#include "includes.h"
-extern int smb_echo_count;
-
/*
* Size of data we can send to client. Set
* by the client for all protocols above CORE.
extern bool global_machine_password_needs_changing;
extern int max_send;
+static void construct_reply_common(struct smb_request *req, const char *inbuf,
+ char *outbuf);
+
/* Accessor function for smb_read_error for smbd functions. */
/****************************************************************************
if (is_encrypted_packet(inbuf)) {
return true;
}
- return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
+ /*
+ * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
+ * but it just looks weird to call strncmp for this one.
+ */
+ return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
}
/* Socket functions for smbd packet processing. */
if (CVAL(lenbuf,0) == 0 &&
min_recv_size &&
- smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */
+ smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */
!srv_is_signing_active()) {
return receive_smb_raw_talloc_partial_read(
(unsigned int)req_size ));
exit_server_cleanly("Invalid SMB request");
}
+ req->cmd = CVAL(inbuf, smb_com);
req->flags2 = SVAL(inbuf, smb_flg2);
req->smbpid = SVAL(inbuf, smb_pid);
req->mid = SVAL(inbuf, smb_mid);
req->vuid = SVAL(inbuf, smb_uid);
req->tid = SVAL(inbuf, smb_tid);
req->wct = CVAL(inbuf, smb_wct);
+ req->vwv = (uint16_t *)(inbuf+smb_vwv);
+ req->buflen = smb_buflen(inbuf);
+ req->buf = (const uint8_t *)smb_buf(inbuf);
req->unread_bytes = unread_bytes;
req->encrypted = encrypted;
req->conn = conn_find(req->tid);
+ req->chain_fsp = NULL;
/* Ensure we have at least wct words and 2 bytes of bcc. */
if (smb_size + req->wct*2 > req_size) {
exit_server_cleanly("Invalid SMB request");
}
/* Ensure bcc is correct. */
- if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
+ if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) {
DEBUG(0,("init_smb_request: invalid bcc number %u "
"(wct = %u, size %u)\n",
- (unsigned int)smb_buflen(inbuf),
+ (unsigned int)req->buflen,
(unsigned int)req->wct,
(unsigned int)req_size));
exit_server_cleanly("Invalid SMB request");
}
- req->inbuf = inbuf;
req->outbuf = NULL;
}
*p_unread = 0;
- again:
-
to.tv_sec = SMBD_SELECT_TIMEOUT;
to.tv_usec = 0;
pop_message = True;
} else {
struct timeval tv;
- SMB_BIG_INT tdif;
+ int64_t tdif;
GetTimeOfDay(&tv);
tdif = usec_time_diff(&msg->end_time, &tv);
* the state of the flag in fds for the server file descriptor is
* indeterminate - we may have done I/O on it in the oplock processing. JRA.
*/
- goto again;
+ return NT_STATUS_RETRY;
}
/*
if (timeval_is_zero(&to)) {
/* Process a timed event now... */
if (run_events(smbd_event_context(), 0, NULL, NULL)) {
- goto again;
+ return NT_STATUS_RETRY;
}
}
}
if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
- goto again;
+ return NT_STATUS_RETRY;
}
/* if we get EINTR then maybe we have received an oplock
* the state of the flag in fds for the server file descriptor is
* indeterminate - we may have done I/O on it in the oplock processing. JRA.
*/
- goto again;
+ return NT_STATUS_RETRY;
}
/* Check if error */
/* Did we timeout ? */
if (selrtn == 0) {
- goto again;
+ return NT_STATUS_RETRY;
}
/*
* the state of the flag in fds for the server file descriptor is
* indeterminate - we may have done I/O on it in the oplock processing. JRA.
*/
- goto again;
+ return NT_STATUS_RETRY;
}
/*
*/
static const struct smb_message_struct {
const char *name;
- void (*fn_new)(struct smb_request *req);
+ void (*fn)(struct smb_request *req);
int flags;
} smb_messages[256] = {
allocate and initialize a reply packet
********************************************************************/
-bool create_outbuf(TALLOC_CTX *mem_ctx, const char *inbuf, char **outbuf,
- uint8_t num_words, uint32_t num_bytes)
+static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
+ const char *inbuf, char **outbuf, uint8_t num_words,
+ uint32_t num_bytes)
{
/*
* Protect against integer wrap
return false;
}
- construct_reply_common(inbuf, *outbuf);
+ construct_reply_common(req, inbuf, *outbuf);
srv_set_message(*outbuf, num_words, num_bytes, false);
/*
* Zero out the word area, the caller has to take care of the bcc area
void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
{
char *outbuf;
- if (!create_outbuf(req, (char *)req->inbuf, &outbuf, num_words,
+ if (!create_outbuf(req, req, (char *)req->inbuf, &outbuf, num_words,
num_bytes)) {
smb_panic("could not allocate output buffer\n");
}
exit_server_cleanly("Non-SMB packet");
}
- if (smb_messages[type].fn_new == NULL) {
+ if (smb_messages[type].fn == NULL) {
DEBUG(0,("Unknown message type %d!\n",type));
smb_dump("Unknown", 1, (char *)req->inbuf, size);
reply_unknown_new(req, type);
if (!change_to_user(conn,session_tag)) {
reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
+ remove_deferred_open_smb_message(req->mid);
return conn;
}
/* encrypted required from now on. */
conn->encrypt_level = Required;
} else if (ENCRYPTION_REQUIRED(conn)) {
- uint8 com = CVAL(req->inbuf,smb_com);
- if (com != SMBtrans2 && com != SMBtranss2) {
+ if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
exit_server_cleanly("encryption required "
"on connection");
return conn;
return conn;
}
- smb_messages[type].fn_new(req);
+ smb_messages[type].fn(req);
return req->conn;
}
static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
{
- uint8 type = CVAL(inbuf,smb_com);
connection_struct *conn;
struct smb_request *req;
chain_size = 0;
- file_chain_reset();
- reset_chain_p();
if (!(req = talloc(talloc_tos(), struct smb_request))) {
smb_panic("could not allocate smb_request");
}
init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
+ req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
- conn = switch_message(type, req, size);
+ conn = switch_message(req->cmd, req, size);
if (req->unread_bytes) {
/* writeX failed. drain socket. */
DO_PROFILE_INC(smb_count);
- if (trans_num == 0) {
- char addr[INET6_ADDRSTRLEN];
-
- /* on the first packet, check the global hosts allow/ hosts
- deny parameters before doing any parsing of the packet
- passed to us by the client. This prevents attacks on our
- parsing code from hosts not in the hosts allow list */
-
- if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
- lp_hostsdeny(-1))) {
- /* send a negative session response "not listening on calling name" */
- static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
- DEBUG( 1, ( "Connection denied from %s\n",
- client_addr(get_client_fd(),addr,sizeof(addr)) ) );
- (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
- exit_server_cleanly("connection denied");
- }
- }
-
DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
smb_len(inbuf) ) );
DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
common_flags2 &= ~v;
}
-void construct_reply_common(const char *inbuf, char *outbuf)
+static void construct_reply_common(struct smb_request *req, const char *inbuf,
+ char *outbuf)
{
srv_set_message(outbuf,0,0,false);
- SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
+ SCVAL(outbuf, smb_com, req->cmd);
SIVAL(outbuf,smb_rcls,0);
SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
SSVAL(outbuf,smb_flg2,
SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
}
+void construct_reply_common_req(struct smb_request *req, char *outbuf)
+{
+ construct_reply_common(req, (char *)req->inbuf, outbuf);
+}
+
/****************************************************************************
Construct a chained reply and add it to the already made reply
****************************************************************************/
smb_panic("could not allocate smb_request");
}
init_smb_request(req2, (uint8 *)inbuf2,0, req->encrypted);
+ req2->inbuf = (uint8_t *)inbuf2;
+ req2->chain_fsp = req->chain_fsp;
/* process the request */
switch_message(smb_com2, req2, new_size);
unsigned int num_smbs = 0;
size_t unread_bytes = 0;
+ char addr[INET6_ADDRSTRLEN];
+
+ /*
+ * Before the first packet, check the global hosts allow/ hosts deny
+ * parameters before doing any parsing of packets passed to us by the
+ * client. This prevents attacks on our parsing code from hosts not in
+ * the hosts allow list.
+ */
+
+ if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
+ lp_hostsdeny(-1))) {
+ /*
+ * send a negative session response "not listening on calling
+ * name"
+ */
+ unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
+ DEBUG( 1, ("Connection denied from %s\n",
+ client_addr(get_client_fd(),addr,sizeof(addr)) ) );
+ (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
+ exit_server_cleanly("connection denied");
+ }
+
max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
while (True) {
run_events(smbd_event_context(), 0, NULL, NULL);
- status = receive_message_or_smb(
- talloc_tos(), &inbuf, &inbuf_len,
- &unread_bytes, &encrypted);
+ status = NT_STATUS_RETRY;
+
+ while (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+ status = receive_message_or_smb(
+ talloc_tos(), &inbuf, &inbuf_len,
+ &unread_bytes, &encrypted);
+ }
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("receive_message_or_smb failed: %s, "
process_smb(inbuf, inbuf_len, unread_bytes, encrypted);
- TALLOC_FREE(inbuf);
-
num_smbs++;
/* The timeout_processing function isn't run nearly