NTSTATUS smbXsrv_open_update(struct smbXsrv_open *op) { struct smbXsrv_open_table *table = op->table; NTSTATUS status; uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; TDB_DATA key; if (op->global->db_rec != NULL) { DEBUG(0, ("smbXsrv_open_update(0x%08x): " "Called with db_rec != NULL'\n", op->global->open_global_id)); return NT_STATUS_INTERNAL_ERROR; } key = smbXsrv_open_global_id_to_key(op->global->open_global_id, key_buf); op->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx, op->global, key); if (op->global->db_rec == NULL) { DEBUG(0, ("smbXsrv_open_update(0x%08x): " "Failed to lock global key '%s'\n", op->global->open_global_id, hex_encode_talloc(talloc_tos(), key.dptr, key.dsize))); return NT_STATUS_INTERNAL_DB_ERROR; } status = smbXsrv_open_global_store(op->global); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("smbXsrv_open_update: " "global_id (0x%08x) store failed - %s\n", op->global->open_global_id, nt_errstr(status))); return status; } if (CHECK_DEBUGLVL(10)) { struct smbXsrv_openB open_blob; ZERO_STRUCT(open_blob); open_blob.version = SMBXSRV_VERSION_0; open_blob.info.info0 = op; DEBUG(10,("smbXsrv_open_update: global_id (0x%08x) stored\n", op->global->open_global_id)); NDR_PRINT_DEBUG(smbXsrv_openB, &open_blob); } return NT_STATUS_OK; }
static NTSTATUS smbXsrv_open_global_lookup(struct smbXsrv_open_table *table, uint32_t open_global_id, TALLOC_CTX *mem_ctx, struct smbXsrv_open_global0 **_global) { TDB_DATA key; uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; struct db_record *global_rec = NULL; bool is_free = false; *_global = NULL; if (table->global.db_ctx == NULL) { return NT_STATUS_INTERNAL_ERROR; } key = smbXsrv_open_global_id_to_key(open_global_id, key_buf); global_rec = dbwrap_fetch_locked(table->global.db_ctx, mem_ctx, key); if (global_rec == NULL) { DEBUG(0, ("smbXsrv_open_global_lookup(0x%08x): " "Failed to lock global key '%s'\n", open_global_id, hex_encode_talloc(talloc_tos(), key.dptr, key.dsize))); return NT_STATUS_INTERNAL_DB_ERROR; } smbXsrv_open_global_verify_record(global_rec, &is_free, NULL, mem_ctx, _global); if (is_free) { talloc_free(global_rec); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } (*_global)->db_rec = talloc_move(*_global, &global_rec); talloc_set_destructor(*_global, smbXsrv_open_global_destructor); return NT_STATUS_OK; }
static struct db_record *smbXsrv_open_global_fetch_locked( struct db_context *db, uint32_t id, TALLOC_CTX *mem_ctx) { TDB_DATA key; uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; struct db_record *rec = NULL; key = smbXsrv_open_global_id_to_key(id, key_buf); rec = dbwrap_fetch_locked(db, mem_ctx, key); if (rec == NULL) { DBG_DEBUG("Failed to lock global id 0x%08x, key '%s'\n", id, hex_encode_talloc(talloc_tos(), key.dptr, key.dsize)); } return rec; }
NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op, NTTIME now) { struct smbXsrv_open_table *table; struct db_record *local_rec = NULL; struct db_record *global_rec = NULL; NTSTATUS status; NTSTATUS error = NT_STATUS_OK; if (op->table == NULL) { return NT_STATUS_OK; } table = op->table; op->table = NULL; op->status = NT_STATUS_FILE_CLOSED; op->global->disconnect_time = now; server_id_set_disconnected(&op->global->server_id); global_rec = op->global->db_rec; op->global->db_rec = NULL; if (global_rec == NULL) { uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; TDB_DATA key; key = smbXsrv_open_global_id_to_key( op->global->open_global_id, key_buf); global_rec = dbwrap_fetch_locked(table->global.db_ctx, op->global, key); if (global_rec == NULL) { DEBUG(0, ("smbXsrv_open_close(0x%08x): " "Failed to lock global key '%s'\n", op->global->open_global_id, hex_encode_talloc(global_rec, key.dptr, key.dsize))); error = NT_STATUS_INTERNAL_ERROR; } } if (global_rec != NULL && op->global->durable) { /* * If it is a durable open we need to update the global part * instead of deleting it */ op->global->db_rec = global_rec; status = smbXsrv_open_global_store(op->global); if (NT_STATUS_IS_OK(status)) { /* * smbXsrv_open_global_store does the free * of op->global->db_rec */ global_rec = NULL; } if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("smbXsrv_open_close(0x%08x)" "smbXsrv_open_global_store() failed - %s\n", op->global->open_global_id, nt_errstr(status))); error = status; } if (NT_STATUS_IS_OK(status) && CHECK_DEBUGLVL(10)) { struct smbXsrv_openB open_blob; ZERO_STRUCT(open_blob); open_blob.version = SMBXSRV_VERSION_0; open_blob.info.info0 = op; DEBUG(10,("smbXsrv_open_close(0x%08x): " "stored disconnect\n", op->global->open_global_id)); NDR_PRINT_DEBUG(smbXsrv_openB, &open_blob); } } if (global_rec != NULL) { status = dbwrap_record_delete(global_rec); if (!NT_STATUS_IS_OK(status)) { TDB_DATA key = dbwrap_record_get_key(global_rec); DEBUG(0, ("smbXsrv_open_close(0x%08x): " "failed to delete global key '%s': %s\n", op->global->open_global_id, hex_encode_talloc(global_rec, key.dptr, key.dsize), nt_errstr(status))); error = status; } } TALLOC_FREE(global_rec); local_rec = op->db_rec; if (local_rec == NULL) { uint8_t key_buf[SMBXSRV_OPEN_LOCAL_TDB_KEY_SIZE]; TDB_DATA key; key = smbXsrv_open_local_id_to_key(op->local_id, key_buf); local_rec = dbwrap_fetch_locked(table->local.db_ctx, op, key); if (local_rec == NULL) { DEBUG(0, ("smbXsrv_open_close(0x%08x): " "Failed to lock local key '%s'\n", op->global->open_global_id, hex_encode_talloc(local_rec, key.dptr, key.dsize))); error = NT_STATUS_INTERNAL_ERROR; } } if (local_rec != NULL) { status = dbwrap_record_delete(local_rec); if (!NT_STATUS_IS_OK(status)) { TDB_DATA key = dbwrap_record_get_key(local_rec); DEBUG(0, ("smbXsrv_open_close(0x%08x): " "failed to delete local key '%s': %s\n", op->global->open_global_id, hex_encode_talloc(local_rec, key.dptr, key.dsize), nt_errstr(status))); error = status; } table->local.num_opens -= 1; } if (op->db_rec == NULL) { TALLOC_FREE(local_rec); } op->db_rec = NULL; if (op->compat) { op->compat->op = NULL; file_free(NULL, op->compat); op->compat = NULL; } return error; }
static NTSTATUS smbXsrv_open_local_allocate_id(struct db_context *db, uint32_t lowest_id, uint32_t highest_id, TALLOC_CTX *mem_ctx, struct db_record **_rec, uint32_t *_id) { struct smbXsrv_open_local_allocate_state state = { .lowest_id = lowest_id, .highest_id = highest_id, .last_id = 0, .useable_id = lowest_id, .status = NT_STATUS_INTERNAL_ERROR, }; uint32_t i; uint32_t range; NTSTATUS status; int count = 0; *_rec = NULL; *_id = 0; if (lowest_id > highest_id) { return NT_STATUS_INSUFFICIENT_RESOURCES; } /* * first we try randomly */ range = (highest_id - lowest_id) + 1; for (i = 0; i < (range / 2); i++) { uint32_t id; uint8_t key_buf[SMBXSRV_OPEN_LOCAL_TDB_KEY_SIZE]; TDB_DATA key; TDB_DATA val; struct db_record *rec = NULL; id = generate_random() % range; id += lowest_id; if (id < lowest_id) { id = lowest_id; } if (id > highest_id) { id = highest_id; } key = smbXsrv_open_local_id_to_key(id, key_buf); rec = dbwrap_fetch_locked(db, mem_ctx, key); if (rec == NULL) { return NT_STATUS_INSUFFICIENT_RESOURCES; } val = dbwrap_record_get_value(rec); if (val.dsize != 0) { TALLOC_FREE(rec); continue; } *_rec = rec; *_id = id; return NT_STATUS_OK; } /* * if the range is almost full, * we traverse the whole table * (this relies on sorted behavior of dbwrap_rbt) */ status = dbwrap_traverse_read(db, smbXsrv_open_local_allocate_traverse, &state, &count); if (NT_STATUS_IS_OK(status)) { if (NT_STATUS_IS_OK(state.status)) { return NT_STATUS_INTERNAL_ERROR; } if (!NT_STATUS_EQUAL(state.status, NT_STATUS_INTERNAL_ERROR)) { return state.status; } if (state.useable_id <= state.highest_id) { state.status = NT_STATUS_OK; } else { return NT_STATUS_INSUFFICIENT_RESOURCES; } } else if (!NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION)) { /* * Here we really expect NT_STATUS_INTERNAL_DB_CORRUPTION! * * If we get anything else it is an error, because it * means we did not manage to find a free slot in * the db. */ return NT_STATUS_INSUFFICIENT_RESOURCES; } if (NT_STATUS_IS_OK(state.status)) { uint32_t id; uint8_t key_buf[SMBXSRV_OPEN_LOCAL_TDB_KEY_SIZE]; TDB_DATA key; TDB_DATA val; struct db_record *rec = NULL; id = state.useable_id; key = smbXsrv_open_local_id_to_key(id, key_buf); rec = dbwrap_fetch_locked(db, mem_ctx, key); if (rec == NULL) { return NT_STATUS_INSUFFICIENT_RESOURCES; } val = dbwrap_record_get_value(rec); if (val.dsize != 0) { TALLOC_FREE(rec); return NT_STATUS_INTERNAL_DB_CORRUPTION; } *_rec = rec; *_id = id; return NT_STATUS_OK; } return state.status; } struct smbXsrv_open_local_fetch_state { struct smbXsrv_open *op; NTSTATUS status; }; static void smbXsrv_open_local_fetch_parser(TDB_DATA key, TDB_DATA data, void *private_data) { struct smbXsrv_open_local_fetch_state *state = (struct smbXsrv_open_local_fetch_state *)private_data; void *ptr; if (data.dsize != sizeof(ptr)) { state->status = NT_STATUS_INTERNAL_DB_ERROR; return; } memcpy(&ptr, data.dptr, data.dsize); state->op = talloc_get_type_abort(ptr, struct smbXsrv_open); state->status = NT_STATUS_OK; } static NTSTATUS smbXsrv_open_local_lookup(struct smbXsrv_open_table *table, uint32_t open_local_id, uint32_t open_global_id, NTTIME now, struct smbXsrv_open **_open) { struct smbXsrv_open_local_fetch_state state = { .op = NULL, .status = NT_STATUS_INTERNAL_ERROR, }; uint8_t key_buf[SMBXSRV_OPEN_LOCAL_TDB_KEY_SIZE]; TDB_DATA key; NTSTATUS status; *_open = NULL; if (open_local_id == 0) { return NT_STATUS_FILE_CLOSED; } if (table == NULL) { /* this might happen before the end of negprot */ return NT_STATUS_FILE_CLOSED; } if (table->local.db_ctx == NULL) { return NT_STATUS_INTERNAL_ERROR; } key = smbXsrv_open_local_id_to_key(open_local_id, key_buf); status = dbwrap_parse_record(table->local.db_ctx, key, smbXsrv_open_local_fetch_parser, &state); if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { return NT_STATUS_FILE_CLOSED; } else if (!NT_STATUS_IS_OK(status)) { return status; } if (!NT_STATUS_IS_OK(state.status)) { return state.status; } if (NT_STATUS_EQUAL(state.op->status, NT_STATUS_FILE_CLOSED)) { return NT_STATUS_FILE_CLOSED; } if (open_global_id == 0) { /* make the global check a no-op for SMB1 */ open_global_id = state.op->global->open_global_id; } if (state.op->global->open_global_id != open_global_id) { return NT_STATUS_FILE_CLOSED; } if (now != 0) { state.op->idle_time = now; } *_open = state.op; return state.op->status; } static int smbXsrv_open_global_destructor(struct smbXsrv_open_global0 *global) { return 0; } static void smbXsrv_open_global_verify_record(struct db_record *db_rec, bool *is_free, bool *was_free, TALLOC_CTX *mem_ctx, struct smbXsrv_open_global0 **_g); static NTSTATUS smbXsrv_open_global_allocate(struct db_context *db, TALLOC_CTX *mem_ctx, struct smbXsrv_open_global0 **_global) { uint32_t i; struct smbXsrv_open_global0 *global = NULL; uint32_t last_free = 0; const uint32_t min_tries = 3; *_global = NULL; global = talloc_zero(mem_ctx, struct smbXsrv_open_global0); if (global == NULL) { return NT_STATUS_NO_MEMORY; } talloc_set_destructor(global, smbXsrv_open_global_destructor); /* * Here we just randomly try the whole 32-bit space * * We use just 32-bit, because we want to reuse the * ID for SRVSVC. */ for (i = 0; i < UINT32_MAX; i++) { bool is_free = false; bool was_free = false; uint32_t id; uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; TDB_DATA key; if (i >= min_tries && last_free != 0) { id = last_free; } else { id = generate_random(); } if (id == 0) { id++; } if (id == UINT32_MAX) { id--; } key = smbXsrv_open_global_id_to_key(id, key_buf); global->db_rec = dbwrap_fetch_locked(db, mem_ctx, key); if (global->db_rec == NULL) { talloc_free(global); return NT_STATUS_INSUFFICIENT_RESOURCES; } smbXsrv_open_global_verify_record(global->db_rec, &is_free, &was_free, NULL, NULL); if (!is_free) { TALLOC_FREE(global->db_rec); continue; } if (!was_free && i < min_tries) { /* * The session_id is free now, * but was not free before. * * This happens if a smbd crashed * and did not cleanup the record. * * If this is one of our first tries, * then we try to find a real free one. */ if (last_free == 0) { last_free = id; } TALLOC_FREE(global->db_rec); continue; } global->open_global_id = id; *_global = global; return NT_STATUS_OK; } /* should not be reached */ talloc_free(global); return NT_STATUS_INTERNAL_ERROR; }
NTSTATUS smbXsrv_open_cleanup(uint64_t persistent_id) { NTSTATUS status = NT_STATUS_OK; TALLOC_CTX *frame = talloc_stackframe(); struct smbXsrv_open_global0 *op = NULL; uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE]; TDB_DATA key; TDB_DATA val; struct db_record *rec; bool delete_open = false; uint32_t global_id = persistent_id & UINT32_MAX; key = smbXsrv_open_global_id_to_key(global_id, key_buf); rec = dbwrap_fetch_locked(smbXsrv_open_global_db_ctx, frame, key); if (rec == NULL) { status = NT_STATUS_NOT_FOUND; DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] " "failed to fetch record from %s - %s\n", global_id, dbwrap_name(smbXsrv_open_global_db_ctx), nt_errstr(status))); goto done; } val = dbwrap_record_get_value(rec); if (val.dsize == 0) { DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] " "empty record in %s, skipping...\n", global_id, dbwrap_name(smbXsrv_open_global_db_ctx))); goto done; } status = smbXsrv_open_global_parse_record(talloc_tos(), rec, &op); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] " "failed to read record: %s\n", global_id, nt_errstr(status))); goto done; } if (server_id_is_disconnected(&op->server_id)) { struct timeval now, disconnect_time; int64_t tdiff; now = timeval_current(); nttime_to_timeval(&disconnect_time, op->disconnect_time); tdiff = usec_time_diff(&now, &disconnect_time); delete_open = (tdiff >= 1000*op->durable_timeout_msec); DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] " "disconnected at [%s] %us ago with " "timeout of %us -%s reached\n", global_id, nt_time_string(frame, op->disconnect_time), (unsigned)(tdiff/1000000), op->durable_timeout_msec / 1000, delete_open ? "" : " not")); } else if (!serverid_exists(&op->server_id)) { DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] " "server[%s] does not exist\n", global_id, server_id_str(frame, &op->server_id))); delete_open = true; } if (!delete_open) { goto done; } status = dbwrap_record_delete(rec); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] " "failed to delete record" "from %s: %s\n", global_id, dbwrap_name(smbXsrv_open_global_db_ctx), nt_errstr(status))); goto done; } DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] " "delete record from %s\n", global_id, dbwrap_name(smbXsrv_open_global_db_ctx))); done: talloc_free(frame); return status; }