Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : process incoming packets - main loop
4 : Copyright (C) Andrew Tridgell 1992-1998
5 : Copyright (C) Volker Lendecke 2005-2007
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "../lib/tsocket/tsocket.h"
23 : #include "system/filesys.h"
24 : #include "smbd/smbd.h"
25 : #include "smbd/globals.h"
26 : #include "source3/smbd/smbXsrv_session.h"
27 : #include "smbd/smbXsrv_open.h"
28 : #include "librpc/gen_ndr/netlogon.h"
29 : #include "../lib/async_req/async_sock.h"
30 : #include "ctdbd_conn.h"
31 : #include "../lib/util/select.h"
32 : #include "printing/queue_process.h"
33 : #include "system/select.h"
34 : #include "passdb.h"
35 : #include "auth.h"
36 : #include "messages.h"
37 : #include "lib/messages_ctdb.h"
38 : #include "smbprofile.h"
39 : #include "rpc_server/spoolss/srv_spoolss_nt.h"
40 : #include "../lib/util/tevent_ntstatus.h"
41 : #include "../libcli/security/dom_sid.h"
42 : #include "../libcli/security/security_token.h"
43 : #include "lib/id_cache.h"
44 : #include "lib/util/sys_rw_data.h"
45 : #include "system/threads.h"
46 : #include "lib/pthreadpool/pthreadpool_tevent.h"
47 : #include "util_event.h"
48 : #include "libcli/smb/smbXcli_base.h"
49 : #include "lib/util/time_basic.h"
50 : #include "source3/lib/substitute.h"
51 : #include "source3/smbd/dir.h"
52 :
53 : /* Internal message queue for deferred opens. */
54 : struct pending_message_list {
55 : struct pending_message_list *next, *prev;
56 : struct timeval request_time; /* When was this first issued? */
57 : struct smbd_server_connection *sconn;
58 : struct smbXsrv_connection *xconn;
59 : struct tevent_timer *te;
60 : uint32_t seqnum;
61 : bool encrypted;
62 : bool processed;
63 : DATA_BLOB buf;
64 : struct deferred_open_record *open_rec;
65 : };
66 :
67 : static struct pending_message_list *get_deferred_open_message_smb(
68 : struct smbd_server_connection *sconn, uint64_t mid);
69 :
70 : #if !defined(WITH_SMB1SERVER)
71 : bool smb1_srv_send(struct smbXsrv_connection *xconn,
72 : char *buffer,
73 : bool do_signing,
74 : uint32_t seqnum,
75 : bool do_encrypt)
76 : {
77 : size_t len = 0;
78 : ssize_t ret;
79 : len = smb_len_large(buffer) + 4;
80 : ret = write_data(xconn->transport.sock, buffer, len);
81 : return (ret > 0);
82 : }
83 : #endif
84 :
85 : /*******************************************************************
86 : Setup the word count and byte count for a smb1 message.
87 : ********************************************************************/
88 :
89 1317601 : size_t srv_smb1_set_message(char *buf,
90 : size_t num_words,
91 : size_t num_bytes,
92 : bool zero)
93 : {
94 1317601 : if (zero && (num_words || num_bytes)) {
95 142145 : memset(buf + smb_size,'\0',num_words*2 + num_bytes);
96 : }
97 1317601 : SCVAL(buf,smb_wct,num_words);
98 1317601 : SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
99 1317601 : smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
100 1317601 : return (smb_size + num_words*2 + num_bytes);
101 : }
102 :
103 680132 : NTSTATUS read_packet_remainder(int fd, char *buffer,
104 : unsigned int timeout, ssize_t len)
105 : {
106 8560 : NTSTATUS status;
107 :
108 680132 : if (len <= 0) {
109 0 : return NT_STATUS_OK;
110 : }
111 :
112 680132 : status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
113 680132 : if (!NT_STATUS_IS_OK(status)) {
114 0 : char addr[INET6_ADDRSTRLEN];
115 0 : DEBUG(0, ("read_fd_with_timeout failed for client %s read "
116 : "error = %s.\n",
117 : get_peer_addr(fd, addr, sizeof(addr)),
118 : nt_errstr(status)));
119 : }
120 680132 : return status;
121 : }
122 :
123 : #if !defined(WITH_SMB1SERVER)
124 : static NTSTATUS smb2_receive_raw_talloc(TALLOC_CTX *mem_ctx,
125 : struct smbXsrv_connection *xconn,
126 : int sock,
127 : char **buffer, unsigned int timeout,
128 : size_t *p_unread, size_t *plen)
129 : {
130 : char lenbuf[4];
131 : size_t len;
132 : NTSTATUS status;
133 :
134 : *p_unread = 0;
135 :
136 : status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
137 : &len);
138 : if (!NT_STATUS_IS_OK(status)) {
139 : return status;
140 : }
141 :
142 : /*
143 : * The +4 here can't wrap, we've checked the length above already.
144 : */
145 :
146 : *buffer = talloc_array(mem_ctx, char, len+4);
147 :
148 : if (*buffer == NULL) {
149 : DEBUG(0, ("Could not allocate inbuf of length %d\n",
150 : (int)len+4));
151 : return NT_STATUS_NO_MEMORY;
152 : }
153 :
154 : memcpy(*buffer, lenbuf, sizeof(lenbuf));
155 :
156 : status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
157 : if (!NT_STATUS_IS_OK(status)) {
158 : return status;
159 : }
160 :
161 : *plen = len + 4;
162 : return NT_STATUS_OK;
163 : }
164 :
165 : static NTSTATUS smb2_receive_talloc(TALLOC_CTX *mem_ctx,
166 : struct smbXsrv_connection *xconn,
167 : int sock,
168 : char **buffer, unsigned int timeout,
169 : size_t *p_unread, bool *p_encrypted,
170 : size_t *p_len,
171 : uint32_t *seqnum,
172 : bool trusted_channel)
173 : {
174 : size_t len = 0;
175 : NTSTATUS status;
176 :
177 : *p_encrypted = false;
178 :
179 : status = smb2_receive_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
180 : p_unread, &len);
181 : if (!NT_STATUS_IS_OK(status)) {
182 : DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
183 : ("smb2_receive_raw_talloc failed for client %s "
184 : "read error = %s.\n",
185 : smbXsrv_connection_dbg(xconn),
186 : nt_errstr(status)) );
187 : return status;
188 : }
189 :
190 : *p_len = len;
191 : return NT_STATUS_OK;
192 : }
193 : #endif
194 :
195 659778 : NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
196 : struct smbXsrv_connection *xconn,
197 : int sock,
198 : char **buffer, unsigned int timeout,
199 : size_t *p_unread, bool *p_encrypted,
200 : size_t *p_len,
201 : uint32_t *seqnum,
202 : bool trusted_channel)
203 : {
204 : #if defined(WITH_SMB1SERVER)
205 659778 : return smb1_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
206 : p_unread, p_encrypted, p_len, seqnum,
207 : trusted_channel);
208 : #else
209 : return smb2_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
210 : p_unread, p_encrypted, p_len, seqnum,
211 : trusted_channel);
212 : #endif
213 : }
214 :
215 : /****************************************************************************
216 : Function to delete a sharing violation open message by mid.
217 : ****************************************************************************/
218 :
219 4236 : void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
220 : uint64_t mid)
221 : {
222 4236 : struct smbd_server_connection *sconn = xconn->client->sconn;
223 17 : struct pending_message_list *pml;
224 :
225 4236 : if (conn_using_smb2(sconn)) {
226 328 : remove_deferred_open_message_smb2(xconn, mid);
227 328 : return;
228 : }
229 :
230 3908 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
231 3908 : if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
232 3908 : DEBUG(10,("remove_deferred_open_message_smb: "
233 : "deleting mid %llu len %u\n",
234 : (unsigned long long)mid,
235 : (unsigned int)pml->buf.length ));
236 3908 : DLIST_REMOVE(sconn->deferred_open_queue, pml);
237 3908 : TALLOC_FREE(pml);
238 3908 : return;
239 : }
240 : }
241 : }
242 :
243 3908 : static void smbd_deferred_open_timer(struct tevent_context *ev,
244 : struct tevent_timer *te,
245 : struct timeval _tval,
246 : void *private_data)
247 : {
248 3908 : struct pending_message_list *msg = talloc_get_type(private_data,
249 : struct pending_message_list);
250 3908 : struct smbd_server_connection *sconn = msg->sconn;
251 3908 : struct smbXsrv_connection *xconn = msg->xconn;
252 3908 : TALLOC_CTX *mem_ctx = talloc_tos();
253 3908 : uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
254 17 : uint8_t *inbuf;
255 :
256 3908 : inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
257 : msg->buf.length);
258 3908 : if (inbuf == NULL) {
259 0 : exit_server("smbd_deferred_open_timer: talloc failed\n");
260 : return;
261 : }
262 :
263 : /* We leave this message on the queue so the open code can
264 : know this is a retry. */
265 3908 : DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
266 : (unsigned long long)mid ));
267 :
268 : /* Mark the message as processed so this is not
269 : * re-processed in error. */
270 3908 : msg->processed = true;
271 :
272 3908 : process_smb(xconn,
273 : inbuf,
274 : msg->buf.length,
275 : 0,
276 : msg->seqnum,
277 3908 : msg->encrypted);
278 :
279 : /* If it's still there and was processed, remove it. */
280 3925 : msg = get_deferred_open_message_smb(sconn, mid);
281 3908 : if (msg && msg->processed) {
282 36 : remove_deferred_open_message_smb(xconn, mid);
283 : }
284 : }
285 :
286 : /****************************************************************************
287 : Move a sharing violation open retry message to the front of the list and
288 : schedule it for immediate processing.
289 : ****************************************************************************/
290 :
291 4252 : bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
292 : uint64_t mid)
293 : {
294 4252 : struct smbd_server_connection *sconn = xconn->client->sconn;
295 17 : struct pending_message_list *pml;
296 4252 : int i = 0;
297 :
298 4252 : if (conn_using_smb2(sconn)) {
299 344 : return schedule_deferred_open_message_smb2(xconn, mid);
300 : }
301 :
302 3908 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
303 3908 : uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
304 :
305 3908 : DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
306 : "msg_mid = %llu\n",
307 : i++,
308 : (unsigned long long)msg_mid ));
309 :
310 3908 : if (mid == msg_mid) {
311 17 : struct tevent_timer *te;
312 :
313 3908 : if (pml->processed) {
314 : /* A processed message should not be
315 : * rescheduled. */
316 0 : DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
317 : "message mid %llu was already processed\n",
318 : (unsigned long long)msg_mid ));
319 0 : continue;
320 : }
321 :
322 3908 : DEBUG(10,("schedule_deferred_open_message_smb: "
323 : "scheduling mid %llu\n",
324 : (unsigned long long)mid ));
325 :
326 : /*
327 : * smbd_deferred_open_timer() calls
328 : * process_smb() to redispatch the request
329 : * including the required impersonation.
330 : *
331 : * So we can just use the raw tevent_context.
332 : */
333 3908 : te = tevent_add_timer(xconn->client->raw_ev_ctx,
334 : pml,
335 : timeval_zero(),
336 : smbd_deferred_open_timer,
337 : pml);
338 3908 : if (!te) {
339 0 : DEBUG(10,("schedule_deferred_open_message_smb: "
340 : "event_add_timed() failed, "
341 : "skipping mid %llu\n",
342 : (unsigned long long)msg_mid ));
343 : }
344 :
345 3908 : TALLOC_FREE(pml->te);
346 3908 : pml->te = te;
347 3908 : DLIST_PROMOTE(sconn->deferred_open_queue, pml);
348 3908 : return true;
349 : }
350 : }
351 :
352 0 : DEBUG(10,("schedule_deferred_open_message_smb: failed to "
353 : "find message mid %llu\n",
354 : (unsigned long long)mid ));
355 :
356 0 : return false;
357 : }
358 :
359 : /****************************************************************************
360 : Return true if this mid is on the deferred queue and was not yet processed.
361 : ****************************************************************************/
362 :
363 141520 : bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
364 : {
365 141520 : struct smbd_server_connection *sconn = xconn->client->sconn;
366 4932 : struct pending_message_list *pml;
367 :
368 141520 : if (conn_using_smb2(sconn)) {
369 105184 : return open_was_deferred_smb2(xconn, mid);
370 : }
371 :
372 36412 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
373 183 : if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
374 107 : return True;
375 : }
376 : }
377 31459 : return False;
378 : }
379 :
380 : /****************************************************************************
381 : Return the message queued by this mid.
382 : ****************************************************************************/
383 :
384 161075 : static struct pending_message_list *get_deferred_open_message_smb(
385 : struct smbd_server_connection *sconn, uint64_t mid)
386 : {
387 2017 : struct pending_message_list *pml;
388 :
389 161155 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
390 7914 : if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
391 7800 : return pml;
392 : }
393 : }
394 151258 : return NULL;
395 : }
396 :
397 : /****************************************************************************
398 : Get the state data queued by this mid.
399 : ****************************************************************************/
400 :
401 1045136 : bool get_deferred_open_message_state(struct smb_request *smbreq,
402 : struct timeval *p_request_time,
403 : struct deferred_open_record **open_rec)
404 : {
405 2662 : struct pending_message_list *pml;
406 :
407 1045136 : if (conn_using_smb2(smbreq->sconn)) {
408 887969 : return get_deferred_open_message_state_smb2(smbreq->smb2req,
409 : p_request_time,
410 : open_rec);
411 : }
412 :
413 157167 : pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
414 157167 : if (!pml) {
415 147425 : return false;
416 : }
417 7776 : if (p_request_time) {
418 3904 : *p_request_time = pml->request_time;
419 : }
420 7776 : if (open_rec != NULL) {
421 3872 : *open_rec = pml->open_rec;
422 : }
423 7742 : return true;
424 : }
425 :
426 4388 : bool push_deferred_open_message_smb(struct smb_request *req,
427 : struct timeval timeout,
428 : struct file_id id,
429 : struct deferred_open_record *open_rec)
430 : {
431 : #if defined(WITH_SMB1SERVER)
432 4388 : if (req->smb2req) {
433 : #endif
434 396 : return push_deferred_open_message_smb2(req->smb2req,
435 : req->request_time,
436 : timeout,
437 : id,
438 : open_rec);
439 : #if defined(WITH_SMB1SERVER)
440 : } else {
441 3992 : return push_deferred_open_message_smb1(req, timeout,
442 : id, open_rec);
443 : }
444 : #endif
445 : }
446 :
447 653894 : static void construct_smb1_reply_common(uint8_t cmd, const uint8_t *inbuf,
448 : char *outbuf)
449 : {
450 653894 : uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
451 653894 : uint16_t out_flags2 = common_flags2;
452 :
453 653894 : out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
454 653894 : out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
455 653894 : out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
456 :
457 653894 : srv_smb1_set_message(outbuf,0,0,false);
458 :
459 653894 : SCVAL(outbuf, smb_com, cmd);
460 653894 : SIVAL(outbuf,smb_rcls,0);
461 653894 : SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
462 653894 : SSVAL(outbuf,smb_flg2, out_flags2);
463 653894 : memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
464 653894 : memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
465 :
466 653894 : SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
467 653894 : SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
468 653894 : SSVAL(outbuf,smb_pidhigh,SVAL(inbuf,smb_pidhigh));
469 653894 : SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
470 653894 : SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
471 653894 : }
472 :
473 142031 : void construct_smb1_reply_common_req(struct smb_request *req, char *outbuf)
474 : {
475 142031 : construct_smb1_reply_common(req->cmd, req->inbuf, outbuf);
476 142031 : }
477 :
478 : /*******************************************************************
479 : allocate and initialize a reply packet
480 : ********************************************************************/
481 :
482 511863 : bool create_smb1_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
483 : const uint8_t *inbuf, char **outbuf,
484 : uint8_t num_words, uint32_t num_bytes)
485 : {
486 511863 : size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
487 :
488 : /*
489 : * Protect against integer wrap.
490 : * The SMB layer reply can be up to 0xFFFFFF bytes.
491 : */
492 511863 : if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
493 0 : char *msg;
494 0 : if (asprintf(&msg, "num_bytes too large: %u",
495 : (unsigned)num_bytes) == -1) {
496 0 : msg = discard_const_p(char, "num_bytes too large");
497 : }
498 0 : smb_panic(msg);
499 : }
500 :
501 : /*
502 : * Here we include the NBT header for now.
503 : */
504 511863 : *outbuf = talloc_array(mem_ctx, char,
505 : NBT_HDR_SIZE + smb_len);
506 511863 : if (*outbuf == NULL) {
507 0 : return false;
508 : }
509 :
510 511863 : construct_smb1_reply_common(req->cmd, inbuf, *outbuf);
511 511863 : srv_smb1_set_message(*outbuf, num_words, num_bytes, false);
512 : /*
513 : * Zero out the word area, the caller has to take care of the bcc area
514 : * himself
515 : */
516 511863 : if (num_words != 0) {
517 116340 : memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
518 : }
519 :
520 504093 : return true;
521 : }
522 :
523 511863 : void reply_smb1_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
524 : {
525 7770 : char *outbuf;
526 511863 : if (!create_smb1_outbuf(req, req, req->inbuf, &outbuf, num_words,
527 : num_bytes)) {
528 0 : smb_panic("could not allocate output buffer\n");
529 : }
530 511863 : req->outbuf = (uint8_t *)outbuf;
531 511863 : }
532 :
533 700241 : bool valid_smb1_header(const uint8_t *inbuf)
534 : {
535 700241 : if (is_encrypted_packet(inbuf)) {
536 0 : return true;
537 : }
538 : /*
539 : * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
540 : * but it just looks weird to call strncmp for this one.
541 : */
542 700241 : return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
543 : }
544 :
545 : /****************************************************************************
546 : Process an smb from the client
547 : ****************************************************************************/
548 :
549 36 : static void process_smb2(struct smbXsrv_connection *xconn,
550 : uint8_t *inbuf,
551 : size_t nread,
552 : size_t unread_bytes,
553 : uint32_t seqnum,
554 : bool encrypted)
555 : {
556 36 : const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
557 36 : size_t pdulen = nread - NBT_HDR_SIZE;
558 36 : NTSTATUS status = smbd_smb2_process_negprot(xconn, 0, inpdu, pdulen);
559 36 : if (!NT_STATUS_IS_OK(status)) {
560 0 : exit_server_cleanly("SMB2 negprot fail");
561 : }
562 36 : }
563 :
564 657948 : void process_smb(struct smbXsrv_connection *xconn,
565 : uint8_t *inbuf,
566 : size_t nread,
567 : size_t unread_bytes,
568 : uint32_t seqnum,
569 : bool encrypted)
570 : {
571 657948 : struct smbd_server_connection *sconn = xconn->client->sconn;
572 657948 : int msg_type = CVAL(inbuf,0);
573 :
574 657948 : DO_PROFILE_INC(request);
575 :
576 657948 : DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
577 : smb_len(inbuf) ) );
578 657948 : DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
579 : sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
580 :
581 657948 : if (msg_type != NBSSmessage) {
582 : /*
583 : * NetBIOS session request, keepalive, etc.
584 : */
585 175 : reply_special(xconn, (char *)inbuf, nread);
586 171 : goto done;
587 : }
588 :
589 : #if defined(WITH_SMB1SERVER)
590 657773 : if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
591 : /* At this point we're not really using smb2,
592 : * we make the decision here.. */
593 17327 : if (smbd_is_smb2_header(inbuf, nread)) {
594 : #endif
595 36 : process_smb2(xconn,
596 : inbuf,
597 : nread,
598 : unread_bytes,
599 : seqnum,
600 : encrypted);
601 36 : return;
602 : #if defined(WITH_SMB1SERVER)
603 : }
604 17291 : if (nread >= smb_size && valid_smb1_header(inbuf)
605 17291 : && CVAL(inbuf, smb_com) != 0x72) {
606 : /* This is a non-negprot SMB1 packet.
607 : Disable SMB2 from now on. */
608 11165 : lp_do_parameter(-1, "server max protocol", "NT1");
609 : }
610 : }
611 657737 : process_smb1(xconn, inbuf, nread, unread_bytes, seqnum, encrypted);
612 : #endif
613 :
614 657810 : done:
615 657810 : sconn->num_requests++;
616 :
617 : /* The timeout_processing function isn't run nearly
618 : often enough to implement 'max log size' without
619 : overrunning the size of the file by many megabytes.
620 : This is especially true if we are running at debug
621 : level 10. Checking every 50 SMBs is a nice
622 : tradeoff of performance vs log file size overrun. */
623 :
624 669138 : if ((sconn->num_requests % 50) == 0 &&
625 11328 : need_to_check_log_size()) {
626 95 : change_to_root_user();
627 95 : check_log_size();
628 : }
629 : }
630 :
631 31969 : NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
632 : enum protocol_types protocol)
633 : {
634 886 : NTSTATUS status;
635 :
636 31969 : conn->protocol = protocol;
637 :
638 31969 : if (conn->client->session_table != NULL) {
639 1106 : return NT_STATUS_OK;
640 : }
641 :
642 30863 : if (protocol >= PROTOCOL_SMB2_02) {
643 25086 : status = smb2srv_session_table_init(conn);
644 25086 : if (!NT_STATUS_IS_OK(status)) {
645 0 : conn->protocol = PROTOCOL_NONE;
646 0 : return status;
647 : }
648 :
649 25086 : status = smb2srv_open_table_init(conn);
650 25086 : if (!NT_STATUS_IS_OK(status)) {
651 0 : conn->protocol = PROTOCOL_NONE;
652 0 : return status;
653 : }
654 : } else {
655 : #if defined(WITH_SMB1SERVER)
656 5777 : status = smb1srv_session_table_init(conn);
657 5777 : if (!NT_STATUS_IS_OK(status)) {
658 0 : conn->protocol = PROTOCOL_NONE;
659 0 : return status;
660 : }
661 :
662 5777 : status = smb1srv_tcon_table_init(conn);
663 5777 : if (!NT_STATUS_IS_OK(status)) {
664 0 : conn->protocol = PROTOCOL_NONE;
665 0 : return status;
666 : }
667 :
668 5777 : status = smb1srv_open_table_init(conn);
669 5777 : if (!NT_STATUS_IS_OK(status)) {
670 0 : conn->protocol = PROTOCOL_NONE;
671 0 : return status;
672 : }
673 : #else
674 : conn->protocol = PROTOCOL_NONE;
675 : return NT_STATUS_INVALID_NETWORK_RESPONSE;
676 : #endif
677 : }
678 :
679 30863 : set_Protocol(protocol);
680 30863 : return NT_STATUS_OK;
681 : }
682 :
683 : /**
684 : * Create a debug string for the connection
685 : *
686 : * This is allocated to talloc_tos() or a string constant
687 : * in certain corner cases. The returned string should
688 : * hence not be free'd directly but only via the talloc stack.
689 : */
690 93 : const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
691 : {
692 93 : const char *ret = NULL;
693 93 : char *raddr = NULL;
694 93 : char *laddr = NULL;
695 93 : struct GUID_txt_buf guid_buf = {};
696 :
697 : /*
698 : * TODO: this can be improved further later...
699 : */
700 :
701 93 : raddr = tsocket_address_string(xconn->remote_address, talloc_tos());
702 93 : if (raddr == NULL) {
703 0 : return "<tsocket_address_string() failed>";
704 : }
705 93 : laddr = tsocket_address_string(xconn->local_address, talloc_tos());
706 93 : if (laddr == NULL) {
707 0 : return "<tsocket_address_string() failed>";
708 : }
709 :
710 93 : ret = talloc_asprintf(talloc_tos(),
711 : "PID=%d,CLIENT=%s,channel=%"PRIu64",remote=%s,local=%s",
712 : getpid(),
713 : GUID_buf_string(&xconn->smb2.client.guid, &guid_buf),
714 93 : xconn->channel_id,
715 : raddr,
716 : laddr);
717 93 : TALLOC_FREE(raddr);
718 93 : TALLOC_FREE(laddr);
719 93 : if (ret == NULL) {
720 0 : return "<talloc_asprintf() failed>";
721 : }
722 :
723 93 : return ret;
724 : }
725 :
726 : /*
727 : * Initialize a struct smb_request from an inbuf
728 : */
729 :
730 674533 : bool init_smb1_request(struct smb_request *req,
731 : struct smbd_server_connection *sconn,
732 : struct smbXsrv_connection *xconn,
733 : const uint8_t *inbuf,
734 : size_t unread_bytes, bool encrypted,
735 : uint32_t seqnum)
736 : {
737 8269 : struct smbXsrv_tcon *tcon;
738 8269 : NTSTATUS status;
739 8269 : NTTIME now;
740 674533 : size_t req_size = smb_len(inbuf) + 4;
741 :
742 : /* Ensure we have at least smb_size bytes. */
743 674533 : if (req_size < smb_size) {
744 0 : DEBUG(0,("init_smb1_request: invalid request size %u\n",
745 : (unsigned int)req_size ));
746 0 : return false;
747 : }
748 :
749 674533 : *req = (struct smb_request) { .cmd = 0};
750 :
751 674533 : req->request_time = timeval_current();
752 674533 : now = timeval_to_nttime(&req->request_time);
753 :
754 674533 : req->cmd = CVAL(inbuf, smb_com);
755 674533 : req->flags2 = SVAL(inbuf, smb_flg2);
756 674533 : req->smbpid = SVAL(inbuf, smb_pid);
757 674533 : req->mid = (uint64_t)SVAL(inbuf, smb_mid);
758 674533 : req->seqnum = seqnum;
759 674533 : req->vuid = SVAL(inbuf, smb_uid);
760 674533 : req->tid = SVAL(inbuf, smb_tid);
761 674533 : req->wct = CVAL(inbuf, smb_wct);
762 674533 : req->vwv = (const uint16_t *)(inbuf+smb_vwv);
763 674533 : req->buflen = smb_buflen(inbuf);
764 674533 : req->buf = (const uint8_t *)smb_buf_const(inbuf);
765 674533 : req->unread_bytes = unread_bytes;
766 674533 : req->encrypted = encrypted;
767 674533 : req->sconn = sconn;
768 674533 : req->xconn = xconn;
769 674533 : if (xconn != NULL) {
770 674533 : status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
771 674533 : if (NT_STATUS_IS_OK(status)) {
772 627131 : req->conn = tcon->compat;
773 : }
774 : }
775 674533 : req->posix_pathnames = lp_posix_pathnames();
776 :
777 : /* Ensure we have at least wct words and 2 bytes of bcc. */
778 674533 : if (smb_size + req->wct*2 > req_size) {
779 0 : DEBUG(0,("init_smb1_request: invalid wct number %u (size %u)\n",
780 : (unsigned int)req->wct,
781 : (unsigned int)req_size));
782 0 : return false;
783 : }
784 : /* Ensure bcc is correct. */
785 674533 : if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
786 0 : DEBUG(0,("init_smb1_request: invalid bcc number %u "
787 : "(wct = %u, size %u)\n",
788 : (unsigned int)req->buflen,
789 : (unsigned int)req->wct,
790 : (unsigned int)req_size));
791 0 : return false;
792 : }
793 :
794 666264 : return true;
795 : }
796 :
797 : /****************************************************************************
798 : Construct a reply to the incoming packet.
799 : ****************************************************************************/
800 :
801 16757 : static void construct_reply_smb1negprot(struct smbXsrv_connection *xconn,
802 : char *inbuf, int size,
803 : size_t unread_bytes)
804 : {
805 16757 : struct smbd_server_connection *sconn = xconn->client->sconn;
806 390 : struct smb_request *req;
807 390 : NTSTATUS status;
808 :
809 16757 : if (!(req = talloc(talloc_tos(), struct smb_request))) {
810 0 : smb_panic("could not allocate smb_request");
811 : }
812 :
813 16757 : if (!init_smb1_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
814 : false, 0)) {
815 0 : exit_server_cleanly("Invalid SMB request");
816 : }
817 :
818 16757 : req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
819 :
820 16757 : status = smb2_multi_protocol_reply_negprot(req);
821 16267 : if (req->outbuf == NULL) {
822 : /*
823 : * req->outbuf == NULL means we bootstrapped into SMB2.
824 : */
825 16265 : return;
826 : }
827 2 : if (!NT_STATUS_IS_OK(status)) {
828 2 : if (!smb1_srv_send(req->xconn,
829 2 : (char *)req->outbuf,
830 : true,
831 2 : req->seqnum + 1,
832 4 : IS_CONN_ENCRYPTED(req->conn) ||
833 2 : req->encrypted)) {
834 0 : exit_server_cleanly("construct_reply_smb1negprot: "
835 : "smb1_srv_send failed.");
836 : }
837 2 : TALLOC_FREE(req);
838 : } else {
839 : /* This code path should only *ever* bootstrap into SMB2. */
840 0 : exit_server_cleanly("Internal error SMB1negprot didn't reply "
841 : "with an SMB2 packet");
842 : }
843 : }
844 :
845 0 : static void smbd_server_connection_write_handler(
846 : struct smbXsrv_connection *xconn)
847 : {
848 : /* TODO: make write nonblocking */
849 0 : }
850 :
851 26210 : static void smbd_smb2_server_connection_read_handler(
852 : struct smbXsrv_connection *xconn, int fd)
853 : {
854 701 : char lenbuf[NBT_HDR_SIZE];
855 26210 : size_t len = 0;
856 26210 : uint8_t *buffer = NULL;
857 26210 : size_t bufferlen = 0;
858 701 : NTSTATUS status;
859 26210 : uint8_t msg_type = 0;
860 :
861 : /* Read the first 4 bytes - contains length of remainder. */
862 26210 : status = read_smb_length_return_keepalive(fd, lenbuf, 0, &len);
863 26210 : if (!NT_STATUS_IS_OK(status)) {
864 118 : exit_server_cleanly("failed to receive request length");
865 : return;
866 : }
867 :
868 : /* Integer wrap check. */
869 26092 : if (len + NBT_HDR_SIZE < len) {
870 0 : exit_server_cleanly("Invalid length on initial request");
871 : return;
872 : }
873 :
874 : /*
875 : * The +4 here can't wrap, we've checked the length above already.
876 : */
877 26092 : bufferlen = len+NBT_HDR_SIZE;
878 :
879 26092 : buffer = talloc_array(talloc_tos(), uint8_t, bufferlen);
880 26092 : if (buffer == NULL) {
881 0 : DBG_ERR("Could not allocate request inbuf of length %zu\n",
882 : bufferlen);
883 0 : exit_server_cleanly("talloc fail");
884 : return;
885 : }
886 :
887 : /* Copy the NBT_HDR_SIZE length. */
888 26092 : memcpy(buffer, lenbuf, sizeof(lenbuf));
889 :
890 26092 : status = read_packet_remainder(fd, (char *)buffer+NBT_HDR_SIZE, 0, len);
891 26092 : if (!NT_STATUS_IS_OK(status)) {
892 0 : exit_server_cleanly("Failed to read remainder of initial request");
893 : return;
894 : }
895 :
896 : /* Check the message type. */
897 26092 : msg_type = PULL_LE_U8(buffer,0);
898 26092 : if (msg_type == NBSSrequest) {
899 : /*
900 : * clients can send this request before
901 : * bootstrapping into SMB2. Cope with this
902 : * message only, don't allow any other strange
903 : * NBSS types.
904 : */
905 867 : reply_special(xconn, (char *)buffer, bufferlen);
906 864 : xconn->client->sconn->num_requests++;
907 864 : return;
908 : }
909 :
910 : /* Only a 'normal' message type allowed now. */
911 25225 : if (msg_type != NBSSmessage) {
912 0 : DBG_ERR("Invalid message type %d\n", msg_type);
913 0 : exit_server_cleanly("Invalid message type for initial request");
914 : return;
915 : }
916 :
917 : /* Could this be an SMB1 negprot bootstrap into SMB2 ? */
918 25225 : if (bufferlen < smb_size) {
919 0 : exit_server_cleanly("Invalid initial SMB1 or SMB2 packet");
920 : return;
921 : }
922 25225 : if (valid_smb1_header(buffer)) {
923 : /* Can *only* allow an SMB1 negprot here. */
924 16781 : uint8_t cmd = PULL_LE_U8(buffer, smb_com);
925 16781 : if (cmd != SMBnegprot) {
926 24 : DBG_ERR("Incorrect SMB1 command 0x%hhx, "
927 : "should be SMBnegprot (0x72)\n",
928 : cmd);
929 24 : exit_server_cleanly("Invalid initial SMB1 packet");
930 : }
931 : /* Minimal process_smb(). */
932 16757 : show_msg((char *)buffer);
933 16757 : construct_reply_smb1negprot(xconn, (char *)buffer,
934 : bufferlen, 0);
935 16267 : xconn->client->sconn->trans_num++;
936 16267 : xconn->client->sconn->num_requests++;
937 16267 : return;
938 :
939 8444 : } else if (!smbd_is_smb2_header(buffer, bufferlen)) {
940 0 : exit_server_cleanly("Invalid initial SMB2 packet");
941 : return;
942 : }
943 :
944 : /* Here we know we're a valid SMB2 packet. */
945 :
946 : /*
947 : * Point at the start of the SMB2 PDU.
948 : * len is the length of the SMB2 PDU.
949 : */
950 :
951 8444 : status = smbd_smb2_process_negprot(xconn,
952 : 0,
953 : (const uint8_t *)buffer+NBT_HDR_SIZE,
954 : len);
955 8444 : if (!NT_STATUS_IS_OK(status)) {
956 0 : exit_server_cleanly("SMB2 negprot fail");
957 : }
958 8133 : return;
959 : }
960 :
961 685988 : static void smbd_server_connection_handler(struct tevent_context *ev,
962 : struct tevent_fd *fde,
963 : uint16_t flags,
964 : void *private_data)
965 : {
966 8693 : struct smbXsrv_connection *xconn =
967 685988 : talloc_get_type_abort(private_data,
968 : struct smbXsrv_connection);
969 :
970 685988 : if (!NT_STATUS_IS_OK(xconn->transport.status)) {
971 : /*
972 : * we're not supposed to do any io
973 : */
974 0 : TEVENT_FD_NOT_READABLE(xconn->transport.fde);
975 0 : TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
976 0 : return;
977 : }
978 :
979 685988 : if (flags & TEVENT_FD_WRITE) {
980 0 : smbd_server_connection_write_handler(xconn);
981 0 : return;
982 : }
983 685988 : if (flags & TEVENT_FD_READ) {
984 : #if defined(WITH_SMB1SERVER)
985 685988 : if (lp_server_min_protocol() > PROTOCOL_NT1) {
986 : #endif
987 26210 : smbd_smb2_server_connection_read_handler(xconn,
988 : xconn->transport.sock);
989 : #if defined(WITH_SMB1SERVER)
990 : } else {
991 659778 : smbd_smb1_server_connection_read_handler(xconn,
992 : xconn->transport.sock);
993 : }
994 : #endif
995 679513 : return;
996 : }
997 : }
998 :
999 : struct smbd_release_ip_state {
1000 : struct smbXsrv_connection *xconn;
1001 : struct tevent_immediate *im;
1002 : struct sockaddr_storage srv;
1003 : struct sockaddr_storage clnt;
1004 : char addr[INET6_ADDRSTRLEN];
1005 : };
1006 :
1007 : static int release_ip(struct tevent_context *ev,
1008 : uint32_t src_vnn,
1009 : uint32_t dst_vnn,
1010 : uint64_t dst_srvid,
1011 : const uint8_t *msg,
1012 : size_t msglen,
1013 : void *private_data);
1014 :
1015 0 : static int smbd_release_ip_state_destructor(struct smbd_release_ip_state *s)
1016 : {
1017 0 : struct ctdbd_connection *cconn = messaging_ctdb_connection();
1018 0 : struct smbXsrv_connection *xconn = s->xconn;
1019 :
1020 0 : if (cconn == NULL) {
1021 0 : return 0;
1022 : }
1023 :
1024 0 : if (NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_CONNECTION_IN_USE)) {
1025 0 : ctdbd_passed_ips(cconn, &s->srv, &s->clnt, release_ip, s);
1026 : } else {
1027 0 : ctdbd_unregister_ips(cconn, &s->srv, &s->clnt, release_ip, s);
1028 : }
1029 :
1030 0 : return 0;
1031 : }
1032 :
1033 0 : static void smbd_release_ip_immediate(struct tevent_context *ctx,
1034 : struct tevent_immediate *im,
1035 : void *private_data)
1036 : {
1037 0 : struct smbd_release_ip_state *state =
1038 0 : talloc_get_type_abort(private_data,
1039 : struct smbd_release_ip_state);
1040 0 : struct smbXsrv_connection *xconn = state->xconn;
1041 :
1042 0 : if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
1043 : /*
1044 : * smbd_server_connection_terminate() already triggered ?
1045 : */
1046 0 : return;
1047 : }
1048 :
1049 0 : smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
1050 : }
1051 :
1052 : /****************************************************************************
1053 : received when we should release a specific IP
1054 : ****************************************************************************/
1055 0 : static int release_ip(struct tevent_context *ev,
1056 : uint32_t src_vnn, uint32_t dst_vnn,
1057 : uint64_t dst_srvid,
1058 : const uint8_t *msg, size_t msglen,
1059 : void *private_data)
1060 : {
1061 0 : struct smbd_release_ip_state *state =
1062 0 : talloc_get_type_abort(private_data,
1063 : struct smbd_release_ip_state);
1064 0 : struct smbXsrv_connection *xconn = state->xconn;
1065 0 : const char *ip;
1066 0 : const char *addr = state->addr;
1067 0 : const char *p = addr;
1068 :
1069 0 : if (msglen == 0) {
1070 0 : return 0;
1071 : }
1072 0 : if (msg[msglen-1] != '\0') {
1073 0 : return 0;
1074 : }
1075 :
1076 0 : ip = (const char *)msg;
1077 :
1078 0 : if (!NT_STATUS_IS_OK(xconn->transport.status)) {
1079 : /* avoid recursion */
1080 0 : return 0;
1081 : }
1082 :
1083 0 : if (strncmp("::ffff:", addr, 7) == 0) {
1084 0 : p = addr + 7;
1085 : }
1086 :
1087 0 : DEBUG(10, ("Got release IP message for %s, "
1088 : "our address is %s\n", ip, p));
1089 :
1090 0 : if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
1091 0 : DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
1092 : ip));
1093 : /*
1094 : * With SMB2 we should do a clean disconnect,
1095 : * the previous_session_id in the session setup
1096 : * will cleanup the old session, tcons and opens.
1097 : *
1098 : * A clean disconnect is needed in order to support
1099 : * durable handles.
1100 : *
1101 : * Note: typically this is never triggered
1102 : * as we got a TCP RST (triggered by ctdb event scripts)
1103 : * before we get CTDB_SRVID_RELEASE_IP.
1104 : *
1105 : * We used to call _exit(1) here, but as this was mostly never
1106 : * triggered and has implication on our process model,
1107 : * we can just use smbd_server_connection_terminate()
1108 : * (also for SMB1).
1109 : *
1110 : * We don't call smbd_server_connection_terminate() directly
1111 : * as we might be called from within ctdbd_migrate(),
1112 : * we need to defer our action to the next event loop
1113 : */
1114 0 : tevent_schedule_immediate(state->im,
1115 : xconn->client->raw_ev_ctx,
1116 : smbd_release_ip_immediate,
1117 0 : state);
1118 :
1119 : /*
1120 : * Make sure we don't get any io on the connection.
1121 : */
1122 0 : xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
1123 0 : return EADDRNOTAVAIL;
1124 : }
1125 :
1126 0 : return 0;
1127 : }
1128 :
1129 0 : static int match_cluster_movable_ip(uint32_t total_ip_count,
1130 : const struct sockaddr_storage *ip,
1131 : bool is_movable_ip,
1132 : void *private_data)
1133 : {
1134 0 : const struct sockaddr_storage *srv = private_data;
1135 0 : struct samba_sockaddr pub_ip = {
1136 : .u = {
1137 : .ss = *ip,
1138 : },
1139 : };
1140 0 : struct samba_sockaddr srv_ip = {
1141 : .u = {
1142 : .ss = *srv,
1143 : },
1144 : };
1145 :
1146 0 : if (is_movable_ip && sockaddr_equal(&pub_ip.u.sa, &srv_ip.u.sa)) {
1147 0 : return EADDRNOTAVAIL;
1148 : }
1149 :
1150 0 : return 0;
1151 : }
1152 :
1153 0 : static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
1154 : struct sockaddr_storage *srv,
1155 : struct sockaddr_storage *clnt)
1156 : {
1157 0 : struct smbd_release_ip_state *state;
1158 0 : struct ctdbd_connection *cconn;
1159 0 : int ret;
1160 :
1161 0 : cconn = messaging_ctdb_connection();
1162 0 : if (cconn == NULL) {
1163 0 : return NT_STATUS_NO_MEMORY;
1164 : }
1165 :
1166 0 : state = talloc_zero(xconn, struct smbd_release_ip_state);
1167 0 : if (state == NULL) {
1168 0 : return NT_STATUS_NO_MEMORY;
1169 : }
1170 0 : state->xconn = xconn;
1171 0 : state->im = tevent_create_immediate(state);
1172 0 : if (state->im == NULL) {
1173 0 : return NT_STATUS_NO_MEMORY;
1174 : }
1175 0 : state->srv = *srv;
1176 0 : state->clnt = *clnt;
1177 0 : if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
1178 0 : return NT_STATUS_NO_MEMORY;
1179 : }
1180 :
1181 0 : if (xconn->client->server_multi_channel_enabled) {
1182 0 : ret = ctdbd_public_ip_foreach(cconn,
1183 : match_cluster_movable_ip,
1184 : srv);
1185 0 : if (ret == EADDRNOTAVAIL) {
1186 0 : xconn->has_cluster_movable_ip = true;
1187 0 : DBG_DEBUG("cluster movable IP on %s\n",
1188 : smbXsrv_connection_dbg(xconn));
1189 0 : } else if (ret != 0) {
1190 0 : DBG_ERR("failed to iterate cluster IPs: %s\n",
1191 : strerror(ret));
1192 0 : return NT_STATUS_INTERNAL_ERROR;
1193 : }
1194 : }
1195 :
1196 0 : ret = ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
1197 0 : if (ret != 0) {
1198 0 : return map_nt_error_from_unix(ret);
1199 : }
1200 :
1201 0 : talloc_set_destructor(state, smbd_release_ip_state_destructor);
1202 :
1203 0 : return NT_STATUS_OK;
1204 : }
1205 :
1206 32655 : static int smbXsrv_connection_destructor(struct smbXsrv_connection *xconn)
1207 : {
1208 32655 : DBG_DEBUG("xconn[%s]\n", smbXsrv_connection_dbg(xconn));
1209 32655 : return 0;
1210 : }
1211 :
1212 32669 : NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
1213 : NTTIME now, struct smbXsrv_connection **_xconn)
1214 : {
1215 32669 : TALLOC_CTX *frame = talloc_stackframe();
1216 894 : struct smbXsrv_connection *xconn;
1217 894 : struct sockaddr_storage ss_srv;
1218 32669 : void *sp_srv = (void *)&ss_srv;
1219 32669 : struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
1220 894 : struct sockaddr_storage ss_clnt;
1221 32669 : void *sp_clnt = (void *)&ss_clnt;
1222 32669 : struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
1223 894 : socklen_t sa_socklen;
1224 32669 : struct tsocket_address *local_address = NULL;
1225 32669 : struct tsocket_address *remote_address = NULL;
1226 32669 : const char *remaddr = NULL;
1227 894 : char *p;
1228 32669 : const char *rhost = NULL;
1229 894 : int ret;
1230 894 : int tmp;
1231 :
1232 32669 : *_xconn = NULL;
1233 :
1234 32669 : DO_PROFILE_INC(connect);
1235 :
1236 32669 : xconn = talloc_zero(client, struct smbXsrv_connection);
1237 32669 : if (xconn == NULL) {
1238 0 : DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
1239 0 : TALLOC_FREE(frame);
1240 0 : return NT_STATUS_NO_MEMORY;
1241 : }
1242 32669 : talloc_set_destructor(xconn, smbXsrv_connection_destructor);
1243 32669 : talloc_steal(frame, xconn);
1244 32669 : xconn->client = client;
1245 32669 : xconn->connect_time = now;
1246 32669 : if (client->next_channel_id != 0) {
1247 32669 : xconn->channel_id = client->next_channel_id++;
1248 : }
1249 :
1250 32669 : xconn->transport.sock = sock_fd;
1251 : #if defined(WITH_SMB1SERVER)
1252 32669 : smbd_echo_init(xconn);
1253 : #endif
1254 32669 : xconn->protocol = PROTOCOL_NONE;
1255 :
1256 : /* Ensure child is set to blocking mode */
1257 32669 : set_blocking(sock_fd,True);
1258 :
1259 32669 : set_socket_options(sock_fd, "SO_KEEPALIVE");
1260 32669 : set_socket_options(sock_fd, lp_socket_options());
1261 :
1262 32669 : sa_socklen = sizeof(ss_clnt);
1263 32669 : ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
1264 32669 : if (ret != 0) {
1265 0 : int saved_errno = errno;
1266 0 : int level = (errno == ENOTCONN)?2:0;
1267 0 : DEBUG(level,("getpeername() failed - %s\n",
1268 : strerror(saved_errno)));
1269 0 : TALLOC_FREE(frame);
1270 0 : return map_nt_error_from_unix_common(saved_errno);
1271 : }
1272 32669 : ret = tsocket_address_bsd_from_sockaddr(xconn,
1273 : sa_clnt, sa_socklen,
1274 : &remote_address);
1275 32669 : if (ret != 0) {
1276 0 : int saved_errno = errno;
1277 0 : DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
1278 : __location__, strerror(saved_errno)));
1279 0 : TALLOC_FREE(frame);
1280 0 : return map_nt_error_from_unix_common(saved_errno);
1281 : }
1282 :
1283 32669 : sa_socklen = sizeof(ss_srv);
1284 32669 : ret = getsockname(sock_fd, sa_srv, &sa_socklen);
1285 32669 : if (ret != 0) {
1286 0 : int saved_errno = errno;
1287 0 : int level = (errno == ENOTCONN)?2:0;
1288 0 : DEBUG(level,("getsockname() failed - %s\n",
1289 : strerror(saved_errno)));
1290 0 : TALLOC_FREE(frame);
1291 0 : return map_nt_error_from_unix_common(saved_errno);
1292 : }
1293 32669 : ret = tsocket_address_bsd_from_sockaddr(xconn,
1294 : sa_srv, sa_socklen,
1295 : &local_address);
1296 32669 : if (ret != 0) {
1297 0 : int saved_errno = errno;
1298 0 : DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
1299 : __location__, strerror(saved_errno)));
1300 0 : TALLOC_FREE(frame);
1301 0 : return map_nt_error_from_unix_common(saved_errno);
1302 : }
1303 :
1304 32669 : if (tsocket_address_is_inet(remote_address, "ip")) {
1305 32669 : remaddr = tsocket_address_inet_addr_string(remote_address,
1306 : talloc_tos());
1307 32669 : if (remaddr == NULL) {
1308 0 : DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1309 : __location__, strerror(errno)));
1310 0 : TALLOC_FREE(frame);
1311 0 : return NT_STATUS_NO_MEMORY;
1312 : }
1313 : } else {
1314 0 : remaddr = "0.0.0.0";
1315 : }
1316 :
1317 : /*
1318 : * Before the first packet, check the global hosts allow/ hosts deny
1319 : * parameters before doing any parsing of packets passed to us by the
1320 : * client. This prevents attacks on our parsing code from hosts not in
1321 : * the hosts allow list.
1322 : */
1323 :
1324 32669 : ret = get_remote_hostname(remote_address,
1325 : &p, talloc_tos());
1326 32669 : if (ret < 0) {
1327 0 : int saved_errno = errno;
1328 0 : DEBUG(0,("%s: get_remote_hostname failed - %s\n",
1329 : __location__, strerror(saved_errno)));
1330 0 : TALLOC_FREE(frame);
1331 0 : return map_nt_error_from_unix_common(saved_errno);
1332 : }
1333 32669 : rhost = p;
1334 32669 : if (strequal(rhost, "UNKNOWN")) {
1335 0 : rhost = remaddr;
1336 : }
1337 :
1338 32669 : xconn->local_address = local_address;
1339 32669 : xconn->remote_address = remote_address;
1340 32669 : xconn->remote_hostname = talloc_strdup(xconn, rhost);
1341 32669 : if (xconn->remote_hostname == NULL) {
1342 0 : return NT_STATUS_NO_MEMORY;
1343 : }
1344 :
1345 32669 : if (!srv_init_signing(xconn)) {
1346 0 : DEBUG(0, ("Failed to init smb_signing\n"));
1347 0 : TALLOC_FREE(frame);
1348 0 : return NT_STATUS_INTERNAL_ERROR;
1349 : }
1350 :
1351 32669 : if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
1352 : xconn->remote_hostname,
1353 : remaddr)) {
1354 0 : DEBUG( 1, ("Connection denied from %s to %s\n",
1355 : tsocket_address_string(remote_address, talloc_tos()),
1356 : tsocket_address_string(local_address, talloc_tos())));
1357 :
1358 : /*
1359 : * We return a valid xconn
1360 : * so that the caller can return an error message
1361 : * to the client
1362 : */
1363 0 : DLIST_ADD_END(client->connections, xconn);
1364 0 : talloc_steal(client, xconn);
1365 :
1366 0 : *_xconn = xconn;
1367 0 : TALLOC_FREE(frame);
1368 0 : return NT_STATUS_NETWORK_ACCESS_DENIED;
1369 : }
1370 :
1371 32669 : DEBUG(10, ("Connection allowed from %s to %s\n",
1372 : tsocket_address_string(remote_address, talloc_tos()),
1373 : tsocket_address_string(local_address, talloc_tos())));
1374 :
1375 32669 : if (lp_clustering()) {
1376 : /*
1377 : * We need to tell ctdb about our client's TCP
1378 : * connection, so that for failover ctdbd can send
1379 : * tickle acks, triggering a reconnection by the
1380 : * client.
1381 : */
1382 0 : NTSTATUS status;
1383 :
1384 0 : status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
1385 0 : if (!NT_STATUS_IS_OK(status)) {
1386 0 : DEBUG(0, ("ctdbd_register_ips failed: %s\n",
1387 : nt_errstr(status)));
1388 : }
1389 : }
1390 :
1391 32669 : tmp = lp_max_xmit();
1392 32669 : tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
1393 32669 : tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
1394 :
1395 : #if defined(WITH_SMB1SERVER)
1396 32669 : xconn->smb1.negprot.max_recv = tmp;
1397 :
1398 32669 : xconn->smb1.sessions.done_sesssetup = false;
1399 32669 : xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
1400 : #endif
1401 :
1402 32669 : xconn->transport.fde = tevent_add_fd(client->raw_ev_ctx,
1403 : xconn,
1404 : sock_fd,
1405 : TEVENT_FD_READ,
1406 : smbd_server_connection_handler,
1407 : xconn);
1408 32669 : if (!xconn->transport.fde) {
1409 0 : TALLOC_FREE(frame);
1410 0 : return NT_STATUS_NO_MEMORY;
1411 : }
1412 32669 : tevent_fd_set_auto_close(xconn->transport.fde);
1413 :
1414 : /* for now we only have one connection */
1415 32669 : DLIST_ADD_END(client->connections, xconn);
1416 32669 : talloc_steal(client, xconn);
1417 :
1418 32669 : *_xconn = xconn;
1419 32669 : TALLOC_FREE(frame);
1420 32669 : return NT_STATUS_OK;
1421 : }
1422 :
1423 0 : static bool uid_in_use(struct auth_session_info *session_info,
1424 : uid_t uid)
1425 : {
1426 0 : if (session_info->unix_token->uid == uid) {
1427 0 : return true;
1428 : }
1429 0 : return false;
1430 : }
1431 :
1432 0 : static bool gid_in_use(struct auth_session_info *session_info,
1433 : gid_t gid)
1434 : {
1435 0 : uint32_t i;
1436 0 : struct security_unix_token *utok = NULL;
1437 :
1438 0 : utok = session_info->unix_token;
1439 0 : if (utok->gid == gid) {
1440 0 : return true;
1441 : }
1442 :
1443 0 : for(i = 0; i < utok->ngroups; i++) {
1444 0 : if (utok->groups[i] == gid) {
1445 0 : return true;
1446 : }
1447 : }
1448 0 : return false;
1449 : }
1450 :
1451 0 : static bool sid_in_use(struct auth_session_info *session_info,
1452 : const struct dom_sid *psid)
1453 : {
1454 0 : struct security_token *tok = NULL;
1455 :
1456 0 : tok = session_info->security_token;
1457 0 : if (tok == NULL) {
1458 : /*
1459 : * Not sure session_info->security_token can
1460 : * ever be NULL. This check might be not
1461 : * necessary.
1462 : */
1463 0 : return false;
1464 : }
1465 0 : if (security_token_has_sid(tok, psid)) {
1466 0 : return true;
1467 : }
1468 0 : return false;
1469 : }
1470 :
1471 : struct id_in_use_state {
1472 : const struct id_cache_ref *id;
1473 : bool match;
1474 : };
1475 :
1476 0 : static int id_in_use_cb(struct smbXsrv_session *session,
1477 : void *private_data)
1478 : {
1479 0 : struct id_in_use_state *state = (struct id_in_use_state *)
1480 : private_data;
1481 0 : struct auth_session_info *session_info =
1482 0 : session->global->auth_session_info;
1483 :
1484 0 : switch(state->id->type) {
1485 0 : case UID:
1486 0 : state->match = uid_in_use(session_info, state->id->id.uid);
1487 0 : break;
1488 0 : case GID:
1489 0 : state->match = gid_in_use(session_info, state->id->id.gid);
1490 0 : break;
1491 0 : case SID:
1492 0 : state->match = sid_in_use(session_info, &state->id->id.sid);
1493 0 : break;
1494 0 : default:
1495 0 : state->match = false;
1496 0 : break;
1497 : }
1498 0 : if (state->match) {
1499 0 : return -1;
1500 : }
1501 0 : return 0;
1502 : }
1503 :
1504 0 : static bool id_in_use(struct smbd_server_connection *sconn,
1505 : const struct id_cache_ref *id)
1506 : {
1507 0 : struct id_in_use_state state;
1508 0 : NTSTATUS status;
1509 :
1510 0 : state = (struct id_in_use_state) {
1511 : .id = id,
1512 : .match = false,
1513 : };
1514 :
1515 0 : status = smbXsrv_session_local_traverse(sconn->client,
1516 : id_in_use_cb,
1517 : &state);
1518 0 : if (!NT_STATUS_IS_OK(status)) {
1519 0 : return false;
1520 : }
1521 :
1522 0 : return state.match;
1523 : }
1524 :
1525 : /****************************************************************************
1526 : Check if services need reloading.
1527 : ****************************************************************************/
1528 :
1529 547 : static void check_reload(struct smbd_server_connection *sconn, time_t t)
1530 : {
1531 :
1532 547 : if (last_smb_conf_reload_time == 0) {
1533 108 : last_smb_conf_reload_time = t;
1534 : }
1535 :
1536 547 : if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
1537 118 : reload_services(sconn, conn_snum_used, true);
1538 118 : last_smb_conf_reload_time = t;
1539 : }
1540 547 : }
1541 :
1542 0 : static void msg_kill_client_ip(struct messaging_context *msg_ctx,
1543 : void *private_data, uint32_t msg_type,
1544 : struct server_id server_id, DATA_BLOB *data)
1545 : {
1546 0 : struct smbd_server_connection *sconn = talloc_get_type_abort(
1547 : private_data, struct smbd_server_connection);
1548 0 : const char *ip = (char *) data->data;
1549 0 : char *client_ip;
1550 :
1551 0 : DBG_DEBUG("Got kill request for client IP %s\n", ip);
1552 :
1553 0 : client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
1554 : talloc_tos());
1555 0 : if (client_ip == NULL) {
1556 0 : return;
1557 : }
1558 :
1559 0 : if (strequal(ip, client_ip)) {
1560 0 : DBG_WARNING("Got kill client message for %s - "
1561 : "exiting immediately\n", ip);
1562 0 : exit_server_cleanly("Forced disconnect for client");
1563 : }
1564 :
1565 0 : TALLOC_FREE(client_ip);
1566 : }
1567 :
1568 0 : static void msg_kill_client_with_server_ip(struct messaging_context *msg_ctx,
1569 : void *private_data,
1570 : uint32_t msg_type,
1571 : struct server_id server_id,
1572 : DATA_BLOB *data)
1573 : {
1574 0 : struct smbd_server_connection *sconn = talloc_get_type_abort(
1575 : private_data, struct smbd_server_connection);
1576 0 : const char *ip = (char *) data->data;
1577 0 : char *server_ip = NULL;
1578 0 : TALLOC_CTX *ctx = NULL;
1579 :
1580 0 : DBG_NOTICE("Got kill request for source IP %s\n", ip);
1581 0 : ctx = talloc_stackframe();
1582 :
1583 0 : server_ip = tsocket_address_inet_addr_string(sconn->local_address, ctx);
1584 0 : if (server_ip == NULL) {
1585 0 : goto out_free;
1586 : }
1587 :
1588 0 : if (strequal(ip, server_ip)) {
1589 0 : DBG_NOTICE(
1590 : "Got ip dropped message for %s - exiting immediately\n",
1591 : ip);
1592 0 : TALLOC_FREE(ctx);
1593 0 : exit_server_cleanly("Forced disconnect for client");
1594 : }
1595 :
1596 0 : out_free:
1597 0 : TALLOC_FREE(ctx);
1598 0 : }
1599 :
1600 : /*
1601 : * Do the recurring check if we're idle
1602 : */
1603 551 : static bool deadtime_fn(const struct timeval *now, void *private_data)
1604 : {
1605 551 : struct smbd_server_connection *sconn =
1606 : (struct smbd_server_connection *)private_data;
1607 :
1608 551 : if ((conn_num_open(sconn) == 0)
1609 549 : || (conn_idle_all(sconn, now->tv_sec))) {
1610 4 : DEBUG( 2, ( "Closing idle connection\n" ) );
1611 4 : messaging_send(sconn->msg_ctx,
1612 4 : messaging_server_id(sconn->msg_ctx),
1613 : MSG_SHUTDOWN, &data_blob_null);
1614 4 : return False;
1615 : }
1616 :
1617 547 : return True;
1618 : }
1619 :
1620 : /*
1621 : * Do the recurring log file and smb.conf reload checks.
1622 : */
1623 :
1624 547 : static bool housekeeping_fn(const struct timeval *now, void *private_data)
1625 : {
1626 547 : struct smbd_server_connection *sconn = talloc_get_type_abort(
1627 : private_data, struct smbd_server_connection);
1628 :
1629 547 : DEBUG(5, ("housekeeping\n"));
1630 :
1631 547 : change_to_root_user();
1632 :
1633 : /* check if we need to reload services */
1634 547 : check_reload(sconn, time_mono(NULL));
1635 :
1636 : /*
1637 : * Force a log file check.
1638 : */
1639 547 : force_check_log_size();
1640 547 : check_log_size();
1641 547 : return true;
1642 : }
1643 :
1644 11 : static void smbd_sig_term_handler(struct tevent_context *ev,
1645 : struct tevent_signal *se,
1646 : int signum,
1647 : int count,
1648 : void *siginfo,
1649 : void *private_data)
1650 : {
1651 11 : exit_server_cleanly("termination signal");
1652 : }
1653 :
1654 31563 : static void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
1655 : {
1656 842 : struct tevent_signal *se;
1657 :
1658 31563 : se = tevent_add_signal(sconn->ev_ctx,
1659 : sconn,
1660 : SIGTERM, 0,
1661 : smbd_sig_term_handler,
1662 : sconn);
1663 31563 : if (!se) {
1664 0 : exit_server("failed to setup SIGTERM handler");
1665 : }
1666 31563 : }
1667 :
1668 0 : static void smbd_sig_hup_handler(struct tevent_context *ev,
1669 : struct tevent_signal *se,
1670 : int signum,
1671 : int count,
1672 : void *siginfo,
1673 : void *private_data)
1674 : {
1675 0 : struct smbd_server_connection *sconn =
1676 0 : talloc_get_type_abort(private_data,
1677 : struct smbd_server_connection);
1678 :
1679 0 : change_to_root_user();
1680 0 : DEBUG(1,("Reloading services after SIGHUP\n"));
1681 0 : reload_services(sconn, conn_snum_used, false);
1682 0 : }
1683 :
1684 31563 : static void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
1685 : {
1686 842 : struct tevent_signal *se;
1687 :
1688 31563 : se = tevent_add_signal(sconn->ev_ctx,
1689 : sconn,
1690 : SIGHUP, 0,
1691 : smbd_sig_hup_handler,
1692 : sconn);
1693 31563 : if (!se) {
1694 0 : exit_server("failed to setup SIGHUP handler");
1695 : }
1696 31563 : }
1697 :
1698 677 : static void smbd_conf_updated(struct messaging_context *msg,
1699 : void *private_data,
1700 : uint32_t msg_type,
1701 : struct server_id server_id,
1702 : DATA_BLOB *data)
1703 : {
1704 0 : struct smbd_server_connection *sconn =
1705 677 : talloc_get_type_abort(private_data,
1706 : struct smbd_server_connection);
1707 :
1708 677 : DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
1709 : "updated. Reloading.\n"));
1710 677 : change_to_root_user();
1711 677 : reload_services(sconn, conn_snum_used, false);
1712 677 : }
1713 :
1714 0 : static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
1715 : void *private_data,
1716 : uint32_t msg_type,
1717 : struct server_id server_id,
1718 : DATA_BLOB* data)
1719 : {
1720 0 : const char *msg = (data && data->data)
1721 0 : ? (const char *)data->data : "<NULL>";
1722 0 : struct id_cache_ref id;
1723 0 : struct smbd_server_connection *sconn =
1724 0 : talloc_get_type_abort(private_data,
1725 : struct smbd_server_connection);
1726 :
1727 0 : if (!id_cache_ref_parse(msg, &id)) {
1728 0 : DEBUG(0, ("Invalid ?ID: %s\n", msg));
1729 0 : return;
1730 : }
1731 :
1732 0 : if (id_in_use(sconn, &id)) {
1733 0 : exit_server_cleanly(msg);
1734 : }
1735 0 : id_cache_delete_from_cache(&id);
1736 : }
1737 :
1738 : struct smbd_tevent_trace_state {
1739 : struct tevent_context *ev;
1740 : TALLOC_CTX *frame;
1741 : SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
1742 : };
1743 :
1744 4871855 : static inline void smbd_tevent_trace_callback_before_loop_once(
1745 : struct smbd_tevent_trace_state *state)
1746 : {
1747 4871855 : talloc_free(state->frame);
1748 4871855 : state->frame = talloc_stackframe_pool(8192);
1749 4871855 : }
1750 :
1751 4840292 : static inline void smbd_tevent_trace_callback_after_loop_once(
1752 : struct smbd_tevent_trace_state *state)
1753 : {
1754 4840292 : TALLOC_FREE(state->frame);
1755 4784975 : }
1756 :
1757 16407589 : static void smbd_tevent_trace_callback(enum tevent_trace_point point,
1758 : void *private_data)
1759 : {
1760 16407589 : struct smbd_tevent_trace_state *state =
1761 : (struct smbd_tevent_trace_state *)private_data;
1762 :
1763 16407589 : switch (point) {
1764 3315358 : case TEVENT_TRACE_BEFORE_WAIT:
1765 3315358 : break;
1766 3315358 : case TEVENT_TRACE_AFTER_WAIT:
1767 3315358 : break;
1768 4871855 : case TEVENT_TRACE_BEFORE_LOOP_ONCE:
1769 4871855 : smbd_tevent_trace_callback_before_loop_once(state);
1770 4871855 : break;
1771 4784975 : case TEVENT_TRACE_AFTER_LOOP_ONCE:
1772 4840292 : smbd_tevent_trace_callback_after_loop_once(state);
1773 4784975 : break;
1774 : }
1775 :
1776 16407589 : errno = 0;
1777 16407589 : }
1778 :
1779 0 : static void smbd_tevent_trace_callback_profile(enum tevent_trace_point point,
1780 : void *private_data)
1781 : {
1782 0 : struct smbd_tevent_trace_state *state =
1783 : (struct smbd_tevent_trace_state *)private_data;
1784 :
1785 0 : switch (point) {
1786 0 : case TEVENT_TRACE_BEFORE_WAIT:
1787 0 : if (!smbprofile_dump_pending()) {
1788 : /*
1789 : * If there's no dump pending
1790 : * we don't want to schedule a new 1 sec timer.
1791 : *
1792 : * Instead we want to sleep as long as nothing happens.
1793 : */
1794 0 : smbprofile_dump_setup(NULL);
1795 : }
1796 0 : SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
1797 0 : break;
1798 0 : case TEVENT_TRACE_AFTER_WAIT:
1799 0 : SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
1800 0 : if (!smbprofile_dump_pending()) {
1801 : /*
1802 : * We need to flush our state after sleeping
1803 : * (hopefully a long time).
1804 : */
1805 0 : smbprofile_dump();
1806 : /*
1807 : * future profiling events should trigger timers
1808 : * on our main event context.
1809 : */
1810 0 : smbprofile_dump_setup(state->ev);
1811 : }
1812 0 : break;
1813 0 : case TEVENT_TRACE_BEFORE_LOOP_ONCE:
1814 0 : smbd_tevent_trace_callback_before_loop_once(state);
1815 0 : break;
1816 0 : case TEVENT_TRACE_AFTER_LOOP_ONCE:
1817 0 : smbd_tevent_trace_callback_after_loop_once(state);
1818 0 : break;
1819 : }
1820 :
1821 0 : errno = 0;
1822 0 : }
1823 :
1824 : /****************************************************************************
1825 : Process commands from the client
1826 : ****************************************************************************/
1827 :
1828 31563 : void smbd_process(struct tevent_context *ev_ctx,
1829 : struct messaging_context *msg_ctx,
1830 : int sock_fd,
1831 : bool interactive)
1832 : {
1833 63126 : struct smbd_tevent_trace_state trace_state = {
1834 : .ev = ev_ctx,
1835 31563 : .frame = talloc_stackframe(),
1836 : };
1837 842 : const struct loadparm_substitution *lp_sub =
1838 31563 : loadparm_s3_global_substitution();
1839 31563 : struct smbXsrv_client *client = NULL;
1840 31563 : struct smbd_server_connection *sconn = NULL;
1841 31563 : struct smbXsrv_connection *xconn = NULL;
1842 31563 : const char *locaddr = NULL;
1843 31563 : const char *remaddr = NULL;
1844 842 : int ret;
1845 842 : NTSTATUS status;
1846 31563 : struct timeval tv = timeval_current();
1847 31563 : NTTIME now = timeval_to_nttime(&tv);
1848 31563 : char *chroot_dir = NULL;
1849 842 : int rc;
1850 :
1851 31563 : status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
1852 31563 : if (!NT_STATUS_IS_OK(status)) {
1853 0 : DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
1854 0 : exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
1855 : }
1856 :
1857 : /*
1858 : * TODO: remove this...:-)
1859 : */
1860 31563 : global_smbXsrv_client = client;
1861 :
1862 31563 : sconn = talloc_zero(client, struct smbd_server_connection);
1863 31563 : if (sconn == NULL) {
1864 0 : exit_server("failed to create smbd_server_connection");
1865 : }
1866 :
1867 31563 : client->sconn = sconn;
1868 31563 : sconn->client = client;
1869 :
1870 31563 : sconn->ev_ctx = ev_ctx;
1871 31563 : sconn->msg_ctx = msg_ctx;
1872 :
1873 31563 : ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
1874 : &sconn->pool);
1875 31563 : if (ret != 0) {
1876 0 : exit_server("pthreadpool_tevent_init() failed.");
1877 : }
1878 :
1879 31563 : if (!interactive) {
1880 31563 : smbd_setup_sig_term_handler(sconn);
1881 31563 : smbd_setup_sig_hup_handler(sconn);
1882 : }
1883 :
1884 31563 : status = smbd_add_connection(client, sock_fd, now, &xconn);
1885 31563 : if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
1886 : /*
1887 : * send a negative session response "not listening on calling
1888 : * name"
1889 : */
1890 0 : unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1891 0 : (void)smb1_srv_send(xconn, (char *)buf, false, 0, false);
1892 0 : exit_server_cleanly("connection denied");
1893 31563 : } else if (!NT_STATUS_IS_OK(status)) {
1894 0 : exit_server_cleanly(nt_errstr(status));
1895 : }
1896 :
1897 32405 : sconn->local_address =
1898 31563 : tsocket_address_copy(xconn->local_address, sconn);
1899 31563 : if (sconn->local_address == NULL) {
1900 0 : exit_server_cleanly("tsocket_address_copy() failed");
1901 : }
1902 32405 : sconn->remote_address =
1903 31563 : tsocket_address_copy(xconn->remote_address, sconn);
1904 31563 : if (sconn->remote_address == NULL) {
1905 0 : exit_server_cleanly("tsocket_address_copy() failed");
1906 : }
1907 32405 : sconn->remote_hostname =
1908 31563 : talloc_strdup(sconn, xconn->remote_hostname);
1909 31563 : if (sconn->remote_hostname == NULL) {
1910 0 : exit_server_cleanly("tsocket_strdup() failed");
1911 : }
1912 :
1913 63126 : client->global->local_address =
1914 31563 : tsocket_address_string(sconn->local_address,
1915 31563 : client->global);
1916 31563 : if (client->global->local_address == NULL) {
1917 0 : exit_server_cleanly("tsocket_address_string() failed");
1918 : }
1919 63126 : client->global->remote_address =
1920 31563 : tsocket_address_string(sconn->remote_address,
1921 30721 : client->global);
1922 31563 : if (client->global->remote_address == NULL) {
1923 0 : exit_server_cleanly("tsocket_address_string() failed");
1924 : }
1925 63126 : client->global->remote_name =
1926 31563 : talloc_strdup(client->global, sconn->remote_hostname);
1927 31563 : if (client->global->remote_name == NULL) {
1928 0 : exit_server_cleanly("tsocket_strdup() failed");
1929 : }
1930 :
1931 31563 : if (tsocket_address_is_inet(sconn->local_address, "ip")) {
1932 31563 : locaddr = tsocket_address_inet_addr_string(
1933 : sconn->local_address,
1934 : talloc_tos());
1935 31563 : if (locaddr == NULL) {
1936 0 : DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1937 : __location__, strerror(errno)));
1938 0 : exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
1939 : }
1940 : } else {
1941 0 : locaddr = "0.0.0.0";
1942 : }
1943 :
1944 31563 : if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
1945 31563 : remaddr = tsocket_address_inet_addr_string(
1946 : sconn->remote_address,
1947 : talloc_tos());
1948 31563 : if (remaddr == NULL) {
1949 0 : DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1950 : __location__, strerror(errno)));
1951 0 : exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
1952 : }
1953 : } else {
1954 0 : remaddr = "0.0.0.0";
1955 : }
1956 :
1957 : /* this is needed so that we get decent entries
1958 : in smbstatus for port 445 connects */
1959 31563 : set_remote_machine_name(remaddr, false);
1960 31563 : reload_services(sconn, conn_snum_used, true);
1961 31563 : sub_set_socket_ids(remaddr,
1962 : sconn->remote_hostname,
1963 : locaddr);
1964 :
1965 31563 : if (lp_preload_modules()) {
1966 0 : smb_load_all_modules_absoute_path(lp_preload_modules());
1967 : }
1968 :
1969 31563 : if (!init_account_policy()) {
1970 0 : exit_server("Could not open account policy tdb.\n");
1971 : }
1972 :
1973 31563 : chroot_dir = lp_root_directory(talloc_tos(), lp_sub);
1974 31563 : if (chroot_dir[0] != '\0') {
1975 0 : rc = chdir(chroot_dir);
1976 0 : if (rc != 0) {
1977 0 : DBG_ERR("Failed to chdir to %s\n", chroot_dir);
1978 0 : exit_server("Failed to chdir()");
1979 : }
1980 :
1981 0 : rc = chroot(chroot_dir);
1982 0 : if (rc != 0) {
1983 0 : DBG_ERR("Failed to change root to %s\n", chroot_dir);
1984 0 : exit_server("Failed to chroot()");
1985 : }
1986 0 : DBG_WARNING("Changed root to %s\n", chroot_dir);
1987 :
1988 0 : TALLOC_FREE(chroot_dir);
1989 : }
1990 :
1991 31563 : if (!file_init(sconn)) {
1992 0 : exit_server("file_init() failed");
1993 : }
1994 :
1995 : /* Setup oplocks */
1996 31563 : if (!init_oplocks(sconn))
1997 0 : exit_server("Failed to init oplocks");
1998 :
1999 : /* register our message handlers */
2000 31563 : messaging_register(sconn->msg_ctx, sconn,
2001 : MSG_SMB_FORCE_TDIS, msg_force_tdis);
2002 31563 : messaging_register(
2003 : sconn->msg_ctx,
2004 : sconn,
2005 : MSG_SMB_FORCE_TDIS_DENIED,
2006 : msg_force_tdis_denied);
2007 31563 : messaging_register(sconn->msg_ctx, sconn,
2008 : MSG_SMB_CLOSE_FILE, msg_close_file);
2009 31563 : messaging_register(sconn->msg_ctx, sconn,
2010 : MSG_SMB_FILE_RENAME, msg_file_was_renamed);
2011 :
2012 31563 : id_cache_register_msgs(sconn->msg_ctx);
2013 31563 : messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
2014 31563 : messaging_register(sconn->msg_ctx, sconn,
2015 : ID_CACHE_KILL, smbd_id_cache_kill);
2016 :
2017 31563 : messaging_deregister(sconn->msg_ctx,
2018 31563 : MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
2019 31563 : messaging_register(sconn->msg_ctx, sconn,
2020 : MSG_SMB_CONF_UPDATED, smbd_conf_updated);
2021 :
2022 31563 : messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
2023 : NULL);
2024 31563 : messaging_register(sconn->msg_ctx, sconn,
2025 : MSG_SMB_KILL_CLIENT_IP,
2026 : msg_kill_client_ip);
2027 :
2028 31563 : messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
2029 :
2030 : /*
2031 : * Use the default MSG_DEBUG handler to avoid rebroadcasting
2032 : * MSGs to all child processes
2033 : */
2034 31563 : messaging_deregister(sconn->msg_ctx,
2035 : MSG_DEBUG, NULL);
2036 31563 : messaging_register(sconn->msg_ctx, NULL,
2037 : MSG_DEBUG, debug_message);
2038 :
2039 31563 : messaging_deregister(sconn->msg_ctx, MSG_SMB_IP_DROPPED, NULL);
2040 31563 : messaging_register(sconn->msg_ctx,
2041 : sconn,
2042 : MSG_SMB_IP_DROPPED,
2043 : msg_kill_client_with_server_ip);
2044 :
2045 : #if defined(WITH_SMB1SERVER)
2046 63126 : if ((lp_keepalive() != 0) &&
2047 31563 : !(event_add_idle(ev_ctx,
2048 : NULL,
2049 31563 : tevent_timeval_set(lp_keepalive(), 0),
2050 : "keepalive",
2051 : keepalive_fn,
2052 : sconn)))
2053 : {
2054 0 : DEBUG(0, ("Could not add keepalive event\n"));
2055 0 : exit(1);
2056 : }
2057 : #endif
2058 :
2059 31563 : if (!(event_add_idle(ev_ctx,
2060 : NULL,
2061 : tevent_timeval_set(IDLE_CLOSED_TIMEOUT, 0),
2062 : "deadtime",
2063 : deadtime_fn,
2064 : sconn)))
2065 : {
2066 0 : DEBUG(0, ("Could not add deadtime event\n"));
2067 0 : exit(1);
2068 : }
2069 :
2070 31563 : if (!(event_add_idle(ev_ctx,
2071 : NULL,
2072 : tevent_timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
2073 : "housekeeping",
2074 : housekeeping_fn,
2075 : sconn)))
2076 : {
2077 0 : DEBUG(0, ("Could not add housekeeping event\n"));
2078 0 : exit(1);
2079 : }
2080 :
2081 31563 : smbprofile_dump_setup(ev_ctx);
2082 :
2083 31563 : if (!init_dptrs(sconn)) {
2084 0 : exit_server("init_dptrs() failed");
2085 : }
2086 :
2087 31563 : TALLOC_FREE(trace_state.frame);
2088 :
2089 31563 : if (smbprofile_active()) {
2090 0 : tevent_set_trace_callback(ev_ctx,
2091 : smbd_tevent_trace_callback_profile,
2092 : &trace_state);
2093 : } else {
2094 31563 : tevent_set_trace_callback(ev_ctx,
2095 : smbd_tevent_trace_callback,
2096 : &trace_state);
2097 : }
2098 :
2099 31563 : ret = tevent_loop_wait(ev_ctx);
2100 0 : if (ret != 0) {
2101 0 : DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
2102 : " exiting\n", ret, strerror(errno)));
2103 : }
2104 :
2105 0 : TALLOC_FREE(trace_state.frame);
2106 :
2107 0 : exit_server_cleanly(NULL);
2108 : }
|
