2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "lib/messages_ctdb.h"
36 #include "smbprofile.h"
37 #include "rpc_server/spoolss/srv_spoolss_nt.h"
38 #include "libsmb/libsmb.h"
39 #include "../lib/util/tevent_ntstatus.h"
40 #include "../libcli/security/dom_sid.h"
41 #include "../libcli/security/security_token.h"
42 #include "lib/id_cache.h"
43 #include "lib/util/sys_rw_data.h"
44 #include "system/threads.h"
45 #include "lib/pthreadpool/pthreadpool_tevent.h"
46 #include "util_event.h"
48 /* Internal message queue for deferred opens. */
49 struct pending_message_list {
50 struct pending_message_list *next, *prev;
51 struct timeval request_time; /* When was this first issued? */
52 struct smbd_server_connection *sconn;
53 struct smbXsrv_connection *xconn;
54 struct tevent_timer *te;
55 struct smb_perfcount_data pcd;
60 struct deferred_open_record *open_rec;
63 static void construct_reply_common(uint8_t cmd, const uint8_t *inbuf,
65 static struct pending_message_list *get_deferred_open_message_smb(
66 struct smbd_server_connection *sconn, uint64_t mid);
67 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf);
69 static void smbd_echo_init(struct smbXsrv_connection *xconn)
71 xconn->smb1.echo_handler.trusted_fd = -1;
72 xconn->smb1.echo_handler.socket_lock_fd = -1;
73 #ifdef HAVE_ROBUST_MUTEXES
74 xconn->smb1.echo_handler.socket_mutex = NULL;
78 static bool smbd_echo_active(struct smbXsrv_connection *xconn)
80 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
84 #ifdef HAVE_ROBUST_MUTEXES
85 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
93 static bool smbd_lock_socket_internal(struct smbXsrv_connection *xconn)
95 if (!smbd_echo_active(xconn)) {
99 xconn->smb1.echo_handler.ref_count++;
101 if (xconn->smb1.echo_handler.ref_count > 1) {
105 DEBUG(10,("pid[%d] wait for socket lock\n", (int)getpid()));
107 #ifdef HAVE_ROBUST_MUTEXES
108 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
111 while (ret == EINTR) {
112 ret = pthread_mutex_lock(
113 xconn->smb1.echo_handler.socket_mutex);
119 DEBUG(1, ("pthread_mutex_lock failed: %s\n",
126 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
131 xconn->smb1.echo_handler.socket_lock_fd,
132 F_SETLKW, 0, 0, F_WRLCK);
133 } while (!ok && (errno == EINTR));
136 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
141 DEBUG(10,("pid[%d] got socket lock\n", (int)getpid()));
146 void smbd_lock_socket(struct smbXsrv_connection *xconn)
148 if (!smbd_lock_socket_internal(xconn)) {
149 exit_server_cleanly("failed to lock socket");
153 static bool smbd_unlock_socket_internal(struct smbXsrv_connection *xconn)
155 if (!smbd_echo_active(xconn)) {
159 xconn->smb1.echo_handler.ref_count--;
161 if (xconn->smb1.echo_handler.ref_count > 0) {
165 #ifdef HAVE_ROBUST_MUTEXES
166 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
168 ret = pthread_mutex_unlock(
169 xconn->smb1.echo_handler.socket_mutex);
171 DEBUG(1, ("pthread_mutex_unlock failed: %s\n",
178 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
183 xconn->smb1.echo_handler.socket_lock_fd,
184 F_SETLKW, 0, 0, F_UNLCK);
185 } while (!ok && (errno == EINTR));
188 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
193 DEBUG(10,("pid[%d] unlocked socket\n", (int)getpid()));
198 void smbd_unlock_socket(struct smbXsrv_connection *xconn)
200 if (!smbd_unlock_socket_internal(xconn)) {
201 exit_server_cleanly("failed to unlock socket");
205 /* Accessor function for smb_read_error for smbd functions. */
207 /****************************************************************************
209 ****************************************************************************/
211 bool srv_send_smb(struct smbXsrv_connection *xconn, char *buffer,
212 bool do_signing, uint32_t seqnum,
214 struct smb_perfcount_data *pcd)
218 char *buf_out = buffer;
220 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
222 * we're not supposed to do any io
227 smbd_lock_socket(xconn);
230 /* Sign the outgoing packet if required. */
231 srv_calculate_sign_mac(xconn, buf_out, seqnum);
235 NTSTATUS status = srv_encrypt_buffer(xconn, buffer, &buf_out);
236 if (!NT_STATUS_IS_OK(status)) {
237 DEBUG(0, ("send_smb: SMB encryption failed "
238 "on outgoing packet! Error %s\n",
239 nt_errstr(status) ));
245 len = smb_len_large(buf_out) + 4;
247 ret = write_data(xconn->transport.sock, buf_out, len);
249 int saved_errno = errno;
251 * Try and give an error message saying what
254 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
255 (int)getpid(), (int)len,
256 smbXsrv_connection_dbg(xconn),
257 (int)ret, strerror(saved_errno)));
260 srv_free_enc_buffer(xconn, buf_out);
264 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
265 srv_free_enc_buffer(xconn, buf_out);
267 SMB_PERFCOUNT_END(pcd);
269 smbd_unlock_socket(xconn);
273 /*******************************************************************
274 Setup the word count and byte count for a smb message.
275 ********************************************************************/
277 size_t srv_set_message(char *buf,
282 if (zero && (num_words || num_bytes)) {
283 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
285 SCVAL(buf,smb_wct,num_words);
286 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
287 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
288 return (smb_size + num_words*2 + num_bytes);
291 static bool valid_smb_header(const uint8_t *inbuf)
293 if (is_encrypted_packet(inbuf)) {
297 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
298 * but it just looks weird to call strncmp for this one.
300 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
303 /* Socket functions for smbd packet processing. */
305 static bool valid_packet_size(size_t len)
308 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
309 * of header. Don't print the error if this fits.... JRA.
312 if (len > (LARGE_WRITEX_BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
313 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
314 (unsigned long)len));
320 static NTSTATUS read_packet_remainder(int fd, char *buffer,
321 unsigned int timeout, ssize_t len)
329 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
330 if (!NT_STATUS_IS_OK(status)) {
331 char addr[INET6_ADDRSTRLEN];
332 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
334 get_peer_addr(fd, addr, sizeof(addr)),
340 /****************************************************************************
341 Attempt a zerocopy writeX read. We know here that len > smb_size-4
342 ****************************************************************************/
345 * Unfortunately, earlier versions of smbclient/libsmbclient
346 * don't send this "standard" writeX header. I've fixed this
347 * for 3.2 but we'll use the old method with earlier versions.
348 * Windows and CIFSFS at least use this standard size. Not
352 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
353 (2*14) + /* word count (including bcc) */ \
356 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
357 const char lenbuf[4],
358 struct smbXsrv_connection *xconn,
361 unsigned int timeout,
365 /* Size of a WRITEX call (+4 byte len). */
366 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
367 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
371 memcpy(writeX_header, lenbuf, 4);
373 status = read_fd_with_timeout(
374 sock, writeX_header + 4,
375 STANDARD_WRITE_AND_X_HEADER_SIZE,
376 STANDARD_WRITE_AND_X_HEADER_SIZE,
379 if (!NT_STATUS_IS_OK(status)) {
380 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
382 smbXsrv_connection_dbg(xconn),
388 * Ok - now try and see if this is a possible
392 if (is_valid_writeX_buffer(xconn, (uint8_t *)writeX_header)) {
394 * If the data offset is beyond what
395 * we've read, drain the extra bytes.
397 uint16_t doff = SVAL(writeX_header,smb_vwv11);
400 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
401 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
402 if (drain_socket(sock, drain) != drain) {
403 smb_panic("receive_smb_raw_talloc_partial_read:"
404 " failed to drain pending bytes");
407 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
410 /* Spoof down the length and null out the bcc. */
411 set_message_bcc(writeX_header, 0);
412 newlen = smb_len(writeX_header);
414 /* Copy the header we've written. */
416 *buffer = (char *)talloc_memdup(mem_ctx,
418 sizeof(writeX_header));
420 if (*buffer == NULL) {
421 DEBUG(0, ("Could not allocate inbuf of length %d\n",
422 (int)sizeof(writeX_header)));
423 return NT_STATUS_NO_MEMORY;
426 /* Work out the remaining bytes. */
427 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
428 *len_ret = newlen + 4;
432 if (!valid_packet_size(len)) {
433 return NT_STATUS_INVALID_PARAMETER;
437 * Not a valid writeX call. Just do the standard
441 *buffer = talloc_array(mem_ctx, char, len+4);
443 if (*buffer == NULL) {
444 DEBUG(0, ("Could not allocate inbuf of length %d\n",
446 return NT_STATUS_NO_MEMORY;
449 /* Copy in what we already read. */
452 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
453 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
456 status = read_packet_remainder(
458 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
461 if (!NT_STATUS_IS_OK(status)) {
462 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
472 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
473 struct smbXsrv_connection *xconn,
475 char **buffer, unsigned int timeout,
476 size_t *p_unread, size_t *plen)
480 int min_recv_size = lp_min_receive_file_size();
485 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
487 if (!NT_STATUS_IS_OK(status)) {
491 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
492 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
493 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
494 !srv_is_signing_active(xconn) &&
495 xconn->smb1.echo_handler.trusted_fde == NULL) {
497 return receive_smb_raw_talloc_partial_read(
498 mem_ctx, lenbuf, xconn, sock, buffer, timeout,
502 if (!valid_packet_size(len)) {
503 return NT_STATUS_INVALID_PARAMETER;
507 * The +4 here can't wrap, we've checked the length above already.
510 *buffer = talloc_array(mem_ctx, char, len+4);
512 if (*buffer == NULL) {
513 DEBUG(0, ("Could not allocate inbuf of length %d\n",
515 return NT_STATUS_NO_MEMORY;
518 memcpy(*buffer, lenbuf, sizeof(lenbuf));
520 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
521 if (!NT_STATUS_IS_OK(status)) {
529 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
530 struct smbXsrv_connection *xconn,
532 char **buffer, unsigned int timeout,
533 size_t *p_unread, bool *p_encrypted,
536 bool trusted_channel)
541 *p_encrypted = false;
543 status = receive_smb_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
545 if (!NT_STATUS_IS_OK(status)) {
546 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
547 ("receive_smb_raw_talloc failed for client %s "
548 "read error = %s.\n",
549 smbXsrv_connection_dbg(xconn),
550 nt_errstr(status)) );
554 if (is_encrypted_packet((uint8_t *)*buffer)) {
555 status = srv_decrypt_buffer(xconn, *buffer);
556 if (!NT_STATUS_IS_OK(status)) {
557 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
558 "incoming packet! Error %s\n",
559 nt_errstr(status) ));
565 /* Check the incoming SMB signature. */
566 if (!srv_check_sign_mac(xconn, *buffer, seqnum, trusted_channel)) {
567 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
568 "incoming packet!\n"));
569 return NT_STATUS_INVALID_NETWORK_RESPONSE;
577 * Initialize a struct smb_request from an inbuf
580 static bool init_smb_request(struct smb_request *req,
581 struct smbd_server_connection *sconn,
582 struct smbXsrv_connection *xconn,
583 const uint8_t *inbuf,
584 size_t unread_bytes, bool encrypted,
587 struct smbXsrv_tcon *tcon;
590 size_t req_size = smb_len(inbuf) + 4;
592 /* Ensure we have at least smb_size bytes. */
593 if (req_size < smb_size) {
594 DEBUG(0,("init_smb_request: invalid request size %u\n",
595 (unsigned int)req_size ));
599 req->request_time = timeval_current();
600 now = timeval_to_nttime(&req->request_time);
602 req->cmd = CVAL(inbuf, smb_com);
603 req->flags2 = SVAL(inbuf, smb_flg2);
604 req->smbpid = SVAL(inbuf, smb_pid);
605 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
606 req->seqnum = seqnum;
607 req->vuid = SVAL(inbuf, smb_uid);
608 req->tid = SVAL(inbuf, smb_tid);
609 req->wct = CVAL(inbuf, smb_wct);
610 req->vwv = (const uint16_t *)(inbuf+smb_vwv);
611 req->buflen = smb_buflen(inbuf);
612 req->buf = (const uint8_t *)smb_buf_const(inbuf);
613 req->unread_bytes = unread_bytes;
614 req->encrypted = encrypted;
619 status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
620 if (NT_STATUS_IS_OK(status)) {
621 req->conn = tcon->compat;
624 req->chain_fsp = NULL;
626 req->priv_paths = NULL;
628 req->posix_pathnames = lp_posix_pathnames();
629 smb_init_perfcount_data(&req->pcd);
631 /* Ensure we have at least wct words and 2 bytes of bcc. */
632 if (smb_size + req->wct*2 > req_size) {
633 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
634 (unsigned int)req->wct,
635 (unsigned int)req_size));
638 /* Ensure bcc is correct. */
639 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
640 DEBUG(0,("init_smb_request: invalid bcc number %u "
641 "(wct = %u, size %u)\n",
642 (unsigned int)req->buflen,
643 (unsigned int)req->wct,
644 (unsigned int)req_size));
652 static void process_smb(struct smbXsrv_connection *xconn,
653 uint8_t *inbuf, size_t nread, size_t unread_bytes,
654 uint32_t seqnum, bool encrypted,
655 struct smb_perfcount_data *deferred_pcd);
657 static void smbd_deferred_open_timer(struct tevent_context *ev,
658 struct tevent_timer *te,
659 struct timeval _tval,
662 struct pending_message_list *msg = talloc_get_type(private_data,
663 struct pending_message_list);
664 struct smbd_server_connection *sconn = msg->sconn;
665 struct smbXsrv_connection *xconn = msg->xconn;
666 TALLOC_CTX *mem_ctx = talloc_tos();
667 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
670 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
673 exit_server("smbd_deferred_open_timer: talloc failed\n");
677 /* We leave this message on the queue so the open code can
678 know this is a retry. */
679 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
680 (unsigned long long)mid ));
682 /* Mark the message as processed so this is not
683 * re-processed in error. */
684 msg->processed = true;
686 process_smb(xconn, inbuf,
688 msg->seqnum, msg->encrypted, &msg->pcd);
690 /* If it's still there and was processed, remove it. */
691 msg = get_deferred_open_message_smb(sconn, mid);
692 if (msg && msg->processed) {
693 remove_deferred_open_message_smb(xconn, mid);
697 /****************************************************************************
698 Function to push a message onto the tail of a linked list of smb messages ready
700 ****************************************************************************/
702 static bool push_queued_message(struct smb_request *req,
703 struct timeval request_time,
704 struct timeval end_time,
705 struct deferred_open_record *open_rec)
707 int msg_len = smb_len(req->inbuf) + 4;
708 struct pending_message_list *msg;
710 msg = talloc_zero(NULL, struct pending_message_list);
713 DEBUG(0,("push_message: malloc fail (1)\n"));
716 msg->sconn = req->sconn;
717 msg->xconn = req->xconn;
719 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
720 if(msg->buf.data == NULL) {
721 DEBUG(0,("push_message: malloc fail (2)\n"));
726 msg->request_time = request_time;
727 msg->seqnum = req->seqnum;
728 msg->encrypted = req->encrypted;
729 msg->processed = false;
730 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
733 msg->open_rec = talloc_move(msg, &open_rec);
737 msg->te = tevent_add_timer(msg->sconn->ev_ctx,
740 smbd_deferred_open_timer,
743 DEBUG(0,("push_message: event_add_timed failed\n"));
749 DLIST_ADD_END(req->sconn->deferred_open_queue, msg);
751 DEBUG(10,("push_message: pushed message length %u on "
752 "deferred_open_queue\n", (unsigned int)msg_len));
757 /****************************************************************************
758 Function to delete a sharing violation open message by mid.
759 ****************************************************************************/
761 void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
764 struct smbd_server_connection *sconn = xconn->client->sconn;
765 struct pending_message_list *pml;
767 if (sconn->using_smb2) {
768 remove_deferred_open_message_smb2(xconn, mid);
772 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
773 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
774 DEBUG(10,("remove_deferred_open_message_smb: "
775 "deleting mid %llu len %u\n",
776 (unsigned long long)mid,
777 (unsigned int)pml->buf.length ));
778 DLIST_REMOVE(sconn->deferred_open_queue, pml);
785 /****************************************************************************
786 Move a sharing violation open retry message to the front of the list and
787 schedule it for immediate processing.
788 ****************************************************************************/
790 bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
793 struct smbd_server_connection *sconn = xconn->client->sconn;
794 struct pending_message_list *pml;
797 if (sconn->using_smb2) {
798 return schedule_deferred_open_message_smb2(xconn, mid);
801 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
802 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
804 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
807 (unsigned long long)msg_mid ));
809 if (mid == msg_mid) {
810 struct tevent_timer *te;
812 if (pml->processed) {
813 /* A processed message should not be
815 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
816 "message mid %llu was already processed\n",
817 (unsigned long long)msg_mid ));
821 DEBUG(10,("schedule_deferred_open_message_smb: "
822 "scheduling mid %llu\n",
823 (unsigned long long)mid ));
826 * smbd_deferred_open_timer() calls
827 * process_smb() to redispatch the request
828 * including the required impersonation.
830 * So we can just use the raw tevent_context.
832 te = tevent_add_timer(xconn->client->raw_ev_ctx,
835 smbd_deferred_open_timer,
838 DEBUG(10,("schedule_deferred_open_message_smb: "
839 "event_add_timed() failed, "
840 "skipping mid %llu\n",
841 (unsigned long long)msg_mid ));
844 TALLOC_FREE(pml->te);
846 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
851 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
852 "find message mid %llu\n",
853 (unsigned long long)mid ));
858 /****************************************************************************
859 Return true if this mid is on the deferred queue and was not yet processed.
860 ****************************************************************************/
862 bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
864 struct smbd_server_connection *sconn = xconn->client->sconn;
865 struct pending_message_list *pml;
867 if (sconn->using_smb2) {
868 return open_was_deferred_smb2(xconn, mid);
871 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
872 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
879 /****************************************************************************
880 Return the message queued by this mid.
881 ****************************************************************************/
883 static struct pending_message_list *get_deferred_open_message_smb(
884 struct smbd_server_connection *sconn, uint64_t mid)
886 struct pending_message_list *pml;
888 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
889 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
896 /****************************************************************************
897 Get the state data queued by this mid.
898 ****************************************************************************/
900 bool get_deferred_open_message_state(struct smb_request *smbreq,
901 struct timeval *p_request_time,
902 struct deferred_open_record **open_rec)
904 struct pending_message_list *pml;
906 if (smbreq->sconn->using_smb2) {
907 return get_deferred_open_message_state_smb2(smbreq->smb2req,
912 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
916 if (p_request_time) {
917 *p_request_time = pml->request_time;
919 if (open_rec != NULL) {
920 *open_rec = pml->open_rec;
925 /****************************************************************************
926 Function to push a deferred open smb message onto a linked list of local smb
927 messages ready for processing.
928 ****************************************************************************/
930 bool push_deferred_open_message_smb(struct smb_request *req,
931 struct timeval request_time,
932 struct timeval timeout,
934 struct deferred_open_record *open_rec)
936 struct timeval end_time;
939 return push_deferred_open_message_smb2(req->smb2req,
946 if (req->unread_bytes) {
947 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
948 "unread_bytes = %u\n",
949 (unsigned int)req->unread_bytes ));
950 smb_panic("push_deferred_open_message_smb: "
951 "logic error unread_bytes != 0" );
954 end_time = timeval_sum(&request_time, &timeout);
956 DEBUG(10,("push_deferred_open_message_smb: pushing message "
957 "len %u mid %llu timeout time [%u.%06u]\n",
958 (unsigned int) smb_len(req->inbuf)+4,
959 (unsigned long long)req->mid,
960 (unsigned int)end_time.tv_sec,
961 (unsigned int)end_time.tv_usec));
963 return push_queued_message(req, request_time, end_time, open_rec);
966 static void smbd_sig_term_handler(struct tevent_context *ev,
967 struct tevent_signal *se,
973 exit_server_cleanly("termination signal");
976 static void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
978 struct tevent_signal *se;
980 se = tevent_add_signal(sconn->root_ev_ctx,
983 smbd_sig_term_handler,
986 exit_server("failed to setup SIGTERM handler");
990 static void smbd_sig_hup_handler(struct tevent_context *ev,
991 struct tevent_signal *se,
997 struct smbd_server_connection *sconn =
998 talloc_get_type_abort(private_data,
999 struct smbd_server_connection);
1001 change_to_root_user();
1002 DEBUG(1,("Reloading services after SIGHUP\n"));
1003 reload_services(sconn, conn_snum_used, false);
1006 static void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
1008 struct tevent_signal *se;
1010 se = tevent_add_signal(sconn->root_ev_ctx,
1013 smbd_sig_hup_handler,
1016 exit_server("failed to setup SIGHUP handler");
1020 static void smbd_conf_updated(struct messaging_context *msg,
1023 struct server_id server_id,
1026 struct smbd_server_connection *sconn =
1027 talloc_get_type_abort(private_data,
1028 struct smbd_server_connection);
1030 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
1031 "updated. Reloading.\n"));
1032 change_to_root_user();
1033 reload_services(sconn, conn_snum_used, false);
1037 * Only allow 5 outstanding trans requests. We're allocating memory, so
1041 NTSTATUS allow_new_trans(struct trans_state *list, uint64_t mid)
1044 for (; list != NULL; list = list->next) {
1046 if (list->mid == mid) {
1047 return NT_STATUS_INVALID_PARAMETER;
1053 return NT_STATUS_INSUFFICIENT_RESOURCES;
1056 return NT_STATUS_OK;
1060 These flags determine some of the permissions required to do an operation
1062 Note that I don't set NEED_WRITE on some write operations because they
1063 are used by some brain-dead clients when printing, and I don't want to
1064 force write permissions on print services.
1066 #define AS_USER (1<<0)
1067 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
1068 #define TIME_INIT (1<<2)
1069 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
1070 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
1071 #define DO_CHDIR (1<<6)
1074 define a list of possible SMB messages and their corresponding
1075 functions. Any message that has a NULL function is unimplemented -
1076 please feel free to contribute implementations!
1078 static const struct smb_message_struct {
1080 void (*fn)(struct smb_request *req);
1082 } smb_messages[256] = {
1084 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1085 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1086 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1087 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1088 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1089 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1090 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1091 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1092 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1093 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1094 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1095 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1096 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1097 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1098 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1099 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1100 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1101 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1102 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1103 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1104 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1105 /* 0x15 */ { NULL, NULL, 0 },
1106 /* 0x16 */ { NULL, NULL, 0 },
1107 /* 0x17 */ { NULL, NULL, 0 },
1108 /* 0x18 */ { NULL, NULL, 0 },
1109 /* 0x19 */ { NULL, NULL, 0 },
1110 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1111 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1112 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1113 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1114 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1115 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1116 /* 0x20 */ { "SMBwritec", NULL,0},
1117 /* 0x21 */ { NULL, NULL, 0 },
1118 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1119 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1120 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1121 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1122 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1123 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1124 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1125 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1126 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1127 /* 0x2b */ { "SMBecho",reply_echo,0},
1128 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1129 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1130 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1131 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1132 /* 0x30 */ { NULL, NULL, 0 },
1133 /* 0x31 */ { NULL, NULL, 0 },
1134 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1135 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
1136 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1137 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1138 /* 0x36 */ { NULL, NULL, 0 },
1139 /* 0x37 */ { NULL, NULL, 0 },
1140 /* 0x38 */ { NULL, NULL, 0 },
1141 /* 0x39 */ { NULL, NULL, 0 },
1142 /* 0x3a */ { NULL, NULL, 0 },
1143 /* 0x3b */ { NULL, NULL, 0 },
1144 /* 0x3c */ { NULL, NULL, 0 },
1145 /* 0x3d */ { NULL, NULL, 0 },
1146 /* 0x3e */ { NULL, NULL, 0 },
1147 /* 0x3f */ { NULL, NULL, 0 },
1148 /* 0x40 */ { NULL, NULL, 0 },
1149 /* 0x41 */ { NULL, NULL, 0 },
1150 /* 0x42 */ { NULL, NULL, 0 },
1151 /* 0x43 */ { NULL, NULL, 0 },
1152 /* 0x44 */ { NULL, NULL, 0 },
1153 /* 0x45 */ { NULL, NULL, 0 },
1154 /* 0x46 */ { NULL, NULL, 0 },
1155 /* 0x47 */ { NULL, NULL, 0 },
1156 /* 0x48 */ { NULL, NULL, 0 },
1157 /* 0x49 */ { NULL, NULL, 0 },
1158 /* 0x4a */ { NULL, NULL, 0 },
1159 /* 0x4b */ { NULL, NULL, 0 },
1160 /* 0x4c */ { NULL, NULL, 0 },
1161 /* 0x4d */ { NULL, NULL, 0 },
1162 /* 0x4e */ { NULL, NULL, 0 },
1163 /* 0x4f */ { NULL, NULL, 0 },
1164 /* 0x50 */ { NULL, NULL, 0 },
1165 /* 0x51 */ { NULL, NULL, 0 },
1166 /* 0x52 */ { NULL, NULL, 0 },
1167 /* 0x53 */ { NULL, NULL, 0 },
1168 /* 0x54 */ { NULL, NULL, 0 },
1169 /* 0x55 */ { NULL, NULL, 0 },
1170 /* 0x56 */ { NULL, NULL, 0 },
1171 /* 0x57 */ { NULL, NULL, 0 },
1172 /* 0x58 */ { NULL, NULL, 0 },
1173 /* 0x59 */ { NULL, NULL, 0 },
1174 /* 0x5a */ { NULL, NULL, 0 },
1175 /* 0x5b */ { NULL, NULL, 0 },
1176 /* 0x5c */ { NULL, NULL, 0 },
1177 /* 0x5d */ { NULL, NULL, 0 },
1178 /* 0x5e */ { NULL, NULL, 0 },
1179 /* 0x5f */ { NULL, NULL, 0 },
1180 /* 0x60 */ { NULL, NULL, 0 },
1181 /* 0x61 */ { NULL, NULL, 0 },
1182 /* 0x62 */ { NULL, NULL, 0 },
1183 /* 0x63 */ { NULL, NULL, 0 },
1184 /* 0x64 */ { NULL, NULL, 0 },
1185 /* 0x65 */ { NULL, NULL, 0 },
1186 /* 0x66 */ { NULL, NULL, 0 },
1187 /* 0x67 */ { NULL, NULL, 0 },
1188 /* 0x68 */ { NULL, NULL, 0 },
1189 /* 0x69 */ { NULL, NULL, 0 },
1190 /* 0x6a */ { NULL, NULL, 0 },
1191 /* 0x6b */ { NULL, NULL, 0 },
1192 /* 0x6c */ { NULL, NULL, 0 },
1193 /* 0x6d */ { NULL, NULL, 0 },
1194 /* 0x6e */ { NULL, NULL, 0 },
1195 /* 0x6f */ { NULL, NULL, 0 },
1196 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1197 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1198 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1199 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1200 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1201 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1202 /* 0x76 */ { NULL, NULL, 0 },
1203 /* 0x77 */ { NULL, NULL, 0 },
1204 /* 0x78 */ { NULL, NULL, 0 },
1205 /* 0x79 */ { NULL, NULL, 0 },
1206 /* 0x7a */ { NULL, NULL, 0 },
1207 /* 0x7b */ { NULL, NULL, 0 },
1208 /* 0x7c */ { NULL, NULL, 0 },
1209 /* 0x7d */ { NULL, NULL, 0 },
1210 /* 0x7e */ { NULL, NULL, 0 },
1211 /* 0x7f */ { NULL, NULL, 0 },
1212 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1213 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1214 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1215 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1216 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1217 /* 0x85 */ { NULL, NULL, 0 },
1218 /* 0x86 */ { NULL, NULL, 0 },
1219 /* 0x87 */ { NULL, NULL, 0 },
1220 /* 0x88 */ { NULL, NULL, 0 },
1221 /* 0x89 */ { NULL, NULL, 0 },
1222 /* 0x8a */ { NULL, NULL, 0 },
1223 /* 0x8b */ { NULL, NULL, 0 },
1224 /* 0x8c */ { NULL, NULL, 0 },
1225 /* 0x8d */ { NULL, NULL, 0 },
1226 /* 0x8e */ { NULL, NULL, 0 },
1227 /* 0x8f */ { NULL, NULL, 0 },
1228 /* 0x90 */ { NULL, NULL, 0 },
1229 /* 0x91 */ { NULL, NULL, 0 },
1230 /* 0x92 */ { NULL, NULL, 0 },
1231 /* 0x93 */ { NULL, NULL, 0 },
1232 /* 0x94 */ { NULL, NULL, 0 },
1233 /* 0x95 */ { NULL, NULL, 0 },
1234 /* 0x96 */ { NULL, NULL, 0 },
1235 /* 0x97 */ { NULL, NULL, 0 },
1236 /* 0x98 */ { NULL, NULL, 0 },
1237 /* 0x99 */ { NULL, NULL, 0 },
1238 /* 0x9a */ { NULL, NULL, 0 },
1239 /* 0x9b */ { NULL, NULL, 0 },
1240 /* 0x9c */ { NULL, NULL, 0 },
1241 /* 0x9d */ { NULL, NULL, 0 },
1242 /* 0x9e */ { NULL, NULL, 0 },
1243 /* 0x9f */ { NULL, NULL, 0 },
1244 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1245 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1246 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1247 /* 0xa3 */ { NULL, NULL, 0 },
1248 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1249 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1250 /* 0xa6 */ { NULL, NULL, 0 },
1251 /* 0xa7 */ { NULL, NULL, 0 },
1252 /* 0xa8 */ { NULL, NULL, 0 },
1253 /* 0xa9 */ { NULL, NULL, 0 },
1254 /* 0xaa */ { NULL, NULL, 0 },
1255 /* 0xab */ { NULL, NULL, 0 },
1256 /* 0xac */ { NULL, NULL, 0 },
1257 /* 0xad */ { NULL, NULL, 0 },
1258 /* 0xae */ { NULL, NULL, 0 },
1259 /* 0xaf */ { NULL, NULL, 0 },
1260 /* 0xb0 */ { NULL, NULL, 0 },
1261 /* 0xb1 */ { NULL, NULL, 0 },
1262 /* 0xb2 */ { NULL, NULL, 0 },
1263 /* 0xb3 */ { NULL, NULL, 0 },
1264 /* 0xb4 */ { NULL, NULL, 0 },
1265 /* 0xb5 */ { NULL, NULL, 0 },
1266 /* 0xb6 */ { NULL, NULL, 0 },
1267 /* 0xb7 */ { NULL, NULL, 0 },
1268 /* 0xb8 */ { NULL, NULL, 0 },
1269 /* 0xb9 */ { NULL, NULL, 0 },
1270 /* 0xba */ { NULL, NULL, 0 },
1271 /* 0xbb */ { NULL, NULL, 0 },
1272 /* 0xbc */ { NULL, NULL, 0 },
1273 /* 0xbd */ { NULL, NULL, 0 },
1274 /* 0xbe */ { NULL, NULL, 0 },
1275 /* 0xbf */ { NULL, NULL, 0 },
1276 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1277 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1278 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1279 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1280 /* 0xc4 */ { NULL, NULL, 0 },
1281 /* 0xc5 */ { NULL, NULL, 0 },
1282 /* 0xc6 */ { NULL, NULL, 0 },
1283 /* 0xc7 */ { NULL, NULL, 0 },
1284 /* 0xc8 */ { NULL, NULL, 0 },
1285 /* 0xc9 */ { NULL, NULL, 0 },
1286 /* 0xca */ { NULL, NULL, 0 },
1287 /* 0xcb */ { NULL, NULL, 0 },
1288 /* 0xcc */ { NULL, NULL, 0 },
1289 /* 0xcd */ { NULL, NULL, 0 },
1290 /* 0xce */ { NULL, NULL, 0 },
1291 /* 0xcf */ { NULL, NULL, 0 },
1292 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1293 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1294 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1295 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1296 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1297 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1298 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1299 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1300 /* 0xd8 */ { NULL, NULL, 0 },
1301 /* 0xd9 */ { NULL, NULL, 0 },
1302 /* 0xda */ { NULL, NULL, 0 },
1303 /* 0xdb */ { NULL, NULL, 0 },
1304 /* 0xdc */ { NULL, NULL, 0 },
1305 /* 0xdd */ { NULL, NULL, 0 },
1306 /* 0xde */ { NULL, NULL, 0 },
1307 /* 0xdf */ { NULL, NULL, 0 },
1308 /* 0xe0 */ { NULL, NULL, 0 },
1309 /* 0xe1 */ { NULL, NULL, 0 },
1310 /* 0xe2 */ { NULL, NULL, 0 },
1311 /* 0xe3 */ { NULL, NULL, 0 },
1312 /* 0xe4 */ { NULL, NULL, 0 },
1313 /* 0xe5 */ { NULL, NULL, 0 },
1314 /* 0xe6 */ { NULL, NULL, 0 },
1315 /* 0xe7 */ { NULL, NULL, 0 },
1316 /* 0xe8 */ { NULL, NULL, 0 },
1317 /* 0xe9 */ { NULL, NULL, 0 },
1318 /* 0xea */ { NULL, NULL, 0 },
1319 /* 0xeb */ { NULL, NULL, 0 },
1320 /* 0xec */ { NULL, NULL, 0 },
1321 /* 0xed */ { NULL, NULL, 0 },
1322 /* 0xee */ { NULL, NULL, 0 },
1323 /* 0xef */ { NULL, NULL, 0 },
1324 /* 0xf0 */ { NULL, NULL, 0 },
1325 /* 0xf1 */ { NULL, NULL, 0 },
1326 /* 0xf2 */ { NULL, NULL, 0 },
1327 /* 0xf3 */ { NULL, NULL, 0 },
1328 /* 0xf4 */ { NULL, NULL, 0 },
1329 /* 0xf5 */ { NULL, NULL, 0 },
1330 /* 0xf6 */ { NULL, NULL, 0 },
1331 /* 0xf7 */ { NULL, NULL, 0 },
1332 /* 0xf8 */ { NULL, NULL, 0 },
1333 /* 0xf9 */ { NULL, NULL, 0 },
1334 /* 0xfa */ { NULL, NULL, 0 },
1335 /* 0xfb */ { NULL, NULL, 0 },
1336 /* 0xfc */ { NULL, NULL, 0 },
1337 /* 0xfd */ { NULL, NULL, 0 },
1338 /* 0xfe */ { NULL, NULL, 0 },
1339 /* 0xff */ { NULL, NULL, 0 }
1343 /*******************************************************************
1344 allocate and initialize a reply packet
1345 ********************************************************************/
1347 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1348 const uint8_t *inbuf, char **outbuf,
1349 uint8_t num_words, uint32_t num_bytes)
1351 size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
1354 * Protect against integer wrap.
1355 * The SMB layer reply can be up to 0xFFFFFF bytes.
1357 if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
1359 if (asprintf(&msg, "num_bytes too large: %u",
1360 (unsigned)num_bytes) == -1) {
1361 msg = discard_const_p(char, "num_bytes too large");
1367 * Here we include the NBT header for now.
1369 *outbuf = talloc_array(mem_ctx, char,
1370 NBT_HDR_SIZE + smb_len);
1371 if (*outbuf == NULL) {
1375 construct_reply_common(req->cmd, inbuf, *outbuf);
1376 srv_set_message(*outbuf, num_words, num_bytes, false);
1378 * Zero out the word area, the caller has to take care of the bcc area
1381 if (num_words != 0) {
1382 memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
1388 void reply_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
1391 if (!create_outbuf(req, req, req->inbuf, &outbuf, num_words,
1393 smb_panic("could not allocate output buffer\n");
1395 req->outbuf = (uint8_t *)outbuf;
1399 /*******************************************************************
1400 Dump a packet to a file.
1401 ********************************************************************/
1403 static void smb_dump(const char *name, int type, const char *data)
1408 if (DEBUGLEVEL < 50) {
1412 len = smb_len_tcp(data)+4;
1413 for (i=1;i<100;i++) {
1414 fname = talloc_asprintf(talloc_tos(),
1418 type ? "req" : "resp");
1419 if (fname == NULL) {
1422 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1423 if (fd != -1 || errno != EEXIST) break;
1427 ssize_t ret = write(fd, data, len);
1429 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1431 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1436 static void smb1srv_update_crypto_flags(struct smbXsrv_session *session,
1437 struct smb_request *req,
1439 bool *update_session_globalp,
1440 bool *update_tcon_globalp)
1442 connection_struct *conn = req->conn;
1443 struct smbXsrv_tcon *tcon = conn ? conn->tcon : NULL;
1444 uint8_t encrypt_flag = SMBXSRV_PROCESSED_UNENCRYPTED_PACKET;
1445 uint8_t sign_flag = SMBXSRV_PROCESSED_UNSIGNED_PACKET;
1446 bool update_session = false;
1447 bool update_tcon = false;
1449 if (req->encrypted) {
1450 encrypt_flag = SMBXSRV_PROCESSED_ENCRYPTED_PACKET;
1453 if (srv_is_signing_active(req->xconn)) {
1454 sign_flag = SMBXSRV_PROCESSED_SIGNED_PACKET;
1455 } else if ((type == SMBecho) || (type == SMBsesssetupX)) {
1457 * echo can be unsigned. Sesssion setup except final
1458 * session setup response too
1460 sign_flag &= ~SMBXSRV_PROCESSED_UNSIGNED_PACKET;
1463 update_session |= smbXsrv_set_crypto_flag(
1464 &session->global->encryption_flags, encrypt_flag);
1465 update_session |= smbXsrv_set_crypto_flag(
1466 &session->global->signing_flags, sign_flag);
1469 update_tcon |= smbXsrv_set_crypto_flag(
1470 &tcon->global->encryption_flags, encrypt_flag);
1471 update_tcon |= smbXsrv_set_crypto_flag(
1472 &tcon->global->signing_flags, sign_flag);
1475 if (update_session) {
1476 session->global->channels[0].encryption_cipher = SMB_ENCRYPTION_GSSAPI;
1479 *update_session_globalp = update_session;
1480 *update_tcon_globalp = update_tcon;
1484 /****************************************************************************
1485 Prepare everything for calling the actual request function, and potentially
1486 call the request function via the "new" interface.
1488 Return False if the "legacy" function needs to be called, everything is
1491 Return True if we're done.
1493 I know this API sucks, but it is the one with the least code change I could
1495 ****************************************************************************/
1497 static connection_struct *switch_message(uint8_t type, struct smb_request *req)
1500 uint64_t session_tag;
1501 connection_struct *conn = NULL;
1502 struct smbXsrv_connection *xconn = req->xconn;
1503 NTTIME now = timeval_to_nttime(&req->request_time);
1504 struct smbXsrv_session *session = NULL;
1511 if (!xconn->smb1.negprot.done) {
1514 * Without a negprot the request must
1515 * either be a negprot, or one of the
1516 * evil old SMB mailslot messaging types.
1524 exit_server_cleanly("The first request "
1525 "should be a negprot");
1529 if (smb_messages[type].fn == NULL) {
1530 DEBUG(0,("Unknown message type %d!\n",type));
1531 smb_dump("Unknown", 1, (const char *)req->inbuf);
1532 reply_unknown_new(req, type);
1536 flags = smb_messages[type].flags;
1538 /* In share mode security we must ignore the vuid. */
1539 session_tag = req->vuid;
1542 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1543 (int)getpid(), (unsigned long)conn));
1545 smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf);
1547 /* Ensure this value is replaced in the incoming packet. */
1548 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
1551 * Ensure the correct username is in current_user_info. This is a
1552 * really ugly bugfix for problems with multiple session_setup_and_X's
1553 * being done and allowing %U and %G substitutions to work correctly.
1554 * There is a reason this code is done here, don't move it unless you
1555 * know what you're doing... :-).
1560 * lookup an existing session
1562 * Note: for now we only check for NT_STATUS_NETWORK_SESSION_EXPIRED
1563 * here, the main check is still in change_to_user()
1565 status = smb1srv_session_lookup(xconn,
1569 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
1572 status = NT_STATUS_OK;
1575 DEBUG(1,("Error: session %llu is expired, mid=%llu.\n",
1576 (unsigned long long)session_tag,
1577 (unsigned long long)req->mid));
1578 reply_nterror(req, NT_STATUS_NETWORK_SESSION_EXPIRED);
1583 if (session != NULL && !(flags & AS_USER)) {
1584 struct user_struct *vuser = session->compat;
1587 * change_to_user() implies set_current_user_info()
1588 * and chdir_connect_service().
1590 * So we only call set_current_user_info if
1591 * we don't have AS_USER specified.
1594 set_current_user_info(
1595 vuser->session_info->unix_info->sanitized_username,
1596 vuser->session_info->unix_info->unix_name,
1597 vuser->session_info->info->domain_name);
1601 /* Does this call need to be run as the connected user? */
1602 if (flags & AS_USER) {
1604 /* Does this call need a valid tree connection? */
1607 * Amazingly, the error code depends on the command
1610 if (type == SMBntcreateX) {
1611 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1613 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1618 set_current_case_sensitive(conn, SVAL(req->inbuf,smb_flg));
1621 * change_to_user() implies set_current_user_info()
1622 * and chdir_connect_service().
1624 if (!change_to_user(conn,session_tag)) {
1625 DEBUG(0, ("Error: Could not change to user. Removing "
1626 "deferred open, mid=%llu.\n",
1627 (unsigned long long)req->mid));
1628 reply_force_doserror(req, ERRSRV, ERRbaduid);
1632 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1634 /* Does it need write permission? */
1635 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1636 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1640 /* IPC services are limited */
1641 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1642 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1646 req->ev_ctx = conn->user_ev_ctx;
1647 } else if (flags & AS_GUEST) {
1649 * Does this protocol need to be run as guest? (Only archane
1650 * messenger service requests have this...)
1652 if (!change_to_guest()) {
1653 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1657 req->ev_ctx = req->sconn->guest_ev_ctx;
1659 /* This call needs to be run as root */
1660 change_to_root_user();
1662 req->ev_ctx = req->sconn->root_ev_ctx;
1665 /* load service specific parameters */
1667 if (req->encrypted) {
1668 conn->encrypted_tid = true;
1669 /* encrypted required from now on. */
1670 conn->encrypt_level = SMB_SIGNING_REQUIRED;
1671 } else if (ENCRYPTION_REQUIRED(conn)) {
1672 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1673 DEBUG(1,("service[%s] requires encryption"
1674 "%s ACCESS_DENIED. mid=%llu\n",
1675 lp_servicename(talloc_tos(), SNUM(conn)),
1677 (unsigned long long)req->mid));
1678 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1683 if (flags & DO_CHDIR) {
1686 ok = chdir_current_service(conn);
1688 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1692 conn->num_smb_operations++;
1696 * Update encryption and signing state tracking flags that are
1697 * used by smbstatus to display signing and encryption status.
1699 if (session != NULL) {
1700 bool update_session_global = false;
1701 bool update_tcon_global = false;
1703 smb1srv_update_crypto_flags(session, req, type,
1704 &update_session_global,
1705 &update_tcon_global);
1707 if (update_session_global) {
1708 status = smbXsrv_session_update(session);
1709 if (!NT_STATUS_IS_OK(status)) {
1710 reply_nterror(req, NT_STATUS_UNSUCCESSFUL);
1715 if (update_tcon_global) {
1716 status = smbXsrv_tcon_update(req->conn->tcon);
1717 if (!NT_STATUS_IS_OK(status)) {
1718 reply_nterror(req, NT_STATUS_UNSUCCESSFUL);
1724 smb_messages[type].fn(req);
1728 /****************************************************************************
1729 Construct a reply to the incoming packet.
1730 ****************************************************************************/
1732 static void construct_reply(struct smbXsrv_connection *xconn,
1733 char *inbuf, int size, size_t unread_bytes,
1734 uint32_t seqnum, bool encrypted,
1735 struct smb_perfcount_data *deferred_pcd)
1737 struct smbd_server_connection *sconn = xconn->client->sconn;
1738 struct smb_request *req;
1740 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1741 smb_panic("could not allocate smb_request");
1744 if (!init_smb_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
1745 encrypted, seqnum)) {
1746 exit_server_cleanly("Invalid SMB request");
1749 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1751 /* we popped this message off the queue - keep original perf data */
1753 req->pcd = *deferred_pcd;
1755 SMB_PERFCOUNT_START(&req->pcd);
1756 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1757 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1760 req->conn = switch_message(req->cmd, req);
1762 if (req->outbuf == NULL) {
1764 * Request has suspended itself, will come
1769 if (CVAL(req->outbuf,0) == 0) {
1770 show_msg((char *)req->outbuf);
1772 smb_request_done(req);
1775 static void construct_reply_chain(struct smbXsrv_connection *xconn,
1776 char *inbuf, int size, uint32_t seqnum,
1778 struct smb_perfcount_data *deferred_pcd)
1780 struct smb_request **reqs = NULL;
1781 struct smb_request *req;
1785 ok = smb1_parse_chain(xconn, (uint8_t *)inbuf, xconn, encrypted,
1786 seqnum, &reqs, &num_reqs);
1788 char errbuf[smb_size];
1789 error_packet(errbuf, 0, 0, NT_STATUS_INVALID_PARAMETER,
1790 __LINE__, __FILE__);
1791 if (!srv_send_smb(xconn, errbuf, true, seqnum, encrypted,
1793 exit_server_cleanly("construct_reply_chain: "
1794 "srv_send_smb failed.");
1800 req->inbuf = (uint8_t *)talloc_move(reqs, &inbuf);
1802 req->conn = switch_message(req->cmd, req);
1804 if (req->outbuf == NULL) {
1806 * Request has suspended itself, will come
1811 smb_request_done(req);
1815 * To be called from an async SMB handler that is potentially chained
1816 * when it is finished for shipping.
1819 void smb_request_done(struct smb_request *req)
1821 struct smb_request **reqs = NULL;
1822 struct smb_request *first_req;
1823 size_t i, num_reqs, next_index;
1826 if (req->chain == NULL) {
1832 num_reqs = talloc_array_length(reqs);
1834 for (i=0; i<num_reqs; i++) {
1835 if (reqs[i] == req) {
1839 if (i == num_reqs) {
1841 * Invalid chain, should not happen
1843 status = NT_STATUS_INTERNAL_ERROR;
1848 while ((next_index < num_reqs) && (IVAL(req->outbuf, smb_rcls) == 0)) {
1849 struct smb_request *next = reqs[next_index];
1850 struct smbXsrv_tcon *tcon;
1851 NTTIME now = timeval_to_nttime(&req->request_time);
1853 next->vuid = SVAL(req->outbuf, smb_uid);
1854 next->tid = SVAL(req->outbuf, smb_tid);
1855 status = smb1srv_tcon_lookup(req->xconn, next->tid,
1858 if (NT_STATUS_IS_OK(status)) {
1859 next->conn = tcon->compat;
1863 next->chain_fsp = req->chain_fsp;
1864 next->inbuf = req->inbuf;
1867 req->conn = switch_message(req->cmd, req);
1869 if (req->outbuf == NULL) {
1871 * Request has suspended itself, will come
1879 first_req = reqs[0];
1881 for (i=1; i<next_index; i++) {
1884 ok = smb_splice_chain(&first_req->outbuf, reqs[i]->outbuf);
1886 status = NT_STATUS_INTERNAL_ERROR;
1891 SSVAL(first_req->outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
1892 SSVAL(first_req->outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
1895 * This scary statement intends to set the
1896 * FLAGS2_32_BIT_ERROR_CODES flg2 field in first_req->outbuf
1897 * to the value last_req->outbuf carries
1899 SSVAL(first_req->outbuf, smb_flg2,
1900 (SVAL(first_req->outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
1901 |(SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
1904 * Transfer the error codes from the subrequest to the main one
1906 SSVAL(first_req->outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
1907 SSVAL(first_req->outbuf, smb_err, SVAL(req->outbuf, smb_err));
1910 first_req->outbuf, talloc_get_size(first_req->outbuf) - 4);
1913 if (!srv_send_smb(first_req->xconn,
1914 (char *)first_req->outbuf,
1915 true, first_req->seqnum+1,
1916 IS_CONN_ENCRYPTED(req->conn)||first_req->encrypted,
1918 exit_server_cleanly("construct_reply_chain: srv_send_smb "
1921 TALLOC_FREE(req); /* non-chained case */
1922 TALLOC_FREE(reqs); /* chained case */
1927 char errbuf[smb_size];
1928 error_packet(errbuf, 0, 0, status, __LINE__, __FILE__);
1929 if (!srv_send_smb(req->xconn, errbuf, true,
1930 req->seqnum+1, req->encrypted,
1932 exit_server_cleanly("construct_reply_chain: "
1933 "srv_send_smb failed.");
1936 TALLOC_FREE(req); /* non-chained case */
1937 TALLOC_FREE(reqs); /* chained case */
1940 /****************************************************************************
1941 Process an smb from the client
1942 ****************************************************************************/
1943 static void process_smb(struct smbXsrv_connection *xconn,
1944 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1945 uint32_t seqnum, bool encrypted,
1946 struct smb_perfcount_data *deferred_pcd)
1948 struct smbd_server_connection *sconn = xconn->client->sconn;
1949 int msg_type = CVAL(inbuf,0);
1951 DO_PROFILE_INC(request);
1953 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1955 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1956 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
1958 if (msg_type != NBSSmessage) {
1960 * NetBIOS session request, keepalive, etc.
1962 reply_special(xconn, (char *)inbuf, nread);
1966 if (sconn->using_smb2) {
1967 /* At this point we're not really using smb2,
1968 * we make the decision here.. */
1969 if (smbd_is_smb2_header(inbuf, nread)) {
1970 const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
1971 size_t pdulen = nread - NBT_HDR_SIZE;
1972 smbd_smb2_process_negprot(xconn, 0, inpdu, pdulen);
1975 if (nread >= smb_size && valid_smb_header(inbuf)
1976 && CVAL(inbuf, smb_com) != 0x72) {
1977 /* This is a non-negprot SMB1 packet.
1978 Disable SMB2 from now on. */
1979 sconn->using_smb2 = false;
1983 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1984 * so subtract 4 from it. */
1985 if ((nread < (smb_size - 4)) || !valid_smb_header(inbuf)) {
1986 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1989 /* special magic for immediate exit */
1991 (IVAL(inbuf, 4) == 0x74697865) &&
1992 lp_parm_bool(-1, "smbd", "suicide mode", false)) {
1993 uint8_t exitcode = CVAL(inbuf, 8);
1994 DEBUG(1, ("Exiting immediately with code %d\n",
1999 exit_server_cleanly("Non-SMB packet");
2002 show_msg((char *)inbuf);
2004 if ((unread_bytes == 0) && smb1_is_chain(inbuf)) {
2005 construct_reply_chain(xconn, (char *)inbuf, nread,
2006 seqnum, encrypted, deferred_pcd);
2008 construct_reply(xconn, (char *)inbuf, nread, unread_bytes,
2009 seqnum, encrypted, deferred_pcd);
2015 sconn->num_requests++;
2017 /* The timeout_processing function isn't run nearly
2018 often enough to implement 'max log size' without
2019 overrunning the size of the file by many megabytes.
2020 This is especially true if we are running at debug
2021 level 10. Checking every 50 SMBs is a nice
2022 tradeoff of performance vs log file size overrun. */
2024 if ((sconn->num_requests % 50) == 0 &&
2025 need_to_check_log_size()) {
2026 change_to_root_user();
2031 /****************************************************************************
2032 Return a string containing the function name of a SMB command.
2033 ****************************************************************************/
2035 const char *smb_fn_name(int type)
2037 const char *unknown_name = "SMBunknown";
2039 if (smb_messages[type].name == NULL)
2040 return(unknown_name);
2042 return(smb_messages[type].name);
2045 /****************************************************************************
2046 Helper functions for contruct_reply.
2047 ****************************************************************************/
2049 void add_to_common_flags2(uint32_t v)
2054 void remove_from_common_flags2(uint32_t v)
2056 common_flags2 &= ~v;
2059 static void construct_reply_common(uint8_t cmd, const uint8_t *inbuf,
2062 uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
2063 uint16_t out_flags2 = common_flags2;
2065 out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
2066 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
2067 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
2069 srv_set_message(outbuf,0,0,false);
2071 SCVAL(outbuf, smb_com, cmd);
2072 SIVAL(outbuf,smb_rcls,0);
2073 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
2074 SSVAL(outbuf,smb_flg2, out_flags2);
2075 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
2076 memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
2078 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
2079 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
2080 SSVAL(outbuf,smb_pidhigh,SVAL(inbuf,smb_pidhigh));
2081 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
2082 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
2085 void construct_reply_common_req(struct smb_request *req, char *outbuf)
2087 construct_reply_common(req->cmd, req->inbuf, outbuf);
2091 * @brief Find the smb_cmd offset of the last command pushed
2092 * @param[in] buf The buffer we're building up
2093 * @retval Where can we put our next andx cmd?
2095 * While chaining requests, the "next" request we're looking at needs to put
2096 * its SMB_Command before the data the previous request already built up added
2097 * to the chain. Find the offset to the place where we have to put our cmd.
2100 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
2105 cmd = CVAL(buf, smb_com);
2107 if (!is_andx_req(cmd)) {
2113 while (CVAL(buf, ofs) != 0xff) {
2115 if (!is_andx_req(CVAL(buf, ofs))) {
2120 * ofs is from start of smb header, so add the 4 length
2121 * bytes. The next cmd is right after the wct field.
2123 ofs = SVAL(buf, ofs+2) + 4 + 1;
2125 if (ofs+4 >= talloc_get_size(buf)) {
2135 * @brief Do the smb chaining at a buffer level
2136 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
2137 * @param[in] andx_buf Buffer to be appended
2140 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
2142 uint8_t smb_command = CVAL(andx_buf, smb_com);
2143 uint8_t wct = CVAL(andx_buf, smb_wct);
2144 const uint16_t *vwv = (const uint16_t *)(andx_buf + smb_vwv);
2145 uint32_t num_bytes = smb_buflen(andx_buf);
2146 const uint8_t *bytes = (const uint8_t *)smb_buf_const(andx_buf);
2149 size_t old_size, new_size;
2151 size_t chain_padding = 0;
2152 size_t andx_cmd_ofs;
2155 old_size = talloc_get_size(*poutbuf);
2157 if ((old_size % 4) != 0) {
2159 * Align the wct field of subsequent requests to a 4-byte
2162 chain_padding = 4 - (old_size % 4);
2166 * After the old request comes the new wct field (1 byte), the vwv's
2167 * and the num_bytes field.
2170 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
2171 new_size += num_bytes;
2173 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
2174 DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
2175 (unsigned)new_size));
2179 outbuf = talloc_realloc(NULL, *poutbuf, uint8_t, new_size);
2180 if (outbuf == NULL) {
2181 DEBUG(0, ("talloc failed\n"));
2186 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
2187 DEBUG(1, ("invalid command chain\n"));
2188 *poutbuf = talloc_realloc(NULL, *poutbuf, uint8_t, old_size);
2192 if (chain_padding != 0) {
2193 memset(outbuf + old_size, 0, chain_padding);
2194 old_size += chain_padding;
2197 SCVAL(outbuf, andx_cmd_ofs, smb_command);
2198 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
2203 * Push the chained request:
2208 SCVAL(outbuf, ofs, wct);
2215 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
2220 * Read&X has an offset into its data buffer at
2221 * vwv[6]. reply_read_andx has no idea anymore that it's
2222 * running from within a chain, so we have to fix up the
2225 * Although it looks disgusting at this place, I want to keep
2226 * it here. The alternative would be to push knowledge about
2227 * the andx chain down into read&x again.
2230 if (smb_command == SMBreadX) {
2231 uint8_t *bytes_addr;
2235 * Invalid read&x response
2240 bytes_addr = outbuf + ofs /* vwv start */
2241 + sizeof(uint16_t) * wct /* vwv array */
2242 + sizeof(uint16_t) /* bcc */
2243 + 1; /* padding byte */
2245 SSVAL(outbuf + ofs, 6 * sizeof(uint16_t),
2246 bytes_addr - outbuf - 4);
2249 ofs += sizeof(uint16_t) * wct;
2255 SSVAL(outbuf, ofs, num_bytes);
2256 ofs += sizeof(uint16_t);
2262 memcpy(outbuf + ofs, bytes, num_bytes);
2267 bool smb1_is_chain(const uint8_t *buf)
2269 uint8_t cmd, wct, andx_cmd;
2271 cmd = CVAL(buf, smb_com);
2272 if (!is_andx_req(cmd)) {
2275 wct = CVAL(buf, smb_wct);
2279 andx_cmd = CVAL(buf, smb_vwv);
2280 return (andx_cmd != 0xFF);
2283 bool smb1_walk_chain(const uint8_t *buf,
2284 bool (*fn)(uint8_t cmd,
2285 uint8_t wct, const uint16_t *vwv,
2286 uint16_t num_bytes, const uint8_t *bytes,
2287 void *private_data),
2290 size_t smblen = smb_len(buf);
2291 const char *smb_buf = smb_base(buf);
2292 uint8_t cmd, chain_cmd;
2294 const uint16_t *vwv;
2296 const uint8_t *bytes;
2298 cmd = CVAL(buf, smb_com);
2299 wct = CVAL(buf, smb_wct);
2300 vwv = (const uint16_t *)(buf + smb_vwv);
2301 num_bytes = smb_buflen(buf);
2302 bytes = (const uint8_t *)smb_buf_const(buf);
2304 if (!fn(cmd, wct, vwv, num_bytes, bytes, private_data)) {
2308 if (!is_andx_req(cmd)) {
2315 chain_cmd = CVAL(vwv, 0);
2317 while (chain_cmd != 0xff) {
2318 uint32_t chain_offset; /* uint32_t to avoid overflow */
2319 size_t length_needed;
2320 ptrdiff_t vwv_offset;
2322 chain_offset = SVAL(vwv+1, 0);
2325 * Check if the client tries to fool us. The chain
2326 * offset needs to point beyond the current request in
2327 * the chain, it needs to strictly grow. Otherwise we
2328 * might be tricked into an endless loop always
2329 * processing the same request over and over again. We
2330 * used to assume that vwv and the byte buffer array
2331 * in a chain are always attached, but OS/2 the
2332 * Write&X/Read&X chain puts the Read&X vwv array
2333 * right behind the Write&X vwv chain. The Write&X bcc
2334 * array is put behind the Read&X vwv array. So now we
2335 * check whether the chain offset points strictly
2336 * behind the previous vwv array. req->buf points
2337 * right after the vwv array of the previous
2339 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for
2343 vwv_offset = ((const char *)vwv - smb_buf);
2344 if (chain_offset <= vwv_offset) {
2349 * Next check: Make sure the chain offset does not
2350 * point beyond the overall smb request length.
2353 length_needed = chain_offset+1; /* wct */
2354 if (length_needed > smblen) {
2359 * Now comes the pointer magic. Goal here is to set up
2360 * vwv and buf correctly again. The chain offset (the
2361 * former vwv[1]) points at the new wct field.
2364 wct = CVAL(smb_buf, chain_offset);
2366 if (is_andx_req(chain_cmd) && (wct < 2)) {
2371 * Next consistency check: Make the new vwv array fits
2372 * in the overall smb request.
2375 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
2376 if (length_needed > smblen) {
2379 vwv = (const uint16_t *)(smb_buf + chain_offset + 1);
2382 * Now grab the new byte buffer....
2385 num_bytes = SVAL(vwv+wct, 0);
2388 * .. and check that it fits.
2391 length_needed += num_bytes;
2392 if (length_needed > smblen) {
2395 bytes = (const uint8_t *)(vwv+wct+1);
2397 if (!fn(chain_cmd, wct, vwv, num_bytes, bytes, private_data)) {
2401 if (!is_andx_req(chain_cmd)) {
2404 chain_cmd = CVAL(vwv, 0);
2409 static bool smb1_chain_length_cb(uint8_t cmd,
2410 uint8_t wct, const uint16_t *vwv,
2411 uint16_t num_bytes, const uint8_t *bytes,
2414 unsigned *count = (unsigned *)private_data;
2419 unsigned smb1_chain_length(const uint8_t *buf)
2423 if (!smb1_walk_chain(buf, smb1_chain_length_cb, &count)) {
2429 struct smb1_parse_chain_state {
2430 TALLOC_CTX *mem_ctx;
2432 struct smbd_server_connection *sconn;
2433 struct smbXsrv_connection *xconn;
2437 struct smb_request **reqs;
2441 static bool smb1_parse_chain_cb(uint8_t cmd,
2442 uint8_t wct, const uint16_t *vwv,
2443 uint16_t num_bytes, const uint8_t *bytes,
2446 struct smb1_parse_chain_state *state =
2447 (struct smb1_parse_chain_state *)private_data;
2448 struct smb_request **reqs;
2449 struct smb_request *req;
2452 reqs = talloc_realloc(state->mem_ctx, state->reqs,
2453 struct smb_request *, state->num_reqs+1);
2459 req = talloc(reqs, struct smb_request);
2464 ok = init_smb_request(req, state->sconn, state->xconn, state->buf, 0,
2465 state->encrypted, state->seqnum);
2472 req->buflen = num_bytes;
2475 reqs[state->num_reqs] = req;
2476 state->num_reqs += 1;
2480 bool smb1_parse_chain(TALLOC_CTX *mem_ctx, const uint8_t *buf,
2481 struct smbXsrv_connection *xconn,
2482 bool encrypted, uint32_t seqnum,
2483 struct smb_request ***reqs, unsigned *num_reqs)
2485 struct smbd_server_connection *sconn = NULL;
2486 struct smb1_parse_chain_state state;
2489 if (xconn != NULL) {
2490 sconn = xconn->client->sconn;
2493 state.mem_ctx = mem_ctx;
2495 state.sconn = sconn;
2496 state.xconn = xconn;
2497 state.encrypted = encrypted;
2498 state.seqnum = seqnum;
2502 if (!smb1_walk_chain(buf, smb1_parse_chain_cb, &state)) {
2503 TALLOC_FREE(state.reqs);
2506 for (i=0; i<state.num_reqs; i++) {
2507 state.reqs[i]->chain = state.reqs;
2510 *num_reqs = state.num_reqs;
2514 /****************************************************************************
2515 Check if services need reloading.
2516 ****************************************************************************/
2518 static void check_reload(struct smbd_server_connection *sconn, time_t t)
2521 if (last_smb_conf_reload_time == 0) {
2522 last_smb_conf_reload_time = t;
2525 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2526 reload_services(sconn, conn_snum_used, true);
2527 last_smb_conf_reload_time = t;
2531 static bool fd_is_readable(int fd)
2535 ret = poll_one_fd(fd, POLLIN|POLLHUP, 0, &revents);
2537 return ((ret > 0) && ((revents & (POLLIN|POLLHUP|POLLERR)) != 0));
2541 static void smbd_server_connection_write_handler(
2542 struct smbXsrv_connection *xconn)
2544 /* TODO: make write nonblocking */
2547 static void smbd_server_connection_read_handler(
2548 struct smbXsrv_connection *xconn, int fd)
2550 uint8_t *inbuf = NULL;
2551 size_t inbuf_len = 0;
2552 size_t unread_bytes = 0;
2553 bool encrypted = false;
2554 TALLOC_CTX *mem_ctx = talloc_tos();
2558 bool async_echo = lp_async_smb_echo_handler();
2559 bool from_client = false;
2562 if (fd_is_readable(xconn->smb1.echo_handler.trusted_fd)) {
2564 * This is the super-ugly hack to prefer the packets
2565 * forwarded by the echo handler over the ones by the
2568 fd = xconn->smb1.echo_handler.trusted_fd;
2572 from_client = (xconn->transport.sock == fd);
2574 if (async_echo && from_client) {
2575 smbd_lock_socket(xconn);
2577 if (!fd_is_readable(fd)) {
2578 DEBUG(10,("the echo listener was faster\n"));
2579 smbd_unlock_socket(xconn);
2584 /* TODO: make this completely nonblocking */
2585 status = receive_smb_talloc(mem_ctx, xconn, fd,
2586 (char **)(void *)&inbuf,
2590 &inbuf_len, &seqnum,
2591 !from_client /* trusted channel */);
2593 if (async_echo && from_client) {
2594 smbd_unlock_socket(xconn);
2597 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2600 if (NT_STATUS_IS_ERR(status)) {
2601 exit_server_cleanly("failed to receive smb request");
2603 if (!NT_STATUS_IS_OK(status)) {
2608 process_smb(xconn, inbuf, inbuf_len, unread_bytes,
2609 seqnum, encrypted, NULL);
2612 static void smbd_server_connection_handler(struct tevent_context *ev,
2613 struct tevent_fd *fde,
2617 struct smbXsrv_connection *xconn =
2618 talloc_get_type_abort(private_data,
2619 struct smbXsrv_connection);
2621 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2623 * we're not supposed to do any io
2625 TEVENT_FD_NOT_READABLE(xconn->transport.fde);
2626 TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
2630 if (flags & TEVENT_FD_WRITE) {
2631 smbd_server_connection_write_handler(xconn);
2634 if (flags & TEVENT_FD_READ) {
2635 smbd_server_connection_read_handler(xconn, xconn->transport.sock);
2640 static void smbd_server_echo_handler(struct tevent_context *ev,
2641 struct tevent_fd *fde,
2645 struct smbXsrv_connection *xconn =
2646 talloc_get_type_abort(private_data,
2647 struct smbXsrv_connection);
2649 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2651 * we're not supposed to do any io
2653 TEVENT_FD_NOT_READABLE(xconn->smb1.echo_handler.trusted_fde);
2654 TEVENT_FD_NOT_WRITEABLE(xconn->smb1.echo_handler.trusted_fde);
2658 if (flags & TEVENT_FD_WRITE) {
2659 smbd_server_connection_write_handler(xconn);
2662 if (flags & TEVENT_FD_READ) {
2663 smbd_server_connection_read_handler(
2664 xconn, xconn->smb1.echo_handler.trusted_fd);
2669 struct smbd_release_ip_state {
2670 struct smbXsrv_connection *xconn;
2671 struct tevent_immediate *im;
2672 char addr[INET6_ADDRSTRLEN];
2675 static void smbd_release_ip_immediate(struct tevent_context *ctx,
2676 struct tevent_immediate *im,
2679 struct smbd_release_ip_state *state =
2680 talloc_get_type_abort(private_data,
2681 struct smbd_release_ip_state);
2682 struct smbXsrv_connection *xconn = state->xconn;
2684 if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
2686 * smbd_server_connection_terminate() already triggered ?
2691 smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
2694 /****************************************************************************
2695 received when we should release a specific IP
2696 ****************************************************************************/
2697 static int release_ip(struct tevent_context *ev,
2698 uint32_t src_vnn, uint32_t dst_vnn,
2700 const uint8_t *msg, size_t msglen,
2703 struct smbd_release_ip_state *state =
2704 talloc_get_type_abort(private_data,
2705 struct smbd_release_ip_state);
2706 struct smbXsrv_connection *xconn = state->xconn;
2708 const char *addr = state->addr;
2709 const char *p = addr;
2714 if (msg[msglen-1] != '\0') {
2718 ip = (const char *)msg;
2720 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2721 /* avoid recursion */
2725 if (strncmp("::ffff:", addr, 7) == 0) {
2729 DEBUG(10, ("Got release IP message for %s, "
2730 "our address is %s\n", ip, p));
2732 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2733 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2736 * With SMB2 we should do a clean disconnect,
2737 * the previous_session_id in the session setup
2738 * will cleanup the old session, tcons and opens.
2740 * A clean disconnect is needed in order to support
2743 * Note: typically this is never triggered
2744 * as we got a TCP RST (triggered by ctdb event scripts)
2745 * before we get CTDB_SRVID_RELEASE_IP.
2747 * We used to call _exit(1) here, but as this was mostly never
2748 * triggered and has implication on our process model,
2749 * we can just use smbd_server_connection_terminate()
2752 * We don't call smbd_server_connection_terminate() directly
2753 * as we might be called from within ctdbd_migrate(),
2754 * we need to defer our action to the next event loop
2756 tevent_schedule_immediate(state->im,
2757 xconn->client->raw_ev_ctx,
2758 smbd_release_ip_immediate,
2762 * Make sure we don't get any io on the connection.
2764 xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
2765 return EADDRNOTAVAIL;
2771 static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
2772 struct sockaddr_storage *srv,
2773 struct sockaddr_storage *clnt)
2775 struct smbd_release_ip_state *state;
2776 struct ctdbd_connection *cconn;
2779 cconn = messaging_ctdb_connection();
2780 if (cconn == NULL) {
2781 return NT_STATUS_NO_MEMORY;
2784 state = talloc_zero(xconn, struct smbd_release_ip_state);
2785 if (state == NULL) {
2786 return NT_STATUS_NO_MEMORY;
2788 state->xconn = xconn;
2789 state->im = tevent_create_immediate(state);
2790 if (state->im == NULL) {
2791 return NT_STATUS_NO_MEMORY;
2793 if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
2794 return NT_STATUS_NO_MEMORY;
2797 ret = ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
2799 return map_nt_error_from_unix(ret);
2801 return NT_STATUS_OK;
2804 static void msg_kill_client_ip(struct messaging_context *msg_ctx,
2805 void *private_data, uint32_t msg_type,
2806 struct server_id server_id, DATA_BLOB *data)
2808 struct smbd_server_connection *sconn = talloc_get_type_abort(
2809 private_data, struct smbd_server_connection);
2810 const char *ip = (char *) data->data;
2813 DBG_DEBUG("Got kill request for client IP %s\n", ip);
2815 client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
2817 if (client_ip == NULL) {
2821 if (strequal(ip, client_ip)) {
2822 DBG_WARNING("Got kill client message for %s - "
2823 "exiting immediately\n", ip);
2824 exit_server_cleanly("Forced disconnect for client");
2827 TALLOC_FREE(client_ip);
2831 * Send keepalive packets to our client
2833 static bool keepalive_fn(const struct timeval *now, void *private_data)
2835 struct smbd_server_connection *sconn = talloc_get_type_abort(
2836 private_data, struct smbd_server_connection);
2837 struct smbXsrv_connection *xconn = NULL;
2840 if (sconn->using_smb2) {
2841 /* Don't do keepalives on an SMB2 connection. */
2846 * With SMB1 we only have 1 connection
2848 xconn = sconn->client->connections;
2849 smbd_lock_socket(xconn);
2850 ret = send_keepalive(xconn->transport.sock);
2851 smbd_unlock_socket(xconn);
2854 int saved_errno = errno;
2856 * Try and give an error message saying what
2859 DEBUG(0, ("send_keepalive failed for client %s. "
2860 "Error %s - exiting\n",
2861 smbXsrv_connection_dbg(xconn),
2862 strerror(saved_errno)));
2863 errno = saved_errno;
2870 * Do the recurring check if we're idle
2872 static bool deadtime_fn(const struct timeval *now, void *private_data)
2874 struct smbd_server_connection *sconn =
2875 (struct smbd_server_connection *)private_data;
2877 if ((conn_num_open(sconn) == 0)
2878 || (conn_idle_all(sconn, now->tv_sec))) {
2879 DEBUG( 2, ( "Closing idle connection\n" ) );
2880 messaging_send(sconn->msg_ctx,
2881 messaging_server_id(sconn->msg_ctx),
2882 MSG_SHUTDOWN, &data_blob_null);
2890 * Do the recurring log file and smb.conf reload checks.
2893 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2895 struct smbd_server_connection *sconn = talloc_get_type_abort(
2896 private_data, struct smbd_server_connection);
2898 DEBUG(5, ("housekeeping\n"));
2900 change_to_root_user();
2902 /* update printer queue caches if necessary */
2903 update_monitored_printq_cache(sconn->msg_ctx);
2905 /* check if we need to reload services */
2906 check_reload(sconn, time_mono(NULL));
2909 * Force a log file check.
2911 force_check_log_size();
2917 * Read an smb packet in the echo handler child, giving the parent
2918 * smbd one second to react once the socket becomes readable.
2921 struct smbd_echo_read_state {
2922 struct tevent_context *ev;
2923 struct smbXsrv_connection *xconn;
2930 static void smbd_echo_read_readable(struct tevent_req *subreq);
2931 static void smbd_echo_read_waited(struct tevent_req *subreq);
2933 static struct tevent_req *smbd_echo_read_send(
2934 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
2935 struct smbXsrv_connection *xconn)
2937 struct tevent_req *req, *subreq;
2938 struct smbd_echo_read_state *state;
2940 req = tevent_req_create(mem_ctx, &state,
2941 struct smbd_echo_read_state);
2946 state->xconn = xconn;
2948 subreq = wait_for_read_send(state, ev, xconn->transport.sock, false);
2949 if (tevent_req_nomem(subreq, req)) {
2950 return tevent_req_post(req, ev);
2952 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2956 static void smbd_echo_read_readable(struct tevent_req *subreq)
2958 struct tevent_req *req = tevent_req_callback_data(
2959 subreq, struct tevent_req);
2960 struct smbd_echo_read_state *state = tevent_req_data(
2961 req, struct smbd_echo_read_state);
2965 ok = wait_for_read_recv(subreq, &err);
2966 TALLOC_FREE(subreq);
2968 tevent_req_nterror(req, map_nt_error_from_unix(err));
2973 * Give the parent smbd one second to step in
2976 subreq = tevent_wakeup_send(
2977 state, state->ev, timeval_current_ofs(1, 0));
2978 if (tevent_req_nomem(subreq, req)) {
2981 tevent_req_set_callback(subreq, smbd_echo_read_waited, req);
2984 static void smbd_echo_read_waited(struct tevent_req *subreq)
2986 struct tevent_req *req = tevent_req_callback_data(
2987 subreq, struct tevent_req);
2988 struct smbd_echo_read_state *state = tevent_req_data(
2989 req, struct smbd_echo_read_state);
2990 struct smbXsrv_connection *xconn = state->xconn;
2996 ok = tevent_wakeup_recv(subreq);
2997 TALLOC_FREE(subreq);
2999 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
3003 ok = smbd_lock_socket_internal(xconn);
3005 tevent_req_nterror(req, map_nt_error_from_unix(errno));
3006 DEBUG(0, ("%s: failed to lock socket\n", __location__));
3010 if (!fd_is_readable(xconn->transport.sock)) {
3011 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
3014 ok = smbd_unlock_socket_internal(xconn);
3016 tevent_req_nterror(req, map_nt_error_from_unix(errno));
3017 DEBUG(1, ("%s: failed to unlock socket\n",
3022 subreq = wait_for_read_send(state, state->ev,
3023 xconn->transport.sock, false);
3024 if (tevent_req_nomem(subreq, req)) {
3027 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
3031 status = receive_smb_talloc(state, xconn,
3032 xconn->transport.sock,
3039 false /* trusted_channel*/);
3041 if (tevent_req_nterror(req, status)) {
3042 tevent_req_nterror(req, status);
3043 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
3044 (int)getpid(), nt_errstr(status)));
3048 ok = smbd_unlock_socket_internal(xconn);
3050 tevent_req_nterror(req, map_nt_error_from_unix(errno));
3051 DEBUG(1, ("%s: failed to unlock socket\n", __location__));
3054 tevent_req_done(req);
3057 static NTSTATUS smbd_echo_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
3058 char **pbuf, size_t *pbuflen, uint32_t *pseqnum)
3060 struct smbd_echo_read_state *state = tevent_req_data(
3061 req, struct smbd_echo_read_state);
3064 if (tevent_req_is_nterror(req, &status)) {
3067 *pbuf = talloc_move(mem_ctx, &state->buf);
3068 *pbuflen = state->buflen;
3069 *pseqnum = state->seqnum;
3070 return NT_STATUS_OK;
3073 struct smbd_echo_state {
3074 struct tevent_context *ev;
3075 struct iovec *pending;
3076 struct smbd_server_connection *sconn;
3077 struct smbXsrv_connection *xconn;
3080 struct tevent_fd *parent_fde;
3082 struct tevent_req *write_req;
3085 static void smbd_echo_writer_done(struct tevent_req *req);
3087 static void smbd_echo_activate_writer(struct smbd_echo_state *state)
3091 if (state->write_req != NULL) {
3095 num_pending = talloc_array_length(state->pending);
3096 if (num_pending == 0) {
3100 state->write_req = writev_send(state, state->ev, NULL,
3101 state->parent_pipe, false,
3102 state->pending, num_pending);
3103 if (state->write_req == NULL) {
3104 DEBUG(1, ("writev_send failed\n"));
3108 talloc_steal(state->write_req, state->pending);
3109 state->pending = NULL;
3111 tevent_req_set_callback(state->write_req, smbd_echo_writer_done,
3115 static void smbd_echo_writer_done(struct tevent_req *req)
3117 struct smbd_echo_state *state = tevent_req_callback_data(
3118 req, struct smbd_echo_state);
3122 written = writev_recv(req, &err);
3124 state->write_req = NULL;
3125 if (written == -1) {
3126 DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
3129 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)getpid()));
3130 smbd_echo_activate_writer(state);
3133 static bool smbd_echo_reply(struct smbd_echo_state *state,
3134 uint8_t *inbuf, size_t inbuf_len,
3137 struct smb_request req;
3138 uint16_t num_replies;
3142 if ((inbuf_len == 4) && (CVAL(inbuf, 0) == NBSSkeepalive)) {
3143 DEBUG(10, ("Got netbios keepalive\n"));
3150 if (inbuf_len < smb_size) {
3151 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
3154 if (!valid_smb_header(inbuf)) {
3155 DEBUG(10, ("Got invalid SMB header\n"));
3159 if (!init_smb_request(&req, state->sconn, state->xconn, inbuf, 0, false,
3165 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req.cmd,
3166 smb_messages[req.cmd].name
3167 ? smb_messages[req.cmd].name : "unknown"));
3169 if (req.cmd != SMBecho) {
3176 num_replies = SVAL(req.vwv+0, 0);
3177 if (num_replies != 1) {
3178 /* Not a Windows "Hey, you're still there?" request */
3182 if (!create_outbuf(talloc_tos(), &req, req.inbuf, &outbuf,
3184 DEBUG(10, ("create_outbuf failed\n"));
3187 req.outbuf = (uint8_t *)outbuf;
3189 SSVAL(req.outbuf, smb_vwv0, num_replies);
3191 if (req.buflen > 0) {
3192 memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
3195 ok = srv_send_smb(req.xconn,
3199 TALLOC_FREE(outbuf);
3207 static void smbd_echo_exit(struct tevent_context *ev,
3208 struct tevent_fd *fde, uint16_t flags,
3211 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
3215 static void smbd_echo_got_packet(struct tevent_req *req);
3217 static void smbd_echo_loop(struct smbXsrv_connection *xconn,
3220 struct smbd_echo_state *state;
3221 struct tevent_req *read_req;
3223 state = talloc_zero(xconn, struct smbd_echo_state);
3224 if (state == NULL) {
3225 DEBUG(1, ("talloc failed\n"));
3228 state->xconn = xconn;
3229 state->parent_pipe = parent_pipe;
3230 state->ev = samba_tevent_context_init(state);
3231 if (state->ev == NULL) {
3232 DEBUG(1, ("samba_tevent_context_init failed\n"));
3236 state->parent_fde = tevent_add_fd(state->ev, state, parent_pipe,
3237 TEVENT_FD_READ, smbd_echo_exit,
3239 if (state->parent_fde == NULL) {
3240 DEBUG(1, ("tevent_add_fd failed\n"));
3245 read_req = smbd_echo_read_send(state, state->ev, xconn);
3246 if (read_req == NULL) {
3247 DEBUG(1, ("smbd_echo_read_send failed\n"));
3251 tevent_req_set_callback(read_req, smbd_echo_got_packet, state);
3254 if (tevent_loop_once(state->ev) == -1) {
3255 DEBUG(1, ("tevent_loop_once failed: %s\n",
3263 static void smbd_echo_got_packet(struct tevent_req *req)
3265 struct smbd_echo_state *state = tevent_req_callback_data(
3266 req, struct smbd_echo_state);
3270 uint32_t seqnum = 0;
3273 status = smbd_echo_read_recv(req, state, &buf, &buflen, &seqnum);
3275 if (!NT_STATUS_IS_OK(status)) {
3276 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
3277 nt_errstr(status)));
3281 reply = smbd_echo_reply(state, (uint8_t *)buf, buflen, seqnum);
3287 num_pending = talloc_array_length(state->pending);
3288 tmp = talloc_realloc(state, state->pending, struct iovec,
3291 DEBUG(1, ("talloc_realloc failed\n"));
3294 state->pending = tmp;
3296 if (buflen >= smb_size) {
3298 * place the seqnum in the packet so that the main process
3299 * can reply with signing
3301 SIVAL(buf, smb_ss_field, seqnum);
3302 SIVAL(buf, smb_ss_field+4, NT_STATUS_V(NT_STATUS_OK));
3305 iov = &state->pending[num_pending];
3306 iov->iov_base = talloc_move(state->pending, &buf);
3307 iov->iov_len = buflen;
3309 DEBUG(10,("echo_handler[%d]: forward to main\n",
3311 smbd_echo_activate_writer(state);
3314 req = smbd_echo_read_send(state, state->ev, state->xconn);
3316 DEBUG(1, ("smbd_echo_read_send failed\n"));
3319 tevent_req_set_callback(req, smbd_echo_got_packet, state);
3324 * Handle SMBecho requests in a forked child process
3326 bool fork_echo_handler(struct smbXsrv_connection *xconn)
3328 int listener_pipe[2];
3331 bool use_mutex = false;
3333 res = pipe(listener_pipe);
3335 DEBUG(1, ("pipe() failed: %s\n", strerror(errno)));
3339 #ifdef HAVE_ROBUST_MUTEXES
3340 use_mutex = tdb_runtime_check_for_robust_mutexes();
3343 pthread_mutexattr_t a;
3345 xconn->smb1.echo_handler.socket_mutex =
3346 anonymous_shared_allocate(sizeof(pthread_mutex_t));
3347 if (xconn->smb1.echo_handler.socket_mutex == NULL) {
3348 DEBUG(1, ("Could not create mutex shared memory: %s\n",
3353 res = pthread_mutexattr_init(&a);
3355 DEBUG(1, ("pthread_mutexattr_init failed: %s\n",
3359 res = pthread_mutexattr_settype(&a, PTHREAD_MUTEX_ERRORCHECK);
3361 DEBUG(1, ("pthread_mutexattr_settype failed: %s\n",
3363 pthread_mutexattr_destroy(&a);
3366 res = pthread_mutexattr_setpshared(&a, PTHREAD_PROCESS_SHARED);
3368 DEBUG(1, ("pthread_mutexattr_setpshared failed: %s\n",
3370 pthread_mutexattr_destroy(&a);
3373 res = pthread_mutexattr_setrobust(&a, PTHREAD_MUTEX_ROBUST);
3375 DEBUG(1, ("pthread_mutexattr_setrobust failed: "
3376 "%s\n", strerror(res)));
3377 pthread_mutexattr_destroy(&a);
3380 res = pthread_mutex_init(xconn->smb1.echo_handler.socket_mutex,
3382 pthread_mutexattr_destroy(&a);
3384 DEBUG(1, ("pthread_mutex_init failed: %s\n",
3392 xconn->smb1.echo_handler.socket_lock_fd =
3393 create_unlink_tmp(lp_lock_directory());
3394 if (xconn->smb1.echo_handler.socket_lock_fd == -1) {
3395 DEBUG(1, ("Could not create lock fd: %s\n",
3405 close(listener_pipe[0]);
3406 set_blocking(listener_pipe[1], false);
3408 status = smbd_reinit_after_fork(xconn->client->msg_ctx,
3409 xconn->client->raw_ev_ctx,
3412 if (!NT_STATUS_IS_OK(status)) {
3413 DEBUG(1, ("reinit_after_fork failed: %s\n",
3414 nt_errstr(status)));
3417 initialize_password_db(true, xconn->client->raw_ev_ctx);
3418 smbd_echo_loop(xconn, listener_pipe[1]);
3421 close(listener_pipe[1]);
3422 listener_pipe[1] = -1;
3423 xconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
3425 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)getpid(), (int)child));
3428 * Without smb signing this is the same as the normal smbd
3429 * listener. This needs to change once signing comes in.
3431 xconn->smb1.echo_handler.trusted_fde = tevent_add_fd(
3432 xconn->client->raw_ev_ctx,
3434 xconn->smb1.echo_handler.trusted_fd,
3436 smbd_server_echo_handler,
3438 if (xconn->smb1.echo_handler.trusted_fde == NULL) {
3439 DEBUG(1, ("event_add_fd failed\n"));
3446 if (listener_pipe[0] != -1) {
3447 close(listener_pipe[0]);
3449 if (listener_pipe[1] != -1) {
3450 close(listener_pipe[1]);
3452 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
3453 close(xconn->smb1.echo_handler.socket_lock_fd);
3455 #ifdef HAVE_ROBUST_MUTEXES
3456 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
3457 pthread_mutex_destroy(xconn->smb1.echo_handler.socket_mutex);
3458 anonymous_shared_free(xconn->smb1.echo_handler.socket_mutex);
3461 smbd_echo_init(xconn);
3466 static bool uid_in_use(const struct user_struct *user, uid_t uid)
3469 if (user->session_info &&
3470 (user->session_info->unix_token->uid == uid)) {
3478 static bool gid_in_use(const struct user_struct *user, gid_t gid)
3481 if (user->session_info != NULL) {
3483 struct security_unix_token *utok;
3485 utok = user->session_info->unix_token;
3486 if (utok->gid == gid) {
3489 for(i=0; i<utok->ngroups; i++) {
3490 if (utok->groups[i] == gid) {
3500 static bool sid_in_use(const struct user_struct *user,
3501 const struct dom_sid *psid)
3504 struct security_token *tok;
3506 if (user->session_info == NULL) {
3509 tok = user->session_info->security_token;
3512 * Not sure session_info->security_token can
3513 * ever be NULL. This check might be not
3518 if (security_token_has_sid(tok, psid)) {
3526 static bool id_in_use(const struct user_struct *user,
3527 const struct id_cache_ref *id)
3531 return uid_in_use(user, id->id.uid);
3533 return gid_in_use(user, id->id.gid);
3535 return sid_in_use(user, &id->id.sid);
3542 static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
3545 struct server_id server_id,
3548 const char *msg = (data && data->data)
3549 ? (const char *)data->data : "<NULL>";
3550 struct id_cache_ref id;
3551 struct smbd_server_connection *sconn =
3552 talloc_get_type_abort(private_data,
3553 struct smbd_server_connection);
3555 if (!id_cache_ref_parse(msg, &id)) {
3556 DEBUG(0, ("Invalid ?ID: %s\n", msg));
3560 if (id_in_use(sconn->users, &id)) {
3561 exit_server_cleanly(msg);
3563 id_cache_delete_from_cache(&id);
3566 NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
3567 enum protocol_types protocol)
3571 conn->protocol = protocol;
3573 if (conn->client->session_table != NULL) {
3574 return NT_STATUS_OK;
3577 if (protocol >= PROTOCOL_SMB2_02) {
3578 status = smb2srv_session_table_init(conn);
3579 if (!NT_STATUS_IS_OK(status)) {
3580 conn->protocol = PROTOCOL_NONE;
3584 status = smb2srv_open_table_init(conn);
3585 if (!NT_STATUS_IS_OK(status)) {
3586 conn->protocol = PROTOCOL_NONE;
3590 status = smb1srv_session_table_init(conn);
3591 if (!NT_STATUS_IS_OK(status)) {
3592 conn->protocol = PROTOCOL_NONE;
3596 status = smb1srv_tcon_table_init(conn);
3597 if (!NT_STATUS_IS_OK(status)) {
3598 conn->protocol = PROTOCOL_NONE;
3602 status = smb1srv_open_table_init(conn);
3603 if (!NT_STATUS_IS_OK(status)) {
3604 conn->protocol = PROTOCOL_NONE;
3609 set_Protocol(protocol);
3610 return NT_STATUS_OK;
3613 struct smbd_tevent_trace_state {
3614 struct tevent_context *ev;
3616 SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
3619 static void smbd_tevent_trace_callback(enum tevent_trace_point point,
3622 struct smbd_tevent_trace_state *state =
3623 (struct smbd_tevent_trace_state *)private_data;
3626 case TEVENT_TRACE_BEFORE_WAIT:
3627 if (!smbprofile_dump_pending()) {
3629 * If there's no dump pending
3630 * we don't want to schedule a new 1 sec timer.
3632 * Instead we want to sleep as long as nothing happens.
3634 smbprofile_dump_setup(NULL);
3636 SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
3638 case TEVENT_TRACE_AFTER_WAIT:
3639 SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
3640 if (!smbprofile_dump_pending()) {
3642 * We need to flush our state after sleeping
3643 * (hopefully a long time).
3647 * future profiling events should trigger timers
3648 * on our main event context.
3650 smbprofile_dump_setup(state->ev);
3653 case TEVENT_TRACE_BEFORE_LOOP_ONCE:
3654 TALLOC_FREE(state->frame);
3655 state->frame = talloc_stackframe_pool(8192);
3657 case TEVENT_TRACE_AFTER_LOOP_ONCE:
3658 TALLOC_FREE(state->frame);
3666 * Create a debug string for the connection
3668 * This is allocated to talloc_tos() or a string constant
3669 * in certain corner cases. The returned string should
3670 * hence not be free'd directly but only via the talloc stack.
3672 const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
3677 * TODO: this can be improved later
3678 * maybe including the client guid or more
3680 ret = tsocket_address_string(xconn->remote_address, talloc_tos());
3682 return "<tsocket_address_string() failed>";
3688 NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
3689 struct smbXsrv_connection **_xconn)
3691 TALLOC_CTX *frame = talloc_stackframe();
3692 struct smbXsrv_connection *xconn;
3693 struct sockaddr_storage ss_srv;
3694 void *sp_srv = (void *)&ss_srv;
3695 struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
3696 struct sockaddr_storage ss_clnt;
3697 void *sp_clnt = (void *)&ss_clnt;
3698 struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
3699 socklen_t sa_socklen;
3700 struct tsocket_address *local_address = NULL;
3701 struct tsocket_address *remote_address = NULL;
3702 const char *remaddr = NULL;
3704 const char *rhost = NULL;
3710 DO_PROFILE_INC(connect);
3712 xconn = talloc_zero(client, struct smbXsrv_connection);
3713 if (xconn == NULL) {
3714 DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
3716 return NT_STATUS_NO_MEMORY;
3718 talloc_steal(frame, xconn);
3720 xconn->transport.sock = sock_fd;
3721 smbd_echo_init(xconn);
3722 xconn->protocol = PROTOCOL_NONE;
3724 /* Ensure child is set to blocking mode */
3725 set_blocking(sock_fd,True);
3727 set_socket_options(sock_fd, "SO_KEEPALIVE");
3728 set_socket_options(sock_fd, lp_socket_options());
3730 sa_socklen = sizeof(ss_clnt);
3731 ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
3733 int saved_errno = errno;
3734 int level = (errno == ENOTCONN)?2:0;
3735 DEBUG(level,("getpeername() failed - %s\n",
3736 strerror(saved_errno)));
3738 return map_nt_error_from_unix_common(saved_errno);
3740 ret = tsocket_address_bsd_from_sockaddr(xconn,
3741 sa_clnt, sa_socklen,
3744 int saved_errno = errno;
3745 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3746 __location__, strerror(saved_errno)));
3748 return map_nt_error_from_unix_common(saved_errno);
3751 sa_socklen = sizeof(ss_srv);
3752 ret = getsockname(sock_fd, sa_srv, &sa_socklen);
3754 int saved_errno = errno;
3755 int level = (errno == ENOTCONN)?2:0;
3756 DEBUG(level,("getsockname() failed - %s\n",
3757 strerror(saved_errno)));
3759 return map_nt_error_from_unix_common(saved_errno);
3761 ret = tsocket_address_bsd_from_sockaddr(xconn,
3765 int saved_errno = errno;
3766 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3767 __location__, strerror(saved_errno)));
3769 return map_nt_error_from_unix_common(saved_errno);
3772 if (tsocket_address_is_inet(remote_address, "ip")) {
3773 remaddr = tsocket_address_inet_addr_string(remote_address,
3775 if (remaddr == NULL) {
3776 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3777 __location__, strerror(errno)));
3779 return NT_STATUS_NO_MEMORY;
3782 remaddr = "0.0.0.0";
3786 * Before the first packet, check the global hosts allow/ hosts deny
3787 * parameters before doing any parsing of packets passed to us by the
3788 * client. This prevents attacks on our parsing code from hosts not in
3789 * the hosts allow list.
3792 ret = get_remote_hostname(remote_address,
3795 int saved_errno = errno;
3796 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3797 __location__, strerror(saved_errno)));
3799 return map_nt_error_from_unix_common(saved_errno);
3802 if (strequal(rhost, "UNKNOWN")) {
3806 xconn->local_address = local_address;
3807 xconn->remote_address = remote_address;
3808 xconn->remote_hostname = talloc_strdup(xconn, rhost);
3809 if (xconn->remote_hostname == NULL) {
3810 return NT_STATUS_NO_MEMORY;
3813 if (!srv_init_signing(xconn)) {
3814 DEBUG(0, ("Failed to init smb_signing\n"));
3816 return NT_STATUS_INTERNAL_ERROR;
3819 if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
3820 xconn->remote_hostname,
3822 DEBUG( 1, ("Connection denied from %s to %s\n",
3823 tsocket_address_string(remote_address, talloc_tos()),
3824 tsocket_address_string(local_address, talloc_tos())));
3827 * We return a valid xconn
3828 * so that the caller can return an error message
3831 client->connections = xconn;
3832 xconn->client = client;
3833 talloc_steal(client, xconn);
3837 return NT_STATUS_NETWORK_ACCESS_DENIED;
3840 DEBUG(10, ("Connection allowed from %s to %s\n",
3841 tsocket_address_string(remote_address, talloc_tos()),
3842 tsocket_address_string(local_address, talloc_tos())));
3844 if (lp_clustering()) {
3846 * We need to tell ctdb about our client's TCP
3847 * connection, so that for failover ctdbd can send
3848 * tickle acks, triggering a reconnection by the
3853 status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
3854 if (!NT_STATUS_IS_OK(status)) {
3855 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3856 nt_errstr(status)));
3860 tmp = lp_max_xmit();
3861 tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
3862 tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
3864 xconn->smb1.negprot.max_recv = tmp;
3866 xconn->smb1.sessions.done_sesssetup = false;
3867 xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
3869 xconn->transport.fde = tevent_add_fd(client->raw_ev_ctx,
3873 smbd_server_connection_handler,
3875 if (!xconn->transport.fde) {
3877 return NT_STATUS_NO_MEMORY;
3880 /* for now we only have one connection */
3881 DLIST_ADD_END(client->connections, xconn);
3882 xconn->client = client;
3883 talloc_steal(client, xconn);
3887 return NT_STATUS_OK;
3890 /****************************************************************************
3891 Process commands from the client
3892 ****************************************************************************/
3894 void smbd_process(struct tevent_context *ev_ctx,
3895 struct messaging_context *msg_ctx,
3899 struct smbd_tevent_trace_state trace_state = {
3901 .frame = talloc_stackframe(),
3903 struct smbXsrv_client *client = NULL;
3904 struct smbd_server_connection *sconn = NULL;
3905 struct smbXsrv_connection *xconn = NULL;
3906 const char *locaddr = NULL;
3907 const char *remaddr = NULL;
3910 struct timeval tv = timeval_current();
3911 NTTIME now = timeval_to_nttime(&tv);
3912 char *chroot_dir = NULL;
3915 status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
3916 if (!NT_STATUS_IS_OK(status)) {
3917 DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
3918 exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
3922 * TODO: remove this...:-)
3924 global_smbXsrv_client = client;
3926 sconn = talloc_zero(client, struct smbd_server_connection);
3927 if (sconn == NULL) {
3928 exit_server("failed to create smbd_server_connection");
3931 client->sconn = sconn;
3932 sconn->client = client;
3934 sconn->raw_ev_ctx = ev_ctx;
3935 sconn->root_ev_ctx = ev_ctx;
3936 sconn->guest_ev_ctx = ev_ctx;
3937 sconn->msg_ctx = msg_ctx;
3939 ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
3942 exit_server("pthreadpool_tevent_init() failed.");
3945 if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
3947 * We're not making the decision here,
3948 * we're just allowing the client
3949 * to decide between SMB1 and SMB2
3950 * with the first negprot
3953 sconn->using_smb2 = true;
3957 smbd_setup_sig_term_handler(sconn);
3958 smbd_setup_sig_hup_handler(sconn);
3961 status = smbd_add_connection(client, sock_fd, &xconn);
3962 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
3964 * send a negative session response "not listening on calling
3967 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
3968 (void)srv_send_smb(xconn,(char *)buf, false,
3970 exit_server_cleanly("connection denied");
3971 } else if (!NT_STATUS_IS_OK(status)) {
3972 exit_server_cleanly(nt_errstr(status));
3975 sconn->local_address =
3976 tsocket_address_copy(xconn->local_address, sconn);
3977 if (sconn->local_address == NULL) {
3978 exit_server_cleanly("tsocket_address_copy() failed");
3980 sconn->remote_address =
3981 tsocket_address_copy(xconn->remote_address, sconn);
3982 if (sconn->remote_address == NULL) {
3983 exit_server_cleanly("tsocket_address_copy() failed");
3985 sconn->remote_hostname =
3986 talloc_strdup(sconn, xconn->remote_hostname);
3987 if (sconn->remote_hostname == NULL) {
3988 exit_server_cleanly("tsocket_strdup() failed");
3991 if (tsocket_address_is_inet(sconn->local_address, "ip")) {
3992 locaddr = tsocket_address_inet_addr_string(
3993 sconn->local_address,
3995 if (locaddr == NULL) {
3996 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3997 __location__, strerror(errno)));
3998 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
4001 locaddr = "0.0.0.0";
4004 if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
4005 remaddr = tsocket_address_inet_addr_string(
4006 sconn->remote_address,
4008 if (remaddr == NULL) {
4009 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
4010 __location__, strerror(errno)));
4011 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
4014 remaddr = "0.0.0.0";
4017 /* this is needed so that we get decent entries
4018 in smbstatus for port 445 connects */
4019 set_remote_machine_name(remaddr, false);
4020 reload_services(sconn, conn_snum_used, true);
4021 sub_set_socket_ids(remaddr,
4022 sconn->remote_hostname,
4025 if (lp_preload_modules()) {
4026 smb_load_all_modules_absoute_path(lp_preload_modules());
4029 smb_perfcount_init();
4031 if (!init_account_policy()) {
4032 exit_server("Could not open account policy tdb.\n");
4035 chroot_dir = lp_root_directory(talloc_tos());
4036 if (chroot_dir[0] != '\0') {
4037 rc = chdir(chroot_dir);
4039 DBG_ERR("Failed to chdir to %s\n", chroot_dir);
4040 exit_server("Failed to chdir()");
4043 rc = chroot(chroot_dir);
4045 DBG_ERR("Failed to change root to %s\n", chroot_dir);
4046 exit_server("Failed to chroot()");
4048 DBG_WARNING("Changed root to %s\n", chroot_dir);
4050 TALLOC_FREE(chroot_dir);
4053 if (!file_init(sconn)) {
4054 exit_server("file_init() failed");
4058 if (!init_oplocks(sconn))
4059 exit_server("Failed to init oplocks");
4061 /* register our message handlers */
4062 messaging_register(sconn->msg_ctx, sconn,
4063 MSG_SMB_FORCE_TDIS, msg_force_tdis);
4064 messaging_register(sconn->msg_ctx, sconn,
4065 MSG_SMB_CLOSE_FILE, msg_close_file);
4066 messaging_register(sconn->msg_ctx, sconn,
4067 MSG_SMB_FILE_RENAME, msg_file_was_renamed);
4069 id_cache_register_msgs(sconn->msg_ctx);
4070 messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
4071 messaging_register(sconn->msg_ctx, sconn,
4072 ID_CACHE_KILL, smbd_id_cache_kill);
4074 messaging_deregister(sconn->msg_ctx,
4075 MSG_SMB_CONF_UPDATED, sconn->raw_ev_ctx);
4076 messaging_register(sconn->msg_ctx, sconn,
4077 MSG_SMB_CONF_UPDATED, smbd_conf_updated);
4079 messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
4081 messaging_register(sconn->msg_ctx, sconn,
4082 MSG_SMB_KILL_CLIENT_IP,
4083 msg_kill_client_ip);
4085 messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
4088 * Use the default MSG_DEBUG handler to avoid rebroadcasting
4089 * MSGs to all child processes
4091 messaging_deregister(sconn->msg_ctx,
4093 messaging_register(sconn->msg_ctx, NULL,
4094 MSG_DEBUG, debug_message);
4096 if ((lp_keepalive() != 0)
4097 && !(event_add_idle(ev_ctx, NULL,
4098 timeval_set(lp_keepalive(), 0),
4099 "keepalive", keepalive_fn,
4101 DEBUG(0, ("Could not add keepalive event\n"));
4105 if (!(event_add_idle(ev_ctx, NULL,
4106 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
4107 "deadtime", deadtime_fn, sconn))) {
4108 DEBUG(0, ("Could not add deadtime event\n"));
4112 if (!(event_add_idle(ev_ctx, NULL,
4113 timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
4114 "housekeeping", housekeeping_fn, sconn))) {
4115 DEBUG(0, ("Could not add housekeeping event\n"));
4119 smbprofile_dump_setup(ev_ctx);
4121 if (!init_dptrs(sconn)) {
4122 exit_server("init_dptrs() failed");
4125 TALLOC_FREE(trace_state.frame);
4127 tevent_set_trace_callback(ev_ctx, smbd_tevent_trace_callback,
4130 ret = tevent_loop_wait(ev_ctx);
4132 DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
4133 " exiting\n", ret, strerror(errno)));
4136 TALLOC_FREE(trace_state.frame);
4138 exit_server_cleanly(NULL);
4141 bool req_is_in_chain(const struct smb_request *req)
4143 if (req->vwv != (const uint16_t *)(req->inbuf+smb_vwv)) {
4145 * We're right now handling a subsequent request, so we must
4151 if (!is_andx_req(req->cmd)) {
4157 * Okay, an illegal request, but definitely not chained :-)
4162 return (CVAL(req->vwv+0, 0) != 0xFF);
git.samba.org / garming / samba-autobuild / .git / blob