2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "smbprofile.h"
36 #include "rpc_server/spoolss/srv_spoolss_nt.h"
37 #include "libsmb/libsmb.h"
38 #include "../lib/util/tevent_ntstatus.h"
39 #include "../libcli/security/dom_sid.h"
40 #include "../libcli/security/security_token.h"
41 #include "lib/id_cache.h"
43 extern bool global_machine_password_needs_changing;
45 /* Internal message queue for deferred opens. */
46 struct pending_message_list {
47 struct pending_message_list *next, *prev;
48 struct timeval request_time; /* When was this first issued? */
49 struct smbd_server_connection *sconn;
50 struct timed_event *te;
51 struct smb_perfcount_data pcd;
56 DATA_BLOB private_data;
59 static void construct_reply_common(struct smb_request *req, const char *inbuf,
61 static struct pending_message_list *get_deferred_open_message_smb(
62 struct smbd_server_connection *sconn, uint64_t mid);
64 static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn)
68 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
72 sconn->smb1.echo_handler.ref_count++;
74 if (sconn->smb1.echo_handler.ref_count > 1) {
78 DEBUG(10,("pid[%d] wait for socket lock\n", (int)sys_getpid()));
82 sconn->smb1.echo_handler.socket_lock_fd,
83 SMB_F_SETLKW, 0, 0, F_WRLCK);
84 } while (!ok && (errno == EINTR));
87 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
91 DEBUG(10,("pid[%d] got for socket lock\n", (int)sys_getpid()));
96 void smbd_lock_socket(struct smbd_server_connection *sconn)
98 if (!smbd_lock_socket_internal(sconn)) {
99 exit_server_cleanly("failed to lock socket");
103 static bool smbd_unlock_socket_internal(struct smbd_server_connection *sconn)
107 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
111 sconn->smb1.echo_handler.ref_count--;
113 if (sconn->smb1.echo_handler.ref_count > 0) {
119 sconn->smb1.echo_handler.socket_lock_fd,
120 SMB_F_SETLKW, 0, 0, F_UNLCK);
121 } while (!ok && (errno == EINTR));
124 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
128 DEBUG(10,("pid[%d] unlocked socket\n", (int)sys_getpid()));
133 void smbd_unlock_socket(struct smbd_server_connection *sconn)
135 if (!smbd_unlock_socket_internal(sconn)) {
136 exit_server_cleanly("failed to unlock socket");
140 /* Accessor function for smb_read_error for smbd functions. */
142 /****************************************************************************
144 ****************************************************************************/
146 bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
147 bool do_signing, uint32_t seqnum,
149 struct smb_perfcount_data *pcd)
154 char *buf_out = buffer;
156 smbd_lock_socket(sconn);
159 /* Sign the outgoing packet if required. */
160 srv_calculate_sign_mac(sconn, buf_out, seqnum);
164 NTSTATUS status = srv_encrypt_buffer(sconn, buffer, &buf_out);
165 if (!NT_STATUS_IS_OK(status)) {
166 DEBUG(0, ("send_smb: SMB encryption failed "
167 "on outgoing packet! Error %s\n",
168 nt_errstr(status) ));
173 len = smb_len(buf_out) + 4;
175 ret = write_data(sconn->sock, buf_out+nwritten, len - nwritten);
178 char addr[INET6_ADDRSTRLEN];
180 * Try and give an error message saying what
183 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
184 (int)sys_getpid(), (int)len,
185 get_peer_addr(sconn->sock, addr, sizeof(addr)),
186 (int)ret, strerror(errno) ));
188 srv_free_enc_buffer(sconn, buf_out);
192 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
193 srv_free_enc_buffer(sconn, buf_out);
195 SMB_PERFCOUNT_END(pcd);
197 smbd_unlock_socket(sconn);
201 /*******************************************************************
202 Setup the word count and byte count for a smb message.
203 ********************************************************************/
205 int srv_set_message(char *buf,
210 if (zero && (num_words || num_bytes)) {
211 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
213 SCVAL(buf,smb_wct,num_words);
214 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
215 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
216 return (smb_size + num_words*2 + num_bytes);
219 static bool valid_smb_header(struct smbd_server_connection *sconn,
220 const uint8_t *inbuf)
222 if (is_encrypted_packet(sconn, inbuf)) {
226 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
227 * but it just looks weird to call strncmp for this one.
229 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
232 /* Socket functions for smbd packet processing. */
234 static bool valid_packet_size(size_t len)
237 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
238 * of header. Don't print the error if this fits.... JRA.
241 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
242 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
243 (unsigned long)len));
249 static NTSTATUS read_packet_remainder(int fd, char *buffer,
250 unsigned int timeout, ssize_t len)
258 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
259 if (!NT_STATUS_IS_OK(status)) {
260 char addr[INET6_ADDRSTRLEN];
261 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
263 get_peer_addr(fd, addr, sizeof(addr)),
269 /****************************************************************************
270 Attempt a zerocopy writeX read. We know here that len > smb_size-4
271 ****************************************************************************/
274 * Unfortunately, earlier versions of smbclient/libsmbclient
275 * don't send this "standard" writeX header. I've fixed this
276 * for 3.2 but we'll use the old method with earlier versions.
277 * Windows and CIFSFS at least use this standard size. Not
281 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
282 (2*14) + /* word count (including bcc) */ \
285 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
286 const char lenbuf[4],
287 struct smbd_server_connection *sconn,
290 unsigned int timeout,
294 /* Size of a WRITEX call (+4 byte len). */
295 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
296 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
300 memcpy(writeX_header, lenbuf, 4);
302 status = read_fd_with_timeout(
303 sock, writeX_header + 4,
304 STANDARD_WRITE_AND_X_HEADER_SIZE,
305 STANDARD_WRITE_AND_X_HEADER_SIZE,
308 if (!NT_STATUS_IS_OK(status)) {
309 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
311 tsocket_address_string(sconn->remote_address,
318 * Ok - now try and see if this is a possible
322 if (is_valid_writeX_buffer(sconn, (uint8_t *)writeX_header)) {
324 * If the data offset is beyond what
325 * we've read, drain the extra bytes.
327 uint16_t doff = SVAL(writeX_header,smb_vwv11);
330 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
331 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
332 if (drain_socket(sock, drain) != drain) {
333 smb_panic("receive_smb_raw_talloc_partial_read:"
334 " failed to drain pending bytes");
337 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
340 /* Spoof down the length and null out the bcc. */
341 set_message_bcc(writeX_header, 0);
342 newlen = smb_len(writeX_header);
344 /* Copy the header we've written. */
346 *buffer = (char *)talloc_memdup(mem_ctx,
348 sizeof(writeX_header));
350 if (*buffer == NULL) {
351 DEBUG(0, ("Could not allocate inbuf of length %d\n",
352 (int)sizeof(writeX_header)));
353 return NT_STATUS_NO_MEMORY;
356 /* Work out the remaining bytes. */
357 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
358 *len_ret = newlen + 4;
362 if (!valid_packet_size(len)) {
363 return NT_STATUS_INVALID_PARAMETER;
367 * Not a valid writeX call. Just do the standard
371 *buffer = talloc_array(mem_ctx, char, len+4);
373 if (*buffer == NULL) {
374 DEBUG(0, ("Could not allocate inbuf of length %d\n",
376 return NT_STATUS_NO_MEMORY;
379 /* Copy in what we already read. */
382 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
383 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
386 status = read_packet_remainder(
388 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
391 if (!NT_STATUS_IS_OK(status)) {
392 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
402 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
403 struct smbd_server_connection *sconn,
405 char **buffer, unsigned int timeout,
406 size_t *p_unread, size_t *plen)
410 int min_recv_size = lp_min_receive_file_size();
415 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
417 if (!NT_STATUS_IS_OK(status)) {
421 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
422 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
423 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
424 !srv_is_signing_active(sconn) &&
425 sconn->smb1.echo_handler.trusted_fde == NULL) {
427 return receive_smb_raw_talloc_partial_read(
428 mem_ctx, lenbuf, sconn, sock, buffer, timeout,
432 if (!valid_packet_size(len)) {
433 return NT_STATUS_INVALID_PARAMETER;
437 * The +4 here can't wrap, we've checked the length above already.
440 *buffer = talloc_array(mem_ctx, char, len+4);
442 if (*buffer == NULL) {
443 DEBUG(0, ("Could not allocate inbuf of length %d\n",
445 return NT_STATUS_NO_MEMORY;
448 memcpy(*buffer, lenbuf, sizeof(lenbuf));
450 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
451 if (!NT_STATUS_IS_OK(status)) {
459 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
460 struct smbd_server_connection *sconn,
462 char **buffer, unsigned int timeout,
463 size_t *p_unread, bool *p_encrypted,
466 bool trusted_channel)
471 *p_encrypted = false;
473 status = receive_smb_raw_talloc(mem_ctx, sconn, sock, buffer, timeout,
475 if (!NT_STATUS_IS_OK(status)) {
476 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
477 ("receive_smb_raw_talloc failed for client %s "
478 "read error = %s.\n",
479 tsocket_address_string(sconn->remote_address,
481 nt_errstr(status)) );
485 if (is_encrypted_packet(sconn, (uint8_t *)*buffer)) {
486 status = srv_decrypt_buffer(sconn, *buffer);
487 if (!NT_STATUS_IS_OK(status)) {
488 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
489 "incoming packet! Error %s\n",
490 nt_errstr(status) ));
496 /* Check the incoming SMB signature. */
497 if (!srv_check_sign_mac(sconn, *buffer, seqnum, trusted_channel)) {
498 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
499 "incoming packet!\n"));
500 return NT_STATUS_INVALID_NETWORK_RESPONSE;
508 * Initialize a struct smb_request from an inbuf
511 static bool init_smb_request(struct smb_request *req,
512 struct smbd_server_connection *sconn,
514 size_t unread_bytes, bool encrypted,
517 size_t req_size = smb_len(inbuf) + 4;
518 /* Ensure we have at least smb_size bytes. */
519 if (req_size < smb_size) {
520 DEBUG(0,("init_smb_request: invalid request size %u\n",
521 (unsigned int)req_size ));
524 req->cmd = CVAL(inbuf, smb_com);
525 req->flags2 = SVAL(inbuf, smb_flg2);
526 req->smbpid = SVAL(inbuf, smb_pid);
527 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
528 req->seqnum = seqnum;
529 req->vuid = SVAL(inbuf, smb_uid);
530 req->tid = SVAL(inbuf, smb_tid);
531 req->wct = CVAL(inbuf, smb_wct);
532 req->vwv = (const uint16_t *)(inbuf+smb_vwv);
533 req->buflen = smb_buflen(inbuf);
534 req->buf = (const uint8_t *)smb_buf_const(inbuf);
535 req->unread_bytes = unread_bytes;
536 req->encrypted = encrypted;
538 req->conn = conn_find(sconn,req->tid);
539 req->chain_fsp = NULL;
540 req->chain_outbuf = NULL;
543 req->priv_paths = NULL;
544 smb_init_perfcount_data(&req->pcd);
546 /* Ensure we have at least wct words and 2 bytes of bcc. */
547 if (smb_size + req->wct*2 > req_size) {
548 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
549 (unsigned int)req->wct,
550 (unsigned int)req_size));
553 /* Ensure bcc is correct. */
554 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
555 DEBUG(0,("init_smb_request: invalid bcc number %u "
556 "(wct = %u, size %u)\n",
557 (unsigned int)req->buflen,
558 (unsigned int)req->wct,
559 (unsigned int)req_size));
567 static void process_smb(struct smbd_server_connection *conn,
568 uint8_t *inbuf, size_t nread, size_t unread_bytes,
569 uint32_t seqnum, bool encrypted,
570 struct smb_perfcount_data *deferred_pcd);
572 static void smbd_deferred_open_timer(struct event_context *ev,
573 struct timed_event *te,
574 struct timeval _tval,
577 struct pending_message_list *msg = talloc_get_type(private_data,
578 struct pending_message_list);
579 struct smbd_server_connection *sconn = msg->sconn;
580 TALLOC_CTX *mem_ctx = talloc_tos();
581 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
584 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
587 exit_server("smbd_deferred_open_timer: talloc failed\n");
591 /* We leave this message on the queue so the open code can
592 know this is a retry. */
593 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
594 (unsigned long long)mid ));
596 /* Mark the message as processed so this is not
597 * re-processed in error. */
598 msg->processed = true;
600 process_smb(sconn, inbuf,
602 msg->seqnum, msg->encrypted, &msg->pcd);
604 /* If it's still there and was processed, remove it. */
605 msg = get_deferred_open_message_smb(sconn, mid);
606 if (msg && msg->processed) {
607 remove_deferred_open_message_smb(sconn, mid);
611 /****************************************************************************
612 Function to push a message onto the tail of a linked list of smb messages ready
614 ****************************************************************************/
616 static bool push_queued_message(struct smb_request *req,
617 struct timeval request_time,
618 struct timeval end_time,
619 char *private_data, size_t private_len)
621 int msg_len = smb_len(req->inbuf) + 4;
622 struct pending_message_list *msg;
624 msg = talloc_zero(NULL, struct pending_message_list);
627 DEBUG(0,("push_message: malloc fail (1)\n"));
630 msg->sconn = req->sconn;
632 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
633 if(msg->buf.data == NULL) {
634 DEBUG(0,("push_message: malloc fail (2)\n"));
639 msg->request_time = request_time;
640 msg->seqnum = req->seqnum;
641 msg->encrypted = req->encrypted;
642 msg->processed = false;
643 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
646 msg->private_data = data_blob_talloc(msg, private_data,
648 if (msg->private_data.data == NULL) {
649 DEBUG(0,("push_message: malloc fail (3)\n"));
655 msg->te = tevent_add_timer(msg->sconn->ev_ctx,
658 smbd_deferred_open_timer,
661 DEBUG(0,("push_message: event_add_timed failed\n"));
666 DLIST_ADD_END(req->sconn->deferred_open_queue, msg,
667 struct pending_message_list *);
669 DEBUG(10,("push_message: pushed message length %u on "
670 "deferred_open_queue\n", (unsigned int)msg_len));
675 /****************************************************************************
676 Function to delete a sharing violation open message by mid.
677 ****************************************************************************/
679 void remove_deferred_open_message_smb(struct smbd_server_connection *sconn,
682 struct pending_message_list *pml;
684 if (sconn->using_smb2) {
685 remove_deferred_open_message_smb2(sconn, mid);
689 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
690 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
691 DEBUG(10,("remove_deferred_open_message_smb: "
692 "deleting mid %llu len %u\n",
693 (unsigned long long)mid,
694 (unsigned int)pml->buf.length ));
695 DLIST_REMOVE(sconn->deferred_open_queue, pml);
702 /****************************************************************************
703 Move a sharing violation open retry message to the front of the list and
704 schedule it for immediate processing.
705 ****************************************************************************/
707 void schedule_deferred_open_message_smb(struct smbd_server_connection *sconn,
710 struct pending_message_list *pml;
713 if (sconn->using_smb2) {
714 schedule_deferred_open_message_smb2(sconn, mid);
718 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
719 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
721 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
724 (unsigned long long)msg_mid ));
726 if (mid == msg_mid) {
727 struct timed_event *te;
729 if (pml->processed) {
730 /* A processed message should not be
732 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
733 "message mid %llu was already processed\n",
734 (unsigned long long)msg_mid ));
738 DEBUG(10,("schedule_deferred_open_message_smb: "
739 "scheduling mid %llu\n",
740 (unsigned long long)mid ));
742 te = tevent_add_timer(pml->sconn->ev_ctx,
745 smbd_deferred_open_timer,
748 DEBUG(10,("schedule_deferred_open_message_smb: "
749 "event_add_timed() failed, "
750 "skipping mid %llu\n",
751 (unsigned long long)msg_mid ));
754 TALLOC_FREE(pml->te);
756 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
761 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
762 "find message mid %llu\n",
763 (unsigned long long)mid ));
766 /****************************************************************************
767 Return true if this mid is on the deferred queue and was not yet processed.
768 ****************************************************************************/
770 bool open_was_deferred(struct smbd_server_connection *sconn, uint64_t mid)
772 struct pending_message_list *pml;
774 if (sconn->using_smb2) {
775 return open_was_deferred_smb2(sconn, mid);
778 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
779 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
786 /****************************************************************************
787 Return the message queued by this mid.
788 ****************************************************************************/
790 static struct pending_message_list *get_deferred_open_message_smb(
791 struct smbd_server_connection *sconn, uint64_t mid)
793 struct pending_message_list *pml;
795 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
796 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
803 /****************************************************************************
804 Get the state data queued by this mid.
805 ****************************************************************************/
807 bool get_deferred_open_message_state(struct smb_request *smbreq,
808 struct timeval *p_request_time,
811 struct pending_message_list *pml;
813 if (smbreq->sconn->using_smb2) {
814 return get_deferred_open_message_state_smb2(smbreq->smb2req,
819 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
823 if (p_request_time) {
824 *p_request_time = pml->request_time;
827 *pp_state = (void *)pml->private_data.data;
832 /****************************************************************************
833 Function to push a deferred open smb message onto a linked list of local smb
834 messages ready for processing.
835 ****************************************************************************/
837 bool push_deferred_open_message_smb(struct smb_request *req,
838 struct timeval request_time,
839 struct timeval timeout,
841 char *private_data, size_t priv_len)
843 struct timeval end_time;
846 return push_deferred_open_message_smb2(req->smb2req,
854 if (req->unread_bytes) {
855 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
856 "unread_bytes = %u\n",
857 (unsigned int)req->unread_bytes ));
858 smb_panic("push_deferred_open_message_smb: "
859 "logic error unread_bytes != 0" );
862 end_time = timeval_sum(&request_time, &timeout);
864 DEBUG(10,("push_deferred_open_message_smb: pushing message "
865 "len %u mid %llu timeout time [%u.%06u]\n",
866 (unsigned int) smb_len(req->inbuf)+4,
867 (unsigned long long)req->mid,
868 (unsigned int)end_time.tv_sec,
869 (unsigned int)end_time.tv_usec));
871 return push_queued_message(req, request_time, end_time,
872 private_data, priv_len);
875 static void smbd_sig_term_handler(struct tevent_context *ev,
876 struct tevent_signal *se,
882 exit_server_cleanly("termination signal");
885 void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
887 struct tevent_signal *se;
889 se = tevent_add_signal(sconn->ev_ctx,
892 smbd_sig_term_handler,
895 exit_server("failed to setup SIGTERM handler");
899 static void smbd_sig_hup_handler(struct tevent_context *ev,
900 struct tevent_signal *se,
906 struct smbd_server_connection *sconn =
907 talloc_get_type_abort(private_data,
908 struct smbd_server_connection);
910 change_to_root_user();
911 DEBUG(1,("Reloading services after SIGHUP\n"));
912 reload_services(sconn, conn_snum_used, false);
915 void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
917 struct tevent_signal *se;
919 se = tevent_add_signal(sconn->ev_ctx,
922 smbd_sig_hup_handler,
925 exit_server("failed to setup SIGHUP handler");
929 static void smbd_conf_updated(struct messaging_context *msg,
932 struct server_id server_id,
935 struct smbd_server_connection *sconn =
936 talloc_get_type_abort(private_data,
937 struct smbd_server_connection);
939 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
940 "updated. Reloading.\n"));
941 change_to_root_user();
942 reload_services(sconn, conn_snum_used, false);
946 * Only allow 5 outstanding trans requests. We're allocating memory, so
950 NTSTATUS allow_new_trans(struct trans_state *list, uint64_t mid)
953 for (; list != NULL; list = list->next) {
955 if (list->mid == mid) {
956 return NT_STATUS_INVALID_PARAMETER;
962 return NT_STATUS_INSUFFICIENT_RESOURCES;
969 These flags determine some of the permissions required to do an operation
971 Note that I don't set NEED_WRITE on some write operations because they
972 are used by some brain-dead clients when printing, and I don't want to
973 force write permissions on print services.
975 #define AS_USER (1<<0)
976 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
977 #define TIME_INIT (1<<2)
978 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
979 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
980 #define DO_CHDIR (1<<6)
983 define a list of possible SMB messages and their corresponding
984 functions. Any message that has a NULL function is unimplemented -
985 please feel free to contribute implementations!
987 static const struct smb_message_struct {
989 void (*fn)(struct smb_request *req);
991 } smb_messages[256] = {
993 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
994 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
995 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
996 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
997 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
998 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
999 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1000 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1001 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1002 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1003 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1004 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1005 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1006 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1007 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1008 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1009 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1010 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1011 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1012 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1013 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1014 /* 0x15 */ { NULL, NULL, 0 },
1015 /* 0x16 */ { NULL, NULL, 0 },
1016 /* 0x17 */ { NULL, NULL, 0 },
1017 /* 0x18 */ { NULL, NULL, 0 },
1018 /* 0x19 */ { NULL, NULL, 0 },
1019 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1020 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1021 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1022 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1023 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1024 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1025 /* 0x20 */ { "SMBwritec", NULL,0},
1026 /* 0x21 */ { NULL, NULL, 0 },
1027 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1028 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1029 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1030 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1031 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1032 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1033 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1034 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1035 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1036 /* 0x2b */ { "SMBecho",reply_echo,0},
1037 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1038 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1039 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1040 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1041 /* 0x30 */ { NULL, NULL, 0 },
1042 /* 0x31 */ { NULL, NULL, 0 },
1043 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1044 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
1045 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1046 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1047 /* 0x36 */ { NULL, NULL, 0 },
1048 /* 0x37 */ { NULL, NULL, 0 },
1049 /* 0x38 */ { NULL, NULL, 0 },
1050 /* 0x39 */ { NULL, NULL, 0 },
1051 /* 0x3a */ { NULL, NULL, 0 },
1052 /* 0x3b */ { NULL, NULL, 0 },
1053 /* 0x3c */ { NULL, NULL, 0 },
1054 /* 0x3d */ { NULL, NULL, 0 },
1055 /* 0x3e */ { NULL, NULL, 0 },
1056 /* 0x3f */ { NULL, NULL, 0 },
1057 /* 0x40 */ { NULL, NULL, 0 },
1058 /* 0x41 */ { NULL, NULL, 0 },
1059 /* 0x42 */ { NULL, NULL, 0 },
1060 /* 0x43 */ { NULL, NULL, 0 },
1061 /* 0x44 */ { NULL, NULL, 0 },
1062 /* 0x45 */ { NULL, NULL, 0 },
1063 /* 0x46 */ { NULL, NULL, 0 },
1064 /* 0x47 */ { NULL, NULL, 0 },
1065 /* 0x48 */ { NULL, NULL, 0 },
1066 /* 0x49 */ { NULL, NULL, 0 },
1067 /* 0x4a */ { NULL, NULL, 0 },
1068 /* 0x4b */ { NULL, NULL, 0 },
1069 /* 0x4c */ { NULL, NULL, 0 },
1070 /* 0x4d */ { NULL, NULL, 0 },
1071 /* 0x4e */ { NULL, NULL, 0 },
1072 /* 0x4f */ { NULL, NULL, 0 },
1073 /* 0x50 */ { NULL, NULL, 0 },
1074 /* 0x51 */ { NULL, NULL, 0 },
1075 /* 0x52 */ { NULL, NULL, 0 },
1076 /* 0x53 */ { NULL, NULL, 0 },
1077 /* 0x54 */ { NULL, NULL, 0 },
1078 /* 0x55 */ { NULL, NULL, 0 },
1079 /* 0x56 */ { NULL, NULL, 0 },
1080 /* 0x57 */ { NULL, NULL, 0 },
1081 /* 0x58 */ { NULL, NULL, 0 },
1082 /* 0x59 */ { NULL, NULL, 0 },
1083 /* 0x5a */ { NULL, NULL, 0 },
1084 /* 0x5b */ { NULL, NULL, 0 },
1085 /* 0x5c */ { NULL, NULL, 0 },
1086 /* 0x5d */ { NULL, NULL, 0 },
1087 /* 0x5e */ { NULL, NULL, 0 },
1088 /* 0x5f */ { NULL, NULL, 0 },
1089 /* 0x60 */ { NULL, NULL, 0 },
1090 /* 0x61 */ { NULL, NULL, 0 },
1091 /* 0x62 */ { NULL, NULL, 0 },
1092 /* 0x63 */ { NULL, NULL, 0 },
1093 /* 0x64 */ { NULL, NULL, 0 },
1094 /* 0x65 */ { NULL, NULL, 0 },
1095 /* 0x66 */ { NULL, NULL, 0 },
1096 /* 0x67 */ { NULL, NULL, 0 },
1097 /* 0x68 */ { NULL, NULL, 0 },
1098 /* 0x69 */ { NULL, NULL, 0 },
1099 /* 0x6a */ { NULL, NULL, 0 },
1100 /* 0x6b */ { NULL, NULL, 0 },
1101 /* 0x6c */ { NULL, NULL, 0 },
1102 /* 0x6d */ { NULL, NULL, 0 },
1103 /* 0x6e */ { NULL, NULL, 0 },
1104 /* 0x6f */ { NULL, NULL, 0 },
1105 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1106 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1107 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1108 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1109 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1110 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1111 /* 0x76 */ { NULL, NULL, 0 },
1112 /* 0x77 */ { NULL, NULL, 0 },
1113 /* 0x78 */ { NULL, NULL, 0 },
1114 /* 0x79 */ { NULL, NULL, 0 },
1115 /* 0x7a */ { NULL, NULL, 0 },
1116 /* 0x7b */ { NULL, NULL, 0 },
1117 /* 0x7c */ { NULL, NULL, 0 },
1118 /* 0x7d */ { NULL, NULL, 0 },
1119 /* 0x7e */ { NULL, NULL, 0 },
1120 /* 0x7f */ { NULL, NULL, 0 },
1121 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1122 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1123 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1124 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1125 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1126 /* 0x85 */ { NULL, NULL, 0 },
1127 /* 0x86 */ { NULL, NULL, 0 },
1128 /* 0x87 */ { NULL, NULL, 0 },
1129 /* 0x88 */ { NULL, NULL, 0 },
1130 /* 0x89 */ { NULL, NULL, 0 },
1131 /* 0x8a */ { NULL, NULL, 0 },
1132 /* 0x8b */ { NULL, NULL, 0 },
1133 /* 0x8c */ { NULL, NULL, 0 },
1134 /* 0x8d */ { NULL, NULL, 0 },
1135 /* 0x8e */ { NULL, NULL, 0 },
1136 /* 0x8f */ { NULL, NULL, 0 },
1137 /* 0x90 */ { NULL, NULL, 0 },
1138 /* 0x91 */ { NULL, NULL, 0 },
1139 /* 0x92 */ { NULL, NULL, 0 },
1140 /* 0x93 */ { NULL, NULL, 0 },
1141 /* 0x94 */ { NULL, NULL, 0 },
1142 /* 0x95 */ { NULL, NULL, 0 },
1143 /* 0x96 */ { NULL, NULL, 0 },
1144 /* 0x97 */ { NULL, NULL, 0 },
1145 /* 0x98 */ { NULL, NULL, 0 },
1146 /* 0x99 */ { NULL, NULL, 0 },
1147 /* 0x9a */ { NULL, NULL, 0 },
1148 /* 0x9b */ { NULL, NULL, 0 },
1149 /* 0x9c */ { NULL, NULL, 0 },
1150 /* 0x9d */ { NULL, NULL, 0 },
1151 /* 0x9e */ { NULL, NULL, 0 },
1152 /* 0x9f */ { NULL, NULL, 0 },
1153 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1154 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1155 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1156 /* 0xa3 */ { NULL, NULL, 0 },
1157 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1158 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1159 /* 0xa6 */ { NULL, NULL, 0 },
1160 /* 0xa7 */ { NULL, NULL, 0 },
1161 /* 0xa8 */ { NULL, NULL, 0 },
1162 /* 0xa9 */ { NULL, NULL, 0 },
1163 /* 0xaa */ { NULL, NULL, 0 },
1164 /* 0xab */ { NULL, NULL, 0 },
1165 /* 0xac */ { NULL, NULL, 0 },
1166 /* 0xad */ { NULL, NULL, 0 },
1167 /* 0xae */ { NULL, NULL, 0 },
1168 /* 0xaf */ { NULL, NULL, 0 },
1169 /* 0xb0 */ { NULL, NULL, 0 },
1170 /* 0xb1 */ { NULL, NULL, 0 },
1171 /* 0xb2 */ { NULL, NULL, 0 },
1172 /* 0xb3 */ { NULL, NULL, 0 },
1173 /* 0xb4 */ { NULL, NULL, 0 },
1174 /* 0xb5 */ { NULL, NULL, 0 },
1175 /* 0xb6 */ { NULL, NULL, 0 },
1176 /* 0xb7 */ { NULL, NULL, 0 },
1177 /* 0xb8 */ { NULL, NULL, 0 },
1178 /* 0xb9 */ { NULL, NULL, 0 },
1179 /* 0xba */ { NULL, NULL, 0 },
1180 /* 0xbb */ { NULL, NULL, 0 },
1181 /* 0xbc */ { NULL, NULL, 0 },
1182 /* 0xbd */ { NULL, NULL, 0 },
1183 /* 0xbe */ { NULL, NULL, 0 },
1184 /* 0xbf */ { NULL, NULL, 0 },
1185 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1186 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1187 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1188 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1189 /* 0xc4 */ { NULL, NULL, 0 },
1190 /* 0xc5 */ { NULL, NULL, 0 },
1191 /* 0xc6 */ { NULL, NULL, 0 },
1192 /* 0xc7 */ { NULL, NULL, 0 },
1193 /* 0xc8 */ { NULL, NULL, 0 },
1194 /* 0xc9 */ { NULL, NULL, 0 },
1195 /* 0xca */ { NULL, NULL, 0 },
1196 /* 0xcb */ { NULL, NULL, 0 },
1197 /* 0xcc */ { NULL, NULL, 0 },
1198 /* 0xcd */ { NULL, NULL, 0 },
1199 /* 0xce */ { NULL, NULL, 0 },
1200 /* 0xcf */ { NULL, NULL, 0 },
1201 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1202 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1203 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1204 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1205 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1206 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1207 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1208 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1209 /* 0xd8 */ { NULL, NULL, 0 },
1210 /* 0xd9 */ { NULL, NULL, 0 },
1211 /* 0xda */ { NULL, NULL, 0 },
1212 /* 0xdb */ { NULL, NULL, 0 },
1213 /* 0xdc */ { NULL, NULL, 0 },
1214 /* 0xdd */ { NULL, NULL, 0 },
1215 /* 0xde */ { NULL, NULL, 0 },
1216 /* 0xdf */ { NULL, NULL, 0 },
1217 /* 0xe0 */ { NULL, NULL, 0 },
1218 /* 0xe1 */ { NULL, NULL, 0 },
1219 /* 0xe2 */ { NULL, NULL, 0 },
1220 /* 0xe3 */ { NULL, NULL, 0 },
1221 /* 0xe4 */ { NULL, NULL, 0 },
1222 /* 0xe5 */ { NULL, NULL, 0 },
1223 /* 0xe6 */ { NULL, NULL, 0 },
1224 /* 0xe7 */ { NULL, NULL, 0 },
1225 /* 0xe8 */ { NULL, NULL, 0 },
1226 /* 0xe9 */ { NULL, NULL, 0 },
1227 /* 0xea */ { NULL, NULL, 0 },
1228 /* 0xeb */ { NULL, NULL, 0 },
1229 /* 0xec */ { NULL, NULL, 0 },
1230 /* 0xed */ { NULL, NULL, 0 },
1231 /* 0xee */ { NULL, NULL, 0 },
1232 /* 0xef */ { NULL, NULL, 0 },
1233 /* 0xf0 */ { NULL, NULL, 0 },
1234 /* 0xf1 */ { NULL, NULL, 0 },
1235 /* 0xf2 */ { NULL, NULL, 0 },
1236 /* 0xf3 */ { NULL, NULL, 0 },
1237 /* 0xf4 */ { NULL, NULL, 0 },
1238 /* 0xf5 */ { NULL, NULL, 0 },
1239 /* 0xf6 */ { NULL, NULL, 0 },
1240 /* 0xf7 */ { NULL, NULL, 0 },
1241 /* 0xf8 */ { NULL, NULL, 0 },
1242 /* 0xf9 */ { NULL, NULL, 0 },
1243 /* 0xfa */ { NULL, NULL, 0 },
1244 /* 0xfb */ { NULL, NULL, 0 },
1245 /* 0xfc */ { NULL, NULL, 0 },
1246 /* 0xfd */ { NULL, NULL, 0 },
1247 /* 0xfe */ { NULL, NULL, 0 },
1248 /* 0xff */ { NULL, NULL, 0 }
1252 /*******************************************************************
1253 allocate and initialize a reply packet
1254 ********************************************************************/
1256 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1257 const char *inbuf, char **outbuf, uint8_t num_words,
1261 * Protect against integer wrap
1263 if ((num_bytes > 0xffffff)
1264 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1266 if (asprintf(&msg, "num_bytes too large: %u",
1267 (unsigned)num_bytes) == -1) {
1268 msg = discard_const_p(char, "num_bytes too large");
1273 *outbuf = talloc_array(mem_ctx, char,
1274 smb_size + num_words*2 + num_bytes);
1275 if (*outbuf == NULL) {
1279 construct_reply_common(req, inbuf, *outbuf);
1280 srv_set_message(*outbuf, num_words, num_bytes, false);
1282 * Zero out the word area, the caller has to take care of the bcc area
1285 if (num_words != 0) {
1286 memset(*outbuf + smb_vwv0, 0, num_words*2);
1292 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1295 if (!create_outbuf(req, req, (const char *)req->inbuf, &outbuf, num_words,
1297 smb_panic("could not allocate output buffer\n");
1299 req->outbuf = (uint8_t *)outbuf;
1303 /*******************************************************************
1304 Dump a packet to a file.
1305 ********************************************************************/
1307 static void smb_dump(const char *name, int type, const char *data)
1312 if (DEBUGLEVEL < 50) {
1316 len = smb_len_tcp(data)+4;
1317 for (i=1;i<100;i++) {
1318 if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1319 type ? "req" : "resp") == -1) {
1322 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1323 if (fd != -1 || errno != EEXIST) break;
1326 ssize_t ret = write(fd, data, len);
1328 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1330 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1335 /****************************************************************************
1336 Prepare everything for calling the actual request function, and potentially
1337 call the request function via the "new" interface.
1339 Return False if the "legacy" function needs to be called, everything is
1342 Return True if we're done.
1344 I know this API sucks, but it is the one with the least code change I could
1346 ****************************************************************************/
1348 static connection_struct *switch_message(uint8 type, struct smb_request *req)
1352 connection_struct *conn = NULL;
1353 struct smbd_server_connection *sconn = req->sconn;
1357 if (smb_messages[type].fn == NULL) {
1358 DEBUG(0,("Unknown message type %d!\n",type));
1359 smb_dump("Unknown", 1, (const char *)req->inbuf);
1360 reply_unknown_new(req, type);
1364 flags = smb_messages[type].flags;
1366 /* In share mode security we must ignore the vuid. */
1367 session_tag = req->vuid;
1370 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1371 (int)sys_getpid(), (unsigned long)conn));
1373 smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf);
1375 /* Ensure this value is replaced in the incoming packet. */
1376 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
1379 * Ensure the correct username is in current_user_info. This is a
1380 * really ugly bugfix for problems with multiple session_setup_and_X's
1381 * being done and allowing %U and %G substitutions to work correctly.
1382 * There is a reason this code is done here, don't move it unless you
1383 * know what you're doing... :-).
1387 if (session_tag != sconn->smb1.sessions.last_session_tag) {
1388 user_struct *vuser = NULL;
1390 sconn->smb1.sessions.last_session_tag = session_tag;
1391 if(session_tag != UID_FIELD_INVALID) {
1392 vuser = get_valid_user_struct(sconn, session_tag);
1394 set_current_user_info(
1395 vuser->session_info->unix_info->sanitized_username,
1396 vuser->session_info->unix_info->unix_name,
1397 vuser->session_info->info->domain_name);
1402 /* Does this call need to be run as the connected user? */
1403 if (flags & AS_USER) {
1405 /* Does this call need a valid tree connection? */
1408 * Amazingly, the error code depends on the command
1411 if (type == SMBntcreateX) {
1412 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1414 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1419 if (!change_to_user(conn,session_tag)) {
1420 DEBUG(0, ("Error: Could not change to user. Removing "
1421 "deferred open, mid=%llu.\n",
1422 (unsigned long long)req->mid));
1423 reply_force_doserror(req, ERRSRV, ERRbaduid);
1427 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1429 /* Does it need write permission? */
1430 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1431 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1435 /* IPC services are limited */
1436 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1437 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1441 /* This call needs to be run as root */
1442 change_to_root_user();
1445 /* load service specific parameters */
1447 if (req->encrypted) {
1448 conn->encrypted_tid = true;
1449 /* encrypted required from now on. */
1450 conn->encrypt_level = Required;
1451 } else if (ENCRYPTION_REQUIRED(conn)) {
1452 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1453 exit_server_cleanly("encryption required "
1459 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1460 (flags & (AS_USER|DO_CHDIR)
1462 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1465 conn->num_smb_operations++;
1469 * Does this protocol need to be run as guest? (Only archane
1470 * messenger service requests have this...)
1472 if (flags & AS_GUEST) {
1476 if (!change_to_guest()) {
1477 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1481 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
1483 if (raddr == NULL) {
1484 reply_nterror(req, NT_STATUS_NO_MEMORY);
1489 * Haven't we checked this in smbd_process already???
1492 ok = allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
1493 sconn->remote_hostname, raddr);
1497 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1502 smb_messages[type].fn(req);
1506 /****************************************************************************
1507 Construct a reply to the incoming packet.
1508 ****************************************************************************/
1510 static void construct_reply(struct smbd_server_connection *sconn,
1511 char *inbuf, int size, size_t unread_bytes,
1512 uint32_t seqnum, bool encrypted,
1513 struct smb_perfcount_data *deferred_pcd)
1515 connection_struct *conn;
1516 struct smb_request *req;
1518 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1519 smb_panic("could not allocate smb_request");
1522 if (!init_smb_request(req, sconn, (uint8 *)inbuf, unread_bytes,
1523 encrypted, seqnum)) {
1524 exit_server_cleanly("Invalid SMB request");
1527 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1529 /* we popped this message off the queue - keep original perf data */
1531 req->pcd = *deferred_pcd;
1533 SMB_PERFCOUNT_START(&req->pcd);
1534 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1535 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1538 conn = switch_message(req->cmd, req);
1545 if (req->outbuf == NULL) {
1549 if (CVAL(req->outbuf,0) == 0) {
1550 show_msg((char *)req->outbuf);
1553 if (!srv_send_smb(req->sconn,
1554 (char *)req->outbuf,
1555 true, req->seqnum+1,
1556 IS_CONN_ENCRYPTED(conn)||req->encrypted,
1558 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1566 /****************************************************************************
1567 Process an smb from the client
1568 ****************************************************************************/
1569 static void process_smb(struct smbd_server_connection *sconn,
1570 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1571 uint32_t seqnum, bool encrypted,
1572 struct smb_perfcount_data *deferred_pcd)
1574 int msg_type = CVAL(inbuf,0);
1576 DO_PROFILE_INC(smb_count);
1578 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1580 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1581 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
1583 if (msg_type != NBSSmessage) {
1585 * NetBIOS session request, keepalive, etc.
1587 reply_special(sconn, (char *)inbuf, nread);
1591 if (sconn->using_smb2) {
1592 /* At this point we're not really using smb2,
1593 * we make the decision here.. */
1594 if (smbd_is_smb2_header(inbuf, nread)) {
1595 smbd_smb2_first_negprot(sconn, inbuf, nread);
1597 } else if (nread >= smb_size && valid_smb_header(sconn, inbuf)
1598 && CVAL(inbuf, smb_com) != 0x72) {
1599 /* This is a non-negprot SMB1 packet.
1600 Disable SMB2 from now on. */
1601 sconn->using_smb2 = false;
1605 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1606 * so subtract 4 from it. */
1607 if ((nread < (smb_size - 4)) || !valid_smb_header(sconn, inbuf)) {
1608 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1611 /* special magic for immediate exit */
1613 (IVAL(inbuf, 4) == 0x74697865) &&
1614 lp_parm_bool(-1, "smbd", "suicide mode", false)) {
1615 uint8_t exitcode = CVAL(inbuf, 8);
1616 DEBUG(1, ("Exiting immediately with code %d\n",
1621 exit_server_cleanly("Non-SMB packet");
1624 show_msg((char *)inbuf);
1626 construct_reply(sconn, (char *)inbuf, nread, unread_bytes, seqnum,
1627 encrypted, deferred_pcd);
1631 sconn->num_requests++;
1633 /* The timeout_processing function isn't run nearly
1634 often enough to implement 'max log size' without
1635 overrunning the size of the file by many megabytes.
1636 This is especially true if we are running at debug
1637 level 10. Checking every 50 SMBs is a nice
1638 tradeoff of performance vs log file size overrun. */
1640 if ((sconn->num_requests % 50) == 0 &&
1641 need_to_check_log_size()) {
1642 change_to_root_user();
1647 /****************************************************************************
1648 Return a string containing the function name of a SMB command.
1649 ****************************************************************************/
1651 const char *smb_fn_name(int type)
1653 const char *unknown_name = "SMBunknown";
1655 if (smb_messages[type].name == NULL)
1656 return(unknown_name);
1658 return(smb_messages[type].name);
1661 /****************************************************************************
1662 Helper functions for contruct_reply.
1663 ****************************************************************************/
1665 void add_to_common_flags2(uint32 v)
1670 void remove_from_common_flags2(uint32 v)
1672 common_flags2 &= ~v;
1675 static void construct_reply_common(struct smb_request *req, const char *inbuf,
1678 uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
1679 uint16_t out_flags2 = common_flags2;
1681 out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
1682 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
1683 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
1685 srv_set_message(outbuf,0,0,false);
1687 SCVAL(outbuf, smb_com, req->cmd);
1688 SIVAL(outbuf,smb_rcls,0);
1689 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1690 SSVAL(outbuf,smb_flg2, out_flags2);
1691 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1692 memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
1694 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1695 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1696 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1697 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1700 void construct_reply_common_req(struct smb_request *req, char *outbuf)
1702 construct_reply_common(req, (const char *)req->inbuf, outbuf);
1706 * How many bytes have we already accumulated up to the current wct field
1710 size_t req_wct_ofs(struct smb_request *req)
1714 if (req->chain_outbuf == NULL) {
1717 buf_size = talloc_get_size(req->chain_outbuf);
1718 if ((buf_size % 4) != 0) {
1719 buf_size += (4 - (buf_size % 4));
1721 return buf_size - 4;
1725 * Hack around reply_nterror & friends not being aware of chained requests,
1726 * generating illegal (i.e. wct==0) chain replies.
1729 static void fixup_chain_error_packet(struct smb_request *req)
1731 uint8_t *outbuf = req->outbuf;
1733 reply_outbuf(req, 2, 0);
1734 memcpy(req->outbuf, outbuf, smb_wct);
1735 TALLOC_FREE(outbuf);
1736 SCVAL(req->outbuf, smb_vwv0, 0xff);
1740 * @brief Find the smb_cmd offset of the last command pushed
1741 * @param[in] buf The buffer we're building up
1742 * @retval Where can we put our next andx cmd?
1744 * While chaining requests, the "next" request we're looking at needs to put
1745 * its SMB_Command before the data the previous request already built up added
1746 * to the chain. Find the offset to the place where we have to put our cmd.
1749 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
1754 cmd = CVAL(buf, smb_com);
1756 if (!is_andx_req(cmd)) {
1762 while (CVAL(buf, ofs) != 0xff) {
1764 if (!is_andx_req(CVAL(buf, ofs))) {
1769 * ofs is from start of smb header, so add the 4 length
1770 * bytes. The next cmd is right after the wct field.
1772 ofs = SVAL(buf, ofs+2) + 4 + 1;
1774 if (ofs+4 >= talloc_get_size(buf)) {
1784 * @brief Do the smb chaining at a buffer level
1785 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
1786 * @param[in] andx_buf Buffer to be appended
1789 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
1791 uint8_t smb_command = CVAL(andx_buf, smb_com);
1792 uint8_t wct = CVAL(andx_buf, smb_wct);
1793 const uint16_t *vwv = (const uint16_t *)(andx_buf + smb_vwv);
1794 uint32_t num_bytes = smb_buflen(andx_buf);
1795 const uint8_t *bytes = (const uint8_t *)smb_buf_const(andx_buf);
1798 size_t old_size, new_size;
1800 size_t chain_padding = 0;
1801 size_t andx_cmd_ofs;
1804 old_size = talloc_get_size(*poutbuf);
1806 if ((old_size % 4) != 0) {
1808 * Align the wct field of subsequent requests to a 4-byte
1811 chain_padding = 4 - (old_size % 4);
1815 * After the old request comes the new wct field (1 byte), the vwv's
1816 * and the num_bytes field.
1819 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
1820 new_size += num_bytes;
1822 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
1823 DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
1824 (unsigned)new_size));
1828 outbuf = talloc_realloc(NULL, *poutbuf, uint8_t, new_size);
1829 if (outbuf == NULL) {
1830 DEBUG(0, ("talloc failed\n"));
1835 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
1836 DEBUG(1, ("invalid command chain\n"));
1837 *poutbuf = talloc_realloc(NULL, *poutbuf, uint8_t, old_size);
1841 if (chain_padding != 0) {
1842 memset(outbuf + old_size, 0, chain_padding);
1843 old_size += chain_padding;
1846 SCVAL(outbuf, andx_cmd_ofs, smb_command);
1847 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
1852 * Push the chained request:
1857 SCVAL(outbuf, ofs, wct);
1864 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
1865 ofs += sizeof(uint16_t) * wct;
1871 SSVAL(outbuf, ofs, num_bytes);
1872 ofs += sizeof(uint16_t);
1878 memcpy(outbuf + ofs, bytes, num_bytes);
1883 /****************************************************************************
1884 Construct a chained reply and add it to the already made reply
1885 ****************************************************************************/
1887 void chain_reply(struct smb_request *req)
1889 size_t smblen = smb_len(req->inbuf);
1890 size_t already_used, length_needed;
1892 uint32_t chain_offset; /* uint32_t to avoid overflow */
1895 const uint16_t *vwv;
1899 if (IVAL(req->outbuf, smb_rcls) != 0) {
1900 fixup_chain_error_packet(req);
1904 * Any of the AndX requests and replies have at least a wct of
1905 * 2. vwv[0] is the next command, vwv[1] is the offset from the
1906 * beginning of the SMB header to the next wct field.
1908 * None of the AndX requests put anything valuable in vwv[0] and [1],
1909 * so we can overwrite it here to form the chain.
1912 if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
1913 if (req->chain_outbuf == NULL) {
1914 req->chain_outbuf = talloc_realloc(
1915 req, req->outbuf, uint8_t,
1916 smb_len(req->outbuf) + 4);
1917 if (req->chain_outbuf == NULL) {
1918 smb_panic("talloc failed");
1926 * Here we assume that this is the end of the chain. For that we need
1927 * to set "next command" to 0xff and the offset to 0. If we later find
1928 * more commands in the chain, this will be overwritten again.
1931 SCVAL(req->outbuf, smb_vwv0, 0xff);
1932 SCVAL(req->outbuf, smb_vwv0+1, 0);
1933 SSVAL(req->outbuf, smb_vwv1, 0);
1935 if (req->chain_outbuf == NULL) {
1937 * In req->chain_outbuf we collect all the replies. Start the
1938 * chain by copying in the first reply.
1940 * We do the realloc because later on we depend on
1941 * talloc_get_size to determine the length of
1942 * chain_outbuf. The reply_xxx routines might have
1943 * over-allocated (reply_pipe_read_and_X used to be such an
1946 req->chain_outbuf = talloc_realloc(
1947 req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
1948 if (req->chain_outbuf == NULL) {
1949 smb_panic("talloc failed");
1954 * Update smb headers where subsequent chained commands
1955 * may have updated them.
1957 SSVAL(req->chain_outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
1958 SSVAL(req->chain_outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
1960 if (!smb_splice_chain(&req->chain_outbuf, req->outbuf)) {
1963 TALLOC_FREE(req->outbuf);
1967 * We use the old request's vwv field to grab the next chained command
1968 * and offset into the chained fields.
1971 chain_cmd = CVAL(req->vwv+0, 0);
1972 chain_offset = SVAL(req->vwv+1, 0);
1974 if (chain_cmd == 0xff) {
1976 * End of chain, no more requests from the client. So ship the
1979 smb_setlen((char *)(req->chain_outbuf),
1980 talloc_get_size(req->chain_outbuf) - 4);
1982 if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
1983 true, req->seqnum+1,
1984 IS_CONN_ENCRYPTED(req->conn)
1987 exit_server_cleanly("chain_reply: srv_send_smb "
1990 TALLOC_FREE(req->chain_outbuf);
1995 /* add a new perfcounter for this element of chain */
1996 SMB_PERFCOUNT_ADD(&req->pcd);
1997 SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd);
1998 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen);
2001 * Check if the client tries to fool us. The chain offset
2002 * needs to point beyond the current request in the chain, it
2003 * needs to strictly grow. Otherwise we might be tricked into
2004 * an endless loop always processing the same request over and
2005 * over again. We used to assume that vwv and the byte buffer
2006 * array in a chain are always attached, but OS/2 the
2007 * Write&X/Read&X chain puts the Read&X vwv array right behind
2008 * the Write&X vwv chain. The Write&X bcc array is put behind
2009 * the Read&X vwv array. So now we check whether the chain
2010 * offset points strictly behind the previous vwv
2011 * array. req->buf points right after the vwv array of the
2012 * previous request. See
2013 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for more
2017 already_used = PTR_DIFF(req->buf, smb_base(req->inbuf));
2018 if (chain_offset <= already_used) {
2023 * Next check: Make sure the chain offset does not point beyond the
2024 * overall smb request length.
2027 length_needed = chain_offset+1; /* wct */
2028 if (length_needed > smblen) {
2033 * Now comes the pointer magic. Goal here is to set up req->vwv and
2034 * req->buf correctly again to be able to call the subsequent
2035 * switch_message(). The chain offset (the former vwv[1]) points at
2036 * the new wct field.
2039 wct = CVAL(smb_base(req->inbuf), chain_offset);
2042 * Next consistency check: Make the new vwv array fits in the overall
2046 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
2047 if (length_needed > smblen) {
2050 vwv = (const uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
2053 * Now grab the new byte buffer....
2056 buflen = SVAL(vwv+wct, 0);
2059 * .. and check that it fits.
2062 length_needed += buflen;
2063 if (length_needed > smblen) {
2066 buf = (const uint8_t *)(vwv+wct+1);
2068 req->cmd = chain_cmd;
2070 req->vwv = discard_const_p(uint16_t, vwv);
2071 req->buflen = buflen;
2074 switch_message(chain_cmd, req);
2076 if (req->outbuf == NULL) {
2078 * This happens if the chained command has suspended itself or
2079 * if it has called srv_send_smb() itself.
2085 * We end up here if the chained command was not itself chained or
2086 * suspended, but for example a close() command. We now need to splice
2087 * the chained commands' outbuf into the already built up chain_outbuf
2088 * and ship the result.
2094 * We end up here if there's any error in the chain syntax. Report a
2095 * DOS error, just like Windows does.
2097 reply_force_doserror(req, ERRSRV, ERRerror);
2098 fixup_chain_error_packet(req);
2102 * This scary statement intends to set the
2103 * FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf
2104 * to the value req->outbuf carries
2106 SSVAL(req->chain_outbuf, smb_flg2,
2107 (SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
2108 | (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
2111 * Transfer the error codes from the subrequest to the main one
2113 SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
2114 SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err));
2116 if (!smb_splice_chain(&req->chain_outbuf, req->outbuf)) {
2117 exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
2119 TALLOC_FREE(req->outbuf);
2121 smb_setlen((char *)(req->chain_outbuf),
2122 talloc_get_size(req->chain_outbuf) - 4);
2124 show_msg((char *)(req->chain_outbuf));
2126 if (!srv_send_smb(req->sconn, (char *)req->chain_outbuf,
2127 true, req->seqnum+1,
2128 IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
2130 exit_server_cleanly("chain_reply: srv_send_smb failed.");
2132 TALLOC_FREE(req->chain_outbuf);
2136 /****************************************************************************
2137 Check if services need reloading.
2138 ****************************************************************************/
2140 static void check_reload(struct smbd_server_connection *sconn, time_t t)
2143 if (last_smb_conf_reload_time == 0) {
2144 last_smb_conf_reload_time = t;
2147 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2148 reload_services(sconn, conn_snum_used, true);
2149 last_smb_conf_reload_time = t;
2153 static bool fd_is_readable(int fd)
2157 ret = poll_one_fd(fd, POLLIN|POLLHUP, 0, &revents);
2159 return ((ret > 0) && ((revents & (POLLIN|POLLHUP|POLLERR)) != 0));
2163 static void smbd_server_connection_write_handler(
2164 struct smbd_server_connection *sconn)
2166 /* TODO: make write nonblocking */
2169 static void smbd_server_connection_read_handler(
2170 struct smbd_server_connection *sconn, int fd)
2172 uint8_t *inbuf = NULL;
2173 size_t inbuf_len = 0;
2174 size_t unread_bytes = 0;
2175 bool encrypted = false;
2176 TALLOC_CTX *mem_ctx = talloc_tos();
2182 if (lp_async_smb_echo_handler()
2183 && fd_is_readable(sconn->smb1.echo_handler.trusted_fd)) {
2185 * This is the super-ugly hack to prefer the packets
2186 * forwarded by the echo handler over the ones by the
2189 fd = sconn->smb1.echo_handler.trusted_fd;
2192 from_client = (sconn->sock == fd);
2195 smbd_lock_socket(sconn);
2197 if (!fd_is_readable(fd)) {
2198 DEBUG(10,("the echo listener was faster\n"));
2199 smbd_unlock_socket(sconn);
2204 /* TODO: make this completely nonblocking */
2205 status = receive_smb_talloc(mem_ctx, sconn, fd,
2206 (char **)(void *)&inbuf,
2210 &inbuf_len, &seqnum,
2211 false /* trusted channel */);
2214 smbd_unlock_socket(sconn);
2217 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2220 if (NT_STATUS_IS_ERR(status)) {
2221 exit_server_cleanly("failed to receive smb request");
2223 if (!NT_STATUS_IS_OK(status)) {
2228 process_smb(sconn, inbuf, inbuf_len, unread_bytes,
2229 seqnum, encrypted, NULL);
2232 static void smbd_server_connection_handler(struct event_context *ev,
2233 struct fd_event *fde,
2237 struct smbd_server_connection *conn = talloc_get_type(private_data,
2238 struct smbd_server_connection);
2240 if (flags & EVENT_FD_WRITE) {
2241 smbd_server_connection_write_handler(conn);
2244 if (flags & EVENT_FD_READ) {
2245 smbd_server_connection_read_handler(conn, conn->sock);
2250 static void smbd_server_echo_handler(struct event_context *ev,
2251 struct fd_event *fde,
2255 struct smbd_server_connection *conn = talloc_get_type(private_data,
2256 struct smbd_server_connection);
2258 if (flags & EVENT_FD_WRITE) {
2259 smbd_server_connection_write_handler(conn);
2262 if (flags & EVENT_FD_READ) {
2263 smbd_server_connection_read_handler(
2264 conn, conn->smb1.echo_handler.trusted_fd);
2269 #ifdef CLUSTER_SUPPORT
2270 /****************************************************************************
2271 received when we should release a specific IP
2272 ****************************************************************************/
2273 static void release_ip(const char *ip, void *priv)
2275 const char *addr = (const char *)priv;
2276 const char *p = addr;
2278 if (strncmp("::ffff:", addr, 7) == 0) {
2282 DEBUG(10, ("Got release IP message for %s, "
2283 "our address is %s\n", ip, p));
2285 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2286 /* we can't afford to do a clean exit - that involves
2287 database writes, which would potentially mean we
2288 are still running after the failover has finished -
2289 we have to get rid of this process ID straight
2291 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2293 /* note we must exit with non-zero status so the unclean handler gets
2294 called in the parent, so that the brl database is tickled */
2299 static int client_get_tcp_info(int sock, struct sockaddr_storage *server,
2300 struct sockaddr_storage *client)
2303 length = sizeof(*server);
2304 if (getsockname(sock, (struct sockaddr *)server, &length) != 0) {
2307 length = sizeof(*client);
2308 if (getpeername(sock, (struct sockaddr *)client, &length) != 0) {
2316 * Send keepalive packets to our client
2318 static bool keepalive_fn(const struct timeval *now, void *private_data)
2320 struct smbd_server_connection *sconn = talloc_get_type_abort(
2321 private_data, struct smbd_server_connection);
2324 if (sconn->using_smb2) {
2325 /* Don't do keepalives on an SMB2 connection. */
2329 smbd_lock_socket(sconn);
2330 ret = send_keepalive(sconn->sock);
2331 smbd_unlock_socket(sconn);
2334 char addr[INET6_ADDRSTRLEN];
2336 * Try and give an error message saying what
2339 DEBUG(0, ("send_keepalive failed for client %s. "
2340 "Error %s - exiting\n",
2341 get_peer_addr(sconn->sock, addr, sizeof(addr)),
2349 * Do the recurring check if we're idle
2351 static bool deadtime_fn(const struct timeval *now, void *private_data)
2353 struct smbd_server_connection *sconn =
2354 (struct smbd_server_connection *)private_data;
2356 if ((conn_num_open(sconn) == 0)
2357 || (conn_idle_all(sconn, now->tv_sec))) {
2358 DEBUG( 2, ( "Closing idle connection\n" ) );
2359 messaging_send(sconn->msg_ctx,
2360 messaging_server_id(sconn->msg_ctx),
2361 MSG_SHUTDOWN, &data_blob_null);
2369 * Do the recurring log file and smb.conf reload checks.
2372 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2374 struct smbd_server_connection *sconn = talloc_get_type_abort(
2375 private_data, struct smbd_server_connection);
2377 DEBUG(5, ("housekeeping\n"));
2379 change_to_root_user();
2381 /* update printer queue caches if necessary */
2382 update_monitored_printq_cache(sconn->msg_ctx);
2384 /* check if we need to reload services */
2385 check_reload(sconn, time_mono(NULL));
2387 /* Change machine password if neccessary. */
2388 attempt_machine_password_change();
2391 * Force a log file check.
2393 force_check_log_size();
2399 * Read an smb packet in the echo handler child, giving the parent
2400 * smbd one second to react once the socket becomes readable.
2403 struct smbd_echo_read_state {
2404 struct tevent_context *ev;
2405 struct smbd_server_connection *sconn;
2412 static void smbd_echo_read_readable(struct tevent_req *subreq);
2413 static void smbd_echo_read_waited(struct tevent_req *subreq);
2415 static struct tevent_req *smbd_echo_read_send(
2416 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
2417 struct smbd_server_connection *sconn)
2419 struct tevent_req *req, *subreq;
2420 struct smbd_echo_read_state *state;
2422 req = tevent_req_create(mem_ctx, &state,
2423 struct smbd_echo_read_state);
2428 state->sconn = sconn;
2430 subreq = wait_for_read_send(state, ev, sconn->sock);
2431 if (tevent_req_nomem(subreq, req)) {
2432 return tevent_req_post(req, ev);
2434 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2438 static void smbd_echo_read_readable(struct tevent_req *subreq)
2440 struct tevent_req *req = tevent_req_callback_data(
2441 subreq, struct tevent_req);
2442 struct smbd_echo_read_state *state = tevent_req_data(
2443 req, struct smbd_echo_read_state);
2447 ok = wait_for_read_recv(subreq, &err);
2448 TALLOC_FREE(subreq);
2450 tevent_req_nterror(req, map_nt_error_from_unix(err));
2455 * Give the parent smbd one second to step in
2458 subreq = tevent_wakeup_send(
2459 state, state->ev, timeval_current_ofs(1, 0));
2460 if (tevent_req_nomem(subreq, req)) {
2463 tevent_req_set_callback(subreq, smbd_echo_read_waited, req);
2466 static void smbd_echo_read_waited(struct tevent_req *subreq)
2468 struct tevent_req *req = tevent_req_callback_data(
2469 subreq, struct tevent_req);
2470 struct smbd_echo_read_state *state = tevent_req_data(
2471 req, struct smbd_echo_read_state);
2472 struct smbd_server_connection *sconn = state->sconn;
2478 ok = tevent_wakeup_recv(subreq);
2479 TALLOC_FREE(subreq);
2481 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
2485 ok = smbd_lock_socket_internal(sconn);
2487 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2488 DEBUG(0, ("%s: failed to lock socket\n", __location__));
2492 if (!fd_is_readable(sconn->sock)) {
2493 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
2494 (int)sys_getpid()));
2496 ok = smbd_unlock_socket_internal(sconn);
2498 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2499 DEBUG(1, ("%s: failed to unlock socket\n",
2504 subreq = wait_for_read_send(state, state->ev, sconn->sock);
2505 if (tevent_req_nomem(subreq, req)) {
2508 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2512 status = receive_smb_talloc(state, sconn, sconn->sock, &state->buf,
2518 false /* trusted_channel*/);
2520 if (tevent_req_nterror(req, status)) {
2521 tevent_req_nterror(req, status);
2522 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
2523 (int)sys_getpid(), nt_errstr(status)));
2527 ok = smbd_unlock_socket_internal(sconn);
2529 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2530 DEBUG(1, ("%s: failed to unlock socket\n", __location__));
2533 tevent_req_done(req);
2536 static NTSTATUS smbd_echo_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2537 char **pbuf, size_t *pbuflen, uint32_t *pseqnum)
2539 struct smbd_echo_read_state *state = tevent_req_data(
2540 req, struct smbd_echo_read_state);
2543 if (tevent_req_is_nterror(req, &status)) {
2546 *pbuf = talloc_move(mem_ctx, &state->buf);
2547 *pbuflen = state->buflen;
2548 *pseqnum = state->seqnum;
2549 return NT_STATUS_OK;
2552 struct smbd_echo_state {
2553 struct tevent_context *ev;
2554 struct iovec *pending;
2555 struct smbd_server_connection *sconn;
2558 struct tevent_fd *parent_fde;
2560 struct tevent_req *write_req;
2563 static void smbd_echo_writer_done(struct tevent_req *req);
2565 static void smbd_echo_activate_writer(struct smbd_echo_state *state)
2569 if (state->write_req != NULL) {
2573 num_pending = talloc_array_length(state->pending);
2574 if (num_pending == 0) {
2578 state->write_req = writev_send(state, state->ev, NULL,
2579 state->parent_pipe, false,
2580 state->pending, num_pending);
2581 if (state->write_req == NULL) {
2582 DEBUG(1, ("writev_send failed\n"));
2586 talloc_steal(state->write_req, state->pending);
2587 state->pending = NULL;
2589 tevent_req_set_callback(state->write_req, smbd_echo_writer_done,
2593 static void smbd_echo_writer_done(struct tevent_req *req)
2595 struct smbd_echo_state *state = tevent_req_callback_data(
2596 req, struct smbd_echo_state);
2600 written = writev_recv(req, &err);
2602 state->write_req = NULL;
2603 if (written == -1) {
2604 DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
2607 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)sys_getpid()));
2608 smbd_echo_activate_writer(state);
2611 static bool smbd_echo_reply(struct smbd_echo_state *state,
2612 uint8_t *inbuf, size_t inbuf_len,
2615 struct smb_request req;
2616 uint16_t num_replies;
2620 if ((inbuf_len == 4) && (CVAL(inbuf, 0) == NBSSkeepalive)) {
2621 DEBUG(10, ("Got netbios keepalive\n"));
2628 if (inbuf_len < smb_size) {
2629 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
2632 if (!valid_smb_header(state->sconn, inbuf)) {
2633 DEBUG(10, ("Got invalid SMB header\n"));
2637 if (!init_smb_request(&req, state->sconn, inbuf, 0, false,
2643 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req.cmd,
2644 smb_messages[req.cmd].name
2645 ? smb_messages[req.cmd].name : "unknown"));
2647 if (req.cmd != SMBecho) {
2654 num_replies = SVAL(req.vwv+0, 0);
2655 if (num_replies != 1) {
2656 /* Not a Windows "Hey, you're still there?" request */
2660 if (!create_outbuf(talloc_tos(), &req, (const char *)req.inbuf, &outbuf,
2662 DEBUG(10, ("create_outbuf failed\n"));
2665 req.outbuf = (uint8_t *)outbuf;
2667 SSVAL(req.outbuf, smb_vwv0, num_replies);
2669 if (req.buflen > 0) {
2670 memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
2673 ok = srv_send_smb(req.sconn,
2677 TALLOC_FREE(outbuf);
2685 static void smbd_echo_exit(struct tevent_context *ev,
2686 struct tevent_fd *fde, uint16_t flags,
2689 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
2693 static void smbd_echo_got_packet(struct tevent_req *req);
2695 static void smbd_echo_loop(struct smbd_server_connection *sconn,
2698 struct smbd_echo_state *state;
2699 struct tevent_req *read_req;
2701 state = talloc_zero(sconn, struct smbd_echo_state);
2702 if (state == NULL) {
2703 DEBUG(1, ("talloc failed\n"));
2706 state->sconn = sconn;
2707 state->parent_pipe = parent_pipe;
2708 state->ev = s3_tevent_context_init(state);
2709 if (state->ev == NULL) {
2710 DEBUG(1, ("tevent_context_init failed\n"));
2714 state->parent_fde = tevent_add_fd(state->ev, state, parent_pipe,
2715 TEVENT_FD_READ, smbd_echo_exit,
2717 if (state->parent_fde == NULL) {
2718 DEBUG(1, ("tevent_add_fd failed\n"));
2723 read_req = smbd_echo_read_send(state, state->ev, sconn);
2724 if (read_req == NULL) {
2725 DEBUG(1, ("smbd_echo_read_send failed\n"));
2729 tevent_req_set_callback(read_req, smbd_echo_got_packet, state);
2732 if (tevent_loop_once(state->ev) == -1) {
2733 DEBUG(1, ("tevent_loop_once failed: %s\n",
2741 static void smbd_echo_got_packet(struct tevent_req *req)
2743 struct smbd_echo_state *state = tevent_req_callback_data(
2744 req, struct smbd_echo_state);
2748 uint32_t seqnum = 0;
2751 status = smbd_echo_read_recv(req, state, &buf, &buflen, &seqnum);
2753 if (!NT_STATUS_IS_OK(status)) {
2754 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
2755 nt_errstr(status)));
2759 reply = smbd_echo_reply(state, (uint8_t *)buf, buflen, seqnum);
2765 num_pending = talloc_array_length(state->pending);
2766 tmp = talloc_realloc(state, state->pending, struct iovec,
2769 DEBUG(1, ("talloc_realloc failed\n"));
2772 state->pending = tmp;
2774 if (buflen >= smb_size) {
2776 * place the seqnum in the packet so that the main process
2777 * can reply with signing
2779 SIVAL(buf, smb_ss_field, seqnum);
2780 SIVAL(buf, smb_ss_field+4, NT_STATUS_V(NT_STATUS_OK));
2783 iov = &state->pending[num_pending];
2784 iov->iov_base = buf;
2785 iov->iov_len = buflen;
2787 DEBUG(10,("echo_handler[%d]: forward to main\n",
2788 (int)sys_getpid()));
2789 smbd_echo_activate_writer(state);
2792 req = smbd_echo_read_send(state, state->ev, state->sconn);
2794 DEBUG(1, ("smbd_echo_read_send failed\n"));
2797 tevent_req_set_callback(req, smbd_echo_got_packet, state);
2802 * Handle SMBecho requests in a forked child process
2804 bool fork_echo_handler(struct smbd_server_connection *sconn)
2806 int listener_pipe[2];
2810 res = pipe(listener_pipe);
2812 DEBUG(1, ("pipe() failed: %s\n", strerror(errno)));
2815 sconn->smb1.echo_handler.socket_lock_fd = create_unlink_tmp(lp_lockdir());
2816 if (sconn->smb1.echo_handler.socket_lock_fd == -1) {
2817 DEBUG(1, ("Could not create lock fd: %s\n", strerror(errno)));
2825 close(listener_pipe[0]);
2826 set_blocking(listener_pipe[1], false);
2828 status = reinit_after_fork(sconn->msg_ctx,
2831 if (!NT_STATUS_IS_OK(status)) {
2832 DEBUG(1, ("reinit_after_fork failed: %s\n",
2833 nt_errstr(status)));
2836 smbd_echo_loop(sconn, listener_pipe[1]);
2839 close(listener_pipe[1]);
2840 listener_pipe[1] = -1;
2841 sconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
2843 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)sys_getpid(), child));
2846 * Without smb signing this is the same as the normal smbd
2847 * listener. This needs to change once signing comes in.
2849 sconn->smb1.echo_handler.trusted_fde = tevent_add_fd(sconn->ev_ctx,
2851 sconn->smb1.echo_handler.trusted_fd,
2853 smbd_server_echo_handler,
2855 if (sconn->smb1.echo_handler.trusted_fde == NULL) {
2856 DEBUG(1, ("event_add_fd failed\n"));
2863 if (listener_pipe[0] != -1) {
2864 close(listener_pipe[0]);
2866 if (listener_pipe[1] != -1) {
2867 close(listener_pipe[1]);
2869 sconn->smb1.echo_handler.trusted_fd = -1;
2870 if (sconn->smb1.echo_handler.socket_lock_fd != -1) {
2871 close(sconn->smb1.echo_handler.socket_lock_fd);
2873 sconn->smb1.echo_handler.trusted_fd = -1;
2874 sconn->smb1.echo_handler.socket_lock_fd = -1;
2880 static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn,
2881 struct sockaddr_storage *srv,
2882 struct sockaddr_storage *clnt)
2884 struct ctdbd_connection *cconn;
2885 char tmp_addr[INET6_ADDRSTRLEN];
2888 cconn = messaging_ctdbd_connection();
2889 if (cconn == NULL) {
2890 return NT_STATUS_NO_MEMORY;
2893 client_socket_addr(sconn->sock, tmp_addr, sizeof(tmp_addr));
2894 addr = talloc_strdup(cconn, tmp_addr);
2896 return NT_STATUS_NO_MEMORY;
2898 return ctdbd_register_ips(cconn, srv, clnt, release_ip, addr);
2903 static bool uid_in_use(const struct user_struct *user, uid_t uid)
2906 if (user->session_info &&
2907 (user->session_info->unix_token->uid == uid)) {
2915 static bool gid_in_use(const struct user_struct *user, gid_t gid)
2918 if (user->session_info != NULL) {
2920 struct security_unix_token *utok;
2922 utok = user->session_info->unix_token;
2923 if (utok->gid == gid) {
2926 for(i=0; i<utok->ngroups; i++) {
2927 if (utok->groups[i] == gid) {
2937 static bool sid_in_use(const struct user_struct *user,
2938 const struct dom_sid *psid)
2941 struct security_token *tok;
2943 if (user->session_info == NULL) {
2946 tok = user->session_info->security_token;
2949 * Not sure session_info->security_token can
2950 * ever be NULL. This check might be not
2955 if (security_token_has_sid(tok, psid)) {
2963 static bool id_in_use(const struct user_struct *user,
2964 const struct id_cache_ref *id)
2968 return uid_in_use(user, id->id.uid);
2970 return gid_in_use(user, id->id.gid);
2972 return sid_in_use(user, &id->id.sid);
2979 static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
2982 struct server_id server_id,
2985 const char *msg = (data && data->data)
2986 ? (const char *)data->data : "<NULL>";
2987 struct user_struct *validated_users;
2988 struct id_cache_ref id;
2989 struct smbd_server_connection *sconn =
2990 talloc_get_type_abort(private_data,
2991 struct smbd_server_connection);
2993 validated_users = sconn->smb1.sessions.validated_users;
2995 if (!id_cache_ref_parse(msg, &id)) {
2996 DEBUG(0, ("Invalid ?ID: %s\n", msg));
3000 if (id_in_use(validated_users, &id)) {
3001 exit_server_cleanly(msg);
3003 id_cache_delete_from_cache(&id);
3006 /****************************************************************************
3007 Process commands from the client
3008 ****************************************************************************/
3010 void smbd_process(struct tevent_context *ev_ctx,
3011 struct smbd_server_connection *sconn)
3013 TALLOC_CTX *frame = talloc_stackframe();
3014 struct sockaddr_storage ss;
3015 struct sockaddr *sa = NULL;
3016 socklen_t sa_socklen;
3017 struct tsocket_address *local_address = NULL;
3018 struct tsocket_address *remote_address = NULL;
3019 const char *locaddr = NULL;
3020 const char *remaddr = NULL;
3024 if (lp_srv_maxprotocol() >= PROTOCOL_SMB2_02) {
3026 * We're not making the decision here,
3027 * we're just allowing the client
3028 * to decide between SMB1 and SMB2
3029 * with the first negprot
3032 sconn->using_smb2 = true;
3035 /* Ensure child is set to blocking mode */
3036 set_blocking(sconn->sock,True);
3038 set_socket_options(sconn->sock, "SO_KEEPALIVE");
3039 set_socket_options(sconn->sock, lp_socket_options());
3041 sa = (struct sockaddr *)(void *)&ss;
3042 sa_socklen = sizeof(ss);
3043 ret = getpeername(sconn->sock, sa, &sa_socklen);
3045 int level = (errno == ENOTCONN)?2:0;
3046 DEBUG(level,("getpeername() failed - %s\n", strerror(errno)));
3047 exit_server_cleanly("getpeername() failed.\n");
3049 ret = tsocket_address_bsd_from_sockaddr(sconn,
3053 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3054 __location__, strerror(errno)));
3055 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3058 sa = (struct sockaddr *)(void *)&ss;
3059 sa_socklen = sizeof(ss);
3060 ret = getsockname(sconn->sock, sa, &sa_socklen);
3062 int level = (errno == ENOTCONN)?2:0;
3063 DEBUG(level,("getsockname() failed - %s\n", strerror(errno)));
3064 exit_server_cleanly("getsockname() failed.\n");
3066 ret = tsocket_address_bsd_from_sockaddr(sconn,
3070 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3071 __location__, strerror(errno)));
3072 exit_server_cleanly("tsocket_address_bsd_from_sockaddr remote failed.\n");
3075 sconn->local_address = local_address;
3076 sconn->remote_address = remote_address;
3078 if (tsocket_address_is_inet(local_address, "ip")) {
3079 locaddr = tsocket_address_inet_addr_string(
3080 sconn->local_address,
3082 if (locaddr == NULL) {
3083 DEBUG(0,("%s: tsocket_address_inet_addr_string local failed - %s\n",
3084 __location__, strerror(errno)));
3085 exit_server_cleanly("tsocket_address_inet_addr_string local failed.\n");
3088 locaddr = "0.0.0.0";
3091 if (tsocket_address_is_inet(remote_address, "ip")) {
3092 remaddr = tsocket_address_inet_addr_string(
3093 sconn->remote_address,
3095 if (remaddr == NULL) {
3096 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3097 __location__, strerror(errno)));
3098 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3101 remaddr = "0.0.0.0";
3104 /* this is needed so that we get decent entries
3105 in smbstatus for port 445 connects */
3106 set_remote_machine_name(remaddr, false);
3107 reload_services(sconn, conn_snum_used, true);
3110 * Before the first packet, check the global hosts allow/ hosts deny
3111 * parameters before doing any parsing of packets passed to us by the
3112 * client. This prevents attacks on our parsing code from hosts not in
3113 * the hosts allow list.
3116 ret = get_remote_hostname(remote_address,
3120 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3121 __location__, strerror(errno)));
3122 exit_server_cleanly("get_remote_hostname failed.\n");
3124 if (strequal(rhost, "UNKNOWN")) {
3125 rhost = talloc_strdup(talloc_tos(), remaddr);
3127 sconn->remote_hostname = talloc_move(sconn, &rhost);
3129 sub_set_socket_ids(remaddr,
3130 sconn->remote_hostname,
3133 if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
3134 sconn->remote_hostname,
3137 * send a negative session response "not listening on calling
3140 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
3141 DEBUG( 1, ("Connection denied from %s to %s\n",
3142 tsocket_address_string(remote_address, talloc_tos()),
3143 tsocket_address_string(local_address, talloc_tos())));
3144 (void)srv_send_smb(sconn,(char *)buf, false,
3146 exit_server_cleanly("connection denied");
3149 DEBUG(10, ("Connection allowed from %s to %s\n",
3150 tsocket_address_string(remote_address, talloc_tos()),
3151 tsocket_address_string(local_address, talloc_tos())));
3155 smb_perfcount_init();
3157 if (!init_account_policy()) {
3158 exit_server("Could not open account policy tdb.\n");
3161 if (*lp_rootdir()) {
3162 if (chroot(lp_rootdir()) != 0) {
3163 DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
3164 exit_server("Failed to chroot()");
3166 if (chdir("/") == -1) {
3167 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
3168 exit_server("Failed to chroot()");
3170 DEBUG(0,("Changed root to %s\n", lp_rootdir()));
3173 if (!srv_init_signing(sconn)) {
3174 exit_server("Failed to init smb_signing");
3178 if (!init_oplocks(sconn))
3179 exit_server("Failed to init oplocks");
3181 /* register our message handlers */
3182 messaging_register(sconn->msg_ctx, sconn,
3183 MSG_SMB_FORCE_TDIS, msg_force_tdis);
3184 messaging_register(sconn->msg_ctx, sconn,
3185 MSG_SMB_CLOSE_FILE, msg_close_file);
3186 messaging_register(sconn->msg_ctx, sconn,
3187 MSG_SMB_FILE_RENAME, msg_file_was_renamed);
3189 id_cache_register_msgs(sconn->msg_ctx);
3190 messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
3191 messaging_register(sconn->msg_ctx, sconn,
3192 ID_CACHE_KILL, smbd_id_cache_kill);
3194 messaging_deregister(sconn->msg_ctx,
3195 MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
3196 messaging_register(sconn->msg_ctx, sconn,
3197 MSG_SMB_CONF_UPDATED, smbd_conf_updated);
3200 * Use the default MSG_DEBUG handler to avoid rebroadcasting
3201 * MSGs to all child processes
3203 messaging_deregister(sconn->msg_ctx,
3205 messaging_register(sconn->msg_ctx, NULL,
3206 MSG_DEBUG, debug_message);
3208 if ((lp_keepalive() != 0)
3209 && !(event_add_idle(ev_ctx, NULL,
3210 timeval_set(lp_keepalive(), 0),
3211 "keepalive", keepalive_fn,
3213 DEBUG(0, ("Could not add keepalive event\n"));
3217 if (!(event_add_idle(ev_ctx, NULL,
3218 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
3219 "deadtime", deadtime_fn, sconn))) {
3220 DEBUG(0, ("Could not add deadtime event\n"));
3224 if (!(event_add_idle(ev_ctx, NULL,
3225 timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
3226 "housekeeping", housekeeping_fn, sconn))) {
3227 DEBUG(0, ("Could not add housekeeping event\n"));
3231 #ifdef CLUSTER_SUPPORT
3233 if (lp_clustering()) {
3235 * We need to tell ctdb about our client's TCP
3236 * connection, so that for failover ctdbd can send
3237 * tickle acks, triggering a reconnection by the
3241 struct sockaddr_storage srv, clnt;
3243 if (client_get_tcp_info(sconn->sock, &srv, &clnt) == 0) {
3245 status = smbd_register_ips(sconn, &srv, &clnt);
3246 if (!NT_STATUS_IS_OK(status)) {
3247 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3248 nt_errstr(status)));
3252 DEBUG(0,("Unable to get tcp info for "
3253 "CTDB_CONTROL_TCP_CLIENT: %s\n",
3260 sconn->nbt.got_session = false;
3262 sconn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
3264 sconn->smb1.sessions.done_sesssetup = false;
3265 sconn->smb1.sessions.max_send = BUFFER_SIZE;
3266 sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
3267 /* this holds info on user ids that are already validated for this VC */
3268 sconn->smb1.sessions.validated_users = NULL;
3269 sconn->smb1.sessions.next_vuid = VUID_OFFSET;
3270 sconn->smb1.sessions.num_validated_vuids = 0;
3273 if (!init_dptrs(sconn)) {
3274 exit_server("init_dptrs() failed");
3277 sconn->smb1.fde = event_add_fd(ev_ctx,
3281 smbd_server_connection_handler,
3283 if (!sconn->smb1.fde) {
3284 exit_server("failed to create smbd_server_connection fde");
3290 frame = talloc_stackframe_pool(8192);
3293 if (tevent_loop_once(ev_ctx) == -1) {
3294 if (errno != EINTR) {
3295 DEBUG(3, ("tevent_loop_once failed: %s,"
3296 " exiting\n", strerror(errno) ));
3304 exit_server_cleanly(NULL);
3307 bool req_is_in_chain(struct smb_request *req)
3309 if (req->vwv != (const uint16_t *)(req->inbuf+smb_vwv)) {
3311 * We're right now handling a subsequent request, so we must
3317 if (!is_andx_req(req->cmd)) {
3323 * Okay, an illegal request, but definitely not chained :-)
3328 return (CVAL(req->vwv+0, 0) != 0xFF);