LCOV - code coverage report
Current view: top level - source3/smbd - smb2_process.c (source / functions) Hit Total Coverage
Test: coverage report for fix-15632 9995c5c2 Lines: 527 859 61.4 %
Date: 2024-04-13 12:30:31 Functions: 36 51 70.6 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    process incoming packets - main loop
       4             :    Copyright (C) Andrew Tridgell 1992-1998
       5             :    Copyright (C) Volker Lendecke 2005-2007
       6             : 
       7             :    This program is free software; you can redistribute it and/or modify
       8             :    it under the terms of the GNU General Public License as published by
       9             :    the Free Software Foundation; either version 3 of the License, or
      10             :    (at your option) any later version.
      11             : 
      12             :    This program is distributed in the hope that it will be useful,
      13             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :    GNU General Public License for more details.
      16             : 
      17             :    You should have received a copy of the GNU General Public License
      18             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      19             : */
      20             : 
      21             : #include "includes.h"
      22             : #include "../lib/tsocket/tsocket.h"
      23             : #include "system/filesys.h"
      24             : #include "smbd/smbd.h"
      25             : #include "smbd/globals.h"
      26             : #include "smbd/smbXsrv_open.h"
      27             : #include "librpc/gen_ndr/netlogon.h"
      28             : #include "../lib/async_req/async_sock.h"
      29             : #include "ctdbd_conn.h"
      30             : #include "../lib/util/select.h"
      31             : #include "printing/queue_process.h"
      32             : #include "system/select.h"
      33             : #include "passdb.h"
      34             : #include "auth.h"
      35             : #include "messages.h"
      36             : #include "lib/messages_ctdb.h"
      37             : #include "smbprofile.h"
      38             : #include "rpc_server/spoolss/srv_spoolss_nt.h"
      39             : #include "../lib/util/tevent_ntstatus.h"
      40             : #include "../libcli/security/dom_sid.h"
      41             : #include "../libcli/security/security_token.h"
      42             : #include "lib/id_cache.h"
      43             : #include "lib/util/sys_rw_data.h"
      44             : #include "system/threads.h"
      45             : #include "lib/pthreadpool/pthreadpool_tevent.h"
      46             : #include "util_event.h"
      47             : #include "libcli/smb/smbXcli_base.h"
      48             : #include "lib/util/time_basic.h"
      49             : #include "source3/lib/substitute.h"
      50             : #include "source3/smbd/dir.h"
      51             : 
      52             : /* Internal message queue for deferred opens. */
      53             : struct pending_message_list {
      54             :         struct pending_message_list *next, *prev;
      55             :         struct timeval request_time; /* When was this first issued? */
      56             :         struct smbd_server_connection *sconn;
      57             :         struct smbXsrv_connection *xconn;
      58             :         struct tevent_timer *te;
      59             :         uint32_t seqnum;
      60             :         bool encrypted;
      61             :         bool processed;
      62             :         DATA_BLOB buf;
      63             :         struct deferred_open_record *open_rec;
      64             : };
      65             : 
      66             : static struct pending_message_list *get_deferred_open_message_smb(
      67             :         struct smbd_server_connection *sconn, uint64_t mid);
      68             : 
      69             : #if !defined(WITH_SMB1SERVER)
      70             : bool smb1_srv_send(struct smbXsrv_connection *xconn,
      71             :                    char *buffer,
      72             :                    bool do_signing,
      73             :                    uint32_t seqnum,
      74             :                    bool do_encrypt)
      75             : {
      76             :         size_t len = 0;
      77             :         ssize_t ret;
      78             :         len = smb_len_large(buffer) + 4;
      79             :         ret = write_data(xconn->transport.sock, buffer, len);
      80             :         return (ret > 0);
      81             : }
      82             : #endif
      83             : 
      84             : /*******************************************************************
      85             :  Setup the word count and byte count for a smb1 message.
      86             : ********************************************************************/
      87             : 
      88     1312802 : size_t srv_smb1_set_message(char *buf,
      89             :                        size_t num_words,
      90             :                        size_t num_bytes,
      91             :                        bool zero)
      92             : {
      93     1312802 :         if (zero && (num_words || num_bytes)) {
      94      142192 :                 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
      95             :         }
      96     1312802 :         SCVAL(buf,smb_wct,num_words);
      97     1312802 :         SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
      98     1312802 :         smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
      99     1312802 :         return (smb_size + num_words*2 + num_bytes);
     100             : }
     101             : 
     102      677519 : NTSTATUS read_packet_remainder(int fd, char *buffer,
     103             :                                unsigned int timeout, ssize_t len)
     104             : {
     105        8560 :         NTSTATUS status;
     106             : 
     107      677519 :         if (len <= 0) {
     108           0 :                 return NT_STATUS_OK;
     109             :         }
     110             : 
     111      677519 :         status = read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
     112      677519 :         if (!NT_STATUS_IS_OK(status)) {
     113           0 :                 char addr[INET6_ADDRSTRLEN];
     114           0 :                 DEBUG(0, ("read_fd_with_timeout failed for client %s read "
     115             :                           "error = %s.\n",
     116             :                           get_peer_addr(fd, addr, sizeof(addr)),
     117             :                           nt_errstr(status)));
     118             :         }
     119      677519 :         return status;
     120             : }
     121             : 
     122             : #if !defined(WITH_SMB1SERVER)
     123             : static NTSTATUS smb2_receive_raw_talloc(TALLOC_CTX *mem_ctx,
     124             :                                         struct smbXsrv_connection *xconn,
     125             :                                         int sock,
     126             :                                         char **buffer, unsigned int timeout,
     127             :                                         size_t *p_unread, size_t *plen)
     128             : {
     129             :         char lenbuf[4];
     130             :         size_t len;
     131             :         NTSTATUS status;
     132             : 
     133             :         *p_unread = 0;
     134             : 
     135             :         status = read_smb_length_return_keepalive(sock, lenbuf, timeout,
     136             :                                                   &len);
     137             :         if (!NT_STATUS_IS_OK(status)) {
     138             :                 return status;
     139             :         }
     140             : 
     141             :         /*
     142             :          * The +4 here can't wrap, we've checked the length above already.
     143             :          */
     144             : 
     145             :         *buffer = talloc_array(mem_ctx, char, len+4);
     146             : 
     147             :         if (*buffer == NULL) {
     148             :                 DEBUG(0, ("Could not allocate inbuf of length %d\n",
     149             :                           (int)len+4));
     150             :                 return NT_STATUS_NO_MEMORY;
     151             :         }
     152             : 
     153             :         memcpy(*buffer, lenbuf, sizeof(lenbuf));
     154             : 
     155             :         status = read_packet_remainder(sock, (*buffer)+4, timeout, len);
     156             :         if (!NT_STATUS_IS_OK(status)) {
     157             :                 return status;
     158             :         }
     159             : 
     160             :         *plen = len + 4;
     161             :         return NT_STATUS_OK;
     162             : }
     163             : 
     164             : static NTSTATUS smb2_receive_talloc(TALLOC_CTX *mem_ctx,
     165             :                                     struct smbXsrv_connection *xconn,
     166             :                                     int sock,
     167             :                                     char **buffer, unsigned int timeout,
     168             :                                     size_t *p_unread, bool *p_encrypted,
     169             :                                     size_t *p_len,
     170             :                                     uint32_t *seqnum,
     171             :                                     bool trusted_channel)
     172             : {
     173             :         size_t len = 0;
     174             :         NTSTATUS status;
     175             : 
     176             :         *p_encrypted = false;
     177             : 
     178             :         status = smb2_receive_raw_talloc(mem_ctx, xconn, sock, buffer, timeout,
     179             :                                          p_unread, &len);
     180             :         if (!NT_STATUS_IS_OK(status)) {
     181             :                 DEBUG(NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)?5:1,
     182             :                       ("smb2_receive_raw_talloc failed for client %s "
     183             :                        "read error = %s.\n",
     184             :                        smbXsrv_connection_dbg(xconn),
     185             :                        nt_errstr(status)) );
     186             :                 return status;
     187             :         }
     188             : 
     189             :         *p_len = len;
     190             :         return NT_STATUS_OK;
     191             : }
     192             : #endif
     193             : 
     194      657217 : NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
     195             :                             struct smbXsrv_connection *xconn,
     196             :                             int sock,
     197             :                             char **buffer, unsigned int timeout,
     198             :                             size_t *p_unread, bool *p_encrypted,
     199             :                             size_t *p_len,
     200             :                             uint32_t *seqnum,
     201             :                             bool trusted_channel)
     202             : {
     203             : #if defined(WITH_SMB1SERVER)
     204      657217 :         return smb1_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
     205             :                                    p_unread, p_encrypted, p_len, seqnum,
     206             :                                    trusted_channel);
     207             : #else
     208             :         return smb2_receive_talloc(mem_ctx, xconn, sock, buffer, timeout,
     209             :                                    p_unread, p_encrypted, p_len, seqnum,
     210             :                                    trusted_channel);
     211             : #endif
     212             : }
     213             : 
     214             : /****************************************************************************
     215             :  Function to delete a sharing violation open message by mid.
     216             : ****************************************************************************/
     217             : 
     218        4364 : void remove_deferred_open_message_smb(struct smbXsrv_connection *xconn,
     219             :                                       uint64_t mid)
     220             : {
     221        4364 :         struct smbd_server_connection *sconn = xconn->client->sconn;
     222          17 :         struct pending_message_list *pml;
     223             : 
     224        4364 :         if (sconn->using_smb2) {
     225         328 :                 remove_deferred_open_message_smb2(xconn, mid);
     226         328 :                 return;
     227             :         }
     228             : 
     229        4036 :         for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
     230        4036 :                 if (mid == (uint64_t)SVAL(pml->buf.data,smb_mid)) {
     231        4036 :                         DEBUG(10,("remove_deferred_open_message_smb: "
     232             :                                   "deleting mid %llu len %u\n",
     233             :                                   (unsigned long long)mid,
     234             :                                   (unsigned int)pml->buf.length ));
     235        4036 :                         DLIST_REMOVE(sconn->deferred_open_queue, pml);
     236        4036 :                         TALLOC_FREE(pml);
     237        4036 :                         return;
     238             :                 }
     239             :         }
     240             : }
     241             : 
     242        4036 : static void smbd_deferred_open_timer(struct tevent_context *ev,
     243             :                                      struct tevent_timer *te,
     244             :                                      struct timeval _tval,
     245             :                                      void *private_data)
     246             : {
     247        4036 :         struct pending_message_list *msg = talloc_get_type(private_data,
     248             :                                            struct pending_message_list);
     249        4036 :         struct smbd_server_connection *sconn = msg->sconn;
     250        4036 :         struct smbXsrv_connection *xconn = msg->xconn;
     251        4036 :         TALLOC_CTX *mem_ctx = talloc_tos();
     252        4036 :         uint64_t mid = (uint64_t)SVAL(msg->buf.data,smb_mid);
     253          17 :         uint8_t *inbuf;
     254             : 
     255        4036 :         inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
     256             :                                          msg->buf.length);
     257        4036 :         if (inbuf == NULL) {
     258           0 :                 exit_server("smbd_deferred_open_timer: talloc failed\n");
     259             :                 return;
     260             :         }
     261             : 
     262             :         /* We leave this message on the queue so the open code can
     263             :            know this is a retry. */
     264        4036 :         DEBUG(5,("smbd_deferred_open_timer: trigger mid %llu.\n",
     265             :                 (unsigned long long)mid ));
     266             : 
     267             :         /* Mark the message as processed so this is not
     268             :          * re-processed in error. */
     269        4036 :         msg->processed = true;
     270             : 
     271        4036 :         process_smb(xconn,
     272             :                     inbuf,
     273             :                     msg->buf.length,
     274             :                     0,
     275             :                     msg->seqnum,
     276        4036 :                     msg->encrypted);
     277             : 
     278             :         /* If it's still there and was processed, remove it. */
     279        4053 :         msg = get_deferred_open_message_smb(sconn, mid);
     280        4036 :         if (msg && msg->processed) {
     281          36 :                 remove_deferred_open_message_smb(xconn, mid);
     282             :         }
     283             : }
     284             : 
     285             : /****************************************************************************
     286             :  Move a sharing violation open retry message to the front of the list and
     287             :  schedule it for immediate processing.
     288             : ****************************************************************************/
     289             : 
     290        4380 : bool schedule_deferred_open_message_smb(struct smbXsrv_connection *xconn,
     291             :                                         uint64_t mid)
     292             : {
     293        4380 :         struct smbd_server_connection *sconn = xconn->client->sconn;
     294          17 :         struct pending_message_list *pml;
     295        4380 :         int i = 0;
     296             : 
     297        4380 :         if (sconn->using_smb2) {
     298         344 :                 return schedule_deferred_open_message_smb2(xconn, mid);
     299             :         }
     300             : 
     301        4036 :         for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
     302        4036 :                 uint64_t msg_mid = (uint64_t)SVAL(pml->buf.data,smb_mid);
     303             : 
     304        4036 :                 DEBUG(10,("schedule_deferred_open_message_smb: [%d] "
     305             :                         "msg_mid = %llu\n",
     306             :                         i++,
     307             :                         (unsigned long long)msg_mid ));
     308             : 
     309        4036 :                 if (mid == msg_mid) {
     310          17 :                         struct tevent_timer *te;
     311             : 
     312        4036 :                         if (pml->processed) {
     313             :                                 /* A processed message should not be
     314             :                                  * rescheduled. */
     315           0 :                                 DEBUG(0,("schedule_deferred_open_message_smb: LOGIC ERROR "
     316             :                                         "message mid %llu was already processed\n",
     317             :                                         (unsigned long long)msg_mid ));
     318           0 :                                 continue;
     319             :                         }
     320             : 
     321        4036 :                         DEBUG(10,("schedule_deferred_open_message_smb: "
     322             :                                 "scheduling mid %llu\n",
     323             :                                 (unsigned long long)mid ));
     324             : 
     325             :                         /*
     326             :                          * smbd_deferred_open_timer() calls
     327             :                          * process_smb() to redispatch the request
     328             :                          * including the required impersonation.
     329             :                          *
     330             :                          * So we can just use the raw tevent_context.
     331             :                          */
     332        4036 :                         te = tevent_add_timer(xconn->client->raw_ev_ctx,
     333             :                                               pml,
     334             :                                               timeval_zero(),
     335             :                                               smbd_deferred_open_timer,
     336             :                                               pml);
     337        4036 :                         if (!te) {
     338           0 :                                 DEBUG(10,("schedule_deferred_open_message_smb: "
     339             :                                         "event_add_timed() failed, "
     340             :                                         "skipping mid %llu\n",
     341             :                                         (unsigned long long)msg_mid ));
     342             :                         }
     343             : 
     344        4036 :                         TALLOC_FREE(pml->te);
     345        4036 :                         pml->te = te;
     346        4036 :                         DLIST_PROMOTE(sconn->deferred_open_queue, pml);
     347        4036 :                         return true;
     348             :                 }
     349             :         }
     350             : 
     351           0 :         DEBUG(10,("schedule_deferred_open_message_smb: failed to "
     352             :                 "find message mid %llu\n",
     353             :                 (unsigned long long)mid ));
     354             : 
     355           0 :         return false;
     356             : }
     357             : 
     358             : /****************************************************************************
     359             :  Return true if this mid is on the deferred queue and was not yet processed.
     360             : ****************************************************************************/
     361             : 
     362      141780 : bool open_was_deferred(struct smbXsrv_connection *xconn, uint64_t mid)
     363             : {
     364      141780 :         struct smbd_server_connection *sconn = xconn->client->sconn;
     365        4932 :         struct pending_message_list *pml;
     366             : 
     367      141780 :         if (sconn->using_smb2) {
     368      105194 :                 return open_was_deferred_smb2(xconn, mid);
     369             :         }
     370             : 
     371       36662 :         for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
     372         183 :                 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid && !pml->processed) {
     373         107 :                         return True;
     374             :                 }
     375             :         }
     376       31709 :         return False;
     377             : }
     378             : 
     379             : /****************************************************************************
     380             :  Return the message queued by this mid.
     381             : ****************************************************************************/
     382             : 
     383      161367 : static struct pending_message_list *get_deferred_open_message_smb(
     384             :         struct smbd_server_connection *sconn, uint64_t mid)
     385             : {
     386        2017 :         struct pending_message_list *pml;
     387             : 
     388      161447 :         for (pml = sconn->deferred_open_queue; pml; pml = pml->next) {
     389        8170 :                 if (((uint64_t)SVAL(pml->buf.data,smb_mid)) == mid) {
     390        8056 :                         return pml;
     391             :                 }
     392             :         }
     393      151294 :         return NULL;
     394             : }
     395             : 
     396             : /****************************************************************************
     397             :  Get the state data queued by this mid.
     398             : ****************************************************************************/
     399             : 
     400     1043827 : bool get_deferred_open_message_state(struct smb_request *smbreq,
     401             :                                 struct timeval *p_request_time,
     402             :                                 struct deferred_open_record **open_rec)
     403             : {
     404        2662 :         struct pending_message_list *pml;
     405             : 
     406     1043827 :         if (smbreq->sconn->using_smb2) {
     407      886496 :                 return get_deferred_open_message_state_smb2(smbreq->smb2req,
     408             :                                         p_request_time,
     409             :                                         open_rec);
     410             :         }
     411             : 
     412      157331 :         pml = get_deferred_open_message_smb(smbreq->sconn, smbreq->mid);
     413      157331 :         if (!pml) {
     414      147333 :                 return false;
     415             :         }
     416        8032 :         if (p_request_time) {
     417        4032 :                 *p_request_time = pml->request_time;
     418             :         }
     419        8032 :         if (open_rec != NULL) {
     420        4000 :                 *open_rec = pml->open_rec;
     421             :         }
     422        7998 :         return true;
     423             : }
     424             : 
     425        4516 : bool push_deferred_open_message_smb(struct smb_request *req,
     426             :                                     struct timeval timeout,
     427             :                                     struct file_id id,
     428             :                                     struct deferred_open_record *open_rec)
     429             : {
     430             : #if defined(WITH_SMB1SERVER)
     431        4516 :         if (req->smb2req) {
     432             : #endif
     433         396 :                 return push_deferred_open_message_smb2(req->smb2req,
     434             :                                                 req->request_time,
     435             :                                                 timeout,
     436             :                                                 id,
     437             :                                                 open_rec);
     438             : #if defined(WITH_SMB1SERVER)
     439             :         } else {
     440        4120 :                 return push_deferred_open_message_smb1(req, timeout,
     441             :                                                        id, open_rec);
     442             :         }
     443             : #endif
     444             : }
     445             : 
     446      651493 : static void construct_smb1_reply_common(uint8_t cmd, const uint8_t *inbuf,
     447             :                                    char *outbuf)
     448             : {
     449      651493 :         uint16_t in_flags2 = SVAL(inbuf,smb_flg2);
     450      651493 :         uint16_t out_flags2 = common_flags2;
     451             : 
     452      651493 :         out_flags2 |= in_flags2 & FLAGS2_UNICODE_STRINGS;
     453      651493 :         out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES;
     454      651493 :         out_flags2 |= in_flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED;
     455             : 
     456      651493 :         srv_smb1_set_message(outbuf,0,0,false);
     457             : 
     458      651493 :         SCVAL(outbuf, smb_com, cmd);
     459      651493 :         SIVAL(outbuf,smb_rcls,0);
     460      651493 :         SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
     461      651493 :         SSVAL(outbuf,smb_flg2, out_flags2);
     462      651493 :         memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
     463      651493 :         memcpy(outbuf+smb_ss_field, inbuf+smb_ss_field, 8);
     464             : 
     465      651493 :         SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
     466      651493 :         SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
     467      651493 :         SSVAL(outbuf,smb_pidhigh,SVAL(inbuf,smb_pidhigh));
     468      651493 :         SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
     469      651493 :         SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
     470      651493 : }
     471             : 
     472      142078 : void construct_smb1_reply_common_req(struct smb_request *req, char *outbuf)
     473             : {
     474      142078 :         construct_smb1_reply_common(req->cmd, req->inbuf, outbuf);
     475      142078 : }
     476             : 
     477             : /*******************************************************************
     478             :  allocate and initialize a reply packet
     479             : ********************************************************************/
     480             : 
     481      509415 : bool create_smb1_outbuf(TALLOC_CTX *mem_ctx, struct smb_request *req,
     482             :                    const uint8_t *inbuf, char **outbuf,
     483             :                    uint8_t num_words, uint32_t num_bytes)
     484             : {
     485      509415 :         size_t smb_len = MIN_SMB_SIZE + VWV(num_words) + num_bytes;
     486             : 
     487             :         /*
     488             :          * Protect against integer wrap.
     489             :          * The SMB layer reply can be up to 0xFFFFFF bytes.
     490             :          */
     491      509415 :         if ((num_bytes > 0xffffff) || (smb_len > 0xffffff)) {
     492           0 :                 char *msg;
     493           0 :                 if (asprintf(&msg, "num_bytes too large: %u",
     494             :                              (unsigned)num_bytes) == -1) {
     495           0 :                         msg = discard_const_p(char, "num_bytes too large");
     496             :                 }
     497           0 :                 smb_panic(msg);
     498             :         }
     499             : 
     500             :         /*
     501             :          * Here we include the NBT header for now.
     502             :          */
     503      509415 :         *outbuf = talloc_array(mem_ctx, char,
     504             :                                NBT_HDR_SIZE + smb_len);
     505      509415 :         if (*outbuf == NULL) {
     506           0 :                 return false;
     507             :         }
     508             : 
     509      509415 :         construct_smb1_reply_common(req->cmd, inbuf, *outbuf);
     510      509415 :         srv_smb1_set_message(*outbuf, num_words, num_bytes, false);
     511             :         /*
     512             :          * Zero out the word area, the caller has to take care of the bcc area
     513             :          * himself
     514             :          */
     515      509415 :         if (num_words != 0) {
     516      114340 :                 memset(*outbuf + (NBT_HDR_SIZE + HDR_VWV), 0, VWV(num_words));
     517             :         }
     518             : 
     519      501645 :         return true;
     520             : }
     521             : 
     522      509415 : void reply_smb1_outbuf(struct smb_request *req, uint8_t num_words, uint32_t num_bytes)
     523             : {
     524        7770 :         char *outbuf;
     525      509415 :         if (!create_smb1_outbuf(req, req, req->inbuf, &outbuf, num_words,
     526             :                            num_bytes)) {
     527           0 :                 smb_panic("could not allocate output buffer\n");
     528             :         }
     529      509415 :         req->outbuf = (uint8_t *)outbuf;
     530      509415 : }
     531             : 
     532      692056 : bool valid_smb1_header(const uint8_t *inbuf)
     533             : {
     534      692056 :         if (is_encrypted_packet(inbuf)) {
     535           0 :                 return true;
     536             :         }
     537             :         /*
     538             :          * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
     539             :          * but it just looks weird to call strncmp for this one.
     540             :          */
     541      692056 :         return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
     542             : }
     543             : 
     544             : /****************************************************************************
     545             :  Process an smb from the client
     546             : ****************************************************************************/
     547             : 
     548          39 : static void process_smb2(struct smbXsrv_connection *xconn,
     549             :                          uint8_t *inbuf,
     550             :                          size_t nread,
     551             :                          size_t unread_bytes,
     552             :                          uint32_t seqnum,
     553             :                          bool encrypted)
     554             : {
     555          39 :         const uint8_t *inpdu = inbuf + NBT_HDR_SIZE;
     556          39 :         size_t pdulen = nread - NBT_HDR_SIZE;
     557          39 :         NTSTATUS status = smbd_smb2_process_negprot(xconn, 0, inpdu, pdulen);
     558          39 :         if (!NT_STATUS_IS_OK(status)) {
     559           0 :                 exit_server_cleanly("SMB2 negprot fail");
     560             :         }
     561          39 : }
     562             : 
     563      655685 : void process_smb(struct smbXsrv_connection *xconn,
     564             :                  uint8_t *inbuf,
     565             :                  size_t nread,
     566             :                  size_t unread_bytes,
     567             :                  uint32_t seqnum,
     568             :                  bool encrypted)
     569             : {
     570      655685 :         struct smbd_server_connection *sconn = xconn->client->sconn;
     571      655685 :         int msg_type = CVAL(inbuf,0);
     572             : 
     573      655685 :         DO_PROFILE_INC(request);
     574             : 
     575      655685 :         DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
     576             :                     smb_len(inbuf) ) );
     577      655685 :         DEBUG(3, ("Transaction %d of length %d (%u toread)\n",
     578             :                   sconn->trans_num, (int)nread, (unsigned int)unread_bytes));
     579             : 
     580      655685 :         if (msg_type != NBSSmessage) {
     581             :                 /*
     582             :                  * NetBIOS session request, keepalive, etc.
     583             :                  */
     584         179 :                 reply_special(xconn, (char *)inbuf, nread);
     585         175 :                 goto done;
     586             :         }
     587             : 
     588             : #if defined(WITH_SMB1SERVER)
     589      655506 :         if (sconn->using_smb2) {
     590             :                 /* At this point we're not really using smb2,
     591             :                  * we make the decision here.. */
     592       11630 :                 if (smbd_is_smb2_header(inbuf, nread)) {
     593             : #endif
     594          39 :                         process_smb2(xconn,
     595             :                                      inbuf,
     596             :                                      nread,
     597             :                                      unread_bytes,
     598             :                                      seqnum,
     599             :                                      encrypted);
     600          39 :                         return;
     601             : #if defined(WITH_SMB1SERVER)
     602             :                 }
     603       11591 :                 if (nread >= smb_size && valid_smb1_header(inbuf)
     604       11591 :                                 && CVAL(inbuf, smb_com) != 0x72) {
     605             :                         /* This is a non-negprot SMB1 packet.
     606             :                            Disable SMB2 from now on. */
     607        5617 :                         sconn->using_smb2 = false;
     608             :                 }
     609             :         }
     610      655467 :         process_smb1(xconn, inbuf, nread, unread_bytes, seqnum, encrypted);
     611             : #endif
     612             : 
     613      655545 : done:
     614      655545 :         sconn->num_requests++;
     615             : 
     616             :         /* The timeout_processing function isn't run nearly
     617             :            often enough to implement 'max log size' without
     618             :            overrunning the size of the file by many megabytes.
     619             :            This is especially true if we are running at debug
     620             :            level 10.  Checking every 50 SMBs is a nice
     621             :            tradeoff of performance vs log file size overrun. */
     622             : 
     623      666883 :         if ((sconn->num_requests % 50) == 0 &&
     624       11338 :             need_to_check_log_size()) {
     625          95 :                 change_to_root_user();
     626          95 :                 check_log_size();
     627             :         }
     628             : }
     629             : 
     630       31609 : NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
     631             :                                         enum protocol_types protocol)
     632             : {
     633         886 :         NTSTATUS status;
     634             : 
     635       31609 :         conn->protocol = protocol;
     636             : 
     637       31609 :         if (conn->client->session_table != NULL) {
     638        1106 :                 return NT_STATUS_OK;
     639             :         }
     640             : 
     641       30503 :         if (protocol >= PROTOCOL_SMB2_02) {
     642       24878 :                 status = smb2srv_session_table_init(conn);
     643       24878 :                 if (!NT_STATUS_IS_OK(status)) {
     644           0 :                         conn->protocol = PROTOCOL_NONE;
     645           0 :                         return status;
     646             :                 }
     647             : 
     648       24878 :                 status = smb2srv_open_table_init(conn);
     649       24878 :                 if (!NT_STATUS_IS_OK(status)) {
     650           0 :                         conn->protocol = PROTOCOL_NONE;
     651           0 :                         return status;
     652             :                 }
     653             :         } else {
     654             : #if defined(WITH_SMB1SERVER)
     655        5625 :                 status = smb1srv_session_table_init(conn);
     656        5625 :                 if (!NT_STATUS_IS_OK(status)) {
     657           0 :                         conn->protocol = PROTOCOL_NONE;
     658           0 :                         return status;
     659             :                 }
     660             : 
     661        5625 :                 status = smb1srv_tcon_table_init(conn);
     662        5625 :                 if (!NT_STATUS_IS_OK(status)) {
     663           0 :                         conn->protocol = PROTOCOL_NONE;
     664           0 :                         return status;
     665             :                 }
     666             : 
     667        5625 :                 status = smb1srv_open_table_init(conn);
     668        5625 :                 if (!NT_STATUS_IS_OK(status)) {
     669           0 :                         conn->protocol = PROTOCOL_NONE;
     670           0 :                         return status;
     671             :                 }
     672             : #else
     673             :                 conn->protocol = PROTOCOL_NONE;
     674             :                 return NT_STATUS_INVALID_NETWORK_RESPONSE;
     675             : #endif
     676             :         }
     677             : 
     678       30503 :         set_Protocol(protocol);
     679       30503 :         return NT_STATUS_OK;
     680             : }
     681             : 
     682             : /**
     683             :  * Create a debug string for the connection
     684             :  *
     685             :  * This is allocated to talloc_tos() or a string constant
     686             :  * in certain corner cases. The returned string should
     687             :  * hence not be free'd directly but only via the talloc stack.
     688             :  */
     689          92 : const char *smbXsrv_connection_dbg(const struct smbXsrv_connection *xconn)
     690             : {
     691          92 :         const char *ret = NULL;
     692          92 :         char *raddr = NULL;
     693          92 :         char *laddr = NULL;
     694          92 :         struct GUID_txt_buf guid_buf = {};
     695             : 
     696             :         /*
     697             :          * TODO: this can be improved further later...
     698             :          */
     699             : 
     700          92 :         raddr = tsocket_address_string(xconn->remote_address, talloc_tos());
     701          92 :         if (raddr == NULL) {
     702           0 :                 return "<tsocket_address_string() failed>";
     703             :         }
     704          92 :         laddr = tsocket_address_string(xconn->local_address, talloc_tos());
     705          92 :         if (laddr == NULL) {
     706           0 :                 return "<tsocket_address_string() failed>";
     707             :         }
     708             : 
     709          92 :         ret = talloc_asprintf(talloc_tos(),
     710             :                         "PID=%d,CLIENT=%s,channel=%"PRIu64",remote=%s,local=%s",
     711             :                         getpid(),
     712             :                         GUID_buf_string(&xconn->smb2.client.guid, &guid_buf),
     713          92 :                         xconn->channel_id,
     714             :                         raddr,
     715             :                         laddr);
     716          92 :         TALLOC_FREE(raddr);
     717          92 :         TALLOC_FREE(laddr);
     718          92 :         if (ret == NULL) {
     719           0 :                 return "<talloc_asprintf() failed>";
     720             :         }
     721             : 
     722          92 :         return ret;
     723             : }
     724             : 
     725             : /*
     726             :  * Initialize a struct smb_request from an inbuf
     727             :  */
     728             : 
     729      671919 : bool init_smb1_request(struct smb_request *req,
     730             :                       struct smbd_server_connection *sconn,
     731             :                       struct smbXsrv_connection *xconn,
     732             :                       const uint8_t *inbuf,
     733             :                       size_t unread_bytes, bool encrypted,
     734             :                       uint32_t seqnum)
     735             : {
     736        8269 :         struct smbXsrv_tcon *tcon;
     737        8269 :         NTSTATUS status;
     738        8269 :         NTTIME now;
     739      671919 :         size_t req_size = smb_len(inbuf) + 4;
     740             : 
     741             :         /* Ensure we have at least smb_size bytes. */
     742      671919 :         if (req_size < smb_size) {
     743           0 :                 DEBUG(0,("init_smb1_request: invalid request size %u\n",
     744             :                         (unsigned int)req_size ));
     745           0 :                 return false;
     746             :         }
     747             : 
     748      671919 :         *req = (struct smb_request) { .cmd = 0};
     749             : 
     750      671919 :         req->request_time = timeval_current();
     751      671919 :         now = timeval_to_nttime(&req->request_time);
     752             : 
     753      671919 :         req->cmd    = CVAL(inbuf, smb_com);
     754      671919 :         req->flags2 = SVAL(inbuf, smb_flg2);
     755      671919 :         req->smbpid = SVAL(inbuf, smb_pid);
     756      671919 :         req->mid    = (uint64_t)SVAL(inbuf, smb_mid);
     757      671919 :         req->seqnum = seqnum;
     758      671919 :         req->vuid   = SVAL(inbuf, smb_uid);
     759      671919 :         req->tid    = SVAL(inbuf, smb_tid);
     760      671919 :         req->wct    = CVAL(inbuf, smb_wct);
     761      671919 :         req->vwv    = (const uint16_t *)(inbuf+smb_vwv);
     762      671919 :         req->buflen = smb_buflen(inbuf);
     763      671919 :         req->buf    = (const uint8_t *)smb_buf_const(inbuf);
     764      671919 :         req->unread_bytes = unread_bytes;
     765      671919 :         req->encrypted = encrypted;
     766      671919 :         req->sconn = sconn;
     767      671919 :         req->xconn = xconn;
     768      671919 :         if (xconn != NULL) {
     769      671919 :                 status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
     770      671919 :                 if (NT_STATUS_IS_OK(status)) {
     771      625430 :                         req->conn = tcon->compat;
     772             :                 }
     773             :         }
     774      671919 :         req->posix_pathnames = lp_posix_pathnames();
     775             : 
     776             :         /* Ensure we have at least wct words and 2 bytes of bcc. */
     777      671919 :         if (smb_size + req->wct*2 > req_size) {
     778           0 :                 DEBUG(0,("init_smb1_request: invalid wct number %u (size %u)\n",
     779             :                         (unsigned int)req->wct,
     780             :                         (unsigned int)req_size));
     781           0 :                 return false;
     782             :         }
     783             :         /* Ensure bcc is correct. */
     784      671919 :         if (((const uint8_t *)smb_buf_const(inbuf)) + req->buflen > inbuf + req_size) {
     785           0 :                 DEBUG(0,("init_smb1_request: invalid bcc number %u "
     786             :                         "(wct = %u, size %u)\n",
     787             :                         (unsigned int)req->buflen,
     788             :                         (unsigned int)req->wct,
     789             :                         (unsigned int)req_size));
     790           0 :                 return false;
     791             :         }
     792             : 
     793      663650 :         return true;
     794             : }
     795             : 
     796             : /****************************************************************************
     797             :  Construct a reply to the incoming packet.
     798             : ****************************************************************************/
     799             : 
     800       16413 : static void construct_reply_smb1negprot(struct smbXsrv_connection *xconn,
     801             :                                         char *inbuf, int size,
     802             :                                         size_t unread_bytes)
     803             : {
     804       16413 :         struct smbd_server_connection *sconn = xconn->client->sconn;
     805         390 :         struct smb_request *req;
     806         390 :         NTSTATUS status;
     807             : 
     808       16413 :         if (!(req = talloc(talloc_tos(), struct smb_request))) {
     809           0 :                 smb_panic("could not allocate smb_request");
     810             :         }
     811             : 
     812       16413 :         if (!init_smb1_request(req, sconn, xconn, (uint8_t *)inbuf, unread_bytes,
     813             :                               false, 0)) {
     814           0 :                 exit_server_cleanly("Invalid SMB request");
     815             :         }
     816             : 
     817       16413 :         req->inbuf  = (uint8_t *)talloc_move(req, &inbuf);
     818             : 
     819       16413 :         status = smb2_multi_protocol_reply_negprot(req);
     820       15927 :         if (req->outbuf == NULL) {
     821             :                 /*
     822             :                 * req->outbuf == NULL means we bootstrapped into SMB2.
     823             :                 */
     824       15925 :                 return;
     825             :         }
     826           2 :         if (!NT_STATUS_IS_OK(status)) {
     827           2 :                 if (!smb1_srv_send(req->xconn,
     828           2 :                                    (char *)req->outbuf,
     829             :                                    true,
     830           2 :                                    req->seqnum + 1,
     831           4 :                                    IS_CONN_ENCRYPTED(req->conn) ||
     832           2 :                                            req->encrypted)) {
     833           0 :                         exit_server_cleanly("construct_reply_smb1negprot: "
     834             :                                             "smb1_srv_send failed.");
     835             :                 }
     836           2 :                 TALLOC_FREE(req);
     837             :         } else {
     838             :                 /* This code path should only *ever* bootstrap into SMB2. */
     839           0 :                 exit_server_cleanly("Internal error SMB1negprot didn't reply "
     840             :                                     "with an SMB2 packet");
     841             :         }
     842             : }
     843             : 
     844           0 : static void smbd_server_connection_write_handler(
     845             :         struct smbXsrv_connection *xconn)
     846             : {
     847             :         /* TODO: make write nonblocking */
     848           0 : }
     849             : 
     850       25875 : static void smbd_smb2_server_connection_read_handler(
     851             :                         struct smbXsrv_connection *xconn, int fd)
     852             : {
     853         701 :         char lenbuf[NBT_HDR_SIZE];
     854       25875 :         size_t len = 0;
     855       25875 :         uint8_t *buffer = NULL;
     856       25875 :         size_t bufferlen = 0;
     857         701 :         NTSTATUS status;
     858       25875 :         uint8_t msg_type = 0;
     859             : 
     860             :         /* Read the first 4 bytes - contains length of remainder. */
     861       25875 :         status = read_smb_length_return_keepalive(fd, lenbuf, 0, &len);
     862       25875 :         if (!NT_STATUS_IS_OK(status)) {
     863           5 :                 exit_server_cleanly("failed to receive request length");
     864             :                 return;
     865             :         }
     866             : 
     867             :         /* Integer wrap check. */
     868       25870 :         if (len + NBT_HDR_SIZE < len) {
     869           0 :                 exit_server_cleanly("Invalid length on initial request");
     870             :                 return;
     871             :         }
     872             : 
     873             :         /*
     874             :          * The +4 here can't wrap, we've checked the length above already.
     875             :          */
     876       25870 :         bufferlen = len+NBT_HDR_SIZE;
     877             : 
     878       25870 :         buffer = talloc_array(talloc_tos(), uint8_t, bufferlen);
     879       25870 :         if (buffer == NULL) {
     880           0 :                 DBG_ERR("Could not allocate request inbuf of length %zu\n",
     881             :                         bufferlen);
     882           0 :                 exit_server_cleanly("talloc fail");
     883             :                 return;
     884             :         }
     885             : 
     886             :         /* Copy the NBT_HDR_SIZE length. */
     887       25870 :         memcpy(buffer, lenbuf, sizeof(lenbuf));
     888             : 
     889       25870 :         status = read_packet_remainder(fd, (char *)buffer+NBT_HDR_SIZE, 0, len);
     890       25870 :         if (!NT_STATUS_IS_OK(status)) {
     891           0 :                 exit_server_cleanly("Failed to read remainder of initial request");
     892             :                 return;
     893             :         }
     894             : 
     895             :         /* Check the message type. */
     896       25870 :         msg_type = PULL_LE_U8(buffer,0);
     897       25870 :         if (msg_type == NBSSrequest) {
     898             :                 /*
     899             :                  * clients can send this request before
     900             :                  * bootstrapping into SMB2. Cope with this
     901             :                  * message only, don't allow any other strange
     902             :                  * NBSS types.
     903             :                  */
     904         860 :                 reply_special(xconn, (char *)buffer, bufferlen);
     905         858 :                 xconn->client->sconn->num_requests++;
     906         858 :                 return;
     907             :         }
     908             : 
     909             :         /* Only a 'normal' message type allowed now. */
     910       25010 :         if (msg_type != NBSSmessage) {
     911           0 :                 DBG_ERR("Invalid message type %d\n", msg_type);
     912           0 :                 exit_server_cleanly("Invalid message type for initial request");
     913             :                 return;
     914             :         }
     915             : 
     916             :         /* Could this be an SMB1 negprot bootstrap into SMB2 ? */
     917       25010 :         if (bufferlen < smb_size) {
     918           0 :                 exit_server_cleanly("Invalid initial SMB1 or SMB2 packet");
     919             :                 return;
     920             :         }
     921       25010 :         if (valid_smb1_header(buffer)) {
     922             :                 /* Can *only* allow an SMB1 negprot here. */
     923       16437 :                 uint8_t cmd = PULL_LE_U8(buffer, smb_com);
     924       16437 :                 if (cmd != SMBnegprot) {
     925          24 :                         DBG_ERR("Incorrect SMB1 command 0x%hhx, "
     926             :                                 "should be SMBnegprot (0x72)\n",
     927             :                                 cmd);
     928          24 :                         exit_server_cleanly("Invalid initial SMB1 packet");
     929             :                 }
     930             :                 /* Minimal process_smb(). */
     931       16413 :                 show_msg((char *)buffer);
     932       16413 :                 construct_reply_smb1negprot(xconn, (char *)buffer,
     933             :                                             bufferlen, 0);
     934       15927 :                 xconn->client->sconn->trans_num++;
     935       15927 :                 xconn->client->sconn->num_requests++;
     936       15927 :                 return;
     937             : 
     938        8573 :         } else if (!smbd_is_smb2_header(buffer, bufferlen)) {
     939           0 :                 exit_server_cleanly("Invalid initial SMB2 packet");
     940             :                 return;
     941             :         }
     942             : 
     943             :         /* Here we know we're a valid SMB2 packet. */
     944             : 
     945             :         /*
     946             :          * Point at the start of the SMB2 PDU.
     947             :          * len is the length of the SMB2 PDU.
     948             :          */
     949             : 
     950        8573 :         status = smbd_smb2_process_negprot(xconn,
     951             :                                            0,
     952             :                                            (const uint8_t *)buffer+NBT_HDR_SIZE,
     953             :                                            len);
     954        8573 :         if (!NT_STATUS_IS_OK(status)) {
     955           0 :                 exit_server_cleanly("SMB2 negprot fail");
     956             :         }
     957        8262 :         return;
     958             : }
     959             : 
     960      683092 : static void smbd_server_connection_handler(struct tevent_context *ev,
     961             :                                            struct tevent_fd *fde,
     962             :                                            uint16_t flags,
     963             :                                            void *private_data)
     964             : {
     965        8693 :         struct smbXsrv_connection *xconn =
     966      683092 :                 talloc_get_type_abort(private_data,
     967             :                 struct smbXsrv_connection);
     968             : 
     969      683092 :         if (!NT_STATUS_IS_OK(xconn->transport.status)) {
     970             :                 /*
     971             :                  * we're not supposed to do any io
     972             :                  */
     973           0 :                 TEVENT_FD_NOT_READABLE(xconn->transport.fde);
     974           0 :                 TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
     975           0 :                 return;
     976             :         }
     977             : 
     978      683092 :         if (flags & TEVENT_FD_WRITE) {
     979           0 :                 smbd_server_connection_write_handler(xconn);
     980           0 :                 return;
     981             :         }
     982      683092 :         if (flags & TEVENT_FD_READ) {
     983             : #if defined(WITH_SMB1SERVER)
     984      683092 :                 if (lp_server_min_protocol() > PROTOCOL_NT1) {
     985             : #endif
     986       25875 :                         smbd_smb2_server_connection_read_handler(xconn,
     987             :                                                 xconn->transport.sock);
     988             : #if defined(WITH_SMB1SERVER)
     989             :                 } else {
     990      657217 :                         smbd_smb1_server_connection_read_handler(xconn,
     991             :                                                 xconn->transport.sock);
     992             :                 }
     993             : #endif
     994      676906 :                 return;
     995             :         }
     996             : }
     997             : 
     998             : struct smbd_release_ip_state {
     999             :         struct smbXsrv_connection *xconn;
    1000             :         struct tevent_immediate *im;
    1001             :         struct sockaddr_storage srv;
    1002             :         struct sockaddr_storage clnt;
    1003             :         char addr[INET6_ADDRSTRLEN];
    1004             : };
    1005             : 
    1006             : static int release_ip(struct tevent_context *ev,
    1007             :                       uint32_t src_vnn,
    1008             :                       uint32_t dst_vnn,
    1009             :                       uint64_t dst_srvid,
    1010             :                       const uint8_t *msg,
    1011             :                       size_t msglen,
    1012             :                       void *private_data);
    1013             : 
    1014           0 : static int smbd_release_ip_state_destructor(struct smbd_release_ip_state *s)
    1015             : {
    1016           0 :         struct ctdbd_connection *cconn = messaging_ctdb_connection();
    1017           0 :         struct smbXsrv_connection *xconn = s->xconn;
    1018             : 
    1019           0 :         if (cconn == NULL) {
    1020           0 :                 return 0;
    1021             :         }
    1022             : 
    1023           0 :         if (NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_CONNECTION_IN_USE)) {
    1024           0 :                 ctdbd_passed_ips(cconn, &s->srv, &s->clnt, release_ip, s);
    1025             :         } else {
    1026           0 :                 ctdbd_unregister_ips(cconn, &s->srv, &s->clnt, release_ip, s);
    1027             :         }
    1028             : 
    1029           0 :         return 0;
    1030             : }
    1031             : 
    1032           0 : static void smbd_release_ip_immediate(struct tevent_context *ctx,
    1033             :                                       struct tevent_immediate *im,
    1034             :                                       void *private_data)
    1035             : {
    1036           0 :         struct smbd_release_ip_state *state =
    1037           0 :                 talloc_get_type_abort(private_data,
    1038             :                 struct smbd_release_ip_state);
    1039           0 :         struct smbXsrv_connection *xconn = state->xconn;
    1040             : 
    1041           0 :         if (!NT_STATUS_EQUAL(xconn->transport.status, NT_STATUS_ADDRESS_CLOSED)) {
    1042             :                 /*
    1043             :                  * smbd_server_connection_terminate() already triggered ?
    1044             :                  */
    1045           0 :                 return;
    1046             :         }
    1047             : 
    1048           0 :         smbd_server_connection_terminate(xconn, "CTDB_SRVID_RELEASE_IP");
    1049             : }
    1050             : 
    1051             : /****************************************************************************
    1052             : received when we should release a specific IP
    1053             : ****************************************************************************/
    1054           0 : static int release_ip(struct tevent_context *ev,
    1055             :                       uint32_t src_vnn, uint32_t dst_vnn,
    1056             :                       uint64_t dst_srvid,
    1057             :                       const uint8_t *msg, size_t msglen,
    1058             :                       void *private_data)
    1059             : {
    1060           0 :         struct smbd_release_ip_state *state =
    1061           0 :                 talloc_get_type_abort(private_data,
    1062             :                 struct smbd_release_ip_state);
    1063           0 :         struct smbXsrv_connection *xconn = state->xconn;
    1064           0 :         const char *ip;
    1065           0 :         const char *addr = state->addr;
    1066           0 :         const char *p = addr;
    1067             : 
    1068           0 :         if (msglen == 0) {
    1069           0 :                 return 0;
    1070             :         }
    1071           0 :         if (msg[msglen-1] != '\0') {
    1072           0 :                 return 0;
    1073             :         }
    1074             : 
    1075           0 :         ip = (const char *)msg;
    1076             : 
    1077           0 :         if (!NT_STATUS_IS_OK(xconn->transport.status)) {
    1078             :                 /* avoid recursion */
    1079           0 :                 return 0;
    1080             :         }
    1081             : 
    1082           0 :         if (strncmp("::ffff:", addr, 7) == 0) {
    1083           0 :                 p = addr + 7;
    1084             :         }
    1085             : 
    1086           0 :         DEBUG(10, ("Got release IP message for %s, "
    1087             :                    "our address is %s\n", ip, p));
    1088             : 
    1089           0 :         if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
    1090           0 :                 DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
    1091             :                         ip));
    1092             :                 /*
    1093             :                  * With SMB2 we should do a clean disconnect,
    1094             :                  * the previous_session_id in the session setup
    1095             :                  * will cleanup the old session, tcons and opens.
    1096             :                  *
    1097             :                  * A clean disconnect is needed in order to support
    1098             :                  * durable handles.
    1099             :                  *
    1100             :                  * Note: typically this is never triggered
    1101             :                  *       as we got a TCP RST (triggered by ctdb event scripts)
    1102             :                  *       before we get CTDB_SRVID_RELEASE_IP.
    1103             :                  *
    1104             :                  * We used to call _exit(1) here, but as this was mostly never
    1105             :                  * triggered and has implication on our process model,
    1106             :                  * we can just use smbd_server_connection_terminate()
    1107             :                  * (also for SMB1).
    1108             :                  *
    1109             :                  * We don't call smbd_server_connection_terminate() directly
    1110             :                  * as we might be called from within ctdbd_migrate(),
    1111             :                  * we need to defer our action to the next event loop
    1112             :                  */
    1113           0 :                 tevent_schedule_immediate(state->im,
    1114             :                                           xconn->client->raw_ev_ctx,
    1115             :                                           smbd_release_ip_immediate,
    1116           0 :                                           state);
    1117             : 
    1118             :                 /*
    1119             :                  * Make sure we don't get any io on the connection.
    1120             :                  */
    1121           0 :                 xconn->transport.status = NT_STATUS_ADDRESS_CLOSED;
    1122           0 :                 return EADDRNOTAVAIL;
    1123             :         }
    1124             : 
    1125           0 :         return 0;
    1126             : }
    1127             : 
    1128           0 : static int match_cluster_movable_ip(uint32_t total_ip_count,
    1129             :                                     const struct sockaddr_storage *ip,
    1130             :                                     bool is_movable_ip,
    1131             :                                     void *private_data)
    1132             : {
    1133           0 :         const struct sockaddr_storage *srv = private_data;
    1134           0 :         struct samba_sockaddr pub_ip = {
    1135             :                 .u = {
    1136             :                         .ss = *ip,
    1137             :                 },
    1138             :         };
    1139           0 :         struct samba_sockaddr srv_ip = {
    1140             :                 .u = {
    1141             :                         .ss = *srv,
    1142             :                 },
    1143             :         };
    1144             : 
    1145           0 :         if (is_movable_ip && sockaddr_equal(&pub_ip.u.sa, &srv_ip.u.sa)) {
    1146           0 :                 return EADDRNOTAVAIL;
    1147             :         }
    1148             : 
    1149           0 :         return 0;
    1150             : }
    1151             : 
    1152           0 : static NTSTATUS smbd_register_ips(struct smbXsrv_connection *xconn,
    1153             :                                   struct sockaddr_storage *srv,
    1154             :                                   struct sockaddr_storage *clnt)
    1155             : {
    1156           0 :         struct smbd_release_ip_state *state;
    1157           0 :         struct ctdbd_connection *cconn;
    1158           0 :         int ret;
    1159             : 
    1160           0 :         cconn = messaging_ctdb_connection();
    1161           0 :         if (cconn == NULL) {
    1162           0 :                 return NT_STATUS_NO_MEMORY;
    1163             :         }
    1164             : 
    1165           0 :         state = talloc_zero(xconn, struct smbd_release_ip_state);
    1166           0 :         if (state == NULL) {
    1167           0 :                 return NT_STATUS_NO_MEMORY;
    1168             :         }
    1169           0 :         state->xconn = xconn;
    1170           0 :         state->im = tevent_create_immediate(state);
    1171           0 :         if (state->im == NULL) {
    1172           0 :                 return NT_STATUS_NO_MEMORY;
    1173             :         }
    1174           0 :         state->srv = *srv;
    1175           0 :         state->clnt = *clnt;
    1176           0 :         if (print_sockaddr(state->addr, sizeof(state->addr), srv) == NULL) {
    1177           0 :                 return NT_STATUS_NO_MEMORY;
    1178             :         }
    1179             : 
    1180           0 :         if (xconn->client->server_multi_channel_enabled) {
    1181           0 :                 ret = ctdbd_public_ip_foreach(cconn,
    1182             :                                               match_cluster_movable_ip,
    1183             :                                               srv);
    1184           0 :                 if (ret == EADDRNOTAVAIL) {
    1185           0 :                         xconn->has_cluster_movable_ip = true;
    1186           0 :                         DBG_DEBUG("cluster movable IP on %s\n",
    1187             :                                   smbXsrv_connection_dbg(xconn));
    1188           0 :                 } else if (ret != 0) {
    1189           0 :                         DBG_ERR("failed to iterate cluster IPs: %s\n",
    1190             :                                 strerror(ret));
    1191           0 :                         return NT_STATUS_INTERNAL_ERROR;
    1192             :                 }
    1193             :         }
    1194             : 
    1195           0 :         ret = ctdbd_register_ips(cconn, srv, clnt, release_ip, state);
    1196           0 :         if (ret != 0) {
    1197           0 :                 return map_nt_error_from_unix(ret);
    1198             :         }
    1199             : 
    1200           0 :         talloc_set_destructor(state, smbd_release_ip_state_destructor);
    1201             : 
    1202           0 :         return NT_STATUS_OK;
    1203             : }
    1204             : 
    1205       32158 : static int smbXsrv_connection_destructor(struct smbXsrv_connection *xconn)
    1206             : {
    1207       32158 :         DBG_DEBUG("xconn[%s]\n", smbXsrv_connection_dbg(xconn));
    1208       32158 :         return 0;
    1209             : }
    1210             : 
    1211       32172 : NTSTATUS smbd_add_connection(struct smbXsrv_client *client, int sock_fd,
    1212             :                              NTTIME now, struct smbXsrv_connection **_xconn)
    1213             : {
    1214       32172 :         TALLOC_CTX *frame = talloc_stackframe();
    1215         894 :         struct smbXsrv_connection *xconn;
    1216         894 :         struct sockaddr_storage ss_srv;
    1217       32172 :         void *sp_srv = (void *)&ss_srv;
    1218       32172 :         struct sockaddr *sa_srv = (struct sockaddr *)sp_srv;
    1219         894 :         struct sockaddr_storage ss_clnt;
    1220       32172 :         void *sp_clnt = (void *)&ss_clnt;
    1221       32172 :         struct sockaddr *sa_clnt = (struct sockaddr *)sp_clnt;
    1222         894 :         socklen_t sa_socklen;
    1223       32172 :         struct tsocket_address *local_address = NULL;
    1224       32172 :         struct tsocket_address *remote_address = NULL;
    1225       32172 :         const char *remaddr = NULL;
    1226         894 :         char *p;
    1227       32172 :         const char *rhost = NULL;
    1228         894 :         int ret;
    1229         894 :         int tmp;
    1230             : 
    1231       32172 :         *_xconn = NULL;
    1232             : 
    1233       32172 :         DO_PROFILE_INC(connect);
    1234             : 
    1235       32172 :         xconn = talloc_zero(client, struct smbXsrv_connection);
    1236       32172 :         if (xconn == NULL) {
    1237           0 :                 DEBUG(0,("talloc_zero(struct smbXsrv_connection)\n"));
    1238           0 :                 TALLOC_FREE(frame);
    1239           0 :                 return NT_STATUS_NO_MEMORY;
    1240             :         }
    1241       32172 :         talloc_set_destructor(xconn, smbXsrv_connection_destructor);
    1242       32172 :         talloc_steal(frame, xconn);
    1243       32172 :         xconn->client = client;
    1244       32172 :         xconn->connect_time = now;
    1245       32172 :         if (client->next_channel_id != 0) {
    1246       32172 :                 xconn->channel_id = client->next_channel_id++;
    1247             :         }
    1248             : 
    1249       32172 :         xconn->transport.sock = sock_fd;
    1250             : #if defined(WITH_SMB1SERVER)
    1251       32172 :         smbd_echo_init(xconn);
    1252             : #endif
    1253       32172 :         xconn->protocol = PROTOCOL_NONE;
    1254             : 
    1255             :         /* Ensure child is set to blocking mode */
    1256       32172 :         set_blocking(sock_fd,True);
    1257             : 
    1258       32172 :         set_socket_options(sock_fd, "SO_KEEPALIVE");
    1259       32172 :         set_socket_options(sock_fd, lp_socket_options());
    1260             : 
    1261       32172 :         sa_socklen = sizeof(ss_clnt);
    1262       32172 :         ret = getpeername(sock_fd, sa_clnt, &sa_socklen);
    1263       32172 :         if (ret != 0) {
    1264           0 :                 int saved_errno = errno;
    1265           0 :                 int level = (errno == ENOTCONN)?2:0;
    1266           0 :                 DEBUG(level,("getpeername() failed - %s\n",
    1267             :                       strerror(saved_errno)));
    1268           0 :                 TALLOC_FREE(frame);
    1269           0 :                 return map_nt_error_from_unix_common(saved_errno);
    1270             :         }
    1271       32172 :         ret = tsocket_address_bsd_from_sockaddr(xconn,
    1272             :                                                 sa_clnt, sa_socklen,
    1273             :                                                 &remote_address);
    1274       32172 :         if (ret != 0) {
    1275           0 :                 int saved_errno = errno;
    1276           0 :                 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
    1277             :                         __location__, strerror(saved_errno)));
    1278           0 :                 TALLOC_FREE(frame);
    1279           0 :                 return map_nt_error_from_unix_common(saved_errno);
    1280             :         }
    1281             : 
    1282       32172 :         sa_socklen = sizeof(ss_srv);
    1283       32172 :         ret = getsockname(sock_fd, sa_srv, &sa_socklen);
    1284       32172 :         if (ret != 0) {
    1285           0 :                 int saved_errno = errno;
    1286           0 :                 int level = (errno == ENOTCONN)?2:0;
    1287           0 :                 DEBUG(level,("getsockname() failed - %s\n",
    1288             :                       strerror(saved_errno)));
    1289           0 :                 TALLOC_FREE(frame);
    1290           0 :                 return map_nt_error_from_unix_common(saved_errno);
    1291             :         }
    1292       32172 :         ret = tsocket_address_bsd_from_sockaddr(xconn,
    1293             :                                                 sa_srv, sa_socklen,
    1294             :                                                 &local_address);
    1295       32172 :         if (ret != 0) {
    1296           0 :                 int saved_errno = errno;
    1297           0 :                 DEBUG(0,("%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n",
    1298             :                         __location__, strerror(saved_errno)));
    1299           0 :                 TALLOC_FREE(frame);
    1300           0 :                 return map_nt_error_from_unix_common(saved_errno);
    1301             :         }
    1302             : 
    1303       32172 :         if (tsocket_address_is_inet(remote_address, "ip")) {
    1304       32172 :                 remaddr = tsocket_address_inet_addr_string(remote_address,
    1305             :                                                            talloc_tos());
    1306       32172 :                 if (remaddr == NULL) {
    1307           0 :                         DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
    1308             :                                  __location__, strerror(errno)));
    1309           0 :                         TALLOC_FREE(frame);
    1310           0 :                         return NT_STATUS_NO_MEMORY;
    1311             :                 }
    1312             :         } else {
    1313           0 :                 remaddr = "0.0.0.0";
    1314             :         }
    1315             : 
    1316             :         /*
    1317             :          * Before the first packet, check the global hosts allow/ hosts deny
    1318             :          * parameters before doing any parsing of packets passed to us by the
    1319             :          * client. This prevents attacks on our parsing code from hosts not in
    1320             :          * the hosts allow list.
    1321             :          */
    1322             : 
    1323       32172 :         ret = get_remote_hostname(remote_address,
    1324             :                                   &p, talloc_tos());
    1325       32172 :         if (ret < 0) {
    1326           0 :                 int saved_errno = errno;
    1327           0 :                 DEBUG(0,("%s: get_remote_hostname failed - %s\n",
    1328             :                         __location__, strerror(saved_errno)));
    1329           0 :                 TALLOC_FREE(frame);
    1330           0 :                 return map_nt_error_from_unix_common(saved_errno);
    1331             :         }
    1332       32172 :         rhost = p;
    1333       32172 :         if (strequal(rhost, "UNKNOWN")) {
    1334           0 :                 rhost = remaddr;
    1335             :         }
    1336             : 
    1337       32172 :         xconn->local_address = local_address;
    1338       32172 :         xconn->remote_address = remote_address;
    1339       32172 :         xconn->remote_hostname = talloc_strdup(xconn, rhost);
    1340       32172 :         if (xconn->remote_hostname == NULL) {
    1341           0 :                 return NT_STATUS_NO_MEMORY;
    1342             :         }
    1343             : 
    1344       32172 :         if (!srv_init_signing(xconn)) {
    1345           0 :                 DEBUG(0, ("Failed to init smb_signing\n"));
    1346           0 :                 TALLOC_FREE(frame);
    1347           0 :                 return NT_STATUS_INTERNAL_ERROR;
    1348             :         }
    1349             : 
    1350       32172 :         if (!allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1),
    1351             :                           xconn->remote_hostname,
    1352             :                           remaddr)) {
    1353           0 :                 DEBUG( 1, ("Connection denied from %s to %s\n",
    1354             :                            tsocket_address_string(remote_address, talloc_tos()),
    1355             :                            tsocket_address_string(local_address, talloc_tos())));
    1356             : 
    1357             :                 /*
    1358             :                  * We return a valid xconn
    1359             :                  * so that the caller can return an error message
    1360             :                  * to the client
    1361             :                  */
    1362           0 :                 DLIST_ADD_END(client->connections, xconn);
    1363           0 :                 talloc_steal(client, xconn);
    1364             : 
    1365           0 :                 *_xconn = xconn;
    1366           0 :                 TALLOC_FREE(frame);
    1367           0 :                 return NT_STATUS_NETWORK_ACCESS_DENIED;
    1368             :         }
    1369             : 
    1370       32172 :         DEBUG(10, ("Connection allowed from %s to %s\n",
    1371             :                    tsocket_address_string(remote_address, talloc_tos()),
    1372             :                    tsocket_address_string(local_address, talloc_tos())));
    1373             : 
    1374       32172 :         if (lp_clustering()) {
    1375             :                 /*
    1376             :                  * We need to tell ctdb about our client's TCP
    1377             :                  * connection, so that for failover ctdbd can send
    1378             :                  * tickle acks, triggering a reconnection by the
    1379             :                  * client.
    1380             :                  */
    1381           0 :                 NTSTATUS status;
    1382             : 
    1383           0 :                 status = smbd_register_ips(xconn, &ss_srv, &ss_clnt);
    1384           0 :                 if (!NT_STATUS_IS_OK(status)) {
    1385           0 :                         DEBUG(0, ("ctdbd_register_ips failed: %s\n",
    1386             :                                   nt_errstr(status)));
    1387             :                 }
    1388             :         }
    1389             : 
    1390       32172 :         tmp = lp_max_xmit();
    1391       32172 :         tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
    1392       32172 :         tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
    1393             : 
    1394             : #if defined(WITH_SMB1SERVER)
    1395       32172 :         xconn->smb1.negprot.max_recv = tmp;
    1396             : 
    1397       32172 :         xconn->smb1.sessions.done_sesssetup = false;
    1398       32172 :         xconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
    1399             : #endif
    1400             : 
    1401       32172 :         xconn->transport.fde = tevent_add_fd(client->raw_ev_ctx,
    1402             :                                              xconn,
    1403             :                                              sock_fd,
    1404             :                                              TEVENT_FD_READ,
    1405             :                                              smbd_server_connection_handler,
    1406             :                                              xconn);
    1407       32172 :         if (!xconn->transport.fde) {
    1408           0 :                 TALLOC_FREE(frame);
    1409           0 :                 return NT_STATUS_NO_MEMORY;
    1410             :         }
    1411       32172 :         tevent_fd_set_auto_close(xconn->transport.fde);
    1412             : 
    1413             :         /* for now we only have one connection */
    1414       32172 :         DLIST_ADD_END(client->connections, xconn);
    1415       32172 :         talloc_steal(client, xconn);
    1416             : 
    1417       32172 :         *_xconn = xconn;
    1418       32172 :         TALLOC_FREE(frame);
    1419       32172 :         return NT_STATUS_OK;
    1420             : }
    1421             : 
    1422           0 : static bool uid_in_use(struct auth_session_info *session_info,
    1423             :                        uid_t uid)
    1424             : {
    1425           0 :         if (session_info->unix_token->uid == uid) {
    1426           0 :                 return true;
    1427             :         }
    1428           0 :         return false;
    1429             : }
    1430             : 
    1431           0 : static bool gid_in_use(struct auth_session_info *session_info,
    1432             :                        gid_t gid)
    1433             : {
    1434           0 :         uint32_t i;
    1435           0 :         struct security_unix_token *utok = NULL;
    1436             : 
    1437           0 :         utok = session_info->unix_token;
    1438           0 :         if (utok->gid == gid) {
    1439           0 :                 return true;
    1440             :         }
    1441             : 
    1442           0 :         for(i = 0; i < utok->ngroups; i++) {
    1443           0 :                 if (utok->groups[i] == gid) {
    1444           0 :                         return true;
    1445             :                 }
    1446             :         }
    1447           0 :         return false;
    1448             : }
    1449             : 
    1450           0 : static bool sid_in_use(struct auth_session_info *session_info,
    1451             :                        const struct dom_sid *psid)
    1452             : {
    1453           0 :         struct security_token *tok = NULL;
    1454             : 
    1455           0 :         tok = session_info->security_token;
    1456           0 :         if (tok == NULL) {
    1457             :                 /*
    1458             :                  * Not sure session_info->security_token can
    1459             :                  * ever be NULL. This check might be not
    1460             :                  * necessary.
    1461             :                  */
    1462           0 :                 return false;
    1463             :         }
    1464           0 :         if (security_token_has_sid(tok, psid)) {
    1465           0 :                 return true;
    1466             :         }
    1467           0 :         return false;
    1468             : }
    1469             : 
    1470             : struct id_in_use_state {
    1471             :         const struct id_cache_ref *id;
    1472             :         bool match;
    1473             : };
    1474             : 
    1475           0 : static int id_in_use_cb(struct smbXsrv_session *session,
    1476             :                         void *private_data)
    1477             : {
    1478           0 :         struct id_in_use_state *state = (struct id_in_use_state *)
    1479             :                 private_data;
    1480           0 :         struct auth_session_info *session_info =
    1481           0 :                 session->global->auth_session_info;
    1482             : 
    1483           0 :         switch(state->id->type) {
    1484           0 :         case UID:
    1485           0 :                 state->match = uid_in_use(session_info, state->id->id.uid);
    1486           0 :                 break;
    1487           0 :         case GID:
    1488           0 :                 state->match = gid_in_use(session_info, state->id->id.gid);
    1489           0 :                 break;
    1490           0 :         case SID:
    1491           0 :                 state->match = sid_in_use(session_info, &state->id->id.sid);
    1492           0 :                 break;
    1493           0 :         default:
    1494           0 :                 state->match = false;
    1495           0 :                 break;
    1496             :         }
    1497           0 :         if (state->match) {
    1498           0 :                 return -1;
    1499             :         }
    1500           0 :         return 0;
    1501             : }
    1502             : 
    1503           0 : static bool id_in_use(struct smbd_server_connection *sconn,
    1504             :                       const struct id_cache_ref *id)
    1505             : {
    1506           0 :         struct id_in_use_state state;
    1507           0 :         NTSTATUS status;
    1508             : 
    1509           0 :         state = (struct id_in_use_state) {
    1510             :                 .id = id,
    1511             :                 .match = false,
    1512             :         };
    1513             : 
    1514           0 :         status = smbXsrv_session_local_traverse(sconn->client,
    1515             :                                                 id_in_use_cb,
    1516             :                                                 &state);
    1517           0 :         if (!NT_STATUS_IS_OK(status)) {
    1518           0 :                 return false;
    1519             :         }
    1520             : 
    1521           0 :         return state.match;
    1522             : }
    1523             : 
    1524             : /****************************************************************************
    1525             :  Check if services need reloading.
    1526             : ****************************************************************************/
    1527             : 
    1528         473 : static void check_reload(struct smbd_server_connection *sconn, time_t t)
    1529             : {
    1530             : 
    1531         473 :         if (last_smb_conf_reload_time == 0) {
    1532          99 :                 last_smb_conf_reload_time = t;
    1533             :         }
    1534             : 
    1535         473 :         if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
    1536          99 :                 reload_services(sconn, conn_snum_used, true);
    1537          99 :                 last_smb_conf_reload_time = t;
    1538             :         }
    1539         473 : }
    1540             : 
    1541           0 : static void msg_kill_client_ip(struct messaging_context *msg_ctx,
    1542             :                                   void *private_data, uint32_t msg_type,
    1543             :                                   struct server_id server_id, DATA_BLOB *data)
    1544             : {
    1545           0 :         struct smbd_server_connection *sconn = talloc_get_type_abort(
    1546             :                 private_data, struct smbd_server_connection);
    1547           0 :         const char *ip = (char *) data->data;
    1548           0 :         char *client_ip;
    1549             : 
    1550           0 :         DBG_DEBUG("Got kill request for client IP %s\n", ip);
    1551             : 
    1552           0 :         client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
    1553             :                                                      talloc_tos());
    1554           0 :         if (client_ip == NULL) {
    1555           0 :                 return;
    1556             :         }
    1557             : 
    1558           0 :         if (strequal(ip, client_ip)) {
    1559           0 :                 DBG_WARNING("Got kill client message for %s - "
    1560             :                             "exiting immediately\n", ip);
    1561           0 :                 exit_server_cleanly("Forced disconnect for client");
    1562             :         }
    1563             : 
    1564           0 :         TALLOC_FREE(client_ip);
    1565             : }
    1566             : 
    1567             : /*
    1568             :  * Do the recurring check if we're idle
    1569             :  */
    1570         477 : static bool deadtime_fn(const struct timeval *now, void *private_data)
    1571             : {
    1572         477 :         struct smbd_server_connection *sconn =
    1573             :                 (struct smbd_server_connection *)private_data;
    1574             : 
    1575         477 :         if ((conn_num_open(sconn) == 0)
    1576         475 :             || (conn_idle_all(sconn, now->tv_sec))) {
    1577           4 :                 DEBUG( 2, ( "Closing idle connection\n" ) );
    1578           4 :                 messaging_send(sconn->msg_ctx,
    1579           4 :                                messaging_server_id(sconn->msg_ctx),
    1580             :                                MSG_SHUTDOWN, &data_blob_null);
    1581           4 :                 return False;
    1582             :         }
    1583             : 
    1584         473 :         return True;
    1585             : }
    1586             : 
    1587             : /*
    1588             :  * Do the recurring log file and smb.conf reload checks.
    1589             :  */
    1590             : 
    1591         473 : static bool housekeeping_fn(const struct timeval *now, void *private_data)
    1592             : {
    1593         473 :         struct smbd_server_connection *sconn = talloc_get_type_abort(
    1594             :                 private_data, struct smbd_server_connection);
    1595             : 
    1596         473 :         DEBUG(5, ("housekeeping\n"));
    1597             : 
    1598         473 :         change_to_root_user();
    1599             : 
    1600             :         /* check if we need to reload services */
    1601         473 :         check_reload(sconn, time_mono(NULL));
    1602             : 
    1603             :         /*
    1604             :          * Force a log file check.
    1605             :          */
    1606         473 :         force_check_log_size();
    1607         473 :         check_log_size();
    1608         473 :         return true;
    1609             : }
    1610             : 
    1611          13 : static void smbd_sig_term_handler(struct tevent_context *ev,
    1612             :                                   struct tevent_signal *se,
    1613             :                                   int signum,
    1614             :                                   int count,
    1615             :                                   void *siginfo,
    1616             :                                   void *private_data)
    1617             : {
    1618          13 :         exit_server_cleanly("termination signal");
    1619             : }
    1620             : 
    1621       31066 : static void smbd_setup_sig_term_handler(struct smbd_server_connection *sconn)
    1622             : {
    1623         842 :         struct tevent_signal *se;
    1624             : 
    1625       31066 :         se = tevent_add_signal(sconn->ev_ctx,
    1626             :                                sconn,
    1627             :                                SIGTERM, 0,
    1628             :                                smbd_sig_term_handler,
    1629             :                                sconn);
    1630       31066 :         if (!se) {
    1631           0 :                 exit_server("failed to setup SIGTERM handler");
    1632             :         }
    1633       31066 : }
    1634             : 
    1635           0 : static void smbd_sig_hup_handler(struct tevent_context *ev,
    1636             :                                   struct tevent_signal *se,
    1637             :                                   int signum,
    1638             :                                   int count,
    1639             :                                   void *siginfo,
    1640             :                                   void *private_data)
    1641             : {
    1642           0 :         struct smbd_server_connection *sconn =
    1643           0 :                 talloc_get_type_abort(private_data,
    1644             :                 struct smbd_server_connection);
    1645             : 
    1646           0 :         change_to_root_user();
    1647           0 :         DEBUG(1,("Reloading services after SIGHUP\n"));
    1648           0 :         reload_services(sconn, conn_snum_used, false);
    1649           0 : }
    1650             : 
    1651       31066 : static void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn)
    1652             : {
    1653         842 :         struct tevent_signal *se;
    1654             : 
    1655       31066 :         se = tevent_add_signal(sconn->ev_ctx,
    1656             :                                sconn,
    1657             :                                SIGHUP, 0,
    1658             :                                smbd_sig_hup_handler,
    1659             :                                sconn);
    1660       31066 :         if (!se) {
    1661           0 :                 exit_server("failed to setup SIGHUP handler");
    1662             :         }
    1663       31066 : }
    1664             : 
    1665         681 : static void smbd_conf_updated(struct messaging_context *msg,
    1666             :                               void *private_data,
    1667             :                               uint32_t msg_type,
    1668             :                               struct server_id server_id,
    1669             :                               DATA_BLOB *data)
    1670             : {
    1671           0 :         struct smbd_server_connection *sconn =
    1672         681 :                 talloc_get_type_abort(private_data,
    1673             :                 struct smbd_server_connection);
    1674             : 
    1675         681 :         DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was "
    1676             :                   "updated. Reloading.\n"));
    1677         681 :         change_to_root_user();
    1678         681 :         reload_services(sconn, conn_snum_used, false);
    1679         681 : }
    1680             : 
    1681           0 : static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
    1682             :                                void *private_data,
    1683             :                                uint32_t msg_type,
    1684             :                                struct server_id server_id,
    1685             :                                DATA_BLOB* data)
    1686             : {
    1687           0 :         const char *msg = (data && data->data)
    1688           0 :                 ? (const char *)data->data : "<NULL>";
    1689           0 :         struct id_cache_ref id;
    1690           0 :         struct smbd_server_connection *sconn =
    1691           0 :                 talloc_get_type_abort(private_data,
    1692             :                 struct smbd_server_connection);
    1693             : 
    1694           0 :         if (!id_cache_ref_parse(msg, &id)) {
    1695           0 :                 DEBUG(0, ("Invalid ?ID: %s\n", msg));
    1696           0 :                 return;
    1697             :         }
    1698             : 
    1699           0 :         if (id_in_use(sconn, &id)) {
    1700           0 :                 exit_server_cleanly(msg);
    1701             :         }
    1702           0 :         id_cache_delete_from_cache(&id);
    1703             : }
    1704             : 
    1705             : struct smbd_tevent_trace_state {
    1706             :         struct tevent_context *ev;
    1707             :         TALLOC_CTX *frame;
    1708             :         SMBPROFILE_BASIC_ASYNC_STATE(profile_idle);
    1709             : };
    1710             : 
    1711     4847905 : static inline void smbd_tevent_trace_callback_before_loop_once(
    1712             :         struct smbd_tevent_trace_state *state)
    1713             : {
    1714     4847905 :         talloc_free(state->frame);
    1715     4847905 :         state->frame = talloc_stackframe_pool(8192);
    1716     4847905 : }
    1717             : 
    1718     4816839 : static inline void smbd_tevent_trace_callback_after_loop_once(
    1719             :         struct smbd_tevent_trace_state *state)
    1720             : {
    1721     4816839 :         TALLOC_FREE(state->frame);
    1722     4762320 : }
    1723             : 
    1724    16331732 : static void smbd_tevent_trace_callback(enum tevent_trace_point point,
    1725             :                                        void *private_data)
    1726             : {
    1727    16331732 :         struct smbd_tevent_trace_state *state =
    1728             :                 (struct smbd_tevent_trace_state *)private_data;
    1729             : 
    1730    16331732 :         switch (point) {
    1731     3301454 :         case TEVENT_TRACE_BEFORE_WAIT:
    1732     3301454 :                 break;
    1733     3301454 :         case TEVENT_TRACE_AFTER_WAIT:
    1734     3301454 :                 break;
    1735     4847905 :         case TEVENT_TRACE_BEFORE_LOOP_ONCE:
    1736     4847905 :                 smbd_tevent_trace_callback_before_loop_once(state);
    1737     4847905 :                 break;
    1738     4762320 :         case TEVENT_TRACE_AFTER_LOOP_ONCE:
    1739     4816839 :                 smbd_tevent_trace_callback_after_loop_once(state);
    1740     4762320 :                 break;
    1741             :         }
    1742             : 
    1743    16331732 :         errno = 0;
    1744    16331732 : }
    1745             : 
    1746           0 : static void smbd_tevent_trace_callback_profile(enum tevent_trace_point point,
    1747             :                                                void *private_data)
    1748             : {
    1749           0 :         struct smbd_tevent_trace_state *state =
    1750             :                 (struct smbd_tevent_trace_state *)private_data;
    1751             : 
    1752           0 :         switch (point) {
    1753           0 :         case TEVENT_TRACE_BEFORE_WAIT:
    1754           0 :                 if (!smbprofile_dump_pending()) {
    1755             :                         /*
    1756             :                          * If there's no dump pending
    1757             :                          * we don't want to schedule a new 1 sec timer.
    1758             :                          *
    1759             :                          * Instead we want to sleep as long as nothing happens.
    1760             :                          */
    1761           0 :                         smbprofile_dump_setup(NULL);
    1762             :                 }
    1763           0 :                 SMBPROFILE_BASIC_ASYNC_START(idle, profile_p, state->profile_idle);
    1764           0 :                 break;
    1765           0 :         case TEVENT_TRACE_AFTER_WAIT:
    1766           0 :                 SMBPROFILE_BASIC_ASYNC_END(state->profile_idle);
    1767           0 :                 if (!smbprofile_dump_pending()) {
    1768             :                         /*
    1769             :                          * We need to flush our state after sleeping
    1770             :                          * (hopefully a long time).
    1771             :                          */
    1772           0 :                         smbprofile_dump();
    1773             :                         /*
    1774             :                          * future profiling events should trigger timers
    1775             :                          * on our main event context.
    1776             :                          */
    1777           0 :                         smbprofile_dump_setup(state->ev);
    1778             :                 }
    1779           0 :                 break;
    1780           0 :         case TEVENT_TRACE_BEFORE_LOOP_ONCE:
    1781           0 :                 smbd_tevent_trace_callback_before_loop_once(state);
    1782           0 :                 break;
    1783           0 :         case TEVENT_TRACE_AFTER_LOOP_ONCE:
    1784           0 :                 smbd_tevent_trace_callback_after_loop_once(state);
    1785           0 :                 break;
    1786             :         }
    1787             : 
    1788           0 :         errno = 0;
    1789           0 : }
    1790             : 
    1791             : /****************************************************************************
    1792             :  Process commands from the client
    1793             : ****************************************************************************/
    1794             : 
    1795       31066 : void smbd_process(struct tevent_context *ev_ctx,
    1796             :                   struct messaging_context *msg_ctx,
    1797             :                   int sock_fd,
    1798             :                   bool interactive)
    1799             : {
    1800       62132 :         struct smbd_tevent_trace_state trace_state = {
    1801             :                 .ev = ev_ctx,
    1802       31066 :                 .frame = talloc_stackframe(),
    1803             :         };
    1804         842 :         const struct loadparm_substitution *lp_sub =
    1805       31066 :                 loadparm_s3_global_substitution();
    1806       31066 :         struct smbXsrv_client *client = NULL;
    1807       31066 :         struct smbd_server_connection *sconn = NULL;
    1808       31066 :         struct smbXsrv_connection *xconn = NULL;
    1809       31066 :         const char *locaddr = NULL;
    1810       31066 :         const char *remaddr = NULL;
    1811         842 :         int ret;
    1812         842 :         NTSTATUS status;
    1813       31066 :         struct timeval tv = timeval_current();
    1814       31066 :         NTTIME now = timeval_to_nttime(&tv);
    1815       31066 :         char *chroot_dir = NULL;
    1816         842 :         int rc;
    1817             : 
    1818       31066 :         status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
    1819       31066 :         if (!NT_STATUS_IS_OK(status)) {
    1820           0 :                 DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
    1821           0 :                 exit_server_cleanly("talloc_zero(struct smbXsrv_client).\n");
    1822             :         }
    1823             : 
    1824             :         /*
    1825             :          * TODO: remove this...:-)
    1826             :          */
    1827       31066 :         global_smbXsrv_client = client;
    1828             : 
    1829       31066 :         sconn = talloc_zero(client, struct smbd_server_connection);
    1830       31066 :         if (sconn == NULL) {
    1831           0 :                 exit_server("failed to create smbd_server_connection");
    1832             :         }
    1833             : 
    1834       31066 :         client->sconn = sconn;
    1835       31066 :         sconn->client = client;
    1836             : 
    1837       31066 :         sconn->ev_ctx = ev_ctx;
    1838       31066 :         sconn->msg_ctx = msg_ctx;
    1839             : 
    1840       31066 :         ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
    1841             :                                       &sconn->pool);
    1842       31066 :         if (ret != 0) {
    1843           0 :                 exit_server("pthreadpool_tevent_init() failed.");
    1844             :         }
    1845             : 
    1846             : #if defined(WITH_SMB1SERVER)
    1847       31066 :         if (lp_server_max_protocol() >= PROTOCOL_SMB2_02) {
    1848             : #endif
    1849             :                 /*
    1850             :                  * We're not making the decision here,
    1851             :                  * we're just allowing the client
    1852             :                  * to decide between SMB1 and SMB2
    1853             :                  * with the first negprot
    1854             :                  * packet.
    1855             :                  */
    1856       31066 :                 sconn->using_smb2 = true;
    1857             : #if defined(WITH_SMB1SERVER)
    1858             :         }
    1859             : #endif
    1860             : 
    1861       31066 :         if (!interactive) {
    1862       31066 :                 smbd_setup_sig_term_handler(sconn);
    1863       31066 :                 smbd_setup_sig_hup_handler(sconn);
    1864             :         }
    1865             : 
    1866       31066 :         status = smbd_add_connection(client, sock_fd, now, &xconn);
    1867       31066 :         if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
    1868             :                 /*
    1869             :                  * send a negative session response "not listening on calling
    1870             :                  * name"
    1871             :                  */
    1872           0 :                 unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
    1873           0 :                 (void)smb1_srv_send(xconn, (char *)buf, false, 0, false);
    1874           0 :                 exit_server_cleanly("connection denied");
    1875       31066 :         } else if (!NT_STATUS_IS_OK(status)) {
    1876           0 :                 exit_server_cleanly(nt_errstr(status));
    1877             :         }
    1878             : 
    1879       31908 :         sconn->local_address =
    1880       31066 :                 tsocket_address_copy(xconn->local_address, sconn);
    1881       31066 :         if (sconn->local_address == NULL) {
    1882           0 :                 exit_server_cleanly("tsocket_address_copy() failed");
    1883             :         }
    1884       31908 :         sconn->remote_address =
    1885       31066 :                 tsocket_address_copy(xconn->remote_address, sconn);
    1886       31066 :         if (sconn->remote_address == NULL) {
    1887           0 :                 exit_server_cleanly("tsocket_address_copy() failed");
    1888             :         }
    1889       31908 :         sconn->remote_hostname =
    1890       31066 :                 talloc_strdup(sconn, xconn->remote_hostname);
    1891       31066 :         if (sconn->remote_hostname == NULL) {
    1892           0 :                 exit_server_cleanly("tsocket_strdup() failed");
    1893             :         }
    1894             : 
    1895       62132 :         client->global->local_address =
    1896       31066 :                 tsocket_address_string(sconn->local_address,
    1897       31066 :                                        client->global);
    1898       31066 :         if (client->global->local_address == NULL) {
    1899           0 :                 exit_server_cleanly("tsocket_address_string() failed");
    1900             :         }
    1901       62132 :         client->global->remote_address =
    1902       31066 :                 tsocket_address_string(sconn->remote_address,
    1903       30224 :                                        client->global);
    1904       31066 :         if (client->global->remote_address == NULL) {
    1905           0 :                 exit_server_cleanly("tsocket_address_string() failed");
    1906             :         }
    1907       62132 :         client->global->remote_name =
    1908       31066 :                 talloc_strdup(client->global, sconn->remote_hostname);
    1909       31066 :         if (client->global->remote_name == NULL) {
    1910           0 :                 exit_server_cleanly("tsocket_strdup() failed");
    1911             :         }
    1912             : 
    1913       31066 :         if (tsocket_address_is_inet(sconn->local_address, "ip")) {
    1914       31066 :                 locaddr = tsocket_address_inet_addr_string(
    1915             :                                 sconn->local_address,
    1916             :                                 talloc_tos());
    1917       31066 :                 if (locaddr == NULL) {
    1918           0 :                         DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
    1919             :                                  __location__, strerror(errno)));
    1920           0 :                         exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
    1921             :                 }
    1922             :         } else {
    1923           0 :                 locaddr = "0.0.0.0";
    1924             :         }
    1925             : 
    1926       31066 :         if (tsocket_address_is_inet(sconn->remote_address, "ip")) {
    1927       31066 :                 remaddr = tsocket_address_inet_addr_string(
    1928             :                                 sconn->remote_address,
    1929             :                                 talloc_tos());
    1930       31066 :                 if (remaddr == NULL) {
    1931           0 :                         DEBUG(0,("%s: tsocket_address_inet_addr_string remote failed - %s\n",
    1932             :                                  __location__, strerror(errno)));
    1933           0 :                         exit_server_cleanly("tsocket_address_inet_addr_string remote failed.\n");
    1934             :                 }
    1935             :         } else {
    1936           0 :                 remaddr = "0.0.0.0";
    1937             :         }
    1938             : 
    1939             :         /* this is needed so that we get decent entries
    1940             :            in smbstatus for port 445 connects */
    1941       31066 :         set_remote_machine_name(remaddr, false);
    1942       31066 :         reload_services(sconn, conn_snum_used, true);
    1943       31066 :         sub_set_socket_ids(remaddr,
    1944             :                            sconn->remote_hostname,
    1945             :                            locaddr);
    1946             : 
    1947       31066 :         if (lp_preload_modules()) {
    1948           0 :                 smb_load_all_modules_absoute_path(lp_preload_modules());
    1949             :         }
    1950             : 
    1951       31066 :         if (!init_account_policy()) {
    1952           0 :                 exit_server("Could not open account policy tdb.\n");
    1953             :         }
    1954             : 
    1955       31066 :         chroot_dir = lp_root_directory(talloc_tos(), lp_sub);
    1956       31066 :         if (chroot_dir[0] != '\0') {
    1957           0 :                 rc = chdir(chroot_dir);
    1958           0 :                 if (rc != 0) {
    1959           0 :                         DBG_ERR("Failed to chdir to %s\n", chroot_dir);
    1960           0 :                         exit_server("Failed to chdir()");
    1961             :                 }
    1962             : 
    1963           0 :                 rc = chroot(chroot_dir);
    1964           0 :                 if (rc != 0) {
    1965           0 :                         DBG_ERR("Failed to change root to %s\n", chroot_dir);
    1966           0 :                         exit_server("Failed to chroot()");
    1967             :                 }
    1968           0 :                 DBG_WARNING("Changed root to %s\n", chroot_dir);
    1969             : 
    1970           0 :                 TALLOC_FREE(chroot_dir);
    1971             :         }
    1972             : 
    1973       31066 :         if (!file_init(sconn)) {
    1974           0 :                 exit_server("file_init() failed");
    1975             :         }
    1976             : 
    1977             :         /* Setup oplocks */
    1978       31066 :         if (!init_oplocks(sconn))
    1979           0 :                 exit_server("Failed to init oplocks");
    1980             : 
    1981             :         /* register our message handlers */
    1982       31066 :         messaging_register(sconn->msg_ctx, sconn,
    1983             :                            MSG_SMB_FORCE_TDIS, msg_force_tdis);
    1984       31066 :         messaging_register(
    1985             :                 sconn->msg_ctx,
    1986             :                 sconn,
    1987             :                 MSG_SMB_FORCE_TDIS_DENIED,
    1988             :                 msg_force_tdis_denied);
    1989       31066 :         messaging_register(sconn->msg_ctx, sconn,
    1990             :                            MSG_SMB_CLOSE_FILE, msg_close_file);
    1991       31066 :         messaging_register(sconn->msg_ctx, sconn,
    1992             :                            MSG_SMB_FILE_RENAME, msg_file_was_renamed);
    1993             : 
    1994       31066 :         id_cache_register_msgs(sconn->msg_ctx);
    1995       31066 :         messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL);
    1996       31066 :         messaging_register(sconn->msg_ctx, sconn,
    1997             :                            ID_CACHE_KILL, smbd_id_cache_kill);
    1998             : 
    1999       31066 :         messaging_deregister(sconn->msg_ctx,
    2000       31066 :                              MSG_SMB_CONF_UPDATED, sconn->ev_ctx);
    2001       31066 :         messaging_register(sconn->msg_ctx, sconn,
    2002             :                            MSG_SMB_CONF_UPDATED, smbd_conf_updated);
    2003             : 
    2004       31066 :         messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
    2005             :                              NULL);
    2006       31066 :         messaging_register(sconn->msg_ctx, sconn,
    2007             :                            MSG_SMB_KILL_CLIENT_IP,
    2008             :                            msg_kill_client_ip);
    2009             : 
    2010       31066 :         messaging_deregister(sconn->msg_ctx, MSG_SMB_TELL_NUM_CHILDREN, NULL);
    2011             : 
    2012             :         /*
    2013             :          * Use the default MSG_DEBUG handler to avoid rebroadcasting
    2014             :          * MSGs to all child processes
    2015             :          */
    2016       31066 :         messaging_deregister(sconn->msg_ctx,
    2017             :                              MSG_DEBUG, NULL);
    2018       31066 :         messaging_register(sconn->msg_ctx, NULL,
    2019             :                            MSG_DEBUG, debug_message);
    2020             : 
    2021             : #if defined(WITH_SMB1SERVER)
    2022       31066 :         if ((lp_keepalive() != 0)
    2023       31066 :             && !(event_add_idle(ev_ctx, NULL,
    2024       31066 :                                 timeval_set(lp_keepalive(), 0),
    2025             :                                 "keepalive", keepalive_fn,
    2026             :                                 sconn))) {
    2027           0 :                 DEBUG(0, ("Could not add keepalive event\n"));
    2028           0 :                 exit(1);
    2029             :         }
    2030             : #endif
    2031             : 
    2032       31066 :         if (!(event_add_idle(ev_ctx, NULL,
    2033             :                              timeval_set(IDLE_CLOSED_TIMEOUT, 0),
    2034             :                              "deadtime", deadtime_fn, sconn))) {
    2035           0 :                 DEBUG(0, ("Could not add deadtime event\n"));
    2036           0 :                 exit(1);
    2037             :         }
    2038             : 
    2039       31066 :         if (!(event_add_idle(ev_ctx, NULL,
    2040             :                              timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
    2041             :                              "housekeeping", housekeeping_fn, sconn))) {
    2042           0 :                 DEBUG(0, ("Could not add housekeeping event\n"));
    2043           0 :                 exit(1);
    2044             :         }
    2045             : 
    2046       31066 :         smbprofile_dump_setup(ev_ctx);
    2047             : 
    2048       31066 :         if (!init_dptrs(sconn)) {
    2049           0 :                 exit_server("init_dptrs() failed");
    2050             :         }
    2051             : 
    2052       31066 :         TALLOC_FREE(trace_state.frame);
    2053             : 
    2054       31066 :         if (smbprofile_active()) {
    2055           0 :                 tevent_set_trace_callback(ev_ctx,
    2056             :                                           smbd_tevent_trace_callback_profile,
    2057             :                                           &trace_state);
    2058             :         } else {
    2059       31066 :                 tevent_set_trace_callback(ev_ctx,
    2060             :                                           smbd_tevent_trace_callback,
    2061             :                                           &trace_state);
    2062             :         }
    2063             : 
    2064       31066 :         ret = tevent_loop_wait(ev_ctx);
    2065           0 :         if (ret != 0) {
    2066           0 :                 DEBUG(1, ("tevent_loop_wait failed: %d, %s,"
    2067             :                           " exiting\n", ret, strerror(errno)));
    2068             :         }
    2069             : 
    2070           0 :         TALLOC_FREE(trace_state.frame);
    2071             : 
    2072           0 :         exit_server_cleanly(NULL);
    2073             : }

Generated by: LCOV version 1.14