From 47673b32ed4a907b380b70d5f4f366ba8be301d2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 15 Aug 1996 15:11:34 +0000 Subject: - added FAST_SHARE_MODES code - added some named pipe code from Jim (This used to be commit c94866e9e44ea1eb72da06bc65ef1c032ae8e0c9) --- source3/smbd/ipc.c | 108 ++++++++++++++- source3/smbd/pipes.c | 363 ++++++++++++++++++++++++++++++++++++++++++++++++++ source3/smbd/reply.c | 18 ++- source3/smbd/server.c | 23 +++- 4 files changed, 500 insertions(+), 12 deletions(-) create mode 100644 source3/smbd/pipes.c (limited to 'source3/smbd') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5b3939e98c..39b8f3f089 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -59,11 +59,21 @@ extern fstring local_machine; #define SNLEN 15 /* service name length */ #define QNLEN 12 /* queue name maximum length */ -#define MAJOR_VERSION 2 +#define MAJOR_VERSION 4 #define MINOR_VERSION 0 extern int Client; +static BOOL api_Unsupported(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len); +static BOOL api_TooSmall(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len); + + static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) { pstring buf; @@ -1906,7 +1916,8 @@ static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, p2 = skip_string(p2,1); } if (uLevel == 11) { /* modelled after NTAS 3.51 reply */ - SSVAL(p,34,USER_PRIV_USER); /* user privilege */ + SSVAL(p,34, + Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,36,0); /* auth flags */ SIVALS(p,40,-1); /* password age */ SIVAL(p,44,PTR_DIFF(p2,p)); /* home dir */ @@ -1941,7 +1952,8 @@ static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, if (uLevel == 1 || uLevel == 2) { memset(p+22,' ',16); /* password */ SIVALS(p,38,-1); /* password age */ - SSVAL(p,42,USER_PRIV_ADMIN); /* user privilege */ + SSVAL(p,42, + Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ strcpy(p2,"\\\\%L\\HOMES"); standard_sub_basic(p2); @@ -2577,6 +2589,92 @@ static BOOL api_WPrintPortEnum(int cnum,int uid, char *param,char *data, return(True); } + +struct +{ + char * name; + char * pipename; + int subcommand; + BOOL (*fn) (); +} api_fd_commands [] = + { + { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, + { "TransactNmPipe", "lsarpc", 0x26, api_LsarpcTNP }, + { NULL, NULL, -1, api_Unsupported } + }; + +/**************************************************************************** + handle remote api calls delivered to a named pipe already opened. + ****************************************************************************/ +static int api_fd_reply(int cnum,int uid,char *outbuf, + uint16 *setup,char *data,char *params, + int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +{ + char *rdata = NULL; + char *rparam = NULL; + int rdata_len = 0; + int rparam_len = 0; + BOOL reply=False; + int i; + int fd; + int subcommand; + + /* First find out the name of this file. */ + if (suwcnt != 2) + { + DEBUG(0,("Unexpected named pipe transaction.\n")); + return(-1); + } + + /* Get the file handle and hence the file name. */ + fd = setup[1]; + subcommand = setup[0]; + + DEBUG(3,("Got API command %d on pipe %s ",subcommand,Files[fd].name)); + DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n", + tdscnt,tpscnt,mdrcnt,mprcnt)); + + for (i=0;api_fd_commands[i].name;i++) + if (strequal(api_fd_commands[i].pipename, Files[fd].name) && + api_fd_commands[i].subcommand == subcommand && + api_fd_commands[i].fn) + { + DEBUG(3,("Doing %s\n",api_fd_commands[i].name)); + break; + } + + rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); + rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + + reply = api_fd_commands[i].fn(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + + if (rdata_len > mdrcnt || + rparam_len > mprcnt) + { + reply = api_TooSmall(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + } + + + /* if we get False back then it's actually unsupported */ + if (!reply) + api_Unsupported(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + + /* now send the reply */ + send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0); + + if (rdata) + free(rdata); + if (rparam) + free(rparam); + + return(-1); +} + + + /**************************************************************************** the buffer was too small ****************************************************************************/ @@ -2727,6 +2825,10 @@ static int named_pipe(int cnum,int uid, char *outbuf,char *name, if (strequal(name,"LANMAN")) return(api_reply(cnum,uid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt)); +if (strlen(name) < 1) + return(api_fd_reply(cnum,uid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt)); + + DEBUG(3,("named pipe command on <%s> 0x%X setup1=%d\n", name,(int)setup[0],(int)setup[1])); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c new file mode 100644 index 0000000000..724f58e1e2 --- /dev/null +++ b/source3/smbd/pipes.c @@ -0,0 +1,363 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Pipe SMB reply routines + Copyright (C) Andrew Tridgell 1992-1995 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ +/* + This file handles reply_ calls on named pipes that the server + makes to handle specific protocols +*/ + + +#include "includes.h" +#include "trans2.h" + +#define PIPE "\\PIPE\\" +#define PIPELEN strlen(PIPE) + +#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024)) + +/* look in server.c for some explanation of these variables */ +extern int Protocol; +extern int DEBUGLEVEL; +extern int chain_size; +extern int maxxmit; +extern int chain_fnum; +extern char magic_char; +extern connection_struct Connections[]; +extern files_struct Files[]; +extern BOOL case_sensitive; +extern pstring sesssetup_user; +extern int Client; + +/* this macro should always be used to extract an fnum (smb_fid) from +a packet to ensure chaining works correctly */ +#define GETFNUM(buf,where) (chain_fnum!= -1?chain_fnum:SVAL(buf,where)) + +char * known_pipes [] = +{ + "lsarpc", + NULL +}; + +/**************************************************************************** + reply to an open and X on a named pipe + + In fact what we do is to open a regular file with the same name in + /tmp. This can then be closed as normal. Reading and writing won't + make much sense, but will do *something*. The real reason for this + support is to be able to do transactions on them (well, on lsarpc + for domain login purposes...). + + This code is basically stolen from reply_open_and_X with some + wrinkles to handle pipes. +****************************************************************************/ +int reply_open_pipe_and_X(char *inbuf,char *outbuf,int length,int bufsize) +{ + pstring fname; + int cnum = SVAL(inbuf,smb_tid); + int fnum = -1; + int outsize = 0; + int smb_com2 = CVAL(inbuf,smb_vwv0); + int smb_off2 = SVAL(inbuf,smb_vwv1); + int smb_mode = SVAL(inbuf,smb_vwv3); + int smb_attr = SVAL(inbuf,smb_vwv5); +#if 0 + int open_flags = SVAL(inbuf,smb_vwv2); + int smb_sattr = SVAL(inbuf,smb_vwv4); + uint32 smb_time = make_unix_date3(inbuf+smb_vwv6); +#endif + int smb_ofun = SVAL(inbuf,smb_vwv8); + int unixmode; + int size=0,fmode=0,mtime=0,rmode=0; + struct stat sbuf; + int smb_action = 0; + int i; + + /* XXXX we need to handle passed times, sattr and flags */ + strcpy(fname,smb_buf(inbuf)); + + /* If the name doesn't start \PIPE\ then this is directed */ + /* at a mailslot or something we really, really don't understand, */ + /* not just something we really don't understand. */ + if ( strncmp(fname,PIPE,PIPELEN) != 0 ) + return(ERROR(ERRSRV,ERRaccess)); + + DEBUG(4,("Opening pipe %s.\n", fname)); + + /* Strip \PIPE\ off the name. */ + strcpy(fname,smb_buf(inbuf) + PIPELEN); + + /* See if it is one we want to handle. */ + for( i = 0; known_pipes[i] ; i++ ) + if( strcmp(fname,known_pipes[i]) == 0 ) + break; + + if ( known_pipes[i] == NULL ) + return(ERROR(ERRSRV,ERRaccess)); + + /* Known pipes arrive with DIR attribs. Remove it so a regular file */ + /* can be opened and add it in after the open. */ + DEBUG(3,("Known pipe %s opening.\n",fname)); + smb_attr &= ~aDIR; + Connections[cnum].read_only = 0; + smb_ofun |= 0x10; /* Add Create it not exists flag */ + + unix_convert(fname,cnum); + + fnum = find_free_file(); + if (fnum < 0) + return(ERROR(ERRSRV,ERRnofids)); + + if (!check_name(fname,cnum)) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + + unixmode = unix_mode(cnum,smb_attr); + + open_file_shared(fnum,cnum,fname,smb_mode,smb_ofun,unixmode, + &rmode,&smb_action); + + if (!Files[fnum].open) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + + if (fstat(Files[fnum].fd,&sbuf) != 0) { + close_file(fnum); + return(ERROR(ERRDOS,ERRnoaccess)); + } + + size = sbuf.st_size; + fmode = dos_mode(cnum,fname,&sbuf); + mtime = sbuf.st_mtime; + if (fmode & aDIR) { + close_file(fnum); + return(ERROR(ERRDOS,ERRnoaccess)); + } + + /* Prepare the reply */ + outsize = set_message(outbuf,15,0,True); + CVAL(outbuf,smb_vwv0) = smb_com2; + + /* Put things back the way they were. */ + Connections[cnum].read_only = 1; + + /* Mark the opened file as an existing named pipe in message mode. */ + SSVAL(outbuf,smb_vwv9,2); + SSVAL(outbuf,smb_vwv10,0xc700); + if (rmode == 2) + { + DEBUG(4,("Resetting open result to open from create.\n")); + rmode = 1; + } + + SSVAL(outbuf,smb_vwv1,(chain_size+outsize)-4); + SSVAL(outbuf,smb_vwv2,fnum); + SSVAL(outbuf,smb_vwv3,fmode); + put_dos_date3(outbuf,smb_vwv4,mtime); + SIVAL(outbuf,smb_vwv6,size); + SSVAL(outbuf,smb_vwv8,rmode); + SSVAL(outbuf,smb_vwv11,smb_action); + + chain_fnum = fnum; + + if (smb_com2 != 0xFF) + outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4, + outbuf,outbuf+outsize, + length,bufsize); + + chain_fnum = -1; + + DEBUG(4,("Opened pipe %s with handle %d, saved name %s.\n", + fname, fnum, Files[fnum].name)); + + return(outsize); +} + + +/**************************************************************************** + api_LsarpcSNPHS + + SetNamedPipeHandleState on \PIPE\lsarpc. We can't really do much here, + so just blithely return True. This is really only for NT domain stuff, + we we're only handling that - don't assume Samba now does complete + named pipe handling. +****************************************************************************/ +BOOL api_LsarpcSNPHS(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + uint16 id; + + id = param[0] + (param[1] << 8); + DEBUG(4,("lsarpc SetNamedPipeHandleState to code %x\n",id)); + return(True); +} + + +/**************************************************************************** + api_LsarpcTNP + + TransactNamedPipe on \PIPE\lsarpc. +****************************************************************************/ +static void LsarpcTNP1(char *data,char **rdata, int *rdata_len) +{ + uint32 dword1, dword2; + char pname[] = "\\PIPE\\lsass"; + + /* All kinds of mysterious numbers here */ + *rdata_len = 68; + *rdata = REALLOC(*rdata,*rdata_len); + + dword1 = IVAL(data,0xC); + dword2 = IVAL(data,0x10); + + SIVAL(*rdata,0,0xc0005); + SIVAL(*rdata,4,0x10); + SIVAL(*rdata,8,0x44); + SIVAL(*rdata,0xC,dword1); + + SIVAL(*rdata,0x10,dword2); + SIVAL(*rdata,0x14,0x15); + SSVAL(*rdata,0x18,sizeof(pname)); + strcpy(*rdata + 0x1a,pname); + SIVAL(*rdata,0x28,1); + memcpy(*rdata + 0x30, data + 0x34, 0x14); +} + +static void LsarpcTNP2(char *data,char **rdata, int *rdata_len) +{ + uint32 dword1; + + /* All kinds of mysterious numbers here */ + *rdata_len = 48; + *rdata = REALLOC(*rdata,*rdata_len); + + dword1 = IVAL(data,0xC); + + SIVAL(*rdata,0,0x03020005); + SIVAL(*rdata,4,0x10); + SIVAL(*rdata,8,0x30); + SIVAL(*rdata,0xC,dword1); + SIVAL(*rdata,0x10,0x18); + SIVAL(*rdata,0x1c,0x44332211); + SIVAL(*rdata,0x20,0x88776655); + SIVAL(*rdata,0x24,0xCCBBAA99); + SIVAL(*rdata,0x28,0x11FFEEDD); +} + +static void LsarpcTNP3(char *data,char **rdata, int *rdata_len) +{ + uint32 dword1; + uint16 word1; + char * workgroup = lp_workgroup(); + int wglen = strlen(workgroup); + int i; + + /* All kinds of mysterious numbers here */ + *rdata_len = 90 + 2 * wglen; + *rdata = REALLOC(*rdata,*rdata_len); + + dword1 = IVAL(data,0xC); + word1 = SVAL(data,0x2C); + + SIVAL(*rdata,0,0x03020005); + SIVAL(*rdata,4,0x10); + SIVAL(*rdata,8,0x60); + SIVAL(*rdata,0xC,dword1); + SIVAL(*rdata,0x10,0x48); + SSVAL(*rdata,0x18,0x5988); /* This changes */ + SSVAL(*rdata,0x1A,0x15); + SSVAL(*rdata,0x1C,word1); + SSVAL(*rdata,0x20,6); + SSVAL(*rdata,0x22,8); + SSVAL(*rdata,0x24,0x8E8); /* So does this */ + SSVAL(*rdata,0x26,0x15); + SSVAL(*rdata,0x28,0x4D48); /* And this */ + SSVAL(*rdata,0x2A,0x15); + SIVAL(*rdata,0x2C,4); + SIVAL(*rdata,0x34,wglen); + for ( i = 0 ; i < wglen ; i++ ) + (*rdata)[0x38 + i * 2] = workgroup[i]; + + /* Now fill in the rest */ + i = 0x38 + wglen * 2; + SSVAL(*rdata,i,0x648); + SIVAL(*rdata,i+2,4); + SIVAL(*rdata,i+6,0x401); + SSVAL(*rdata,i+0xC,0x500); + SIVAL(*rdata,i+0xE,0x15); + SIVAL(*rdata,i+0x12,0x2372FE1); + SIVAL(*rdata,i+0x16,0x7E831BEF); + SIVAL(*rdata,i+0x1A,0x4B454B2); +} + +static void LsarpcTNP4(char *data,char **rdata, int *rdata_len) +{ + uint32 dword1; + + /* All kinds of mysterious numbers here */ + *rdata_len = 48; + *rdata = REALLOC(*rdata,*rdata_len); + + dword1 = IVAL(data,0xC); + + SIVAL(*rdata,0,0x03020005); + SIVAL(*rdata,4,0x10); + SIVAL(*rdata,8,0x30); + SIVAL(*rdata,0xC,dword1); + SIVAL(*rdata,0x10,0x18); +} + + +BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + uint32 id,id2; + + id = IVAL(data,0); + + DEBUG(4,("lsarpc TransactNamedPipe id %lx\n",id)); + switch (id) + { + case 0xb0005: + LsarpcTNP1(data,rdata,rdata_len); + break; + + case 0x03000005: + id2 = IVAL(data,8); + DEBUG(4,("\t- Suboperation %lx\n",id2)); + switch (id2 & 0xF) + { + case 8: + LsarpcTNP2(data,rdata,rdata_len); + break; + + case 0xC: + LsarpcTNP4(data,rdata,rdata_len); + break; + + case 0xE: + LsarpcTNP3(data,rdata,rdata_len); + break; + } + break; + } + return(True); +} diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index d463b305c9..a97c8c9c9c 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -294,6 +294,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) BOOL valid_nt_password = False; pstring user; BOOL guest=False; + BOOL computer_id=False; *smb_apasswd = 0; @@ -349,6 +350,15 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) DEBUG(3,("sesssetupX:name=[%s]\n",user)); + /* If name ends in $ then I think it's asking about whether a */ + /* computer with that name (minus the $) has access. For now */ + /* say yes to everything ending in $. */ + if (user[strlen(user) - 1] == '$') { + computer_id = True; + user[strlen(user) - 1] = '\0'; + } + + if (!*user) strcpy(user,lp_guestaccount(-1)); @@ -380,7 +390,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) } if (!valid_nt_password && !guest && !password_ok(user,smb_apasswd,smb_apasslen,NULL,False)) { - if (lp_security() >= SEC_USER) { + if (!computer_id && lp_security() >= SEC_USER) { #if (GUEST_SESSSETUP == 0) return(ERROR(ERRSRV,ERRbadpw)); #endif @@ -444,7 +454,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) CVAL(outbuf,smb_vwv0) = smb_com2; SSVAL(outbuf,smb_vwv1,(chain_size+outsize)-4); - if (guest) + if (guest && !computer_id) SSVAL(outbuf,smb_vwv2,1); /* register the name and uid as being validated, so further connections @@ -980,6 +990,10 @@ int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize) struct stat sbuf; int smb_action = 0; + /* If it's an IPC, pass off the pipe handler. */ + if (IS_IPC(cnum)) + return reply_open_pipe_and_X(inbuf,outbuf,length,bufsize); + /* XXXX we need to handle passed times, sattr and flags */ strcpy(fname,smb_buf(inbuf)); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 334edf77d0..170062a531 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1584,7 +1584,7 @@ static int sig_cld() } depth++; - BlockSignals(True); + BlockSignals(True,SIGCLD); DEBUG(5,("got SIGCLD\n")); #ifdef USE_WAITPID @@ -1610,7 +1610,7 @@ static int sig_cld() while (wait3(WAIT3_CAST1 NULL, WNOHANG, WAIT3_CAST2 NULL) > 0); #endif depth--; - BlockSignals(False); + BlockSignals(False,SIGCLD); return 0; } #endif @@ -1791,13 +1791,13 @@ this prevents zombie child processes ****************************************************************************/ static int sig_hup() { - BlockSignals(True); + BlockSignals(True,SIGHUP); DEBUG(0,("Got SIGHUP\n")); reload_services(False); #ifndef DONT_REINSTALL_SIG signal(SIGHUP,SIGNAL_CAST sig_hup); #endif - BlockSignals(False); + BlockSignals(False,SIGHUP); return(0); } @@ -3011,7 +3011,7 @@ struct smb_message_struct {SMBunlink,"SMBunlink",reply_unlink,AS_USER | NEED_WRITE}, {SMBread,"SMBread",reply_read,AS_USER}, {SMBwrite,"SMBwrite",reply_write,AS_USER}, - {SMBclose,"SMBclose",reply_close,AS_USER}, + {SMBclose,"SMBclose",reply_close,AS_USER | CAN_IPC}, {SMBmkdir,"SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE}, {SMBrmdir,"SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE}, {SMBdskattr,"SMBdskattr",reply_dskattr,AS_USER}, @@ -3054,7 +3054,7 @@ struct smb_message_struct {SMBcopy,"SMBcopy",reply_copy,AS_USER | NEED_WRITE}, {SMBmove,"SMBmove",NULL,AS_USER | NEED_WRITE}, - {SMBopenX,"SMBopenX",reply_open_and_X,AS_USER}, + {SMBopenX,"SMBopenX",reply_open_and_X,AS_USER | CAN_IPC}, {SMBreadX,"SMBreadX",reply_read_and_X,AS_USER}, {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER}, {SMBlockingX,"SMBlockingX",reply_lockingX,AS_USER}, @@ -3456,7 +3456,7 @@ static void process(void) /* clean the share modes every 5 minutes */ if (!(counter%SHARE_MODES_CLEAN)) - clean_share_files(); + clean_share_modes(); /* automatic timeout if all connections are closed */ if (num_connections_open==0 && counter >= IDLE_CLOSED_TIMEOUT) { @@ -3744,6 +3744,11 @@ static void usage(char *pname) if (!open_sockets(is_daemon,port)) exit(1); +#ifdef FAST_SHARE_MODES + if (!start_share_mode_mgmt()) + exit(1); +#endif + /* possibly reload the services file. */ reload_services(True); @@ -3758,6 +3763,10 @@ static void usage(char *pname) process(); close_sockets(); +#ifdef FAST_SHARE_MODES + stop_share_mode_mgmt(); +#endif + exit_server("normal exit"); return(0); } -- cgit