Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : low level socket handling for nbt requests
5 :
6 : Copyright (C) Andrew Tridgell 2005
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "lib/events/events.h"
24 : #include "../lib/util/dlinklist.h"
25 : #include "../libcli/nbt/libnbt.h"
26 : #include "../libcli/nbt/nbt_proto.h"
27 : #include "lib/socket/socket.h"
28 : #include "librpc/gen_ndr/ndr_nbt.h"
29 : #include "param/param.h"
30 :
31 : #define NBT_MAX_REPLIES 1000
32 :
33 : /*
34 : destroy a pending request
35 : */
36 18873 : static int nbt_name_request_destructor(struct nbt_name_request *req)
37 : {
38 18873 : if (req->state == NBT_REQUEST_SEND) {
39 6566 : DLIST_REMOVE(req->nbtsock->send_queue, req);
40 : }
41 18873 : if (req->state == NBT_REQUEST_WAIT) {
42 3687 : req->nbtsock->num_pending--;
43 : }
44 18873 : if (req->name_trn_id != 0 && !req->is_reply) {
45 8649 : idr_remove(req->nbtsock->idr, req->name_trn_id);
46 8649 : req->name_trn_id = 0;
47 : }
48 18873 : TALLOC_FREE(req->te);
49 18873 : if (req->nbtsock->send_queue == NULL) {
50 17913 : TEVENT_FD_NOT_WRITEABLE(req->nbtsock->fde);
51 : }
52 32616 : if (req->nbtsock->num_pending == 0 &&
53 14845 : req->nbtsock->incoming.handler == NULL) {
54 14775 : TEVENT_FD_NOT_READABLE(req->nbtsock->fde);
55 : }
56 18873 : return 0;
57 : }
58 :
59 :
60 : /*
61 : handle send events on a nbt name socket
62 : */
63 10100 : static void nbt_name_socket_send(struct nbt_name_socket *nbtsock)
64 : {
65 : struct nbt_name_request *req;
66 10100 : TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
67 : NTSTATUS status;
68 :
69 23572 : while ((req = nbtsock->send_queue)) {
70 : size_t len;
71 :
72 11035 : len = req->encoded.length;
73 11035 : status = socket_sendto(nbtsock->sock, &req->encoded, &len,
74 11035 : req->dest);
75 11035 : if (NT_STATUS_IS_ERR(status)) goto failed;
76 :
77 4469 : if (!NT_STATUS_IS_OK(status)) {
78 0 : talloc_free(tmp_ctx);
79 0 : return;
80 : }
81 :
82 4469 : DLIST_REMOVE(nbtsock->send_queue, req);
83 4469 : req->state = NBT_REQUEST_WAIT;
84 4469 : if (req->is_reply) {
85 1588 : talloc_free(req);
86 : } else {
87 2881 : TEVENT_FD_READABLE(nbtsock->fde);
88 2881 : nbtsock->num_pending++;
89 : }
90 : }
91 :
92 3534 : TEVENT_FD_NOT_WRITEABLE(nbtsock->fde);
93 3534 : talloc_free(tmp_ctx);
94 3534 : return;
95 :
96 6566 : failed:
97 6566 : DLIST_REMOVE(nbtsock->send_queue, req);
98 6566 : nbt_name_request_destructor(req);
99 6566 : req->status = status;
100 6566 : req->state = NBT_REQUEST_ERROR;
101 6566 : talloc_free(tmp_ctx);
102 6566 : if (req->async.fn) {
103 6497 : req->async.fn(req);
104 69 : } else if (req->is_reply) {
105 16 : talloc_free(req);
106 : }
107 6566 : return;
108 : }
109 :
110 :
111 : /*
112 : handle a request timeout
113 : */
114 1478 : static void nbt_name_socket_timeout(struct tevent_context *ev, struct tevent_timer *te,
115 : struct timeval t, void *private_data)
116 : {
117 1478 : struct nbt_name_request *req = talloc_get_type(private_data,
118 : struct nbt_name_request);
119 :
120 1478 : if (req->num_retries != 0) {
121 792 : req->num_retries--;
122 792 : req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
123 : timeval_add(&t, req->timeout, 0),
124 : nbt_name_socket_timeout, req);
125 792 : if (req->state != NBT_REQUEST_SEND) {
126 777 : req->state = NBT_REQUEST_SEND;
127 777 : DLIST_ADD_END(req->nbtsock->send_queue, req);
128 : }
129 792 : TEVENT_FD_WRITEABLE(req->nbtsock->fde);
130 792 : return;
131 : }
132 :
133 686 : nbt_name_request_destructor(req);
134 686 : if (req->num_replies == 0) {
135 686 : req->state = NBT_REQUEST_TIMEOUT;
136 686 : req->status = NT_STATUS_IO_TIMEOUT;
137 : } else {
138 0 : req->state = NBT_REQUEST_DONE;
139 0 : req->status = NT_STATUS_OK;
140 : }
141 686 : if (req->async.fn) {
142 633 : req->async.fn(req);
143 53 : } else if (req->is_reply) {
144 0 : talloc_free(req);
145 : }
146 : }
147 :
148 :
149 :
150 : /**
151 : handle recv events on a nbt name socket
152 : */
153 12489 : static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
154 : {
155 12489 : TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
156 : NTSTATUS status;
157 : enum ndr_err_code ndr_err;
158 : struct socket_address *src;
159 : DATA_BLOB blob;
160 : size_t nread, dsize;
161 : struct nbt_name_packet *packet;
162 : struct nbt_name_request *req;
163 :
164 12489 : status = socket_pending(nbtsock->sock, &dsize);
165 12489 : if (!NT_STATUS_IS_OK(status)) {
166 0 : talloc_free(tmp_ctx);
167 2697 : return;
168 : }
169 :
170 : /*
171 : * Given a zero length, data_blob_talloc() returns the
172 : * NULL blob {NULL, 0}.
173 : *
174 : * We only want to error return here on a real out of memory condition
175 : * (i.e. dsize != 0, so the UDP packet has data, but the return of the
176 : * allocation failed, so blob.data==NULL).
177 : *
178 : * Given an actual zero length UDP packet having blob.data == NULL
179 : * isn't an out of memory error condition, that's the defined semantics
180 : * of data_blob_talloc() when asked for zero bytes.
181 : *
182 : * We still need to continue to do the zero-length socket_recvfrom()
183 : * read in order to clear the "read pending" condition on the socket.
184 : */
185 12489 : blob = data_blob_talloc(tmp_ctx, NULL, dsize);
186 12489 : if (blob.data == NULL && dsize != 0) {
187 0 : talloc_free(tmp_ctx);
188 0 : return;
189 : }
190 :
191 12489 : status = socket_recvfrom(nbtsock->sock, blob.data, blob.length, &nread,
192 : tmp_ctx, &src);
193 12489 : if (!NT_STATUS_IS_OK(status)) {
194 0 : talloc_free(tmp_ctx);
195 0 : return;
196 : }
197 :
198 12489 : packet = talloc(tmp_ctx, struct nbt_name_packet);
199 12489 : if (packet == NULL) {
200 0 : talloc_free(tmp_ctx);
201 0 : return;
202 : }
203 :
204 : /* parse the request */
205 12489 : ndr_err = ndr_pull_struct_blob(&blob, packet, packet,
206 : (ndr_pull_flags_fn_t)ndr_pull_nbt_name_packet);
207 12489 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
208 0 : status = ndr_map_error2ntstatus(ndr_err);
209 0 : DEBUG(2,("Failed to parse incoming NBT name packet - %s\n",
210 : nt_errstr(status)));
211 0 : talloc_free(tmp_ctx);
212 0 : return;
213 : }
214 :
215 12489 : if (DEBUGLVL(10)) {
216 0 : DEBUG(10,("Received nbt packet of length %d from %s:%d\n",
217 : (int)blob.length, src->addr, src->port));
218 0 : NDR_PRINT_DEBUG(nbt_name_packet, packet);
219 : }
220 :
221 : /* if its not a reply then pass it off to the incoming request
222 : handler, if any */
223 12489 : if (!(packet->operation & NBT_FLAG_REPLY)) {
224 11098 : if (nbtsock->incoming.handler) {
225 11098 : nbtsock->incoming.handler(nbtsock, packet, src);
226 : }
227 11098 : talloc_free(tmp_ctx);
228 11098 : return;
229 : }
230 :
231 : /* find the matching request */
232 1391 : req = (struct nbt_name_request *)idr_find(nbtsock->idr,
233 1391 : packet->name_trn_id);
234 1391 : if (req == NULL) {
235 5 : if (nbtsock->unexpected.handler) {
236 0 : nbtsock->unexpected.handler(nbtsock, packet, src);
237 : } else {
238 5 : DEBUG(10,("Failed to match request for incoming name packet id 0x%04x on %p\n",
239 : packet->name_trn_id, nbtsock));
240 : }
241 5 : talloc_free(tmp_ctx);
242 5 : return;
243 : }
244 :
245 1386 : talloc_steal(req, packet);
246 1386 : talloc_steal(req, src);
247 1386 : talloc_free(tmp_ctx);
248 1386 : nbt_name_socket_handle_response_packet(req, packet, src);
249 : }
250 :
251 1386 : void nbt_name_socket_handle_response_packet(struct nbt_name_request *req,
252 : struct nbt_name_packet *packet,
253 : struct socket_address *src)
254 : {
255 : /* if this is a WACK response, this we need to go back to waiting,
256 : but perhaps increase the timeout */
257 1386 : if ((packet->operation & NBT_OPCODE) == NBT_OPCODE_WACK) {
258 : uint32_t ttl;
259 18 : if (req->received_wack || packet->ancount < 1) {
260 0 : nbt_name_request_destructor(req);
261 0 : req->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
262 0 : req->state = NBT_REQUEST_ERROR;
263 0 : goto done;
264 : }
265 18 : talloc_free(req->te);
266 : /* we know we won't need any more retries - the server
267 : has received our request */
268 18 : req->num_retries = 0;
269 18 : req->received_wack = true;
270 : /*
271 : * there is a timeout in the packet,
272 : * it is 5 + 4 * num_old_addresses
273 : *
274 : * although w2k3 screws it up
275 : * and uses num_old_addresses = 0
276 : *
277 : * so we better fallback to the maximum
278 : * of num_old_addresses = 25 if we got
279 : * a timeout of less than 9s (5 + 4*1)
280 : * or more than 105s (5 + 4*25).
281 : */
282 18 : ttl = packet->answers[0].ttl;
283 18 : if ((ttl < (5 + 4*1)) || (ttl > (5 + 4*25))) {
284 0 : ttl = 5 + 4*25;
285 : }
286 18 : req->timeout = ttl;
287 18 : req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
288 : timeval_current_ofs(req->timeout, 0),
289 : nbt_name_socket_timeout, req);
290 18 : return;
291 : }
292 :
293 :
294 1368 : req->replies = talloc_realloc(req, req->replies, struct nbt_name_reply, req->num_replies+1);
295 1368 : if (req->replies == NULL) {
296 0 : nbt_name_request_destructor(req);
297 0 : req->state = NBT_REQUEST_ERROR;
298 0 : req->status = NT_STATUS_NO_MEMORY;
299 0 : goto done;
300 : }
301 :
302 1368 : talloc_steal(req, src);
303 1368 : req->replies[req->num_replies].dest = src;
304 1368 : talloc_steal(req, packet);
305 1368 : req->replies[req->num_replies].packet = packet;
306 1368 : req->num_replies++;
307 :
308 : /* if we don't want multiple replies then we are done */
309 1368 : if (req->allow_multiple_replies &&
310 0 : req->num_replies < NBT_MAX_REPLIES) {
311 0 : return;
312 : }
313 :
314 1368 : nbt_name_request_destructor(req);
315 1368 : req->state = NBT_REQUEST_DONE;
316 1368 : req->status = NT_STATUS_OK;
317 :
318 1368 : done:
319 1368 : if (req->async.fn) {
320 297 : req->async.fn(req);
321 : }
322 : }
323 :
324 : /*
325 : handle fd events on a nbt_name_socket
326 : */
327 22252 : static void nbt_name_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
328 : uint16_t flags, void *private_data)
329 : {
330 22252 : struct nbt_name_socket *nbtsock = talloc_get_type(private_data,
331 : struct nbt_name_socket);
332 22252 : if (flags & TEVENT_FD_WRITE) {
333 10100 : nbt_name_socket_send(nbtsock);
334 : }
335 22252 : if (flags & TEVENT_FD_READ) {
336 12489 : nbt_name_socket_recv(nbtsock);
337 : }
338 22252 : }
339 :
340 :
341 : /*
342 : initialise a nbt_name_socket. The event_ctx is optional, if provided
343 : then operations will use that event context
344 : */
345 7249 : _PUBLIC_ struct nbt_name_socket *nbt_name_socket_init(TALLOC_CTX *mem_ctx,
346 : struct tevent_context *event_ctx)
347 : {
348 : struct nbt_name_socket *nbtsock;
349 : NTSTATUS status;
350 :
351 7249 : nbtsock = talloc(mem_ctx, struct nbt_name_socket);
352 7249 : if (nbtsock == NULL) goto failed;
353 :
354 7249 : nbtsock->event_ctx = event_ctx;
355 7249 : if (nbtsock->event_ctx == NULL) goto failed;
356 :
357 7249 : status = socket_create(nbtsock, "ip", SOCKET_TYPE_DGRAM,
358 : &nbtsock->sock, 0);
359 7249 : if (!NT_STATUS_IS_OK(status)) goto failed;
360 :
361 7249 : socket_set_option(nbtsock->sock, "SO_BROADCAST", "1");
362 :
363 7249 : nbtsock->idr = idr_init(nbtsock);
364 7249 : if (nbtsock->idr == NULL) goto failed;
365 :
366 7249 : nbtsock->send_queue = NULL;
367 7249 : nbtsock->num_pending = 0;
368 7249 : nbtsock->incoming.handler = NULL;
369 7249 : nbtsock->unexpected.handler = NULL;
370 :
371 7249 : nbtsock->fde = tevent_add_fd(nbtsock->event_ctx, nbtsock,
372 : socket_get_fd(nbtsock->sock), 0,
373 : nbt_name_socket_handler, nbtsock);
374 :
375 7249 : return nbtsock;
376 :
377 0 : failed:
378 0 : talloc_free(nbtsock);
379 0 : return NULL;
380 : }
381 :
382 : /*
383 : send off a nbt name request
384 : */
385 8649 : struct nbt_name_request *nbt_name_request_send(TALLOC_CTX *mem_ctx,
386 : struct nbt_name_socket *nbtsock,
387 : struct socket_address *dest,
388 : struct nbt_name_packet *request,
389 : int timeout, int retries,
390 : bool allow_multiple_replies)
391 : {
392 : struct nbt_name_request *req;
393 : int id;
394 : enum ndr_err_code ndr_err;
395 :
396 8649 : req = talloc_zero(mem_ctx, struct nbt_name_request);
397 8649 : if (req == NULL) goto failed;
398 :
399 8649 : req->nbtsock = nbtsock;
400 8649 : req->allow_multiple_replies = allow_multiple_replies;
401 8649 : req->state = NBT_REQUEST_SEND;
402 8649 : req->is_reply = false;
403 8649 : req->timeout = timeout;
404 8649 : req->num_retries = retries;
405 8649 : req->dest = socket_address_copy(req, dest);
406 8649 : if (req->dest == NULL) goto failed;
407 :
408 : /* we select a random transaction id unless the user supplied one */
409 8649 : if (request->name_trn_id == 0) {
410 8649 : id = idr_get_new_random(req->nbtsock->idr, req, UINT16_MAX);
411 : } else {
412 0 : if (idr_find(req->nbtsock->idr, request->name_trn_id)) goto failed;
413 0 : id = idr_get_new_above(req->nbtsock->idr, req, request->name_trn_id,
414 : UINT16_MAX);
415 : }
416 8649 : if (id == -1) goto failed;
417 :
418 8649 : request->name_trn_id = id;
419 8649 : req->name_trn_id = id;
420 :
421 8649 : req->te = tevent_add_timer(nbtsock->event_ctx, req,
422 : timeval_current_ofs(req->timeout, 0),
423 : nbt_name_socket_timeout, req);
424 :
425 8649 : talloc_set_destructor(req, nbt_name_request_destructor);
426 :
427 8649 : ndr_err = ndr_push_struct_blob(&req->encoded, req,
428 : request,
429 : (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
430 8649 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
431 :
432 8649 : DLIST_ADD_END(nbtsock->send_queue, req);
433 :
434 8649 : if (DEBUGLVL(10)) {
435 0 : DEBUG(10,("Queueing nbt packet to %s:%d\n",
436 : req->dest->addr, req->dest->port));
437 0 : NDR_PRINT_DEBUG(nbt_name_packet, request);
438 : }
439 :
440 8649 : TEVENT_FD_WRITEABLE(nbtsock->fde);
441 :
442 8649 : return req;
443 :
444 0 : failed:
445 0 : talloc_free(req);
446 0 : return NULL;
447 : }
448 :
449 :
450 : /*
451 : send off a nbt name reply
452 : */
453 1604 : _PUBLIC_ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
454 : struct socket_address *dest,
455 : struct nbt_name_packet *request)
456 : {
457 : struct nbt_name_request *req;
458 : enum ndr_err_code ndr_err;
459 :
460 1604 : req = talloc_zero(nbtsock, struct nbt_name_request);
461 1604 : NT_STATUS_HAVE_NO_MEMORY(req);
462 :
463 1604 : req->nbtsock = nbtsock;
464 1604 : req->dest = socket_address_copy(req, dest);
465 1604 : if (req->dest == NULL) goto failed;
466 1604 : req->state = NBT_REQUEST_SEND;
467 1604 : req->is_reply = true;
468 :
469 1604 : talloc_set_destructor(req, nbt_name_request_destructor);
470 :
471 1604 : if (DEBUGLVL(10)) {
472 0 : NDR_PRINT_DEBUG(nbt_name_packet, request);
473 : }
474 :
475 1604 : ndr_err = ndr_push_struct_blob(&req->encoded, req,
476 : request,
477 : (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
478 1604 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
479 0 : talloc_free(req);
480 0 : return ndr_map_error2ntstatus(ndr_err);
481 : }
482 :
483 1604 : DLIST_ADD_END(nbtsock->send_queue, req);
484 :
485 1604 : TEVENT_FD_WRITEABLE(nbtsock->fde);
486 :
487 1604 : return NT_STATUS_OK;
488 :
489 0 : failed:
490 0 : talloc_free(req);
491 0 : return NT_STATUS_NO_MEMORY;
492 : }
493 :
494 : /*
495 : wait for a nbt request to complete
496 : */
497 8604 : NTSTATUS nbt_name_request_recv(struct nbt_name_request *req)
498 : {
499 8604 : if (!req) return NT_STATUS_NO_MEMORY;
500 :
501 18862 : while (req->state < NBT_REQUEST_DONE) {
502 2512 : if (tevent_loop_once(req->nbtsock->event_ctx) != 0) {
503 0 : req->state = NBT_REQUEST_ERROR;
504 0 : req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
505 0 : break;
506 : }
507 : }
508 8604 : return req->status;
509 : }
510 :
511 :
512 : /*
513 : setup a handler for incoming requests
514 : */
515 515 : _PUBLIC_ NTSTATUS nbt_set_incoming_handler(struct nbt_name_socket *nbtsock,
516 : void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
517 : struct socket_address *),
518 : void *private_data)
519 : {
520 515 : nbtsock->incoming.handler = handler;
521 515 : nbtsock->incoming.private_data = private_data;
522 515 : TEVENT_FD_READABLE(nbtsock->fde);
523 515 : return NT_STATUS_OK;
524 : }
525 :
526 : /*
527 : setup a handler for unexpected requests
528 : */
529 106 : NTSTATUS nbt_set_unexpected_handler(struct nbt_name_socket *nbtsock,
530 : void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
531 : struct socket_address *),
532 : void *private_data)
533 : {
534 106 : nbtsock->unexpected.handler = handler;
535 106 : nbtsock->unexpected.private_data = private_data;
536 106 : TEVENT_FD_READABLE(nbtsock->fde);
537 106 : return NT_STATUS_OK;
538 : }
539 :
540 : /*
541 : turn a NBT rcode into a NTSTATUS
542 : */
543 30 : _PUBLIC_ NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode)
544 : {
545 : size_t i;
546 : struct {
547 : enum nbt_rcode rcode;
548 : NTSTATUS status;
549 30 : } map[] = {
550 : { NBT_RCODE_FMT, NT_STATUS_INVALID_PARAMETER },
551 : { NBT_RCODE_SVR, NT_STATUS_SERVER_DISABLED },
552 : { NBT_RCODE_NAM, NT_STATUS_OBJECT_NAME_NOT_FOUND },
553 : { NBT_RCODE_IMP, NT_STATUS_NOT_SUPPORTED },
554 : { NBT_RCODE_RFS, NT_STATUS_ACCESS_DENIED },
555 : { NBT_RCODE_ACT, NT_STATUS_ADDRESS_ALREADY_EXISTS },
556 : { NBT_RCODE_CFT, NT_STATUS_CONFLICTING_ADDRESSES }
557 : };
558 90 : for (i=0;i<ARRAY_SIZE(map);i++) {
559 90 : if (map[i].rcode == rcode) {
560 30 : return map[i].status;
561 : }
562 : }
563 0 : return NT_STATUS_UNSUCCESSFUL;
564 : }
|
