Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : low level socket handling for nbt requests
5 :
6 : Copyright (C) Andrew Tridgell 2005
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "lib/events/events.h"
24 : #include "../lib/util/dlinklist.h"
25 : #include "../libcli/nbt/libnbt.h"
26 : #include "../libcli/nbt/nbt_proto.h"
27 : #include "lib/socket/socket.h"
28 : #include "librpc/gen_ndr/ndr_nbt.h"
29 : #include "param/param.h"
30 : #include "lib/util/idtree_random.h"
31 :
32 : #define NBT_MAX_REPLIES 1000
33 :
34 : /*
35 : destroy a pending request
36 : */
37 24168 : static int nbt_name_request_destructor(struct nbt_name_request *req)
38 : {
39 24168 : if (req->state == NBT_REQUEST_SEND) {
40 9050 : DLIST_REMOVE(req->nbtsock->send_queue, req);
41 : }
42 24168 : if (req->state == NBT_REQUEST_WAIT) {
43 3898 : req->nbtsock->num_pending--;
44 : }
45 24168 : if (req->name_trn_id != 0 && !req->is_reply) {
46 11279 : idr_remove(req->nbtsock->idr, req->name_trn_id);
47 11279 : req->name_trn_id = 0;
48 : }
49 24168 : TALLOC_FREE(req->te);
50 24168 : if (req->nbtsock->send_queue == NULL) {
51 23056 : TEVENT_FD_NOT_WRITEABLE(req->nbtsock->fde);
52 : }
53 24168 : if (req->nbtsock->num_pending == 0 &&
54 19548 : req->nbtsock->incoming.handler == NULL) {
55 19465 : TEVENT_FD_NOT_READABLE(req->nbtsock->fde);
56 : }
57 24168 : return 0;
58 : }
59 :
60 :
61 : /*
62 : handle send events on a nbt name socket
63 : */
64 12776 : static void nbt_name_socket_send(struct nbt_name_socket *nbtsock)
65 : {
66 89 : struct nbt_name_request *req;
67 12776 : TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
68 89 : NTSTATUS status;
69 :
70 17607 : while ((req = nbtsock->send_queue)) {
71 118 : size_t len;
72 :
73 13877 : len = req->encoded.length;
74 13995 : status = socket_sendto(nbtsock->sock, &req->encoded, &len,
75 13877 : req->dest);
76 13877 : if (NT_STATUS_IS_ERR(status)) goto failed;
77 :
78 4831 : if (!NT_STATUS_IS_OK(status)) {
79 0 : talloc_free(tmp_ctx);
80 0 : return;
81 : }
82 :
83 4831 : DLIST_REMOVE(nbtsock->send_queue, req);
84 4831 : req->state = NBT_REQUEST_WAIT;
85 4831 : if (req->is_reply) {
86 1639 : talloc_free(req);
87 : } else {
88 3192 : TEVENT_FD_READABLE(nbtsock->fde);
89 3192 : nbtsock->num_pending++;
90 : }
91 : }
92 :
93 3730 : TEVENT_FD_NOT_WRITEABLE(nbtsock->fde);
94 3730 : talloc_free(tmp_ctx);
95 3730 : return;
96 :
97 9046 : failed:
98 9046 : DLIST_REMOVE(nbtsock->send_queue, req);
99 9046 : nbt_name_request_destructor(req);
100 9046 : req->status = status;
101 9046 : req->state = NBT_REQUEST_ERROR;
102 9046 : talloc_free(tmp_ctx);
103 9046 : if (req->async.fn) {
104 8954 : req->async.fn(req);
105 92 : } else if (req->is_reply) {
106 26 : talloc_free(req);
107 : }
108 9030 : return;
109 : }
110 :
111 :
112 : /*
113 : handle a request timeout
114 : */
115 1798 : static void nbt_name_socket_timeout(struct tevent_context *ev, struct tevent_timer *te,
116 : struct timeval t, void *private_data)
117 : {
118 1798 : struct nbt_name_request *req = talloc_get_type(private_data,
119 : struct nbt_name_request);
120 :
121 1798 : if (req->num_retries != 0) {
122 965 : req->num_retries--;
123 965 : req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
124 : timeval_add(&t, req->timeout, 0),
125 : nbt_name_socket_timeout, req);
126 965 : if (req->state != NBT_REQUEST_SEND) {
127 928 : req->state = NBT_REQUEST_SEND;
128 928 : DLIST_ADD_END(req->nbtsock->send_queue, req);
129 : }
130 965 : TEVENT_FD_WRITEABLE(req->nbtsock->fde);
131 965 : return;
132 : }
133 :
134 833 : nbt_name_request_destructor(req);
135 833 : if (req->num_replies == 0) {
136 833 : req->state = NBT_REQUEST_TIMEOUT;
137 833 : req->status = NT_STATUS_IO_TIMEOUT;
138 : } else {
139 0 : req->state = NBT_REQUEST_DONE;
140 0 : req->status = NT_STATUS_OK;
141 : }
142 833 : if (req->async.fn) {
143 767 : req->async.fn(req);
144 66 : } else if (req->is_reply) {
145 0 : talloc_free(req);
146 : }
147 : }
148 :
149 :
150 :
151 : /**
152 : handle recv events on a nbt name socket
153 : */
154 13132 : static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
155 : {
156 13132 : TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
157 131 : NTSTATUS status;
158 131 : enum ndr_err_code ndr_err;
159 131 : struct socket_address *src;
160 131 : DATA_BLOB blob;
161 131 : size_t nread, dsize;
162 131 : struct nbt_name_packet *packet;
163 131 : struct nbt_name_request *req;
164 :
165 13132 : status = socket_pending(nbtsock->sock, &dsize);
166 13132 : if (!NT_STATUS_IS_OK(status)) {
167 0 : talloc_free(tmp_ctx);
168 11773 : return;
169 : }
170 :
171 : /*
172 : * Given a zero length, data_blob_talloc() returns the
173 : * NULL blob {NULL, 0}.
174 : *
175 : * We only want to error return here on a real out of memory condition
176 : * (i.e. dsize != 0, so the UDP packet has data, but the return of the
177 : * allocation failed, so blob.data==NULL).
178 : *
179 : * Given an actual zero length UDP packet having blob.data == NULL
180 : * isn't an out of memory error condition, that's the defined semantics
181 : * of data_blob_talloc() when asked for zero bytes.
182 : *
183 : * We still need to continue to do the zero-length socket_recvfrom()
184 : * read in order to clear the "read pending" condition on the socket.
185 : */
186 13132 : blob = data_blob_talloc(tmp_ctx, NULL, dsize);
187 13132 : if (blob.data == NULL && dsize != 0) {
188 0 : talloc_free(tmp_ctx);
189 0 : return;
190 : }
191 :
192 13132 : status = socket_recvfrom(nbtsock->sock, blob.data, blob.length, &nread,
193 : tmp_ctx, &src);
194 13132 : if (!NT_STATUS_IS_OK(status)) {
195 2 : talloc_free(tmp_ctx);
196 2 : return;
197 : }
198 :
199 13130 : packet = talloc(tmp_ctx, struct nbt_name_packet);
200 13130 : if (packet == NULL) {
201 0 : talloc_free(tmp_ctx);
202 0 : return;
203 : }
204 :
205 : /* parse the request */
206 13130 : ndr_err = ndr_pull_struct_blob(&blob, packet, packet,
207 : (ndr_pull_flags_fn_t)ndr_pull_nbt_name_packet);
208 13130 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
209 0 : status = ndr_map_error2ntstatus(ndr_err);
210 0 : DEBUG(2,("Failed to parse incoming NBT name packet - %s\n",
211 : nt_errstr(status)));
212 0 : talloc_free(tmp_ctx);
213 0 : return;
214 : }
215 :
216 13130 : if (DEBUGLVL(10)) {
217 0 : DEBUG(10,("Received nbt packet of length %d from %s:%d\n",
218 : (int)blob.length, src->addr, src->port));
219 0 : NDR_PRINT_DEBUG(nbt_name_packet, packet);
220 : }
221 :
222 : /* if its not a reply then pass it off to the incoming request
223 : handler, if any */
224 13130 : if (!(packet->operation & NBT_FLAG_REPLY)) {
225 11766 : if (nbtsock->incoming.handler) {
226 11766 : nbtsock->incoming.handler(nbtsock, packet, src);
227 : }
228 11766 : talloc_free(tmp_ctx);
229 11766 : return;
230 : }
231 :
232 : /* find the matching request */
233 1389 : req = (struct nbt_name_request *)idr_find(nbtsock->idr,
234 1364 : packet->name_trn_id);
235 1364 : if (req == NULL) {
236 5 : if (nbtsock->unexpected.handler) {
237 0 : nbtsock->unexpected.handler(nbtsock, packet, src);
238 : } else {
239 5 : DEBUG(10,("Failed to match request for incoming name packet id 0x%04x on %p\n",
240 : packet->name_trn_id, nbtsock));
241 : }
242 5 : talloc_free(tmp_ctx);
243 5 : return;
244 : }
245 :
246 1359 : talloc_steal(req, packet);
247 1359 : talloc_steal(req, src);
248 1359 : talloc_free(tmp_ctx);
249 1359 : nbt_name_socket_handle_response_packet(req, packet, src);
250 : }
251 :
252 1359 : void nbt_name_socket_handle_response_packet(struct nbt_name_request *req,
253 : struct nbt_name_packet *packet,
254 : struct socket_address *src)
255 : {
256 : /* if this is a WACK response, this we need to go back to waiting,
257 : but perhaps increase the timeout */
258 1359 : if ((packet->operation & NBT_OPCODE) == NBT_OPCODE_WACK) {
259 0 : uint32_t ttl;
260 18 : if (req->received_wack || packet->ancount < 1) {
261 0 : nbt_name_request_destructor(req);
262 0 : req->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
263 0 : req->state = NBT_REQUEST_ERROR;
264 0 : goto done;
265 : }
266 18 : talloc_free(req->te);
267 : /* we know we won't need any more retries - the server
268 : has received our request */
269 18 : req->num_retries = 0;
270 18 : req->received_wack = true;
271 : /*
272 : * there is a timeout in the packet,
273 : * it is 5 + 4 * num_old_addresses
274 : *
275 : * although w2k3 screws it up
276 : * and uses num_old_addresses = 0
277 : *
278 : * so we better fallback to the maximum
279 : * of num_old_addresses = 25 if we got
280 : * a timeout of less than 9s (5 + 4*1)
281 : * or more than 105s (5 + 4*25).
282 : */
283 18 : ttl = packet->answers[0].ttl;
284 18 : if ((ttl < (5 + 4*1)) || (ttl > (5 + 4*25))) {
285 0 : ttl = 5 + 4*25;
286 : }
287 18 : req->timeout = ttl;
288 18 : req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
289 : timeval_current_ofs(req->timeout, 0),
290 : nbt_name_socket_timeout, req);
291 18 : return;
292 : }
293 :
294 :
295 1341 : req->replies = talloc_realloc(req, req->replies, struct nbt_name_reply, req->num_replies+1);
296 1341 : if (req->replies == NULL) {
297 0 : nbt_name_request_destructor(req);
298 0 : req->state = NBT_REQUEST_ERROR;
299 0 : req->status = NT_STATUS_NO_MEMORY;
300 0 : goto done;
301 : }
302 :
303 1341 : talloc_steal(req, src);
304 1341 : req->replies[req->num_replies].dest = src;
305 1341 : talloc_steal(req, packet);
306 1341 : req->replies[req->num_replies].packet = packet;
307 1341 : req->num_replies++;
308 :
309 : /* if we don't want multiple replies then we are done */
310 1341 : if (req->allow_multiple_replies &&
311 0 : req->num_replies < NBT_MAX_REPLIES) {
312 0 : return;
313 : }
314 :
315 1341 : nbt_name_request_destructor(req);
316 1341 : req->state = NBT_REQUEST_DONE;
317 1341 : req->status = NT_STATUS_OK;
318 :
319 1341 : done:
320 1341 : if (req->async.fn) {
321 120 : req->async.fn(req);
322 : }
323 : }
324 :
325 : /*
326 : handle fd events on a nbt_name_socket
327 : */
328 25537 : static void nbt_name_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
329 : uint16_t flags, void *private_data)
330 : {
331 25537 : struct nbt_name_socket *nbtsock = talloc_get_type(private_data,
332 : struct nbt_name_socket);
333 25537 : if (flags & TEVENT_FD_WRITE) {
334 12776 : nbt_name_socket_send(nbtsock);
335 : }
336 25537 : if (flags & TEVENT_FD_READ) {
337 13132 : nbt_name_socket_recv(nbtsock);
338 : }
339 25537 : }
340 :
341 :
342 : /*
343 : initialise a nbt_name_socket. The event_ctx is optional, if provided
344 : then operations will use that event context
345 : */
346 9655 : _PUBLIC_ struct nbt_name_socket *nbt_name_socket_init(TALLOC_CTX *mem_ctx,
347 : struct tevent_context *event_ctx)
348 : {
349 34 : struct nbt_name_socket *nbtsock;
350 34 : NTSTATUS status;
351 :
352 9655 : nbtsock = talloc(mem_ctx, struct nbt_name_socket);
353 9655 : if (nbtsock == NULL) goto failed;
354 :
355 9655 : nbtsock->event_ctx = event_ctx;
356 9655 : if (nbtsock->event_ctx == NULL) goto failed;
357 :
358 9655 : status = socket_create(nbtsock, "ip", SOCKET_TYPE_DGRAM,
359 : &nbtsock->sock, 0);
360 9655 : if (!NT_STATUS_IS_OK(status)) goto failed;
361 :
362 9655 : socket_set_option(nbtsock->sock, "SO_BROADCAST", "1");
363 :
364 9655 : nbtsock->idr = idr_init(nbtsock);
365 9655 : if (nbtsock->idr == NULL) goto failed;
366 :
367 9655 : nbtsock->send_queue = NULL;
368 9655 : nbtsock->num_pending = 0;
369 9655 : nbtsock->incoming.handler = NULL;
370 9655 : nbtsock->unexpected.handler = NULL;
371 :
372 9655 : nbtsock->fde = tevent_add_fd(nbtsock->event_ctx, nbtsock,
373 : socket_get_fd(nbtsock->sock), 0,
374 : nbt_name_socket_handler, nbtsock);
375 :
376 9655 : return nbtsock;
377 :
378 0 : failed:
379 0 : talloc_free(nbtsock);
380 0 : return NULL;
381 : }
382 :
383 : /*
384 : send off a nbt name request
385 : */
386 11279 : struct nbt_name_request *nbt_name_request_send(TALLOC_CTX *mem_ctx,
387 : struct nbt_name_socket *nbtsock,
388 : struct socket_address *dest,
389 : struct nbt_name_packet *request,
390 : int timeout, int retries,
391 : bool allow_multiple_replies)
392 : {
393 65 : struct nbt_name_request *req;
394 65 : int id;
395 65 : enum ndr_err_code ndr_err;
396 :
397 11279 : req = talloc_zero(mem_ctx, struct nbt_name_request);
398 11279 : if (req == NULL) goto failed;
399 :
400 11279 : req->nbtsock = nbtsock;
401 11279 : req->allow_multiple_replies = allow_multiple_replies;
402 11279 : req->state = NBT_REQUEST_SEND;
403 11279 : req->is_reply = false;
404 11279 : req->timeout = timeout;
405 11279 : req->num_retries = retries;
406 11279 : req->dest = socket_address_copy(req, dest);
407 11279 : if (req->dest == NULL) goto failed;
408 :
409 : /* we select a random transaction id unless the user supplied one */
410 11279 : if (request->name_trn_id == 0) {
411 11279 : id = idr_get_new_random(
412 11279 : req->nbtsock->idr, req, 1, UINT16_MAX);
413 : } else {
414 0 : if (idr_find(req->nbtsock->idr, request->name_trn_id)) goto failed;
415 0 : id = idr_get_new_above(req->nbtsock->idr, req, request->name_trn_id,
416 : UINT16_MAX);
417 : }
418 11279 : if (id == -1) goto failed;
419 :
420 11279 : request->name_trn_id = id;
421 11279 : req->name_trn_id = id;
422 :
423 11279 : req->te = tevent_add_timer(nbtsock->event_ctx, req,
424 : timeval_current_ofs(req->timeout, 0),
425 : nbt_name_socket_timeout, req);
426 :
427 11279 : talloc_set_destructor(req, nbt_name_request_destructor);
428 :
429 11279 : ndr_err = ndr_push_struct_blob(&req->encoded, req,
430 : request,
431 : (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
432 11279 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
433 :
434 11279 : DLIST_ADD_END(nbtsock->send_queue, req);
435 :
436 11279 : if (DEBUGLVL(10)) {
437 0 : DEBUG(10,("Queueing nbt packet to %s:%d\n",
438 : req->dest->addr, req->dest->port));
439 0 : NDR_PRINT_DEBUG(nbt_name_packet, request);
440 : }
441 :
442 11279 : TEVENT_FD_WRITEABLE(nbtsock->fde);
443 :
444 11279 : return req;
445 :
446 0 : failed:
447 0 : talloc_free(req);
448 0 : return NULL;
449 : }
450 :
451 :
452 : /*
453 : send off a nbt name reply
454 : */
455 1669 : _PUBLIC_ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
456 : struct socket_address *dest,
457 : struct nbt_name_packet *request)
458 : {
459 25 : struct nbt_name_request *req;
460 25 : enum ndr_err_code ndr_err;
461 :
462 1669 : req = talloc_zero(nbtsock, struct nbt_name_request);
463 1669 : NT_STATUS_HAVE_NO_MEMORY(req);
464 :
465 1669 : req->nbtsock = nbtsock;
466 1669 : req->dest = socket_address_copy(req, dest);
467 1669 : if (req->dest == NULL) goto failed;
468 1669 : req->state = NBT_REQUEST_SEND;
469 1669 : req->is_reply = true;
470 :
471 1669 : talloc_set_destructor(req, nbt_name_request_destructor);
472 :
473 1669 : if (DEBUGLVL(10)) {
474 0 : NDR_PRINT_DEBUG(nbt_name_packet, request);
475 : }
476 :
477 1669 : ndr_err = ndr_push_struct_blob(&req->encoded, req,
478 : request,
479 : (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
480 1669 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
481 4 : talloc_free(req);
482 4 : return ndr_map_error2ntstatus(ndr_err);
483 : }
484 :
485 1665 : DLIST_ADD_END(nbtsock->send_queue, req);
486 :
487 1665 : TEVENT_FD_WRITEABLE(nbtsock->fde);
488 :
489 1665 : return NT_STATUS_OK;
490 :
491 0 : failed:
492 0 : talloc_free(req);
493 0 : return NT_STATUS_NO_MEMORY;
494 : }
495 :
496 : /*
497 : wait for a nbt request to complete
498 : */
499 11194 : NTSTATUS nbt_name_request_recv(struct nbt_name_request *req)
500 : {
501 11194 : if (!req) return NT_STATUS_NO_MEMORY;
502 :
503 14113 : while (req->state < NBT_REQUEST_DONE) {
504 2919 : if (tevent_loop_once(req->nbtsock->event_ctx) != 0) {
505 0 : req->state = NBT_REQUEST_ERROR;
506 0 : req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
507 0 : break;
508 : }
509 : }
510 11194 : return req->status;
511 : }
512 :
513 :
514 : /*
515 : setup a handler for incoming requests
516 : */
517 551 : _PUBLIC_ NTSTATUS nbt_set_incoming_handler(struct nbt_name_socket *nbtsock,
518 : void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
519 : struct socket_address *),
520 : void *private_data)
521 : {
522 551 : nbtsock->incoming.handler = handler;
523 551 : nbtsock->incoming.private_data = private_data;
524 551 : TEVENT_FD_READABLE(nbtsock->fde);
525 551 : return NT_STATUS_OK;
526 : }
527 :
528 : /*
529 : setup a handler for unexpected requests
530 : */
531 130 : NTSTATUS nbt_set_unexpected_handler(struct nbt_name_socket *nbtsock,
532 : void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
533 : struct socket_address *),
534 : void *private_data)
535 : {
536 130 : nbtsock->unexpected.handler = handler;
537 130 : nbtsock->unexpected.private_data = private_data;
538 130 : TEVENT_FD_READABLE(nbtsock->fde);
539 130 : return NT_STATUS_OK;
540 : }
541 :
542 : /*
543 : turn a NBT rcode into a NTSTATUS
544 : */
545 30 : _PUBLIC_ NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode)
546 : {
547 0 : size_t i;
548 0 : struct {
549 : enum nbt_rcode rcode;
550 : NTSTATUS status;
551 30 : } map[] = {
552 : { NBT_RCODE_FMT, NT_STATUS_INVALID_PARAMETER },
553 : { NBT_RCODE_SVR, NT_STATUS_SERVER_DISABLED },
554 : { NBT_RCODE_NAM, NT_STATUS_OBJECT_NAME_NOT_FOUND },
555 : { NBT_RCODE_IMP, NT_STATUS_NOT_SUPPORTED },
556 : { NBT_RCODE_RFS, NT_STATUS_ACCESS_DENIED },
557 : { NBT_RCODE_ACT, NT_STATUS_ADDRESS_ALREADY_EXISTS },
558 : { NBT_RCODE_CFT, NT_STATUS_CONFLICTING_ADDRESSES }
559 : };
560 90 : for (i=0;i<ARRAY_SIZE(map);i++) {
561 90 : if (map[i].rcode == rcode) {
562 30 : return map[i].status;
563 : }
564 : }
565 0 : return NT_STATUS_UNSUCCESSFUL;
566 : }
|
