002
   6    Copyright (C) Jeremy Allison 2010
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "smbd/smbd.h"
  24 #include "smbd/globals.h"
  25 #include "lib/util/bitmap.h"
  26
  27 /* The connections bitmap is expanded in increments of BITMAP_BLOCK_SZ. The
  28  * maximum size of the bitmap is the largest positive integer, but you will hit
  29  * the "max connections" limit, looong before that.
  30  */
  31
  32 #define BITMAP_BLOCK_SZ 128
  33
  34 /****************************************************************************
  35  Init the conn structures.
  36 ****************************************************************************/
  37
  38 void conn_init(struct smbd_server_connection *sconn)
  39 {
  40         sconn->smb1.tcons.Connections = NULL;
  41         sconn->smb1.tcons.bmap = bitmap_talloc(sconn, BITMAP_BLOCK_SZ);
  42 }
  43
  44 /****************************************************************************
  45  Return the number of open connections.
  46 ****************************************************************************/
  47
  48 int conn_num_open(struct smbd_server_connection *sconn)
  49 {
  50         return sconn->num_tcons_open;
  51 }
  52
  53 /****************************************************************************
  54  Check if a snum is in use.
  55 ****************************************************************************/
  56
  57 bool conn_snum_used(struct smbd_server_connection *sconn,
  58                     int snum)
  59 {
  60         if (sconn->using_smb2) {
  61                 /* SMB2 */
  62                 struct smbd_smb2_session *sess;
  63                 for (sess = sconn->smb2.sessions.list; sess; sess = sess->next) {
  64                         struct smbd_smb2_tcon *ptcon;
  65
  66                         for (ptcon = sess->tcons.list; ptcon; ptcon = ptcon->next) {
  67                                 if (ptcon->compat_conn &&
  68                                                 ptcon->compat_conn->params &&
  69                                                 (ptcon->compat_conn->params->service = snum)) {
  70                                         return true;
  71                                 }
  72                         }
  73                 }
  74         } else {
  75                 /* SMB1 */
  76                 connection_struct *conn;
  77                 for (conn=sconn->smb1.tcons.Connections;conn;conn=conn->next) {
  78                         if (conn->params->service == snum) {
  79                                 return true;
  80                         }
  81                 }
  82         }
  83         return false;
  84 }
  85
  86 /****************************************************************************
  87  Find a conn given a cnum.
  88 ****************************************************************************/
  89
  90 connection_struct *conn_find(struct smbd_server_connection *sconn,unsigned cnum)
  91 {
  92         if (sconn->using_smb2) {
  93                 /* SMB2 */
  94                 struct smbd_smb2_session *sess;
  95                 for (sess = sconn->smb2.sessions.list; sess; sess = sess->next) {
  96                         struct smbd_smb2_tcon *ptcon;
  97
  98                         for (ptcon = sess->tcons.list; ptcon; ptcon = ptcon->next) {
  99                                 if (ptcon->compat_conn &&
 100                                                 ptcon->compat_conn->cnum == cnum) {
 101                                         return ptcon->compat_conn;
 102                                 }
 103                         }
 104                 }
 105         } else {
 106                 /* SMB1 */
 107                 int count=0;
 108                 connection_struct *conn;
 109                 for (conn=sconn->smb1.tcons.Connections;conn;conn=conn->next,count++) {
 110                         if (conn->cnum == cnum) {
 111                                 if (count > 10) {
 112                                         DLIST_PROMOTE(sconn->smb1.tcons.Connections,
 113                                                 conn);
 114                                 }
 115                                 return conn;
 116                         }
 117                 }
 118         }
 119
 120         return NULL;
 121 }
 122
 123 /****************************************************************************
 124  Find first available connection slot, starting from a random position.
 125  The randomisation stops problems with the server dieing and clients
 126  thinking the server is still available.
 127 ****************************************************************************/
 128
 129 connection_struct *conn_new(struct smbd_server_connection *sconn)
 130 {
 131         connection_struct *conn;
 132         int i;
 133         int find_offset = 1;
 134
 135         if (sconn->using_smb2) {
 136                 /* SMB2 */
 137                 if (!(conn=talloc_zero(NULL, connection_struct)) ||
 138                     !(conn->params = talloc(conn, struct share_params))) {
 139                         DEBUG(0,("TALLOC_ZERO() failed!\n"));
 140                         TALLOC_FREE(conn);
 141                         return NULL;
 142                 }
 143                 conn->sconn = sconn;
 144                 return conn;
 145         }
 146
 147         /* SMB1 */
 148 find_again:
 149         i = bitmap_find(sconn->smb1.tcons.bmap, find_offset);
 150
 151         if (i == -1) {
 152                 /* Expand the connections bitmap. */
 153                 int             oldsz = sconn->smb1.tcons.bmap->n;
 154                 int             newsz = sconn->smb1.tcons.bmap->n +
 155                                         BITMAP_BLOCK_SZ;
 156                 struct bitmap * nbmap;
 157
 158                 if (newsz <= oldsz) {
 159                         /* Integer wrap. */
 160                         DEBUG(0,("ERROR! Out of connection structures\n"));
 161                         return NULL;
 162                 }
 163
 164                 DEBUG(4,("resizing connections bitmap from %d to %d\n",
 165                         oldsz, newsz));
 166
 167                 nbmap = bitmap_talloc(sconn, newsz);
 168                 if (!nbmap) {
 169                         DEBUG(0,("ERROR! malloc fail.\n"));
 170                         return NULL;
 171                 }
 172
 173                 bitmap_copy(nbmap, sconn->smb1.tcons.bmap);
 174                 TALLOC_FREE(sconn->smb1.tcons.bmap);
 175
 176                 sconn->smb1.tcons.bmap = nbmap;
 177                 find_offset = oldsz; /* Start next search in the new portion. */
 178
 179                 goto find_again;
 180         }
 181
 182         /* The bitmap position is used below as the connection number
 183          * conn->cnum). This ends up as the TID field in the SMB header,
 184          * which is limited to 16 bits (we skip 0xffff which is the
 185          * NULL TID).
 186          */
 187         if (i > 65534) {
 188                 DEBUG(0, ("Maximum connection limit reached\n"));
 189                 return NULL;
 190         }
 191
 192         if (!(conn=talloc_zero(NULL, connection_struct)) ||
 193             !(conn->params = talloc(conn, struct share_params))) {
 194                 DEBUG(0,("TALLOC_ZERO() failed!\n"));
 195                 TALLOC_FREE(conn);
 196                 return NULL;
 197         }
 198         conn->sconn = sconn;
 199         conn->cnum = i;
 200         conn->force_group_gid = (gid_t)-1;
 201
 202         bitmap_set(sconn->smb1.tcons.bmap, i);
 203
 204         sconn->num_tcons_open++;
 205
 206         string_set(&conn->connectpath,"");
 207         string_set(&conn->origpath,"");
 208
 209         DLIST_ADD(sconn->smb1.tcons.Connections, conn);
 210
 211         return conn;
 212 }
 213
 214 /****************************************************************************
 215  Clear a vuid out of the connection's vuid cache
 216 ****************************************************************************/
 217
 218 static void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
 219 {
 220         int i;
 221
 222         for (i=0; i<VUID_CACHE_SIZE; i++) {
 223                 struct vuid_cache_entry *ent;
 224
 225                 ent = &conn->vuid_cache.array[i];
 226
 227                 if (ent->vuid == vuid) {
 228                         ent->vuid = UID_FIELD_INVALID;
 229                         /*
 230                          * We need to keep conn->session_info around
 231                          * if it's equal to ent->session_info as a SMBulogoff
 232                          * is often followed by a SMBtdis (with an invalid
 233                          * vuid). The debug code (or regular code in
 234                          * vfs_full_audit) wants to refer to the
 235                          * conn->session_info pointer to print debug
 236                          * statements. Theoretically this is a bug,
 237                          * as once the vuid is gone the session_info
 238                          * on the conn struct isn't valid any more,
 239                          * but there's enough code that assumes
 240                          * conn->session_info is never null that
 241                          * it's easier to hold onto the old pointer
 242                          * until we get a new sessionsetupX.
 243                          * As everything is hung off the
 244                          * conn pointer as a talloc context we're not
 245                          * leaking memory here. See bug #6315. JRA.
 246                          */
 247                         if (conn->session_info == ent->session_info) {
 248                                 ent->session_info = NULL;
 249                         } else {
 250                                 TALLOC_FREE(ent->session_info);
 251                         }
 252                         ent->read_only = False;
 253                 }
 254         }
 255 }
 256
 257 /****************************************************************************
 258  Clear a vuid out of the validity cache, and as the 'owner' of a connection.
 259
 260  Called from invalidate_vuid()
 261 ****************************************************************************/
 262
 263 void conn_clear_vuid_caches(struct smbd_server_connection *sconn,uint16_t vuid)
 264 {
 265         connection_struct *conn;
 266
 267         if (sconn->using_smb2) {
 268                 /* SMB2 */
 269                 struct smbd_smb2_session *sess;
 270                 for (sess = sconn->smb2.sessions.list; sess; sess = sess->next) {
 271                         struct smbd_smb2_tcon *ptcon;
 272
 273                         for (ptcon = sess->tcons.list; ptcon; ptcon = ptcon->next) {
 274                                 if (ptcon->compat_conn) {
 275                                         if (ptcon->compat_conn->vuid == vuid) {
 276                                                 ptcon->compat_conn->vuid = UID_FIELD_INVALID;
 277                                         }
 278                                         conn_clear_vuid_cache(ptcon->compat_conn, vuid);
 279                                 }
 280                         }
 281                 }
 282         } else {
 283                 /* SMB1 */
 284                 for (conn=sconn->smb1.tcons.Connections;conn;conn=conn->next) {
 285                         if (conn->vuid == vuid) {
 286                                 conn->vuid = UID_FIELD_INVALID;
 287                         }
 288                         conn_clear_vuid_cache(conn, vuid);
 289                 }
 290         }
 291 }
 292
 293 /****************************************************************************
 294  Free a conn structure - internal part.
 295 ****************************************************************************/
 296
 297 static void conn_free_internal(connection_struct *conn)
 298 {
 299         vfs_handle_struct *handle = NULL, *thandle = NULL;
 300         struct trans_state *state = NULL;
 301
 302         /* Free vfs_connection_struct */
 303         handle = conn->vfs_handles;
 304         while(handle) {
 305                 thandle = handle->next;
 306                 DLIST_REMOVE(conn->vfs_handles, handle);
 307                 if (handle->free_data)
 308                         handle->free_data(&handle->data);
 309                 handle = thandle;
 310         }
 311
 312         /* Free any pending transactions stored on this conn. */
 313         for (state = conn->pending_trans; state; state = state->next) {
 314                 /* state->setup is a talloc child of state. */
 315                 SAFE_FREE(state->param);
 316                 SAFE_FREE(state->data);
 317         }
 318
 319         free_namearray(conn->veto_list);
 320         free_namearray(conn->hide_list);
 321         free_namearray(conn->veto_oplock_list);
 322         free_namearray(conn->aio_write_behind_list);
 323
 324         string_free(&conn->connectpath);
 325         string_free(&conn->origpath);
 326
 327         ZERO_STRUCTP(conn);
 328         talloc_destroy(conn);
 329 }
 330
 331 /****************************************************************************
 332  Free a conn structure.
 333 ****************************************************************************/
 334
 335 void conn_free(connection_struct *conn)
 336 {
 337         if (conn->sconn == NULL) {
 338                 conn_free_internal(conn);
 339                 return;
 340         }
 341
 342         if (conn->sconn->using_smb2) {
 343                 /* SMB2 */
 344                 conn_free_internal(conn);
 345                 return;
 346         }
 347
 348         /* SMB1 */
 349         DLIST_REMOVE(conn->sconn->smb1.tcons.Connections, conn);
 350
 351         if (conn->sconn->smb1.tcons.bmap != NULL) {
 352                 /*
 353                  * Can be NULL for fake connections created by
 354                  * create_conn_struct()
 355                  */
 356                 bitmap_clear(conn->sconn->smb1.tcons.bmap, conn->cnum);
 357         }
 358
 359         SMB_ASSERT(conn->sconn->num_tcons_open > 0);
 360         conn->sconn->num_tcons_open--;
 361
 362         conn_free_internal(conn);
 363 }