diff options
-rw-r--r-- | source3/lib/access.c | 6 | ||||
-rw-r--r-- | source3/lib/util.c | 53 | ||||
-rw-r--r-- | source3/lib/util_sock.c | 154 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 23 | ||||
-rw-r--r-- | source3/nmbd/nmbd.c | 1 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 2 | ||||
-rw-r--r-- | source3/smbd/blocking.c | 5 | ||||
-rw-r--r-- | source3/smbd/connection.c | 6 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 7 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 10 | ||||
-rw-r--r-- | source3/smbd/oplock.c | 10 | ||||
-rw-r--r-- | source3/smbd/password.c | 6 | ||||
-rw-r--r-- | source3/smbd/process.c | 26 | ||||
-rw-r--r-- | source3/smbd/reply.c | 25 | ||||
-rw-r--r-- | source3/smbd/server.c | 51 | ||||
-rw-r--r-- | source3/smbd/service.c | 8 | ||||
-rw-r--r-- | source3/smbd/ssl.c | 6 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 7 | ||||
-rw-r--r-- | source3/web/cgi.c | 6 |
19 files changed, 195 insertions, 217 deletions
diff --git a/source3/lib/access.c b/source3/lib/access.c index 01f559750f..d646c0823b 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -253,13 +253,13 @@ BOOL check_access(int sock, char *allow_list, char *deny_list) if (!ret) { if (allow_access(deny_list,allow_list, - client_name(sock),client_addr(sock))) { + get_socket_name(sock),get_socket_addr(sock))) { DEBUG(2,("Allowed connection from %s (%s)\n", - client_name(sock),client_addr(sock))); + get_socket_name(sock),get_socket_addr(sock))); ret = True; } else { DEBUG(0,("Denied connection from %s (%s)\n", - client_name(sock),client_addr(sock))); + get_socket_name(sock),get_socket_addr(sock))); } } diff --git a/source3/lib/util.c b/source3/lib/util.c index 7d10f9ccd2..ebb89c9d89 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -65,9 +65,6 @@ int Protocol = PROTOCOL_COREPLUS; /* a default finfo structure to ensure all fields are sensible */ file_info def_finfo = {-1,0,0,0,0,0,0,""}; -/* the client file descriptor */ -extern int Client; - /* this is used by the chaining code */ int chain_size = 0; @@ -1610,52 +1607,6 @@ BOOL zero_ip(struct in_addr ip) } -/******************************************************************* - matchname - determine if host name matches IP address - ******************************************************************/ -BOOL matchname(char *remotehost,struct in_addr addr) -{ - struct hostent *hp; - int i; - - if ((hp = Get_Hostbyname(remotehost)) == 0) { - DEBUG(0,("Get_Hostbyname(%s): lookup failure.\n", remotehost)); - return False; - } - - /* - * Make sure that gethostbyname() returns the "correct" host name. - * Unfortunately, gethostbyname("localhost") sometimes yields - * "localhost.domain". Since the latter host name comes from the - * local DNS, we just have to trust it (all bets are off if the local - * DNS is perverted). We always check the address list, though. - */ - - if (strcasecmp(remotehost, hp->h_name) - && strcasecmp(remotehost, "localhost")) { - DEBUG(0,("host name/name mismatch: %s != %s\n", - remotehost, hp->h_name)); - return False; - } - - /* Look up the host address in the address list we just got. */ - for (i = 0; hp->h_addr_list[i]; i++) { - if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0) - return True; - } - - /* - * The host name does not map to the original host address. Perhaps - * someone has compromised a name server. More likely someone botched - * it, but that could be dangerous, too. - */ - - DEBUG(0,("host name/address mismatch: %s != %s\n", - inet_ntoa(addr), hp->h_name)); - return False; -} - - #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT)) /****************************************************************** Remove any mount options such as -rsize=2048,wsize=2048 etc. @@ -1953,9 +1904,9 @@ void standard_sub_basic(char *str) break; } case 'N' : string_sub(p,"%N", automount_server(username),l); break; - case 'I' : string_sub(p,"%I", client_addr(Client),l); break; + case 'I' : string_sub(p,"%I", client_addr(),l); break; case 'L' : string_sub(p,"%L", local_machine,l); break; - case 'M' : string_sub(p,"%M", client_name(Client),l); break; + case 'M' : string_sub(p,"%M", client_name(),l); break; case 'R' : string_sub(p,"%R", remote_proto,l); break; case 'T' : string_sub(p,"%T", timestring(False),l); break; case 'U' : string_sub(p,"%U", username,l); break; diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index fd5ed71c9c..bf02e40520 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -32,9 +32,6 @@ extern int DEBUGLEVEL; BOOL passive = False; -/* the client file descriptor */ -int Client = -1; - /* the last IP received from */ struct in_addr lastip; @@ -153,20 +150,6 @@ void set_socket_options(int fd, char *options) } /**************************************************************************** - Close the socket communication. -****************************************************************************/ - -void close_sockets(void ) -{ -#ifdef WITH_SSL - sslutil_disconnect(Client); -#endif /* WITH_SSL */ - - close(Client); - Client = -1; -} - -/**************************************************************************** Read from a socket. ****************************************************************************/ @@ -725,7 +708,6 @@ BOOL send_null_session_msg(int fd) if (ret <= 0) { DEBUG(0,("send_null_session_msg: Error writing %d bytes to client. %d. Exiting\n",(int)len,(int)ret)); - close_sockets(); exit(1); } nwritten += ret; @@ -752,7 +734,6 @@ BOOL send_smb(int fd,char *buffer) if (ret <= 0) { DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",(int)len,(int)ret)); - close_sockets(); exit(1); } nwritten += ret; @@ -951,14 +932,9 @@ connect_again: expanded if more variables need reseting. ******************************************************************/ -static BOOL global_client_name_done = False; -static BOOL global_client_addr_done = False; void reset_globals_after_fork(void) { - global_client_name_done = False; - global_client_addr_done = False; - /* * Re-seed the random crypto generator, so all smbd's * started from the same parent won't generate the same @@ -969,71 +945,120 @@ void reset_globals_after_fork(void) generate_random_buffer( &dummy, 1, True); } } - + +/* the following 3 client_*() functions are nasty ways of allowing + some generic functions to get info that really should be hidden in + particular modules */ +static int client_fd = -1; + +void client_setfd(int fd) +{ + client_fd = fd; +} + +char *client_name(void) +{ + return get_socket_name(client_fd); +} + +char *client_addr(void) +{ + return get_socket_addr(client_fd); +} + /******************************************************************* - return the DNS name of the client + matchname - determine if host name matches IP address. Used to + confirm a hostname lookup to prevent spoof attacks ******************************************************************/ - -char *client_name(int fd) +static BOOL matchname(char *remotehost,struct in_addr addr) { - struct sockaddr sa; - struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); - int length = sizeof(sa); - static pstring name_buf; struct hostent *hp; - static int last_fd=-1; + int i; - if (global_client_name_done && last_fd == fd) - return name_buf; + if ((hp = Get_Hostbyname(remotehost)) == 0) { + DEBUG(0,("Get_Hostbyname(%s): lookup failure.\n", remotehost)); + return False; + } + + /* + * Make sure that gethostbyname() returns the "correct" host name. + * Unfortunately, gethostbyname("localhost") sometimes yields + * "localhost.domain". Since the latter host name comes from the + * local DNS, we just have to trust it (all bets are off if the local + * DNS is perverted). We always check the address list, though. + */ - last_fd = fd; - global_client_name_done = False; - - pstrcpy(name_buf,"UNKNOWN"); - - if (fd == -1) { - return name_buf; + if (strcasecmp(remotehost, hp->h_name) + && strcasecmp(remotehost, "localhost")) { + DEBUG(0,("host name/name mismatch: %s != %s\n", + remotehost, hp->h_name)); + return False; } - if (getpeername(fd, &sa, &length) < 0) { - DEBUG(0,("getpeername failed. Error was %s\n", strerror(errno) )); - return name_buf; + /* Look up the host address in the address list we just got. */ + for (i = 0; hp->h_addr_list[i]; i++) { + if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0) + return True; } + /* + * The host name does not map to the original host address. Perhaps + * someone has compromised a name server. More likely someone botched + * it, but that could be dangerous, too. + */ + + DEBUG(0,("host name/address mismatch: %s != %s\n", + inet_ntoa(addr), hp->h_name)); + return False; +} + + +/******************************************************************* + return the DNS name of the remote end of a socket + ******************************************************************/ +char *get_socket_name(int fd) +{ + static pstring name_buf; + static fstring addr_buf; + struct hostent *hp; + struct in_addr addr; + char *p; + + p = get_socket_addr(fd); + + /* it might be the same as the last one - save some DNS work */ + if (strcmp(p, addr_buf) == 0) return name_buf; + + pstrcpy(name_buf,"UNKNOWN"); + if (fd == -1) return name_buf; + + fstrcpy(addr_buf, p); + + if (inet_aton(p, &addr) == 0) return name_buf; + /* Look up the remote host name. */ - if ((hp = gethostbyaddr((char *) &sockin->sin_addr, - sizeof(sockin->sin_addr), - AF_INET)) == 0) { - DEBUG(1,("Gethostbyaddr failed for %s\n",client_addr(fd))); - StrnCpy(name_buf,client_addr(fd),sizeof(name_buf) - 1); + if ((hp = gethostbyaddr((char *)&addr.s_addr, sizeof(addr.s_addr), AF_INET)) == 0) { + DEBUG(1,("Gethostbyaddr failed for %s\n",p)); + pstrcpy(name_buf, p); } else { - StrnCpy(name_buf,(char *)hp->h_name,sizeof(name_buf) - 1); - if (!matchname(name_buf, sockin->sin_addr)) { - DEBUG(0,("Matchname failed on %s %s\n",name_buf,client_addr(fd))); + pstrcpy(name_buf,(char *)hp->h_name); + if (!matchname(name_buf, addr)) { + DEBUG(0,("Matchname failed on %s %s\n",name_buf,p)); pstrcpy(name_buf,"UNKNOWN"); } } - global_client_name_done = True; return name_buf; } /******************************************************************* - return the IP addr of the client as a string + return the IP addr of the remote end of a socket as a string ******************************************************************/ - -char *client_addr(int fd) +char *get_socket_addr(int fd) { struct sockaddr sa; struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); int length = sizeof(sa); static fstring addr_buf; - static int last_fd = -1; - - if (global_client_addr_done && fd == last_fd) - return addr_buf; - - last_fd = fd; - global_client_addr_done = False; fstrcpy(addr_buf,"0.0.0.0"); @@ -1048,7 +1073,6 @@ char *client_addr(int fd) fstrcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr)); - global_client_addr_done = True; return addr_buf; } diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 29c228ecfa..6472cf0380 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -88,10 +88,9 @@ static BOOL cli_send_smb(struct cli_state *cli) } } if (ret <= 0) { - DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n", + DEBUG(0,("Error writing %d bytes to client. %d\n", (int)len,(int)ret)); - close_sockets(); - exit(1); + return False; } nwritten += ret; } @@ -1516,11 +1515,11 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t if (size2 > block) { DEBUG(0,("server returned more than we wanted!\n")); - exit(1); + return -1; } if (mid >= issued) { DEBUG(0,("invalid mid from server!\n")); - exit(1); + return -1; } p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6); @@ -2551,7 +2550,6 @@ retry: /* SESSION RETARGET */ putip((char *)&cli->dest_ip,cli->inbuf+4); - close_sockets(); cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT); if (cli->fd == -1) return False; @@ -2561,7 +2559,18 @@ retry: set_socket_options(cli->fd,user_socket_options); /* Try again */ - return cli_session_request(cli, calling, called); + { + static int depth; + BOOL ret; + if (depth > 4) { + DEBUG(0,("Retarget recursion - failing\n")); + return False; + } + depth++; + ret = cli_session_request(cli, calling, called); + depth--; + return ret; + } } /* C. Hoch 9/14/95 End */ #ifdef WITH_SSL diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 57d025c660..c7ebe48822 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -859,7 +859,6 @@ static void usage(char *pname) #endif /* SIGUSR2 */ process(); - close_sockets(); if (dbf) fclose(dbf); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 7f893e2633..a198b6b98a 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -276,7 +276,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) */ if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(), - client_name(Client), client_addr(Client))) + client_name(), client_addr())) { DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct)); return False; diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index c90f475b46..ea8d2fd053 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -21,7 +21,6 @@ #include "includes.h" extern int DEBUGLEVEL; -extern int Client; extern char *OutBuffer; /**************************************************************************** @@ -134,7 +133,7 @@ static void send_blocking_reply(char *outbuf, int outsize) if(outsize > 4) smb_setlen(outbuf,outsize - 4); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } /**************************************************************************** @@ -180,7 +179,7 @@ static void generic_blocking_lock_error(blocking_lock_record *blr, int eclass, i SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); ERROR(eclass,ecode); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } /**************************************************************************** diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index c796fee8b5..9c859e4d89 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -71,7 +71,6 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO struct connections_key key; struct connections_data crec; TDB_DATA kbuf, dbuf; - extern int Client; if (max_connections <= 0) return(True); @@ -106,7 +105,7 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO crec.start = time(NULL); StrnCpy(crec.machine,remote_machine,sizeof(crec.machine)-1); - StrnCpy(crec.addr,conn?conn->client_address:client_addr(Client),sizeof(crec.addr)-1); + StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1); dbuf.dptr = (char *)&crec; dbuf.dsize = sizeof(crec); @@ -343,7 +342,6 @@ static void utmp_yield(pid_t pid, const connection_struct *conn) static void utmp_claim(const struct connect_record *crec, const connection_struct *conn) { - extern int Client; struct utmp u; if (conn == NULL) { @@ -359,7 +357,7 @@ static void utmp_claim(const struct connect_record *crec, const connection_struc DEBUG(2,("utmp_claim: conn: user:%s cnum:%d i:%d\n", conn->user, conn->cnum, i)); DEBUG(2,("utmp_claim: crec: pid:%d, cnum:%d name:%s addr:%s mach:%s DNS:%s\n", - crec->pid, crec->cnum, crec->name, crec->addr, crec->machine, client_name(Client))); + crec->pid, crec->cnum, crec->name, crec->addr, crec->machine, client_name())); memset((char *)&u, '\0', sizeof(struct utmp)); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 271b0e253b..46ef677f38 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -58,7 +58,6 @@ extern fstring global_myworkgroup; #define SNLEN 15 /* service name length */ #define QNLEN 12 /* queue name maximum length */ -extern int Client; extern int smb_read_error; static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, @@ -212,7 +211,7 @@ static void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv9,0); show_msg(outbuf); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -245,7 +244,7 @@ static void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv9,0); show_msg(outbuf); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); tot_data_sent += this_ldata; tot_param_sent += this_lparam; @@ -3608,7 +3607,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int of the parameter/data bytes */ outsize = set_message(outbuf,0,0,True); show_msg(outbuf); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } /* receive the rest of the trans packet */ diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 54e67f5593..bd77f17802 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -24,7 +24,6 @@ extern int DEBUGLEVEL; extern int Protocol; -extern int Client; extern int smb_read_error; extern int global_oplock_break; extern BOOL case_sensitive; @@ -88,7 +87,7 @@ static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_err */ if(params_to_send == 0 && data_to_send == 0) { - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); return 0; } @@ -217,7 +216,7 @@ static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_err params_to_send, data_to_send, paramsize, datasize)); /* Send the packet */ - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); pp += params_sent_thistime; pd += data_sent_thistime; @@ -1422,7 +1421,6 @@ static ubi_slList change_notify_queue = { NULL, (ubi_slNodePtr)&change_notify_qu static void change_notify_reply_packet(char *inbuf, int error_class, uint32 error_code) { - extern int Client; char outbuf[smb_size+38]; memset(outbuf, '\0', sizeof(outbuf)); @@ -1447,7 +1445,7 @@ static void change_notify_reply_packet(char *inbuf, int error_class, uint32 erro */ set_message(outbuf,18,0,False); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } /**************************************************************************** @@ -2589,7 +2587,7 @@ due to being in oplock break state.\n" )); /* We need to send an interim response then receive the rest of the parameter/data bytes */ outsize = set_message(outbuf,0,0,True); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { BOOL ret; diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index 218961d88c..e794d2d923 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -753,7 +753,6 @@ static files_struct *initial_break_processing(SMB_DEV_T dev, SMB_INO_T inode, st BOOL oplock_break_level2(files_struct *fsp, BOOL local_request, int token) { - extern int Client; extern uint32 global_client_caps; char outbuf[128]; BOOL got_lock = False; @@ -781,7 +780,7 @@ BOOL oplock_break_level2(files_struct *fsp, BOOL local_request, int token) /* Prepare the SMBlockingX message. */ prepare_break_message( outbuf, fsp, False); - send_smb(Client, outbuf); + send_smb(smbd_server_fd(), outbuf); } /* @@ -832,7 +831,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B { extern uint32 global_client_caps; extern struct current_user current_user; - extern int Client; char *inbuf = NULL; char *outbuf = NULL; files_struct *fsp = NULL; @@ -923,7 +921,7 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B fsp->sent_oplock_break = using_levelII? LEVEL_II_BREAK_SENT:EXCLUSIVE_BREAK_SENT; - send_smb(Client, outbuf); + send_smb(smbd_server_fd(), outbuf); /* We need this in case a readraw crosses on the wire. */ global_oplock_break = True; @@ -958,7 +956,7 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B while((fsp = initial_break_processing(dev, inode, tval)) && OPEN_FSP(fsp) && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) { - if(receive_smb(Client,inbuf, timeout) == False) + if(receive_smb(smbd_server_fd(),inbuf, timeout) == False) { /* * Die if we got an error. @@ -1019,7 +1017,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B { DEBUG( 0, ( "oplock_break: unable to re-become user!" ) ); DEBUGADD( 0, ( "Shutting down server\n" ) ); - close_sockets(); close(oplock_sock); exit_server("unable to re-become user"); } @@ -1059,7 +1056,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B { DEBUG( 0, ( "oplock_break: client failure in break - " ) ); DEBUGADD( 0, ( "shutting down this smbd.\n" ) ); - close_sockets(); close(oplock_sock); exit_server("oplock break failure"); } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index bdb0385a48..208dbd2bff 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -943,8 +943,7 @@ BOOL check_hosts_equiv(char *user) /* note: don't allow hosts.equiv on root */ if (fname && *fname && (pass->pw_uid != 0)) { - extern int Client; - if (check_user_equiv(user,client_name(Client),fname)) + if (check_user_equiv(user,client_name(),fname)) return(True); } @@ -952,9 +951,8 @@ BOOL check_hosts_equiv(char *user) { char *home = get_user_home_dir(user); if (home) { - extern int Client; slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home); - if (check_user_equiv(user,client_name(Client),rhostsfile)) + if (check_user_equiv(user,client_name(),rhostsfile)) return(True); } } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 403990a79d..2383b7a3a5 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -133,7 +133,6 @@ The timeout is in milli seconds static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout, BOOL *got_smb) { - extern int Client; fd_set fds; int selrtn; struct timeval to; @@ -167,13 +166,13 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, */ FD_ZERO(&fds); - FD_SET(Client,&fds); + FD_SET(smbd_server_fd(),&fds); maxfd = setup_oplock_select_set(&fds); to.tv_sec = timeout / 1000; to.tv_usec = (timeout % 1000) * 1000; - selrtn = sys_select(MAX(maxfd,Client)+1,&fds,timeout>0?&to:NULL); + selrtn = sys_select(MAX(maxfd,smbd_server_fd())+1,&fds,timeout>0?&to:NULL); /* Check if error */ if(selrtn == -1) { @@ -188,10 +187,10 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, return False; } - if (FD_ISSET(Client,&fds)) + if (FD_ISSET(smbd_server_fd(),&fds)) { *got_smb = True; - return receive_smb(Client, buffer, 0); + return receive_smb(smbd_server_fd(), buffer, 0); } else { @@ -419,7 +418,6 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize static int num_smb_messages = sizeof(smb_messages) / sizeof(struct smb_message_struct); int match; - extern int Client; extern int global_smbpid; if (pid == (pid_t)-1) @@ -535,7 +533,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize /* does this protocol need to be run as guest? */ if ((flags & AS_GUEST) && (!become_guest() || - !check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1)))) { + !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1)))) { return(ERROR(ERRSRV,ERRaccess)); } @@ -589,7 +587,6 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) ****************************************************************************/ void process_smb(char *inbuf, char *outbuf) { - extern int Client; #ifdef WITH_SSL extern BOOL sslEnabled; /* don't use function for performance reasons */ static int sslConnected = 0; @@ -608,13 +605,13 @@ void process_smb(char *inbuf, char *outbuf) deny parameters before doing any parsing of the packet passed to us by the client. This prevents attacks on our parsing code from hosts not in the hosts allow list */ - if (!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1))) { + if (!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) { /* send a negative session response "not listining on calling name" */ static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; DEBUG( 1, ( "Connection denied from %s\n", - client_addr(Client) ) ); - send_smb(Client,(char *)buf); + client_addr() ) ); + send_smb(smbd_server_fd(),(char *)buf); exit_server("connection denied"); } } @@ -624,7 +621,7 @@ void process_smb(char *inbuf, char *outbuf) #ifdef WITH_SSL if(sslEnabled && !sslConnected){ - sslConnected = sslutil_negotiate_ssl(Client, msg_type); + sslConnected = sslutil_negotiate_ssl(smbd_server_fd(), msg_type); if(sslConnected < 0){ /* an error occured */ exit_server("SSL negotiation failed"); }else if(sslConnected){ @@ -660,7 +657,7 @@ void process_smb(char *inbuf, char *outbuf) nread, smb_len(outbuf))); } else - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } trans_num++; } @@ -851,7 +848,6 @@ void check_reload(int t) static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_timeout_processing_time) { - extern int Client; static time_t last_keepalive_sent_time = 0; static time_t last_idle_closed_check = 0; time_t t; @@ -897,7 +893,7 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t if (keepalive && (t - last_keepalive_sent_time)>keepalive) { struct cli_state *cli = server_client(); - if (!send_keepalive(Client)) { + if (!send_keepalive(smbd_server_fd())) { DEBUG( 2, ( "Keepalive failed - exiting.\n" ) ); return False; } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 81d3ef32b3..3ada28364b 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -40,7 +40,6 @@ extern BOOL short_case_preserve; extern pstring sesssetup_user; extern pstring global_myname; extern fstring global_myworkgroup; -extern int Client; extern int global_oplock_break; uint32 global_client_caps = 0; unsigned int smb_echo_count = 0; @@ -55,7 +54,7 @@ static void overflow_attack(int len) dbgtext( "ERROR: Invalid password length %d.\n", len ); dbgtext( "Your machine may be under attack by someone " ); dbgtext( "attempting to exploit an old bug.\n" ); - dbgtext( "Attack was from IP = %s.\n", client_addr(Client) ); + dbgtext( "Attack was from IP = %s.\n", client_addr() ); } exit_server("possible attack"); } @@ -2048,7 +2047,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s if(global_oplock_break) { _smb_setlen(header,0); - transfer_file(0,Client,(SMB_OFF_T)0,header,4,0); + transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0); DEBUG(5,("readbraw - oplock break finished\n")); return -1; } @@ -2061,7 +2060,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s */ DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0))); _smb_setlen(header,0); - transfer_file(0,Client,(SMB_OFF_T)0,header,4,0); + transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0); return(-1); } @@ -2088,7 +2087,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \ 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) )); _smb_setlen(header,0); - transfer_file(0,Client,(SMB_OFF_T)0,header,4,0); + transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0); return(-1); } @@ -2098,7 +2097,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n", (double)startpos )); _smb_setlen(header,0); - transfer_file(0,Client,(SMB_OFF_T)0,header,4,0); + transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0); return(-1); } } @@ -2167,7 +2166,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s if (ret < mincount) ret = 0; _smb_setlen(header,ret); - transfer_file(0,Client,0,header,4+ret,0); + transfer_file(0,smbd_server_fd(),0,header,4+ret,0); #endif /* UNSAFE_READRAW */ DEBUG(5,("readbraw finished\n")); @@ -2403,10 +2402,10 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, CVAL(outbuf,smb_com) = SMBwritebraw; SSVALS(outbuf,smb_vwv0,-1); outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); /* Now read the raw data into the buffer and write it */ - if (read_smb_length(Client,inbuf,SMB_SECONDARY_WAIT) == -1) { + if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) { exit_server("secondary writebraw failed"); } @@ -2419,7 +2418,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, (int)tcount,(int)nwritten,(int)numtowrite)); } - nwritten = vfs_transfer_file(Client, NULL, -1, fsp, + nwritten = vfs_transfer_file(smbd_server_fd(), NULL, -1, fsp, (SMB_OFF_T)numtowrite,NULL,0, startpos+nwritten); total_written += nwritten; @@ -3002,7 +3001,7 @@ int reply_echo(connection_struct *conn, smb_setlen(outbuf,outsize - 4); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } DEBUG(3,("echo %d times\n", smb_reverb)); @@ -4346,7 +4345,7 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length, SSVAL(outbuf,smb_vwv6,nread); SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf)); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); total_read += nread; startpos += nread; @@ -4437,7 +4436,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, if (write_through && tcount==nwritten) { /* we need to send both a primary and a secondary response */ smb_setlen(outbuf,outsize - 4); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); /* now the secondary */ outsize = set_message(outbuf,1,0,True); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 401c236374..576f6d14d2 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -47,6 +47,26 @@ extern int dcelogin_atmost_once; extern fstring remote_machine; extern pstring OriginalDir; + +/* really we should have a top level context structure that has the + client file descriptor as an element. That would require a major rewrite :( + + the following 2 functions are an alternative - they make the file + descriptor private to smbd + */ +static int server_fd; + +int smbd_server_fd(void) +{ + return server_fd; +} + +void smbd_set_server_fd(int fd) +{ + server_fd = fd; + client_setfd(fd); +} + /**************************************************************************** when exiting, take the whole family ****************************************************************************/ @@ -70,18 +90,16 @@ static void killkids(void) ****************************************************************************/ static BOOL open_sockets_inetd(void) { - extern int Client; - /* Started from inetd. fd 0 is the socket. */ /* We will abort gracefully when the client or remote system goes away */ - Client = dup(0); + smbd_set_server_fd(dup(0)); /* close our standard file descriptors */ close_low_fds(); - set_socket_options(Client,"SO_KEEPALIVE"); - set_socket_options(Client,user_socket_options); + set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); + set_socket_options(smbd_server_fd(),user_socket_options); return True; } @@ -92,7 +110,6 @@ static BOOL open_sockets_inetd(void) ****************************************************************************/ static BOOL open_sockets(BOOL is_daemon,int port) { - extern int Client; int num_interfaces = iface_count(); int fd_listenset[FD_SETSIZE]; fd_set listen_set; @@ -211,18 +228,18 @@ max can be %d\n", } } - Client = accept(s,&addr,&in_addrlen); + smbd_set_server_fd(accept(s,&addr,&in_addrlen)); - if (Client == -1 && errno == EINTR) + if (smbd_server_fd() == -1 && errno == EINTR) continue; - if (Client == -1) { + if (smbd_server_fd() == -1) { DEBUG(0,("open_sockets: accept: %s\n", strerror(errno))); continue; } - if (Client != -1 && fork()==0) { + if (smbd_server_fd() != -1 && fork()==0) { /* Child code ... */ /* close the listening socket(s) */ @@ -234,8 +251,8 @@ max can be %d\n", close_low_fds(); am_parent = 0; - set_socket_options(Client,"SO_KEEPALIVE"); - set_socket_options(Client,user_socket_options); + set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); + set_socket_options(smbd_server_fd(),user_socket_options); /* Reset global variables in util.c so that client substitutions will be @@ -252,7 +269,7 @@ max can be %d\n", return True; } /* The parent doesn't need this socket */ - close(Client); + close(smbd_server_fd()); /* Force parent to check log size after * spawning child. Fix from @@ -320,10 +337,9 @@ BOOL reload_services(BOOL test) load_interfaces(); { - extern int Client; - if (Client != -1) { - set_socket_options(Client,"SO_KEEPALIVE"); - set_socket_options(Client,user_socket_options); + if (smbd_server_fd() != -1) { + set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); + set_socket_options(smbd_server_fd(),user_socket_options); } } @@ -776,7 +792,6 @@ static void usage(char *pname) exit(1); smbd_process(); - close_sockets(); exit_server("normal exit"); return(0); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 3abd55de0c..24ba79906b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -195,7 +195,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int struct passwd *pass = NULL; BOOL guest = False; BOOL force = False; - extern int Client; connection_struct *conn; int ret; @@ -203,7 +202,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int snum = find_service(service); if (snum < 0) { - extern int Client; if (strequal(service,"IPC$")) { DEBUG(3,("refusing IPC connection\n")); *ecode = ERRnoipc; @@ -211,7 +209,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } DEBUG(0,("%s (%s) couldn't find service %s\n", - remote_machine, client_addr(Client), service)); + remote_machine, client_addr(), service)); *ecode = ERRinvnetname; return NULL; } @@ -247,7 +245,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } if (!lp_snum_ok(snum) || - !check_access(Client, + !check_access(smbd_server_fd(), lp_hostsallow(snum), lp_hostsdeny(snum))) { *ecode = ERRaccess; return NULL; @@ -342,7 +340,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->vuid = vuid; conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; - safe_strcpy(conn->client_address, client_addr(Client), sizeof(conn->client_address)-1); + safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = time(NULL); conn->service = snum; diff --git a/source3/smbd/ssl.c b/source3/smbd/ssl.c index be9aae7c5c..65d6532d48 100644 --- a/source3/smbd/ssl.c +++ b/source3/smbd/ssl.c @@ -248,20 +248,20 @@ char *reqHosts, *resignHosts; reqHosts = lp_ssl_hosts(); resignHosts = lp_ssl_hosts_resign(); - if(!allow_access(resignHosts, reqHosts, client_name(fd), client_addr(fd))){ + if(!allow_access(resignHosts, reqHosts, get_socket_name(fd), get_socket_addr(fd))){ sslEnabled = False; return 0; } if(msg_type != 0x81){ /* first packet must be a session request */ DEBUG( 0, ( "Client %s did not use session setup; access denied\n", - client_addr(fd) ) ); + client_addr() ) ); send_smb(fd, (char *)buf); return -1; } buf[4] = 0x8e; /* negative session response: use SSL */ send_smb(fd, (char *)buf); if(sslutil_accept(fd) != 0){ - DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr(fd) ) ); + DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr() ) ); return -1; } return 1; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f1fa30b0c6..2ca06ab746 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -27,7 +27,6 @@ extern int DEBUGLEVEL; extern int Protocol; extern BOOL case_sensitive; -extern int Client; extern int smb_read_error; extern fstring local_machine; extern int global_oplock_break; @@ -66,7 +65,7 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params, the empty packet */ if(params_to_send == 0 && data_to_send == 0) { - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); return 0; } @@ -161,7 +160,7 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params, params_to_send, data_to_send, paramsize, datasize)); /* Send the packet */ - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); pp += params_sent_thistime; pd += data_sent_thistime; @@ -2288,7 +2287,7 @@ int reply_trans2(connection_struct *conn, /* We need to send an interim response then receive the rest of the parameter/data bytes */ outsize = set_message(outbuf,0,0,True); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); while (num_data_sofar < total_data || num_params_sofar < total_params) { diff --git a/source3/web/cgi.c b/source3/web/cgi.c index b33feb30c2..ea73a0f1a7 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -504,7 +504,7 @@ void cgi_setup(char *rootdir, int auth_required) f = sys_fopen("/tmp/cgi.log", "a"); if (f) fprintf(f,"\n[Date: %s %s (%s)]\n", http_timestring(time(NULL)), - client_name(1), client_addr(1)); + get_socket_name(1), get_socket_addr(1)); #endif /* we are a mini-web server. We need to read the request from stdin @@ -604,7 +604,7 @@ return the hostname of the client char *cgi_remote_host(void) { if (inetd_server) { - return client_name(1); + return get_socket_name(1); } return getenv("REMOTE_HOST"); } @@ -615,7 +615,7 @@ return the hostname of the client char *cgi_remote_addr(void) { if (inetd_server) { - return client_addr(1); + return get_socket_addr(1); } return getenv("REMOTE_ADDR"); } |