Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Copyright (C) Stefan Metzmacher 2014
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "system/filesys.h"
22 : #include <tevent.h>
23 : #include "lib/util/server_id.h"
24 : #include "smbd/smbd.h"
25 : #include "smbd/globals.h"
26 : #include "dbwrap/dbwrap.h"
27 : #include "dbwrap/dbwrap_rbt.h"
28 : #include "dbwrap/dbwrap_open.h"
29 : #include "dbwrap/dbwrap_watch.h"
30 : #include "session.h"
31 : #include "auth.h"
32 : #include "auth/gensec/gensec.h"
33 : #include "../lib/tsocket/tsocket.h"
34 : #include "../libcli/security/security.h"
35 : #include "messages.h"
36 : #include "lib/util/util_tdb.h"
37 : #include "librpc/gen_ndr/ndr_smbXsrv.h"
38 : #include "serverid.h"
39 : #include "lib/util/tevent_ntstatus.h"
40 : #include "lib/util/iov_buf.h"
41 : #include "lib/global_contexts.h"
42 :
43 : struct smbXsrv_client_table {
44 : struct {
45 : uint32_t max_clients;
46 : uint32_t num_clients;
47 : } local;
48 : struct {
49 : struct db_context *db_ctx;
50 : } global;
51 : };
52 :
53 : static struct db_context *smbXsrv_client_global_db_ctx = NULL;
54 :
55 5314 : NTSTATUS smbXsrv_client_global_init(void)
56 : {
57 5314 : const char *global_path = NULL;
58 5314 : struct db_context *backend = NULL;
59 5314 : struct db_context *db_ctx = NULL;
60 :
61 5314 : if (smbXsrv_client_global_db_ctx != NULL) {
62 5270 : return NT_STATUS_OK;
63 : }
64 :
65 : /*
66 : * This contains secret information like client keys!
67 : */
68 44 : global_path = lock_path(talloc_tos(), "smbXsrv_client_global.tdb");
69 44 : if (global_path == NULL) {
70 0 : return NT_STATUS_NO_MEMORY;
71 : }
72 :
73 44 : backend = db_open(NULL, global_path,
74 : 0, /* hash_size */
75 : TDB_DEFAULT |
76 : TDB_CLEAR_IF_FIRST |
77 : TDB_INCOMPATIBLE_HASH,
78 : O_RDWR | O_CREAT, 0600,
79 : DBWRAP_LOCK_ORDER_1,
80 : DBWRAP_FLAG_NONE);
81 44 : if (backend == NULL) {
82 : NTSTATUS status;
83 :
84 0 : status = map_nt_error_from_unix_common(errno);
85 :
86 0 : return status;
87 : }
88 :
89 44 : db_ctx = db_open_watched(NULL, &backend, global_messaging_context());
90 44 : if (db_ctx == NULL) {
91 0 : TALLOC_FREE(backend);
92 0 : return NT_STATUS_NO_MEMORY;
93 : }
94 :
95 44 : smbXsrv_client_global_db_ctx = db_ctx;
96 :
97 44 : return NT_STATUS_OK;
98 : }
99 :
100 : /*
101 : * NOTE:
102 : * We need to store the keys in big endian so that dbwrap_rbt's memcmp
103 : * has the same result as integer comparison between the uint32_t
104 : * values.
105 : *
106 : * TODO: implement string based key
107 : */
108 :
109 : #define SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE 16
110 :
111 9946 : static TDB_DATA smbXsrv_client_global_id_to_key(const struct GUID *client_guid,
112 : uint8_t *key_buf)
113 : {
114 9946 : TDB_DATA key = { .dsize = 0, };
115 : NTSTATUS status;
116 9946 : struct GUID_ndr_buf buf = { .buf = {0}, };
117 :
118 9946 : status = GUID_to_ndr_buf(client_guid, &buf);
119 9946 : if (!NT_STATUS_IS_OK(status)) {
120 0 : return key;
121 : }
122 9946 : memcpy(key_buf, buf.buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
123 :
124 9946 : key = make_tdb_data(key_buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
125 :
126 9946 : return key;
127 : }
128 :
129 9946 : static struct db_record *smbXsrv_client_global_fetch_locked(
130 : struct db_context *db,
131 : const struct GUID *client_guid,
132 : TALLOC_CTX *mem_ctx)
133 : {
134 : TDB_DATA key;
135 : uint8_t key_buf[SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE];
136 9946 : struct db_record *rec = NULL;
137 :
138 9946 : key = smbXsrv_client_global_id_to_key(client_guid, key_buf);
139 :
140 9946 : rec = dbwrap_fetch_locked(db, mem_ctx, key);
141 :
142 9946 : if (rec == NULL) {
143 : struct GUID_txt_buf buf;
144 0 : DBG_DEBUG("Failed to lock guid [%s], key '%s'\n",
145 : GUID_buf_string(client_guid, &buf),
146 : hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
147 : }
148 :
149 9946 : return rec;
150 : }
151 :
152 5270 : static NTSTATUS smbXsrv_client_table_create(TALLOC_CTX *mem_ctx,
153 : struct messaging_context *msg_ctx,
154 : uint32_t max_clients,
155 : struct smbXsrv_client_table **_table)
156 : {
157 : struct smbXsrv_client_table *table;
158 : NTSTATUS status;
159 :
160 5270 : if (max_clients > 1) {
161 0 : return NT_STATUS_INTERNAL_ERROR;
162 : }
163 :
164 5270 : table = talloc_zero(mem_ctx, struct smbXsrv_client_table);
165 5270 : if (table == NULL) {
166 0 : return NT_STATUS_NO_MEMORY;
167 : }
168 :
169 5270 : table->local.max_clients = max_clients;
170 :
171 5270 : status = smbXsrv_client_global_init();
172 5270 : if (!NT_STATUS_IS_OK(status)) {
173 0 : TALLOC_FREE(table);
174 0 : return status;
175 : }
176 :
177 5270 : table->global.db_ctx = smbXsrv_client_global_db_ctx;
178 :
179 5270 : *_table = table;
180 5270 : return NT_STATUS_OK;
181 : }
182 :
183 5270 : static int smbXsrv_client_global_destructor(struct smbXsrv_client_global0 *global)
184 : {
185 5270 : return 0;
186 : }
187 :
188 4998 : static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
189 : bool *is_free,
190 : bool *was_free,
191 : TALLOC_CTX *mem_ctx,
192 : const struct server_id *dead_server_id,
193 : struct smbXsrv_client_global0 **_g,
194 : uint32_t *pseqnum)
195 : {
196 : TDB_DATA key;
197 : TDB_DATA val;
198 : DATA_BLOB blob;
199 : struct smbXsrv_client_globalB global_blob;
200 : enum ndr_err_code ndr_err;
201 4998 : struct smbXsrv_client_global0 *global = NULL;
202 4998 : bool dead = false;
203 : bool exists;
204 4998 : TALLOC_CTX *frame = talloc_stackframe();
205 :
206 4998 : *is_free = false;
207 :
208 4998 : if (was_free) {
209 0 : *was_free = false;
210 : }
211 4998 : if (_g) {
212 4998 : *_g = NULL;
213 : }
214 4998 : if (pseqnum) {
215 4998 : *pseqnum = 0;
216 : }
217 :
218 4998 : key = dbwrap_record_get_key(db_rec);
219 :
220 4998 : val = dbwrap_record_get_value(db_rec);
221 4998 : if (val.dsize == 0) {
222 4948 : TALLOC_FREE(frame);
223 4948 : *is_free = true;
224 4948 : if (was_free) {
225 0 : *was_free = true;
226 : }
227 8399 : return;
228 : }
229 :
230 50 : blob = data_blob_const(val.dptr, val.dsize);
231 :
232 50 : ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
233 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_client_globalB);
234 50 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
235 0 : NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
236 0 : DBG_WARNING("key '%s' ndr_pull_struct_blob - %s\n",
237 : hex_encode_talloc(frame, key.dptr, key.dsize),
238 : nt_errstr(status));
239 0 : TALLOC_FREE(frame);
240 0 : return;
241 : }
242 :
243 50 : DBG_DEBUG("client_global:\n");
244 50 : if (DEBUGLVL(DBGLVL_DEBUG)) {
245 0 : NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
246 : }
247 :
248 50 : if (global_blob.version != SMBXSRV_VERSION_0) {
249 0 : DBG_ERR("key '%s' use unsupported version %u\n",
250 : hex_encode_talloc(frame, key.dptr, key.dsize),
251 : global_blob.version);
252 0 : NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
253 0 : TALLOC_FREE(frame);
254 0 : return;
255 : }
256 :
257 50 : global = global_blob.info.info0;
258 :
259 50 : dead = server_id_equal(dead_server_id, &global->server_id);
260 50 : if (dead) {
261 : struct server_id_buf tmp;
262 :
263 0 : DBG_NOTICE("key '%s' server_id %s is already dead.\n",
264 : hex_encode_talloc(frame, key.dptr, key.dsize),
265 : server_id_str_buf(global->server_id, &tmp));
266 0 : if (DEBUGLVL(DBGLVL_NOTICE)) {
267 0 : NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
268 : }
269 0 : TALLOC_FREE(frame);
270 0 : dbwrap_record_delete(db_rec);
271 0 : *is_free = true;
272 0 : return;
273 : }
274 :
275 50 : exists = serverid_exists(&global->server_id);
276 50 : if (!exists) {
277 : struct server_id_buf tmp;
278 :
279 0 : DBG_NOTICE("key '%s' server_id %s does not exist.\n",
280 : hex_encode_talloc(frame, key.dptr, key.dsize),
281 : server_id_str_buf(global->server_id, &tmp));
282 0 : if (DEBUGLVL(DBGLVL_NOTICE)) {
283 0 : NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
284 : }
285 0 : TALLOC_FREE(frame);
286 0 : dbwrap_record_delete(db_rec);
287 0 : *is_free = true;
288 0 : return;
289 : }
290 :
291 50 : if (_g) {
292 50 : *_g = talloc_move(mem_ctx, &global);
293 : }
294 50 : if (pseqnum) {
295 50 : *pseqnum = global_blob.seqnum;
296 : }
297 50 : TALLOC_FREE(frame);
298 : }
299 :
300 50 : static NTSTATUS smb2srv_client_connection_pass(struct smbd_smb2_request *smb2req,
301 : struct smbXsrv_client_global0 *global)
302 : {
303 : DATA_BLOB blob;
304 : enum ndr_err_code ndr_err;
305 : NTSTATUS status;
306 : struct smbXsrv_connection_pass0 pass_info0;
307 : struct smbXsrv_connection_passB pass_blob;
308 : ssize_t reqlen;
309 : struct iovec iov;
310 :
311 50 : pass_info0 = (struct smbXsrv_connection_pass0) {
312 50 : .client_guid = global->client_guid,
313 50 : .src_server_id = smb2req->xconn->client->global->server_id,
314 50 : .xconn_connect_time = smb2req->xconn->client->global->initial_connect_time,
315 50 : .dst_server_id = global->server_id,
316 50 : .client_connect_time = global->initial_connect_time,
317 : };
318 :
319 50 : reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
320 50 : if (reqlen == -1) {
321 0 : return NT_STATUS_INVALID_BUFFER_SIZE;
322 : }
323 :
324 50 : pass_info0.negotiate_request.length = reqlen;
325 50 : pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
326 : reqlen);
327 50 : if (pass_info0.negotiate_request.data == NULL) {
328 0 : return NT_STATUS_NO_MEMORY;
329 : }
330 50 : iov_buf(smb2req->in.vector, smb2req->in.vector_count,
331 : pass_info0.negotiate_request.data,
332 : pass_info0.negotiate_request.length);
333 :
334 50 : ZERO_STRUCT(pass_blob);
335 50 : pass_blob.version = smbXsrv_version_global_current();
336 50 : pass_blob.info.info0 = &pass_info0;
337 :
338 50 : if (DEBUGLVL(DBGLVL_DEBUG)) {
339 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
340 : }
341 :
342 50 : ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &pass_blob,
343 : (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_passB);
344 50 : data_blob_free(&pass_info0.negotiate_request);
345 50 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
346 0 : status = ndr_map_error2ntstatus(ndr_err);
347 0 : return status;
348 : }
349 :
350 50 : iov.iov_base = blob.data;
351 50 : iov.iov_len = blob.length;
352 :
353 50 : status = messaging_send_iov(smb2req->xconn->client->msg_ctx,
354 : global->server_id,
355 : MSG_SMBXSRV_CONNECTION_PASS,
356 : &iov, 1,
357 50 : &smb2req->xconn->transport.sock, 1);
358 50 : data_blob_free(&blob);
359 50 : if (!NT_STATUS_IS_OK(status)) {
360 0 : return status;
361 : }
362 :
363 50 : return NT_STATUS_OK;
364 : }
365 :
366 0 : static NTSTATUS smb2srv_client_connection_drop(struct smbd_smb2_request *smb2req,
367 : struct smbXsrv_client_global0 *global)
368 : {
369 : DATA_BLOB blob;
370 : enum ndr_err_code ndr_err;
371 : NTSTATUS status;
372 : struct smbXsrv_connection_drop0 drop_info0;
373 : struct smbXsrv_connection_dropB drop_blob;
374 : struct iovec iov;
375 :
376 0 : drop_info0 = (struct smbXsrv_connection_drop0) {
377 0 : .client_guid = global->client_guid,
378 0 : .src_server_id = smb2req->xconn->client->global->server_id,
379 0 : .xconn_connect_time = smb2req->xconn->client->global->initial_connect_time,
380 0 : .dst_server_id = global->server_id,
381 0 : .client_connect_time = global->initial_connect_time,
382 : };
383 :
384 0 : ZERO_STRUCT(drop_blob);
385 0 : drop_blob.version = smbXsrv_version_global_current();
386 0 : drop_blob.info.info0 = &drop_info0;
387 :
388 0 : if (DEBUGLVL(DBGLVL_DEBUG)) {
389 0 : NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
390 : }
391 :
392 0 : ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &drop_blob,
393 : (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_dropB);
394 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
395 0 : status = ndr_map_error2ntstatus(ndr_err);
396 0 : return status;
397 : }
398 :
399 0 : iov.iov_base = blob.data;
400 0 : iov.iov_len = blob.length;
401 :
402 0 : status = messaging_send_iov(smb2req->xconn->client->msg_ctx,
403 : global->server_id,
404 : MSG_SMBXSRV_CONNECTION_DROP,
405 : &iov, 1,
406 : NULL, 0);
407 0 : data_blob_free(&blob);
408 0 : if (!NT_STATUS_IS_OK(status)) {
409 0 : return status;
410 : }
411 :
412 0 : return NT_STATUS_OK;
413 : }
414 :
415 4948 : static NTSTATUS smbXsrv_client_global_store(struct smbXsrv_client_global0 *global)
416 : {
417 : struct smbXsrv_client_globalB global_blob;
418 4948 : DATA_BLOB blob = data_blob_null;
419 : TDB_DATA key;
420 : TDB_DATA val;
421 : NTSTATUS status;
422 : enum ndr_err_code ndr_err;
423 4948 : bool saved_stored = global->stored;
424 :
425 : /*
426 : * TODO: if we use other versions than '0'
427 : * we would add glue code here, that would be able to
428 : * store the information in the old format.
429 : */
430 :
431 4948 : SMB_ASSERT(global->local_address != NULL);
432 4948 : SMB_ASSERT(global->remote_address != NULL);
433 4948 : SMB_ASSERT(global->remote_name != NULL);
434 :
435 4948 : if (global->db_rec == NULL) {
436 0 : return NT_STATUS_INTERNAL_ERROR;
437 : }
438 :
439 4948 : key = dbwrap_record_get_key(global->db_rec);
440 4948 : val = dbwrap_record_get_value(global->db_rec);
441 :
442 4948 : ZERO_STRUCT(global_blob);
443 4948 : global_blob.version = smbXsrv_version_global_current();
444 4948 : if (val.dsize >= 8) {
445 0 : global_blob.seqnum = IVAL(val.dptr, 4);
446 : }
447 4948 : global_blob.seqnum += 1;
448 4948 : global_blob.info.info0 = global;
449 :
450 4948 : global->stored = true;
451 4948 : ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
452 : (ndr_push_flags_fn_t)ndr_push_smbXsrv_client_globalB);
453 4948 : global->stored = saved_stored;
454 4948 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
455 0 : status = ndr_map_error2ntstatus(ndr_err);
456 0 : DBG_WARNING("key '%s' ndr_push - %s\n",
457 : hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
458 : nt_errstr(status));
459 0 : TALLOC_FREE(global->db_rec);
460 0 : return status;
461 : }
462 :
463 4948 : val = make_tdb_data(blob.data, blob.length);
464 4948 : status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
465 4948 : if (!NT_STATUS_IS_OK(status)) {
466 0 : DBG_WARNING("key '%s' store - %s\n",
467 : hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
468 : nt_errstr(status));
469 0 : TALLOC_FREE(global->db_rec);
470 0 : return status;
471 : }
472 :
473 4948 : global->stored = true;
474 :
475 4948 : if (DEBUGLVL(DBGLVL_DEBUG)) {
476 0 : DBG_DEBUG("key '%s' stored\n",
477 : hex_encode_talloc(global->db_rec, key.dptr, key.dsize));
478 0 : NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
479 : }
480 :
481 4948 : TALLOC_FREE(global->db_rec);
482 :
483 4948 : return NT_STATUS_OK;
484 : }
485 :
486 : struct smb2srv_client_mc_negprot_state {
487 : struct tevent_context *ev;
488 : struct smbd_smb2_request *smb2req;
489 : struct db_record *db_rec;
490 : struct server_id sent_server_id;
491 : uint64_t watch_instance;
492 : uint32_t last_seqnum;
493 : struct tevent_req *filter_subreq;
494 : };
495 :
496 9996 : static void smb2srv_client_mc_negprot_cleanup(struct tevent_req *req,
497 : enum tevent_req_state req_state)
498 : {
499 6952 : struct smb2srv_client_mc_negprot_state *state =
500 9996 : tevent_req_data(req,
501 : struct smb2srv_client_mc_negprot_state);
502 :
503 9996 : if (state->db_rec != NULL) {
504 0 : dbwrap_watched_watch_remove_instance(state->db_rec,
505 : state->watch_instance);
506 0 : state->watch_instance = 0;
507 0 : TALLOC_FREE(state->db_rec);
508 : }
509 9996 : }
510 :
511 : static void smb2srv_client_mc_negprot_next(struct tevent_req *req);
512 : static bool smb2srv_client_mc_negprot_filter(struct messaging_rec *rec, void *private_data);
513 : static void smb2srv_client_mc_negprot_done(struct tevent_req *subreq);
514 : static void smb2srv_client_mc_negprot_watched(struct tevent_req *subreq);
515 :
516 4998 : struct tevent_req *smb2srv_client_mc_negprot_send(TALLOC_CTX *mem_ctx,
517 : struct tevent_context *ev,
518 : struct smbd_smb2_request *smb2req)
519 : {
520 4998 : struct tevent_req *req = NULL;
521 4998 : struct smb2srv_client_mc_negprot_state *state = NULL;
522 :
523 4998 : req = tevent_req_create(mem_ctx, &state,
524 : struct smb2srv_client_mc_negprot_state);
525 4998 : if (req == NULL) {
526 0 : return NULL;
527 : }
528 4998 : state->ev = ev;
529 4998 : state->smb2req = smb2req;
530 :
531 4998 : tevent_req_set_cleanup_fn(req, smb2srv_client_mc_negprot_cleanup);
532 :
533 4998 : server_id_set_disconnected(&state->sent_server_id);
534 :
535 4998 : smb2srv_client_mc_negprot_next(req);
536 :
537 4998 : if (!tevent_req_is_in_progress(req)) {
538 4948 : return tevent_req_post(req, ev);
539 : }
540 :
541 50 : return req;
542 : }
543 :
544 4998 : static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
545 : {
546 3476 : struct smb2srv_client_mc_negprot_state *state =
547 4998 : tevent_req_data(req,
548 : struct smb2srv_client_mc_negprot_state);
549 4998 : struct smbXsrv_connection *xconn = state->smb2req->xconn;
550 4998 : struct smbXsrv_client *client = xconn->client;
551 4998 : struct smbXsrv_client_table *table = client->table;
552 4998 : struct GUID client_guid = xconn->smb2.client.guid;
553 4998 : struct smbXsrv_client_global0 *global = NULL;
554 4998 : bool is_free = false;
555 4998 : struct tevent_req *subreq = NULL;
556 : NTSTATUS status;
557 4998 : uint32_t seqnum = 0;
558 4998 : struct server_id last_server_id = { .pid = 0, };
559 :
560 4998 : SMB_ASSERT(state->db_rec == NULL);
561 4998 : state->db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx,
562 : &client_guid,
563 : state);
564 4998 : if (state->db_rec == NULL) {
565 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_DB_ERROR);
566 0 : return;
567 : }
568 :
569 4998 : verify_again:
570 4998 : TALLOC_FREE(global);
571 :
572 4998 : smbXsrv_client_global_verify_record(state->db_rec,
573 : &is_free,
574 : NULL,
575 : state,
576 : &last_server_id,
577 : &global,
578 : &seqnum);
579 4998 : if (is_free) {
580 4948 : dbwrap_watched_watch_remove_instance(state->db_rec,
581 : state->watch_instance);
582 4948 : state->watch_instance = 0;
583 :
584 : /*
585 : * This stores the new client information in
586 : * smbXsrv_client_global.tdb
587 : */
588 4948 : client->global->client_guid = xconn->smb2.client.guid;
589 :
590 4948 : client->global->db_rec = state->db_rec;
591 4948 : state->db_rec = NULL;
592 4948 : status = smbXsrv_client_global_store(client->global);
593 4948 : SMB_ASSERT(client->global->db_rec == NULL);
594 4948 : if (!NT_STATUS_IS_OK(status)) {
595 : struct GUID_txt_buf buf;
596 0 : DBG_ERR("client_guid[%s] store failed - %s\n",
597 : GUID_buf_string(&client->global->client_guid,
598 : &buf),
599 : nt_errstr(status));
600 0 : tevent_req_nterror(req, status);
601 0 : return;
602 : }
603 :
604 4948 : if (DEBUGLVL(DBGLVL_DEBUG)) {
605 0 : struct smbXsrv_clientB client_blob = {
606 : .version = SMBXSRV_VERSION_0,
607 : .info.info0 = client,
608 : };
609 : struct GUID_txt_buf buf;
610 :
611 0 : DBG_DEBUG("client_guid[%s] stored\n",
612 : GUID_buf_string(&client->global->client_guid,
613 : &buf));
614 0 : NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
615 : }
616 :
617 4948 : xconn->smb2.client.guid_verified = true;
618 4948 : tevent_req_done(req);
619 4948 : return;
620 : }
621 :
622 50 : if (global == NULL) {
623 : /*
624 : * most likely ndr_pull_struct_blob() failed
625 : */
626 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_DB_CORRUPTION);
627 0 : return;
628 : }
629 :
630 50 : if (server_id_equal(&state->sent_server_id, &global->server_id)) {
631 : /*
632 : * We hit a race with other concurrent connections,
633 : * which have woken us.
634 : *
635 : * We already sent the pass or drop message to
636 : * the process, so we need to wait for a
637 : * response and not pass the connection
638 : * again! Otherwise the process would
639 : * receive the same tcp connection via
640 : * more than one file descriptor and
641 : * create more than one smbXsrv_connection
642 : * structure for the same tcp connection,
643 : * which means the client would see more
644 : * than one SMB2 negprot response to its
645 : * single SMB2 netprot request and we
646 : * as server get the session keys and
647 : * message id validation wrong
648 : */
649 0 : goto watch_again;
650 : }
651 :
652 50 : server_id_set_disconnected(&state->sent_server_id);
653 :
654 : /*
655 : * If last_server_id is set, we expect
656 : * smbXsrv_client_global_verify_record()
657 : * to detect the already dead global->server_id
658 : * as state->db_rec is still locked and its
659 : * value didn't change.
660 : */
661 50 : SMB_ASSERT(last_server_id.pid == 0);
662 50 : last_server_id = global->server_id;
663 :
664 50 : TALLOC_FREE(state->filter_subreq);
665 50 : if (procid_is_local(&global->server_id)) {
666 50 : subreq = messaging_filtered_read_send(state,
667 : state->ev,
668 : client->msg_ctx,
669 : smb2srv_client_mc_negprot_filter,
670 : NULL);
671 50 : if (tevent_req_nomem(subreq, req)) {
672 0 : return;
673 : }
674 50 : tevent_req_set_callback(subreq, smb2srv_client_mc_negprot_done, req);
675 50 : state->filter_subreq = subreq;
676 : }
677 :
678 50 : if (procid_is_local(&global->server_id)) {
679 50 : status = smb2srv_client_connection_pass(state->smb2req,
680 : global);
681 50 : if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
682 : /*
683 : * We remembered last_server_id = global->server_id
684 : * above, so we'll treat it as dead in the
685 : * next round to smbXsrv_client_global_verify_record().
686 : */
687 0 : goto verify_again;
688 : }
689 50 : state->sent_server_id = global->server_id;
690 50 : if (tevent_req_nterror(req, status)) {
691 0 : return;
692 : }
693 : } else {
694 0 : status = smb2srv_client_connection_drop(state->smb2req,
695 : global);
696 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
697 : /*
698 : * We remembered last_server_id = global->server_id
699 : * above, so we'll treat it as dead in the
700 : * next round to smbXsrv_client_global_verify_record().
701 : */
702 0 : goto verify_again;
703 : }
704 0 : state->sent_server_id = global->server_id;
705 0 : if (tevent_req_nterror(req, status)) {
706 0 : return;
707 : }
708 : }
709 :
710 0 : watch_again:
711 :
712 : /*
713 : * If the record changed, but we are not happy with the change yet,
714 : * we better remove ourself from the waiter list
715 : * (most likely the first position)
716 : * and re-add us at the end of the list.
717 : *
718 : * This gives other waiters a change
719 : * to make progress.
720 : *
721 : * Otherwise we'll keep our waiter instance alive,
722 : * keep waiting (most likely at first position).
723 : * It means the order of watchers stays fair.
724 : */
725 50 : if (state->last_seqnum != seqnum) {
726 50 : state->last_seqnum = seqnum;
727 50 : dbwrap_watched_watch_remove_instance(state->db_rec,
728 : state->watch_instance);
729 50 : state->watch_instance =
730 50 : dbwrap_watched_watch_add_instance(state->db_rec);
731 : }
732 :
733 50 : subreq = dbwrap_watched_watch_send(state,
734 : state->ev,
735 : state->db_rec,
736 : state->watch_instance,
737 50 : global->server_id);
738 50 : if (tevent_req_nomem(subreq, req)) {
739 0 : return;
740 : }
741 50 : tevent_req_set_callback(subreq, smb2srv_client_mc_negprot_watched, req);
742 :
743 50 : TALLOC_FREE(global);
744 50 : TALLOC_FREE(state->db_rec);
745 50 : return;
746 : }
747 :
748 50 : static bool smb2srv_client_mc_negprot_filter(struct messaging_rec *rec, void *private_data)
749 : {
750 50 : if (rec->msg_type != MSG_SMBXSRV_CONNECTION_PASSED) {
751 0 : return false;
752 : }
753 :
754 50 : if (rec->num_fds != 0) {
755 0 : return false;
756 : }
757 :
758 50 : return true;
759 : }
760 :
761 50 : static void smb2srv_client_mc_negprot_done(struct tevent_req *subreq)
762 : {
763 25 : struct tevent_req *req =
764 50 : tevent_req_callback_data(subreq,
765 : struct tevent_req);
766 25 : struct smb2srv_client_mc_negprot_state *state =
767 50 : tevent_req_data(req,
768 : struct smb2srv_client_mc_negprot_state);
769 50 : struct smbXsrv_connection *xconn = state->smb2req->xconn;
770 50 : struct smbXsrv_client *client = xconn->client;
771 50 : struct messaging_rec *rec = NULL;
772 : struct smbXsrv_connection_passB passed_blob;
773 : enum ndr_err_code ndr_err;
774 50 : struct smbXsrv_connection_pass0 *passed_info0 = NULL;
775 : NTSTATUS status;
776 : int ret;
777 :
778 50 : SMB_ASSERT(state->filter_subreq == subreq);
779 50 : state->filter_subreq = NULL;
780 :
781 50 : ret = messaging_filtered_read_recv(subreq, state, &rec);
782 50 : TALLOC_FREE(subreq);
783 50 : if (ret != 0) {
784 0 : status = map_nt_error_from_unix_common(ret);
785 0 : DBG_ERR("messaging_filtered_read_recv() - %s\n",
786 : nt_errstr(status));
787 0 : tevent_req_nterror(req, status);
788 0 : return;
789 : }
790 :
791 50 : DBG_DEBUG("MSG_SMBXSRV_CONNECTION_PASSED: received...\n");
792 :
793 50 : ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &passed_blob,
794 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_passB);
795 50 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
796 0 : status = ndr_map_error2ntstatus(ndr_err);
797 0 : DBG_ERR("ndr_pull_struct_blob - %s\n", nt_errstr(status));
798 0 : tevent_req_nterror(req, status);
799 0 : return;
800 : }
801 :
802 50 : if (DEBUGLVL(DBGLVL_DEBUG)) {
803 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
804 : }
805 :
806 50 : if (passed_blob.version != SMBXSRV_VERSION_0) {
807 0 : DBG_ERR("ignore invalid version %u\n", passed_blob.version);
808 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
809 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
810 0 : return;
811 : }
812 :
813 50 : passed_info0 = passed_blob.info.info0;
814 50 : if (passed_info0 == NULL) {
815 0 : DBG_ERR("ignore NULL info %u\n", passed_blob.version);
816 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
817 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
818 0 : return;
819 : }
820 :
821 50 : if (!GUID_equal(&xconn->smb2.client.guid, &passed_info0->client_guid)) {
822 : struct GUID_txt_buf buf1, buf2;
823 :
824 0 : DBG_ERR("client's client_guid [%s] != passed guid [%s]\n",
825 : GUID_buf_string(&xconn->smb2.client.guid,
826 : &buf1),
827 : GUID_buf_string(&passed_info0->client_guid,
828 : &buf2));
829 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
830 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
831 0 : return;
832 : }
833 :
834 75 : if (client->global->initial_connect_time !=
835 50 : passed_info0->xconn_connect_time)
836 : {
837 0 : DBG_ERR("client's initial connect time [%s] (%llu) != "
838 : "passed xconn connect time [%s] (%llu)\n",
839 : nt_time_string(talloc_tos(),
840 : client->global->initial_connect_time),
841 : (unsigned long long)client->global->initial_connect_time,
842 : nt_time_string(talloc_tos(),
843 : passed_info0->xconn_connect_time),
844 : (unsigned long long)passed_info0->xconn_connect_time);
845 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
846 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
847 0 : return;
848 : }
849 :
850 50 : if (passed_info0->negotiate_request.length != 0) {
851 0 : DBG_ERR("negotiate_request.length[%zu]\n",
852 : passed_info0->negotiate_request.length);
853 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
854 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
855 0 : return;
856 : }
857 :
858 50 : tevent_req_nterror(req, NT_STATUS_MESSAGE_RETRIEVED);
859 : }
860 :
861 0 : static void smb2srv_client_mc_negprot_watched(struct tevent_req *subreq)
862 : {
863 0 : struct tevent_req *req =
864 0 : tevent_req_callback_data(subreq,
865 : struct tevent_req);
866 0 : struct smb2srv_client_mc_negprot_state *state =
867 0 : tevent_req_data(req,
868 : struct smb2srv_client_mc_negprot_state);
869 : NTSTATUS status;
870 0 : uint64_t instance = 0;
871 :
872 0 : status = dbwrap_watched_watch_recv(subreq, &instance, NULL, NULL);
873 0 : TALLOC_FREE(subreq);
874 0 : if (tevent_req_nterror(req, status)) {
875 0 : return;
876 : }
877 :
878 0 : state->watch_instance = instance;
879 :
880 0 : smb2srv_client_mc_negprot_next(req);
881 : }
882 :
883 4998 : NTSTATUS smb2srv_client_mc_negprot_recv(struct tevent_req *req)
884 : {
885 4998 : return tevent_req_simple_recv_ntstatus(req);
886 : }
887 :
888 4948 : static NTSTATUS smbXsrv_client_global_remove(struct smbXsrv_client_global0 *global)
889 : {
890 : TDB_DATA key;
891 : NTSTATUS status;
892 :
893 : /*
894 : * TODO: if we use other versions than '0'
895 : * we would add glue code here, that would be able to
896 : * store the information in the old format.
897 : */
898 :
899 4948 : if (global->db_rec == NULL) {
900 0 : return NT_STATUS_INTERNAL_ERROR;
901 : }
902 :
903 4948 : key = dbwrap_record_get_key(global->db_rec);
904 :
905 4948 : status = dbwrap_record_delete(global->db_rec);
906 4948 : if (!NT_STATUS_IS_OK(status)) {
907 0 : DBG_WARNING("key '%s' delete - %s\n",
908 : hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
909 : nt_errstr(status));
910 0 : TALLOC_FREE(global->db_rec);
911 0 : return status;
912 : }
913 4948 : global->stored = false;
914 4948 : DBG_DEBUG("key '%s' delete\n",
915 : hex_encode_talloc(global->db_rec, key.dptr, key.dsize));
916 :
917 4948 : TALLOC_FREE(global->db_rec);
918 :
919 4948 : return NT_STATUS_OK;
920 : }
921 :
922 5270 : static int smbXsrv_client_destructor(struct smbXsrv_client *client)
923 : {
924 : NTSTATUS status;
925 :
926 5270 : status = smbXsrv_client_remove(client);
927 5270 : if (!NT_STATUS_IS_OK(status)) {
928 0 : DBG_ERR("smbXsrv_client_remove() failed: %s\n",
929 : nt_errstr(status));
930 : }
931 :
932 5270 : TALLOC_FREE(client->global);
933 :
934 5270 : return 0;
935 : }
936 :
937 : static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data);
938 : static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq);
939 : static bool smbXsrv_client_connection_drop_filter(struct messaging_rec *rec, void *private_data);
940 : static void smbXsrv_client_connection_drop_loop(struct tevent_req *subreq);
941 :
942 5270 : NTSTATUS smbXsrv_client_create(TALLOC_CTX *mem_ctx,
943 : struct tevent_context *ev_ctx,
944 : struct messaging_context *msg_ctx,
945 : NTTIME now,
946 : struct smbXsrv_client **_client)
947 : {
948 : struct smbXsrv_client_table *table;
949 5270 : struct smbXsrv_client *client = NULL;
950 5270 : struct smbXsrv_client_global0 *global = NULL;
951 : NTSTATUS status;
952 5270 : struct tevent_req *subreq = NULL;
953 :
954 5270 : status = smbXsrv_client_table_create(mem_ctx,
955 : msg_ctx,
956 : 1, /* max_clients */
957 : &table);
958 5270 : if (!NT_STATUS_IS_OK(status)) {
959 0 : return status;
960 : }
961 :
962 5270 : if (table->local.num_clients >= table->local.max_clients) {
963 0 : TALLOC_FREE(table);
964 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
965 : }
966 :
967 5270 : client = talloc_zero(mem_ctx, struct smbXsrv_client);
968 5270 : if (client == NULL) {
969 0 : TALLOC_FREE(table);
970 0 : return NT_STATUS_NO_MEMORY;
971 : }
972 5270 : client->raw_ev_ctx = ev_ctx;
973 5270 : client->msg_ctx = msg_ctx;
974 :
975 5270 : client->server_multi_channel_enabled =
976 5270 : smbXsrv_server_multi_channel_enabled();
977 5270 : if (client->server_multi_channel_enabled) {
978 5270 : client->next_channel_id = 1;
979 : }
980 5270 : client->table = talloc_move(client, &table);
981 5270 : table = client->table;
982 :
983 5270 : global = talloc_zero(client, struct smbXsrv_client_global0);
984 5270 : if (global == NULL) {
985 0 : TALLOC_FREE(client);
986 0 : return NT_STATUS_NO_MEMORY;
987 : }
988 5270 : talloc_set_destructor(global, smbXsrv_client_global_destructor);
989 5270 : client->global = global;
990 :
991 5270 : global->initial_connect_time = now;
992 :
993 5270 : global->server_id = messaging_server_id(client->msg_ctx);
994 :
995 5270 : table->local.num_clients += 1;
996 :
997 5270 : talloc_set_destructor(client, smbXsrv_client_destructor);
998 :
999 5270 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1000 0 : struct smbXsrv_clientB client_blob = {
1001 : .version = SMBXSRV_VERSION_0,
1002 : .info.info0 = client,
1003 : };
1004 : struct GUID_txt_buf buf;
1005 :
1006 0 : DBG_DEBUG("client_guid[%s] created\n",
1007 : GUID_buf_string(&global->client_guid, &buf));
1008 0 : NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
1009 : }
1010 :
1011 5270 : subreq = messaging_filtered_read_send(client,
1012 : client->raw_ev_ctx,
1013 : client->msg_ctx,
1014 : smbXsrv_client_connection_pass_filter,
1015 : client);
1016 5270 : if (subreq == NULL) {
1017 0 : TALLOC_FREE(client);
1018 0 : return NT_STATUS_NO_MEMORY;
1019 : }
1020 5270 : tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
1021 5270 : client->connection_pass_subreq = subreq;
1022 :
1023 5270 : subreq = messaging_filtered_read_send(client,
1024 : client->raw_ev_ctx,
1025 : client->msg_ctx,
1026 : smbXsrv_client_connection_drop_filter,
1027 : client);
1028 5270 : if (subreq == NULL) {
1029 0 : TALLOC_FREE(client);
1030 0 : return NT_STATUS_NO_MEMORY;
1031 : }
1032 5270 : tevent_req_set_callback(subreq, smbXsrv_client_connection_drop_loop, client);
1033 5270 : client->connection_drop_subreq = subreq;
1034 :
1035 5270 : *_client = client;
1036 5270 : return NT_STATUS_OK;
1037 : }
1038 :
1039 50 : static NTSTATUS smb2srv_client_connection_passed(struct smbXsrv_client *client,
1040 : const struct smbXsrv_connection_pass0 *recv_info0)
1041 : {
1042 : DATA_BLOB blob;
1043 : enum ndr_err_code ndr_err;
1044 : NTSTATUS status;
1045 : struct smbXsrv_connection_pass0 passed_info0;
1046 : struct smbXsrv_connection_passB passed_blob;
1047 : struct iovec iov;
1048 :
1049 : /*
1050 : * We echo back the message with a cleared negotiate_request
1051 : */
1052 50 : passed_info0 = *recv_info0;
1053 50 : passed_info0.negotiate_request = data_blob_null;
1054 :
1055 50 : ZERO_STRUCT(passed_blob);
1056 50 : passed_blob.version = smbXsrv_version_global_current();
1057 50 : passed_blob.info.info0 = &passed_info0;
1058 :
1059 50 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1060 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
1061 : }
1062 :
1063 50 : ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &passed_blob,
1064 : (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_passB);
1065 50 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1066 0 : status = ndr_map_error2ntstatus(ndr_err);
1067 0 : return status;
1068 : }
1069 :
1070 50 : iov.iov_base = blob.data;
1071 50 : iov.iov_len = blob.length;
1072 :
1073 50 : status = messaging_send_iov(client->msg_ctx,
1074 : recv_info0->src_server_id,
1075 : MSG_SMBXSRV_CONNECTION_PASSED,
1076 : &iov, 1,
1077 : NULL, 0);
1078 50 : data_blob_free(&blob);
1079 50 : if (!NT_STATUS_IS_OK(status)) {
1080 0 : return status;
1081 : }
1082 :
1083 50 : return NT_STATUS_OK;
1084 : }
1085 :
1086 708 : static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data)
1087 : {
1088 708 : if (rec->msg_type != MSG_SMBXSRV_CONNECTION_PASS) {
1089 658 : return false;
1090 : }
1091 :
1092 50 : if (rec->num_fds != 1) {
1093 0 : return false;
1094 : }
1095 :
1096 50 : return true;
1097 : }
1098 :
1099 50 : static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq)
1100 : {
1101 25 : struct smbXsrv_client *client =
1102 50 : tevent_req_callback_data(subreq,
1103 : struct smbXsrv_client);
1104 50 : struct smbXsrv_connection *xconn = NULL;
1105 : int ret;
1106 50 : struct messaging_rec *rec = NULL;
1107 : struct smbXsrv_connection_passB pass_blob;
1108 : enum ndr_err_code ndr_err;
1109 50 : struct smbXsrv_connection_pass0 *pass_info0 = NULL;
1110 : NTSTATUS status;
1111 50 : int sock_fd = -1;
1112 : uint64_t seq_low;
1113 :
1114 50 : client->connection_pass_subreq = NULL;
1115 :
1116 50 : ret = messaging_filtered_read_recv(subreq, talloc_tos(), &rec);
1117 50 : TALLOC_FREE(subreq);
1118 50 : if (ret != 0) {
1119 0 : goto next;
1120 : }
1121 :
1122 50 : if (rec->num_fds != 1) {
1123 0 : DBG_ERR("MSG_SMBXSRV_CONNECTION_PASS: num_fds[%u]\n",
1124 : rec->num_fds);
1125 0 : goto next;
1126 : }
1127 :
1128 50 : sock_fd = rec->fds[0];
1129 50 : DBG_DEBUG("MSG_SMBXSRV_CONNECTION_PASS: got sock_fd[%d]\n", sock_fd);
1130 :
1131 50 : ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &pass_blob,
1132 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_passB);
1133 50 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1134 0 : status = ndr_map_error2ntstatus(ndr_err);
1135 0 : DBG_WARNING("ndr_pull_struct_blob - %s\n", nt_errstr(status));
1136 0 : goto next;
1137 : }
1138 :
1139 50 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1140 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1141 : }
1142 :
1143 50 : if (pass_blob.version != SMBXSRV_VERSION_0) {
1144 0 : DBG_ERR("ignore invalid version %u\n", pass_blob.version);
1145 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1146 0 : goto next;
1147 : }
1148 :
1149 50 : pass_info0 = pass_blob.info.info0;
1150 50 : if (pass_info0 == NULL) {
1151 0 : DBG_ERR("ignore NULL info %u\n", pass_blob.version);
1152 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1153 0 : goto next;
1154 : }
1155 :
1156 50 : if (!GUID_equal(&client->global->client_guid, &pass_info0->client_guid))
1157 : {
1158 : struct GUID_txt_buf buf1, buf2;
1159 :
1160 0 : DBG_WARNING("client's client_guid [%s] != passed guid [%s]\n",
1161 : GUID_buf_string(&client->global->client_guid,
1162 : &buf1),
1163 : GUID_buf_string(&pass_info0->client_guid,
1164 : &buf2));
1165 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
1166 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1167 : }
1168 0 : goto next;
1169 : }
1170 :
1171 75 : if (client->global->initial_connect_time !=
1172 50 : pass_info0->client_connect_time)
1173 : {
1174 0 : DBG_WARNING("client's initial connect time [%s] (%llu) != "
1175 : "passed initial connect time [%s] (%llu)\n",
1176 : nt_time_string(talloc_tos(),
1177 : client->global->initial_connect_time),
1178 : (unsigned long long)client->global->initial_connect_time,
1179 : nt_time_string(talloc_tos(),
1180 : pass_info0->client_connect_time),
1181 : (unsigned long long)pass_info0->client_connect_time);
1182 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
1183 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1184 : }
1185 0 : goto next;
1186 : }
1187 :
1188 50 : if (pass_info0->negotiate_request.length < SMB2_HDR_BODY) {
1189 0 : DBG_WARNING("negotiate_request.length[%zu]\n",
1190 : pass_info0->negotiate_request.length);
1191 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
1192 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1193 : }
1194 0 : goto next;
1195 : }
1196 :
1197 50 : status = smb2srv_client_connection_passed(client, pass_info0);
1198 50 : if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1199 : /*
1200 : * We hit a race where, the client dropped the connection
1201 : * while the socket was passed to us and the origin
1202 : * process already existed.
1203 : */
1204 0 : DBG_DEBUG("smb2srv_client_connection_passed() ignore %s\n",
1205 : nt_errstr(status));
1206 0 : status = NT_STATUS_OK;
1207 : }
1208 50 : if (!NT_STATUS_IS_OK(status)) {
1209 0 : const char *r = "smb2srv_client_connection_passed() failed";
1210 0 : DBG_ERR("%s => %s\n", r, nt_errstr(status));
1211 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1212 0 : exit_server_cleanly(r);
1213 : return;
1214 : }
1215 :
1216 50 : status = smbd_add_connection(client,
1217 : sock_fd,
1218 : pass_info0->xconn_connect_time,
1219 : &xconn);
1220 50 : if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
1221 0 : rec->num_fds = 0;
1222 0 : smbd_server_connection_terminate(xconn, nt_errstr(status));
1223 : }
1224 50 : if (!NT_STATUS_IS_OK(status)) {
1225 0 : DBG_ERR("smbd_add_connection => %s\n", nt_errstr(status));
1226 0 : NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
1227 0 : goto next;
1228 : }
1229 50 : rec->num_fds = 0;
1230 :
1231 : /*
1232 : * Set seq_low to mid received in negprot
1233 : */
1234 50 : seq_low = BVAL(pass_info0->negotiate_request.data,
1235 : SMB2_HDR_MESSAGE_ID);
1236 :
1237 50 : xconn->smb2.client.guid_verified = true;
1238 75 : smbd_smb2_process_negprot(xconn, seq_low,
1239 50 : pass_info0->negotiate_request.data,
1240 : pass_info0->negotiate_request.length);
1241 :
1242 50 : next:
1243 50 : if (rec != NULL) {
1244 : uint8_t fd_idx;
1245 :
1246 50 : for (fd_idx = 0; fd_idx < rec->num_fds; fd_idx++) {
1247 0 : sock_fd = rec->fds[fd_idx];
1248 0 : close(sock_fd);
1249 : }
1250 50 : rec->num_fds = 0;
1251 :
1252 50 : TALLOC_FREE(rec);
1253 : }
1254 :
1255 50 : subreq = messaging_filtered_read_send(client,
1256 : client->raw_ev_ctx,
1257 : client->msg_ctx,
1258 : smbXsrv_client_connection_pass_filter,
1259 : client);
1260 50 : if (subreq == NULL) {
1261 : const char *r;
1262 0 : r = "messaging_read_send(MSG_SMBXSRV_CONNECTION_PASS failed";
1263 0 : exit_server_cleanly(r);
1264 : return;
1265 : }
1266 50 : tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
1267 50 : client->connection_pass_subreq = subreq;
1268 25 : }
1269 :
1270 662 : static bool smbXsrv_client_connection_drop_filter(struct messaging_rec *rec, void *private_data)
1271 : {
1272 662 : if (rec->msg_type != MSG_SMBXSRV_CONNECTION_DROP) {
1273 662 : return false;
1274 : }
1275 :
1276 0 : if (rec->num_fds != 0) {
1277 0 : return false;
1278 : }
1279 :
1280 0 : return true;
1281 : }
1282 :
1283 0 : static void smbXsrv_client_connection_drop_loop(struct tevent_req *subreq)
1284 : {
1285 0 : struct smbXsrv_client *client =
1286 0 : tevent_req_callback_data(subreq,
1287 : struct smbXsrv_client);
1288 : int ret;
1289 0 : struct messaging_rec *rec = NULL;
1290 : struct smbXsrv_connection_dropB drop_blob;
1291 : enum ndr_err_code ndr_err;
1292 0 : struct smbXsrv_connection_drop0 *drop_info0 = NULL;
1293 0 : struct server_id_buf src_server_id_buf = {};
1294 : NTSTATUS status;
1295 :
1296 0 : client->connection_drop_subreq = NULL;
1297 :
1298 0 : ret = messaging_filtered_read_recv(subreq, talloc_tos(), &rec);
1299 0 : TALLOC_FREE(subreq);
1300 0 : if (ret != 0) {
1301 0 : goto next;
1302 : }
1303 :
1304 0 : if (rec->num_fds != 0) {
1305 0 : DBG_ERR("MSG_SMBXSRV_CONNECTION_DROP: num_fds[%u]\n",
1306 : rec->num_fds);
1307 0 : goto next;
1308 : }
1309 :
1310 0 : ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &drop_blob,
1311 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_dropB);
1312 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1313 0 : status = ndr_map_error2ntstatus(ndr_err);
1314 0 : DBG_WARNING("ndr_pull_struct_blob - %s\n", nt_errstr(status));
1315 0 : goto next;
1316 : }
1317 :
1318 0 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1319 0 : NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1320 : }
1321 :
1322 0 : if (drop_blob.version != SMBXSRV_VERSION_0) {
1323 0 : DBG_ERR("ignore invalid version %u\n", drop_blob.version);
1324 0 : NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1325 0 : goto next;
1326 : }
1327 :
1328 0 : drop_info0 = drop_blob.info.info0;
1329 0 : if (drop_info0 == NULL) {
1330 0 : DBG_ERR("ignore NULL info %u\n", drop_blob.version);
1331 0 : NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1332 0 : goto next;
1333 : }
1334 :
1335 0 : if (!GUID_equal(&client->global->client_guid, &drop_info0->client_guid))
1336 : {
1337 : struct GUID_txt_buf buf1, buf2;
1338 :
1339 0 : DBG_WARNING("client's client_guid [%s] != droped guid [%s]\n",
1340 : GUID_buf_string(&client->global->client_guid,
1341 : &buf1),
1342 : GUID_buf_string(&drop_info0->client_guid,
1343 : &buf2));
1344 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
1345 0 : NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1346 : }
1347 0 : goto next;
1348 : }
1349 :
1350 0 : if (client->global->initial_connect_time !=
1351 0 : drop_info0->client_connect_time)
1352 : {
1353 0 : DBG_WARNING("client's initial connect time [%s] (%llu) != "
1354 : "droped initial connect time [%s] (%llu)\n",
1355 : nt_time_string(talloc_tos(),
1356 : client->global->initial_connect_time),
1357 : (unsigned long long)client->global->initial_connect_time,
1358 : nt_time_string(talloc_tos(),
1359 : drop_info0->client_connect_time),
1360 : (unsigned long long)drop_info0->client_connect_time);
1361 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
1362 0 : NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
1363 : }
1364 0 : goto next;
1365 : }
1366 :
1367 : /*
1368 : * Disconnect all client connections, which means we will tear down all
1369 : * sessions, tcons and non-durable opens. At the end we will remove our
1370 : * smbXsrv_client_global.tdb record, which will wake up the watcher on
1371 : * the other node in order to let it take over the client.
1372 : *
1373 : * The client will have to reopen all sessions, tcons and durable opens.
1374 : */
1375 0 : smbd_server_disconnect_client(client,
1376 : server_id_str_buf(drop_info0->src_server_id, &src_server_id_buf));
1377 0 : return;
1378 :
1379 0 : next:
1380 0 : if (rec != NULL) {
1381 : int sock_fd;
1382 : uint8_t fd_idx;
1383 :
1384 0 : for (fd_idx = 0; fd_idx < rec->num_fds; fd_idx++) {
1385 0 : sock_fd = rec->fds[fd_idx];
1386 0 : close(sock_fd);
1387 : }
1388 0 : rec->num_fds = 0;
1389 :
1390 0 : TALLOC_FREE(rec);
1391 : }
1392 :
1393 0 : subreq = messaging_filtered_read_send(client,
1394 : client->raw_ev_ctx,
1395 : client->msg_ctx,
1396 : smbXsrv_client_connection_drop_filter,
1397 : client);
1398 0 : if (subreq == NULL) {
1399 : const char *r;
1400 0 : r = "messaging_read_send(MSG_SMBXSRV_CONNECTION_DROP failed";
1401 0 : exit_server_cleanly(r);
1402 : return;
1403 : }
1404 0 : tevent_req_set_callback(subreq, smbXsrv_client_connection_drop_loop, client);
1405 0 : client->connection_drop_subreq = subreq;
1406 : }
1407 :
1408 10540 : NTSTATUS smbXsrv_client_remove(struct smbXsrv_client *client)
1409 : {
1410 10540 : struct smbXsrv_client_table *table = client->table;
1411 : NTSTATUS status;
1412 :
1413 10540 : if (client->global->db_rec != NULL) {
1414 : struct GUID_txt_buf buf;
1415 0 : DBG_ERR("client_guid[%s]: Called with db_rec != NULL'\n",
1416 : GUID_buf_string(&client->global->client_guid,
1417 : &buf));
1418 0 : return NT_STATUS_INTERNAL_ERROR;
1419 : }
1420 :
1421 10540 : if (!client->global->stored) {
1422 5592 : return NT_STATUS_OK;
1423 : }
1424 :
1425 4948 : TALLOC_FREE(client->connection_pass_subreq);
1426 4948 : TALLOC_FREE(client->connection_drop_subreq);
1427 :
1428 6445 : client->global->db_rec = smbXsrv_client_global_fetch_locked(
1429 : table->global.db_ctx,
1430 4948 : &client->global->client_guid,
1431 4948 : client->global /* TALLOC_CTX */);
1432 4948 : if (client->global->db_rec == NULL) {
1433 0 : return NT_STATUS_INTERNAL_DB_ERROR;
1434 : }
1435 :
1436 4948 : status = smbXsrv_client_global_remove(client->global);
1437 4948 : if (!NT_STATUS_IS_OK(status)) {
1438 : struct GUID_txt_buf buf;
1439 0 : DBG_ERR("client_guid[%s] store failed - %s\n",
1440 : GUID_buf_string(&client->global->client_guid, &buf),
1441 : nt_errstr(status));
1442 0 : return status;
1443 : }
1444 :
1445 4948 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1446 0 : struct smbXsrv_clientB client_blob = {
1447 : .version = SMBXSRV_VERSION_0,
1448 : .info.info0 = client,
1449 : };
1450 : struct GUID_txt_buf buf;
1451 :
1452 0 : DBG_DEBUG("client_guid[%s] stored\n",
1453 : GUID_buf_string(&client->global->client_guid, &buf));
1454 0 : NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
1455 : }
1456 :
1457 4948 : return NT_STATUS_OK;
1458 : }
|
