Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

process.c

Visit:

Last change on this file was 733, checked in by Silvan Scherrer, 13 years ago
Samba Server 3.5: update branche to 3.5.13
File size: 70.1 KB

Rev	Line
[429]	1	/*
	2	Unix SMB/CIFS implementation.
	3	process incoming packets - main loop
	4	Copyright (C) Andrew Tridgell 1992-1998
	5	Copyright (C) Volker Lendecke 2005-2007
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License as published by
	9	the Free Software Foundation; either version 3 of the License, or
	10	(at your option) any later version.
	11
	12	This program is distributed in the hope that it will be useful,
	13	but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	GNU General Public License for more details.
	16
	17	You should have received a copy of the GNU General Public License
	18	along with this program. If not, see <http://www.gnu.org/licenses/>.
	19	*/
	20
	21	#include "includes.h"
	22	#include "smbd/globals.h"
	23	#include "../librpc/gen_ndr/srv_dfs.h"
	24	#include "../librpc/gen_ndr/srv_dssetup.h"
	25	#include "../librpc/gen_ndr/srv_echo.h"
	26	#include "../librpc/gen_ndr/srv_eventlog.h"
	27	#include "../librpc/gen_ndr/srv_initshutdown.h"
	28	#include "../librpc/gen_ndr/srv_lsa.h"
	29	#include "../librpc/gen_ndr/srv_netlogon.h"
	30	#include "../librpc/gen_ndr/srv_ntsvcs.h"
	31	#include "../librpc/gen_ndr/srv_samr.h"
	32	#include "../librpc/gen_ndr/srv_spoolss.h"
	33	#include "../librpc/gen_ndr/srv_srvsvc.h"
	34	#include "../librpc/gen_ndr/srv_svcctl.h"
	35	#include "../librpc/gen_ndr/srv_winreg.h"
	36	#include "../librpc/gen_ndr/srv_wkssvc.h"
	37
	38	extern bool global_machine_password_needs_changing;
	39
	40	static void construct_reply_common(struct smb_request req, const char inbuf,
	41	char *outbuf);
	42
	43	/* Accessor function for smb_read_error for smbd functions. */
	44
	45	/****************************************************************************
	46	Send an smb to a fd.
	47	****************************************************************************/
	48
	49	bool srv_send_smb(int fd, char *buffer,
	50	bool do_signing, uint32_t seqnum,
	51	bool do_encrypt,
	52	struct smb_perfcount_data *pcd)
	53	{
	54	size_t len = 0;
	55	size_t nwritten=0;
	56	ssize_t ret;
	57	char *buf_out = buffer;
	58
	59	if (do_signing) {
	60	/* Sign the outgoing packet if required. */
	61	srv_calculate_sign_mac(smbd_server_conn, buf_out, seqnum);
	62	}
	63
	64	if (do_encrypt) {
	65	NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
	66	if (!NT_STATUS_IS_OK(status)) {
	67	DEBUG(0, ("send_smb: SMB encryption failed "
	68	"on outgoing packet! Error %s\n",
	69	nt_errstr(status) ));
	70	goto out;
	71	}
	72	}
	73
	74	len = smb_len(buf_out) + 4;
	75
	76	ret = write_data(fd,buf_out+nwritten,len - nwritten);
	77	if (ret <= 0) {
	78	DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
	79	(int)len,(int)ret, strerror(errno) ));
	80	srv_free_enc_buffer(buf_out);
	81	goto out;
	82	}
	83
	84	SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
	85	srv_free_enc_buffer(buf_out);
	86	out:
	87	SMB_PERFCOUNT_END(pcd);
	88	return true;
	89	}
	90
	91	/*******************************************************************
	92	Setup the word count and byte count for a smb message.
	93	********************************************************************/
	94
	95	int srv_set_message(char *buf,
	96	int num_words,
	97	int num_bytes,
	98	bool zero)
	99	{
	100	if (zero && (num_words \|\| num_bytes)) {
	101	memset(buf + smb_size,'\0',num_words*2 + num_bytes);
	102	}
	103	SCVAL(buf,smb_wct,num_words);
	104	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
	105	smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
	106	return (smb_size + num_words*2 + num_bytes);
	107	}
	108
	109	static bool valid_smb_header(const uint8_t *inbuf)
	110	{
	111	if (is_encrypted_packet(inbuf)) {
	112	return true;
	113	}
	114	/*
	115	* This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
	116	* but it just looks weird to call strncmp for this one.
	117	*/
	118	return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
	119	}
	120
	121	/* Socket functions for smbd packet processing. */
	122
	123	static bool valid_packet_size(size_t len)
	124	{
	125	/*
	126	* A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
	127	* of header. Don't print the error if this fits.... JRA.
	128	*/
	129
	130	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
	131	DEBUG(0,("Invalid packet length! (%lu bytes).\n",
	132	(unsigned long)len));
	133	return false;
	134	}
	135	return true;
	136	}
	137
	138	static NTSTATUS read_packet_remainder(int fd, char *buffer,
	139	unsigned int timeout, ssize_t len)
	140	{
	141	if (len <= 0) {
	142	return NT_STATUS_OK;
	143	}
	144
	145	return read_fd_with_timeout(fd, buffer, len, len, timeout, NULL);
	146	}
	147
	148	/****************************************************************************
	149	Attempt a zerocopy writeX read. We know here that len > smb_size-4
	150	****************************************************************************/
	151
	152	/*
	153	* Unfortunately, earlier versions of smbclient/libsmbclient
	154	* don't send this "standard" writeX header. I've fixed this
	155	* for 3.2 but we'll use the old method with earlier versions.
	156	* Windows and CIFSFS at least use this standard size. Not
	157	* sure about MacOSX.
	158	*/
	159
	160	#define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
	161	(214) + / word count (including bcc) */ \
	162	1 /* pad byte */)
	163
	164	static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
	165	const char lenbuf[4],
	166	int fd, char **buffer,
	167	unsigned int timeout,
	168	size_t *p_unread,
	169	size_t *len_ret)
	170	{
	171	/* Size of a WRITEX call (+4 byte len). */
	172	char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
	173	ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
	174	ssize_t toread;
	175	NTSTATUS status;
	176
	177	memcpy(writeX_header, lenbuf, 4);
	178
	179	status = read_fd_with_timeout(
	180	fd, writeX_header + 4,
	181	STANDARD_WRITE_AND_X_HEADER_SIZE,
	182	STANDARD_WRITE_AND_X_HEADER_SIZE,
	183	timeout, NULL);
	184
	185	if (!NT_STATUS_IS_OK(status)) {
	186	return status;
	187	}
	188
	189	/*
	190	* Ok - now try and see if this is a possible
	191	* valid writeX call.
	192	*/
	193
	194	if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
	195	/*
	196	* If the data offset is beyond what
	197	* we've read, drain the extra bytes.
	198	*/
	199	uint16_t doff = SVAL(writeX_header,smb_vwv11);
	200	ssize_t newlen;
	201
	202	if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
	203	size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
	204	if (drain_socket(smbd_server_fd(), drain) != drain) {
	205	smb_panic("receive_smb_raw_talloc_partial_read:"
	206	" failed to drain pending bytes");
	207	}
	208	} else {
	209	doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
	210	}
	211
	212	/* Spoof down the length and null out the bcc. */
	213	set_message_bcc(writeX_header, 0);
	214	newlen = smb_len(writeX_header);
	215
	216	/* Copy the header we've written. */
	217
	218	buffer = (char )TALLOC_MEMDUP(mem_ctx,
	219	writeX_header,
	220	sizeof(writeX_header));
	221
	222	if (*buffer == NULL) {
	223	DEBUG(0, ("Could not allocate inbuf of length %d\n",
	224	(int)sizeof(writeX_header)));
	225	return NT_STATUS_NO_MEMORY;
	226	}
	227
	228	/* Work out the remaining bytes. */
	229	*p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
	230	*len_ret = newlen + 4;
	231	return NT_STATUS_OK;
	232	}
	233
	234	if (!valid_packet_size(len)) {
	235	return NT_STATUS_INVALID_PARAMETER;
	236	}
	237
	238	/*
	239	* Not a valid writeX call. Just do the standard
	240	* talloc and return.
	241	*/
	242
	243	*buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
	244
	245	if (*buffer == NULL) {
	246	DEBUG(0, ("Could not allocate inbuf of length %d\n",
	247	(int)len+4));
	248	return NT_STATUS_NO_MEMORY;
	249	}
	250
	251	/* Copy in what we already read. */
	252	memcpy(*buffer,
	253	writeX_header,
	254	4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
	255	toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
	256
	257	if(toread > 0) {
	258	status = read_packet_remainder(
	259	fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
	260	timeout, toread);
	261
	262	if (!NT_STATUS_IS_OK(status)) {
	263	DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n",
	264	nt_errstr(status)));
	265	return status;
	266	}
	267	}
	268
	269	*len_ret = len + 4;
	270	return NT_STATUS_OK;
	271	}
	272
	273	static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
	274	char **buffer, unsigned int timeout,
	275	size_t p_unread, size_t plen)
	276	{
	277	char lenbuf[4];
	278	size_t len;
	279	int min_recv_size = lp_min_receive_file_size();
	280	NTSTATUS status;
	281
	282	*p_unread = 0;
	283
	284	status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
	285	if (!NT_STATUS_IS_OK(status)) {
	286	DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
	287	return status;
	288	}
	289
	290	if (CVAL(lenbuf,0) == 0 && min_recv_size &&
	291	(smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
	292	(min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
	293	!srv_is_signing_active(smbd_server_conn)) {
	294
	295	return receive_smb_raw_talloc_partial_read(
	296	mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen);
	297	}
	298
	299	if (!valid_packet_size(len)) {
	300	return NT_STATUS_INVALID_PARAMETER;
	301	}
	302
	303	/*
	304	* The +4 here can't wrap, we've checked the length above already.
	305	*/
	306
	307	*buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
	308
	309	if (*buffer == NULL) {
	310	DEBUG(0, ("Could not allocate inbuf of length %d\n",
	311	(int)len+4));
	312	return NT_STATUS_NO_MEMORY;
	313	}
	314
	315	memcpy(*buffer, lenbuf, sizeof(lenbuf));
	316
	317	status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
	318	if (!NT_STATUS_IS_OK(status)) {
	319	return status;
	320	}
	321
	322	*plen = len + 4;
	323	return NT_STATUS_OK;
	324	}
	325
	326	static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd,
	327	char **buffer, unsigned int timeout,
	328	size_t p_unread, bool p_encrypted,
	329	size_t *p_len,
	330	uint32_t *seqnum)
	331	{
	332	size_t len = 0;
	333	NTSTATUS status;
	334
	335	*p_encrypted = false;
	336
	337	status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
	338	p_unread, &len);
	339	if (!NT_STATUS_IS_OK(status)) {
	340	return status;
	341	}
	342
	343	if (is_encrypted_packet((uint8_t )buffer)) {
	344	status = srv_decrypt_buffer(*buffer);
	345	if (!NT_STATUS_IS_OK(status)) {
	346	DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
	347	"incoming packet! Error %s\n",
	348	nt_errstr(status) ));
	349	return status;
	350	}
	351	*p_encrypted = true;
	352	}
	353
	354	/* Check the incoming SMB signature. */
	355	if (!srv_check_sign_mac(smbd_server_conn, *buffer, seqnum)) {
	356	DEBUG(0, ("receive_smb: SMB Signature verification failed on "
	357	"incoming packet!\n"));
	358	return NT_STATUS_INVALID_NETWORK_RESPONSE;
	359	}
	360
	361	*p_len = len;
	362	return NT_STATUS_OK;
	363	}
	364
	365	/*
	366	* Initialize a struct smb_request from an inbuf
	367	*/
	368
	369	void init_smb_request(struct smb_request *req,
	370	const uint8 *inbuf,
	371	size_t unread_bytes,
	372	bool encrypted)
	373	{
	374	struct smbd_server_connection *sconn = smbd_server_conn;
	375	size_t req_size = smb_len(inbuf) + 4;
	376	/* Ensure we have at least smb_size bytes. */
	377	if (req_size < smb_size) {
	378	DEBUG(0,("init_smb_request: invalid request size %u\n",
	379	(unsigned int)req_size ));
	380	exit_server_cleanly("Invalid SMB request");
	381	}
	382	req->cmd = CVAL(inbuf, smb_com);
	383	req->flags2 = SVAL(inbuf, smb_flg2);
	384	req->smbpid = SVAL(inbuf, smb_pid);
	385	req->mid = SVAL(inbuf, smb_mid);
	386	req->seqnum = 0;
	387	req->vuid = SVAL(inbuf, smb_uid);
	388	req->tid = SVAL(inbuf, smb_tid);
	389	req->wct = CVAL(inbuf, smb_wct);
	390	req->vwv = (uint16_t *)(inbuf+smb_vwv);
	391	req->buflen = smb_buflen(inbuf);
	392	req->buf = (const uint8_t *)smb_buf(inbuf);
	393	req->unread_bytes = unread_bytes;
	394	req->encrypted = encrypted;
	395	req->conn = conn_find(sconn,req->tid);
	396	req->chain_fsp = NULL;
	397	req->chain_outbuf = NULL;
	398	req->done = false;
	399	smb_init_perfcount_data(&req->pcd);
	400
	401	/* Ensure we have at least wct words and 2 bytes of bcc. */
	402	if (smb_size + req->wct*2 > req_size) {
	403	DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
	404	(unsigned int)req->wct,
	405	(unsigned int)req_size));
	406	exit_server_cleanly("Invalid SMB request");
	407	}
	408	/* Ensure bcc is correct. */
	409	if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) {
	410	DEBUG(0,("init_smb_request: invalid bcc number %u "
	411	"(wct = %u, size %u)\n",
	412	(unsigned int)req->buflen,
	413	(unsigned int)req->wct,
	414	(unsigned int)req_size));
	415	exit_server_cleanly("Invalid SMB request");
	416	}
	417
	418	req->outbuf = NULL;
	419	}
	420
	421	static void process_smb(struct smbd_server_connection *conn,
	422	uint8_t *inbuf, size_t nread, size_t unread_bytes,
	423	uint32_t seqnum, bool encrypted,
	424	struct smb_perfcount_data *deferred_pcd);
	425
	426	static void smbd_deferred_open_timer(struct event_context *ev,
	427	struct timed_event *te,
	428	struct timeval _tval,
	429	void *private_data)
	430	{
	431	struct pending_message_list *msg = talloc_get_type(private_data,
	432	struct pending_message_list);
	433	TALLOC_CTX *mem_ctx = talloc_tos();
	434	uint16_t mid = SVAL(msg->buf.data,smb_mid);
	435	uint8_t *inbuf;
	436
	437	inbuf = (uint8_t *)talloc_memdup(mem_ctx, msg->buf.data,
	438	msg->buf.length);
	439	if (inbuf == NULL) {
	440	exit_server("smbd_deferred_open_timer: talloc failed\n");
	441	return;
	442	}
	443
	444	/* We leave this message on the queue so the open code can
	445	know this is a retry. */
	446	DEBUG(5,("smbd_deferred_open_timer: trigger mid %u.\n",
	447	(unsigned int)mid ));
	448
	449	/* Mark the message as processed so this is not
	450	* re-processed in error. */
	451	msg->processed = true;
	452
	453	process_smb(smbd_server_conn, inbuf,
	454	msg->buf.length, 0,
	455	msg->seqnum, msg->encrypted, &msg->pcd);
	456
	457	/* If it's still there and was processed, remove it. */
	458	msg = get_open_deferred_message(mid);
	459	if (msg && msg->processed) {
	460	remove_deferred_open_smb_message(mid);
	461	}
	462	}
	463
	464	/****************************************************************************
	465	Function to push a message onto the tail of a linked list of smb messages ready
	466	for processing.
	467	****************************************************************************/
	468
	469	static bool push_queued_message(struct smb_request *req,
	470	struct timeval request_time,
	471	struct timeval end_time,
	472	char *private_data, size_t private_len)
	473	{
	474	int msg_len = smb_len(req->inbuf) + 4;
	475	struct pending_message_list *msg;
	476
	477	msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
	478
	479	if(msg == NULL) {
	480	DEBUG(0,("push_message: malloc fail (1)\n"));
	481	return False;
	482	}
	483
	484	msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
	485	if(msg->buf.data == NULL) {
	486	DEBUG(0,("push_message: malloc fail (2)\n"));
	487	TALLOC_FREE(msg);
	488	return False;
	489	}
	490
	491	msg->request_time = request_time;
	492	msg->seqnum = req->seqnum;
	493	msg->encrypted = req->encrypted;
	494	msg->processed = false;
	495	SMB_PERFCOUNT_DEFER_OP(&req->pcd, &msg->pcd);
	496
	497	if (private_data) {
	498	msg->private_data = data_blob_talloc(msg, private_data,
	499	private_len);
	500	if (msg->private_data.data == NULL) {
	501	DEBUG(0,("push_message: malloc fail (3)\n"));
	502	TALLOC_FREE(msg);
	503	return False;
	504	}
	505	}
	506
	507	msg->te = event_add_timed(smbd_event_context(),
	508	msg,
	509	end_time,
	510	smbd_deferred_open_timer,
	511	msg);
	512	if (!msg->te) {
	513	DEBUG(0,("push_message: event_add_timed failed\n"));
	514	TALLOC_FREE(msg);
	515	return false;
	516	}
	517
	518	DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
	519
	520	DEBUG(10,("push_message: pushed message length %u on "
	521	"deferred_open_queue\n", (unsigned int)msg_len));
	522
	523	return True;
	524	}
	525
	526	/****************************************************************************
	527	Function to delete a sharing violation open message by mid.
	528	****************************************************************************/
	529
	530	void remove_deferred_open_smb_message(uint16 mid)
	531	{
	532	struct pending_message_list *pml;
	533
	534	for (pml = deferred_open_queue; pml; pml = pml->next) {
	535	if (mid == SVAL(pml->buf.data,smb_mid)) {
	536	DEBUG(10,("remove_deferred_open_smb_message: "
	537	"deleting mid %u len %u\n",
	538	(unsigned int)mid,
	539	(unsigned int)pml->buf.length ));
	540	DLIST_REMOVE(deferred_open_queue, pml);
	541	TALLOC_FREE(pml);
	542	return;
	543	}
	544	}
	545	}
	546
	547	/****************************************************************************
	548	Move a sharing violation open retry message to the front of the list and
	549	schedule it for immediate processing.
	550	****************************************************************************/
	551
	552	void schedule_deferred_open_smb_message(uint16 mid)
	553	{
	554	struct pending_message_list *pml;
	555	int i = 0;
	556
	557	for (pml = deferred_open_queue; pml; pml = pml->next) {
	558	uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
	559
	560	DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
	561	(unsigned int)msg_mid ));
	562
	563	if (mid == msg_mid) {
	564	struct timed_event *te;
	565
	566	if (pml->processed) {
	567	/* A processed message should not be
	568	* rescheduled. */
	569	DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
	570	"message mid %u was already processed\n",
	571	msg_mid ));
	572	continue;
	573	}
	574
	575	DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
	576	mid ));
	577
	578	te = event_add_timed(smbd_event_context(),
	579	pml,
	580	timeval_zero(),
	581	smbd_deferred_open_timer,
	582	pml);
	583	if (!te) {
	584	DEBUG(10,("schedule_deferred_open_smb_message: "
	585	"event_add_timed() failed, skipping mid %u\n",
	586	mid ));
	587	}
	588
	589	TALLOC_FREE(pml->te);
	590	pml->te = te;
	591	DLIST_PROMOTE(deferred_open_queue, pml);
	592	return;
	593	}
	594	}
	595
	596	DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
	597	mid ));
	598	}
	599
	600	/****************************************************************************
	601	Return true if this mid is on the deferred queue and was not yet processed.
	602	****************************************************************************/
	603
	604	bool open_was_deferred(uint16 mid)
	605	{
	606	struct pending_message_list *pml;
	607
	608	for (pml = deferred_open_queue; pml; pml = pml->next) {
	609	if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
	610	return True;
	611	}
	612	}
	613	return False;
	614	}
	615
	616	/****************************************************************************
	617	Return the message queued by this mid.
	618	****************************************************************************/
	619
	620	struct pending_message_list *get_open_deferred_message(uint16 mid)
	621	{
	622	struct pending_message_list *pml;
	623
	624	for (pml = deferred_open_queue; pml; pml = pml->next) {
	625	if (SVAL(pml->buf.data,smb_mid) == mid) {
	626	return pml;
	627	}
	628	}
	629	return NULL;
	630	}
	631
	632	/****************************************************************************
	633	Function to push a deferred open smb message onto a linked list of local smb
	634	messages ready for processing.
	635	****************************************************************************/
	636
	637	bool push_deferred_smb_message(struct smb_request *req,
	638	struct timeval request_time,
	639	struct timeval timeout,
	640	char *private_data, size_t priv_len)
	641	{
	642	struct timeval end_time;
	643
	644	if (req->unread_bytes) {
	645	DEBUG(0,("push_deferred_smb_message: logic error ! "
	646	"unread_bytes = %u\n",
	647	(unsigned int)req->unread_bytes ));
	648	smb_panic("push_deferred_smb_message: "
	649	"logic error unread_bytes != 0" );
	650	}
	651
	652	end_time = timeval_sum(&request_time, &timeout);
	653
	654	DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
	655	"timeout time [%u.%06u]\n",
	656	(unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
	657	(unsigned int)end_time.tv_sec,
	658	(unsigned int)end_time.tv_usec));
	659
	660	return push_queued_message(req, request_time, end_time,
	661	private_data, priv_len);
	662	}
	663
	664	struct idle_event {
	665	struct timed_event *te;
	666	struct timeval interval;
	667	char *name;
	668	bool (handler)(const struct timeval now, void *private_data);
	669	void *private_data;
	670	};
	671
	672	static void smbd_idle_event_handler(struct event_context *ctx,
	673	struct timed_event *te,
	674	struct timeval now,
	675	void *private_data)
	676	{
	677	struct idle_event *event =
	678	talloc_get_type_abort(private_data, struct idle_event);
	679
	680	TALLOC_FREE(event->te);
	681
	682	DEBUG(10,("smbd_idle_event_handler: %s %p called\n",
	683	event->name, event->te));
	684
	685	if (!event->handler(&now, event->private_data)) {
	686	DEBUG(10,("smbd_idle_event_handler: %s %p stopped\n",
	687	event->name, event->te));
	688	/* Don't repeat, delete ourselves */
	689	TALLOC_FREE(event);
	690	return;
	691	}
	692
	693	DEBUG(10,("smbd_idle_event_handler: %s %p rescheduled\n",
	694	event->name, event->te));
	695
	696	event->te = event_add_timed(ctx, event,
	697	timeval_sum(&now, &event->interval),
	698	smbd_idle_event_handler, event);
	699
	700	/* We can't do much but fail here. */
	701	SMB_ASSERT(event->te != NULL);
	702	}
	703
	704	struct idle_event event_add_idle(struct event_context event_ctx,
	705	TALLOC_CTX *mem_ctx,
	706	struct timeval interval,
	707	const char *name,
	708	bool (handler)(const struct timeval now,
	709	void *private_data),
	710	void *private_data)
	711	{
	712	struct idle_event *result;
	713	struct timeval now = timeval_current();
	714
	715	result = TALLOC_P(mem_ctx, struct idle_event);
	716	if (result == NULL) {
	717	DEBUG(0, ("talloc failed\n"));
	718	return NULL;
	719	}
	720
	721	result->interval = interval;
	722	result->handler = handler;
	723	result->private_data = private_data;
	724
	725	if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
	726	DEBUG(0, ("talloc failed\n"));
	727	TALLOC_FREE(result);
	728	return NULL;
	729	}
	730
	731	result->te = event_add_timed(event_ctx, result,
	732	timeval_sum(&now, &interval),
	733	smbd_idle_event_handler, result);
	734	if (result->te == NULL) {
	735	DEBUG(0, ("event_add_timed failed\n"));
	736	TALLOC_FREE(result);
	737	return NULL;
	738	}
	739
	740	DEBUG(10,("event_add_idle: %s %p\n", result->name, result->te));
	741	return result;
	742	}
	743
	744	static void smbd_sig_term_handler(struct tevent_context *ev,
	745	struct tevent_signal *se,
	746	int signum,
	747	int count,
	748	void *siginfo,
	749	void *private_data)
	750	{
	751	exit_server_cleanly("termination signal");
	752	}
	753
	754	void smbd_setup_sig_term_handler(void)
	755	{
	756	struct tevent_signal *se;
	757
	758	se = tevent_add_signal(smbd_event_context(),
	759	smbd_event_context(),
	760	SIGTERM, 0,
	761	smbd_sig_term_handler,
	762	NULL);
	763	if (!se) {
	764	exit_server("failed to setup SIGTERM handler");
	765	}
	766	}
	767
	768	static void smbd_sig_hup_handler(struct tevent_context *ev,
	769	struct tevent_signal *se,
	770	int signum,
	771	int count,
	772	void *siginfo,
	773	void *private_data)
	774	{
	775	change_to_root_user();
	776	DEBUG(1,("Reloading services after SIGHUP\n"));
	777	reload_services(False);
	778	}
	779
	780	void smbd_setup_sig_hup_handler(void)
	781	{
	782	struct tevent_signal *se;
	783
	784	se = tevent_add_signal(smbd_event_context(),
	785	smbd_event_context(),
	786	SIGHUP, 0,
	787	smbd_sig_hup_handler,
	788	NULL);
	789	if (!se) {
	790	exit_server("failed to setup SIGHUP handler");
	791	}
	792	}
	793
	794	static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *conn)
	795	{
	796	fd_set r_fds, w_fds;
	797	int selrtn;
	798	struct timeval to;
	799	int maxfd = 0;
	800
	801	to.tv_sec = SMBD_SELECT_TIMEOUT;
	802	to.tv_usec = 0;
	803
	804	/*
	805	* Setup the select fd sets.
	806	*/
	807
	808	FD_ZERO(&r_fds);
	809	FD_ZERO(&w_fds);
	810
	811	/*
	812	* Are there any timed events waiting ? If so, ensure we don't
	813	* select for longer than it would take to wait for them.
	814	*/
	815
	816	{
	817	struct timeval now;
	818	GetTimeOfDay(&now);
	819
	820	event_add_to_select_args(smbd_event_context(), &now,
	821	&r_fds, &w_fds, &to, &maxfd);
	822	}
	823
	824	/* Process a signal and timed events now... */
	825	if (run_events(smbd_event_context(), 0, NULL, NULL)) {
	826	return NT_STATUS_RETRY;
	827	}
	828
	829	{
	830	int sav;
	831	START_PROFILE(smbd_idle);
	832
	833	selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
	834	sav = errno;
	835
	836	END_PROFILE(smbd_idle);
	837	errno = sav;
	838	}
	839
[596]	840	if (selrtn == -1 && errno != EINTR) {
	841	return map_nt_error_from_unix(errno);
	842	}
	843
[429]	844	if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
	845	return NT_STATUS_RETRY;
	846	}
	847
	848	/* Check if error */
	849	if (selrtn == -1) {
	850	/* something is wrong. Maybe the socket is dead? */
	851	return map_nt_error_from_unix(errno);
	852	}
	853
	854	/* Did we timeout ? */
	855	if (selrtn == 0) {
	856	return NT_STATUS_RETRY;
	857	}
	858
	859	/* should not be reached */
	860	return NT_STATUS_INTERNAL_ERROR;
	861	}
	862
	863	/*
	864	* Only allow 5 outstanding trans requests. We're allocating memory, so
	865	* prevent a DoS.
	866	*/
	867
	868	NTSTATUS allow_new_trans(struct trans_state *list, int mid)
	869	{
	870	int count = 0;
	871	for (; list != NULL; list = list->next) {
	872
	873	if (list->mid == mid) {
	874	return NT_STATUS_INVALID_PARAMETER;
	875	}
	876
	877	count += 1;
	878	}
	879	if (count > 5) {
	880	return NT_STATUS_INSUFFICIENT_RESOURCES;
	881	}
	882
	883	return NT_STATUS_OK;
	884	}
	885
	886	/*
	887	These flags determine some of the permissions required to do an operation
	888
	889	Note that I don't set NEED_WRITE on some write operations because they
	890	are used by some brain-dead clients when printing, and I don't want to
	891	force write permissions on print services.
	892	*/
	893	#define AS_USER (1<<0)
	894	#define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
	895	#define TIME_INIT (1<<2)
	896	#define CAN_IPC (1<<3) /* Must be paired with AS_USER */
	897	#define AS_GUEST (1<<5) /* Must NOT be paired with AS_USER */
	898	#define DO_CHDIR (1<<6)
	899
	900	/*
	901	define a list of possible SMB messages and their corresponding
	902	functions. Any message that has a NULL function is unimplemented -
	903	please feel free to contribute implementations!
	904	*/
	905	static const struct smb_message_struct {
	906	const char *name;
	907	void (fn)(struct smb_request req);
	908	int flags;
	909	} smb_messages[256] = {
	910
	911	/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER \| NEED_WRITE},
	912	/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER \| NEED_WRITE},
	913	/* 0x02 */ { "SMBopen",reply_open,AS_USER },
	914	/* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
	915	/* 0x04 */ { "SMBclose",reply_close,AS_USER \| CAN_IPC },
	916	/* 0x05 */ { "SMBflush",reply_flush,AS_USER},
	917	/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER \| NEED_WRITE },
	918	/* 0x07 */ { "SMBmv",reply_mv,AS_USER \| NEED_WRITE },
	919	/* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
	920	/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER \| NEED_WRITE},
	921	/* 0x0a */ { "SMBread",reply_read,AS_USER},
	922	/* 0x0b */ { "SMBwrite",reply_write,AS_USER \| CAN_IPC },
	923	/* 0x0c */ { "SMBlock",reply_lock,AS_USER},
	924	/* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
	925	/* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
	926	/* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
	927	/* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
	928	/* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
	929	/* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
	930	/* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
	931	/* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
	932	/* 0x15 */ { NULL, NULL, 0 },
	933	/* 0x16 */ { NULL, NULL, 0 },
	934	/* 0x17 */ { NULL, NULL, 0 },
	935	/* 0x18 */ { NULL, NULL, 0 },
	936	/* 0x19 */ { NULL, NULL, 0 },
	937	/* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
	938	/* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
	939	/* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
	940	/* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
	941	/* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
	942	/* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
	943	/* 0x20 */ { "SMBwritec", NULL,0},
	944	/* 0x21 */ { NULL, NULL, 0 },
	945	/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER \| NEED_WRITE },
	946	/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
	947	/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
	948	/* 0x25 */ { "SMBtrans",reply_trans,AS_USER \| CAN_IPC },
	949	/* 0x26 */ { "SMBtranss",reply_transs,AS_USER \| CAN_IPC},
	950	/* 0x27 */ { "SMBioctl",reply_ioctl,0},
	951	/* 0x28 */ { "SMBioctls", NULL,AS_USER},
	952	/* 0x29 */ { "SMBcopy",reply_copy,AS_USER \| NEED_WRITE },
	953	/* 0x2a */ { "SMBmove", NULL,AS_USER \| NEED_WRITE },
	954	/* 0x2b */ { "SMBecho",reply_echo,0},
	955	/* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
	956	/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER \| CAN_IPC },
	957	/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER \| CAN_IPC },
	958	/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER \| CAN_IPC },
	959	/* 0x30 */ { NULL, NULL, 0 },
	960	/* 0x31 */ { NULL, NULL, 0 },
	961	/* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER \| CAN_IPC },
	962	/* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER \| CAN_IPC },
	963	/* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
	964	/* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
	965	/* 0x36 */ { NULL, NULL, 0 },
	966	/* 0x37 */ { NULL, NULL, 0 },
	967	/* 0x38 */ { NULL, NULL, 0 },
	968	/* 0x39 */ { NULL, NULL, 0 },
	969	/* 0x3a */ { NULL, NULL, 0 },
	970	/* 0x3b */ { NULL, NULL, 0 },
	971	/* 0x3c */ { NULL, NULL, 0 },
	972	/* 0x3d */ { NULL, NULL, 0 },
	973	/* 0x3e */ { NULL, NULL, 0 },
	974	/* 0x3f */ { NULL, NULL, 0 },
	975	/* 0x40 */ { NULL, NULL, 0 },
	976	/* 0x41 */ { NULL, NULL, 0 },
	977	/* 0x42 */ { NULL, NULL, 0 },
	978	/* 0x43 */ { NULL, NULL, 0 },
	979	/* 0x44 */ { NULL, NULL, 0 },
	980	/* 0x45 */ { NULL, NULL, 0 },
	981	/* 0x46 */ { NULL, NULL, 0 },
	982	/* 0x47 */ { NULL, NULL, 0 },
	983	/* 0x48 */ { NULL, NULL, 0 },
	984	/* 0x49 */ { NULL, NULL, 0 },
	985	/* 0x4a */ { NULL, NULL, 0 },
	986	/* 0x4b */ { NULL, NULL, 0 },
	987	/* 0x4c */ { NULL, NULL, 0 },
	988	/* 0x4d */ { NULL, NULL, 0 },
	989	/* 0x4e */ { NULL, NULL, 0 },
	990	/* 0x4f */ { NULL, NULL, 0 },
	991	/* 0x50 */ { NULL, NULL, 0 },
	992	/* 0x51 */ { NULL, NULL, 0 },
	993	/* 0x52 */ { NULL, NULL, 0 },
	994	/* 0x53 */ { NULL, NULL, 0 },
	995	/* 0x54 */ { NULL, NULL, 0 },
	996	/* 0x55 */ { NULL, NULL, 0 },
	997	/* 0x56 */ { NULL, NULL, 0 },
	998	/* 0x57 */ { NULL, NULL, 0 },
	999	/* 0x58 */ { NULL, NULL, 0 },
	1000	/* 0x59 */ { NULL, NULL, 0 },
	1001	/* 0x5a */ { NULL, NULL, 0 },
	1002	/* 0x5b */ { NULL, NULL, 0 },
	1003	/* 0x5c */ { NULL, NULL, 0 },
	1004	/* 0x5d */ { NULL, NULL, 0 },
	1005	/* 0x5e */ { NULL, NULL, 0 },
	1006	/* 0x5f */ { NULL, NULL, 0 },
	1007	/* 0x60 */ { NULL, NULL, 0 },
	1008	/* 0x61 */ { NULL, NULL, 0 },
	1009	/* 0x62 */ { NULL, NULL, 0 },
	1010	/* 0x63 */ { NULL, NULL, 0 },
	1011	/* 0x64 */ { NULL, NULL, 0 },
	1012	/* 0x65 */ { NULL, NULL, 0 },
	1013	/* 0x66 */ { NULL, NULL, 0 },
	1014	/* 0x67 */ { NULL, NULL, 0 },
	1015	/* 0x68 */ { NULL, NULL, 0 },
	1016	/* 0x69 */ { NULL, NULL, 0 },
	1017	/* 0x6a */ { NULL, NULL, 0 },
	1018	/* 0x6b */ { NULL, NULL, 0 },
	1019	/* 0x6c */ { NULL, NULL, 0 },
	1020	/* 0x6d */ { NULL, NULL, 0 },
	1021	/* 0x6e */ { NULL, NULL, 0 },
	1022	/* 0x6f */ { NULL, NULL, 0 },
	1023	/* 0x70 */ { "SMBtcon",reply_tcon,0},
	1024	/* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
	1025	/* 0x72 */ { "SMBnegprot",reply_negprot,0},
	1026	/* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
	1027	/* 0x74 / { "SMBulogoffX",reply_ulogoffX, 0}, / ulogoff doesn't give a valid TID */
	1028	/* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
	1029	/* 0x76 */ { NULL, NULL, 0 },
	1030	/* 0x77 */ { NULL, NULL, 0 },
	1031	/* 0x78 */ { NULL, NULL, 0 },
	1032	/* 0x79 */ { NULL, NULL, 0 },
	1033	/* 0x7a */ { NULL, NULL, 0 },
	1034	/* 0x7b */ { NULL, NULL, 0 },
	1035	/* 0x7c */ { NULL, NULL, 0 },
	1036	/* 0x7d */ { NULL, NULL, 0 },
	1037	/* 0x7e */ { NULL, NULL, 0 },
	1038	/* 0x7f */ { NULL, NULL, 0 },
	1039	/* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
	1040	/* 0x81 */ { "SMBsearch",reply_search,AS_USER},
	1041	/* 0x82 */ { "SMBffirst",reply_search,AS_USER},
	1042	/* 0x83 */ { "SMBfunique",reply_search,AS_USER},
	1043	/* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
	1044	/* 0x85 */ { NULL, NULL, 0 },
	1045	/* 0x86 */ { NULL, NULL, 0 },
	1046	/* 0x87 */ { NULL, NULL, 0 },
	1047	/* 0x88 */ { NULL, NULL, 0 },
	1048	/* 0x89 */ { NULL, NULL, 0 },
	1049	/* 0x8a */ { NULL, NULL, 0 },
	1050	/* 0x8b */ { NULL, NULL, 0 },
	1051	/* 0x8c */ { NULL, NULL, 0 },
	1052	/* 0x8d */ { NULL, NULL, 0 },
	1053	/* 0x8e */ { NULL, NULL, 0 },
	1054	/* 0x8f */ { NULL, NULL, 0 },
	1055	/* 0x90 */ { NULL, NULL, 0 },
	1056	/* 0x91 */ { NULL, NULL, 0 },
	1057	/* 0x92 */ { NULL, NULL, 0 },
	1058	/* 0x93 */ { NULL, NULL, 0 },
	1059	/* 0x94 */ { NULL, NULL, 0 },
	1060	/* 0x95 */ { NULL, NULL, 0 },
	1061	/* 0x96 */ { NULL, NULL, 0 },
	1062	/* 0x97 */ { NULL, NULL, 0 },
	1063	/* 0x98 */ { NULL, NULL, 0 },
	1064	/* 0x99 */ { NULL, NULL, 0 },
	1065	/* 0x9a */ { NULL, NULL, 0 },
	1066	/* 0x9b */ { NULL, NULL, 0 },
	1067	/* 0x9c */ { NULL, NULL, 0 },
	1068	/* 0x9d */ { NULL, NULL, 0 },
	1069	/* 0x9e */ { NULL, NULL, 0 },
	1070	/* 0x9f */ { NULL, NULL, 0 },
	1071	/* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER \| CAN_IPC },
	1072	/* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER \| CAN_IPC },
	1073	/* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER \| CAN_IPC },
	1074	/* 0xa3 */ { NULL, NULL, 0 },
	1075	/* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
	1076	/* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER \| NEED_WRITE },
	1077	/* 0xa6 */ { NULL, NULL, 0 },
	1078	/* 0xa7 */ { NULL, NULL, 0 },
	1079	/* 0xa8 */ { NULL, NULL, 0 },
	1080	/* 0xa9 */ { NULL, NULL, 0 },
	1081	/* 0xaa */ { NULL, NULL, 0 },
	1082	/* 0xab */ { NULL, NULL, 0 },
	1083	/* 0xac */ { NULL, NULL, 0 },
	1084	/* 0xad */ { NULL, NULL, 0 },
	1085	/* 0xae */ { NULL, NULL, 0 },
	1086	/* 0xaf */ { NULL, NULL, 0 },
	1087	/* 0xb0 */ { NULL, NULL, 0 },
	1088	/* 0xb1 */ { NULL, NULL, 0 },
	1089	/* 0xb2 */ { NULL, NULL, 0 },
	1090	/* 0xb3 */ { NULL, NULL, 0 },
	1091	/* 0xb4 */ { NULL, NULL, 0 },
	1092	/* 0xb5 */ { NULL, NULL, 0 },
	1093	/* 0xb6 */ { NULL, NULL, 0 },
	1094	/* 0xb7 */ { NULL, NULL, 0 },
	1095	/* 0xb8 */ { NULL, NULL, 0 },
	1096	/* 0xb9 */ { NULL, NULL, 0 },
	1097	/* 0xba */ { NULL, NULL, 0 },
	1098	/* 0xbb */ { NULL, NULL, 0 },
	1099	/* 0xbc */ { NULL, NULL, 0 },
	1100	/* 0xbd */ { NULL, NULL, 0 },
	1101	/* 0xbe */ { NULL, NULL, 0 },
	1102	/* 0xbf */ { NULL, NULL, 0 },
	1103	/* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
	1104	/* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
	1105	/* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
	1106	/* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
	1107	/* 0xc4 */ { NULL, NULL, 0 },
	1108	/* 0xc5 */ { NULL, NULL, 0 },
	1109	/* 0xc6 */ { NULL, NULL, 0 },
	1110	/* 0xc7 */ { NULL, NULL, 0 },
	1111	/* 0xc8 */ { NULL, NULL, 0 },
	1112	/* 0xc9 */ { NULL, NULL, 0 },
	1113	/* 0xca */ { NULL, NULL, 0 },
	1114	/* 0xcb */ { NULL, NULL, 0 },
	1115	/* 0xcc */ { NULL, NULL, 0 },
	1116	/* 0xcd */ { NULL, NULL, 0 },
	1117	/* 0xce */ { NULL, NULL, 0 },
	1118	/* 0xcf */ { NULL, NULL, 0 },
	1119	/* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
	1120	/* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
	1121	/* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
	1122	/* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
	1123	/* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
	1124	/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
	1125	/* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
	1126	/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
	1127	/* 0xd8 */ { NULL, NULL, 0 },
	1128	/* 0xd9 */ { NULL, NULL, 0 },
	1129	/* 0xda */ { NULL, NULL, 0 },
	1130	/* 0xdb */ { NULL, NULL, 0 },
	1131	/* 0xdc */ { NULL, NULL, 0 },
	1132	/* 0xdd */ { NULL, NULL, 0 },
	1133	/* 0xde */ { NULL, NULL, 0 },
	1134	/* 0xdf */ { NULL, NULL, 0 },
	1135	/* 0xe0 */ { NULL, NULL, 0 },
	1136	/* 0xe1 */ { NULL, NULL, 0 },
	1137	/* 0xe2 */ { NULL, NULL, 0 },
	1138	/* 0xe3 */ { NULL, NULL, 0 },
	1139	/* 0xe4 */ { NULL, NULL, 0 },
	1140	/* 0xe5 */ { NULL, NULL, 0 },
	1141	/* 0xe6 */ { NULL, NULL, 0 },
	1142	/* 0xe7 */ { NULL, NULL, 0 },
	1143	/* 0xe8 */ { NULL, NULL, 0 },
	1144	/* 0xe9 */ { NULL, NULL, 0 },
	1145	/* 0xea */ { NULL, NULL, 0 },
	1146	/* 0xeb */ { NULL, NULL, 0 },
	1147	/* 0xec */ { NULL, NULL, 0 },
	1148	/* 0xed */ { NULL, NULL, 0 },
	1149	/* 0xee */ { NULL, NULL, 0 },
	1150	/* 0xef */ { NULL, NULL, 0 },
	1151	/* 0xf0 */ { NULL, NULL, 0 },
	1152	/* 0xf1 */ { NULL, NULL, 0 },
	1153	/* 0xf2 */ { NULL, NULL, 0 },
	1154	/* 0xf3 */ { NULL, NULL, 0 },
	1155	/* 0xf4 */ { NULL, NULL, 0 },
	1156	/* 0xf5 */ { NULL, NULL, 0 },
	1157	/* 0xf6 */ { NULL, NULL, 0 },
	1158	/* 0xf7 */ { NULL, NULL, 0 },
	1159	/* 0xf8 */ { NULL, NULL, 0 },
	1160	/* 0xf9 */ { NULL, NULL, 0 },
	1161	/* 0xfa */ { NULL, NULL, 0 },
	1162	/* 0xfb */ { NULL, NULL, 0 },
	1163	/* 0xfc */ { NULL, NULL, 0 },
	1164	/* 0xfd */ { NULL, NULL, 0 },
	1165	/* 0xfe */ { NULL, NULL, 0 },
	1166	/* 0xff */ { NULL, NULL, 0 }
	1167
	1168	};
	1169
	1170	/*******************************************************************
	1171	allocate and initialize a reply packet
	1172	********************************************************************/
	1173
	1174	static bool create_outbuf(TALLOC_CTX mem_ctx, struct smb_request req,
	1175	const char inbuf, char *outbuf, uint8_t num_words,
	1176	uint32_t num_bytes)
	1177	{
	1178	/*
	1179	* Protect against integer wrap
	1180	*/
	1181	if ((num_bytes > 0xffffff)
	1182	\|\| ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
	1183	char *msg;
	1184	if (asprintf(&msg, "num_bytes too large: %u",
	1185	(unsigned)num_bytes) == -1) {
	1186	msg = CONST_DISCARD(char *, "num_bytes too large");
	1187	}
	1188	smb_panic(msg);
	1189	}
	1190
	1191	*outbuf = TALLOC_ARRAY(mem_ctx, char,
	1192	smb_size + num_words*2 + num_bytes);
	1193	if (*outbuf == NULL) {
	1194	return false;
	1195	}
	1196
	1197	construct_reply_common(req, inbuf, *outbuf);
	1198	srv_set_message(*outbuf, num_words, num_bytes, false);
	1199	/*
	1200	* Zero out the word area, the caller has to take care of the bcc area
	1201	* himself
	1202	*/
	1203	if (num_words != 0) {
	1204	memset(outbuf + smb_vwv0, 0, num_words2);
	1205	}
	1206
	1207	return true;
	1208	}
	1209
	1210	void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
	1211	{
	1212	char *outbuf;
	1213	if (!create_outbuf(req, req, (char *)req->inbuf, &outbuf, num_words,
	1214	num_bytes)) {
	1215	smb_panic("could not allocate output buffer\n");
	1216	}
	1217	req->outbuf = (uint8_t *)outbuf;
	1218	}
	1219
	1220
	1221	/*******************************************************************
	1222	Dump a packet to a file.
	1223	********************************************************************/
	1224
	1225	static void smb_dump(const char name, int type, const char data, ssize_t len)
	1226	{
	1227	int fd, i;
	1228	char *fname = NULL;
	1229	if (DEBUGLEVEL < 50) {
	1230	return;
	1231	}
	1232
	1233	if (len < 4) len = smb_len(data)+4;
	1234	for (i=1;i<100;i++) {
	1235	if (asprintf(&fname, "/tmp/%s.%d.%s", name, i,
	1236	type ? "req" : "resp") == -1) {
	1237	return;
	1238	}
	1239	fd = open(fname, O_WRONLY\|O_CREAT\|O_EXCL, 0644);
	1240	if (fd != -1 \|\| errno != EEXIST) break;
	1241	}
	1242	if (fd != -1) {
	1243	ssize_t ret = write(fd, data, len);
	1244	if (ret != len)
	1245	DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
	1246	close(fd);
	1247	DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
	1248	}
	1249	SAFE_FREE(fname);
	1250	}
	1251
	1252	/****************************************************************************
	1253	Prepare everything for calling the actual request function, and potentially
	1254	call the request function via the "new" interface.
	1255
	1256	Return False if the "legacy" function needs to be called, everything is
	1257	prepared.
	1258
	1259	Return True if we're done.
	1260
	1261	I know this API sucks, but it is the one with the least code change I could
	1262	find.
	1263	****************************************************************************/
	1264
	1265	static connection_struct switch_message(uint8 type, struct smb_request req, int size)
	1266	{
	1267	int flags;
	1268	uint16 session_tag;
	1269	connection_struct *conn = NULL;
	1270	struct smbd_server_connection *sconn = smbd_server_conn;
	1271
	1272	errno = 0;
	1273
	1274	/* Make sure this is an SMB packet. smb_size contains NetBIOS header
	1275	* so subtract 4 from it. */
[733]	1276	if ((size < (smb_size - 4)) \|\|
	1277	!valid_smb_header(req->inbuf)) {
[429]	1278	DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
	1279	smb_len(req->inbuf)));
	1280	exit_server_cleanly("Non-SMB packet");
	1281	}
	1282
	1283	if (smb_messages[type].fn == NULL) {
	1284	DEBUG(0,("Unknown message type %d!\n",type));
	1285	smb_dump("Unknown", 1, (char *)req->inbuf, size);
	1286	reply_unknown_new(req, type);
	1287	return NULL;
	1288	}
	1289
	1290	flags = smb_messages[type].flags;
	1291
	1292	/* In share mode security we must ignore the vuid. */
	1293	session_tag = (lp_security() == SEC_SHARE)
	1294	? UID_FIELD_INVALID : req->vuid;
	1295	conn = req->conn;
	1296
	1297	DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
	1298	(int)sys_getpid(), (unsigned long)conn));
	1299
	1300	smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
	1301
	1302	/* Ensure this value is replaced in the incoming packet. */
	1303	SSVAL(req->inbuf,smb_uid,session_tag);
	1304
	1305	/*
	1306	* Ensure the correct username is in current_user_info. This is a
	1307	* really ugly bugfix for problems with multiple session_setup_and_X's
	1308	* being done and allowing %U and %G substitutions to work correctly.
	1309	* There is a reason this code is done here, don't move it unless you
	1310	* know what you're doing... :-).
	1311	* JRA.
	1312	*/
	1313
	1314	if (session_tag != sconn->smb1.sessions.last_session_tag) {
	1315	user_struct *vuser = NULL;
	1316
	1317	sconn->smb1.sessions.last_session_tag = session_tag;
	1318	if(session_tag != UID_FIELD_INVALID) {
	1319	vuser = get_valid_user_struct(sconn, session_tag);
	1320	if (vuser) {
	1321	set_current_user_info(
	1322	vuser->server_info->sanitized_username,
	1323	vuser->server_info->unix_name,
	1324	pdb_get_domain(vuser->server_info
	1325	->sam_account));
	1326	}
	1327	}
	1328	}
	1329
	1330	/* Does this call need to be run as the connected user? */
	1331	if (flags & AS_USER) {
	1332
	1333	/* Does this call need a valid tree connection? */
	1334	if (!conn) {
	1335	/*
	1336	* Amazingly, the error code depends on the command
	1337	* (from Samba4).
	1338	*/
	1339	if (type == SMBntcreateX) {
	1340	reply_nterror(req, NT_STATUS_INVALID_HANDLE);
	1341	} else {
	1342	reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
	1343	}
	1344	return NULL;
	1345	}
	1346
	1347	if (!change_to_user(conn,session_tag)) {
	1348	DEBUG(0, ("Error: Could not change to user. Removing "
	1349	"deferred open, mid=%d.\n", req->mid));
	1350	reply_force_doserror(req, ERRSRV, ERRbaduid);
	1351	return conn;
	1352	}
	1353
	1354	/* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
	1355
	1356	/* Does it need write permission? */
	1357	if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
	1358	reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
	1359	return conn;
	1360	}
	1361
	1362	/* IPC services are limited */
	1363	if (IS_IPC(conn) && !(flags & CAN_IPC)) {
	1364	reply_nterror(req, NT_STATUS_ACCESS_DENIED);
	1365	return conn;
	1366	}
	1367	} else {
	1368	/* This call needs to be run as root */
	1369	change_to_root_user();
	1370	}
	1371
	1372	/* load service specific parameters */
	1373	if (conn) {
	1374	if (req->encrypted) {
	1375	conn->encrypted_tid = true;
	1376	/* encrypted required from now on. */
	1377	conn->encrypt_level = Required;
	1378	} else if (ENCRYPTION_REQUIRED(conn)) {
	1379	if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
	1380	exit_server_cleanly("encryption required "
	1381	"on connection");
	1382	return conn;
	1383	}
	1384	}
	1385
	1386	if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
	1387	(flags & (AS_USER\|DO_CHDIR)
	1388	?True:False))) {
	1389	reply_nterror(req, NT_STATUS_ACCESS_DENIED);
	1390	return conn;
	1391	}
	1392	conn->num_smb_operations++;
	1393	}
	1394
	1395	/* does this protocol need to be run as guest? */
	1396	if ((flags & AS_GUEST)
	1397	&& (!change_to_guest() \|\|
	1398	!check_access(smbd_server_fd(), lp_hostsallow(-1),
	1399	lp_hostsdeny(-1)))) {
	1400	reply_nterror(req, NT_STATUS_ACCESS_DENIED);
	1401	return conn;
	1402	}
	1403
	1404	smb_messages[type].fn(req);
	1405	return req->conn;
	1406	}
	1407
	1408	/****************************************************************************
	1409	Construct a reply to the incoming packet.
	1410	****************************************************************************/
	1411
	1412	static void construct_reply(char *inbuf, int size, size_t unread_bytes,
	1413	uint32_t seqnum, bool encrypted,
	1414	struct smb_perfcount_data *deferred_pcd)
	1415	{
	1416	connection_struct *conn;
	1417	struct smb_request *req;
	1418
	1419	if (!(req = talloc(talloc_tos(), struct smb_request))) {
	1420	smb_panic("could not allocate smb_request");
	1421	}
	1422
	1423	init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
	1424	req->inbuf = (uint8_t *)talloc_move(req, &inbuf);
	1425	req->seqnum = seqnum;
	1426
	1427	/* we popped this message off the queue - keep original perf data */
	1428	if (deferred_pcd)
	1429	req->pcd = *deferred_pcd;
	1430	else {
	1431	SMB_PERFCOUNT_START(&req->pcd);
	1432	SMB_PERFCOUNT_SET_OP(&req->pcd, req->cmd);
	1433	SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, size);
	1434	}
	1435
	1436	conn = switch_message(req->cmd, req, size);
	1437
	1438	if (req->unread_bytes) {
	1439	/* writeX failed. drain socket. */
	1440	if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
	1441	req->unread_bytes) {
	1442	smb_panic("failed to drain pending bytes");
	1443	}
	1444	req->unread_bytes = 0;
	1445	}
	1446
	1447	if (req->done) {
	1448	TALLOC_FREE(req);
	1449	return;
	1450	}
	1451
	1452	if (req->outbuf == NULL) {
	1453	return;
	1454	}
	1455
	1456	if (CVAL(req->outbuf,0) == 0) {
	1457	show_msg((char *)req->outbuf);
	1458	}
	1459
	1460	if (!srv_send_smb(smbd_server_fd(),
	1461	(char *)req->outbuf,
	1462	true, req->seqnum+1,
	1463	IS_CONN_ENCRYPTED(conn)\|\|req->encrypted,
	1464	&req->pcd)) {
	1465	exit_server_cleanly("construct_reply: srv_send_smb failed.");
	1466	}
	1467
	1468	TALLOC_FREE(req);
	1469
	1470	return;
	1471	}
	1472
	1473	/****************************************************************************
	1474	Process an smb from the client
	1475	****************************************************************************/
	1476	static void process_smb(struct smbd_server_connection *conn,
	1477	uint8_t *inbuf, size_t nread, size_t unread_bytes,
	1478	uint32_t seqnum, bool encrypted,
	1479	struct smb_perfcount_data *deferred_pcd)
	1480	{
	1481	int msg_type = CVAL(inbuf,0);
	1482
	1483	DO_PROFILE_INC(smb_count);
	1484
	1485	DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
	1486	smb_len(inbuf) ) );
	1487	DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
	1488	(int)nread,
	1489	(unsigned int)unread_bytes ));
	1490
	1491	if (msg_type != 0) {
	1492	/*
	1493	* NetBIOS session request, keepalive, etc.
	1494	*/
[590]	1495	reply_special((char *)inbuf, nread);
[429]	1496	goto done;
	1497	}
	1498
	1499	if (smbd_server_conn->allow_smb2) {
	1500	if (smbd_is_smb2_header(inbuf, nread)) {
	1501	smbd_smb2_first_negprot(smbd_server_conn, inbuf, nread);
	1502	return;
	1503	}
	1504	smbd_server_conn->allow_smb2 = false;
	1505	}
	1506
	1507	show_msg((char *)inbuf);
	1508
	1509	construct_reply((char *)inbuf,nread,unread_bytes,seqnum,encrypted,deferred_pcd);
	1510	trans_num++;
	1511
	1512	done:
	1513	conn->smb1.num_requests++;
	1514
	1515	/* The timeout_processing function isn't run nearly
	1516	often enough to implement 'max log size' without
	1517	overrunning the size of the file by many megabytes.
	1518	This is especially true if we are running at debug
	1519	level 10. Checking every 50 SMBs is a nice
	1520	tradeoff of performance vs log file size overrun. */
	1521
	1522	if ((conn->smb1.num_requests % 50) == 0 &&
	1523	need_to_check_log_size()) {
	1524	change_to_root_user();
	1525	check_log_size();
	1526	}
	1527	}
	1528
	1529	/****************************************************************************
	1530	Return a string containing the function name of a SMB command.
	1531	****************************************************************************/
	1532
	1533	const char *smb_fn_name(int type)
	1534	{
	1535	const char *unknown_name = "SMBunknown";
	1536
	1537	if (smb_messages[type].name == NULL)
	1538	return(unknown_name);
	1539
	1540	return(smb_messages[type].name);
	1541	}
	1542
	1543	/****************************************************************************
	1544	Helper functions for contruct_reply.
	1545	****************************************************************************/
	1546
	1547	void add_to_common_flags2(uint32 v)
	1548	{
	1549	common_flags2 \|= v;
	1550	}
	1551
	1552	void remove_from_common_flags2(uint32 v)
	1553	{
	1554	common_flags2 &= ~v;
	1555	}
	1556
	1557	static void construct_reply_common(struct smb_request req, const char inbuf,
	1558	char *outbuf)
	1559	{
	1560	srv_set_message(outbuf,0,0,false);
	1561
	1562	SCVAL(outbuf, smb_com, req->cmd);
	1563	SIVAL(outbuf,smb_rcls,0);
	1564	SCVAL(outbuf,smb_flg, FLAG_REPLY \| (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
	1565	SSVAL(outbuf,smb_flg2,
	1566	(SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) \|
	1567	common_flags2);
	1568	memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
	1569
	1570	SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
	1571	SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
	1572	SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
	1573	SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
	1574	}
	1575
	1576	void construct_reply_common_req(struct smb_request req, char outbuf)
	1577	{
	1578	construct_reply_common(req, (char *)req->inbuf, outbuf);
	1579	}
	1580
	1581	/*
	1582	* How many bytes have we already accumulated up to the current wct field
	1583	* offset?
	1584	*/
	1585
	1586	size_t req_wct_ofs(struct smb_request *req)
	1587	{
	1588	size_t buf_size;
	1589
	1590	if (req->chain_outbuf == NULL) {
	1591	return smb_wct - 4;
	1592	}
	1593	buf_size = talloc_get_size(req->chain_outbuf);
	1594	if ((buf_size % 4) != 0) {
	1595	buf_size += (4 - (buf_size % 4));
	1596	}
	1597	return buf_size - 4;
	1598	}
	1599
	1600	/*
	1601	* Hack around reply_nterror & friends not being aware of chained requests,
	1602	* generating illegal (i.e. wct==0) chain replies.
	1603	*/
	1604
	1605	static void fixup_chain_error_packet(struct smb_request *req)
	1606	{
	1607	uint8_t *outbuf = req->outbuf;
	1608	req->outbuf = NULL;
	1609	reply_outbuf(req, 2, 0);
	1610	memcpy(req->outbuf, outbuf, smb_wct);
	1611	TALLOC_FREE(outbuf);
	1612	SCVAL(req->outbuf, smb_vwv0, 0xff);
	1613	}
	1614
	1615	/**
	1616	* @brief Find the smb_cmd offset of the last command pushed
	1617	* @param[in] buf The buffer we're building up
	1618	* @retval Where can we put our next andx cmd?
	1619	*
	1620	* While chaining requests, the "next" request we're looking at needs to put
	1621	* its SMB_Command before the data the previous request already built up added
	1622	* to the chain. Find the offset to the place where we have to put our cmd.
	1623	*/
	1624
	1625	static bool find_andx_cmd_ofs(uint8_t buf, size_t pofs)
	1626	{
	1627	uint8_t cmd;
	1628	size_t ofs;
	1629
	1630	cmd = CVAL(buf, smb_com);
	1631
	1632	SMB_ASSERT(is_andx_req(cmd));
	1633
	1634	ofs = smb_vwv0;
	1635
	1636	while (CVAL(buf, ofs) != 0xff) {
	1637
	1638	if (!is_andx_req(CVAL(buf, ofs))) {
	1639	return false;
	1640	}
	1641
	1642	/*
	1643	* ofs is from start of smb header, so add the 4 length
	1644	* bytes. The next cmd is right after the wct field.
	1645	*/
	1646	ofs = SVAL(buf, ofs+2) + 4 + 1;
	1647
	1648	SMB_ASSERT(ofs+4 < talloc_get_size(buf));
	1649	}
	1650
	1651	*pofs = ofs;
	1652	return true;
	1653	}
	1654
	1655	/**
	1656	* @brief Do the smb chaining at a buffer level
	1657	* @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
	1658	* @param[in] smb_command The command that we want to issue
	1659	* @param[in] wct How many words?
	1660	* @param[in] vwv The words, already in network order
	1661	* @param[in] bytes_alignment How shall we align "bytes"?
	1662	* @param[in] num_bytes How many bytes?
	1663	* @param[in] bytes The data the request ships
	1664	*
	1665	* smb_splice_chain() adds the vwv and bytes to the request already present in
	1666	* *poutbuf.
	1667	*/
	1668
	1669	static bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
	1670	uint8_t wct, const uint16_t *vwv,
	1671	size_t bytes_alignment,
	1672	uint32_t num_bytes, const uint8_t *bytes)
	1673	{
	1674	uint8_t *outbuf;
	1675	size_t old_size, new_size;
	1676	size_t ofs;
	1677	size_t chain_padding = 0;
	1678	size_t bytes_padding = 0;
	1679	bool first_request;
	1680
	1681	old_size = talloc_get_size(*poutbuf);
	1682
	1683	/*
	1684	* old_size == smb_wct means we're pushing the first request in for
	1685	* libsmb/
	1686	*/
	1687
	1688	first_request = (old_size == smb_wct);
	1689
	1690	if (!first_request && ((old_size % 4) != 0)) {
	1691	/*
	1692	* Align the wct field of subsequent requests to a 4-byte
	1693	* boundary
	1694	*/
	1695	chain_padding = 4 - (old_size % 4);
	1696	}
	1697
	1698	/*
	1699	* After the old request comes the new wct field (1 byte), the vwv's
	1700	* and the num_bytes field. After at we might need to align the bytes
	1701	* given to us to "bytes_alignment", increasing the num_bytes value.
	1702	*/
	1703
	1704	new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
	1705
	1706	if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
	1707	bytes_padding = bytes_alignment - (new_size % bytes_alignment);
	1708	}
	1709
	1710	new_size += bytes_padding + num_bytes;
	1711
	1712	if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
	1713	DEBUG(1, ("splice_chain: %u bytes won't fit\n",
	1714	(unsigned)new_size));
	1715	return false;
	1716	}
	1717
	1718	outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, uint8_t, new_size);
	1719	if (outbuf == NULL) {
	1720	DEBUG(0, ("talloc failed\n"));
	1721	return false;
	1722	}
	1723	*poutbuf = outbuf;
	1724
	1725	if (first_request) {
	1726	SCVAL(outbuf, smb_com, smb_command);
	1727	} else {
	1728	size_t andx_cmd_ofs;
	1729
	1730	if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
	1731	DEBUG(1, ("invalid command chain\n"));
	1732	*poutbuf = TALLOC_REALLOC_ARRAY(
	1733	NULL, *poutbuf, uint8_t, old_size);
	1734	return false;
	1735	}
	1736
	1737	if (chain_padding != 0) {
	1738	memset(outbuf + old_size, 0, chain_padding);
	1739	old_size += chain_padding;
	1740	}
	1741
	1742	SCVAL(outbuf, andx_cmd_ofs, smb_command);
	1743	SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
	1744	}
	1745
	1746	ofs = old_size;
	1747
	1748	/*
	1749	* Push the chained request:
	1750	*
	1751	* wct field
	1752	*/
	1753
	1754	SCVAL(outbuf, ofs, wct);
	1755	ofs += 1;
	1756
	1757	/*
	1758	* vwv array
	1759	*/
	1760
	1761	memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
	1762	ofs += sizeof(uint16_t) * wct;
	1763
	1764	/*
	1765	* bcc (byte count)
	1766	*/
	1767
	1768	SSVAL(outbuf, ofs, num_bytes + bytes_padding);
	1769	ofs += sizeof(uint16_t);
	1770
	1771	/*
	1772	* padding
	1773	*/
	1774
	1775	if (bytes_padding != 0) {
	1776	memset(outbuf + ofs, 0, bytes_padding);
	1777	ofs += bytes_padding;
	1778	}
	1779
	1780	/*
	1781	* The bytes field
	1782	*/
	1783
	1784	memcpy(outbuf + ofs, bytes, num_bytes);
	1785
	1786	return true;
	1787	}
	1788
	1789	/****************************************************************************
	1790	Construct a chained reply and add it to the already made reply
	1791	****************************************************************************/
	1792
	1793	void chain_reply(struct smb_request *req)
	1794	{
	1795	size_t smblen = smb_len(req->inbuf);
	1796	size_t already_used, length_needed;
	1797	uint8_t chain_cmd;
	1798	uint32_t chain_offset; /* uint32_t to avoid overflow */
	1799
	1800	uint8_t wct;
	1801	uint16_t *vwv;
	1802	uint16_t buflen;
	1803	uint8_t *buf;
	1804
	1805	if (IVAL(req->outbuf, smb_rcls) != 0) {
	1806	fixup_chain_error_packet(req);
	1807	}
	1808
	1809	/*
	1810	* Any of the AndX requests and replies have at least a wct of
	1811	* 2. vwv[0] is the next command, vwv[1] is the offset from the
	1812	* beginning of the SMB header to the next wct field.
	1813	*
	1814	* None of the AndX requests put anything valuable in vwv[0] and [1],
	1815	* so we can overwrite it here to form the chain.
	1816	*/
	1817
	1818	if ((req->wct < 2) \|\| (CVAL(req->outbuf, smb_wct) < 2)) {
	1819	if (req->chain_outbuf == NULL) {
	1820	req->chain_outbuf = TALLOC_REALLOC_ARRAY(
	1821	req, req->outbuf, uint8_t,
	1822	smb_len(req->outbuf) + 4);
	1823	if (req->chain_outbuf == NULL) {
	1824	smb_panic("talloc failed");
	1825	}
	1826	}
	1827	req->outbuf = NULL;
	1828	goto error;
	1829	}
	1830
	1831	/*
	1832	* Here we assume that this is the end of the chain. For that we need
	1833	* to set "next command" to 0xff and the offset to 0. If we later find
	1834	* more commands in the chain, this will be overwritten again.
	1835	*/
	1836
	1837	SCVAL(req->outbuf, smb_vwv0, 0xff);
	1838	SCVAL(req->outbuf, smb_vwv0+1, 0);
	1839	SSVAL(req->outbuf, smb_vwv1, 0);
	1840
	1841	if (req->chain_outbuf == NULL) {
	1842	/*
	1843	* In req->chain_outbuf we collect all the replies. Start the
	1844	* chain by copying in the first reply.
	1845	*
	1846	* We do the realloc because later on we depend on
	1847	* talloc_get_size to determine the length of
	1848	* chain_outbuf. The reply_xxx routines might have
	1849	* over-allocated (reply_pipe_read_and_X used to be such an
	1850	* example).
	1851	*/
	1852	req->chain_outbuf = TALLOC_REALLOC_ARRAY(
	1853	req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
	1854	if (req->chain_outbuf == NULL) {
	1855	smb_panic("talloc failed");
	1856	}
	1857	req->outbuf = NULL;
	1858	} else {
	1859	/*
	1860	* Update smb headers where subsequent chained commands
	1861	* may have updated them.
	1862	*/
[596]	1863	SSVAL(req->chain_outbuf, smb_tid, SVAL(req->outbuf, smb_tid));
	1864	SSVAL(req->chain_outbuf, smb_uid, SVAL(req->outbuf, smb_uid));
[429]	1865
	1866	if (!smb_splice_chain(&req->chain_outbuf,
	1867	CVAL(req->outbuf, smb_com),
	1868	CVAL(req->outbuf, smb_wct),
	1869	(uint16_t *)(req->outbuf + smb_vwv),
	1870	0, smb_buflen(req->outbuf),
	1871	(uint8_t *)smb_buf(req->outbuf))) {
	1872	goto error;
	1873	}
	1874	TALLOC_FREE(req->outbuf);
	1875	}
	1876
	1877	/*
	1878	* We use the old request's vwv field to grab the next chained command
	1879	* and offset into the chained fields.
	1880	*/
	1881
	1882	chain_cmd = CVAL(req->vwv+0, 0);
	1883	chain_offset = SVAL(req->vwv+1, 0);
	1884
	1885	if (chain_cmd == 0xff) {
	1886	/*
	1887	* End of chain, no more requests from the client. So ship the
	1888	* replies.
	1889	*/
	1890	smb_setlen((char *)(req->chain_outbuf),
	1891	talloc_get_size(req->chain_outbuf) - 4);
	1892
	1893	if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf,
	1894	true, req->seqnum+1,
	1895	IS_CONN_ENCRYPTED(req->conn)
	1896	\|\|req->encrypted,
	1897	&req->pcd)) {
	1898	exit_server_cleanly("chain_reply: srv_send_smb "
	1899	"failed.");
	1900	}
	1901	TALLOC_FREE(req->chain_outbuf);
	1902	req->done = true;
	1903	return;
	1904	}
	1905
	1906	/* add a new perfcounter for this element of chain */
	1907	SMB_PERFCOUNT_ADD(&req->pcd);
	1908	SMB_PERFCOUNT_SET_OP(&req->pcd, chain_cmd);
	1909	SMB_PERFCOUNT_SET_MSGLEN_IN(&req->pcd, smblen);
	1910
	1911	/*
[732]	1912	* Check if the client tries to fool us. The chain offset
	1913	* needs to point beyond the current request in the chain, it
	1914	* needs to strictly grow. Otherwise we might be tricked into
	1915	* an endless loop always processing the same request over and
	1916	* over again. We used to assume that vwv and the byte buffer
	1917	* array in a chain are always attached, but OS/2 the
	1918	* Write&X/Read&X chain puts the Read&X vwv array right behind
	1919	* the Write&X vwv chain. The Write&X bcc array is put behind
	1920	* the Read&X vwv array. So now we check whether the chain
	1921	* offset points strictly behind the previous vwv
	1922	* array. req->buf points right after the vwv array of the
	1923	* previous request. See
	1924	* https://bugzilla.samba.org/show_bug.cgi?id=8360 for more
	1925	* information.
[429]	1926	*/
	1927
[732]	1928	already_used = PTR_DIFF(req->buf, smb_base(req->inbuf));
	1929	if (chain_offset <= already_used) {
[429]	1930	goto error;
	1931	}
	1932
	1933	/*
	1934	* Next check: Make sure the chain offset does not point beyond the
	1935	* overall smb request length.
	1936	*/
	1937
	1938	length_needed = chain_offset+1; /* wct */
	1939	if (length_needed > smblen) {
	1940	goto error;
	1941	}
	1942
	1943	/*
	1944	* Now comes the pointer magic. Goal here is to set up req->vwv and
	1945	* req->buf correctly again to be able to call the subsequent
	1946	* switch_message(). The chain offset (the former vwv[1]) points at
	1947	* the new wct field.
	1948	*/
	1949
	1950	wct = CVAL(smb_base(req->inbuf), chain_offset);
	1951
	1952	/*
	1953	* Next consistency check: Make the new vwv array fits in the overall
	1954	* smb request.
	1955	*/
	1956
	1957	length_needed += (wct+1)sizeof(uint16_t); / vwv+buflen */
	1958	if (length_needed > smblen) {
	1959	goto error;
	1960	}
	1961	vwv = (uint16_t *)(smb_base(req->inbuf) + chain_offset + 1);
	1962
	1963	/*
	1964	* Now grab the new byte buffer....
	1965	*/
	1966
	1967	buflen = SVAL(vwv+wct, 0);
	1968
	1969	/*
	1970	* .. and check that it fits.
	1971	*/
	1972
	1973	length_needed += buflen;
	1974	if (length_needed > smblen) {
	1975	goto error;
	1976	}
	1977	buf = (uint8_t *)(vwv+wct+1);
	1978
	1979	req->cmd = chain_cmd;
	1980	req->wct = wct;
	1981	req->vwv = vwv;
	1982	req->buflen = buflen;
	1983	req->buf = buf;
	1984
	1985	switch_message(chain_cmd, req, smblen);
	1986
	1987	if (req->outbuf == NULL) {
	1988	/*
	1989	* This happens if the chained command has suspended itself or
	1990	* if it has called srv_send_smb() itself.
	1991	*/
	1992	return;
	1993	}
	1994
	1995	/*
	1996	* We end up here if the chained command was not itself chained or
	1997	* suspended, but for example a close() command. We now need to splice
	1998	* the chained commands' outbuf into the already built up chain_outbuf
	1999	* and ship the result.
	2000	*/
	2001	goto done;
	2002
	2003	error:
	2004	/*
	2005	* We end up here if there's any error in the chain syntax. Report a
	2006	* DOS error, just like Windows does.
	2007	*/
	2008	reply_force_doserror(req, ERRSRV, ERRerror);
	2009	fixup_chain_error_packet(req);
	2010
	2011	done:
	2012	/*
	2013	* This scary statement intends to set the
	2014	* FLAGS2_32_BIT_ERROR_CODES flg2 field in req->chain_outbuf
	2015	* to the value req->outbuf carries
	2016	*/
	2017	SSVAL(req->chain_outbuf, smb_flg2,
	2018	(SVAL(req->chain_outbuf, smb_flg2) & ~FLAGS2_32_BIT_ERROR_CODES)
	2019	\| (SVAL(req->outbuf, smb_flg2) & FLAGS2_32_BIT_ERROR_CODES));
	2020
	2021	/*
	2022	* Transfer the error codes from the subrequest to the main one
	2023	*/
	2024	SSVAL(req->chain_outbuf, smb_rcls, SVAL(req->outbuf, smb_rcls));
	2025	SSVAL(req->chain_outbuf, smb_err, SVAL(req->outbuf, smb_err));
	2026
	2027	if (!smb_splice_chain(&req->chain_outbuf,
	2028	CVAL(req->outbuf, smb_com),
	2029	CVAL(req->outbuf, smb_wct),
	2030	(uint16_t *)(req->outbuf + smb_vwv),
	2031	0, smb_buflen(req->outbuf),
	2032	(uint8_t *)smb_buf(req->outbuf))) {
	2033	exit_server_cleanly("chain_reply: smb_splice_chain failed\n");
	2034	}
	2035	TALLOC_FREE(req->outbuf);
	2036
	2037	smb_setlen((char *)(req->chain_outbuf),
	2038	talloc_get_size(req->chain_outbuf) - 4);
	2039
	2040	show_msg((char *)(req->chain_outbuf));
	2041
	2042	if (!srv_send_smb(smbd_server_fd(), (char *)req->chain_outbuf,
	2043	true, req->seqnum+1,
	2044	IS_CONN_ENCRYPTED(req->conn)\|\|req->encrypted,
	2045	&req->pcd)) {
	2046	exit_server_cleanly("construct_reply: srv_send_smb failed.");
	2047	}
	2048	TALLOC_FREE(req->chain_outbuf);
	2049	req->done = true;
	2050	}
	2051
	2052	/****************************************************************************
	2053	Check if services need reloading.
	2054	****************************************************************************/
	2055
	2056	void check_reload(time_t t)
	2057	{
	2058	time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
	2059
	2060	if(last_smb_conf_reload_time == 0) {
	2061	last_smb_conf_reload_time = t;
	2062	/* Our printing subsystem might not be ready at smbd start up.
	2063	Then no printer is available till the first printers check
	2064	is performed. A lower initial interval circumvents this. */
	2065	if ( printcap_cache_time > 60 )
	2066	last_printer_reload_time = t - printcap_cache_time + 60;
	2067	else
	2068	last_printer_reload_time = t;
	2069	}
	2070
	2071	if (mypid != getpid()) { /* First time or fork happened meanwhile */
	2072	/* randomize over 60 second the printcap reload to avoid all
	2073	* process hitting cupsd at the same time */
	2074	int time_range = 60;
	2075
	2076	last_printer_reload_time += random() % time_range;
	2077	mypid = getpid();
	2078	}
	2079
	2080	if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) {
	2081	reload_services(True);
	2082	last_smb_conf_reload_time = t;
	2083	}
	2084
	2085	/* 'printcap cache time = 0' disable the feature */
	2086
	2087	if ( printcap_cache_time != 0 )
	2088	{
	2089	/* see if it's time to reload or if the clock has been set back */
	2090
	2091	if ( (t >= last_printer_reload_time+printcap_cache_time)
	2092	\|\| (t-last_printer_reload_time < 0) )
	2093	{
	2094	DEBUG( 3,( "Printcap cache time expired.\n"));
[599]	2095	pcap_cache_reload(&reload_printers);
[429]	2096	last_printer_reload_time = t;
	2097	}
	2098	}
	2099	}
	2100
	2101	static void smbd_server_connection_write_handler(struct smbd_server_connection *conn)
	2102	{
	2103	/* TODO: make write nonblocking */
	2104	}
	2105
	2106	static void smbd_server_connection_read_handler(struct smbd_server_connection *conn)
	2107	{
	2108	uint8_t *inbuf = NULL;
	2109	size_t inbuf_len = 0;
	2110	size_t unread_bytes = 0;
	2111	bool encrypted = false;
	2112	TALLOC_CTX *mem_ctx = talloc_tos();
	2113	NTSTATUS status;
	2114	uint32_t seqnum;
	2115
	2116	/* TODO: make this completely nonblocking */
	2117
	2118	status = receive_smb_talloc(mem_ctx, smbd_server_fd(),
	2119	(char *)(void )&inbuf,
	2120	0, /* timeout */
	2121	&unread_bytes,
	2122	&encrypted,
	2123	&inbuf_len, &seqnum);
	2124	if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
	2125	goto process;
	2126	}
	2127	if (NT_STATUS_IS_ERR(status)) {
	2128	exit_server_cleanly("failed to receive smb request");
	2129	}
	2130	if (!NT_STATUS_IS_OK(status)) {
	2131	return;
	2132	}
	2133
	2134	process:
	2135	process_smb(conn, inbuf, inbuf_len, unread_bytes,
	2136	seqnum, encrypted, NULL);
	2137	}
	2138
	2139	static void smbd_server_connection_handler(struct event_context *ev,
	2140	struct fd_event *fde,
	2141	uint16_t flags,
	2142	void *private_data)
	2143	{
	2144	struct smbd_server_connection *conn = talloc_get_type(private_data,
	2145	struct smbd_server_connection);
	2146
	2147	if (flags & EVENT_FD_WRITE) {
	2148	smbd_server_connection_write_handler(conn);
	2149	} else if (flags & EVENT_FD_READ) {
	2150	smbd_server_connection_read_handler(conn);
	2151	}
	2152	}
	2153
	2154
	2155	/****************************************************************************
	2156	received when we should release a specific IP
	2157	****************************************************************************/
	2158	static void release_ip(const char ip, void priv)
	2159	{
	2160	char addr[INET6_ADDRSTRLEN];
	2161	char *p = addr;
	2162
	2163	client_socket_addr(get_client_fd(),addr,sizeof(addr));
	2164
	2165	if (strncmp("::ffff:", addr, 7) == 0) {
	2166	p = addr + 7;
	2167	}
	2168
	2169	if ((strcmp(p, ip) == 0) \|\| ((p != addr) && strcmp(addr, ip) == 0)) {
	2170	/* we can't afford to do a clean exit - that involves
	2171	database writes, which would potentially mean we
	2172	are still running after the failover has finished -
	2173	we have to get rid of this process ID straight
	2174	away */
	2175	DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
	2176	ip));
	2177	/* note we must exit with non-zero status so the unclean handler gets
	2178	called in the parent, so that the brl database is tickled */
	2179	_exit(1);
	2180	}
	2181	}
	2182
	2183	static void msg_release_ip(struct messaging_context msg_ctx, void private_data,
	2184	uint32_t msg_type, struct server_id server_id, DATA_BLOB *data)
	2185	{
	2186	release_ip((char *)data->data, NULL);
	2187	}
	2188
	2189	#ifdef CLUSTER_SUPPORT
	2190	static int client_get_tcp_info(struct sockaddr_storage *server,
	2191	struct sockaddr_storage *client)
	2192	{
	2193	socklen_t length;
	2194	if (server_fd == -1) {
	2195	return -1;
	2196	}
	2197	length = sizeof(*server);
	2198	if (getsockname(server_fd, (struct sockaddr *)server, &length) != 0) {
	2199	return -1;
	2200	}
	2201	length = sizeof(*client);
	2202	if (getpeername(server_fd, (struct sockaddr *)client, &length) != 0) {
	2203	return -1;
	2204	}
	2205	return 0;
	2206	}
	2207	#endif
	2208
	2209	/*
	2210	* Send keepalive packets to our client
	2211	*/
	2212	static bool keepalive_fn(const struct timeval now, void private_data)
	2213	{
	2214	if (!send_keepalive(smbd_server_fd())) {
	2215	DEBUG( 2, ( "Keepalive failed - exiting.\n" ) );
	2216	return False;
	2217	}
	2218	return True;
	2219	}
	2220
	2221	/*
	2222	* Do the recurring check if we're idle
	2223	*/
	2224	static bool deadtime_fn(const struct timeval now, void private_data)
	2225	{
	2226	struct smbd_server_connection *sconn = smbd_server_conn;
	2227	if ((conn_num_open(sconn) == 0)
	2228	\|\| (conn_idle_all(sconn, now->tv_sec))) {
	2229	DEBUG( 2, ( "Closing idle connection\n" ) );
	2230	messaging_send(smbd_messaging_context(), procid_self(),
	2231	MSG_SHUTDOWN, &data_blob_null);
	2232	return False;
	2233	}
	2234
	2235	return True;
	2236	}
	2237
	2238	/*
	2239	* Do the recurring log file and smb.conf reload checks.
	2240	*/
	2241
	2242	static bool housekeeping_fn(const struct timeval now, void private_data)
	2243	{
	2244	change_to_root_user();
	2245
	2246	/* update printer queue caches if necessary */
	2247	update_monitored_printq_cache();
	2248
	2249	/* check if we need to reload services */
	2250	check_reload(time(NULL));
	2251
	2252	/* Change machine password if neccessary. */
	2253	attempt_machine_password_change();
	2254
	2255	/*
	2256	* Force a log file check.
	2257	*/
	2258	force_check_log_size();
	2259	check_log_size();
	2260	return true;
	2261	}
	2262
	2263	/****************************************************************************
	2264	Process commands from the client
	2265	****************************************************************************/
	2266
	2267	void smbd_process(void)
	2268	{
	2269	TALLOC_CTX *frame = talloc_stackframe();
	2270	char remaddr[INET6_ADDRSTRLEN];
	2271
	2272	if (lp_maxprotocol() == PROTOCOL_SMB2 &&
	2273	lp_security() != SEC_SHARE) {
	2274	smbd_server_conn->allow_smb2 = true;
	2275	}
	2276
	2277	/* Ensure child is set to blocking mode */
	2278	set_blocking(smbd_server_fd(),True);
	2279
	2280	set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
	2281	set_socket_options(smbd_server_fd(), lp_socket_options());
	2282
	2283	/* this is needed so that we get decent entries
	2284	in smbstatus for port 445 connects */
	2285	set_remote_machine_name(get_peer_addr(smbd_server_fd(),
	2286	remaddr,
	2287	sizeof(remaddr)),
	2288	false);
	2289	reload_services(true);
	2290
	2291	/*
	2292	* Before the first packet, check the global hosts allow/ hosts deny
	2293	* parameters before doing any parsing of packets passed to us by the
	2294	* client. This prevents attacks on our parsing code from hosts not in
	2295	* the hosts allow list.
	2296	*/
	2297
	2298	if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
	2299	lp_hostsdeny(-1))) {
	2300	char addr[INET6_ADDRSTRLEN];
	2301
	2302	/*
	2303	* send a negative session response "not listening on calling
	2304	* name"
	2305	*/
	2306	unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
	2307	DEBUG( 1, ("Connection denied from %s\n",
	2308	client_addr(get_client_fd(),addr,sizeof(addr)) ) );
	2309	(void)srv_send_smb(smbd_server_fd(),(char *)buf, false,
	2310	0, false, NULL);
	2311	exit_server_cleanly("connection denied");
	2312	}
	2313
	2314	static_init_rpc;
	2315
	2316	init_modules();
	2317
	2318	smb_perfcount_init();
	2319
	2320	if (!init_account_policy()) {
	2321	exit_server("Could not open account policy tdb.\n");
	2322	}
	2323
	2324	if (*lp_rootdir()) {
	2325	if (chroot(lp_rootdir()) != 0) {
	2326	DEBUG(0,("Failed to change root to %s\n", lp_rootdir()));
	2327	exit_server("Failed to chroot()");
	2328	}
	2329	if (chdir("/") == -1) {
	2330	DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir()));
	2331	exit_server("Failed to chroot()");
	2332	}
	2333	DEBUG(0,("Changed root to %s\n", lp_rootdir()));
	2334	}
	2335
	2336	if (!srv_init_signing(smbd_server_conn)) {
	2337	exit_server("Failed to init smb_signing");
	2338	}
	2339
	2340	/* Setup oplocks */
	2341	if (!init_oplocks(smbd_messaging_context()))
	2342	exit_server("Failed to init oplocks");
	2343
	2344	/* Setup aio signal handler. */
	2345	initialize_async_io_handler();
	2346
	2347	/* register our message handlers */
	2348	messaging_register(smbd_messaging_context(), NULL,
	2349	MSG_SMB_FORCE_TDIS, msg_force_tdis);
	2350	messaging_register(smbd_messaging_context(), NULL,
	2351	MSG_SMB_RELEASE_IP, msg_release_ip);
	2352	messaging_register(smbd_messaging_context(), NULL,
	2353	MSG_SMB_CLOSE_FILE, msg_close_file);
	2354
	2355	/*
	2356	* Use the default MSG_DEBUG handler to avoid rebroadcasting
	2357	* MSGs to all child processes
	2358	*/
	2359	messaging_deregister(smbd_messaging_context(),
	2360	MSG_DEBUG, NULL);
	2361	messaging_register(smbd_messaging_context(), NULL,
	2362	MSG_DEBUG, debug_message);
	2363
	2364	if ((lp_keepalive() != 0)
	2365	&& !(event_add_idle(smbd_event_context(), NULL,
	2366	timeval_set(lp_keepalive(), 0),
	2367	"keepalive", keepalive_fn,
	2368	NULL))) {
	2369	DEBUG(0, ("Could not add keepalive event\n"));
	2370	exit(1);
	2371	}
	2372
	2373	if (!(event_add_idle(smbd_event_context(), NULL,
	2374	timeval_set(IDLE_CLOSED_TIMEOUT, 0),
	2375	"deadtime", deadtime_fn, NULL))) {
	2376	DEBUG(0, ("Could not add deadtime event\n"));
	2377	exit(1);
	2378	}
	2379
	2380	if (!(event_add_idle(smbd_event_context(), NULL,
[599]	2381	timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
[429]	2382	"housekeeping", housekeeping_fn, NULL))) {
	2383	DEBUG(0, ("Could not add housekeeping event\n"));
	2384	exit(1);
	2385	}
	2386
	2387	#ifdef CLUSTER_SUPPORT
	2388
	2389	if (lp_clustering()) {
	2390	/*
	2391	* We need to tell ctdb about our client's TCP
	2392	* connection, so that for failover ctdbd can send
	2393	* tickle acks, triggering a reconnection by the
	2394	* client.
	2395	*/
	2396
	2397	struct sockaddr_storage srv, clnt;
	2398
	2399	if (client_get_tcp_info(&srv, &clnt) == 0) {
	2400
	2401	NTSTATUS status;
	2402
	2403	status = ctdbd_register_ips(
	2404	messaging_ctdbd_connection(),
	2405	&srv, &clnt, release_ip, NULL);
	2406
	2407	if (!NT_STATUS_IS_OK(status)) {
	2408	DEBUG(0, ("ctdbd_register_ips failed: %s\n",
	2409	nt_errstr(status)));
	2410	}
	2411	} else
	2412	{
	2413	DEBUG(0,("Unable to get tcp info for "
	2414	"CTDB_CONTROL_TCP_CLIENT: %s\n",
	2415	strerror(errno)));
	2416	}
	2417	}
	2418
	2419	#endif
	2420
	2421	smbd_server_conn->nbt.got_session = false;
	2422
	2423	smbd_server_conn->smb1.negprot.max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
	2424
	2425	smbd_server_conn->smb1.sessions.done_sesssetup = false;
	2426	smbd_server_conn->smb1.sessions.max_send = BUFFER_SIZE;
	2427	smbd_server_conn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
	2428	/* users from session setup */
	2429	smbd_server_conn->smb1.sessions.session_userlist = NULL;
	2430	/* workgroup from session setup. */
	2431	smbd_server_conn->smb1.sessions.session_workgroup = NULL;
	2432	/* this holds info on user ids that are already validated for this VC */
	2433	smbd_server_conn->smb1.sessions.validated_users = NULL;
	2434	smbd_server_conn->smb1.sessions.next_vuid = VUID_OFFSET;
	2435	smbd_server_conn->smb1.sessions.num_validated_vuids = 0;
	2436	#ifdef HAVE_NETGROUP
	2437	smbd_server_conn->smb1.sessions.my_yp_domain = NULL;
	2438	#endif
	2439
	2440	conn_init(smbd_server_conn);
	2441	if (!init_dptrs(smbd_server_conn)) {
	2442	exit_server("init_dptrs() failed");
	2443	}
	2444
	2445	smbd_server_conn->smb1.fde = event_add_fd(smbd_event_context(),
	2446	smbd_server_conn,
	2447	smbd_server_fd(),
	2448	EVENT_FD_READ,
	2449	smbd_server_connection_handler,
	2450	smbd_server_conn);
	2451	if (!smbd_server_conn->smb1.fde) {
	2452	exit_server("failed to create smbd_server_connection fde");
	2453	}
	2454
	2455	TALLOC_FREE(frame);
	2456
	2457	while (True) {
	2458	NTSTATUS status;
	2459
	2460	frame = talloc_stackframe_pool(8192);
	2461
	2462	errno = 0;
	2463
	2464	status = smbd_server_connection_loop_once(smbd_server_conn);
	2465	if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY) &&
	2466	!NT_STATUS_IS_OK(status)) {
	2467	DEBUG(3, ("smbd_server_connection_loop_once failed: %s,"
	2468	" exiting\n", nt_errstr(status)));
	2469	break;
	2470	}
	2471
	2472	TALLOC_FREE(frame);
	2473	}
	2474
	2475	exit_server_cleanly(NULL);
	2476	}
	2477
	2478	bool req_is_in_chain(struct smb_request *req)
	2479	{
	2480	if (req->vwv != (uint16_t *)(req->inbuf+smb_vwv)) {
	2481	/*
	2482	* We're right now handling a subsequent request, so we must
	2483	* be in a chain
	2484	*/
	2485	return true;
	2486	}
	2487
	2488	if (!is_andx_req(req->cmd)) {
	2489	return false;
	2490	}
	2491
	2492	if (req->wct < 2) {
	2493	/*
	2494	* Okay, an illegal request, but definitely not chained :-)
	2495	*/
	2496	return false;
	2497	}
	2498
	2499	return (CVAL(req->vwv+0, 0) != 0xFF);
	2500	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/samba-3.5.x/source3/smbd/process.c

Download in other formats: