2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/tsocket/tsocket.h"
23 #include "system/filesys.h"
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "librpc/gen_ndr/netlogon.h"
27 #include "../lib/async_req/async_sock.h"
28 #include "ctdbd_conn.h"
29 #include "../lib/util/select.h"
30 #include "printing/queue_process.h"
31 #include "system/select.h"
35 #include "smbprofile.h"
36 #include "rpc_server/spoolss/srv_spoolss_nt.h"
37 #include "libsmb/libsmb.h"
38 #include "../lib/util/tevent_ntstatus.h"
39 #include "../libcli/security/dom_sid.h"
40 #include "../libcli/security/security_token.h"
41 #include "lib/id_cache.h"
42 #include "lib/sys_rw_data.h"
44 #include "system/threads.h"
46 /* Internal message queue for deferred opens. */
47 struct pending_message_list {
48 struct pending_message_list *next, *prev;
49 struct timeval request_time; /* When was this first issued? */
50 struct smbd_server_connection *sconn;
51 struct smbXsrv_connection *xconn;
52 struct tevent_timer *te;
53 struct smb_perfcount_data pcd;
58 struct deferred_open_record *open_rec;
61 static void construct_reply_common(uint8_t cmd, const uint8_t *inbuf,
63 static struct pending_message_list *get_deferred_open_message_smb(
64 struct smbd_server_connection *sconn, uint64_t mid);
65 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf);
67 static void smbd_echo_init(struct smbXsrv_connection *xconn)
69 xconn->smb1.echo_handler.trusted_fd = -1;
70 xconn->smb1.echo_handler.socket_lock_fd = -1;
71 #ifdef HAVE_ROBUST_MUTEXES
72 xconn->smb1.echo_handler.socket_mutex = NULL;
76 static bool smbd_echo_active(struct smbXsrv_connection *xconn)
78 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
82 #ifdef HAVE_ROBUST_MUTEXES
83 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
91 static bool smbd_lock_socket_internal(struct smbXsrv_connection *xconn)
93 if (!smbd_echo_active(xconn)) {
97 xconn->smb1.echo_handler.ref_count++;
99 if (xconn->smb1.echo_handler.ref_count > 1) {
103 DEBUG(10,("pid[%d] wait for socket lock\n", (int)getpid()));
105 #ifdef HAVE_ROBUST_MUTEXES
106 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
109 while (ret == EINTR) {
110 ret = pthread_mutex_lock(
111 xconn->smb1.echo_handler.socket_mutex);
117 DEBUG(1, ("pthread_mutex_lock failed: %s\n",
124 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
129 xconn->smb1.echo_handler.socket_lock_fd,
130 F_SETLKW, 0, 0, F_WRLCK);
131 } while (!ok && (errno == EINTR));
134 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
139 DEBUG(10,("pid[%d] got socket lock\n", (int)getpid()));
144 void smbd_lock_socket(struct smbXsrv_connection *xconn)
146 if (!smbd_lock_socket_internal(xconn)) {
147 exit_server_cleanly("failed to lock socket");
151 static bool smbd_unlock_socket_internal(struct smbXsrv_connection *xconn)
153 if (!smbd_echo_active(xconn)) {
157 xconn->smb1.echo_handler.ref_count--;
159 if (xconn->smb1.echo_handler.ref_count > 0) {
163 #ifdef HAVE_ROBUST_MUTEXES
164 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
167 while (ret == EINTR) {
168 ret = pthread_mutex_unlock(
169 xconn->smb1.echo_handler.socket_mutex);
175 DEBUG(1, ("pthread_mutex_unlock failed: %s\n",
182 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
187 xconn->smb1.echo_handler.socket_lock_fd,
188 F_SETLKW, 0, 0, F_UNLCK);
189 } while (!ok && (errno == EINTR));
192 DEBUG(1, ("fcntl_lock failed: %s\n", strerror(errno)));
197 DEBUG(10,("pid[%d] unlocked socket\n", (int)getpid()));
202 void smbd_unlock_socket(struct smbXsrv_connection *xconn)
204 if (!smbd_unlock_socket_internal(xconn)) {
205 exit_server_cleanly("failed to unlock socket");
209 /* Accessor function for smb_read_error for smbd functions. */
211 /****************************************************************************
213 ****************************************************************************/
215 bool srv_send_smb(struct smbXsrv_connection *xconn, char *buffer,
216 bool do_signing, uint32_t seqnum,
218 struct smb_perfcount_data *pcd)
222 char *buf_out = buffer;
224 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
226 * we're not supposed to do any io
231 smbd_lock_socket(xconn);
234 /* Sign the outgoing packet if required. */
235 srv_calculate_sign_mac(xconn, buf_out, seqnum);
239 NTSTATUS status = srv_encrypt_buffer(xconn, buffer, &buf_out);
240 if (!NT_STATUS_IS_OK(status)) {
241 DEBUG(0, ("send_smb: SMB encryption failed "
242 "on outgoing packet! Error %s\n",
243 nt_errstr(status) ));
249 len = smb_len_large(buf_out) + 4;
251 ret = write_data(xconn->transport.sock, buf_out, len);
253 int saved_errno = errno;
255 * Try and give an error message saying what
258 DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
259 (int)getpid(), (int)len,
260 smbXsrv_connection_dbg(xconn),
261 (int)ret, strerror(saved_errno)));
264 srv_free_enc_buffer(xconn, buf_out);
268 SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
269 srv_free_enc_buffer(xconn, buf_out);
271 SMB_PERFCOUNT_END(pcd);
273 smbd_unlock_socket(xconn);
277 /*******************************************************************
278 Setup the word count and byte count for a smb message.
279 ********************************************************************/
281 int srv_set_message(char *buf,
286 if (zero && (num_words || num_bytes)) {
287 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
289 SCVAL(buf,smb_wct,num_words);
290 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
291 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
292 return (smb_size + num_words*2 + num_bytes);
295 static bool valid_smb_header(const uint8_t *inbuf)
297 if (is_encrypted_packet(inbuf)) {
301 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
302 * but it just looks weird to call strncmp for this one.
304 return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
307 /* Socket functions for smbd packet processing. */
309 static bool valid_packet_size(size_t len)
312 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
313 * of header. Don't print the error if this fits.... JRA.
316 if (len > (LARGE_WRITEX_BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
317 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
318 (unsigned long)len));
324 static NTSTATUS read_packet_remainder(int fd, char *buffer,
325 unsigned int timeout, ssize_t len)
333 status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
334 if (!NT_STATUS_IS_OK(status)) {
335 char addr[INET6_ADDRSTRLEN];
336 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
338 get_peer_addr(fd, addr, sizeof(addr)),
344 /****************************************************************************
345 Attempt a zerocopy writeX read. We know here that len > smb_size-4
346 ****************************************************************************/
349 * Unfortunately, earlier versions of smbclient/libsmbclient
350 * don't send this "standard" writeX header. I've fixed this
351 * for 3.2 but we'll use the old method with earlier versions.
352 * Windows and CIFSFS at least use this standard size. Not
356 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
357 (2*14) + /* word count (including bcc) */ \
360 static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
361 const char lenbuf[4],
362 struct smbXsrv_connection *xconn,
365 unsigned int timeout,
369 /* Size of a WRITEX call (+4 byte len). */
370 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
371 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
375 memcpy(writeX_header, lenbuf, 4);
377 status = read_fd_with_timeout(
378 sock, writeX_header + 4,
379 STANDARD_WRITE_AND_X_HEADER_SIZE,
380 STANDARD_WRITE_AND_X_HEADER_SIZE,
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
386 smbXsrv_connection_dbg(xconn),
392 * Ok - now try and see if this is a possible
396 if (is_valid_writeX_buffer(xconn, (uint8_t *)writeX_header)) {
398 * If the data offset is beyond what
399 * we've read, drain the extra bytes.
401 uint16_t doff = SVAL(writeX_header,smb_vwv11);
404 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
405 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
406 if (drain_socket(sock, drain) != drain) {
407 smb_panic("receive_smb_raw_talloc_partial_read:"
408 " failed to drain pending bytes");
411 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
414 /* Spoof down the length and null out the bcc. */
415 set_message_bcc(writeX_header, 0);
416 newlen = smb_len(writeX_header);
418 /* Copy the header we've written. */
420 *buffer = (char *)talloc_memdup(mem_ctx,
422 sizeof(writeX_header));
424 if (*buffer == NULL) {
425 DEBUG(0, ("Could not allocate inbuf of length %d\n",
426 (int)sizeof(writeX_header)));
427 return NT_STATUS_NO_MEMORY;
430 /* Work out the remaining bytes. */
431 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
432 *len_ret = newlen + 4;
436 if (!valid_packet_size(len)) {
437 return NT_STATUS_INVALID_PARAMETER;
441 * Not a valid writeX call. Just do the standard
445 *buffer = talloc_array(mem_ctx, char, len+4);
447 if (*buffer == NULL) {
448 DEBUG(0, ("Could not allocate inbuf of length %d\n",
450 return NT_STATUS_NO_MEMORY;
453 /* Copy in what we already read. */
456 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
457 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
460 status = read_packet_remainder(
462 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
465 if (!NT_STATUS_IS_OK(status)) {
466 DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
476 static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
477 struct smbXsrv_connection *xconn,
479 char **buffer, unsigned int timeout,
480 size_t *p_unread, size_t *plen)
484 int min_recv_size = lp_min_receive_file_size();
489 status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
491 if (!NT_STATUS_IS_OK(status)) {
495 if (CVAL(lenbuf,0) == 0 && min_recv_size &&
496 (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
497 (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
498 !srv_is_signing_active(xconn) &&
499 xconn->smb1.echo_handler.trusted_fde == NULL) {
501 return receive_smb_raw_talloc_partial_read(
502 mem_ctx, lenbuf, xconn, sock, buffer, timeout,
506 if (!valid_packet_size(len)) {
507 return NT_STATUS_INVALID_PARAMETER;
511 * The +4 here can't wrap, we've checked the length above already.
514 *buffer = talloc_array(mem_ctx, char, len+4);
516 if (*buffer == NULL) {
517 DEBUG(0, ("Could not allocate inbuf of length %d\n",
519 return NT_STATUS_NO_MEMORY;
522 memcpy(*buffer, lenbuf, sizeof(lenbuf));
524 status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
525 if (!NT_STATUS_IS_OK(status)) {
533 static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
534 struct smbXsrv_connection *xconn,
536 char **buffer, unsigned int timeout,
537 size_t *p_unread, bool *p_encrypted,
540 bool trusted_channel)
545 *p_encrypted = false;
547 status = receive_smb_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
549 if (!NT_STATUS_IS_OK(status)) {
550 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
551 ("receive_smb_raw_talloc failed for client %s "
552 "read error = %s.\n",
553 smbXsrv_connection_dbg(xconn),
554 nt_errstr(status)) );
558 if (is_encrypted_packet((uint8_t *)*buffer)) {
559 status = srv_decrypt_buffer(xconn, *buffer);
560 if (!NT_STATUS_IS_OK(status)) {
561 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
562 "incoming packet! Error %s\n",
563 nt_errstr(status) ));
569 /* Check the incoming SMB signature. */
570 if (!srv_check_sign_mac(xconn, *buffer, seqnum, trusted_channel)) {
571 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
572 "incoming packet!\n"));
573 return NT_STATUS_INVALID_NETWORK_RESPONSE;
581 * Initialize a struct smb_request from an inbuf
584 static bool init_smb_request(struct smb_request *req,
585 struct smbd_server_connection *sconn,
586 struct smbXsrv_connection *xconn,
587 const uint8_t *inbuf,
588 size_t unread_bytes, bool encrypted,
591 struct smbXsrv_tcon *tcon;
594 size_t req_size = smb_len(inbuf) + 4;
596 /* Ensure we have at least smb_size bytes. */
597 if (req_size < smb_size) {
598 DEBUG(0,("init_smb_request: invalid request size %u\n",
599 (unsigned int)req_size ));
603 req->request_time = timeval_current();
604 now = timeval_to_nttime(&req->request_time);
606 req->cmd = CVAL(inbuf, smb_com);
607 req->flags2 = SVAL(inbuf, smb_flg2);
608 req->smbpid = SVAL(inbuf, smb_pid);
609 req->mid = (uint64_t)SVAL(inbuf, smb_mid);
610 req->seqnum = seqnum;
611 req->vuid = SVAL(inbuf, smb_uid);
612 req->tid = SVAL(inbuf, smb_tid);
613 req->wct = CVAL(inbuf, smb_wct);
614 req->vwv = (const uint16_t *)(inbuf+smb_vwv);
615 req->buflen = smb_buflen(inbuf);
616 req->buf = (const uint8_t *)smb_buf_const(inbuf);
617 req->unread_bytes = unread_bytes;
618 req->encrypted = encrypted;
623 status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
624 if (NT_STATUS_IS_OK(status)) {
625 req->conn = tcon->compat;
628 req->chain_fsp = NULL;
630 req->priv_paths = NULL;
632 smb_init_perfcount_data(&req->pcd);
634 /* Ensure we have at least wct words and 2 bytes of bcc. */
635 if (smb_size + req->wct*2 > req_size) {
636 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
637 (unsigned int)req->wct,
638 (unsigned int)req_size));
641 /* Ensure bcc is correct. */
642 if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
643 DEBUG(0,("init_smb_request: invalid bcc number %u "
644 "(wct = %u, size %u)\n",
645 (unsigned int)req->buflen,
646 (unsigned int)req->wct,
647 (unsigned int)req_size));
655 static void process_smb(struct smbXsrv_connection *xconn,
656 uint8_t *inbuf, size_t nread, size_t unread_bytes,
657 uint32_t seqnum, bool encrypted,
658 struct smb_perfcount_data *deferred_pcd);
660 static void smbd_deferred_open_timer(struct tevent_context *ev,
661 struct tevent_timer *te,
662 struct timeval _tval,
665 struct pending_message_list *msg = talloc_get_type(private_data,
666 struct pending_message_list);
667 struct smbd_server_connection *sconn = msg->sconn;
668 struct smbXsrv_connection *xconn = msg->xconn;
669 TALLOC_CTX *mem_ctx = talloc_tos();
670 uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
673 inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
676 exit_server("smbd_deferred_open_timer: talloc failed\n");
680 /* We leave this message on the queue so the open code can
681 know this is a retry. */
682 DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
683 (unsigned long long)mid ));
685 /* Mark the message as processed so this is not
686 * re-processed in error. */
687 msg->processed = true;
689 process_smb(xconn, inbuf,
691 msg->seqnum, msg->encrypted, &msg->pcd);
693 /* If it's still there and was processed, remove it. */
694 msg = get_deferred_open_message_smb(sconn, mid);
695 if (msg && msg->processed) {
696 remove_deferred_open_message_smb(xconn, mid);
700 /****************************************************************************
701 Function to push a message onto the tail of a linked list of smb messages ready
703 ****************************************************************************/
705 static bool push_queued_message(struct smb_request *req,
706 struct timeval request_time,
707 struct timeval end_time,
708 struct deferred_open_record *open_rec)
710 int msg_len = smb_len(req->inbuf) + 4;
711 struct pending_message_list *msg;
713 msg = talloc_zero(NULL, struct pending_message_list);
716 DEBUG(0,("push_message: malloc fail (1)\n"));
719 msg->sconn = req->sconn;
720 msg->xconn = req->xconn;
722 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
723 if(msg->buf.data == NULL) {
724 DEBUG(0,("push_message: malloc fail (2)\n"));
729 msg->request_time = request_time;
730 msg->seqnum = req->seqnum;
731 msg->encrypted = req->encrypted;
732 msg->processed = false;
733 SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
736 msg->open_rec = talloc_move(msg, &open_rec);
740 msg->te = tevent_add_timer(msg->sconn->ev_ctx,
743 smbd_deferred_open_timer,
746 DEBUG(0,("push_message: event_add_timed failed\n"));
752 DLIST_ADD_END(req->sconn->deferred_open_queue, msg,
753 struct pending_message_list *);
755 DEBUG(10,("push_message: pushed message length %u on "
756 "deferred_open_queue\n", (unsigned int)msg_len));
761 /****************************************************************************
762 Function to delete a sharing violation open message by mid.
763 ****************************************************************************/
765 void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
768 struct smbd_server_connection *sconn = xconn->client->sconn;
769 struct pending_message_list *pml;
771 if (sconn->using_smb2) {
772 remove_deferred_open_message_smb2(xconn, mid);
776 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
777 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
778 DEBUG(10,("remove_deferred_open_message_smb: "
779 "deleting mid %llu len %u\n",
780 (unsigned long long)mid,
781 (unsigned int)pml->buf.length ));
782 DLIST_REMOVE(sconn->deferred_open_queue, pml);
789 /****************************************************************************
790 Move a sharing violation open retry message to the front of the list and
791 schedule it for immediate processing.
792 ****************************************************************************/
794 bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
797 struct smbd_server_connection *sconn = xconn->client->sconn;
798 struct pending_message_list *pml;
801 if (sconn->using_smb2) {
802 return schedule_deferred_open_message_smb2(xconn, mid);
805 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
806 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
808 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
811 (unsigned long long)msg_mid ));
813 if (mid == msg_mid) {
814 struct tevent_timer *te;
816 if (pml->processed) {
817 /* A processed message should not be
819 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
820 "message mid %llu was already processed\n",
821 (unsigned long long)msg_mid ));
825 DEBUG(10,("schedule_deferred_open_message_smb: "
826 "scheduling mid %llu\n",
827 (unsigned long long)mid ));
829 te = tevent_add_timer(pml->sconn->ev_ctx,
832 smbd_deferred_open_timer,
835 DEBUG(10,("schedule_deferred_open_message_smb: "
836 "event_add_timed() failed, "
837 "skipping mid %llu\n",
838 (unsigned long long)msg_mid ));
841 TALLOC_FREE(pml->te);
843 DLIST_PROMOTE(sconn->deferred_open_queue, pml);
848 DEBUG(10,("schedule_deferred_open_message_smb: failed to "
849 "find message mid %llu\n",
850 (unsigned long long)mid ));
855 /****************************************************************************
856 Return true if this mid is on the deferred queue and was not yet processed.
857 ****************************************************************************/
859 bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
861 struct smbd_server_connection *sconn = xconn->client->sconn;
862 struct pending_message_list *pml;
864 if (sconn->using_smb2) {
865 return open_was_deferred_smb2(xconn, mid);
868 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
869 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
876 /****************************************************************************
877 Return the message queued by this mid.
878 ****************************************************************************/
880 static struct pending_message_list *get_deferred_open_message_smb(
881 struct smbd_server_connection *sconn, uint64_t mid)
883 struct pending_message_list *pml;
885 for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
886 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
893 /****************************************************************************
894 Get the state data queued by this mid.
895 ****************************************************************************/
897 bool get_deferred_open_message_state(struct smb_request *smbreq,
898 struct timeval *p_request_time,
899 struct deferred_open_record **open_rec)
901 struct pending_message_list *pml;
903 if (smbreq->sconn->using_smb2) {
904 return get_deferred_open_message_state_smb2(smbreq->smb2req,
909 pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
913 if (p_request_time) {
914 *p_request_time = pml->request_time;
916 if (open_rec != NULL) {
917 *open_rec = pml->open_rec;
922 /****************************************************************************
923 Function to push a deferred open smb message onto a linked list of local smb
924 messages ready for processing.
925 ****************************************************************************/
927 bool push_deferred_open_message_smb(struct smb_request *req,
928 struct timeval request_time,
929 struct timeval timeout,
931 struct deferred_open_record *open_rec)
933 struct timeval end_time;
936 return push_deferred_open_message_smb2(req->smb2req,
943 if (req->unread_bytes) {
944 DEBUG(0,("push_deferred_open_message_smb: logic error ! "
945 "unread_bytes = %u\n",
946 (unsigned int)req->unread_bytes ));
947 smb_panic("push_deferred_open_message_smb: "
948 "logic error unread_bytes != 0" );
951 end_time = timeval_sum(&request_time, &timeout);
953 DEBUG(10,("push_deferred_open_message_smb: pushing message "
954 "len %u mid %llu timeout time [%u.%06u]\n",
955 (unsigned int) smb_len(req->inbuf)+4,
956 (unsigned long long)req->mid,
957 (unsigned int)end_time.tv_sec,
958 (unsigned int)end_time.tv_usec));
960 return push_queued_message(req, request_time, end_time, open_rec);
963 static void smbd_sig_term_handler(struct tevent_context *ev,
964 struct tevent_signal *se,
970 exit_server_cleanly("termination signal");
973 void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
975 struct tevent_signal *se;
977 se = tevent_add_signal(sconn->ev_ctx,
980 smbd_sig_term_handler,
983 exit_server("failed to setup SIGTERM handler");
987 static void smbd_sig_hup_handler(struct tevent_context *ev,
988 struct tevent_signal *se,
994 struct smbd_server_connection *sconn =
995 talloc_get_type_abort(private_data,
996 struct smbd_server_connection);
998 change_to_root_user();
999 DEBUG(1,("Reloading services after SIGHUP\n"));
1000 reload_services(sconn, conn_snum_used, false);
1003 void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
1005 struct tevent_signal *se;
1007 se = tevent_add_signal(sconn->ev_ctx,
1010 smbd_sig_hup_handler,
1013 exit_server("failed to setup SIGHUP handler");
1017 static void smbd_conf_updated(struct messaging_context *msg,
1020 struct server_id server_id,
1023 struct smbd_server_connection *sconn =
1024 talloc_get_type_abort(private_data,
1025 struct smbd_server_connection);
1027 DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
1028 "updated. Reloading.\n"));
1029 change_to_root_user();
1030 reload_services(sconn, conn_snum_used, false);
1034 * Only allow 5 outstanding trans requests. We're allocating memory, so
1038 NTSTATUS allow_new_trans(struct trans_state *list, uint64_t mid)
1041 for (; list != NULL; list = list->next) {
1043 if (list->mid == mid) {
1044 return NT_STATUS_INVALID_PARAMETER;
1050 return NT_STATUS_INSUFFICIENT_RESOURCES;
1053 return NT_STATUS_OK;
1057 These flags determine some of the permissions required to do an operation
1059 Note that I don't set NEED_WRITE on some write operations because they
1060 are used by some brain-dead clients when printing, and I don't want to
1061 force write permissions on print services.
1063 #define AS_USER (1<<0)
1064 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
1065 #define TIME_INIT (1<<2)
1066 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
1067 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
1068 #define DO_CHDIR (1<<6)
1071 define a list of possible SMB messages and their corresponding
1072 functions. Any message that has a NULL function is unimplemented -
1073 please feel free to contribute implementations!
1075 static const struct smb_message_struct {
1077 void (*fn)(struct smb_request *req);
1079 } smb_messages[256] = {
1081 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1082 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1083 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1084 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1085 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1086 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1087 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1088 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1089 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1090 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1091 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1092 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1093 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1094 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1095 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1096 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1097 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1098 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1099 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1100 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1101 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1102 /* 0x15 */ { NULL, NULL, 0 },
1103 /* 0x16 */ { NULL, NULL, 0 },
1104 /* 0x17 */ { NULL, NULL, 0 },
1105 /* 0x18 */ { NULL, NULL, 0 },
1106 /* 0x19 */ { NULL, NULL, 0 },
1107 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1108 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1109 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1110 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1111 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1112 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1113 /* 0x20 */ { "SMBwritec", NULL,0},
1114 /* 0x21 */ { NULL, NULL, 0 },
1115 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1116 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1117 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1118 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1119 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1120 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1121 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1122 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1123 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1124 /* 0x2b */ { "SMBecho",reply_echo,0},
1125 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1126 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1127 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1128 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1129 /* 0x30 */ { NULL, NULL, 0 },
1130 /* 0x31 */ { NULL, NULL, 0 },
1131 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1132 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC },
1133 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1134 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1135 /* 0x36 */ { NULL, NULL, 0 },
1136 /* 0x37 */ { NULL, NULL, 0 },
1137 /* 0x38 */ { NULL, NULL, 0 },
1138 /* 0x39 */ { NULL, NULL, 0 },
1139 /* 0x3a */ { NULL, NULL, 0 },
1140 /* 0x3b */ { NULL, NULL, 0 },
1141 /* 0x3c */ { NULL, NULL, 0 },
1142 /* 0x3d */ { NULL, NULL, 0 },
1143 /* 0x3e */ { NULL, NULL, 0 },
1144 /* 0x3f */ { NULL, NULL, 0 },
1145 /* 0x40 */ { NULL, NULL, 0 },
1146 /* 0x41 */ { NULL, NULL, 0 },
1147 /* 0x42 */ { NULL, NULL, 0 },
1148 /* 0x43 */ { NULL, NULL, 0 },
1149 /* 0x44 */ { NULL, NULL, 0 },
1150 /* 0x45 */ { NULL, NULL, 0 },
1151 /* 0x46 */ { NULL, NULL, 0 },
1152 /* 0x47 */ { NULL, NULL, 0 },
1153 /* 0x48 */ { NULL, NULL, 0 },
1154 /* 0x49 */ { NULL, NULL, 0 },
1155 /* 0x4a */ { NULL, NULL, 0 },
1156 /* 0x4b */ { NULL, NULL, 0 },
1157 /* 0x4c */ { NULL, NULL, 0 },
1158 /* 0x4d */ { NULL, NULL, 0 },
1159 /* 0x4e */ { NULL, NULL, 0 },
1160 /* 0x4f */ { NULL, NULL, 0 },
1161 /* 0x50 */ { NULL, NULL, 0 },
1162 /* 0x51 */ { NULL, NULL, 0 },
1163 /* 0x52 */ { NULL, NULL, 0 },
1164 /* 0x53 */ { NULL, NULL, 0 },
1165 /* 0x54 */ { NULL, NULL, 0 },
1166 /* 0x55 */ { NULL, NULL, 0 },
1167 /* 0x56 */ { NULL, NULL, 0 },
1168 /* 0x57 */ { NULL, NULL, 0 },
1169 /* 0x58 */ { NULL, NULL, 0 },
1170 /* 0x59 */ { NULL, NULL, 0 },
1171 /* 0x5a */ { NULL, NULL, 0 },
1172 /* 0x5b */ { NULL, NULL, 0 },
1173 /* 0x5c */ { NULL, NULL, 0 },
1174 /* 0x5d */ { NULL, NULL, 0 },
1175 /* 0x5e */ { NULL, NULL, 0 },
1176 /* 0x5f */ { NULL, NULL, 0 },
1177 /* 0x60 */ { NULL, NULL, 0 },
1178 /* 0x61 */ { NULL, NULL, 0 },
1179 /* 0x62 */ { NULL, NULL, 0 },
1180 /* 0x63 */ { NULL, NULL, 0 },
1181 /* 0x64 */ { NULL, NULL, 0 },
1182 /* 0x65 */ { NULL, NULL, 0 },
1183 /* 0x66 */ { NULL, NULL, 0 },
1184 /* 0x67 */ { NULL, NULL, 0 },
1185 /* 0x68 */ { NULL, NULL, 0 },
1186 /* 0x69 */ { NULL, NULL, 0 },
1187 /* 0x6a */ { NULL, NULL, 0 },
1188 /* 0x6b */ { NULL, NULL, 0 },
1189 /* 0x6c */ { NULL, NULL, 0 },
1190 /* 0x6d */ { NULL, NULL, 0 },
1191 /* 0x6e */ { NULL, NULL, 0 },
1192 /* 0x6f */ { NULL, NULL, 0 },
1193 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1194 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1195 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1196 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1197 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1198 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1199 /* 0x76 */ { NULL, NULL, 0 },
1200 /* 0x77 */ { NULL, NULL, 0 },
1201 /* 0x78 */ { NULL, NULL, 0 },
1202 /* 0x79 */ { NULL, NULL, 0 },
1203 /* 0x7a */ { NULL, NULL, 0 },
1204 /* 0x7b */ { NULL, NULL, 0 },
1205 /* 0x7c */ { NULL, NULL, 0 },
1206 /* 0x7d */ { NULL, NULL, 0 },
1207 /* 0x7e */ { NULL, NULL, 0 },
1208 /* 0x7f */ { NULL, NULL, 0 },
1209 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1210 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1211 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1212 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1213 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1214 /* 0x85 */ { NULL, NULL, 0 },
1215 /* 0x86 */ { NULL, NULL, 0 },
1216 /* 0x87 */ { NULL, NULL, 0 },
1217 /* 0x88 */ { NULL, NULL, 0 },
1218 /* 0x89 */ { NULL, NULL, 0 },
1219 /* 0x8a */ { NULL, NULL, 0 },
1220 /* 0x8b */ { NULL, NULL, 0 },
1221 /* 0x8c */ { NULL, NULL, 0 },
1222 /* 0x8d */ { NULL, NULL, 0 },
1223 /* 0x8e */ { NULL, NULL, 0 },
1224 /* 0x8f */ { NULL, NULL, 0 },
1225 /* 0x90 */ { NULL, NULL, 0 },
1226 /* 0x91 */ { NULL, NULL, 0 },
1227 /* 0x92 */ { NULL, NULL, 0 },
1228 /* 0x93 */ { NULL, NULL, 0 },
1229 /* 0x94 */ { NULL, NULL, 0 },
1230 /* 0x95 */ { NULL, NULL, 0 },
1231 /* 0x96 */ { NULL, NULL, 0 },
1232 /* 0x97 */ { NULL, NULL, 0 },
1233 /* 0x98 */ { NULL, NULL, 0 },
1234 /* 0x99 */ { NULL, NULL, 0 },
1235 /* 0x9a */ { NULL, NULL, 0 },
1236 /* 0x9b */ { NULL, NULL, 0 },
1237 /* 0x9c */ { NULL, NULL, 0 },
1238 /* 0x9d */ { NULL, NULL, 0 },
1239 /* 0x9e */ { NULL, NULL, 0 },
1240 /* 0x9f */ { NULL, NULL, 0 },
1241 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1242 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1243 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1244 /* 0xa3 */ { NULL, NULL, 0 },
1245 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1246 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1247 /* 0xa6 */ { NULL, NULL, 0 },
1248 /* 0xa7 */ { NULL, NULL, 0 },
1249 /* 0xa8 */ { NULL, NULL, 0 },
1250 /* 0xa9 */ { NULL, NULL, 0 },
1251 /* 0xaa */ { NULL, NULL, 0 },
1252 /* 0xab */ { NULL, NULL, 0 },
1253 /* 0xac */ { NULL, NULL, 0 },
1254 /* 0xad */ { NULL, NULL, 0 },
1255 /* 0xae */ { NULL, NULL, 0 },
1256 /* 0xaf */ { NULL, NULL, 0 },
1257 /* 0xb0 */ { NULL, NULL, 0 },
1258 /* 0xb1 */ { NULL, NULL, 0 },
1259 /* 0xb2 */ { NULL, NULL, 0 },
1260 /* 0xb3 */ { NULL, NULL, 0 },
1261 /* 0xb4 */ { NULL, NULL, 0 },
1262 /* 0xb5 */ { NULL, NULL, 0 },
1263 /* 0xb6 */ { NULL, NULL, 0 },
1264 /* 0xb7 */ { NULL, NULL, 0 },
1265 /* 0xb8 */ { NULL, NULL, 0 },
1266 /* 0xb9 */ { NULL, NULL, 0 },
1267 /* 0xba */ { NULL, NULL, 0 },
1268 /* 0xbb */ { NULL, NULL, 0 },
1269 /* 0xbc */ { NULL, NULL, 0 },
1270 /* 0xbd */ { NULL, NULL, 0 },
1271 /* 0xbe */ { NULL, NULL, 0 },
1272 /* 0xbf */ { NULL, NULL, 0 },
1273 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1274 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1275 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1276 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1277 /* 0xc4 */ { NULL, NULL, 0 },
1278 /* 0xc5 */ { NULL, NULL, 0 },
1279 /* 0xc6 */ { NULL, NULL, 0 },
1280 /* 0xc7 */ { NULL, NULL, 0 },
1281 /* 0xc8 */ { NULL, NULL, 0 },
1282 /* 0xc9 */ { NULL, NULL, 0 },
1283 /* 0xca */ { NULL, NULL, 0 },
1284 /* 0xcb */ { NULL, NULL, 0 },
1285 /* 0xcc */ { NULL, NULL, 0 },
1286 /* 0xcd */ { NULL, NULL, 0 },
1287 /* 0xce */ { NULL, NULL, 0 },
1288 /* 0xcf */ { NULL, NULL, 0 },
1289 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1290 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1291 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1292 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1293 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1294 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1295 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1296 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1297 /* 0xd8 */ { NULL, NULL, 0 },
1298 /* 0xd9 */ { NULL, NULL, 0 },
1299 /* 0xda */ { NULL, NULL, 0 },
1300 /* 0xdb */ { NULL, NULL, 0 },
1301 /* 0xdc */ { NULL, NULL, 0 },
1302 /* 0xdd */ { NULL, NULL, 0 },
1303 /* 0xde */ { NULL, NULL, 0 },
1304 /* 0xdf */ { NULL, NULL, 0 },
1305 /* 0xe0 */ { NULL, NULL, 0 },
1306 /* 0xe1 */ { NULL, NULL, 0 },
1307 /* 0xe2 */ { NULL, NULL, 0 },
1308 /* 0xe3 */ { NULL, NULL, 0 },
1309 /* 0xe4 */ { NULL, NULL, 0 },
1310 /* 0xe5 */ { NULL, NULL, 0 },
1311 /* 0xe6 */ { NULL, NULL, 0 },
1312 /* 0xe7 */ { NULL, NULL, 0 },
1313 /* 0xe8 */ { NULL, NULL, 0 },
1314 /* 0xe9 */ { NULL, NULL, 0 },
1315 /* 0xea */ { NULL, NULL, 0 },
1316 /* 0xeb */ { NULL, NULL, 0 },
1317 /* 0xec */ { NULL, NULL, 0 },
1318 /* 0xed */ { NULL, NULL, 0 },
1319 /* 0xee */ { NULL, NULL, 0 },
1320 /* 0xef */ { NULL, NULL, 0 },
1321 /* 0xf0 */ { NULL, NULL, 0 },
1322 /* 0xf1 */ { NULL, NULL, 0 },
1323 /* 0xf2 */ { NULL, NULL, 0 },
1324 /* 0xf3 */ { NULL, NULL, 0 },
1325 /* 0xf4 */ { NULL, NULL, 0 },
1326 /* 0xf5 */ { NULL, NULL, 0 },
1327 /* 0xf6 */ { NULL, NULL, 0 },
1328 /* 0xf7 */ { NULL, NULL, 0 },
1329 /* 0xf8 */ { NULL, NULL, 0 },
1330 /* 0xf9 */ { NULL, NULL, 0 },
1331 /* 0xfa */ { NULL, NULL, 0 },
1332 /* 0xfb */ { NULL, NULL, 0 },
1333 /* 0xfc */ { NULL, NULL, 0 },
1334 /* 0xfd */ { NULL, NULL, 0 },
1335 /* 0xfe */ { NULL, NULL, 0 },
1336 /* 0xff */ { NULL, NULL, 0 }
1340 /*******************************************************************
1341 allocate and initialize a reply packet
1342 ********************************************************************/
1344 static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
1345 const uint8_t *inbuf, char **outbuf,
1346 uint8_t num_words, uint32_t num_bytes)
1348 size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
1351 * Protect against integer wrap.
1352 * The SMB layer reply can be up to 0xFFFFFF bytes.
1354 if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
1356 if (asprintf(&msg, "num_bytes too large: %u",
1357 (unsigned)num_bytes) == -1) {
1358 msg = discard_const_p(char, "num_bytes too large");
1364 * Here we include the NBT header for now.
1366 *outbuf = talloc_array(mem_ctx, char,
1367 NBT_HDR_SIZE + smb_len);
1368 if (*outbuf == NULL) {
1372 construct_reply_common(req->cmd, inbuf, *outbuf);
1373 srv_set_message(*outbuf, num_words, num_bytes, false);
1375 * Zero out the word area, the caller has to take care of the bcc area
1378 if (num_words != 0) {
1379 memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
1385 void reply_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
1388 if (!create_outbuf(req, req, req->inbuf, &outbuf, num_words,
1390 smb_panic("could not allocate output buffer\n");
1392 req->outbuf = (uint8_t *)outbuf;
1396 /*******************************************************************
1397 Dump a packet to a file.
1398 ********************************************************************/
1400 static void smb_dump(const char *name, int type, const char *data)
1405 if (DEBUGLEVEL < 50) {
1409 len = smb_len_tcp(data)+4;
1410 for (i=1;i<100;i++) {
1411 fname = talloc_asprintf(talloc_tos(),
1415 type ? "req" : "resp");
1416 if (fname == NULL) {
1419 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1420 if (fd != -1 || errno != EEXIST) break;
1424 ssize_t ret = write(fd, data, len);
1426 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1428 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1433 /****************************************************************************
1434 Prepare everything for calling the actual request function, and potentially
1435 call the request function via the "new" interface.
1437 Return False if the "legacy" function needs to be called, everything is
1440 Return True if we're done.
1442 I know this API sucks, but it is the one with the least code change I could
1444 ****************************************************************************/
1446 static connection_struct *switch_message(uint8_t type, struct smb_request *req)
1449 uint64_t session_tag;
1450 connection_struct *conn = NULL;
1451 struct smbXsrv_connection *xconn = req->xconn;
1452 NTTIME now = timeval_to_nttime(&req->request_time);
1453 struct smbXsrv_session *session = NULL;
1458 if (!xconn->smb1.negprot.done) {
1461 * Without a negprot the request must
1462 * either be a negprot, or one of the
1463 * evil old SMB mailslot messaging types.
1471 exit_server_cleanly("The first request "
1472 "should be a negprot");
1476 if (smb_messages[type].fn == NULL) {
1477 DEBUG(0,("Unknown message type %d!\n",type));
1478 smb_dump("Unknown", 1, (const char *)req->inbuf);
1479 reply_unknown_new(req, type);
1483 flags = smb_messages[type].flags;
1485 /* In share mode security we must ignore the vuid. */
1486 session_tag = req->vuid;
1489 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1490 (int)getpid(), (unsigned long)conn));
1492 smb_dump(smb_fn_name(type), 1, (const char *)req->inbuf);
1494 /* Ensure this value is replaced in the incoming packet. */
1495 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_uid,session_tag);
1498 * Ensure the correct username is in current_user_info. This is a
1499 * really ugly bugfix for problems with multiple session_setup_and_X's
1500 * being done and allowing %U and %G substitutions to work correctly.
1501 * There is a reason this code is done here, don't move it unless you
1502 * know what you're doing... :-).
1507 * lookup an existing session
1509 * Note: for now we only check for NT_STATUS_NETWORK_SESSION_EXPIRED
1510 * here, the main check is still in change_to_user()
1512 status = smb1srv_session_lookup(xconn,
1516 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
1519 status = NT_STATUS_OK;
1522 DEBUG(1,("Error: session %llu is expired, mid=%llu.\n",
1523 (unsigned long long)session_tag,
1524 (unsigned long long)req->mid));
1525 reply_nterror(req, NT_STATUS_NETWORK_SESSION_EXPIRED);
1530 if (session_tag != xconn->client->last_session_id) {
1531 struct user_struct *vuser = NULL;
1533 xconn->client->last_session_id = session_tag;
1535 vuser = session->compat;
1538 set_current_user_info(
1539 vuser->session_info->unix_info->sanitized_username,
1540 vuser->session_info->unix_info->unix_name,
1541 vuser->session_info->info->domain_name);
1545 /* Does this call need to be run as the connected user? */
1546 if (flags & AS_USER) {
1548 /* Does this call need a valid tree connection? */
1551 * Amazingly, the error code depends on the command
1554 if (type == SMBntcreateX) {
1555 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1557 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
1562 if (!change_to_user(conn,session_tag)) {
1563 DEBUG(0, ("Error: Could not change to user. Removing "
1564 "deferred open, mid=%llu.\n",
1565 (unsigned long long)req->mid));
1566 reply_force_doserror(req, ERRSRV, ERRbaduid);
1570 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1572 /* Does it need write permission? */
1573 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1574 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1578 /* IPC services are limited */
1579 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1580 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1584 /* This call needs to be run as root */
1585 change_to_root_user();
1588 /* load service specific parameters */
1590 if (req->encrypted) {
1591 conn->encrypted_tid = true;
1592 /* encrypted required from now on. */
1593 conn->encrypt_level = SMB_SIGNING_REQUIRED;
1594 } else if (ENCRYPTION_REQUIRED(conn)) {
1595 if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
1596 DEBUG(1,("service[%s] requires encryption"
1597 "%s ACCESS_DENIED. mid=%llu\n",
1598 lp_servicename(talloc_tos(), SNUM(conn)),
1600 (unsigned long long)req->mid));
1601 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1606 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1607 (flags & (AS_USER|DO_CHDIR)
1609 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1612 conn->num_smb_operations++;
1616 * Does this protocol need to be run as guest? (Only archane
1617 * messenger service requests have this...)
1619 if (flags & AS_GUEST) {
1623 if (!change_to_guest()) {
1624 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1628 raddr = tsocket_address_inet_addr_string(xconn->remote_address,
1630 if (raddr == NULL) {
1631 reply_nterror(req, NT_STATUS_NO_MEMORY);
1636 * Haven't we checked this in smbd_process already???
1639 ok = allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
1640 xconn->remote_hostname, raddr);
1644 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1649 smb_messages[type].fn(req);
1653 /****************************************************************************
1654 Construct a reply to the incoming packet.
1655 ****************************************************************************/
1657 static void construct_reply(struct smbXsrv_connection *xconn,
1658 char *inbuf, int size, size_t unread_bytes,
1659 uint32_t seqnum, bool encrypted,
1660 struct smb_perfcount_data *deferred_pcd)
1662 struct smbd_server_connection *sconn = xconn->client->sconn;
1663 struct smb_request *req;
1665 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1666 smb_panic("could not allocate smb_request");
1669 if (!init_smb_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
1670 encrypted, seqnum)) {
1671 exit_server_cleanly("Invalid SMB request");
1674 req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
1676 /* we popped this message off the queue - keep original perf data */
1678 req->pcd = *deferred_pcd;
1680 SMB_PERFCOUNT_START(&req->pcd);
1681 SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
1682 SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
1685 req->conn = switch_message(req->cmd, req);
1687 if (req->outbuf == NULL) {
1689 * Request has suspended itself, will come
1694 if (CVAL(req->outbuf,0) == 0) {
1695 show_msg((char *)req->outbuf);
1697 smb_request_done(req);
1700 static void construct_reply_chain(struct smbXsrv_connection *xconn,
1701 char *inbuf, int size, uint32_t seqnum,
1703 struct smb_perfcount_data *deferred_pcd)
1705 struct smb_request **reqs = NULL;
1706 struct smb_request *req;
1710 ok = smb1_parse_chain(talloc_tos(), (uint8_t *)inbuf, xconn, encrypted,
1711 seqnum, &reqs, &num_reqs);
1713 char errbuf[smb_size];
1714 error_packet(errbuf, 0, 0, NT_STATUS_INVALID_PARAMETER,
1715 __LINE__, __FILE__);
1716 if (!srv_send_smb(xconn, errbuf, true, seqnum, encrypted,
1718 exit_server_cleanly("construct_reply_chain: "
1719 "srv_send_smb failed.");
1725 req->inbuf = (uint8_t *)talloc_move(reqs, &inbuf);
1727 req->conn = switch_message(req->cmd, req);
1729 if (req->outbuf == NULL) {
1731 * Request has suspended itself, will come
1736 smb_request_done(req);
1740 * To be called from an async SMB handler that is potentially chained
1741 * when it is finished for shipping.
1744 void smb_request_done(struct smb_request *req)
1746 struct smb_request **reqs = NULL;
1747 struct smb_request *first_req;
1748 size_t i, num_reqs, next_index;
1751 if (req->chain == NULL) {
1757 num_reqs = talloc_array_length(reqs);
1759 for (i=0; i<num_reqs; i++) {
1760 if (reqs[i] == req) {
1764 if (i == num_reqs) {
1766 * Invalid chain, should not happen
1768 status = NT_STATUS_INTERNAL_ERROR;
1773 while ((next_index < num_reqs) && (IVAL(req->outbuf, smb_rcls) == 0)) {
1774 struct smb_request *next = reqs[next_index];
1775 struct smbXsrv_tcon *tcon;
1776 NTTIME now = timeval_to_nttime(&req->request_time);
1778 next->vuid = SVAL(req->outbuf, smb_uid);
1779 next->tid = SVAL(req->outbuf, smb_tid);
1780 status = smb1srv_tcon_lookup(req->xconn, req->tid,
1782 if (NT_STATUS_IS_OK(status)) {
1783 req->conn = tcon->compat;
1787 next->chain_fsp = req->chain_fsp;
1788 next->inbuf = req->inbuf;
1791 req->conn = switch_message(req->cmd, req);
1793 if (req->outbuf == NULL) {
1795 * Request has suspended itself, will come
1803 first_req = reqs[0];
1805 for (i=1; i<next_index; i++) {
1808 ok = smb_splice_chain(&first_req->outbuf, reqs[i]->outbuf);
1810 status = NT_STATUS_INTERNAL_ERROR;
1815 SSVAL(first_req->outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
1816 SSVAL(first_req->outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
1819 * This scary statement intends to set the
1820 * FLAGS2_32_BIT_ERROR_CODES flg2 field in first_req->outbuf
1821 * to the value last_req->outbuf carries
1823 SSVAL(first_req->outbuf, smb_flg2,
1824 (SVAL(first_req->outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
1825 |(SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
1828 * Transfer the error codes from the subrequest to the main one
1830 SSVAL(first_req->outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
1831 SSVAL(first_req->outbuf, smb_err, SVAL(req->outbuf, smb_err));
1834 first_req->outbuf, talloc_get_size(first_req->outbuf) - 4);
1837 if (!srv_send_smb(first_req->xconn,
1838 (char *)first_req->outbuf,
1839 true, first_req->seqnum+1,
1840 IS_CONN_ENCRYPTED(req->conn)||first_req->encrypted,
1842 exit_server_cleanly("construct_reply_chain: srv_send_smb "
1845 TALLOC_FREE(req); /* non-chained case */
1846 TALLOC_FREE(reqs); /* chained case */
1851 char errbuf[smb_size];
1852 error_packet(errbuf, 0, 0, status, __LINE__, __FILE__);
1853 if (!srv_send_smb(req->xconn, errbuf, true,
1854 req->seqnum+1, req->encrypted,
1856 exit_server_cleanly("construct_reply_chain: "
1857 "srv_send_smb failed.");
1860 TALLOC_FREE(req); /* non-chained case */
1861 TALLOC_FREE(reqs); /* chained case */
1864 /****************************************************************************
1865 Process an smb from the client
1866 ****************************************************************************/
1867 static void process_smb(struct smbXsrv_connection *xconn,
1868 uint8_t *inbuf, size_t nread, size_t unread_bytes,
1869 uint32_t seqnum, bool encrypted,
1870 struct smb_perfcount_data *deferred_pcd)
1872 struct smbd_server_connection *sconn = xconn->client->sconn;
1873 int msg_type = CVAL(inbuf,0);
1875 DO_PROFILE_INC(request);
1877 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1879 DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
1880 sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
1882 if (msg_type != NBSSmessage) {
1884 * NetBIOS session request, keepalive, etc.
1886 reply_special(xconn, (char *)inbuf, nread);
1890 if (sconn->using_smb2) {
1891 /* At this point we're not really using smb2,
1892 * we make the decision here.. */
1893 if (smbd_is_smb2_header(inbuf, nread)) {
1894 const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
1895 size_t pdulen = nread - NBT_HDR_SIZE;
1896 smbd_smb2_first_negprot(xconn, inpdu, pdulen);
1898 } else if (nread >= smb_size && valid_smb_header(inbuf)
1899 && CVAL(inbuf, smb_com) != 0x72) {
1900 /* This is a non-negprot SMB1 packet.
1901 Disable SMB2 from now on. */
1902 sconn->using_smb2 = false;
1906 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1907 * so subtract 4 from it. */
1908 if ((nread < (smb_size - 4)) || !valid_smb_header(inbuf)) {
1909 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1912 /* special magic for immediate exit */
1914 (IVAL(inbuf, 4) == 0x74697865) &&
1915 lp_parm_bool(-1, "smbd", "suicide mode", false)) {
1916 uint8_t exitcode = CVAL(inbuf, 8);
1917 DEBUG(1, ("Exiting immediately with code %d\n",
1922 exit_server_cleanly("Non-SMB packet");
1925 show_msg((char *)inbuf);
1927 if ((unread_bytes == 0) && smb1_is_chain(inbuf)) {
1928 construct_reply_chain(xconn, (char *)inbuf, nread,
1929 seqnum, encrypted, deferred_pcd);
1931 construct_reply(xconn, (char *)inbuf, nread, unread_bytes,
1932 seqnum, encrypted, deferred_pcd);
1938 sconn->num_requests++;
1940 /* The timeout_processing function isn't run nearly
1941 often enough to implement 'max log size' without
1942 overrunning the size of the file by many megabytes.
1943 This is especially true if we are running at debug
1944 level 10. Checking every 50 SMBs is a nice
1945 tradeoff of performance vs log file size overrun. */
1947 if ((sconn->num_requests % 50) == 0 &&
1948 need_to_check_log_size()) {
1949 change_to_root_user();
1954 /****************************************************************************
1955 Return a string containing the function name of a SMB command.
1956 ****************************************************************************/
1958 const char *smb_fn_name(int type)
1960 const char *unknown_name = "SMBunknown";
1962 if (smb_messages[type].name == NULL)
1963 return(unknown_name);
1965 return(smb_messages[type].name);
1968 /****************************************************************************
1969 Helper functions for contruct_reply.
1970 ****************************************************************************/
1972 void add_to_common_flags2(uint32_t v)
1977 void remove_from_common_flags2(uint32_t v)
1979 common_flags2 &= ~v;
1982 static void construct_reply_common(uint8_t cmd, const uint8_t *inbuf,
1985 uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
1986 uint16_t out_flags2 = common_flags2;
1988 out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
1989 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
1990 out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
1992 srv_set_message(outbuf,0,0,false);
1994 SCVAL(outbuf, smb_com, cmd);
1995 SIVAL(outbuf,smb_rcls,0);
1996 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1997 SSVAL(outbuf,smb_flg2, out_flags2);
1998 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1999 memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
2001 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
2002 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
2003 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
2004 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
2007 void construct_reply_common_req(struct smb_request *req, char *outbuf)
2009 construct_reply_common(req->cmd, req->inbuf, outbuf);
2013 * @brief Find the smb_cmd offset of the last command pushed
2014 * @param[in] buf The buffer we're building up
2015 * @retval Where can we put our next andx cmd?
2017 * While chaining requests, the "next" request we're looking at needs to put
2018 * its SMB_Command before the data the previous request already built up added
2019 * to the chain. Find the offset to the place where we have to put our cmd.
2022 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
2027 cmd = CVAL(buf, smb_com);
2029 if (!is_andx_req(cmd)) {
2035 while (CVAL(buf, ofs) != 0xff) {
2037 if (!is_andx_req(CVAL(buf, ofs))) {
2042 * ofs is from start of smb header, so add the 4 length
2043 * bytes. The next cmd is right after the wct field.
2045 ofs = SVAL(buf, ofs+2) + 4 + 1;
2047 if (ofs+4 >= talloc_get_size(buf)) {
2057 * @brief Do the smb chaining at a buffer level
2058 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
2059 * @param[in] andx_buf Buffer to be appended
2062 static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
2064 uint8_t smb_command = CVAL(andx_buf, smb_com);
2065 uint8_t wct = CVAL(andx_buf, smb_wct);
2066 const uint16_t *vwv = (const uint16_t *)(andx_buf + smb_vwv);
2067 uint32_t num_bytes = smb_buflen(andx_buf);
2068 const uint8_t *bytes = (const uint8_t *)smb_buf_const(andx_buf);
2071 size_t old_size, new_size;
2073 size_t chain_padding = 0;
2074 size_t andx_cmd_ofs;
2077 old_size = talloc_get_size(*poutbuf);
2079 if ((old_size % 4) != 0) {
2081 * Align the wct field of subsequent requests to a 4-byte
2084 chain_padding = 4 - (old_size % 4);
2088 * After the old request comes the new wct field (1 byte), the vwv's
2089 * and the num_bytes field.
2092 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
2093 new_size += num_bytes;
2095 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
2096 DEBUG(1, ("smb_splice_chain: %u bytes won't fit\n",
2097 (unsigned)new_size));
2101 outbuf = talloc_realloc(NULL, *poutbuf, uint8_t, new_size);
2102 if (outbuf == NULL) {
2103 DEBUG(0, ("talloc failed\n"));
2108 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
2109 DEBUG(1, ("invalid command chain\n"));
2110 *poutbuf = talloc_realloc(NULL, *poutbuf, uint8_t, old_size);
2114 if (chain_padding != 0) {
2115 memset(outbuf + old_size, 0, chain_padding);
2116 old_size += chain_padding;
2119 SCVAL(outbuf, andx_cmd_ofs, smb_command);
2120 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
2125 * Push the chained request:
2130 SCVAL(outbuf, ofs, wct);
2137 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
2142 * Read&X has an offset into its data buffer at
2143 * vwv[6]. reply_read_andx has no idea anymore that it's
2144 * running from within a chain, so we have to fix up the
2147 * Although it looks disgusting at this place, I want to keep
2148 * it here. The alternative would be to push knowledge about
2149 * the andx chain down into read&x again.
2152 if (smb_command == SMBreadX) {
2153 uint8_t *bytes_addr;
2157 * Invalid read&x response
2162 bytes_addr = outbuf + ofs /* vwv start */
2163 + sizeof(uint16_t) * wct /* vwv array */
2164 + sizeof(uint16_t) /* bcc */
2165 + 1; /* padding byte */
2167 SSVAL(outbuf + ofs, 6 * sizeof(uint16_t),
2168 bytes_addr - outbuf - 4);
2171 ofs += sizeof(uint16_t) * wct;
2177 SSVAL(outbuf, ofs, num_bytes);
2178 ofs += sizeof(uint16_t);
2184 memcpy(outbuf + ofs, bytes, num_bytes);
2189 bool smb1_is_chain(const uint8_t *buf)
2191 uint8_t cmd, wct, andx_cmd;
2193 cmd = CVAL(buf, smb_com);
2194 if (!is_andx_req(cmd)) {
2197 wct = CVAL(buf, smb_wct);
2201 andx_cmd = CVAL(buf, smb_vwv);
2202 return (andx_cmd != 0xFF);
2205 bool smb1_walk_chain(const uint8_t *buf,
2206 bool (*fn)(uint8_t cmd,
2207 uint8_t wct, const uint16_t *vwv,
2208 uint16_t num_bytes, const uint8_t *bytes,
2209 void *private_data),
2212 size_t smblen = smb_len(buf);
2213 const char *smb_buf = smb_base(buf);
2214 uint8_t cmd, chain_cmd;
2216 const uint16_t *vwv;
2218 const uint8_t *bytes;
2220 cmd = CVAL(buf, smb_com);
2221 wct = CVAL(buf, smb_wct);
2222 vwv = (const uint16_t *)(buf + smb_vwv);
2223 num_bytes = smb_buflen(buf);
2224 bytes = (const uint8_t *)smb_buf_const(buf);
2226 if (!fn(cmd, wct, vwv, num_bytes, bytes, private_data)) {
2230 if (!is_andx_req(cmd)) {
2237 chain_cmd = CVAL(vwv, 0);
2239 while (chain_cmd != 0xff) {
2240 uint32_t chain_offset; /* uint32_t to avoid overflow */
2241 size_t length_needed;
2242 ptrdiff_t vwv_offset;
2244 chain_offset = SVAL(vwv+1, 0);
2247 * Check if the client tries to fool us. The chain
2248 * offset needs to point beyond the current request in
2249 * the chain, it needs to strictly grow. Otherwise we
2250 * might be tricked into an endless loop always
2251 * processing the same request over and over again. We
2252 * used to assume that vwv and the byte buffer array
2253 * in a chain are always attached, but OS/2 the
2254 * Write&X/Read&X chain puts the Read&X vwv array
2255 * right behind the Write&X vwv chain. The Write&X bcc
2256 * array is put behind the Read&X vwv array. So now we
2257 * check whether the chain offset points strictly
2258 * behind the previous vwv array. req->buf points
2259 * right after the vwv array of the previous
2261 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for
2265 vwv_offset = ((const char *)vwv - smb_buf);
2266 if (chain_offset <= vwv_offset) {
2271 * Next check: Make sure the chain offset does not
2272 * point beyond the overall smb request length.
2275 length_needed = chain_offset+1; /* wct */
2276 if (length_needed > smblen) {
2281 * Now comes the pointer magic. Goal here is to set up
2282 * vwv and buf correctly again. The chain offset (the
2283 * former vwv[1]) points at the new wct field.
2286 wct = CVAL(smb_buf, chain_offset);
2288 if (is_andx_req(chain_cmd) && (wct < 2)) {
2293 * Next consistency check: Make the new vwv array fits
2294 * in the overall smb request.
2297 length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */
2298 if (length_needed > smblen) {
2301 vwv = (const uint16_t *)(smb_buf + chain_offset + 1);
2304 * Now grab the new byte buffer....
2307 num_bytes = SVAL(vwv+wct, 0);
2310 * .. and check that it fits.
2313 length_needed += num_bytes;
2314 if (length_needed > smblen) {
2317 bytes = (const uint8_t *)(vwv+wct+1);
2319 if (!fn(chain_cmd, wct, vwv, num_bytes, bytes, private_data)) {
2323 if (!is_andx_req(chain_cmd)) {
2326 chain_cmd = CVAL(vwv, 0);
2331 static bool smb1_chain_length_cb(uint8_t cmd,
2332 uint8_t wct, const uint16_t *vwv,
2333 uint16_t num_bytes, const uint8_t *bytes,
2336 unsigned *count = (unsigned *)private_data;
2341 unsigned smb1_chain_length(const uint8_t *buf)
2345 if (!smb1_walk_chain(buf, smb1_chain_length_cb, &count)) {
2351 struct smb1_parse_chain_state {
2352 TALLOC_CTX *mem_ctx;
2354 struct smbd_server_connection *sconn;
2355 struct smbXsrv_connection *xconn;
2359 struct smb_request **reqs;
2363 static bool smb1_parse_chain_cb(uint8_t cmd,
2364 uint8_t wct, const uint16_t *vwv,
2365 uint16_t num_bytes, const uint8_t *bytes,
2368 struct smb1_parse_chain_state *state =
2369 (struct smb1_parse_chain_state *)private_data;
2370 struct smb_request **reqs;
2371 struct smb_request *req;
2374 reqs = talloc_realloc(state->mem_ctx, state->reqs,
2375 struct smb_request *, state->num_reqs+1);
2381 req = talloc(reqs, struct smb_request);
2386 ok = init_smb_request(req, state->sconn, state->xconn, state->buf, 0,
2387 state->encrypted, state->seqnum);
2394 req->buflen = num_bytes;
2397 reqs[state->num_reqs] = req;
2398 state->num_reqs += 1;
2402 bool smb1_parse_chain(TALLOC_CTX *mem_ctx, const uint8_t *buf,
2403 struct smbXsrv_connection *xconn,
2404 bool encrypted, uint32_t seqnum,
2405 struct smb_request ***reqs, unsigned *num_reqs)
2407 struct smbd_server_connection *sconn = NULL;
2408 struct smb1_parse_chain_state state;
2411 if (xconn != NULL) {
2412 sconn = xconn->client->sconn;
2415 state.mem_ctx = mem_ctx;
2417 state.sconn = sconn;
2418 state.xconn = xconn;
2419 state.encrypted = encrypted;
2420 state.seqnum = seqnum;
2424 if (!smb1_walk_chain(buf, smb1_parse_chain_cb, &state)) {
2425 TALLOC_FREE(state.reqs);
2428 for (i=0; i<state.num_reqs; i++) {
2429 state.reqs[i]->chain = state.reqs;
2432 *num_reqs = state.num_reqs;
2436 /****************************************************************************
2437 Check if services need reloading.
2438 ****************************************************************************/
2440 static void check_reload(struct smbd_server_connection *sconn, time_t t)
2443 if (last_smb_conf_reload_time == 0) {
2444 last_smb_conf_reload_time = t;
2447 if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
2448 reload_services(sconn, conn_snum_used, true);
2449 last_smb_conf_reload_time = t;
2453 static bool fd_is_readable(int fd)
2457 ret = poll_one_fd(fd, POLLIN|POLLHUP, 0, &revents);
2459 return ((ret > 0) && ((revents & (POLLIN|POLLHUP|POLLERR)) != 0));
2463 static void smbd_server_connection_write_handler(
2464 struct smbXsrv_connection *xconn)
2466 /* TODO: make write nonblocking */
2469 static void smbd_server_connection_read_handler(
2470 struct smbXsrv_connection *xconn, int fd)
2472 uint8_t *inbuf = NULL;
2473 size_t inbuf_len = 0;
2474 size_t unread_bytes = 0;
2475 bool encrypted = false;
2476 TALLOC_CTX *mem_ctx = talloc_tos();
2480 bool async_echo = lp_async_smb_echo_handler();
2481 bool from_client = false;
2484 if (fd_is_readable(xconn->smb1.echo_handler.trusted_fd)) {
2486 * This is the super-ugly hack to prefer the packets
2487 * forwarded by the echo handler over the ones by the
2490 fd = xconn->smb1.echo_handler.trusted_fd;
2494 from_client = (xconn->transport.sock == fd);
2496 if (async_echo && from_client) {
2497 smbd_lock_socket(xconn);
2499 if (!fd_is_readable(fd)) {
2500 DEBUG(10,("the echo listener was faster\n"));
2501 smbd_unlock_socket(xconn);
2506 /* TODO: make this completely nonblocking */
2507 status = receive_smb_talloc(mem_ctx, xconn, fd,
2508 (char **)(void *)&inbuf,
2512 &inbuf_len, &seqnum,
2513 !from_client /* trusted channel */);
2515 if (async_echo && from_client) {
2516 smbd_unlock_socket(xconn);
2519 if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
2522 if (NT_STATUS_IS_ERR(status)) {
2523 exit_server_cleanly("failed to receive smb request");
2525 if (!NT_STATUS_IS_OK(status)) {
2530 process_smb(xconn, inbuf, inbuf_len, unread_bytes,
2531 seqnum, encrypted, NULL);
2534 static void smbd_server_connection_handler(struct tevent_context *ev,
2535 struct tevent_fd *fde,
2539 struct smbXsrv_connection *xconn =
2540 talloc_get_type_abort(private_data,
2541 struct smbXsrv_connection);
2543 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2545 * we're not supposed to do any io
2547 TEVENT_FD_NOT_READABLE(xconn->transport.fde);
2548 TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
2552 if (flags & TEVENT_FD_WRITE) {
2553 smbd_server_connection_write_handler(xconn);
2556 if (flags & TEVENT_FD_READ) {
2557 smbd_server_connection_read_handler(xconn, xconn->transport.sock);
2562 static void smbd_server_echo_handler(struct tevent_context *ev,
2563 struct tevent_fd *fde,
2567 struct smbXsrv_connection *xconn =
2568 talloc_get_type_abort(private_data,
2569 struct smbXsrv_connection);
2571 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2573 * we're not supposed to do any io
2575 TEVENT_FD_NOT_READABLE(xconn->smb1.echo_handler.trusted_fde);
2576 TEVENT_FD_NOT_WRITEABLE(xconn->smb1.echo_handler.trusted_fde);
2580 if (flags & TEVENT_FD_WRITE) {
2581 smbd_server_connection_write_handler(xconn);
2584 if (flags & TEVENT_FD_READ) {
2585 smbd_server_connection_read_handler(
2586 xconn, xconn->smb1.echo_handler.trusted_fd);
2591 struct smbd_release_ip_state {
2592 struct smbXsrv_connection *xconn;
2593 struct tevent_immediate *im;
2594 char addr[INET6_ADDRSTRLEN];
2597 static void smbd_release_ip_immediate(struct tevent_context *ctx,
2598 struct tevent_immediate *im,
2601 struct smbd_release_ip_state *state =
2602 talloc_get_type_abort(private_data,
2603 struct smbd_release_ip_state);
2604 struct smbXsrv_connection *xconn = state->xconn;
2606 if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
2608 * smbd_server_connection_terminate() already triggered ?
2613 smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
2616 /****************************************************************************
2617 received when we should release a specific IP
2618 ****************************************************************************/
2619 static int release_ip(uint32_t src_vnn, uint32_t dst_vnn,
2621 const uint8_t *msg, size_t msglen,
2624 struct smbd_release_ip_state *state =
2625 talloc_get_type_abort(private_data,
2626 struct smbd_release_ip_state);
2627 struct smbXsrv_connection *xconn = state->xconn;
2629 const char *addr = state->addr;
2630 const char *p = addr;
2635 if (msg[msglen-1] != '\0') {
2639 ip = (const char *)msg;
2641 if (!NT_STATUS_IS_OK(xconn->transport.status)) {
2642 /* avoid recursion */
2646 if (strncmp("::ffff:", addr, 7) == 0) {
2650 DEBUG(10, ("Got release IP message for %s, "
2651 "our address is %s\n", ip, p));
2653 if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
2654 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
2657 * With SMB2 we should do a clean disconnect,
2658 * the previous_session_id in the session setup
2659 * will cleanup the old session, tcons and opens.
2661 * A clean disconnect is needed in order to support
2664 * Note: typically this is never triggered
2665 * as we got a TCP RST (triggered by ctdb event scripts)
2666 * before we get CTDB_SRVID_RELEASE_IP.
2668 * We used to call _exit(1) here, but as this was mostly never
2669 * triggered and has implication on our process model,
2670 * we can just use smbd_server_connection_terminate()
2673 * We don't call smbd_server_connection_terminate() directly
2674 * as we might be called from within ctdbd_migrate(),
2675 * we need to defer our action to the next event loop
2677 tevent_schedule_immediate(state->im, xconn->ev_ctx,
2678 smbd_release_ip_immediate, state);
2681 * Make sure we don't get any io on the connection.
2683 xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
2684 return EADDRNOTAVAIL;
2690 static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
2691 struct sockaddr_storage *srv,
2692 struct sockaddr_storage *clnt)
2694 struct smbd_release_ip_state *state;
2695 struct ctdbd_connection *cconn;
2697 cconn = messaging_ctdbd_connection();
2698 if (cconn == NULL) {
2699 return NT_STATUS_NO_MEMORY;
2702 state = talloc_zero(xconn, struct smbd_release_ip_state);
2703 if (state == NULL) {
2704 return NT_STATUS_NO_MEMORY;
2706 state->xconn = xconn;
2707 state->im = tevent_create_immediate(state);
2708 if (state->im == NULL) {
2709 return NT_STATUS_NO_MEMORY;
2711 if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
2712 return NT_STATUS_NO_MEMORY;
2715 return ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
2718 static void msg_kill_client_ip(struct messaging_context *msg_ctx,
2719 void *private_data, uint32_t msg_type,
2720 struct server_id server_id, DATA_BLOB *data)
2722 struct smbd_server_connection *sconn = talloc_get_type_abort(
2723 private_data, struct smbd_server_connection);
2724 const char *ip = (char *) data->data;
2727 DBG_DEBUG("Got kill request for client IP %s\n", ip);
2729 client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
2731 if (client_ip == NULL) {
2735 if (strequal(ip, client_ip)) {
2736 DBG_WARNING("Got kill client message for %s - "
2737 "exiting immediately\n", ip);
2738 exit_server_cleanly("Forced disconnect for client");
2741 TALLOC_FREE(client_ip);
2745 * Send keepalive packets to our client
2747 static bool keepalive_fn(const struct timeval *now, void *private_data)
2749 struct smbd_server_connection *sconn = talloc_get_type_abort(
2750 private_data, struct smbd_server_connection);
2751 struct smbXsrv_connection *xconn = NULL;
2754 if (sconn->using_smb2) {
2755 /* Don't do keepalives on an SMB2 connection. */
2760 * With SMB1 we only have 1 connection
2762 xconn = sconn->client->connections;
2763 smbd_lock_socket(xconn);
2764 ret = send_keepalive(xconn->transport.sock);
2765 smbd_unlock_socket(xconn);
2768 int saved_errno = errno;
2770 * Try and give an error message saying what
2773 DEBUG(0, ("send_keepalive failed for client %s. "
2774 "Error %s - exiting\n",
2775 smbXsrv_connection_dbg(xconn),
2776 strerror(saved_errno)));
2777 errno = saved_errno;
2784 * Do the recurring check if we're idle
2786 static bool deadtime_fn(const struct timeval *now, void *private_data)
2788 struct smbd_server_connection *sconn =
2789 (struct smbd_server_connection *)private_data;
2791 if ((conn_num_open(sconn) == 0)
2792 || (conn_idle_all(sconn, now->tv_sec))) {
2793 DEBUG( 2, ( "Closing idle connection\n" ) );
2794 messaging_send(sconn->msg_ctx,
2795 messaging_server_id(sconn->msg_ctx),
2796 MSG_SHUTDOWN, &data_blob_null);
2804 * Do the recurring log file and smb.conf reload checks.
2807 static bool housekeeping_fn(const struct timeval *now, void *private_data)
2809 struct smbd_server_connection *sconn = talloc_get_type_abort(
2810 private_data, struct smbd_server_connection);
2812 DEBUG(5, ("housekeeping\n"));
2814 change_to_root_user();
2816 /* update printer queue caches if necessary */
2817 update_monitored_printq_cache(sconn->msg_ctx);
2819 /* check if we need to reload services */
2820 check_reload(sconn, time_mono(NULL));
2823 * Force a log file check.
2825 force_check_log_size();
2831 * Read an smb packet in the echo handler child, giving the parent
2832 * smbd one second to react once the socket becomes readable.
2835 struct smbd_echo_read_state {
2836 struct tevent_context *ev;
2837 struct smbXsrv_connection *xconn;
2844 static void smbd_echo_read_readable(struct tevent_req *subreq);
2845 static void smbd_echo_read_waited(struct tevent_req *subreq);
2847 static struct tevent_req *smbd_echo_read_send(
2848 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
2849 struct smbXsrv_connection *xconn)
2851 struct tevent_req *req, *subreq;
2852 struct smbd_echo_read_state *state;
2854 req = tevent_req_create(mem_ctx, &state,
2855 struct smbd_echo_read_state);
2860 state->xconn = xconn;
2862 subreq = wait_for_read_send(state, ev, xconn->transport.sock);
2863 if (tevent_req_nomem(subreq, req)) {
2864 return tevent_req_post(req, ev);
2866 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2870 static void smbd_echo_read_readable(struct tevent_req *subreq)
2872 struct tevent_req *req = tevent_req_callback_data(
2873 subreq, struct tevent_req);
2874 struct smbd_echo_read_state *state = tevent_req_data(
2875 req, struct smbd_echo_read_state);
2879 ok = wait_for_read_recv(subreq, &err);
2880 TALLOC_FREE(subreq);
2882 tevent_req_nterror(req, map_nt_error_from_unix(err));
2887 * Give the parent smbd one second to step in
2890 subreq = tevent_wakeup_send(
2891 state, state->ev, timeval_current_ofs(1, 0));
2892 if (tevent_req_nomem(subreq, req)) {
2895 tevent_req_set_callback(subreq, smbd_echo_read_waited, req);
2898 static void smbd_echo_read_waited(struct tevent_req *subreq)
2900 struct tevent_req *req = tevent_req_callback_data(
2901 subreq, struct tevent_req);
2902 struct smbd_echo_read_state *state = tevent_req_data(
2903 req, struct smbd_echo_read_state);
2904 struct smbXsrv_connection *xconn = state->xconn;
2910 ok = tevent_wakeup_recv(subreq);
2911 TALLOC_FREE(subreq);
2913 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
2917 ok = smbd_lock_socket_internal(xconn);
2919 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2920 DEBUG(0, ("%s: failed to lock socket\n", __location__));
2924 if (!fd_is_readable(xconn->transport.sock)) {
2925 DEBUG(10,("echo_handler[%d] the parent smbd was faster\n",
2928 ok = smbd_unlock_socket_internal(xconn);
2930 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2931 DEBUG(1, ("%s: failed to unlock socket\n",
2936 subreq = wait_for_read_send(state, state->ev,
2937 xconn->transport.sock);
2938 if (tevent_req_nomem(subreq, req)) {
2941 tevent_req_set_callback(subreq, smbd_echo_read_readable, req);
2945 status = receive_smb_talloc(state, xconn,
2946 xconn->transport.sock,
2953 false /* trusted_channel*/);
2955 if (tevent_req_nterror(req, status)) {
2956 tevent_req_nterror(req, status);
2957 DEBUG(1, ("echo_handler[%d]: receive_smb_raw_talloc failed: %s\n",
2958 (int)getpid(), nt_errstr(status)));
2962 ok = smbd_unlock_socket_internal(xconn);
2964 tevent_req_nterror(req, map_nt_error_from_unix(errno));
2965 DEBUG(1, ("%s: failed to unlock socket\n", __location__));
2968 tevent_req_done(req);
2971 static NTSTATUS smbd_echo_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2972 char **pbuf, size_t *pbuflen, uint32_t *pseqnum)
2974 struct smbd_echo_read_state *state = tevent_req_data(
2975 req, struct smbd_echo_read_state);
2978 if (tevent_req_is_nterror(req, &status)) {
2981 *pbuf = talloc_move(mem_ctx, &state->buf);
2982 *pbuflen = state->buflen;
2983 *pseqnum = state->seqnum;
2984 return NT_STATUS_OK;
2987 struct smbd_echo_state {
2988 struct tevent_context *ev;
2989 struct iovec *pending;
2990 struct smbd_server_connection *sconn;
2991 struct smbXsrv_connection *xconn;
2994 struct tevent_fd *parent_fde;
2996 struct tevent_req *write_req;
2999 static void smbd_echo_writer_done(struct tevent_req *req);
3001 static void smbd_echo_activate_writer(struct smbd_echo_state *state)
3005 if (state->write_req != NULL) {
3009 num_pending = talloc_array_length(state->pending);
3010 if (num_pending == 0) {
3014 state->write_req = writev_send(state, state->ev, NULL,
3015 state->parent_pipe, false,
3016 state->pending, num_pending);
3017 if (state->write_req == NULL) {
3018 DEBUG(1, ("writev_send failed\n"));
3022 talloc_steal(state->write_req, state->pending);
3023 state->pending = NULL;
3025 tevent_req_set_callback(state->write_req, smbd_echo_writer_done,
3029 static void smbd_echo_writer_done(struct tevent_req *req)
3031 struct smbd_echo_state *state = tevent_req_callback_data(
3032 req, struct smbd_echo_state);
3036 written = writev_recv(req, &err);
3038 state->write_req = NULL;
3039 if (written == -1) {
3040 DEBUG(1, ("writev to parent failed: %s\n", strerror(err)));
3043 DEBUG(10,("echo_handler[%d]: forwarded pdu to main\n", (int)getpid()));
3044 smbd_echo_activate_writer(state);
3047 static bool smbd_echo_reply(struct smbd_echo_state *state,
3048 uint8_t *inbuf, size_t inbuf_len,
3051 struct smb_request req;
3052 uint16_t num_replies;
3056 if ((inbuf_len == 4) && (CVAL(inbuf, 0) == NBSSkeepalive)) {
3057 DEBUG(10, ("Got netbios keepalive\n"));
3064 if (inbuf_len < smb_size) {
3065 DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
3068 if (!valid_smb_header(inbuf)) {
3069 DEBUG(10, ("Got invalid SMB header\n"));
3073 if (!init_smb_request(&req, state->sconn, state->xconn, inbuf, 0, false,
3079 DEBUG(10, ("smbecho handler got cmd %d (%s)\n", (int)req.cmd,
3080 smb_messages[req.cmd].name
3081 ? smb_messages[req.cmd].name : "unknown"));
3083 if (req.cmd != SMBecho) {
3090 num_replies = SVAL(req.vwv+0, 0);
3091 if (num_replies != 1) {
3092 /* Not a Windows "Hey, you're still there?" request */
3096 if (!create_outbuf(talloc_tos(), &req, req.inbuf, &outbuf,
3098 DEBUG(10, ("create_outbuf failed\n"));
3101 req.outbuf = (uint8_t *)outbuf;
3103 SSVAL(req.outbuf, smb_vwv0, num_replies);
3105 if (req.buflen > 0) {
3106 memcpy(smb_buf(req.outbuf), req.buf, req.buflen);
3109 ok = srv_send_smb(req.xconn,
3113 TALLOC_FREE(outbuf);
3121 static void smbd_echo_exit(struct tevent_context *ev,
3122 struct tevent_fd *fde, uint16_t flags,
3125 DEBUG(2, ("smbd_echo_exit: lost connection to parent\n"));
3129 static void smbd_echo_got_packet(struct tevent_req *req);
3131 static void smbd_echo_loop(struct smbXsrv_connection *xconn,
3134 struct smbd_echo_state *state;
3135 struct tevent_req *read_req;
3137 state = talloc_zero(xconn, struct smbd_echo_state);
3138 if (state == NULL) {
3139 DEBUG(1, ("talloc failed\n"));
3142 state->xconn = xconn;
3143 state->parent_pipe = parent_pipe;
3144 state->ev = s3_tevent_context_init(state);
3145 if (state->ev == NULL) {
3146 DEBUG(1, ("tevent_context_init failed\n"));
3150 state->parent_fde = tevent_add_fd(state->ev, state, parent_pipe,
3151 TEVENT_FD_READ, smbd_echo_exit,
3153 if (state->parent_fde == NULL) {
3154 DEBUG(1, ("tevent_add_fd failed\n"));
3159 read_req = smbd_echo_read_send(state, state->ev, xconn);
3160 if (read_req == NULL) {
3161 DEBUG(1, ("smbd_echo_read_send failed\n"));
3165 tevent_req_set_callback(read_req, smbd_echo_got_packet, state);
3168 if (tevent_loop_once(state->ev) == -1) {
3169 DEBUG(1, ("tevent_loop_once failed: %s\n",
3177 static void smbd_echo_got_packet(struct tevent_req *req)
3179 struct smbd_echo_state *state = tevent_req_callback_data(
3180 req, struct smbd_echo_state);
3184 uint32_t seqnum = 0;
3187 status = smbd_echo_read_recv(req, state, &buf, &buflen, &seqnum);
3189 if (!NT_STATUS_IS_OK(status)) {
3190 DEBUG(1, ("smbd_echo_read_recv returned %s\n",
3191 nt_errstr(status)));
3195 reply = smbd_echo_reply(state, (uint8_t *)buf, buflen, seqnum);
3201 num_pending = talloc_array_length(state->pending);
3202 tmp = talloc_realloc(state, state->pending, struct iovec,
3205 DEBUG(1, ("talloc_realloc failed\n"));
3208 state->pending = tmp;
3210 if (buflen >= smb_size) {
3212 * place the seqnum in the packet so that the main process
3213 * can reply with signing
3215 SIVAL(buf, smb_ss_field, seqnum);
3216 SIVAL(buf, smb_ss_field+4, NT_STATUS_V(NT_STATUS_OK));
3219 iov = &state->pending[num_pending];
3220 iov->iov_base = talloc_move(state->pending, &buf);
3221 iov->iov_len = buflen;
3223 DEBUG(10,("echo_handler[%d]: forward to main\n",
3225 smbd_echo_activate_writer(state);
3228 req = smbd_echo_read_send(state, state->ev, state->xconn);
3230 DEBUG(1, ("smbd_echo_read_send failed\n"));
3233 tevent_req_set_callback(req, smbd_echo_got_packet, state);
3238 * Handle SMBecho requests in a forked child process
3240 bool fork_echo_handler(struct smbXsrv_connection *xconn)
3242 int listener_pipe[2];
3245 bool use_mutex = false;
3247 res = pipe(listener_pipe);
3249 DEBUG(1, ("pipe() failed: %s\n", strerror(errno)));
3253 #ifdef HAVE_ROBUST_MUTEXES
3254 use_mutex = tdb_runtime_check_for_robust_mutexes();
3257 pthread_mutexattr_t a;
3259 xconn->smb1.echo_handler.socket_mutex =
3260 anonymous_shared_allocate(sizeof(pthread_mutex_t));
3261 if (xconn->smb1.echo_handler.socket_mutex == NULL) {
3262 DEBUG(1, ("Could not create mutex shared memory: %s\n",
3267 res = pthread_mutexattr_init(&a);
3269 DEBUG(1, ("pthread_mutexattr_init failed: %s\n",
3273 res = pthread_mutexattr_settype(&a, PTHREAD_MUTEX_ERRORCHECK);
3275 DEBUG(1, ("pthread_mutexattr_settype failed: %s\n",
3277 pthread_mutexattr_destroy(&a);
3280 res = pthread_mutexattr_setpshared(&a, PTHREAD_PROCESS_SHARED);
3282 DEBUG(1, ("pthread_mutexattr_setpshared failed: %s\n",
3284 pthread_mutexattr_destroy(&a);
3287 res = pthread_mutexattr_setrobust(&a, PTHREAD_MUTEX_ROBUST);
3289 DEBUG(1, ("pthread_mutexattr_setrobust failed: "
3290 "%s\n", strerror(res)));
3291 pthread_mutexattr_destroy(&a);
3294 res = pthread_mutex_init(xconn->smb1.echo_handler.socket_mutex,
3296 pthread_mutexattr_destroy(&a);
3298 DEBUG(1, ("pthread_mutex_init failed: %s\n",
3306 xconn->smb1.echo_handler.socket_lock_fd =
3307 create_unlink_tmp(lp_lock_directory());
3308 if (xconn->smb1.echo_handler.socket_lock_fd == -1) {
3309 DEBUG(1, ("Could not create lock fd: %s\n",
3319 close(listener_pipe[0]);
3320 set_blocking(listener_pipe[1], false);
3322 status = smbd_reinit_after_fork(xconn->msg_ctx, xconn->ev_ctx, true);
3323 if (!NT_STATUS_IS_OK(status)) {
3324 DEBUG(1, ("reinit_after_fork failed: %s\n",
3325 nt_errstr(status)));
3328 smbd_echo_loop(xconn, listener_pipe[1]);
3331 close(listener_pipe[1]);
3332 listener_pipe[1] = -1;
3333 xconn->smb1.echo_handler.trusted_fd = listener_pipe[0];
3335 DEBUG(10,("fork_echo_handler: main[%d] echo_child[%d]\n", (int)getpid(), (int)child));
3338 * Without smb signing this is the same as the normal smbd
3339 * listener. This needs to change once signing comes in.
3341 xconn->smb1.echo_handler.trusted_fde = tevent_add_fd(xconn->ev_ctx,
3343 xconn->smb1.echo_handler.trusted_fd,
3345 smbd_server_echo_handler,
3347 if (xconn->smb1.echo_handler.trusted_fde == NULL) {
3348 DEBUG(1, ("event_add_fd failed\n"));
3355 if (listener_pipe[0] != -1) {
3356 close(listener_pipe[0]);
3358 if (listener_pipe[1] != -1) {
3359 close(listener_pipe[1]);
3361 if (xconn->smb1.echo_handler.socket_lock_fd != -1) {
3362 close(xconn->smb1.echo_handler.socket_lock_fd);
3364 #ifdef HAVE_ROBUST_MUTEXES
3365 if (xconn->smb1.echo_handler.socket_mutex != NULL) {
3366 pthread_mutex_destroy(xconn->smb1.echo_handler.socket_mutex);
3367 anonymous_shared_free(xconn->smb1.echo_handler.socket_mutex);
3370 smbd_echo_init(xconn);
3375 static bool uid_in_use(const struct user_struct *user, uid_t uid)
3378 if (user->session_info &&
3379 (user->session_info->unix_token->uid == uid)) {
3387 static bool gid_in_use(const struct user_struct *user, gid_t gid)
3390 if (user->session_info != NULL) {
3392 struct security_unix_token *utok;
3394 utok = user->session_info->unix_token;
3395 if (utok->gid == gid) {
3398 for(i=0; i<utok->ngroups; i++) {
3399 if (utok->groups[i] == gid) {
3409 static bool sid_in_use(const struct user_struct *user,
3410 const struct dom_sid *psid)
3413 struct security_token *tok;
3415 if (user->session_info == NULL) {
3418 tok = user->session_info->security_token;
3421 * Not sure session_info->security_token can
3422 * ever be NULL. This check might be not
3427 if (security_token_has_sid(tok, psid)) {
3435 static bool id_in_use(const struct user_struct *user,
3436 const struct id_cache_ref *id)
3440 return uid_in_use(user, id->id.uid);
3442 return gid_in_use(user, id->id.gid);
3444 return sid_in_use(user, &id->id.sid);
3451 static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
3454 struct server_id server_id,
3457 const char *msg = (data && data->data)
3458 ? (const char *)data->data : "<NULL>";
3459 struct id_cache_ref id;
3460 struct smbd_server_connection *sconn =
3461 talloc_get_type_abort(private_data,
3462 struct smbd_server_connection);
3464 if (!id_cache_ref_parse(msg, &id)) {
3465 DEBUG(0, ("Invalid ?ID: %s\n", msg));
3469 if (id_in_use(sconn->users, &id)) {
3470 exit_server_cleanly(msg);
3472 id_cache_delete_from_cache(&id);
3475 NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
3476 enum protocol_types protocol)
3480 conn->protocol = protocol;
3482 if (protocol >= PROTOCOL_SMB2_02) {
3483 status = smb2srv_session_table_init(conn);
3484 if (!NT_STATUS_IS_OK(status)) {
3485 conn->protocol = PROTOCOL_NONE;
3489 status = smb2srv_open_table_init(conn);
3490 if (!NT_STATUS_IS_OK(status)) {
3491 conn->protocol = PROTOCOL_NONE;
3495 status = smb1srv_session_table_init(conn);
3496 if (!NT_STATUS_IS_OK(status)) {
3497 conn->protocol = PROTOCOL_NONE;
3501 status = smb1srv_tcon_table_init(conn);
3502 if (!NT_STATUS_IS_OK(status)) {
3503 conn->protocol = PROTOCOL_NONE;
3507 status = smb1srv_open_table_init(conn);
3508 if (!NT_STATUS_IS_OK(status)) {
3509 conn->protocol = PROTOCOL_NONE;
3514 set_Protocol(protocol);
3515 return NT_STATUS_OK;
3518 struct smbd_tevent_trace_state {
3519 struct tevent_context *ev;
3521 SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
3524 static void smbd_tevent_trace_callback(enum tevent_trace_point point,
3527 struct smbd_tevent_trace_state *state =
3528 (struct smbd_tevent_trace_state *)private_data;
3531 case TEVENT_TRACE_BEFORE_WAIT:
3532 if (!smbprofile_dump_pending()) {
3534 * If there's no dump pending
3535 * we don't want to schedule a new 1 sec timer.
3537 * Instead we want to sleep as long as nothing happens.
3539 smbprofile_dump_setup(NULL);
3541 SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
3543 case TEVENT_TRACE_AFTER_WAIT:
3544 SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
3545 if (!smbprofile_dump_pending()) {
3547 * We need to flush our state after sleeping
3548 * (hopefully a long time).
3552 * future profiling events should trigger timers
3553 * on our main event context.
3555 smbprofile_dump_setup(state->ev);
3558 case TEVENT_TRACE_BEFORE_LOOP_ONCE:
3559 TALLOC_FREE(state->frame);
3560 state->frame = talloc_stackframe_pool(8192);
3562 case TEVENT_TRACE_AFTER_LOOP_ONCE:
3563 TALLOC_FREE(state->frame);
3571 * Create a debug string for the connection
3573 * This is allocated to talloc_tos() or a string constant
3574 * in certain corner cases. The returned string should
3575 * hence not be free'd directly but only via the talloc stack.
3577 const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
3582 * TODO: this can be improved later
3583 * maybe including the client guid or more
3585 ret = tsocket_address_string(xconn->remote_address, talloc_tos());
3587 return "<tsocket_address_string() failed>";
3593 NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
3594 struct smbXsrv_connection **_xconn)
3596 TALLOC_CTX *frame = talloc_stackframe();
3597 struct smbXsrv_connection *xconn;
3598 struct sockaddr_storage ss_srv;
3599 void *sp_srv = (void *)&ss_srv;
3600 struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
3601 struct sockaddr_storage ss_clnt;
3602 void *sp_clnt = (void *)&ss_clnt;
3603 struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
3604 socklen_t sa_socklen;
3605 struct tsocket_address *local_address = NULL;
3606 struct tsocket_address *remote_address = NULL;
3607 const char *remaddr = NULL;
3609 const char *rhost = NULL;
3615 DO_PROFILE_INC(connect);
3617 xconn = talloc_zero(client, struct smbXsrv_connection);
3618 if (xconn == NULL) {
3619 DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
3621 return NT_STATUS_NO_MEMORY;
3623 talloc_steal(frame, xconn);
3625 xconn->ev_ctx = client->ev_ctx;
3626 xconn->msg_ctx = client->msg_ctx;
3627 xconn->transport.sock = sock_fd;
3628 smbd_echo_init(xconn);
3629 xconn->protocol = PROTOCOL_NONE;
3631 /* Ensure child is set to blocking mode */
3632 set_blocking(sock_fd,True);
3634 set_socket_options(sock_fd, "SO_KEEPALIVE");
3635 set_socket_options(sock_fd, lp_socket_options());
3637 sa_socklen = sizeof(ss_clnt);
3638 ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
3640 int saved_errno = errno;
3641 int level = (errno == ENOTCONN)?2:0;
3642 DEBUG(level,("getpeername() failed - %s\n",
3643 strerror(saved_errno)));
3645 return map_nt_error_from_unix_common(saved_errno);
3647 ret = tsocket_address_bsd_from_sockaddr(xconn,
3648 sa_clnt, sa_socklen,
3651 int saved_errno = errno;
3652 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3653 __location__, strerror(saved_errno)));
3655 return map_nt_error_from_unix_common(saved_errno);
3658 sa_socklen = sizeof(ss_srv);
3659 ret = getsockname(sock_fd, sa_srv, &sa_socklen);
3661 int saved_errno = errno;
3662 int level = (errno == ENOTCONN)?2:0;
3663 DEBUG(level,("getsockname() failed - %s\n",
3664 strerror(saved_errno)));
3666 return map_nt_error_from_unix_common(saved_errno);
3668 ret = tsocket_address_bsd_from_sockaddr(xconn,
3672 int saved_errno = errno;
3673 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
3674 __location__, strerror(saved_errno)));
3676 return map_nt_error_from_unix_common(saved_errno);
3679 if (tsocket_address_is_inet(remote_address, "ip")) {
3680 remaddr = tsocket_address_inet_addr_string(remote_address,
3682 if (remaddr == NULL) {
3683 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3684 __location__, strerror(errno)));
3686 return NT_STATUS_NO_MEMORY;
3689 remaddr = "0.0.0.0";
3693 * Before the first packet, check the global hosts allow/ hosts deny
3694 * parameters before doing any parsing of packets passed to us by the
3695 * client. This prevents attacks on our parsing code from hosts not in
3696 * the hosts allow list.
3699 ret = get_remote_hostname(remote_address,
3702 int saved_errno = errno;
3703 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
3704 __location__, strerror(saved_errno)));
3706 return map_nt_error_from_unix_common(saved_errno);
3709 if (strequal(rhost, "UNKNOWN")) {
3713 xconn->local_address = local_address;
3714 xconn->remote_address = remote_address;
3715 xconn->remote_hostname = talloc_strdup(xconn, rhost);
3716 if (xconn->remote_hostname == NULL) {
3717 return NT_STATUS_NO_MEMORY;
3720 if (!srv_init_signing(xconn)) {
3721 DEBUG(0, ("Failed to init smb_signing\n"));
3723 return NT_STATUS_INTERNAL_ERROR;
3726 if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
3727 xconn->remote_hostname,
3729 DEBUG( 1, ("Connection denied from %s to %s\n",
3730 tsocket_address_string(remote_address, talloc_tos()),
3731 tsocket_address_string(local_address, talloc_tos())));
3734 * We return a valid xconn
3735 * so that the caller can return an error message
3738 client->connections = xconn;
3739 xconn->client = client;
3740 talloc_steal(client, xconn);
3744 return NT_STATUS_NETWORK_ACCESS_DENIED;
3747 DEBUG(10, ("Connection allowed from %s to %s\n",
3748 tsocket_address_string(remote_address, talloc_tos()),
3749 tsocket_address_string(local_address, talloc_tos())));
3751 if (lp_clustering()) {
3753 * We need to tell ctdb about our client's TCP
3754 * connection, so that for failover ctdbd can send
3755 * tickle acks, triggering a reconnection by the
3760 status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
3761 if (!NT_STATUS_IS_OK(status)) {
3762 DEBUG(0, ("ctdbd_register_ips failed: %s\n",
3763 nt_errstr(status)));
3767 tmp = lp_max_xmit();
3768 tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
3769 tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
3771 xconn->smb1.negprot.max_recv = tmp;
3773 xconn->smb1.sessions.done_sesssetup = false;
3774 xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
3776 xconn->transport.fde = tevent_add_fd(client->ev_ctx,
3780 smbd_server_connection_handler,
3782 if (!xconn->transport.fde) {
3784 return NT_STATUS_NO_MEMORY;
3787 /* for now we only have one connection */
3788 DLIST_ADD_END(client->connections, xconn, NULL);
3789 xconn->client = client;
3790 talloc_steal(client, xconn);
3794 return NT_STATUS_OK;
3797 /****************************************************************************
3798 Process commands from the client
3799 ****************************************************************************/
3801 void smbd_process(struct tevent_context *ev_ctx,
3802 struct messaging_context *msg_ctx,
3806 struct smbd_tevent_trace_state trace_state = {
3808 .frame = talloc_stackframe(),
3810 struct smbXsrv_client *client = NULL;
3811 struct smbd_server_connection *sconn = NULL;
3812 struct smbXsrv_connection *xconn = NULL;
3813 const char *locaddr = NULL;
3814 const char *remaddr = NULL;
3818 client = talloc_zero(ev_ctx, struct smbXsrv_client);
3819 if (client == NULL) {
3820 DEBUG(0,("talloc_zero(struct smbXsrv_client)\n"));
3821 exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
3825 * TODO: remove this...:-)
3827 global_smbXsrv_client = client;
3829 client->ev_ctx = ev_ctx;
3830 client->msg_ctx = msg_ctx;
3832 sconn = talloc_zero(client, struct smbd_server_connection);
3833 if (sconn == NULL) {
3834 exit_server("failed to create smbd_server_connection");
3837 client->sconn = sconn;
3838 sconn->client = client;
3840 sconn->ev_ctx = ev_ctx;
3841 sconn->msg_ctx = msg_ctx;
3843 if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
3845 * We're not making the decision here,
3846 * we're just allowing the client
3847 * to decide between SMB1 and SMB2
3848 * with the first negprot
3851 sconn->using_smb2 = true;
3855 smbd_setup_sig_term_handler(sconn);
3856 smbd_setup_sig_hup_handler(sconn);
3858 if (!serverid_register(messaging_server_id(msg_ctx),
3859 FLAG_MSG_GENERAL|FLAG_MSG_SMBD
3861 |FLAG_MSG_PRINT_GENERAL)) {
3862 exit_server_cleanly("Could not register myself in "
3867 status = smbd_add_connection(client, sock_fd, &xconn);
3868 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
3870 * send a negative session response "not listening on calling
3873 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
3874 (void)srv_send_smb(xconn,(char *)buf, false,
3876 exit_server_cleanly("connection denied");
3877 } else if (!NT_STATUS_IS_OK(status)) {
3878 exit_server_cleanly(nt_errstr(status));
3881 sconn->local_address =
3882 tsocket_address_copy(xconn->local_address, sconn);
3883 if (sconn->local_address == NULL) {
3884 exit_server_cleanly("tsocket_address_copy() failed");
3886 sconn->remote_address =
3887 tsocket_address_copy(xconn->remote_address, sconn);
3888 if (sconn->remote_address == NULL) {
3889 exit_server_cleanly("tsocket_address_copy() failed");
3891 sconn->remote_hostname =
3892 talloc_strdup(sconn, xconn->remote_hostname);
3893 if (sconn->remote_hostname == NULL) {
3894 exit_server_cleanly("tsocket_strdup() failed");
3897 if (tsocket_address_is_inet(sconn->local_address, "ip")) {
3898 locaddr = tsocket_address_inet_addr_string(
3899 sconn->local_address,
3901 if (locaddr == NULL) {
3902 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3903 __location__, strerror(errno)));
3904 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3907 locaddr = "0.0.0.0";
3910 if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
3911 remaddr = tsocket_address_inet_addr_string(
3912 sconn->remote_address,
3914 if (remaddr == NULL) {
3915 DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
3916 __location__, strerror(errno)));
3917 exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
3920 remaddr = "0.0.0.0";
3923 /* this is needed so that we get decent entries
3924 in smbstatus for port 445 connects */
3925 set_remote_machine_name(remaddr, false);
3926 reload_services(sconn, conn_snum_used, true);
3927 sub_set_socket_ids(remaddr,
3928 sconn->remote_hostname,
3931 if (lp_preload_modules()) {
3932 smb_load_modules(lp_preload_modules());
3935 smb_perfcount_init();
3937 if (!init_account_policy()) {
3938 exit_server("Could not open account policy tdb.\n");
3941 if (*lp_root_directory(talloc_tos())) {
3942 if (chroot(lp_root_directory(talloc_tos())) != 0) {
3943 DEBUG(0,("Failed to change root to %s\n",
3944 lp_root_directory(talloc_tos())));
3945 exit_server("Failed to chroot()");
3947 if (chdir("/") == -1) {
3948 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_root_directory(talloc_tos())));
3949 exit_server("Failed to chroot()");
3951 DEBUG(0,("Changed root to %s\n", lp_root_directory(talloc_tos())));
3954 if (!file_init(sconn)) {
3955 exit_server("file_init() failed");
3959 if (!init_oplocks(sconn))
3960 exit_server("Failed to init oplocks");
3962 /* register our message handlers */
3963 messaging_register(sconn->msg_ctx, sconn,
3964 MSG_SMB_FORCE_TDIS, msg_force_tdis);
3965 messaging_register(sconn->msg_ctx, sconn,
3966 MSG_SMB_CLOSE_FILE, msg_close_file);
3967 messaging_register(sconn->msg_ctx, sconn,
3968 MSG_SMB_FILE_RENAME, msg_file_was_renamed);
3970 id_cache_register_msgs(sconn->msg_ctx);
3971 messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
3972 messaging_register(sconn->msg_ctx, sconn,
3973 ID_CACHE_KILL, smbd_id_cache_kill);
3975 messaging_deregister(sconn->msg_ctx,
3976 MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
3977 messaging_register(sconn->msg_ctx, sconn,
3978 MSG_SMB_CONF_UPDATED, smbd_conf_updated);
3980 messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
3982 messaging_register(sconn->msg_ctx, sconn,
3983 MSG_SMB_KILL_CLIENT_IP,
3984 msg_kill_client_ip);
3986 messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
3989 * Use the default MSG_DEBUG handler to avoid rebroadcasting
3990 * MSGs to all child processes
3992 messaging_deregister(sconn->msg_ctx,
3994 messaging_register(sconn->msg_ctx, NULL,
3995 MSG_DEBUG, debug_message);
3997 if ((lp_keepalive() != 0)
3998 && !(event_add_idle(ev_ctx, NULL,
3999 timeval_set(lp_keepalive(), 0),
4000 "keepalive", keepalive_fn,
4002 DEBUG(0, ("Could not add keepalive event\n"));
4006 if (!(event_add_idle(ev_ctx, NULL,
4007 timeval_set(IDLE_CLOSED_TIMEOUT, 0),
4008 "deadtime", deadtime_fn, sconn))) {
4009 DEBUG(0, ("Could not add deadtime event\n"));
4013 if (!(event_add_idle(ev_ctx, NULL,
4014 timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
4015 "housekeeping", housekeeping_fn, sconn))) {
4016 DEBUG(0, ("Could not add housekeeping event\n"));
4020 smbprofile_dump_setup(ev_ctx);
4022 if (!init_dptrs(sconn)) {
4023 exit_server("init_dptrs() failed");
4026 TALLOC_FREE(trace_state.frame);
4028 tevent_set_trace_callback(ev_ctx, smbd_tevent_trace_callback,
4031 ret = tevent_loop_wait(ev_ctx);
4033 DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
4034 " exiting\n", ret, strerror(errno)));
4037 TALLOC_FREE(trace_state.frame);
4039 exit_server_cleanly(NULL);
4042 bool req_is_in_chain(const struct smb_request *req)
4044 if (req->vwv != (const uint16_t *)(req->inbuf+smb_vwv)) {
4046 * We're right now handling a subsequent request, so we must
4052 if (!is_andx_req(req->cmd)) {
4058 * Okay, an illegal request, but definitely not chained :-)
4063 return (CVAL(req->vwv+0, 0) != 0xFF);
git.samba.org / sfrench / samba-autobuild / .git / blob