2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan Metzmacher 2014
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/filesys.h"
23 #include "lib/util/server_id.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "dbwrap/dbwrap.h"
27 #include "dbwrap/dbwrap_rbt.h"
28 #include "dbwrap/dbwrap_open.h"
29 #include "dbwrap/dbwrap_watch.h"
32 #include "auth/gensec/gensec.h"
33 #include "../lib/tsocket/tsocket.h"
34 #include "../libcli/security/security.h"
36 #include "lib/util/util_tdb.h"
37 #include "librpc/gen_ndr/ndr_smbXsrv.h"
39 #include "lib/util/tevent_ntstatus.h"
40 #include "lib/util/iov_buf.h"
42 struct smbXsrv_client_table {
48 struct db_context *db_ctx;
52 static struct db_context *smbXsrv_client_global_db_ctx = NULL;
54 NTSTATUS smbXsrv_client_global_init(void)
56 const char *global_path = NULL;
57 struct db_context *db_ctx = NULL;
59 if (smbXsrv_client_global_db_ctx != NULL) {
64 * This contains secret information like client keys!
66 global_path = lock_path(talloc_tos(), "smbXsrv_client_global.tdb");
67 if (global_path == NULL) {
68 return NT_STATUS_NO_MEMORY;
71 db_ctx = db_open(NULL, global_path,
75 TDB_INCOMPATIBLE_HASH,
76 O_RDWR | O_CREAT, 0600,
82 status = map_nt_error_from_unix_common(errno);
87 smbXsrv_client_global_db_ctx = db_ctx;
94 * We need to store the keys in big endian so that dbwrap_rbt's memcmp
95 * has the same result as integer comparison between the uint32_t
98 * TODO: implement string based key
101 #define SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE 16
103 static TDB_DATA smbXsrv_client_global_id_to_key(const struct GUID *client_guid,
106 TDB_DATA key = { .dsize = 0, };
110 status = GUID_to_ndr_blob(client_guid, talloc_tos(), &b);
111 if (!NT_STATUS_IS_OK(status)) {
114 memcpy(key_buf, b.data, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
117 key = make_tdb_data(key_buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
122 static struct db_record *smbXsrv_client_global_fetch_locked(
123 struct db_context *db,
124 const struct GUID *client_guid,
128 uint8_t key_buf[SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE];
129 struct db_record *rec = NULL;
131 key = smbXsrv_client_global_id_to_key(client_guid, key_buf);
133 rec = dbwrap_fetch_locked(db, mem_ctx, key);
136 struct GUID_txt_buf buf;
137 DBG_DEBUG("Failed to lock guid [%s], key '%s'\n",
138 GUID_buf_string(client_guid, &buf),
139 hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
145 static NTSTATUS smbXsrv_client_table_create(TALLOC_CTX *mem_ctx,
146 struct messaging_context *msg_ctx,
147 uint32_t max_clients,
148 struct smbXsrv_client_table **_table)
150 struct smbXsrv_client_table *table;
153 if (max_clients > 1) {
154 return NT_STATUS_INTERNAL_ERROR;
157 table = talloc_zero(mem_ctx, struct smbXsrv_client_table);
159 return NT_STATUS_NO_MEMORY;
162 table->local.max_clients = max_clients;
164 status = smbXsrv_client_global_init();
165 if (!NT_STATUS_IS_OK(status)) {
170 table->global.db_ctx = smbXsrv_client_global_db_ctx;
176 static int smbXsrv_client_global_destructor(struct smbXsrv_client_global0 *global)
181 static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
185 struct smbXsrv_client_global0 **_g)
190 struct smbXsrv_client_globalB global_blob;
191 enum ndr_err_code ndr_err;
192 struct smbXsrv_client_global0 *global = NULL;
194 TALLOC_CTX *frame = talloc_stackframe();
205 key = dbwrap_record_get_key(db_rec);
207 val = dbwrap_record_get_value(db_rec);
208 if (val.dsize == 0) {
217 blob = data_blob_const(val.dptr, val.dsize);
219 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
220 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_client_globalB);
221 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
222 NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
223 DBG_WARNING("smbXsrv_client_global_verify_record: "
224 "key '%s' ndr_pull_struct_blob - %s\n",
225 hex_encode_talloc(frame, key.dptr, key.dsize),
231 DBG_DEBUG("client_global:\n");
232 if (DEBUGLVL(DBGLVL_DEBUG)) {
233 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
236 if (global_blob.version != SMBXSRV_VERSION_0) {
237 DBG_ERR("key '%s' use unsupported version %u\n",
238 hex_encode_talloc(frame, key.dptr, key.dsize),
239 global_blob.version);
240 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
245 global = global_blob.info.info0;
247 exists = serverid_exists(&global->server_id);
249 struct server_id_buf tmp;
251 DBG_NOTICE("key '%s' server_id %s does not exist.\n",
252 hex_encode_talloc(frame, key.dptr, key.dsize),
253 server_id_str_buf(global->server_id, &tmp));
254 if (DEBUGLVL(DBGLVL_NOTICE)) {
255 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
258 dbwrap_record_delete(db_rec);
264 *_g = talloc_move(mem_ctx, &global);
269 NTSTATUS smb2srv_client_lookup_global(struct smbXsrv_client *client,
270 struct GUID client_guid,
272 struct smbXsrv_client_global0 **_global)
274 struct smbXsrv_client_table *table = client->table;
275 struct smbXsrv_client_global0 *global = NULL;
276 bool is_free = false;
277 struct db_record *db_rec;
279 db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx,
282 if (db_rec == NULL) {
283 return NT_STATUS_INTERNAL_DB_ERROR;
286 smbXsrv_client_global_verify_record(db_rec,
294 return NT_STATUS_OBJECTID_NOT_FOUND;
301 NTSTATUS smb2srv_client_connection_pass(struct smbd_smb2_request *smb2req,
302 struct smbXsrv_client_global0 *global)
305 enum ndr_err_code ndr_err;
307 struct smbXsrv_connection_pass0 pass_info0;
308 struct smbXsrv_connection_passB pass_blob;
312 pass_info0.initial_connect_time = global->initial_connect_time;
313 pass_info0.client_guid = global->client_guid;
315 reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
317 return NT_STATUS_INVALID_BUFFER_SIZE;
320 pass_info0.negotiate_request.length = reqlen;
321 pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
323 if (pass_info0.negotiate_request.data == NULL) {
324 return NT_STATUS_NO_MEMORY;
326 iov_buf(smb2req->in.vector, smb2req->in.vector_count,
327 pass_info0.negotiate_request.data,
328 pass_info0.negotiate_request.length);
330 ZERO_STRUCT(pass_blob);
331 pass_blob.version = smbXsrv_version_global_current();
332 pass_blob.info.info0 = &pass_info0;
334 if (DEBUGLVL(DBGLVL_DEBUG)) {
335 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
338 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &pass_blob,
339 (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_passB);
340 data_blob_free(&pass_info0.negotiate_request);
341 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
342 status = ndr_map_error2ntstatus(ndr_err);
346 iov.iov_base = blob.data;
347 iov.iov_len = blob.length;
349 status = messaging_send_iov(smb2req->xconn->client->msg_ctx,
351 MSG_SMBXSRV_CONNECTION_PASS,
353 &smb2req->xconn->transport.sock, 1);
354 data_blob_free(&blob);
355 if (!NT_STATUS_IS_OK(status)) {
362 static NTSTATUS smbXsrv_client_global_store(struct smbXsrv_client_global0 *global)
364 struct smbXsrv_client_globalB global_blob;
365 DATA_BLOB blob = data_blob_null;
369 enum ndr_err_code ndr_err;
370 bool saved_stored = global->stored;
373 * TODO: if we use other versions than '0'
374 * we would add glue code here, that would be able to
375 * store the information in the old format.
378 if (global->db_rec == NULL) {
379 return NT_STATUS_INTERNAL_ERROR;
382 key = dbwrap_record_get_key(global->db_rec);
383 val = dbwrap_record_get_value(global->db_rec);
385 ZERO_STRUCT(global_blob);
386 global_blob.version = smbXsrv_version_global_current();
387 if (val.dsize >= 8) {
388 global_blob.seqnum = IVAL(val.dptr, 4);
390 global_blob.seqnum += 1;
391 global_blob.info.info0 = global;
393 global->stored = true;
394 ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
395 (ndr_push_flags_fn_t)ndr_push_smbXsrv_client_globalB);
396 global->stored = saved_stored;
397 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
398 status = ndr_map_error2ntstatus(ndr_err);
399 DBG_WARNING("key '%s' ndr_push - %s\n",
400 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
402 TALLOC_FREE(global->db_rec);
406 val = make_tdb_data(blob.data, blob.length);
407 status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
408 if (!NT_STATUS_IS_OK(status)) {
409 DBG_WARNING("key '%s' store - %s\n",
410 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
412 TALLOC_FREE(global->db_rec);
416 global->stored = true;
418 if (DEBUGLVL(DBGLVL_DEBUG)) {
419 DBG_DEBUG("key '%s' stored\n",
420 hex_encode_talloc(global->db_rec, key.dptr, key.dsize));
421 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
424 TALLOC_FREE(global->db_rec);
429 static NTSTATUS smbXsrv_client_global_remove(struct smbXsrv_client_global0 *global)
435 * TODO: if we use other versions than '0'
436 * we would add glue code here, that would be able to
437 * store the information in the old format.
440 if (global->db_rec == NULL) {
441 return NT_STATUS_INTERNAL_ERROR;
444 key = dbwrap_record_get_key(global->db_rec);
446 status = dbwrap_record_delete(global->db_rec);
447 if (!NT_STATUS_IS_OK(status)) {
448 DBG_WARNING("key '%s' delete - %s\n",
449 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
451 TALLOC_FREE(global->db_rec);
454 global->stored = false;
455 DBG_DEBUG("key '%s' delete\n",
456 hex_encode_talloc(global->db_rec, key.dptr, key.dsize));
458 TALLOC_FREE(global->db_rec);
463 static int smbXsrv_client_destructor(struct smbXsrv_client *client)
467 status = smbXsrv_client_remove(client);
468 if (!NT_STATUS_IS_OK(status)) {
469 DBG_ERR("smbXsrv_client_remove() failed: %s\n",
473 TALLOC_FREE(client->global);
478 static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data);
479 static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq);
481 NTSTATUS smbXsrv_client_create(TALLOC_CTX *mem_ctx,
482 struct tevent_context *ev_ctx,
483 struct messaging_context *msg_ctx,
485 struct smbXsrv_client **_client)
487 struct smbXsrv_client_table *table;
488 struct smbXsrv_client *client = NULL;
489 struct smbXsrv_client_global0 *global = NULL;
491 struct tevent_req *subreq = NULL;
493 status = smbXsrv_client_table_create(mem_ctx,
497 if (!NT_STATUS_IS_OK(status)) {
501 if (table->local.num_clients >= table->local.max_clients) {
503 return NT_STATUS_INSUFFICIENT_RESOURCES;
506 client = talloc_zero(mem_ctx, struct smbXsrv_client);
507 if (client == NULL) {
509 return NT_STATUS_NO_MEMORY;
511 client->raw_ev_ctx = ev_ctx;
512 client->msg_ctx = msg_ctx;
514 client->server_multi_channel_enabled = lp_server_multi_channel_support();
516 client->table = talloc_move(client, &table);
517 table = client->table;
519 global = talloc_zero(client, struct smbXsrv_client_global0);
520 if (global == NULL) {
522 return NT_STATUS_NO_MEMORY;
524 talloc_set_destructor(global, smbXsrv_client_global_destructor);
525 client->global = global;
527 global->initial_connect_time = now;
529 global->server_id = messaging_server_id(client->msg_ctx);
531 table->local.num_clients += 1;
533 talloc_set_destructor(client, smbXsrv_client_destructor);
535 if (DEBUGLVL(DBGLVL_DEBUG)) {
536 struct smbXsrv_clientB client_blob = {
537 .version = SMBXSRV_VERSION_0,
538 .info.info0 = client,
540 struct GUID_txt_buf buf;
542 DBG_DEBUG("client_guid[%s] created\n",
543 GUID_buf_string(&global->client_guid, &buf));
544 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
547 subreq = messaging_filtered_read_send(client,
550 smbXsrv_client_connection_pass_filter,
552 if (subreq == NULL) {
554 return NT_STATUS_NO_MEMORY;
556 tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
562 static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data)
564 if (rec->msg_type != MSG_SMBXSRV_CONNECTION_PASS) {
568 if (rec->num_fds != 1) {
572 if (rec->buf.length < SMB2_HDR_BODY) {
576 /* TODO: verify client_guid...? */
581 static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq)
583 struct smbXsrv_client *client =
584 tevent_req_callback_data(subreq,
585 struct smbXsrv_client);
586 struct smbXsrv_connection *xconn = NULL;
588 struct messaging_rec *rec = NULL;
589 struct smbXsrv_connection_passB pass_blob;
590 enum ndr_err_code ndr_err;
591 struct smbXsrv_connection_pass0 *pass_info0 = NULL;
596 ret = messaging_filtered_read_recv(subreq, talloc_tos(), &rec);
602 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &pass_blob,
603 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_passB);
604 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
605 status = ndr_map_error2ntstatus(ndr_err);
606 DBG_WARNING("ndr_pull_struct_blob - %s\n", nt_errstr(status));
610 DBG_DEBUG("MSG_SMBXSRV_CLIENT_CLOSE\n");
611 if (DEBUGLVL(DBGLVL_DEBUG)) {
612 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
615 if (pass_blob.version != SMBXSRV_VERSION_0) {
616 DBG_ERR("ignore invalid version %u\n", pass_blob.version);
617 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
621 pass_info0 = pass_blob.info.info0;
622 if (pass_info0 == NULL) {
623 DBG_ERR("ignore NULL info %u\n", pass_blob.version);
624 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
628 if (!GUID_equal(&client->global->client_guid, &pass_info0->client_guid))
630 struct GUID_txt_buf buf1, buf2;
632 DBG_WARNING("client's client_guid [%s] != passed guid [%s]\n",
633 GUID_buf_string(&client->global->client_guid,
635 GUID_buf_string(&pass_info0->client_guid,
637 if (DEBUGLVL(DBGLVL_WARNING)) {
638 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
643 if (client->global->initial_connect_time !=
644 pass_info0->initial_connect_time)
646 DBG_WARNING("client's initial connect time [%s] (%llu) != "
647 "passed initial connect time [%s] (%llu)\n",
648 nt_time_string(talloc_tos(),
649 client->global->initial_connect_time),
650 (unsigned long long)client->global->initial_connect_time,
651 nt_time_string(talloc_tos(),
652 pass_info0->initial_connect_time),
653 (unsigned long long)pass_info0->initial_connect_time);
654 if (DEBUGLVL(DBGLVL_WARNING)) {
655 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
660 SMB_ASSERT(rec->num_fds == 1);
661 sock_fd = rec->fds[0];
663 DBG_ERR("got connection sockfd[%d]\n", sock_fd);
664 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
665 status = smbd_add_connection(client, sock_fd, &xconn);
666 if (!NT_STATUS_IS_OK(status)) {
669 DBG_ERR("smbd_add_connection => %s\n", nt_errstr(status));
670 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
675 * Set seq_low to mid received in negprot
677 seq_low = BVAL(pass_info0->negotiate_request.data,
678 SMB2_HDR_MESSAGE_ID);
680 xconn->smb2.client.guid_verified = true;
681 smbd_smb2_process_negprot(xconn, seq_low,
682 pass_info0->negotiate_request.data,
683 pass_info0->negotiate_request.length);
688 subreq = messaging_filtered_read_send(client,
691 smbXsrv_client_connection_pass_filter,
693 if (subreq == NULL) {
695 r = "messaging_read_send(MSG_SMBXSRV_CONNECTION_PASS failed";
696 exit_server_cleanly(r);
699 tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
702 NTSTATUS smbXsrv_client_update(struct smbXsrv_client *client)
704 struct smbXsrv_client_table *table = client->table;
707 if (client->global->db_rec != NULL) {
708 struct GUID_txt_buf buf;
709 DBG_ERR("guid [%s]: Called with db_rec != NULL'\n",
710 GUID_buf_string(&client->global->client_guid,
712 return NT_STATUS_INTERNAL_ERROR;
715 client->global->db_rec = smbXsrv_client_global_fetch_locked(
716 table->global.db_ctx,
717 &client->global->client_guid,
718 client->global /* TALLOC_CTX */);
719 if (client->global->db_rec == NULL) {
720 return NT_STATUS_INTERNAL_DB_ERROR;
723 status = smbXsrv_client_global_store(client->global);
724 if (!NT_STATUS_IS_OK(status)) {
725 struct GUID_txt_buf buf;
726 DBG_ERR("client_guid[%s] store failed - %s\n",
727 GUID_buf_string(&client->global->client_guid,
733 if (DEBUGLVL(DBGLVL_DEBUG)) {
734 struct smbXsrv_clientB client_blob = {
735 .version = SMBXSRV_VERSION_0,
736 .info.info0 = client,
738 struct GUID_txt_buf buf;
740 DBG_DEBUG("client_guid[%s] stored\n",
741 GUID_buf_string(&client->global->client_guid,
743 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
749 NTSTATUS smbXsrv_client_remove(struct smbXsrv_client *client)
751 struct smbXsrv_client_table *table = client->table;
754 if (client->global->db_rec != NULL) {
755 struct GUID_txt_buf buf;
756 DBG_ERR("client_guid[%s]: Called with db_rec != NULL'\n",
757 GUID_buf_string(&client->global->client_guid,
759 return NT_STATUS_INTERNAL_ERROR;
762 if (!client->global->stored) {
766 client->global->db_rec = smbXsrv_client_global_fetch_locked(
767 table->global.db_ctx,
768 &client->global->client_guid,
769 client->global /* TALLOC_CTX */);
770 if (client->global->db_rec == NULL) {
771 return NT_STATUS_INTERNAL_DB_ERROR;
774 status = smbXsrv_client_global_remove(client->global);
775 if (!NT_STATUS_IS_OK(status)) {
776 struct GUID_txt_buf buf;
777 DBG_ERR("client_guid[%s] store failed - %s\n",
778 GUID_buf_string(&client->global->client_guid, &buf),
783 if (DEBUGLVL(DBGLVL_DEBUG)) {
784 struct smbXsrv_clientB client_blob = {
785 .version = SMBXSRV_VERSION_0,
786 .info.info0 = client,
788 struct GUID_txt_buf buf;
790 DBG_DEBUG("client_guid[%s] stored\n",
791 GUID_buf_string(&client->global->client_guid, &buf));
792 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);