mirror of
https://github.com/samba-team/samba.git
synced 2025-01-06 13:18:07 +03:00
52dd57d4b3
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
(cherry picked from commit 8591d94243
)
203 lines
5.6 KiB
Plaintext
203 lines
5.6 KiB
Plaintext
#include "idl_types.h"
|
|
|
|
import "server_id.idl";
|
|
|
|
/*
|
|
IDL structures for messaging code
|
|
*/
|
|
|
|
[
|
|
pointer_default(unique)
|
|
]
|
|
interface messaging
|
|
{
|
|
const int MSG_TYPE_MASK = 0xFFFF;
|
|
|
|
typedef [v1_enum,public] enum {
|
|
|
|
/* general messages */
|
|
MSG_DEBUG = 0x0001,
|
|
MSG_PING = 0x0002,
|
|
MSG_PONG = 0x0003,
|
|
MSG_PROFILE = 0x0004,
|
|
MSG_REQ_DEBUGLEVEL = 0x0005,
|
|
MSG_DEBUGLEVEL = 0x0006,
|
|
MSG_REQ_PROFILELEVEL = 0x0007,
|
|
MSG_PROFILELEVEL = 0x0008,
|
|
MSG_REQ_POOL_USAGE = 0x0009,
|
|
MSG_POOL_USAGE = 0x000A,
|
|
|
|
/* If dmalloc is included, set a steady-state mark */
|
|
MSG_REQ_DMALLOC_MARK = 0x000B,
|
|
|
|
/* If dmalloc is included, dump to the dmalloc log a description of
|
|
* what has changed since the last MARK */
|
|
MSG_REQ_DMALLOC_LOG_CHANGED = 0x000C,
|
|
MSG_SHUTDOWN = 0x000D,
|
|
|
|
/* ID_CACHE_FLUSH = 0x000E, obsoleted */
|
|
ID_CACHE_DELETE = 0x000F,
|
|
ID_CACHE_KILL = 0x0010,
|
|
|
|
/* Changes to smb.conf are really of general interest */
|
|
MSG_SMB_CONF_UPDATED = 0x0021,
|
|
|
|
MSG_PREFORK_CHILD_EVENT = 0x0031,
|
|
MSG_PREFORK_PARENT_EVENT = 0x0032,
|
|
|
|
MSG_REQ_RINGBUF_LOG = 0x0033,
|
|
MSG_RINGBUF_LOG = 0x0034,
|
|
|
|
MSG_DAEMON_READY_FD = 0x0035,
|
|
|
|
/* nmbd messages */
|
|
MSG_FORCE_ELECTION = 0x0101,
|
|
MSG_WINS_NEW_ENTRY = 0x0102,
|
|
MSG_SEND_PACKET = 0x0103,
|
|
|
|
/* printing messages */
|
|
/* MSG_PRINTER_NOTIFY = 0x2001, Obsoleted */
|
|
MSG_PRINTER_NOTIFY2 = 0x0202,
|
|
MSG_PRINTER_DRVUPGRADE = 0x0203,
|
|
MSG_PRINTERDATA_INIT_RESET = 0x0204,
|
|
MSG_PRINTER_UPDATE = 0x0205,
|
|
MSG_PRINTER_MOD = 0x0206,
|
|
MSG_PRINTER_PCAP = 0x0207,
|
|
|
|
/* smbd messages */
|
|
/* MSG_SMB_CONF_UPDATED = 0x0301, Obsoleted */
|
|
MSG_SMB_FORCE_TDIS = 0x0302,
|
|
/* MSG_SMB_SAM_SYNC = 0x0303, Obsoleted */
|
|
/* MSG_SMB_SAM_REPL = 0x0304, Obsoleted */
|
|
/* MSG_SMB_UNLOCK = 0x0305, Obsoleted */
|
|
MSG_SMB_BREAK_REQUEST = 0x0306,
|
|
/* MSG_SMB_BREAK_RESPONSE = 0x0307, Obsoleted */
|
|
/* MSG_SMB_ASYNC_LEVEL2_BREAK = 0x0308, Obsoleted */
|
|
/* MSG_SMB_OPEN_RETRY = 0x0309, Obsoleted */
|
|
MSG_SMB_KERNEL_BREAK = 0x030A,
|
|
MSG_SMB_FILE_RENAME = 0x030B,
|
|
MSG_SMB_INJECT_FAULT = 0x030C,
|
|
MSG_SMB_BLOCKING_LOCK_CANCEL = 0x030D,
|
|
MSG_SMB_NOTIFY = 0x030E,
|
|
MSG_SMB_STAT_CACHE_DELETE = 0x030F,
|
|
|
|
/* Samba4 compatibility */
|
|
MSG_PVFS_NOTIFY = 0x0310,
|
|
|
|
/* cluster reconfigure events */
|
|
/* MSG_SMB_BRL_VALIDATE = 0x0311, Oboleted */
|
|
|
|
/*Close a specific file given a share entry. */
|
|
MSG_SMB_CLOSE_FILE = 0x0313,
|
|
|
|
/* Trigger a notify cleanup run */
|
|
MSG_SMB_NOTIFY_CLEANUP = 0x0314,
|
|
MSG_SMB_SCAVENGER = 0x0315,
|
|
|
|
/* shutdown connection for given client */
|
|
MSG_SMB_KILL_CLIENT_IP = 0x0316,
|
|
|
|
/* Tell number of child processes */
|
|
MSG_SMB_TELL_NUM_CHILDREN = 0x0317,
|
|
MSG_SMB_NUM_CHILDREN = 0x0318,
|
|
|
|
/* Cancel a notify, directory got deleted */
|
|
MSG_SMB_NOTIFY_CANCEL_DELETED = 0x0319,
|
|
|
|
/* notifyd messages */
|
|
MSG_SMB_NOTIFY_REC_CHANGE = 0x031A,
|
|
MSG_SMB_NOTIFY_TRIGGER = 0x031B,
|
|
MSG_SMB_NOTIFY_GET_DB = 0x031C,
|
|
MSG_SMB_NOTIFY_DB = 0x031D,
|
|
MSG_SMB_NOTIFY_REC_CHANGES = 0x031E,
|
|
MSG_SMB_NOTIFY_STARTED = 0x031F,
|
|
MSG_SMB_SLEEP = 0x0320,
|
|
|
|
/* smbd message */
|
|
MSG_SMB_FORCE_TDIS_DENIED = 0x0321,
|
|
|
|
/* winbind messages */
|
|
MSG_WINBIND_FINISHED = 0x0401,
|
|
MSG_WINBIND_FORGET_STATE = 0x0402,
|
|
MSG_WINBIND_ONLINE = 0x0403,
|
|
MSG_WINBIND_OFFLINE = 0x0404,
|
|
MSG_WINBIND_ONLINESTATUS = 0x0405,
|
|
|
|
MSG_WINBIND_VALIDATE_CACHE = 0x0408,
|
|
MSG_WINBIND_DUMP_DOMAIN_LIST = 0x0409,
|
|
MSG_WINBIND_IP_DROPPED = 0x040A,
|
|
MSG_WINBIND_DOMAIN_ONLINE = 0x040B,
|
|
MSG_WINBIND_DOMAIN_OFFLINE = 0x040C,
|
|
MSG_WINBIND_RELOAD_TRUSTED_DOMAINS = 0x040D,
|
|
MSG_WINBIND_DISCONNECT_DC = 0x040E,
|
|
|
|
/* event messages */
|
|
/* MSG_DUMP_EVENT_LIST = 0x0500, Obsoleted */
|
|
|
|
/* smbXsrv messages */
|
|
MSG_SMBXSRV_SESSION_CLOSE = 0x0600,
|
|
MSG_SMBXSRV_CONNECTION_PASS = 0x0601,
|
|
MSG_SMBXSRV_CONNECTION_PASSED = 0x0602,
|
|
MSG_SMBXSRV_CONNECTION_DROP = 0x0603,
|
|
|
|
/* source4 and NTVFS smb server messages */
|
|
MSG_BRL_RETRY = 0x0700,
|
|
MSG_PVFS_RETRY_OPEN = 0x0701,
|
|
MSG_IRPC = 0x0702,
|
|
MSG_NTVFS_OPLOCK_BREAK = 0x0703,
|
|
MSG_DREPL_ALLOCATE_RID = 0x0704,
|
|
|
|
/*
|
|
* Audit, Authentication and Authorisation event
|
|
* messages
|
|
*/
|
|
MSG_AUTH_LOG = 0x0800,
|
|
MSG_DSDB_LOG = 0x0801,
|
|
MSG_DSDB_PWD_LOG = 0x0802,
|
|
MSG_GROUP_LOG = 0x0803,
|
|
|
|
/* dbwrap messages 4001-4999 (0x0FA0 - 0x1387) */
|
|
/* MSG_DBWRAP_TDB2_CHANGES = 4001, */
|
|
/* MSG_DBWRAP_G_LOCK_RETRY = 4002, */
|
|
MSG_DBWRAP_MODIFIED = 4003,
|
|
|
|
MSG_RPC_HOST_NEW_CLIENT = 4004,
|
|
MSG_RPC_WORKER_STATUS = 4005,
|
|
MSG_RPC_DUMP_STATUS = 4006,
|
|
|
|
/*
|
|
* source4 allows new messages to be registered at
|
|
* runtime (currently used in python bindings and in
|
|
* smbtorture). Temporary messaging endpoints are
|
|
* allocated above this line
|
|
*/
|
|
MSG_TMP_BASE = 0xF000
|
|
} messaging_type;
|
|
|
|
/* messaging struct sent across the sockets and stored in the tdb */
|
|
|
|
typedef [public] struct {
|
|
[skip] messaging_rec *prev;
|
|
[skip] messaging_rec *next;
|
|
uint32 msg_version;
|
|
messaging_type msg_type;
|
|
server_id dest;
|
|
server_id src;
|
|
DATA_BLOB buf;
|
|
uint8 num_fds;
|
|
dlong fds[num_fds];
|
|
} messaging_rec;
|
|
|
|
typedef [public] struct {
|
|
hyper rec_index;
|
|
uint32 num_recs;
|
|
messaging_rec *recs[num_recs];
|
|
} messaging_reclog;
|
|
|
|
/* This allows this well known service name to be referenced in python and C */
|
|
const string AUTH_EVENT_NAME = "auth_event";
|
|
const string DSDB_EVENT_NAME = "dsdb_event";
|
|
const string DSDB_PWD_EVENT_NAME = "dsdb_password_event";
|
|
const string DSDB_GROUP_EVENT_NAME = "dsdb_group_event";
|
|
}
|