summaryrefslogtreecommitdiffstats
path: root/libcli/nbt/nbtsocket.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--libcli/nbt/nbtsocket.c564
1 files changed, 564 insertions, 0 deletions
diff --git a/libcli/nbt/nbtsocket.c b/libcli/nbt/nbtsocket.c
new file mode 100644
index 0000000..97b0ca3
--- /dev/null
+++ b/libcli/nbt/nbtsocket.c
@@ -0,0 +1,564 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ low level socket handling for nbt requests
+
+ Copyright (C) Andrew Tridgell 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "../libcli/nbt/libnbt.h"
+#include "../libcli/nbt/nbt_proto.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+#define NBT_MAX_REPLIES 1000
+
+/*
+ destroy a pending request
+*/
+static int nbt_name_request_destructor(struct nbt_name_request *req)
+{
+ if (req->state == NBT_REQUEST_SEND) {
+ DLIST_REMOVE(req->nbtsock->send_queue, req);
+ }
+ if (req->state == NBT_REQUEST_WAIT) {
+ req->nbtsock->num_pending--;
+ }
+ if (req->name_trn_id != 0 && !req->is_reply) {
+ idr_remove(req->nbtsock->idr, req->name_trn_id);
+ req->name_trn_id = 0;
+ }
+ TALLOC_FREE(req->te);
+ if (req->nbtsock->send_queue == NULL) {
+ TEVENT_FD_NOT_WRITEABLE(req->nbtsock->fde);
+ }
+ if (req->nbtsock->num_pending == 0 &&
+ req->nbtsock->incoming.handler == NULL) {
+ TEVENT_FD_NOT_READABLE(req->nbtsock->fde);
+ }
+ return 0;
+}
+
+
+/*
+ handle send events on a nbt name socket
+*/
+static void nbt_name_socket_send(struct nbt_name_socket *nbtsock)
+{
+ struct nbt_name_request *req;
+ TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
+ NTSTATUS status;
+
+ while ((req = nbtsock->send_queue)) {
+ size_t len;
+
+ len = req->encoded.length;
+ status = socket_sendto(nbtsock->sock, &req->encoded, &len,
+ req->dest);
+ if (NT_STATUS_IS_ERR(status)) goto failed;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ DLIST_REMOVE(nbtsock->send_queue, req);
+ req->state = NBT_REQUEST_WAIT;
+ if (req->is_reply) {
+ talloc_free(req);
+ } else {
+ TEVENT_FD_READABLE(nbtsock->fde);
+ nbtsock->num_pending++;
+ }
+ }
+
+ TEVENT_FD_NOT_WRITEABLE(nbtsock->fde);
+ talloc_free(tmp_ctx);
+ return;
+
+failed:
+ DLIST_REMOVE(nbtsock->send_queue, req);
+ nbt_name_request_destructor(req);
+ req->status = status;
+ req->state = NBT_REQUEST_ERROR;
+ talloc_free(tmp_ctx);
+ if (req->async.fn) {
+ req->async.fn(req);
+ } else if (req->is_reply) {
+ talloc_free(req);
+ }
+ return;
+}
+
+
+/*
+ handle a request timeout
+*/
+static void nbt_name_socket_timeout(struct tevent_context *ev, struct tevent_timer *te,
+ struct timeval t, void *private_data)
+{
+ struct nbt_name_request *req = talloc_get_type(private_data,
+ struct nbt_name_request);
+
+ if (req->num_retries != 0) {
+ req->num_retries--;
+ req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
+ timeval_add(&t, req->timeout, 0),
+ nbt_name_socket_timeout, req);
+ if (req->state != NBT_REQUEST_SEND) {
+ req->state = NBT_REQUEST_SEND;
+ DLIST_ADD_END(req->nbtsock->send_queue, req);
+ }
+ TEVENT_FD_WRITEABLE(req->nbtsock->fde);
+ return;
+ }
+
+ nbt_name_request_destructor(req);
+ if (req->num_replies == 0) {
+ req->state = NBT_REQUEST_TIMEOUT;
+ req->status = NT_STATUS_IO_TIMEOUT;
+ } else {
+ req->state = NBT_REQUEST_DONE;
+ req->status = NT_STATUS_OK;
+ }
+ if (req->async.fn) {
+ req->async.fn(req);
+ } else if (req->is_reply) {
+ talloc_free(req);
+ }
+}
+
+
+
+/**
+ handle recv events on a nbt name socket
+*/
+static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
+ NTSTATUS status;
+ enum ndr_err_code ndr_err;
+ struct socket_address *src;
+ DATA_BLOB blob;
+ size_t nread, dsize;
+ struct nbt_name_packet *packet;
+ struct nbt_name_request *req;
+
+ status = socket_pending(nbtsock->sock, &dsize);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ /*
+ * Given a zero length, data_blob_talloc() returns the
+ * NULL blob {NULL, 0}.
+ *
+ * We only want to error return here on a real out of memory condition
+ * (i.e. dsize != 0, so the UDP packet has data, but the return of the
+ * allocation failed, so blob.data==NULL).
+ *
+ * Given an actual zero length UDP packet having blob.data == NULL
+ * isn't an out of memory error condition, that's the defined semantics
+ * of data_blob_talloc() when asked for zero bytes.
+ *
+ * We still need to continue to do the zero-length socket_recvfrom()
+ * read in order to clear the "read pending" condition on the socket.
+ */
+ blob = data_blob_talloc(tmp_ctx, NULL, dsize);
+ if (blob.data == NULL && dsize != 0) {
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ status = socket_recvfrom(nbtsock->sock, blob.data, blob.length, &nread,
+ tmp_ctx, &src);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ packet = talloc(tmp_ctx, struct nbt_name_packet);
+ if (packet == NULL) {
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ /* parse the request */
+ ndr_err = ndr_pull_struct_blob(&blob, packet, packet,
+ (ndr_pull_flags_fn_t)ndr_pull_nbt_name_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ DEBUG(2,("Failed to parse incoming NBT name packet - %s\n",
+ nt_errstr(status)));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ if (DEBUGLVL(10)) {
+ DEBUG(10,("Received nbt packet of length %d from %s:%d\n",
+ (int)blob.length, src->addr, src->port));
+ NDR_PRINT_DEBUG(nbt_name_packet, packet);
+ }
+
+ /* if its not a reply then pass it off to the incoming request
+ handler, if any */
+ if (!(packet->operation & NBT_FLAG_REPLY)) {
+ if (nbtsock->incoming.handler) {
+ nbtsock->incoming.handler(nbtsock, packet, src);
+ }
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ /* find the matching request */
+ req = (struct nbt_name_request *)idr_find(nbtsock->idr,
+ packet->name_trn_id);
+ if (req == NULL) {
+ if (nbtsock->unexpected.handler) {
+ nbtsock->unexpected.handler(nbtsock, packet, src);
+ } else {
+ DEBUG(10,("Failed to match request for incoming name packet id 0x%04x on %p\n",
+ packet->name_trn_id, nbtsock));
+ }
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ talloc_steal(req, packet);
+ talloc_steal(req, src);
+ talloc_free(tmp_ctx);
+ nbt_name_socket_handle_response_packet(req, packet, src);
+}
+
+void nbt_name_socket_handle_response_packet(struct nbt_name_request *req,
+ struct nbt_name_packet *packet,
+ struct socket_address *src)
+{
+ /* if this is a WACK response, this we need to go back to waiting,
+ but perhaps increase the timeout */
+ if ((packet->operation & NBT_OPCODE) == NBT_OPCODE_WACK) {
+ uint32_t ttl;
+ if (req->received_wack || packet->ancount < 1) {
+ nbt_name_request_destructor(req);
+ req->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ req->state = NBT_REQUEST_ERROR;
+ goto done;
+ }
+ talloc_free(req->te);
+ /* we know we won't need any more retries - the server
+ has received our request */
+ req->num_retries = 0;
+ req->received_wack = true;
+ /*
+ * there is a timeout in the packet,
+ * it is 5 + 4 * num_old_addresses
+ *
+ * although w2k3 screws it up
+ * and uses num_old_addresses = 0
+ *
+ * so we better fallback to the maximum
+ * of num_old_addresses = 25 if we got
+ * a timeout of less than 9s (5 + 4*1)
+ * or more than 105s (5 + 4*25).
+ */
+ ttl = packet->answers[0].ttl;
+ if ((ttl < (5 + 4*1)) || (ttl > (5 + 4*25))) {
+ ttl = 5 + 4*25;
+ }
+ req->timeout = ttl;
+ req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
+ timeval_current_ofs(req->timeout, 0),
+ nbt_name_socket_timeout, req);
+ return;
+ }
+
+
+ req->replies = talloc_realloc(req, req->replies, struct nbt_name_reply, req->num_replies+1);
+ if (req->replies == NULL) {
+ nbt_name_request_destructor(req);
+ req->state = NBT_REQUEST_ERROR;
+ req->status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ talloc_steal(req, src);
+ req->replies[req->num_replies].dest = src;
+ talloc_steal(req, packet);
+ req->replies[req->num_replies].packet = packet;
+ req->num_replies++;
+
+ /* if we don't want multiple replies then we are done */
+ if (req->allow_multiple_replies &&
+ req->num_replies < NBT_MAX_REPLIES) {
+ return;
+ }
+
+ nbt_name_request_destructor(req);
+ req->state = NBT_REQUEST_DONE;
+ req->status = NT_STATUS_OK;
+
+done:
+ if (req->async.fn) {
+ req->async.fn(req);
+ }
+}
+
+/*
+ handle fd events on a nbt_name_socket
+*/
+static void nbt_name_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
+ uint16_t flags, void *private_data)
+{
+ struct nbt_name_socket *nbtsock = talloc_get_type(private_data,
+ struct nbt_name_socket);
+ if (flags & TEVENT_FD_WRITE) {
+ nbt_name_socket_send(nbtsock);
+ }
+ if (flags & TEVENT_FD_READ) {
+ nbt_name_socket_recv(nbtsock);
+ }
+}
+
+
+/*
+ initialise a nbt_name_socket. The event_ctx is optional, if provided
+ then operations will use that event context
+*/
+_PUBLIC_ struct nbt_name_socket *nbt_name_socket_init(TALLOC_CTX *mem_ctx,
+ struct tevent_context *event_ctx)
+{
+ struct nbt_name_socket *nbtsock;
+ NTSTATUS status;
+
+ nbtsock = talloc(mem_ctx, struct nbt_name_socket);
+ if (nbtsock == NULL) goto failed;
+
+ nbtsock->event_ctx = event_ctx;
+ if (nbtsock->event_ctx == NULL) goto failed;
+
+ status = socket_create(nbtsock, "ip", SOCKET_TYPE_DGRAM,
+ &nbtsock->sock, 0);
+ if (!NT_STATUS_IS_OK(status)) goto failed;
+
+ socket_set_option(nbtsock->sock, "SO_BROADCAST", "1");
+
+ nbtsock->idr = idr_init(nbtsock);
+ if (nbtsock->idr == NULL) goto failed;
+
+ nbtsock->send_queue = NULL;
+ nbtsock->num_pending = 0;
+ nbtsock->incoming.handler = NULL;
+ nbtsock->unexpected.handler = NULL;
+
+ nbtsock->fde = tevent_add_fd(nbtsock->event_ctx, nbtsock,
+ socket_get_fd(nbtsock->sock), 0,
+ nbt_name_socket_handler, nbtsock);
+
+ return nbtsock;
+
+failed:
+ talloc_free(nbtsock);
+ return NULL;
+}
+
+/*
+ send off a nbt name request
+*/
+struct nbt_name_request *nbt_name_request_send(TALLOC_CTX *mem_ctx,
+ struct nbt_name_socket *nbtsock,
+ struct socket_address *dest,
+ struct nbt_name_packet *request,
+ int timeout, int retries,
+ bool allow_multiple_replies)
+{
+ struct nbt_name_request *req;
+ int id;
+ enum ndr_err_code ndr_err;
+
+ req = talloc_zero(mem_ctx, struct nbt_name_request);
+ if (req == NULL) goto failed;
+
+ req->nbtsock = nbtsock;
+ req->allow_multiple_replies = allow_multiple_replies;
+ req->state = NBT_REQUEST_SEND;
+ req->is_reply = false;
+ req->timeout = timeout;
+ req->num_retries = retries;
+ req->dest = socket_address_copy(req, dest);
+ if (req->dest == NULL) goto failed;
+
+ /* we select a random transaction id unless the user supplied one */
+ if (request->name_trn_id == 0) {
+ id = idr_get_new_random(req->nbtsock->idr, req, UINT16_MAX);
+ } else {
+ if (idr_find(req->nbtsock->idr, request->name_trn_id)) goto failed;
+ id = idr_get_new_above(req->nbtsock->idr, req, request->name_trn_id,
+ UINT16_MAX);
+ }
+ if (id == -1) goto failed;
+
+ request->name_trn_id = id;
+ req->name_trn_id = id;
+
+ req->te = tevent_add_timer(nbtsock->event_ctx, req,
+ timeval_current_ofs(req->timeout, 0),
+ nbt_name_socket_timeout, req);
+
+ talloc_set_destructor(req, nbt_name_request_destructor);
+
+ ndr_err = ndr_push_struct_blob(&req->encoded, req,
+ request,
+ (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
+
+ DLIST_ADD_END(nbtsock->send_queue, req);
+
+ if (DEBUGLVL(10)) {
+ DEBUG(10,("Queueing nbt packet to %s:%d\n",
+ req->dest->addr, req->dest->port));
+ NDR_PRINT_DEBUG(nbt_name_packet, request);
+ }
+
+ TEVENT_FD_WRITEABLE(nbtsock->fde);
+
+ return req;
+
+failed:
+ talloc_free(req);
+ return NULL;
+}
+
+
+/*
+ send off a nbt name reply
+*/
+_PUBLIC_ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
+ struct socket_address *dest,
+ struct nbt_name_packet *request)
+{
+ struct nbt_name_request *req;
+ enum ndr_err_code ndr_err;
+
+ req = talloc_zero(nbtsock, struct nbt_name_request);
+ NT_STATUS_HAVE_NO_MEMORY(req);
+
+ req->nbtsock = nbtsock;
+ req->dest = socket_address_copy(req, dest);
+ if (req->dest == NULL) goto failed;
+ req->state = NBT_REQUEST_SEND;
+ req->is_reply = true;
+
+ talloc_set_destructor(req, nbt_name_request_destructor);
+
+ if (DEBUGLVL(10)) {
+ NDR_PRINT_DEBUG(nbt_name_packet, request);
+ }
+
+ ndr_err = ndr_push_struct_blob(&req->encoded, req,
+ request,
+ (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(req);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ DLIST_ADD_END(nbtsock->send_queue, req);
+
+ TEVENT_FD_WRITEABLE(nbtsock->fde);
+
+ return NT_STATUS_OK;
+
+failed:
+ talloc_free(req);
+ return NT_STATUS_NO_MEMORY;
+}
+
+/*
+ wait for a nbt request to complete
+*/
+NTSTATUS nbt_name_request_recv(struct nbt_name_request *req)
+{
+ if (!req) return NT_STATUS_NO_MEMORY;
+
+ while (req->state < NBT_REQUEST_DONE) {
+ if (tevent_loop_once(req->nbtsock->event_ctx) != 0) {
+ req->state = NBT_REQUEST_ERROR;
+ req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+ break;
+ }
+ }
+ return req->status;
+}
+
+
+/*
+ setup a handler for incoming requests
+*/
+_PUBLIC_ NTSTATUS nbt_set_incoming_handler(struct nbt_name_socket *nbtsock,
+ void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
+ struct socket_address *),
+ void *private_data)
+{
+ nbtsock->incoming.handler = handler;
+ nbtsock->incoming.private_data = private_data;
+ TEVENT_FD_READABLE(nbtsock->fde);
+ return NT_STATUS_OK;
+}
+
+/*
+ setup a handler for unexpected requests
+*/
+NTSTATUS nbt_set_unexpected_handler(struct nbt_name_socket *nbtsock,
+ void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
+ struct socket_address *),
+ void *private_data)
+{
+ nbtsock->unexpected.handler = handler;
+ nbtsock->unexpected.private_data = private_data;
+ TEVENT_FD_READABLE(nbtsock->fde);
+ return NT_STATUS_OK;
+}
+
+/*
+ turn a NBT rcode into a NTSTATUS
+*/
+_PUBLIC_ NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode)
+{
+ size_t i;
+ struct {
+ enum nbt_rcode rcode;
+ NTSTATUS status;
+ } map[] = {
+ { NBT_RCODE_FMT, NT_STATUS_INVALID_PARAMETER },
+ { NBT_RCODE_SVR, NT_STATUS_SERVER_DISABLED },
+ { NBT_RCODE_NAM, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+ { NBT_RCODE_IMP, NT_STATUS_NOT_SUPPORTED },
+ { NBT_RCODE_RFS, NT_STATUS_ACCESS_DENIED },
+ { NBT_RCODE_ACT, NT_STATUS_ADDRESS_ALREADY_EXISTS },
+ { NBT_RCODE_CFT, NT_STATUS_CONFLICTING_ADDRESSES }
+ };
+ for (i=0;i<ARRAY_SIZE(map);i++) {
+ if (map[i].rcode == rcode) {
+ return map[i].status;
+ }
+ }
+ return NT_STATUS_UNSUCCESSFUL;
+}