From 7d93d3d4b8db230ceb51a81f18650b8114528f1f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 22 Jan 2009 10:19:14 +0100 Subject: s3:namecache: remove unused namecache_shutdown() function metze --- source3/smbd/server.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 505763014e..65fb0a84d1 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1476,8 +1476,6 @@ extern void build_options(bool screen); smbd_process(); - namecache_shutdown(); - exit_server_cleanly(NULL); return(0); } -- cgit From 6a2b7f98151ef0b5b434e1ed522a47770e2151ea Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 22 Jan 2009 10:13:45 +0100 Subject: s3:smbd: we should setup the client socket in the same way in all code pathes We should behave the same in inetd, interactive and deamon modes. metze --- source3/smbd/server.c | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 65fb0a84d1..794e9d2ac6 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -199,9 +199,6 @@ static bool open_sockets_inetd(void) /* close our standard file descriptors */ close_low_fds(False); /* Don't close stderr */ - - set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); - set_socket_options(smbd_server_fd(), lp_socket_options()); return True; } @@ -690,17 +687,11 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ continue; } - /* Ensure child is set to blocking mode */ - set_blocking(smbd_server_fd(),True); - - if (smbd_server_fd() != -1 && interactive) + if (interactive) return True; if (allowable_number_of_smbd_processes() && - smbd_server_fd() != -1 && ((child = sys_fork())==0)) { - char remaddr[INET6_ADDRSTRLEN]; - /* Child code ... */ /* Stop zombies, the parent explicitly handles @@ -719,17 +710,6 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ close_low_fds(False); am_parent = 0; - set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); - set_socket_options(smbd_server_fd(), - lp_socket_options()); - - /* this is needed so that we get decent entries - in smbstatus for port 445 connects */ - set_remote_machine_name(get_peer_addr(smbd_server_fd(), - remaddr, - sizeof(remaddr)), - false); - if (!reinit_after_fork( smbd_messaging_context(), smbd_event_context(), @@ -1114,6 +1094,7 @@ extern void build_options(bool screen); POPT_COMMON_DYNCONFIG POPT_TABLEEND }; + char remaddr[INET6_ADDRSTRLEN]; TALLOC_CTX *frame = talloc_stackframe(); /* Setup tos. */ smbd_init_globals(); @@ -1379,6 +1360,19 @@ extern void build_options(bool screen); * everything after this point is run after the fork() */ + /* Ensure child is set to blocking mode */ + set_blocking(smbd_server_fd(),True); + + set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); + set_socket_options(smbd_server_fd(), lp_socket_options()); + + /* this is needed so that we get decent entries + in smbstatus for port 445 connects */ + set_remote_machine_name(get_peer_addr(smbd_server_fd(), + remaddr, + sizeof(remaddr)), + false); + static_init_rpc; init_modules(); -- cgit From 27f812f3a85ce21ca79143f59c823913f57fa507 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 22 Jan 2009 12:36:42 +0100 Subject: s3:smbd: move all code that handles a client connection into smbd_process() metze --- source3/smbd/process.c | 224 +++++++++++++++++++++++++++++++++++++++++++++++-- source3/smbd/server.c | 212 ---------------------------------------------- 2 files changed, 218 insertions(+), 218 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/process.c b/source3/smbd/process.c index a025bb4197..a07b71e5ac 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1903,12 +1903,135 @@ static void smbd_server_connection_handler(struct event_context *ev, } } + +/**************************************************************************** +received when we should release a specific IP +****************************************************************************/ +static void release_ip(const char *ip, void *priv) +{ + char addr[INET6_ADDRSTRLEN]; + + if (strcmp(client_socket_addr(get_client_fd(),addr,sizeof(addr)), ip) == 0) { + /* we can't afford to do a clean exit - that involves + database writes, which would potentially mean we + are still running after the failover has finished - + we have to get rid of this process ID straight + away */ + DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n", + ip)); + /* note we must exit with non-zero status so the unclean handler gets + called in the parent, so that the brl database is tickled */ + _exit(1); + } +} + +static void msg_release_ip(struct messaging_context *msg_ctx, void *private_data, + uint32_t msg_type, struct server_id server_id, DATA_BLOB *data) +{ + release_ip((char *)data->data, NULL); +} + +#ifdef CLUSTER_SUPPORT +static int client_get_tcp_info(struct sockaddr_storage *server, + struct sockaddr_storage *client) +{ + socklen_t length; + if (server_fd == -1) { + return -1; + } + length = sizeof(*server); + if (getsockname(server_fd, (struct sockaddr *)server, &length) != 0) { + return -1; + } + length = sizeof(*client); + if (getpeername(server_fd, (struct sockaddr *)client, &length) != 0) { + return -1; + } + return 0; +} +#endif + +/* + * Send keepalive packets to our client + */ +static bool keepalive_fn(const struct timeval *now, void *private_data) +{ + if (!send_keepalive(smbd_server_fd())) { + DEBUG( 2, ( "Keepalive failed - exiting.\n" ) ); + return False; + } + return True; +} + +/* + * Do the recurring check if we're idle + */ +static bool deadtime_fn(const struct timeval *now, void *private_data) +{ + if ((conn_num_open() == 0) + || (conn_idle_all(now->tv_sec))) { + DEBUG( 2, ( "Closing idle connection\n" ) ); + messaging_send(smbd_messaging_context(), procid_self(), + MSG_SHUTDOWN, &data_blob_null); + return False; + } + + return True; +} + +/* + * Do the recurring log file and smb.conf reload checks. + */ + +static bool housekeeping_fn(const struct timeval *now, void *private_data) +{ + change_to_root_user(); + + /* update printer queue caches if necessary */ + update_monitored_printq_cache(); + + /* check if we need to reload services */ + check_reload(time(NULL)); + + /* Change machine password if neccessary. */ + attempt_machine_password_change(); + + /* + * Force a log file check. + */ + force_check_log_size(); + check_log_size(); + return true; +} + /**************************************************************************** Process commands from the client ****************************************************************************/ void smbd_process(void) { + TALLOC_CTX *frame = talloc_stackframe(); + char remaddr[INET6_ADDRSTRLEN]; + + smbd_server_conn = talloc_zero(smbd_event_context(), struct smbd_server_connection); + if (!smbd_server_conn) { + exit_server("failed to create smbd_server_connection"); + } + + /* Ensure child is set to blocking mode */ + set_blocking(smbd_server_fd(),True); + + set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); + set_socket_options(smbd_server_fd(), lp_socket_options()); + + /* this is needed so that we get decent entries + in smbstatus for port 445 connects */ + set_remote_machine_name(get_peer_addr(smbd_server_fd(), + remaddr, + sizeof(remaddr)), + false); + reload_services(true); + /* * Before the first packet, check the global hosts allow/ hosts deny * parameters before doing any parsing of packets passed to us by the @@ -1931,12 +2054,96 @@ void smbd_process(void) exit_server_cleanly("connection denied"); } - max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); + static_init_rpc; - smbd_server_conn = talloc_zero(smbd_event_context(), struct smbd_server_connection); - if (!smbd_server_conn) { - exit_server("failed to create smbd_server_connection"); + init_modules(); + + if (!init_account_policy()) { + exit_server("Could not open account policy tdb.\n"); + } + + if (*lp_rootdir()) { + if (chroot(lp_rootdir()) != 0) { + DEBUG(0,("Failed changed root to %s\n", lp_rootdir())); + exit_server("Failed to chroot()"); + } + DEBUG(0,("Changed root to %s\n", lp_rootdir())); + } + + /* Setup oplocks */ + if (!init_oplocks(smbd_messaging_context())) + exit_server("Failed to init oplocks"); + + /* Setup aio signal handler. */ + initialize_async_io_handler(); + + /* register our message handlers */ + messaging_register(smbd_messaging_context(), NULL, + MSG_SMB_FORCE_TDIS, msg_force_tdis); + messaging_register(smbd_messaging_context(), NULL, + MSG_SMB_RELEASE_IP, msg_release_ip); + messaging_register(smbd_messaging_context(), NULL, + MSG_SMB_CLOSE_FILE, msg_close_file); + + if ((lp_keepalive() != 0) + && !(event_add_idle(smbd_event_context(), NULL, + timeval_set(lp_keepalive(), 0), + "keepalive", keepalive_fn, + NULL))) { + DEBUG(0, ("Could not add keepalive event\n")); + exit(1); + } + + if (!(event_add_idle(smbd_event_context(), NULL, + timeval_set(IDLE_CLOSED_TIMEOUT, 0), + "deadtime", deadtime_fn, NULL))) { + DEBUG(0, ("Could not add deadtime event\n")); + exit(1); } + + if (!(event_add_idle(smbd_event_context(), NULL, + timeval_set(SMBD_SELECT_TIMEOUT, 0), + "housekeeping", housekeeping_fn, NULL))) { + DEBUG(0, ("Could not add housekeeping event\n")); + exit(1); + } + +#ifdef CLUSTER_SUPPORT + + if (lp_clustering()) { + /* + * We need to tell ctdb about our client's TCP + * connection, so that for failover ctdbd can send + * tickle acks, triggering a reconnection by the + * client. + */ + + struct sockaddr_storage srv, clnt; + + if (client_get_tcp_info(&srv, &clnt) == 0) { + + NTSTATUS status; + + status = ctdbd_register_ips( + messaging_ctdbd_connection(), + &srv, &clnt, release_ip, NULL); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("ctdbd_register_ips failed: %s\n", + nt_errstr(status))); + } + } else + { + DEBUG(0,("Unable to get tcp info for " + "CTDB_CONTROL_TCP_CLIENT: %s\n", + strerror(errno))); + } + } + +#endif + + max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); + smbd_server_conn->fde = event_add_fd(smbd_event_context(), smbd_server_conn, smbd_server_fd(), @@ -1947,9 +2154,12 @@ void smbd_process(void) exit_server("failed to create smbd_server_connection fde"); } + TALLOC_FREE(frame); + while (True) { NTSTATUS status; - TALLOC_CTX *frame = talloc_stackframe_pool(8192); + + frame = talloc_stackframe_pool(8192); errno = 0; @@ -1958,9 +2168,11 @@ void smbd_process(void) !NT_STATUS_IS_OK(status)) { DEBUG(3, ("smbd_server_connection_loop_once failed: %s," " exiting\n", nt_errstr(status))); - return; + break; } TALLOC_FREE(frame); } + + exit_server_cleanly(NULL); } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 794e9d2ac6..c5d3c8932a 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -45,26 +45,6 @@ int get_client_fd(void) return server_fd; } -#ifdef CLUSTER_SUPPORT -static int client_get_tcp_info(struct sockaddr_storage *server, - struct sockaddr_storage *client) -{ - socklen_t length; - if (server_fd == -1) { - return -1; - } - length = sizeof(*server); - if (getsockname(server_fd, (struct sockaddr *)server, &length) != 0) { - return -1; - } - length = sizeof(*client); - if (getpeername(server_fd, (struct sockaddr *)client, &length) != 0) { - return -1; - } - return 0; -} -#endif - struct event_context *smbd_event_context(void) { if (!smbd_event_ctx) { @@ -943,34 +923,6 @@ void exit_server_fault(void) exit_server("critical server fault"); } - -/**************************************************************************** -received when we should release a specific IP -****************************************************************************/ -static void release_ip(const char *ip, void *priv) -{ - char addr[INET6_ADDRSTRLEN]; - - if (strcmp(client_socket_addr(get_client_fd(),addr,sizeof(addr)), ip) == 0) { - /* we can't afford to do a clean exit - that involves - database writes, which would potentially mean we - are still running after the failover has finished - - we have to get rid of this process ID straight - away */ - DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n", - ip)); - /* note we must exit with non-zero status so the unclean handler gets - called in the parent, so that the brl database is tickled */ - _exit(1); - } -} - -static void msg_release_ip(struct messaging_context *msg_ctx, void *private_data, - uint32_t msg_type, struct server_id server_id, DATA_BLOB *data) -{ - release_ip((char *)data->data, NULL); -} - /**************************************************************************** Initialise connect, service and file structs. ****************************************************************************/ @@ -997,59 +949,6 @@ static bool init_structs(void ) return True; } -/* - * Send keepalive packets to our client - */ -static bool keepalive_fn(const struct timeval *now, void *private_data) -{ - if (!send_keepalive(smbd_server_fd())) { - DEBUG( 2, ( "Keepalive failed - exiting.\n" ) ); - return False; - } - return True; -} - -/* - * Do the recurring check if we're idle - */ -static bool deadtime_fn(const struct timeval *now, void *private_data) -{ - if ((conn_num_open() == 0) - || (conn_idle_all(now->tv_sec))) { - DEBUG( 2, ( "Closing idle connection\n" ) ); - messaging_send(smbd_messaging_context(), procid_self(), - MSG_SHUTDOWN, &data_blob_null); - return False; - } - - return True; -} - -/* - * Do the recurring log file and smb.conf reload checks. - */ - -static bool housekeeping_fn(const struct timeval *now, void *private_data) -{ - change_to_root_user(); - - /* update printer queue caches if necessary */ - update_monitored_printq_cache(); - - /* check if we need to reload services */ - check_reload(time(NULL)); - - /* Change machine password if neccessary. */ - attempt_machine_password_change(); - - /* - * Force a log file check. - */ - force_check_log_size(); - check_log_size(); - return true; -} - /**************************************************************************** main program. ****************************************************************************/ @@ -1094,7 +993,6 @@ extern void build_options(bool screen); POPT_COMMON_DYNCONFIG POPT_TABLEEND }; - char remaddr[INET6_ADDRSTRLEN]; TALLOC_CTX *frame = talloc_stackframe(); /* Setup tos. */ smbd_init_globals(); @@ -1356,116 +1254,6 @@ extern void build_options(bool screen); if (!open_sockets_smbd(is_daemon, interactive, ports)) exit(1); - /* - * everything after this point is run after the fork() - */ - - /* Ensure child is set to blocking mode */ - set_blocking(smbd_server_fd(),True); - - set_socket_options(smbd_server_fd(),"SO_KEEPALIVE"); - set_socket_options(smbd_server_fd(), lp_socket_options()); - - /* this is needed so that we get decent entries - in smbstatus for port 445 connects */ - set_remote_machine_name(get_peer_addr(smbd_server_fd(), - remaddr, - sizeof(remaddr)), - false); - - static_init_rpc; - - init_modules(); - - /* Possibly reload the services file. Only worth doing in - * daemon mode. In inetd mode, we know we only just loaded this. - */ - if (is_daemon) { - reload_services(True); - } - - if (!init_account_policy()) { - DEBUG(0,("Could not open account policy tdb.\n")); - exit(1); - } - - if (*lp_rootdir()) { - if (chroot(lp_rootdir()) == 0) - DEBUG(2,("Changed root to %s\n", lp_rootdir())); - } - - /* Setup oplocks */ - if (!init_oplocks(smbd_messaging_context())) - exit(1); - - /* Setup aio signal handler. */ - initialize_async_io_handler(); - - /* register our message handlers */ - messaging_register(smbd_messaging_context(), NULL, - MSG_SMB_FORCE_TDIS, msg_force_tdis); - messaging_register(smbd_messaging_context(), NULL, - MSG_SMB_RELEASE_IP, msg_release_ip); - messaging_register(smbd_messaging_context(), NULL, - MSG_SMB_CLOSE_FILE, msg_close_file); - - if ((lp_keepalive() != 0) - && !(event_add_idle(smbd_event_context(), NULL, - timeval_set(lp_keepalive(), 0), - "keepalive", keepalive_fn, - NULL))) { - DEBUG(0, ("Could not add keepalive event\n")); - exit(1); - } - - if (!(event_add_idle(smbd_event_context(), NULL, - timeval_set(IDLE_CLOSED_TIMEOUT, 0), - "deadtime", deadtime_fn, NULL))) { - DEBUG(0, ("Could not add deadtime event\n")); - exit(1); - } - - if (!(event_add_idle(smbd_event_context(), NULL, - timeval_set(SMBD_SELECT_TIMEOUT, 0), - "housekeeping", housekeeping_fn, NULL))) { - DEBUG(0, ("Could not add housekeeping event\n")); - exit(1); - } - -#ifdef CLUSTER_SUPPORT - - if (lp_clustering()) { - /* - * We need to tell ctdb about our client's TCP - * connection, so that for failover ctdbd can send - * tickle acks, triggering a reconnection by the - * client. - */ - - struct sockaddr_storage srv, clnt; - - if (client_get_tcp_info(&srv, &clnt) == 0) { - - NTSTATUS status; - - status = ctdbd_register_ips( - messaging_ctdbd_connection(), - &srv, &clnt, release_ip, NULL); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("ctdbd_register_ips failed: %s\n", - nt_errstr(status))); - } - } else - { - DEBUG(0,("Unable to get tcp info for " - "CTDB_CONTROL_TCP_CLIENT: %s\n", - strerror(errno))); - } - } - -#endif - TALLOC_FREE(frame); smbd_process(); -- cgit From ac61f650ae640c13beee9d48304d7939f700aa11 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 21 Jan 2009 23:24:18 +0100 Subject: s3:smbd: use signal events for SIGTERM, SIGHUP and SIGCHLD metze --- source3/smbd/globals.c | 3 -- source3/smbd/globals.h | 3 -- source3/smbd/process.c | 65 +++++++++++++++++++------ source3/smbd/server.c | 127 ++++++++++++++++++++----------------------------- 4 files changed, 102 insertions(+), 96 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index c5681223f9..d99f2b0680 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -125,8 +125,6 @@ int max_send = BUFFER_SIZE; * Can be modified by the max xmit parameter. */ int max_recv = BUFFER_SIZE; -SIG_ATOMIC_T reload_after_sighup = 0; -SIG_ATOMIC_T got_sig_term = 0; uint16 last_session_tag = UID_FIELD_INVALID; int trans_num = 0; char *orig_inbuf = NULL; @@ -186,7 +184,6 @@ struct kernel_oplocks *koplocks = NULL; struct notify_mid_map *notify_changes_by_mid = NULL; int am_parent = 1; -SIG_ATOMIC_T got_sig_cld = 0; int server_fd = -1; struct event_context *smbd_event_ctx = NULL; struct messaging_context *smbd_msg_ctx = NULL; diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 2c4f8b5821..15085d9d35 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -124,8 +124,6 @@ extern int max_send; * Can be modified by the max xmit parameter. */ extern int max_recv; -extern SIG_ATOMIC_T reload_after_sighup; -extern SIG_ATOMIC_T got_sig_term; extern uint16 last_session_tag; extern int trans_num; extern char *orig_inbuf; @@ -199,7 +197,6 @@ extern struct kernel_oplocks *koplocks; extern struct notify_mid_map *notify_changes_by_mid; extern int am_parent; -extern SIG_ATOMIC_T got_sig_cld; extern int server_fd; extern struct event_context *smbd_event_ctx; extern struct messaging_context *smbd_msg_ctx; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index a07b71e5ac..2326bdab90 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -692,6 +692,56 @@ struct idle_event *event_add_idle(struct event_context *event_ctx, return result; } +static void smbd_sig_term_handler(struct tevent_context *ev, + struct tevent_signal *se, + int signum, + int count, + void *siginfo, + void *private_data) +{ + exit_server_cleanly("termination signal"); +} + +void smbd_setup_sig_term_handler(void) +{ + struct tevent_signal *se; + + se = tevent_add_signal(smbd_event_context(), + smbd_event_context(), + SIGTERM, 0, + smbd_sig_term_handler, + NULL); + if (!se) { + exit_server("failed to setup SIGTERM handler"); + } +} + +static void smbd_sig_hup_handler(struct tevent_context *ev, + struct tevent_signal *se, + int signum, + int count, + void *siginfo, + void *private_data) +{ + change_to_root_user(); + DEBUG(1,("Reloading services after SIGHUP\n")); + reload_services(False); +} + +void smbd_setup_sig_hup_handler(void) +{ + struct tevent_signal *se; + + se = tevent_add_signal(smbd_event_context(), + smbd_event_context(), + SIGHUP, 0, + smbd_sig_hup_handler, + NULL); + if (!se) { + exit_server("failed to setup SIGHUP handler"); + } +} + /**************************************************************************** Do all async processing in here. This includes kernel oplock messages, change notify events etc. @@ -709,18 +759,6 @@ static void async_processing(void) select and may have eaten our signal. */ /* Is this till true? -- vl */ process_aio_queue(); - - if (got_sig_term) { - exit_server_cleanly("termination signal"); - } - - /* check for sighup processing */ - if (reload_after_sighup) { - change_to_root_user(); - DEBUG(1,("Reloading services after SIGHUP\n")); - reload_services(False); - reload_after_sighup = 0; - } } /**************************************************************************** @@ -1830,9 +1868,8 @@ void check_reload(time_t t) mypid = getpid(); } - if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) { + if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) { reload_services(True); - reload_after_sighup = False; last_smb_conf_reload_time = t; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index c5d3c8932a..e6ea5f3986 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -113,35 +113,6 @@ static void smb_stat_cache_delete(struct messaging_context *msg, stat_cache_delete(name); } -/**************************************************************************** - Terminate signal. -****************************************************************************/ - -static void sig_term(void) -{ - got_sig_term = 1; - sys_select_signal(SIGTERM); -} - -/**************************************************************************** - Catch a sighup. -****************************************************************************/ - -static void sig_hup(int sig) -{ - reload_after_sighup = 1; - sys_select_signal(SIGHUP); -} - -/**************************************************************************** - Catch a sigcld -****************************************************************************/ -static void sig_cld(int sig) -{ - got_sig_cld = 1; - sys_select_signal(SIGCLD); -} - /**************************************************************************** Send a SIGTERM to our process group. *****************************************************************************/ @@ -298,6 +269,50 @@ static bool allowable_number_of_smbd_processes(void) return num_children < max_processes; } +static void smbd_sig_chld_handler(struct tevent_context *ev, + struct tevent_signal *se, + int signum, + int count, + void *siginfo, + void *private_data) +{ + pid_t pid; + int status; + + while ((pid = sys_waitpid(-1, &status, WNOHANG)) > 0) { + bool unclean_shutdown = False; + + /* If the child terminated normally, assume + it was an unclean shutdown unless the + status is 0 + */ + if (WIFEXITED(status)) { + unclean_shutdown = WEXITSTATUS(status); + } + /* If the child terminated due to a signal + we always assume it was unclean. + */ + if (WIFSIGNALED(status)) { + unclean_shutdown = True; + } + remove_child_pid(pid, unclean_shutdown); + } +} + +static void smbd_setup_sig_chld_handler(void) +{ + struct tevent_signal *se; + + se = tevent_add_signal(smbd_event_context(), + smbd_event_context(), + SIGCHLD, 0, + smbd_sig_chld_handler, + NULL); + if (!se) { + exit_server("failed to setup SIGCHLD handler"); + } +} + /**************************************************************************** Open the socket communication. ****************************************************************************/ @@ -324,7 +339,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ #endif /* Stop zombies */ - CatchSignal(SIGCLD, sig_cld); + smbd_setup_sig_chld_handler(); FD_ZERO(&listen_set); @@ -550,32 +565,6 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ fd_set r_fds, w_fds; int num; - if (got_sig_cld) { - pid_t pid; - int status; - - got_sig_cld = False; - - while ((pid = sys_waitpid(-1, &status, WNOHANG)) > 0) { - bool unclean_shutdown = False; - - /* If the child terminated normally, assume - it was an unclean shutdown unless the - status is 0 - */ - if (WIFEXITED(status)) { - unclean_shutdown = WEXITSTATUS(status); - } - /* If the child terminated due to a signal - we always assume it was unclean. - */ - if (WIFSIGNALED(status)) { - unclean_shutdown = True; - } - remove_child_pid(pid, unclean_shutdown); - } - } - if (run_events(smbd_event_context(), 0, NULL, NULL)) { continue; } @@ -605,23 +594,6 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ continue; } - if (num == -1 && errno == EINTR) { - if (got_sig_term) { - exit_server_cleanly(NULL); - } - - /* check for sighup processing */ - if (reload_after_sighup) { - change_to_root_user(); - DEBUG(1,("Reloading services after SIGHUP\n")); - reload_services(False); - reload_after_sighup = 0; - } - - continue; - } - - /* If the idle timeout fired and we don't have any connected * users, exit gracefully. We should be running under a process * controller that will restart us if necessry. @@ -698,6 +670,9 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ smb_panic("reinit_after_fork() failed"); } + smbd_setup_sig_term_handler(); + smbd_setup_sig_hup_handler(); + return True; } /* The parent doesn't need this socket */ @@ -1078,9 +1053,6 @@ extern void build_options(bool screen); fault_setup((void (*)(void *))exit_server_fault); dump_core_setup("smbd"); - CatchSignal(SIGTERM , SIGNAL_CAST sig_term); - CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); - /* we are never interested in SIGPIPE */ BlockSignals(True,SIGPIPE); @@ -1190,6 +1162,9 @@ extern void build_options(bool screen); exit(1); } + smbd_setup_sig_term_handler(); + smbd_setup_sig_hup_handler(); + /* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */ if (smbd_memcache() == NULL) { -- cgit From b8c416fe2ac37b3ba0124811cfeddf2015c8d31f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 22 Jan 2009 18:04:17 +0100 Subject: s3:smbd: convert aio to use tevent_signal metze --- source3/smbd/aio.c | 150 +++++++++++++++++-------------------------------- source3/smbd/globals.c | 3 +- source3/smbd/globals.h | 3 +- 3 files changed, 52 insertions(+), 104 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 54ae45a789..4ce43c95e8 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -108,58 +108,6 @@ static struct aio_extra *find_aio_ex(uint16 mid) We can have these many aio buffers in flight. *****************************************************************************/ -/**************************************************************************** - Signal handler when an aio request completes. -*****************************************************************************/ - -void aio_request_done(uint16_t mid) -{ - if (aio_signals_received < aio_pending_size) { - aio_pending_array[aio_signals_received] = mid; - aio_signals_received++; - } - /* Else signal is lost. */ -} - -static void signal_handler(int sig, siginfo_t *info, void *unused) -{ - aio_request_done(info->si_value.sival_int); - sys_select_signal(RT_SIGNAL_AIO); -} - -/**************************************************************************** - Is there a signal waiting ? -*****************************************************************************/ - -bool aio_finished(void) -{ - return (aio_signals_received != 0); -} - -/**************************************************************************** - Initialize the signal handler for aio read/write. -*****************************************************************************/ - -void initialize_async_io_handler(void) -{ - struct sigaction act; - - aio_pending_size = lp_maxmux(); - aio_pending_array = SMB_MALLOC_ARRAY(uint16, aio_pending_size); - SMB_ASSERT(aio_pending_array != NULL); - - ZERO_STRUCT(act); - act.sa_sigaction = signal_handler; - act.sa_flags = SA_SIGINFO; - sigemptyset( &act.sa_mask ); - if (sigaction(RT_SIGNAL_AIO, &act, NULL) != 0) { - DEBUG(0,("Failed to setup RT_SIGNAL_AIO handler\n")); - } - - /* the signal can start off blocked due to a bug in bash */ - BlockSignals(False, RT_SIGNAL_AIO); -} - /**************************************************************************** Set up an aio request from a SMBreadX call. *****************************************************************************/ @@ -573,57 +521,47 @@ static bool handle_aio_completed(struct aio_extra *aio_ex, int *perr) Returns non-zero errno if fail or zero if all ok. *****************************************************************************/ -int process_aio_queue(void) +void smbd_aio_complete_mid(unsigned int mid) { - int i; + files_struct *fsp = NULL; + struct aio_extra *aio_ex = find_aio_ex(mid); int ret = 0; - BlockSignals(True, RT_SIGNAL_AIO); - - DEBUG(10,("process_aio_queue: signals_received = %d\n", - (int)aio_signals_received)); - DEBUG(10,("process_aio_queue: outstanding_aio_calls = %d\n", - outstanding_aio_calls)); + DEBUG(10,("smbd_aio_complete_mid: mid[%u]\n", mid)); - if (!aio_signals_received) { - BlockSignals(False, RT_SIGNAL_AIO); - return 0; + if (!aio_ex) { + DEBUG(3,("smbd_aio_complete_mid: Can't find record to " + "match mid %u.\n", mid)); + srv_cancel_sign_response(mid); + return; } - /* Drain all the complete aio_reads. */ - for (i = 0; i < aio_signals_received; i++) { - uint16 mid = aio_pending_array[i]; - files_struct *fsp = NULL; - struct aio_extra *aio_ex = find_aio_ex(mid); - - if (!aio_ex) { - DEBUG(3,("process_aio_queue: Can't find record to " - "match mid %u.\n", (unsigned int)mid)); - srv_cancel_sign_response(mid); - continue; - } + fsp = aio_ex->fsp; + if (fsp == NULL) { + /* file was closed whilst I/O was outstanding. Just + * ignore. */ + DEBUG( 3,( "smbd_aio_complete_mid: file closed whilst " + "aio outstanding (mid[%u]).\n", mid)); + srv_cancel_sign_response(mid); + return; + } - fsp = aio_ex->fsp; - if (fsp == NULL) { - /* file was closed whilst I/O was outstanding. Just - * ignore. */ - DEBUG( 3,( "process_aio_queue: file closed whilst " - "aio outstanding.\n")); - srv_cancel_sign_response(mid); - continue; - } + if (!handle_aio_completed(aio_ex, &ret)) { + return; + } - if (!handle_aio_completed(aio_ex, &ret)) { - continue; - } + TALLOC_FREE(aio_ex); +} - TALLOC_FREE(aio_ex); - } +static void smbd_aio_signal_handler(struct tevent_context *ev_ctx, + struct tevent_signal *se, + int signum, int count, + void *_info, void *private_data) +{ + siginfo_t *info = (siginfo_t *)_info; + unsigned int mid = (unsigned int)info->si_value.sival_int; - outstanding_aio_calls -= aio_signals_received; - aio_signals_received = 0; - BlockSignals(False, RT_SIGNAL_AIO); - return ret; + smbd_aio_complete_mid(mid); } /**************************************************************************** @@ -755,19 +693,28 @@ void cancel_aio_by_fsp(files_struct *fsp) } } -#else -bool aio_finished(void) -{ - return False; -} +/**************************************************************************** + Initialize the signal handler for aio read/write. +*****************************************************************************/ void initialize_async_io_handler(void) { + aio_signal_event = tevent_add_signal(smbd_event_context(), + smbd_event_context(), + RT_SIGNAL_AIO, SA_SIGINFO, + smbd_aio_signal_handler, + NULL); + if (!aio_signal_event) { + exit_server("Failed to setup RT_SIGNAL_AIO handler"); + } + + /* tevent supports 100 signal with SA_SIGINFO */ + aio_pending_size = 100; } -int process_aio_queue(void) +#else +void initialize_async_io_handler(void) { - return False; } bool schedule_aio_read_and_X(connection_struct *conn, @@ -795,4 +742,7 @@ int wait_for_aio_completion(files_struct *fsp) { return ENOSYS; } + +void smbd_aio_complete_mid(unsigned int mid); + #endif diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index d99f2b0680..28b5a709bd 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -22,10 +22,9 @@ #if defined(WITH_AIO) struct aio_extra *aio_list_head = NULL; +struct tevent_signal *aio_signal_event = NULL; int aio_pending_size = 0; -sig_atomic_t aio_signals_received = 0; int outstanding_aio_calls = 0; -uint16 *aio_pending_array = NULL; #endif /* dlink list we store pending lock records on. */ diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 15085d9d35..283425caf7 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -20,10 +20,9 @@ #if defined(WITH_AIO) struct aio_extra; extern struct aio_extra *aio_list_head; +extern struct tevent_signal *aio_signal_event; extern int aio_pending_size; -extern sig_atomic_t aio_signals_received; extern int outstanding_aio_calls; -extern uint16_t *aio_pending_array; #endif /* dlink list we store pending lock records on. */ -- cgit From 4a2271349503933776f9d2791edfcb874a2c7261 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 23 Jan 2009 10:07:45 +0100 Subject: s3:smbd: remove pointless respond_to_all_remaining_local_messages() function This the process_kernel_oplock() function never response to messages, it only generates messages to ourself. metze --- source3/smbd/process.c | 25 ------------------------- source3/smbd/server.c | 2 -- 2 files changed, 27 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 2326bdab90..9527d94825 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -904,31 +904,6 @@ NTSTATUS allow_new_trans(struct trans_state *list, int mid) return NT_STATUS_OK; } -/**************************************************************************** - We're terminating and have closed all our files/connections etc. - If there are any pending local messages we need to respond to them - before termination so that other smbds don't think we just died whilst - holding oplocks. -****************************************************************************/ - -void respond_to_all_remaining_local_messages(void) -{ - /* - * Assert we have no exclusive open oplocks. - */ - - if(get_number_of_exclusive_open_oplocks()) { - DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n", - get_number_of_exclusive_open_oplocks() )); - return; - } - - process_kernel_oplocks(smbd_messaging_context()); - - return; -} - - /* These flags determine some of the permissions required to do an operation diff --git a/source3/smbd/server.c b/source3/smbd/server.c index e6ea5f3986..7bc96ff5fb 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -832,8 +832,6 @@ static void exit_server_common(enum server_exit_reason how, /* delete our entry in the connections database. */ yield_connection(NULL,""); - respond_to_all_remaining_local_messages(); - #ifdef WITH_DFS if (dcelogin_atmost_once) { dfs_unlogin(); -- cgit From 52f6a4436f9da439fc687894b329898833af7ff8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 23 Jan 2009 10:08:44 +0100 Subject: s3:smbd: make kernel oplocks event driven And use signal events for Linux oplocks. metze --- source3/smbd/globals.c | 9 ------ source3/smbd/globals.h | 6 ---- source3/smbd/oplock.c | 64 ++++++++------------------------------- source3/smbd/oplock_irix.c | 15 ++------- source3/smbd/oplock_linux.c | 66 +++++++++++----------------------------- source3/smbd/process.c | 74 --------------------------------------------- 6 files changed, 33 insertions(+), 201 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index 28b5a709bd..3f8cb411e5 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -169,11 +169,6 @@ struct vfs_init_function_entry *backends = NULL; char *sparse_buf = NULL; char *LastDir = NULL; -#if HAVE_KERNEL_OPLOCKS_LINUX -SIG_ATOMIC_T oplock_signals_received = 0; -SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE]; -#endif - /* Current number of oplocks we have outstanding. */ int32_t exclusive_oplocks_open = 0; int32_t level_II_oplocks_open = 0; @@ -201,8 +196,4 @@ void smbd_init_globals(void) ZERO_STRUCT(conn_ctx_stack); ZERO_STRUCT(sec_ctx_stack); - -#if HAVE_KERNEL_OPLOCKS_LINUX - ZERO_STRUCT(fd_pending_array); -#endif } diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 283425caf7..6ac92ed3dd 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -181,12 +181,6 @@ extern struct vfs_init_function_entry *backends; extern char *sparse_buf; extern char *LastDir; -#if HAVE_KERNEL_OPLOCKS_LINUX -extern SIG_ATOMIC_T oplock_signals_received; -#define FD_PENDING_SIZE 100 -extern SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE]; -#endif - /* Current number of oplocks we have outstanding. */ extern int32_t exclusive_oplocks_open; extern int32_t level_II_oplocks_open; diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index e4b5016538..788d2f7238 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -32,61 +32,23 @@ int32 get_number_of_exclusive_open_oplocks(void) return exclusive_oplocks_open; } -/**************************************************************************** - Return True if an oplock message is pending. -****************************************************************************/ - -bool oplock_message_waiting(void) -{ - if (koplocks && koplocks->ops->msg_waiting(koplocks)) { - return True; - } - - return False; -} - -/**************************************************************************** - Find out if there are any kernel oplock messages waiting and process them - if so. pfds is the fd_set from the main select loop (which contains any - kernel oplock fd if that's what the system uses (IRIX). If may be NULL if - we're calling this in a shutting down state. -****************************************************************************/ - -void process_kernel_oplocks(struct messaging_context *msg_ctx) +/* + * helper function used by the kernel oplock backends to post the break message + */ +void break_kernel_oplock(struct messaging_context *msg_ctx, files_struct *fsp) { - /* - * We need to check for kernel oplocks before going into the select - * here, as the EINTR generated by the linux kernel oplock may have - * already been eaten. JRA. - */ - - if (!koplocks) { - return; - } + uint8_t msg[MSG_SMB_KERNEL_BREAK_SIZE]; - while (koplocks->ops->msg_waiting(koplocks)) { - files_struct *fsp; - char msg[MSG_SMB_KERNEL_BREAK_SIZE]; + /* Put the kernel break info into the message. */ + push_file_id_16((char *)msg, &fsp->file_id); + SIVAL(msg,16,fsp->fh->gen_id); - fsp = koplocks->ops->receive_message(koplocks); + /* Don't need to be root here as we're only ever + sending to ourselves. */ - if (fsp == NULL) { - DEBUG(3, ("Kernel oplock message announced, but none " - "received\n")); - return; - } - - /* Put the kernel break info into the message. */ - push_file_id_16(msg, &fsp->file_id); - SIVAL(msg,16,fsp->fh->gen_id); - - /* Don't need to be root here as we're only ever - sending to ourselves. */ - - messaging_send_buf(msg_ctx, procid_self(), - MSG_SMB_KERNEL_BREAK, - (uint8 *)&msg, MSG_SMB_KERNEL_BREAK_SIZE); - } + messaging_send_buf(msg_ctx, procid_self(), + MSG_SMB_KERNEL_BREAK, + msg, MSG_SMB_KERNEL_BREAK_SIZE); } /**************************************************************************** diff --git a/source3/smbd/oplock_irix.c b/source3/smbd/oplock_irix.c index 0cfa960425..d7f45e67de 100644 --- a/source3/smbd/oplock_irix.c +++ b/source3/smbd/oplock_irix.c @@ -252,13 +252,6 @@ static void irix_release_kernel_oplock(struct kernel_oplocks *_ctx, } } -static bool irix_oplock_msg_waiting(struct kernel_oplocks *_ctx) -{ - struct irix_oplocks_context *ctx = talloc_get_type(_ctx->private_data, - struct irix_oplocks_context); - return ctx->pending; -} - static void irix_oplocks_read_fde_handler(struct event_context *ev, struct fd_event *fde, uint16_t flags, @@ -266,10 +259,10 @@ static void irix_oplocks_read_fde_handler(struct event_context *ev, { struct irix_oplocks_context *ctx = talloc_get_type(private_data, struct irix_oplocks_context); + files_struct *fsp; - ctx->pending = true; - process_kernel_oplocks(smbd_messaging_context()); - ctx->pending = false; + fsp = irix_oplock_receive_message(ctx->ctx); + break_kernel_oplock(smbd_messaging_context(), fsp); } /**************************************************************************** @@ -277,10 +270,8 @@ static void irix_oplocks_read_fde_handler(struct event_context *ev, ****************************************************************************/ static const struct kernel_oplocks_ops irix_koplocks = { - .receive_message = irix_oplock_receive_message, .set_oplock = irix_set_kernel_oplock, .release_oplock = irix_release_kernel_oplock, - .msg_waiting = irix_oplock_msg_waiting }; struct kernel_oplocks *irix_init_kernel_oplocks(TALLOC_CTX *mem_ctx) diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c index 8087167ff4..51cce0ed48 100644 --- a/source3/smbd/oplock_linux.c +++ b/source3/smbd/oplock_linux.c @@ -43,19 +43,6 @@ #define F_SETSIG 10 #endif -/**************************************************************************** - Handle a LEASE signal, incrementing the signals_received and blocking the signal. -****************************************************************************/ - -static void signal_handler(int sig, siginfo_t *info, void *unused) -{ - if (oplock_signals_received < FD_PENDING_SIZE - 1) { - fd_pending_array[oplock_signals_received] = (SIG_ATOMIC_T)info->si_fd; - oplock_signals_received++; - } /* Else signal is lost. */ - sys_select_signal(RT_SIGNAL_LEASE); -} - /* * public function to get linux lease capability. Needed by some VFS modules (eg. gpfs.c) */ @@ -101,24 +88,17 @@ int linux_setlease(int fd, int leasetype) * oplock break protocol. ****************************************************************************/ -static files_struct *linux_oplock_receive_message(struct kernel_oplocks *ctx) +static void linux_oplock_signal_handler(struct tevent_context *ev_ctx, + struct tevent_signal *se, + int signum, int count, + void *_info, void *private_data) { - int fd; + siginfo_t *info = (siginfo_t *)_info; + int fd = info->si_fd; files_struct *fsp; - BlockSignals(True, RT_SIGNAL_LEASE); - fd = fd_pending_array[0]; fsp = file_find_fd(fd); - fd_pending_array[0] = (SIG_ATOMIC_T)-1; - if (oplock_signals_received > 1) - memmove(CONST_DISCARD(void *, &fd_pending_array[0]), - CONST_DISCARD(void *, &fd_pending_array[1]), - sizeof(SIG_ATOMIC_T)*(oplock_signals_received-1)); - oplock_signals_received--; - /* now we can receive more signals */ - BlockSignals(False, RT_SIGNAL_LEASE); - - return fsp; + break_kernel_oplock(smbd_messaging_context(), fsp); } /**************************************************************************** @@ -179,15 +159,6 @@ static void linux_release_kernel_oplock(struct kernel_oplocks *ctx, } } -/**************************************************************************** - See if a oplock message is waiting. -****************************************************************************/ - -static bool linux_oplock_msg_waiting(struct kernel_oplocks *ctx) -{ - return oplock_signals_received != 0; -} - /**************************************************************************** See if the kernel supports oplocks. ****************************************************************************/ @@ -208,16 +179,14 @@ static bool linux_oplocks_available(void) ****************************************************************************/ static const struct kernel_oplocks_ops linux_koplocks = { - .receive_message = linux_oplock_receive_message, .set_oplock = linux_set_kernel_oplock, .release_oplock = linux_release_kernel_oplock, - .msg_waiting = linux_oplock_msg_waiting }; struct kernel_oplocks *linux_init_kernel_oplocks(TALLOC_CTX *mem_ctx) { - struct sigaction act; struct kernel_oplocks *ctx; + struct tevent_signal *se; if (!linux_oplocks_available()) { DEBUG(3,("Linux kernel oplocks not available\n")); @@ -232,19 +201,18 @@ struct kernel_oplocks *linux_init_kernel_oplocks(TALLOC_CTX *mem_ctx) ctx->ops = &linux_koplocks; - ZERO_STRUCT(act); - - act.sa_handler = NULL; - act.sa_sigaction = signal_handler; - act.sa_flags = SA_SIGINFO; - sigemptyset( &act.sa_mask ); - if (sigaction(RT_SIGNAL_LEASE, &act, NULL) != 0) { - DEBUG(0,("Failed to setup RT_SIGNAL_LEASE handler\n")); + se = tevent_add_signal(smbd_event_context(), + ctx, + RT_SIGNAL_LEASE, SA_SIGINFO, + linux_oplock_signal_handler, + ctx); + if (!se) { + DEBUG(0,("Failed to setup RT_SIGNAL_LEASE handler")); + TALLOC_FREE(ctx); return NULL; } - /* the signal can start off blocked due to a bug in bash */ - BlockSignals(False, RT_SIGNAL_LEASE); + ctx->private_data = se; DEBUG(3,("Linux kernel oplocks enabled\n")); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 9527d94825..d617ef1915 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -742,46 +742,6 @@ void smbd_setup_sig_hup_handler(void) } } -/**************************************************************************** - Do all async processing in here. This includes kernel oplock messages, change - notify events etc. -****************************************************************************/ - -static void async_processing(void) -{ - DEBUG(10,("async_processing: Doing async processing.\n")); - - process_aio_queue(); - - process_kernel_oplocks(smbd_messaging_context()); - - /* Do the aio check again after receive_local_message as it does a - select and may have eaten our signal. */ - /* Is this till true? -- vl */ - process_aio_queue(); -} - -/**************************************************************************** - Do a select on an two fd's - with timeout. - - If a local udp message has been pushed onto the - queue (this can only happen during oplock break - processing) call async_processing() - - If a pending smb message has been pushed onto the - queue (this can only happen during oplock break - processing) return this next. - - If the first smbfd is ready then read an smb from it. - if the second (loopback UDP) fd is ready then read a message - from it and setup the buffer header to identify the length - and from address. - Returns False on timeout or error. - Else returns True. - -The timeout is in milliseconds -****************************************************************************/ - static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *conn) { fd_set r_fds, w_fds; @@ -799,26 +759,6 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection * FD_ZERO(&r_fds); FD_ZERO(&w_fds); - /* - * Ensure we process oplock break messages by preference. - * We have to do this before the select, after the select - * and if the select returns EINTR. This is due to the fact - * that the selects called from async_processing can eat an EINTR - * caused by a signal (we can't take the break message there). - * This is hideously complex - *MUST* be simplified for 3.0 ! JRA. - */ - - if (oplock_message_waiting()) { - DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n")); - async_processing(); - /* - * After async processing we must go and do the select again, as - * the state of the flag in fds for the server file descriptor is - * indeterminate - we may have done I/O on it in the oplock processing. JRA. - */ - return NT_STATUS_RETRY; - } - /* * Are there any timed events waiting ? If so, ensure we don't * select for longer than it would take to wait for them. @@ -852,20 +792,6 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection * return NT_STATUS_RETRY; } - /* if we get EINTR then maybe we have received an oplock - signal - treat this as select returning 1. This is ugly, but - is the best we can do until the oplock code knows more about - signals */ - if (selrtn == -1 && errno == EINTR) { - async_processing(); - /* - * After async processing we must go and do the select again, as - * the state of the flag in fds for the server file descriptor is - * indeterminate - we may have done I/O on it in the oplock processing. JRA. - */ - return NT_STATUS_RETRY; - } - /* Check if error */ if (selrtn == -1) { /* something is wrong. Maybe the socket is dead? */ -- cgit From e11e82318c92fdfdc231eb48abb2fb6faac3dcf0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 23 Jan 2009 13:08:22 +0100 Subject: s3:smbd: make inetd code path more clear metze --- source3/smbd/server.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7bc96ff5fb..f95fa874ff 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -136,24 +136,6 @@ static void msg_sam_sync(struct messaging_context *msg, DEBUG(10, ("** sam sync message received, ignoring\n")); } - -/**************************************************************************** - Open the socket communication - inetd. -****************************************************************************/ - -static bool open_sockets_inetd(void) -{ - /* Started from inetd. fd 0 is the socket. */ - /* We will abort gracefully when the client or remote system - goes away */ - smbd_set_server_fd(dup(0)); - - /* close our standard file descriptors */ - close_low_fds(False); /* Don't close stderr */ - - return True; -} - static void msg_exit_server(struct messaging_context *msg, void *private_data, uint32_t msg_type, @@ -317,7 +299,7 @@ static void smbd_setup_sig_chld_handler(void) Open the socket communication. ****************************************************************************/ -static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ports) +static bool open_sockets_smbd(bool interactive, const char *smb_ports) { int num_interfaces = iface_count(); int num_sockets = 0; @@ -330,10 +312,6 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ struct dns_reg_state * dns_reg = NULL; unsigned dns_port = 0; - if (!is_daemon) { - return open_sockets_inetd(); - } - #ifdef HAVE_ATEXIT atexit(killkids); #endif @@ -1224,7 +1202,25 @@ extern void build_options(bool screen); start_background_queue(); } - if (!open_sockets_smbd(is_daemon, interactive, ports)) + if (!is_daemon) { + /* inetd mode */ + TALLOC_FREE(frame); + + /* Started from inetd. fd 0 is the socket. */ + /* We will abort gracefully when the client or remote system + goes away */ + smbd_set_server_fd(dup(0)); + + /* close our standard file descriptors */ + close_low_fds(False); /* Don't close stderr */ + + smbd_process(); + + exit_server_cleanly(NULL); + return(0); + } + + if (!open_sockets_smbd(interactive, ports)) exit(1); TALLOC_FREE(frame); -- cgit From bf2347bd7df19156da8a2884e41ca5b98a3c94c6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 26 Jan 2009 14:55:54 +0100 Subject: s3:smbd: make mdns registration event driven. metze --- source3/smbd/dnsregister.c | 208 +++++++++++++++++++++------------------------ source3/smbd/server.c | 25 +++--- 2 files changed, 108 insertions(+), 125 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c index c092251fee..2fd95f9fb7 100644 --- a/source3/smbd/dnsregister.c +++ b/source3/smbd/dnsregister.c @@ -35,18 +35,16 @@ #include struct dns_reg_state { + struct tevent_context *event_ctx; + uint16_t port; DNSServiceRef srv_ref; - struct timed_event *retry_handler; + struct tevent_timer *te; + int fd; + struct tevent_fd *fde; }; -void dns_register_close(struct dns_reg_state **dns_state_ptr) +static int dns_reg_state_destructor(struct dns_reg_state *dns_state) { - struct dns_reg_state *dns_state = *dns_state_ptr; - - if (dns_state == NULL) { - return; - } - if (dns_state->srv_ref != NULL) { /* Close connection to the mDNS daemon */ DNSServiceRefDeallocate(dns_state->srv_ref); @@ -54,81 +52,52 @@ void dns_register_close(struct dns_reg_state **dns_state_ptr) } /* Clear event handler */ - if (dns_state->retry_handler != NULL) { - TALLOC_FREE(dns_state->retry_handler); - dns_state->retry_handler = NULL; - } + TALLOC_FREE(dns_state->te); + TALLOC_FREE(dns_state->fde); + dns_state->fd = -1; - talloc_free(dns_state); - *dns_state_ptr = NULL; + return 0; } -static void dns_register_smbd_retry(struct event_context *ctx, - struct timed_event *te, - const struct timeval *now, - void *private_data) +static void dns_register_smbd_retry(struct tevent_context *ctx, + struct tevent_timer *te, + struct timeval now, + void *private_data); +static void dns_register_smbd_fde_handler(struct tevent_context *ev, + struct tevent_fd *fde, + uint16_t flags, + void *private_data); + +static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state, + struct timeval tval) { - struct dns_reg_state *dns_state = (struct dns_reg_state *)private_data; - - /* Clear previous registration state to force new - * registration attempt. Clears event handler. - */ - dns_register_close(&dns_state); -} - -static void schedule_dns_register_smbd_retry(struct dns_reg_state *dns_state, - struct timeval *timeout) -{ - struct timed_event * event; - - dns_state->srv_ref = NULL; - event= event_add_timed(smbd_event_context(), - NULL, - timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0), - dns_register_smbd_retry, - dns_state); + dns_reg_state_destructor(dns_state); + + dns_state->te = tevent_add_timer(dns_state->event_ctx, + dns_state, + tval, + dns_register_smbd_retry, + dns_state); + if (!dns_state->te) { + return false; + } - dns_state->retry_handler = event; - get_timed_events_timeout(smbd_event_context(), timeout); + return true; } -/* Kick off a mDNS request to register the "_smb._tcp" on the specified port. - * We really ought to register on all the ports we are listening on. This will - * have to be an exercise for some-one who knows the DNS registration API a bit - * better. - */ -void dns_register_smbd(struct dns_reg_state ** dns_state_ptr, - unsigned port, - int *maxfd, - fd_set *listen_set, - struct timeval *timeout) +static void dns_register_smbd_retry(struct tevent_context *ctx, + struct tevent_timer *te, + struct timeval now, + void *private_data) { - int mdnsd_conn_fd; + struct dns_reg_state *dns_state = talloc_get_type_abort(private_data, + struct dns_reg_state); DNSServiceErrorType err; - struct dns_reg_state *dns_state = *dns_state_ptr; - - if (dns_state == NULL) { - *dns_state_ptr = dns_state = talloc(NULL, struct dns_reg_state); - if (dns_state == NULL) { - return; - } - } - - /* Quit if a re-try attempt has been scheduled. */ - if (dns_state->retry_handler != NULL) { - return; - } - /* If a registration is active add conn - * fd to select listen_set and return - */ - if (dns_state->srv_ref != NULL) { - mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref); - FD_SET(mdnsd_conn_fd, listen_set); - return; - } + dns_reg_state_destructor(dns_state); - DEBUG(6, ("registering _smb._tcp service on port %d\n", port)); + DEBUG(6, ("registering _smb._tcp service on port %d\n", + dns_state->port)); /* Register service with DNS. Connects with the mDNS * daemon running on the local system to perform DNS @@ -140,7 +109,7 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr, "_smb._tcp" /* service type */, NULL /* domain */, "" /* SRV target host name */, - htons(port), + htons(dns_state->port), 0 /* TXT record len */, NULL /* TXT record data */, NULL /* callback func */, @@ -150,62 +119,81 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr, /* Failed to register service. Schedule a re-try attempt. */ DEBUG(3, ("unable to register with mDNS (err %d)\n", err)); - schedule_dns_register_smbd_retry(dns_state, timeout); - return; + goto retry; + } + + dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref); + if (dns_state->fd == -1) { + goto retry; } - mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref); - FD_SET(mdnsd_conn_fd, listen_set); - *maxfd = MAX(*maxfd, mdnsd_conn_fd); - *timeout = timeval_zero(); + dns_state->fde = tevent_add_fd(dns_state->event_ctx, + dns_state, + dns_state->fd, + TEVENT_FD_READ, + dns_register_smbd_fde_handler, + dns_state); + if (!dns_state->fde) { + goto retry; + } + return; + retry: + dns_register_smbd_schedule(dns_state, + timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0)); } /* Processes reply from mDNS daemon. Returns true if a reply was received */ -bool dns_register_smbd_reply(struct dns_reg_state *dns_state, - fd_set *lfds, struct timeval *timeout) +static void dns_register_smbd_fde_handler(struct tevent_context *ev, + struct tevent_fd *fde, + uint16_t flags, + void *private_data) { - int mdnsd_conn_fd = -1; + struct dns_reg_state *dns_state = talloc_get_type_abort(private_data, + struct dns_reg_state); + DNSServiceErrorType err; - if (dns_state->srv_ref == NULL) { - return false; + err = DNSServiceProcessResult(dns_state->srv_ref); + if (err != kDNSServiceErr_NoError) { + DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", + err)); + goto retry; } - mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref); + talloc_free(dns_state); + return; - /* Process reply from daemon. Handles any errors. */ - if ((mdnsd_conn_fd != -1) && (FD_ISSET(mdnsd_conn_fd,lfds)) ) { - DNSServiceErrorType err; - - err = DNSServiceProcessResult(dns_state->srv_ref); - if (err != kDNSServiceErr_NoError) { - DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", - err)); - schedule_dns_register_smbd_retry(dns_state, timeout); - } + retry: + dns_register_smbd_schedule(dns_state, + timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0)); +} - return true; +bool smbd_setup_mdns_registration(struct tevent_context *ev, + TALLOC_CTX *mem_ctx, + uint16_t port) +{ + struct dns_reg_state *dns_state; + + dns_state = talloc_zero(mem_ctx, struct dns_reg_state); + if (dns_state == NULL) { + return false; } + dns_state->event_ctx = ev; + dns_state->port = port; + dns_state->fd = -1; + + talloc_set_destructor(dns_state, dns_reg_state_destructor); - return false; + return dns_register_smbd_schedule(dns_state, timeval_zero()); } #else /* WITH_DNSSD_SUPPORT */ - void dns_register_smbd(struct dns_reg_state ** dns_state_ptr, - unsigned port, - int *maxfd, - fd_set *listen_set, - struct timeval *timeout) -{} - - void dns_register_close(struct dns_reg_state ** dns_state_ptr) -{} - - bool dns_register_smbd_reply(struct dns_reg_state *dns_state, - fd_set *lfds, struct timeval *timeout) +bool smbd_setup_mdns_registration(struct tevent_context *ev, + TALLOC_CTX *mem_ctx, + uint16_t port) { - return false; + return true; } #endif /* WITH_DNSSD_SUPPORT */ diff --git a/source3/smbd/server.c b/source3/smbd/server.c index f95fa874ff..d71a04ebc1 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -309,13 +309,15 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) int maxfd = 0; int i; char *ports; - struct dns_reg_state * dns_reg = NULL; + TALLOC_CTX *dns_ctx = NULL; unsigned dns_port = 0; #ifdef HAVE_ATEXIT atexit(killkids); #endif + dns_ctx = talloc_new(NULL); + /* Stop zombies */ smbd_setup_sig_chld_handler(); @@ -535,6 +537,11 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) MSG_SMB_INJECT_FAULT, msg_inject_fault); #endif + if (dns_port != 0) { + smbd_setup_mdns_registration(smbd_event_context(), + dns_ctx, dns_port); + } + /* now accept incoming connections - forking a new process for each incoming connection */ DEBUG(2,("waiting for a connection\n")); @@ -554,12 +561,6 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) FD_ZERO(&w_fds); GetTimeOfDay(&now); - /* Kick off our mDNS registration. */ - if (dns_port != 0) { - dns_register_smbd(&dns_reg, dns_port, &maxfd, - &r_fds, &idle_timeout); - } - event_add_to_select_args(smbd_event_context(), &now, &r_fds, &w_fds, &idle_timeout, &maxfd); @@ -580,11 +581,6 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) exit_server_cleanly("idle timeout"); } - /* process pending nDNS responses */ - if (dns_register_smbd_reply(dns_reg, &r_fds, &idle_timeout)) { - --num; - } - /* check if we need to reload services */ check_reload(time(NULL)); @@ -624,6 +620,8 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) ((child = sys_fork())==0)) { /* Child code ... */ + TALLOC_FREE(dns_ctx); + /* Stop zombies, the parent explicitly handles * them, counting worker smbds. */ CatchChild(); @@ -632,9 +630,6 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) for(i = 0; i < num_sockets; i++) close(fd_listenset[i]); - /* close our mDNS daemon handle */ - dns_register_close(&dns_reg); - /* close our standard file descriptors */ close_low_fds(False); -- cgit From e0232934fbf69a9e72de1d9844b14d70b34a2d6a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 27 Jan 2009 10:02:43 +0100 Subject: s3:smbd: wait for new connection via fd events metze --- source3/smbd/server.c | 438 ++++++++++++++++++++++++++------------------------ 1 file changed, 227 insertions(+), 211 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d71a04ebc1..7644cebe69 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -295,44 +295,224 @@ static void smbd_setup_sig_chld_handler(void) } } +struct smbd_open_socket; + +struct smbd_parent_context { + bool interactive; + + /* the list of listening sockets */ + struct smbd_open_socket *sockets; +}; + +struct smbd_open_socket { + struct smbd_open_socket *prev, *next; + struct smbd_parent_context *parent; + int fd; + struct tevent_fd *fde; +}; + +static void smbd_open_socket_close_fn(struct tevent_context *ev, + struct tevent_fd *fde, + int fd, + void *private_data) +{ + /* this might be the socket_wrapper swrap_close() */ + close(fd); +} + +static void smbd_accept_connection(struct tevent_context *ev, + struct tevent_fd *fde, + uint16_t flags, + void *private_data) +{ + struct smbd_open_socket *s = talloc_get_type_abort(private_data, + struct smbd_open_socket); + struct sockaddr_storage addr; + socklen_t in_addrlen = sizeof(addr); + pid_t pid = 0; + + smbd_set_server_fd(accept(s->fd,(struct sockaddr *)&addr,&in_addrlen)); + + if (smbd_server_fd() == -1 && errno == EINTR) + return; + + if (smbd_server_fd() == -1) { + DEBUG(0,("open_sockets_smbd: accept: %s\n", + strerror(errno))); + return; + } + + if (s->parent->interactive) { + smbd_process(); + exit_server_cleanly("end of interactive mode"); + return; + } + + if (!allowable_number_of_smbd_processes()) { + close(smbd_server_fd()); + smbd_set_server_fd(-1); + return; + } + + pid = sys_fork(); + if (pid == 0) { + /* Child code ... */ + am_parent = 0; + + /* Stop zombies, the parent explicitly handles + * them, counting worker smbds. */ + CatchChild(); + + /* close our standard file + descriptors */ + close_low_fds(False); + + TALLOC_FREE(s->parent); + s = NULL; + + if (!reinit_after_fork( + smbd_messaging_context(), + smbd_event_context(), + true)) { + DEBUG(0,("reinit_after_fork() failed\n")); + smb_panic("reinit_after_fork() failed"); + } + + smbd_setup_sig_term_handler(); + smbd_setup_sig_hup_handler(); + + smbd_process(); + exit_server_cleanly("end of child"); + return; + } else if (pid < 0) { + DEBUG(0,("smbd_accept_connection: sys_fork() failed: %s\n", + strerror(errno))); + } + + /* The parent doesn't need this socket */ + close(smbd_server_fd()); + + /* Sun May 6 18:56:14 2001 ackley@cs.unm.edu: + Clear the closed fd info out of server_fd -- + and more importantly, out of client_fd in + util_sock.c, to avoid a possible + getpeername failure if we reopen the logs + and use %I in the filename. + */ + + smbd_set_server_fd(-1); + + if (pid != 0) { + add_child_pid(pid); + } + + /* Force parent to check log size after + * spawning child. Fix from + * klausr@ITAP.Physik.Uni-Stuttgart.De. The + * parent smbd will log to logserver.smb. It + * writes only two messages for each child + * started/finished. But each child writes, + * say, 50 messages also in logserver.smb, + * begining with the debug_count of the + * parent, before the child opens its own log + * file logserver.client. In a worst case + * scenario the size of logserver.smb would be + * checked after about 50*50=2500 messages + * (ca. 100kb). + * */ + force_check_log_size(); +} + +bool smbd_open_one_socket(struct smbd_parent_context *parent, + const struct sockaddr_storage *ifss, + uint16_t port) +{ + struct smbd_open_socket *s; + + s = talloc(parent, struct smbd_open_socket); + if (!s) { + return false; + } + + s->parent = parent; + s->fd = open_socket_in(SOCK_STREAM, + port, + parent->sockets == NULL ? 0 : 2, + ifss, + true); + if (s->fd == -1) { + DEBUG(0,("smbd_open_once_socket: open_socket_in: " + "%s\n", strerror(errno))); + close(s->fd); + TALLOC_FREE(s); + return false; + } + + /* ready to listen */ + set_socket_options(s->fd, "SO_KEEPALIVE"); + set_socket_options(s->fd, lp_socket_options()); + + /* Set server socket to + * non-blocking for the accept. */ + set_blocking(s->fd, False); + + if (listen(s->fd, SMBD_LISTEN_BACKLOG) == -1) { + DEBUG(0,("open_sockets_smbd: listen: " + "%s\n", strerror(errno))); + close(s->fd); + TALLOC_FREE(s); + return false; + } + + s->fde = tevent_add_fd(smbd_event_context(), + s, + s->fd, TEVENT_FD_READ, + smbd_accept_connection, + s); + if (!s->fde) { + DEBUG(0,("open_sockets_smbd: " + "tevent_add_fd: %s\n", + strerror(errno))); + close(s->fd); + TALLOC_FREE(s); + return false; + } + tevent_fd_set_close_fn(s->fde, smbd_open_socket_close_fn); + + DLIST_ADD_END(parent->sockets, s, struct smbd_open_socket *); + + return true; +} + /**************************************************************************** Open the socket communication. ****************************************************************************/ -static bool open_sockets_smbd(bool interactive, const char *smb_ports) +static bool open_sockets_smbd(struct smbd_parent_context *parent, + const char *smb_ports) { int num_interfaces = iface_count(); - int num_sockets = 0; - int fd_listenset[FD_SETSIZE]; - fd_set listen_set; - int s; - int maxfd = 0; int i; char *ports; - TALLOC_CTX *dns_ctx = NULL; unsigned dns_port = 0; #ifdef HAVE_ATEXIT atexit(killkids); #endif - dns_ctx = talloc_new(NULL); - /* Stop zombies */ smbd_setup_sig_chld_handler(); - FD_ZERO(&listen_set); - /* use a reasonable default set of ports - listing on 445 and 139 */ if (!smb_ports) { ports = lp_smb_ports(); if (!ports || !*ports) { - ports = smb_xstrdup(SMB_PORTS); + ports = talloc_strdup(talloc_tos(), SMB_PORTS); } else { - ports = smb_xstrdup(ports); + ports = talloc_strdup(talloc_tos(), ports); } } else { - ports = smb_xstrdup(smb_ports); + ports = talloc_strdup(talloc_tos(), smb_ports); } if (lp_interfaces() && lp_bind_interfaces_only()) { @@ -344,7 +524,6 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) /* Now open a listen socket for each of the interfaces. */ for(i = 0; i < num_interfaces; i++) { - TALLOC_CTX *frame = NULL; const struct sockaddr_storage *ifss = iface_n_sockaddr_storage(i); char *tok; @@ -357,64 +536,22 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) continue; } - frame = talloc_stackframe(); for (ptr=ports; - next_token_talloc(frame,&ptr, &tok, " \t,");) { + next_token_talloc(talloc_tos(),&ptr, &tok, " \t,");) { unsigned port = atoi(tok); if (port == 0 || port > 0xffff) { continue; } - /* Keep the first port for mDNS service - * registration. - */ - if (dns_port == 0) { - dns_port = port; - } - - s = fd_listenset[num_sockets] = - open_socket_in(SOCK_STREAM, - port, - num_sockets == 0 ? 0 : 2, - ifss, - true); - if(s == -1) { - continue; - } - - /* ready to listen */ - set_socket_options(s,"SO_KEEPALIVE"); - set_socket_options(s,lp_socket_options()); - - /* Set server socket to - * non-blocking for the accept. */ - set_blocking(s,False); - - if (listen(s, SMBD_LISTEN_BACKLOG) == -1) { - DEBUG(0,("open_sockets_smbd: listen: " - "%s\n", strerror(errno))); - close(s); - TALLOC_FREE(frame); - return False; - } - FD_SET(s,&listen_set); - maxfd = MAX( maxfd, s); - - num_sockets++; - if (num_sockets >= FD_SETSIZE) { - DEBUG(0,("open_sockets_smbd: Too " - "many sockets to bind to\n")); - TALLOC_FREE(frame); - return False; + if (!smbd_open_one_socket(parent, ifss, port)) { + return false; } } - TALLOC_FREE(frame); } } else { /* Just bind to 0.0.0.0 - accept connections from anywhere. */ - TALLOC_CTX *frame = talloc_stackframe(); char *tok; const char *ptr; const char *sock_addr = lp_socket_address(); @@ -431,8 +568,8 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) } for (sock_ptr=sock_addr; - next_token_talloc(frame, &sock_ptr, &sock_tok, " \t,"); ) { - for (ptr=ports; next_token_talloc(frame, &ptr, &tok, " \t,"); ) { + next_token_talloc(talloc_tos(), &sock_ptr, &sock_tok, " \t,"); ) { + for (ptr=ports; next_token_talloc(talloc_tos(), &ptr, &tok, " \t,"); ) { struct sockaddr_storage ss; unsigned port = atoi(tok); @@ -453,52 +590,14 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) continue; } - s = open_socket_in(SOCK_STREAM, - port, - num_sockets == 0 ? 0 : 2, - &ss, - true); - if (s == -1) { - continue; - } - - /* ready to listen */ - set_socket_options(s,"SO_KEEPALIVE"); - set_socket_options(s,lp_socket_options()); - - /* Set server socket to non-blocking - * for the accept. */ - set_blocking(s,False); - - if (listen(s, SMBD_LISTEN_BACKLOG) == -1) { - DEBUG(0,("open_sockets_smbd: " - "listen: %s\n", - strerror(errno))); - close(s); - TALLOC_FREE(frame); - return False; - } - - fd_listenset[num_sockets] = s; - FD_SET(s,&listen_set); - maxfd = MAX( maxfd, s); - - num_sockets++; - - if (num_sockets >= FD_SETSIZE) { - DEBUG(0,("open_sockets_smbd: Too " - "many sockets to bind to\n")); - TALLOC_FREE(frame); - return False; + if (!smbd_open_one_socket(parent, &ss, port)) { + return false; } } } - TALLOC_FREE(frame); } - SAFE_FREE(ports); - - if (num_sockets == 0) { + if (parent->sockets == NULL) { DEBUG(0,("open_sockets_smbd: No " "sockets available to bind to.\n")); return false; @@ -539,26 +638,33 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) if (dns_port != 0) { smbd_setup_mdns_registration(smbd_event_context(), - dns_ctx, dns_port); + parent, dns_port); } + return true; +} + +static void smbd_parent_loop(struct smbd_parent_context *parent) +{ /* now accept incoming connections - forking a new process for each incoming connection */ DEBUG(2,("waiting for a connection\n")); while (1) { struct timeval now, idle_timeout; fd_set r_fds, w_fds; + int maxfd = 0; int num; + TALLOC_CTX *frame = talloc_stackframe(); if (run_events(smbd_event_context(), 0, NULL, NULL)) { + TALLOC_FREE(frame); continue; } idle_timeout = timeval_zero(); - memcpy((char *)&r_fds, (char *)&listen_set, - sizeof(listen_set)); FD_ZERO(&w_fds); + FD_ZERO(&r_fds); GetTimeOfDay(&now); event_add_to_select_args(smbd_event_context(), &now, @@ -569,7 +675,11 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) timeval_is_zero(&idle_timeout) ? NULL : &idle_timeout); + /* check if we need to reload services */ + check_reload(time(NULL)); + if (run_events(smbd_event_context(), num, &r_fds, &w_fds)) { + TALLOC_FREE(frame); continue; } @@ -580,108 +690,7 @@ static bool open_sockets_smbd(bool interactive, const char *smb_ports) if (num == 0 && count_all_current_connections() == 0) { exit_server_cleanly("idle timeout"); } - - /* check if we need to reload services */ - check_reload(time(NULL)); - - /* Find the sockets that are read-ready - - accept on these. */ - for( ; num > 0; num--) { - struct sockaddr addr; - socklen_t in_addrlen = sizeof(addr); - pid_t child = 0; - - s = -1; - for(i = 0; i < num_sockets; i++) { - if(FD_ISSET(fd_listenset[i],&r_fds)) { - s = fd_listenset[i]; - /* Clear this so we don't look - at it again. */ - FD_CLR(fd_listenset[i],&r_fds); - break; - } - } - - smbd_set_server_fd(accept(s,&addr,&in_addrlen)); - - if (smbd_server_fd() == -1 && errno == EINTR) - continue; - - if (smbd_server_fd() == -1) { - DEBUG(2,("open_sockets_smbd: accept: %s\n", - strerror(errno))); - continue; - } - - if (interactive) - return True; - - if (allowable_number_of_smbd_processes() && - ((child = sys_fork())==0)) { - /* Child code ... */ - - TALLOC_FREE(dns_ctx); - - /* Stop zombies, the parent explicitly handles - * them, counting worker smbds. */ - CatchChild(); - - /* close the listening socket(s) */ - for(i = 0; i < num_sockets; i++) - close(fd_listenset[i]); - - /* close our standard file - descriptors */ - close_low_fds(False); - am_parent = 0; - - if (!reinit_after_fork( - smbd_messaging_context(), - smbd_event_context(), - true)) { - DEBUG(0,("reinit_after_fork() failed\n")); - smb_panic("reinit_after_fork() failed"); - } - - smbd_setup_sig_term_handler(); - smbd_setup_sig_hup_handler(); - - return True; - } - /* The parent doesn't need this socket */ - close(smbd_server_fd()); - - /* Sun May 6 18:56:14 2001 ackley@cs.unm.edu: - Clear the closed fd info out of server_fd -- - and more importantly, out of client_fd in - util_sock.c, to avoid a possible - getpeername failure if we reopen the logs - and use %I in the filename. - */ - - smbd_set_server_fd(-1); - - if (child != 0) { - add_child_pid(child); - } - - /* Force parent to check log size after - * spawning child. Fix from - * klausr@ITAP.Physik.Uni-Stuttgart.De. The - * parent smbd will log to logserver.smb. It - * writes only two messages for each child - * started/finished. But each child writes, - * say, 50 messages also in logserver.smb, - * begining with the debug_count of the - * parent, before the child opens its own log - * file logserver.client. In a worst case - * scenario the size of logserver.smb would be - * checked after about 50*50=2500 messages - * (ca. 100kb). - * */ - force_check_log_size(); - - } /* end for num */ + TALLOC_FREE(frame); } /* end while 1 */ /* NOTREACHED return True; */ @@ -939,6 +948,7 @@ extern void build_options(bool screen); POPT_COMMON_DYNCONFIG POPT_TABLEEND }; + struct smbd_parent_context *parent = NULL; TALLOC_CTX *frame = talloc_stackframe(); /* Setup tos. */ smbd_init_globals(); @@ -1215,12 +1225,18 @@ extern void build_options(bool screen); return(0); } - if (!open_sockets_smbd(interactive, ports)) - exit(1); + parent = talloc_zero(smbd_event_context(), struct smbd_parent_context); + if (!parent) { + exit_server("talloc(struct smbd_parent_context) failed"); + } + parent->interactive = interactive; + + if (!open_sockets_smbd(parent, ports)) + exit_server("open_sockets_smbd() failed"); TALLOC_FREE(frame); - smbd_process(); + smbd_parent_loop(parent); exit_server_cleanly(NULL); return(0); -- cgit From 3ee1acdc8eea0a84131066eaca927dc2ffa238bb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 29 Jan 2009 15:30:38 +0100 Subject: s3:smbd: ignore open_socket_in() failures This restores the pre e0232934fbf69a9e72de1d9844b14d70b34a2d6a behavior. metze --- source3/smbd/server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/smbd') diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7644cebe69..474c5b2fa5 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -445,7 +445,10 @@ bool smbd_open_one_socket(struct smbd_parent_context *parent, "%s\n", strerror(errno))); close(s->fd); TALLOC_FREE(s); - return false; + /* + * We ignore an error here, as we've done before + */ + return true; } /* ready to listen */ -- cgit From ba482e6b8d375449bcce52bfa383b95046d89fc1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 29 Jan 2009 15:42:10 +0100 Subject: s3:smbd: make smbd_open_one_socket() static Michael --- source3/smbd/server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 474c5b2fa5..5f6783e05c 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -423,9 +423,9 @@ static void smbd_accept_connection(struct tevent_context *ev, force_check_log_size(); } -bool smbd_open_one_socket(struct smbd_parent_context *parent, - const struct sockaddr_storage *ifss, - uint16_t port) +static bool smbd_open_one_socket(struct smbd_parent_context *parent, + const struct sockaddr_storage *ifss, + uint16_t port) { struct smbd_open_socket *s; -- cgit From b8f7cdbd79918bba0fea181f97fff5ab0c79192d Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 26 Jan 2009 15:39:40 -0800 Subject: s3: Add a new SMB_VFS_GET_ALLOC_SIZE vfs operation This allows module implementors to customize what allocation size is returned to the client. --- source3/smbd/nttrans.c | 4 ++-- source3/smbd/reply.c | 4 ++-- source3/smbd/trans2.c | 52 +++++++++++++------------------------------------- 3 files changed, 17 insertions(+), 43 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1ee3edbdbe..0ad4df6e90 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -621,7 +621,7 @@ void reply_ntcreate_and_X(struct smb_request *req) p += 8; SIVAL(p,0,fattr); /* File Attributes. */ p += 4; - SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf)); + SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf)); p += 8; SOFF_T(p,0,file_len); p += 8; @@ -1086,7 +1086,7 @@ static void call_nt_transact_create(connection_struct *conn, p += 8; SIVAL(p,0,fattr); /* File Attributes. */ p += 4; - SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf)); + SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf)); p += 8; SOFF_T(p,0,file_len); p += 8; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 52dab0a013..25d50470ff 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1816,7 +1816,7 @@ void reply_open_and_X(struct smb_request *req) END_PROFILE(SMBopenX); return; } - sbuf.st_size = get_allocation_size(conn,fsp,&sbuf); + sbuf.st_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf); } fattr = dos_mode(conn,fsp->fsp_name,&sbuf); @@ -7281,7 +7281,7 @@ void reply_getattrE(struct smb_request *req) SIVAL(req->outbuf, smb_vwv6, 0); SIVAL(req->outbuf, smb_vwv8, 0); } else { - uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf); + uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf); SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size); SIVAL(req->outbuf, smb_vwv8, allocation_size); } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 1b161d5338..6c082a8273 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -29,7 +29,6 @@ extern enum protocol_types Protocol; -#define get_file_size(sbuf) ((sbuf).st_size) #define DIR_ENTRY_SAFETY_MARGIN 4096 static char *store_file_unix_basic(connection_struct *conn, @@ -59,31 +58,6 @@ uint64_t smb_roundup(connection_struct *conn, uint64_t val) return val; } -/******************************************************************** - Given a stat buffer return the allocated size on disk, taking into - account sparse files. -********************************************************************/ - -uint64_t get_allocation_size(connection_struct *conn, files_struct *fsp, const SMB_STRUCT_STAT *sbuf) -{ - uint64_t ret; - - if(S_ISDIR(sbuf->st_mode)) { - return 0; - } - -#if defined(HAVE_STAT_ST_BLOCKS) && defined(STAT_ST_BLOCKSIZE) - ret = (uint64_t)STAT_ST_BLOCKSIZE * (uint64_t)sbuf->st_blocks; -#else - ret = (uint64_t)get_file_size(*sbuf); -#endif - - if (fsp && fsp->initial_allocation_size) - ret = MAX(ret,fsp->initial_allocation_size); - - return smb_roundup(conn, ret); -} - /**************************************************************************** Utility functions for dealing with extended attributes. ****************************************************************************/ @@ -1034,7 +1008,7 @@ static void call_trans2open(connection_struct *conn, return; } - size = get_file_size(sbuf); + size = get_file_size_stat(&sbuf); fattr = dos_mode(conn,fsp->fsp_name,&sbuf); mtime = sbuf.st_mtime; inode = sbuf.st_ino; @@ -1424,9 +1398,9 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, } if (!(mode & aDIR)) { - file_size = get_file_size(sbuf); + file_size = get_file_size_stat(&sbuf); } - allocation_size = get_allocation_size(conn,NULL,&sbuf); + allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,NULL,&sbuf); mdate_ts = get_mtimespec(&sbuf); adate_ts = get_atimespec(&sbuf); @@ -3523,10 +3497,10 @@ static char *store_file_unix_basic(connection_struct *conn, DEBUG(10,("store_file_unix_basic: SMB_QUERY_FILE_UNIX_BASIC\n")); DEBUG(4,("store_file_unix_basic: st_mode=%o\n",(int)psbuf->st_mode)); - SOFF_T(pdata,0,get_file_size(*psbuf)); /* File size 64 Bit */ + SOFF_T(pdata,0,get_file_size_stat(psbuf)); /* File size 64 Bit */ pdata += 8; - SOFF_T(pdata,0,get_allocation_size(conn,fsp,psbuf)); /* Number of bytes used on disk - 64 Bit */ + SOFF_T(pdata,0,SMB_VFS_GET_ALLOC_SIZE(conn,fsp,psbuf)); /* Number of bytes used on disk - 64 Bit */ pdata += 8; put_long_date_timespec(pdata,get_ctimespec(psbuf)); /* Change Time 64 Bit */ @@ -4094,7 +4068,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn, fullpathname = fname; if (!(mode & aDIR)) - file_size = get_file_size(sbuf); + file_size = get_file_size_stat(&sbuf); /* Pull out any data sent here before we realloc. */ switch (info_level) { @@ -4180,7 +4154,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd mtime_ts = get_mtimespec(&sbuf); atime_ts = get_atimespec(&sbuf); - allocation_size = get_allocation_size(conn,fsp,&sbuf); + allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf); if (!fsp) { /* Do we have this path open ? */ @@ -4188,7 +4162,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd fileid = vfs_file_id_from_sbuf(conn, &sbuf); fsp1 = file_find_di_first(fileid); if (fsp1 && fsp1->initial_allocation_size) { - allocation_size = get_allocation_size(conn, fsp1, &sbuf); + allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn, fsp1, &sbuf); } } @@ -5044,7 +5018,7 @@ static NTSTATUS smb_set_file_size(connection_struct *conn, DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size)); - if (size == get_file_size(*psbuf)) { + if (size == get_file_size_stat(psbuf)) { return NT_STATUS_OK; } @@ -5832,7 +5806,7 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn, if (fsp && fsp->fh->fd != -1) { /* Open file handle. */ /* Only change if needed. */ - if (allocation_size != get_file_size(*psbuf)) { + if (allocation_size != get_file_size_stat(psbuf)) { if (vfs_allocate_file_space(fsp, allocation_size) == -1) { return map_nt_error_from_unix(errno); } @@ -5874,7 +5848,7 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn, } /* Only change if needed. */ - if (allocation_size != get_file_size(*psbuf)) { + if (allocation_size != get_file_size_stat(psbuf)) { if (vfs_allocate_file_space(new_fsp, allocation_size) == -1) { status = map_nt_error_from_unix(errno); close_file(req, new_fsp, NORMAL_CLOSE); @@ -6101,7 +6075,7 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", /* Ensure we don't try and change anything else. */ raw_unixmode = SMB_MODE_NO_CHANGE; - size = get_file_size(*psbuf); + size = get_file_size_stat(psbuf); ft.atime = get_atimespec(psbuf); ft.mtime = get_mtimespec(psbuf); /* @@ -6117,7 +6091,7 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", * */ if (!size) { - size = get_file_size(*psbuf); + size = get_file_size_stat(psbuf); } #endif -- cgit From 864852a4ae1b0c0d1cf1afdcd042c9113f51acd6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 29 Jan 2009 15:58:50 -0800 Subject: Upgrade POSIX inheritance storage to a new format (version 2). Stores the Windows ACL type and flags if "map acl inherit" is set. Jeremy. --- source3/smbd/posix_acls.c | 560 +++++++++++++++++++++++++++++----------------- 1 file changed, 360 insertions(+), 200 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 72f5c94bc5..7ea6e39fcb 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. SMB NT Security Descriptor / Unix permission conversion. - Copyright (C) Jeremy Allison 1994-2000. + Copyright (C) Jeremy Allison 1994-2009. Copyright (C) Andreas Gruenbacher 2002. This program is free software; you can redistribute it and/or modify @@ -47,30 +47,65 @@ typedef struct canon_ace { enum ace_owner owner_type; enum ace_attribute attr; posix_id unix_ug; - bool inherited; + uint8_t ace_flags; /* From windows ACE entry. */ } canon_ace; #define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR) /* * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance) - * attribute on disk. + * attribute on disk - version 1. + * All values are little endian. * - * | 1 | 1 | 2 | 2 | .... + * | 1 | 1 | 2 | 2 | .... * +------+------+-------------+---------------------+-------------+--------------------+ * | vers | flag | num_entries | num_default_entries | ..entries.. | default_entries... | * +------+------+-------------+---------------------+-------------+--------------------+ + * + * Entry format is : + * + * | 1 | 4 | + * +------+-------------------+ + * | value| uid/gid or world | + * | type | value | + * +------+-------------------+ + * + * Version 2 format. Stores extra Windows metadata about an ACL. + * + * | 1 | 2 | 2 | 2 | .... + * +------+----------+-------------+---------------------+-------------+--------------------+ + * | vers | ace | num_entries | num_default_entries | ..entries.. | default_entries... | + * | 2 | type | | | | | + * +------+----------+-------------+---------------------+-------------+--------------------+ + * + * Entry format is : + * + * | 1 | 1 | 4 | + * +------+------+-------------------+ + * | ace | value| uid/gid or world | + * | flag | type | value | + * +------+-------------------+------+ + * */ -#define PAI_VERSION_OFFSET 0 -#define PAI_FLAG_OFFSET 1 -#define PAI_NUM_ENTRIES_OFFSET 2 -#define PAI_NUM_DEFAULT_ENTRIES_OFFSET 4 -#define PAI_ENTRIES_BASE 6 +#define PAI_VERSION_OFFSET 0 + +#define PAI_V1_FLAG_OFFSET 1 +#define PAI_V1_NUM_ENTRIES_OFFSET 2 +#define PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET 4 +#define PAI_V1_ENTRIES_BASE 6 +#define PAI_V1_ACL_FLAG_PROTECTED 0x1 +#define PAI_V1_ENTRY_LENGTH 5 + +#define PAI_V1_VERSION 1 -#define PAI_VERSION 1 -#define PAI_ACL_FLAG_PROTECTED 0x1 -#define PAI_ENTRY_LENGTH 5 +#define PAI_V2_TYPE_OFFSET 1 +#define PAI_V2_NUM_ENTRIES_OFFSET 3 +#define PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET 5 +#define PAI_V2_ENTRIES_BASE 7 +#define PAI_V2_ENTRY_LENGTH 6 + +#define PAI_V2_VERSION 2 /* * In memory format of user.SAMBA_PAI attribute. @@ -78,12 +113,13 @@ typedef struct canon_ace { struct pai_entry { struct pai_entry *next, *prev; + uint8_t ace_flags; enum ace_owner owner_type; posix_id unix_ug; }; struct pai_val { - bool pai_protected; + uint16_t sd_type; unsigned int num_entries; struct pai_entry *entry_list; unsigned int num_def_entries; @@ -94,19 +130,19 @@ struct pai_val { Return a uint32 of the pai_entry principal. ************************************************************************/ -static uint32 get_pai_entry_val(struct pai_entry *paie) +static uint32_t get_pai_entry_val(struct pai_entry *paie) { switch (paie->owner_type) { case UID_ACE: DEBUG(10,("get_pai_entry_val: uid = %u\n", (unsigned int)paie->unix_ug.uid )); - return (uint32)paie->unix_ug.uid; + return (uint32_t)paie->unix_ug.uid; case GID_ACE: DEBUG(10,("get_pai_entry_val: gid = %u\n", (unsigned int)paie->unix_ug.gid )); - return (uint32)paie->unix_ug.gid; + return (uint32_t)paie->unix_ug.gid; case WORLD_ACE: default: DEBUG(10,("get_pai_entry_val: world ace\n")); - return (uint32)-1; + return (uint32_t)-1; } } @@ -114,41 +150,30 @@ static uint32 get_pai_entry_val(struct pai_entry *paie) Return a uint32 of the entry principal. ************************************************************************/ -static uint32 get_entry_val(canon_ace *ace_entry) +static uint32_t get_entry_val(canon_ace *ace_entry) { switch (ace_entry->owner_type) { case UID_ACE: DEBUG(10,("get_entry_val: uid = %u\n", (unsigned int)ace_entry->unix_ug.uid )); - return (uint32)ace_entry->unix_ug.uid; + return (uint32_t)ace_entry->unix_ug.uid; case GID_ACE: DEBUG(10,("get_entry_val: gid = %u\n", (unsigned int)ace_entry->unix_ug.gid )); - return (uint32)ace_entry->unix_ug.gid; + return (uint32_t)ace_entry->unix_ug.gid; case WORLD_ACE: default: DEBUG(10,("get_entry_val: world ace\n")); - return (uint32)-1; + return (uint32_t)-1; } } /************************************************************************ - Count the inherited entries. -************************************************************************/ - -static unsigned int num_inherited_entries(canon_ace *ace_list) -{ - unsigned int num_entries = 0; - - for (; ace_list; ace_list = ace_list->next) - if (ace_list->inherited) - num_entries++; - return num_entries; -} - -/************************************************************************ - Create the on-disk format. Caller must free. + Create the on-disk format (always v2 now). Caller must free. ************************************************************************/ -static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, bool pai_protected, size_t *store_size) +static char *create_pai_buf_v2(canon_ace *file_ace_list, + canon_ace *dir_ace_list, + uint16_t sd_type, + size_t *store_size) { char *pai_buf = NULL; canon_ace *ace_list = NULL; @@ -156,17 +181,18 @@ static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, b unsigned int num_entries = 0; unsigned int num_def_entries = 0; - for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) - if (ace_list->inherited) - num_entries++; + for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) { + num_entries++; + } - for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) - if (ace_list->inherited) - num_def_entries++; + for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) { + num_def_entries++; + } - DEBUG(10,("create_pai_buf: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries )); + DEBUG(10,("create_pai_buf_v2: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries )); - *store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH); + *store_size = PAI_V2_ENTRIES_BASE + + ((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH); pai_buf = (char *)SMB_MALLOC(*store_size); if (!pai_buf) { @@ -174,34 +200,32 @@ static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, b } /* Set up the header. */ - memset(pai_buf, '\0', PAI_ENTRIES_BASE); - SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_VERSION); - SCVAL(pai_buf,PAI_FLAG_OFFSET,(pai_protected ? PAI_ACL_FLAG_PROTECTED : 0)); - SSVAL(pai_buf,PAI_NUM_ENTRIES_OFFSET,num_entries); - SSVAL(pai_buf,PAI_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries); + memset(pai_buf, '\0', PAI_V2_ENTRIES_BASE); + SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_V2_VERSION); + SSVAL(pai_buf,PAI_V2_TYPE_OFFSET, sd_type); + SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries); + SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries); - entry_offset = pai_buf + PAI_ENTRIES_BASE; + entry_offset = pai_buf + PAI_V2_ENTRIES_BASE; for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) { - if (ace_list->inherited) { - uint8 type_val = (unsigned char)ace_list->owner_type; - uint32 entry_val = get_entry_val(ace_list); + uint8_t type_val = (uint8_t)ace_list->owner_type; + uint32_t entry_val = get_entry_val(ace_list); - SCVAL(entry_offset,0,type_val); - SIVAL(entry_offset,1,entry_val); - entry_offset += PAI_ENTRY_LENGTH; - } + SCVAL(entry_offset,0,ace_list->ace_flags); + SCVAL(entry_offset,1,type_val); + SIVAL(entry_offset,2,entry_val); + entry_offset += PAI_V2_ENTRY_LENGTH; } for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) { - if (ace_list->inherited) { - uint8 type_val = (unsigned char)ace_list->owner_type; - uint32 entry_val = get_entry_val(ace_list); + uint8_t type_val = (uint8_t)ace_list->owner_type; + uint32_t entry_val = get_entry_val(ace_list); - SCVAL(entry_offset,0,type_val); - SIVAL(entry_offset,1,entry_val); - entry_offset += PAI_ENTRY_LENGTH; - } + SCVAL(entry_offset,0,ace_list->ace_flags); + SCVAL(entry_offset,1,type_val); + SIVAL(entry_offset,2,entry_val); + entry_offset += PAI_V2_ENTRY_LENGTH; } return pai_buf; @@ -211,44 +235,39 @@ static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, b Store the user.SAMBA_PAI attribute on disk. ************************************************************************/ -static void store_inheritance_attributes(files_struct *fsp, canon_ace *file_ace_list, - canon_ace *dir_ace_list, bool pai_protected) +static void store_inheritance_attributes(files_struct *fsp, + canon_ace *file_ace_list, + canon_ace *dir_ace_list, + uint16_t sd_type) { int ret; size_t store_size; char *pai_buf; - if (!lp_map_acl_inherit(SNUM(fsp->conn))) - return; - - /* - * Don't store if this ACL isn't protected and - * none of the entries in it are marked as inherited. - */ - - if (!pai_protected && num_inherited_entries(file_ace_list) == 0 && num_inherited_entries(dir_ace_list) == 0) { - /* Instead just remove the attribute if it exists. */ - if (fsp->fh->fd != -1) - SMB_VFS_FREMOVEXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME); - else - SMB_VFS_REMOVEXATTR(fsp->conn, fsp->fsp_name, SAMBA_POSIX_INHERITANCE_EA_NAME); + if (!lp_map_acl_inherit(SNUM(fsp->conn))) { return; } - pai_buf = create_pai_buf(file_ace_list, dir_ace_list, pai_protected, &store_size); + pai_buf = create_pai_buf_v2(file_ace_list, dir_ace_list, + sd_type, &store_size); - if (fsp->fh->fd != -1) + if (fsp->fh->fd != -1) { ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, store_size, 0); - else + } else { ret = SMB_VFS_SETXATTR(fsp->conn,fsp->fsp_name, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, store_size, 0); + } SAFE_FREE(pai_buf); - DEBUG(10,("store_inheritance_attribute:%s for file %s\n", pai_protected ? " (protected)" : "", fsp->fsp_name)); - if (ret == -1 && !no_acl_syscall_error(errno)) + DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n", + (unsigned int)sd_type, + fsp->fsp_name)); + + if (ret == -1 && !no_acl_syscall_error(errno)) { DEBUG(1,("store_inheritance_attribute: Error %s\n", strerror(errno) )); + } } /************************************************************************ @@ -272,160 +291,289 @@ static void free_inherited_info(struct pai_val *pal) } /************************************************************************ - Was this ACL protected ? -************************************************************************/ - -static bool get_protected_flag(struct pai_val *pal) -{ - if (!pal) - return False; - return pal->pai_protected; -} - -/************************************************************************ - Was this ACE inherited ? + Get any stored ACE flags. ************************************************************************/ -static bool get_inherited_flag(struct pai_val *pal, canon_ace *ace_entry, bool default_ace) +static uint16_t get_pai_flags(struct pai_val *pal, canon_ace *ace_entry, bool default_ace) { struct pai_entry *paie; - if (!pal) - return False; + if (!pal) { + return 0; + } /* If the entry exists it is inherited. */ for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) { if (ace_entry->owner_type == paie->owner_type && get_entry_val(ace_entry) == get_pai_entry_val(paie)) - return True; + return paie->ace_flags; } - return False; + return 0; } /************************************************************************ - Ensure an attribute just read is valid. + Ensure an attribute just read is valid - v1. ************************************************************************/ -static bool check_pai_ok(char *pai_buf, size_t pai_buf_data_size) +static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size) { uint16 num_entries; uint16 num_def_entries; - if (pai_buf_data_size < PAI_ENTRIES_BASE) { + if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) { /* Corrupted - too small. */ - return False; + return false; } - if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_VERSION) - return False; + if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V1_VERSION) { + return false; + } - num_entries = SVAL(pai_buf,PAI_NUM_ENTRIES_OFFSET); - num_def_entries = SVAL(pai_buf,PAI_NUM_DEFAULT_ENTRIES_OFFSET); + num_entries = SVAL(pai_buf,PAI_V1_NUM_ENTRIES_OFFSET); + num_def_entries = SVAL(pai_buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET); /* Check the entry lists match. */ /* Each entry is 5 bytes (type plus 4 bytes of uid or gid). */ - if (((num_entries + num_def_entries)*PAI_ENTRY_LENGTH) + PAI_ENTRIES_BASE != pai_buf_data_size) - return False; + if (((num_entries + num_def_entries)*PAI_V1_ENTRY_LENGTH) + + PAI_V1_ENTRIES_BASE != pai_buf_data_size) { + return false; + } - return True; + return true; +} + +/************************************************************************ + Ensure an attribute just read is valid - v2. +************************************************************************/ + +static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size) +{ + uint16 num_entries; + uint16 num_def_entries; + + if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) { + /* Corrupted - too small. */ + return false; + } + + if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V2_VERSION) { + return false; + } + + num_entries = SVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET); + num_def_entries = SVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET); + + /* Check the entry lists match. */ + /* Each entry is 6 bytes (flags + type + 4 bytes of uid or gid). */ + + if (((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH) + + PAI_V2_ENTRIES_BASE != pai_buf_data_size) { + return false; + } + + return true; } +/************************************************************************ + Decode the owner. +************************************************************************/ + +static bool get_pai_owner_type(struct pai_entry *paie, const char *entry_offset) +{ + paie->owner_type = (enum ace_owner)CVAL(entry_offset,0); + switch( paie->owner_type) { + case UID_ACE: + paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1); + DEBUG(10,("get_pai_owner_type: uid = %u\n", + (unsigned int)paie->unix_ug.uid )); + break; + case GID_ACE: + paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1); + DEBUG(10,("get_pai_owner_type: gid = %u\n", + (unsigned int)paie->unix_ug.gid )); + break; + case WORLD_ACE: + paie->unix_ug.world = -1; + DEBUG(10,("get_pai_owner_type: world ace\n")); + break; + default: + return false; + } + return true; +} /************************************************************************ - Convert to in-memory format. + Process v2 entries. ************************************************************************/ -static struct pai_val *create_pai_val(char *buf, size_t size) +static const char *create_pai_v1_entries(struct pai_val *paiv, + const char *entry_offset, + bool def_entry) { - char *entry_offset; - struct pai_val *paiv = NULL; int i; - if (!check_pai_ok(buf, size)) + for (i = 0; i < paiv->num_entries; i++) { + struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry); + if (!paie) { + return NULL; + } + + paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE; + if (!get_pai_owner_type(paie, entry_offset)) { + return NULL; + } + + if (!def_entry) { + DLIST_ADD(paiv->entry_list, paie); + } else { + DLIST_ADD(paiv->def_entry_list, paie); + } + entry_offset += PAI_V1_ENTRY_LENGTH; + } + return entry_offset; +} + +/************************************************************************ + Convert to in-memory format from version 1. +************************************************************************/ + +static struct pai_val *create_pai_val_v1(const char *buf, size_t size) +{ + const char *entry_offset; + struct pai_val *paiv = NULL; + + if (!check_pai_ok_v1(buf, size)) { return NULL; + } paiv = SMB_MALLOC_P(struct pai_val); - if (!paiv) + if (!paiv) { return NULL; + } memset(paiv, '\0', sizeof(struct pai_val)); - paiv->pai_protected = (CVAL(buf,PAI_FLAG_OFFSET) == PAI_ACL_FLAG_PROTECTED); + paiv->sd_type = (CVAL(buf,PAI_V1_FLAG_OFFSET) == PAI_V1_ACL_FLAG_PROTECTED) ? + SE_DESC_DACL_PROTECTED : 0; - paiv->num_entries = SVAL(buf,PAI_NUM_ENTRIES_OFFSET); - paiv->num_def_entries = SVAL(buf,PAI_NUM_DEFAULT_ENTRIES_OFFSET); + paiv->num_entries = SVAL(buf,PAI_V1_NUM_ENTRIES_OFFSET); + paiv->num_def_entries = SVAL(buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET); - entry_offset = buf + PAI_ENTRIES_BASE; + entry_offset = buf + PAI_V1_ENTRIES_BASE; - DEBUG(10,("create_pai_val:%s num_entries = %u, num_def_entries = %u\n", - paiv->pai_protected ? " (pai_protected)" : "", paiv->num_entries, paiv->num_def_entries )); + DEBUG(10,("create_pai_val: num_entries = %u, num_def_entries = %u\n", + paiv->num_entries, paiv->num_def_entries )); - for (i = 0; i < paiv->num_entries; i++) { - struct pai_entry *paie; + entry_offset = create_pai_v1_entries(paiv, entry_offset, false); + if (entry_offset == NULL) { + free_inherited_info(paiv); + return NULL; + } + entry_offset = create_pai_v1_entries(paiv, entry_offset, true); + if (entry_offset == NULL) { + free_inherited_info(paiv); + return NULL; + } + + return paiv; +} + +/************************************************************************ + Process v2 entries. +************************************************************************/ + +static const char *create_pai_v2_entries(struct pai_val *paiv, + const char *entry_offset, + bool def_entry) +{ + int i; - paie = SMB_MALLOC_P(struct pai_entry); + for (i = 0; i < paiv->num_entries; i++) { + struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { - free_inherited_info(paiv); return NULL; } - paie->owner_type = (enum ace_owner)CVAL(entry_offset,0); - switch( paie->owner_type) { - case UID_ACE: - paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1); - DEBUG(10,("create_pai_val: uid = %u\n", (unsigned int)paie->unix_ug.uid )); - break; - case GID_ACE: - paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1); - DEBUG(10,("create_pai_val: gid = %u\n", (unsigned int)paie->unix_ug.gid )); - break; - case WORLD_ACE: - paie->unix_ug.world = -1; - DEBUG(10,("create_pai_val: world ace\n")); - break; - default: - free_inherited_info(paiv); - return NULL; - } - entry_offset += PAI_ENTRY_LENGTH; - DLIST_ADD(paiv->entry_list, paie); - } + paie->ace_flags = CVAL(entry_offset,0); - for (i = 0; i < paiv->num_def_entries; i++) { - struct pai_entry *paie; + entry_offset++; - paie = SMB_MALLOC_P(struct pai_entry); - if (!paie) { - free_inherited_info(paiv); + if (!get_pai_owner_type(paie, entry_offset)) { return NULL; } - - paie->owner_type = (enum ace_owner)CVAL(entry_offset,0); - switch( paie->owner_type) { - case UID_ACE: - paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1); - DEBUG(10,("create_pai_val: (def) uid = %u\n", (unsigned int)paie->unix_ug.uid )); - break; - case GID_ACE: - paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1); - DEBUG(10,("create_pai_val: (def) gid = %u\n", (unsigned int)paie->unix_ug.gid )); - break; - case WORLD_ACE: - paie->unix_ug.world = -1; - DEBUG(10,("create_pai_val: (def) world ace\n")); - break; - default: - free_inherited_info(paiv); - return NULL; + if (!def_entry) { + DLIST_ADD(paiv->entry_list, paie); + } else { + DLIST_ADD(paiv->def_entry_list, paie); } - entry_offset += PAI_ENTRY_LENGTH; - DLIST_ADD(paiv->def_entry_list, paie); + entry_offset += PAI_V2_ENTRY_LENGTH; + } + return entry_offset; +} + +/************************************************************************ + Convert to in-memory format from version 2. +************************************************************************/ + +static struct pai_val *create_pai_val_v2(const char *buf, size_t size) +{ + const char *entry_offset; + struct pai_val *paiv = NULL; + + if (!check_pai_ok_v2(buf, size)) { + return NULL; + } + + paiv = SMB_MALLOC_P(struct pai_val); + if (!paiv) { + return NULL; + } + + memset(paiv, '\0', sizeof(struct pai_val)); + + paiv->sd_type = SVAL(buf,PAI_V2_TYPE_OFFSET); + + paiv->num_entries = SVAL(buf,PAI_V2_NUM_ENTRIES_OFFSET); + paiv->num_def_entries = SVAL(buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET); + + entry_offset = buf + PAI_V2_ENTRIES_BASE; + + DEBUG(10,("create_pai_val_v2: num_entries = %u, num_def_entries = %u\n", + paiv->num_entries, paiv->num_def_entries )); + + entry_offset = create_pai_v2_entries(paiv, entry_offset, false); + if (entry_offset == NULL) { + free_inherited_info(paiv); + return NULL; + } + entry_offset = create_pai_v2_entries(paiv, entry_offset, true); + if (entry_offset == NULL) { + free_inherited_info(paiv); + return NULL; } return paiv; } +/************************************************************************ + Convert to in-memory format - from either version 1 or 2. +************************************************************************/ + +static struct pai_val *create_pai_val(const char *buf, size_t size) +{ + if (size < 1) { + return NULL; + } + if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V1_VERSION) { + return create_pai_val_v1(buf, size); + } else if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V2_VERSION) { + return create_pai_val_v2(buf, size); + } else { + return NULL; + } +} + /************************************************************************ Load the user.SAMBA_PAI attribute. ************************************************************************/ @@ -437,19 +585,22 @@ static struct pai_val *fload_inherited_info(files_struct *fsp) struct pai_val *paiv = NULL; ssize_t ret; - if (!lp_map_acl_inherit(SNUM(fsp->conn))) + if (!lp_map_acl_inherit(SNUM(fsp->conn))) { return NULL; + } - if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) + if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) { return NULL; + } do { - if (fsp->fh->fd != -1) + if (fsp->fh->fd != -1) { ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, pai_buf_size); - else + } else { ret = SMB_VFS_GETXATTR(fsp->conn,fsp->fsp_name,SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, pai_buf_size); + } if (ret == -1) { if (errno != ERANGE) { @@ -483,8 +634,11 @@ static struct pai_val *fload_inherited_info(files_struct *fsp) paiv = create_pai_val(pai_buf, ret); - if (paiv && paiv->pai_protected) - DEBUG(10,("load_inherited_info: ACL is protected for file %s\n", fsp->fsp_name)); + if (paiv) { + DEBUG(10,("load_inherited_info: ACL type is 0x%x for file %s\n", + (unsigned int)paiv->sd_type, + fsp->fsp_name)); + } SAFE_FREE(pai_buf); return paiv; @@ -547,8 +701,10 @@ static struct pai_val *load_inherited_info(const struct connection_struct *conn, paiv = create_pai_val(pai_buf, ret); - if (paiv && paiv->pai_protected) { - DEBUG(10,("load_inherited_info: ACL is protected for file %s\n", fname)); + if (paiv) { + DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n", + (unsigned int)paiv->sd_type, + fname)); } SAFE_FREE(pai_buf); @@ -641,8 +797,8 @@ static void print_canon_ace(canon_ace *pace, int num) dbgtext( "MASK " ); break; } - if (pace->inherited) - dbgtext( "(inherited) "); + + dbgtext( "ace_flags = 0x%x ", (unsigned int)pace->ace_flags); dbgtext( "perms "); dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-'); dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-'); @@ -1519,7 +1675,9 @@ static bool create_canon_ace_lists(files_struct *fsp, current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR); current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE; - current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False); + + /* Store the ace_flag. */ + current_ace->ace_flags = psa->flags; /* * Now add the created ace to either the file list, the directory @@ -2160,7 +2318,7 @@ static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head) other_ace = ace; } } - + if (!owner_ace || !other_ace) { DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n", filename )); @@ -2184,7 +2342,7 @@ static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head) *pp_list_head = list_head; } - + /**************************************************************************** Create a linked list of canonical ACE entries. ****************************************************************************/ @@ -2297,7 +2455,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn, ace->trustee = sid; ace->unix_ug = unix_ug; ace->owner_type = owner_type; - ace->inherited = get_inherited_flag(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT)); + ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT)); DLIST_ADD(list_head, ace); } @@ -2968,8 +3126,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, &ace->trustee, nt_acl_type, acc, - ace->inherited ? - SEC_ACE_FLAG_INHERITED_ACE : 0); + ace->ace_flags); } /* The User must have access to a profile share - even @@ -2990,11 +3147,10 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, &ace->trustee, nt_acl_type, acc, + ace->ace_flags | SEC_ACE_FLAG_OBJECT_INHERIT| SEC_ACE_FLAG_CONTAINER_INHERIT| - SEC_ACE_FLAG_INHERIT_ONLY| - (ace->inherited ? - SEC_ACE_FLAG_INHERITED_ACE : 0)); + SEC_ACE_FLAG_INHERIT_ONLY); } /* The User must have access to a profile share - even @@ -3045,8 +3201,10 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, * flag doesn't seem to bother Windows NT. * Always set this if map acl inherit is turned off. */ - if (get_protected_flag(pal) || !lp_map_acl_inherit(SNUM(conn))) { - psd->type |= SE_DESC_DACL_PROTECTED; + if (pal == NULL || !lp_map_acl_inherit(SNUM(conn))) { + psd->type |= SEC_DESC_DACL_PROTECTED; + } else { + psd->type |= pal->sd_type; } if (psd->dacl) { @@ -3236,7 +3394,7 @@ NTSTATUS append_parent_acl(files_struct *fsp, int info; unsigned int i, j; SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd); - bool is_dacl_protected = (pcsd->type & SE_DESC_DACL_PROTECTED); + bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED); ZERO_STRUCT(sbuf); @@ -3617,8 +3775,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC if (set_acl_as_root) { become_root(); } - store_inheritance_attributes(fsp, file_ace_list, dir_ace_list, - (psd->type & SE_DESC_DACL_PROTECTED) ? True : False); + store_inheritance_attributes(fsp, + file_ace_list, + dir_ace_list, + psd->type); if (set_acl_as_root) { unbecome_root(); } -- cgit From d94e9c802ceddeff93168337b6fc5533db7f2d33 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 30 Jan 2009 23:44:21 +0100 Subject: Remove the global variable "chain_size" --- source3/smbd/aio.c | 6 ++---- source3/smbd/blocking.c | 7 +------ source3/smbd/process.c | 26 ++++++++++++++++++++++++-- source3/smbd/reply.c | 7 ++++--- 4 files changed, 31 insertions(+), 15 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 4ce43c95e8..64d512d675 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -141,8 +141,7 @@ bool schedule_aio_read_and_X(connection_struct *conn, /* Only do this on non-chained and non-chaining reads not using the * write cache. */ - if (chain_size !=0 || (CVAL(req->vwv+0, 0) != 0xFF) - || (lp_write_cache_size(SNUM(conn)) != 0) ) { + if (req_is_in_chain(req) || (lp_write_cache_size(SNUM(conn)) != 0)) { return False; } @@ -238,8 +237,7 @@ bool schedule_aio_write_and_X(connection_struct *conn, /* Only do this on non-chained and non-chaining reads not using the * write cache. */ - if (chain_size !=0 || (CVAL(req->vwv+0, 0) != 0xFF) - || (lp_write_cache_size(SNUM(conn)) != 0) ) { + if (req_is_in_chain(req) || (lp_write_cache_size(SNUM(conn)) != 0)) { return False; } diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 9936fb219f..ac1ff00858 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -47,11 +47,6 @@ typedef struct blocking_lock_record { Determine if this is a secondary element of a chained SMB. **************************************************************************/ -static bool in_chained_smb(void) -{ - return (chain_size != 0); -} - static void received_unlock_msg(struct messaging_context *msg, void *private_data, uint32_t msg_type, @@ -144,7 +139,7 @@ bool push_blocking_lock_request( struct byte_range_lock *br_lck, blocking_lock_record *blr; NTSTATUS status; - if(in_chained_smb() ) { + if(req_is_in_chain(req)) { DEBUG(0,("push_blocking_lock_request: cannot queue a chained request (currently).\n")); return False; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index d617ef1915..c9fc1fbb6a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1359,8 +1359,6 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool enc connection_struct *conn; struct smb_request *req; - chain_size = 0; - if (!(req = talloc(talloc_tos(), struct smb_request))) { smb_panic("could not allocate smb_request"); } @@ -2114,3 +2112,27 @@ void smbd_process(void) exit_server_cleanly(NULL); } + +bool req_is_in_chain(struct smb_request *req) +{ + if (req->vwv != (uint16_t *)(req->inbuf+smb_vwv)) { + /* + * We're right now handling a subsequent request, so we must + * be in a chain + */ + return true; + } + + if (!is_andx_req(req->cmd)) { + return false; + } + + if (req->wct < 2) { + /* + * Okay, an illegal request, but definitely not chained :-) + */ + return false; + } + + return (CVAL(req->vwv+0, 0) != 0xFF); +} diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 25d50470ff..eeb6692eb5 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2729,6 +2729,7 @@ static void reply_readbraw_error(void) ****************************************************************************/ void send_file_readbraw(connection_struct *conn, + struct smb_request *req, files_struct *fsp, SMB_OFF_T startpos, size_t nread, @@ -2745,7 +2746,7 @@ void send_file_readbraw(connection_struct *conn, * reply_readbraw has already checked the length. */ - if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) && + if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) && (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) { ssize_t sendfile_read = -1; char header[4]; @@ -2963,7 +2964,7 @@ void reply_readbraw(struct smb_request *req) (unsigned long)mincount, (unsigned long)nread ) ); - send_file_readbraw(conn, fsp, startpos, nread, mincount); + send_file_readbraw(conn, req, fsp, startpos, nread, mincount); DEBUG(5,("reply_readbraw finished\n")); END_PROFILE(SMBreadbraw); @@ -3229,7 +3230,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req, * on a train in Germany :-). JRA. */ - if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) && + if (!req_is_in_chain(req) && !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) && lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) { uint8 headerbuf[smb_size + 12 * 2]; -- cgit From cee0d85e0b2be27d9314206f3fe832fc0c75b0f3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 30 Jan 2009 23:45:35 +0100 Subject: make send_file_readbraw static --- source3/smbd/reply.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index eeb6692eb5..f2d4ff78a7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2728,12 +2728,12 @@ static void reply_readbraw_error(void) Use sendfile in readbraw. ****************************************************************************/ -void send_file_readbraw(connection_struct *conn, - struct smb_request *req, - files_struct *fsp, - SMB_OFF_T startpos, - size_t nread, - ssize_t mincount) +static void send_file_readbraw(connection_struct *conn, + struct smb_request *req, + files_struct *fsp, + SMB_OFF_T startpos, + size_t nread, + ssize_t mincount) { char *outbuf = NULL; ssize_t ret=0; -- cgit From c2fe28ba598e7db2915b3bb5e7b8d281361a4c95 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 14 Oct 2008 15:53:35 +0200 Subject: Convert api_rpc_trans_reply to async np_* --- source3/smbd/ipc.c | 148 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 119 insertions(+), 29 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7c150561b1..9c7528dfa7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -204,40 +204,137 @@ void send_trans_reply(connection_struct *conn, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static void api_rpc_trans_reply(connection_struct *conn, - struct smb_request *req, - files_struct *fsp, - int max_trans_reply) +struct dcerpc_cmd_state { + struct fake_file_handle *handle; + uint8_t *data; + size_t num_data; + size_t max_read; +}; + +static void api_dcerpc_cmd_write_done(struct async_req *subreq); +static void api_dcerpc_cmd_read_done(struct async_req *subreq); + +static void api_dcerpc_cmd(connection_struct *conn, struct smb_request *req, + files_struct *fsp, uint8_t *data, size_t length, + size_t max_read) { - bool is_data_outstanding; - uint8_t *rdata = SMB_MALLOC_ARRAY(uint8_t, max_trans_reply); - ssize_t data_len; - NTSTATUS status; + struct async_req *subreq; + struct dcerpc_cmd_state *state; + + if (!fsp_is_np(fsp)) { + api_no_reply(conn, req); + return; + } - if(rdata == NULL) { - DEBUG(0,("api_rpc_trans_reply: malloc fail.\n")); + state = talloc(req, struct dcerpc_cmd_state); + if (state == NULL) { reply_nterror(req, NT_STATUS_NO_MEMORY); return; } + req->async_priv = state; - if (!fsp_is_np(fsp)) { - SAFE_FREE(rdata); - api_no_reply(conn,req); + state->handle = fsp->fake_file_handle; + + /* + * This memdup severely sucks. But doing it properly essentially means + * to rewrite lanman.c, something which I don't really want to do now. + */ + state->data = (uint8_t *)talloc_memdup(state, data, length); + if (state->data == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); return; } + state->num_data = length; + state->max_read = max_read; + + subreq = np_write_send(state, smbd_event_context(), state->handle, + state->data, length); + if (subreq == NULL) { + TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + subreq->async.fn = api_dcerpc_cmd_write_done; + subreq->async.priv = talloc_move(conn, &req); +} + +static void api_dcerpc_cmd_write_done(struct async_req *subreq) +{ + struct smb_request *req = talloc_get_type_abort( + subreq->async.priv, struct smb_request); + struct dcerpc_cmd_state *state = talloc_get_type_abort( + req->async_priv, struct dcerpc_cmd_state); + NTSTATUS status; + ssize_t nwritten = -1; + + status = np_write_recv(subreq, &nwritten); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status) || (nwritten != state->num_data)) { + DEBUG(10, ("Could not write to pipe: %s (%d/%d)\n", + nt_errstr(status), (int)state->num_data, + (int)nwritten)); + reply_nterror(req, NT_STATUS_PIPE_NOT_AVAILABLE); + goto send; + } + + state->data = TALLOC_REALLOC_ARRAY(state, state->data, uint8_t, + state->max_read); + if (state->data == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + goto send; + } + + subreq = np_read_send(req->conn, smbd_event_context(), + state->handle, state->data, state->max_read); + if (subreq == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + goto send; + } + + subreq->async.fn = api_dcerpc_cmd_read_done; + subreq->async.priv = req; + return; + + send: + if (!srv_send_smb( + smbd_server_fd(), (char *)req->outbuf, + IS_CONN_ENCRYPTED(req->conn) || req->encrypted)) { + exit_server_cleanly("construct_reply: srv_send_smb failed."); + } + TALLOC_FREE(req); +} + +static void api_dcerpc_cmd_read_done(struct async_req *subreq) +{ + struct smb_request *req = talloc_get_type_abort( + subreq->async.priv, struct smb_request); + struct dcerpc_cmd_state *state = talloc_get_type_abort( + req->async_priv, struct dcerpc_cmd_state); + NTSTATUS status; + ssize_t nread; + bool is_data_outstanding; + + status = np_read_recv(subreq, &nread, &is_data_outstanding); + TALLOC_FREE(subreq); - status = np_read(fsp->fake_file_handle, rdata, max_trans_reply, - &data_len, &is_data_outstanding); if (!NT_STATUS_IS_OK(status)) { - SAFE_FREE(rdata); - api_no_reply(conn,req); + DEBUG(10, ("Could not read from to pipe: %s\n", + nt_errstr(status))); + reply_nterror(req, status); + + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, + IS_CONN_ENCRYPTED(req->conn) + ||req->encrypted)) { + exit_server_cleanly("construct_reply: srv_send_smb " + "failed."); + } + TALLOC_FREE(req); return; } - send_trans_reply(conn, req, NULL, 0, (char *)rdata, data_len, + send_trans_reply(req->conn, req, NULL, 0, (char *)state->data, nread, is_data_outstanding); - SAFE_FREE(rdata); - return; + TALLOC_FREE(req); } /**************************************************************************** @@ -310,7 +407,6 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, struct files_struct *fsp; int pnum; int subcommand; - NTSTATUS status; DEBUG(5,("api_fd_reply\n")); @@ -360,14 +456,8 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, switch (subcommand) { case TRANSACT_DCERPCCMD: { /* dce/rpc command */ - ssize_t nwritten; - status = np_write(fsp->fake_file_handle, data, tdscnt, - &nwritten); - if (!NT_STATUS_IS_OK(status)) { - api_no_reply(conn, req); - return; - } - api_rpc_trans_reply(conn, req, fsp, mdrcnt); + api_dcerpc_cmd(conn, req, fsp, (uint8_t *)data, tdscnt, + mdrcnt); break; } case TRANSACT_WAITNAMEDPIPEHANDLESTATE: -- cgit From e8b2b46caeff185faef5491cbbeaf799bcd1b1ec Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 14:33:38 +0100 Subject: Make-np_write-handle-0-byte-writes-as-NT_STATUS_OK --- source3/smbd/pipes.c | 70 ++++++++++++++++++++-------------------------------- 1 file changed, 27 insertions(+), 43 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index b148cff045..cf22eb17f3 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -150,6 +150,7 @@ void reply_pipe_write(struct smb_request *req) size_t numtowrite = SVAL(req->vwv+1, 0); ssize_t nwritten; const uint8_t *data; + NTSTATUS status; if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -163,22 +164,12 @@ void reply_pipe_write(struct smb_request *req) data = req->buf + 3; - if (numtowrite == 0) { - nwritten = 0; - } else { - NTSTATUS status; - if (!fsp_is_np(fsp)) { - reply_nterror(req, NT_STATUS_INVALID_HANDLE); - return; - } - DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", - (int)fsp->fnum, fsp->fsp_name, (int)numtowrite)); - status = np_write(fsp->fake_file_handle, data, numtowrite, - &nwritten); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); - return; - } + DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", (int)fsp->fnum, + fsp->fsp_name, (int)numtowrite)); + status = np_write(fsp->fake_file_handle, data, numtowrite, &nwritten); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + return; } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { @@ -213,6 +204,7 @@ void reply_pipe_write_and_X(struct smb_request *req) ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); uint8_t *data; + NTSTATUS status; if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -229,35 +221,27 @@ void reply_pipe_write_and_X(struct smb_request *req) data = (uint8_t *)smb_base(req->inbuf) + smb_doff; - if (numtowrite == 0) { - nwritten = 0; - } else { - NTSTATUS status; - - if(pipe_start_message_raw) { - /* - * For the start of a message in named pipe byte mode, - * the first two bytes are a length-of-pdu field. Ignore - * them (we don't trust the client). JRA. - */ - if(numtowrite < 2) { - DEBUG(0,("reply_pipe_write_and_X: start of " - "message set and not enough data " - "sent.(%u)\n", - (unsigned int)numtowrite )); - reply_unixerror(req, ERRDOS, ERRnoaccess); - return; - } - - data += 2; - numtowrite -= 2; - } - status = np_write(fsp->fake_file_handle, data, numtowrite, - &nwritten); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); + if(pipe_start_message_raw) { + /* + * For the start of a message in named pipe byte mode, + * the first two bytes are a length-of-pdu field. Ignore + * them (we don't trust the client). JRA. + */ + if(numtowrite < 2) { + DEBUG(0,("reply_pipe_write_and_X: start of message " + "set and not enough data sent.(%u)\n", + (unsigned int)numtowrite )); + reply_unixerror(req, ERRDOS, ERRnoaccess); return; } + + data += 2; + numtowrite -= 2; + } + status = np_write(fsp->fake_file_handle, data, numtowrite, &nwritten); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + return; } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { -- cgit From 8ef92f7e32af73d0cd215e8f259ba5fcd3d9812e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 14:31:31 +0100 Subject: Make reply_pipe_write_and_X async --- source3/smbd/pipes.c | 72 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 20 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index cf22eb17f3..693db521e7 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -194,17 +194,20 @@ void reply_pipe_write(struct smb_request *req) wrinkles to handle pipes. ****************************************************************************/ +struct pipe_write_andx_state { + bool pipe_start_message_raw; + size_t numtowrite; +}; + +static void pipe_write_andx_done(struct async_req *subreq); + void reply_pipe_write_and_X(struct smb_request *req) { files_struct *fsp = file_fsp(req, SVAL(req->vwv+2, 0)); - size_t numtowrite = SVAL(req->vwv+10, 0); - ssize_t nwritten; int smb_doff = SVAL(req->vwv+11, 0); - bool pipe_start_message_raw = - ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) - == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); uint8_t *data; - NTSTATUS status; + struct pipe_write_andx_state *state; + struct async_req *subreq; if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -216,47 +219,76 @@ void reply_pipe_write_and_X(struct smb_request *req) return; } + state = talloc(req, struct pipe_write_andx_state); + if (state == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + req->async_priv = state; + + state->numtowrite = SVAL(req->vwv+10, 0); + state->pipe_start_message_raw = + ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) + == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); + DEBUG(6, ("reply_pipe_write_and_X: %x name: %s len: %d\n", - (int)fsp->fnum, fsp->fsp_name, (int)numtowrite)); + (int)fsp->fnum, fsp->fsp_name, (int)state->numtowrite)); data = (uint8_t *)smb_base(req->inbuf) + smb_doff; - if(pipe_start_message_raw) { + if (state->pipe_start_message_raw) { /* * For the start of a message in named pipe byte mode, * the first two bytes are a length-of-pdu field. Ignore * them (we don't trust the client). JRA. */ - if(numtowrite < 2) { + if (state->numtowrite < 2) { DEBUG(0,("reply_pipe_write_and_X: start of message " "set and not enough data sent.(%u)\n", - (unsigned int)numtowrite )); + (unsigned int)state->numtowrite )); reply_unixerror(req, ERRDOS, ERRnoaccess); return; } data += 2; - numtowrite -= 2; + state->numtowrite -= 2; } - status = np_write(fsp->fake_file_handle, data, numtowrite, &nwritten); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); + + subreq = np_write_send(state, smbd_event_context(), + fsp->fake_file_handle, data, state->numtowrite); + if (subreq == NULL) { + TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); return; } + subreq->async.fn = pipe_write_andx_done; + subreq->async.priv = talloc_move(req->conn, &req); +} - if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { +static void pipe_write_andx_done(struct async_req *subreq) +{ + struct smb_request *req = talloc_get_type_abort( + subreq->async.priv, struct smb_request); + struct pipe_write_andx_state *state = talloc_get_type_abort( + req->async_priv, struct pipe_write_andx_state); + NTSTATUS status; + ssize_t nwritten = -1; + + status = np_write_recv(subreq, &nwritten); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status) || (nwritten != state->numtowrite)) { reply_unixerror(req, ERRDOS,ERRnoaccess); - return; + goto done; } reply_outbuf(req, 6, 0); - nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten); + nwritten = (state->pipe_start_message_raw ? nwritten + 2 : nwritten); SSVAL(req->outbuf,smb_vwv2,nwritten); - - DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", fsp->fnum, - (int)nwritten)); + DEBUG(3,("writeX-IPC nwritten=%d\n", (int)nwritten)); + + done: chain_reply(req); } -- cgit From 2d5ec28b3b065940cefdd491ad7c8fd1a58c3a5c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 14:43:06 +0100 Subject: Make reply_pipe_write async --- source3/smbd/pipes.c | 61 +++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 13 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 693db521e7..abbcf67d55 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -144,13 +144,18 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) Reply to a write on a pipe. ****************************************************************************/ +struct pipe_write_state { + size_t numtowrite; +}; + +static void pipe_write_done(struct async_req *subreq); + void reply_pipe_write(struct smb_request *req) { files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0)); - size_t numtowrite = SVAL(req->vwv+1, 0); - ssize_t nwritten; const uint8_t *data; - NTSTATUS status; + struct pipe_write_state *state; + struct async_req *subreq; if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -162,29 +167,59 @@ void reply_pipe_write(struct smb_request *req) return; } + state = talloc(req, struct pipe_write_state); + if (state == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + req->async_priv = state; + + state->numtowrite = SVAL(req->vwv+1, 0); + data = req->buf + 3; DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", (int)fsp->fnum, - fsp->fsp_name, (int)numtowrite)); - status = np_write(fsp->fake_file_handle, data, numtowrite, &nwritten); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); + fsp->fsp_name, (int)state->numtowrite)); + + subreq = np_write_send(state, smbd_event_context(), + fsp->fake_file_handle, data, state->numtowrite); + if (subreq == NULL) { + TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); return; } + subreq->async.fn = pipe_write_done; + subreq->async.priv = talloc_move(req->conn, &req); +} + +static void pipe_write_done(struct async_req *subreq) +{ + struct smb_request *req = talloc_get_type_abort( + subreq->async.priv, struct smb_request); + struct pipe_write_state *state = talloc_get_type_abort( + req->async_priv, struct pipe_write_state); + NTSTATUS status; + ssize_t nwritten = -1; - if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { + status = np_write_recv(subreq, &nwritten); + TALLOC_FREE(subreq); + if ((nwritten == 0 && state->numtowrite != 0) || (nwritten < 0)) { reply_unixerror(req, ERRDOS, ERRnoaccess); - return; + goto send; } reply_outbuf(req, 1, 0); SSVAL(req->outbuf,smb_vwv0,nwritten); - - DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", fsp->fnum, - (int)nwritten)); - return; + DEBUG(3,("write-IPC nwritten=%d\n", (int)nwritten)); + + send: + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, + IS_CONN_ENCRYPTED(req->conn)||req->encrypted)) { + exit_server_cleanly("construct_reply: srv_send_smb failed."); + } + TALLOC_FREE(req); } /**************************************************************************** -- cgit From 72729bfaee6057c383e1b2b261893d2bd8ae9714 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 14:57:52 +0100 Subject: Make reply_pipe_read_andx async --- source3/smbd/pipes.c | 70 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 57 insertions(+), 13 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index abbcf67d55..f287adc92d 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -333,15 +333,20 @@ static void pipe_write_andx_done(struct async_req *subreq) wrinkles to handle pipes. ****************************************************************************/ +struct pipe_read_andx_state { + uint8_t *outbuf; + int smb_mincnt; + int smb_maxcnt; +}; + +static void pipe_read_andx_done(struct async_req *subreq); + void reply_pipe_read_and_X(struct smb_request *req) { files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0)); - int smb_maxcnt = SVAL(req->vwv+5, 0); - int smb_mincnt = SVAL(req->vwv+6, 0); - ssize_t nread; uint8_t *data; - bool unused; - NTSTATUS status; + struct pipe_read_andx_state *state; + struct async_req *subreq; /* we don't use the offset given to use for pipe reads. This is deliberate, instead we always return the next lump of @@ -360,17 +365,55 @@ void reply_pipe_read_and_X(struct smb_request *req) return; } - reply_outbuf(req, 12, smb_maxcnt); + state = talloc(req, struct pipe_read_andx_state); + if (state == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + req->async_priv = state; + state->smb_maxcnt = SVAL(req->vwv+5, 0); + state->smb_mincnt = SVAL(req->vwv+6, 0); + + reply_outbuf(req, 12, state->smb_maxcnt); data = (uint8_t *)smb_buf(req->outbuf); - status = np_read(fsp->fake_file_handle, data, smb_maxcnt, &nread, - &unused); + /* + * We have to tell the upper layers that we're async. + */ + state->outbuf = req->outbuf; + req->outbuf = NULL; - if (!NT_STATUS_IS_OK(status)) { - reply_doserror(req, ERRDOS, ERRnoaccess); + subreq = np_read_send(state, smbd_event_context(), + fsp->fake_file_handle, data, + state->smb_maxcnt); + if (subreq == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); return; } + subreq->async.fn = pipe_read_andx_done; + subreq->async.priv = talloc_move(req->conn, &req); +} + +static void pipe_read_andx_done(struct async_req *subreq) +{ + struct smb_request *req = talloc_get_type_abort( + subreq->async.priv, struct smb_request); + struct pipe_read_andx_state *state = talloc_get_type_abort( + req->async_priv, struct pipe_read_andx_state); + NTSTATUS status; + ssize_t nread; + bool is_data_outstanding; + + status = np_read_recv(subreq, &nread, &is_data_outstanding); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + goto done; + } + + req->outbuf = state->outbuf; + state->outbuf = NULL; srv_set_message((char *)req->outbuf, 12, nread, False); @@ -380,10 +423,11 @@ void reply_pipe_read_and_X(struct smb_request *req) + 1 /* the wct field */ + 12 * sizeof(uint16_t) /* vwv */ + 2); /* the buflen field */ - SSVAL(req->outbuf,smb_vwv11,smb_maxcnt); + SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt); - DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n", - fsp->fnum, smb_mincnt, smb_maxcnt, (int)nread)); + DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n", + state->smb_mincnt, state->smb_maxcnt, (int)nread)); + done: chain_reply(req); } -- cgit From 19ce90b90e0024aa1d2453fcdc52828f6bee2f33 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 16:47:15 +0100 Subject: Just for fun: Move some bytes from bss to text --- source3/smbd/mangle_hash.c | 2 +- source3/smbd/mangle_hash2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index ebd93ff5d0..96fe4d2cab 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -53,7 +53,7 @@ * */ -static const char basechars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; +static const char basechars[43]="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; #define MANGLE_BASE (sizeof(basechars)/sizeof(char)-1) #define mangle(V) ((char)(basechars[(V) % MANGLE_BASE])) diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c index 859e5e7227..3a3939c511 100644 --- a/source3/smbd/mangle_hash2.c +++ b/source3/smbd/mangle_hash2.c @@ -85,7 +85,7 @@ #define FLAG_CHECK(c, flag) (char_flags[(unsigned char)(c)] & (flag)) /* these are the characters we use in the 8.3 hash. Must be 36 chars long */ -static const char * const basechars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +static const char basechars[36] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; #define base_forward(v) basechars[v] /* the list of reserved dos names - all of these are illegal */ -- cgit From dba6624dca024d144b0adb1016d17d176d38b735 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 16:57:46 +0100 Subject: Fix nonempty blank lines --- source3/smbd/lanman.c | 115 +++++++++++++++++++++++++------------------------- 1 file changed, 57 insertions(+), 58 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index c8e35783c0..3ae4b1d61a 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -6,17 +6,17 @@ SMB Version handling Copyright (C) John H Terpstra 1995-1998 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -876,9 +876,9 @@ static bool api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, /* remove any trailing username */ if ((p = strchr_m(QueueName,'%'))) *p = 0; - + DEBUG(3,("api_DosPrintQGetInfo uLevel=%d name=%s\n",uLevel,QueueName)); - + /* check it's a supported varient */ if (!prefix_ok(str1,"zWrLh")) return False; @@ -899,11 +899,11 @@ static bool api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, SSVAL(*rparam,4,0); return(True); } - + snum = find_service(QueueName); if ( !(lp_snum_ok(snum) && lp_print_ok(snum)) ) return False; - + if (uLevel==52) { count = get_printerdrivernumber(snum); DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count)); @@ -934,7 +934,7 @@ static bool api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, } *rdata_len = desc.usedlen; - + /* * We must set the return code to ERRbuftoosmall * in order to support lanman style printing with Win NT/2k @@ -942,7 +942,7 @@ static bool api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, */ if (!mdrcnt && lp_disable_spoolss()) desc.errcode = ERRbuftoosmall; - + *rdata_len = desc.usedlen; *rparam_len = 6; *rparam = smb_realloc_limit(*rparam,*rparam_len); @@ -954,7 +954,7 @@ static bool api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); - + DEBUG(4,("printqgetinfo: errorcode %d\n",desc.errcode)); SAFE_FREE(queue); @@ -986,7 +986,7 @@ static bool api_DosPrintQEnum(connection_struct *conn, uint16 vuid, print_status_struct *status = NULL; int *subcntarr = NULL; int queuecnt = 0, subcnt = 0, succnt = 0; - + if (!param_format || !output_format1 || !p) { return False; } @@ -994,7 +994,7 @@ static bool api_DosPrintQEnum(connection_struct *conn, uint16 vuid, memset((char *)&desc,'\0',sizeof(desc)); DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel)); - + if (!prefix_ok(param_format,"WrLeh")) { return False; } @@ -1071,7 +1071,7 @@ static bool api_DosPrintQEnum(connection_struct *conn, uint16 vuid, } SAFE_FREE(subcntarr); - + *rdata_len = desc.usedlen; *rparam_len = 8; *rparam = smb_realloc_limit(*rparam,*rparam_len); @@ -1082,7 +1082,7 @@ static bool api_DosPrintQEnum(connection_struct *conn, uint16 vuid, SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); SSVAL(*rparam,6,queuecnt); - + for (i = 0; i < queuecnt; i++) { if (queue) { SAFE_FREE(queue[i]); @@ -1091,7 +1091,7 @@ static bool api_DosPrintQEnum(connection_struct *conn, uint16 vuid, SAFE_FREE(queue); SAFE_FREE(status); - + return True; err: @@ -1248,11 +1248,11 @@ static int get_server_info(uint32 servertype, DEBUG(4,("s: dom mismatch ")); ok = False; } - + if (!strequal(domain, s->domain) && !(servertype & SV_TYPE_DOMAIN_ENUM)) { ok = False; } - + /* We should never return a server type with a SV_TYPE_LOCAL_LIST_ONLY set. */ s->type &= ~SV_TYPE_LOCAL_LIST_ONLY; @@ -1266,7 +1266,7 @@ static int get_server_info(uint32 servertype, s->name, s->type, s->comment, s->domain)); } } - + TALLOC_FREE(lines); return count; } @@ -1284,7 +1284,7 @@ static int fill_srv_info(struct srv_info_struct *service, char* p2; int l2; int len; - + switch (uLevel) { case 0: struct_len = 16; @@ -1295,7 +1295,7 @@ static int fill_srv_info(struct srv_info_struct *service, default: return -1; } - + if (!buf) { len = 0; switch (uLevel) { @@ -1308,7 +1308,7 @@ static int fill_srv_info(struct srv_info_struct *service, *stringspace = len; return struct_len + len; } - + len = struct_len; p = *buf; if (*buflen < struct_len) { @@ -1324,7 +1324,7 @@ static int fill_srv_info(struct srv_info_struct *service, if (!baseaddr) { baseaddr = p; } - + switch (uLevel) { case 0: push_ascii(p,service->name, MAX_NETBIOSNAME_LEN, STR_TERMINATE); @@ -1416,7 +1416,7 @@ static bool api_RNetServerEnum(connection_struct *conn, uint16 vuid, if (!check_server_info(uLevel,str2)) { return False; } - + DEBUG(4, ("server request level: %s %8x ", str2, servertype)); DEBUG(4, ("domains_req:%s ", BOOLSTR(domain_request))); DEBUG(4, ("local_only:%s\n", BOOLSTR(local_request))); @@ -1454,7 +1454,7 @@ static bool api_RNetServerEnum(connection_struct *conn, uint16 vuid, data_len += fill_srv_info(s,uLevel,0,&f_len,0,&s_len,0); DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", s->name, s->type, s->comment, s->domain)); - + if (data_len <= buf_len) { counted++; fixed_len += f_len; @@ -1470,7 +1470,7 @@ static bool api_RNetServerEnum(connection_struct *conn, uint16 vuid, if (!*rdata) { return False; } - + p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ p = *rdata; f_len = fixed_len; @@ -1493,7 +1493,7 @@ static bool api_RNetServerEnum(connection_struct *conn, uint16 vuid, count2--; } } - + *rparam_len = 8; *rparam = smb_realloc_limit(*rparam,*rparam_len); if (!*rparam) { @@ -1540,9 +1540,9 @@ static bool api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, if (!prefix_ok(str1,"zWrLeh")) { return False; } - + *rdata_len = 0; - + *rparam_len = 8; *rparam = smb_realloc_limit(*rparam,*rparam_len); if (!*rparam) { @@ -1599,7 +1599,7 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, char* p2; int l2; int len; - + switch( uLevel ) { case 0: struct_len = 13; @@ -1616,8 +1616,7 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, default: return -1; } - - + if (!buf) { len = 0; @@ -1635,7 +1634,7 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, } return struct_len + len; } - + len = struct_len; p = *buf; if ((*buflen) < struct_len) { @@ -1653,9 +1652,9 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, if (!baseaddr) { baseaddr = p; } - + push_ascii(p,lp_servicename(snum),13, STR_TERMINATE); - + if (uLevel > 0) { int type; @@ -1671,7 +1670,7 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, SIVAL(p,16,PTR_DIFF(p2,baseaddr)); len += CopyExpanded(conn,snum,&p2,lp_comment(snum),&l2); } - + if (uLevel > 1) { SSVAL(p,20,ACCESS_READ|ACCESS_WRITE|ACCESS_CREATE); /* permissions */ SSVALS(p,22,-1); /* max uses */ @@ -1680,7 +1679,7 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, len += CopyAndAdvance(&p2,lp_pathname(snum),&l2); memset(p+30,0,SHPWLEN+2); /* passwd (reserved), pad field */ } - + if (uLevel > 2) { memset(p+40,0,SHPWLEN+2); SSVAL(p,50,0); @@ -1691,7 +1690,7 @@ static int fill_share_info(connection_struct *conn, int snum, int uLevel, SSVAL(p,64,0); SSVAL(p,66,0); } - + if (stringbuf) { (*buf) = p + struct_len; (*buflen) -= struct_len; @@ -1718,7 +1717,7 @@ static bool api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *p = skip_string(param,tpscnt,netname); int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); int snum; - + if (!str1 || !str2 || !netname || !p) { return False; } @@ -1727,7 +1726,7 @@ static bool api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, if (snum < 0) { return False; } - + /* check it's a supported varient */ if (!prefix_ok(str1,"zWrLh")) { return False; @@ -1735,7 +1734,7 @@ static bool api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, if (!check_share_info(uLevel,str2)) { return False; } - + *rdata = smb_realloc_limit(*rdata,mdrcnt); if (!*rdata) { return False; @@ -1745,7 +1744,7 @@ static bool api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, if (*rdata_len < 0) { return False; } - + *rparam_len = 6; *rparam = smb_realloc_limit(*rparam,*rparam_len); if (!*rparam) { @@ -1754,7 +1753,7 @@ static bool api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); - + return True; } @@ -1790,7 +1789,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid, int i; int data_len, fixed_len, string_len; int f_len = 0, s_len = 0; - + if (!str1 || !str2 || !p) { return False; } @@ -1801,7 +1800,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid, if (!check_share_info(uLevel,str2)) { return False; } - + /* Ensure all the usershares are loaded. */ become_root(); load_registry_shares(); @@ -1834,7 +1833,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid, if (!*rdata) { return False; } - + p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */ p = *rdata; f_len = fixed_len; @@ -1853,7 +1852,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid, } } } - + *rparam_len = 8; *rparam = smb_realloc_limit(*rparam,*rparam_len); if (!*rparam) { @@ -1863,7 +1862,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid, SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); SSVAL(*rparam,6,total); - + DEBUG(3,("RNetShareEnum gave %d entries of %d (%d %d %d %d)\n", counted,total,uLevel, buf_len,*rdata_len,mdrcnt)); @@ -2004,7 +2003,7 @@ static bool api_RNetShareAdd(connection_struct *conn,uint16 vuid, SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); *rdata_len = 0; - + return True; error_exit: @@ -2042,7 +2041,7 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid, struct samr_displayentry *entries; int num_entries; - + if (!str1 || !str2 || !p) { return False; } @@ -2538,7 +2537,7 @@ static bool api_SetUserPassword(connection_struct *conn,uint16 vuid, memset((char *)pass1,'\0',sizeof(fstring)); memset((char *)pass2,'\0',sizeof(fstring)); - + return(True); } @@ -2677,7 +2676,7 @@ static bool api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, } errcode = NERR_notsupported; - + switch (function) { case 81: /* delete */ if (print_job_delete(conn->server_info, snum, jobid, &werr)) @@ -2695,7 +2694,7 @@ static bool api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, if (!W_ERROR_IS_OK(werr)) errcode = W_ERROR_V(werr); - + out: SSVAL(*rparam,0,errcode); SSVAL(*rparam,2,0); /* converter word */ @@ -2845,9 +2844,9 @@ static bool api_PrintJobInfo(connection_struct *conn, uint16 vuid, sharename)); return False; } - + *rdata_len = 0; - + /* check it's a supported varient */ if ((strcmp(str1,"WWsTP")) || (!check_printjob_info(&desc,uLevel,str2))) @@ -2884,7 +2883,7 @@ static bool api_PrintJobInfo(connection_struct *conn, uint16 vuid, out: SSVALS(*rparam,0,errcode); SSVAL(*rparam,2,0); /* converter word */ - + return(True); } @@ -3638,7 +3637,7 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, desc.buflen = mdrcnt; desc.subformat = NULL; desc.format = str2; - + if (init_package(&desc,1,0)) { PACKI(&desc,"W",0); /* code */ PACKS(&desc,"B21",name); /* eff. name */ @@ -3870,11 +3869,11 @@ static bool api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid, if (strcmp(str1,"zWrLeh") != 0) { return False; } - + if (uLevel > 2) { return False; /* defined only for uLevel 0,1,2 */ } - + if (!check_printjob_info(&desc,uLevel,str2)) { return False; } -- cgit From 50ca5af9f38b46fb3c7dea5b50997d3bd1c7e46f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 31 Jan 2009 17:58:30 +0100 Subject: Convert api_RNetUserEnum to use the srv_samr_nt.c directly This is a sample for other accesses to pdb to go via samr. The goal is to access passdb only via srv_samr_nt.c. If that is done, then we can easily swap in another samr implementation like for example samba4's via a unix domain socket. --- source3/smbd/lanman.c | 103 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 77 insertions(+), 26 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 3ae4b1d61a..4807e62436 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -2281,8 +2281,11 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid, int num_users=0; int errflags=0; int i, resume_context, cli_buf_size; - struct pdb_search *search; - struct samr_displayentry *users; + uint32_t resume_handle; + + struct rpc_pipe_client *samr_pipe; + struct policy_handle samr_handle, domain_handle; + NTSTATUS status; char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); @@ -2327,40 +2330,88 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid, p = *rdata; endp = *rdata + *rdata_len; - become_root(); - search = pdb_search_users(ACB_NORMAL); - unbecome_root(); - if (search == NULL) { - DEBUG(0, ("api_RNetUserEnum:unable to open sam database.\n")); - return False; + status = rpc_pipe_open_internal( + talloc_tos(), &ndr_table_samr.syntax_id, rpc_samr_dispatch, + conn->server_info, &samr_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n", + nt_errstr(status))); + return false; } - become_root(); - num_users = pdb_search_entries(search, resume_context, 0xffffffff, - &users); - unbecome_root(); + status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(), + SAMR_ACCESS_OPEN_DOMAIN, &samr_handle); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n", + nt_errstr(status))); + return false; + } + + status = rpccli_samr_OpenDomain(samr_pipe, talloc_tos(), &samr_handle, + SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, + get_global_sam_sid(), &domain_handle); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n", + nt_errstr(status))); + return false; + } errflags=NERR_Success; - for (i=0; ientries[i].name.string; + + if(((PTR_DIFF(p,*rdata)+21)<=*rdata_len) + &&(strlen(name)<=21)) { + strlcpy(p,name,PTR_DIFF(endp,p)); + DEBUG(10,("api_RNetUserEnum:adding entry %d " + "username %s\n",count_sent,p)); + p += 21; + count_sent++; + } else { + /* set overflow error */ + DEBUG(10,("api_RNetUserEnum:overflow on entry %d " + "username %s\n",count_sent,name)); + errflags=234; + break; + } + } + + if (errflags != NERR_Success) { + break; + } + + TALLOC_FREE(sam_entries); } - pdb_search_destroy(search); + rpccli_samr_Close(samr_pipe, talloc_tos(), &domain_handle); + rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle); *rdata_len = PTR_DIFF(p,*rdata); -- cgit From d96248a9b46559552f53b0ecd3861387ea7ff050 Mon Sep 17 00:00:00 2001 From: Dan Sledz Date: Thu, 15 Jan 2009 17:02:41 -0800 Subject: Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket. --- source3/smbd/negprot.c | 2 +- source3/smbd/sesssetup.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 729d144ea1..57608a9b40 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -212,7 +212,7 @@ static DATA_BLOB negprot_spnego(void) */ - if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) { + if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) { #if 0 /* Code for PocketPC client */ blob = data_blob(guid, 16); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index a2ad56bea1..7a03ef7f3c 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -795,7 +795,7 @@ static void reply_spnego_negotiate(struct smb_request *req, #ifdef HAVE_KRB5 if (kerb_mech && ((lp_security()==SEC_ADS) || - lp_use_kerberos_keytab()) ) { + USE_KERBEROS_KEYTAB) ) { bool destroy_vuid = True; reply_spnego_kerberos(req, &secblob, kerb_mech, vuid, &destroy_vuid); @@ -887,7 +887,7 @@ static void reply_spnego_auth(struct smb_request *req, (unsigned long)secblob.length)); #ifdef HAVE_KRB5 if (kerb_mech && ((lp_security()==SEC_ADS) || - lp_use_kerberos_keytab()) ) { + USE_KERBEROS_KEYTAB)) { bool destroy_vuid = True; reply_spnego_kerberos(req, &secblob, kerb_mech, vuid, &destroy_vuid); -- cgit From 553818add80818909268557665e2760a16f2d8a0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 2 Feb 2009 17:10:27 -0800 Subject: Fix bug #6082 - smbd_gpfs_getacl failed: Windows client canĀ“t rename or delete file This fixes the generic rename/delete problem for 3.3.0 and above. Fixed slightly differently to discussions, user viewable modified ACLs are not a good idea :-). Jeremy. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source3/smbd/file_access.c | 11 +++------ source3/smbd/open.c | 56 +++++++++++++++++++++++++++++++++++++--------- 2 files changed, 49 insertions(+), 18 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index d44e63a89a..fe7ba1cc46 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -113,16 +113,11 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) * having the DELETE bit on the file itself and second if that does * not help, by the DELETE_CHILD bit on the containing directory. * - * Here we check the other way round because with just posix - * permissions looking at the file itself will never grant DELETE, so - * by looking at the directory first we save one get_acl call. + * Here we only check the directory permissions, we will + * check the file DELETE permission separately. */ - if (can_access_file_acl(conn, dname, FILE_DELETE_CHILD)) { - return true; - } - - return can_access_file_acl(conn, fname, DELETE_ACCESS); + return can_access_file_acl(conn, dname, FILE_DELETE_CHILD); } /**************************************************************************** diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 7d23b92359..bc5107447f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -67,13 +67,15 @@ NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd, static NTSTATUS check_open_rights(struct connection_struct *conn, const char *fname, - uint32_t access_mask) + uint32_t access_mask, + uint32_t *access_granted) { /* Check if we have rights to open. */ NTSTATUS status; - uint32_t access_granted = 0; struct security_descriptor *sd; + *access_granted = 0; + status = SMB_VFS_GET_NT_ACL(conn, fname, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | @@ -90,9 +92,17 @@ static NTSTATUS check_open_rights(struct connection_struct *conn, status = smb1_file_se_access_check(sd, conn->server_info->ptok, access_mask, - &access_granted); + access_granted); TALLOC_FREE(sd); + + DEBUG(10,("check_open_rights: file %s requesting " + "0x%x returning 0x%x (%s)\n", + fname, + (unsigned int)access_mask, + (unsigned int)*access_granted, + nt_errstr(status) )); + return status; } @@ -415,14 +425,35 @@ static NTSTATUS open_file(files_struct *fsp, } else { fsp->fh->fd = -1; /* What we used to call a stat open. */ if (file_existed) { + uint32_t access_granted = 0; + status = check_open_rights(conn, path, - access_mask); + access_mask, + &access_granted); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("open_file: Access denied on " - "file %s\n", - path)); - return status; + + /* Were we trying to do a stat open + * for delete and didn't get DELETE + * access (only) ? Check if the + * directory allows DELETE_CHILD. + * See here: + * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx + * for details. */ + + if (!(NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && + (access_mask & DELETE_ACCESS) && + (access_granted == DELETE_ACCESS) && + can_delete_file_in_directory(conn, path))) { + DEBUG(10, ("open_file: Access denied on " + "file %s\n", + path)); + return status; + } + + DEBUG(10,("open_file: overrode ACCESS_DENIED " + "on file %s\n", + path )); } } } @@ -2395,9 +2426,11 @@ static NTSTATUS open_directory(connection_struct *conn, } if (info == FILE_WAS_OPENED) { + uint32_t access_granted = 0; status = check_open_rights(conn, fname, - access_mask); + access_mask, + &access_granted); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_directory: check_open_rights on " "file %s failed with %s\n", @@ -2826,8 +2859,11 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, && (create_disposition != FILE_CREATE) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS) - && (!can_delete_file_in_directory(conn, fname))) { + && (!(can_delete_file_in_directory(conn, fname) || + can_access_file_acl(conn, fname, DELETE_ACCESS)))) { status = NT_STATUS_ACCESS_DENIED; + DEBUG(10,("create_file_unixpath: open file %s " + "for delete ACCESS_DENIED\n", fname )); goto fail; } -- cgit From e7c09d8b105d8182e7ae3948a664169dc13198e9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 4 Feb 2009 16:33:52 -0800 Subject: Fix bug #Bug 6090 renaming or deleting a "not matching/resolving" symlink is failing. Reported by Kukks. Make sure we correctly use LSTAT in all cases where POSIX pathnames are being used. This matters when dealing with symlinks pointing to invalid paths being renamed or deleted not all deletes and renames are done via an nt_create open. Jeremy. --- source3/smbd/filename.c | 30 +++++++++++++++++++++++---- source3/smbd/open.c | 54 +++++++++++++++++++++++++++++++------------------ source3/smbd/reply.c | 34 +++++++++++++++++++++++++------ 3 files changed, 88 insertions(+), 30 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index d240ecfa64..003cb0ffd4 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -126,7 +126,9 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, char *stream = NULL; bool component_was_mangled = False; bool name_has_wildcard = False; + bool posix_pathnames = false; NTSTATUS result; + int ret = -1; SET_STAT_INVALID(*pst); *pp_conv_path = NULL; @@ -225,7 +227,9 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, } } - if (!lp_posix_pathnames()) { + posix_pathnames = lp_posix_pathnames(); + + if (!posix_pathnames) { stream = strchr_m(name, ':'); if (stream != NULL) { @@ -268,7 +272,13 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, * stat the name - if it exists then we are all done! */ - if (SMB_VFS_STAT(conn,name,&st) == 0) { + if (posix_pathnames) { + ret = SMB_VFS_LSTAT(conn,name,&st); + } else { + ret = SMB_VFS_STAT(conn,name,&st); + } + + if (ret == 0) { /* Ensure we catch all names with in "/." this is disallowed under Windows. */ const char *p = strstr(name, "/."); /* mb safe. */ @@ -380,7 +390,13 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, * Check if the name exists up to this point. */ - if (SMB_VFS_STAT(conn,name, &st) == 0) { + if (posix_pathnames) { + ret = SMB_VFS_LSTAT(conn,name, &st); + } else { + ret = SMB_VFS_STAT(conn,name, &st); + } + + if (ret == 0) { /* * It exists. it must either be a directory or this must * be the last part of the path for it to be OK. @@ -598,7 +614,13 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, * if it exists. JRA. */ - if (SMB_VFS_STAT(conn,name, &st) == 0) { + if (posix_pathnames) { + ret = SMB_VFS_LSTAT(conn,name, &st); + } else { + ret = SMB_VFS_STAT(conn,name, &st); + } + + if (ret == 0) { *pst = st; } else { SET_STAT_INVALID(st); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index bc5107447f..f7a52d7bd2 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -432,28 +432,42 @@ static NTSTATUS open_file(files_struct *fsp, access_mask, &access_granted); if (!NT_STATUS_IS_OK(status)) { - - /* Were we trying to do a stat open - * for delete and didn't get DELETE - * access (only) ? Check if the - * directory allows DELETE_CHILD. - * See here: - * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx - * for details. */ - - if (!(NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && - (access_mask & DELETE_ACCESS) && - (access_granted == DELETE_ACCESS) && - can_delete_file_in_directory(conn, path))) { - DEBUG(10, ("open_file: Access denied on " - "file %s\n", - path)); + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + if ((access_mask & DELETE_ACCESS) && + (access_granted == DELETE_ACCESS) && + can_delete_file_in_directory(conn, path)) { + /* Were we trying to do a stat open + * for delete and didn't get DELETE + * access (only) ? Check if the + * directory allows DELETE_CHILD. + * See here: + * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx + * for details. */ + + DEBUG(10,("open_file: overrode ACCESS_DENIED " + "on file %s\n", + path )); + } else { + DEBUG(10, ("open_file: Access denied on " + "file %s\n", + path)); + return status; + } + } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && + fsp->posix_open && + S_ISLNK(psbuf->st_mode)) { + /* This is a POSIX stat open for delete + * or rename on a symlink that points + * nowhere. Allow. */ + DEBUG(10, ("open_file: allowing POSIX open " + "on bad symlink %s\n", + path )); + } else { + DEBUG(10, ("open_file: check_open_rights " + "on file %s returned %s\n", + path, nt_errstr(status) )); return status; } - - DEBUG(10,("open_file: overrode ACCESS_DENIED " - "on file %s\n", - path )); } } } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index f2d4ff78a7..bb5fadd465 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -5616,7 +5616,13 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, return map_nt_error_from_unix(errno); } } else { - if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) { + int ret = -1; + if (fsp->posix_open) { + ret = SMB_VFS_LSTAT(conn,fsp->fsp_name,&sbuf); + } else { + ret = SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf); + } + if (ret == -1) { return map_nt_error_from_unix(errno); } } @@ -5721,6 +5727,7 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, const char *dname; long offset = 0; int create_options = 0; + bool posix_pathnames = lp_posix_pathnames(); ZERO_STRUCT(sbuf1); ZERO_STRUCT(sbuf2); @@ -5832,7 +5839,11 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, } ZERO_STRUCT(sbuf1); - SMB_VFS_STAT(conn, directory, &sbuf1); + if (posix_pathnames) { + SMB_VFS_LSTAT(conn, directory, &sbuf1); + } else { + SMB_VFS_STAT(conn, directory, &sbuf1); + } if (S_ISDIR(sbuf1.st_mode)) { create_options |= FILE_DIRECTORY_FILE; @@ -5849,7 +5860,7 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, FILE_SHARE_WRITE), FILE_OPEN, /* create_disposition*/ create_options, /* create_options */ - 0, /* file_attributes */ + posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */ 0, /* oplock_request */ 0, /* allocation_size */ NULL, /* sd */ @@ -5948,7 +5959,11 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, } ZERO_STRUCT(sbuf1); - SMB_VFS_STAT(conn, fname, &sbuf1); + if (posix_pathnames) { + SMB_VFS_LSTAT(conn, fname, &sbuf1); + } else { + SMB_VFS_STAT(conn, fname, &sbuf1); + } create_options = 0; @@ -5967,7 +5982,7 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, FILE_SHARE_WRITE), FILE_OPEN, /* create_disposition*/ create_options, /* create_options */ - 0, /* file_attributes */ + posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */ 0, /* oplock_request */ 0, /* allocation_size */ NULL, /* sd */ @@ -7167,7 +7182,14 @@ void reply_setattrE(struct smb_request *req) return; } } else { - if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) { + int ret = -1; + + if (fsp->posix_open) { + ret = SMB_VFS_LSTAT(conn, fsp->fsp_name, &sbuf); + } else { + ret = SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf); + } + if (ret == -1) { status = map_nt_error_from_unix(errno); reply_nterror(req, status); END_PROFILE(SMBsetattrE); -- cgit