search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-dsdb: Initial implementation for Tombstone reanimation module
[Samba.git] / source3 / libsmb / unexpected.c
blobee1c3601caea023a03175c65509f7714e00d8cb3
1 /*
2 Unix SMB/CIFS implementation.
3 handle unexpected packets
4 Copyright (C) Andrew Tridgell 2000
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19 */
20
21 #include "includes.h"
22 #include "../lib/util/tevent_ntstatus.h"
23 #include "lib/async_req/async_sock.h"
24 #include "libsmb/nmblib.h"
25 #include "lib/sys_rw.h"
26
27 static const char *nmbd_socket_dir(void)
28 {
29 return lp_parm_const_string(-1, "nmbd", "socket dir",
30 get_dyn_NMBDSOCKETDIR());
31 }
32
33 struct nb_packet_query {
34 enum packet_type type;
35 size_t mailslot_namelen;
36 int trn_id;
37 };
38
39 struct nb_packet_client;
40
41 struct nb_packet_server {
42 struct tevent_context *ev;
43 int listen_sock;
44 int max_clients;
45 int num_clients;
46 struct nb_packet_client *clients;
47 };
48
49 struct nb_packet_client {
50 struct nb_packet_client *prev, *next;
51 struct nb_packet_server *server;
52
53 enum packet_type type;
54 int trn_id;
55 char *mailslot_name;
56
57 int sock;
58 struct tevent_req *read_req;
59 struct tevent_queue *out_queue;
60 };
61
62 static int nb_packet_server_destructor(struct nb_packet_server *s);
63 static void nb_packet_server_listener(struct tevent_context *ev,
64 struct tevent_fd *fde,
65 uint16_t flags,
66 void *private_data);
67
68 NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
69 struct tevent_context *ev,
70 int max_clients,
71 struct nb_packet_server **presult)
72 {
73 struct nb_packet_server *result;
74 struct tevent_fd *fde;
75 NTSTATUS status;
76 int rc;
77
78 result = talloc_zero(mem_ctx, struct nb_packet_server);
79 if (result == NULL) {
80 status = NT_STATUS_NO_MEMORY;
81 goto fail;
82 }
83 result->ev = ev;
84 result->max_clients = max_clients;
85
86 result->listen_sock = create_pipe_sock(
87 nmbd_socket_dir(), "unexpected", 0755);
88 if (result->listen_sock == -1) {
89 status = map_nt_error_from_unix(errno);
90 goto fail;
91 }
92 rc = listen(result->listen_sock, 5);
93 if (rc < 0) {
94 status = map_nt_error_from_unix(errno);
95 goto fail;
96 }
97 talloc_set_destructor(result, nb_packet_server_destructor);
98
99 fde = tevent_add_fd(ev, result, result->listen_sock, TEVENT_FD_READ,
100 nb_packet_server_listener, result);
101 if (fde == NULL) {
102 status = NT_STATUS_NO_MEMORY;
103 goto fail;
104 }
105
106 *presult = result;
107 return NT_STATUS_OK;
108 fail:
109 TALLOC_FREE(result);
110 return status;
111 }
112
113 static int nb_packet_server_destructor(struct nb_packet_server *s)
114 {
115 if (s->listen_sock != -1) {
116 close(s->listen_sock);
117 s->listen_sock = -1;
118 }
119 return 0;
120 }
121
122 static int nb_packet_client_destructor(struct nb_packet_client *c);
123 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
124 void *private_data);
125 static void nb_packet_got_query(struct tevent_req *req);
126 static void nb_packet_client_read_done(struct tevent_req *req);
127
128 static void nb_packet_server_listener(struct tevent_context *ev,
129 struct tevent_fd *fde,
130 uint16_t flags,
131 void *private_data)
132 {
133 struct nb_packet_server *server = talloc_get_type_abort(
134 private_data, struct nb_packet_server);
135 struct nb_packet_client *client;
136 struct tevent_req *req;
137 struct sockaddr_un sunaddr;
138 socklen_t len;
139 int sock;
140
141 len = sizeof(sunaddr);
142
143 sock = accept(server->listen_sock, (struct sockaddr *)(void *)&sunaddr,
144 &len);
145 if (sock == -1) {
146 return;
147 }
148 DEBUG(6,("accepted socket %d\n", sock));
149
150 client = talloc_zero(server, struct nb_packet_client);
151 if (client == NULL) {
152 DEBUG(10, ("talloc failed\n"));
153 close(sock);
154 return;
155 }
156 client->sock = sock;
157 client->server = server;
158 talloc_set_destructor(client, nb_packet_client_destructor);
159
160 client->out_queue = tevent_queue_create(
161 client, "unexpected packet output");
162 if (client->out_queue == NULL) {
163 DEBUG(10, ("tevent_queue_create failed\n"));
164 TALLOC_FREE(client);
165 return;
166 }
167
168 req = read_packet_send(client, ev, client->sock,
169 sizeof(struct nb_packet_query),
170 nb_packet_client_more, NULL);
171 if (req == NULL) {
172 DEBUG(10, ("read_packet_send failed\n"));
173 TALLOC_FREE(client);
174 return;
175 }
176 tevent_req_set_callback(req, nb_packet_got_query, client);
177
178 DLIST_ADD(server->clients, client);
179 server->num_clients += 1;
180
181 if (server->num_clients > server->max_clients) {
182 DEBUG(10, ("Too many clients, dropping oldest\n"));
183
184 /*
185 * no TALLOC_FREE here, don't mess with the list structs
186 */
187 talloc_free(server->clients->prev);
188 }
189 }
190
191 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
192 void *private_data)
193 {
194 struct nb_packet_query q;
195 if (buflen > sizeof(struct nb_packet_query)) {
196 return 0;
197 }
198 /* Take care of alignment */
199 memcpy(&q, buf, sizeof(q));
200 if (q.mailslot_namelen > 1024) {
201 DEBUG(10, ("Got invalid mailslot namelen %d\n",
202 (int)q.mailslot_namelen));
203 return -1;
204 }
205 return q.mailslot_namelen;
206 }
207
208 static int nb_packet_client_destructor(struct nb_packet_client *c)
209 {
210 if (c->sock != -1) {
211 close(c->sock);
212 c->sock = -1;
213 }
214 DLIST_REMOVE(c->server->clients, c);
215 c->server->num_clients -= 1;
216 return 0;
217 }
218
219 static void nb_packet_got_query(struct tevent_req *req)
220 {
221 struct nb_packet_client *client = tevent_req_callback_data(
222 req, struct nb_packet_client);
223 struct nb_packet_query q;
224 uint8_t *buf;
225 ssize_t nread, nwritten;
226 int err;
227 char c;
228
229 nread = read_packet_recv(req, talloc_tos(), &buf, &err);
230 TALLOC_FREE(req);
231 if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
232 DEBUG(10, ("read_packet_recv returned %d (%s)\n",
233 (int)nread,
234 (nread == -1) ? strerror(err) : "wrong length"));
235 TALLOC_FREE(client);
236 return;
237 }
238
239 /* Take care of alignment */
240 memcpy(&q, buf, sizeof(q));
241
242 if (nread != sizeof(struct nb_packet_query) + q.mailslot_namelen) {
243 DEBUG(10, ("nb_packet_got_query: Invalid mailslot namelength\n"));
244 TALLOC_FREE(client);
245 return;
246 }
247
248 client->trn_id = q.trn_id;
249 client->type = q.type;
250 if (q.mailslot_namelen > 0) {
251 client->mailslot_name = talloc_strndup(
252 client, (char *)buf + sizeof(q),
253 q.mailslot_namelen);
254 if (client->mailslot_name == NULL) {
255 TALLOC_FREE(client);
256 return;
257 }
258 }
259
260 /*
261 * Yes, this is a blocking write of 1 byte into a unix
262 * domain socket that has never been written to. Highly
263 * unlikely that this actually blocks.
264 */
265 c = 0;
266 nwritten = sys_write(client->sock, &c, sizeof(c));
267 if (nwritten != sizeof(c)) {
268 DEBUG(10, ("Could not write success indicator to client: %s\n",
269 strerror(errno)));
270 TALLOC_FREE(client);
271 return;
272 }
273
274 client->read_req = read_packet_send(client, client->server->ev,
275 client->sock, 1, NULL, NULL);
276 if (client->read_req == NULL) {
277 DEBUG(10, ("Could not activate reader for client exit "
278 "detection\n"));
279 TALLOC_FREE(client);
280 return;
281 }
282 tevent_req_set_callback(client->read_req, nb_packet_client_read_done,
283 client);
284 }
285
286 static void nb_packet_client_read_done(struct tevent_req *req)
287 {
288 struct nb_packet_client *client = tevent_req_callback_data(
289 req, struct nb_packet_client);
290 ssize_t nread;
291 uint8_t *buf;
292 int err;
293
294 nread = read_packet_recv(req, talloc_tos(), &buf, &err);
295 TALLOC_FREE(req);
296 if (nread == 1) {
297 DEBUG(10, ("Protocol error, received data on write-only "
298 "unexpected socket: 0x%2.2x\n", (*buf)));
299 }
300 TALLOC_FREE(client);
301 }
302
303 static void nb_packet_client_send(struct nb_packet_client *client,
304 struct packet_struct *p);
305
306 void nb_packet_dispatch(struct nb_packet_server *server,
307 struct packet_struct *p)
308 {
309 struct nb_packet_client *c;
310 uint16_t trn_id;
311
312 switch (p->packet_type) {
313 case NMB_PACKET:
314 trn_id = p->packet.nmb.header.name_trn_id;
315 break;
316 case DGRAM_PACKET:
317 trn_id = p->packet.dgram.header.dgm_id;
318 break;
319 default:
320 DEBUG(10, ("Got invalid packet type %d\n",
321 (int)p->packet_type));
322 return;
323 }
324 for (c = server->clients; c != NULL; c = c->next) {
325
326 if (c->type != p->packet_type) {
327 DEBUG(10, ("client expects packet %d, got %d\n",
328 c->type, p->packet_type));
329 continue;
330 }
331
332 if (p->packet_type == NMB_PACKET) {
333 /*
334 * See if the client specified transaction
335 * ID. Filter if it did.
336 */
337 if ((c->trn_id != -1) &&
338 (c->trn_id != trn_id)) {
339 DEBUG(10, ("client expects trn %d, got %d\n",
340 c->trn_id, trn_id));
341 continue;
342 }
343 } else {
344 /*
345 * See if the client specified a mailslot
346 * name. Filter if it did.
347 */
348 if ((c->mailslot_name != NULL) &&
349 !match_mailslot_name(p, c->mailslot_name)) {
350 continue;
351 }
352 }
353 nb_packet_client_send(c, p);
354 }
355 }
356
357 struct nb_packet_client_header {
358 size_t len;
359 enum packet_type type;
360 time_t timestamp;
361 struct in_addr ip;
362 int port;
363 };
364
365 struct nb_packet_client_state {
366 struct nb_packet_client *client;
367 struct iovec iov[2];
368 struct nb_packet_client_header hdr;
369 char buf[1024];
370 };
371
372 static void nb_packet_client_send_done(struct tevent_req *req);
373
374 static void nb_packet_client_send(struct nb_packet_client *client,
375 struct packet_struct *p)
376 {
377 struct nb_packet_client_state *state;
378 struct tevent_req *req;
379
380 if (tevent_queue_length(client->out_queue) > 10) {
381 /*
382 * Skip clients that don't listen anyway, some form of DoS
383 * protection
384 */
385 return;
386 }
387
388 state = talloc_zero(client, struct nb_packet_client_state);
389 if (state == NULL) {
390 DEBUG(10, ("talloc failed\n"));
391 return;
392 }
393
394 state->client = client;
395
396 state->hdr.ip = p->ip;
397 state->hdr.port = p->port;
398 state->hdr.timestamp = p->timestamp;
399 state->hdr.type = p->packet_type;
400 state->hdr.len = build_packet(state->buf, sizeof(state->buf), p);
401
402 state->iov[0].iov_base = (char *)&state->hdr;
403 state->iov[0].iov_len = sizeof(state->hdr);
404 state->iov[1].iov_base = state->buf;
405 state->iov[1].iov_len = state->hdr.len;
406
407 TALLOC_FREE(client->read_req);
408
409 req = writev_send(client, client->server->ev, client->out_queue,
410 client->sock, true, state->iov, 2);
411 if (req == NULL) {
412 DEBUG(10, ("writev_send failed\n"));
413 return;
414 }
415 tevent_req_set_callback(req, nb_packet_client_send_done, state);
416 }
417
418 static void nb_packet_client_send_done(struct tevent_req *req)
419 {
420 struct nb_packet_client_state *state = tevent_req_callback_data(
421 req, struct nb_packet_client_state);
422 struct nb_packet_client *client = state->client;
423 ssize_t nwritten;
424 int err;
425
426 nwritten = writev_recv(req, &err);
427
428 TALLOC_FREE(req);
429 TALLOC_FREE(state);
430
431 if (nwritten == -1) {
432 DEBUG(10, ("writev failed: %s\n", strerror(err)));
433 TALLOC_FREE(client);
434 }
435
436 if (tevent_queue_length(client->out_queue) == 0) {
437 client->read_req = read_packet_send(client, client->server->ev,
438 client->sock, 1,
439 NULL, NULL);
440 if (client->read_req == NULL) {
441 DEBUG(10, ("Could not activate reader for client exit "
442 "detection\n"));
443 TALLOC_FREE(client);
444 return;
445 }
446 tevent_req_set_callback(client->read_req,
447 nb_packet_client_read_done,
448 client);
449 }
450 }
451
452 struct nb_packet_reader {
453 int sock;
454 };
455
456 struct nb_packet_reader_state {
457 struct tevent_context *ev;
458 struct sockaddr_un addr;
459 struct nb_packet_query query;
460 const char *mailslot_name;
461 struct iovec iov[2];
462 char c;
463 struct nb_packet_reader *reader;
464 };
465
466 static int nb_packet_reader_destructor(struct nb_packet_reader *r);
467 static void nb_packet_reader_connected(struct tevent_req *subreq);
468 static void nb_packet_reader_sent_query(struct tevent_req *subreq);
469 static void nb_packet_reader_got_ack(struct tevent_req *subreq);
470
471 struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
472 struct tevent_context *ev,
473 enum packet_type type,
474 int trn_id,
475 const char *mailslot_name)
476 {
477 struct tevent_req *req, *subreq;
478 struct nb_packet_reader_state *state;
479 char *path;
480
481 req = tevent_req_create(mem_ctx, &state,
482 struct nb_packet_reader_state);
483 if (req == NULL) {
484 return NULL;
485 }
486 state->ev = ev;
487 state->query.trn_id = trn_id;
488 state->query.type = type;
489 state->mailslot_name = mailslot_name;
490
491 if (mailslot_name != NULL) {
492 state->query.mailslot_namelen = strlen(mailslot_name);
493 }
494
495 state->reader = talloc_zero(state, struct nb_packet_reader);
496 if (tevent_req_nomem(state->reader, req)) {
497 return tevent_req_post(req, ev);
498 }
499
500 path = talloc_asprintf(talloc_tos(), "%s/%s", nmbd_socket_dir(),
501 "unexpected");
502 if (tevent_req_nomem(path, req)) {
503 return tevent_req_post(req, ev);
504 }
505 state->addr.sun_family = AF_UNIX;
506 strlcpy(state->addr.sun_path, path, sizeof(state->addr.sun_path));
507 TALLOC_FREE(path);
508
509 state->reader->sock = socket(AF_UNIX, SOCK_STREAM, 0);
510 if (state->reader->sock == -1) {
511 tevent_req_nterror(req, map_nt_error_from_unix(errno));
512 return tevent_req_post(req, ev);
513 }
514 talloc_set_destructor(state->reader, nb_packet_reader_destructor);
515
516 subreq = async_connect_send(state, ev, state->reader->sock,
517 (struct sockaddr *)(void *)&state->addr,
518 sizeof(state->addr), NULL, NULL, NULL);
519 if (tevent_req_nomem(subreq, req)) {
520 return tevent_req_post(req, ev);
521 }
522 tevent_req_set_callback(subreq, nb_packet_reader_connected, req);
523 return req;
524 }
525
526 static int nb_packet_reader_destructor(struct nb_packet_reader *r)
527 {
528 if (r->sock != -1) {
529 close(r->sock);
530 r->sock = -1;
531 }
532 return 0;
533 }
534
535 static void nb_packet_reader_connected(struct tevent_req *subreq)
536 {
537 struct tevent_req *req = tevent_req_callback_data(
538 subreq, struct tevent_req);
539 struct nb_packet_reader_state *state = tevent_req_data(
540 req, struct nb_packet_reader_state);
541 int res, err;
542 int num_iovecs = 1;
543
544 res = async_connect_recv(subreq, &err);
545 TALLOC_FREE(subreq);
546 if (res == -1) {
547 DEBUG(10, ("async_connect failed: %s\n", strerror(err)));
548 tevent_req_nterror(req, map_nt_error_from_unix(err));
549 return;
550 }
551
552 state->iov[0].iov_base = (char *)&state->query;
553 state->iov[0].iov_len = sizeof(state->query);
554
555 if (state->mailslot_name != NULL) {
556 num_iovecs = 2;
557 state->iov[1].iov_base = discard_const_p(
558 char, state->mailslot_name);
559 state->iov[1].iov_len = state->query.mailslot_namelen;
560 }
561
562 subreq = writev_send(state, state->ev, NULL, state->reader->sock,
563 true, state->iov, num_iovecs);
564 if (tevent_req_nomem(subreq, req)) {
565 return;
566 }
567 tevent_req_set_callback(subreq, nb_packet_reader_sent_query, req);
568 }
569
570 static void nb_packet_reader_sent_query(struct tevent_req *subreq)
571 {
572 struct tevent_req *req = tevent_req_callback_data(
573 subreq, struct tevent_req);
574 struct nb_packet_reader_state *state = tevent_req_data(
575 req, struct nb_packet_reader_state);
576 ssize_t written;
577 int err;
578
579 written = writev_recv(subreq, &err);
580 TALLOC_FREE(subreq);
581 if (written == -1) {
582 tevent_req_nterror(req, map_nt_error_from_unix(err));
583 return;
584 }
585 if (written != sizeof(state->query) + state->query.mailslot_namelen) {
586 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
587 return;
588 }
589 subreq = read_packet_send(state, state->ev, state->reader->sock,
590 sizeof(state->c), NULL, NULL);
591 if (tevent_req_nomem(subreq, req)) {
592 return;
593 }
594 tevent_req_set_callback(subreq, nb_packet_reader_got_ack, req);
595 }
596
597 static void nb_packet_reader_got_ack(struct tevent_req *subreq)
598 {
599 struct tevent_req *req = tevent_req_callback_data(
600 subreq, struct tevent_req);
601 struct nb_packet_reader_state *state = tevent_req_data(
602 req, struct nb_packet_reader_state);
603 ssize_t nread;
604 int err;
605 uint8_t *buf;
606
607 nread = read_packet_recv(subreq, state, &buf, &err);
608 TALLOC_FREE(subreq);
609 if (nread == -1) {
610 DEBUG(10, ("read_packet_recv returned %s\n",
611 strerror(err)));
612 tevent_req_nterror(req, map_nt_error_from_unix(err));
613 return;
614 }
615 if (nread != sizeof(state->c)) {
616 DEBUG(10, ("read = %d, expected %d\n", (int)nread,
617 (int)sizeof(state->c)));
618 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
619 return;
620 }
621 tevent_req_done(req);
622 }
623
624 NTSTATUS nb_packet_reader_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
625 struct nb_packet_reader **preader)
626 {
627 struct nb_packet_reader_state *state = tevent_req_data(
628 req, struct nb_packet_reader_state);
629 NTSTATUS status;
630
631 if (tevent_req_is_nterror(req, &status)) {
632 return status;
633 }
634 *preader = talloc_move(mem_ctx, &state->reader);
635 return NT_STATUS_OK;
636 }
637
638 struct nb_packet_read_state {
639 struct nb_packet_client_header hdr;
640 uint8_t *buf;
641 size_t buflen;
642 };
643
644 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p);
645 static void nb_packet_read_done(struct tevent_req *subreq);
646
647 struct tevent_req *nb_packet_read_send(TALLOC_CTX *mem_ctx,
648 struct tevent_context *ev,
649 struct nb_packet_reader *reader)
650 {
651 struct tevent_req *req, *subreq;
652 struct nb_packet_read_state *state;
653
654 req = tevent_req_create(mem_ctx, &state, struct nb_packet_read_state);
655 if (req == NULL) {
656 return NULL;
657 }
658 subreq = read_packet_send(state, ev, reader->sock,
659 sizeof(struct nb_packet_client_header),
660 nb_packet_read_more, state);
661 if (tevent_req_nomem(subreq, req)) {
662 return tevent_req_post(req, ev);
663 }
664 tevent_req_set_callback(subreq, nb_packet_read_done, req);
665 return req;
666 }
667
668 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p)
669 {
670 struct nb_packet_read_state *state = talloc_get_type_abort(
671 p, struct nb_packet_read_state);
672
673 if (buflen > sizeof(struct nb_packet_client_header)) {
674 /*
675 * Been here, done
676 */
677 return 0;
678 }
679 memcpy(&state->hdr, buf, sizeof(struct nb_packet_client_header));
680 return state->hdr.len;
681 }
682
683 static void nb_packet_read_done(struct tevent_req *subreq)
684 {
685 struct tevent_req *req = tevent_req_callback_data(
686 subreq, struct tevent_req);
687 struct nb_packet_read_state *state = tevent_req_data(
688 req, struct nb_packet_read_state);
689 ssize_t nread;
690 int err;
691
692 nread = read_packet_recv(subreq, state, &state->buf, &err);
693 if (nread == -1) {
694 tevent_req_nterror(req, map_nt_error_from_unix(err));
695 return;
696 }
697 state->buflen = nread;
698 tevent_req_done(req);
699 }
700
701 NTSTATUS nb_packet_read_recv(struct tevent_req *req,
702 struct packet_struct **ppacket)
703 {
704 struct nb_packet_read_state *state = tevent_req_data(
705 req, struct nb_packet_read_state);
706 struct nb_packet_client_header hdr;
707 struct packet_struct *packet;
708 NTSTATUS status;
709
710 if (tevent_req_is_nterror(req, &status)) {
711 return status;
712 }
713
714 memcpy(&hdr, state->buf, sizeof(hdr));
715
716 packet = parse_packet(
717 (char *)state->buf + sizeof(struct nb_packet_client_header),
718 state->buflen - sizeof(struct nb_packet_client_header),
719 state->hdr.type, state->hdr.ip, state->hdr.port);
720 if (packet == NULL) {
721 return NT_STATUS_INVALID_NETWORK_RESPONSE;
722 }
723 *ppacket = packet;
724 return NT_STATUS_OK;
725 }
Samba GIT mirror