Port knock of 445 prevents smbd from starting

Jeremy Allison jra at samba.org
Wed Jan 15 23:24:37 UTC 2020 

On Wed, Jan 15, 2020 at 03:12:45PM -0800, Jeremy Allison via samba-technical wrote:
> On Wed, Jan 15, 2020 at 11:04:25PM +0000, Christopher O Cowan - Christopher.O.Cowan at ibm.com wrote:
> > So, the inbound packet is a connection attempt by the LB, no data is being set.  It looks like it is only verifying that it completes the 3 way handshake.    From my tcpdump traces, I see the SYN -> FIN and then it ends.
> > 
> > It reports a status of NT_STATUS_END_OF_FILE.    The smb_len is 5456, as it returns from read_smb_length_return_keepalive.  Seems to me this should be 0. 
> 
> read_fd_with_timeout() should not return with zero bytes
> when called from read_smb_length_return_keepalive().
> 
> read_smb_length_return_keepalive() ->
> 
> 	status = read_fd_with_timeout(fd, inbuf, 4, 4, timeout, NULL);
> 
> where:
> 
> NTSTATUS read_fd_with_timeout(int fd, char *buf,
>                                   size_t mincnt, size_t maxcnt,
>                                   unsigned int time_out,
>                                   size_t *size_ret)
> 
> mincnt and maxcnt == 4, so it should never be
> returning NT_STATUS_OK unless it read at least
> mincnt bytes.
> 
> Can you instrument read_fd_with_timeout() to
> find out what is going on here ?

Looking at the callers in source3/smbd/process.c
the timeout should be set to zero (blocking read).

In that case you should have:

NTSTATUS read_fd_with_timeout(int fd, char *buf,
                                  size_t mincnt, size_t maxcnt,
                                  unsigned int time_out,
                                  size_t *size_ret)
{
        int pollrtn;
        ssize_t readret;
        size_t nread = 0;

        /* just checking .... */
        if (maxcnt <= 0)
                return NT_STATUS_OK;

        /* Blocking read */
        if (time_out == 0) {
                if (mincnt == 0) {
                        mincnt = maxcnt;
                }

                while (nread < mincnt) {
                        readret = sys_read(fd, buf + nread, maxcnt - nread);

                        if (readret == 0) {
                                DEBUG(5,("read_fd_with_timeout: "
                                        "blocking read. EOF from client.\n"));
                                return NT_STATUS_END_OF_FILE;
                        }

                        if (readret == -1) {
                                return map_nt_error_from_unix(errno);
                        }
                        nread += readret;
                }
                goto done;
        }

so if sys_read() returned zero you should get read_fd_with_timeout()
returning NT_STATUS_END_OF_FILE.

read_smb_length_return_keepalive() should then return
that (NT_STATUS_END_OF_FILE) to the caller and never
try and do a read of any size. See below:

NTSTATUS read_smb_length_return_keepalive(int fd, char *inbuf,
                                          unsigned int timeout,
                                          size_t *len)
{
        int msg_type;
        NTSTATUS status;

        status = read_fd_with_timeout(fd, inbuf, 4, 4, timeout, NULL);

        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }

More information about the samba-technical mailing list