smbd: Fix coredump on failing chdir during logoff
[Samba.git] / libcli / nbt / nbtsocket.c
blobdacacae9f50ec0ac53c99539ff1155117db2fbd0
1 /*
2 Unix SMB/CIFS implementation.
4 low level socket handling for nbt requests
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "includes.h"
23 #include "lib/events/events.h"
24 #include "../lib/util/dlinklist.h"
25 #include "../libcli/nbt/libnbt.h"
26 #include "../libcli/nbt/nbt_proto.h"
27 #include "lib/socket/socket.h"
28 #include "librpc/gen_ndr/ndr_nbt.h"
29 #include "param/param.h"
31 #define NBT_MAX_REPLIES 1000
34 destroy a pending request
36 static int nbt_name_request_destructor(struct nbt_name_request *req)
38 if (req->state == NBT_REQUEST_SEND) {
39 DLIST_REMOVE(req->nbtsock->send_queue, req);
41 if (req->state == NBT_REQUEST_WAIT) {
42 req->nbtsock->num_pending--;
44 if (req->name_trn_id != 0 && !req->is_reply) {
45 idr_remove(req->nbtsock->idr, req->name_trn_id);
46 req->name_trn_id = 0;
48 if (req->te) {
49 talloc_free(req->te);
50 req->te = NULL;
52 if (req->nbtsock->send_queue == NULL) {
53 TEVENT_FD_NOT_WRITEABLE(req->nbtsock->fde);
55 if (req->nbtsock->num_pending == 0 &&
56 req->nbtsock->incoming.handler == NULL) {
57 TEVENT_FD_NOT_READABLE(req->nbtsock->fde);
59 return 0;
64 handle send events on a nbt name socket
66 static void nbt_name_socket_send(struct nbt_name_socket *nbtsock)
68 struct nbt_name_request *req = nbtsock->send_queue;
69 TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
70 NTSTATUS status;
72 while ((req = nbtsock->send_queue)) {
73 size_t len;
75 len = req->encoded.length;
76 status = socket_sendto(nbtsock->sock, &req->encoded, &len,
77 req->dest);
78 if (NT_STATUS_IS_ERR(status)) goto failed;
80 if (!NT_STATUS_IS_OK(status)) {
81 talloc_free(tmp_ctx);
82 return;
85 DLIST_REMOVE(nbtsock->send_queue, req);
86 req->state = NBT_REQUEST_WAIT;
87 if (req->is_reply) {
88 talloc_free(req);
89 } else {
90 TEVENT_FD_READABLE(nbtsock->fde);
91 nbtsock->num_pending++;
95 TEVENT_FD_NOT_WRITEABLE(nbtsock->fde);
96 talloc_free(tmp_ctx);
97 return;
99 failed:
100 DLIST_REMOVE(nbtsock->send_queue, req);
101 nbt_name_request_destructor(req);
102 req->status = status;
103 req->state = NBT_REQUEST_ERROR;
104 talloc_free(tmp_ctx);
105 if (req->async.fn) {
106 req->async.fn(req);
107 } else if (req->is_reply) {
108 talloc_free(req);
110 return;
115 handle a request timeout
117 static void nbt_name_socket_timeout(struct tevent_context *ev, struct tevent_timer *te,
118 struct timeval t, void *private_data)
120 struct nbt_name_request *req = talloc_get_type(private_data,
121 struct nbt_name_request);
123 if (req->num_retries != 0) {
124 req->num_retries--;
125 req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
126 timeval_add(&t, req->timeout, 0),
127 nbt_name_socket_timeout, req);
128 if (req->state != NBT_REQUEST_SEND) {
129 req->state = NBT_REQUEST_SEND;
130 DLIST_ADD_END(req->nbtsock->send_queue, req);
132 TEVENT_FD_WRITEABLE(req->nbtsock->fde);
133 return;
136 nbt_name_request_destructor(req);
137 if (req->num_replies == 0) {
138 req->state = NBT_REQUEST_TIMEOUT;
139 req->status = NT_STATUS_IO_TIMEOUT;
140 } else {
141 req->state = NBT_REQUEST_DONE;
142 req->status = NT_STATUS_OK;
144 if (req->async.fn) {
145 req->async.fn(req);
146 } else if (req->is_reply) {
147 talloc_free(req);
154 handle recv events on a nbt name socket
156 static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
158 TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
159 NTSTATUS status;
160 enum ndr_err_code ndr_err;
161 struct socket_address *src;
162 DATA_BLOB blob;
163 size_t nread, dsize;
164 struct nbt_name_packet *packet;
165 struct nbt_name_request *req;
167 status = socket_pending(nbtsock->sock, &dsize);
168 if (!NT_STATUS_IS_OK(status)) {
169 talloc_free(tmp_ctx);
170 return;
173 blob = data_blob_talloc(tmp_ctx, NULL, dsize);
174 if (blob.data == NULL) {
175 talloc_free(tmp_ctx);
176 return;
179 status = socket_recvfrom(nbtsock->sock, blob.data, blob.length, &nread,
180 tmp_ctx, &src);
181 if (!NT_STATUS_IS_OK(status)) {
182 talloc_free(tmp_ctx);
183 return;
186 packet = talloc(tmp_ctx, struct nbt_name_packet);
187 if (packet == NULL) {
188 talloc_free(tmp_ctx);
189 return;
192 /* parse the request */
193 ndr_err = ndr_pull_struct_blob(&blob, packet, packet,
194 (ndr_pull_flags_fn_t)ndr_pull_nbt_name_packet);
195 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
196 status = ndr_map_error2ntstatus(ndr_err);
197 DEBUG(2,("Failed to parse incoming NBT name packet - %s\n",
198 nt_errstr(status)));
199 talloc_free(tmp_ctx);
200 return;
203 if (DEBUGLVL(10)) {
204 DEBUG(10,("Received nbt packet of length %d from %s:%d\n",
205 (int)blob.length, src->addr, src->port));
206 NDR_PRINT_DEBUG(nbt_name_packet, packet);
209 /* if its not a reply then pass it off to the incoming request
210 handler, if any */
211 if (!(packet->operation & NBT_FLAG_REPLY)) {
212 if (nbtsock->incoming.handler) {
213 nbtsock->incoming.handler(nbtsock, packet, src);
215 talloc_free(tmp_ctx);
216 return;
219 /* find the matching request */
220 req = (struct nbt_name_request *)idr_find(nbtsock->idr,
221 packet->name_trn_id);
222 if (req == NULL) {
223 if (nbtsock->unexpected.handler) {
224 nbtsock->unexpected.handler(nbtsock, packet, src);
225 } else {
226 DEBUG(10,("Failed to match request for incoming name packet id 0x%04x on %p\n",
227 packet->name_trn_id, nbtsock));
229 talloc_free(tmp_ctx);
230 return;
233 talloc_steal(req, packet);
234 talloc_steal(req, src);
235 talloc_free(tmp_ctx);
236 nbt_name_socket_handle_response_packet(req, packet, src);
239 void nbt_name_socket_handle_response_packet(struct nbt_name_request *req,
240 struct nbt_name_packet *packet,
241 struct socket_address *src)
243 /* if this is a WACK response, this we need to go back to waiting,
244 but perhaps increase the timeout */
245 if ((packet->operation & NBT_OPCODE) == NBT_OPCODE_WACK) {
246 uint32_t ttl;
247 if (req->received_wack || packet->ancount < 1) {
248 nbt_name_request_destructor(req);
249 req->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
250 req->state = NBT_REQUEST_ERROR;
251 goto done;
253 talloc_free(req->te);
254 /* we know we won't need any more retries - the server
255 has received our request */
256 req->num_retries = 0;
257 req->received_wack = true;
259 * there is a timeout in the packet,
260 * it is 5 + 4 * num_old_addresses
262 * although w2k3 screws it up
263 * and uses num_old_addresses = 0
265 * so we better fallback to the maximum
266 * of num_old_addresses = 25 if we got
267 * a timeout of less than 9s (5 + 4*1)
268 * or more than 105s (5 + 4*25).
270 ttl = packet->answers[0].ttl;
271 if ((ttl < (5 + 4*1)) || (ttl > (5 + 4*25))) {
272 ttl = 5 + 4*25;
274 req->timeout = ttl;
275 req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
276 timeval_current_ofs(req->timeout, 0),
277 nbt_name_socket_timeout, req);
278 return;
282 req->replies = talloc_realloc(req, req->replies, struct nbt_name_reply, req->num_replies+1);
283 if (req->replies == NULL) {
284 nbt_name_request_destructor(req);
285 req->state = NBT_REQUEST_ERROR;
286 req->status = NT_STATUS_NO_MEMORY;
287 goto done;
290 talloc_steal(req, src);
291 req->replies[req->num_replies].dest = src;
292 talloc_steal(req, packet);
293 req->replies[req->num_replies].packet = packet;
294 req->num_replies++;
296 /* if we don't want multiple replies then we are done */
297 if (req->allow_multiple_replies &&
298 req->num_replies < NBT_MAX_REPLIES) {
299 return;
302 nbt_name_request_destructor(req);
303 req->state = NBT_REQUEST_DONE;
304 req->status = NT_STATUS_OK;
306 done:
307 if (req->async.fn) {
308 req->async.fn(req);
313 handle fd events on a nbt_name_socket
315 static void nbt_name_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
316 uint16_t flags, void *private_data)
318 struct nbt_name_socket *nbtsock = talloc_get_type(private_data,
319 struct nbt_name_socket);
320 if (flags & TEVENT_FD_WRITE) {
321 nbt_name_socket_send(nbtsock);
323 if (flags & TEVENT_FD_READ) {
324 nbt_name_socket_recv(nbtsock);
330 initialise a nbt_name_socket. The event_ctx is optional, if provided
331 then operations will use that event context
333 _PUBLIC_ struct nbt_name_socket *nbt_name_socket_init(TALLOC_CTX *mem_ctx,
334 struct tevent_context *event_ctx)
336 struct nbt_name_socket *nbtsock;
337 NTSTATUS status;
339 nbtsock = talloc(mem_ctx, struct nbt_name_socket);
340 if (nbtsock == NULL) goto failed;
342 nbtsock->event_ctx = event_ctx;
343 if (nbtsock->event_ctx == NULL) goto failed;
345 status = socket_create("ip", SOCKET_TYPE_DGRAM, &nbtsock->sock, 0);
346 if (!NT_STATUS_IS_OK(status)) goto failed;
348 socket_set_option(nbtsock->sock, "SO_BROADCAST", "1");
350 talloc_steal(nbtsock, nbtsock->sock);
352 nbtsock->idr = idr_init(nbtsock);
353 if (nbtsock->idr == NULL) goto failed;
355 nbtsock->send_queue = NULL;
356 nbtsock->num_pending = 0;
357 nbtsock->incoming.handler = NULL;
358 nbtsock->unexpected.handler = NULL;
360 nbtsock->fde = tevent_add_fd(nbtsock->event_ctx, nbtsock,
361 socket_get_fd(nbtsock->sock), 0,
362 nbt_name_socket_handler, nbtsock);
364 return nbtsock;
366 failed:
367 talloc_free(nbtsock);
368 return NULL;
372 send off a nbt name request
374 struct nbt_name_request *nbt_name_request_send(struct nbt_name_socket *nbtsock,
375 struct socket_address *dest,
376 struct nbt_name_packet *request,
377 int timeout, int retries,
378 bool allow_multiple_replies)
380 struct nbt_name_request *req;
381 int id;
382 enum ndr_err_code ndr_err;
384 req = talloc_zero(nbtsock, struct nbt_name_request);
385 if (req == NULL) goto failed;
387 req->nbtsock = nbtsock;
388 req->allow_multiple_replies = allow_multiple_replies;
389 req->state = NBT_REQUEST_SEND;
390 req->is_reply = false;
391 req->timeout = timeout;
392 req->num_retries = retries;
393 req->dest = dest;
394 if (talloc_reference(req, dest) == NULL) goto failed;
396 /* we select a random transaction id unless the user supplied one */
397 if (request->name_trn_id == 0) {
398 id = idr_get_new_random(req->nbtsock->idr, req, UINT16_MAX);
399 } else {
400 if (idr_find(req->nbtsock->idr, request->name_trn_id)) goto failed;
401 id = idr_get_new_above(req->nbtsock->idr, req, request->name_trn_id,
402 UINT16_MAX);
404 if (id == -1) goto failed;
406 request->name_trn_id = id;
407 req->name_trn_id = id;
409 req->te = tevent_add_timer(nbtsock->event_ctx, req,
410 timeval_current_ofs(req->timeout, 0),
411 nbt_name_socket_timeout, req);
413 talloc_set_destructor(req, nbt_name_request_destructor);
415 ndr_err = ndr_push_struct_blob(&req->encoded, req,
416 request,
417 (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
418 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
420 DLIST_ADD_END(nbtsock->send_queue, req);
422 if (DEBUGLVL(10)) {
423 DEBUG(10,("Queueing nbt packet to %s:%d\n",
424 req->dest->addr, req->dest->port));
425 NDR_PRINT_DEBUG(nbt_name_packet, request);
428 TEVENT_FD_WRITEABLE(nbtsock->fde);
430 return req;
432 failed:
433 talloc_free(req);
434 return NULL;
439 send off a nbt name reply
441 _PUBLIC_ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
442 struct socket_address *dest,
443 struct nbt_name_packet *request)
445 struct nbt_name_request *req;
446 enum ndr_err_code ndr_err;
448 req = talloc_zero(nbtsock, struct nbt_name_request);
449 NT_STATUS_HAVE_NO_MEMORY(req);
451 req->nbtsock = nbtsock;
452 req->dest = dest;
453 if (talloc_reference(req, dest) == NULL) goto failed;
454 req->state = NBT_REQUEST_SEND;
455 req->is_reply = true;
457 talloc_set_destructor(req, nbt_name_request_destructor);
459 if (DEBUGLVL(10)) {
460 NDR_PRINT_DEBUG(nbt_name_packet, request);
463 ndr_err = ndr_push_struct_blob(&req->encoded, req,
464 request,
465 (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
466 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
467 talloc_free(req);
468 return ndr_map_error2ntstatus(ndr_err);
471 DLIST_ADD_END(nbtsock->send_queue, req);
473 TEVENT_FD_WRITEABLE(nbtsock->fde);
475 return NT_STATUS_OK;
477 failed:
478 talloc_free(req);
479 return NT_STATUS_NO_MEMORY;
483 wait for a nbt request to complete
485 NTSTATUS nbt_name_request_recv(struct nbt_name_request *req)
487 if (!req) return NT_STATUS_NO_MEMORY;
489 while (req->state < NBT_REQUEST_DONE) {
490 if (tevent_loop_once(req->nbtsock->event_ctx) != 0) {
491 req->state = NBT_REQUEST_ERROR;
492 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
493 break;
496 return req->status;
501 setup a handler for incoming requests
503 _PUBLIC_ NTSTATUS nbt_set_incoming_handler(struct nbt_name_socket *nbtsock,
504 void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
505 struct socket_address *),
506 void *private_data)
508 nbtsock->incoming.handler = handler;
509 nbtsock->incoming.private_data = private_data;
510 TEVENT_FD_READABLE(nbtsock->fde);
511 return NT_STATUS_OK;
515 setup a handler for unexpected requests
517 NTSTATUS nbt_set_unexpected_handler(struct nbt_name_socket *nbtsock,
518 void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
519 struct socket_address *),
520 void *private_data)
522 nbtsock->unexpected.handler = handler;
523 nbtsock->unexpected.private_data = private_data;
524 TEVENT_FD_READABLE(nbtsock->fde);
525 return NT_STATUS_OK;
529 turn a NBT rcode into a NTSTATUS
531 _PUBLIC_ NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode)
533 int i;
534 struct {
535 enum nbt_rcode rcode;
536 NTSTATUS status;
537 } map[] = {
538 { NBT_RCODE_FMT, NT_STATUS_INVALID_PARAMETER },
539 { NBT_RCODE_SVR, NT_STATUS_SERVER_DISABLED },
540 { NBT_RCODE_NAM, NT_STATUS_OBJECT_NAME_NOT_FOUND },
541 { NBT_RCODE_IMP, NT_STATUS_NOT_SUPPORTED },
542 { NBT_RCODE_RFS, NT_STATUS_ACCESS_DENIED },
543 { NBT_RCODE_ACT, NT_STATUS_ADDRESS_ALREADY_EXISTS },
544 { NBT_RCODE_CFT, NT_STATUS_CONFLICTING_ADDRESSES }
546 for (i=0;i<ARRAY_SIZE(map);i++) {
547 if (map[i].rcode == rcode) {
548 return map[i].status;
551 return NT_STATUS_UNSUCCESSFUL;