[PATCHES] smbcontrol disconnect-client
Jeremy Allison
jra at samba.org
Wed Dec 11 17:29:03 MST 2013
On Wed, Dec 11, 2013 at 11:15:10AM -0700, Christof Schmitt wrote:
> Changing the name is easy. :-)
>
> I took a look at the suggestions and it should not be too difficult to
> implement a call that revokes all oplocks. So we could have two calls to
> disconnect a client:
>
> 1) smbcontrol kill-client-connections:
> - Just exit the server.
>
> 2) smbcontrol drop-client-connections:
> - Set a flag to no longer grant exclusive oplocks
> - Send a break for all exclusive oplocks
> - When oplocks.exclusive_open is zero, then exit.
> This should always work, since oplocks are considered broken after
> the OPLOCK_BREAK_TIMEOUT.
>
> What is the best way forward here? Rename the control to
> kill-client-connections and push the patches? And then start working on
> the second command?
How about 'kill-client-ip' - more specific ?
Here is the modified patchset that implements
the rename. Let me know if you're ok with it
(and feel free to push if happy).
Cheers,
Jeremy.
-------------- next part --------------
From 3dda49887a9b19889113289853bd01c0ffb3b816 Mon Sep 17 00:00:00 2001
From: Christian Ambach <ambi at samba.org>
Date: Fri, 15 Mar 2013 15:06:41 +0100
Subject: [PATCH 1/4] s3:messaging add MSG_SMB_KILL_CLIENT_IP message
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
---
source3/librpc/idl/messaging.idl | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl
index 39532f0..e389e63 100644
--- a/source3/librpc/idl/messaging.idl
+++ b/source3/librpc/idl/messaging.idl
@@ -89,6 +89,9 @@ interface messaging
MSG_SMB_NOTIFY_CLEANUP = 0x0314,
MSG_SMB_SCAVENGER = 0x0315,
+ /* shutdown connection for given client */
+ MSG_SMB_KILL_CLIENT_IP = 0x0316,
+
/* winbind messages */
MSG_WINBIND_FINISHED = 0x0401,
MSG_WINBIND_FORGET_STATE = 0x0402,
--
1.8.5.1
From ceb449aa738263d75f4d21e9999133d3b12f9d47 Mon Sep 17 00:00:00 2001
From: Christian Ambach <ambi at samba.org>
Date: Fri, 15 Mar 2013 15:08:22 +0100
Subject: [PATCH 2/4] s3:smbd react on message that client should be
disconnected
if MSG_SMB_KILL_CLIENT_IP message comes in and our client has
the IP address given as argument, then shutdown the connection immediately
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
---
source3/smbd/process.c | 32 ++++++++++++++++++++++++++++++++
source3/smbd/server.c | 13 +++++++++++++
2 files changed, 45 insertions(+)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 09fe910..cd5da4c 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -2563,6 +2563,32 @@ static int client_get_tcp_info(int sock, struct sockaddr_storage *server,
}
#endif
+static void msg_kill_client_ip(struct messaging_context *msg_ctx,
+ void *private_data, uint32_t msg_type,
+ struct server_id server_id, DATA_BLOB *data)
+{
+ struct smbd_server_connection *sconn = talloc_get_type_abort(
+ private_data, struct smbd_server_connection);
+ const char *ip = (char *) data->data;
+ char *client_ip;
+
+ DEBUG(10, ("Got kill request for client IP %s\n", ip));
+
+ client_ip = tsocket_address_inet_addr_string(sconn->remote_address,
+ talloc_tos());
+ if (client_ip == NULL) {
+ return;
+ }
+
+ if (strequal(ip, client_ip)) {
+ DEBUG(1, ("Got kill client message for %s - "
+ "exiting immediately\n", ip));
+ exit_server_cleanly("Forced disconnect for client");
+ }
+
+ TALLOC_FREE(client_ip);
+}
+
/*
* Send keepalive packets to our client
*/
@@ -3528,6 +3554,12 @@ void smbd_process(struct tevent_context *ev_ctx,
messaging_register(sconn->msg_ctx, sconn,
MSG_SMB_CONF_UPDATED, smbd_conf_updated);
+ messaging_deregister(sconn->msg_ctx, MSG_SMB_KILL_CLIENT_IP,
+ NULL);
+ messaging_register(sconn->msg_ctx, sconn,
+ MSG_SMB_KILL_CLIENT_IP,
+ msg_kill_client_ip);
+
/*
* Use the default MSG_DEBUG handler to avoid rebroadcasting
* MSGs to all child processes
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 36be019..b36bf36 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -370,6 +370,17 @@ static void smb_parent_force_tdis(struct messaging_context *ctx,
messaging_send_to_children(ctx, msg_type, msg_data);
}
+static void smb_parent_kill_client_by_ip(struct messaging_context *ctx,
+ void *data,
+ uint32_t msg_type,
+ struct server_id srv_id,
+ DATA_BLOB* msg_data)
+{
+ if (am_parent) {
+ messaging_send_to_children(ctx, msg_type, msg_data);
+ }
+}
+
static void add_child_pid(struct smbd_parent_context *parent,
pid_t pid)
{
@@ -877,6 +888,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
brl_revalidate);
messaging_register(msg_ctx, NULL, MSG_SMB_FORCE_TDIS,
smb_parent_force_tdis);
+ messaging_register(msg_ctx, NULL, MSG_SMB_KILL_CLIENT_IP,
+ smb_parent_kill_client_by_ip);
messaging_register(msg_ctx, NULL,
ID_CACHE_DELETE, smbd_parent_id_cache_delete);
--
1.8.5.1
From 0b9258f93b7327cc1a644f0088cd18d76a0cda70 Mon Sep 17 00:00:00 2001
From: Christian Ambach <ambi at samba.org>
Date: Fri, 15 Mar 2013 15:09:18 +0100
Subject: [PATCH 3/4] s3:utils/smbcontrol implement kill-client-ip in
smbcontrol
allows the admin to forcefully shutdown the connection of a specified client by IP address
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
---
source3/utils/smbcontrol.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index 00b23f7..87ca7e4 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -790,6 +790,27 @@ static bool do_closeshare(struct tevent_context *ev_ctx,
strlen(argv[1]) + 1);
}
+/* Kill a client by IP address */
+static bool do_kill_client_by_ip(struct tevent_context *ev_ctx,
+ struct messaging_context *msg_ctx,
+ const struct server_id pid,
+ const int argc, const char **argv)
+{
+ if (argc != 2) {
+ fprintf(stderr, "Usage: smbcontrol <dest> kill-client-ip "
+ "<IP address>\n");
+ return false;
+ }
+
+ if (!is_ipaddress_v4(argv[1]) && !is_ipaddress_v6(argv[1])) {
+ fprintf(stderr, "%s is not a valid IP address!\n", argv[1]);
+ return false;
+ }
+
+ return send_message(msg_ctx, pid, MSG_SMB_KILL_CLIENT_IP,
+ argv[1], strlen(argv[1]) + 1);
+}
+
/* Tell winbindd an IP got dropped */
static bool do_ip_dropped(struct tevent_context *ev_ctx,
@@ -1287,6 +1308,8 @@ static const struct {
{ "debuglevel", do_debuglevel, "Display current debuglevels" },
{ "printnotify", do_printnotify, "Send a print notify message" },
{ "close-share", do_closeshare, "Forcibly disconnect a share" },
+ { "kill-client-ip", do_kill_client_by_ip,
+ "Forcibly disconnect a client with a specific IP address" },
{ "ip-dropped", do_ip_dropped, "Tell winbind that an IP got dropped" },
{ "lockretry", do_lockretry, "Force a blocking lock retry" },
{ "brl-revalidate", do_brl_revalidate, "Revalidate all brl entries" },
--
1.8.5.1
From c6e6fd90444ebadc4757791f6099107359612328 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Fri, 6 Dec 2013 16:03:30 -0700
Subject: [PATCH 4/4] docs: Add kill-client-ip to smbcontrol manpage
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
---
docs-xml/manpages/smbcontrol.1.xml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docs-xml/manpages/smbcontrol.1.xml b/docs-xml/manpages/smbcontrol.1.xml
index 64c9d48..6f4a294 100644
--- a/docs-xml/manpages/smbcontrol.1.xml
+++ b/docs-xml/manpages/smbcontrol.1.xml
@@ -131,6 +131,15 @@
</varlistentry>
<varlistentry>
+ <term>kill-client-ip</term>
+ <listitem><para>Order smbd to close the client connections from a
+ given IP address. This message-type takes an argument of the IP
+ address from which client connections will be closed. This message
+ can only be sent to <constant>smbd</constant>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>force-election</term>
<listitem><para>This message causes the <command>nmbd</command> daemon to
force a new browse master election. </para>
--
1.8.5.1
More information about the samba-technical
mailing list