sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-23 09:57:40 +03:00
Code

finally got sick of the "extern int Client" code and the stupid

Browse Source 
assumption that we have one socket everywhere

while doing so I discovered a few bugs!

1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary

2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.

3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
This commit is contained in:
Andrew Tridgell -
parent 707401fc1e
commit 5937ab14d2
19 changed files with 196 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/lib/access.c
View File

@ -253,13 +253,13 @@ BOOL check_access(int sock, char *allow_list, char *deny_list)
if (!ret) {
if (allow_access(deny_list,allow_list,
client_name(sock),client_addr(sock))) {
get_socket_name(sock),get_socket_addr(sock))) {
DEBUG(2,("Allowed connection from %s (%s)\n",
client_name(sock),client_addr(sock)));
get_socket_name(sock),get_socket_addr(sock)));
ret = True;
} else {
DEBUG(0,("Denied connection from %s (%s)\n",
client_name(sock),client_addr(sock)));
get_socket_name(sock),get_socket_addr(sock)));
}
}

53
source/lib/util.c
View File

@ -65,9 +65,6 @@ int Protocol = PROTOCOL_COREPLUS;
/* a default finfo structure to ensure all fields are sensible */
file_info def_finfo = {-1,0,0,0,0,0,0,""};
/* the client file descriptor */
extern int Client;
/* this is used by the chaining code */
int chain_size = 0;
@ -1610,52 +1607,6 @@ BOOL zero_ip(struct in_addr ip)
}
/*******************************************************************
matchname - determine if host name matches IP address
******************************************************************/
BOOL matchname(char *remotehost,struct in_addr addr)
{
struct hostent *hp;
int i;
if ((hp = Get_Hostbyname(remotehost)) == 0) {
DEBUG(0,("Get_Hostbyname(%s): lookup failure.\n", remotehost));
return False;
}
/*
* Make sure that gethostbyname() returns the "correct" host name.
* Unfortunately, gethostbyname("localhost") sometimes yields
* "localhost.domain". Since the latter host name comes from the
* local DNS, we just have to trust it (all bets are off if the local
* DNS is perverted). We always check the address list, though.
*/
if (strcasecmp(remotehost, hp->h_name)
&& strcasecmp(remotehost, "localhost")) {
DEBUG(0,("host name/name mismatch: %s != %s\n",
remotehost, hp->h_name));
return False;
}
/* Look up the host address in the address list we just got. */
for (i = 0; hp->h_addr_list[i]; i++) {
if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
return True;
}
/*
* The host name does not map to the original host address. Perhaps
* someone has compromised a name server. More likely someone botched
* it, but that could be dangerous, too.
*/
DEBUG(0,("host name/address mismatch: %s != %s\n",
inet_ntoa(addr), hp->h_name));
return False;
}
#if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
/******************************************************************
Remove any mount options such as -rsize=2048,wsize=2048 etc.
@ -1953,9 +1904,9 @@ void standard_sub_basic(char *str)
break;
}
case 'N' : string_sub(p,"%N", automount_server(username),l); break;
case 'I' : string_sub(p,"%I", client_addr(Client),l); break;
case 'I' : string_sub(p,"%I", client_addr(),l); break;
case 'L' : string_sub(p,"%L", local_machine,l); break;
case 'M' : string_sub(p,"%M", client_name(Client),l); break;
case 'M' : string_sub(p,"%M", client_name(),l); break;
case 'R' : string_sub(p,"%R", remote_proto,l); break;
case 'T' : string_sub(p,"%T", timestring(False),l); break;
case 'U' : string_sub(p,"%U", username,l); break;

152
source/lib/util_sock.c
View File

@ -32,9 +32,6 @@ extern int DEBUGLEVEL;
BOOL passive = False;
/* the client file descriptor */
int Client = -1;
/* the last IP received from */
struct in_addr lastip;
@ -152,20 +149,6 @@ void set_socket_options(int fd, char *options)
}
}
/****************************************************************************
Close the socket communication.
****************************************************************************/
void close_sockets(void )
{
#ifdef WITH_SSL
sslutil_disconnect(Client);
#endif /* WITH_SSL */
close(Client);
Client = -1;
}
/****************************************************************************
Read from a socket.
****************************************************************************/
@ -725,7 +708,6 @@ BOOL send_null_session_msg(int fd)
if (ret <= 0)
{
DEBUG(0,("send_null_session_msg: Error writing %d bytes to client. %d. Exiting\n",(int)len,(int)ret));
close_sockets();
exit(1);
}
nwritten += ret;
@ -752,7 +734,6 @@ BOOL send_smb(int fd,char *buffer)
if (ret <= 0)
{
DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",(int)len,(int)ret));
close_sockets();
exit(1);
}
nwritten += ret;
@ -951,14 +932,9 @@ connect_again:
expanded if more variables need reseting.
******************************************************************/
static BOOL global_client_name_done = False;
static BOOL global_client_addr_done = False;
void reset_globals_after_fork(void)
{
global_client_name_done = False;
global_client_addr_done = False;
/*
* Re-seed the random crypto generator, so all smbd's
* started from the same parent won't generate the same
@ -970,70 +946,119 @@ void reset_globals_after_fork(void)
}
}
/*******************************************************************
return the DNS name of the client
******************************************************************/
/* the following 3 client_*() functions are nasty ways of allowing
some generic functions to get info that really should be hidden in
particular modules */
static int client_fd = -1;
char *client_name(int fd)
void client_setfd(int fd)
{
client_fd = fd;
}
char *client_name(void)
{
return get_socket_name(client_fd);
}
char *client_addr(void)
{
return get_socket_addr(client_fd);
}
/*******************************************************************
matchname - determine if host name matches IP address. Used to
confirm a hostname lookup to prevent spoof attacks
******************************************************************/
static BOOL matchname(char *remotehost,struct in_addr addr)
{
struct sockaddr sa;
struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa);
int length = sizeof(sa);
static pstring name_buf;
struct hostent *hp;
static int last_fd=-1;
int i;
if (global_client_name_done && last_fd == fd)
return name_buf;
if ((hp = Get_Hostbyname(remotehost)) == 0) {
DEBUG(0,("Get_Hostbyname(%s): lookup failure.\n", remotehost));
return False;
}
last_fd = fd;
global_client_name_done = False;
/*
* Make sure that gethostbyname() returns the "correct" host name.
* Unfortunately, gethostbyname("localhost") sometimes yields
* "localhost.domain". Since the latter host name comes from the
* local DNS, we just have to trust it (all bets are off if the local
* DNS is perverted). We always check the address list, though.
*/
if (strcasecmp(remotehost, hp->h_name)
&& strcasecmp(remotehost, "localhost")) {
DEBUG(0,("host name/name mismatch: %s != %s\n",
remotehost, hp->h_name));
return False;
}
/* Look up the host address in the address list we just got. */
for (i = 0; hp->h_addr_list[i]; i++) {
if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
return True;
}
/*
* The host name does not map to the original host address. Perhaps
* someone has compromised a name server. More likely someone botched
* it, but that could be dangerous, too.
*/
DEBUG(0,("host name/address mismatch: %s != %s\n",
inet_ntoa(addr), hp->h_name));
return False;
}
/*******************************************************************
return the DNS name of the remote end of a socket
******************************************************************/
char *get_socket_name(int fd)
{
static pstring name_buf;
static fstring addr_buf;
struct hostent *hp;
struct in_addr addr;
char *p;
p = get_socket_addr(fd);
/* it might be the same as the last one - save some DNS work */
if (strcmp(p, addr_buf) == 0) return name_buf;
pstrcpy(name_buf,"UNKNOWN");
if (fd == -1) return name_buf;
if (fd == -1) {
return name_buf;
}
fstrcpy(addr_buf, p);
if (getpeername(fd, &sa, &length) < 0) {
DEBUG(0,("getpeername failed. Error was %s\n", strerror(errno) ));
return name_buf;
}
if (inet_aton(p, &addr) == 0) return name_buf;
/* Look up the remote host name. */
if ((hp = gethostbyaddr((char *) &sockin->sin_addr,
sizeof(sockin->sin_addr),
AF_INET)) == 0) {
DEBUG(1,("Gethostbyaddr failed for %s\n",client_addr(fd)));
StrnCpy(name_buf,client_addr(fd),sizeof(name_buf) - 1);
if ((hp = gethostbyaddr((char *)&addr.s_addr, sizeof(addr.s_addr), AF_INET)) == 0) {
DEBUG(1,("Gethostbyaddr failed for %s\n",p));
pstrcpy(name_buf, p);
} else {
StrnCpy(name_buf,(char *)hp->h_name,sizeof(name_buf) - 1);
if (!matchname(name_buf, sockin->sin_addr)) {
DEBUG(0,("Matchname failed on %s %s\n",name_buf,client_addr(fd)));
pstrcpy(name_buf,(char *)hp->h_name);
if (!matchname(name_buf, addr)) {
DEBUG(0,("Matchname failed on %s %s\n",name_buf,p));
pstrcpy(name_buf,"UNKNOWN");
}
}
global_client_name_done = True;
return name_buf;
}
/*******************************************************************
return the IP addr of the client as a string
return the IP addr of the remote end of a socket as a string
******************************************************************/
char *client_addr(int fd)
char *get_socket_addr(int fd)
{
struct sockaddr sa;
struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa);
int length = sizeof(sa);
static fstring addr_buf;
static int last_fd = -1;
if (global_client_addr_done && fd == last_fd)
return addr_buf;
last_fd = fd;
global_client_addr_done = False;
fstrcpy(addr_buf,"0.0.0.0");
@ -1048,7 +1073,6 @@ char *client_addr(int fd)
fstrcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr));
global_client_addr_done = True;
return addr_buf;
}

23
source/libsmb/clientgen.c
View File

@ -88,10 +88,9 @@ static BOOL cli_send_smb(struct cli_state *cli)
}
}
if (ret <= 0) {
DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",
DEBUG(0,("Error writing %d bytes to client. %d\n",
(int)len,(int)ret));
close_sockets();
exit(1);
return False;
}
nwritten += ret;
}
@ -1516,11 +1515,11 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t
if (size2 > block) {
DEBUG(0,("server returned more than we wanted!\n"));
exit(1);
return -1;
}
if (mid >= issued) {
DEBUG(0,("invalid mid from server!\n"));
exit(1);
return -1;
}
p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6);
@ -2551,7 +2550,6 @@ retry:
/* SESSION RETARGET */
putip((char *)&cli->dest_ip,cli->inbuf+4);
close_sockets();
cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT);
if (cli->fd == -1)
return False;
@ -2561,7 +2559,18 @@ retry:
set_socket_options(cli->fd,user_socket_options);
/* Try again */
return cli_session_request(cli, calling, called);
{
static int depth;
BOOL ret;
if (depth > 4) {
DEBUG(0,("Retarget recursion - failing\n"));
return False;
}
depth++;
ret = cli_session_request(cli, calling, called);
depth--;
return ret;
}
} /* C. Hoch 9/14/95 End */
#ifdef WITH_SSL

1
source/nmbd/nmbd.c
View File

@ -859,7 +859,6 @@ static void usage(char *pname)
#endif /* SIGUSR2 */
process();
close_sockets();
if (dbf)
fclose(dbf);

2
source/rpc_server/srv_netlog.c
View File

@ -276,7 +276,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
*/
if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
client_name(Client), client_addr(Client)))
client_name(), client_addr()))
{
DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
return False;

5
source/smbd/blocking.c
View File

@ -21,7 +21,6 @@
#include "includes.h"
extern int DEBUGLEVEL;
extern int Client;
extern char *OutBuffer;
/****************************************************************************
@ -134,7 +133,7 @@ static void send_blocking_reply(char *outbuf, int outsize)
if(outsize > 4)
smb_setlen(outbuf,outsize - 4);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
}
/****************************************************************************
@ -180,7 +179,7 @@ static void generic_blocking_lock_error(blocking_lock_record *blr, int eclass, i
SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
ERROR(eclass,ecode);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
}
/****************************************************************************

6
source/smbd/connection.c
View File

@ -71,7 +71,6 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO
struct connections_key key;
struct connections_data crec;
TDB_DATA kbuf, dbuf;
extern int Client;
if (max_connections <= 0)
return(True);
@ -106,7 +105,7 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO
crec.start = time(NULL);
StrnCpy(crec.machine,remote_machine,sizeof(crec.machine)-1);
StrnCpy(crec.addr,conn?conn->client_address:client_addr(Client),sizeof(crec.addr)-1);
StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1);
dbuf.dptr = (char *)&crec;
dbuf.dsize = sizeof(crec);
@ -343,7 +342,6 @@ static void utmp_yield(pid_t pid, const connection_struct *conn)
static void utmp_claim(const struct connect_record *crec, const connection_struct *conn)
{
extern int Client;
struct utmp u;
if (conn == NULL) {
@ -359,7 +357,7 @@ static void utmp_claim(const struct connect_record *crec, const connection_struc
DEBUG(2,("utmp_claim: conn: user:%s cnum:%d i:%d\n",
conn->user, conn->cnum, i));
DEBUG(2,("utmp_claim: crec: pid:%d, cnum:%d name:%s addr:%s mach:%s DNS:%s\n",
crec->pid, crec->cnum, crec->name, crec->addr, crec->machine, client_name(Client)));
crec->pid, crec->cnum, crec->name, crec->addr, crec->machine, client_name()));
memset((char *)&u, '\0', sizeof(struct utmp));

7
source/smbd/ipc.c
View File

@ -58,7 +58,6 @@ extern fstring global_myworkgroup;
#define SNLEN 15 /* service name length */
#define QNLEN 12 /* queue name maximum length */
extern int Client;
extern int smb_read_error;
static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data,
@ -212,7 +211,7 @@ static void send_trans_reply(char *outbuf,
SSVAL(outbuf,smb_vwv9,0);
show_msg(outbuf);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
tot_data_sent = this_ldata;
tot_param_sent = this_lparam;
@ -245,7 +244,7 @@ static void send_trans_reply(char *outbuf,
SSVAL(outbuf,smb_vwv9,0);
show_msg(outbuf);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
tot_data_sent += this_ldata;
tot_param_sent += this_lparam;
@ -3608,7 +3607,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
of the parameter/data bytes */
outsize = set_message(outbuf,0,0,True);
show_msg(outbuf);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
}
/* receive the rest of the trans packet */

10
source/smbd/nttrans.c
View File

@ -24,7 +24,6 @@
extern int DEBUGLEVEL;
extern int Protocol;
extern int Client;
extern int smb_read_error;
extern int global_oplock_break;
extern BOOL case_sensitive;
@ -88,7 +87,7 @@ static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_err
*/
if(params_to_send == 0 && data_to_send == 0) {
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
return 0;
}
@ -217,7 +216,7 @@ static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_err
params_to_send, data_to_send, paramsize, datasize));
/* Send the packet */
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
pp += params_sent_thistime;
pd += data_sent_thistime;
@ -1422,7 +1421,6 @@ static ubi_slList change_notify_queue = { NULL, (ubi_slNodePtr)&change_notify_qu
static void change_notify_reply_packet(char *inbuf, int error_class, uint32 error_code)
{
extern int Client;
char outbuf[smb_size+38];
memset(outbuf, '\0', sizeof(outbuf));
@ -1447,7 +1445,7 @@ static void change_notify_reply_packet(char *inbuf, int error_class, uint32 erro
*/
set_message(outbuf,18,0,False);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
}
/****************************************************************************
@ -2589,7 +2587,7 @@ due to being in oplock break state.\n" ));
/* We need to send an interim response then receive the rest
of the parameter/data bytes */
outsize = set_message(outbuf,0,0,True);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
BOOL ret;

10
source/smbd/oplock.c
View File

@ -753,7 +753,6 @@ static files_struct *initial_break_processing(SMB_DEV_T dev, SMB_INO_T inode, st
BOOL oplock_break_level2(files_struct *fsp, BOOL local_request, int token)
{
extern int Client;
extern uint32 global_client_caps;
char outbuf[128];
BOOL got_lock = False;
@ -781,7 +780,7 @@ BOOL oplock_break_level2(files_struct *fsp, BOOL local_request, int token)
/* Prepare the SMBlockingX message. */
prepare_break_message( outbuf, fsp, False);
send_smb(Client, outbuf);
send_smb(smbd_server_fd(), outbuf);
}
/*
@ -832,7 +831,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
{
extern uint32 global_client_caps;
extern struct current_user current_user;
extern int Client;
char *inbuf = NULL;
char *outbuf = NULL;
files_struct *fsp = NULL;
@ -923,7 +921,7 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
fsp->sent_oplock_break = using_levelII?
LEVEL_II_BREAK_SENT:EXCLUSIVE_BREAK_SENT;
send_smb(Client, outbuf);
send_smb(smbd_server_fd(), outbuf);
/* We need this in case a readraw crosses on the wire. */
global_oplock_break = True;
@ -958,7 +956,7 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
while((fsp = initial_break_processing(dev, inode, tval)) &&
OPEN_FSP(fsp) && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
{
if(receive_smb(Client,inbuf, timeout) == False)
if(receive_smb(smbd_server_fd(),inbuf, timeout) == False)
{
/*
* Die if we got an error.
@ -1019,7 +1017,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
{
DEBUG( 0, ( "oplock_break: unable to re-become user!" ) );
DEBUGADD( 0, ( "Shutting down server\n" ) );
close_sockets();
close(oplock_sock);
exit_server("unable to re-become user");
}
@ -1059,7 +1056,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
{
DEBUG( 0, ( "oplock_break: client failure in break - " ) );
DEBUGADD( 0, ( "shutting down this smbd.\n" ) );
close_sockets();
close(oplock_sock);
exit_server("oplock break failure");
}

6
source/smbd/password.c
View File

@ -943,8 +943,7 @@ BOOL check_hosts_equiv(char *user)
/* note: don't allow hosts.equiv on root */
if (fname && *fname && (pass->pw_uid != 0)) {
extern int Client;
if (check_user_equiv(user,client_name(Client),fname))
if (check_user_equiv(user,client_name(),fname))
return(True);
}
@ -952,9 +951,8 @@ BOOL check_hosts_equiv(char *user)
{
char *home = get_user_home_dir(user);
if (home) {
extern int Client;
slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
if (check_user_equiv(user,client_name(Client),rhostsfile))
if (check_user_equiv(user,client_name(),rhostsfile))
return(True);
}
}

26
source/smbd/process.c
View File

@ -133,7 +133,6 @@ The timeout is in milli seconds
static BOOL receive_message_or_smb(char *buffer, int buffer_len,
int timeout, BOOL *got_smb)
{
extern int Client;
fd_set fds;
int selrtn;
struct timeval to;
@ -167,13 +166,13 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len,
*/
FD_ZERO(&fds);
FD_SET(Client,&fds);
FD_SET(smbd_server_fd(),&fds);
maxfd = setup_oplock_select_set(&fds);
to.tv_sec = timeout / 1000;
to.tv_usec = (timeout % 1000) * 1000;
selrtn = sys_select(MAX(maxfd,Client)+1,&fds,timeout>0?&to:NULL);
selrtn = sys_select(MAX(maxfd,smbd_server_fd())+1,&fds,timeout>0?&to:NULL);
/* Check if error */
if(selrtn == -1) {
@ -188,10 +187,10 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len,
return False;
}
if (FD_ISSET(Client,&fds))
if (FD_ISSET(smbd_server_fd(),&fds))
{
*got_smb = True;
return receive_smb(Client, buffer, 0);
return receive_smb(smbd_server_fd(), buffer, 0);
}
else
{
@ -419,7 +418,6 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
static int num_smb_messages =
sizeof(smb_messages) / sizeof(struct smb_message_struct);
int match;
extern int Client;
extern int global_smbpid;
if (pid == (pid_t)-1)
@ -535,7 +533,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
/* does this protocol need to be run as guest? */
if ((flags & AS_GUEST) &&
(!become_guest() ||
!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1)))) {
!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1)))) {
return(ERROR(ERRSRV,ERRaccess));
}
@ -589,7 +587,6 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
****************************************************************************/
void process_smb(char *inbuf, char *outbuf)
{
extern int Client;
#ifdef WITH_SSL
extern BOOL sslEnabled; /* don't use function for performance reasons */
static int sslConnected = 0;
@ -608,13 +605,13 @@ void process_smb(char *inbuf, char *outbuf)
deny parameters before doing any parsing of the packet
passed to us by the client. This prevents attacks on our
parsing code from hosts not in the hosts allow list */
if (!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1))) {
if (!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) {
/* send a negative session response "not listining on calling
name" */
static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
DEBUG( 1, ( "Connection denied from %s\n",
client_addr(Client) ) );
send_smb(Client,(char *)buf);
client_addr() ) );
send_smb(smbd_server_fd(),(char *)buf);
exit_server("connection denied");
}
}
@ -624,7 +621,7 @@ void process_smb(char *inbuf, char *outbuf)
#ifdef WITH_SSL
if(sslEnabled && !sslConnected){
sslConnected = sslutil_negotiate_ssl(Client, msg_type);
sslConnected = sslutil_negotiate_ssl(smbd_server_fd(), msg_type);
if(sslConnected < 0){ /* an error occured */
exit_server("SSL negotiation failed");
}else if(sslConnected){
@ -660,7 +657,7 @@ void process_smb(char *inbuf, char *outbuf)
nread, smb_len(outbuf)));
}
else
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
}
trans_num++;
}
@ -851,7 +848,6 @@ void check_reload(int t)
static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_timeout_processing_time)
{
extern int Client;
static time_t last_keepalive_sent_time = 0;
static time_t last_idle_closed_check = 0;
time_t t;
@ -897,7 +893,7 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t
if (keepalive && (t - last_keepalive_sent_time)>keepalive)
{
struct cli_state *cli = server_client();
if (!send_keepalive(Client)) {
if (!send_keepalive(smbd_server_fd())) {
DEBUG( 2, ( "Keepalive failed - exiting.\n" ) );
return False;
}

25
source/smbd/reply.c
View File

@ -40,7 +40,6 @@ extern BOOL short_case_preserve;
extern pstring sesssetup_user;
extern pstring global_myname;
extern fstring global_myworkgroup;
extern int Client;
extern int global_oplock_break;
uint32 global_client_caps = 0;
unsigned int smb_echo_count = 0;
@ -55,7 +54,7 @@ static void overflow_attack(int len)
dbgtext( "ERROR: Invalid password length %d.\n", len );
dbgtext( "Your machine may be under attack by someone " );
dbgtext( "attempting to exploit an old bug.\n" );
dbgtext( "Attack was from IP = %s.\n", client_addr(Client) );
dbgtext( "Attack was from IP = %s.\n", client_addr() );
}
exit_server("possible attack");
}
@ -2048,7 +2047,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
if(global_oplock_break)
{
_smb_setlen(header,0);
transfer_file(0,Client,(SMB_OFF_T)0,header,4,0);
transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0);
DEBUG(5,("readbraw - oplock break finished\n"));
return -1;
}
@ -2061,7 +2060,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
*/
DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0)));
_smb_setlen(header,0);
transfer_file(0,Client,(SMB_OFF_T)0,header,4,0);
transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0);
return(-1);
}
@ -2088,7 +2087,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \
64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) ));
_smb_setlen(header,0);
transfer_file(0,Client,(SMB_OFF_T)0,header,4,0);
transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0);
return(-1);
}
@ -2098,7 +2097,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n",
(double)startpos ));
_smb_setlen(header,0);
transfer_file(0,Client,(SMB_OFF_T)0,header,4,0);
transfer_file(0,smbd_server_fd(),(SMB_OFF_T)0,header,4,0);
return(-1);
}
}
@ -2167,7 +2166,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
if (ret < mincount) ret = 0;
_smb_setlen(header,ret);
transfer_file(0,Client,0,header,4+ret,0);
transfer_file(0,smbd_server_fd(),0,header,4+ret,0);
#endif /* UNSAFE_READRAW */
DEBUG(5,("readbraw finished\n"));
@ -2403,10 +2402,10 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size,
CVAL(outbuf,smb_com) = SMBwritebraw;
SSVALS(outbuf,smb_vwv0,-1);
outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
/* Now read the raw data into the buffer and write it */
if (read_smb_length(Client,inbuf,SMB_SECONDARY_WAIT) == -1) {
if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
exit_server("secondary writebraw failed");
}
@ -2419,7 +2418,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size,
(int)tcount,(int)nwritten,(int)numtowrite));
}
nwritten = vfs_transfer_file(Client, NULL, -1, fsp,
nwritten = vfs_transfer_file(smbd_server_fd(), NULL, -1, fsp,
(SMB_OFF_T)numtowrite,NULL,0,
startpos+nwritten);
total_written += nwritten;
@ -3002,7 +3001,7 @@ int reply_echo(connection_struct *conn,
smb_setlen(outbuf,outsize - 4);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
}
DEBUG(3,("echo %d times\n", smb_reverb));
@ -4346,7 +4345,7 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,
SSVAL(outbuf,smb_vwv6,nread);
SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
total_read += nread;
startpos += nread;
@ -4437,7 +4436,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size,
if (write_through && tcount==nwritten) {
/* we need to send both a primary and a secondary response */
smb_setlen(outbuf,outsize - 4);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
/* now the secondary */
outsize = set_message(outbuf,1,0,True);

51
source/smbd/server.c
View File

@ -47,6 +47,26 @@ extern int dcelogin_atmost_once;
extern fstring remote_machine;
extern pstring OriginalDir;
/* really we should have a top level context structure that has the
client file descriptor as an element. That would require a major rewrite :(
the following 2 functions are an alternative - they make the file
descriptor private to smbd
*/
static int server_fd;
int smbd_server_fd(void)
{
return server_fd;
}
void smbd_set_server_fd(int fd)
{
server_fd = fd;
client_setfd(fd);
}
/****************************************************************************
when exiting, take the whole family
****************************************************************************/
@ -70,18 +90,16 @@ static void killkids(void)
****************************************************************************/
static BOOL open_sockets_inetd(void)
{
extern int Client;
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
Client = dup(0);
smbd_set_server_fd(dup(0));
/* close our standard file descriptors */
close_low_fds();
set_socket_options(Client,"SO_KEEPALIVE");
set_socket_options(Client,user_socket_options);
set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
set_socket_options(smbd_server_fd(),user_socket_options);
return True;
}
@ -92,7 +110,6 @@ static BOOL open_sockets_inetd(void)
****************************************************************************/
static BOOL open_sockets(BOOL is_daemon,int port)
{
extern int Client;
int num_interfaces = iface_count();
int fd_listenset[FD_SETSIZE];
fd_set listen_set;
@ -211,18 +228,18 @@ max can be %d\n",
}
}
Client = accept(s,&addr,&in_addrlen);
smbd_set_server_fd(accept(s,&addr,&in_addrlen));
if (Client == -1 && errno == EINTR)
if (smbd_server_fd() == -1 && errno == EINTR)
continue;
if (Client == -1) {
if (smbd_server_fd() == -1) {
DEBUG(0,("open_sockets: accept: %s\n",
strerror(errno)));
continue;
}
if (Client != -1 && fork()==0) {
if (smbd_server_fd() != -1 && fork()==0) {
/* Child code ... */
/* close the listening socket(s) */
@ -234,8 +251,8 @@ max can be %d\n",
close_low_fds();
am_parent = 0;
set_socket_options(Client,"SO_KEEPALIVE");
set_socket_options(Client,user_socket_options);
set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
set_socket_options(smbd_server_fd(),user_socket_options);
/* Reset global variables in util.c so
that client substitutions will be
@ -252,7 +269,7 @@ max can be %d\n",
return True;
}
/* The parent doesn't need this socket */
close(Client);
close(smbd_server_fd());
/* Force parent to check log size after
* spawning child. Fix from
@ -320,10 +337,9 @@ BOOL reload_services(BOOL test)
load_interfaces();
{
extern int Client;
if (Client != -1) {
set_socket_options(Client,"SO_KEEPALIVE");
set_socket_options(Client,user_socket_options);
if (smbd_server_fd() != -1) {
set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
set_socket_options(smbd_server_fd(),user_socket_options);
}
}
@ -776,7 +792,6 @@ static void usage(char *pname)
exit(1);
smbd_process();
close_sockets();
exit_server("normal exit");
return(0);

8
source/smbd/service.c
View File

@ -195,7 +195,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int
struct passwd *pass = NULL;
BOOL guest = False;
BOOL force = False;
extern int Client;
connection_struct *conn;
int ret;
@ -203,7 +202,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int
snum = find_service(service);
if (snum < 0) {
extern int Client;
if (strequal(service,"IPC$")) {
DEBUG(3,("refusing IPC connection\n"));
*ecode = ERRnoipc;
@ -211,7 +209,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int
}
DEBUG(0,("%s (%s) couldn't find service %s\n",
remote_machine, client_addr(Client), service));
remote_machine, client_addr(), service));
*ecode = ERRinvnetname;
return NULL;
}
@ -247,7 +245,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int
}
if (!lp_snum_ok(snum) ||
!check_access(Client,
!check_access(smbd_server_fd(),
lp_hostsallow(snum), lp_hostsdeny(snum))) {
*ecode = ERRaccess;
return NULL;
@ -342,7 +340,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int
conn->vuid = vuid;
conn->uid = pass->pw_uid;
conn->gid = pass->pw_gid;
safe_strcpy(conn->client_address, client_addr(Client), sizeof(conn->client_address)-1);
safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1);
conn->num_files_open = 0;
conn->lastused = time(NULL);
conn->service = snum;

6
source/smbd/ssl.c
View File

@ -248,20 +248,20 @@ char *reqHosts, *resignHosts;
reqHosts = lp_ssl_hosts();
resignHosts = lp_ssl_hosts_resign();
if(!allow_access(resignHosts, reqHosts, client_name(fd), client_addr(fd))){
if(!allow_access(resignHosts, reqHosts, get_socket_name(fd), get_socket_addr(fd))){
sslEnabled = False;
return 0;
}
if(msg_type != 0x81){ /* first packet must be a session request */
DEBUG( 0, ( "Client %s did not use session setup; access denied\n",
client_addr(fd) ) );
client_addr() ) );
send_smb(fd, (char *)buf);
return -1;
}
buf[4] = 0x8e; /* negative session response: use SSL */
send_smb(fd, (char *)buf);
if(sslutil_accept(fd) != 0){
DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr(fd) ) );
DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr() ) );
return -1;
}
return 1;

7
source/smbd/trans2.c
View File

@ -27,7 +27,6 @@
extern int DEBUGLEVEL;
extern int Protocol;
extern BOOL case_sensitive;
extern int Client;
extern int smb_read_error;
extern fstring local_machine;
extern int global_oplock_break;
@ -66,7 +65,7 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params,
the empty packet */
if(params_to_send == 0 && data_to_send == 0)
{
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
return 0;
}
@ -161,7 +160,7 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params,
params_to_send, data_to_send, paramsize, datasize));
/* Send the packet */
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
pp += params_sent_thistime;
pd += data_sent_thistime;
@ -2288,7 +2287,7 @@ int reply_trans2(connection_struct *conn,
/* We need to send an interim response then receive the rest
of the parameter/data bytes */
outsize = set_message(outbuf,0,0,True);
send_smb(Client,outbuf);
send_smb(smbd_server_fd(),outbuf);
while (num_data_sofar < total_data ||
num_params_sofar < total_params) {

6
source/web/cgi.c
View File

@ -504,7 +504,7 @@ void cgi_setup(char *rootdir, int auth_required)
f = sys_fopen("/tmp/cgi.log", "a");
if (f) fprintf(f,"\n[Date: %s %s (%s)]\n",
http_timestring(time(NULL)),
client_name(1), client_addr(1));
get_socket_name(1), get_socket_addr(1));
#endif
/* we are a mini-web server. We need to read the request from stdin
@ -604,7 +604,7 @@ return the hostname of the client
char *cgi_remote_host(void)
{
if (inetd_server) {
return client_name(1);
return get_socket_name(1);
}
return getenv("REMOTE_HOST");
}
@ -615,7 +615,7 @@ return the hostname of the client
char *cgi_remote_addr(void)
{
if (inetd_server) {
return client_addr(1);
return get_socket_addr(1);
}
return getenv("REMOTE_ADDR");
}