Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Copyright (C) Stefan Metzmacher 2011-2012
5 : Copyright (C) Michael Adam 2012
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "system/filesys.h"
23 : #include <tevent.h>
24 : #include "lib/util/server_id.h"
25 : #include "smbd/smbd.h"
26 : #include "smbd/globals.h"
27 : #include "dbwrap/dbwrap.h"
28 : #include "dbwrap/dbwrap_rbt.h"
29 : #include "dbwrap/dbwrap_open.h"
30 : #include "dbwrap/dbwrap_watch.h"
31 : #include "session.h"
32 : #include "auth.h"
33 : #include "auth/gensec/gensec.h"
34 : #include "../lib/tsocket/tsocket.h"
35 : #include "../libcli/security/security.h"
36 : #include "messages.h"
37 : #include "lib/util/util_tdb.h"
38 : #include "librpc/gen_ndr/ndr_smbXsrv.h"
39 : #include "serverid.h"
40 : #include "lib/util/tevent_ntstatus.h"
41 : #include "lib/global_contexts.h"
42 : #include "source3/include/util_tdb.h"
43 :
44 : struct smbXsrv_session_table {
45 : struct {
46 : struct db_context *db_ctx;
47 : uint32_t lowest_id;
48 : uint32_t highest_id;
49 : uint32_t max_sessions;
50 : uint32_t num_sessions;
51 : } local;
52 : struct {
53 : struct db_context *db_ctx;
54 : } global;
55 : };
56 :
57 : static struct db_context *smbXsrv_session_global_db_ctx = NULL;
58 :
59 30548 : NTSTATUS smbXsrv_session_global_init(struct messaging_context *msg_ctx)
60 : {
61 30548 : char *global_path = NULL;
62 30548 : struct db_context *backend = NULL;
63 30548 : struct db_context *db_ctx = NULL;
64 :
65 30548 : if (smbXsrv_session_global_db_ctx != NULL) {
66 30526 : return NT_STATUS_OK;
67 : }
68 :
69 : /*
70 : * This contains secret information like session keys!
71 : */
72 22 : global_path = lock_path(talloc_tos(), "smbXsrv_session_global.tdb");
73 22 : if (global_path == NULL) {
74 0 : return NT_STATUS_NO_MEMORY;
75 : }
76 :
77 22 : backend = db_open(NULL, global_path,
78 : SMBD_VOLATILE_TDB_HASH_SIZE,
79 : SMBD_VOLATILE_TDB_FLAGS,
80 : O_RDWR | O_CREAT, 0600,
81 : DBWRAP_LOCK_ORDER_1,
82 : DBWRAP_FLAG_NONE);
83 22 : TALLOC_FREE(global_path);
84 22 : if (backend == NULL) {
85 0 : NTSTATUS status;
86 :
87 0 : status = map_nt_error_from_unix_common(errno);
88 :
89 0 : return status;
90 : }
91 :
92 22 : db_ctx = db_open_watched(NULL, &backend, global_messaging_context());
93 22 : if (db_ctx == NULL) {
94 0 : TALLOC_FREE(backend);
95 0 : return NT_STATUS_NO_MEMORY;
96 : }
97 :
98 22 : smbXsrv_session_global_db_ctx = db_ctx;
99 :
100 22 : return NT_STATUS_OK;
101 : }
102 :
103 : /*
104 : * NOTE:
105 : * We need to store the keys in big endian so that dbwrap_rbt's memcmp
106 : * has the same result as integer comparison between the uint32_t
107 : * values.
108 : *
109 : * TODO: implement string based key
110 : */
111 :
112 : #define SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE sizeof(uint32_t)
113 :
114 198451 : static TDB_DATA smbXsrv_session_global_id_to_key(uint32_t id,
115 : uint8_t *key_buf)
116 : {
117 4300 : TDB_DATA key;
118 :
119 198451 : RSIVAL(key_buf, 0, id);
120 :
121 198451 : key = make_tdb_data(key_buf, SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE);
122 :
123 198451 : return key;
124 : }
125 :
126 : #if 0
127 : static NTSTATUS smbXsrv_session_global_key_to_id(TDB_DATA key, uint32_t *id)
128 : {
129 : if (id == NULL) {
130 : return NT_STATUS_INVALID_PARAMETER;
131 : }
132 :
133 : if (key.dsize != SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE) {
134 : return NT_STATUS_INTERNAL_DB_CORRUPTION;
135 : }
136 :
137 : *id = RIVAL(key.dptr, 0);
138 :
139 : return NT_STATUS_OK;
140 : }
141 : #endif
142 :
143 : #define SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE sizeof(uint32_t)
144 :
145 3982661 : static TDB_DATA smbXsrv_session_local_id_to_key(uint32_t id,
146 : uint8_t *key_buf)
147 : {
148 36911 : TDB_DATA key;
149 :
150 3982661 : RSIVAL(key_buf, 0, id);
151 :
152 3982661 : key = make_tdb_data(key_buf, SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE);
153 :
154 3982661 : return key;
155 : }
156 :
157 0 : static NTSTATUS smbXsrv_session_local_key_to_id(TDB_DATA key, uint32_t *id)
158 : {
159 0 : if (id == NULL) {
160 0 : return NT_STATUS_INVALID_PARAMETER;
161 : }
162 :
163 0 : if (key.dsize != SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE) {
164 0 : return NT_STATUS_INTERNAL_DB_CORRUPTION;
165 : }
166 :
167 0 : *id = RIVAL(key.dptr, 0);
168 :
169 0 : return NT_STATUS_OK;
170 : }
171 :
172 198451 : static struct db_record *smbXsrv_session_global_fetch_locked(
173 : struct db_context *db,
174 : uint32_t id,
175 : TALLOC_CTX *mem_ctx)
176 : {
177 4300 : TDB_DATA key;
178 4300 : uint8_t key_buf[SMBXSRV_SESSION_GLOBAL_TDB_KEY_SIZE];
179 198451 : struct db_record *rec = NULL;
180 :
181 198451 : key = smbXsrv_session_global_id_to_key(id, key_buf);
182 :
183 198451 : rec = dbwrap_fetch_locked(db, mem_ctx, key);
184 :
185 198451 : if (rec == NULL) {
186 0 : DBG_DEBUG("Failed to lock global id 0x%08x, key '%s'\n", id,
187 : tdb_data_dbg(key));
188 : }
189 :
190 198451 : return rec;
191 : }
192 :
193 37608 : static struct db_record *smbXsrv_session_local_fetch_locked(
194 : struct db_context *db,
195 : uint32_t id,
196 : TALLOC_CTX *mem_ctx)
197 : {
198 781 : TDB_DATA key;
199 781 : uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
200 37608 : struct db_record *rec = NULL;
201 :
202 37608 : key = smbXsrv_session_local_id_to_key(id, key_buf);
203 :
204 37608 : rec = dbwrap_fetch_locked(db, mem_ctx, key);
205 :
206 37608 : if (rec == NULL) {
207 0 : DBG_DEBUG("Failed to lock local id 0x%08x, key '%s'\n", id,
208 : tdb_data_dbg(key));
209 : }
210 :
211 37608 : return rec;
212 : }
213 :
214 : static void smbXsrv_session_close_loop(struct tevent_req *subreq);
215 :
216 30506 : static NTSTATUS smbXsrv_session_table_init(struct smbXsrv_connection *conn,
217 : uint32_t lowest_id,
218 : uint32_t highest_id,
219 : uint32_t max_sessions)
220 : {
221 30506 : struct smbXsrv_client *client = conn->client;
222 834 : struct smbXsrv_session_table *table;
223 834 : NTSTATUS status;
224 834 : struct tevent_req *subreq;
225 834 : uint64_t max_range;
226 :
227 30506 : if (lowest_id > highest_id) {
228 0 : return NT_STATUS_INTERNAL_ERROR;
229 : }
230 :
231 30506 : max_range = highest_id;
232 30506 : max_range -= lowest_id;
233 30506 : max_range += 1;
234 :
235 30506 : if (max_sessions > max_range) {
236 0 : return NT_STATUS_INTERNAL_ERROR;
237 : }
238 :
239 30506 : table = talloc_zero(client, struct smbXsrv_session_table);
240 30506 : if (table == NULL) {
241 0 : return NT_STATUS_NO_MEMORY;
242 : }
243 :
244 30506 : table->local.db_ctx = db_open_rbt(table);
245 30506 : if (table->local.db_ctx == NULL) {
246 0 : TALLOC_FREE(table);
247 0 : return NT_STATUS_NO_MEMORY;
248 : }
249 30506 : table->local.lowest_id = lowest_id;
250 30506 : table->local.highest_id = highest_id;
251 30506 : table->local.max_sessions = max_sessions;
252 :
253 30506 : status = smbXsrv_session_global_init(client->msg_ctx);
254 30506 : if (!NT_STATUS_IS_OK(status)) {
255 0 : TALLOC_FREE(table);
256 0 : return status;
257 : }
258 :
259 30506 : table->global.db_ctx = smbXsrv_session_global_db_ctx;
260 :
261 30506 : subreq = messaging_read_send(table,
262 : client->raw_ev_ctx,
263 : client->msg_ctx,
264 : MSG_SMBXSRV_SESSION_CLOSE);
265 30506 : if (subreq == NULL) {
266 0 : TALLOC_FREE(table);
267 0 : return NT_STATUS_NO_MEMORY;
268 : }
269 30506 : tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
270 :
271 30506 : client->session_table = table;
272 30506 : return NT_STATUS_OK;
273 : }
274 :
275 : static void smbXsrv_session_close_shutdown_done(struct tevent_req *subreq);
276 :
277 54 : static void smbXsrv_session_close_loop(struct tevent_req *subreq)
278 : {
279 4 : struct smbXsrv_client *client =
280 54 : tevent_req_callback_data(subreq,
281 : struct smbXsrv_client);
282 54 : struct smbXsrv_session_table *table = client->session_table;
283 4 : int ret;
284 54 : struct messaging_rec *rec = NULL;
285 4 : struct smbXsrv_session_closeB close_blob;
286 4 : enum ndr_err_code ndr_err;
287 54 : struct smbXsrv_session_close0 *close_info0 = NULL;
288 54 : struct smbXsrv_session *session = NULL;
289 4 : NTSTATUS status;
290 54 : struct timeval tv = timeval_current();
291 54 : NTTIME now = timeval_to_nttime(&tv);
292 :
293 54 : ret = messaging_read_recv(subreq, talloc_tos(), &rec);
294 54 : TALLOC_FREE(subreq);
295 54 : if (ret != 0) {
296 0 : goto next;
297 : }
298 :
299 54 : ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &close_blob,
300 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_closeB);
301 54 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
302 0 : status = ndr_map_error2ntstatus(ndr_err);
303 0 : DBG_WARNING("smbXsrv_session_close_loop: "
304 : "ndr_pull_struct_blob - %s\n",
305 : nt_errstr(status));
306 0 : goto next;
307 : }
308 :
309 54 : DBG_DEBUG("smbXsrv_session_close_loop: MSG_SMBXSRV_SESSION_CLOSE\n");
310 54 : if (DEBUGLVL(DBGLVL_DEBUG)) {
311 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
312 : }
313 :
314 54 : if (close_blob.version != SMBXSRV_VERSION_0) {
315 0 : DBG_ERR("smbXsrv_session_close_loop: "
316 : "ignore invalid version %u\n", close_blob.version);
317 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
318 0 : goto next;
319 : }
320 :
321 54 : close_info0 = close_blob.info.info0;
322 54 : if (close_info0 == NULL) {
323 0 : DBG_ERR("smbXsrv_session_close_loop: "
324 : "ignore NULL info %u\n", close_blob.version);
325 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
326 0 : goto next;
327 : }
328 :
329 54 : status = smb2srv_session_lookup_client(client,
330 : close_info0->old_session_wire_id,
331 : now, &session);
332 54 : if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
333 0 : DBG_INFO("smbXsrv_session_close_loop: "
334 : "old_session_wire_id %llu not found\n",
335 : (unsigned long long)close_info0->old_session_wire_id);
336 0 : if (DEBUGLVL(DBGLVL_INFO)) {
337 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
338 : }
339 0 : goto next;
340 : }
341 54 : if (!NT_STATUS_IS_OK(status) &&
342 0 : !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
343 0 : !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
344 0 : DBG_WARNING("smbXsrv_session_close_loop: "
345 : "old_session_wire_id %llu - %s\n",
346 : (unsigned long long)close_info0->old_session_wire_id,
347 : nt_errstr(status));
348 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
349 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
350 : }
351 0 : goto next;
352 : }
353 :
354 54 : if (session->global->session_global_id != close_info0->old_session_global_id) {
355 0 : DBG_WARNING("smbXsrv_session_close_loop: "
356 : "old_session_wire_id %llu - global %u != %u\n",
357 : (unsigned long long)close_info0->old_session_wire_id,
358 : session->global->session_global_id,
359 : close_info0->old_session_global_id);
360 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
361 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
362 : }
363 0 : goto next;
364 : }
365 :
366 54 : if (session->global->creation_time != close_info0->old_creation_time) {
367 0 : DBG_WARNING("smbXsrv_session_close_loop: "
368 : "old_session_wire_id %llu - "
369 : "creation %s (%llu) != %s (%llu)\n",
370 : (unsigned long long)close_info0->old_session_wire_id,
371 : nt_time_string(rec, session->global->creation_time),
372 : (unsigned long long)session->global->creation_time,
373 : nt_time_string(rec, close_info0->old_creation_time),
374 : (unsigned long long)close_info0->old_creation_time);
375 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
376 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
377 : }
378 0 : goto next;
379 : }
380 :
381 54 : subreq = smb2srv_session_shutdown_send(session, client->raw_ev_ctx,
382 : session, NULL);
383 54 : if (subreq == NULL) {
384 0 : status = NT_STATUS_NO_MEMORY;
385 0 : DBG_ERR("smbXsrv_session_close_loop: "
386 : "smb2srv_session_shutdown_send(%llu) failed: %s\n",
387 : (unsigned long long)session->global->session_wire_id,
388 : nt_errstr(status));
389 0 : if (DEBUGLVL(DBGLVL_WARNING)) {
390 0 : NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
391 : }
392 0 : goto next;
393 : }
394 54 : tevent_req_set_callback(subreq,
395 : smbXsrv_session_close_shutdown_done,
396 : session);
397 :
398 54 : next:
399 54 : TALLOC_FREE(rec);
400 :
401 54 : subreq = messaging_read_send(table,
402 : client->raw_ev_ctx,
403 : client->msg_ctx,
404 : MSG_SMBXSRV_SESSION_CLOSE);
405 54 : if (subreq == NULL) {
406 0 : const char *r;
407 0 : r = "messaging_read_send(MSG_SMBXSRV_SESSION_CLOSE) failed";
408 0 : exit_server_cleanly(r);
409 : return;
410 : }
411 54 : tevent_req_set_callback(subreq, smbXsrv_session_close_loop, client);
412 : }
413 :
414 54 : static void smbXsrv_session_close_shutdown_done(struct tevent_req *subreq)
415 : {
416 4 : struct smbXsrv_session *session =
417 54 : tevent_req_callback_data(subreq,
418 : struct smbXsrv_session);
419 4 : NTSTATUS status;
420 :
421 54 : status = smb2srv_session_shutdown_recv(subreq);
422 54 : TALLOC_FREE(subreq);
423 54 : if (!NT_STATUS_IS_OK(status)) {
424 0 : DBG_ERR("smbXsrv_session_close_loop: "
425 : "smb2srv_session_shutdown_recv(%llu) failed: %s\n",
426 : (unsigned long long)session->global->session_wire_id,
427 : nt_errstr(status));
428 : }
429 :
430 54 : status = smbXsrv_session_logoff(session);
431 54 : if (!NT_STATUS_IS_OK(status)) {
432 0 : DBG_ERR("smbXsrv_session_close_loop: "
433 : "smbXsrv_session_logoff(%llu) failed: %s\n",
434 : (unsigned long long)session->global->session_wire_id,
435 : nt_errstr(status));
436 : }
437 :
438 54 : TALLOC_FREE(session);
439 54 : }
440 :
441 : struct smb1srv_session_local_allocate_state {
442 : const uint32_t lowest_id;
443 : const uint32_t highest_id;
444 : uint32_t last_id;
445 : uint32_t useable_id;
446 : NTSTATUS status;
447 : };
448 :
449 0 : static int smb1srv_session_local_allocate_traverse(struct db_record *rec,
450 : void *private_data)
451 : {
452 0 : struct smb1srv_session_local_allocate_state *state =
453 : (struct smb1srv_session_local_allocate_state *)private_data;
454 0 : TDB_DATA key = dbwrap_record_get_key(rec);
455 0 : uint32_t id = 0;
456 0 : NTSTATUS status;
457 :
458 0 : status = smbXsrv_session_local_key_to_id(key, &id);
459 0 : if (!NT_STATUS_IS_OK(status)) {
460 0 : state->status = status;
461 0 : return -1;
462 : }
463 :
464 0 : if (id <= state->last_id) {
465 0 : state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
466 0 : return -1;
467 : }
468 0 : state->last_id = id;
469 :
470 0 : if (id > state->useable_id) {
471 0 : state->status = NT_STATUS_OK;
472 0 : return -1;
473 : }
474 :
475 0 : if (state->useable_id == state->highest_id) {
476 0 : state->status = NT_STATUS_INSUFFICIENT_RESOURCES;
477 0 : return -1;
478 : }
479 :
480 0 : state->useable_id +=1;
481 0 : return 0;
482 : }
483 :
484 8061 : static NTSTATUS smb1srv_session_local_allocate_id(struct db_context *db,
485 : uint32_t lowest_id,
486 : uint32_t highest_id,
487 : TALLOC_CTX *mem_ctx,
488 : struct db_record **_rec,
489 : uint32_t *_id)
490 : {
491 8061 : struct smb1srv_session_local_allocate_state state = {
492 : .lowest_id = lowest_id,
493 : .highest_id = highest_id,
494 : .last_id = 0,
495 : .useable_id = lowest_id,
496 : .status = NT_STATUS_INTERNAL_ERROR,
497 : };
498 133 : uint32_t i;
499 133 : uint32_t range;
500 133 : NTSTATUS status;
501 8061 : int count = 0;
502 :
503 8061 : *_rec = NULL;
504 8061 : *_id = 0;
505 :
506 8061 : if (lowest_id > highest_id) {
507 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
508 : }
509 :
510 : /*
511 : * first we try randomly
512 : */
513 8061 : range = (highest_id - lowest_id) + 1;
514 :
515 8061 : for (i = 0; i < (range / 2); i++) {
516 133 : uint32_t id;
517 133 : TDB_DATA val;
518 8061 : struct db_record *rec = NULL;
519 :
520 8061 : id = generate_random() % range;
521 8061 : id += lowest_id;
522 :
523 8061 : if (id < lowest_id) {
524 0 : id = lowest_id;
525 : }
526 8061 : if (id > highest_id) {
527 0 : id = highest_id;
528 : }
529 :
530 8061 : rec = smbXsrv_session_local_fetch_locked(db, id, mem_ctx);
531 8061 : if (rec == NULL) {
532 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
533 : }
534 :
535 8061 : val = dbwrap_record_get_value(rec);
536 8061 : if (val.dsize != 0) {
537 0 : TALLOC_FREE(rec);
538 0 : continue;
539 : }
540 :
541 8061 : *_rec = rec;
542 8061 : *_id = id;
543 8061 : return NT_STATUS_OK;
544 : }
545 :
546 : /*
547 : * if the range is almost full,
548 : * we traverse the whole table
549 : * (this relies on sorted behavior of dbwrap_rbt)
550 : */
551 0 : status = dbwrap_traverse_read(db, smb1srv_session_local_allocate_traverse,
552 : &state, &count);
553 0 : if (NT_STATUS_IS_OK(status)) {
554 0 : if (NT_STATUS_IS_OK(state.status)) {
555 0 : return NT_STATUS_INTERNAL_ERROR;
556 : }
557 :
558 0 : if (!NT_STATUS_EQUAL(state.status, NT_STATUS_INTERNAL_ERROR)) {
559 0 : return state.status;
560 : }
561 :
562 0 : if (state.useable_id <= state.highest_id) {
563 0 : state.status = NT_STATUS_OK;
564 : } else {
565 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
566 : }
567 0 : } else if (!NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION)) {
568 : /*
569 : * Here we really expect NT_STATUS_INTERNAL_DB_CORRUPTION!
570 : *
571 : * If we get anything else it is an error, because it
572 : * means we did not manage to find a free slot in
573 : * the db.
574 : */
575 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
576 : }
577 :
578 0 : if (NT_STATUS_IS_OK(state.status)) {
579 0 : uint32_t id;
580 0 : TDB_DATA val;
581 0 : struct db_record *rec = NULL;
582 :
583 0 : id = state.useable_id;
584 :
585 0 : rec = smbXsrv_session_local_fetch_locked(db, id, mem_ctx);
586 0 : if (rec == NULL) {
587 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
588 : }
589 :
590 0 : val = dbwrap_record_get_value(rec);
591 0 : if (val.dsize != 0) {
592 0 : TALLOC_FREE(rec);
593 0 : return NT_STATUS_INTERNAL_DB_CORRUPTION;
594 : }
595 :
596 0 : *_rec = rec;
597 0 : *_id = id;
598 0 : return NT_STATUS_OK;
599 : }
600 :
601 0 : return state.status;
602 : }
603 :
604 : struct smbXsrv_session_local_fetch_state {
605 : struct smbXsrv_session *session;
606 : NTSTATUS status;
607 : };
608 :
609 3943979 : static void smbXsrv_session_local_fetch_parser(TDB_DATA key, TDB_DATA data,
610 : void *private_data)
611 : {
612 3943979 : struct smbXsrv_session_local_fetch_state *state =
613 : (struct smbXsrv_session_local_fetch_state *)private_data;
614 35964 : void *ptr;
615 :
616 3943979 : if (data.dsize != sizeof(ptr)) {
617 0 : state->status = NT_STATUS_INTERNAL_DB_ERROR;
618 0 : return;
619 : }
620 :
621 3943979 : memcpy(&ptr, data.dptr, data.dsize);
622 3943979 : state->session = talloc_get_type_abort(ptr, struct smbXsrv_session);
623 3943979 : state->status = NT_STATUS_OK;
624 : }
625 :
626 2158478 : static NTSTATUS smbXsrv_session_local_lookup(struct smbXsrv_session_table *table,
627 : /* conn: optional */
628 : struct smbXsrv_connection *conn,
629 : uint32_t session_local_id,
630 : NTTIME now,
631 : struct smbXsrv_session **_session)
632 : {
633 2158478 : struct smbXsrv_session_local_fetch_state state = {
634 : .session = NULL,
635 : .status = NT_STATUS_INTERNAL_ERROR,
636 : };
637 20500 : uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
638 20500 : TDB_DATA key;
639 20500 : NTSTATUS status;
640 :
641 2158478 : *_session = NULL;
642 :
643 2158478 : if (session_local_id == 0) {
644 82886 : return NT_STATUS_USER_SESSION_DELETED;
645 : }
646 :
647 2075592 : if (table == NULL) {
648 : /* this might happen before the end of negprot */
649 0 : return NT_STATUS_USER_SESSION_DELETED;
650 : }
651 :
652 2075592 : if (table->local.db_ctx == NULL) {
653 0 : return NT_STATUS_INTERNAL_ERROR;
654 : }
655 :
656 2075592 : key = smbXsrv_session_local_id_to_key(session_local_id, key_buf);
657 :
658 2075592 : status = dbwrap_parse_record(table->local.db_ctx, key,
659 : smbXsrv_session_local_fetch_parser,
660 : &state);
661 2075592 : if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
662 1057 : return NT_STATUS_USER_SESSION_DELETED;
663 2074535 : } else if (!NT_STATUS_IS_OK(status)) {
664 0 : return status;
665 : }
666 2074535 : if (!NT_STATUS_IS_OK(state.status)) {
667 0 : return state.status;
668 : }
669 :
670 2074535 : if (NT_STATUS_EQUAL(state.session->status, NT_STATUS_USER_SESSION_DELETED)) {
671 0 : return NT_STATUS_USER_SESSION_DELETED;
672 : }
673 :
674 : /*
675 : * If a connection is specified check if the session is
676 : * valid on the channel.
677 : */
678 2074535 : if (conn != NULL) {
679 2053948 : struct smbXsrv_channel_global0 *c = NULL;
680 :
681 2053948 : status = smbXsrv_session_find_channel(state.session, conn, &c);
682 2053948 : if (!NT_STATUS_IS_OK(status)) {
683 140 : return status;
684 : }
685 : }
686 :
687 2074395 : state.session->idle_time = now;
688 :
689 2074395 : if (!NT_STATUS_IS_OK(state.session->status)) {
690 32931 : *_session = state.session;
691 32931 : return state.session->status;
692 : }
693 :
694 2041464 : if (now > state.session->global->expiration_time) {
695 49 : state.session->status = NT_STATUS_NETWORK_SESSION_EXPIRED;
696 : }
697 :
698 2041464 : *_session = state.session;
699 2041464 : return state.session->status;
700 : }
701 :
702 33077 : static int smbXsrv_session_global_destructor(struct smbXsrv_session_global0 *global)
703 : {
704 33077 : return 0;
705 : }
706 :
707 : static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
708 : bool *is_free,
709 : bool *was_free,
710 : TALLOC_CTX *mem_ctx,
711 : struct smbXsrv_session_global0 **_g,
712 : uint32_t *pseqnum);
713 :
714 33091 : static NTSTATUS smbXsrv_session_global_allocate(struct db_context *db,
715 : TALLOC_CTX *mem_ctx,
716 : struct smbXsrv_session_global0 **_global)
717 : {
718 760 : uint32_t i;
719 33091 : struct smbXsrv_session_global0 *global = NULL;
720 33091 : uint32_t last_free = 0;
721 33091 : const uint32_t min_tries = 3;
722 :
723 33091 : *_global = NULL;
724 :
725 33091 : global = talloc_zero(mem_ctx, struct smbXsrv_session_global0);
726 33091 : if (global == NULL) {
727 0 : return NT_STATUS_NO_MEMORY;
728 : }
729 33091 : talloc_set_destructor(global, smbXsrv_session_global_destructor);
730 :
731 : /*
732 : * Here we just randomly try the whole 32-bit space
733 : *
734 : * We use just 32-bit, because we want to reuse the
735 : * ID for SRVSVC.
736 : */
737 33851 : for (i = 0; i < UINT32_MAX; i++) {
738 33091 : bool is_free = false;
739 33091 : bool was_free = false;
740 760 : uint32_t id;
741 :
742 33091 : if (i >= min_tries && last_free != 0) {
743 0 : id = last_free;
744 : } else {
745 33091 : id = generate_random();
746 : }
747 33091 : if (id == 0) {
748 0 : id++;
749 : }
750 33091 : if (id == UINT32_MAX) {
751 0 : id--;
752 : }
753 :
754 33091 : global->db_rec = smbXsrv_session_global_fetch_locked(db, id,
755 : mem_ctx);
756 33091 : if (global->db_rec == NULL) {
757 0 : talloc_free(global);
758 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
759 : }
760 :
761 33091 : smbXsrv_session_global_verify_record(global->db_rec,
762 : &is_free,
763 : &was_free,
764 : NULL, NULL, NULL);
765 :
766 33091 : if (!is_free) {
767 0 : TALLOC_FREE(global->db_rec);
768 0 : continue;
769 : }
770 :
771 33091 : if (!was_free && i < min_tries) {
772 : /*
773 : * The session_id is free now,
774 : * but was not free before.
775 : *
776 : * This happens if a smbd crashed
777 : * and did not cleanup the record.
778 : *
779 : * If this is one of our first tries,
780 : * then we try to find a real free one.
781 : */
782 0 : if (last_free == 0) {
783 0 : last_free = id;
784 : }
785 0 : TALLOC_FREE(global->db_rec);
786 0 : continue;
787 : }
788 :
789 33091 : global->session_global_id = id;
790 :
791 33091 : *_global = global;
792 33091 : return NT_STATUS_OK;
793 : }
794 :
795 : /* should not be reached */
796 0 : talloc_free(global);
797 0 : return NT_STATUS_INTERNAL_ERROR;
798 : }
799 :
800 34416 : static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
801 : bool *is_free,
802 : bool *was_free,
803 : TALLOC_CTX *mem_ctx,
804 : struct smbXsrv_session_global0 **_g,
805 : uint32_t *pseqnum)
806 : {
807 973 : TDB_DATA key;
808 973 : TDB_DATA val;
809 973 : DATA_BLOB blob;
810 973 : struct smbXsrv_session_globalB global_blob;
811 973 : enum ndr_err_code ndr_err;
812 34416 : struct smbXsrv_session_global0 *global = NULL;
813 973 : bool exists;
814 34416 : TALLOC_CTX *frame = talloc_stackframe();
815 :
816 34416 : *is_free = false;
817 :
818 34416 : if (was_free) {
819 33091 : *was_free = false;
820 : }
821 34416 : if (_g) {
822 1325 : *_g = NULL;
823 : }
824 34416 : if (pseqnum) {
825 158 : *pseqnum = 0;
826 : }
827 :
828 34416 : key = dbwrap_record_get_key(db_rec);
829 :
830 34416 : val = dbwrap_record_get_value(db_rec);
831 34416 : if (val.dsize == 0) {
832 33203 : TALLOC_FREE(frame);
833 33203 : *is_free = true;
834 33203 : if (was_free) {
835 33091 : *was_free = true;
836 : }
837 33203 : return;
838 : }
839 :
840 1213 : blob = data_blob_const(val.dptr, val.dsize);
841 :
842 1213 : ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
843 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
844 1213 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
845 0 : NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
846 0 : DBG_WARNING("smbXsrv_session_global_verify_record: "
847 : "key '%s' ndr_pull_struct_blob - %s\n",
848 : tdb_data_dbg(key),
849 : nt_errstr(status));
850 0 : TALLOC_FREE(frame);
851 0 : *is_free = true;
852 0 : if (was_free) {
853 0 : *was_free = true;
854 : }
855 0 : return;
856 : }
857 :
858 1213 : DBG_DEBUG("smbXsrv_session_global_verify_record\n");
859 1213 : if (DEBUGLVL(DBGLVL_DEBUG)) {
860 0 : NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
861 : }
862 :
863 1213 : if (global_blob.version != SMBXSRV_VERSION_0) {
864 0 : DBG_ERR("smbXsrv_session_global_verify_record: "
865 : "key '%s' use unsupported version %u\n",
866 : tdb_data_dbg(key),
867 : global_blob.version);
868 0 : NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
869 0 : TALLOC_FREE(frame);
870 0 : *is_free = true;
871 0 : if (was_free) {
872 0 : *was_free = true;
873 : }
874 0 : return;
875 : }
876 :
877 1213 : global = global_blob.info.info0;
878 :
879 : #define __BLOB_KEEP_SECRET(__blob) do { \
880 : if ((__blob).length != 0) { \
881 : talloc_keep_secret((__blob).data); \
882 : } \
883 : } while(0)
884 : {
885 209 : uint32_t i;
886 1213 : __BLOB_KEEP_SECRET(global->application_key_blob);
887 1213 : __BLOB_KEEP_SECRET(global->signing_key_blob);
888 1213 : __BLOB_KEEP_SECRET(global->encryption_key_blob);
889 1213 : __BLOB_KEEP_SECRET(global->decryption_key_blob);
890 2434 : for (i = 0; i < global->num_channels; i++) {
891 1221 : __BLOB_KEEP_SECRET(global->channels[i].signing_key_blob);
892 : }
893 : }
894 : #undef __BLOB_KEEP_SECRET
895 :
896 1213 : exists = serverid_exists(&global->channels[0].server_id);
897 1213 : if (!exists) {
898 0 : struct server_id_buf idbuf;
899 0 : DBG_NOTICE("smbXsrv_session_global_verify_record: "
900 : "key '%s' server_id %s does not exist.\n",
901 : tdb_data_dbg(key),
902 : server_id_str_buf(global->channels[0].server_id,
903 : &idbuf));
904 0 : if (DEBUGLVL(DBGLVL_NOTICE)) {
905 0 : NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
906 : }
907 0 : TALLOC_FREE(frame);
908 0 : dbwrap_record_delete(db_rec);
909 0 : *is_free = true;
910 0 : return;
911 : }
912 :
913 1213 : if (_g) {
914 1213 : *_g = talloc_move(mem_ctx, &global);
915 : }
916 1213 : if (pseqnum) {
917 56 : *pseqnum = global_blob.seqnum;
918 : }
919 1213 : TALLOC_FREE(frame);
920 : }
921 :
922 164049 : static NTSTATUS smbXsrv_session_global_store(struct smbXsrv_session_global0 *global)
923 : {
924 3327 : struct smbXsrv_session_globalB global_blob;
925 164049 : DATA_BLOB blob = data_blob_null;
926 3327 : TDB_DATA key;
927 3327 : TDB_DATA val;
928 3327 : NTSTATUS status;
929 3327 : enum ndr_err_code ndr_err;
930 :
931 : /*
932 : * TODO: if we use other versions than '0'
933 : * we would add glue code here, that would be able to
934 : * store the information in the old format.
935 : */
936 :
937 164049 : if (global->db_rec == NULL) {
938 0 : return NT_STATUS_INTERNAL_ERROR;
939 : }
940 :
941 164049 : key = dbwrap_record_get_key(global->db_rec);
942 164049 : val = dbwrap_record_get_value(global->db_rec);
943 :
944 164049 : ZERO_STRUCT(global_blob);
945 164049 : global_blob.version = smbXsrv_version_global_current();
946 164049 : if (val.dsize >= 8) {
947 130958 : global_blob.seqnum = IVAL(val.dptr, 4);
948 : }
949 164049 : global_blob.seqnum += 1;
950 164049 : global_blob.info.info0 = global;
951 :
952 164049 : ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
953 : (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_globalB);
954 164049 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
955 0 : status = ndr_map_error2ntstatus(ndr_err);
956 0 : DBG_WARNING("smbXsrv_session_global_store: key '%s' ndr_push - %s\n",
957 : tdb_data_dbg(key),
958 : nt_errstr(status));
959 0 : TALLOC_FREE(global->db_rec);
960 0 : return status;
961 : }
962 :
963 164049 : val = make_tdb_data(blob.data, blob.length);
964 164049 : status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
965 164049 : if (!NT_STATUS_IS_OK(status)) {
966 0 : DBG_WARNING("smbXsrv_session_global_store: key '%s' store - %s\n",
967 : tdb_data_dbg(key),
968 : nt_errstr(status));
969 0 : TALLOC_FREE(global->db_rec);
970 0 : return status;
971 : }
972 :
973 164049 : if (DEBUGLVL(DBGLVL_DEBUG)) {
974 0 : DBG_DEBUG("smbXsrv_session_global_store: key '%s' stored\n",
975 : tdb_data_dbg(key));
976 0 : NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
977 : }
978 :
979 164049 : TALLOC_FREE(global->db_rec);
980 :
981 164049 : return NT_STATUS_OK;
982 : }
983 :
984 : struct smb2srv_session_close_previous_state {
985 : struct tevent_context *ev;
986 : struct smbXsrv_connection *connection;
987 : struct dom_sid *current_sid;
988 : uint64_t previous_session_id;
989 : uint64_t current_session_id;
990 : struct db_record *db_rec;
991 : uint64_t watch_instance;
992 : uint32_t last_seqnum;
993 : };
994 :
995 204 : static void smb2srv_session_close_previous_cleanup(struct tevent_req *req,
996 : enum tevent_req_state req_state)
997 : {
998 8 : struct smb2srv_session_close_previous_state *state =
999 204 : tevent_req_data(req,
1000 : struct smb2srv_session_close_previous_state);
1001 :
1002 204 : if (state->db_rec != NULL) {
1003 102 : dbwrap_watched_watch_remove_instance(state->db_rec,
1004 : state->watch_instance);
1005 102 : state->watch_instance = 0;
1006 102 : TALLOC_FREE(state->db_rec);
1007 : }
1008 204 : }
1009 :
1010 : static void smb2srv_session_close_previous_check(struct tevent_req *req);
1011 : static void smb2srv_session_close_previous_modified(struct tevent_req *subreq);
1012 :
1013 102 : struct tevent_req *smb2srv_session_close_previous_send(TALLOC_CTX *mem_ctx,
1014 : struct tevent_context *ev,
1015 : struct smbXsrv_connection *conn,
1016 : struct auth_session_info *session_info,
1017 : uint64_t previous_session_id,
1018 : uint64_t current_session_id)
1019 : {
1020 4 : struct tevent_req *req;
1021 4 : struct smb2srv_session_close_previous_state *state;
1022 102 : uint32_t global_id = previous_session_id & UINT32_MAX;
1023 102 : uint64_t global_zeros = previous_session_id & 0xFFFFFFFF00000000LLU;
1024 102 : struct smbXsrv_session_table *table = conn->client->session_table;
1025 102 : struct security_token *current_token = NULL;
1026 :
1027 102 : req = tevent_req_create(mem_ctx, &state,
1028 : struct smb2srv_session_close_previous_state);
1029 102 : if (req == NULL) {
1030 0 : return NULL;
1031 : }
1032 102 : state->ev = ev;
1033 102 : state->connection = conn;
1034 102 : state->previous_session_id = previous_session_id;
1035 102 : state->current_session_id = current_session_id;
1036 :
1037 102 : tevent_req_set_cleanup_fn(req, smb2srv_session_close_previous_cleanup);
1038 :
1039 102 : if (global_zeros != 0) {
1040 0 : tevent_req_done(req);
1041 0 : return tevent_req_post(req, ev);
1042 : }
1043 :
1044 102 : if (session_info == NULL) {
1045 0 : tevent_req_done(req);
1046 0 : return tevent_req_post(req, ev);
1047 : }
1048 102 : current_token = session_info->security_token;
1049 :
1050 102 : if (current_token->num_sids > PRIMARY_USER_SID_INDEX) {
1051 102 : state->current_sid = ¤t_token->sids[PRIMARY_USER_SID_INDEX];
1052 : }
1053 :
1054 102 : if (state->current_sid == NULL) {
1055 0 : tevent_req_done(req);
1056 0 : return tevent_req_post(req, ev);
1057 : }
1058 :
1059 102 : if (!security_token_has_nt_authenticated_users(current_token)) {
1060 : /* TODO */
1061 0 : tevent_req_done(req);
1062 0 : return tevent_req_post(req, ev);
1063 : }
1064 :
1065 102 : state->db_rec = smbXsrv_session_global_fetch_locked(
1066 : table->global.db_ctx,
1067 : global_id,
1068 : state /* TALLOC_CTX */);
1069 102 : if (state->db_rec == NULL) {
1070 0 : tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
1071 0 : return tevent_req_post(req, ev);
1072 : }
1073 :
1074 102 : smb2srv_session_close_previous_check(req);
1075 102 : if (!tevent_req_is_in_progress(req)) {
1076 46 : return tevent_req_post(req, ev);
1077 : }
1078 :
1079 52 : return req;
1080 : }
1081 :
1082 158 : static void smb2srv_session_close_previous_check(struct tevent_req *req)
1083 : {
1084 8 : struct smb2srv_session_close_previous_state *state =
1085 158 : tevent_req_data(req,
1086 : struct smb2srv_session_close_previous_state);
1087 158 : struct smbXsrv_connection *conn = state->connection;
1088 8 : DATA_BLOB blob;
1089 158 : struct security_token *previous_token = NULL;
1090 158 : struct smbXsrv_session_global0 *global = NULL;
1091 8 : enum ndr_err_code ndr_err;
1092 8 : struct smbXsrv_session_close0 close_info0;
1093 8 : struct smbXsrv_session_closeB close_blob;
1094 158 : struct tevent_req *subreq = NULL;
1095 8 : NTSTATUS status;
1096 158 : bool is_free = false;
1097 158 : uint32_t seqnum = 0;
1098 :
1099 158 : smbXsrv_session_global_verify_record(state->db_rec,
1100 : &is_free,
1101 : NULL,
1102 : state,
1103 : &global,
1104 : &seqnum);
1105 :
1106 158 : if (is_free) {
1107 102 : tevent_req_done(req);
1108 102 : return;
1109 : }
1110 :
1111 56 : if (global->auth_session_info == NULL) {
1112 0 : tevent_req_done(req);
1113 0 : return;
1114 : }
1115 :
1116 56 : previous_token = global->auth_session_info->security_token;
1117 :
1118 56 : if (!security_token_is_sid(previous_token, state->current_sid)) {
1119 0 : tevent_req_done(req);
1120 0 : return;
1121 : }
1122 :
1123 : /*
1124 : * If the record changed, but we are not happy with the change yet,
1125 : * we better remove ourself from the waiter list
1126 : * (most likely the first position)
1127 : * and re-add us at the end of the list.
1128 : *
1129 : * This gives other waiters a change
1130 : * to make progress.
1131 : *
1132 : * Otherwise we'll keep our waiter instance alive,
1133 : * keep waiting (most likely at first position).
1134 : * It means the order of watchers stays fair.
1135 : */
1136 56 : if (state->last_seqnum != seqnum) {
1137 56 : state->last_seqnum = seqnum;
1138 56 : dbwrap_watched_watch_remove_instance(state->db_rec,
1139 : state->watch_instance);
1140 56 : state->watch_instance =
1141 56 : dbwrap_watched_watch_add_instance(state->db_rec);
1142 : }
1143 :
1144 60 : subreq = dbwrap_watched_watch_send(state, state->ev, state->db_rec,
1145 : state->watch_instance,
1146 56 : (struct server_id){0});
1147 56 : if (tevent_req_nomem(subreq, req)) {
1148 0 : return;
1149 : }
1150 56 : tevent_req_set_callback(subreq,
1151 : smb2srv_session_close_previous_modified,
1152 : req);
1153 :
1154 56 : close_info0.old_session_global_id = global->session_global_id;
1155 56 : close_info0.old_session_wire_id = global->session_wire_id;
1156 56 : close_info0.old_creation_time = global->creation_time;
1157 56 : close_info0.new_session_wire_id = state->current_session_id;
1158 :
1159 56 : ZERO_STRUCT(close_blob);
1160 56 : close_blob.version = smbXsrv_version_global_current();
1161 56 : close_blob.info.info0 = &close_info0;
1162 :
1163 56 : ndr_err = ndr_push_struct_blob(&blob, state, &close_blob,
1164 : (ndr_push_flags_fn_t)ndr_push_smbXsrv_session_closeB);
1165 56 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1166 0 : status = ndr_map_error2ntstatus(ndr_err);
1167 0 : DBG_WARNING("smb2srv_session_close_previous_check: "
1168 : "old_session[%llu] new_session[%llu] ndr_push - %s\n",
1169 : (unsigned long long)close_info0.old_session_wire_id,
1170 : (unsigned long long)close_info0.new_session_wire_id,
1171 : nt_errstr(status));
1172 0 : tevent_req_nterror(req, status);
1173 0 : return;
1174 : }
1175 :
1176 56 : status = messaging_send(conn->client->msg_ctx,
1177 56 : global->channels[0].server_id,
1178 : MSG_SMBXSRV_SESSION_CLOSE, &blob);
1179 56 : TALLOC_FREE(global);
1180 56 : if (tevent_req_nterror(req, status)) {
1181 0 : return;
1182 : }
1183 :
1184 56 : TALLOC_FREE(state->db_rec);
1185 52 : return;
1186 : }
1187 :
1188 56 : static void smb2srv_session_close_previous_modified(struct tevent_req *subreq)
1189 : {
1190 4 : struct tevent_req *req =
1191 56 : tevent_req_callback_data(subreq,
1192 : struct tevent_req);
1193 4 : struct smb2srv_session_close_previous_state *state =
1194 56 : tevent_req_data(req,
1195 : struct smb2srv_session_close_previous_state);
1196 4 : uint32_t global_id;
1197 4 : NTSTATUS status;
1198 56 : uint64_t instance = 0;
1199 :
1200 56 : status = dbwrap_watched_watch_recv(subreq, &instance, NULL, NULL);
1201 56 : TALLOC_FREE(subreq);
1202 56 : if (tevent_req_nterror(req, status)) {
1203 0 : return;
1204 : }
1205 :
1206 56 : state->watch_instance = instance;
1207 :
1208 56 : global_id = state->previous_session_id & UINT32_MAX;
1209 :
1210 112 : state->db_rec = smbXsrv_session_global_fetch_locked(
1211 56 : state->connection->client->session_table->global.db_ctx,
1212 : global_id, state /* TALLOC_CTX */);
1213 56 : if (state->db_rec == NULL) {
1214 0 : tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
1215 0 : return;
1216 : }
1217 :
1218 56 : smb2srv_session_close_previous_check(req);
1219 : }
1220 :
1221 102 : NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
1222 : {
1223 4 : NTSTATUS status;
1224 :
1225 102 : if (tevent_req_is_nterror(req, &status)) {
1226 0 : tevent_req_received(req);
1227 0 : return status;
1228 : }
1229 :
1230 102 : tevent_req_received(req);
1231 102 : return NT_STATUS_OK;
1232 : }
1233 :
1234 61637 : static NTSTATUS smbXsrv_session_clear_and_logoff(struct smbXsrv_session *session)
1235 : {
1236 1499 : NTSTATUS status;
1237 61637 : struct smbXsrv_connection *xconn = NULL;
1238 :
1239 61637 : if (session->client != NULL) {
1240 32808 : xconn = session->client->connections;
1241 : }
1242 :
1243 94497 : for (; xconn != NULL; xconn = xconn->next) {
1244 750 : struct smbd_smb2_request *preq;
1245 :
1246 32916 : for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
1247 56 : if (preq->session != session) {
1248 0 : continue;
1249 : }
1250 :
1251 56 : preq->session = NULL;
1252 : /*
1253 : * If we no longer have a session we can't
1254 : * sign or encrypt replies.
1255 : */
1256 56 : preq->do_signing = false;
1257 56 : preq->do_encryption = false;
1258 56 : preq->preauth = NULL;
1259 : }
1260 : }
1261 :
1262 61637 : status = smbXsrv_session_logoff(session);
1263 61637 : return status;
1264 : }
1265 :
1266 33077 : static int smbXsrv_session_destructor(struct smbXsrv_session *session)
1267 : {
1268 760 : NTSTATUS status;
1269 :
1270 33077 : DBG_DEBUG("destructing session(%llu)\n",
1271 : (unsigned long long)session->global->session_wire_id);
1272 :
1273 33077 : status = smbXsrv_session_clear_and_logoff(session);
1274 33077 : if (!NT_STATUS_IS_OK(status)) {
1275 0 : DBG_ERR("smbXsrv_session_destructor: "
1276 : "smbXsrv_session_logoff() failed: %s\n",
1277 : nt_errstr(status));
1278 : }
1279 :
1280 33077 : TALLOC_FREE(session->global);
1281 :
1282 33077 : return 0;
1283 : }
1284 :
1285 33091 : NTSTATUS smbXsrv_session_create(struct smbXsrv_connection *conn,
1286 : NTTIME now,
1287 : struct smbXsrv_session **_session)
1288 : {
1289 33091 : struct smbXsrv_session_table *table = conn->client->session_table;
1290 33091 : struct db_record *local_rec = NULL;
1291 33091 : struct smbXsrv_session *session = NULL;
1292 33091 : void *ptr = NULL;
1293 760 : TDB_DATA val;
1294 33091 : struct smbXsrv_session_global0 *global = NULL;
1295 33091 : struct smbXsrv_channel_global0 *channel = NULL;
1296 760 : NTSTATUS status;
1297 :
1298 33091 : if (table->local.num_sessions >= table->local.max_sessions) {
1299 0 : return NT_STATUS_INSUFFICIENT_RESOURCES;
1300 : }
1301 :
1302 33091 : session = talloc_zero(table, struct smbXsrv_session);
1303 33091 : if (session == NULL) {
1304 0 : return NT_STATUS_NO_MEMORY;
1305 : }
1306 33091 : session->table = table;
1307 33091 : session->idle_time = now;
1308 33091 : session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1309 33091 : session->client = conn->client;
1310 33091 : session->homes_snum = -1;
1311 :
1312 33091 : status = smbXsrv_session_global_allocate(table->global.db_ctx,
1313 : session,
1314 : &global);
1315 33091 : if (!NT_STATUS_IS_OK(status)) {
1316 0 : TALLOC_FREE(session);
1317 0 : return status;
1318 : }
1319 33091 : session->global = global;
1320 :
1321 33091 : if (conn->protocol >= PROTOCOL_SMB2_02) {
1322 25030 : uint64_t id = global->session_global_id;
1323 :
1324 25030 : global->connection_dialect = conn->smb2.server.dialect;
1325 25030 : global->client_guid = conn->smb2.client.guid;
1326 :
1327 25030 : global->session_wire_id = id;
1328 :
1329 25030 : status = smb2srv_tcon_table_init(session);
1330 25030 : if (!NT_STATUS_IS_OK(status)) {
1331 0 : TALLOC_FREE(session);
1332 0 : return status;
1333 : }
1334 :
1335 25030 : session->local_id = global->session_global_id;
1336 :
1337 25030 : local_rec = smbXsrv_session_local_fetch_locked(
1338 : table->local.db_ctx,
1339 : session->local_id,
1340 : session /* TALLOC_CTX */);
1341 25030 : if (local_rec == NULL) {
1342 0 : TALLOC_FREE(session);
1343 0 : return NT_STATUS_NO_MEMORY;
1344 : }
1345 :
1346 25030 : val = dbwrap_record_get_value(local_rec);
1347 25030 : if (val.dsize != 0) {
1348 0 : TALLOC_FREE(session);
1349 0 : return NT_STATUS_INTERNAL_DB_CORRUPTION;
1350 : }
1351 : } else {
1352 :
1353 8061 : status = smb1srv_session_local_allocate_id(table->local.db_ctx,
1354 : table->local.lowest_id,
1355 : table->local.highest_id,
1356 : session,
1357 : &local_rec,
1358 : &session->local_id);
1359 8061 : if (!NT_STATUS_IS_OK(status)) {
1360 0 : TALLOC_FREE(session);
1361 0 : return status;
1362 : }
1363 :
1364 8061 : global->session_wire_id = session->local_id;
1365 : }
1366 :
1367 33091 : global->creation_time = now;
1368 33091 : global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
1369 :
1370 33091 : status = smbXsrv_session_add_channel(session, conn, now, &channel);
1371 33091 : if (!NT_STATUS_IS_OK(status)) {
1372 0 : TALLOC_FREE(session);
1373 0 : return status;
1374 : }
1375 :
1376 33091 : ptr = session;
1377 33091 : val = make_tdb_data((uint8_t const *)&ptr, sizeof(ptr));
1378 33091 : status = dbwrap_record_store(local_rec, val, TDB_REPLACE);
1379 33091 : TALLOC_FREE(local_rec);
1380 33091 : if (!NT_STATUS_IS_OK(status)) {
1381 0 : TALLOC_FREE(session);
1382 0 : return status;
1383 : }
1384 33091 : table->local.num_sessions += 1;
1385 :
1386 33091 : talloc_set_destructor(session, smbXsrv_session_destructor);
1387 :
1388 33091 : status = smbXsrv_session_global_store(global);
1389 33091 : if (!NT_STATUS_IS_OK(status)) {
1390 0 : DBG_ERR("smbXsrv_session_create: "
1391 : "global_id (0x%08x) store failed - %s\n",
1392 : session->global->session_global_id,
1393 : nt_errstr(status));
1394 0 : TALLOC_FREE(session);
1395 0 : return status;
1396 : }
1397 :
1398 33091 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1399 0 : struct smbXsrv_sessionB session_blob = {
1400 : .version = SMBXSRV_VERSION_0,
1401 : .info.info0 = session,
1402 : };
1403 :
1404 0 : DBG_DEBUG("smbXsrv_session_create: global_id (0x%08x) stored\n",
1405 : session->global->session_global_id);
1406 0 : NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1407 : }
1408 :
1409 33091 : *_session = session;
1410 33091 : return NT_STATUS_OK;
1411 : }
1412 :
1413 34001 : NTSTATUS smbXsrv_session_add_channel(struct smbXsrv_session *session,
1414 : struct smbXsrv_connection *conn,
1415 : NTTIME now,
1416 : struct smbXsrv_channel_global0 **_c)
1417 : {
1418 34001 : struct smbXsrv_session_global0 *global = session->global;
1419 34001 : struct smbXsrv_channel_global0 *c = NULL;
1420 :
1421 34001 : if (global->num_channels > 31) {
1422 : /*
1423 : * Windows allow up to 32 channels
1424 : */
1425 4 : return NT_STATUS_INSUFFICIENT_RESOURCES;
1426 : }
1427 :
1428 33997 : c = talloc_realloc(global,
1429 : global->channels,
1430 : struct smbXsrv_channel_global0,
1431 : global->num_channels + 1);
1432 33997 : if (c == NULL) {
1433 0 : return NT_STATUS_NO_MEMORY;
1434 : }
1435 33997 : global->channels = c;
1436 :
1437 33997 : c = &global->channels[global->num_channels];
1438 33997 : ZERO_STRUCTP(c);
1439 :
1440 33997 : c->server_id = messaging_server_id(conn->client->msg_ctx);
1441 33997 : c->channel_id = conn->channel_id;
1442 33997 : c->creation_time = now;
1443 67994 : c->local_address = tsocket_address_string(conn->local_address,
1444 33997 : global->channels);
1445 33997 : if (c->local_address == NULL) {
1446 0 : return NT_STATUS_NO_MEMORY;
1447 : }
1448 67994 : c->remote_address = tsocket_address_string(conn->remote_address,
1449 33997 : global->channels);
1450 33997 : if (c->remote_address == NULL) {
1451 0 : return NT_STATUS_NO_MEMORY;
1452 : }
1453 33997 : c->remote_name = talloc_strdup(global->channels,
1454 : conn->remote_hostname);
1455 33997 : if (c->remote_name == NULL) {
1456 0 : return NT_STATUS_NO_MEMORY;
1457 : }
1458 33997 : c->connection = conn;
1459 :
1460 33997 : global->num_channels += 1;
1461 :
1462 33997 : *_c = c;
1463 33997 : return NT_STATUS_OK;
1464 : }
1465 :
1466 130958 : NTSTATUS smbXsrv_session_update(struct smbXsrv_session *session)
1467 : {
1468 130958 : struct smbXsrv_session_table *table = session->table;
1469 2567 : NTSTATUS status;
1470 :
1471 130958 : if (session->global->db_rec != NULL) {
1472 0 : DBG_ERR("smbXsrv_session_update(0x%08x): "
1473 : "Called with db_rec != NULL'\n",
1474 : session->global->session_global_id);
1475 0 : return NT_STATUS_INTERNAL_ERROR;
1476 : }
1477 :
1478 130958 : if (table == NULL) {
1479 0 : DBG_ERR("smbXsrv_session_update(0x%08x): "
1480 : "Called with table == NULL'\n",
1481 : session->global->session_global_id);
1482 0 : return NT_STATUS_INTERNAL_ERROR;
1483 : }
1484 :
1485 259349 : session->global->db_rec = smbXsrv_session_global_fetch_locked(
1486 : table->global.db_ctx,
1487 128391 : session->global->session_global_id,
1488 128391 : session->global /* TALLOC_CTX */);
1489 130958 : if (session->global->db_rec == NULL) {
1490 0 : return NT_STATUS_INTERNAL_DB_ERROR;
1491 : }
1492 :
1493 130958 : status = smbXsrv_session_global_store(session->global);
1494 130958 : if (!NT_STATUS_IS_OK(status)) {
1495 0 : DBG_ERR("smbXsrv_session_update: "
1496 : "global_id (0x%08x) store failed - %s\n",
1497 : session->global->session_global_id,
1498 : nt_errstr(status));
1499 0 : return status;
1500 : }
1501 :
1502 130958 : if (DEBUGLVL(DBGLVL_DEBUG)) {
1503 0 : struct smbXsrv_sessionB session_blob = {
1504 : .version = SMBXSRV_VERSION_0,
1505 : .info.info0 = session,
1506 : };
1507 :
1508 0 : DBG_DEBUG("smbXsrv_session_update: global_id (0x%08x) stored\n",
1509 : session->global->session_global_id);
1510 0 : NDR_PRINT_DEBUG(smbXsrv_sessionB, &session_blob);
1511 : }
1512 :
1513 130958 : return NT_STATUS_OK;
1514 : }
1515 :
1516 3533201 : NTSTATUS smbXsrv_session_find_channel(const struct smbXsrv_session *session,
1517 : const struct smbXsrv_connection *conn,
1518 : struct smbXsrv_channel_global0 **_c)
1519 : {
1520 38432 : uint32_t i;
1521 :
1522 3612575 : for (i=0; i < session->global->num_channels; i++) {
1523 3606499 : struct smbXsrv_channel_global0 *c = &session->global->channels[i];
1524 :
1525 3606499 : if (c->channel_id != conn->channel_id) {
1526 79374 : continue;
1527 : }
1528 :
1529 3527125 : if (c->connection != conn) {
1530 0 : continue;
1531 : }
1532 :
1533 3527125 : *_c = c;
1534 3527125 : return NT_STATUS_OK;
1535 : }
1536 :
1537 6076 : return NT_STATUS_USER_SESSION_DELETED;
1538 : }
1539 :
1540 96094 : NTSTATUS smbXsrv_session_find_auth(const struct smbXsrv_session *session,
1541 : const struct smbXsrv_connection *conn,
1542 : NTTIME now,
1543 : struct smbXsrv_session_auth0 **_a)
1544 : {
1545 1980 : struct smbXsrv_session_auth0 *a;
1546 :
1547 96094 : for (a = session->pending_auth; a != NULL; a = a->next) {
1548 25866 : if (a->channel_id != conn->channel_id) {
1549 0 : continue;
1550 : }
1551 :
1552 25866 : if (a->connection == conn) {
1553 25866 : if (now != 0) {
1554 25848 : a->idle_time = now;
1555 : }
1556 25866 : *_a = a;
1557 25866 : return NT_STATUS_OK;
1558 : }
1559 : }
1560 :
1561 70228 : return NT_STATUS_USER_SESSION_DELETED;
1562 : }
1563 :
1564 34116 : static int smbXsrv_session_auth0_destructor(struct smbXsrv_session_auth0 *a)
1565 : {
1566 34116 : if (a->session == NULL) {
1567 14 : return 0;
1568 : }
1569 :
1570 34098 : DLIST_REMOVE(a->session->pending_auth, a);
1571 34098 : a->session = NULL;
1572 34098 : return 0;
1573 : }
1574 :
1575 34110 : NTSTATUS smbXsrv_session_create_auth(struct smbXsrv_session *session,
1576 : struct smbXsrv_connection *conn,
1577 : NTTIME now,
1578 : uint8_t in_flags,
1579 : uint8_t in_security_mode,
1580 : struct smbXsrv_session_auth0 **_a)
1581 : {
1582 811 : struct smbXsrv_session_auth0 *a;
1583 811 : NTSTATUS status;
1584 :
1585 34110 : status = smbXsrv_session_find_auth(session, conn, 0, &a);
1586 34110 : if (NT_STATUS_IS_OK(status)) {
1587 0 : return NT_STATUS_INTERNAL_ERROR;
1588 : }
1589 :
1590 34110 : a = talloc_zero(session, struct smbXsrv_session_auth0);
1591 34110 : if (a == NULL) {
1592 0 : return NT_STATUS_NO_MEMORY;
1593 : }
1594 34110 : a->session = session;
1595 34110 : a->connection = conn;
1596 34110 : a->in_flags = in_flags;
1597 34110 : a->in_security_mode = in_security_mode;
1598 34110 : a->creation_time = now;
1599 34110 : a->idle_time = now;
1600 34110 : a->channel_id = conn->channel_id;
1601 :
1602 34110 : if (conn->protocol >= PROTOCOL_SMB3_11) {
1603 23555 : a->preauth = talloc(a, struct smbXsrv_preauth);
1604 23555 : if (a->preauth == NULL) {
1605 0 : TALLOC_FREE(session);
1606 0 : return NT_STATUS_NO_MEMORY;
1607 : }
1608 23555 : *a->preauth = conn->smb2.preauth;
1609 : }
1610 :
1611 34110 : talloc_set_destructor(a, smbXsrv_session_auth0_destructor);
1612 34110 : DLIST_ADD_END(session->pending_auth, a);
1613 :
1614 34110 : *_a = a;
1615 34110 : return NT_STATUS_OK;
1616 : }
1617 :
1618 : static void smbXsrv_session_remove_channel_done(struct tevent_req *subreq);
1619 :
1620 2026 : NTSTATUS smbXsrv_session_remove_channel(struct smbXsrv_session *session,
1621 : struct smbXsrv_connection *xconn)
1622 : {
1623 2026 : struct smbXsrv_session_auth0 *a = NULL;
1624 2026 : struct smbXsrv_channel_global0 *c = NULL;
1625 210 : NTSTATUS status;
1626 2026 : bool need_update = false;
1627 :
1628 2026 : status = smbXsrv_session_find_auth(session, xconn, 0, &a);
1629 2026 : if (!NT_STATUS_IS_OK(status)) {
1630 2008 : a = NULL;
1631 : }
1632 2026 : status = smbXsrv_session_find_channel(session, xconn, &c);
1633 2026 : if (!NT_STATUS_IS_OK(status)) {
1634 1086 : c = NULL;
1635 : }
1636 :
1637 2026 : if (a != NULL) {
1638 18 : smbXsrv_session_auth0_destructor(a);
1639 18 : a->connection = NULL;
1640 18 : need_update = true;
1641 : }
1642 :
1643 2026 : if (c != NULL) {
1644 940 : struct smbXsrv_session_global0 *global = session->global;
1645 24 : ptrdiff_t n;
1646 :
1647 940 : n = (c - global->channels);
1648 940 : if (n >= global->num_channels || n < 0) {
1649 0 : return NT_STATUS_INTERNAL_ERROR;
1650 : }
1651 940 : ARRAY_DEL_ELEMENT(global->channels, n, global->num_channels);
1652 940 : global->num_channels--;
1653 940 : if (global->num_channels == 0) {
1654 44 : struct smbXsrv_client *client = session->client;
1655 44 : struct tevent_queue *xconn_wait_queue =
1656 : xconn->transport.shutdown_wait_queue;
1657 44 : struct tevent_req *subreq = NULL;
1658 :
1659 : /*
1660 : * Let the connection wait until the session is
1661 : * destroyed.
1662 : *
1663 : * We don't set a callback, as we just want to block the
1664 : * wait queue and the talloc_free() of the session will
1665 : * remove the item from the wait queue in order
1666 : * to remove allow the connection to disappear.
1667 : */
1668 44 : if (xconn_wait_queue != NULL) {
1669 44 : subreq = tevent_queue_wait_send(session,
1670 : client->raw_ev_ctx,
1671 : xconn_wait_queue);
1672 44 : if (subreq == NULL) {
1673 0 : status = NT_STATUS_NO_MEMORY;
1674 0 : DBG_ERR("tevent_queue_wait_send() session(%llu) failed: %s\n",
1675 : (unsigned long long)session->global->session_wire_id,
1676 : nt_errstr(status));
1677 0 : return status;
1678 : }
1679 : }
1680 :
1681 : /*
1682 : * This is guaranteed to set
1683 : * session->status = NT_STATUS_USER_SESSION_DELETED
1684 : * even if NULL is returned.
1685 : */
1686 44 : subreq = smb2srv_session_shutdown_send(session,
1687 : client->raw_ev_ctx,
1688 : session,
1689 : NULL);
1690 44 : if (subreq == NULL) {
1691 0 : status = NT_STATUS_NO_MEMORY;
1692 0 : DBG_ERR("smb2srv_session_shutdown_send(%llu) failed: %s\n",
1693 : (unsigned long long)session->global->session_wire_id,
1694 : nt_errstr(status));
1695 0 : return status;
1696 : }
1697 44 : tevent_req_set_callback(subreq,
1698 : smbXsrv_session_remove_channel_done,
1699 : session);
1700 : }
1701 916 : need_update = true;
1702 : }
1703 :
1704 2002 : if (!need_update) {
1705 1086 : return NT_STATUS_OK;
1706 : }
1707 :
1708 940 : return smbXsrv_session_update(session);
1709 : }
1710 :
1711 44 : static void smbXsrv_session_remove_channel_done(struct tevent_req *subreq)
1712 : {
1713 4 : struct smbXsrv_session *session =
1714 44 : tevent_req_callback_data(subreq,
1715 : struct smbXsrv_session);
1716 4 : NTSTATUS status;
1717 :
1718 44 : status = smb2srv_session_shutdown_recv(subreq);
1719 44 : TALLOC_FREE(subreq);
1720 44 : if (!NT_STATUS_IS_OK(status)) {
1721 0 : DBG_ERR("smb2srv_session_shutdown_recv(%llu) failed: %s\n",
1722 : (unsigned long long)session->global->session_wire_id,
1723 : nt_errstr(status));
1724 : }
1725 :
1726 44 : status = smbXsrv_session_logoff(session);
1727 44 : if (!NT_STATUS_IS_OK(status)) {
1728 0 : DBG_ERR("smbXsrv_session_logoff(%llu) failed: %s\n",
1729 : (unsigned long long)session->global->session_wire_id,
1730 : nt_errstr(status));
1731 : }
1732 :
1733 44 : TALLOC_FREE(session);
1734 44 : }
1735 :
1736 : struct smb2srv_session_shutdown_state {
1737 : struct tevent_queue *wait_queue;
1738 : };
1739 :
1740 : static void smb2srv_session_shutdown_wait_done(struct tevent_req *subreq);
1741 :
1742 2043 : struct tevent_req *smb2srv_session_shutdown_send(TALLOC_CTX *mem_ctx,
1743 : struct tevent_context *ev,
1744 : struct smbXsrv_session *session,
1745 : struct smbd_smb2_request *current_req)
1746 : {
1747 21 : struct tevent_req *req;
1748 21 : struct smb2srv_session_shutdown_state *state;
1749 21 : struct tevent_req *subreq;
1750 2043 : struct smbXsrv_connection *xconn = NULL;
1751 2043 : size_t len = 0;
1752 :
1753 : /*
1754 : * Make sure that no new request will be able to use this session.
1755 : */
1756 2043 : session->status = NT_STATUS_USER_SESSION_DELETED;
1757 :
1758 2043 : req = tevent_req_create(mem_ctx, &state,
1759 : struct smb2srv_session_shutdown_state);
1760 2043 : if (req == NULL) {
1761 0 : return NULL;
1762 : }
1763 :
1764 2043 : state->wait_queue = tevent_queue_create(state, "smb2srv_session_shutdown_queue");
1765 2043 : if (tevent_req_nomem(state->wait_queue, req)) {
1766 0 : return tevent_req_post(req, ev);
1767 : }
1768 :
1769 4176 : for (xconn = session->client->connections; xconn != NULL; xconn = xconn->next) {
1770 33 : struct smbd_smb2_request *preq;
1771 :
1772 4116 : for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
1773 1983 : if (preq == current_req) {
1774 : /* Can't cancel current request. */
1775 1945 : continue;
1776 : }
1777 38 : if (preq->session != session) {
1778 : /* Request on different session. */
1779 26 : continue;
1780 : }
1781 :
1782 12 : if (preq->subreq != NULL) {
1783 12 : tevent_req_cancel(preq->subreq);
1784 : }
1785 :
1786 : /*
1787 : * Now wait until the request is finished.
1788 : *
1789 : * We don't set a callback, as we just want to block the
1790 : * wait queue and the talloc_free() of the request will
1791 : * remove the item from the wait queue.
1792 : */
1793 12 : subreq = tevent_queue_wait_send(preq, ev, state->wait_queue);
1794 12 : if (tevent_req_nomem(subreq, req)) {
1795 0 : return tevent_req_post(req, ev);
1796 : }
1797 : }
1798 : }
1799 :
1800 2043 : len = tevent_queue_length(state->wait_queue);
1801 2043 : if (len == 0) {
1802 2031 : tevent_req_done(req);
1803 2031 : return tevent_req_post(req, ev);
1804 : }
1805 :
1806 : /*
1807 : * Now we add our own waiter to the end of the queue,
1808 : * this way we get notified when all pending requests are finished
1809 : * and send to the socket.
1810 : */
1811 12 : subreq = tevent_queue_wait_send(state, ev, state->wait_queue);
1812 12 : if (tevent_req_nomem(subreq, req)) {
1813 0 : return tevent_req_post(req, ev);
1814 : }
1815 12 : tevent_req_set_callback(subreq, smb2srv_session_shutdown_wait_done, req);
1816 :
1817 12 : return req;
1818 : }
1819 :
1820 12 : static void smb2srv_session_shutdown_wait_done(struct tevent_req *subreq)
1821 : {
1822 0 : struct tevent_req *req =
1823 12 : tevent_req_callback_data(subreq,
1824 : struct tevent_req);
1825 :
1826 12 : tevent_queue_wait_recv(subreq);
1827 12 : TALLOC_FREE(subreq);
1828 :
1829 12 : tevent_req_done(req);
1830 12 : }
1831 :
1832 2043 : NTSTATUS smb2srv_session_shutdown_recv(struct tevent_req *req)
1833 : {
1834 2043 : return tevent_req_simple_recv_ntstatus(req);
1835 : }
1836 :
1837 61906 : NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session)
1838 : {
1839 1513 : struct smbXsrv_session_table *table;
1840 61906 : struct db_record *local_rec = NULL;
1841 61906 : struct db_record *global_rec = NULL;
1842 61906 : struct smbd_server_connection *sconn = NULL;
1843 1513 : NTSTATUS status;
1844 61906 : NTSTATUS error = NT_STATUS_OK;
1845 :
1846 61906 : if (session->table == NULL) {
1847 28829 : return NT_STATUS_OK;
1848 : }
1849 :
1850 33077 : table = session->table;
1851 33077 : session->table = NULL;
1852 :
1853 33077 : sconn = session->client->sconn;
1854 33077 : session->client = NULL;
1855 33077 : session->status = NT_STATUS_USER_SESSION_DELETED;
1856 :
1857 : /*
1858 : * For SMB2 this is a bit redundant as files are also close
1859 : * below via smb2srv_tcon_disconnect_all() -> ... ->
1860 : * smbXsrv_tcon_disconnect() -> close_cnum() ->
1861 : * file_close_conn().
1862 : */
1863 33077 : file_close_user(sconn, session->global->session_wire_id);
1864 :
1865 33077 : if (session->tcon_table != NULL) {
1866 : /*
1867 : * Note: We only have a tcon_table for SMB2.
1868 : */
1869 25028 : status = smb2srv_tcon_disconnect_all(session);
1870 25028 : if (!NT_STATUS_IS_OK(status)) {
1871 52 : DBG_ERR("smbXsrv_session_logoff(0x%08x): "
1872 : "smb2srv_tcon_disconnect_all() failed: %s\n",
1873 : session->global->session_global_id,
1874 : nt_errstr(status));
1875 52 : error = status;
1876 : }
1877 : }
1878 :
1879 33077 : invalidate_vuid(sconn, session->global->session_wire_id);
1880 :
1881 33077 : global_rec = session->global->db_rec;
1882 33077 : session->global->db_rec = NULL;
1883 33077 : if (global_rec == NULL) {
1884 33077 : global_rec = smbXsrv_session_global_fetch_locked(
1885 : table->global.db_ctx,
1886 32317 : session->global->session_global_id,
1887 32317 : session->global /* TALLOC_CTX */);
1888 33077 : if (global_rec == NULL) {
1889 0 : error = NT_STATUS_INTERNAL_ERROR;
1890 : }
1891 : }
1892 :
1893 33077 : if (global_rec != NULL) {
1894 33077 : status = dbwrap_record_delete(global_rec);
1895 33077 : if (!NT_STATUS_IS_OK(status)) {
1896 0 : TDB_DATA key = dbwrap_record_get_key(global_rec);
1897 :
1898 0 : DBG_ERR("smbXsrv_session_logoff(0x%08x): "
1899 : "failed to delete global key '%s': %s\n",
1900 : session->global->session_global_id,
1901 : tdb_data_dbg(key),
1902 : nt_errstr(status));
1903 0 : error = status;
1904 : }
1905 : }
1906 33077 : TALLOC_FREE(global_rec);
1907 :
1908 33077 : local_rec = session->db_rec;
1909 33077 : if (local_rec == NULL) {
1910 4517 : local_rec = smbXsrv_session_local_fetch_locked(
1911 : table->local.db_ctx,
1912 : session->local_id,
1913 : session /* TALLOC_CTX */);
1914 4517 : if (local_rec == NULL) {
1915 0 : error = NT_STATUS_INTERNAL_ERROR;
1916 : }
1917 : }
1918 :
1919 33077 : if (local_rec != NULL) {
1920 33077 : status = dbwrap_record_delete(local_rec);
1921 33077 : if (!NT_STATUS_IS_OK(status)) {
1922 0 : TDB_DATA key = dbwrap_record_get_key(local_rec);
1923 :
1924 0 : DBG_ERR("smbXsrv_session_logoff(0x%08x): "
1925 : "failed to delete local key '%s': %s\n",
1926 : session->global->session_global_id,
1927 : tdb_data_dbg(key),
1928 : nt_errstr(status));
1929 0 : error = status;
1930 : }
1931 33077 : table->local.num_sessions -= 1;
1932 : }
1933 33077 : if (session->db_rec == NULL) {
1934 4517 : TALLOC_FREE(local_rec);
1935 : }
1936 33077 : session->db_rec = NULL;
1937 :
1938 33077 : return error;
1939 : }
1940 :
1941 : struct smbXsrv_session_logoff_all_state {
1942 : NTSTATUS first_status;
1943 : int errors;
1944 : };
1945 :
1946 : static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1947 : void *private_data);
1948 :
1949 31064 : NTSTATUS smbXsrv_session_logoff_all(struct smbXsrv_client *client)
1950 : {
1951 31064 : struct smbXsrv_session_table *table = client->session_table;
1952 842 : struct smbXsrv_session_logoff_all_state state;
1953 842 : NTSTATUS status;
1954 31064 : int count = 0;
1955 :
1956 31064 : if (table == NULL) {
1957 572 : DBG_DEBUG("smbXsrv_session_logoff_all: "
1958 : "empty session_table, nothing to do.\n");
1959 572 : return NT_STATUS_OK;
1960 : }
1961 :
1962 30492 : ZERO_STRUCT(state);
1963 :
1964 30492 : status = dbwrap_traverse(table->local.db_ctx,
1965 : smbXsrv_session_logoff_all_callback,
1966 : &state, &count);
1967 30492 : if (!NT_STATUS_IS_OK(status)) {
1968 0 : DBG_ERR("smbXsrv_session_logoff_all: "
1969 : "dbwrap_traverse() failed: %s\n",
1970 : nt_errstr(status));
1971 0 : return status;
1972 : }
1973 :
1974 30492 : if (!NT_STATUS_IS_OK(state.first_status)) {
1975 50 : DBG_ERR("smbXsrv_session_logoff_all: "
1976 : "count[%d] errors[%d] first[%s]\n",
1977 : count, state.errors,
1978 : nt_errstr(state.first_status));
1979 50 : return state.first_status;
1980 : }
1981 :
1982 30442 : return NT_STATUS_OK;
1983 : }
1984 :
1985 28560 : static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
1986 : void *private_data)
1987 : {
1988 28560 : struct smbXsrv_session_logoff_all_state *state =
1989 : (struct smbXsrv_session_logoff_all_state *)private_data;
1990 739 : TDB_DATA val;
1991 28560 : void *ptr = NULL;
1992 28560 : struct smbXsrv_session *session = NULL;
1993 739 : NTSTATUS status;
1994 :
1995 28560 : val = dbwrap_record_get_value(local_rec);
1996 28560 : if (val.dsize != sizeof(ptr)) {
1997 0 : status = NT_STATUS_INTERNAL_ERROR;
1998 0 : if (NT_STATUS_IS_OK(state->first_status)) {
1999 0 : state->first_status = status;
2000 : }
2001 0 : state->errors++;
2002 0 : return 0;
2003 : }
2004 :
2005 28560 : memcpy(&ptr, val.dptr, val.dsize);
2006 28560 : session = talloc_get_type_abort(ptr, struct smbXsrv_session);
2007 :
2008 28560 : session->db_rec = local_rec;
2009 28560 : status = smbXsrv_session_clear_and_logoff(session);
2010 28560 : session->db_rec = NULL;
2011 28560 : if (!NT_STATUS_IS_OK(status)) {
2012 52 : if (NT_STATUS_IS_OK(state->first_status)) {
2013 50 : state->first_status = status;
2014 : }
2015 52 : state->errors++;
2016 52 : return 0;
2017 : }
2018 :
2019 27769 : return 0;
2020 : }
2021 :
2022 : struct smbXsrv_session_local_trav_state {
2023 : NTSTATUS status;
2024 : int (*caller_cb)(struct smbXsrv_session *session,
2025 : void *caller_data);
2026 : void *caller_data;
2027 : };
2028 :
2029 : static int smbXsrv_session_local_traverse_cb(struct db_record *local_rec,
2030 : void *private_data);
2031 :
2032 0 : NTSTATUS smbXsrv_session_local_traverse(
2033 : struct smbXsrv_client *client,
2034 : int (*caller_cb)(struct smbXsrv_session *session,
2035 : void *caller_data),
2036 : void *caller_data)
2037 : {
2038 0 : struct smbXsrv_session_table *table = client->session_table;
2039 0 : struct smbXsrv_session_local_trav_state state;
2040 0 : NTSTATUS status;
2041 0 : int count = 0;
2042 :
2043 0 : state = (struct smbXsrv_session_local_trav_state) {
2044 : .status = NT_STATUS_OK,
2045 : .caller_cb = caller_cb,
2046 : .caller_data = caller_data,
2047 : };
2048 :
2049 0 : if (table == NULL) {
2050 0 : DBG_DEBUG("empty session_table, nothing to do.\n");
2051 0 : return NT_STATUS_OK;
2052 : }
2053 :
2054 0 : status = dbwrap_traverse(table->local.db_ctx,
2055 : smbXsrv_session_local_traverse_cb,
2056 : &state,
2057 : &count);
2058 0 : if (!NT_STATUS_IS_OK(status)) {
2059 0 : DBG_ERR("dbwrap_traverse() failed: %s\n", nt_errstr(status));
2060 0 : return status;
2061 : }
2062 0 : if (!NT_STATUS_IS_OK(state.status)) {
2063 0 : DBG_ERR("count[%d] status[%s]\n",
2064 : count, nt_errstr(state.status));
2065 0 : return state.status;
2066 : }
2067 :
2068 0 : return NT_STATUS_OK;
2069 : }
2070 :
2071 0 : static int smbXsrv_session_local_traverse_cb(struct db_record *local_rec,
2072 : void *private_data)
2073 : {
2074 0 : struct smbXsrv_session_local_trav_state *state =
2075 : (struct smbXsrv_session_local_trav_state *)private_data;
2076 0 : TDB_DATA val;
2077 0 : void *ptr = NULL;
2078 0 : struct smbXsrv_session *session = NULL;
2079 0 : int ret;
2080 :
2081 0 : val = dbwrap_record_get_value(local_rec);
2082 0 : if (val.dsize != sizeof(ptr)) {
2083 0 : state->status = NT_STATUS_INTERNAL_ERROR;
2084 0 : return -1;
2085 : }
2086 :
2087 0 : memcpy(&ptr, val.dptr, val.dsize);
2088 0 : session = talloc_get_type_abort(ptr, struct smbXsrv_session);
2089 :
2090 0 : session->db_rec = local_rec;
2091 0 : ret = state->caller_cb(session, state->caller_data);
2092 0 : session->db_rec = NULL;
2093 :
2094 0 : return ret;
2095 : }
2096 :
2097 : struct smbXsrv_session_disconnect_xconn_state {
2098 : struct smbXsrv_connection *xconn;
2099 : NTSTATUS first_status;
2100 : int errors;
2101 : };
2102 :
2103 : static int smbXsrv_session_disconnect_xconn_callback(struct db_record *local_rec,
2104 : void *private_data);
2105 :
2106 1106 : NTSTATUS smbXsrv_session_disconnect_xconn(struct smbXsrv_connection *xconn)
2107 : {
2108 1106 : struct smbXsrv_client *client = xconn->client;
2109 1106 : struct smbXsrv_session_table *table = client->session_table;
2110 52 : struct smbXsrv_session_disconnect_xconn_state state;
2111 52 : NTSTATUS status;
2112 1106 : int count = 0;
2113 :
2114 1106 : if (table == NULL) {
2115 0 : DBG_ERR("empty session_table, nothing to do.\n");
2116 0 : return NT_STATUS_OK;
2117 : }
2118 :
2119 1106 : ZERO_STRUCT(state);
2120 1106 : state.xconn = xconn;
2121 :
2122 1106 : status = dbwrap_traverse(table->local.db_ctx,
2123 : smbXsrv_session_disconnect_xconn_callback,
2124 : &state, &count);
2125 1106 : if (!NT_STATUS_IS_OK(status)) {
2126 0 : DBG_ERR("dbwrap_traverse() failed: %s\n",
2127 : nt_errstr(status));
2128 0 : return status;
2129 : }
2130 :
2131 1106 : if (!NT_STATUS_IS_OK(state.first_status)) {
2132 0 : DBG_ERR("count[%d] errors[%d] first[%s]\n",
2133 : count, state.errors,
2134 : nt_errstr(state.first_status));
2135 0 : return state.first_status;
2136 : }
2137 :
2138 1106 : return NT_STATUS_OK;
2139 : }
2140 :
2141 1184 : static int smbXsrv_session_disconnect_xconn_callback(struct db_record *local_rec,
2142 : void *private_data)
2143 : {
2144 1184 : struct smbXsrv_session_disconnect_xconn_state *state =
2145 : (struct smbXsrv_session_disconnect_xconn_state *)private_data;
2146 62 : TDB_DATA val;
2147 1184 : void *ptr = NULL;
2148 1184 : struct smbXsrv_session *session = NULL;
2149 62 : NTSTATUS status;
2150 :
2151 1184 : val = dbwrap_record_get_value(local_rec);
2152 1184 : if (val.dsize != sizeof(ptr)) {
2153 0 : status = NT_STATUS_INTERNAL_ERROR;
2154 0 : if (NT_STATUS_IS_OK(state->first_status)) {
2155 0 : state->first_status = status;
2156 : }
2157 0 : state->errors++;
2158 0 : return 0;
2159 : }
2160 :
2161 1184 : memcpy(&ptr, val.dptr, val.dsize);
2162 1184 : session = talloc_get_type_abort(ptr, struct smbXsrv_session);
2163 :
2164 1184 : session->db_rec = local_rec;
2165 1184 : status = smbXsrv_session_remove_channel(session, state->xconn);
2166 1184 : session->db_rec = NULL;
2167 1184 : if (!NT_STATUS_IS_OK(status)) {
2168 0 : if (NT_STATUS_IS_OK(state->first_status)) {
2169 0 : state->first_status = status;
2170 : }
2171 0 : state->errors++;
2172 : }
2173 :
2174 1122 : return 0;
2175 : }
2176 :
2177 5625 : NTSTATUS smb1srv_session_table_init(struct smbXsrv_connection *conn)
2178 : {
2179 : /*
2180 : * Allow a range from 1..65534 with 65534 values.
2181 : */
2182 5625 : return smbXsrv_session_table_init(conn, 1, UINT16_MAX - 1,
2183 : UINT16_MAX - 1);
2184 : }
2185 :
2186 675377 : NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
2187 : uint16_t vuid, NTTIME now,
2188 : struct smbXsrv_session **session)
2189 : {
2190 675377 : struct smbXsrv_session_table *table = conn->client->session_table;
2191 675377 : uint32_t local_id = vuid;
2192 :
2193 675377 : return smbXsrv_session_local_lookup(table, conn, local_id, now,
2194 : session);
2195 : }
2196 :
2197 1836073 : NTSTATUS smbXsrv_session_info_lookup(struct smbXsrv_client *client,
2198 : uint64_t session_wire_id,
2199 : struct auth_session_info **si)
2200 : {
2201 1836073 : struct smbXsrv_session_table *table = client->session_table;
2202 16920 : uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
2203 1836073 : struct smbXsrv_session_local_fetch_state state = {
2204 : .session = NULL,
2205 : .status = NT_STATUS_INTERNAL_ERROR,
2206 : };
2207 16920 : TDB_DATA key;
2208 16920 : NTSTATUS status;
2209 :
2210 1836073 : if (session_wire_id == 0) {
2211 0 : return NT_STATUS_USER_SESSION_DELETED;
2212 : }
2213 :
2214 1836073 : if (table == NULL) {
2215 : /* this might happen before the end of negprot */
2216 0 : return NT_STATUS_USER_SESSION_DELETED;
2217 : }
2218 :
2219 1836073 : if (table->local.db_ctx == NULL) {
2220 0 : return NT_STATUS_INTERNAL_ERROR;
2221 : }
2222 :
2223 1836073 : key = smbXsrv_session_local_id_to_key(session_wire_id, key_buf);
2224 :
2225 1836073 : status = dbwrap_parse_record(table->local.db_ctx, key,
2226 : smbXsrv_session_local_fetch_parser,
2227 : &state);
2228 1836073 : if (!NT_STATUS_IS_OK(status)) {
2229 17 : return status;
2230 : }
2231 1836056 : if (!NT_STATUS_IS_OK(state.status)) {
2232 0 : return state.status;
2233 : }
2234 1836056 : if (state.session->global->auth_session_info == NULL) {
2235 0 : return NT_STATUS_USER_SESSION_DELETED;
2236 : }
2237 :
2238 1836056 : *si = state.session->global->auth_session_info;
2239 1836056 : return NT_STATUS_OK;
2240 : }
2241 :
2242 : /*
2243 : * In memory of get_valid_user_struct()
2244 : *
2245 : * This function is similar to smbXsrv_session_local_lookup() and it's wrappers,
2246 : * but it doesn't implement the state checks of
2247 : * those. get_valid_smbXsrv_session() is NOT meant to be called to validate the
2248 : * session wire-id of incoming SMB requests, it MUST only be used in later
2249 : * internal processing where the session wire-id has already been validated.
2250 : */
2251 33388 : NTSTATUS get_valid_smbXsrv_session(struct smbXsrv_client *client,
2252 : uint64_t session_wire_id,
2253 : struct smbXsrv_session **session)
2254 : {
2255 33388 : struct smbXsrv_session_table *table = client->session_table;
2256 760 : uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE];
2257 33388 : struct smbXsrv_session_local_fetch_state state = {
2258 : .session = NULL,
2259 : .status = NT_STATUS_INTERNAL_ERROR,
2260 : };
2261 760 : TDB_DATA key;
2262 760 : NTSTATUS status;
2263 :
2264 33388 : if (session_wire_id == 0) {
2265 0 : return NT_STATUS_USER_SESSION_DELETED;
2266 : }
2267 :
2268 33388 : if (table == NULL) {
2269 : /* this might happen before the end of negprot */
2270 0 : return NT_STATUS_USER_SESSION_DELETED;
2271 : }
2272 :
2273 33388 : if (table->local.db_ctx == NULL) {
2274 0 : return NT_STATUS_INTERNAL_ERROR;
2275 : }
2276 :
2277 33388 : key = smbXsrv_session_local_id_to_key(session_wire_id, key_buf);
2278 :
2279 33388 : status = dbwrap_parse_record(table->local.db_ctx, key,
2280 : smbXsrv_session_local_fetch_parser,
2281 : &state);
2282 33388 : if (!NT_STATUS_IS_OK(status)) {
2283 0 : return status;
2284 : }
2285 33388 : if (!NT_STATUS_IS_OK(state.status)) {
2286 0 : return state.status;
2287 : }
2288 33388 : if (state.session->global->auth_session_info == NULL) {
2289 4221 : return NT_STATUS_USER_SESSION_DELETED;
2290 : }
2291 :
2292 29167 : *session = state.session;
2293 29167 : return NT_STATUS_OK;
2294 : }
2295 :
2296 26197 : NTSTATUS smb2srv_session_lookup_global(struct smbXsrv_client *client,
2297 : uint64_t session_wire_id,
2298 : TALLOC_CTX *mem_ctx,
2299 : struct smbXsrv_session **_session)
2300 : {
2301 26197 : TALLOC_CTX *frame = talloc_stackframe();
2302 26197 : struct smbXsrv_session_table *table = client->session_table;
2303 26197 : uint32_t global_id = session_wire_id & UINT32_MAX;
2304 26197 : uint64_t global_zeros = session_wire_id & 0xFFFFFFFF00000000LLU;
2305 26197 : struct smbXsrv_session *session = NULL;
2306 26197 : struct db_record *global_rec = NULL;
2307 26197 : bool is_free = false;
2308 832 : NTSTATUS status;
2309 :
2310 26197 : if (global_id == 0) {
2311 25030 : TALLOC_FREE(frame);
2312 25030 : return NT_STATUS_USER_SESSION_DELETED;
2313 : }
2314 1167 : if (global_zeros != 0) {
2315 0 : TALLOC_FREE(frame);
2316 0 : return NT_STATUS_USER_SESSION_DELETED;
2317 : }
2318 :
2319 1167 : if (table == NULL) {
2320 : /* this might happen before the end of negprot */
2321 0 : TALLOC_FREE(frame);
2322 0 : return NT_STATUS_USER_SESSION_DELETED;
2323 : }
2324 :
2325 1167 : if (table->global.db_ctx == NULL) {
2326 0 : TALLOC_FREE(frame);
2327 0 : return NT_STATUS_INTERNAL_ERROR;
2328 : }
2329 :
2330 1167 : session = talloc_zero(mem_ctx, struct smbXsrv_session);
2331 1167 : if (session == NULL) {
2332 0 : TALLOC_FREE(frame);
2333 0 : return NT_STATUS_NO_MEMORY;
2334 : }
2335 1167 : talloc_steal(frame, session);
2336 :
2337 1167 : session->client = client;
2338 1167 : session->status = NT_STATUS_BAD_LOGON_SESSION_STATE;
2339 1167 : session->local_id = global_id;
2340 :
2341 : /*
2342 : * This means smb2_get_new_nonce() will return
2343 : * NT_STATUS_ENCRYPTION_FAILED.
2344 : *
2345 : * But we initialize some random parts just in case...
2346 : */
2347 1167 : session->nonce_high_max = session->nonce_high = 0;
2348 1167 : generate_nonce_buffer((uint8_t *)&session->nonce_high_random,
2349 : sizeof(session->nonce_high_random));
2350 1167 : generate_nonce_buffer((uint8_t *)&session->nonce_low,
2351 : sizeof(session->nonce_low));
2352 :
2353 1167 : global_rec = smbXsrv_session_global_fetch_locked(table->global.db_ctx,
2354 : global_id,
2355 : frame);
2356 1167 : if (global_rec == NULL) {
2357 0 : TALLOC_FREE(frame);
2358 0 : return NT_STATUS_INTERNAL_DB_ERROR;
2359 : }
2360 :
2361 1167 : smbXsrv_session_global_verify_record(global_rec,
2362 : &is_free,
2363 : NULL,
2364 : session,
2365 1167 : &session->global,
2366 : NULL);
2367 1167 : if (is_free) {
2368 10 : TALLOC_FREE(frame);
2369 10 : return NT_STATUS_USER_SESSION_DELETED;
2370 : }
2371 :
2372 : /*
2373 : * We don't have channels on this session
2374 : * and only the main signing key
2375 : */
2376 1157 : session->global->num_channels = 0;
2377 1362 : status = smb2_signing_key_sign_create(session->global,
2378 1157 : session->global->signing_algo,
2379 : NULL, /* no master key */
2380 : NULL, /* derivations */
2381 952 : &session->global->signing_key);
2382 1157 : if (!NT_STATUS_IS_OK(status)) {
2383 0 : TALLOC_FREE(frame);
2384 0 : return NT_STATUS_NO_MEMORY;
2385 : }
2386 1157 : session->global->signing_key->blob = session->global->signing_key_blob;
2387 1157 : session->global->signing_flags = 0;
2388 :
2389 1362 : status = smb2_signing_key_cipher_create(session->global,
2390 1157 : session->global->encryption_cipher,
2391 : NULL, /* no master key */
2392 : NULL, /* derivations */
2393 952 : &session->global->decryption_key);
2394 1157 : if (!NT_STATUS_IS_OK(status)) {
2395 0 : TALLOC_FREE(frame);
2396 0 : return NT_STATUS_NO_MEMORY;
2397 : }
2398 1157 : session->global->decryption_key->blob = session->global->decryption_key_blob;
2399 1157 : session->global->encryption_flags = 0;
2400 :
2401 1157 : *_session = talloc_move(mem_ctx, &session);
2402 1157 : TALLOC_FREE(frame);
2403 1157 : return NT_STATUS_OK;
2404 : }
2405 :
2406 24881 : NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn)
2407 : {
2408 : /*
2409 : * Allow a range from 1..4294967294 with 65534 (same as SMB1) values.
2410 : */
2411 24881 : return smbXsrv_session_table_init(conn, 1, UINT32_MAX - 1,
2412 : UINT16_MAX - 1);
2413 : }
2414 :
2415 1483125 : static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
2416 : /* conn: optional */
2417 : struct smbXsrv_connection *conn,
2418 : uint64_t session_id, NTTIME now,
2419 : struct smbXsrv_session **session)
2420 : {
2421 1483125 : uint32_t local_id = session_id & UINT32_MAX;
2422 1483125 : uint64_t local_zeros = session_id & 0xFFFFFFFF00000000LLU;
2423 :
2424 1483125 : if (local_zeros != 0) {
2425 24 : return NT_STATUS_USER_SESSION_DELETED;
2426 : }
2427 :
2428 1483101 : return smbXsrv_session_local_lookup(table, conn, local_id, now,
2429 : session);
2430 : }
2431 :
2432 1436668 : NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn,
2433 : uint64_t session_id, NTTIME now,
2434 : struct smbXsrv_session **session)
2435 : {
2436 1436668 : struct smbXsrv_session_table *table = conn->client->session_table;
2437 1436668 : return smb2srv_session_lookup_raw(table, conn, session_id, now,
2438 : session);
2439 : }
2440 :
2441 46457 : NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client,
2442 : uint64_t session_id, NTTIME now,
2443 : struct smbXsrv_session **session)
2444 : {
2445 46457 : struct smbXsrv_session_table *table = client->session_table;
2446 46457 : return smb2srv_session_lookup_raw(table, NULL, session_id, now,
2447 : session);
2448 : }
2449 :
2450 : struct smbXsrv_session_global_traverse_state {
2451 : int (*fn)(struct smbXsrv_session_global0 *, void *);
2452 : void *private_data;
2453 : };
2454 :
2455 46 : static int smbXsrv_session_global_traverse_fn(struct db_record *rec, void *data)
2456 : {
2457 46 : int ret = -1;
2458 46 : struct smbXsrv_session_global_traverse_state *state =
2459 : (struct smbXsrv_session_global_traverse_state*)data;
2460 46 : TDB_DATA key = dbwrap_record_get_key(rec);
2461 46 : TDB_DATA val = dbwrap_record_get_value(rec);
2462 46 : DATA_BLOB blob = data_blob_const(val.dptr, val.dsize);
2463 0 : struct smbXsrv_session_globalB global_blob;
2464 0 : enum ndr_err_code ndr_err;
2465 46 : TALLOC_CTX *frame = talloc_stackframe();
2466 :
2467 46 : ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
2468 : (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB);
2469 46 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2470 0 : DBG_WARNING("Invalid record in smbXsrv_session_global.tdb:"
2471 : "key '%s' ndr_pull_struct_blob - %s\n",
2472 : tdb_data_dbg(key),
2473 : ndr_errstr(ndr_err));
2474 0 : goto done;
2475 : }
2476 :
2477 46 : if (global_blob.version != SMBXSRV_VERSION_0) {
2478 0 : DBG_WARNING("Invalid record in smbXsrv_session_global.tdb:"
2479 : "key '%s' unsupported version - %d\n",
2480 : tdb_data_dbg(key),
2481 : (int)global_blob.version);
2482 0 : goto done;
2483 : }
2484 :
2485 46 : if (global_blob.info.info0 == NULL) {
2486 0 : DBG_WARNING("Invalid record in smbXsrv_tcon_global.tdb:"
2487 : "key '%s' info0 NULL pointer\n",
2488 : tdb_data_dbg(key));
2489 0 : goto done;
2490 : }
2491 :
2492 46 : global_blob.info.info0->db_rec = rec;
2493 46 : ret = state->fn(global_blob.info.info0, state->private_data);
2494 46 : done:
2495 46 : TALLOC_FREE(frame);
2496 46 : return ret;
2497 : }
2498 :
2499 42 : NTSTATUS smbXsrv_session_global_traverse(
2500 : int (*fn)(struct smbXsrv_session_global0 *, void *),
2501 : void *private_data)
2502 : {
2503 :
2504 0 : NTSTATUS status;
2505 42 : int count = 0;
2506 42 : struct smbXsrv_session_global_traverse_state state = {
2507 : .fn = fn,
2508 : .private_data = private_data,
2509 : };
2510 :
2511 42 : become_root();
2512 42 : status = smbXsrv_session_global_init(NULL);
2513 42 : if (!NT_STATUS_IS_OK(status)) {
2514 0 : unbecome_root();
2515 0 : DBG_ERR("Failed to initialize session_global: %s\n",
2516 : nt_errstr(status));
2517 0 : return status;
2518 : }
2519 :
2520 42 : status = dbwrap_traverse_read(smbXsrv_session_global_db_ctx,
2521 : smbXsrv_session_global_traverse_fn,
2522 : &state,
2523 : &count);
2524 42 : unbecome_root();
2525 :
2526 42 : return status;
2527 : }
|