Context Navigation

source: branches/samba-3.2.x/source/smbd/process.c@ 1014

Visit:

Last change on this file since 1014 was 340, checked in by Herwig Bauernfeind, 16 years ago
Update 3.2 to 3.2.15 (security update)
File size: 60.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	process incoming packets - main loop
4	Copyright (C) Andrew Tridgell 1992-1998
5	Copyright (C) Volker Lendecke 2005-2007
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22
23	extern int smb_echo_count;
24
25	/*
26	* Size of data we can send to client. Set
27	* by the client for all protocols above CORE.
28	* Set by us for CORE protocol.
29	*/
30	int max_send = BUFFER_SIZE;
31	/*
32	* Size of the data we can receive. Set by us.
33	* Can be modified by the max xmit parameter.
34	*/
35	int max_recv = BUFFER_SIZE;
36
37	SIG_ATOMIC_T reload_after_sighup = 0;
38	SIG_ATOMIC_T got_sig_term = 0;
39	extern bool global_machine_password_needs_changing;
40	extern int max_send;
41
42	/* Accessor function for smb_read_error for smbd functions. */
43
44	/****************************************************************************
45	Send an smb to a fd.
46	****************************************************************************/
47
48	bool srv_send_smb(int fd, char *buffer, bool do_encrypt)
49	{
50	size_t len;
51	size_t nwritten=0;
52	ssize_t ret;
53	char *buf_out = buffer;
54
55	/* Sign the outgoing packet if required. */
56	srv_calculate_sign_mac(buf_out);
57
58	if (do_encrypt) {
59	NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
60	if (!NT_STATUS_IS_OK(status)) {
61	DEBUG(0, ("send_smb: SMB encryption failed "
62	"on outgoing packet! Error %s\n",
63	nt_errstr(status) ));
64	return false;
65	}
66	}
67
68	len = smb_len(buf_out) + 4;
69
70	while (nwritten < len) {
71	ret = write_data(fd,buf_out+nwritten,len - nwritten);
72	if (ret <= 0) {
73	DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
74	(int)len,(int)ret, strerror(errno) ));
75	srv_free_enc_buffer(buf_out);
76	return false;
77	}
78	nwritten += ret;
79	}
80
81	srv_free_enc_buffer(buf_out);
82	return true;
83	}
84
85	/*******************************************************************
86	Setup the word count and byte count for a smb message.
87	********************************************************************/
88
89	int srv_set_message(char *buf,
90	int num_words,
91	int num_bytes,
92	bool zero)
93	{
94	if (zero && (num_words \|\| num_bytes)) {
95	memset(buf + smb_size,'\0',num_words*2 + num_bytes);
96	}
97	SCVAL(buf,smb_wct,num_words);
98	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
99	smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
100	return (smb_size + num_words*2 + num_bytes);
101	}
102
103	static bool valid_smb_header(const uint8_t *inbuf)
104	{
105	if (is_encrypted_packet(inbuf)) {
106	return true;
107	}
108	return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
109	}
110
111	/* Socket functions for smbd packet processing. */
112
113	static bool valid_packet_size(size_t len)
114	{
115	/*
116	* A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
117	* of header. Don't print the error if this fits.... JRA.
118	*/
119
120	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
121	DEBUG(0,("Invalid packet length! (%lu bytes).\n",
122	(unsigned long)len));
123	return false;
124	}
125	return true;
126	}
127
128	static NTSTATUS read_packet_remainder(int fd, char *buffer,
129	unsigned int timeout, ssize_t len)
130	{
131	if (len <= 0) {
132	return NT_STATUS_OK;
133	}
134
135	return read_socket_with_timeout(fd, buffer, len, len, timeout, NULL);
136	}
137
138	/****************************************************************************
139	Attempt a zerocopy writeX read. We know here that len > smb_size-4
140	****************************************************************************/
141
142	/*
143	* Unfortunately, earlier versions of smbclient/libsmbclient
144	* don't send this "standard" writeX header. I've fixed this
145	* for 3.2 but we'll use the old method with earlier versions.
146	* Windows and CIFSFS at least use this standard size. Not
147	* sure about MacOSX.
148	*/
149
150	#define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
151	(214) + / word count (including bcc) */ \
152	1 /* pad byte */)
153
154	static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
155	const char lenbuf[4],
156	int fd, char **buffer,
157	unsigned int timeout,
158	size_t *p_unread,
159	size_t *len_ret)
160	{
161	/* Size of a WRITEX call (+4 byte len). */
162	char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
163	ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
164	ssize_t toread;
165	NTSTATUS status;
166
167	memcpy(writeX_header, lenbuf, 4);
168
169	status = read_socket_with_timeout(
170	fd, writeX_header + 4,
171	STANDARD_WRITE_AND_X_HEADER_SIZE,
172	STANDARD_WRITE_AND_X_HEADER_SIZE,
173	timeout, NULL);
174
175	if (!NT_STATUS_IS_OK(status)) {
176	return status;
177	}
178
179	/*
180	* Ok - now try and see if this is a possible
181	* valid writeX call.
182	*/
183
184	if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
185	/*
186	* If the data offset is beyond what
187	* we've read, drain the extra bytes.
188	*/
189	uint16_t doff = SVAL(writeX_header,smb_vwv11);
190	ssize_t newlen;
191
192	if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
193	size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
194	if (drain_socket(smbd_server_fd(), drain) != drain) {
195	smb_panic("receive_smb_raw_talloc_partial_read:"
196	" failed to drain pending bytes");
197	}
198	} else {
199	doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
200	}
201
202	/* Spoof down the length and null out the bcc. */
203	set_message_bcc(writeX_header, 0);
204	newlen = smb_len(writeX_header);
205
206	/* Copy the header we've written. */
207
208	buffer = (char )TALLOC_MEMDUP(mem_ctx,
209	writeX_header,
210	sizeof(writeX_header));
211
212	if (*buffer == NULL) {
213	DEBUG(0, ("Could not allocate inbuf of length %d\n",
214	(int)sizeof(writeX_header)));
215	return NT_STATUS_NO_MEMORY;
216	}
217
218	/* Work out the remaining bytes. */
219	*p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
220	*len_ret = newlen + 4;
221	return NT_STATUS_OK;
222	}
223
224	if (!valid_packet_size(len)) {
225	return NT_STATUS_INVALID_PARAMETER;
226	}
227
228	/*
229	* Not a valid writeX call. Just do the standard
230	* talloc and return.
231	*/
232
233	*buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
234
235	if (*buffer == NULL) {
236	DEBUG(0, ("Could not allocate inbuf of length %d\n",
237	(int)len+4));
238	return NT_STATUS_NO_MEMORY;
239	}
240
241	/* Copy in what we already read. */
242	memcpy(*buffer,
243	writeX_header,
244	4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
245	toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
246
247	if(toread > 0) {
248	status = read_packet_remainder(
249	fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
250	timeout, toread);
251
252	if (!NT_STATUS_IS_OK(status)) {
253	DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
254	nt_errstr(status)));
255	return status;
256	}
257	}
258
259	*len_ret = len + 4;
260	return NT_STATUS_OK;
261	}
262
263	static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
264	char **buffer, unsigned int timeout,
265	size_t p_unread, size_t plen)
266	{
267	char lenbuf[4];
268	size_t len;
269	int min_recv_size = lp_min_receive_file_size();
270	NTSTATUS status;
271
272	*p_unread = 0;
273
274	status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
275	if (!NT_STATUS_IS_OK(status)) {
276	DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
277	return status;
278	}
279
280	if (CVAL(lenbuf,0) == 0 &&
281	min_recv_size &&
282	smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */
283	!srv_is_signing_active()) {
284
285	return receive_smb_raw_talloc_partial_read(
286	mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
287	}
288
289	if (!valid_packet_size(len)) {
290	return NT_STATUS_INVALID_PARAMETER;
291	}
292
293	/*
294	* The +4 here can't wrap, we've checked the length above already.
295	*/
296
297	*buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
298
299	if (*buffer == NULL) {
300	DEBUG(0, ("Could not allocate inbuf of length %d\n",
301	(int)len+4));
302	return NT_STATUS_NO_MEMORY;
303	}
304
305	memcpy(*buffer, lenbuf, sizeof(lenbuf));
306
307	status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
308	if (!NT_STATUS_IS_OK(status)) {
309	return status;
310	}
311
312	*plen = len + 4;
313	return NT_STATUS_OK;
314	}
315
316	static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd,
317	char **buffer, unsigned int timeout,
318	size_t p_unread, bool p_encrypted,
319	size_t *p_len)
320	{
321	size_t len = 0;
322	NTSTATUS status;
323
324	*p_encrypted = false;
325
326	status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
327	p_unread, &len);
328	if (!NT_STATUS_IS_OK(status)) {
329	return status;
330	}
331
332	if (is_encrypted_packet((uint8_t )buffer)) {
333	status = srv_decrypt_buffer(*buffer);
334	if (!NT_STATUS_IS_OK(status)) {
335	DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
336	"incoming packet! Error %s\n",
337	nt_errstr(status) ));
338	return status;
339	}
340	*p_encrypted = true;
341	}
342
343	/* Check the incoming SMB signature. */
344	if (!srv_check_sign_mac(*buffer, true)) {
345	DEBUG(0, ("receive_smb: SMB Signature verification failed on "
346	"incoming packet!\n"));
347	return NT_STATUS_INVALID_NETWORK_RESPONSE;
348	}
349
350	*p_len = len;
351	return NT_STATUS_OK;
352	}
353
354	/*
355	* Initialize a struct smb_request from an inbuf
356	*/
357
358	void init_smb_request(struct smb_request *req,
359	const uint8 *inbuf,
360	size_t unread_bytes,
361	bool encrypted)
362	{
363	size_t req_size = smb_len(inbuf) + 4;
364	/* Ensure we have at least smb_size bytes. */
365	if (req_size < smb_size) {
366	DEBUG(0,("init_smb_request: invalid request size %u\n",
367	(unsigned int)req_size ));
368	exit_server_cleanly("Invalid SMB request");
369	}
370	req->flags2 = SVAL(inbuf, smb_flg2);
371	req->smbpid = SVAL(inbuf, smb_pid);
372	req->mid = SVAL(inbuf, smb_mid);
373	req->vuid = SVAL(inbuf, smb_uid);
374	req->tid = SVAL(inbuf, smb_tid);
375	req->wct = CVAL(inbuf, smb_wct);
376	req->unread_bytes = unread_bytes;
377	req->encrypted = encrypted;
378	req->conn = conn_find(req->tid);
379
380	/* Ensure we have at least wct words and 2 bytes of bcc. */
381	if (smb_size + req->wct*2 > req_size) {
382	DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
383	(unsigned int)req->wct,
384	(unsigned int)req_size));
385	exit_server_cleanly("Invalid SMB request");
386	}
387	/* Ensure bcc is correct. */
388	if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
389	DEBUG(0,("init_smb_request: invalid bcc number %u "
390	"(wct = %u, size %u)\n",
391	(unsigned int)smb_buflen(inbuf),
392	(unsigned int)req->wct,
393	(unsigned int)req_size));
394	exit_server_cleanly("Invalid SMB request");
395	}
396	req->inbuf = inbuf;
397	req->outbuf = NULL;
398	}
399
400	/****************************************************************************
401	structure to hold a linked list of queued messages.
402	for processing.
403	****************************************************************************/
404
405	static struct pending_message_list *deferred_open_queue;
406
407	/****************************************************************************
408	Function to push a message onto the tail of a linked list of smb messages ready
409	for processing.
410	****************************************************************************/
411
412	static bool push_queued_message(struct smb_request *req,
413	struct timeval request_time,
414	struct timeval end_time,
415	char *private_data, size_t private_len)
416	{
417	int msg_len = smb_len(req->inbuf) + 4;
418	struct pending_message_list *msg;
419
420	msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
421
422	if(msg == NULL) {
423	DEBUG(0,("push_message: malloc fail (1)\n"));
424	return False;
425	}
426
427	msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
428	if(msg->buf.data == NULL) {
429	DEBUG(0,("push_message: malloc fail (2)\n"));
430	TALLOC_FREE(msg);
431	return False;
432	}
433
434	msg->request_time = request_time;
435	msg->end_time = end_time;
436	msg->encrypted = req->encrypted;
437	msg->processed = false;
438
439	if (private_data) {
440	msg->private_data = data_blob_talloc(msg, private_data,
441	private_len);
442	if (msg->private_data.data == NULL) {
443	DEBUG(0,("push_message: malloc fail (3)\n"));
444	TALLOC_FREE(msg);
445	return False;
446	}
447	}
448
449	DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
450
451	DEBUG(10,("push_message: pushed message length %u on "
452	"deferred_open_queue\n", (unsigned int)msg_len));
453
454	return True;
455	}
456
457	/****************************************************************************
458	Function to delete a sharing violation open message by mid.
459	****************************************************************************/
460
461	void remove_deferred_open_smb_message(uint16 mid)
462	{
463	struct pending_message_list *pml;
464
465	for (pml = deferred_open_queue; pml; pml = pml->next) {
466	if (mid == SVAL(pml->buf.data,smb_mid)) {
467	DEBUG(10,("remove_sharing_violation_open_smb_message: "
468	"deleting mid %u len %u\n",
469	(unsigned int)mid,
470	(unsigned int)pml->buf.length ));
471	DLIST_REMOVE(deferred_open_queue, pml);
472	TALLOC_FREE(pml);
473	return;
474	}
475	}
476	}
477
478	/****************************************************************************
479	Move a sharing violation open retry message to the front of the list and
480	schedule it for immediate processing.
481	****************************************************************************/
482
483	void schedule_deferred_open_smb_message(uint16 mid)
484	{
485	struct pending_message_list *pml;
486	int i = 0;
487
488	for (pml = deferred_open_queue; pml; pml = pml->next) {
489	uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
490	DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
491	(unsigned int)msg_mid ));
492	if (mid == msg_mid) {
493
494	if (pml->processed) {
495	/* A processed message should not be
496	* rescheduled. */
497	DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
498	"message mid %u was already processed\n",
499	(unsigned int)msg_mid ));
500	continue;
501	}
502
503	DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
504	mid ));
505	pml->end_time.tv_sec = 0;
506	pml->end_time.tv_usec = 0;
507	DLIST_PROMOTE(deferred_open_queue, pml);
508	return;
509	}
510	}
511
512	DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
513	mid ));
514	}
515
516	/****************************************************************************
517	Return true if this mid is on the deferred queue and was not yet processed.
518	****************************************************************************/
519
520	bool open_was_deferred(uint16 mid)
521	{
522	struct pending_message_list *pml;
523
524	for (pml = deferred_open_queue; pml; pml = pml->next) {
525	if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
526	return True;
527	}
528	}
529	return False;
530	}
531
532	/****************************************************************************
533	Return the message queued by this mid.
534	****************************************************************************/
535
536	struct pending_message_list *get_open_deferred_message(uint16 mid)
537	{
538	struct pending_message_list *pml;
539
540	for (pml = deferred_open_queue; pml; pml = pml->next) {
541	if (SVAL(pml->buf.data,smb_mid) == mid) {
542	return pml;
543	}
544	}
545	return NULL;
546	}
547
548	/****************************************************************************
549	Function to push a deferred open smb message onto a linked list of local smb
550	messages ready for processing.
551	****************************************************************************/
552
553	bool push_deferred_smb_message(struct smb_request *req,
554	struct timeval request_time,
555	struct timeval timeout,
556	char *private_data, size_t priv_len)
557	{
558	struct timeval end_time;
559
560	if (req->unread_bytes) {
561	DEBUG(0,("push_deferred_smb_message: logic error ! "
562	"unread_bytes = %u\n",
563	(unsigned int)req->unread_bytes ));
564	smb_panic("push_deferred_smb_message: "
565	"logic error unread_bytes != 0" );
566	}
567
568	end_time = timeval_sum(&request_time, &timeout);
569
570	DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
571	"timeout time [%u.%06u]\n",
572	(unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
573	(unsigned int)end_time.tv_sec,
574	(unsigned int)end_time.tv_usec));
575
576	return push_queued_message(req, request_time, end_time,
577	private_data, priv_len);
578	}
579
580	struct idle_event {
581	struct timed_event *te;
582	struct timeval interval;
583	char *name;
584	bool (handler)(const struct timeval now, void *private_data);
585	void *private_data;
586	};
587
588	static void idle_event_handler(struct event_context *ctx,
589	struct timed_event *te,
590	const struct timeval *now,
591	void *private_data)
592	{
593	struct idle_event *event =
594	talloc_get_type_abort(private_data, struct idle_event);
595
596	TALLOC_FREE(event->te);
597
598	if (!event->handler(now, event->private_data)) {
599	/* Don't repeat, delete ourselves */
600	TALLOC_FREE(event);
601	return;
602	}
603
604	event->te = event_add_timed(ctx, event,
605	timeval_sum(now, &event->interval),
606	event->name,
607	idle_event_handler, event);
608
609	/* We can't do much but fail here. */
610	SMB_ASSERT(event->te != NULL);
611	}
612
613	struct idle_event event_add_idle(struct event_context event_ctx,
614	TALLOC_CTX *mem_ctx,
615	struct timeval interval,
616	const char *name,
617	bool (handler)(const struct timeval now,
618	void *private_data),
619	void *private_data)
620	{
621	struct idle_event *result;
622	struct timeval now = timeval_current();
623
624	result = TALLOC_P(mem_ctx, struct idle_event);
625	if (result == NULL) {
626	DEBUG(0, ("talloc failed\n"));
627	return NULL;
628	}
629
630	result->interval = interval;
631	result->handler = handler;
632	result->private_data = private_data;
633
634	if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
635	DEBUG(0, ("talloc failed\n"));
636	TALLOC_FREE(result);
637	return NULL;
638	}
639
640	result->te = event_add_timed(event_ctx, result,
641	timeval_sum(&now, &interval),
642	result->name,
643	idle_event_handler, result);
644	if (result->te == NULL) {
645	DEBUG(0, ("event_add_timed failed\n"));
646	TALLOC_FREE(result);
647	return NULL;
648	}
649
650	return result;
651	}
652
653	/****************************************************************************
654	Do all async processing in here. This includes kernel oplock messages, change
655	notify events etc.
656	****************************************************************************/
657
658	static void async_processing(fd_set *pfds)
659	{
660	DEBUG(10,("async_processing: Doing async processing.\n"));
661
662	process_aio_queue();
663
664	process_kernel_oplocks(smbd_messaging_context(), pfds);
665
666	/* Do the aio check again after receive_local_message as it does a
667	select and may have eaten our signal. */
668	/* Is this till true? -- vl */
669	process_aio_queue();
670
671	if (got_sig_term) {
672	exit_server_cleanly("termination signal");
673	}
674
675	/* check for sighup processing */
676	if (reload_after_sighup) {
677	change_to_root_user();
678	DEBUG(1,("Reloading services after SIGHUP\n"));
679	reload_services(False);
680	reload_after_sighup = 0;
681	}
682	}
683
684	/****************************************************************************
685	Add a fd to the set we will be select(2)ing on.
686	****************************************************************************/
687
688	static int select_on_fd(int fd, int maxfd, fd_set *fds)
689	{
690	if (fd != -1) {
691	FD_SET(fd, fds);
692	maxfd = MAX(maxfd, fd);
693	}
694
695	return maxfd;
696	}
697
698	/****************************************************************************
699	Do a select on an two fd's - with timeout.
700
701	If a local udp message has been pushed onto the
702	queue (this can only happen during oplock break
703	processing) call async_processing()
704
705	If a pending smb message has been pushed onto the
706	queue (this can only happen during oplock break
707	processing) return this next.
708
709	If the first smbfd is ready then read an smb from it.
710	if the second (loopback UDP) fd is ready then read a message
711	from it and setup the buffer header to identify the length
712	and from address.
713	Returns False on timeout or error.
714	Else returns True.
715
716	The timeout is in milliseconds
717	****************************************************************************/
718
719	static NTSTATUS receive_message_or_smb(TALLOC_CTX mem_ctx, char *buffer,
720	size_t *buffer_len, int timeout,
721	size_t p_unread, bool p_encrypted)
722	{
723	fd_set r_fds, w_fds;
724	int selrtn;
725	struct timeval to;
726	int maxfd = 0;
727	size_t len = 0;
728	NTSTATUS status;
729
730	*p_unread = 0;
731
732	again:
733
734	if (timeout >= 0) {
735	to.tv_sec = timeout / 1000;
736	to.tv_usec = (timeout % 1000) * 1000;
737	} else {
738	to.tv_sec = SMBD_SELECT_TIMEOUT;
739	to.tv_usec = 0;
740	}
741
742	/*
743	* Note that this call must be before processing any SMB
744	* messages as we need to synchronously process any messages
745	* we may have sent to ourselves from the previous SMB.
746	*/
747	message_dispatch(smbd_messaging_context());
748
749	/*
750	* Check to see if we already have a message on the deferred open queue
751	* and it's time to schedule.
752	*/
753	if(deferred_open_queue != NULL) {
754	bool pop_message = False;
755	struct pending_message_list *msg = deferred_open_queue;
756
757	if (timeval_is_zero(&msg->end_time)) {
758	pop_message = True;
759	} else {
760	struct timeval tv;
761	SMB_BIG_INT tdif;
762
763	GetTimeOfDay(&tv);
764	tdif = usec_time_diff(&msg->end_time, &tv);
765	if (tdif <= 0) {
766	/* Timed out. Schedule...*/
767	pop_message = True;
768	DEBUG(10,("receive_message_or_smb: queued message timed out.\n"));
769	} else {
770	/* Make a more accurate select timeout. */
771	to.tv_sec = tdif / 1000000;
772	to.tv_usec = tdif % 1000000;
773	DEBUG(10,("receive_message_or_smb: select with timeout of [%u.%06u]\n",
774	(unsigned int)to.tv_sec, (unsigned int)to.tv_usec ));
775	}
776	}
777
778	if (pop_message) {
779
780	buffer = (char )talloc_memdup(mem_ctx, msg->buf.data,
781	msg->buf.length);
782	if (*buffer == NULL) {
783	DEBUG(0, ("talloc failed\n"));
784	return NT_STATUS_NO_MEMORY;
785	}
786	*buffer_len = msg->buf.length;
787	*p_encrypted = msg->encrypted;
788
789	/* We leave this message on the queue so the open code can
790	know this is a retry. */
791	DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
792
793	/* Mark the message as processed so this is not
794	* re-processed in error. */
795	msg->processed = true;
796	return NT_STATUS_OK;
797	}
798	}
799
800	/*
801	* Setup the select fd sets.
802	*/
803
804	FD_ZERO(&r_fds);
805	FD_ZERO(&w_fds);
806
807	/*
808	* Ensure we process oplock break messages by preference.
809	* We have to do this before the select, after the select
810	* and if the select returns EINTR. This is due to the fact
811	* that the selects called from async_processing can eat an EINTR
812	* caused by a signal (we can't take the break message there).
813	* This is hideously complex - MUST be simplified for 3.0 ! JRA.
814	*/
815
816	if (oplock_message_waiting(&r_fds)) {
817	DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n"));
818	async_processing(&r_fds);
819	/*
820	* After async processing we must go and do the select again, as
821	* the state of the flag in fds for the server file descriptor is
822	* indeterminate - we may have done I/O on it in the oplock processing. JRA.
823	*/
824	goto again;
825	}
826
827	/*
828	* Are there any timed events waiting ? If so, ensure we don't
829	* select for longer than it would take to wait for them.
830	*/
831
832	{
833	struct timeval now;
834	GetTimeOfDay(&now);
835
836	event_add_to_select_args(smbd_event_context(), &now,
837	&r_fds, &w_fds, &to, &maxfd);
838	}
839
840	if (timeval_is_zero(&to)) {
841	/* Process a timed event now... */
842	if (run_events(smbd_event_context(), 0, NULL, NULL)) {
843	goto again;
844	}
845	}
846
847	{
848	int sav;
849	START_PROFILE(smbd_idle);
850
851	maxfd = select_on_fd(smbd_server_fd(), maxfd, &r_fds);
852	maxfd = select_on_fd(oplock_notify_fd(), maxfd, &r_fds);
853
854	selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
855	sav = errno;
856
857	END_PROFILE(smbd_idle);
858	errno = sav;
859	}
860
861	if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
862	goto again;
863	}
864
865	/* if we get EINTR then maybe we have received an oplock
866	signal - treat this as select returning 1. This is ugly, but
867	is the best we can do until the oplock code knows more about
868	signals */
869	if (selrtn == -1 && errno == EINTR) {
870	async_processing(&r_fds);
871	/*
872	* After async processing we must go and do the select again, as
873	* the state of the flag in fds for the server file descriptor is
874	* indeterminate - we may have done I/O on it in the oplock processing. JRA.
875	*/
876	goto again;
877	}
878
879	/* Check if error */
880	if (selrtn == -1) {
881	/* something is wrong. Maybe the socket is dead? */
882	return map_nt_error_from_unix(errno);
883	}
884
885	/* Did we timeout ? */
886	if (selrtn == 0) {
887	return NT_STATUS_IO_TIMEOUT;
888	}
889
890	/*
891	* Ensure we process oplock break messages by preference.
892	* This is IMPORTANT ! Otherwise we can starve other processes
893	* sending us an oplock break message. JRA.
894	*/
895
896	if (oplock_message_waiting(&r_fds)) {
897	async_processing(&r_fds);
898	/*
899	* After async processing we must go and do the select again, as
900	* the state of the flag in fds for the server file descriptor is
901	* indeterminate - we may have done I/O on it in the oplock processing. JRA.
902	*/
903	goto again;
904	}
905
906	/*
907	* We've just woken up from a protentially long select sleep.
908	* Ensure we process local messages as we need to synchronously
909	* process any messages from other smbd's to avoid file rename race
910	* conditions. This call is cheap if there are no messages waiting.
911	* JRA.
912	*/
913	message_dispatch(smbd_messaging_context());
914
915	status = receive_smb_talloc(mem_ctx, smbd_server_fd(), buffer, 0,
916	p_unread, p_encrypted, &len);
917
918	if (!NT_STATUS_IS_OK(status)) {
919	return status;
920	}
921
922	*buffer_len = len;
923
924	return NT_STATUS_OK;
925	}
926
927	/*
928	* Only allow 5 outstanding trans requests. We're allocating memory, so
929	* prevent a DoS.
930	*/
931
932	NTSTATUS allow_new_trans(struct trans_state *list, int mid)
933	{
934	int count = 0;
935	for (; list != NULL; list = list->next) {
936
937	if (list->mid == mid) {
938	return NT_STATUS_INVALID_PARAMETER;
939	}
940
941	count += 1;
942	}
943	if (count > 5) {
944	return NT_STATUS_INSUFFICIENT_RESOURCES;
945	}
946
947	return NT_STATUS_OK;
948	}
949
950	/****************************************************************************
951	We're terminating and have closed all our files/connections etc.
952	If there are any pending local messages we need to respond to them
953	before termination so that other smbds don't think we just died whilst
954	holding oplocks.
955	****************************************************************************/
956
957	void respond_to_all_remaining_local_messages(void)
958	{
959	/*
960	* Assert we have no exclusive open oplocks.
961	*/
962
963	if(get_number_of_exclusive_open_oplocks()) {
964	DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
965	get_number_of_exclusive_open_oplocks() ));
966	return;
967	}
968
969	process_kernel_oplocks(smbd_messaging_context(), NULL);
970
971	return;
972	}
973
974
975	/*
976	These flags determine some of the permissions required to do an operation
977
978	Note that I don't set NEED_WRITE on some write operations because they
979	are used by some brain-dead clients when printing, and I don't want to
980	force write permissions on print services.
981	*/
982	#define AS_USER (1<<0)
983	#define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
984	#define TIME_INIT (1<<2)
985	#define CAN_IPC (1<<3) /* Must be paired with AS_USER */
986	#define AS_GUEST (1<<5) /* Must NOT be paired with AS_USER */
987	#define DO_CHDIR (1<<6)
988
989	/*
990	define a list of possible SMB messages and their corresponding
991	functions. Any message that has a NULL function is unimplemented -
992	please feel free to contribute implementations!
993	*/
994	static const struct smb_message_struct {
995	const char *name;
996	void (fn_new)(struct smb_request req);
997	int flags;
998	} smb_messages[256] = {
999
1000	/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER \| NEED_WRITE},
1001	/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER \| NEED_WRITE},
1002	/* 0x02 */ { "SMBopen",reply_open,AS_USER },
1003	/* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1004	/* 0x04 */ { "SMBclose",reply_close,AS_USER \| CAN_IPC },
1005	/* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1006	/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER \| NEED_WRITE },
1007	/* 0x07 */ { "SMBmv",reply_mv,AS_USER \| NEED_WRITE },
1008	/* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1009	/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER \| NEED_WRITE},
1010	/* 0x0a */ { "SMBread",reply_read,AS_USER},
1011	/* 0x0b */ { "SMBwrite",reply_write,AS_USER \| CAN_IPC },
1012	/* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1013	/* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1014	/* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1015	/* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1016	/* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1017	/* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1018	/* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1019	/* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1020	/* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1021	/* 0x15 */ { NULL, NULL, 0 },
1022	/* 0x16 */ { NULL, NULL, 0 },
1023	/* 0x17 */ { NULL, NULL, 0 },
1024	/* 0x18 */ { NULL, NULL, 0 },
1025	/* 0x19 */ { NULL, NULL, 0 },
1026	/* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1027	/* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1028	/* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1029	/* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1030	/* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1031	/* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1032	/* 0x20 */ { "SMBwritec", NULL,0},
1033	/* 0x21 */ { NULL, NULL, 0 },
1034	/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER \| NEED_WRITE },
1035	/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1036	/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1037	/* 0x25 */ { "SMBtrans",reply_trans,AS_USER \| CAN_IPC },
1038	/* 0x26 */ { "SMBtranss",reply_transs,AS_USER \| CAN_IPC},
1039	/* 0x27 */ { "SMBioctl",reply_ioctl,0},
1040	/* 0x28 */ { "SMBioctls", NULL,AS_USER},
1041	/* 0x29 */ { "SMBcopy",reply_copy,AS_USER \| NEED_WRITE },
1042	/* 0x2a */ { "SMBmove", NULL,AS_USER \| NEED_WRITE },
1043	/* 0x2b */ { "SMBecho",reply_echo,0},
1044	/* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1045	/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER \| CAN_IPC },
1046	/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER \| CAN_IPC },
1047	/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER \| CAN_IPC },
1048	/* 0x30 */ { NULL, NULL, 0 },
1049	/* 0x31 */ { NULL, NULL, 0 },
1050	/* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER \| CAN_IPC },
1051	/* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER \| CAN_IPC},
1052	/* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1053	/* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1054	/* 0x36 */ { NULL, NULL, 0 },
1055	/* 0x37 */ { NULL, NULL, 0 },
1056	/* 0x38 */ { NULL, NULL, 0 },
1057	/* 0x39 */ { NULL, NULL, 0 },
1058	/* 0x3a */ { NULL, NULL, 0 },
1059	/* 0x3b */ { NULL, NULL, 0 },
1060	/* 0x3c */ { NULL, NULL, 0 },
1061	/* 0x3d */ { NULL, NULL, 0 },
1062	/* 0x3e */ { NULL, NULL, 0 },
1063	/* 0x3f */ { NULL, NULL, 0 },
1064	/* 0x40 */ { NULL, NULL, 0 },
1065	/* 0x41 */ { NULL, NULL, 0 },
1066	/* 0x42 */ { NULL, NULL, 0 },
1067	/* 0x43 */ { NULL, NULL, 0 },
1068	/* 0x44 */ { NULL, NULL, 0 },
1069	/* 0x45 */ { NULL, NULL, 0 },
1070	/* 0x46 */ { NULL, NULL, 0 },
1071	/* 0x47 */ { NULL, NULL, 0 },
1072	/* 0x48 */ { NULL, NULL, 0 },
1073	/* 0x49 */ { NULL, NULL, 0 },
1074	/* 0x4a */ { NULL, NULL, 0 },
1075	/* 0x4b */ { NULL, NULL, 0 },
1076	/* 0x4c */ { NULL, NULL, 0 },
1077	/* 0x4d */ { NULL, NULL, 0 },
1078	/* 0x4e */ { NULL, NULL, 0 },
1079	/* 0x4f */ { NULL, NULL, 0 },
1080	/* 0x50 */ { NULL, NULL, 0 },
1081	/* 0x51 */ { NULL, NULL, 0 },
1082	/* 0x52 */ { NULL, NULL, 0 },
1083	/* 0x53 */ { NULL, NULL, 0 },
1084	/* 0x54 */ { NULL, NULL, 0 },
1085	/* 0x55 */ { NULL, NULL, 0 },
1086	/* 0x56 */ { NULL, NULL, 0 },
1087	/* 0x57 */ { NULL, NULL, 0 },
1088	/* 0x58 */ { NULL, NULL, 0 },
1089	/* 0x59 */ { NULL, NULL, 0 },
1090	/* 0x5a */ { NULL, NULL, 0 },
1091	/* 0x5b */ { NULL, NULL, 0 },
1092	/* 0x5c */ { NULL, NULL, 0 },
1093	/* 0x5d */ { NULL, NULL, 0 },
1094	/* 0x5e */ { NULL, NULL, 0 },
1095	/* 0x5f */ { NULL, NULL, 0 },
1096	/* 0x60 */ { NULL, NULL, 0 },
1097	/* 0x61 */ { NULL, NULL, 0 },
1098	/* 0x62 */ { NULL, NULL, 0 },
1099	/* 0x63 */ { NULL, NULL, 0 },
1100	/* 0x64 */ { NULL, NULL, 0 },
1101	/* 0x65 */ { NULL, NULL, 0 },
1102	/* 0x66 */ { NULL, NULL, 0 },
1103	/* 0x67 */ { NULL, NULL, 0 },
1104	/* 0x68 */ { NULL, NULL, 0 },
1105	/* 0x69 */ { NULL, NULL, 0 },
1106	/* 0x6a */ { NULL, NULL, 0 },
1107	/* 0x6b */ { NULL, NULL, 0 },
1108	/* 0x6c */ { NULL, NULL, 0 },
1109	/* 0x6d */ { NULL, NULL, 0 },
1110	/* 0x6e */ { NULL, NULL, 0 },
1111	/* 0x6f */ { NULL, NULL, 0 },
1112	/* 0x70 */ { "SMBtcon",reply_tcon,0},
1113	/* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1114	/* 0x72 */ { "SMBnegprot",reply_negprot,0},
1115	/* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1116	/* 0x74 / { "SMBulogoffX",reply_ulogoffX, 0}, / ulogoff doesn't give a valid TID */
1117	/* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1118	/* 0x76 */ { NULL, NULL, 0 },
1119	/* 0x77 */ { NULL, NULL, 0 },
1120	/* 0x78 */ { NULL, NULL, 0 },
1121	/* 0x79 */ { NULL, NULL, 0 },
1122	/* 0x7a */ { NULL, NULL, 0 },
1123	/* 0x7b */ { NULL, NULL, 0 },
1124	/* 0x7c */ { NULL, NULL, 0 },
1125	/* 0x7d */ { NULL, NULL, 0 },
1126	/* 0x7e */ { NULL, NULL, 0 },
1127	/* 0x7f */ { NULL, NULL, 0 },
1128	/* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1129	/* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1130	/* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1131	/* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1132	/* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1133	/* 0x85 */ { NULL, NULL, 0 },
1134	/* 0x86 */ { NULL, NULL, 0 },
1135	/* 0x87 */ { NULL, NULL, 0 },
1136	/* 0x88 */ { NULL, NULL, 0 },
1137	/* 0x89 */ { NULL, NULL, 0 },
1138	/* 0x8a */ { NULL, NULL, 0 },
1139	/* 0x8b */ { NULL, NULL, 0 },
1140	/* 0x8c */ { NULL, NULL, 0 },
1141	/* 0x8d */ { NULL, NULL, 0 },
1142	/* 0x8e */ { NULL, NULL, 0 },
1143	/* 0x8f */ { NULL, NULL, 0 },
1144	/* 0x90 */ { NULL, NULL, 0 },
1145	/* 0x91 */ { NULL, NULL, 0 },
1146	/* 0x92 */ { NULL, NULL, 0 },
1147	/* 0x93 */ { NULL, NULL, 0 },
1148	/* 0x94 */ { NULL, NULL, 0 },
1149	/* 0x95 */ { NULL, NULL, 0 },
1150	/* 0x96 */ { NULL, NULL, 0 },
1151	/* 0x97 */ { NULL, NULL, 0 },
1152	/* 0x98 */ { NULL, NULL, 0 },
1153	/* 0x99 */ { NULL, NULL, 0 },
1154	/* 0x9a */ { NULL, NULL, 0 },
1155	/* 0x9b */ { NULL, NULL, 0 },
1156	/* 0x9c */ { NULL, NULL, 0 },
1157	/* 0x9d */ { NULL, NULL, 0 },
1158	/* 0x9e */ { NULL, NULL, 0 },
1159	/* 0x9f */ { NULL, NULL, 0 },
1160	/* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER \| CAN_IPC },
1161	/* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER \| CAN_IPC },
1162	/* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER \| CAN_IPC },
1163	/* 0xa3 */ { NULL, NULL, 0 },
1164	/* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1165	/* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER \| NEED_WRITE },
1166	/* 0xa6 */ { NULL, NULL, 0 },
1167	/* 0xa7 */ { NULL, NULL, 0 },
1168	/* 0xa8 */ { NULL, NULL, 0 },
1169	/* 0xa9 */ { NULL, NULL, 0 },
1170	/* 0xaa */ { NULL, NULL, 0 },
1171	/* 0xab */ { NULL, NULL, 0 },
1172	/* 0xac */ { NULL, NULL, 0 },
1173	/* 0xad */ { NULL, NULL, 0 },
1174	/* 0xae */ { NULL, NULL, 0 },
1175	/* 0xaf */ { NULL, NULL, 0 },
1176	/* 0xb0 */ { NULL, NULL, 0 },
1177	/* 0xb1 */ { NULL, NULL, 0 },
1178	/* 0xb2 */ { NULL, NULL, 0 },
1179	/* 0xb3 */ { NULL, NULL, 0 },
1180	/* 0xb4 */ { NULL, NULL, 0 },
1181	/* 0xb5 */ { NULL, NULL, 0 },
1182	/* 0xb6 */ { NULL, NULL, 0 },
1183	/* 0xb7 */ { NULL, NULL, 0 },
1184	/* 0xb8 */ { NULL, NULL, 0 },
1185	/* 0xb9 */ { NULL, NULL, 0 },
1186	/* 0xba */ { NULL, NULL, 0 },
1187	/* 0xbb */ { NULL, NULL, 0 },
1188	/* 0xbc */ { NULL, NULL, 0 },
1189	/* 0xbd */ { NULL, NULL, 0 },
1190	/* 0xbe */ { NULL, NULL, 0 },
1191	/* 0xbf */ { NULL, NULL, 0 },
1192	/* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1193	/* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1194	/* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1195	/* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1196	/* 0xc4 */ { NULL, NULL, 0 },
1197	/* 0xc5 */ { NULL, NULL, 0 },
1198	/* 0xc6 */ { NULL, NULL, 0 },
1199	/* 0xc7 */ { NULL, NULL, 0 },
1200	/* 0xc8 */ { NULL, NULL, 0 },
1201	/* 0xc9 */ { NULL, NULL, 0 },
1202	/* 0xca */ { NULL, NULL, 0 },
1203	/* 0xcb */ { NULL, NULL, 0 },
1204	/* 0xcc */ { NULL, NULL, 0 },
1205	/* 0xcd */ { NULL, NULL, 0 },
1206	/* 0xce */ { NULL, NULL, 0 },
1207	/* 0xcf */ { NULL, NULL, 0 },
1208	/* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1209	/* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1210	/* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1211	/* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1212	/* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1213	/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1214	/* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1215	/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1216	/* 0xd8 */ { NULL, NULL, 0 },
1217	/* 0xd9 */ { NULL, NULL, 0 },
1218	/* 0xda */ { NULL, NULL, 0 },
1219	/* 0xdb */ { NULL, NULL, 0 },
1220	/* 0xdc */ { NULL, NULL, 0 },
1221	/* 0xdd */ { NULL, NULL, 0 },
1222	/* 0xde */ { NULL, NULL, 0 },
1223	/* 0xdf */ { NULL, NULL, 0 },
1224	/* 0xe0 */ { NULL, NULL, 0 },
1225	/* 0xe1 */ { NULL, NULL, 0 },
1226	/* 0xe2 */ { NULL, NULL, 0 },
1227	/* 0xe3 */ { NULL, NULL, 0 },
1228	/* 0xe4 */ { NULL, NULL, 0 },
1229	/* 0xe5 */ { NULL, NULL, 0 },
1230	/* 0xe6 */ { NULL, NULL, 0 },
1231	/* 0xe7 */ { NULL, NULL, 0 },
1232	/* 0xe8 */ { NULL, NULL, 0 },
1233	/* 0xe9 */ { NULL, NULL, 0 },
1234	/* 0xea */ { NULL, NULL, 0 },
1235	/* 0xeb */ { NULL, NULL, 0 },
1236	/* 0xec */ { NULL, NULL, 0 },
1237	/* 0xed */ { NULL, NULL, 0 },
1238	/* 0xee */ { NULL, NULL, 0 },
1239	/* 0xef */ { NULL, NULL, 0 },
1240	/* 0xf0 */ { NULL, NULL, 0 },
1241	/* 0xf1 */ { NULL, NULL, 0 },
1242	/* 0xf2 */ { NULL, NULL, 0 },
1243	/* 0xf3 */ { NULL, NULL, 0 },
1244	/* 0xf4 */ { NULL, NULL, 0 },
1245	/* 0xf5 */ { NULL, NULL, 0 },
1246	/* 0xf6 */ { NULL, NULL, 0 },
1247	/* 0xf7 */ { NULL, NULL, 0 },
1248	/* 0xf8 */ { NULL, NULL, 0 },
1249	/* 0xf9 */ { NULL, NULL, 0 },
1250	/* 0xfa */ { NULL, NULL, 0 },
1251	/* 0xfb */ { NULL, NULL, 0 },
1252	/* 0xfc */ { NULL, NULL, 0 },
1253	/* 0xfd */ { NULL, NULL, 0 },
1254	/* 0xfe */ { NULL, NULL, 0 },
1255	/* 0xff */ { NULL, NULL, 0 }
1256
1257	};
1258
1259	/*******************************************************************
1260	allocate and initialize a reply packet
1261	********************************************************************/
1262
1263	void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1264	{
1265	/*
1266	* Protect against integer wrap
1267	*/
1268	if ((num_bytes > 0xffffff)
1269	\|\| ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1270	char *msg;
1271	if (asprintf(&msg, "num_bytes too large: %u",
1272	(unsigned)num_bytes) == -1) {
1273	msg = CONST_DISCARD(char *, "num_bytes too large");
1274	}
1275	smb_panic(msg);
1276	}
1277
1278	if (!(req->outbuf = TALLOC_ARRAY(
1279	req, uint8,
1280	smb_size + num_words*2 + num_bytes))) {
1281	smb_panic("could not allocate output buffer\n");
1282	}
1283
1284	construct_reply_common((char )req->inbuf, (char )req->outbuf);
1285	srv_set_message((char *)req->outbuf, num_words, num_bytes, false);
1286	/*
1287	* Zero out the word area, the caller has to take care of the bcc area
1288	* himself
1289	*/
1290	if (num_words != 0) {
1291	memset(req->outbuf + smb_vwv0, 0, num_words*2);
1292	}
1293
1294	return;
1295	}
1296
1297
1298	/*******************************************************************
1299	Dump a packet to a file.
1300	********************************************************************/
1301
1302	static void smb_dump(const char name, int type, const char data, ssize_t len)
1303	{
1304	int fd, i;
1305	char *fname = NULL;
1306	if (DEBUGLEVEL < 50) {
1307	return;
1308	}
1309
1310	if (len < 4) len = smb_len(data)+4;
1311	for (i=1;i<100;i++) {
1312	if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1313	type ? "req" : "resp") == -1) {
1314	return;
1315	}
1316	fd = open(fname, O_WRONLY\|O_CREAT\|O_EXCL, 0644);
1317	if (fd != -1 \|\| errno != EEXIST) break;
1318	}
1319	if (fd != -1) {
1320	ssize_t ret = write(fd, data, len);
1321	if (ret != len)
1322	DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1323	close(fd);
1324	DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1325	}
1326	SAFE_FREE(fname);
1327	}
1328
1329	/****************************************************************************
1330	Prepare everything for calling the actual request function, and potentially
1331	call the request function via the "new" interface.
1332
1333	Return False if the "legacy" function needs to be called, everything is
1334	prepared.
1335
1336	Return True if we're done.
1337
1338	I know this API sucks, but it is the one with the least code change I could
1339	find.
1340	****************************************************************************/
1341
1342	static connection_struct switch_message(uint8 type, struct smb_request req, int size)
1343	{
1344	int flags;
1345	uint16 session_tag;
1346	connection_struct *conn = NULL;
1347
1348	static uint16 last_session_tag = UID_FIELD_INVALID;
1349
1350	errno = 0;
1351
1352	/* Make sure this is an SMB packet. smb_size contains NetBIOS header
1353	* so subtract 4 from it. */
1354	if (!valid_smb_header(req->inbuf)
1355	\|\| (size < (smb_size - 4))) {
1356	DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1357	smb_len(req->inbuf)));
1358	exit_server_cleanly("Non-SMB packet");
1359	}
1360
1361	if (smb_messages[type].fn_new == NULL) {
1362	DEBUG(0,("Unknown message type %d!\n",type));
1363	smb_dump("Unknown", 1, (char *)req->inbuf, size);
1364	reply_unknown_new(req, type);
1365	return NULL;
1366	}
1367
1368	flags = smb_messages[type].flags;
1369
1370	/* In share mode security we must ignore the vuid. */
1371	session_tag = (lp_security() == SEC_SHARE)
1372	? UID_FIELD_INVALID : req->vuid;
1373	conn = req->conn;
1374
1375	DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1376	(int)sys_getpid(), (unsigned long)conn));
1377
1378	smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1379
1380	/* Ensure this value is replaced in the incoming packet. */
1381	SSVAL(req->inbuf,smb_uid,session_tag);
1382
1383	/*
1384	* Ensure the correct username is in current_user_info. This is a
1385	* really ugly bugfix for problems with multiple session_setup_and_X's
1386	* being done and allowing %U and %G substitutions to work correctly.
1387	* There is a reason this code is done here, don't move it unless you
1388	* know what you're doing... :-).
1389	* JRA.
1390	*/
1391
1392	if (session_tag != last_session_tag) {
1393	user_struct *vuser = NULL;
1394
1395	last_session_tag = session_tag;
1396	if(session_tag != UID_FIELD_INVALID) {
1397	vuser = get_valid_user_struct(session_tag);
1398	if (vuser) {
1399	set_current_user_info(&vuser->user);
1400	}
1401	}
1402	}
1403
1404	/* Does this call need to be run as the connected user? */
1405	if (flags & AS_USER) {
1406
1407	/* Does this call need a valid tree connection? */
1408	if (!conn) {
1409	/*
1410	* Amazingly, the error code depends on the command
1411	* (from Samba4).
1412	*/
1413	if (type == SMBntcreateX) {
1414	reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1415	} else {
1416	reply_doserror(req, ERRSRV, ERRinvnid);
1417	}
1418	return NULL;
1419	}
1420
1421	if (!change_to_user(conn,session_tag)) {
1422	reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
1423	return conn;
1424	}
1425
1426	/* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1427
1428	/* Does it need write permission? */
1429	if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1430	reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1431	return conn;
1432	}
1433
1434	/* IPC services are limited */
1435	if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1436	reply_doserror(req, ERRSRV,ERRaccess);
1437	return conn;
1438	}
1439	} else {
1440	/* This call needs to be run as root */
1441	change_to_root_user();
1442	}
1443
1444	/* load service specific parameters */
1445	if (conn) {
1446	if (req->encrypted) {
1447	conn->encrypted_tid = true;
1448	/* encrypted required from now on. */
1449	conn->encrypt_level = Required;
1450	} else if (ENCRYPTION_REQUIRED(conn)) {
1451	uint8 com = CVAL(req->inbuf,smb_com);
1452	if (com != SMBtrans2 && com != SMBtranss2) {
1453	exit_server_cleanly("encryption required "
1454	"on connection");
1455	return conn;
1456	}
1457	}
1458
1459	if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1460	(flags & (AS_USER\|DO_CHDIR)
1461	?True:False))) {
1462	reply_doserror(req, ERRSRV, ERRaccess);
1463	return conn;
1464	}
1465	conn->num_smb_operations++;
1466	}
1467
1468	/* does this protocol need to be run as guest? */
1469	if ((flags & AS_GUEST)
1470	&& (!change_to_guest() \|\|
1471	!check_access(smbd_server_fd(), lp_hostsallow(-1),
1472	lp_hostsdeny(-1)))) {
1473	reply_doserror(req, ERRSRV, ERRaccess);
1474	return conn;
1475	}
1476
1477	smb_messages[type].fn_new(req);
1478	return req->conn;
1479	}
1480
1481	/****************************************************************************
1482	Construct a reply to the incoming packet.
1483	****************************************************************************/
1484
1485	static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
1486	{
1487	struct pending_message_list *pml = NULL;
1488	uint8 type = CVAL(inbuf,smb_com);
1489	connection_struct *conn;
1490	struct smb_request *req;
1491
1492	chain_size = 0;
1493	file_chain_reset();
1494	reset_chain_p();
1495
1496	if (!(req = talloc(talloc_tos(), struct smb_request))) {
1497	smb_panic("could not allocate smb_request");
1498	}
1499	init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
1500
1501	conn = switch_message(type, req, size);
1502
1503	/* If this was a deferred message and it's still there and
1504	* was processed, remove it. */
1505	pml = get_open_deferred_message(req->mid);
1506	if (pml && pml->processed) {
1507	remove_deferred_open_smb_message(req->mid);
1508	}
1509
1510	if (req->unread_bytes) {
1511	/* writeX failed. drain socket. */
1512	if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1513	req->unread_bytes) {
1514	smb_panic("failed to drain pending bytes");
1515	}
1516	req->unread_bytes = 0;
1517	}
1518
1519	if (req->outbuf == NULL) {
1520	return;
1521	}
1522
1523	if (CVAL(req->outbuf,0) == 0) {
1524	show_msg((char *)req->outbuf);
1525	}
1526
1527	if (!srv_send_smb(smbd_server_fd(),
1528	(char *)req->outbuf,
1529	IS_CONN_ENCRYPTED(conn)\|\|req->encrypted)) {
1530	exit_server_cleanly("construct_reply: srv_send_smb failed.");
1531	}
1532
1533	TALLOC_FREE(req);
1534
1535	return;
1536	}
1537
1538	/****************************************************************************
1539	Process an smb from the client
1540	****************************************************************************/
1541
1542	static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool encrypted)
1543	{
1544	static int trans_num;
1545	int msg_type = CVAL(inbuf,0);
1546
1547	DO_PROFILE_INC(smb_count);
1548
1549	if (trans_num == 0) {
1550	char addr[INET6_ADDRSTRLEN];
1551
1552	/* on the first packet, check the global hosts allow/ hosts
1553	deny parameters before doing any parsing of the packet
1554	passed to us by the client. This prevents attacks on our
1555	parsing code from hosts not in the hosts allow list */
1556
1557	if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
1558	lp_hostsdeny(-1))) {
1559	/* send a negative session response "not listening on calling name" */
1560	static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1561	DEBUG( 1, ( "Connection denied from %s\n",
1562	client_addr(get_client_fd(),addr,sizeof(addr)) ) );
1563	(void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
1564	exit_server_cleanly("connection denied");
1565	}
1566	}
1567
1568	DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1569	smb_len(inbuf) ) );
1570	DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1571	(int)nread,
1572	(unsigned int)unread_bytes ));
1573
1574	if (msg_type != 0) {
1575	/*
1576	* NetBIOS session request, keepalive, etc.
1577	*/
1578	reply_special(inbuf);
1579	return;
1580	}
1581
1582	show_msg(inbuf);
1583
1584	construct_reply(inbuf,nread,unread_bytes,encrypted);
1585
1586	trans_num++;
1587	}
1588
1589	/****************************************************************************
1590	Return a string containing the function name of a SMB command.
1591	****************************************************************************/
1592
1593	const char *smb_fn_name(int type)
1594	{
1595	const char *unknown_name = "SMBunknown";
1596
1597	if (smb_messages[type].name == NULL)
1598	return(unknown_name);
1599
1600	return(smb_messages[type].name);
1601	}
1602
1603	/****************************************************************************
1604	Helper functions for contruct_reply.
1605	****************************************************************************/
1606
1607	static uint32 common_flags2 = FLAGS2_LONG_PATH_COMPONENTS\|FLAGS2_32_BIT_ERROR_CODES;
1608
1609	void add_to_common_flags2(uint32 v)
1610	{
1611	common_flags2 \|= v;
1612	}
1613
1614	void remove_from_common_flags2(uint32 v)
1615	{
1616	common_flags2 &= ~v;
1617	}
1618
1619	void construct_reply_common(const char inbuf, char outbuf)
1620	{
1621	srv_set_message(outbuf,0,0,false);
1622
1623	SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
1624	SIVAL(outbuf,smb_rcls,0);
1625	SCVAL(outbuf,smb_flg, FLAG_REPLY \| (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1626	SSVAL(outbuf,smb_flg2,
1627	(SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) \|
1628	common_flags2);
1629	memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1630
1631	SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1632	SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1633	SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1634	SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1635	}
1636
1637	/****************************************************************************
1638	Construct a chained reply and add it to the already made reply
1639	****************************************************************************/
1640
1641	void chain_reply(struct smb_request *req)
1642	{
1643	static char *orig_inbuf;
1644
1645	/*
1646	* Dirty little const_discard: We mess with req->inbuf, which is
1647	* declared as const. If maybe at some point this routine gets
1648	* rewritten, this const_discard could go away.
1649	*/
1650	char inbuf = CONST_DISCARD(char , req->inbuf);
1651	int size = smb_len(req->inbuf)+4;
1652
1653	int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
1654	unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
1655	char *inbuf2;
1656	int outsize2;
1657	int new_size;
1658	char inbuf_saved[smb_wct];
1659	char outbuf = (char )req->outbuf;
1660	size_t outsize = smb_len(outbuf) + 4;
1661	size_t outsize_padded;
1662	size_t padding;
1663	size_t ofs, to_move;
1664
1665	struct smb_request *req2;
1666	size_t caller_outputlen;
1667	char *caller_output;
1668
1669	/* Maybe its not chained, or it's an error packet. */
1670	if (smb_com2 == 0xFF \|\| SVAL(outbuf,smb_rcls) != 0) {
1671	SCVAL(outbuf,smb_vwv0,0xFF);
1672	return;
1673	}
1674
1675	if (chain_size == 0) {
1676	/* this is the first part of the chain */
1677	orig_inbuf = inbuf;
1678	}
1679
1680	/*
1681	* We need to save the output the caller added to the chain so that we
1682	* can splice it into the final output buffer later.
1683	*/
1684
1685	caller_outputlen = outsize - smb_wct;
1686
1687	caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
1688
1689	if (caller_output == NULL) {
1690	/* TODO: NT_STATUS_NO_MEMORY */
1691	smb_panic("could not dup outbuf");
1692	}
1693
1694	/*
1695	* The original Win95 redirector dies on a reply to
1696	* a lockingX and read chain unless the chain reply is
1697	* 4 byte aligned. JRA.
1698	*/
1699
1700	outsize_padded = (outsize + 3) & ~3;
1701	padding = outsize_padded - outsize;
1702
1703	/*
1704	* remember how much the caller added to the chain, only counting
1705	* stuff after the parameter words
1706	*/
1707	chain_size += (outsize_padded - smb_wct);
1708
1709	/*
1710	* work out pointers into the original packets. The
1711	* headers on these need to be filled in
1712	*/
1713	inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
1714
1715	/* remember the original command type */
1716	smb_com1 = CVAL(orig_inbuf,smb_com);
1717
1718	/* save the data which will be overwritten by the new headers */
1719	memcpy(inbuf_saved,inbuf2,smb_wct);
1720
1721	/* give the new packet the same header as the last part of the SMB */
1722	memmove(inbuf2,inbuf,smb_wct);
1723
1724	/* create the in buffer */
1725	SCVAL(inbuf2,smb_com,smb_com2);
1726
1727	/* work out the new size for the in buffer. */
1728	new_size = size - (inbuf2 - inbuf);
1729	if (new_size < 0) {
1730	DEBUG(0,("chain_reply: chain packet size incorrect "
1731	"(orig size = %d, offset = %d)\n",
1732	size, (int)(inbuf2 - inbuf) ));
1733	exit_server_cleanly("Bad chained packet");
1734	return;
1735	}
1736
1737	/* And set it in the header. */
1738	smb_setlen(inbuf2, new_size - 4);
1739
1740	DEBUG(3,("Chained message\n"));
1741	show_msg(inbuf2);
1742
1743	if (!(req2 = talloc(talloc_tos(), struct smb_request))) {
1744	smb_panic("could not allocate smb_request");
1745	}
1746	init_smb_request(req2, (uint8 *)inbuf2,0, req->encrypted);
1747
1748	/* process the request */
1749	switch_message(smb_com2, req2, new_size);
1750
1751	/*
1752	* We don't accept deferred operations in chained requests.
1753	*/
1754	SMB_ASSERT(req2->outbuf != NULL);
1755	outsize2 = smb_len(req2->outbuf)+4;
1756
1757	/*
1758	* Move away the new command output so that caller_output fits in,
1759	* copy in the caller_output saved above.
1760	*/
1761
1762	SMB_ASSERT(outsize_padded >= smb_wct);
1763
1764	/*
1765	* "ofs" is the space we need for caller_output. Equal to
1766	* caller_outputlen plus the padding.
1767	*/
1768
1769	ofs = outsize_padded - smb_wct;
1770
1771	/*
1772	* "to_move" is the amount of bytes the secondary routine gave us
1773	*/
1774
1775	to_move = outsize2 - smb_wct;
1776
1777	if (to_move + ofs + smb_wct + chain_size > max_send) {
1778	smb_panic("replies too large -- would have to cut");
1779	}
1780
1781	/*
1782	* In the "new" API "outbuf" is allocated via reply_outbuf, just for
1783	* the first request in the chain. So we have to re-allocate it. In
1784	* the "old" API the only outbuf ever used is the global OutBuffer
1785	* which is always large enough.
1786	*/
1787
1788	outbuf = TALLOC_REALLOC_ARRAY(NULL, outbuf, char,
1789	to_move + ofs + smb_wct);
1790	if (outbuf == NULL) {
1791	smb_panic("could not realloc outbuf");
1792	}
1793
1794	req->outbuf = (uint8 *)outbuf;
1795
1796	memmove(outbuf + smb_wct + ofs, req2->outbuf + smb_wct, to_move);
1797	memcpy(outbuf + smb_wct, caller_output, caller_outputlen);
1798
1799	/*
1800	* copy the new reply header over the old one but preserve the smb_com
1801	* field
1802	*/
1803	memmove(outbuf, req2->outbuf, smb_wct);
1804	SCVAL(outbuf, smb_com, smb_com1);
1805
1806	/*
1807	* We've just copied in the whole "wct" area from the secondary
1808	* function. Fix up the chaining: com2 and the offset need to be
1809	* readjusted.
1810	*/
1811
1812	SCVAL(outbuf, smb_vwv0, smb_com2);
1813	SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
1814
1815	if (padding != 0) {
1816
1817	/*
1818	* Due to padding we have some uninitialized bytes after the
1819	* caller's output
1820	*/
1821
1822	memset(outbuf + outsize, 0, padding);
1823	}
1824
1825	smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4);
1826
1827	/*
1828	* restore the saved data, being careful not to overwrite any data
1829	* from the reply header
1830	*/
1831	memcpy(inbuf2,inbuf_saved,smb_wct);
1832
1833	SAFE_FREE(caller_output);
1834	TALLOC_FREE(req2);
1835
1836	/*
1837	* Reset the chain_size for our caller's offset calculations
1838	*/
1839
1840	chain_size -= (outsize_padded - smb_wct);
1841
1842	return;
1843	}
1844
1845	/****************************************************************************
1846	Setup the needed select timeout in milliseconds.
1847	****************************************************************************/
1848
1849	static int setup_select_timeout(void)
1850	{
1851	int select_timeout;
1852
1853	select_timeout = SMBD_SELECT_TIMEOUT*1000;
1854
1855	if (print_notify_messages_pending()) {
1856	select_timeout = MIN(select_timeout, 1000);
1857	}
1858
1859	return select_timeout;
1860	}
1861
1862	/****************************************************************************
1863	Check if services need reloading.
1864	****************************************************************************/
1865
1866	void check_reload(time_t t)
1867	{
1868	static pid_t mypid = 0;
1869	static time_t last_smb_conf_reload_time = 0;
1870	static time_t last_printer_reload_time = 0;
1871	time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
1872
1873	if(last_smb_conf_reload_time == 0) {
1874	last_smb_conf_reload_time = t;
1875	/* Our printing subsystem might not be ready at smbd start up.
1876	Then no printer is available till the first printers check
1877	is performed. A lower initial interval circumvents this. */
1878	if ( printcap_cache_time > 60 )
1879	last_printer_reload_time = t - printcap_cache_time + 60;
1880	else
1881	last_printer_reload_time = t;
1882	}
1883
1884	if (mypid != getpid()) { /* First time or fork happened meanwhile */
1885	/* randomize over 60 second the printcap reload to avoid all
1886	* process hitting cupsd at the same time */
1887	int time_range = 60;
1888
1889	last_printer_reload_time += random() % time_range;
1890	mypid = getpid();
1891	}
1892
1893	if (reload_after_sighup \|\| (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) {
1894	reload_services(True);
1895	reload_after_sighup = False;
1896	last_smb_conf_reload_time = t;
1897	}
1898
1899	/* 'printcap cache time = 0' disable the feature */
1900
1901	if ( printcap_cache_time != 0 )
1902	{
1903	/* see if it's time to reload or if the clock has been set back */
1904
1905	if ( (t >= last_printer_reload_time+printcap_cache_time)
1906	\|\| (t-last_printer_reload_time < 0) )
1907	{
1908	DEBUG( 3,( "Printcap cache time expired.\n"));
1909	reload_printers();
1910	last_printer_reload_time = t;
1911	}
1912	}
1913	}
1914
1915	/****************************************************************************
1916	Process any timeout housekeeping. Return False if the caller should exit.
1917	****************************************************************************/
1918
1919	static void timeout_processing(int *select_timeout,
1920	time_t *last_timeout_processing_time)
1921	{
1922	time_t t;
1923
1924	*last_timeout_processing_time = t = time(NULL);
1925
1926	/* become root again if waiting */
1927	change_to_root_user();
1928
1929	/* check if we need to reload services */
1930	check_reload(t);
1931
1932	if(global_machine_password_needs_changing &&
1933	/* for ADS we need to do a regular ADS password change, not a domain
1934	password change */
1935	lp_security() == SEC_DOMAIN) {
1936
1937	unsigned char trust_passwd_hash[16];
1938	time_t lct;
1939	void *lock;
1940
1941	/*
1942	* We're in domain level security, and the code that
1943	* read the machine password flagged that the machine
1944	* password needs changing.
1945	*/
1946
1947	/*
1948	* First, open the machine password file with an exclusive lock.
1949	*/
1950
1951	lock = secrets_get_trust_account_lock(NULL, lp_workgroup());
1952
1953	if (lock == NULL) {
1954	DEBUG(0,("process: unable to lock the machine account password for \
1955	machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
1956	return;
1957	}
1958
1959	if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
1960	DEBUG(0,("process: unable to read the machine account password for \
1961	machine %s in domain %s.\n", global_myname(), lp_workgroup()));
1962	TALLOC_FREE(lock);
1963	return;
1964	}
1965
1966	/*
1967	* Make sure someone else hasn't already done this.
1968	*/
1969
1970	if(t < lct + lp_machine_password_timeout()) {
1971	global_machine_password_needs_changing = False;
1972	TALLOC_FREE(lock);
1973	return;
1974	}
1975
1976	/* always just contact the PDC here */
1977
1978	change_trust_account_password( lp_workgroup(), NULL);
1979	global_machine_password_needs_changing = False;
1980	TALLOC_FREE(lock);
1981	}
1982
1983	/* update printer queue caches if necessary */
1984
1985	update_monitored_printq_cache();
1986
1987	/*
1988	* Now we are root, check if the log files need pruning.
1989	* Force a log file check.
1990	*/
1991	force_check_log_size();
1992	check_log_size();
1993
1994	/* Send any queued printer notify message to interested smbd's. */
1995
1996	print_notify_send_messages(smbd_messaging_context(), 0);
1997
1998	/*
1999	* Modify the select timeout depending upon
2000	* what we have remaining in our queues.
2001	*/
2002
2003	*select_timeout = setup_select_timeout();
2004
2005	return;
2006	}
2007
2008	/****************************************************************************
2009	Process commands from the client
2010	****************************************************************************/
2011
2012	void smbd_process(void)
2013	{
2014	time_t last_timeout_processing_time = time(NULL);
2015	unsigned int num_smbs = 0;
2016	size_t unread_bytes = 0;
2017
2018	max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
2019
2020	while (True) {
2021	int select_timeout = setup_select_timeout();
2022	int num_echos;
2023	char *inbuf = NULL;
2024	size_t inbuf_len = 0;
2025	bool encrypted = false;
2026	TALLOC_CTX *frame = talloc_stackframe_pool(8192);
2027
2028	errno = 0;
2029
2030	/* Did someone ask for immediate checks on things like blocking locks ? */
2031	if (select_timeout == 0) {
2032	timeout_processing(&select_timeout,
2033	&last_timeout_processing_time);
2034	num_smbs = 0; /* Reset smb counter. */
2035	}
2036
2037	run_events(smbd_event_context(), 0, NULL, NULL);
2038
2039	while (True) {
2040	NTSTATUS status;
2041
2042	status = receive_message_or_smb(
2043	talloc_tos(), &inbuf, &inbuf_len,
2044	select_timeout, &unread_bytes, &encrypted);
2045
2046	if (NT_STATUS_IS_OK(status)) {
2047	break;
2048	}
2049
2050	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
2051	timeout_processing(
2052	&select_timeout,
2053	&last_timeout_processing_time);
2054	continue;
2055	}
2056
2057	DEBUG(3, ("receive_message_or_smb failed: %s, "
2058	"exiting\n", nt_errstr(status)));
2059	return;
2060
2061	num_smbs = 0; /* Reset smb counter. */
2062	}
2063
2064
2065	/*
2066	* Ensure we do timeout processing if the SMB we just got was
2067	* only an echo request. This allows us to set the select
2068	* timeout in 'receive_message_or_smb()' to any value we like
2069	* without worrying that the client will send echo requests
2070	* faster than the select timeout, thus starving out the
2071	* essential processing (change notify, blocking locks) that
2072	* the timeout code does. JRA.
2073	*/
2074	num_echos = smb_echo_count;
2075
2076	process_smb(inbuf, inbuf_len, unread_bytes, encrypted);
2077
2078	TALLOC_FREE(inbuf);
2079
2080	if (smb_echo_count != num_echos) {
2081	timeout_processing(&select_timeout,
2082	&last_timeout_processing_time);
2083	num_smbs = 0; /* Reset smb counter. */
2084	}
2085
2086	num_smbs++;
2087
2088	/*
2089	* If we are getting smb requests in a constant stream
2090	* with no echos, make sure we attempt timeout processing
2091	* every select_timeout milliseconds - but only check for this
2092	* every 200 smb requests.
2093	*/
2094
2095	if ((num_smbs % 200) == 0) {
2096	time_t new_check_time = time(NULL);
2097	if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
2098	timeout_processing(
2099	&select_timeout,
2100	&last_timeout_processing_time);
2101	num_smbs = 0; /* Reset smb counter. */
2102	last_timeout_processing_time = new_check_time; /* Reset time. */
2103	}
2104	}
2105
2106	/* The timeout_processing function isn't run nearly
2107	often enough to implement 'max log size' without
2108	overrunning the size of the file by many megabytes.
2109	This is especially true if we are running at debug
2110	level 10. Checking every 50 SMBs is a nice
2111	tradeoff of performance vs log file size overrun. */
2112
2113	if ((num_smbs % 50) == 0 && need_to_check_log_size()) {
2114	change_to_root_user();
2115	check_log_size();
2116	}
2117	TALLOC_FREE(frame);
2118	}
2119	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: