]>
Commit | Line | Data |
---|---|---|
c3effa8b | 1 | /* |
cd68afe3 | 2 | Unix SMB/CIFS implementation. |
c3effa8b AT |
3 | process incoming packets - main loop |
4 | Copyright (C) Andrew Tridgell 1992-1998 | |
b91704d4 | 5 | Copyright (C) Volker Lendecke 2005-2007 |
c3effa8b AT |
6 | |
7 | This program is free software; you can redistribute it and/or modify | |
8 | it under the terms of the GNU General Public License as published by | |
d824b98f | 9 | the Free Software Foundation; either version 3 of the License, or |
c3effa8b AT |
10 | (at your option) any later version. |
11 | ||
12 | This program is distributed in the hope that it will be useful, | |
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | GNU General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU General Public License | |
5e54558c | 18 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
c3effa8b AT |
19 | */ |
20 | ||
21 | #include "includes.h" | |
3dde0cbb | 22 | #include "smbd/globals.h" |
c3effa8b | 23 | |
30191d1a | 24 | extern bool global_machine_password_needs_changing; |
c3effa8b | 25 | |
ae0c6cff VL |
26 | static void construct_reply_common(struct smb_request *req, const char *inbuf, |
27 | char *outbuf); | |
5a33e906 | 28 | |
36441da4 JA |
29 | /* Accessor function for smb_read_error for smbd functions. */ |
30 | ||
9254bb4e JA |
31 | /**************************************************************************** |
32 | Send an smb to a fd. | |
33 | ****************************************************************************/ | |
34 | ||
c16c90a1 SM |
35 | bool srv_send_smb(int fd, char *buffer, |
36 | bool do_signing, uint32_t seqnum, | |
37 | bool do_encrypt, | |
38 | struct smb_perfcount_data *pcd) | |
9254bb4e | 39 | { |
54c51a66 | 40 | size_t len = 0; |
9254bb4e JA |
41 | size_t nwritten=0; |
42 | ssize_t ret; | |
43 | char *buf_out = buffer; | |
44 | ||
c16c90a1 SM |
45 | if (do_signing) { |
46 | /* Sign the outgoing packet if required. */ | |
47 | srv_calculate_sign_mac(smbd_server_conn, buf_out, seqnum); | |
48 | } | |
9254bb4e JA |
49 | |
50 | if (do_encrypt) { | |
51 | NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out); | |
52 | if (!NT_STATUS_IS_OK(status)) { | |
53 | DEBUG(0, ("send_smb: SMB encryption failed " | |
54 | "on outgoing packet! Error %s\n", | |
55 | nt_errstr(status) )); | |
54c51a66 | 56 | goto out; |
9254bb4e JA |
57 | } |
58 | } | |
59 | ||
60 | len = smb_len(buf_out) + 4; | |
61 | ||
c344ad30 VL |
62 | ret = write_data(fd,buf_out+nwritten,len - nwritten); |
63 | if (ret <= 0) { | |
64 | DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n", | |
65 | (int)len,(int)ret, strerror(errno) )); | |
66 | srv_free_enc_buffer(buf_out); | |
67 | goto out; | |
9254bb4e JA |
68 | } |
69 | ||
54c51a66 | 70 | SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len); |
9254bb4e | 71 | srv_free_enc_buffer(buf_out); |
54c51a66 | 72 | out: |
73 | SMB_PERFCOUNT_END(pcd); | |
9254bb4e JA |
74 | return true; |
75 | } | |
76 | ||
afc93255 JA |
77 | /******************************************************************* |
78 | Setup the word count and byte count for a smb message. | |
afc93255 JA |
79 | ********************************************************************/ |
80 | ||
9254bb4e | 81 | int srv_set_message(char *buf, |
afc93255 JA |
82 | int num_words, |
83 | int num_bytes, | |
84 | bool zero) | |
85 | { | |
86 | if (zero && (num_words || num_bytes)) { | |
87 | memset(buf + smb_size,'\0',num_words*2 + num_bytes); | |
88 | } | |
89 | SCVAL(buf,smb_wct,num_words); | |
90 | SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes); | |
9254bb4e | 91 | smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4)); |
afc93255 JA |
92 | return (smb_size + num_words*2 + num_bytes); |
93 | } | |
94 | ||
9254bb4e | 95 | static bool valid_smb_header(const uint8_t *inbuf) |
afc93255 | 96 | { |
9254bb4e JA |
97 | if (is_encrypted_packet(inbuf)) { |
98 | return true; | |
afc93255 | 99 | } |
1510b7b8 VL |
100 | /* |
101 | * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0) | |
102 | * but it just looks weird to call strncmp for this one. | |
103 | */ | |
104 | return (IVAL(smb_base(inbuf), 0) == 0x424D53FF); | |
afc93255 JA |
105 | } |
106 | ||
695c4a7a JA |
107 | /* Socket functions for smbd packet processing. */ |
108 | ||
58fbb512 | 109 | static bool valid_packet_size(size_t len) |
695c4a7a JA |
110 | { |
111 | /* | |
112 | * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes | |
113 | * of header. Don't print the error if this fits.... JRA. | |
114 | */ | |
115 | ||
116 | if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) { | |
117 | DEBUG(0,("Invalid packet length! (%lu bytes).\n", | |
118 | (unsigned long)len)); | |
d36434f3 | 119 | return false; |
695c4a7a JA |
120 | } |
121 | return true; | |
122 | } | |
123 | ||
e604e137 VL |
124 | static NTSTATUS read_packet_remainder(int fd, char *buffer, |
125 | unsigned int timeout, ssize_t len) | |
695c4a7a | 126 | { |
48b1ee61 | 127 | if (len <= 0) { |
e604e137 | 128 | return NT_STATUS_OK; |
48b1ee61 | 129 | } |
695c4a7a | 130 | |
43c766a1 | 131 | return read_fd_with_timeout(fd, buffer, len, len, timeout, NULL); |
695c4a7a JA |
132 | } |
133 | ||
134 | /**************************************************************************** | |
135 | Attempt a zerocopy writeX read. We know here that len > smb_size-4 | |
136 | ****************************************************************************/ | |
137 | ||
138 | /* | |
139 | * Unfortunately, earlier versions of smbclient/libsmbclient | |
140 | * don't send this "standard" writeX header. I've fixed this | |
141 | * for 3.2 but we'll use the old method with earlier versions. | |
142 | * Windows and CIFSFS at least use this standard size. Not | |
143 | * sure about MacOSX. | |
144 | */ | |
145 | ||
146 | #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \ | |
147 | (2*14) + /* word count (including bcc) */ \ | |
148 | 1 /* pad byte */) | |
149 | ||
250b2b64 VL |
150 | static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx, |
151 | const char lenbuf[4], | |
152 | int fd, char **buffer, | |
153 | unsigned int timeout, | |
154 | size_t *p_unread, | |
155 | size_t *len_ret) | |
695c4a7a JA |
156 | { |
157 | /* Size of a WRITEX call (+4 byte len). */ | |
158 | char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE]; | |
159 | ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */ | |
160 | ssize_t toread; | |
250b2b64 | 161 | NTSTATUS status; |
695c4a7a | 162 | |
227718cd | 163 | memcpy(writeX_header, lenbuf, 4); |
695c4a7a | 164 | |
43c766a1 | 165 | status = read_fd_with_timeout( |
250b2b64 VL |
166 | fd, writeX_header + 4, |
167 | STANDARD_WRITE_AND_X_HEADER_SIZE, | |
168 | STANDARD_WRITE_AND_X_HEADER_SIZE, | |
169 | timeout, NULL); | |
695c4a7a | 170 | |
250b2b64 VL |
171 | if (!NT_STATUS_IS_OK(status)) { |
172 | return status; | |
695c4a7a JA |
173 | } |
174 | ||
175 | /* | |
176 | * Ok - now try and see if this is a possible | |
177 | * valid writeX call. | |
178 | */ | |
179 | ||
9254bb4e | 180 | if (is_valid_writeX_buffer((uint8_t *)writeX_header)) { |
695c4a7a JA |
181 | /* |
182 | * If the data offset is beyond what | |
183 | * we've read, drain the extra bytes. | |
184 | */ | |
185 | uint16_t doff = SVAL(writeX_header,smb_vwv11); | |
186 | ssize_t newlen; | |
187 | ||
188 | if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) { | |
189 | size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE; | |
190 | if (drain_socket(smbd_server_fd(), drain) != drain) { | |
191 | smb_panic("receive_smb_raw_talloc_partial_read:" | |
192 | " failed to drain pending bytes"); | |
193 | } | |
194 | } else { | |
195 | doff = STANDARD_WRITE_AND_X_HEADER_SIZE; | |
196 | } | |
197 | ||
198 | /* Spoof down the length and null out the bcc. */ | |
199 | set_message_bcc(writeX_header, 0); | |
200 | newlen = smb_len(writeX_header); | |
201 | ||
202 | /* Copy the header we've written. */ | |
203 | ||
637f9d9b | 204 | *buffer = (char *)TALLOC_MEMDUP(mem_ctx, |
695c4a7a JA |
205 | writeX_header, |
206 | sizeof(writeX_header)); | |
207 | ||
208 | if (*buffer == NULL) { | |
209 | DEBUG(0, ("Could not allocate inbuf of length %d\n", | |
210 | (int)sizeof(writeX_header))); | |
250b2b64 | 211 | return NT_STATUS_NO_MEMORY; |
695c4a7a JA |
212 | } |
213 | ||
214 | /* Work out the remaining bytes. */ | |
215 | *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE; | |
250b2b64 VL |
216 | *len_ret = newlen + 4; |
217 | return NT_STATUS_OK; | |
695c4a7a JA |
218 | } |
219 | ||
220 | if (!valid_packet_size(len)) { | |
250b2b64 | 221 | return NT_STATUS_INVALID_PARAMETER; |
695c4a7a JA |
222 | } |
223 | ||
224 | /* | |
225 | * Not a valid writeX call. Just do the standard | |
226 | * talloc and return. | |
227 | */ | |
228 | ||
229 | *buffer = TALLOC_ARRAY(mem_ctx, char, len+4); | |
230 | ||
231 | if (*buffer == NULL) { | |
232 | DEBUG(0, ("Could not allocate inbuf of length %d\n", | |
233 | (int)len+4)); | |
250b2b64 | 234 | return NT_STATUS_NO_MEMORY; |
695c4a7a JA |
235 | } |
236 | ||
237 | /* Copy in what we already read. */ | |
238 | memcpy(*buffer, | |
239 | writeX_header, | |
240 | 4 + STANDARD_WRITE_AND_X_HEADER_SIZE); | |
241 | toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE; | |
242 | ||
243 | if(toread > 0) { | |
e604e137 VL |
244 | status = read_packet_remainder( |
245 | fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE, | |
246 | timeout, toread); | |
247 | ||
248 | if (!NT_STATUS_IS_OK(status)) { | |
8ca459e0 JA |
249 | DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n", |
250 | nt_errstr(status))); | |
250b2b64 | 251 | return status; |
695c4a7a JA |
252 | } |
253 | } | |
254 | ||
250b2b64 VL |
255 | *len_ret = len + 4; |
256 | return NT_STATUS_OK; | |
695c4a7a JA |
257 | } |
258 | ||
9fe66ddd VL |
259 | static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd, |
260 | char **buffer, unsigned int timeout, | |
261 | size_t *p_unread, size_t *plen) | |
695c4a7a JA |
262 | { |
263 | char lenbuf[4]; | |
0afbfa42 | 264 | size_t len; |
695c4a7a | 265 | int min_recv_size = lp_min_receive_file_size(); |
0afbfa42 | 266 | NTSTATUS status; |
695c4a7a | 267 | |
695c4a7a JA |
268 | *p_unread = 0; |
269 | ||
0afbfa42 VL |
270 | status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len); |
271 | if (!NT_STATUS_IS_OK(status)) { | |
272 | DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status))); | |
9fe66ddd | 273 | return status; |
695c4a7a JA |
274 | } |
275 | ||
dea223ba TP |
276 | if (CVAL(lenbuf,0) == 0 && min_recv_size && |
277 | (smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */ | |
278 | (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) && | |
c16c90a1 | 279 | !srv_is_signing_active(smbd_server_conn)) { |
695c4a7a | 280 | |
8ca459e0 JA |
281 | return receive_smb_raw_talloc_partial_read( |
282 | mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen); | |
695c4a7a JA |
283 | } |
284 | ||
285 | if (!valid_packet_size(len)) { | |
9fe66ddd | 286 | return NT_STATUS_INVALID_PARAMETER; |
695c4a7a JA |
287 | } |
288 | ||
289 | /* | |
290 | * The +4 here can't wrap, we've checked the length above already. | |
291 | */ | |
292 | ||
293 | *buffer = TALLOC_ARRAY(mem_ctx, char, len+4); | |
294 | ||
295 | if (*buffer == NULL) { | |
296 | DEBUG(0, ("Could not allocate inbuf of length %d\n", | |
297 | (int)len+4)); | |
9fe66ddd | 298 | return NT_STATUS_NO_MEMORY; |
695c4a7a JA |
299 | } |
300 | ||
301 | memcpy(*buffer, lenbuf, sizeof(lenbuf)); | |
302 | ||
e604e137 VL |
303 | status = read_packet_remainder(fd, (*buffer)+4, timeout, len); |
304 | if (!NT_STATUS_IS_OK(status)) { | |
9fe66ddd | 305 | return status; |
695c4a7a JA |
306 | } |
307 | ||
9fe66ddd VL |
308 | *plen = len + 4; |
309 | return NT_STATUS_OK; | |
695c4a7a JA |
310 | } |
311 | ||
e514cd0a VL |
312 | static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd, |
313 | char **buffer, unsigned int timeout, | |
314 | size_t *p_unread, bool *p_encrypted, | |
c16c90a1 SM |
315 | size_t *p_len, |
316 | uint32_t *seqnum) | |
695c4a7a | 317 | { |
47666c93 | 318 | size_t len = 0; |
9fe66ddd | 319 | NTSTATUS status; |
695c4a7a | 320 | |
9254bb4e JA |
321 | *p_encrypted = false; |
322 | ||
9fe66ddd VL |
323 | status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout, |
324 | p_unread, &len); | |
325 | if (!NT_STATUS_IS_OK(status)) { | |
e514cd0a | 326 | return status; |
695c4a7a JA |
327 | } |
328 | ||
9254bb4e | 329 | if (is_encrypted_packet((uint8_t *)*buffer)) { |
9fe66ddd | 330 | status = srv_decrypt_buffer(*buffer); |
afc93255 JA |
331 | if (!NT_STATUS_IS_OK(status)) { |
332 | DEBUG(0, ("receive_smb_talloc: SMB decryption failed on " | |
333 | "incoming packet! Error %s\n", | |
334 | nt_errstr(status) )); | |
e514cd0a | 335 | return status; |
afc93255 | 336 | } |
9254bb4e | 337 | *p_encrypted = true; |
afc93255 JA |
338 | } |
339 | ||
695c4a7a | 340 | /* Check the incoming SMB signature. */ |
c16c90a1 | 341 | if (!srv_check_sign_mac(smbd_server_conn, *buffer, seqnum)) { |
695c4a7a JA |
342 | DEBUG(0, ("receive_smb: SMB Signature verification failed on " |
343 | "incoming packet!\n")); | |
e514cd0a | 344 | return NT_STATUS_INVALID_NETWORK_RESPONSE; |
695c4a7a JA |
345 | } |
346 | ||
e514cd0a VL |
347 | *p_len = len; |
348 | return NT_STATUS_OK; | |
695c4a7a JA |
349 | } |
350 | ||
0bc56a2e VL |
351 | /* |
352 | * Initialize a struct smb_request from an inbuf | |
353 | */ | |
354 | ||
c3250149 JA |
355 | void init_smb_request(struct smb_request *req, |
356 | const uint8 *inbuf, | |
9254bb4e JA |
357 | size_t unread_bytes, |
358 | bool encrypted) | |
0bc56a2e | 359 | { |
c8620180 | 360 | struct smbd_server_connection *sconn = smbd_server_conn; |
ed70bc0d JA |
361 | size_t req_size = smb_len(inbuf) + 4; |
362 | /* Ensure we have at least smb_size bytes. */ | |
a1f593cd JA |
363 | if (req_size < smb_size) { |
364 | DEBUG(0,("init_smb_request: invalid request size %u\n", | |
365 | (unsigned int)req_size )); | |
366 | exit_server_cleanly("Invalid SMB request"); | |
367 | } | |
7808a259 | 368 | req->cmd = CVAL(inbuf, smb_com); |
0bc56a2e VL |
369 | req->flags2 = SVAL(inbuf, smb_flg2); |
370 | req->smbpid = SVAL(inbuf, smb_pid); | |
371 | req->mid = SVAL(inbuf, smb_mid); | |
c16c90a1 | 372 | req->seqnum = 0; |
0bc56a2e | 373 | req->vuid = SVAL(inbuf, smb_uid); |
cc6a4101 VL |
374 | req->tid = SVAL(inbuf, smb_tid); |
375 | req->wct = CVAL(inbuf, smb_wct); | |
2bab73a1 | 376 | req->vwv = (uint16_t *)(inbuf+smb_vwv); |
7f9d6f80 | 377 | req->buflen = smb_buflen(inbuf); |
7bdb571e | 378 | req->buf = (const uint8_t *)smb_buf(inbuf); |
c3250149 | 379 | req->unread_bytes = unread_bytes; |
9254bb4e | 380 | req->encrypted = encrypted; |
c8620180 | 381 | req->conn = conn_find(sconn,req->tid); |
d65afbe5 | 382 | req->chain_fsp = NULL; |
ba981128 | 383 | req->chain_outbuf = NULL; |
5135ebd6 | 384 | req->done = false; |
54c51a66 | 385 | smb_init_perfcount_data(&req->pcd); |
c3250149 | 386 | |
a662a62e | 387 | /* Ensure we have at least wct words and 2 bytes of bcc. */ |
a1f593cd JA |
388 | if (smb_size + req->wct*2 > req_size) { |
389 | DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n", | |
390 | (unsigned int)req->wct, | |
391 | (unsigned int)req_size)); | |
392 | exit_server_cleanly("Invalid SMB request"); | |
393 | } | |
a662a62e | 394 | /* Ensure bcc is correct. */ |
7f9d6f80 | 395 | if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) { |
a662a62e JA |
396 | DEBUG(0,("init_smb_request: invalid bcc number %u " |
397 | "(wct = %u, size %u)\n", | |
7f9d6f80 | 398 | (unsigned int)req->buflen, |
a662a62e JA |
399 | (unsigned int)req->wct, |
400 | (unsigned int)req_size)); | |
401 | exit_server_cleanly("Invalid SMB request"); | |
402 | } | |
54c51a66 | 403 | |
cc6a4101 | 404 | req->outbuf = NULL; |
0bc56a2e VL |
405 | } |
406 | ||
aeb798c3 SM |
407 | static void process_smb(struct smbd_server_connection *conn, |
408 | uint8_t *inbuf, size_t nread, size_t unread_bytes, | |
c16c90a1 SM |
409 | uint32_t seqnum, bool encrypted, |
410 | struct smb_perfcount_data *deferred_pcd); | |
aeb798c3 SM |
411 | |
412 | static void smbd_deferred_open_timer(struct event_context *ev, | |
413 | struct timed_event *te, | |
414 | struct timeval _tval, | |
415 | void *private_data) | |
416 | { | |
417 | struct pending_message_list *msg = talloc_get_type(private_data, | |
418 | struct pending_message_list); | |
419 | TALLOC_CTX *mem_ctx = talloc_tos(); | |
420 | uint8_t *inbuf; | |
421 | ||
50aa8a4a VL |
422 | inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data, |
423 | msg->buf.length); | |
aeb798c3 SM |
424 | if (inbuf == NULL) { |
425 | exit_server("smbd_deferred_open_timer: talloc failed\n"); | |
426 | return; | |
427 | } | |
428 | ||
429 | /* We leave this message on the queue so the open code can | |
430 | know this is a retry. */ | |
431 | DEBUG(5,("smbd_deferred_open_timer: trigger mid %u.\n", | |
432 | (unsigned int)SVAL(msg->buf.data,smb_mid))); | |
433 | ||
434 | process_smb(smbd_server_conn, inbuf, | |
435 | msg->buf.length, 0, | |
c16c90a1 | 436 | msg->seqnum, msg->encrypted, &msg->pcd); |
aeb798c3 | 437 | } |
aab2fe02 JA |
438 | |
439 | /**************************************************************************** | |
e5a95132 GJC |
440 | Function to push a message onto the tail of a linked list of smb messages ready |
441 | for processing. | |
aab2fe02 JA |
442 | ****************************************************************************/ |
443 | ||
30191d1a | 444 | static bool push_queued_message(struct smb_request *req, |
54abd2aa GC |
445 | struct timeval request_time, |
446 | struct timeval end_time, | |
447 | char *private_data, size_t private_len) | |
aab2fe02 | 448 | { |
b578db69 | 449 | int msg_len = smb_len(req->inbuf) + 4; |
54abd2aa GC |
450 | struct pending_message_list *msg; |
451 | ||
452 | msg = TALLOC_ZERO_P(NULL, struct pending_message_list); | |
aab2fe02 | 453 | |
1eff0523 JA |
454 | if(msg == NULL) { |
455 | DEBUG(0,("push_message: malloc fail (1)\n")); | |
456 | return False; | |
457 | } | |
aab2fe02 | 458 | |
b578db69 | 459 | msg->buf = data_blob_talloc(msg, req->inbuf, msg_len); |
2fc57c9a | 460 | if(msg->buf.data == NULL) { |
1eff0523 | 461 | DEBUG(0,("push_message: malloc fail (2)\n")); |
fb5362c0 | 462 | TALLOC_FREE(msg); |
1eff0523 JA |
463 | return False; |
464 | } | |
aab2fe02 | 465 | |
54abd2aa | 466 | msg->request_time = request_time; |
c16c90a1 | 467 | msg->seqnum = req->seqnum; |
9254bb4e | 468 | msg->encrypted = req->encrypted; |
54c51a66 | 469 | SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd); |
2fc57c9a | 470 | |
19ca97a7 | 471 | if (private_data) { |
54abd2aa GC |
472 | msg->private_data = data_blob_talloc(msg, private_data, |
473 | private_len); | |
2fc57c9a JA |
474 | if (msg->private_data.data == NULL) { |
475 | DEBUG(0,("push_message: malloc fail (3)\n")); | |
fb5362c0 | 476 | TALLOC_FREE(msg); |
b6fb0462 | 477 | return False; |
2fc57c9a JA |
478 | } |
479 | } | |
aab2fe02 | 480 | |
aeb798c3 SM |
481 | msg->te = event_add_timed(smbd_event_context(), |
482 | msg, | |
483 | end_time, | |
484 | smbd_deferred_open_timer, | |
485 | msg); | |
486 | if (!msg->te) { | |
487 | DEBUG(0,("push_message: event_add_timed failed\n")); | |
488 | TALLOC_FREE(msg); | |
489 | return false; | |
490 | } | |
491 | ||
258a465e | 492 | DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *); |
aab2fe02 | 493 | |
54abd2aa GC |
494 | DEBUG(10,("push_message: pushed message length %u on " |
495 | "deferred_open_queue\n", (unsigned int)msg_len)); | |
2fc57c9a | 496 | |
1eff0523 | 497 | return True; |
aab2fe02 JA |
498 | } |
499 | ||
2fc57c9a JA |
500 | /**************************************************************************** |
501 | Function to delete a sharing violation open message by mid. | |
502 | ****************************************************************************/ | |
503 | ||
54abd2aa | 504 | void remove_deferred_open_smb_message(uint16 mid) |
2fc57c9a JA |
505 | { |
506 | struct pending_message_list *pml; | |
507 | ||
54abd2aa | 508 | for (pml = deferred_open_queue; pml; pml = pml->next) { |
2fc57c9a | 509 | if (mid == SVAL(pml->buf.data,smb_mid)) { |
e5a95132 | 510 | DEBUG(10,("remove_sharing_violation_open_smb_message: " |
54abd2aa GC |
511 | "deleting mid %u len %u\n", |
512 | (unsigned int)mid, | |
513 | (unsigned int)pml->buf.length )); | |
514 | DLIST_REMOVE(deferred_open_queue, pml); | |
fb5362c0 | 515 | TALLOC_FREE(pml); |
2fc57c9a JA |
516 | return; |
517 | } | |
518 | } | |
519 | } | |
520 | ||
521 | /**************************************************************************** | |
522 | Move a sharing violation open retry message to the front of the list and | |
523 | schedule it for immediate processing. | |
524 | ****************************************************************************/ | |
525 | ||
54abd2aa | 526 | void schedule_deferred_open_smb_message(uint16 mid) |
2fc57c9a JA |
527 | { |
528 | struct pending_message_list *pml; | |
529 | int i = 0; | |
530 | ||
54abd2aa | 531 | for (pml = deferred_open_queue; pml; pml = pml->next) { |
2fc57c9a | 532 | uint16 msg_mid = SVAL(pml->buf.data,smb_mid); |
aeb798c3 | 533 | |
e5a95132 GJC |
534 | DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++, |
535 | (unsigned int)msg_mid )); | |
aeb798c3 | 536 | |
2fc57c9a | 537 | if (mid == msg_mid) { |
aeb798c3 SM |
538 | struct timed_event *te; |
539 | ||
e5a95132 GJC |
540 | DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n", |
541 | mid )); | |
aeb798c3 SM |
542 | |
543 | te = event_add_timed(smbd_event_context(), | |
544 | pml, | |
545 | timeval_zero(), | |
546 | smbd_deferred_open_timer, | |
547 | pml); | |
548 | if (!te) { | |
549 | DEBUG(10,("schedule_deferred_open_smb_message: " | |
550 | "event_add_timed() failed, skipping mid %u\n", | |
551 | mid )); | |
552 | } | |
553 | ||
554 | TALLOC_FREE(pml->te); | |
555 | pml->te = te; | |
54abd2aa | 556 | DLIST_PROMOTE(deferred_open_queue, pml); |
2fc57c9a JA |
557 | return; |
558 | } | |
559 | } | |
560 | ||
e5a95132 GJC |
561 | DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n", |
562 | mid )); | |
2fc57c9a JA |
563 | } |
564 | ||
565 | /**************************************************************************** | |
566 | Return true if this mid is on the deferred queue. | |
567 | ****************************************************************************/ | |
568 | ||
30191d1a | 569 | bool open_was_deferred(uint16 mid) |
2fc57c9a JA |
570 | { |
571 | struct pending_message_list *pml; | |
3e0f5862 | 572 | |
54abd2aa | 573 | for (pml = deferred_open_queue; pml; pml = pml->next) { |
2fc57c9a JA |
574 | if (SVAL(pml->buf.data,smb_mid) == mid) { |
575 | return True; | |
576 | } | |
577 | } | |
578 | return False; | |
579 | } | |
580 | ||
581 | /**************************************************************************** | |
582 | Return the message queued by this mid. | |
583 | ****************************************************************************/ | |
584 | ||
585 | struct pending_message_list *get_open_deferred_message(uint16 mid) | |
586 | { | |
587 | struct pending_message_list *pml; | |
3e0f5862 | 588 | |
54abd2aa | 589 | for (pml = deferred_open_queue; pml; pml = pml->next) { |
2fc57c9a JA |
590 | if (SVAL(pml->buf.data,smb_mid) == mid) { |
591 | return pml; | |
592 | } | |
593 | } | |
594 | return NULL; | |
595 | } | |
596 | ||
597 | /**************************************************************************** | |
54abd2aa GC |
598 | Function to push a deferred open smb message onto a linked list of local smb |
599 | messages ready for processing. | |
600 | ****************************************************************************/ | |
601 | ||
30191d1a | 602 | bool push_deferred_smb_message(struct smb_request *req, |
54abd2aa GC |
603 | struct timeval request_time, |
604 | struct timeval timeout, | |
605 | char *private_data, size_t priv_len) | |
606 | { | |
607 | struct timeval end_time; | |
608 | ||
c3250149 JA |
609 | if (req->unread_bytes) { |
610 | DEBUG(0,("push_deferred_smb_message: logic error ! " | |
611 | "unread_bytes = %u\n", | |
612 | (unsigned int)req->unread_bytes )); | |
613 | smb_panic("push_deferred_smb_message: " | |
614 | "logic error unread_bytes != 0" ); | |
615 | } | |
616 | ||
54abd2aa GC |
617 | end_time = timeval_sum(&request_time, &timeout); |
618 | ||
619 | DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u " | |
620 | "timeout time [%u.%06u]\n", | |
b578db69 | 621 | (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid, |
54abd2aa GC |
622 | (unsigned int)end_time.tv_sec, |
623 | (unsigned int)end_time.tv_usec)); | |
624 | ||
b578db69 | 625 | return push_queued_message(req, request_time, end_time, |
54abd2aa GC |
626 | private_data, priv_len); |
627 | } | |
628 | ||
54abd2aa GC |
629 | struct idle_event { |
630 | struct timed_event *te; | |
631 | struct timeval interval; | |
7c2bc9c0 | 632 | char *name; |
30191d1a | 633 | bool (*handler)(const struct timeval *now, void *private_data); |
54abd2aa GC |
634 | void *private_data; |
635 | }; | |
636 | ||
c34d5f44 SM |
637 | static void smbd_idle_event_handler(struct event_context *ctx, |
638 | struct timed_event *te, | |
639 | struct timeval now, | |
640 | void *private_data) | |
54abd2aa GC |
641 | { |
642 | struct idle_event *event = | |
643 | talloc_get_type_abort(private_data, struct idle_event); | |
644 | ||
fb5362c0 | 645 | TALLOC_FREE(event->te); |
54abd2aa | 646 | |
c34d5f44 SM |
647 | DEBUG(10,("smbd_idle_event_handler: %s %p called\n", |
648 | event->name, event->te)); | |
649 | ||
650 | if (!event->handler(&now, event->private_data)) { | |
651 | DEBUG(10,("smbd_idle_event_handler: %s %p stopped\n", | |
652 | event->name, event->te)); | |
54abd2aa | 653 | /* Don't repeat, delete ourselves */ |
fb5362c0 | 654 | TALLOC_FREE(event); |
54abd2aa GC |
655 | return; |
656 | } | |
657 | ||
c34d5f44 SM |
658 | DEBUG(10,("smbd_idle_event_handler: %s %p rescheduled\n", |
659 | event->name, event->te)); | |
660 | ||
7c2bc9c0 | 661 | event->te = event_add_timed(ctx, event, |
c34d5f44 SM |
662 | timeval_sum(&now, &event->interval), |
663 | smbd_idle_event_handler, event); | |
54abd2aa GC |
664 | |
665 | /* We can't do much but fail here. */ | |
666 | SMB_ASSERT(event->te != NULL); | |
667 | } | |
668 | ||
7c2bc9c0 VL |
669 | struct idle_event *event_add_idle(struct event_context *event_ctx, |
670 | TALLOC_CTX *mem_ctx, | |
54abd2aa | 671 | struct timeval interval, |
7c2bc9c0 | 672 | const char *name, |
30191d1a | 673 | bool (*handler)(const struct timeval *now, |
54abd2aa GC |
674 | void *private_data), |
675 | void *private_data) | |
676 | { | |
677 | struct idle_event *result; | |
678 | struct timeval now = timeval_current(); | |
679 | ||
680 | result = TALLOC_P(mem_ctx, struct idle_event); | |
681 | if (result == NULL) { | |
682 | DEBUG(0, ("talloc failed\n")); | |
683 | return NULL; | |
684 | } | |
685 | ||
686 | result->interval = interval; | |
687 | result->handler = handler; | |
688 | result->private_data = private_data; | |
689 | ||
7c2bc9c0 VL |
690 | if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) { |
691 | DEBUG(0, ("talloc failed\n")); | |
692 | TALLOC_FREE(result); | |
693 | return NULL; | |
694 | } | |
695 | ||
696 | result->te = event_add_timed(event_ctx, result, | |
bf219447 | 697 | timeval_sum(&now, &interval), |
c34d5f44 | 698 | smbd_idle_event_handler, result); |
54abd2aa | 699 | if (result->te == NULL) { |
bf219447 | 700 | DEBUG(0, ("event_add_timed failed\n")); |
fb5362c0 | 701 | TALLOC_FREE(result); |
54abd2aa GC |
702 | return NULL; |
703 | } | |
704 | ||
c34d5f44 | 705 | DEBUG(10,("event_add_idle: %s %p\n", result->name, result->te)); |
54abd2aa GC |
706 | return result; |
707 | } | |
8fbdd112 | 708 | |
ac61f650 SM |
709 | static void smbd_sig_term_handler(struct tevent_context *ev, |
710 | struct tevent_signal *se, | |
711 | int signum, | |
712 | int count, | |
713 | void *siginfo, | |
714 | void *private_data) | |
715 | { | |
716 | exit_server_cleanly("termination signal"); | |
717 | } | |
718 | ||
719 | void smbd_setup_sig_term_handler(void) | |
720 | { | |
721 | struct tevent_signal *se; | |
722 | ||
723 | se = tevent_add_signal(smbd_event_context(), | |
724 | smbd_event_context(), | |
725 | SIGTERM, 0, | |
726 | smbd_sig_term_handler, | |
727 | NULL); | |
728 | if (!se) { | |
729 | exit_server("failed to setup SIGTERM handler"); | |
730 | } | |
731 | } | |
732 | ||
733 | static void smbd_sig_hup_handler(struct tevent_context *ev, | |
734 | struct tevent_signal *se, | |
735 | int signum, | |
736 | int count, | |
737 | void *siginfo, | |
738 | void *private_data) | |
739 | { | |
740 | change_to_root_user(); | |
741 | DEBUG(1,("Reloading services after SIGHUP\n")); | |
742 | reload_services(False); | |
743 | } | |
744 | ||
745 | void smbd_setup_sig_hup_handler(void) | |
746 | { | |
747 | struct tevent_signal *se; | |
748 | ||
749 | se = tevent_add_signal(smbd_event_context(), | |
750 | smbd_event_context(), | |
751 | SIGHUP, 0, | |
752 | smbd_sig_hup_handler, | |
753 | NULL); | |
754 | if (!se) { | |
755 | exit_server("failed to setup SIGHUP handler"); | |
756 | } | |
757 | } | |
758 | ||
aeb798c3 | 759 | static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *conn) |
aab2fe02 | 760 | { |
bf219447 | 761 | fd_set r_fds, w_fds; |
8843a637 | 762 | int selrtn; |
cc203f3e | 763 | struct timeval to; |
8fbdd112 | 764 | int maxfd = 0; |
aab2fe02 | 765 | |
f6c883b4 JA |
766 | to.tv_sec = SMBD_SELECT_TIMEOUT; |
767 | to.tv_usec = 0; | |
2fc57c9a | 768 | |
8843a637 | 769 | /* |
bf219447 | 770 | * Setup the select fd sets. |
8843a637 AT |
771 | */ |
772 | ||
bf219447 VL |
773 | FD_ZERO(&r_fds); |
774 | FD_ZERO(&w_fds); | |
e90b6528 | 775 | |
cc203f3e JA |
776 | /* |
777 | * Are there any timed events waiting ? If so, ensure we don't | |
778 | * select for longer than it would take to wait for them. | |
779 | */ | |
780 | ||
54abd2aa | 781 | { |
bf219447 VL |
782 | struct timeval now; |
783 | GetTimeOfDay(&now); | |
784 | ||
785 | event_add_to_select_args(smbd_event_context(), &now, | |
786 | &r_fds, &w_fds, &to, &maxfd); | |
787 | } | |
788 | ||
048f8dba SM |
789 | /* Process a signal and timed events now... */ |
790 | if (run_events(smbd_event_context(), 0, NULL, NULL)) { | |
791 | return NT_STATUS_RETRY; | |
54abd2aa | 792 | } |
048f8dba | 793 | |
fbdcf266 JA |
794 | { |
795 | int sav; | |
796 | START_PROFILE(smbd_idle); | |
797 | ||
bf219447 | 798 | selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to); |
fbdcf266 JA |
799 | sav = errno; |
800 | ||
801 | END_PROFILE(smbd_idle); | |
802 | errno = sav; | |
803 | } | |
8843a637 | 804 | |
bf219447 | 805 | if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) { |
1ce9525b | 806 | return NT_STATUS_RETRY; |
bf219447 VL |
807 | } |
808 | ||
8843a637 | 809 | /* Check if error */ |
b2d01bd2 | 810 | if (selrtn == -1) { |
8843a637 | 811 | /* something is wrong. Maybe the socket is dead? */ |
eaf7621c | 812 | return map_nt_error_from_unix(errno); |
6913f101 JA |
813 | } |
814 | ||
8843a637 AT |
815 | /* Did we timeout ? */ |
816 | if (selrtn == 0) { | |
1ce9525b | 817 | return NT_STATUS_RETRY; |
8843a637 | 818 | } |
b2d01bd2 | 819 | |
830b31a4 SM |
820 | /* should not be reached */ |
821 | return NT_STATUS_INTERNAL_ERROR; | |
aab2fe02 | 822 | } |
c3effa8b | 823 | |
22dbd677 JA |
824 | /* |
825 | * Only allow 5 outstanding trans requests. We're allocating memory, so | |
826 | * prevent a DoS. | |
827 | */ | |
aab2fe02 | 828 | |
22dbd677 | 829 | NTSTATUS allow_new_trans(struct trans_state *list, int mid) |
c3effa8b | 830 | { |
22dbd677 JA |
831 | int count = 0; |
832 | for (; list != NULL; list = list->next) { | |
c3effa8b | 833 | |
22dbd677 JA |
834 | if (list->mid == mid) { |
835 | return NT_STATUS_INVALID_PARAMETER; | |
836 | } | |
837 | ||
838 | count += 1; | |
839 | } | |
840 | if (count > 5) { | |
841 | return NT_STATUS_INSUFFICIENT_RESOURCES; | |
842 | } | |
c3effa8b | 843 | |
22dbd677 | 844 | return NT_STATUS_OK; |
c3effa8b AT |
845 | } |
846 | ||
c3effa8b AT |
847 | /* |
848 | These flags determine some of the permissions required to do an operation | |
849 | ||
850 | Note that I don't set NEED_WRITE on some write operations because they | |
851 | are used by some brain-dead clients when printing, and I don't want to | |
852 | force write permissions on print services. | |
853 | */ | |
854 | #define AS_USER (1<<0) | |
ce61fb21 | 855 | #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */ |
c3effa8b | 856 | #define TIME_INIT (1<<2) |
ce61fb21 JA |
857 | #define CAN_IPC (1<<3) /* Must be paired with AS_USER */ |
858 | #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */ | |
54abd2aa | 859 | #define DO_CHDIR (1<<6) |
c3effa8b AT |
860 | |
861 | /* | |
862 | define a list of possible SMB messages and their corresponding | |
863 | functions. Any message that has a NULL function is unimplemented - | |
864 | please feel free to contribute implementations! | |
865 | */ | |
1eff0523 JA |
866 | static const struct smb_message_struct { |
867 | const char *name; | |
48d3a1d2 | 868 | void (*fn)(struct smb_request *req); |
1eff0523 JA |
869 | int flags; |
870 | } smb_messages[256] = { | |
918c3ebe | 871 | |
b578db69 VL |
872 | /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE}, |
873 | /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE}, | |
874 | /* 0x02 */ { "SMBopen",reply_open,AS_USER }, | |
875 | /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER}, | |
876 | /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC }, | |
877 | /* 0x05 */ { "SMBflush",reply_flush,AS_USER}, | |
878 | /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE }, | |
879 | /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE }, | |
880 | /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER}, | |
881 | /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE}, | |
882 | /* 0x0a */ { "SMBread",reply_read,AS_USER}, | |
883 | /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC }, | |
884 | /* 0x0c */ { "SMBlock",reply_lock,AS_USER}, | |
885 | /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER}, | |
886 | /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER }, | |
887 | /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER}, | |
888 | /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER}, | |
889 | /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR}, | |
890 | /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER}, | |
891 | /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER}, | |
892 | /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER}, | |
893 | /* 0x15 */ { NULL, NULL, 0 }, | |
894 | /* 0x16 */ { NULL, NULL, 0 }, | |
895 | /* 0x17 */ { NULL, NULL, 0 }, | |
896 | /* 0x18 */ { NULL, NULL, 0 }, | |
897 | /* 0x19 */ { NULL, NULL, 0 }, | |
898 | /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER}, | |
899 | /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER}, | |
900 | /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER }, | |
901 | /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER}, | |
902 | /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER}, | |
903 | /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER}, | |
904 | /* 0x20 */ { "SMBwritec", NULL,0}, | |
905 | /* 0x21 */ { NULL, NULL, 0 }, | |
906 | /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE }, | |
907 | /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER }, | |
908 | /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER }, | |
909 | /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC }, | |
910 | /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC}, | |
911 | /* 0x27 */ { "SMBioctl",reply_ioctl,0}, | |
912 | /* 0x28 */ { "SMBioctls", NULL,AS_USER}, | |
913 | /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE }, | |
914 | /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE }, | |
915 | /* 0x2b */ { "SMBecho",reply_echo,0}, | |
916 | /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER}, | |
917 | /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC }, | |
918 | /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC }, | |
919 | /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC }, | |
920 | /* 0x30 */ { NULL, NULL, 0 }, | |
921 | /* 0x31 */ { NULL, NULL, 0 }, | |
922 | /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC }, | |
7716ad68 | 923 | /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER | CAN_IPC }, |
b578db69 VL |
924 | /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER}, |
925 | /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER}, | |
926 | /* 0x36 */ { NULL, NULL, 0 }, | |
927 | /* 0x37 */ { NULL, NULL, 0 }, | |
928 | /* 0x38 */ { NULL, NULL, 0 }, | |
929 | /* 0x39 */ { NULL, NULL, 0 }, | |
930 | /* 0x3a */ { NULL, NULL, 0 }, | |
931 | /* 0x3b */ { NULL, NULL, 0 }, | |
932 | /* 0x3c */ { NULL, NULL, 0 }, | |
933 | /* 0x3d */ { NULL, NULL, 0 }, | |
934 | /* 0x3e */ { NULL, NULL, 0 }, | |
935 | /* 0x3f */ { NULL, NULL, 0 }, | |
936 | /* 0x40 */ { NULL, NULL, 0 }, | |
937 | /* 0x41 */ { NULL, NULL, 0 }, | |
938 | /* 0x42 */ { NULL, NULL, 0 }, | |
939 | /* 0x43 */ { NULL, NULL, 0 }, | |
940 | /* 0x44 */ { NULL, NULL, 0 }, | |
941 | /* 0x45 */ { NULL, NULL, 0 }, | |
942 | /* 0x46 */ { NULL, NULL, 0 }, | |
943 | /* 0x47 */ { NULL, NULL, 0 }, | |
944 | /* 0x48 */ { NULL, NULL, 0 }, | |
945 | /* 0x49 */ { NULL, NULL, 0 }, | |
946 | /* 0x4a */ { NULL, NULL, 0 }, | |
947 | /* 0x4b */ { NULL, NULL, 0 }, | |
948 | /* 0x4c */ { NULL, NULL, 0 }, | |
949 | /* 0x4d */ { NULL, NULL, 0 }, | |
950 | /* 0x4e */ { NULL, NULL, 0 }, | |
951 | /* 0x4f */ { NULL, NULL, 0 }, | |
952 | /* 0x50 */ { NULL, NULL, 0 }, | |
953 | /* 0x51 */ { NULL, NULL, 0 }, | |
954 | /* 0x52 */ { NULL, NULL, 0 }, | |
955 | /* 0x53 */ { NULL, NULL, 0 }, | |
956 | /* 0x54 */ { NULL, NULL, 0 }, | |
957 | /* 0x55 */ { NULL, NULL, 0 }, | |
958 | /* 0x56 */ { NULL, NULL, 0 }, | |
959 | /* 0x57 */ { NULL, NULL, 0 }, | |
960 | /* 0x58 */ { NULL, NULL, 0 }, | |
961 | /* 0x59 */ { NULL, NULL, 0 }, | |
962 | /* 0x5a */ { NULL, NULL, 0 }, | |
963 | /* 0x5b */ { NULL, NULL, 0 }, | |
964 | /* 0x5c */ { NULL, NULL, 0 }, | |
965 | /* 0x5d */ { NULL, NULL, 0 }, | |
966 | /* 0x5e */ { NULL, NULL, 0 }, | |
967 | /* 0x5f */ { NULL, NULL, 0 }, | |
968 | /* 0x60 */ { NULL, NULL, 0 }, | |
969 | /* 0x61 */ { NULL, NULL, 0 }, | |
970 | /* 0x62 */ { NULL, NULL, 0 }, | |
971 | /* 0x63 */ { NULL, NULL, 0 }, | |
972 | /* 0x64 */ { NULL, NULL, 0 }, | |
973 | /* 0x65 */ { NULL, NULL, 0 }, | |
974 | /* 0x66 */ { NULL, NULL, 0 }, | |
975 | /* 0x67 */ { NULL, NULL, 0 }, | |
976 | /* 0x68 */ { NULL, NULL, 0 }, | |
977 | /* 0x69 */ { NULL, NULL, 0 }, | |
978 | /* 0x6a */ { NULL, NULL, 0 }, | |
979 | /* 0x6b */ { NULL, NULL, 0 }, | |
980 | /* 0x6c */ { NULL, NULL, 0 }, | |
981 | /* 0x6d */ { NULL, NULL, 0 }, | |
982 | /* 0x6e */ { NULL, NULL, 0 }, | |
983 | /* 0x6f */ { NULL, NULL, 0 }, | |
984 | /* 0x70 */ { "SMBtcon",reply_tcon,0}, | |
985 | /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR}, | |
986 | /* 0x72 */ { "SMBnegprot",reply_negprot,0}, | |
987 | /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0}, | |
988 | /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */ | |
989 | /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0}, | |
990 | /* 0x76 */ { NULL, NULL, 0 }, | |
991 | /* 0x77 */ { NULL, NULL, 0 }, | |
992 | /* 0x78 */ { NULL, NULL, 0 }, | |
993 | /* 0x79 */ { NULL, NULL, 0 }, | |
994 | /* 0x7a */ { NULL, NULL, 0 }, | |
995 | /* 0x7b */ { NULL, NULL, 0 }, | |
996 | /* 0x7c */ { NULL, NULL, 0 }, | |
997 | /* 0x7d */ { NULL, NULL, 0 }, | |
998 | /* 0x7e */ { NULL, NULL, 0 }, | |
999 | /* 0x7f */ { NULL, NULL, 0 }, | |
1000 | /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER}, | |
1001 | /* 0x81 */ { "SMBsearch",reply_search,AS_USER}, | |
1002 | /* 0x82 */ { "SMBffirst",reply_search,AS_USER}, | |
1003 | /* 0x83 */ { "SMBfunique",reply_search,AS_USER}, | |
1004 | /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER}, | |
1005 | /* 0x85 */ { NULL, NULL, 0 }, | |
1006 | /* 0x86 */ { NULL, NULL, 0 }, | |
1007 | /* 0x87 */ { NULL, NULL, 0 }, | |
1008 | /* 0x88 */ { NULL, NULL, 0 }, | |
1009 | /* 0x89 */ { NULL, NULL, 0 }, | |
1010 | /* 0x8a */ { NULL, NULL, 0 }, | |
1011 | /* 0x8b */ { NULL, NULL, 0 }, | |
1012 | /* 0x8c */ { NULL, NULL, 0 }, | |
1013 | /* 0x8d */ { NULL, NULL, 0 }, | |
1014 | /* 0x8e */ { NULL, NULL, 0 }, | |
1015 | /* 0x8f */ { NULL, NULL, 0 }, | |
1016 | /* 0x90 */ { NULL, NULL, 0 }, | |
1017 | /* 0x91 */ { NULL, NULL, 0 }, | |
1018 | /* 0x92 */ { NULL, NULL, 0 }, | |
1019 | /* 0x93 */ { NULL, NULL, 0 }, | |
1020 | /* 0x94 */ { NULL, NULL, 0 }, | |
1021 | /* 0x95 */ { NULL, NULL, 0 }, | |
1022 | /* 0x96 */ { NULL, NULL, 0 }, | |
1023 | /* 0x97 */ { NULL, NULL, 0 }, | |
1024 | /* 0x98 */ { NULL, NULL, 0 }, | |
1025 | /* 0x99 */ { NULL, NULL, 0 }, | |
1026 | /* 0x9a */ { NULL, NULL, 0 }, | |
1027 | /* 0x9b */ { NULL, NULL, 0 }, | |
1028 | /* 0x9c */ { NULL, NULL, 0 }, | |
1029 | /* 0x9d */ { NULL, NULL, 0 }, | |
1030 | /* 0x9e */ { NULL, NULL, 0 }, | |
1031 | /* 0x9f */ { NULL, NULL, 0 }, | |
1032 | /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC }, | |
1033 | /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC }, | |
1034 | /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC }, | |
1035 | /* 0xa3 */ { NULL, NULL, 0 }, | |
1036 | /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 }, | |
1037 | /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE }, | |
1038 | /* 0xa6 */ { NULL, NULL, 0 }, | |
1039 | /* 0xa7 */ { NULL, NULL, 0 }, | |
1040 | /* 0xa8 */ { NULL, NULL, 0 }, | |
1041 | /* 0xa9 */ { NULL, NULL, 0 }, | |
1042 | /* 0xaa */ { NULL, NULL, 0 }, | |
1043 | /* 0xab */ { NULL, NULL, 0 }, | |
1044 | /* 0xac */ { NULL, NULL, 0 }, | |
1045 | /* 0xad */ { NULL, NULL, 0 }, | |
1046 | /* 0xae */ { NULL, NULL, 0 }, | |
1047 | /* 0xaf */ { NULL, NULL, 0 }, | |
1048 | /* 0xb0 */ { NULL, NULL, 0 }, | |
1049 | /* 0xb1 */ { NULL, NULL, 0 }, | |
1050 | /* 0xb2 */ { NULL, NULL, 0 }, | |
1051 | /* 0xb3 */ { NULL, NULL, 0 }, | |
1052 | /* 0xb4 */ { NULL, NULL, 0 }, | |
1053 | /* 0xb5 */ { NULL, NULL, 0 }, | |
1054 | /* 0xb6 */ { NULL, NULL, 0 }, | |
1055 | /* 0xb7 */ { NULL, NULL, 0 }, | |
1056 | /* 0xb8 */ { NULL, NULL, 0 }, | |
1057 | /* 0xb9 */ { NULL, NULL, 0 }, | |
1058 | /* 0xba */ { NULL, NULL, 0 }, | |
1059 | /* 0xbb */ { NULL, NULL, 0 }, | |
1060 | /* 0xbc */ { NULL, NULL, 0 }, | |
1061 | /* 0xbd */ { NULL, NULL, 0 }, | |
1062 | /* 0xbe */ { NULL, NULL, 0 }, | |
1063 | /* 0xbf */ { NULL, NULL, 0 }, | |
1064 | /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER}, | |
1065 | /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER}, | |
1066 | /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER}, | |
1067 | /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER}, | |
1068 | /* 0xc4 */ { NULL, NULL, 0 }, | |
1069 | /* 0xc5 */ { NULL, NULL, 0 }, | |
1070 | /* 0xc6 */ { NULL, NULL, 0 }, | |
1071 | /* 0xc7 */ { NULL, NULL, 0 }, | |
1072 | /* 0xc8 */ { NULL, NULL, 0 }, | |
1073 | /* 0xc9 */ { NULL, NULL, 0 }, | |
1074 | /* 0xca */ { NULL, NULL, 0 }, | |
1075 | /* 0xcb */ { NULL, NULL, 0 }, | |
1076 | /* 0xcc */ { NULL, NULL, 0 }, | |
1077 | /* 0xcd */ { NULL, NULL, 0 }, | |
1078 | /* 0xce */ { NULL, NULL, 0 }, | |
1079 | /* 0xcf */ { NULL, NULL, 0 }, | |
1080 | /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST}, | |
1081 | /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST}, | |
1082 | /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST}, | |
1083 | /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST}, | |
1084 | /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST}, | |
1085 | /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST}, | |
1086 | /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST}, | |
1087 | /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST}, | |
1088 | /* 0xd8 */ { NULL, NULL, 0 }, | |
1089 | /* 0xd9 */ { NULL, NULL, 0 }, | |
1090 | /* 0xda */ { NULL, NULL, 0 }, | |
1091 | /* 0xdb */ { NULL, NULL, 0 }, | |
1092 | /* 0xdc */ { NULL, NULL, 0 }, | |
1093 | /* 0xdd */ { NULL, NULL, 0 }, | |
1094 | /* 0xde */ { NULL, NULL, 0 }, | |
1095 | /* 0xdf */ { NULL, NULL, 0 }, | |
1096 | /* 0xe0 */ { NULL, NULL, 0 }, | |
1097 | /* 0xe1 */ { NULL, NULL, 0 }, | |
1098 | /* 0xe2 */ { NULL, NULL, 0 }, | |
1099 | /* 0xe3 */ { NULL, NULL, 0 }, | |
1100 | /* 0xe4 */ { NULL, NULL, 0 }, | |
1101 | /* 0xe5 */ { NULL, NULL, 0 }, | |
1102 | /* 0xe6 */ { NULL, NULL, 0 }, | |
1103 | /* 0xe7 */ { NULL, NULL, 0 }, | |
1104 | /* 0xe8 */ { NULL, NULL, 0 }, | |
1105 | /* 0xe9 */ { NULL, NULL, 0 }, | |
1106 | /* 0xea */ { NULL, NULL, 0 }, | |
1107 | /* 0xeb */ { NULL, NULL, 0 }, | |
1108 | /* 0xec */ { NULL, NULL, 0 }, | |
1109 | /* 0xed */ { NULL, NULL, 0 }, | |
1110 | /* 0xee */ { NULL, NULL, 0 }, | |
1111 | /* 0xef */ { NULL, NULL, 0 }, | |
1112 | /* 0xf0 */ { NULL, NULL, 0 }, | |
1113 | /* 0xf1 */ { NULL, NULL, 0 }, | |
1114 | /* 0xf2 */ { NULL, NULL, 0 }, | |
1115 | /* 0xf3 */ { NULL, NULL, 0 }, | |
1116 | /* 0xf4 */ { NULL, NULL, 0 }, | |
1117 | /* 0xf5 */ { NULL, NULL, 0 }, | |
1118 | /* 0xf6 */ { NULL, NULL, 0 }, | |
1119 | /* 0xf7 */ { NULL, NULL, 0 }, | |
1120 | /* 0xf8 */ { NULL, NULL, 0 }, | |
1121 | /* 0xf9 */ { NULL, NULL, 0 }, | |
1122 | /* 0xfa */ { NULL, NULL, 0 }, | |
1123 | /* 0xfb */ { NULL, NULL, 0 }, | |
1124 | /* 0xfc */ { NULL, NULL, 0 }, | |
1125 | /* 0xfd */ { NULL, NULL, 0 }, | |
1126 | /* 0xfe */ { NULL, NULL, 0 }, | |
1127 | /* 0xff */ { NULL, NULL, 0 } | |
918c3ebe JA |
1128 | |
1129 | }; | |
c3effa8b | 1130 | |
cc6a4101 VL |
1131 | /******************************************************************* |
1132 | allocate and initialize a reply packet | |
1133 | ********************************************************************/ | |
1134 | ||
ae0c6cff VL |
1135 | static bool create_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req, |
1136 | const char *inbuf, char **outbuf, uint8_t num_words, | |
1137 | uint32_t num_bytes) | |
cc6a4101 | 1138 | { |
2fb27fcb VL |
1139 | /* |
1140 | * Protect against integer wrap | |
1141 | */ | |
1142 | if ((num_bytes > 0xffffff) | |
1143 | || ((num_bytes + smb_size + num_words*2) > 0xffffff)) { | |
1144 | char *msg; | |
a4c0812a VL |
1145 | if (asprintf(&msg, "num_bytes too large: %u", |
1146 | (unsigned)num_bytes) == -1) { | |
1147 | msg = CONST_DISCARD(char *, "num_bytes too large"); | |
1148 | } | |
2fb27fcb VL |
1149 | smb_panic(msg); |
1150 | } | |
1151 | ||
5cd8a427 VL |
1152 | *outbuf = TALLOC_ARRAY(mem_ctx, char, |
1153 | smb_size + num_words*2 + num_bytes); | |
1154 | if (*outbuf == NULL) { | |
1155 | return false; | |
cc6a4101 VL |
1156 | } |
1157 | ||
ae0c6cff | 1158 | construct_reply_common(req, inbuf, *outbuf); |
5cd8a427 | 1159 | srv_set_message(*outbuf, num_words, num_bytes, false); |
cc6a4101 VL |
1160 | /* |
1161 | * Zero out the word area, the caller has to take care of the bcc area | |
1162 | * himself | |
1163 | */ | |
1164 | if (num_words != 0) { | |
5cd8a427 | 1165 | memset(*outbuf + smb_vwv0, 0, num_words*2); |
cc6a4101 VL |
1166 | } |
1167 | ||
5cd8a427 VL |
1168 | return true; |
1169 | } | |
1170 | ||
1171 | void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes) | |
1172 | { | |
1173 | char *outbuf; | |
ae0c6cff | 1174 | if (!create_outbuf(req, req, (char *)req->inbuf, &outbuf, num_words, |
5cd8a427 VL |
1175 | num_bytes)) { |
1176 | smb_panic("could not allocate output buffer\n"); | |
1177 | } | |
1178 | req->outbuf = (uint8_t *)outbuf; | |
cc6a4101 VL |
1179 | } |
1180 | ||
1181 | ||
712a30ed | 1182 | /******************************************************************* |
a834a73e GC |
1183 | Dump a packet to a file. |
1184 | ********************************************************************/ | |
1185 | ||
cc6a4101 | 1186 | static void smb_dump(const char *name, int type, const char *data, ssize_t len) |
712a30ed LL |
1187 | { |
1188 | int fd, i; | |
d068bc64 JA |
1189 | char *fname = NULL; |
1190 | if (DEBUGLEVEL < 50) { | |
1191 | return; | |
1192 | } | |
712a30ed | 1193 | |
62707533 | 1194 | if (len < 4) len = smb_len(data)+4; |
712a30ed | 1195 | for (i=1;i<100;i++) { |
a4c0812a VL |
1196 | if (asprintf(&fname, "/tmp/%s.%d.%s", name, i, |
1197 | type ? "req" : "resp") == -1) { | |
d068bc64 JA |
1198 | return; |
1199 | } | |
712a30ed LL |
1200 | fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644); |
1201 | if (fd != -1 || errno != EEXIST) break; | |
1202 | } | |
1203 | if (fd != -1) { | |
e400bfce JA |
1204 | ssize_t ret = write(fd, data, len); |
1205 | if (ret != len) | |
1206 | DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret )); | |
712a30ed | 1207 | close(fd); |
9c8d23e5 | 1208 | DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len)); |
712a30ed | 1209 | } |
d068bc64 | 1210 | SAFE_FREE(fname); |
712a30ed LL |
1211 | } |
1212 | ||
c3effa8b | 1213 | /**************************************************************************** |
cc6a4101 VL |
1214 | Prepare everything for calling the actual request function, and potentially |
1215 | call the request function via the "new" interface. | |
1216 | ||
1217 | Return False if the "legacy" function needs to be called, everything is | |
1218 | prepared. | |
1219 | ||
1220 | Return True if we're done. | |
1221 | ||
1222 | I know this API sucks, but it is the one with the least code change I could | |
1223 | find. | |
c3effa8b | 1224 | ****************************************************************************/ |
a834a73e | 1225 | |
9254bb4e | 1226 | static connection_struct *switch_message(uint8 type, struct smb_request *req, int size) |
c3effa8b | 1227 | { |
941db29a | 1228 | int flags; |
941db29a | 1229 | uint16 session_tag; |
9254bb4e | 1230 | connection_struct *conn = NULL; |
356f0336 | 1231 | struct smbd_server_connection *sconn = smbd_server_conn; |
24f8e973 | 1232 | |
a834a73e | 1233 | errno = 0; |
0557c6cb | 1234 | |
cc6a4101 VL |
1235 | /* Make sure this is an SMB packet. smb_size contains NetBIOS header |
1236 | * so subtract 4 from it. */ | |
9254bb4e | 1237 | if (!valid_smb_header(req->inbuf) |
cc6a4101 VL |
1238 | || (size < (smb_size - 4))) { |
1239 | DEBUG(2,("Non-SMB packet of length %d. Terminating server\n", | |
1240 | smb_len(req->inbuf))); | |
eecdc6c9 | 1241 | exit_server_cleanly("Non-SMB packet"); |
a834a73e | 1242 | } |
c3effa8b | 1243 | |
48d3a1d2 | 1244 | if (smb_messages[type].fn == NULL) { |
a834a73e | 1245 | DEBUG(0,("Unknown message type %d!\n",type)); |
cc6a4101 VL |
1246 | smb_dump("Unknown", 1, (char *)req->inbuf, size); |
1247 | reply_unknown_new(req, type); | |
9254bb4e | 1248 | return NULL; |
941db29a | 1249 | } |
a834a73e | 1250 | |
941db29a | 1251 | flags = smb_messages[type].flags; |
a834a73e | 1252 | |
941db29a VL |
1253 | /* In share mode security we must ignore the vuid. */ |
1254 | session_tag = (lp_security() == SEC_SHARE) | |
cc6a4101 | 1255 | ? UID_FIELD_INVALID : req->vuid; |
9254bb4e | 1256 | conn = req->conn; |
918c3ebe | 1257 | |
8579dd4d VL |
1258 | DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type), |
1259 | (int)sys_getpid(), (unsigned long)conn)); | |
941db29a | 1260 | |
cc6a4101 | 1261 | smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size); |
918c3ebe | 1262 | |
941db29a | 1263 | /* Ensure this value is replaced in the incoming packet. */ |
cc6a4101 | 1264 | SSVAL(req->inbuf,smb_uid,session_tag); |
918c3ebe | 1265 | |
941db29a VL |
1266 | /* |
1267 | * Ensure the correct username is in current_user_info. This is a | |
1268 | * really ugly bugfix for problems with multiple session_setup_and_X's | |
1269 | * being done and allowing %U and %G substitutions to work correctly. | |
1270 | * There is a reason this code is done here, don't move it unless you | |
8579dd4d VL |
1271 | * know what you're doing... :-). |
1272 | * JRA. | |
941db29a VL |
1273 | */ |
1274 | ||
356f0336 | 1275 | if (session_tag != sconn->smb1.sessions.last_session_tag) { |
941db29a VL |
1276 | user_struct *vuser = NULL; |
1277 | ||
356f0336 | 1278 | sconn->smb1.sessions.last_session_tag = session_tag; |
941db29a | 1279 | if(session_tag != UID_FIELD_INVALID) { |
75d03970 | 1280 | vuser = get_valid_user_struct(sconn, session_tag); |
941db29a | 1281 | if (vuser) { |
bec1dfab VL |
1282 | set_current_user_info( |
1283 | vuser->server_info->sanitized_username, | |
1284 | vuser->server_info->unix_name, | |
bec1dfab VL |
1285 | pdb_get_domain(vuser->server_info |
1286 | ->sam_account)); | |
a59149b8 JA |
1287 | } |
1288 | } | |
941db29a | 1289 | } |
d57e67f9 | 1290 | |
941db29a VL |
1291 | /* Does this call need to be run as the connected user? */ |
1292 | if (flags & AS_USER) { | |
fcda2645 | 1293 | |
941db29a VL |
1294 | /* Does this call need a valid tree connection? */ |
1295 | if (!conn) { | |
8579dd4d VL |
1296 | /* |
1297 | * Amazingly, the error code depends on the command | |
1298 | * (from Samba4). | |
1299 | */ | |
941db29a | 1300 | if (type == SMBntcreateX) { |
cc6a4101 | 1301 | reply_nterror(req, NT_STATUS_INVALID_HANDLE); |
941db29a | 1302 | } else { |
cc6a4101 | 1303 | reply_doserror(req, ERRSRV, ERRinvnid); |
ce61fb21 | 1304 | } |
9254bb4e | 1305 | return NULL; |
941db29a | 1306 | } |
d57e67f9 | 1307 | |
941db29a | 1308 | if (!change_to_user(conn,session_tag)) { |
5e9aade5 ZK |
1309 | DEBUG(0, ("Error: Could not change to user. Removing " |
1310 | "deferred open, mid=%d.\n", req->mid)); | |
cc6a4101 | 1311 | reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid)); |
09536880 | 1312 | remove_deferred_open_smb_message(req->mid); |
9254bb4e | 1313 | return conn; |
941db29a | 1314 | } |
c3effa8b | 1315 | |
941db29a | 1316 | /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */ |
918c3ebe | 1317 | |
941db29a VL |
1318 | /* Does it need write permission? */ |
1319 | if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) { | |
cc6a4101 | 1320 | reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED); |
9254bb4e | 1321 | return conn; |
ce61fb21 | 1322 | } |
918c3ebe | 1323 | |
941db29a VL |
1324 | /* IPC services are limited */ |
1325 | if (IS_IPC(conn) && !(flags & CAN_IPC)) { | |
cc6a4101 | 1326 | reply_doserror(req, ERRSRV,ERRaccess); |
9254bb4e | 1327 | return conn; |
f60ad8de | 1328 | } |
941db29a VL |
1329 | } else { |
1330 | /* This call needs to be run as root */ | |
1331 | change_to_root_user(); | |
1332 | } | |
918c3ebe | 1333 | |
941db29a VL |
1334 | /* load service specific parameters */ |
1335 | if (conn) { | |
9254bb4e JA |
1336 | if (req->encrypted) { |
1337 | conn->encrypted_tid = true; | |
1338 | /* encrypted required from now on. */ | |
1339 | conn->encrypt_level = Required; | |
1340 | } else if (ENCRYPTION_REQUIRED(conn)) { | |
7808a259 | 1341 | if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) { |
9254bb4e JA |
1342 | exit_server_cleanly("encryption required " |
1343 | "on connection"); | |
1344 | return conn; | |
1345 | } | |
1346 | } | |
1347 | ||
cc6a4101 | 1348 | if (!set_current_service(conn,SVAL(req->inbuf,smb_flg), |
8579dd4d VL |
1349 | (flags & (AS_USER|DO_CHDIR) |
1350 | ?True:False))) { | |
cc6a4101 | 1351 | reply_doserror(req, ERRSRV, ERRaccess); |
9254bb4e | 1352 | return conn; |
afce2b24 | 1353 | } |
941db29a VL |
1354 | conn->num_smb_operations++; |
1355 | } | |
918c3ebe | 1356 | |
941db29a VL |
1357 | /* does this protocol need to be run as guest? */ |
1358 | if ((flags & AS_GUEST) | |
8579dd4d | 1359 | && (!change_to_guest() || |
941db29a VL |
1360 | !check_access(smbd_server_fd(), lp_hostsallow(-1), |
1361 | lp_hostsdeny(-1)))) { | |
cc6a4101 | 1362 | reply_doserror(req, ERRSRV, ERRaccess); |
9254bb4e | 1363 | return conn; |
cc6a4101 VL |
1364 | } |
1365 | ||
48d3a1d2 | 1366 | smb_messages[type].fn(req); |
9254bb4e | 1367 | return req->conn; |
e9ea36e4 AT |
1368 | } |
1369 | ||
e9ea36e4 | 1370 | /**************************************************************************** |
a834a73e | 1371 | Construct a reply to the incoming packet. |
e9ea36e4 | 1372 | ****************************************************************************/ |
a834a73e | 1373 | |
54c51a66 | 1374 | static void construct_reply(char *inbuf, int size, size_t unread_bytes, |
c16c90a1 | 1375 | uint32_t seqnum, bool encrypted, |
54c51a66 | 1376 | struct smb_perfcount_data *deferred_pcd) |
e9ea36e4 | 1377 | { |
9254bb4e | 1378 | connection_struct *conn; |
cc6a4101 | 1379 | struct smb_request *req; |
e9ea36e4 | 1380 | |
929e1d99 | 1381 | if (!(req = talloc(talloc_tos(), struct smb_request))) { |
cc6a4101 VL |
1382 | smb_panic("could not allocate smb_request"); |
1383 | } | |
54c51a66 | 1384 | |
9254bb4e | 1385 | init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted); |
b8125663 | 1386 | req->inbuf = (uint8_t *)talloc_move(req, &inbuf); |
c16c90a1 | 1387 | req->seqnum = seqnum; |
e9ea36e4 | 1388 | |
54c51a66 | 1389 | /* we popped this message off the queue - keep original perf data */ |
1390 | if (deferred_pcd) | |
1391 | req->pcd = *deferred_pcd; | |
1392 | else { | |
1393 | SMB_PERFCOUNT_START(&req->pcd); | |
1394 | SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd); | |
1395 | SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size); | |
1396 | } | |
1397 | ||
7808a259 | 1398 | conn = switch_message(req->cmd, req, size); |
e9ea36e4 | 1399 | |
c3250149 JA |
1400 | if (req->unread_bytes) { |
1401 | /* writeX failed. drain socket. */ | |
1402 | if (drain_socket(smbd_server_fd(), req->unread_bytes) != | |
1403 | req->unread_bytes) { | |
1404 | smb_panic("failed to drain pending bytes"); | |
1405 | } | |
1406 | req->unread_bytes = 0; | |
1407 | } | |
1408 | ||
5135ebd6 VL |
1409 | if (req->done) { |
1410 | TALLOC_FREE(req); | |
1411 | return; | |
1412 | } | |
1413 | ||
b578db69 VL |
1414 | if (req->outbuf == NULL) { |
1415 | return; | |
cc6a4101 | 1416 | } |
e9ea36e4 | 1417 | |
b578db69 VL |
1418 | if (CVAL(req->outbuf,0) == 0) { |
1419 | show_msg((char *)req->outbuf); | |
1420 | } | |
e9ea36e4 | 1421 | |
9254bb4e JA |
1422 | if (!srv_send_smb(smbd_server_fd(), |
1423 | (char *)req->outbuf, | |
c16c90a1 | 1424 | true, req->seqnum+1, |
54c51a66 | 1425 | IS_CONN_ENCRYPTED(conn)||req->encrypted, |
1426 | &req->pcd)) { | |
9254bb4e | 1427 | exit_server_cleanly("construct_reply: srv_send_smb failed."); |
dc90cd89 | 1428 | } |
cc6a4101 VL |
1429 | |
1430 | TALLOC_FREE(req); | |
1431 | ||
1432 | return; | |
e9ea36e4 AT |
1433 | } |
1434 | ||
e9ea36e4 | 1435 | /**************************************************************************** |
49ecd176 | 1436 | Process an smb from the client |
e9ea36e4 | 1437 | ****************************************************************************/ |
aeb798c3 SM |
1438 | static void process_smb(struct smbd_server_connection *conn, |
1439 | uint8_t *inbuf, size_t nread, size_t unread_bytes, | |
c16c90a1 SM |
1440 | uint32_t seqnum, bool encrypted, |
1441 | struct smb_perfcount_data *deferred_pcd) | |
e9ea36e4 | 1442 | { |
1eff0523 | 1443 | int msg_type = CVAL(inbuf,0); |
1eff0523 JA |
1444 | |
1445 | DO_PROFILE_INC(smb_count); | |
1446 | ||
cc6a4101 VL |
1447 | DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type, |
1448 | smb_len(inbuf) ) ); | |
c3250149 JA |
1449 | DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num, |
1450 | (int)nread, | |
1451 | (unsigned int)unread_bytes )); | |
1eff0523 | 1452 | |
cc6a4101 VL |
1453 | if (msg_type != 0) { |
1454 | /* | |
1455 | * NetBIOS session request, keepalive, etc. | |
1456 | */ | |
aeb798c3 SM |
1457 | reply_special((char *)inbuf); |
1458 | goto done; | |
cc6a4101 | 1459 | } |
1eff0523 | 1460 | |
688945a9 SM |
1461 | if (smbd_server_conn->allow_smb2) { |
1462 | if (smbd_is_smb2_header(inbuf, nread)) { | |
1463 | smbd_smb2_first_negprot(smbd_server_conn, inbuf, nread); | |
1464 | return; | |
1465 | } | |
1466 | smbd_server_conn->allow_smb2 = false; | |
1467 | } | |
1468 | ||
aeb798c3 | 1469 | show_msg((char *)inbuf); |
cc6a4101 | 1470 | |
c16c90a1 | 1471 | construct_reply((char *)inbuf,nread,unread_bytes,seqnum,encrypted,deferred_pcd); |
1eff0523 | 1472 | trans_num++; |
aeb798c3 SM |
1473 | |
1474 | done: | |
ebc860eb | 1475 | conn->smb1.num_requests++; |
aeb798c3 SM |
1476 | |
1477 | /* The timeout_processing function isn't run nearly | |
1478 | often enough to implement 'max log size' without | |
1479 | overrunning the size of the file by many megabytes. | |
1480 | This is especially true if we are running at debug | |
1481 | level 10. Checking every 50 SMBs is a nice | |
1482 | tradeoff of performance vs log file size overrun. */ | |
1483 | ||
ebc860eb | 1484 | if ((conn->smb1.num_requests % 50) == 0 && |
aeb798c3 SM |
1485 | need_to_check_log_size()) { |
1486 | change_to_root_user(); | |
1487 | check_log_size(); | |
1488 | } | |
e9ea36e4 AT |
1489 | } |
1490 | ||
e9ea36e4 | 1491 | /**************************************************************************** |
1eff0523 | 1492 | Return a string containing the function name of a SMB command. |
e9ea36e4 | 1493 | ****************************************************************************/ |
1eff0523 | 1494 | |
127e77e6 | 1495 | const char *smb_fn_name(int type) |
e9ea36e4 | 1496 | { |
634c5431 | 1497 | const char *unknown_name = "SMBunknown"; |
e9ea36e4 | 1498 | |
918c3ebe | 1499 | if (smb_messages[type].name == NULL) |
e9ea36e4 AT |
1500 | return(unknown_name); |
1501 | ||
918c3ebe | 1502 | return(smb_messages[type].name); |
c3effa8b AT |
1503 | } |
1504 | ||
dc76502c | 1505 | /**************************************************************************** |
6bb8f54e | 1506 | Helper functions for contruct_reply. |
dc76502c JA |
1507 | ****************************************************************************/ |
1508 | ||
6219c997 JA |
1509 | void add_to_common_flags2(uint32 v) |
1510 | { | |
1511 | common_flags2 |= v; | |
1512 | } | |
6bb8f54e | 1513 | |
27891bde | 1514 | void remove_from_common_flags2(uint32 v) |
6bb8f54e | 1515 | { |
27891bde | 1516 | common_flags2 &= ~v; |
6bb8f54e JA |
1517 | } |
1518 | ||
ae0c6cff VL |
1519 | static void construct_reply_common(struct smb_request *req, const char *inbuf, |
1520 | char *outbuf) | |
dc76502c | 1521 | { |
9254bb4e | 1522 | srv_set_message(outbuf,0,0,false); |
e5a95132 | 1523 | |
ae0c6cff | 1524 | SCVAL(outbuf, smb_com, req->cmd); |
fc13f284 | 1525 | SIVAL(outbuf,smb_rcls,0); |
b7280423 AT |
1526 | SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES)); |
1527 | SSVAL(outbuf,smb_flg2, | |
6bb8f54e JA |
1528 | (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) | |
1529 | common_flags2); | |
fc13f284 | 1530 | memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh)); |
b7280423 | 1531 | |
b7280423 AT |
1532 | SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid)); |
1533 | SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid)); | |
1534 | SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid)); | |
1535 | SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid)); | |
dc76502c | 1536 | } |
c3effa8b | 1537 | |
e4897a53 VL |
1538 | void construct_reply_common_req(struct smb_request *req, char *outbuf) |
1539 | { | |
ae0c6cff | 1540 | construct_reply_common(req, (char *)req->inbuf, outbuf); |
e4897a53 VL |
1541 | } |
1542 | ||
ddaa65ef VL |
1543 | /* |
1544 | * How many bytes have we already accumulated up to the current wct field | |
1545 | * offset? | |
1546 | */ | |
1547 | ||
1548 | size_t req_wct_ofs(struct smb_request *req) | |
1549 | { | |
1550 | size_t buf_size; | |
1551 | ||
1552 | if (req->chain_outbuf == NULL) { | |
1553 | return smb_wct - 4; | |
1554 | } | |
1555 | buf_size = talloc_get_size(req->chain_outbuf); | |
1556 | if ((buf_size % 4) != 0) { | |
1557 | buf_size += (4 - (buf_size % 4)); | |
1558 | } | |
1559 | return buf_size - 4; | |
1560 | } | |
1561 | ||
ba981128 VL |
1562 | /* |
1563 | * Hack around reply_nterror & friends not being aware of chained requests, | |
1564 | * generating illegal (i.e. wct==0) chain replies. | |
1565 | */ | |
1566 | ||
1567 | static void fixup_chain_error_packet(struct smb_request *req) | |
1568 | { | |
1569 | uint8_t *outbuf = req->outbuf; | |
1570 | req->outbuf = NULL; | |
1571 | reply_outbuf(req, 2, 0); | |
1572 | memcpy(req->outbuf, outbuf, smb_wct); | |
1573 | TALLOC_FREE(outbuf); | |
1574 | SCVAL(req->outbuf, smb_vwv0, 0xff); | |
1575 | } | |
1576 | ||
0d7ca8e8 VL |
1577 | /**************************************************************************** |
1578 | Construct a chained reply and add it to the already made reply | |
1579 | ****************************************************************************/ | |
1580 | ||
ba981128 VL |
1581 | void chain_reply(struct smb_request *req) |
1582 | { | |
1583 | size_t smblen = smb_len(req->inbuf); | |
1584 | size_t already_used, length_needed; | |
1585 | uint8_t chain_cmd; | |
1586 | uint32_t chain_offset; /* uint32_t to avoid overflow */ | |
1587 | ||
1588 | uint8_t wct; | |
1589 | uint16_t *vwv; | |
1590 | uint16_t buflen; | |
1591 | uint8_t *buf; | |
1592 | ||
1593 | if (IVAL(req->outbuf, smb_rcls) != 0) { | |
1594 | fixup_chain_error_packet(req); | |
1595 | } | |
1596 | ||
1597 | /* | |
1598 | * Any of the AndX requests and replies have at least a wct of | |
1599 | * 2. vwv[0] is the next command, vwv[1] is the offset from the | |
1600 | * beginning of the SMB header to the next wct field. | |
1601 | * | |
1602 | * None of the AndX requests put anything valuable in vwv[0] and [1], | |
1603 | * so we can overwrite it here to form the chain. | |
1604 | */ | |
1605 | ||
1606 | if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) { | |
1607 | goto error; | |
1608 | } | |
1609 | ||
1610 | /* | |
1611 | * Here we assume that this is the end of the chain. For that we need | |
1612 | * to set "next command" to 0xff and the offset to 0. If we later find | |
1613 | * more commands in the chain, this will be overwritten again. | |
1614 | */ | |
1615 | ||
1616 | SCVAL(req->outbuf, smb_vwv0, 0xff); | |
1617 | SCVAL(req->outbuf, smb_vwv0+1, 0); | |
1618 | SSVAL(req->outbuf, smb_vwv1, 0); | |
1619 | ||
1620 | if (req->chain_outbuf == NULL) { | |
1621 | /* | |
1622 | * In req->chain_outbuf we collect all the replies. Start the | |
1623 | * chain by copying in the first reply. | |
c0fea1f0 VL |
1624 | * |
1625 | * We do the realloc because later on we depend on | |
1626 | * talloc_get_size to determine the length of | |
1627 | * chain_outbuf. The reply_xxx routines might have | |
1628 | * over-allocated (reply_pipe_read_and_X used to be such an | |
1629 | * example). | |
ba981128 | 1630 | */ |
c0fea1f0 VL |
1631 | req->chain_outbuf = TALLOC_REALLOC_ARRAY( |
1632 | req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4); | |
1633 | if (req->chain_outbuf == NULL) { | |
1634 | goto error; | |
1635 | } | |
ba981128 VL |
1636 | req->outbuf = NULL; |
1637 | } else { | |
6c935f95 TP |
1638 | /* |
1639 | * Update smb headers where subsequent chained commands | |
1640 | * may have updated them. | |
1641 | */ | |
1642 | SCVAL(req->chain_outbuf, smb_tid, CVAL(req->outbuf, smb_tid)); | |
1643 | SCVAL(req->chain_outbuf, smb_uid, CVAL(req->outbuf, smb_uid)); | |
1644 | ||
ba981128 VL |
1645 | if (!smb_splice_chain(&req->chain_outbuf, |
1646 | CVAL(req->outbuf, smb_com), | |
1647 | CVAL(req->outbuf, smb_wct), | |
1648 | (uint16_t *)(req->outbuf + smb_vwv), | |
1649 | 0, smb_buflen(req->outbuf), | |
1650 | (uint8_t *)smb_buf(req->outbuf))) { | |
1651 | goto error; | |
1652 | } | |
1653 | TALLOC_FREE(req->outbuf); | |
1654 | } | |
1655 | ||
1656 | /* | |
1657 | * We use the old request's vwv field to grab the next chained command | |
1658 | * and offset into the chained fields. | |
1659 | */ | |
1660 | ||
1661 | chain_cmd = CVAL(req->vwv+0, 0); | |
1662 | chain_offset = SVAL(req->vwv+1, 0); | |
1663 | ||
1664 | if (chain_cmd == 0xff) { | |
1665 | /* | |
1666 | * End of chain, no more requests from the client. So ship the | |
1667 | * replies. | |
1668 | */ | |
1669 | smb_setlen((char *)(req->chain_outbuf), | |
1670 | talloc_get_size(req->chain_outbuf) - 4); | |
54c51a66 | 1671 | |
ba981128 | 1672 | if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf, |
c16c90a1 | 1673 | true, req->seqnum+1, |
ba981128 | 1674 | IS_CONN_ENCRYPTED(req->conn) |
54c51a66 | 1675 | ||req->encrypted, |
1676 | &req->pcd)) { | |
ba981128 VL |
1677 | exit_server_cleanly("chain_reply: srv_send_smb " |
1678 | "failed."); | |
1679 | } | |
5135ebd6 VL |
1680 | TALLOC_FREE(req->chain_outbuf); |
1681 | req->done = true; | |
ba981128 VL |
1682 | return; |
1683 | } | |
1684 | ||
54c51a66 | 1685 | /* add a new perfcounter for this element of chain */ |
1686 | SMB_PERFCOUNT_ADD(&req->pcd); | |
1687 | SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd); | |
1688 | SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen); | |
1689 | ||
ba981128 VL |
1690 | /* |
1691 | * Check if the client tries to fool us. The request so far uses the | |
1692 | * space to the end of the byte buffer in the request just | |
1693 | * processed. The chain_offset can't point into that area. If that was | |
1694 | * the case, we could end up with an endless processing of the chain, | |
1695 | * we would always handle the same request. | |
1696 | */ | |
1697 | ||
1698 | already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf)); | |
1699 | if (chain_offset < already_used) { | |
1700 | goto error; | |
1701 | } | |
1702 | ||
1703 | /* | |
1704 | * Next check: Make sure the chain offset does not point beyond the | |
1705 | * overall smb request length. | |
1706 | */ | |
1707 | ||
1708 | length_needed = chain_offset+1; /* wct */ | |
1709 | if (length_needed > smblen) { | |
1710 | goto error; | |
1711 | } | |
1712 | ||
1713 | /* | |
1714 | * Now comes the pointer magic. Goal here is to set up req->vwv and | |
1715 | * req->buf correctly again to be able to call the subsequent | |
1716 | * switch_message(). The chain offset (the former vwv[1]) points at | |
1717 | * the new wct field. | |
1718 | */ | |
1719 | ||
1720 | wct = CVAL(smb_base(req->inbuf), chain_offset); | |
1721 | ||
1722 | /* | |
1723 | * Next consistency check: Make the new vwv array fits in the overall | |
1724 | * smb request. | |
1725 | */ | |
1726 | ||
1727 | length_needed += (wct+1)*sizeof(uint16_t); /* vwv+buflen */ | |
1728 | if (length_needed > smblen) { | |
1729 | goto error; | |
1730 | } | |
1731 | vwv = (uint16_t *)(smb_base(req->inbuf) + chain_offset + 1); | |
1732 | ||
1733 | /* | |
1734 | * Now grab the new byte buffer.... | |
1735 | */ | |
1736 | ||
1737 | buflen = SVAL(vwv+wct, 0); | |
1738 | ||
1739 | /* | |
1740 | * .. and check that it fits. | |
1741 | */ | |
1742 | ||
1743 | length_needed += buflen; | |
1744 | if (length_needed > smblen) { | |
1745 | goto error; | |
1746 | } | |
1747 | buf = (uint8_t *)(vwv+wct+1); | |
1748 | ||
1749 | req->cmd = chain_cmd; | |
1750 | req->wct = wct; | |
1751 | req->vwv = vwv; | |
1752 | req->buflen = buflen; | |
1753 | req->buf = buf; | |
1754 | ||
1755 | switch_message(chain_cmd, req, smblen); | |
1756 | ||
1757 | if (req->outbuf == NULL) { | |
1758 | /* | |
1759 | * This happens if the chained command has suspended itself or | |
1760 | * if it has called srv_send_smb() itself. | |
1761 | */ | |
1762 | return; | |
1763 | } | |
1764 | ||
1765 | /* | |
1766 | * We end up here if the chained command was not itself chained or | |
1767 | * suspended, but for example a close() command. We now need to splice | |
1768 | * the chained commands' outbuf into the already built up chain_outbuf | |
1769 | * and ship the result. | |
1770 | */ | |
1771 | goto done; | |
1772 | ||
1773 | error: | |
1774 | /* | |
1775 | * We end up here if there's any error in the chain syntax. Report a | |
1776 | * DOS error, just like Windows does. | |
1777 | */ | |
1778 | reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror)); | |
1779 | fixup_chain_error_packet(req); | |
1780 | ||
1781 | done: | |
c116652a VL |
1782 | /* |
1783 | * This scary statement intends to set the | |
1784 | * FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf | |
1785 | * to the value req->outbuf carries | |
1786 | */ | |
1787 | SSVAL(req->chain_outbuf, smb_flg2, | |
1788 | (SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES) | |
1789 | | (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)); | |
1790 | ||
1791 | /* | |
1792 | * Transfer the error codes from the subrequest to the main one | |
1793 | */ | |
1794 | SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls)); | |
1795 | SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err)); | |
1796 | ||
ba981128 VL |
1797 | if (!smb_splice_chain(&req->chain_outbuf, |
1798 | CVAL(req->outbuf, smb_com), | |
1799 | CVAL(req->outbuf, smb_wct), | |
1800 | (uint16_t *)(req->outbuf + smb_vwv), | |
1801 | 0, smb_buflen(req->outbuf), | |
1802 | (uint8_t *)smb_buf(req->outbuf))) { | |
1803 | exit_server_cleanly("chain_reply: smb_splice_chain failed\n"); | |
1804 | } | |
1805 | TALLOC_FREE(req->outbuf); | |
1806 | ||
1807 | smb_setlen((char *)(req->chain_outbuf), | |
1808 | talloc_get_size(req->chain_outbuf) - 4); | |
1809 | ||
1810 | show_msg((char *)(req->chain_outbuf)); | |
1811 | ||
1812 | if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf, | |
c16c90a1 | 1813 | true, req->seqnum+1, |
54c51a66 | 1814 | IS_CONN_ENCRYPTED(req->conn)||req->encrypted, |
1815 | &req->pcd)) { | |
ba981128 VL |
1816 | exit_server_cleanly("construct_reply: srv_send_smb failed."); |
1817 | } | |
5135ebd6 VL |
1818 | TALLOC_FREE(req->chain_outbuf); |
1819 | req->done = true; | |
ba981128 VL |
1820 | } |
1821 | ||
3db52feb AT |
1822 | /**************************************************************************** |
1823 | Check if services need reloading. | |
1824 | ****************************************************************************/ | |
1825 | ||
54abd2aa | 1826 | void check_reload(time_t t) |
3db52feb | 1827 | { |
67d47486 | 1828 | time_t printcap_cache_time = (time_t)lp_printcap_cache_time(); |
3db52feb | 1829 | |
67d47486 | 1830 | if(last_smb_conf_reload_time == 0) { |
1eff0523 | 1831 | last_smb_conf_reload_time = t; |
67d47486 GC |
1832 | /* Our printing subsystem might not be ready at smbd start up. |
1833 | Then no printer is available till the first printers check | |
1834 | is performed. A lower initial interval circumvents this. */ | |
1835 | if ( printcap_cache_time > 60 ) | |
d097ea49 | 1836 | last_printer_reload_time = t - printcap_cache_time + 60; |
67d47486 | 1837 | else |
d097ea49 | 1838 | last_printer_reload_time = t; |
67d47486 | 1839 | } |
c3effa8b | 1840 | |
7ebd74e6 SS |
1841 | if (mypid != getpid()) { /* First time or fork happened meanwhile */ |
1842 | /* randomize over 60 second the printcap reload to avoid all | |
1843 | * process hitting cupsd at the same time */ | |
1844 | int time_range = 60; | |
1845 | ||
1846 | last_printer_reload_time += random() % time_range; | |
1847 | mypid = getpid(); | |
1848 | } | |
1849 | ||
ac61f650 | 1850 | if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) { |
1eff0523 | 1851 | reload_services(True); |
1eff0523 JA |
1852 | last_smb_conf_reload_time = t; |
1853 | } | |
67d47486 GC |
1854 | |
1855 | /* 'printcap cache time = 0' disable the feature */ | |
1856 | ||
1857 | if ( printcap_cache_time != 0 ) | |
1858 | { | |
1859 | /* see if it's time to reload or if the clock has been set back */ | |
1860 | ||
d097ea49 GC |
1861 | if ( (t >= last_printer_reload_time+printcap_cache_time) |
1862 | || (t-last_printer_reload_time < 0) ) | |
67d47486 GC |
1863 | { |
1864 | DEBUG( 3,( "Printcap cache time expired.\n")); | |
d097ea49 GC |
1865 | reload_printers(); |
1866 | last_printer_reload_time = t; | |
67d47486 GC |
1867 | } |
1868 | } | |
3db52feb | 1869 | } |
c3effa8b | 1870 | |
aeb798c3 SM |
1871 | static void smbd_server_connection_write_handler(struct smbd_server_connection *conn) |
1872 | { | |
1873 | /* TODO: make write nonblocking */ | |
1874 | } | |
1875 | ||
1876 | static void smbd_server_connection_read_handler(struct smbd_server_connection *conn) | |
1877 | { | |
1878 | uint8_t *inbuf = NULL; | |
1879 | size_t inbuf_len = 0; | |
1880 | size_t unread_bytes = 0; | |
1881 | bool encrypted = false; | |
1882 | TALLOC_CTX *mem_ctx = talloc_tos(); | |
1883 | NTSTATUS status; | |
c16c90a1 | 1884 | uint32_t seqnum; |
aeb798c3 SM |
1885 | |
1886 | /* TODO: make this completely nonblocking */ | |
1887 | ||
1888 | status = receive_smb_talloc(mem_ctx, smbd_server_fd(), | |
d9c40172 | 1889 | (char **)(void *)&inbuf, |
aeb798c3 SM |
1890 | 0, /* timeout */ |
1891 | &unread_bytes, | |
1892 | &encrypted, | |
c16c90a1 | 1893 | &inbuf_len, &seqnum); |
aeb798c3 SM |
1894 | if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) { |
1895 | goto process; | |
1896 | } | |
1897 | if (NT_STATUS_IS_ERR(status)) { | |
1898 | exit_server_cleanly("failed to receive smb request"); | |
1899 | } | |
1900 | if (!NT_STATUS_IS_OK(status)) { | |
1901 | return; | |
1902 | } | |
1903 | ||
1904 | process: | |
c16c90a1 SM |
1905 | process_smb(conn, inbuf, inbuf_len, unread_bytes, |
1906 | seqnum, encrypted, NULL); | |
aeb798c3 SM |
1907 | } |
1908 | ||
1909 | static void smbd_server_connection_handler(struct event_context *ev, | |
1910 | struct fd_event *fde, | |
1911 | uint16_t flags, | |
1912 | void *private_data) | |
1913 | { | |
1914 | struct smbd_server_connection *conn = talloc_get_type(private_data, | |
1915 | struct smbd_server_connection); | |
1916 | ||
1917 | if (flags & EVENT_FD_WRITE) { | |
1918 | smbd_server_connection_write_handler(conn); | |
1919 | } else if (flags & EVENT_FD_READ) { | |
1920 | smbd_server_connection_read_handler(conn); | |
1921 | } | |
1922 | } | |
1923 | ||
27f812f3 SM |
1924 | |
1925 | /**************************************************************************** | |
1926 | received when we should release a specific IP | |
1927 | ****************************************************************************/ | |
1928 | static void release_ip(const char *ip, void *priv) | |
1929 | { | |
1930 | char addr[INET6_ADDRSTRLEN]; | |
7d6e4c7e | 1931 | char *p = addr; |
27f812f3 | 1932 | |
e86a534f MA |
1933 | client_socket_addr(get_client_fd(),addr,sizeof(addr)); |
1934 | ||
1935 | if (strncmp("::ffff:", addr, 7) == 0) { | |
1936 | p = addr + 7; | |
1937 | } | |
1938 | ||
7d6e4c7e | 1939 | if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) { |
27f812f3 SM |
1940 | /* we can't afford to do a clean exit - that involves |
1941 | database writes, which would potentially mean we | |
1942 | are still running after the failover has finished - | |
1943 | we have to get rid of this process ID straight | |
1944 | away */ | |
1945 | DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n", | |
1946 | ip)); | |
1947 | /* note we must exit with non-zero status so the unclean handler gets | |
1948 | called in the parent, so that the brl database is tickled */ | |
1949 | _exit(1); | |
1950 | } | |
1951 | } | |
1952 | ||
1953 | static void msg_release_ip(struct messaging_context *msg_ctx, void *private_data, | |
1954 | uint32_t msg_type, struct server_id server_id, DATA_BLOB *data) | |
1955 | { | |
1956 | release_ip((char *)data->data, NULL); | |
1957 | } | |
1958 | ||
1959 | #ifdef CLUSTER_SUPPORT | |
1960 | static int client_get_tcp_info(struct sockaddr_storage *server, | |
1961 | struct sockaddr_storage *client) | |
1962 | { | |
1963 | socklen_t length; | |
1964 | if (server_fd == -1) { | |
1965 | return -1; | |
1966 | } | |
1967 | length = sizeof(*server); | |
1968 | if (getsockname(server_fd, (struct sockaddr *)server, &length) != 0) { | |
1969 | return -1; | |
1970 | } | |
1971 | length = sizeof(*client); | |
1972 | if (getpeername(server_fd, (struct sockaddr *)client, &length) != 0) { | |
1973 | return -1; | |
1974 | } | |
1975 | return 0; | |
1976 | } | |
1977 | #endif | |
1978 | ||
1979 | /* | |
1980 | * Send keepalive packets to our client | |
1981 | */ | |
1982 | static bool keepalive_fn(const struct timeval *now, void *private_data) | |
1983 | { | |
1984 | if (!send_keepalive(smbd_server_fd())) { | |
1985 | DEBUG( 2, ( "Keepalive failed - exiting.\n" ) ); | |
1986 | return False; | |
1987 | } | |
1988 | return True; | |
1989 | } | |
1990 | ||
1991 | /* | |
1992 | * Do the recurring check if we're idle | |
1993 | */ | |
1994 | static bool deadtime_fn(const struct timeval *now, void *private_data) | |
1995 | { | |
c8620180 SM |
1996 | struct smbd_server_connection *sconn = smbd_server_conn; |
1997 | if ((conn_num_open(sconn) == 0) | |
1998 | || (conn_idle_all(sconn, now->tv_sec))) { | |
27f812f3 SM |
1999 | DEBUG( 2, ( "Closing idle connection\n" ) ); |
2000 | messaging_send(smbd_messaging_context(), procid_self(), | |
2001 | MSG_SHUTDOWN, &data_blob_null); | |
2002 | return False; | |
2003 | } | |
2004 | ||
2005 | return True; | |
2006 | } | |
2007 | ||
2008 | /* | |
2009 | * Do the recurring log file and smb.conf reload checks. | |
2010 | */ | |
2011 | ||
2012 | static bool housekeeping_fn(const struct timeval *now, void *private_data) | |
2013 | { | |
2014 | change_to_root_user(); | |
2015 | ||
2016 | /* update printer queue caches if necessary */ | |
2017 | update_monitored_printq_cache(); | |
2018 | ||
2019 | /* check if we need to reload services */ | |
2020 | check_reload(time(NULL)); | |
2021 | ||
2022 | /* Change machine password if neccessary. */ | |
2023 | attempt_machine_password_change(); | |
2024 | ||
2025 | /* | |
2026 | * Force a log file check. | |
2027 | */ | |
2028 | force_check_log_size(); | |
2029 | check_log_size(); | |
2030 | return true; | |
2031 | } | |
2032 | ||
f2f55d70 JA |
2033 | /**************************************************************************** |
2034 | Process commands from the client | |
2035 | ****************************************************************************/ | |
2036 | ||
2037 | void smbd_process(void) | |
2038 | { | |
27f812f3 SM |
2039 | TALLOC_CTX *frame = talloc_stackframe(); |
2040 | char remaddr[INET6_ADDRSTRLEN]; | |
2041 | ||
8be8d911 SM |
2042 | if (lp_maxprotocol() == PROTOCOL_SMB2 && |
2043 | lp_security() != SEC_SHARE) { | |
688945a9 SM |
2044 | smbd_server_conn->allow_smb2 = true; |
2045 | } | |
2046 | ||
27f812f3 SM |
2047 | /* Ensure child is set to blocking mode */ |
2048 | set_blocking(smbd_server_fd(),True); | |
2049 | ||
2050 | set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); | |
2051 | set_socket_options(smbd_server_fd(), lp_socket_options()); | |
2052 | ||
2053 | /* this is needed so that we get decent entries | |
2054 | in smbstatus for port 445 connects */ | |
2055 | set_remote_machine_name(get_peer_addr(smbd_server_fd(), | |
2056 | remaddr, | |
2057 | sizeof(remaddr)), | |
2058 | false); | |
2059 | reload_services(true); | |
2060 | ||
ac647d03 VL |
2061 | /* |
2062 | * Before the first packet, check the global hosts allow/ hosts deny | |
2063 | * parameters before doing any parsing of packets passed to us by the | |
2064 | * client. This prevents attacks on our parsing code from hosts not in | |
2065 | * the hosts allow list. | |
2066 | */ | |
2067 | ||
2068 | if (!check_access(smbd_server_fd(), lp_hostsallow(-1), | |
2069 | lp_hostsdeny(-1))) { | |
aeb798c3 SM |
2070 | char addr[INET6_ADDRSTRLEN]; |
2071 | ||
ac647d03 VL |
2072 | /* |
2073 | * send a negative session response "not listening on calling | |
2074 | * name" | |
2075 | */ | |
2076 | unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; | |
2077 | DEBUG( 1, ("Connection denied from %s\n", | |
2078 | client_addr(get_client_fd(),addr,sizeof(addr)) ) ); | |
c16c90a1 SM |
2079 | (void)srv_send_smb(smbd_server_fd(),(char *)buf, false, |
2080 | 0, false, NULL); | |
ac647d03 VL |
2081 | exit_server_cleanly("connection denied"); |
2082 | } | |
2083 | ||
27f812f3 | 2084 | static_init_rpc; |
c3effa8b | 2085 | |
27f812f3 SM |
2086 | init_modules(); |
2087 | ||
54c51a66 | 2088 | smb_perfcount_init(); |
2089 | ||
27f812f3 SM |
2090 | if (!init_account_policy()) { |
2091 | exit_server("Could not open account policy tdb.\n"); | |
2092 | } | |
2093 | ||
2094 | if (*lp_rootdir()) { | |
2095 | if (chroot(lp_rootdir()) != 0) { | |
f6821a15 JA |
2096 | DEBUG(0,("Failed to change root to %s\n", lp_rootdir())); |
2097 | exit_server("Failed to chroot()"); | |
2098 | } | |
2099 | if (chdir("/") == -1) { | |
2100 | DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir())); | |
27f812f3 SM |
2101 | exit_server("Failed to chroot()"); |
2102 | } | |
2103 | DEBUG(0,("Changed root to %s\n", lp_rootdir())); | |
2104 | } | |
2105 | ||
c16c90a1 SM |
2106 | if (!srv_init_signing(smbd_server_conn)) { |
2107 | exit_server("Failed to init smb_signing"); | |
2108 | } | |
2109 | ||
27f812f3 SM |
2110 | /* Setup oplocks */ |
2111 | if (!init_oplocks(smbd_messaging_context())) | |
2112 | exit_server("Failed to init oplocks"); | |
2113 | ||
2114 | /* Setup aio signal handler. */ | |
2115 | initialize_async_io_handler(); | |
2116 | ||
2117 | /* register our message handlers */ | |
2118 | messaging_register(smbd_messaging_context(), NULL, | |
2119 | MSG_SMB_FORCE_TDIS, msg_force_tdis); | |
2120 | messaging_register(smbd_messaging_context(), NULL, | |
2121 | MSG_SMB_RELEASE_IP, msg_release_ip); | |
2122 | messaging_register(smbd_messaging_context(), NULL, | |
2123 | MSG_SMB_CLOSE_FILE, msg_close_file); | |
2124 | ||
5a4d6181 AS |
2125 | /* |
2126 | * Use the default MSG_DEBUG handler to avoid rebroadcasting | |
2127 | * MSGs to all child processes | |
2128 | */ | |
2129 | messaging_deregister(smbd_messaging_context(), | |
2130 | MSG_DEBUG, NULL); | |
2131 | messaging_register(smbd_messaging_context(), NULL, | |
2132 | MSG_DEBUG, debug_message); | |
2133 | ||
27f812f3 SM |
2134 | if ((lp_keepalive() != 0) |
2135 | && !(event_add_idle(smbd_event_context(), NULL, | |
2136 | timeval_set(lp_keepalive(), 0), | |
2137 | "keepalive", keepalive_fn, | |
2138 | NULL))) { | |
2139 | DEBUG(0, ("Could not add keepalive event\n")); | |
2140 | exit(1); | |
2141 | } | |
2142 | ||
2143 | if (!(event_add_idle(smbd_event_context(), NULL, | |
2144 | timeval_set(IDLE_CLOSED_TIMEOUT, 0), | |
2145 | "deadtime", deadtime_fn, NULL))) { | |
2146 | DEBUG(0, ("Could not add deadtime event\n")); | |
2147 | exit(1); | |
aeb798c3 | 2148 | } |
27f812f3 SM |
2149 | |
2150 | if (!(event_add_idle(smbd_event_context(), NULL, | |
2151 | timeval_set(SMBD_SELECT_TIMEOUT, 0), | |
2152 | "housekeeping", housekeeping_fn, NULL))) { | |
2153 | DEBUG(0, ("Could not add housekeeping event\n")); | |
2154 | exit(1); | |
2155 | } | |
2156 | ||
2157 | #ifdef CLUSTER_SUPPORT | |
2158 | ||
2159 | if (lp_clustering()) { | |
2160 | /* | |
2161 | * We need to tell ctdb about our client's TCP | |
2162 | * connection, so that for failover ctdbd can send | |
2163 | * tickle acks, triggering a reconnection by the | |
2164 | * client. | |
2165 | */ | |
2166 | ||
2167 | struct sockaddr_storage srv, clnt; | |
2168 | ||
2169 | if (client_get_tcp_info(&srv, &clnt) == 0) { | |
2170 | ||
2171 | NTSTATUS status; | |
2172 | ||
2173 | status = ctdbd_register_ips( | |
2174 | messaging_ctdbd_connection(), | |
2175 | &srv, &clnt, release_ip, NULL); | |
2176 | ||
2177 | if (!NT_STATUS_IS_OK(status)) { | |
2178 | DEBUG(0, ("ctdbd_register_ips failed: %s\n", | |
2179 | nt_errstr(status))); | |
2180 | } | |
2181 | } else | |
2182 | { | |
2183 | DEBUG(0,("Unable to get tcp info for " | |
2184 | "CTDB_CONTROL_TCP_CLIENT: %s\n", | |
2185 | strerror(errno))); | |
2186 | } | |
2187 | } | |
2188 | ||
2189 | #endif | |
2190 | ||
f554af18 SM |
2191 | smbd_server_conn->nbt.got_session = false; |
2192 | ||
d9843b3d | 2193 | smbd_server_conn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); |
27f812f3 | 2194 | |
356f0336 SM |
2195 | smbd_server_conn->smb1.sessions.done_sesssetup = false; |
2196 | smbd_server_conn->smb1.sessions.max_send = BUFFER_SIZE; | |
2197 | smbd_server_conn->smb1.sessions.last_session_tag = UID_FIELD_INVALID; | |
75d03970 SM |
2198 | /* users from session setup */ |
2199 | smbd_server_conn->smb1.sessions.session_userlist = NULL; | |
2200 | /* workgroup from session setup. */ | |
2201 | smbd_server_conn->smb1.sessions.session_workgroup = NULL; | |
2202 | /* this holds info on user ids that are already validated for this VC */ | |
2203 | smbd_server_conn->smb1.sessions.validated_users = NULL; | |
2204 | smbd_server_conn->smb1.sessions.next_vuid = VUID_OFFSET; | |
2205 | smbd_server_conn->smb1.sessions.num_validated_vuids = 0; | |
2206 | #ifdef HAVE_NETGROUP | |
2207 | smbd_server_conn->smb1.sessions.my_yp_domain = NULL; | |
2208 | #endif | |
356f0336 | 2209 | |
c8620180 | 2210 | conn_init(smbd_server_conn); |
59c3f5e3 SM |
2211 | if (!init_dptrs(smbd_server_conn)) { |
2212 | exit_server("init_dptrs() failed"); | |
2213 | } | |
c8620180 | 2214 | |
ebc860eb SM |
2215 | smbd_server_conn->smb1.fde = event_add_fd(smbd_event_context(), |
2216 | smbd_server_conn, | |
2217 | smbd_server_fd(), | |
2218 | EVENT_FD_READ, | |
2219 | smbd_server_connection_handler, | |
2220 | smbd_server_conn); | |
2221 | if (!smbd_server_conn->smb1.fde) { | |
aeb798c3 SM |
2222 | exit_server("failed to create smbd_server_connection fde"); |
2223 | } | |
2224 | ||
27f812f3 SM |
2225 | TALLOC_FREE(frame); |
2226 | ||
b2d01bd2 | 2227 | while (True) { |
f6c883b4 | 2228 | NTSTATUS status; |
27f812f3 SM |
2229 | |
2230 | frame = talloc_stackframe_pool(8192); | |
dc76502c | 2231 | |
c3250149 JA |
2232 | errno = 0; |
2233 | ||
aeb798c3 SM |
2234 | status = smbd_server_connection_loop_once(smbd_server_conn); |
2235 | if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY) && | |
2236 | !NT_STATUS_IS_OK(status)) { | |
2237 | DEBUG(3, ("smbd_server_connection_loop_once failed: %s," | |
2238 | " exiting\n", nt_errstr(status))); | |
27f812f3 | 2239 | break; |
b2d01bd2 AT |
2240 | } |
2241 | ||
929e1d99 | 2242 | TALLOC_FREE(frame); |
b2d01bd2 | 2243 | } |
27f812f3 SM |
2244 | |
2245 | exit_server_cleanly(NULL); | |
c3effa8b | 2246 | } |
d94e9c80 VL |
2247 | |
2248 | bool req_is_in_chain(struct smb_request *req) | |
2249 | { | |
2250 | if (req->vwv != (uint16_t *)(req->inbuf+smb_vwv)) { | |
2251 | /* | |
2252 | * We're right now handling a subsequent request, so we must | |
2253 | * be in a chain | |
2254 | */ | |
2255 | return true; | |
2256 | } | |
2257 | ||
2258 | if (!is_andx_req(req->cmd)) { | |
2259 | return false; | |
2260 | } | |
2261 | ||
2262 | if (req->wct < 2) { | |
2263 | /* | |
2264 | * Okay, an illegal request, but definitely not chained :-) | |
2265 | */ | |
2266 | return false; | |
2267 | } | |
2268 | ||
2269 | return (CVAL(req->vwv+0, 0) != 0xFF); | |
2270 | } |