From 1de9e714756b65b1e15fae044bde065bb2572b16 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Oct 2012 11:18:03 +0200 Subject: [PATCH 01/39] buildtools/wafsamba: only display 'ok' if the result is True Otherwise we print the raw value. metze Signed-off-by: Michael Adam --- buildtools/wafsamba/samba_autoconf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index 5d3cc5a..76316d2 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -62,8 +62,8 @@ def COMPOUND_END(conf, result): conf.check_message_1 = conf.saved_check_message_1 conf.check_message_2 = conf.saved_check_message_2 p = conf.check_message_2 - if result: - p('ok ') + if result is True: + p('ok') elif not result: p('not found', 'YELLOW') else: -- 1.7.9.5 From 980191d189ee1f5a25e74a6bdf141d4c7e4455d5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Oct 2012 14:59:30 +0200 Subject: [PATCH 02/39] s3:smbd: update sconn->remote_hostname after the netbios session request Also update the info in the new smbXsrv structure. This way we can log the remote name in status outputs. metze Signed-off-by: Michael Adam --- source3/smbd/reply.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 1b4a162..4423e8e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -590,6 +590,19 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb set_local_machine_name(name1, True); set_remote_machine_name(name2, True); + if (is_ipaddress(sconn->remote_hostname)) { + char *p = discard_const_p(char, sconn->remote_hostname); + + talloc_free(p); + + sconn->remote_hostname = talloc_strdup(sconn, + get_remote_machine_name()); + if (sconn->remote_hostname == NULL) { + exit_server_cleanly("could not copy remote name"); + } + sconn->conn->remote_hostname = sconn->remote_hostname; + } + DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n", get_local_machine_name(), get_remote_machine_name(), name_type2)); -- 1.7.9.5 From 781db9d1e564797546009aa5a49378b6e70502d7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 18 Oct 2012 15:58:01 +0200 Subject: [PATCH 03/39] s3: fix comment header description for smbd_shim This was copy'n'pasted from "RPC pipe client"... Signed-off-by: Michael Adam --- source3/lib/smbd_shim.c | 2 +- source3/lib/smbd_shim.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/lib/smbd_shim.c b/source3/lib/smbd_shim.c index 0d33164..78a101c 100644 --- a/source3/lib/smbd_shim.c +++ b/source3/lib/smbd_shim.c @@ -1,6 +1,6 @@ /* Unix SMB/CIFS implementation. - RPC pipe client + Runtime plugin adapter for various "smbd"-functions. Copyright (C) Gerald (Jerry) Carter 2004. Copyright (C) Andrew Bartlett 2011. diff --git a/source3/lib/smbd_shim.h b/source3/lib/smbd_shim.h index 0b802fe..a51decc 100644 --- a/source3/lib/smbd_shim.h +++ b/source3/lib/smbd_shim.h @@ -1,6 +1,6 @@ /* Unix SMB/CIFS implementation. - RPC pipe client + Runtime plugin adapter for various "smbd"-functions. Copyright (C) Gerald (Jerry) Carter 2004. Copyright (C) Andrew Bartlett 2011. -- 1.7.9.5 From 8eab264470ee7adea1e448fc29bc8111902a83b0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 18 Oct 2012 15:59:55 +0200 Subject: [PATCH 04/39] s3:smbd: move initialization of the smbd_shim from smbd_init_globals() to main() This is in preparation of adding server exit hooks to the shim. Signed-off-by: Michael Adam --- source3/smbd/globals.c | 16 ---------------- source3/smbd/server.c | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index 80f6a66..3eb65a1 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -20,7 +20,6 @@ #include "includes.h" #include "smbd/smbd.h" #include "smbd/globals.h" -#include "lib/smbd_shim.h" #include "memcache.h" #include "messages.h" #include "tdb_compat.h" @@ -111,23 +110,8 @@ struct memcache *smbd_memcache(void) return smbd_memcache_ctx; } -static const struct smbd_shim smbd_shim_fns = -{ - .cancel_pending_lock_requests_by_fid = smbd_cancel_pending_lock_requests_by_fid, - .send_stat_cache_delete_message = smbd_send_stat_cache_delete_message, - .change_to_root_user = smbd_change_to_root_user, - - .contend_level2_oplocks_begin = smbd_contend_level2_oplocks_begin, - .contend_level2_oplocks_end = smbd_contend_level2_oplocks_end, - - .become_root = smbd_become_root, - .unbecome_root = smbd_unbecome_root -}; - void smbd_init_globals(void) { - set_smbd_shim(&smbd_shim_fns); - ZERO_STRUCT(conn_ctx_stack); ZERO_STRUCT(sec_ctx_stack); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7dad13b..d34ee4c 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -44,6 +44,7 @@ #include "lib/background.h" #include "lib/conn_tdb.h" #include "../lib/util/pidfile.h" +#include "lib/smbd_shim.h" struct smbd_open_socket; struct smbd_child_pid; @@ -1053,6 +1054,18 @@ extern void build_options(bool screen); struct server_id server_id; struct tevent_signal *se; char *np_dir = NULL; + static const struct smbd_shim smbd_shim_fns = + { + .cancel_pending_lock_requests_by_fid = smbd_cancel_pending_lock_requests_by_fid, + .send_stat_cache_delete_message = smbd_send_stat_cache_delete_message, + .change_to_root_user = smbd_change_to_root_user, + + .contend_level2_oplocks_begin = smbd_contend_level2_oplocks_begin, + .contend_level2_oplocks_end = smbd_contend_level2_oplocks_end, + + .become_root = smbd_become_root, + .unbecome_root = smbd_unbecome_root, + }; /* * Do this before any other talloc operation @@ -1064,6 +1077,8 @@ extern void build_options(bool screen); load_case_tables(); + set_smbd_shim(&smbd_shim_fns); + smbd_init_globals(); TimeInit(); -- 1.7.9.5 From 8a1c7a0a660d78786adac483ecafa157c3a3dc2e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 9 Oct 2012 08:35:04 -0400 Subject: [PATCH 05/39] s3:smbd: add exit_server to the smbd_shim hooks This is in preparation of moving sessionid_tdb and conn_tdb to smbd exclusively. metze Signed-off-by: Michael Adam --- source3/lib/smbd_shim.c | 16 ++++++++++++++++ source3/lib/smbd_shim.h | 4 ++++ source3/smbd/proto.h | 7 +++++-- source3/smbd/server.c | 3 +++ source3/smbd/server_exit.c | 4 ++-- source3/torture/vfstest.c | 14 +++++++++++--- 6 files changed, 41 insertions(+), 7 deletions(-) diff --git a/source3/lib/smbd_shim.c b/source3/lib/smbd_shim.c index 78a101c..d5ad577 100644 --- a/source3/lib/smbd_shim.c +++ b/source3/lib/smbd_shim.c @@ -98,3 +98,19 @@ void unbecome_root(void) } return; } + +void exit_server(const char *reason) +{ + if (shim.exit_server) { + shim.exit_server(reason); + } + exit(1); +} + +void exit_server_cleanly(const char *const reason) +{ + if (shim.exit_server_cleanly) { + shim.exit_server_cleanly(reason); + } + exit(0); +} diff --git a/source3/lib/smbd_shim.h b/source3/lib/smbd_shim.h index a51decc..1645837 100644 --- a/source3/lib/smbd_shim.h +++ b/source3/lib/smbd_shim.h @@ -46,6 +46,10 @@ struct smbd_shim void (*become_root)(void); void (*unbecome_root)(void); + + void (*exit_server)(const char *const explanation) _NORETURN_; + + void (*exit_server_cleanly)(const char *const explanation) _NORETURN_; }; void set_smbd_shim(const struct smbd_shim *shim_functions); diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 1b3c232..a01629a 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -963,11 +963,14 @@ void delete_and_reload_printers(struct tevent_context *ev, bool reload_services(struct smbd_server_connection *sconn, bool (*snumused) (struct smbd_server_connection *, int), bool test); -void exit_server(const char *const explanation); -void exit_server_cleanly(const char *const explanation); NTSTATUS messaging_send_to_children(struct messaging_context *msg_ctx, uint32_t msg_type, DATA_BLOB* data); +/* The following definitions come from smbd/server_exit.c */ + +void smbd_exit_server(const char *reason) _NORETURN_; +void smbd_exit_server_cleanly(const char *const reason) _NORETURN_; + /* The following definitions come from smbd/service.c */ bool set_conn_connectpath(connection_struct *conn, const char *connectpath); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d34ee4c..8eb3d9e 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1065,6 +1065,9 @@ extern void build_options(bool screen); .become_root = smbd_become_root, .unbecome_root = smbd_unbecome_root, + + .exit_server = smbd_exit_server, + .exit_server_cleanly = smbd_exit_server_cleanly, }; /* diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c index 517d4c2..fa28374 100644 --- a/source3/smbd/server_exit.c +++ b/source3/smbd/server_exit.c @@ -225,12 +225,12 @@ static void exit_server_common(enum server_exit_reason how, exit(0); } -void exit_server(const char *const explanation) +void smbd_exit_server(const char *const explanation) { exit_server_common(SERVER_EXIT_ABNORMAL, explanation); } -void exit_server_cleanly(const char *const explanation) +void smbd_exit_server_cleanly(const char *const explanation) { exit_server_common(SERVER_EXIT_NORMAL, explanation); } diff --git a/source3/torture/vfstest.c b/source3/torture/vfstest.c index 3b47459..72156a5 100644 --- a/source3/torture/vfstest.c +++ b/source3/torture/vfstest.c @@ -33,6 +33,7 @@ #include "serverid.h" #include "messages.h" #include "libcli/security/security.h" +#include "lib/smbd_shim.h" /* List to hold groups of commands */ static struct cmd_list { @@ -405,15 +406,15 @@ static void process_file(struct vfs_state *pvfs, char *filename) { } } -void exit_server(const char *reason) +static void vfstest_exit_server(const char * const reason) { DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); exit(0); } -void exit_server_cleanly(const char *const reason) +static void vfstest_exit_server_cleanly(const char * const reason) { - exit_server("normal exit"); + vfstest_exit_server("normal exit"); } struct smb_request *vfstest_get_smbreq(TALLOC_CTX *mem_ctx, @@ -464,6 +465,11 @@ int main(int argc, char *argv[]) POPT_COMMON_SAMBA POPT_TABLEEND }; + static const struct smbd_shim vfstest_shim_fns = + { + .exit_server = vfstest_exit_server, + .exit_server_cleanly = vfstest_exit_server_cleanly, + }; load_case_tables(); @@ -486,6 +492,8 @@ int main(int argc, char *argv[]) facilities. See lib/debug.c */ setup_logging("vfstest", DEBUG_STDOUT); + set_smbd_shim(&vfstest_shim_fns); + /* Load command lists */ cmd_set = vfstest_command_list; -- 1.7.9.5 From 42b0398bdeae8fd7e8ae92ab3a464c3eba9fb0da Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 18 Oct 2012 16:06:42 +0200 Subject: [PATCH 06/39] s3:smbd: remove duplicate prototypes for sys_utmp_claim() an sys_utmp_yield() Signed-off-by: Michael Adam --- source3/smbd/proto.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index a01629a..809074c 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1117,12 +1117,6 @@ void sys_utmp_claim(const char *username, const char *hostname, void sys_utmp_yield(const char *username, const char *hostname, const char *ip_addr_str, const char *id_str, int id_num); -void sys_utmp_yield(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num); -void sys_utmp_claim(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num); /* The following definitions come from smbd/vfs.c */ -- 1.7.9.5 From 9b2a3ebf5cfb4613b117ebb83abe92b93e759381 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 9 Oct 2012 09:38:36 +0200 Subject: [PATCH 07/39] s3:smbd/utmp: remove ip address from utmp record 1. This was broken since Samba 3.2. when ipv6 support was added, it only worked for ipv6 addresses. 2. userspace tools only display the hostname field. 3. This is not really portable metze Signed-off-by: Michael Adam --- source3/configure.in | 19 ------------------- source3/smbd/proto.h | 6 ++---- source3/smbd/session.c | 2 -- source3/smbd/utmp.c | 38 ++++++-------------------------------- source3/wscript | 4 ---- 5 files changed, 8 insertions(+), 61 deletions(-) diff --git a/source3/configure.in b/source3/configure.in index ab54227..70632bc 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2218,25 +2218,6 @@ if test x"$samba_cv_HAVE_UT_UT_EXIT" = x"yes"; then AC_DEFINE(HAVE_UT_UT_EXIT,1,[Whether the utmp struct has a property ut_exit]) fi -dnl Look for the IPv6 varient by preference. Many systems have both. -AC_CACHE_CHECK([for ut_addr_v6 in utmp],samba_cv_HAVE_UT_UT_ADDR_V6,[ -AC_TRY_COMPILE([#include -#include ], -[struct utmp ut; ut.ut_addr_v6[0] = 0;], -samba_cv_HAVE_UT_UT_ADDR_V6=yes,samba_cv_HAVE_UT_UT_ADDR_V6=no,samba_cv_HAVE_UT_UT_ADDR_V6=cross)]) -if test x"$samba_cv_HAVE_UT_UT_ADDR_V6" = x"yes"; then - AC_DEFINE(HAVE_UT_UT_ADDR_V6,1,[Whether the utmp struct has a property ut_addr_v6]) -fi - -AC_CACHE_CHECK([for ut_addr in utmp],samba_cv_HAVE_UT_UT_ADDR,[ -AC_TRY_COMPILE([#include -#include ], -[struct utmp ut; ut.ut_addr = 0;], -samba_cv_HAVE_UT_UT_ADDR=yes,samba_cv_HAVE_UT_UT_ADDR=no,samba_cv_HAVE_UT_UT_ADDR=cross)]) -if test x"$samba_cv_HAVE_UT_UT_ADDR" = x"yes"; then - AC_DEFINE(HAVE_UT_UT_ADDR,1,[Whether the utmp struct has a property ut_addr]) -fi - if test x$ac_cv_func_pututline = xyes ; then AC_CACHE_CHECK([whether pututline returns pointer],samba_cv_PUTUTLINE_RETURNS_UTMP,[ AC_TRY_COMPILE([#include diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 809074c..f1b359f 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1112,11 +1112,9 @@ uint64_t get_current_vuid(connection_struct *conn); /* The following definitions come from smbd/utmp.c */ void sys_utmp_claim(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num); + const char *id_str, int id_num); void sys_utmp_yield(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num); + const char *id_str, int id_num); /* The following definitions come from smbd/vfs.c */ diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 47eafab..e7e7570 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -179,7 +179,6 @@ bool session_claim(struct smbd_server_connection *sconn, struct user_struct *vus if (lp_utmp()) { sys_utmp_claim(sessionid.username, sessionid.hostname, - sessionid.ip_addr_str, sessionid.id_str, sessionid.id_num); } @@ -219,7 +218,6 @@ void session_yield(struct user_struct *vuser) if (lp_utmp()) { sys_utmp_yield(sessionid.username, sessionid.hostname, - sessionid.ip_addr_str, sessionid.id_str, sessionid.id_num); } diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c index 34b7761..bb48d36 100644 --- a/source3/smbd/utmp.c +++ b/source3/smbd/utmp.c @@ -115,13 +115,11 @@ Notes: */ void sys_utmp_claim(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num) + const char *id_str, int id_num) {} void sys_utmp_yield(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num) + const char *id_str, int id_num) {} #else /* WITH_UTMP */ @@ -499,7 +497,6 @@ static int ut_id_encode(int i, char *fourbyte) */ static bool sys_utmp_fill(struct utmp *u, const char *username, const char *hostname, - const char *ip_addr_str, const char *id_str, int id_num) { struct timeval timeval; @@ -550,27 +547,6 @@ static bool sys_utmp_fill(struct utmp *u, #if defined(HAVE_UT_UT_HOST) utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host)); #endif -#if defined(HAVE_IPV6) && defined(HAVE_UT_UT_ADDR_V6) - memset(&u->ut_addr_v6, '\0', sizeof(u->ut_addr_v6)); - if (ip_addr_str) { - struct in6_addr addr; - if (inet_pton(AF_INET6, ip_addr_str, &addr) > 0) { - memcpy(&u->ut_addr_v6, &addr, sizeof(addr)); - } - } -#elif defined(HAVE_UT_UT_ADDR) - memset(&u->ut_addr, '\0', sizeof(u->ut_addr)); - if (ip_addr_str) { - struct in_addr addr; - if (inet_pton(AF_INET, ip_addr_str, &addr) > 0) { - memcpy(&u->ut_addr, &addr, sizeof(addr)); - } - } - /* - * "(unsigned long) ut_addr" apparently exists on at least HP-UX 10.20. - * Volunteer to implement, please ... - */ -#endif #if defined(HAVE_UT_UT_ID) if (ut_id_encode(id_num, u->ut_id) != 0) { @@ -587,8 +563,7 @@ static bool sys_utmp_fill(struct utmp *u, ****************************************************************************/ void sys_utmp_yield(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num) + const char *id_str, int id_num) { struct utmp u; @@ -603,7 +578,7 @@ void sys_utmp_yield(const char *username, const char *hostname, u.ut_type = DEAD_PROCESS; #endif - if (!sys_utmp_fill(&u, username, hostname, ip_addr_str, id_str, id_num)) + if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return; sys_utmp_update(&u, NULL, False); @@ -614,8 +589,7 @@ void sys_utmp_yield(const char *username, const char *hostname, ****************************************************************************/ void sys_utmp_claim(const char *username, const char *hostname, - const char *ip_addr_str, - const char *id_str, int id_num) + const char *id_str, int id_num) { struct utmp u; @@ -625,7 +599,7 @@ void sys_utmp_claim(const char *username, const char *hostname, u.ut_type = USER_PROCESS; #endif - if (!sys_utmp_fill(&u, username, hostname, ip_addr_str, id_str, id_num)) + if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return; sys_utmp_update(&u, hostname, True); diff --git a/source3/wscript b/source3/wscript index 3874df5..56ab760 100644 --- a/source3/wscript +++ b/source3/wscript @@ -655,10 +655,6 @@ msg.msg_acctrightslen = sizeof(fd); define='HAVE_UT_UT_PID') conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h', define='HAVE_UT_UT_EXIT') - conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_addr_v6', headers='utmp.h', - define='HAVE_UT_UT_ADDR_V6') - conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_addr', headers='utmp.h', - define='HAVE_UT_UT_ADDR') conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h', define='HAVE_UX_UT_SYSLEN') conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);', -- 1.7.9.5 From 7aa0d7c55f9cbb3ed96beaf7c4891cadc9bc00ae Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 18 Oct 2012 16:14:19 +0200 Subject: [PATCH 08/39] s3:auth: remove duplicate propotypes for smb_pam_claim_session and smb_pam_close_session Signed-off-by: Michael Adam --- source3/auth/proto.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 5b229f9..7be2e94 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -311,8 +311,6 @@ NTSTATUS smb_pam_passcheck(const char * user, const char * rhost, const char * password); bool smb_pam_passchange(const char *user, const char *rhost, const char *oldpassword, const char *newpassword); -bool smb_pam_claim_session(char *user, char *tty, char *rhost); -bool smb_pam_close_session(char *in_user, char *tty, char *rhost); /* The following definitions come from auth/pass_check.c */ -- 1.7.9.5 From c9a2111b0025156ba70c6eb9fa857e5d639f62b7 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 3 Sep 2012 13:55:50 +0200 Subject: [PATCH 09/39] s3:auth: use const in smb_pam_xxx_session() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/auth/pampass.c | 8 ++++---- source3/auth/proto.h | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 427c22a..bde7c22 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -720,7 +720,7 @@ static bool smb_pam_chauthtok(pam_handle_t *pamh, const char * user) * PAM Externally accessible Session handler */ -bool smb_pam_claim_session(char *user, char *tty, char *rhost) +bool smb_pam_claim_session(const char *user, const char *tty, const char *rhost) { pam_handle_t *pamh = NULL; struct pam_conv *pconv = NULL; @@ -748,7 +748,7 @@ bool smb_pam_claim_session(char *user, char *tty, char *rhost) * PAM Externally accessible Session handler */ -bool smb_pam_close_session(char *user, char *tty, char *rhost) +bool smb_pam_close_session(const char *user, const char *tty, const char *rhost) { pam_handle_t *pamh = NULL; struct pam_conv *pconv = NULL; @@ -880,13 +880,13 @@ NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost) } /* If PAM not used, also no PAM restrictions on sessions. */ -bool smb_pam_claim_session(char *user, char *tty, char *rhost) +bool smb_pam_claim_session(const char *user, const char *tty, const char *rhost) { return True; } /* If PAM not used, also no PAM restrictions on sessions. */ -bool smb_pam_close_session(char *in_user, char *tty, char *rhost) +bool smb_pam_close_session(const char *in_user, const char *tty, const char *rhost) { return True; } diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 7be2e94..98b48df 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -304,8 +304,8 @@ NTSTATUS auth_wbc_init(void); /* The following definitions come from auth/pampass.c */ -bool smb_pam_claim_session(char *user, char *tty, char *rhost); -bool smb_pam_close_session(char *user, char *tty, char *rhost); +bool smb_pam_claim_session(const char *user, const char *tty, const char *rhost); +bool smb_pam_close_session(const char *user, const char *tty, const char *rhost); NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost); NTSTATUS smb_pam_passcheck(const char * user, const char * rhost, const char * password); -- 1.7.9.5 From 611e30ea233f0e5dab1439e930ea8544b85ca3b2 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 14:46:22 +0200 Subject: [PATCH 10/39] s3:rpc_server/srvsvc: remove function net_enum_pipes() The relevant records are not written to connections.tdb since commit a781b78417b6d7b875230dd2edcb932445aa4197 Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 97 ----------------------------- 1 file changed, 97 deletions(-) diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 1e734d8..a6472a6 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -60,98 +60,6 @@ struct sess_file_count { int count; }; -/* Used to store pipe open records for NetFileEnum() */ - -struct pipe_open_rec { - struct server_id pid; - uid_t uid; - int pnum; - fstring name; -}; - -/**************************************************************************** - Count the entries belonging to a service in the connection db. -****************************************************************************/ - -static int pipe_enum_fn( struct db_record *rec, void *p) -{ - struct pipe_open_rec prec; - struct file_enum_count *fenum = (struct file_enum_count *)p; - struct srvsvc_NetFileInfo3 *f; - int i = fenum->ctr3->count; - char *fullpath = NULL; - const char *username; - TDB_DATA value; - - value = dbwrap_record_get_value(rec); - - if (value.dsize != sizeof(struct pipe_open_rec)) - return 0; - - memcpy(&prec, value.dptr, sizeof(struct pipe_open_rec)); - - if ( !process_exists(prec.pid) ) { - return 0; - } - - username = uidtoname(prec.uid); - - if ((fenum->username != NULL) - && !strequal(username, fenum->username)) { - return 0; - } - - fullpath = talloc_asprintf(fenum->ctx, "\\PIPE\\%s", prec.name ); - if (!fullpath) { - return 1; - } - - f = talloc_realloc(fenum->ctx, fenum->ctr3->array, - struct srvsvc_NetFileInfo3, i+1); - if ( !f ) { - DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1)); - return 1; - } - fenum->ctr3->array = f; - - fenum->ctr3->array[i].fid = - (((uint32_t)(procid_to_pid(&prec.pid))<<16) | prec.pnum); - fenum->ctr3->array[i].permissions = - (FILE_READ_DATA|FILE_WRITE_DATA); - fenum->ctr3->array[i].num_locks = 0; - fenum->ctr3->array[i].path = fullpath; - fenum->ctr3->array[i].user = username; - - fenum->ctr3->count++; - - return 0; -} - -/******************************************************************* -********************************************************************/ - -static WERROR net_enum_pipes(TALLOC_CTX *ctx, - const char *username, - struct srvsvc_NetFileCtr3 **ctr3, - uint32_t resume ) -{ - struct file_enum_count fenum; - - fenum.ctx = ctx; - fenum.username = username; - fenum.ctr3 = *ctr3; - - if (connections_traverse(pipe_enum_fn, &fenum) < 0) { - DEBUG(0,("net_enum_pipes: traverse of connections.tdb " - "failed\n")); - return WERR_NOMEM; - } - - *ctr3 = fenum.ctr3; - - return WERR_OK; -} - /******************************************************************* ********************************************************************/ @@ -1106,11 +1014,6 @@ WERROR _srvsvc_NetFileEnum(struct pipes_struct *p, goto done; } - werr = net_enum_pipes(ctx, r->in.user, &ctr3, resume_hnd); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - *r->out.totalentries = ctr3->count; r->out.info_ctr->ctr.ctr3->array = ctr3->array; r->out.info_ctr->ctr.ctr3->count = ctr3->count; -- 1.7.9.5 From d5c273919d129f884d5fb13e06ad73e01c7176e1 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 15:07:08 +0200 Subject: [PATCH 11/39] s3:lib: remove unused function connections_traverse() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/lib/conn_tdb.c | 20 -------------------- source3/lib/conn_tdb.h | 3 --- 2 files changed, 23 deletions(-) diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index fb605e1..c469005 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -110,26 +110,6 @@ static int conn_traverse_fn(struct db_record *rec, void *private_data) state->private_data); } -int connections_traverse(int (*fn)(struct db_record *rec, - void *private_data), - void *private_data) -{ - NTSTATUS status; - int count; - struct db_context *ctx = connections_db_ctx(False); - - if (ctx == NULL) { - return -1; - } - - status = dbwrap_traverse(ctx, fn, private_data, &count); - if (!NT_STATUS_IS_OK(status)) { - return -1; - } - - return count; -} - int connections_forall(int (*fn)(struct db_record *rec, const struct connections_key *key, const struct connections_data *data, diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h index 9b63364..bf8add9 100644 --- a/source3/lib/conn_tdb.h +++ b/source3/lib/conn_tdb.h @@ -51,9 +51,6 @@ struct db_record *connections_fetch_entry_ext(TALLOC_CTX *mem_ctx, struct server_id id, int cnum, const char *name); -int connections_traverse(int (*fn)(struct db_record *rec, - void *private_data), - void *private_data); int connections_forall(int (*fn)(struct db_record *rec, const struct connections_key *key, const struct connections_data *data, -- 1.7.9.5 From b237bbc0d1afdfea3b6b6335854f92d6fe80a151 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Tue, 28 Aug 2012 09:31:59 +0200 Subject: [PATCH 12/39] s3:smbcontrol: don't do stack_trace by connection but by server_id. Inparticular use serverid_traverse_read instead of connections_foralli to enumerate processes. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/utils/smbcontrol.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c index c91c0f3..900ae9a 100644 --- a/source3/utils/smbcontrol.c +++ b/source3/utils/smbcontrol.c @@ -321,12 +321,13 @@ cleanup: ptrace(PTRACE_DETACH, pid, NULL, NULL); } -static int stack_trace_connection(const struct connections_key *key, - const struct connections_data *crec, - void *priv) +static int stack_trace_server(const struct server_id *id, + uint32_t msg_flags, + void *priv) { - print_stack_trace(procid_to_pid(&crec->pid), (int *)priv); - + if (id->vnn == get_my_vnn()) { + print_stack_trace(procid_to_pid(&id->pid), (int *)priv); + } return 0; } @@ -353,7 +354,7 @@ static bool do_daemon_stack_trace(struct tevent_context *ev_ctx, */ print_stack_trace(dest, &count); } else { - connections_forall_read(stack_trace_connection, &count); + serverid_traverse_read(stack_trace_server, &count); } return True; -- 1.7.9.5 From 77906e7cdf4c40ab860af8bb42e2c5f3b5501e7d Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 15:12:36 +0200 Subject: [PATCH 13/39] s3:count_current_connections: do not clear orphaned entries from connections.tdb This removes one of the last callers of connetions_forall. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/connection.c | 28 ++++++++-------------------- source3/smbd/proto.h | 2 +- 2 files changed, 9 insertions(+), 21 deletions(-) diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index d334e8b..ac2ab95 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -57,15 +57,14 @@ bool yield_connection(connection_struct *conn, const char *name) struct count_stat { int curr_connections; const char *name; - bool Clear; + bool verify; }; /**************************************************************************** Count the entries belonging to a service in the connection db. ****************************************************************************/ -static int count_fn(struct db_record *rec, - const struct connections_key *ckey, +static int count_fn(const struct connections_key *ckey, const struct connections_data *crec, void *udp) { @@ -75,24 +74,13 @@ static int count_fn(struct db_record *rec, return 0; } - /* If the pid was not found delete the entry from connections.tdb */ - - if (cs->Clear && !process_exists(crec->pid) && (errno == ESRCH)) { - NTSTATUS status; - DEBUG(2,("pid %s doesn't exist - deleting connections %d [%s]\n", - procid_str_static(&crec->pid), crec->cnum, - crec->servicename)); - - status = dbwrap_record_delete(rec); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("count_fn: tdb_delete failed with error %s\n", - nt_errstr(status))); - } + if (cs->verify && !process_exists(crec->pid)) { return 0; } - if (strequal(crec->servicename, cs->name)) + if (strequal(crec->servicename, cs->name)) { cs->curr_connections++; + } return 0; } @@ -101,14 +89,14 @@ static int count_fn(struct db_record *rec, Claim an entry in the connections database. ****************************************************************************/ -int count_current_connections( const char *sharename, bool clear ) +int count_current_connections(const char *sharename, bool verify) { struct count_stat cs; int ret; cs.curr_connections = 0; cs.name = sharename; - cs.Clear = clear; + cs.verify = verify; /* * This has a race condition, but locking the chain before hand is worse @@ -120,7 +108,7 @@ int count_current_connections( const char *sharename, bool clear ) * via ctdb, which is not possible without root. */ become_root(); - ret = connections_forall(count_fn, &cs); + ret = connections_forall_read(count_fn, &cs); unbecome_root(); if (ret < 0) { diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index f1b359f..a715476 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -161,7 +161,7 @@ void msg_force_tdis(struct messaging_context *msg, /* The following definitions come from smbd/connection.c */ bool yield_connection(connection_struct *conn, const char *name); -int count_current_connections( const char *sharename, bool clear ); +int count_current_connections(const char *sharename, bool verify); bool connections_snum_used(struct smbd_server_connection *unused, int snum); bool claim_connection(connection_struct *conn, const char *name); -- 1.7.9.5 From 77f99ece482a11aad50219e64d231b27dbbccbba Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 15:18:07 +0200 Subject: [PATCH 14/39] s3:net_status_shares: use connections_forall_read for a read only traversal Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/utils/net_status.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source3/utils/net_status.c b/source3/utils/net_status.c index c96730f..be24fec 100644 --- a/source3/utils/net_status.c +++ b/source3/utils/net_status.c @@ -91,8 +91,7 @@ static int net_status_sessions(struct net_context *c, int argc, const char **arg return 0; } -static int show_share(struct db_record *rec, - const struct connections_key *key, +static int show_share(const struct connections_key *key, const struct connections_data *crec, void *state) { @@ -205,7 +204,7 @@ static int net_status_shares(struct net_context *c, int argc, const char **argv) "-------------------------------------" "------------------\n")); - connections_forall(show_share, NULL); + connections_forall_read(show_share, NULL); return 0; } -- 1.7.9.5 From 4878769f8e6763fbb8347f2ea674c7a861d95564 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 14:47:33 +0200 Subject: [PATCH 15/39] s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and session_yield() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/password.c | 2 +- source3/smbd/proto.h | 5 +++-- source3/smbd/session.c | 6 ++++-- source3/smbd/sesssetup.c | 4 ++-- source3/smbd/smb2_sesssetup.c | 2 +- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 60ab045..3a64d1b 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -105,7 +105,7 @@ void invalidate_vuid(struct smbd_server_connection *sconn, uint64_t vuid) return; } - session_yield(vuser); + session_yield(vuser->session); DLIST_REMOVE(sconn->users, vuser); SMB_ASSERT(sconn->num_users > 0); diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index a715476..5f41957 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -993,9 +993,10 @@ void close_cnum(connection_struct *conn, uint64_t vuid); /* The following definitions come from smbd/session.c */ struct sessionid; +struct smbXsrv_session; bool session_init(void); -bool session_claim(struct smbd_server_connection *sconn, struct user_struct *vuser); -void session_yield(struct user_struct *vuser); +bool session_claim(struct smbd_server_connection *sconn, struct smbXsrv_session *session); +void session_yield(struct smbXsrv_session *session); int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list); /* The following definitions come from smbd/sesssetup.c */ diff --git a/source3/smbd/session.c b/source3/smbd/session.c index e7e7570..c931f8b 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -40,8 +40,9 @@ called when a session is created ********************************************************************/ -bool session_claim(struct smbd_server_connection *sconn, struct user_struct *vuser) +bool session_claim(struct smbd_server_connection *sconn, struct smbXsrv_session *session) { + struct user_struct *vuser = session->compat; struct server_id pid = messaging_server_id(sconn->msg_ctx); TDB_DATA data; int i = 0; @@ -194,8 +195,9 @@ bool session_claim(struct smbd_server_connection *sconn, struct user_struct *vus called when a session is destroyed ********************************************************************/ -void session_yield(struct user_struct *vuser) +void session_yield(struct smbXsrv_session *session) { + struct user_struct *vuser = session->compat; struct sessionid sessionid; struct db_record *rec; TDB_DATA value; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 4d58e7a..16a71f7 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -326,7 +326,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(sconn, session->compat)) { + if (!session_claim(sconn, session)) { DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", (unsigned long long)session->compat->vuid)); data_blob_free(&out_blob); @@ -1008,7 +1008,7 @@ void reply_sesssetup_and_X(struct smb_request *req) register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(sconn, session->compat)) { + if (!session_claim(sconn, session)) { DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", (unsigned long long)session->compat->vuid)); data_blob_free(&nt_resp); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 2599d2a..29253d0 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -330,7 +330,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(smb2req->sconn, session->compat)) { + if (!session_claim(smb2req->sconn, session)) { DEBUG(1, ("smb2: Failed to claim session " "for vuid=%llu\n", (unsigned long long)session->compat->vuid)); -- 1.7.9.5 From 02b9b79447be46835adf963cca14c618d0c435e6 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 09:21:58 +0200 Subject: [PATCH 16/39] s3:smbd: remove smbd_server_connection argument from session_claim() retrieve the server connection from the smbXsrv_session argument instead. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/proto.h | 2 +- source3/smbd/session.c | 5 +++-- source3/smbd/sesssetup.c | 4 ++-- source3/smbd/smb2_sesssetup.c | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 5f41957..ffbc8d8 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -995,7 +995,7 @@ void close_cnum(connection_struct *conn, uint64_t vuid); struct sessionid; struct smbXsrv_session; bool session_init(void); -bool session_claim(struct smbd_server_connection *sconn, struct smbXsrv_session *session); +bool session_claim(struct smbXsrv_session *session); void session_yield(struct smbXsrv_session *session); int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list); diff --git a/source3/smbd/session.c b/source3/smbd/session.c index c931f8b..abb1e31 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -40,9 +40,10 @@ called when a session is created ********************************************************************/ -bool session_claim(struct smbd_server_connection *sconn, struct smbXsrv_session *session) +bool session_claim(struct smbXsrv_session *session) { struct user_struct *vuser = session->compat; + struct smbd_server_connection *sconn = session->connection->sconn; struct server_id pid = messaging_server_id(sconn->msg_ctx); TDB_DATA data; int i = 0; @@ -137,7 +138,7 @@ bool session_claim(struct smbd_server_connection *sconn, struct smbXsrv_session SMB_ASSERT(rec != NULL); - raddr = tsocket_address_inet_addr_string(sconn->remote_address, + raddr = tsocket_address_inet_addr_string(session->connection->remote_address, talloc_tos()); if (raddr == NULL) { return false; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 16a71f7..cd7928d 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -326,7 +326,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(sconn, session)) { + if (!session_claim(session)) { DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", (unsigned long long)session->compat->vuid)); data_blob_free(&out_blob); @@ -1008,7 +1008,7 @@ void reply_sesssetup_and_X(struct smb_request *req) register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(sconn, session)) { + if (!session_claim(session)) { DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", (unsigned long long)session->compat->vuid)); data_blob_free(&nt_resp); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 29253d0..171021a 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -330,7 +330,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(smb2req->sconn, session)) { + if (!session_claim(session)) { DEBUG(1, ("smb2: Failed to claim session " "for vuid=%llu\n", (unsigned long long)session->compat->vuid)); -- 1.7.9.5 From e24b1041b1f6e5b1c5a258a2cbe058f134a45ed9 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 11:03:25 +0200 Subject: [PATCH 17/39] s3:smbd: initialize session->global before calling session_claim Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/sesssetup.c | 40 ++++++++++++++++++++-------------------- source3/smbd/smb2_sesssetup.c | 14 +++++++------- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index cd7928d..aad122c 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -326,15 +326,6 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(session)) { - DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", - (unsigned long long)session->compat->vuid)); - data_blob_free(&out_blob); - TALLOC_FREE(session); - reply_nterror(req, NT_STATUS_LOGON_FAILURE); - return; - } - if (srv_is_signing_negotiated(sconn) && action == 0 && session->global->signing_key.length > 0) @@ -366,6 +357,15 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) GENSEC_EXPIRE_TIME_INFINITY; } + if (!session_claim(session)) { + DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", + (unsigned long long)session->compat->vuid)); + data_blob_free(&out_blob); + TALLOC_FREE(session); + reply_nterror(req, NT_STATUS_LOGON_FAILURE); + return; + } + status = smbXsrv_session_update(session); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("smb1: Failed to update session for vuid=%llu - %s\n", @@ -1008,17 +1008,6 @@ void reply_sesssetup_and_X(struct smb_request *req) register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(session)) { - DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", - (unsigned long long)session->compat->vuid)); - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - TALLOC_FREE(session); - reply_nterror(req, NT_STATUS_LOGON_FAILURE); - END_PROFILE(SMBsesssetupX); - return; - } - if (srv_is_signing_negotiated(sconn) && action == 0 && session->global->signing_key.length > 0) @@ -1057,6 +1046,17 @@ void reply_sesssetup_and_X(struct smb_request *req) return; } + if (!session_claim(session)) { + DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n", + (unsigned long long)session->compat->vuid)); + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + TALLOC_FREE(session); + reply_nterror(req, NT_STATUS_LOGON_FAILURE); + END_PROFILE(SMBsesssetupX); + return; + } + /* current_user_info is changed on new vuid */ reload_services(sconn, conn_snum_used, true); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 171021a..265f802 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -330,13 +330,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, register_homes_share(session_info->unix_info->unix_name); } - if (!session_claim(session)) { - DEBUG(1, ("smb2: Failed to claim session " - "for vuid=%llu\n", - (unsigned long long)session->compat->vuid)); - return NT_STATUS_LOGON_FAILURE; - } - set_current_user_info(session_info->unix_info->sanitized_username, session_info->unix_info->unix_name, session_info->info->domain_name); @@ -350,6 +343,13 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, session->global->auth_session_info_seqnum; session->global->expiration_time = gensec_expire_time(session->gensec); + if (!session_claim(session)) { + DEBUG(1, ("smb2: Failed to claim session " + "for vuid=%llu\n", + (unsigned long long)session->compat->vuid)); + return NT_STATUS_LOGON_FAILURE; + } + status = smbXsrv_session_update(session); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n", -- 1.7.9.5 From 92d53dd7dc8ca71ae28d2a8762524396cd3c6f58 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Oct 2012 11:15:50 +0200 Subject: [PATCH 18/39] s3:configure: check that struct utmp.ut_line is large enough for our use case We use "smb/%u" with a 32-bit number, "smb/4294967295\0" requires 15 chars (including the '\0'). metze Signed-off-by: Michael Adam --- source3/configure.in | 18 ++++++++++++++++++ source3/wscript | 8 ++++++++ 2 files changed, 26 insertions(+) diff --git a/source3/configure.in b/source3/configure.in index 70632bc..fb00fee 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2238,6 +2238,19 @@ if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then AC_DEFINE(HAVE_UX_UT_SYSLEN,1,[Whether the utmpx struct has a property ut_syslen]) fi +AC_CACHE_CHECK([whether sizeof ut_line in utmp is ok],samba_cv_HAVE_UX_UT_LINE,[ +AC_TRY_RUN([#include +#include +#include +int main(void) { + if (sizeof(((struct utmp *)NULL)->ut_line) < 15) { + return 1; + } + return 0; +} +], +samba_cv_HAVE_UX_UT_LINE=yes,samba_cv_HAVE_UX_UT_LINE=no,samba_cv_HAVE_UX_UT_LINE=cross)]) + fi # end utmp details @@ -4703,6 +4716,11 @@ if test x"$WITH_UTMP" = x"yes" -a x"$ac_cv_header_utmp_h" = x"no"; then WITH_UTMP=no fi +if test x"$WITH_UTMP" = x"yes" -a x"$samba_cv_HAVE_UX_UT_LINE" != x"yes"; then + utmp_no_reason=", sizeof ut_line not ok" + WITH_UTMP=no +fi + # Display test results if test x"$WITH_UTMP" = x"yes"; then diff --git a/source3/wscript b/source3/wscript index 56ab760..92575c8 100644 --- a/source3/wscript +++ b/source3/wscript @@ -660,8 +660,16 @@ msg.msg_acctrightslen = sizeof(fd); conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);', 'PUTUTLINE_RETURNS_UTMP', headers='utmp.h', msg="Checking whether pututline returns pointer") + conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h', + define='SIZEOF_UTMP_UT_LINE') + if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'): + conf.env.with_utmp = False + elif int(conf.env.SIZEOF_UTMP_UT_LINE) < 15: + conf.env.with_utmp = False if conf.env.with_utmp: conf.DEFINE('WITH_UTMP', 1) + else: + Logs.warn("--with-utmp but utmp support not sufficient") if Options.options.with_avahi: conf.env.with_avahi = True -- 1.7.9.5 From b288ddd5c0ee7524e30a4fce3ec4f03c19a1764a Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 15:21:06 +0200 Subject: [PATCH 19/39] s3:smbd: use session_global_id as session number for pam and utmp Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher --- source3/include/local.h | 20 ------------- source3/smbd/session.c | 76 ++++++----------------------------------------- source3/smbd/utmp.c | 16 ++++------ 3 files changed, 15 insertions(+), 97 deletions(-) diff --git a/source3/include/local.h b/source3/include/local.h index 02e6b43..a87ab8f 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -154,26 +154,6 @@ /* Minimum length of allowed password when changing UNIX password. */ #define MINPASSWDLENGTH 5 -/* maximum ID number used for session control. This cannot be larger - than 62*62 for the current code */ -#define MAX_SESSION_ID 3000 - -/* For the benifit of PAM and the 'session exec' scripts, we fake up a terminal - name. This can be in one of two forms: The first for systems not using - utmp (and therefore not constrained as to length or the need for a number - < 3000 or so) and the second for systems with this 'well behaved terminal - like name' constraint. -*/ - -#ifndef SESSION_TEMPLATE -/* Paramaters are 'pid' and 'vuid' */ -#define SESSION_TEMPLATE "smb/%lu/%llu" -#endif - -#ifndef SESSION_UTMP_TEMPLATE -#define SESSION_UTMP_TEMPLATE "smb/%d" -#endif - /* the maximum age in seconds of a password. Should be a lp_ parameter */ #define MAX_PASSWORD_AGE (21*24*60*60) diff --git a/source3/smbd/session.c b/source3/smbd/session.c index abb1e31..6b0263e 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -46,7 +46,6 @@ bool session_claim(struct smbXsrv_session *session) struct smbd_server_connection *sconn = session->connection->sconn; struct server_id pid = messaging_server_id(sconn->msg_ctx); TDB_DATA data; - int i = 0; struct sessionid sessionid; fstring keystr; struct db_record *rec; @@ -67,77 +66,21 @@ bool session_claim(struct smbXsrv_session *session) ZERO_STRUCT(sessionid); + sessionid.id_num = session->global->session_global_id; + data.dptr = NULL; data.dsize = 0; - if (lp_utmp()) { + snprintf(keystr, sizeof(keystr), "ID/%u", sessionid.id_num); + snprintf(sessionid.id_str, sizeof(sessionid.id_str), + "smb/%u", sessionid.id_num); - for (i=1;ivuid); - - rec = sessionid_fetch_record(NULL, keystr); - if (rec == NULL) { - DEBUG(1, ("Could not lock \"%s\"\n", keystr)); - return False; - } - - snprintf(sessionid.id_str, sizeof(sessionid.id_str), - SESSION_TEMPLATE, (long unsigned int)getpid(), - (unsigned long long)vuser->vuid); + rec = sessionid_fetch_record(NULL, keystr); + if (rec == NULL) { + DEBUG(1, ("Could not lock \"%s\"\n", keystr)); + return False; } - SMB_ASSERT(rec != NULL); - raddr = tsocket_address_inet_addr_string(session->connection->remote_address, talloc_tos()); if (raddr == NULL) { @@ -149,7 +92,6 @@ bool session_claim(struct smbXsrv_session *session) fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name); fstrcpy(sessionid.hostname, sconn->remote_hostname); - sessionid.id_num = i; /* Only valid for utmp sessions */ sessionid.pid = pid; sessionid.uid = vuser->session_info->unix_token->uid; sessionid.gid = vuser->session_info->unix_token->gid; diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c index bb48d36..0dc1917 100644 --- a/source3/smbd/utmp.c +++ b/source3/smbd/utmp.c @@ -472,22 +472,23 @@ static int ut_id_encode(int i, char *fourbyte) int nbase; const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - fourbyte[0] = 'S'; - fourbyte[1] = 'M'; - /* - * Encode remaining 2 bytes from 'i'. * 'ut_id_encstr' is the character set on which modulo arithmetic is done. * Example: digits would produce the base-10 numbers from '001'. */ nbase = strlen(ut_id_encstr); + fourbyte[0] = ut_id_encstr[i % nbase]; + i /= nbase; + fourbyte[1] = ut_id_encstr[i % nbase]; + i /= nbase; fourbyte[3] = ut_id_encstr[i % nbase]; i /= nbase; fourbyte[2] = ut_id_encstr[i % nbase]; i /= nbase; - return(i); /* 0: good; else overflow */ + /* we do not care about overflows as i is a random number */ + return 0; } #endif /* defined(HAVE_UT_UT_ID) */ @@ -517,11 +518,6 @@ static bool sys_utmp_fill(struct utmp *u, * ut_line: * If size limit proves troublesome, then perhaps use "ut_id_encode()". */ - if (strlen(id_str) > sizeof(u->ut_line)) { - DEBUG(1,("id_str [%s] is too long for %lu char utmp field\n", - id_str, (unsigned long)sizeof(u->ut_line))); - return False; - } utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line)); #if defined(HAVE_UT_UT_PID) -- 1.7.9.5 From c3a658f59578899215920a42f5cb568f9368ce13 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Wed, 22 Aug 2012 14:28:31 +0200 Subject: [PATCH 20/39] s3:smbXsrv_session: add smbXsrv_session_global_traverse() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/globals.h | 4 +++ source3/smbd/smbXsrv_session.c | 71 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 107d338..6509dda 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -396,6 +396,10 @@ NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn); NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn, uint64_t session_id, NTTIME now, struct smbXsrv_session **session); +struct smbXsrv_session_global0; +NTSTATUS smbXsrv_session_global_traverse( + int (*fn)(struct smbXsrv_session_global0 *, void *), + void *private_data); struct tevent_req *smb2srv_session_close_previous_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbXsrv_connection *conn, diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c index f31d85b..f3072ee 100644 --- a/source3/smbd/smbXsrv_session.c +++ b/source3/smbd/smbXsrv_session.c @@ -1524,3 +1524,74 @@ NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn, return smbXsrv_session_local_lookup(table, local_id, now, session); } + +struct smbXsrv_session_global_traverse_state { + int (*fn)(struct smbXsrv_session_global0 *, void *); + void *private_data; +}; + +static int smbXsrv_session_global_traverse_fn(struct db_record *rec, void *data) +{ + int ret = -1; + struct smbXsrv_session_global_traverse_state *state = + (struct smbXsrv_session_global_traverse_state*)data; + TDB_DATA key = dbwrap_record_get_key(rec); + TDB_DATA val = dbwrap_record_get_value(rec); + DATA_BLOB blob = data_blob_const(val.dptr, val.dsize); + struct smbXsrv_session_globalB global_blob; + enum ndr_err_code ndr_err; + TALLOC_CTX *frame = talloc_stackframe(); + + ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob, + (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_globalB); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:" + "key '%s' ndr_pull_struct_blob - %s\n", + hex_encode_talloc(frame, key.dptr, key.dsize), + ndr_errstr(ndr_err))); + goto done; + } + + if (global_blob.version != SMBXSRV_VERSION_0) { + DEBUG(1,("Invalid record in smbXsrv_session_global.tdb:" + "key '%s' unsuported version - %d\n", + hex_encode_talloc(frame, key.dptr, key.dsize), + (int)global_blob.version)); + goto done; + } + + ret = state->fn(global_blob.info.info0, state->private_data); +done: + TALLOC_FREE(frame); + return ret; +} + +NTSTATUS smbXsrv_session_global_traverse( + int (*fn)(struct smbXsrv_session_global0 *, void *), + void *private_data) +{ + + NTSTATUS status; + int count = 0; + struct smbXsrv_session_global_traverse_state state = { + .fn = fn, + .private_data = private_data, + }; + + become_root(); + status = smbXsrv_session_global_init(); + if (!NT_STATUS_IS_OK(status)) { + unbecome_root(); + DEBUG(0, ("Failed to initialize session_global: %s\n", + nt_errstr(status))); + return status; + } + + status = dbwrap_traverse_read(smbXsrv_session_global_db_ctx, + smbXsrv_session_global_traverse_fn, + &state, + &count); + unbecome_root(); + + return status; +} -- 1.7.9.5 From 89cc865cabdf7f7fd7c26d3da784c1d7f9e1d6b0 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Tue, 28 Aug 2012 15:35:58 +0200 Subject: [PATCH 21/39] s3:smbXsrv_tcon: add smbXsrv_tcon_global_traverse() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/globals.h | 4 +++ source3/smbd/smbXsrv_tcon.c | 70 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 6509dda..4a86697 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -427,6 +427,10 @@ NTSTATUS smb2srv_tcon_lookup(struct smbXsrv_session *session, uint32_t tree_id, NTTIME now, struct smbXsrv_tcon **tcon); NTSTATUS smb2srv_tcon_disconnect_all(struct smbXsrv_session *session); +struct smbXsrv_tcon_global0; +NTSTATUS smbXsrv_tcon_global_traverse( + int (*fn)(struct smbXsrv_tcon_global0 *, void *), + void *private_data); NTSTATUS smbXsrv_open_global_init(void); NTSTATUS smbXsrv_open_create(struct smbXsrv_connection *conn, diff --git a/source3/smbd/smbXsrv_tcon.c b/source3/smbd/smbXsrv_tcon.c index 9f8162a..49da84d 100644 --- a/source3/smbd/smbXsrv_tcon.c +++ b/source3/smbd/smbXsrv_tcon.c @@ -1164,3 +1164,73 @@ NTSTATUS smb2srv_tcon_disconnect_all(struct smbXsrv_session *session) return smbXsrv_tcon_disconnect_all(session->tcon_table, vuid); } + +struct smbXsrv_tcon_global_traverse_state { + int (*fn)(struct smbXsrv_tcon_global0 *, void *); + void *private_data; +}; + +static int smbXsrv_tcon_global_traverse_fn(struct db_record *rec, void *data) +{ + int ret = -1; + struct smbXsrv_tcon_global_traverse_state *state = + (struct smbXsrv_tcon_global_traverse_state*)data; + TDB_DATA key = dbwrap_record_get_key(rec); + TDB_DATA val = dbwrap_record_get_value(rec); + DATA_BLOB blob = data_blob_const(val.dptr, val.dsize); + struct smbXsrv_tcon_globalB global_blob; + enum ndr_err_code ndr_err; + TALLOC_CTX *frame = talloc_stackframe(); + + ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob, + (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_tcon_globalB); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(1,("Invalid record in smbXsrv_tcon_global.tdb:" + "key '%s' ndr_pull_struct_blob - %s\n", + hex_encode_talloc(frame, key.dptr, key.dsize), + ndr_errstr(ndr_err))); + goto done; + } + + if (global_blob.version != SMBXSRV_VERSION_0) { + DEBUG(1,("Invalid record in smbXsrv_tcon_global.tdb:" + "key '%s' unsuported version - %d\n", + hex_encode_talloc(frame, key.dptr, key.dsize), + (int)global_blob.version)); + goto done; + } + + ret = state->fn(global_blob.info.info0, state->private_data); +done: + TALLOC_FREE(frame); + return ret; +} + +NTSTATUS smbXsrv_tcon_global_traverse( + int (*fn)(struct smbXsrv_tcon_global0 *, void *), + void *private_data) +{ + NTSTATUS status; + int count = 0; + struct smbXsrv_tcon_global_traverse_state state = { + .fn = fn, + .private_data = private_data, + }; + + become_root(); + status = smbXsrv_tcon_global_init(); + if (!NT_STATUS_IS_OK(status)) { + unbecome_root(); + DEBUG(0, ("Failed to initialize tcon_global: %s\n", + nt_errstr(status))); + return status; + } + + status = dbwrap_traverse_read(smbXsrv_tcon_global_db_ctx, + smbXsrv_tcon_global_traverse_fn, + &state, + &count); + unbecome_root(); + + return status; +} -- 1.7.9.5 From bcfa721a36269d4390ae5ce747cfd3dff6a255ac Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Fri, 7 Sep 2012 15:18:39 +0200 Subject: [PATCH 22/39] s3:build: move sessionid_tdb.o and conn_tdb.o to SMBD_OBJ_BASE and use SMBD_OBJ_BASE for a couple of targets where sessionid_tdb and conn_tdb were used. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/Makefile.in | 84 ++++++++++++++------------------------ source3/wscript_build | 12 ++++-- source4/rpc_server/wscript_build | 2 +- 3 files changed, 41 insertions(+), 57 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index bafa82a..b35ae4e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -480,8 +480,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) $(LIBTSOCKET_OBJ) \ ../libcli/smb/smb_signing.o \ ../lib/util/charset/iconv.o ../lib/util/charset/weird.o \ ../lib/util/charset/charset_macosxfs.o intl/lang_tdb.o \ - lib/conn_tdb.o lib/adt_tree.o lib/gencache.o \ - lib/sessionid_tdb.o \ + lib/adt_tree.o lib/gencache.o \ ../lib/util/modules.o lib/events.o @LIBTEVENT_OBJ0@ \ @CCAN_OBJ@ \ lib/server_contexts.o \ @@ -1001,7 +1000,9 @@ SMBD_OBJ_BASE = $(PARAM_WITHOUT_REG_OBJ) $(SMBD_OBJ_SRV) $(LIBSMB_OBJ) \ $(PRIVILEGES_BASIC_OBJ) \ $(REGFIO_OBJ) \ $(REG_API_REGF_OBJ) \ - $(LIBNDR_XATTR_OBJ) + $(LIBNDR_XATTR_OBJ) \ + lib/conn_tdb.o lib/sessionid_tdb.o + PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/print_aix.o \ printing/print_cups.o printing/print_generic.o \ @@ -1043,19 +1044,9 @@ NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o web/neg_lang.o -SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(PRINTBASE_OBJ) $(LIBSMB_OBJ) \ - $(LOCKING_OBJ) $(PASSDB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \ - $(PASSCHANGE_OBJ) $(FNAME_UTIL_OBJ) \ - $(LIBCLI_SAMR_OBJ) \ - rpc_client/init_lsa.o +SWAT_OBJ = $(SWAT_OBJ1) $(SMBD_OBJ_BASE) $(PASSCHANGE_OBJ) -STATUS_OBJ = utils/status.o utils/status_profile.o \ - $(LOCKING_OBJ) $(PARAM_OBJ) \ - smbd/notify_internal.o autoconf/librpc/gen_ndr/ndr_notify.o \ - $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ - $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ) +STATUS_OBJ = utils/status.o utils/status_profile.o $(SMBD_OBJ_BASE) SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ @@ -1223,50 +1214,32 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \ $(PASSWD_UTIL_OBJ) utils/net_dns.o utils/net_ads_gpo.o \ utils/net_conf.o utils/net_join.o utils/net_user.o \ utils/net_group.o utils/net_file.o utils/net_registry.o utils/net_registry_check.o\ - auth/token_util.o utils/net_dom.o utils/net_share.o utils/net_connections.o\ + utils/net_dom.o utils/net_share.o utils/net_connections.o\ utils/net_g_lock.o \ utils/net_serverid.o \ utils/net_eventlog.o \ utils/net_printing.o \ utils/net_rpc_trust.o \ utils/net_rpc_conf.o\ - $(LIBNDR_NTPRINTING_OBJ) \ $(LIBNDR_PREG_OBJ) \ - $(LIBCLI_SPOOLSS_OBJ) \ - $(LIBCLI_WINREG_OBJ) \ $(LIBCLI_DRSUAPI_OBJ) \ $(LIBCLI_INITSHUTDOWN_OBJ) \ $(LIBCLI_DSSETUP_OBJ) \ $(LIBCLI_SVCCTL_OBJ) \ $(LIBCLI_WKSSVC_OBJ) \ - $(LIBCLI_SRVSVC_OBJ) \ - $(LIBCLI_LSA_OBJ) \ - $(LIBCLI_SAMR_OBJ) \ - $(RPC_CLIENT_SCHANNEL_OBJ) \ - rpc_client/init_samr.o \ registry/reg_parse.o registry/reg_format.o \ - registry/reg_import.o \ - printing/nt_printing_migrate.o + registry/reg_import.o # these are not processed by make proto NET_OBJ2 = utils/net_registry_util.o utils/net_help_common.o NET_OBJ = $(NET_OBJ1) \ - $(NET_OBJ2) @FAKE_KASERVER_OBJ@\ - $(PARAM_WITHOUT_REG_OBJ) $(LIBSMB_OBJ) \ - $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(LIBADDNS_OBJ0) \ - $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ - $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(LIBADS_PRINTER_OBJ) $(POPT_LIB_OBJ) \ - $(SMBLDAP_OBJ) $(DCUTIL_OBJ) \ - $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(READLINE_OBJ) \ - $(LIBGPO_OBJ) @BUILD_INIPARSER@ $(DISPLAY_SEC_OBJ) \ - $(REG_SMBCONF_OBJ) \ - $(LIBNET_OBJ) $(LIBNET_DSSYNC_OBJ) $(LIBNET_SAMSYNC_OBJ) \ - $(LIBSMBCONF_OBJ) \ - $(REGFIO_OBJ) \ - $(PRIVILEGES_BASIC_OBJ) \ - $(LIB_EVENTLOG_OBJ) + $(NET_OBJ2) \ + $(LIBADDNS_OBJ0) \ + $(READLINE_OBJ) \ + $(LIBGPO_OBJ) $(INIPARSER_OBJ) $(DISPLAY_SEC_OBJ) \ + $(LIBNET_DSSYNC_OBJ) $(LIBNET_SAMSYNC_OBJ) \ + $(SMBD_OBJ_BASE) CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ @@ -1896,11 +1869,13 @@ bin/nmbd: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LI $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(ZLIB_LIBS) -bin/swat: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) +bin/swat: $(BINARY_PREREQS) $(SWAT_OBJ) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @BUILD_POPT@ @echo Linking $@ - @$(CC) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINT_LIBS) \ - $(AUTH_LIBS) $(LIBS) $(PASSDB_LIBS) $(POPT_LIBS) $(KRB5LIBS) \ - $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) + @$(CC) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \ + $(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \ + $(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \ + $(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ + $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) bin/rpcclient: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @@ -1918,11 +1893,11 @@ bin/smbclient: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTD bin/net: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(LIBNETAPI) @echo Linking $@ - @$(CC) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \ - $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \ - $(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) \ - $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBNETAPI_LIBS) \ - $(ZLIB_LIBS) + @$(CC) -o $@ $(NET_OBJ) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \ + $(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \ + $(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \ + $(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ + $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(LIBNETAPI_LIBS) $(TERMLDFLAGS) $(TERMLIBS) bin/profiles: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) @echo Linking $@ @@ -1945,10 +1920,13 @@ bin/smbta-util: $(BINARY_PREREQS) $(SMBTA_UTIL_OBJ) @BUILD_POPT@ $(LIBTALLOC) $( @$(CC) -o $@ $(SMBTA_UTIL_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) -bin/smbstatus: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) +bin/smbstatus: $(BINARY_PREREQS) $(STATUS_OBJ) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @BUILD_POPT@ @echo Linking $@ - @$(CC) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ - $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) + @$(CC) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \ + $(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \ + $(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \ + $(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ + $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) bin/smbcontrol: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) @echo Linking $@ diff --git a/source3/wscript_build b/source3/wscript_build index 74cc983..fc46621 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -58,8 +58,7 @@ LIB_SRC = ''' lib/ms_fnmatch.c lib/tallocmsg.c lib/dmallocmsg.c intl/lang_tdb.c - lib/conn_tdb.c lib/gencache.c - lib/sessionid_tdb.c + lib/gencache.c lib/events.c lib/server_contexts.c lib/server_prefork.c @@ -351,6 +350,8 @@ SMBD_SRC_SRV = '''smbd/server_reload.c smbd/files.c smbd/connection.c lib/sysquotas_xfs.c lib/sysquotas_4A.c lib/sysquotas_4B.c lib/sysquotas_nfs.c lib/background.c + lib/sessionid_tdb.c + lib/conn_tdb.c smbd/fake_file.c smbd/quotas.c smbd/ntquotas.c smbd/msdfs.c smbd/aio.c smbd/statvfs.c @@ -638,6 +639,7 @@ bld.SAMBA3_LIBRARY('netapi', libcli_netlogon3 LIBCLI_SAMR INIT_SAMR + auth ''', public_headers='../source3/lib/netapi/netapi.h', pc_files='libnet/netapi.pc', @@ -675,7 +677,7 @@ bld.SAMBA3_LIBRARY('msrpc3', bld.SAMBA3_LIBRARY('gpo', source='${LIBGPO_SRC}', - deps='talloc ads TOKEN_UTIL gpext', + deps='talloc ads TOKEN_UTIL gpext auth', vars=locals(), private_library=True) @@ -976,6 +978,7 @@ bld.SAMBA3_LIBRARY('smbd_base', LIBASYS ccan-hash NDR_SMB_ACL + netapi ''', private_library=True, vars=locals()) @@ -1223,6 +1226,7 @@ bld.SAMBA3_BINARY('web/swat', param pdb popt_samba3 + smbd_base LOCKING PLAINTEXT_AUTH PASSCHANGE @@ -1294,6 +1298,7 @@ bld.SAMBA3_BINARY('net', msrpc3 gpo ads + smbd_base LIBADS_SERVER LIBADS_PRINTER SMBREADLINE @@ -1359,6 +1364,7 @@ bld.SAMBA3_BINARY('smbstatus', talloc param popt_samba3 + smbd_base LOCKING PROFILE''', vars=locals()) diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build index d94d2e9..cc8efdb 100755 --- a/source4/rpc_server/wscript_build +++ b/source4/rpc_server/wscript_build @@ -17,7 +17,7 @@ bld.SAMBA_SUBSYSTEM('DCERPC_COMMON', bld.SAMBA_LIBRARY('dcerpc_server', source='dcerpc_server.c dcesrv_mgmt.c handles.c', pc_files='dcerpc_server.pc', - deps='LIBCLI_AUTH ndr samba_server_gensec dcerpc_remote service', + deps='LIBCLI_AUTH ndr samba_server_gensec dcerpc_remote service auth', public_deps='dcerpc', autoproto='dcerpc_server_proto.h', public_headers='dcerpc_server.h', -- 1.7.9.5 From f588704640868a003d901b57045511623e6a1f69 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Tue, 28 Aug 2012 14:29:51 +0200 Subject: [PATCH 23/39] s3:smbd:setup_new_vc_session: traverse sessions instead of connections to shutdown other smbds Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/sesssetup.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index aad122c..890189c 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -488,36 +488,43 @@ struct shutdown_state { struct messaging_context *msg_ctx; }; -static int shutdown_other_smbds(const struct connections_key *key, - const struct connections_data *crec, +static int shutdown_other_smbds(struct smbXsrv_session_global0 *session, void *private_data) { struct shutdown_state *state = (struct shutdown_state *)private_data; struct server_id self_pid = messaging_server_id(state->msg_ctx); + struct server_id pid = session->channels[0].server_id; + const char *addr = session->channels[0].remote_address; DEBUG(10, ("shutdown_other_smbds: %s, %s\n", - server_id_str(talloc_tos(), &crec->pid), crec->addr)); + server_id_str(talloc_tos(), &pid), addr)); - if (!process_exists(crec->pid)) { + if (!process_exists(pid)) { DEBUG(10, ("process does not exist\n")); return 0; } - if (serverid_equal(&crec->pid, &self_pid)) { + if (serverid_equal(&pid, &self_pid)) { DEBUG(10, ("It's me\n")); return 0; } - if (strcmp(state->ip, crec->addr) != 0) { - DEBUG(10, ("%s does not match %s\n", state->ip, crec->addr)); + /* + * here we use strstr() because 'addr' + * (session->channels[0].remote_address) + * contains a string like: + * 'ipv4:127.0.0.1:48163' + */ + if (strstr(addr, state->ip) == NULL) { + DEBUG(10, ("%s does not match %s\n", state->ip, addr)); return 0; } DEBUG(1, ("shutdown_other_smbds: shutting down pid %u " - "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid), + "(IP %s)\n", (unsigned int)procid_to_pid(&pid), state->ip)); - messaging_send(state->msg_ctx, crec->pid, MSG_SHUTDOWN, + messaging_send(state->msg_ctx, pid, MSG_SHUTDOWN, &data_blob_null); return 0; } @@ -541,7 +548,7 @@ static void setup_new_vc_session(struct smbd_server_connection *sconn) } state.ip = addr; state.msg_ctx = sconn->msg_ctx; - connections_forall_read(shutdown_other_smbds, &state); + smbXsrv_session_global_traverse(shutdown_other_smbds, &state); TALLOC_FREE(addr); } } -- 1.7.9.5 From d9ea786c86d6bc42df60881ff703213ef3bd9319 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Tue, 28 Aug 2012 15:53:28 +0200 Subject: [PATCH 24/39] s3:smbd/connection: use smbXsrv_tcon_traverse to count connections Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/connection.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index ac2ab95..2dc004b 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -64,21 +64,16 @@ struct count_stat { Count the entries belonging to a service in the connection db. ****************************************************************************/ -static int count_fn(const struct connections_key *ckey, - const struct connections_data *crec, +static int count_fn(struct smbXsrv_tcon_global0 *tcon, void *udp) { struct count_stat *cs = (struct count_stat *)udp; - if (crec->cnum == TID_FIELD_INVALID) { + if (cs->verify && !process_exists(tcon->server_id)) { return 0; } - if (cs->verify && !process_exists(crec->pid)) { - return 0; - } - - if (strequal(crec->servicename, cs->name)) { + if (strequal(tcon->share_name, cs->name)) { cs->curr_connections++; } @@ -92,7 +87,7 @@ static int count_fn(const struct connections_key *ckey, int count_current_connections(const char *sharename, bool verify) { struct count_stat cs; - int ret; + NTSTATUS status; cs.curr_connections = 0; cs.name = sharename; @@ -103,17 +98,12 @@ int count_current_connections(const char *sharename, bool verify) * as it leads to deadlock. */ - /* - * become_root() because we might have to open connections.tdb - * via ctdb, which is not possible without root. - */ - become_root(); - ret = connections_forall_read(count_fn, &cs); - unbecome_root(); + status = smbXsrv_tcon_global_traverse(count_fn, &cs); - if (ret < 0) { + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("count_current_connections: traverse of " - "connections.tdb failed\n")); + "smbXsrv_tcon_global.tdb failed - %s\n", + nt_errstr(status))); return 0; } -- 1.7.9.5 From f2714318ae7358abd328e264dc80821c2749bcc6 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 10:36:59 +0200 Subject: [PATCH 25/39] s3:lib: implement sessionid_traverse_read with smb2srv_session_traverse_read Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/lib/sessionid_tdb.c | 58 ++++++++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c index 5782c9a..fafdb9a 100644 --- a/source3/lib/sessionid_tdb.c +++ b/source3/lib/sessionid_tdb.c @@ -23,6 +23,7 @@ #include "dbwrap/dbwrap_open.h" #include "session.h" #include "util_tdb.h" +#include "smbd/globals.h" static struct db_context *session_db_ctx(void) { @@ -113,28 +114,39 @@ struct sessionid_traverse_read_state { void *private_data; }; -static int sessionid_traverse_read_fn(struct db_record *rec, +static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global, void *private_data) { - TDB_DATA key; - TDB_DATA value; struct sessionid_traverse_read_state *state = (struct sessionid_traverse_read_state *)private_data; - struct sessionid session; - - key = dbwrap_record_get_key(rec); - value = dbwrap_record_get_value(rec); - - if ((key.dptr[key.dsize-1] != '\0') - || (value.dsize != sizeof(struct sessionid))) { - DEBUG(1, ("Found invalid record in sessionid.tdb\n")); - return 0; - } - - memcpy(&session, value.dptr, sizeof(session)); - - return state->fn((char *)key.dptr, &session, - state->private_data); + struct auth_session_info *session_info = global->auth_session_info; + struct sessionid session = { + .uid = session_info->unix_token->uid, + .gid = session_info->unix_token->gid, + .id_num = global->session_global_id, + .connect_start = nt_time_to_unix(global->creation_time), + .pid = global->channels[0].server_id, + }; + + strncpy(session.username, + session_info->unix_info->unix_name, + sizeof(fstring)-1); + strncpy(session.remote_machine, + global->channels[0].remote_name, + sizeof(fstring)-1); + strncpy(session.hostname, + global->channels[0].remote_address, + sizeof(fstring)-1); + strncpy(session.netbios_name, + global->channels[0].remote_name, + sizeof(fstring)-1); + snprintf(session.id_str, sizeof(fstring)-1, + "smb/%u", global->session_global_id); + strncpy(session.ip_addr_str, + global->channels[0].remote_address, + sizeof(fstring)-1); + + return state->fn(NULL, &session, state->private_data); } NTSTATUS sessionid_traverse_read(int (*fn)(const char *key, @@ -142,17 +154,13 @@ NTSTATUS sessionid_traverse_read(int (*fn)(const char *key, void *private_data), void *private_data) { - struct db_context *db; struct sessionid_traverse_read_state state; NTSTATUS status; - db = session_db_ctx(); - if (db == NULL) { - return NT_STATUS_UNSUCCESSFUL; - } state.fn = fn; state.private_data = private_data; - status = dbwrap_traverse_read(db, sessionid_traverse_read_fn, &state, - NULL); + status = smbXsrv_session_global_traverse(sessionid_traverse_read_fn, + &state); + return status; } -- 1.7.9.5 From dbff58228e5d05d9799322973aee950951d23fb8 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 16:15:25 +0200 Subject: [PATCH 26/39] s3:smbd: don't use (fill) sessionid.tdb in session_claim/yield any more. We use data from new smbXsrv_session instead. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/smbd/session.c | 132 ++++++++++++------------------------------------ 1 file changed, 33 insertions(+), 99 deletions(-) diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 6b0263e..01a8194 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -42,96 +42,40 @@ bool session_claim(struct smbXsrv_session *session) { - struct user_struct *vuser = session->compat; - struct smbd_server_connection *sconn = session->connection->sconn; - struct server_id pid = messaging_server_id(sconn->msg_ctx); - TDB_DATA data; - struct sessionid sessionid; - fstring keystr; - struct db_record *rec; - NTSTATUS status; - char *raddr; - - vuser->session_keystr = NULL; + struct auth_session_info *session_info = + session->global->auth_session_info; + const char *username; + const char *hostname; + unsigned int id_num; + fstring id_str; /* don't register sessions for the guest user - its just too expensive to go through pam session code for browsing etc */ - if (security_session_user_level(vuser->session_info, NULL) < SECURITY_USER) { - return True; - } - - if (!sessionid_init()) { - return False; + if (security_session_user_level(session_info, NULL) < SECURITY_USER) { + return true; } - ZERO_STRUCT(sessionid); + id_num = session->global->session_global_id; - sessionid.id_num = session->global->session_global_id; - - data.dptr = NULL; - data.dsize = 0; - - snprintf(keystr, sizeof(keystr), "ID/%u", sessionid.id_num); - snprintf(sessionid.id_str, sizeof(sessionid.id_str), - "smb/%u", sessionid.id_num); - - rec = sessionid_fetch_record(NULL, keystr); - if (rec == NULL) { - DEBUG(1, ("Could not lock \"%s\"\n", keystr)); - return False; - } - - raddr = tsocket_address_inet_addr_string(session->connection->remote_address, - talloc_tos()); - if (raddr == NULL) { - return false; - } + snprintf(id_str, sizeof(id_str), "smb/%u", id_num); /* Make clear that we require the optional unix_token in the source3 code */ - SMB_ASSERT(vuser->session_info->unix_token); - - fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name); - fstrcpy(sessionid.hostname, sconn->remote_hostname); - sessionid.pid = pid; - sessionid.uid = vuser->session_info->unix_token->uid; - sessionid.gid = vuser->session_info->unix_token->gid; - fstrcpy(sessionid.remote_machine, get_remote_machine_name()); - fstrcpy(sessionid.ip_addr_str, raddr); - sessionid.connect_start = time(NULL); - - if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, - sessionid.hostname)) { - DEBUG(1,("pam_session rejected the session for %s [%s]\n", - sessionid.username, sessionid.id_str)); - - TALLOC_FREE(rec); - return False; - } - - data.dptr = (uint8 *)&sessionid; - data.dsize = sizeof(sessionid); + SMB_ASSERT(session_info->unix_token); - status = dbwrap_record_store(rec, data, TDB_REPLACE); + username = session_info->unix_info->unix_name; + hostname = session->global->channels[0].remote_name; - TALLOC_FREE(rec); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1,("session_claim: unable to create session id " - "record: %s\n", nt_errstr(status))); - return False; + if (!smb_pam_claim_session(username, id_str, hostname)) { + DEBUG(1,("pam_session rejected the session for %s [%s]\n", + username, id_str)); + return false; } if (lp_utmp()) { - sys_utmp_claim(sessionid.username, sessionid.hostname, - sessionid.id_str, sessionid.id_num); + sys_utmp_claim(username, hostname, id_str, id_num); } - vuser->session_keystr = talloc_strdup(vuser, keystr); - if (!vuser->session_keystr) { - DEBUG(0, ("session_claim: talloc_strdup() failed for session_keystr\n")); - return False; - } - return True; + return true; } /******************************************************************** @@ -140,38 +84,28 @@ bool session_claim(struct smbXsrv_session *session) void session_yield(struct smbXsrv_session *session) { - struct user_struct *vuser = session->compat; - struct sessionid sessionid; - struct db_record *rec; - TDB_DATA value; + struct auth_session_info *session_info = + session->global->auth_session_info; + const char *username; + const char *hostname; + unsigned int id_num; + fstring id_str = ""; - if (!vuser->session_keystr) { - return; - } - - rec = sessionid_fetch_record(NULL, vuser->session_keystr); - if (rec == NULL) { - return; - } + id_num = session->global->session_global_id; - value = dbwrap_record_get_value(rec); + snprintf(id_str, sizeof(id_str), "smb/%u", id_num); - if (value.dsize != sizeof(sessionid)) - return; + /* Make clear that we require the optional unix_token in the source3 code */ + SMB_ASSERT(session_info->unix_token); - memcpy(&sessionid, value.dptr, sizeof(sessionid)); + username = session_info->unix_info->unix_name; + hostname = session->global->channels[0].remote_name; if (lp_utmp()) { - sys_utmp_yield(sessionid.username, sessionid.hostname, - sessionid.id_str, sessionid.id_num); + sys_utmp_yield(username, hostname, id_str, id_num); } - smb_pam_close_session(sessionid.username, sessionid.id_str, - sessionid.hostname); - - dbwrap_record_delete(rec); - - TALLOC_FREE(rec); + smb_pam_close_session(username, id_str, hostname); } /******************************************************************** -- 1.7.9.5 From 2f2cb2f6894c94f375310661e7c40c167a784eda Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 14:02:22 +0200 Subject: [PATCH 27/39] s3:net_serverid: remove sessionid_traverse from "net serverid wipedbs" This tdb will go away. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/utils/net_serverid.c | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/source3/utils/net_serverid.c b/source3/utils/net_serverid.c index 79be547..2017d41 100644 --- a/source3/utils/net_serverid.c +++ b/source3/utils/net_serverid.c @@ -89,33 +89,10 @@ static int net_serverid_wipedbs_conn( return 0; } -static int net_serverid_wipedbs_sessionid(struct db_record *rec, - const char *key, - struct sessionid *session, - void *private_data) -{ - if (!serverid_exists(&session->pid)) { - NTSTATUS status; - - DEBUG(10, ("Deleting sessionid.tdb record for pid %s\n", - server_id_str(talloc_tos(), &session->pid))); - - status = dbwrap_record_delete(rec); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Could not delete session.tdb record " - "for pid %s: %s\n", - server_id_str(talloc_tos(), &session->pid), - nt_errstr(status))); - } - } - return 0; -} - static int net_serverid_wipedbs(struct net_context *c, int argc, const char **argv) { connections_forall(net_serverid_wipedbs_conn, NULL); - sessionid_traverse(net_serverid_wipedbs_sessionid, NULL); return 0; } -- 1.7.9.5 From ac5c8909a94228cec47067188036f1c2a42378aa Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 10:36:59 +0200 Subject: [PATCH 28/39] s3:lib: remove unused sessionid_*() functions Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/include/proto.h | 6 ---- source3/lib/sessionid_tdb.c | 83 ------------------------------------------- source3/smbd/server.c | 3 -- 3 files changed, 92 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index ac3d205..7c5a5a7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1509,12 +1509,6 @@ void server_messaging_context_free(void); /* The following definitions come from lib/sessionid_tdb.c */ struct sessionid; -bool sessionid_init(void); -struct db_record *sessionid_fetch_record(TALLOC_CTX *mem_ctx, const char *key); -NTSTATUS sessionid_traverse(int (*fn)(struct db_record *rec, const char *key, - struct sessionid *session, - void *private_data), - void *private_data); NTSTATUS sessionid_traverse_read(int (*fn)(const char *key, struct sessionid *session, void *private_data), diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c index fafdb9a..045b3d2 100644 --- a/source3/lib/sessionid_tdb.c +++ b/source3/lib/sessionid_tdb.c @@ -25,89 +25,6 @@ #include "util_tdb.h" #include "smbd/globals.h" -static struct db_context *session_db_ctx(void) -{ - static struct db_context *session_db_ctx_ptr; - - if (session_db_ctx_ptr != NULL) { - return session_db_ctx_ptr; - } - - session_db_ctx_ptr = db_open(NULL, lock_path("sessionid.tdb"), 0, - TDB_CLEAR_IF_FIRST|TDB_DEFAULT|TDB_INCOMPATIBLE_HASH, - O_RDWR | O_CREAT, 0644, - DBWRAP_LOCK_ORDER_1); - return session_db_ctx_ptr; -} - -bool sessionid_init(void) -{ - if (session_db_ctx() == NULL) { - DEBUG(1,("session_init: failed to open sessionid tdb\n")); - return False; - } - - return True; -} - -struct db_record *sessionid_fetch_record(TALLOC_CTX *mem_ctx, const char *key) -{ - struct db_context *db; - - db = session_db_ctx(); - if (db == NULL) { - return NULL; - } - return dbwrap_fetch_locked(db, mem_ctx, string_term_tdb_data(key)); -} - -struct sessionid_traverse_state { - int (*fn)(struct db_record *rec, const char *key, - struct sessionid *session, void *private_data); - void *private_data; -}; - -static int sessionid_traverse_fn(struct db_record *rec, void *private_data) -{ - TDB_DATA key; - TDB_DATA value; - struct sessionid_traverse_state *state = - (struct sessionid_traverse_state *)private_data; - struct sessionid session; - - key = dbwrap_record_get_key(rec); - value = dbwrap_record_get_value(rec); - if ((key.dptr[key.dsize-1] != '\0') - || (value.dsize != sizeof(struct sessionid))) { - DEBUG(1, ("Found invalid record in sessionid.tdb\n")); - return 0; - } - - memcpy(&session, value.dptr, sizeof(session)); - - return state->fn(rec, (char *)key.dptr, &session, - state->private_data); -} - -NTSTATUS sessionid_traverse(int (*fn)(struct db_record *rec, const char *key, - struct sessionid *session, - void *private_data), - void *private_data) -{ - struct db_context *db; - struct sessionid_traverse_state state; - NTSTATUS status; - - db = session_db_ctx(); - if (db == NULL) { - return NT_STATUS_UNSUCCESSFUL; - } - state.fn = fn; - state.private_data = private_data; - status = dbwrap_traverse(db, sessionid_traverse_fn, &state, NULL); - return status; -} - struct sessionid_traverse_read_state { int (*fn)(const char *key, struct sessionid *session, void *private_data); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 8eb3d9e..bad6752 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1398,9 +1398,6 @@ extern void build_options(bool screen); exit(1); } - if (!sessionid_init()) { - exit(1); - } status = smbXsrv_session_global_init(); if (!NT_STATUS_IS_OK(status)) { exit(1); -- 1.7.9.5 From 5a4ffb20ffe387fa5bb373778ba84d24a7e5b74f Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Thu, 23 Aug 2012 14:02:22 +0200 Subject: [PATCH 29/39] s3:net_serverid: remove connections_forall from "net serverid wipedbs" This tdb will go away. Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/utils/net_serverid.c | 31 +++---------------------------- 1 file changed, 3 insertions(+), 28 deletions(-) diff --git a/source3/utils/net_serverid.c b/source3/utils/net_serverid.c index 2017d41..2d25ba7 100644 --- a/source3/utils/net_serverid.c +++ b/source3/utils/net_serverid.c @@ -66,33 +66,10 @@ static int net_serverid_wipe(struct net_context *c, int argc, return serverid_traverse(net_serverid_wipe_fn, NULL) ? 0 : -1; } -static int net_serverid_wipedbs_conn( - struct db_record *rec, - const struct connections_key *key, - const struct connections_data *data, - void *private_data) -{ - if (!serverid_exists(&key->pid)) { - NTSTATUS status; - - DEBUG(10, ("Deleting connections.tdb record for pid %s\n", - server_id_str(talloc_tos(), &key->pid))); - - status = dbwrap_record_delete(rec); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Could not delete connections.tdb record " - "for pid %s: %s\n", - server_id_str(talloc_tos(), &key->pid), - nt_errstr(status))); - } - } - return 0; -} - static int net_serverid_wipedbs(struct net_context *c, int argc, const char **argv) { - connections_forall(net_serverid_wipedbs_conn, NULL); + d_printf("TODO reimplement!\n"); return 0; } @@ -119,11 +96,9 @@ int net_serverid(struct net_context *c, int argc, const char **argv) "wipedbs", net_serverid_wipedbs, NET_TRANSPORT_LOCAL, - N_("Clean dead entries from connections.tdb and " - "sessionid.tdb"), + N_("Clean dead entries from temporary databases"), N_("net serverid wipedbs\n" - " Clean dead entries from connections.tdb and " - "sessionid.tdb") + " Clean dead entries from temporary databases") }, {NULL, NULL, 0, NULL, NULL} }; -- 1.7.9.5 From 4a7a8ecb0b69b3b79823aab7504e75451d20e5a0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Oct 2012 19:20:45 +0200 Subject: [PATCH 30/39] s3:utils/net: remove unused "net connections" The connections.tdb will go away. metze Signed-off-by: Michael Adam --- source3/Makefile.in | 2 +- source3/utils/net.c | 7 - source3/utils/net_connections.c | 273 --------------------------------------- source3/utils/net_proto.h | 4 - source3/wscript_build | 2 +- 5 files changed, 2 insertions(+), 286 deletions(-) delete mode 100644 source3/utils/net_connections.c diff --git a/source3/Makefile.in b/source3/Makefile.in index b35ae4e..990217c 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1214,7 +1214,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \ $(PASSWD_UTIL_OBJ) utils/net_dns.o utils/net_ads_gpo.o \ utils/net_conf.o utils/net_join.o utils/net_user.o \ utils/net_group.o utils/net_file.o utils/net_registry.o utils/net_registry_check.o\ - utils/net_dom.o utils/net_share.o utils/net_connections.o\ + utils/net_dom.o utils/net_share.o \ utils/net_g_lock.o \ utils/net_serverid.o \ utils/net_eventlog.o \ diff --git a/source3/utils/net.c b/source3/utils/net.c index 075ccc17..eccb522 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -715,13 +715,6 @@ static struct functable net_func[] = { N_(" Use 'net help registry' to get more information about " "'net registry' commands.") }, - { "connections", - net_connections, - NET_TRANSPORT_LOCAL, - N_("Fiddle with connectinos tdb"), - N_(" Use 'net help connections' to get more information about " - "'net connections' commands.") - }, { "eventlog", net_eventlog, NET_TRANSPORT_LOCAL, diff --git a/source3/utils/net_connections.c b/source3/utils/net_connections.c deleted file mode 100644 index a74d53f..0000000 --- a/source3/utils/net_connections.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Samba Unix/Linux SMB client library - * Distributed SMB/CIFS Server Management Utility - * fiddle with connections tdb - * - * Copyright (C) Gregor Beck 2012 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -#include "includes.h" -#include "net.h" -#include "serverid.h" -#include "popt_common.h" -#include "dbwrap/dbwrap.h" -#include "util_tdb.h" -#include "messages.h" -#include "system/filesys.h" -#include "interact.h" -#include "lib/conn_tdb.h" - -struct cclean_ctx { - struct server_id *ids; - int *cnums; - const char **names; - unsigned num; - - bool *exists; - unsigned num_orphans; - - bool verbose; - bool dry_run; -}; - - -static char *serverid_str(const struct server_id id) -{ - return talloc_asprintf(talloc_tos(), "pid %u, vnn %u, uid %llu", - (unsigned)id.pid, (unsigned)id.vnn, (unsigned long long)id.unique_id); -} - -static void print_record(const char *msg, - const struct connections_key *k, - const struct connections_data *d) -{ - char *idstr = serverid_str(k->pid); - d_printf("%s: connection %d (%s) ", msg, k->cnum, idstr); - if (d == NULL) { - d_printf("\n"); - } else { - d_printf("to \"%s\" from %u:%u@%s[%s] %s\n", d->servicename, - (unsigned)d->uid, (unsigned)d->gid, d->machine, - d->addr, time_to_asc(d->start)); - } - talloc_free(idstr); -} - -static int read_connections_fn(const struct connections_key *key, - const struct connections_data *data, - void *cclean_ctx) -{ - struct cclean_ctx *ctx = (struct cclean_ctx *)cclean_ctx; - unsigned length = talloc_array_length(ctx->cnums); - if (length <= ctx->num) { - int n = MAX(2*length, 16); - void *tmp; - - tmp = talloc_realloc(ctx, ctx->ids, struct server_id, n); - if (tmp == NULL) { - goto talloc_failed; - } - ctx->ids = (struct server_id *)tmp; - - tmp = talloc_realloc(ctx, ctx->cnums, int, n); - if (tmp == NULL) { - goto talloc_failed; - } - ctx->cnums = (int *)tmp; - - tmp = talloc_realloc(ctx, ctx->names, const char *, n); - if (tmp == NULL) { - goto talloc_failed; - } - ctx->names = (const char **)tmp; - } - - if (ctx->verbose) { - print_record("Read", key, data); - } - - ctx->ids[ctx->num] = key->pid; - ctx->cnums[ctx->num] = key->cnum; - ctx->names[ctx->num] = talloc_strndup(ctx, key->name, FSTRING_LEN); - if (ctx->names[ctx->num] == NULL) { - goto talloc_failed; - } - ctx->num++; - - return 0; - -talloc_failed: - DEBUG(0, ("Out of memory\n")); - return -1; -} - -static int read_connections(struct cclean_ctx *ctx) -{ - int ret = connections_forall_read( - &read_connections_fn, - ctx); - if (ret < 0) { - return ret; - } - if (ret != ctx->num) { - DEBUG(0, ("Skipped %d invalid entries\n", ret - ctx->num)); - } - return 0; -} - -static int check_connections(struct cclean_ctx *ctx) -{ - int i, ret = -1; - - ctx->exists = talloc_realloc(ctx, ctx->exists, bool, MAX(1, ctx->num)); - if (ctx->exists == NULL) { - DEBUG(0, ("Out of memory\n")); - goto done; - } - - if (!serverids_exist(ctx->ids, ctx->num, ctx->exists)) { - DEBUG(0, ("serverids_exist() failed\n")); - goto done; - } - - ctx->num_orphans = 0; - for (i=0; inum; i++) { - if (!ctx->exists[i]) { - char *idstr = serverid_str(ctx->ids[i]); - d_printf("Orphaned entry: %s\n", idstr); - talloc_free(idstr); - ctx->num_orphans++; - } - } - ret = 0; -done: - return ret; -} - -static int delete_orphans(struct cclean_ctx *ctx) -{ - NTSTATUS status; - struct db_record *conn; - int i, ret = 0; - - for (i=0; inum; i++) { - if (!ctx->exists[i]) { - TDB_DATA key, value; - conn = connections_fetch_entry_ext(NULL, - ctx->ids[i], - ctx->cnums[i], - ctx->names[i]); - - key = dbwrap_record_get_key(conn); - value = dbwrap_record_get_value(conn); - - print_record("Delete record", - (struct connections_key *)key.dptr, - (struct connections_data *)value.dptr); - - if (!ctx->dry_run) { - status = dbwrap_record_delete(conn); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to delete record: %s\n", - nt_errstr(status))); - ret = -2; - } - } - TALLOC_FREE(conn); - } - } - return ret; -} - -static int cclean(bool verbose, bool dry_run, bool automatic) -{ - int ret = -1; - struct cclean_ctx *ctx = talloc_zero(talloc_tos(), struct cclean_ctx); - if (ctx == NULL) { - d_printf("Out of memory\n"); - goto done; - } - - ctx->verbose = verbose; - ctx->dry_run = dry_run; - - ret = read_connections(ctx); - if (ret != 0) { - d_printf("Failed to read connections\n"); - goto done; - } - d_printf("Read %u connections\n", ctx->num); - - ret = check_connections(ctx); - if (ret != 0) { - d_printf("Failed to check connections\n"); - goto done; - } - d_printf("Found %u orphans\n", ctx->num_orphans); - - if (ctx->num_orphans == 0) { - goto done; - } - - if (!automatic) { - int act = interact_prompt("Delete ([y]es/[n]o)", "yn", 'n'); - if (tolower(act) != 'y') { - ret = 0; - goto done; - } - } - ret = delete_orphans(ctx); - if (ret != 0) { - d_printf("Failed to delete all orphans\n"); - } -done: - talloc_free(ctx); - return ret; -} - -static int net_connections_cleanup(struct net_context *c, - int argc, const char **argv) -{ - return cclean(c->opt_verbose, c->opt_testmode, c->opt_auto); -} - -int net_connections(struct net_context *c, int argc, const char **argv) -{ - int ret = -1; - - struct functable func[] = { - { - "cleanup", - net_connections_cleanup, - NET_TRANSPORT_LOCAL, - N_("Remove orphaned entries from connections.tdb"), - N_("net connections cleanup\n" - " Remove orphaned entries from connections.tdb") - }, - { NULL, NULL, 0, NULL, NULL } - }; - - if (!c->display_usage) { - if (!connections_init(!c->opt_testmode)) { - DEBUG(0, ("Failed to open connections tdb\n")); - return -1; - } - } - - ret = net_run_function(c, argc, argv, "net connections", func); - - return ret; -} diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index a683abb..3f99e14 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -132,10 +132,6 @@ int net_rap(struct net_context *c, int argc, const char **argv); int net_registry(struct net_context *c, int argc, const char **argv); -/* The following definitions come from utils/net_connections.c */ - -int net_connections(struct net_context *c, int argc, const char **argv); - /* The following definitions come from utils/net_rpc.c */ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/wscript_build b/source3/wscript_build index fc46621..4b9c3ec 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -514,7 +514,7 @@ NET_SRC1 = '''utils/net.c utils/net_ads.c utils/net_help.c utils/net_util.c utils/net_rpc_sh_acct.c utils/net_rpc_audit.c utils/net_dns.c utils/net_ads_gpo.c utils/net_conf.c utils/net_join.c utils/net_user.c - utils/net_group.c utils/net_file.c utils/net_registry.c utils/net_connections.c + utils/net_group.c utils/net_file.c utils/net_registry.c utils/net_registry_check.c utils/net_dom.c utils/net_share.c utils/net_g_lock.c -- 1.7.9.5 From 3b61c605d6815a8033d70f367a69e876f63bc5de Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Oct 2012 10:13:59 +0200 Subject: [PATCH 31/39] doc-xml: remove "net connections" documentation metze Signed-off-by: Michael Adam --- docs-xml/manpages/net.8.xml | 39 --------------------------------------- 1 file changed, 39 deletions(-) diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index 322aa88..3765af9 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -2112,45 +2112,6 @@ string. -CONNECTIONS - -Manipulate Samba's connections database. - - -The registry commands are: - -net connections cleanup - Remove orphaned entries from the connections database. - - - - - CONNECTIONS CLEANUP [-avT] - Remove orphaned entries from the connections database. This may be necessary if restarting smbd isn't an option. - - -a|--auto - - Noninteractive mode, don't ask. - - - - -v|--verbose - - Produce more output. - - - - -T|--test - - Dry run, show what changes would be made but don't touch anything. - - - - - - - - - EVENTLOG Starting with version 3.4.0 net can read, dump, import and export native -- 1.7.9.5 From b74ed25a9999c0029ddf2771f729c497c20b9c30 Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 27 Aug 2012 15:21:42 +0200 Subject: [PATCH 32/39] s3:lib: remove function connections_forall() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/lib/conn_tdb.c | 56 ------------------------------------------------ source3/lib/conn_tdb.h | 5 ----- 2 files changed, 61 deletions(-) diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index c469005..0a622de 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -81,62 +81,6 @@ struct db_record *connections_fetch_entry(TALLOC_CTX *mem_ctx, return connections_fetch_entry_ext(mem_ctx, id, conn->cnum, name); } - -struct conn_traverse_state { - int (*fn)(struct db_record *rec, - const struct connections_key *key, - const struct connections_data *data, - void *private_data); - void *private_data; -}; - -static int conn_traverse_fn(struct db_record *rec, void *private_data) -{ - TDB_DATA key; - TDB_DATA value; - struct conn_traverse_state *state = - (struct conn_traverse_state *)private_data; - - key = dbwrap_record_get_key(rec); - value = dbwrap_record_get_value(rec); - - if ((key.dsize != sizeof(struct connections_key)) - || (value.dsize != sizeof(struct connections_data))) { - return 0; - } - - return state->fn(rec, (const struct connections_key *)key.dptr, - (const struct connections_data *)value.dptr, - state->private_data); -} - -int connections_forall(int (*fn)(struct db_record *rec, - const struct connections_key *key, - const struct connections_data *data, - void *private_data), - void *private_data) -{ - struct db_context *ctx; - struct conn_traverse_state state; - NTSTATUS status; - int count; - - ctx = connections_db_ctx(true); - if (ctx == NULL) { - return -1; - } - - state.fn = fn; - state.private_data = private_data; - - status = dbwrap_traverse(ctx, conn_traverse_fn, (void *)&state, &count); - if (!NT_STATUS_IS_OK(status)) { - return -1; - } - - return count; -} - struct conn_traverse_read_state { int (*fn)(const struct connections_key *key, const struct connections_data *data, diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h index bf8add9..180a5e2 100644 --- a/source3/lib/conn_tdb.h +++ b/source3/lib/conn_tdb.h @@ -51,11 +51,6 @@ struct db_record *connections_fetch_entry_ext(TALLOC_CTX *mem_ctx, struct server_id id, int cnum, const char *name); -int connections_forall(int (*fn)(struct db_record *rec, - const struct connections_key *key, - const struct connections_data *data, - void *private_data), - void *private_data); int connections_forall_read(int (*fn)(const struct connections_key *key, const struct connections_data *data, void *private_data), -- 1.7.9.5 From 7be7ec803f88de68ef9a5e2b14994a13589ff441 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Oct 2012 13:38:34 +0200 Subject: [PATCH 33/39] s3:smbXsrv.idl: add session_global_id to smbXsrv_tcon_global This is required for some debugging tools like smbstatus. metze Signed-off-by: Michael Adam --- source3/librpc/idl/smbXsrv.idl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl index 2a6d7b3..36710dd 100644 --- a/source3/librpc/idl/smbXsrv.idl +++ b/source3/librpc/idl/smbXsrv.idl @@ -204,6 +204,10 @@ interface smbXsrv NTTIME creation_time; [charset(UTF8),string] char share_name[]; boolean8 encryption_required; + /* + * for SMB1 this is the session that the tcon was opened on + */ + uint32 session_global_id; } smbXsrv_tcon_global0; typedef union { -- 1.7.9.5 From f76436c6ea7867fb60d6ac6b65cffc502a018467 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Oct 2012 13:40:08 +0200 Subject: [PATCH 34/39] s3:smbd: fill tcon->global->session_global_id metze Signed-off-by: Michael Adam --- source3/smbd/service.c | 2 ++ source3/smbd/smb2_tcon.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b74192c..016b93f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -983,6 +983,8 @@ static connection_struct *make_connection_smb1(struct smbd_server_connection *sc *pstatus = NT_STATUS_NO_MEMORY; return NULL; } + tcon->global->session_global_id = + vuser->session->global->session_global_id; tcon->compat = talloc_move(tcon, &conn); tcon->status = NT_STATUS_OK; diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index 1346d13..ca67461 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -283,6 +283,8 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, TALLOC_FREE(tcon); return NT_STATUS_NO_MEMORY; } + tcon->global->session_global_id = + req->session->global->session_global_id; tcon->compat = talloc_move(tcon, &compat_conn); -- 1.7.9.5 From 0ccbf89bda71cdbe8d216bab0aa6aacd98cf95df Mon Sep 17 00:00:00 2001 From: Gregor Beck Date: Mon, 3 Sep 2012 11:13:16 +0200 Subject: [PATCH 35/39] s3:lib/conn_tdb: implement connections_forall_read() based on smbXsrv_*_global_traverse() Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- source3/lib/conn_tdb.c | 124 ++++++++++++++++++++++++++++++++++++------------ source3/lib/conn_tdb.h | 9 +--- 2 files changed, 95 insertions(+), 38 deletions(-) diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index 0a622de..3930e27 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -22,8 +22,10 @@ #include "smbd/globals.h" #include "dbwrap/dbwrap.h" #include "dbwrap/dbwrap_open.h" +#include "dbwrap/dbwrap_rbt.h" #include "messages.h" #include "lib/conn_tdb.h" +#include "util_tdb.h" static struct db_context *connections_db_ctx(bool rw) { @@ -81,31 +83,88 @@ struct db_record *connections_fetch_entry(TALLOC_CTX *mem_ctx, return connections_fetch_entry_ext(mem_ctx, id, conn->cnum, name); } -struct conn_traverse_read_state { +struct connections_forall_state { + struct db_context *session_by_pid; int (*fn)(const struct connections_key *key, const struct connections_data *data, void *private_data); void *private_data; + int count; +}; + +struct connections_forall_session { + uid_t uid; + gid_t gid; + char machine[FSTRING_LEN]; + char addr[FSTRING_LEN]; }; -static int connections_forall_read_fn(struct db_record *rec, - void *private_data) +static int collect_sessions_fn(struct smbXsrv_session_global0 *global, + void *connections_forall_state) { - TDB_DATA key; - TDB_DATA value; - struct conn_traverse_read_state *state = - (struct conn_traverse_read_state *)private_data; + NTSTATUS status; + struct connections_forall_state *state = + (struct connections_forall_state*)connections_forall_state; + + uint32_t id = global->session_global_id; + struct connections_forall_session sess; + + sess.uid = global->auth_session_info->unix_token->uid; + sess.gid = global->auth_session_info->unix_token->gid; + strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine)); + strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr)); + + status = dbwrap_store(state->session_by_pid, + make_tdb_data((void*)&id, sizeof(id)), + make_tdb_data((void*)&sess, sizeof(sess)), + TDB_INSERT); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to store record: %s\n", nt_errstr(status))); + } + return 0; +} + +static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global, + void *connections_forall_state) +{ + NTSTATUS status; + struct connections_forall_state *state = + (struct connections_forall_state*)connections_forall_state; + + struct connections_key key; + struct connections_data data; - key = dbwrap_record_get_key(rec); - value = dbwrap_record_get_value(rec); + uint32_t sess_id = global->session_global_id; + struct connections_forall_session sess = { + .uid = -1, + .gid = -1, + }; - if ((key.dsize != sizeof(struct connections_key)) - || (value.dsize != sizeof(struct connections_data))) { - return 0; + TDB_DATA val = tdb_null; + + status = dbwrap_fetch(state->session_by_pid, state, + make_tdb_data((void*)&sess_id, sizeof(sess_id)), + &val); + if (NT_STATUS_IS_OK(status)) { + memcpy((uint8_t *)&sess, val.dptr, val.dsize); } - return state->fn((const struct connections_key *)key.dptr, - (const struct connections_data *)value.dptr, - state->private_data); + + ZERO_STRUCT(key); + ZERO_STRUCT(data); + + key.pid = data.pid = global->server_id; + key.cnum = data.cnum = global->tcon_global_id; + strncpy(key.name, global->share_name, sizeof(key.name)); + strncpy(data.servicename, global->share_name, sizeof(data.servicename)); + data.uid = sess.uid; + data.gid = sess.gid; + strncpy(data.addr, sess.addr, sizeof(data.addr)); + strncpy(data.machine, sess.machine, sizeof(data.machine)); + data.start = nt_time_to_unix(global->creation_time); + + state->count++; + + return state->fn(&key, &data, state->private_data); } int connections_forall_read(int (*fn)(const struct connections_key *key, @@ -113,27 +172,32 @@ int connections_forall_read(int (*fn)(const struct connections_key *key, void *private_data), void *private_data) { - struct db_context *ctx; - struct conn_traverse_read_state state; + TALLOC_CTX *frame = talloc_stackframe(); + struct connections_forall_state *state = + talloc_zero(talloc_tos(), struct connections_forall_state); NTSTATUS status; - int count; + int ret = -1; - ctx = connections_db_ctx(false); - if (ctx == NULL) { - return -1; + state->session_by_pid = db_open_rbt(state); + state->fn = fn; + state->private_data = private_data; + status = smbXsrv_session_global_traverse(collect_sessions_fn, state); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to traverse sessions: %s\n", + nt_errstr(status))); + goto done; } - state.fn = fn; - state.private_data = private_data; - - status = dbwrap_traverse_read(ctx, connections_forall_read_fn, - (void *)&state, &count); - + status = smbXsrv_tcon_global_traverse(traverse_tcon_fn, state); if (!NT_STATUS_IS_OK(status)) { - return -1; + DEBUG(0, ("Failed to traverse tree connects: %s\n", + nt_errstr(status))); + goto done; } - - return count; + ret = state->count; +done: + talloc_free(frame); + return ret; } bool connections_init(bool rw) diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h index 180a5e2..2f45281 100644 --- a/source3/lib/conn_tdb.h +++ b/source3/lib/conn_tdb.h @@ -25,21 +25,14 @@ struct connections_key { }; struct connections_data { - int magic; struct server_id pid; int cnum; uid_t uid; gid_t gid; char servicename[FSTRING_LEN]; - char addr[24]; + char addr[FSTRING_LEN]; char machine[FSTRING_LEN]; time_t start; - - /* - * This field used to hold the msg_flags. For compatibility reasons, - * keep the data structure in the tdb file the same. - */ - uint32 unused_compatitibility_field; }; /* The following definitions come from lib/conn_tdb.c */ -- 1.7.9.5 From 3eff70087005ffdee2ca579e65846ba1c33ec17f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Oct 2012 19:11:31 +0200 Subject: [PATCH 36/39] s3:smbd: don't call claim/yield_connection() in make_connection_snum/close_cnum() This was used to maintain the connections.tdb database which is being removed. We use info from the smbXsrv_tcon instead. Signed-off-by: Michael Adam --- source3/smbd/server.c | 3 --- source3/smbd/service.c | 16 ---------------- 2 files changed, 19 deletions(-) diff --git a/source3/smbd/server.c b/source3/smbd/server.c index bad6752..7113eae 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1403,9 +1403,6 @@ extern void build_options(bool screen); exit(1); } - if (!connections_init(true)) { - exit(1); - } status = smbXsrv_tcon_global_init(); if (!NT_STATUS_IS_OK(status)) { exit(1); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 016b93f..bb28fbf 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -559,7 +559,6 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, fstring dev; int ret; bool on_err_call_dis_hook = false; - bool claimed_connection = false; uid_t effuid; gid_t effgid; NTSTATUS status; @@ -699,16 +698,6 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, goto err_root_exit; } - /* - * Get us an entry in the connections db - */ - if (!claim_connection(conn, lp_servicename(talloc_tos(), snum))) { - DEBUG(1, ("Could not store connections entry\n")); - status = NT_STATUS_INTERNAL_DB_ERROR; - goto err_root_exit; - } - claimed_connection = true; - /* Invoke VFS make connection hook - this must be the first filesystem operation that we do. */ @@ -925,9 +914,6 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, /* Call VFS disconnect hook */ SMB_VFS_DISCONNECT(conn); } - if (claimed_connection) { - yield_connection(conn, lp_servicename(talloc_tos(), snum)); - } return status; } @@ -1180,8 +1166,6 @@ void close_cnum(connection_struct *conn, uint64_t vuid) /* Call VFS disconnect hook */ SMB_VFS_DISCONNECT(conn); - yield_connection(conn, lp_servicename(talloc_tos(), SNUM(conn))); - /* make sure we leave the directory available for unmount */ vfs_ChDir(conn, "/"); -- 1.7.9.5 From d4f369c470ec1c8c7986a73e4ee6e18a97edd834 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Oct 2012 19:13:39 +0200 Subject: [PATCH 37/39] s3:smbd: remove unused claim_connection/yield_connection metze Signed-off-by: Michael Adam --- source3/smbd/connection.c | 86 --------------------------------------------- source3/smbd/proto.h | 2 -- 2 files changed, 88 deletions(-) diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 2dc004b..0b78b9e 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -26,34 +26,6 @@ #include "messages.h" #include "lib/conn_tdb.h" -/**************************************************************************** - Delete a connection record. -****************************************************************************/ - -bool yield_connection(connection_struct *conn, const char *name) -{ - struct db_record *rec; - NTSTATUS status; - - DEBUG(3,("Yielding connection to %s\n",name)); - - rec = connections_fetch_entry(talloc_tos(), conn, name); - if (rec == NULL) { - DEBUG(0, ("connections_fetch_entry failed\n")); - return False; - } - - status = dbwrap_record_delete(rec); - if (!NT_STATUS_IS_OK(status)) { - DEBUG( NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND) ? 3 : 0, - ("deleting connection record returned %s\n", - nt_errstr(status))); - } - - TALLOC_FREE(rec); - return NT_STATUS_IS_OK(status); -} - struct count_stat { int curr_connections; const char *name; @@ -122,61 +94,3 @@ bool connections_snum_used(struct smbd_server_connection *unused, int snum) return false; } - -/**************************************************************************** - Claim an entry in the connections database. -****************************************************************************/ - -bool claim_connection(connection_struct *conn, const char *name) -{ - struct db_record *rec; - struct connections_data crec; - char *raddr; - TDB_DATA dbuf; - NTSTATUS status; - - DEBUG(5,("claiming [%s]\n", name)); - - if (!(rec = connections_fetch_entry(talloc_tos(), conn, name))) { - DEBUG(0, ("connections_fetch_entry failed\n")); - return False; - } - - /* Make clear that we require the optional unix_token in the source3 code */ - SMB_ASSERT(conn->session_info->unix_token); - - /* fill in the crec */ - ZERO_STRUCT(crec); - crec.magic = 0x280267; - crec.pid = messaging_server_id(conn->sconn->msg_ctx); - crec.cnum = conn->cnum; - crec.uid = conn->session_info->unix_token->uid; - crec.gid = conn->session_info->unix_token->gid; - strlcpy(crec.servicename, lp_servicename(rec, SNUM(conn)), - sizeof(crec.servicename)); - crec.start = time(NULL); - - raddr = tsocket_address_inet_addr_string(conn->sconn->remote_address, - rec); - if (raddr == NULL) { - return false; - } - - strlcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)); - strlcpy(crec.addr, raddr, sizeof(crec.addr)); - - dbuf.dptr = (uint8 *)&crec; - dbuf.dsize = sizeof(crec); - - status = dbwrap_record_store(rec, dbuf, TDB_REPLACE); - - TALLOC_FREE(rec); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("claim_connection: tdb_store failed with error %s.\n", - nt_errstr(status))); - return False; - } - - return True; -} diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index ffbc8d8..d218184 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -160,10 +160,8 @@ void msg_force_tdis(struct messaging_context *msg, /* The following definitions come from smbd/connection.c */ -bool yield_connection(connection_struct *conn, const char *name); int count_current_connections(const char *sharename, bool verify); bool connections_snum_used(struct smbd_server_connection *unused, int snum); -bool claim_connection(connection_struct *conn, const char *name); /* The following definitions come from smbd/dfree.c */ -- 1.7.9.5 From a144911958d7bcd291a8f42a40832ffc0187279a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Oct 2012 19:05:32 +0200 Subject: [PATCH 38/39] s3:lib: remove unused connections_fetch_entry*() and connections_init() metze Signed-off-by: Michael Adam --- source3/lib/conn_tdb.c | 60 ------------------------------------------------ source3/lib/conn_tdb.h | 8 ------- 2 files changed, 68 deletions(-) diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index 3930e27..a7e7cf0 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -27,62 +27,6 @@ #include "lib/conn_tdb.h" #include "util_tdb.h" -static struct db_context *connections_db_ctx(bool rw) -{ - static struct db_context *db_ctx; - int open_flags; - - if (db_ctx != NULL) { - return db_ctx; - } - - open_flags = rw ? (O_RDWR|O_CREAT) : O_RDONLY; - - db_ctx = db_open(NULL, lock_path("connections.tdb"), 0, - TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH|TDB_DEFAULT, - open_flags, 0644, DBWRAP_LOCK_ORDER_1); - return db_ctx; -} - -static struct db_record *connections_fetch_record(TALLOC_CTX *mem_ctx, - TDB_DATA key) -{ - struct db_context *ctx = connections_db_ctx(True); - - if (ctx == NULL) { - return NULL; - } - - return dbwrap_fetch_locked(ctx, mem_ctx, key); -} - -struct db_record *connections_fetch_entry_ext(TALLOC_CTX *mem_ctx, - struct server_id id, - int cnum, - const char *name) -{ - struct connections_key ckey; - TDB_DATA key; - - ZERO_STRUCT(ckey); - ckey.pid = id; - ckey.cnum = cnum; - strlcpy(ckey.name, name, sizeof(ckey.name)); - - key.dsize = sizeof(ckey); - key.dptr = (uint8 *)&ckey; - - return connections_fetch_record(mem_ctx, key); -} - -struct db_record *connections_fetch_entry(TALLOC_CTX *mem_ctx, - connection_struct *conn, - const char *name) -{ - struct server_id id = messaging_server_id(conn->sconn->msg_ctx); - return connections_fetch_entry_ext(mem_ctx, id, conn->cnum, name); -} - struct connections_forall_state { struct db_context *session_by_pid; int (*fn)(const struct connections_key *key, @@ -200,7 +144,3 @@ done: return ret; } -bool connections_init(bool rw) -{ - return (connections_db_ctx(rw) != NULL); -} diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h index 2f45281..b91a153 100644 --- a/source3/lib/conn_tdb.h +++ b/source3/lib/conn_tdb.h @@ -37,15 +37,7 @@ struct connections_data { /* The following definitions come from lib/conn_tdb.c */ -struct db_record *connections_fetch_entry(TALLOC_CTX *mem_ctx, - connection_struct *conn, - const char *name); -struct db_record *connections_fetch_entry_ext(TALLOC_CTX *mem_ctx, - struct server_id id, - int cnum, - const char *name); int connections_forall_read(int (*fn)(const struct connections_key *key, const struct connections_data *data, void *private_data), void *private_data); -bool connections_init(bool rw); -- 1.7.9.5 From 81d0b8aebf8e7dee73907fabf408f0b2c3145207 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Oct 2012 15:35:39 +0200 Subject: [PATCH 39/39] docs-xml:smbd.8: document new smbXsrv_*_global.tdb files metze Signed-off-by: Michael Adam Autobuild-User(master): Michael Adam Autobuild-Date(master): Fri Oct 19 14:00:39 CEST 2012 on sn-devel-104 --- docs-xml/manpages/smbd.8.xml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docs-xml/manpages/smbd.8.xml b/docs-xml/manpages/smbd.8.xml index ae34ce2..98e76fb 100644 --- a/docs-xml/manpages/smbd.8.xml +++ b/docs-xml/manpages/smbd.8.xml @@ -309,10 +309,6 @@ browse lists -connections.tdb -share connections (used to enforce max connections, etc...) - - gencache.tdb generic caching db @@ -357,10 +353,18 @@ Windows registry skeleton (connect via regedit.exe) -sessionid.tdb +smbXsrv_session_global.tdb session information (e.g. support for 'utmp = yes') +smbXsrv_tcon_global.tdb +share connections (used to enforce max connections, etc...) + + +smbXsrv_open_global.tdb +open file handles (used durable handles, etc...) + + share_info.tdb* share acls -- 1.7.9.5