diff options
Diffstat (limited to 'source3/msrpc/msrpcd_process.c')
| -rw-r--r-- | source3/msrpc/msrpcd_process.c | 501 |
1 files changed, 501 insertions, 0 deletions
diff --git a/source3/msrpc/msrpcd_process.c b/source3/msrpc/msrpcd_process.c new file mode 100644 index 0000000000..240087be14 --- /dev/null +++ b/source3/msrpc/msrpcd_process.c @@ -0,0 +1,501 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + process incoming packets - main loop + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + +time_t smb_last_time=(time_t)0; + +char *InBuffer = NULL; +char *OutBuffer = NULL; +char *last_inbuf = NULL; + +/* + * Size of data we can send to client. Set + * by the client for all protocols above CORE. + * Set by us for CORE protocol. + */ +int max_send = BUFFER_SIZE; +/* + * Size of the data we can receive. Set by us. + * Can be modified by the max xmit parameter. + */ +int max_recv = BUFFER_SIZE; + +extern int last_message; +extern pstring sesssetup_user; +extern char *last_inbuf; +extern char *InBuffer; +extern char *OutBuffer; +extern int smb_read_error; +extern BOOL reload_after_sighup; +extern int max_send; + + +/**************************************************************************** + Do a select on an two fd's - with timeout. + + If a local udp message has been pushed onto the + queue (this can only happen during oplock break + processing) return this first. + + If a pending smb message has been pushed onto the + queue (this can only happen during oplock break + processing) return this next. + + If the first smbfd is ready then read an smb from it. + if the second (loopback UDP) fd is ready then read a message + from it and setup the buffer header to identify the length + and from address. + Returns False on timeout or error. + Else returns True. + +The timeout is in milli seconds +****************************************************************************/ + +static BOOL receive_message_or_msrpc(int c, char *buffer, int buffer_len, + int timeout, BOOL *got_smb) +{ + fd_set fds; + int selrtn; + struct timeval to; + int maxfd; + + smb_read_error = 0; + + *got_smb = False; + + /* + * Check to see if we already have a message on the smb queue. + * If so - copy and return it. + */ + + /* + * Setup the select read fd set. + */ + + FD_ZERO(&fds); + FD_SET(c,&fds); + maxfd = 0; + + to.tv_sec = timeout / 1000; + to.tv_usec = (timeout % 1000) * 1000; + + selrtn = sys_select(MAX(maxfd,c)+1,&fds,NULL, timeout>0?&to:NULL); + + /* Check if error */ + if(selrtn == -1) { + /* something is wrong. Maybe the socket is dead? */ + smb_read_error = READ_ERROR; + return False; + } + + /* Did we timeout ? */ + if (selrtn == 0) { + smb_read_error = READ_TIMEOUT; + return False; + } + + if (FD_ISSET(c,&fds)) + { + *got_smb = True; + return receive_smb(c, buffer, 0); + } + return False; +} + + +/* +These flags determine some of the permissions required to do an operation + +Note that I don't set NEED_WRITE on some write operations because they +are used by some brain-dead clients when printing, and I don't want to +force write permissions on print services. +*/ +#define AS_USER (1<<0) +#define NEED_WRITE (1<<1) +#define TIME_INIT (1<<2) +#define CAN_IPC (1<<3) +#define AS_GUEST (1<<5) +#define QUEUE_IN_OPLOCK (1<<6) + +/* + define a list of possible SMB messages and their corresponding + functions. Any message that has a NULL function is unimplemented - + please feel free to contribute implementations! +*/ + +/**************************************************************************** +do a switch on the message type, and return the response size +****************************************************************************/ +static int do_message(pipes_struct *p, + char *inbuf,char *outbuf,int size,int bufsize) +{ + static int pid= -1; + + prs_struct pd; + int outsize = -1; + + /* make a static data parsing structure from the api_fd_reply data */ + prs_init(&pd, 0, 4, 0, True); + mem_create(pd.data, smb_base(inbuf), 0, smb_len(inbuf), 0, False); + + if (pid == -1) + pid = getpid(); + + /* dce/rpc command */ + if (rpc_to_smb(p, smb_base(inbuf), smb_len(inbuf))) + { + char *copy_into = smb_base(outbuf); + outsize = mem_buf_len(p->rsmb_pdu.data); + if (!mem_buf_copy(copy_into, p->rsmb_pdu.data, 0, outsize)) + { + return -1; + } + mem_free_data(p->rsmb_pdu.data); + } + + return outsize; +} + + +/**************************************************************************** + construct a reply to the incoming packet +****************************************************************************/ +static int construct_reply(pipes_struct *p, + char *inbuf,char *outbuf,int size,int bufsize) +{ + int outsize = 0; + smb_last_time = time(NULL); + + outsize = do_message(p, inbuf,outbuf,size,bufsize) + 4; + + if(outsize > 4) + _smb_setlen(outbuf,outsize - 4); + return(outsize); +} + + +/**************************************************************************** + process an smb from the client - split out from the process() code so + it can be used by the oplock break code. +****************************************************************************/ +static void process_msrpc(pipes_struct *p, int c, char *inbuf, char *outbuf) +{ + static int trans_num; + int32 len = smb_len(inbuf); + int nread = len + 4; + + if (trans_num == 0) { + /* on the first packet, check the global hosts allow/ hosts + deny parameters before doing any parsing of the packet + passed to us by the client. This prevents attacks on our + parsing code from hosts not in the hosts allow list */ + if (!check_access(c, lp_hostsallow(-1), lp_hostsdeny(-1))) { + /* send a negative session response "not listining on calling + name" */ + DEBUG( 1, ( "Connection denied from %s\n", + client_addr(c) ) ); + exit_server("connection denied"); + } + } + + DEBUG( 6, ( "got message of len 0x%x\n", len ) ); + DEBUG( 3, ( "Transaction %d of length %d\n", trans_num, nread ) ); + + dump_data(10, inbuf, len); + +#ifdef WITH_VTP + if(trans_num == 1 && VT_Check(inbuf)) + { + VT_Process(); + return; + } +#endif + + nread = construct_reply(p, inbuf,outbuf,nread,max_send); + + if(nread > 0) + { + dump_data(10, outbuf, nread); + + if (nread != smb_len(outbuf) + 4) + { + DEBUG(0,("ERROR: Invalid message response size! %d %d\n", + nread, smb_len(outbuf))); + } + else + send_smb(c,outbuf); + } + trans_num++; +} + +/**************************************************************************** + reads user credentials from the socket +****************************************************************************/ +BOOL get_user_creds(int c, struct user_creds *usr) +{ + pstring buf; + int rl; + uint32 len; + BOOL new_con = False; + uint32 status; + + CREDS_CMD cmd; + prs_struct ps; + + ZERO_STRUCTP(usr); + ZERO_STRUCT(cmd); + cmd.cred = usr; + + DEBUG(10,("get_user_creds: first request\n")); + + rl = read(c, &buf, sizeof(len)); + + if (rl != sizeof(len)) + { + DEBUG(0,("Unable to read length\n")); + dump_data(0, buf, sizeof(len)); + return False; + } + + len = IVAL(buf, 0); + + if (len > sizeof(buf)) + { + DEBUG(0,("length %d too long\n", len)); + return False; + } + + rl = read(c, buf, len); + + if (rl < 0) + { + DEBUG(0,("Unable to read from connection\n")); + return False; + } + +#ifdef DEBUG_PASSWORD + dump_data(100, buf, rl); +#endif + + /* make a static data parsing structure from the api_fd_reply data */ + prs_init(&ps, 0, 4, 0, True); + mem_create(ps.data, buf, 0, len, 0, False); + + if (!creds_io_cmd("creds", &cmd, &ps, 0)) + { + DEBUG(0,("Unable to parse credentials\n")); + mem_free_data(ps.data); + return False; + } + + mem_free_data(ps.data); + + if (ps.offset != rl) + { + DEBUG(0,("Buffer size %d %d!\n", ps.offset, rl)); + return False; + } + + switch (cmd.command) + { + case AGENT_CMD_CON: + case AGENT_CMD_CON_ANON: + { + new_con = True; + break; + } + case AGENT_CMD_CON_REUSE: + { + new_con = True; + break; + } + default: + { + DEBUG(0,("unknown command %d\n", cmd.command)); + return False; + } + } + + status = new_con ? 0x0 : 0x1; + + if (write(c, &status, sizeof(status)) != + sizeof(status)) + { + return False; + } + + return new_con; +} + +/**************************************************************************** + initialise from pipe +****************************************************************************/ +BOOL msrpcd_init(int c, pipes_struct *p) +{ + struct user_creds usr; + gid_t *groups = NULL; + + if (!get_user_creds(c, &usr)) + { + DEBUG(0,("authentication failed\n")); + free_user_creds(&usr); + return False; + } + + if (usr.uxs.num_grps != 0) + { + int i; + groups = malloc(usr.uxs.num_grps * sizeof(groups[0])); + if (groups == NULL) + { + return False; + } + for (i = 0; i < usr.uxs.num_grps; i++) + { + groups[i] = (gid_t)usr.uxs.grps[i]; + } + } + + p->vuid = create_vuid(usr.uxs.uid, usr.uxs.gid, + usr.uxs.num_grps, groups, + usr.uxc.user_name, + usr.uxc.requested_name, + usr.uxc.real_name, + usr.uxc.guest, + usr.ntc.pwd.sess_key); + + if (p->vuid == UID_FIELD_INVALID) + { + return False; + } + + free_user_creds(&usr); + + if (!become_vuser(p->vuid)) + { + return False; + } + + p->l = malloc(sizeof(*p->l)); + if (p->l == NULL) + { + return False; + } + + ZERO_STRUCTP(p->l); + + return True; +} + +/**************************************************************************** + process commands from the client +****************************************************************************/ +void msrpcd_process(int c, pipes_struct *p) +{ + InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + if ((InBuffer == NULL) || (OutBuffer == NULL)) + return; + + InBuffer += SMB_ALIGNMENT; + OutBuffer += SMB_ALIGNMENT; + + max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); + + /* re-initialise the timezone */ + TimeInit(); + + while (True) + { + int counter; + int service_load_counter = 0; + BOOL got_smb = False; + + errno = 0; + + for (counter=SMBD_SELECT_LOOP; + !receive_message_or_msrpc(c, InBuffer,BUFFER_SIZE, + SMBD_SELECT_LOOP*1000,&got_smb); + counter += SMBD_SELECT_LOOP) + { + time_t t; + + if (counter > 365 * 3600) /* big number of seconds. */ + { + counter = 0; + service_load_counter = 0; + } + + if (smb_read_error == READ_EOF) + { + DEBUG(3,("end of file from client\n")); + return; + } + + if (smb_read_error == READ_ERROR) + { + DEBUG(3,("receive_smb error (%s) exiting\n", + strerror(errno))); + return; + } + + t = time(NULL); + + /* check for smb.conf reload */ + if (counter >= service_load_counter + SMBD_RELOAD_CHECK) + { + service_load_counter = counter; + + /* reload services, if files have changed. */ + reload_services(True); + } + + /* + * If reload_after_sighup == True then we got a SIGHUP + * and are being asked to reload. Fix from <branko.cibej@hermes.si> + */ + + if (reload_after_sighup) + { + DEBUG(0,("Reloading services after SIGHUP\n")); + reload_services(False); + reload_after_sighup = False; + /* + * Use this as an excuse to print some stats. + */ + } + + /* automatic timeout if all connections are closed */ + if (counter >= IDLE_CLOSED_TIMEOUT) + { + DEBUG( 2, ( "Closing idle connection\n" ) ); + return; + } + + } + + if(got_smb) + process_msrpc(p, c, InBuffer, OutBuffer); + } +} |