source3/smbd/conn.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Manage connections_struct structures
   4    Copyright (C) Andrew Tridgell 1998
   5    Copyright (C) Alexander Bokovoy 2002
   6    Copyright (C) Jeremy Allison 2010
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "smbd/smbd.h"
  24 #include "smbd/globals.h"
  25
  26 /* The connections bitmap is expanded in increments of BITMAP_BLOCK_SZ. The
  27  * maximum size of the bitmap is the largest positive integer, but you will hit
  28  * the "max connections" limit, looong before that.
  29  */
  30
  31 #define BITMAP_BLOCK_SZ 128
  32
  33 /****************************************************************************
  34  Init the conn structures.
  35 ****************************************************************************/
  36
  37 void conn_init(struct smbd_server_connection *sconn)
  38 {
  39         sconn->smb1.tcons.Connections = NULL;
  40         sconn->smb1.tcons.bmap = bitmap_talloc(sconn, BITMAP_BLOCK_SZ);
  41 }
  42
  43 /****************************************************************************
  44  Return the number of open connections.
  45 ****************************************************************************/
  46
  47 int conn_num_open(struct smbd_server_connection *sconn)
  48 {
  49         return sconn->num_tcons_open;
  50 }
  51
  52 /****************************************************************************
  53  Check if a snum is in use.
  54 ****************************************************************************/
  55
  56 bool conn_snum_used(struct smbd_server_connection *sconn,
  57                     int snum)
  58 {
  59         if (sconn->using_smb2) {
  60                 /* SMB2 */
  61                 struct smbd_smb2_session *sess;
  62                 for (sess = sconn->smb2.sessions.list; sess; sess = sess->next) {
  63                         struct smbd_smb2_tcon *ptcon;
  64
  65                         for (ptcon = sess->tcons.list; ptcon; ptcon = ptcon->next) {
  66                                 if (ptcon->compat_conn &&
  67                                                 ptcon->compat_conn->params &&
  68                                                 (ptcon->compat_conn->params->service = snum)) {
  69                                         return true;
  70                                 }
  71                         }
  72                 }
  73         } else {
  74                 /* SMB1 */
  75                 connection_struct *conn;
  76                 for (conn=sconn->smb1.tcons.Connections;conn;conn=conn->next) {
  77                         if (conn->params->service == snum) {
  78                                 return true;
  79                         }
  80                 }
  81         }
  82         return false;
  83 }
  84
  85 /****************************************************************************
  86  Find a conn given a cnum.
  87 ****************************************************************************/
  88
  89 connection_struct *conn_find(struct smbd_server_connection *sconn,unsigned cnum)
  90 {
  91         if (sconn->using_smb2) {
  92                 /* SMB2 */
  93                 struct smbd_smb2_session *sess;
  94                 for (sess = sconn->smb2.sessions.list; sess; sess = sess->next) {
  95                         struct smbd_smb2_tcon *ptcon;
  96
  97                         for (ptcon = sess->tcons.list; ptcon; ptcon = ptcon->next) {
  98                                 if (ptcon->compat_conn &&
  99                                                 ptcon->compat_conn->cnum == cnum) {
 100                                         return ptcon->compat_conn;
 101                                 }
 102                         }
 103                 }
 104         } else {
 105                 /* SMB1 */
 106                 int count=0;
 107                 connection_struct *conn;
 108                 for (conn=sconn->smb1.tcons.Connections;conn;conn=conn->next,count++) {
 109                         if (conn->cnum == cnum) {
 110                                 if (count > 10) {
 111                                         DLIST_PROMOTE(sconn->smb1.tcons.Connections,
 112                                                 conn);
 113                                 }
 114                                 return conn;
 115                         }
 116                 }
 117         }
 118
 119         return NULL;
 120 }
 121
 122 /****************************************************************************
 123  Find first available connection slot, starting from a random position.
 124  The randomisation stops problems with the server dieing and clients
 125  thinking the server is still available.
 126 ****************************************************************************/
 127
 128 connection_struct *conn_new(struct smbd_server_connection *sconn)
 129 {
 130         connection_struct *conn;
 131         int i;
 132         int find_offset = 1;
 133
 134         if (sconn->using_smb2) {
 135                 /* SMB2 */
 136                 if (!(conn=talloc_zero(NULL, connection_struct)) ||
 137                     !(conn->params = talloc(conn, struct share_params))) {
 138                         DEBUG(0,("TALLOC_ZERO() failed!\n"));
 139                         TALLOC_FREE(conn);
 140                         return NULL;
 141                 }
 142                 conn->sconn = sconn;
 143                 return conn;
 144         }
 145
 146         /* SMB1 */
 147 find_again:
 148         i = bitmap_find(sconn->smb1.tcons.bmap, find_offset);
 149
 150         if (i == -1) {
 151                 /* Expand the connections bitmap. */
 152                 int             oldsz = sconn->smb1.tcons.bmap->n;
 153                 int             newsz = sconn->smb1.tcons.bmap->n +
 154                                         BITMAP_BLOCK_SZ;
 155                 struct bitmap * nbmap;
 156
 157                 if (newsz <= oldsz) {
 158                         /* Integer wrap. */
 159                         DEBUG(0,("ERROR! Out of connection structures\n"));
 160                         return NULL;
 161                 }
 162
 163                 DEBUG(4,("resizing connections bitmap from %d to %d\n",
 164                         oldsz, newsz));
 165
 166                 nbmap = bitmap_talloc(sconn, newsz);
 167                 if (!nbmap) {
 168                         DEBUG(0,("ERROR! malloc fail.\n"));
 169                         return NULL;
 170                 }
 171
 172                 bitmap_copy(nbmap, sconn->smb1.tcons.bmap);
 173                 TALLOC_FREE(sconn->smb1.tcons.bmap);
 174
 175                 sconn->smb1.tcons.bmap = nbmap;
 176                 find_offset = oldsz; /* Start next search in the new portion. */
 177
 178                 goto find_again;
 179         }
 180
 181         /* The bitmap position is used below as the connection number
 182          * conn->cnum). This ends up as the TID field in the SMB header,
 183          * which is limited to 16 bits (we skip 0xffff which is the
 184          * NULL TID).
 185          */
 186         if (i > 65534) {
 187                 DEBUG(0, ("Maximum connection limit reached\n"));
 188                 return NULL;
 189         }
 190
 191         if (!(conn=talloc_zero(NULL, connection_struct)) ||
 192             !(conn->params = talloc(conn, struct share_params))) {
 193                 DEBUG(0,("TALLOC_ZERO() failed!\n"));
 194                 TALLOC_FREE(conn);
 195                 return NULL;
 196         }
 197         conn->sconn = sconn;
 198         conn->cnum = i;
 199         conn->force_group_gid = (gid_t)-1;
 200
 201         bitmap_set(sconn->smb1.tcons.bmap, i);
 202
 203         sconn->num_tcons_open++;
 204
 205         string_set(&conn->connectpath,"");
 206         string_set(&conn->origpath,"");
 207
 208         DLIST_ADD(sconn->smb1.tcons.Connections, conn);
 209
 210         return conn;
 211 }
 212
 213 /****************************************************************************
 214  Clear a vuid out of the connection's vuid cache
 215 ****************************************************************************/
 216
 217 static void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
 218 {
 219         int i;
 220
 221         for (i=0; i<VUID_CACHE_SIZE; i++) {
 222                 struct vuid_cache_entry *ent;
 223
 224                 ent = &conn->vuid_cache.array[i];
 225
 226                 if (ent->vuid == vuid) {
 227                         ent->vuid = UID_FIELD_INVALID;
 228                         /*
 229                          * We need to keep conn->session_info around
 230                          * if it's equal to ent->session_info as a SMBulogoff
 231                          * is often followed by a SMBtdis (with an invalid
 232                          * vuid). The debug code (or regular code in
 233                          * vfs_full_audit) wants to refer to the
 234                          * conn->session_info pointer to print debug
 235                          * statements. Theoretically this is a bug,
 236                          * as once the vuid is gone the session_info
 237                          * on the conn struct isn't valid any more,
 238                          * but there's enough code that assumes
 239                          * conn->session_info is never null that
 240                          * it's easier to hold onto the old pointer
 241                          * until we get a new sessionsetupX.
 242                          * As everything is hung off the
 243                          * conn pointer as a talloc context we're not
 244                          * leaking memory here. See bug #6315. JRA.
 245                          */
 246                         if (conn->session_info == ent->session_info) {
 247                                 ent->session_info = NULL;
 248                         } else {
 249                                 TALLOC_FREE(ent->session_info);
 250                         }
 251                         ent->read_only = False;
 252                 }
 253         }
 254 }
 255
 256 /****************************************************************************
 257  Clear a vuid out of the validity cache, and as the 'owner' of a connection.
 258
 259  Called from invalidate_vuid()
 260 ****************************************************************************/
 261
 262 void conn_clear_vuid_caches(struct smbd_server_connection *sconn,uint16_t vuid)
 263 {
 264         connection_struct *conn;
 265
 266         if (sconn->using_smb2) {
 267                 /* SMB2 */
 268                 struct smbd_smb2_session *sess;
 269                 for (sess = sconn->smb2.sessions.list; sess; sess = sess->next) {
 270                         struct smbd_smb2_tcon *ptcon;
 271
 272                         for (ptcon = sess->tcons.list; ptcon; ptcon = ptcon->next) {
 273                                 if (ptcon->compat_conn) {
 274                                         if (ptcon->compat_conn->vuid == vuid) {
 275                                                 ptcon->compat_conn->vuid = UID_FIELD_INVALID;
 276                                         }
 277                                         conn_clear_vuid_cache(ptcon->compat_conn, vuid);
 278                                 }
 279                         }
 280                 }
 281         } else {
 282                 /* SMB1 */
 283                 for (conn=sconn->smb1.tcons.Connections;conn;conn=conn->next) {
 284                         if (conn->vuid == vuid) {
 285                                 conn->vuid = UID_FIELD_INVALID;
 286                         }
 287                         conn_clear_vuid_cache(conn, vuid);
 288                 }
 289         }
 290 }
 291
 292 /****************************************************************************
 293  Free a conn structure - internal part.
 294 ****************************************************************************/
 295
 296 static void conn_free_internal(connection_struct *conn)
 297 {
 298         vfs_handle_struct *handle = NULL, *thandle = NULL;
 299         struct trans_state *state = NULL;
 300
 301         /* Free vfs_connection_struct */
 302         handle = conn->vfs_handles;
 303         while(handle) {
 304                 thandle = handle->next;
 305                 DLIST_REMOVE(conn->vfs_handles, handle);
 306                 if (handle->free_data)
 307                         handle->free_data(&handle->data);
 308                 handle = thandle;
 309         }
 310
 311         /* Free any pending transactions stored on this conn. */
 312         for (state = conn->pending_trans; state; state = state->next) {
 313                 /* state->setup is a talloc child of state. */
 314                 SAFE_FREE(state->param);
 315                 SAFE_FREE(state->data);
 316         }
 317
 318         free_namearray(conn->veto_list);
 319         free_namearray(conn->hide_list);
 320         free_namearray(conn->veto_oplock_list);
 321         free_namearray(conn->aio_write_behind_list);
 322
 323         string_free(&conn->connectpath);
 324         string_free(&conn->origpath);
 325
 326         ZERO_STRUCTP(conn);
 327         talloc_destroy(conn);
 328 }
 329
 330 /****************************************************************************
 331  Free a conn structure.
 332 ****************************************************************************/
 333
 334 void conn_free(connection_struct *conn)
 335 {
 336         if (conn->sconn == NULL) {
 337                 conn_free_internal(conn);
 338                 return;
 339         }
 340
 341         if (conn->sconn->using_smb2) {
 342                 /* SMB2 */
 343                 conn_free_internal(conn);
 344                 return;
 345         }
 346
 347         /* SMB1 */
 348         DLIST_REMOVE(conn->sconn->smb1.tcons.Connections, conn);
 349
 350         if (conn->sconn->smb1.tcons.bmap != NULL) {
 351                 /*
 352                  * Can be NULL for fake connections created by
 353                  * create_conn_struct()
 354                  */
 355                 bitmap_clear(conn->sconn->smb1.tcons.bmap, conn->cnum);
 356         }
 357
 358         SMB_ASSERT(conn->sconn->num_tcons_open > 0);
 359         conn->sconn->num_tcons_open--;
 360
 361         conn_free_internal(conn);
 362 }