diff options
-rw-r--r-- | source3/auth/auth.c | 5 | ||||
-rw-r--r-- | source3/auth/auth_server.c | 85 | ||||
-rw-r--r-- | source3/include/auth.h | 6 | ||||
-rw-r--r-- | source3/smbd/process.c | 18 |
4 files changed, 61 insertions, 53 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 0b868b265e..dd5481767b 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -333,10 +333,7 @@ static void free_auth_context(struct auth_context **auth_context) if (*auth_context) { /* Free private data of context's authentication methods */ for (auth_method = (*auth_context)->auth_method_list; auth_method; auth_method = auth_method->next) { - if (auth_method->free_private_data) { - auth_method->free_private_data (&auth_method->private_data); - auth_method->private_data = NULL; - } + TALLOC_FREE(auth_method->private_data); } talloc_destroy((*auth_context)->mem_ctx); diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index c7243e8468..c140ef48f9 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -136,38 +136,72 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return cli; } +struct server_security_state { + struct cli_state *cli; +}; + /**************************************************************************** - Clean up our allocated cli. + Send a 'keepalive' packet down the cli pipe. ****************************************************************************/ -static void free_server_private_data(void **private_data_pointer) +static BOOL send_server_keepalive(const struct timeval *now, + void *private_data) { - struct cli_state **cli = (struct cli_state **)private_data_pointer; - if (*cli && (*cli)->initialised) { - DEBUG(10, ("Shutting down smbserver connection\n")); - cli_shutdown(*cli); + struct server_security_state *state = talloc_get_type_abort( + private_data, struct server_security_state); + + if (!state->cli || !state->cli->initialised) { + return False; + } + + if (send_keepalive(state->cli->fd)) { + return True; } - *private_data_pointer = NULL; + + DEBUG( 2, ( "send_server_keepalive: password server keepalive " + "failed.\n")); + cli_shutdown(state->cli); + state->cli = NULL; + return False; } -/**************************************************************************** - Send a 'keepalive' packet down the cli pipe. -****************************************************************************/ +static int destroy_server_security(struct server_security_state *state) +{ + if (state->cli) { + cli_shutdown(state->cli); + } + return 0; +} -static void send_server_keepalive(void **private_data_pointer) +static struct server_security_state *make_server_security_state(struct cli_state *cli) { - /* also send a keepalive to the password server if its still - connected */ - if (private_data_pointer) { - struct cli_state *cli = (struct cli_state *)(*private_data_pointer); - if (cli && cli->initialised) { - if (!send_keepalive(cli->fd)) { - DEBUG( 2, ( "send_server_keepalive: password server keepalive failed.\n")); - cli_shutdown(cli); - *private_data_pointer = NULL; - } + struct server_security_state *result; + + if (!(result = talloc(NULL, struct server_security_state))) { + DEBUG(0, ("talloc failed\n")); + cli_shutdown(cli); + return NULL; + } + + result->cli = cli; + talloc_set_destructor(result, destroy_server_security); + + if (lp_keepalive() != 0) { + struct timeval interval; + interval.tv_sec = lp_keepalive(); + interval.tv_usec = 0; + + if (event_add_idle(smbd_event_context(), result, interval, + "server_security_keepalive", + send_server_keepalive, + result) == NULL) { + DEBUG(0, ("event_add_idle failed\n")); + TALLOC_FREE(result); + return NULL; } } + + return result; } /**************************************************************************** @@ -190,7 +224,8 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte /* However, it is still a perfectly fine connection to pass that unencrypted password over */ - *my_private_data = (void *)cli; + *my_private_data = + (void *)make_server_security_state(cli); return data_blob(NULL, 0); } else if (cli->secblob.length < 8) { @@ -200,7 +235,9 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte return data_blob(NULL, 0); } - *my_private_data = (void *)cli; + if (!(*my_private_data = (void *)make_server_security_state(cli))) { + return data_blob(NULL,0); + } /* The return must be allocated on the caller's mem_ctx, as our own will be destoyed just after the call. */ @@ -415,8 +452,6 @@ static NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const cha (*auth_method)->name = "smbserver"; (*auth_method)->auth = check_smbserver_security; (*auth_method)->get_chal = auth_get_challenge_server; - (*auth_method)->send_keepalive = send_server_keepalive; - (*auth_method)->free_private_data = free_server_private_data; return NT_STATUS_OK; } diff --git a/source3/include/auth.h b/source3/include/auth.h index de75ff68f6..4e7eb469ba 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -115,12 +115,6 @@ typedef struct auth_methods /* Used to keep tabs on things like the cli for SMB server authentication */ void *private_data; - - /* Function to clean up the above arbitary structure */ - void (*free_private_data)(void **private_data); - - /* Function to send a keepalive message on the above structure */ - void (*send_keepalive)(void **private_data); } auth_methods; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 5edb2c1009..76af8f2054 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1328,7 +1328,6 @@ void check_reload(time_t t) static BOOL timeout_processing(int *select_timeout, time_t *last_timeout_processing_time) { - static time_t last_keepalive_sent_time = 0; static time_t last_idle_closed_check = 0; time_t t; BOOL allidle = True; @@ -1351,9 +1350,6 @@ static BOOL timeout_processing(int *select_timeout, *last_timeout_processing_time = t = time(NULL); - if(last_keepalive_sent_time == 0) - last_keepalive_sent_time = t; - if(last_idle_closed_check == 0) last_idle_closed_check = t; @@ -1371,20 +1367,6 @@ static BOOL timeout_processing(int *select_timeout, last_idle_closed_check = t; } - if (lp_keepalive() && (t - last_keepalive_sent_time)> lp_keepalive()) { - /* send a keepalive for a password server or the like. - This is attached to the auth_info created in the - negprot */ - if (negprot_global_auth_context && negprot_global_auth_context->challenge_set_method - && negprot_global_auth_context->challenge_set_method->send_keepalive) { - - negprot_global_auth_context->challenge_set_method->send_keepalive - (&negprot_global_auth_context->challenge_set_method->private_data); - } - - last_keepalive_sent_time = t; - } - /* check for connection timeouts */ allidle = conn_idle_all(t); |