Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : process incoming packets - main loop
4 : Copyright (C) Andrew Tridgell 1992-1998
5 : Copyright (C) Volker Lendecke 2005-2007
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "../lib/tsocket/tsocket.h"
23 : #include "system/filesys.h"
24 : #include "smbd/smbd.h"
25 : #include "smbd/globals.h"
26 : #include "smbd/smbXsrv_open.h"
27 : #include "librpc/gen_ndr/netlogon.h"
28 : #include "../lib/async_req/async_sock.h"
29 : #include "ctdbd_conn.h"
30 : #include "../lib/util/select.h"
31 : #include "printing/queue_process.h"
32 : #include "system/select.h"
33 : #include "passdb.h"
34 : #include "auth.h"
35 : #include "messages.h"
36 : #include "lib/messages_ctdb.h"
37 : #include "smbprofile.h"
38 : #include "rpc_server/spoolss/srv_spoolss_nt.h"
39 : #include "../lib/util/tevent_ntstatus.h"
40 : #include "../libcli/security/dom_sid.h"
41 : #include "../libcli/security/security_token.h"
42 : #include "lib/id_cache.h"
43 : #include "lib/util/sys_rw_data.h"
44 : #include "system/threads.h"
45 : #include "lib/pthreadpool/pthreadpool_tevent.h"
46 : #include "util_event.h"
47 : #include "libcli/smb/smbXcli_base.h"
48 : #include "lib/util/time_basic.h"
49 : #include "source3/lib/substitute.h"
50 :
51 : /* Internal message queue for deferred opens. */
52 : struct pending_message_list {
53 : struct pending_message_list *next, *prev;
54 : struct timeval request_time; /* When was this first issued? */
55 : struct smbd_server_connection *sconn;
56 : struct smbXsrv_connection *xconn;
57 : struct tevent_timer *te;
58 : struct smb_perfcount_data pcd;
59 : uint32_t seqnum;
60 : bool encrypted;
61 : bool processed;
62 : DATA_BLOB buf;
63 : struct deferred_open_record *open_rec;
64 : };
65 :
66 : static struct pending_message_list *get_deferred_open_message_smb(
67 : struct smbd_server_connection *sconn, uint64_t mid);
68 :
69 0 : bool smb2_srv_send(struct smbXsrv_connection *xconn, char *buffer,
70 : bool do_signing, uint32_t seqnum,
71 : bool do_encrypt,
72 : struct smb_perfcount_data *pcd)
73 : {
74 0 : size_t len = 0;
75 : ssize_t ret;
76 0 : char *buf_out = buffer;
77 :
78 0 : if (!NT_STATUS_IS_OK(xconn->transport.status)) {
79 : /*
80 : * we're not supposed to do any io
81 : */
82 0 : return true;
83 : }
84 :
85 0 : len = smb_len_large(buf_out) + 4;
86 :
87 0 : ret = write_data(xconn->transport.sock, buf_out, len);
88 0 : if (ret <= 0) {
89 0 : int saved_errno = errno;
90 : /*
91 : * Try and give an error message saying what
92 : * client failed.
93 : */
94 0 : DEBUG(1,("pid[%d] Error writing %d bytes to client %s. %d. (%s)\n",
95 : (int)getpid(), (int)len,
96 : smbXsrv_connection_dbg(xconn),
97 : (int)ret, strerror(saved_errno)));
98 0 : errno = saved_errno;
99 :
100 0 : srv_free_enc_buffer(xconn, buf_out);
101 0 : goto out;
102 : }
103 :
104 0 : SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
105 0 : srv_free_enc_buffer(xconn, buf_out);
106 0 : out:
107 0 : SMB_PERFCOUNT_END(pcd);
108 :
109 0 : return (ret > 0);
110 : }
111 :
112 : #if !defined(WITH_SMB1SERVER)
113 : bool smb1_srv_send(struct smbXsrv_connection *xconn, char *buffer,
114 : bool do_signing, uint32_t seqnum,
115 : bool do_encrypt,
116 : struct smb_perfcount_data *pcd)
117 : {
118 : size_t len = 0;
119 : ssize_t ret;
120 : len = smb_len_large(buffer) + 4;
121 : ret = write_data(xconn->transport.sock, buffer, len);
122 : return (ret > 0);
123 : }
124 : #endif
125 :
126 : /*******************************************************************
127 : Setup the word count and byte count for a smb1 message.
128 : ********************************************************************/
129 :
130 712 : size_t srv_smb1_set_message(char *buf,
131 : size_t num_words,
132 : size_t num_bytes,
133 : bool zero)
134 : {
135 712 : if (zero && (num_words || num_bytes)) {
136 0 : memset(buf + smb_size,'\0',num_words*2 + num_bytes);
137 : }
138 712 : SCVAL(buf,smb_wct,num_words);
139 712 : SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
140 712 : smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
141 712 : return (smb_size + num_words*2 + num_bytes);
142 : }
143 :
144 5724 : NTSTATUS read_packet_remainder(int fd, char *buffer,
145 : unsigned int timeout, ssize_t len)
146 : {
147 : NTSTATUS status;
148 :
149 5724 : if (len <= 0) {
150 0 : return NT_STATUS_OK;
151 : }
152 :
153 5724 : status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
154 5724 : if (!NT_STATUS_IS_OK(status)) {
155 : char addr[INET6_ADDRSTRLEN];
156 0 : DEBUG(0, ("read_fd_with_timeout failed for client %s read "
157 : "error = %s.\n",
158 : get_peer_addr(fd, addr, sizeof(addr)),
159 : nt_errstr(status)));
160 : }
161 5724 : return status;
162 : }
163 :
164 : #if !defined(WITH_SMB1SERVER)
165 : static NTSTATUS smb2_receive_raw_talloc(TALLOC_CTX *mem_ctx,
166 : struct smbXsrv_connection *xconn,
167 : int sock,
168 : char **buffer, unsigned int timeout,
169 : size_t *p_unread, size_t *plen)
170 : {
171 : char lenbuf[4];
172 : size_t len;
173 : NTSTATUS status;
174 :
175 : *p_unread = 0;
176 :
177 : status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
178 : &len);
179 : if (!NT_STATUS_IS_OK(status)) {
180 : return status;
181 : }
182 :
183 : /*
184 : * The +4 here can't wrap, we've checked the length above already.
185 : */
186 :
187 : *buffer = talloc_array(mem_ctx, char, len+4);
188 :
189 : if (*buffer == NULL) {
190 : DEBUG(0, ("Could not allocate inbuf of length %d\n",
191 : (int)len+4));
192 : return NT_STATUS_NO_MEMORY;
193 : }
194 :
195 : memcpy(*buffer, lenbuf, sizeof(lenbuf));
196 :
197 : status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
198 : if (!NT_STATUS_IS_OK(status)) {
199 : return status;
200 : }
201 :
202 : *plen = len + 4;
203 : return NT_STATUS_OK;
204 : }
205 :
206 : static NTSTATUS smb2_receive_talloc(TALLOC_CTX *mem_ctx,
207 : struct smbXsrv_connection *xconn,
208 : int sock,
209 : char **buffer, unsigned int timeout,
210 : size_t *p_unread, bool *p_encrypted,
211 : size_t *p_len,
212 : uint32_t *seqnum,
213 : bool trusted_channel)
214 : {
215 : size_t len = 0;
216 : NTSTATUS status;
217 :
218 : *p_encrypted = false;
219 :
220 : status = smb2_receive_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
221 : p_unread, &len);
222 : if (!NT_STATUS_IS_OK(status)) {
223 : DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
224 : ("smb2_receive_raw_talloc failed for client %s "
225 : "read error = %s.\n",
226 : smbXsrv_connection_dbg(xconn),
227 : nt_errstr(status)) );
228 : return status;
229 : }
230 :
231 : *p_len = len;
232 : return NT_STATUS_OK;
233 : }
234 : #endif
235 :
236 267 : NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
237 : struct smbXsrv_connection *xconn,
238 : int sock,
239 : char **buffer, unsigned int timeout,
240 : size_t *p_unread, bool *p_encrypted,
241 : size_t *p_len,
242 : uint32_t *seqnum,
243 : bool trusted_channel)
244 : {
245 : #if defined(WITH_SMB1SERVER)
246 267 : return smb1_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
247 : p_unread, p_encrypted, p_len, seqnum,
248 : trusted_channel);
249 : #else
250 : return smb2_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
251 : p_unread, p_encrypted, p_len, seqnum,
252 : trusted_channel);
253 : #endif
254 : }
255 :
256 : /****************************************************************************
257 : Function to delete a sharing violation open message by mid.
258 : ****************************************************************************/
259 :
260 0 : void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
261 : uint64_t mid)
262 : {
263 0 : struct smbd_server_connection *sconn = xconn->client->sconn;
264 : struct pending_message_list *pml;
265 :
266 0 : if (sconn->using_smb2) {
267 0 : remove_deferred_open_message_smb2(xconn, mid);
268 0 : return;
269 : }
270 :
271 0 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
272 0 : if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
273 0 : DEBUG(10,("remove_deferred_open_message_smb: "
274 : "deleting mid %llu len %u\n",
275 : (unsigned long long)mid,
276 : (unsigned int)pml->buf.length ));
277 0 : DLIST_REMOVE(sconn->deferred_open_queue, pml);
278 0 : TALLOC_FREE(pml);
279 0 : return;
280 : }
281 : }
282 : }
283 :
284 0 : static void smbd_deferred_open_timer(struct tevent_context *ev,
285 : struct tevent_timer *te,
286 : struct timeval _tval,
287 : void *private_data)
288 : {
289 0 : struct pending_message_list *msg = talloc_get_type(private_data,
290 : struct pending_message_list);
291 0 : struct smbd_server_connection *sconn = msg->sconn;
292 0 : struct smbXsrv_connection *xconn = msg->xconn;
293 0 : TALLOC_CTX *mem_ctx = talloc_tos();
294 0 : uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
295 : uint8_t *inbuf;
296 :
297 0 : inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
298 : msg->buf.length);
299 0 : if (inbuf == NULL) {
300 0 : exit_server("smbd_deferred_open_timer: talloc failed\n");
301 : return;
302 : }
303 :
304 : /* We leave this message on the queue so the open code can
305 : know this is a retry. */
306 0 : DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
307 : (unsigned long long)mid ));
308 :
309 : /* Mark the message as processed so this is not
310 : * re-processed in error. */
311 0 : msg->processed = true;
312 :
313 0 : process_smb(xconn, inbuf,
314 : msg->buf.length, 0,
315 0 : msg->seqnum, msg->encrypted, &msg->pcd);
316 :
317 : /* If it's still there and was processed, remove it. */
318 0 : msg = get_deferred_open_message_smb(sconn, mid);
319 0 : if (msg && msg->processed) {
320 0 : remove_deferred_open_message_smb(xconn, mid);
321 : }
322 : }
323 :
324 : /****************************************************************************
325 : Move a sharing violation open retry message to the front of the list and
326 : schedule it for immediate processing.
327 : ****************************************************************************/
328 :
329 0 : bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
330 : uint64_t mid)
331 : {
332 0 : struct smbd_server_connection *sconn = xconn->client->sconn;
333 : struct pending_message_list *pml;
334 0 : int i = 0;
335 :
336 0 : if (sconn->using_smb2) {
337 0 : return schedule_deferred_open_message_smb2(xconn, mid);
338 : }
339 :
340 0 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
341 0 : uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
342 :
343 0 : DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
344 : "msg_mid = %llu\n",
345 : i++,
346 : (unsigned long long)msg_mid ));
347 :
348 0 : if (mid == msg_mid) {
349 : struct tevent_timer *te;
350 :
351 0 : if (pml->processed) {
352 : /* A processed message should not be
353 : * rescheduled. */
354 0 : DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
355 : "message mid %llu was already processed\n",
356 : (unsigned long long)msg_mid ));
357 0 : continue;
358 : }
359 :
360 0 : DEBUG(10,("schedule_deferred_open_message_smb: "
361 : "scheduling mid %llu\n",
362 : (unsigned long long)mid ));
363 :
364 : /*
365 : * smbd_deferred_open_timer() calls
366 : * process_smb() to redispatch the request
367 : * including the required impersonation.
368 : *
369 : * So we can just use the raw tevent_context.
370 : */
371 0 : te = tevent_add_timer(xconn->client->raw_ev_ctx,
372 : pml,
373 : timeval_zero(),
374 : smbd_deferred_open_timer,
375 : pml);
376 0 : if (!te) {
377 0 : DEBUG(10,("schedule_deferred_open_message_smb: "
378 : "event_add_timed() failed, "
379 : "skipping mid %llu\n",
380 : (unsigned long long)msg_mid ));
381 : }
382 :
383 0 : TALLOC_FREE(pml->te);
384 0 : pml->te = te;
385 0 : DLIST_PROMOTE(sconn->deferred_open_queue, pml);
386 0 : return true;
387 : }
388 : }
389 :
390 0 : DEBUG(10,("schedule_deferred_open_message_smb: failed to "
391 : "find message mid %llu\n",
392 : (unsigned long long)mid ));
393 :
394 0 : return false;
395 : }
396 :
397 : /****************************************************************************
398 : Return true if this mid is on the deferred queue and was not yet processed.
399 : ****************************************************************************/
400 :
401 912 : bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
402 : {
403 912 : struct smbd_server_connection *sconn = xconn->client->sconn;
404 : struct pending_message_list *pml;
405 :
406 912 : if (sconn->using_smb2) {
407 912 : return open_was_deferred_smb2(xconn, mid);
408 : }
409 :
410 0 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
411 0 : if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
412 0 : return True;
413 : }
414 : }
415 0 : return False;
416 : }
417 :
418 : /****************************************************************************
419 : Return the message queued by this mid.
420 : ****************************************************************************/
421 :
422 0 : static struct pending_message_list *get_deferred_open_message_smb(
423 : struct smbd_server_connection *sconn, uint64_t mid)
424 : {
425 : struct pending_message_list *pml;
426 :
427 0 : for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
428 0 : if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
429 0 : return pml;
430 : }
431 : }
432 0 : return NULL;
433 : }
434 :
435 : /****************************************************************************
436 : Get the state data queued by this mid.
437 : ****************************************************************************/
438 :
439 21826 : bool get_deferred_open_message_state(struct smb_request *smbreq,
440 : struct timeval *p_request_time,
441 : struct deferred_open_record **open_rec)
442 : {
443 : struct pending_message_list *pml;
444 :
445 21826 : if (smbreq->sconn->using_smb2) {
446 21826 : return get_deferred_open_message_state_smb2(smbreq->smb2req,
447 : p_request_time,
448 : open_rec);
449 : }
450 :
451 0 : pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
452 0 : if (!pml) {
453 0 : return false;
454 : }
455 0 : if (p_request_time) {
456 0 : *p_request_time = pml->request_time;
457 : }
458 0 : if (open_rec != NULL) {
459 0 : *open_rec = pml->open_rec;
460 : }
461 0 : return true;
462 : }
463 :
464 0 : bool push_deferred_open_message_smb(struct smb_request *req,
465 : struct timeval timeout,
466 : struct file_id id,
467 : struct deferred_open_record *open_rec)
468 : {
469 : #if defined(WITH_SMB1SERVER)
470 0 : if (req->smb2req) {
471 : #endif
472 0 : return push_deferred_open_message_smb2(req->smb2req,
473 : req->request_time,
474 : timeout,
475 : id,
476 : open_rec);
477 : #if defined(WITH_SMB1SERVER)
478 : } else {
479 0 : return push_deferred_open_message_smb1(req, timeout,
480 : id, open_rec);
481 : }
482 : #endif
483 : }
484 :
485 356 : static void construct_smb1_reply_common(uint8_t cmd, const uint8_t *inbuf,
486 : char *outbuf)
487 : {
488 356 : uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
489 356 : uint16_t out_flags2 = common_flags2;
490 :
491 356 : out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
492 356 : out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
493 356 : out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
494 :
495 356 : srv_smb1_set_message(outbuf,0,0,false);
496 :
497 356 : SCVAL(outbuf, smb_com, cmd);
498 356 : SIVAL(outbuf,smb_rcls,0);
499 356 : SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
500 356 : SSVAL(outbuf,smb_flg2, out_flags2);
501 356 : memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
502 356 : memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
503 :
504 356 : SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
505 356 : SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
506 356 : SSVAL(outbuf,smb_pidhigh,SVAL(inbuf,smb_pidhigh));
507 356 : SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
508 356 : SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
509 356 : }
510 :
511 0 : void construct_smb1_reply_common_req(struct smb_request *req, char *outbuf)
512 : {
513 0 : construct_smb1_reply_common(req->cmd, req->inbuf, outbuf);
514 0 : }
515 :
516 : /*******************************************************************
517 : allocate and initialize a reply packet
518 : ********************************************************************/
519 :
520 356 : bool create_smb1_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
521 : const uint8_t *inbuf, char **outbuf,
522 : uint8_t num_words, uint32_t num_bytes)
523 : {
524 356 : size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
525 :
526 : /*
527 : * Protect against integer wrap.
528 : * The SMB layer reply can be up to 0xFFFFFF bytes.
529 : */
530 356 : if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
531 : char *msg;
532 0 : if (asprintf(&msg, "num_bytes too large: %u",
533 : (unsigned)num_bytes) == -1) {
534 0 : msg = discard_const_p(char, "num_bytes too large");
535 : }
536 0 : smb_panic(msg);
537 : }
538 :
539 : /*
540 : * Here we include the NBT header for now.
541 : */
542 356 : *outbuf = talloc_array(mem_ctx, char,
543 : NBT_HDR_SIZE + smb_len);
544 356 : if (*outbuf == NULL) {
545 0 : return false;
546 : }
547 :
548 356 : construct_smb1_reply_common(req->cmd, inbuf, *outbuf);
549 356 : srv_smb1_set_message(*outbuf, num_words, num_bytes, false);
550 : /*
551 : * Zero out the word area, the caller has to take care of the bcc area
552 : * himself
553 : */
554 356 : if (num_words != 0) {
555 318 : memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
556 : }
557 :
558 356 : return true;
559 : }
560 :
561 356 : void reply_smb1_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
562 : {
563 : char *outbuf;
564 356 : if (!create_smb1_outbuf(req, req, req->inbuf, &outbuf, num_words,
565 : num_bytes)) {
566 0 : smb_panic("could not allocate output buffer\n");
567 : }
568 356 : req->outbuf = (uint8_t *)outbuf;
569 356 : }
570 :
571 5495 : bool valid_smb1_header(const uint8_t *inbuf)
572 : {
573 5495 : if (is_encrypted_packet(inbuf)) {
574 0 : return true;
575 : }
576 : /*
577 : * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
578 : * but it just looks weird to call strncmp for this one.
579 : */
580 5495 : return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
581 : }
582 :
583 : /****************************************************************************
584 : Process an smb from the client
585 : ****************************************************************************/
586 :
587 1 : static void process_smb2(struct smbXsrv_connection *xconn,
588 : uint8_t *inbuf, size_t nread, size_t unread_bytes,
589 : uint32_t seqnum, bool encrypted,
590 : struct smb_perfcount_data *deferred_pcd)
591 : {
592 1 : const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
593 1 : size_t pdulen = nread - NBT_HDR_SIZE;
594 1 : NTSTATUS status = smbd_smb2_process_negprot(xconn, 0, inpdu, pdulen);
595 1 : if (!NT_STATUS_IS_OK(status)) {
596 0 : exit_server_cleanly("SMB2 negprot fail");
597 : }
598 1 : }
599 :
600 229 : void process_smb(struct smbXsrv_connection *xconn,
601 : uint8_t *inbuf, size_t nread, size_t unread_bytes,
602 : uint32_t seqnum, bool encrypted,
603 : struct smb_perfcount_data *deferred_pcd)
604 : {
605 229 : struct smbd_server_connection *sconn = xconn->client->sconn;
606 229 : int msg_type = CVAL(inbuf,0);
607 :
608 229 : DO_PROFILE_INC(request);
609 :
610 229 : DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
611 : smb_len(inbuf) ) );
612 229 : DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
613 : sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
614 :
615 229 : if (msg_type != NBSSmessage) {
616 : /*
617 : * NetBIOS session request, keepalive, etc.
618 : */
619 16 : reply_special(xconn, (char *)inbuf, nread);
620 16 : goto done;
621 : }
622 :
623 : #if defined(WITH_SMB1SERVER)
624 213 : if (sconn->using_smb2) {
625 : /* At this point we're not really using smb2,
626 : * we make the decision here.. */
627 137 : if (smbd_is_smb2_header(inbuf, nread)) {
628 : #endif
629 1 : process_smb2(xconn, inbuf, nread, unread_bytes, seqnum,
630 : encrypted, deferred_pcd);
631 1 : return;
632 : #if defined(WITH_SMB1SERVER)
633 : }
634 136 : if (nread >= smb_size && valid_smb1_header(inbuf)
635 136 : && CVAL(inbuf, smb_com) != 0x72) {
636 : /* This is a non-negprot SMB1 packet.
637 : Disable SMB2 from now on. */
638 38 : sconn->using_smb2 = false;
639 : }
640 : }
641 212 : process_smb1(xconn, inbuf, nread, unread_bytes, seqnum, encrypted,
642 : deferred_pcd);
643 : #endif
644 :
645 228 : done:
646 228 : sconn->num_requests++;
647 :
648 : /* The timeout_processing function isn't run nearly
649 : often enough to implement 'max log size' without
650 : overrunning the size of the file by many megabytes.
651 : This is especially true if we are running at debug
652 : level 10. Checking every 50 SMBs is a nice
653 : tradeoff of performance vs log file size overrun. */
654 :
655 228 : if ((sconn->num_requests % 50) == 0 &&
656 0 : need_to_check_log_size()) {
657 0 : change_to_root_user();
658 0 : check_log_size();
659 : }
660 : }
661 :
662 5084 : NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
663 : enum protocol_types protocol)
664 : {
665 : NTSTATUS status;
666 :
667 5084 : conn->protocol = protocol;
668 :
669 5084 : if (conn->client->session_table != NULL) {
670 50 : return NT_STATUS_OK;
671 : }
672 :
673 5034 : if (protocol >= PROTOCOL_SMB2_02) {
674 4996 : status = smb2srv_session_table_init(conn);
675 4996 : if (!NT_STATUS_IS_OK(status)) {
676 0 : conn->protocol = PROTOCOL_NONE;
677 0 : return status;
678 : }
679 :
680 4996 : status = smb2srv_open_table_init(conn);
681 4996 : if (!NT_STATUS_IS_OK(status)) {
682 0 : conn->protocol = PROTOCOL_NONE;
683 0 : return status;
684 : }
685 : } else {
686 : #if defined(WITH_SMB1SERVER)
687 38 : status = smb1srv_session_table_init(conn);
688 38 : if (!NT_STATUS_IS_OK(status)) {
689 0 : conn->protocol = PROTOCOL_NONE;
690 0 : return status;
691 : }
692 :
693 38 : status = smb1srv_tcon_table_init(conn);
694 38 : if (!NT_STATUS_IS_OK(status)) {
695 0 : conn->protocol = PROTOCOL_NONE;
696 0 : return status;
697 : }
698 :
699 38 : status = smb1srv_open_table_init(conn);
700 38 : if (!NT_STATUS_IS_OK(status)) {
701 0 : conn->protocol = PROTOCOL_NONE;
702 0 : return status;
703 : }
704 : #else
705 : conn->protocol = PROTOCOL_NONE;
706 : return NT_STATUS_INVALID_NETWORK_RESPONSE;
707 : #endif
708 : }
709 :
710 5034 : set_Protocol(protocol);
711 5034 : return NT_STATUS_OK;
712 : }
713 :
714 : /**
715 : * Create a debug string for the connection
716 : *
717 : * This is allocated to talloc_tos() or a string constant
718 : * in certain corner cases. The returned string should
719 : * hence not be free'd directly but only via the talloc stack.
720 : */
721 1 : const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
722 : {
723 : const char *ret;
724 : char *addr;
725 : /*
726 : * TODO: this can be improved later
727 : * maybe including the client guid or more
728 : */
729 1 : addr = tsocket_address_string(xconn->remote_address, talloc_tos());
730 1 : if (addr == NULL) {
731 0 : return "<tsocket_address_string() failed>";
732 : }
733 :
734 1 : ret = talloc_asprintf(talloc_tos(), "ptr=%p,id=%llu,addr=%s",
735 1 : xconn, (unsigned long long)xconn->channel_id, addr);
736 1 : TALLOC_FREE(addr);
737 1 : if (ret == NULL) {
738 0 : return "<talloc_asprintf() failed>";
739 : }
740 :
741 1 : return ret;
742 : }
743 :
744 : /*
745 : * Initialize a struct smb_request from an inbuf
746 : */
747 :
748 3675 : bool init_smb1_request(struct smb_request *req,
749 : struct smbd_server_connection *sconn,
750 : struct smbXsrv_connection *xconn,
751 : const uint8_t *inbuf,
752 : size_t unread_bytes, bool encrypted,
753 : uint32_t seqnum)
754 : {
755 : struct smbXsrv_tcon *tcon;
756 : NTSTATUS status;
757 : NTTIME now;
758 3675 : size_t req_size = smb_len(inbuf) + 4;
759 :
760 : /* Ensure we have at least smb_size bytes. */
761 3675 : if (req_size < smb_size) {
762 0 : DEBUG(0,("init_smb1_request: invalid request size %u\n",
763 : (unsigned int)req_size ));
764 0 : return false;
765 : }
766 :
767 3675 : *req = (struct smb_request) { .cmd = 0};
768 :
769 3675 : req->request_time = timeval_current();
770 3675 : now = timeval_to_nttime(&req->request_time);
771 :
772 3675 : req->cmd = CVAL(inbuf, smb_com);
773 3675 : req->flags2 = SVAL(inbuf, smb_flg2);
774 3675 : req->smbpid = SVAL(inbuf, smb_pid);
775 3675 : req->mid = (uint64_t)SVAL(inbuf, smb_mid);
776 3675 : req->seqnum = seqnum;
777 3675 : req->vuid = SVAL(inbuf, smb_uid);
778 3675 : req->tid = SVAL(inbuf, smb_tid);
779 3675 : req->wct = CVAL(inbuf, smb_wct);
780 3675 : req->vwv = (const uint16_t *)(inbuf+smb_vwv);
781 3675 : req->buflen = smb_buflen(inbuf);
782 3675 : req->buf = (const uint8_t *)smb_buf_const(inbuf);
783 3675 : req->unread_bytes = unread_bytes;
784 3675 : req->encrypted = encrypted;
785 3675 : req->sconn = sconn;
786 3675 : req->xconn = xconn;
787 3675 : if (xconn != NULL) {
788 3675 : status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
789 3675 : if (NT_STATUS_IS_OK(status)) {
790 40 : req->conn = tcon->compat;
791 : }
792 : }
793 3675 : req->posix_pathnames = lp_posix_pathnames();
794 3675 : smb_init_perfcount_data(&req->pcd);
795 :
796 : /* Ensure we have at least wct words and 2 bytes of bcc. */
797 3675 : if (smb_size + req->wct*2 > req_size) {
798 0 : DEBUG(0,("init_smb1_request: invalid wct number %u (size %u)\n",
799 : (unsigned int)req->wct,
800 : (unsigned int)req_size));
801 0 : return false;
802 : }
803 : /* Ensure bcc is correct. */
804 3675 : if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
805 0 : DEBUG(0,("init_smb1_request: invalid bcc number %u "
806 : "(wct = %u, size %u)\n",
807 : (unsigned int)req->buflen,
808 : (unsigned int)req->wct,
809 : (unsigned int)req_size));
810 0 : return false;
811 : }
812 :
813 3675 : return true;
814 : }
815 :
816 : /****************************************************************************
817 : Construct a reply to the incoming packet.
818 : ****************************************************************************/
819 :
820 3463 : static void construct_reply_smb1negprot(struct smbXsrv_connection *xconn,
821 : char *inbuf, int size,
822 : size_t unread_bytes)
823 : {
824 3463 : struct smbd_server_connection *sconn = xconn->client->sconn;
825 : struct smb_request *req;
826 : NTSTATUS status;
827 :
828 3463 : if (!(req = talloc(talloc_tos(), struct smb_request))) {
829 0 : smb_panic("could not allocate smb_request");
830 : }
831 :
832 3463 : if (!init_smb1_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
833 : false, 0)) {
834 0 : exit_server_cleanly("Invalid SMB request");
835 : }
836 :
837 3463 : req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
838 :
839 3463 : status = smb2_multi_protocol_reply_negprot(req);
840 3259 : if (req->outbuf == NULL) {
841 : /*
842 : * req->outbuf == NULL means we bootstrapped into SMB2.
843 : */
844 3259 : return;
845 : }
846 0 : if (!NT_STATUS_IS_OK(status)) {
847 0 : if (!smb1_srv_send(req->xconn,
848 0 : (char *)req->outbuf,
849 0 : true, req->seqnum+1,
850 0 : IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
851 : &req->pcd)) {
852 0 : exit_server_cleanly("construct_reply_smb1negprot: "
853 : "smb1_srv_send failed.");
854 : }
855 0 : TALLOC_FREE(req);
856 : } else {
857 : /* This code path should only *ever* bootstrap into SMB2. */
858 0 : exit_server_cleanly("Internal error SMB1negprot didn't reply "
859 : "with an SMB2 packet");
860 : }
861 : }
862 :
863 0 : static void smbd_server_connection_write_handler(
864 : struct smbXsrv_connection *xconn)
865 : {
866 : /* TODO: make write nonblocking */
867 0 : }
868 :
869 5499 : static void smbd_smb2_server_connection_read_handler(
870 : struct smbXsrv_connection *xconn, int fd)
871 : {
872 : char lenbuf[NBT_HDR_SIZE];
873 5499 : size_t len = 0;
874 5499 : uint8_t *buffer = NULL;
875 5499 : size_t bufferlen = 0;
876 : NTSTATUS status;
877 5499 : uint8_t msg_type = 0;
878 :
879 : /* Read the first 4 bytes - contains length of remainder. */
880 5499 : status = read_smb_length_return_keepalive(fd, lenbuf, 0, &len);
881 5499 : if (!NT_STATUS_IS_OK(status)) {
882 4 : exit_server_cleanly("failed to receive request length");
883 : return;
884 : }
885 :
886 : /* Integer wrap check. */
887 5495 : if (len + NBT_HDR_SIZE < len) {
888 0 : exit_server_cleanly("Invalid length on initial request");
889 : return;
890 : }
891 :
892 : /*
893 : * The +4 here can't wrap, we've checked the length above already.
894 : */
895 5495 : bufferlen = len+NBT_HDR_SIZE;
896 :
897 5495 : buffer = talloc_array(talloc_tos(), uint8_t, bufferlen);
898 5495 : if (buffer == NULL) {
899 0 : DBG_ERR("Could not allocate request inbuf of length %zu\n",
900 : bufferlen);
901 0 : exit_server_cleanly("talloc fail");
902 : return;
903 : }
904 :
905 : /* Copy the NBT_HDR_SIZE length. */
906 5495 : memcpy(buffer, lenbuf, sizeof(lenbuf));
907 :
908 5495 : status = read_packet_remainder(fd, (char *)buffer+NBT_HDR_SIZE, 0, len);
909 5495 : if (!NT_STATUS_IS_OK(status)) {
910 0 : exit_server_cleanly("Failed to read remainder of initial request");
911 : return;
912 : }
913 :
914 : /* Check the message type. */
915 5495 : msg_type = PULL_LE_U8(buffer,0);
916 5495 : if (msg_type == NBSSrequest) {
917 : /*
918 : * clients can send this request before
919 : * bootstrapping into SMB2. Cope with this
920 : * message only, don't allow any other strange
921 : * NBSS types.
922 : */
923 348 : reply_special(xconn, (char *)buffer, bufferlen);
924 347 : xconn->client->sconn->num_requests++;
925 347 : return;
926 : }
927 :
928 : /* Only a 'normal' message type allowed now. */
929 5147 : if (msg_type != NBSSmessage) {
930 0 : DBG_ERR("Invalid message type %d\n", msg_type);
931 0 : exit_server_cleanly("Invalid message type for initial request");
932 : return;
933 : }
934 :
935 : /* Could this be an SMB1 negprot bootstrap into SMB2 ? */
936 5147 : if (bufferlen < smb_size) {
937 0 : exit_server_cleanly("Invalid initial SMB1 or SMB2 packet");
938 : return;
939 : }
940 5147 : if (valid_smb1_header(buffer)) {
941 : /* Can *only* allow an SMB1 negprot here. */
942 3471 : uint8_t cmd = PULL_LE_U8(buffer, smb_com);
943 3471 : if (cmd != SMBnegprot) {
944 8 : DBG_ERR("Incorrect SMB1 command 0x%hhx, "
945 : "should be SMBnegprot (0x72)\n",
946 : cmd);
947 8 : exit_server_cleanly("Invalid initial SMB1 packet");
948 : }
949 : /* Minimal process_smb(). */
950 3463 : show_msg((char *)buffer);
951 3463 : construct_reply_smb1negprot(xconn, (char *)buffer,
952 : bufferlen, 0);
953 3259 : xconn->client->sconn->trans_num++;
954 3259 : xconn->client->sconn->num_requests++;
955 3259 : return;
956 :
957 1676 : } else if (!smbd_is_smb2_header(buffer, bufferlen)) {
958 0 : exit_server_cleanly("Invalid initial SMB2 packet");
959 : return;
960 : }
961 :
962 : /* Here we know we're a valid SMB2 packet. */
963 :
964 : /*
965 : * Point at the start of the SMB2 PDU.
966 : * len is the length of the SMB2 PDU.
967 : */
968 :
969 1676 : status = smbd_smb2_process_negprot(xconn,
970 : 0,
971 : (const uint8_t *)buffer+NBT_HDR_SIZE,
972 : len);
973 1676 : if (!NT_STATUS_IS_OK(status)) {
974 0 : exit_server_cleanly("SMB2 negprot fail");
975 : }
976 1676 : return;
977 : }
978 :
979 5766 : static void smbd_server_connection_handler(struct tevent_context *ev,
980 : struct tevent_fd *fde,
981 : uint16_t flags,
982 : void *private_data)
983 : {
984 : struct smbXsrv_connection *xconn =
985 5766 : talloc_get_type_abort(private_data,
986 : struct smbXsrv_connection);
987 :
988 5766 : if (!NT_STATUS_IS_OK(xconn->transport.status)) {
989 : /*
990 : * we're not supposed to do any io
991 : */
992 0 : TEVENT_FD_NOT_READABLE(xconn->transport.fde);
993 0 : TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
994 0 : return;
995 : }
996 :
997 5766 : if (flags & TEVENT_FD_WRITE) {
998 0 : smbd_server_connection_write_handler(xconn);
999 0 : return;
1000 : }
1001 5766 : if (flags & TEVENT_FD_READ) {
1002 : #if defined(WITH_SMB1SERVER)
1003 5766 : if (lp_server_min_protocol() > PROTOCOL_NT1) {
1004 : #endif
1005 5499 : smbd_smb2_server_connection_read_handler(xconn,
1006 : xconn->transport.sock);
1007 : #if defined(WITH_SMB1SERVER)
1008 : } else {
1009 267 : smbd_smb1_server_connection_read_handler(xconn,
1010 : xconn->transport.sock);
1011 : }
1012 : #endif
1013 5511 : return;
1014 : }
1015 : }
1016 :
1017 : struct smbd_release_ip_state {
1018 : struct smbXsrv_connection *xconn;
1019 : struct tevent_immediate *im;
1020 : struct sockaddr_storage srv;
1021 : struct sockaddr_storage clnt;
1022 : char addr[INET6_ADDRSTRLEN];
1023 : };
1024 :
1025 : static int release_ip(struct tevent_context *ev,
1026 : uint32_t src_vnn,
1027 : uint32_t dst_vnn,
1028 : uint64_t dst_srvid,
1029 : const uint8_t *msg,
1030 : size_t msglen,
1031 : void *private_data);
1032 :
1033 0 : static int smbd_release_ip_state_destructor(struct smbd_release_ip_state *s)
1034 : {
1035 0 : struct ctdbd_connection *cconn = messaging_ctdb_connection();
1036 0 : struct smbXsrv_connection *xconn = s->xconn;
1037 :
1038 0 : if (cconn == NULL) {
1039 0 : return 0;
1040 : }
1041 :
1042 0 : if (NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_CONNECTION_IN_USE)) {
1043 0 : ctdbd_passed_ips(cconn, &s->srv, &s->clnt, release_ip, s);
1044 : } else {
1045 0 : ctdbd_unregister_ips(cconn, &s->srv, &s->clnt, release_ip, s);
1046 : }
1047 :
1048 0 : return 0;
1049 : }
1050 :
1051 0 : static void smbd_release_ip_immediate(struct tevent_context *ctx,
1052 : struct tevent_immediate *im,
1053 : void *private_data)
1054 : {
1055 : struct smbd_release_ip_state *state =
1056 0 : talloc_get_type_abort(private_data,
1057 : struct smbd_release_ip_state);
1058 0 : struct smbXsrv_connection *xconn = state->xconn;
1059 :
1060 0 : if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
1061 : /*
1062 : * smbd_server_connection_terminate() already triggered ?
1063 : */
1064 0 : return;
1065 : }
1066 :
1067 0 : smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
1068 : }
1069 :
1070 : /****************************************************************************
1071 : received when we should release a specific IP
1072 : ****************************************************************************/
1073 0 : static int release_ip(struct tevent_context *ev,
1074 : uint32_t src_vnn, uint32_t dst_vnn,
1075 : uint64_t dst_srvid,
1076 : const uint8_t *msg, size_t msglen,
1077 : void *private_data)
1078 : {
1079 : struct smbd_release_ip_state *state =
1080 0 : talloc_get_type_abort(private_data,
1081 : struct smbd_release_ip_state);
1082 0 : struct smbXsrv_connection *xconn = state->xconn;
1083 : const char *ip;
1084 0 : const char *addr = state->addr;
1085 0 : const char *p = addr;
1086 :
1087 0 : if (msglen == 0) {
1088 0 : return 0;
1089 : }
1090 0 : if (msg[msglen-1] != '\0') {
1091 0 : return 0;
1092 : }
1093 :
1094 0 : ip = (const char *)msg;
1095 :
1096 0 : if (!NT_STATUS_IS_OK(xconn->transport.status)) {
1097 : /* avoid recursion */
1098 0 : return 0;
1099 : }
1100 :
1101 0 : if (strncmp("::ffff:", addr, 7) == 0) {
1102 0 : p = addr + 7;
1103 : }
1104 :
1105 0 : DEBUG(10, ("Got release IP message for %s, "
1106 : "our address is %s\n", ip, p));
1107 :
1108 0 : if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
1109 0 : DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
1110 : ip));
1111 : /*
1112 : * With SMB2 we should do a clean disconnect,
1113 : * the previous_session_id in the session setup
1114 : * will cleanup the old session, tcons and opens.
1115 : *
1116 : * A clean disconnect is needed in order to support
1117 : * durable handles.
1118 : *
1119 : * Note: typically this is never triggered
1120 : * as we got a TCP RST (triggered by ctdb event scripts)
1121 : * before we get CTDB_SRVID_RELEASE_IP.
1122 : *
1123 : * We used to call _exit(1) here, but as this was mostly never
1124 : * triggered and has implication on our process model,
1125 : * we can just use smbd_server_connection_terminate()
1126 : * (also for SMB1).
1127 : *
1128 : * We don't call smbd_server_connection_terminate() directly
1129 : * as we might be called from within ctdbd_migrate(),
1130 : * we need to defer our action to the next event loop
1131 : */
1132 0 : tevent_schedule_immediate(state->im,
1133 : xconn->client->raw_ev_ctx,
1134 : smbd_release_ip_immediate,
1135 : state);
1136 :
1137 : /*
1138 : * Make sure we don't get any io on the connection.
1139 : */
1140 0 : xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
1141 0 : return EADDRNOTAVAIL;
1142 : }
1143 :
1144 0 : return 0;
1145 : }
1146 :
1147 0 : static int match_cluster_movable_ip(uint32_t total_ip_count,
1148 : const struct sockaddr_storage *ip,
1149 : bool is_movable_ip,
1150 : void *private_data)
1151 : {
1152 0 : const struct sockaddr_storage *srv = private_data;
1153 0 : struct samba_sockaddr pub_ip = {
1154 : .u = {
1155 : .ss = *ip,
1156 : },
1157 : };
1158 0 : struct samba_sockaddr srv_ip = {
1159 : .u = {
1160 : .ss = *srv,
1161 : },
1162 : };
1163 :
1164 0 : if (is_movable_ip && sockaddr_equal(&pub_ip.u.sa, &srv_ip.u.sa)) {
1165 0 : return EADDRNOTAVAIL;
1166 : }
1167 :
1168 0 : return 0;
1169 : }
1170 :
1171 0 : static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
1172 : struct sockaddr_storage *srv,
1173 : struct sockaddr_storage *clnt)
1174 : {
1175 : struct smbd_release_ip_state *state;
1176 : struct ctdbd_connection *cconn;
1177 : int ret;
1178 :
1179 0 : cconn = messaging_ctdb_connection();
1180 0 : if (cconn == NULL) {
1181 0 : return NT_STATUS_NO_MEMORY;
1182 : }
1183 :
1184 0 : state = talloc_zero(xconn, struct smbd_release_ip_state);
1185 0 : if (state == NULL) {
1186 0 : return NT_STATUS_NO_MEMORY;
1187 : }
1188 0 : state->xconn = xconn;
1189 0 : state->im = tevent_create_immediate(state);
1190 0 : if (state->im == NULL) {
1191 0 : return NT_STATUS_NO_MEMORY;
1192 : }
1193 0 : state->srv = *srv;
1194 0 : state->clnt = *clnt;
1195 0 : if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
1196 0 : return NT_STATUS_NO_MEMORY;
1197 : }
1198 :
1199 0 : if (xconn->client->server_multi_channel_enabled) {
1200 0 : ret = ctdbd_public_ip_foreach(cconn,
1201 : match_cluster_movable_ip,
1202 : srv);
1203 0 : if (ret == EADDRNOTAVAIL) {
1204 0 : xconn->has_cluster_movable_ip = true;
1205 0 : DBG_DEBUG("cluster movable IP on %s\n",
1206 : smbXsrv_connection_dbg(xconn));
1207 0 : } else if (ret != 0) {
1208 0 : DBG_ERR("failed to iterate cluster IPs: %s\n",
1209 : strerror(ret));
1210 0 : return NT_STATUS_INTERNAL_ERROR;
1211 : }
1212 : }
1213 :
1214 0 : ret = ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
1215 0 : if (ret != 0) {
1216 0 : return map_nt_error_from_unix(ret);
1217 : }
1218 :
1219 0 : talloc_set_destructor(state, smbd_release_ip_state_destructor);
1220 :
1221 0 : return NT_STATUS_OK;
1222 : }
1223 :
1224 5301 : static int smbXsrv_connection_destructor(struct smbXsrv_connection *xconn)
1225 : {
1226 5301 : DBG_DEBUG("xconn[%s]\n", smbXsrv_connection_dbg(xconn));
1227 5301 : return 0;
1228 : }
1229 :
1230 5301 : NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
1231 : NTTIME now, struct smbXsrv_connection **_xconn)
1232 : {
1233 5301 : TALLOC_CTX *frame = talloc_stackframe();
1234 : struct smbXsrv_connection *xconn;
1235 : struct sockaddr_storage ss_srv;
1236 5301 : void *sp_srv = (void *)&ss_srv;
1237 5301 : struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
1238 : struct sockaddr_storage ss_clnt;
1239 5301 : void *sp_clnt = (void *)&ss_clnt;
1240 5301 : struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
1241 : socklen_t sa_socklen;
1242 5301 : struct tsocket_address *local_address = NULL;
1243 5301 : struct tsocket_address *remote_address = NULL;
1244 5301 : const char *remaddr = NULL;
1245 : char *p;
1246 5301 : const char *rhost = NULL;
1247 : int ret;
1248 : int tmp;
1249 :
1250 5301 : *_xconn = NULL;
1251 :
1252 5301 : DO_PROFILE_INC(connect);
1253 :
1254 5301 : xconn = talloc_zero(client, struct smbXsrv_connection);
1255 5301 : if (xconn == NULL) {
1256 0 : DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
1257 0 : TALLOC_FREE(frame);
1258 0 : return NT_STATUS_NO_MEMORY;
1259 : }
1260 5301 : talloc_set_destructor(xconn, smbXsrv_connection_destructor);
1261 5301 : talloc_steal(frame, xconn);
1262 5301 : xconn->client = client;
1263 5301 : xconn->connect_time = now;
1264 5301 : if (client->next_channel_id != 0) {
1265 5301 : xconn->channel_id = client->next_channel_id++;
1266 : }
1267 :
1268 5301 : xconn->transport.sock = sock_fd;
1269 : #if defined(WITH_SMB1SERVER)
1270 5301 : smbd_echo_init(xconn);
1271 : #endif
1272 5301 : xconn->protocol = PROTOCOL_NONE;
1273 :
1274 : /* Ensure child is set to blocking mode */
1275 5301 : set_blocking(sock_fd,True);
1276 :
1277 5301 : set_socket_options(sock_fd, "SO_KEEPALIVE");
1278 5301 : set_socket_options(sock_fd, lp_socket_options());
1279 :
1280 5301 : sa_socklen = sizeof(ss_clnt);
1281 5301 : ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
1282 5301 : if (ret != 0) {
1283 0 : int saved_errno = errno;
1284 0 : int level = (errno == ENOTCONN)?2:0;
1285 0 : DEBUG(level,("getpeername() failed - %s\n",
1286 : strerror(saved_errno)));
1287 0 : TALLOC_FREE(frame);
1288 0 : return map_nt_error_from_unix_common(saved_errno);
1289 : }
1290 5301 : ret = tsocket_address_bsd_from_sockaddr(xconn,
1291 : sa_clnt, sa_socklen,
1292 : &remote_address);
1293 5301 : if (ret != 0) {
1294 0 : int saved_errno = errno;
1295 0 : DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
1296 : __location__, strerror(saved_errno)));
1297 0 : TALLOC_FREE(frame);
1298 0 : return map_nt_error_from_unix_common(saved_errno);
1299 : }
1300 :
1301 5301 : sa_socklen = sizeof(ss_srv);
1302 5301 : ret = getsockname(sock_fd, sa_srv, &sa_socklen);
1303 5301 : if (ret != 0) {
1304 0 : int saved_errno = errno;
1305 0 : int level = (errno == ENOTCONN)?2:0;
1306 0 : DEBUG(level,("getsockname() failed - %s\n",
1307 : strerror(saved_errno)));
1308 0 : TALLOC_FREE(frame);
1309 0 : return map_nt_error_from_unix_common(saved_errno);
1310 : }
1311 5301 : ret = tsocket_address_bsd_from_sockaddr(xconn,
1312 : sa_srv, sa_socklen,
1313 : &local_address);
1314 5301 : if (ret != 0) {
1315 0 : int saved_errno = errno;
1316 0 : DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
1317 : __location__, strerror(saved_errno)));
1318 0 : TALLOC_FREE(frame);
1319 0 : return map_nt_error_from_unix_common(saved_errno);
1320 : }
1321 :
1322 5301 : if (tsocket_address_is_inet(remote_address, "ip")) {
1323 5301 : remaddr = tsocket_address_inet_addr_string(remote_address,
1324 : talloc_tos());
1325 5301 : if (remaddr == NULL) {
1326 0 : DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1327 : __location__, strerror(errno)));
1328 0 : TALLOC_FREE(frame);
1329 0 : return NT_STATUS_NO_MEMORY;
1330 : }
1331 : } else {
1332 0 : remaddr = "0.0.0.0";
1333 : }
1334 :
1335 : /*
1336 : * Before the first packet, check the global hosts allow/ hosts deny
1337 : * parameters before doing any parsing of packets passed to us by the
1338 : * client. This prevents attacks on our parsing code from hosts not in
1339 : * the hosts allow list.
1340 : */
1341 :
1342 5301 : ret = get_remote_hostname(remote_address,
1343 : &p, talloc_tos());
1344 5301 : if (ret < 0) {
1345 0 : int saved_errno = errno;
1346 0 : DEBUG(0,("%s: get_remote_hostname failed - %s\n",
1347 : __location__, strerror(saved_errno)));
1348 0 : TALLOC_FREE(frame);
1349 0 : return map_nt_error_from_unix_common(saved_errno);
1350 : }
1351 5301 : rhost = p;
1352 5301 : if (strequal(rhost, "UNKNOWN")) {
1353 0 : rhost = remaddr;
1354 : }
1355 :
1356 5301 : xconn->local_address = local_address;
1357 5301 : xconn->remote_address = remote_address;
1358 5301 : xconn->remote_hostname = talloc_strdup(xconn, rhost);
1359 5301 : if (xconn->remote_hostname == NULL) {
1360 0 : return NT_STATUS_NO_MEMORY;
1361 : }
1362 :
1363 5301 : if (!srv_init_signing(xconn)) {
1364 0 : DEBUG(0, ("Failed to init smb_signing\n"));
1365 0 : TALLOC_FREE(frame);
1366 0 : return NT_STATUS_INTERNAL_ERROR;
1367 : }
1368 :
1369 5301 : if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
1370 : xconn->remote_hostname,
1371 : remaddr)) {
1372 0 : DEBUG( 1, ("Connection denied from %s to %s\n",
1373 : tsocket_address_string(remote_address, talloc_tos()),
1374 : tsocket_address_string(local_address, talloc_tos())));
1375 :
1376 : /*
1377 : * We return a valid xconn
1378 : * so that the caller can return an error message
1379 : * to the client
1380 : */
1381 0 : DLIST_ADD_END(client->connections, xconn);
1382 0 : talloc_steal(client, xconn);
1383 :
1384 0 : *_xconn = xconn;
1385 0 : TALLOC_FREE(frame);
1386 0 : return NT_STATUS_NETWORK_ACCESS_DENIED;
1387 : }
1388 :
1389 5301 : DEBUG(10, ("Connection allowed from %s to %s\n",
1390 : tsocket_address_string(remote_address, talloc_tos()),
1391 : tsocket_address_string(local_address, talloc_tos())));
1392 :
1393 5301 : if (lp_clustering()) {
1394 : /*
1395 : * We need to tell ctdb about our client's TCP
1396 : * connection, so that for failover ctdbd can send
1397 : * tickle acks, triggering a reconnection by the
1398 : * client.
1399 : */
1400 : NTSTATUS status;
1401 :
1402 0 : status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
1403 0 : if (!NT_STATUS_IS_OK(status)) {
1404 0 : DEBUG(0, ("ctdbd_register_ips failed: %s\n",
1405 : nt_errstr(status)));
1406 : }
1407 : }
1408 :
1409 5301 : tmp = lp_max_xmit();
1410 5301 : tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
1411 5301 : tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
1412 :
1413 : #if defined(WITH_SMB1SERVER)
1414 5301 : xconn->smb1.negprot.max_recv = tmp;
1415 :
1416 5301 : xconn->smb1.sessions.done_sesssetup = false;
1417 5301 : xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
1418 : #endif
1419 :
1420 5301 : xconn->transport.fde = tevent_add_fd(client->raw_ev_ctx,
1421 : xconn,
1422 : sock_fd,
1423 : TEVENT_FD_READ,
1424 : smbd_server_connection_handler,
1425 : xconn);
1426 5301 : if (!xconn->transport.fde) {
1427 0 : TALLOC_FREE(frame);
1428 0 : return NT_STATUS_NO_MEMORY;
1429 : }
1430 5301 : tevent_fd_set_auto_close(xconn->transport.fde);
1431 :
1432 : /* for now we only have one connection */
1433 5301 : DLIST_ADD_END(client->connections, xconn);
1434 5301 : talloc_steal(client, xconn);
1435 :
1436 5301 : *_xconn = xconn;
1437 5301 : TALLOC_FREE(frame);
1438 5301 : return NT_STATUS_OK;
1439 : }
1440 :
1441 0 : static bool uid_in_use(struct auth_session_info *session_info,
1442 : uid_t uid)
1443 : {
1444 0 : if (session_info->unix_token->uid == uid) {
1445 0 : return true;
1446 : }
1447 0 : return false;
1448 : }
1449 :
1450 0 : static bool gid_in_use(struct auth_session_info *session_info,
1451 : gid_t gid)
1452 : {
1453 : uint32_t i;
1454 0 : struct security_unix_token *utok = NULL;
1455 :
1456 0 : utok = session_info->unix_token;
1457 0 : if (utok->gid == gid) {
1458 0 : return true;
1459 : }
1460 :
1461 0 : for(i = 0; i < utok->ngroups; i++) {
1462 0 : if (utok->groups[i] == gid) {
1463 0 : return true;
1464 : }
1465 : }
1466 0 : return false;
1467 : }
1468 :
1469 0 : static bool sid_in_use(struct auth_session_info *session_info,
1470 : const struct dom_sid *psid)
1471 : {
1472 0 : struct security_token *tok = NULL;
1473 :
1474 0 : tok = session_info->security_token;
1475 0 : if (tok == NULL) {
1476 : /*
1477 : * Not sure session_info->security_token can
1478 : * ever be NULL. This check might be not
1479 : * necessary.
1480 : */
1481 0 : return false;
1482 : }
1483 0 : if (security_token_has_sid(tok, psid)) {
1484 0 : return true;
1485 : }
1486 0 : return false;
1487 : }
1488 :
1489 : struct id_in_use_state {
1490 : const struct id_cache_ref *id;
1491 : bool match;
1492 : };
1493 :
1494 0 : static int id_in_use_cb(struct smbXsrv_session *session,
1495 : void *private_data)
1496 : {
1497 0 : struct id_in_use_state *state = (struct id_in_use_state *)
1498 : private_data;
1499 0 : struct auth_session_info *session_info =
1500 0 : session->global->auth_session_info;
1501 :
1502 0 : switch(state->id->type) {
1503 0 : case UID:
1504 0 : state->match = uid_in_use(session_info, state->id->id.uid);
1505 0 : break;
1506 0 : case GID:
1507 0 : state->match = gid_in_use(session_info, state->id->id.gid);
1508 0 : break;
1509 0 : case SID:
1510 0 : state->match = sid_in_use(session_info, &state->id->id.sid);
1511 0 : break;
1512 0 : default:
1513 0 : state->match = false;
1514 0 : break;
1515 : }
1516 0 : if (state->match) {
1517 0 : return -1;
1518 : }
1519 0 : return 0;
1520 : }
1521 :
1522 0 : static bool id_in_use(struct smbd_server_connection *sconn,
1523 : const struct id_cache_ref *id)
1524 : {
1525 : struct id_in_use_state state;
1526 : NTSTATUS status;
1527 :
1528 0 : state = (struct id_in_use_state) {
1529 : .id = id,
1530 : .match = false,
1531 : };
1532 :
1533 0 : status = smbXsrv_session_local_traverse(sconn->client,
1534 : id_in_use_cb,
1535 : &state);
1536 0 : if (!NT_STATUS_IS_OK(status)) {
1537 0 : return false;
1538 : }
1539 :
1540 0 : return state.match;
1541 : }
1542 :
1543 : /****************************************************************************
1544 : Check if services need reloading.
1545 : ****************************************************************************/
1546 :
1547 339 : static void check_reload(struct smbd_server_connection *sconn, time_t t)
1548 : {
1549 :
1550 339 : if (last_smb_conf_reload_time == 0) {
1551 65 : last_smb_conf_reload_time = t;
1552 : }
1553 :
1554 339 : if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
1555 66 : reload_services(sconn, conn_snum_used, true);
1556 66 : last_smb_conf_reload_time = t;
1557 : }
1558 339 : }
1559 :
1560 0 : static void msg_kill_client_ip(struct messaging_context *msg_ctx,
1561 : void *private_data, uint32_t msg_type,
1562 : struct server_id server_id, DATA_BLOB *data)
1563 : {
1564 0 : struct smbd_server_connection *sconn = talloc_get_type_abort(
1565 : private_data, struct smbd_server_connection);
1566 0 : const char *ip = (char *) data->data;
1567 : char *client_ip;
1568 :
1569 0 : DBG_DEBUG("Got kill request for client IP %s\n", ip);
1570 :
1571 0 : client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
1572 : talloc_tos());
1573 0 : if (client_ip == NULL) {
1574 0 : return;
1575 : }
1576 :
1577 0 : if (strequal(ip, client_ip)) {
1578 0 : DBG_WARNING("Got kill client message for %s - "
1579 : "exiting immediately\n", ip);
1580 0 : exit_server_cleanly("Forced disconnect for client");
1581 : }
1582 :
1583 0 : TALLOC_FREE(client_ip);
1584 : }
1585 :
1586 : /*
1587 : * Do the recurring check if we're idle
1588 : */
1589 339 : static bool deadtime_fn(const struct timeval *now, void *private_data)
1590 : {
1591 339 : struct smbd_server_connection *sconn =
1592 : (struct smbd_server_connection *)private_data;
1593 :
1594 339 : if ((conn_num_open(sconn) == 0)
1595 339 : || (conn_idle_all(sconn, now->tv_sec))) {
1596 0 : DEBUG( 2, ( "Closing idle connection\n" ) );
1597 0 : messaging_send(sconn->msg_ctx,
1598 0 : messaging_server_id(sconn->msg_ctx),
1599 : MSG_SHUTDOWN, &data_blob_null);
1600 0 : return False;
1601 : }
1602 :
1603 339 : return True;
1604 : }
1605 :
1606 : /*
1607 : * Do the recurring log file and smb.conf reload checks.
1608 : */
1609 :
1610 339 : static bool housekeeping_fn(const struct timeval *now, void *private_data)
1611 : {
1612 339 : struct smbd_server_connection *sconn = talloc_get_type_abort(
1613 : private_data, struct smbd_server_connection);
1614 :
1615 339 : DEBUG(5, ("housekeeping\n"));
1616 :
1617 339 : change_to_root_user();
1618 :
1619 : /* check if we need to reload services */
1620 339 : check_reload(sconn, time_mono(NULL));
1621 :
1622 : /*
1623 : * Force a log file check.
1624 : */
1625 339 : force_check_log_size();
1626 339 : check_log_size();
1627 339 : return true;
1628 : }
1629 :
1630 15 : static void smbd_sig_term_handler(struct tevent_context *ev,
1631 : struct tevent_signal *se,
1632 : int signum,
1633 : int count,
1634 : void *siginfo,
1635 : void *private_data)
1636 : {
1637 15 : exit_server_cleanly("termination signal");
1638 : }
1639 :
1640 5251 : static void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
1641 : {
1642 : struct tevent_signal *se;
1643 :
1644 5251 : se = tevent_add_signal(sconn->ev_ctx,
1645 : sconn,
1646 : SIGTERM, 0,
1647 : smbd_sig_term_handler,
1648 : sconn);
1649 5251 : if (!se) {
1650 0 : exit_server("failed to setup SIGTERM handler");
1651 : }
1652 5251 : }
1653 :
1654 0 : static void smbd_sig_hup_handler(struct tevent_context *ev,
1655 : struct tevent_signal *se,
1656 : int signum,
1657 : int count,
1658 : void *siginfo,
1659 : void *private_data)
1660 : {
1661 : struct smbd_server_connection *sconn =
1662 0 : talloc_get_type_abort(private_data,
1663 : struct smbd_server_connection);
1664 :
1665 0 : change_to_root_user();
1666 0 : DEBUG(1,("Reloading services after SIGHUP\n"));
1667 0 : reload_services(sconn, conn_snum_used, false);
1668 0 : }
1669 :
1670 5251 : static void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
1671 : {
1672 : struct tevent_signal *se;
1673 :
1674 5251 : se = tevent_add_signal(sconn->ev_ctx,
1675 : sconn,
1676 : SIGHUP, 0,
1677 : smbd_sig_hup_handler,
1678 : sconn);
1679 5251 : if (!se) {
1680 0 : exit_server("failed to setup SIGHUP handler");
1681 : }
1682 5251 : }
1683 :
1684 3 : static void smbd_conf_updated(struct messaging_context *msg,
1685 : void *private_data,
1686 : uint32_t msg_type,
1687 : struct server_id server_id,
1688 : DATA_BLOB *data)
1689 : {
1690 : struct smbd_server_connection *sconn =
1691 3 : talloc_get_type_abort(private_data,
1692 : struct smbd_server_connection);
1693 :
1694 3 : DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
1695 : "updated. Reloading.\n"));
1696 3 : change_to_root_user();
1697 3 : reload_services(sconn, conn_snum_used, false);
1698 3 : }
1699 :
1700 0 : static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
1701 : void *private_data,
1702 : uint32_t msg_type,
1703 : struct server_id server_id,
1704 : DATA_BLOB* data)
1705 : {
1706 0 : const char *msg = (data && data->data)
1707 0 : ? (const char *)data->data : "<NULL>";
1708 : struct id_cache_ref id;
1709 : struct smbd_server_connection *sconn =
1710 0 : talloc_get_type_abort(private_data,
1711 : struct smbd_server_connection);
1712 :
1713 0 : if (!id_cache_ref_parse(msg, &id)) {
1714 0 : DEBUG(0, ("Invalid ?ID: %s\n", msg));
1715 0 : return;
1716 : }
1717 :
1718 0 : if (id_in_use(sconn, &id)) {
1719 0 : exit_server_cleanly(msg);
1720 : }
1721 0 : id_cache_delete_from_cache(&id);
1722 : }
1723 :
1724 : struct smbd_tevent_trace_state {
1725 : struct tevent_context *ev;
1726 : TALLOC_CTX *frame;
1727 : SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
1728 : };
1729 :
1730 2378365 : static void smbd_tevent_trace_callback(enum tevent_trace_point point,
1731 : void *private_data)
1732 : {
1733 2378365 : struct smbd_tevent_trace_state *state =
1734 : (struct smbd_tevent_trace_state *)private_data;
1735 :
1736 2378365 : switch (point) {
1737 462163 : case TEVENT_TRACE_BEFORE_WAIT:
1738 462163 : if (!smbprofile_dump_pending()) {
1739 : /*
1740 : * If there's no dump pending
1741 : * we don't want to schedule a new 1 sec timer.
1742 : *
1743 : * Instead we want to sleep as long as nothing happens.
1744 : */
1745 462163 : smbprofile_dump_setup(NULL);
1746 : }
1747 462163 : SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
1748 462163 : break;
1749 462163 : case TEVENT_TRACE_AFTER_WAIT:
1750 462163 : SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
1751 462163 : if (!smbprofile_dump_pending()) {
1752 : /*
1753 : * We need to flush our state after sleeping
1754 : * (hopefully a long time).
1755 : */
1756 462163 : smbprofile_dump();
1757 : /*
1758 : * future profiling events should trigger timers
1759 : * on our main event context.
1760 : */
1761 462163 : smbprofile_dump_setup(state->ev);
1762 : }
1763 462163 : break;
1764 729645 : case TEVENT_TRACE_BEFORE_LOOP_ONCE:
1765 729645 : TALLOC_FREE(state->frame);
1766 729645 : state->frame = talloc_stackframe_pool(8192);
1767 729645 : break;
1768 724394 : case TEVENT_TRACE_AFTER_LOOP_ONCE:
1769 724394 : TALLOC_FREE(state->frame);
1770 724394 : break;
1771 : }
1772 :
1773 2378365 : errno = 0;
1774 2378365 : }
1775 :
1776 : /****************************************************************************
1777 : Process commands from the client
1778 : ****************************************************************************/
1779 :
1780 5251 : void smbd_process(struct tevent_context *ev_ctx,
1781 : struct messaging_context *msg_ctx,
1782 : int sock_fd,
1783 : bool interactive)
1784 : {
1785 10502 : struct smbd_tevent_trace_state trace_state = {
1786 : .ev = ev_ctx,
1787 5251 : .frame = talloc_stackframe(),
1788 : };
1789 : const struct loadparm_substitution *lp_sub =
1790 5251 : loadparm_s3_global_substitution();
1791 5251 : struct smbXsrv_client *client = NULL;
1792 5251 : struct smbd_server_connection *sconn = NULL;
1793 5251 : struct smbXsrv_connection *xconn = NULL;
1794 5251 : const char *locaddr = NULL;
1795 5251 : const char *remaddr = NULL;
1796 : int ret;
1797 : NTSTATUS status;
1798 5251 : struct timeval tv = timeval_current();
1799 5251 : NTTIME now = timeval_to_nttime(&tv);
1800 5251 : char *chroot_dir = NULL;
1801 : int rc;
1802 :
1803 5251 : status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
1804 5251 : if (!NT_STATUS_IS_OK(status)) {
1805 0 : DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
1806 0 : exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
1807 : }
1808 :
1809 : /*
1810 : * TODO: remove this...:-)
1811 : */
1812 5251 : global_smbXsrv_client = client;
1813 :
1814 5251 : sconn = talloc_zero(client, struct smbd_server_connection);
1815 5251 : if (sconn == NULL) {
1816 0 : exit_server("failed to create smbd_server_connection");
1817 : }
1818 :
1819 5251 : client->sconn = sconn;
1820 5251 : sconn->client = client;
1821 :
1822 5251 : sconn->ev_ctx = ev_ctx;
1823 5251 : sconn->msg_ctx = msg_ctx;
1824 :
1825 5251 : ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
1826 : &sconn->pool);
1827 5251 : if (ret != 0) {
1828 0 : exit_server("pthreadpool_tevent_init() failed.");
1829 : }
1830 :
1831 : #if defined(WITH_SMB1SERVER)
1832 5251 : if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
1833 : #endif
1834 : /*
1835 : * We're not making the decision here,
1836 : * we're just allowing the client
1837 : * to decide between SMB1 and SMB2
1838 : * with the first negprot
1839 : * packet.
1840 : */
1841 5251 : sconn->using_smb2 = true;
1842 : #if defined(WITH_SMB1SERVER)
1843 : }
1844 : #endif
1845 :
1846 5251 : if (!interactive) {
1847 5251 : smbd_setup_sig_term_handler(sconn);
1848 5251 : smbd_setup_sig_hup_handler(sconn);
1849 : }
1850 :
1851 5251 : status = smbd_add_connection(client, sock_fd, now, &xconn);
1852 5251 : if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
1853 : /*
1854 : * send a negative session response "not listening on calling
1855 : * name"
1856 : */
1857 0 : unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1858 0 : (void)smb1_srv_send(xconn,(char *)buf, false,
1859 : 0, false, NULL);
1860 0 : exit_server_cleanly("connection denied");
1861 5251 : } else if (!NT_STATUS_IS_OK(status)) {
1862 0 : exit_server_cleanly(nt_errstr(status));
1863 : }
1864 :
1865 5251 : sconn->local_address =
1866 5251 : tsocket_address_copy(xconn->local_address, sconn);
1867 5251 : if (sconn->local_address == NULL) {
1868 0 : exit_server_cleanly("tsocket_address_copy() failed");
1869 : }
1870 5251 : sconn->remote_address =
1871 5251 : tsocket_address_copy(xconn->remote_address, sconn);
1872 5251 : if (sconn->remote_address == NULL) {
1873 0 : exit_server_cleanly("tsocket_address_copy() failed");
1874 : }
1875 5251 : sconn->remote_hostname =
1876 5251 : talloc_strdup(sconn, xconn->remote_hostname);
1877 5251 : if (sconn->remote_hostname == NULL) {
1878 0 : exit_server_cleanly("tsocket_strdup() failed");
1879 : }
1880 :
1881 10502 : client->global->local_address =
1882 5251 : tsocket_address_string(sconn->local_address,
1883 5251 : client->global);
1884 5251 : if (client->global->local_address == NULL) {
1885 0 : exit_server_cleanly("tsocket_address_string() failed");
1886 : }
1887 10502 : client->global->remote_address =
1888 5251 : tsocket_address_string(sconn->remote_address,
1889 5251 : client->global);
1890 5251 : if (client->global->remote_address == NULL) {
1891 0 : exit_server_cleanly("tsocket_address_string() failed");
1892 : }
1893 10502 : client->global->remote_name =
1894 5251 : talloc_strdup(client->global, sconn->remote_hostname);
1895 5251 : if (client->global->remote_name == NULL) {
1896 0 : exit_server_cleanly("tsocket_strdup() failed");
1897 : }
1898 :
1899 5251 : if (tsocket_address_is_inet(sconn->local_address, "ip")) {
1900 5251 : locaddr = tsocket_address_inet_addr_string(
1901 : sconn->local_address,
1902 : talloc_tos());
1903 5251 : if (locaddr == NULL) {
1904 0 : DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1905 : __location__, strerror(errno)));
1906 0 : exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
1907 : }
1908 : } else {
1909 0 : locaddr = "0.0.0.0";
1910 : }
1911 :
1912 5251 : if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
1913 5251 : remaddr = tsocket_address_inet_addr_string(
1914 : sconn->remote_address,
1915 : talloc_tos());
1916 5251 : if (remaddr == NULL) {
1917 0 : DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
1918 : __location__, strerror(errno)));
1919 0 : exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
1920 : }
1921 : } else {
1922 0 : remaddr = "0.0.0.0";
1923 : }
1924 :
1925 : /* this is needed so that we get decent entries
1926 : in smbstatus for port 445 connects */
1927 5251 : set_remote_machine_name(remaddr, false);
1928 5251 : reload_services(sconn, conn_snum_used, true);
1929 5251 : sub_set_socket_ids(remaddr,
1930 : sconn->remote_hostname,
1931 : locaddr);
1932 :
1933 5251 : if (lp_preload_modules()) {
1934 0 : smb_load_all_modules_absoute_path(lp_preload_modules());
1935 : }
1936 :
1937 5251 : smb_perfcount_init();
1938 :
1939 5251 : if (!init_account_policy()) {
1940 0 : exit_server("Could not open account policy tdb.\n");
1941 : }
1942 :
1943 5251 : chroot_dir = lp_root_directory(talloc_tos(), lp_sub);
1944 5251 : if (chroot_dir[0] != '\0') {
1945 0 : rc = chdir(chroot_dir);
1946 0 : if (rc != 0) {
1947 0 : DBG_ERR("Failed to chdir to %s\n", chroot_dir);
1948 0 : exit_server("Failed to chdir()");
1949 : }
1950 :
1951 0 : rc = chroot(chroot_dir);
1952 0 : if (rc != 0) {
1953 0 : DBG_ERR("Failed to change root to %s\n", chroot_dir);
1954 0 : exit_server("Failed to chroot()");
1955 : }
1956 0 : DBG_WARNING("Changed root to %s\n", chroot_dir);
1957 :
1958 0 : TALLOC_FREE(chroot_dir);
1959 : }
1960 :
1961 5251 : if (!file_init(sconn)) {
1962 0 : exit_server("file_init() failed");
1963 : }
1964 :
1965 : /* Setup oplocks */
1966 5251 : if (!init_oplocks(sconn))
1967 0 : exit_server("Failed to init oplocks");
1968 :
1969 : /* register our message handlers */
1970 5251 : messaging_register(sconn->msg_ctx, sconn,
1971 : MSG_SMB_FORCE_TDIS, msg_force_tdis);
1972 5251 : messaging_register(
1973 : sconn->msg_ctx,
1974 : sconn,
1975 : MSG_SMB_FORCE_TDIS_DENIED,
1976 : msg_force_tdis_denied);
1977 5251 : messaging_register(sconn->msg_ctx, sconn,
1978 : MSG_SMB_CLOSE_FILE, msg_close_file);
1979 5251 : messaging_register(sconn->msg_ctx, sconn,
1980 : MSG_SMB_FILE_RENAME, msg_file_was_renamed);
1981 :
1982 5251 : id_cache_register_msgs(sconn->msg_ctx);
1983 5251 : messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
1984 5251 : messaging_register(sconn->msg_ctx, sconn,
1985 : ID_CACHE_KILL, smbd_id_cache_kill);
1986 :
1987 5251 : messaging_deregister(sconn->msg_ctx,
1988 5251 : MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
1989 5251 : messaging_register(sconn->msg_ctx, sconn,
1990 : MSG_SMB_CONF_UPDATED, smbd_conf_updated);
1991 :
1992 5251 : messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
1993 : NULL);
1994 5251 : messaging_register(sconn->msg_ctx, sconn,
1995 : MSG_SMB_KILL_CLIENT_IP,
1996 : msg_kill_client_ip);
1997 :
1998 5251 : messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
1999 :
2000 : /*
2001 : * Use the default MSG_DEBUG handler to avoid rebroadcasting
2002 : * MSGs to all child processes
2003 : */
2004 5251 : messaging_deregister(sconn->msg_ctx,
2005 : MSG_DEBUG, NULL);
2006 5251 : messaging_register(sconn->msg_ctx, NULL,
2007 : MSG_DEBUG, debug_message);
2008 :
2009 : #if defined(WITH_SMB1SERVER)
2010 5251 : if ((lp_keepalive() != 0)
2011 5251 : && !(event_add_idle(ev_ctx, NULL,
2012 5251 : timeval_set(lp_keepalive(), 0),
2013 : "keepalive", keepalive_fn,
2014 : sconn))) {
2015 0 : DEBUG(0, ("Could not add keepalive event\n"));
2016 0 : exit(1);
2017 : }
2018 : #endif
2019 :
2020 5251 : if (!(event_add_idle(ev_ctx, NULL,
2021 : timeval_set(IDLE_CLOSED_TIMEOUT, 0),
2022 : "deadtime", deadtime_fn, sconn))) {
2023 0 : DEBUG(0, ("Could not add deadtime event\n"));
2024 0 : exit(1);
2025 : }
2026 :
2027 5251 : if (!(event_add_idle(ev_ctx, NULL,
2028 : timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
2029 : "housekeeping", housekeeping_fn, sconn))) {
2030 0 : DEBUG(0, ("Could not add housekeeping event\n"));
2031 0 : exit(1);
2032 : }
2033 :
2034 5251 : smbprofile_dump_setup(ev_ctx);
2035 :
2036 5251 : if (!init_dptrs(sconn)) {
2037 0 : exit_server("init_dptrs() failed");
2038 : }
2039 :
2040 5251 : TALLOC_FREE(trace_state.frame);
2041 :
2042 5251 : tevent_set_trace_callback(ev_ctx, smbd_tevent_trace_callback,
2043 : &trace_state);
2044 :
2045 5251 : ret = tevent_loop_wait(ev_ctx);
2046 0 : if (ret != 0) {
2047 0 : DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
2048 : " exiting\n", ret, strerror(errno)));
2049 : }
2050 :
2051 0 : TALLOC_FREE(trace_state.frame);
2052 :
2053 0 : exit_server_cleanly(NULL);
2054 : }
|
