search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT...
[Samba.git] / libcli / nbt / nbtsocket.c
blob97b0ca34337fa14af43102f34d4d343b7231e4fa
1 /*
2 Unix SMB/CIFS implementation.
3
4 low level socket handling for nbt requests
5
6 Copyright (C) Andrew Tridgell 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "lib/events/events.h"
24 #include "../lib/util/dlinklist.h"
25 #include "../libcli/nbt/libnbt.h"
26 #include "../libcli/nbt/nbt_proto.h"
27 #include "lib/socket/socket.h"
28 #include "librpc/gen_ndr/ndr_nbt.h"
29 #include "param/param.h"
30
31 #define NBT_MAX_REPLIES 1000
32
33 /*
34 destroy a pending request
35 */
36 static int nbt_name_request_destructor(struct nbt_name_request *req)
37 {
38 if (req->state == NBT_REQUEST_SEND) {
39 DLIST_REMOVE(req->nbtsock->send_queue, req);
40 }
41 if (req->state == NBT_REQUEST_WAIT) {
42 req->nbtsock->num_pending--;
43 }
44 if (req->name_trn_id != 0 && !req->is_reply) {
45 idr_remove(req->nbtsock->idr, req->name_trn_id);
46 req->name_trn_id = 0;
47 }
48 TALLOC_FREE(req->te);
49 if (req->nbtsock->send_queue == NULL) {
50 TEVENT_FD_NOT_WRITEABLE(req->nbtsock->fde);
51 }
52 if (req->nbtsock->num_pending == 0 &&
53 req->nbtsock->incoming.handler == NULL) {
54 TEVENT_FD_NOT_READABLE(req->nbtsock->fde);
55 }
56 return 0;
57 }
58
59
60 /*
61 handle send events on a nbt name socket
62 */
63 static void nbt_name_socket_send(struct nbt_name_socket *nbtsock)
64 {
65 struct nbt_name_request *req;
66 TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
67 NTSTATUS status;
68
69 while ((req = nbtsock->send_queue)) {
70 size_t len;
71
72 len = req->encoded.length;
73 status = socket_sendto(nbtsock->sock, &req->encoded, &len,
74 req->dest);
75 if (NT_STATUS_IS_ERR(status)) goto failed;
76
77 if (!NT_STATUS_IS_OK(status)) {
78 talloc_free(tmp_ctx);
79 return;
80 }
81
82 DLIST_REMOVE(nbtsock->send_queue, req);
83 req->state = NBT_REQUEST_WAIT;
84 if (req->is_reply) {
85 talloc_free(req);
86 } else {
87 TEVENT_FD_READABLE(nbtsock->fde);
88 nbtsock->num_pending++;
89 }
90 }
91
92 TEVENT_FD_NOT_WRITEABLE(nbtsock->fde);
93 talloc_free(tmp_ctx);
94 return;
95
96 failed:
97 DLIST_REMOVE(nbtsock->send_queue, req);
98 nbt_name_request_destructor(req);
99 req->status = status;
100 req->state = NBT_REQUEST_ERROR;
101 talloc_free(tmp_ctx);
102 if (req->async.fn) {
103 req->async.fn(req);
104 } else if (req->is_reply) {
105 talloc_free(req);
106 }
107 return;
108 }
109
110
111 /*
112 handle a request timeout
113 */
114 static void nbt_name_socket_timeout(struct tevent_context *ev, struct tevent_timer *te,
115 struct timeval t, void *private_data)
116 {
117 struct nbt_name_request *req = talloc_get_type(private_data,
118 struct nbt_name_request);
119
120 if (req->num_retries != 0) {
121 req->num_retries--;
122 req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
123 timeval_add(&t, req->timeout, 0),
124 nbt_name_socket_timeout, req);
125 if (req->state != NBT_REQUEST_SEND) {
126 req->state = NBT_REQUEST_SEND;
127 DLIST_ADD_END(req->nbtsock->send_queue, req);
128 }
129 TEVENT_FD_WRITEABLE(req->nbtsock->fde);
130 return;
131 }
132
133 nbt_name_request_destructor(req);
134 if (req->num_replies == 0) {
135 req->state = NBT_REQUEST_TIMEOUT;
136 req->status = NT_STATUS_IO_TIMEOUT;
137 } else {
138 req->state = NBT_REQUEST_DONE;
139 req->status = NT_STATUS_OK;
140 }
141 if (req->async.fn) {
142 req->async.fn(req);
143 } else if (req->is_reply) {
144 talloc_free(req);
145 }
146 }
147
148
149
150 /**
151 handle recv events on a nbt name socket
152 */
153 static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
154 {
155 TALLOC_CTX *tmp_ctx = talloc_new(nbtsock);
156 NTSTATUS status;
157 enum ndr_err_code ndr_err;
158 struct socket_address *src;
159 DATA_BLOB blob;
160 size_t nread, dsize;
161 struct nbt_name_packet *packet;
162 struct nbt_name_request *req;
163
164 status = socket_pending(nbtsock->sock, &dsize);
165 if (!NT_STATUS_IS_OK(status)) {
166 talloc_free(tmp_ctx);
167 return;
168 }
169
170 /*
171 * Given a zero length, data_blob_talloc() returns the
172 * NULL blob {NULL, 0}.
173 *
174 * We only want to error return here on a real out of memory condition
175 * (i.e. dsize != 0, so the UDP packet has data, but the return of the
176 * allocation failed, so blob.data==NULL).
177 *
178 * Given an actual zero length UDP packet having blob.data == NULL
179 * isn't an out of memory error condition, that's the defined semantics
180 * of data_blob_talloc() when asked for zero bytes.
181 *
182 * We still need to continue to do the zero-length socket_recvfrom()
183 * read in order to clear the "read pending" condition on the socket.
184 */
185 blob = data_blob_talloc(tmp_ctx, NULL, dsize);
186 if (blob.data == NULL && dsize != 0) {
187 talloc_free(tmp_ctx);
188 return;
189 }
190
191 status = socket_recvfrom(nbtsock->sock, blob.data, blob.length, &nread,
192 tmp_ctx, &src);
193 if (!NT_STATUS_IS_OK(status)) {
194 talloc_free(tmp_ctx);
195 return;
196 }
197
198 packet = talloc(tmp_ctx, struct nbt_name_packet);
199 if (packet == NULL) {
200 talloc_free(tmp_ctx);
201 return;
202 }
203
204 /* parse the request */
205 ndr_err = ndr_pull_struct_blob(&blob, packet, packet,
206 (ndr_pull_flags_fn_t)ndr_pull_nbt_name_packet);
207 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
208 status = ndr_map_error2ntstatus(ndr_err);
209 DEBUG(2,("Failed to parse incoming NBT name packet - %s\n",
210 nt_errstr(status)));
211 talloc_free(tmp_ctx);
212 return;
213 }
214
215 if (DEBUGLVL(10)) {
216 DEBUG(10,("Received nbt packet of length %d from %s:%d\n",
217 (int)blob.length, src->addr, src->port));
218 NDR_PRINT_DEBUG(nbt_name_packet, packet);
219 }
220
221 /* if its not a reply then pass it off to the incoming request
222 handler, if any */
223 if (!(packet->operation & NBT_FLAG_REPLY)) {
224 if (nbtsock->incoming.handler) {
225 nbtsock->incoming.handler(nbtsock, packet, src);
226 }
227 talloc_free(tmp_ctx);
228 return;
229 }
230
231 /* find the matching request */
232 req = (struct nbt_name_request *)idr_find(nbtsock->idr,
233 packet->name_trn_id);
234 if (req == NULL) {
235 if (nbtsock->unexpected.handler) {
236 nbtsock->unexpected.handler(nbtsock, packet, src);
237 } else {
238 DEBUG(10,("Failed to match request for incoming name packet id 0x%04x on %p\n",
239 packet->name_trn_id, nbtsock));
240 }
241 talloc_free(tmp_ctx);
242 return;
243 }
244
245 talloc_steal(req, packet);
246 talloc_steal(req, src);
247 talloc_free(tmp_ctx);
248 nbt_name_socket_handle_response_packet(req, packet, src);
249 }
250
251 void nbt_name_socket_handle_response_packet(struct nbt_name_request *req,
252 struct nbt_name_packet *packet,
253 struct socket_address *src)
254 {
255 /* if this is a WACK response, this we need to go back to waiting,
256 but perhaps increase the timeout */
257 if ((packet->operation & NBT_OPCODE) == NBT_OPCODE_WACK) {
258 uint32_t ttl;
259 if (req->received_wack || packet->ancount < 1) {
260 nbt_name_request_destructor(req);
261 req->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
262 req->state = NBT_REQUEST_ERROR;
263 goto done;
264 }
265 talloc_free(req->te);
266 /* we know we won't need any more retries - the server
267 has received our request */
268 req->num_retries = 0;
269 req->received_wack = true;
270 /*
271 * there is a timeout in the packet,
272 * it is 5 + 4 * num_old_addresses
273 *
274 * although w2k3 screws it up
275 * and uses num_old_addresses = 0
276 *
277 * so we better fallback to the maximum
278 * of num_old_addresses = 25 if we got
279 * a timeout of less than 9s (5 + 4*1)
280 * or more than 105s (5 + 4*25).
281 */
282 ttl = packet->answers[0].ttl;
283 if ((ttl < (5 + 4*1)) || (ttl > (5 + 4*25))) {
284 ttl = 5 + 4*25;
285 }
286 req->timeout = ttl;
287 req->te = tevent_add_timer(req->nbtsock->event_ctx, req,
288 timeval_current_ofs(req->timeout, 0),
289 nbt_name_socket_timeout, req);
290 return;
291 }
292
293
294 req->replies = talloc_realloc(req, req->replies, struct nbt_name_reply, req->num_replies+1);
295 if (req->replies == NULL) {
296 nbt_name_request_destructor(req);
297 req->state = NBT_REQUEST_ERROR;
298 req->status = NT_STATUS_NO_MEMORY;
299 goto done;
300 }
301
302 talloc_steal(req, src);
303 req->replies[req->num_replies].dest = src;
304 talloc_steal(req, packet);
305 req->replies[req->num_replies].packet = packet;
306 req->num_replies++;
307
308 /* if we don't want multiple replies then we are done */
309 if (req->allow_multiple_replies &&
310 req->num_replies < NBT_MAX_REPLIES) {
311 return;
312 }
313
314 nbt_name_request_destructor(req);
315 req->state = NBT_REQUEST_DONE;
316 req->status = NT_STATUS_OK;
317
318 done:
319 if (req->async.fn) {
320 req->async.fn(req);
321 }
322 }
323
324 /*
325 handle fd events on a nbt_name_socket
326 */
327 static void nbt_name_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
328 uint16_t flags, void *private_data)
329 {
330 struct nbt_name_socket *nbtsock = talloc_get_type(private_data,
331 struct nbt_name_socket);
332 if (flags & TEVENT_FD_WRITE) {
333 nbt_name_socket_send(nbtsock);
334 }
335 if (flags & TEVENT_FD_READ) {
336 nbt_name_socket_recv(nbtsock);
337 }
338 }
339
340
341 /*
342 initialise a nbt_name_socket. The event_ctx is optional, if provided
343 then operations will use that event context
344 */
345 _PUBLIC_ struct nbt_name_socket *nbt_name_socket_init(TALLOC_CTX *mem_ctx,
346 struct tevent_context *event_ctx)
347 {
348 struct nbt_name_socket *nbtsock;
349 NTSTATUS status;
350
351 nbtsock = talloc(mem_ctx, struct nbt_name_socket);
352 if (nbtsock == NULL) goto failed;
353
354 nbtsock->event_ctx = event_ctx;
355 if (nbtsock->event_ctx == NULL) goto failed;
356
357 status = socket_create(nbtsock, "ip", SOCKET_TYPE_DGRAM,
358 &nbtsock->sock, 0);
359 if (!NT_STATUS_IS_OK(status)) goto failed;
360
361 socket_set_option(nbtsock->sock, "SO_BROADCAST", "1");
362
363 nbtsock->idr = idr_init(nbtsock);
364 if (nbtsock->idr == NULL) goto failed;
365
366 nbtsock->send_queue = NULL;
367 nbtsock->num_pending = 0;
368 nbtsock->incoming.handler = NULL;
369 nbtsock->unexpected.handler = NULL;
370
371 nbtsock->fde = tevent_add_fd(nbtsock->event_ctx, nbtsock,
372 socket_get_fd(nbtsock->sock), 0,
373 nbt_name_socket_handler, nbtsock);
374
375 return nbtsock;
376
377 failed:
378 talloc_free(nbtsock);
379 return NULL;
380 }
381
382 /*
383 send off a nbt name request
384 */
385 struct nbt_name_request *nbt_name_request_send(TALLOC_CTX *mem_ctx,
386 struct nbt_name_socket *nbtsock,
387 struct socket_address *dest,
388 struct nbt_name_packet *request,
389 int timeout, int retries,
390 bool allow_multiple_replies)
391 {
392 struct nbt_name_request *req;
393 int id;
394 enum ndr_err_code ndr_err;
395
396 req = talloc_zero(mem_ctx, struct nbt_name_request);
397 if (req == NULL) goto failed;
398
399 req->nbtsock = nbtsock;
400 req->allow_multiple_replies = allow_multiple_replies;
401 req->state = NBT_REQUEST_SEND;
402 req->is_reply = false;
403 req->timeout = timeout;
404 req->num_retries = retries;
405 req->dest = socket_address_copy(req, dest);
406 if (req->dest == NULL) goto failed;
407
408 /* we select a random transaction id unless the user supplied one */
409 if (request->name_trn_id == 0) {
410 id = idr_get_new_random(req->nbtsock->idr, req, UINT16_MAX);
411 } else {
412 if (idr_find(req->nbtsock->idr, request->name_trn_id)) goto failed;
413 id = idr_get_new_above(req->nbtsock->idr, req, request->name_trn_id,
414 UINT16_MAX);
415 }
416 if (id == -1) goto failed;
417
418 request->name_trn_id = id;
419 req->name_trn_id = id;
420
421 req->te = tevent_add_timer(nbtsock->event_ctx, req,
422 timeval_current_ofs(req->timeout, 0),
423 nbt_name_socket_timeout, req);
424
425 talloc_set_destructor(req, nbt_name_request_destructor);
426
427 ndr_err = ndr_push_struct_blob(&req->encoded, req,
428 request,
429 (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
430 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
431
432 DLIST_ADD_END(nbtsock->send_queue, req);
433
434 if (DEBUGLVL(10)) {
435 DEBUG(10,("Queueing nbt packet to %s:%d\n",
436 req->dest->addr, req->dest->port));
437 NDR_PRINT_DEBUG(nbt_name_packet, request);
438 }
439
440 TEVENT_FD_WRITEABLE(nbtsock->fde);
441
442 return req;
443
444 failed:
445 talloc_free(req);
446 return NULL;
447 }
448
449
450 /*
451 send off a nbt name reply
452 */
453 _PUBLIC_ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
454 struct socket_address *dest,
455 struct nbt_name_packet *request)
456 {
457 struct nbt_name_request *req;
458 enum ndr_err_code ndr_err;
459
460 req = talloc_zero(nbtsock, struct nbt_name_request);
461 NT_STATUS_HAVE_NO_MEMORY(req);
462
463 req->nbtsock = nbtsock;
464 req->dest = socket_address_copy(req, dest);
465 if (req->dest == NULL) goto failed;
466 req->state = NBT_REQUEST_SEND;
467 req->is_reply = true;
468
469 talloc_set_destructor(req, nbt_name_request_destructor);
470
471 if (DEBUGLVL(10)) {
472 NDR_PRINT_DEBUG(nbt_name_packet, request);
473 }
474
475 ndr_err = ndr_push_struct_blob(&req->encoded, req,
476 request,
477 (ndr_push_flags_fn_t)ndr_push_nbt_name_packet);
478 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
479 talloc_free(req);
480 return ndr_map_error2ntstatus(ndr_err);
481 }
482
483 DLIST_ADD_END(nbtsock->send_queue, req);
484
485 TEVENT_FD_WRITEABLE(nbtsock->fde);
486
487 return NT_STATUS_OK;
488
489 failed:
490 talloc_free(req);
491 return NT_STATUS_NO_MEMORY;
492 }
493
494 /*
495 wait for a nbt request to complete
496 */
497 NTSTATUS nbt_name_request_recv(struct nbt_name_request *req)
498 {
499 if (!req) return NT_STATUS_NO_MEMORY;
500
501 while (req->state < NBT_REQUEST_DONE) {
502 if (tevent_loop_once(req->nbtsock->event_ctx) != 0) {
503 req->state = NBT_REQUEST_ERROR;
504 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
505 break;
506 }
507 }
508 return req->status;
509 }
510
511
512 /*
513 setup a handler for incoming requests
514 */
515 _PUBLIC_ NTSTATUS nbt_set_incoming_handler(struct nbt_name_socket *nbtsock,
516 void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
517 struct socket_address *),
518 void *private_data)
519 {
520 nbtsock->incoming.handler = handler;
521 nbtsock->incoming.private_data = private_data;
522 TEVENT_FD_READABLE(nbtsock->fde);
523 return NT_STATUS_OK;
524 }
525
526 /*
527 setup a handler for unexpected requests
528 */
529 NTSTATUS nbt_set_unexpected_handler(struct nbt_name_socket *nbtsock,
530 void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
531 struct socket_address *),
532 void *private_data)
533 {
534 nbtsock->unexpected.handler = handler;
535 nbtsock->unexpected.private_data = private_data;
536 TEVENT_FD_READABLE(nbtsock->fde);
537 return NT_STATUS_OK;
538 }
539
540 /*
541 turn a NBT rcode into a NTSTATUS
542 */
543 _PUBLIC_ NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode)
544 {
545 size_t i;
546 struct {
547 enum nbt_rcode rcode;
548 NTSTATUS status;
549 } map[] = {
550 { NBT_RCODE_FMT, NT_STATUS_INVALID_PARAMETER },
551 { NBT_RCODE_SVR, NT_STATUS_SERVER_DISABLED },
552 { NBT_RCODE_NAM, NT_STATUS_OBJECT_NAME_NOT_FOUND },
553 { NBT_RCODE_IMP, NT_STATUS_NOT_SUPPORTED },
554 { NBT_RCODE_RFS, NT_STATUS_ACCESS_DENIED },
555 { NBT_RCODE_ACT, NT_STATUS_ADDRESS_ALREADY_EXISTS },
556 { NBT_RCODE_CFT, NT_STATUS_CONFLICTING_ADDRESSES }
557 };
558 for (i=0;i<ARRAY_SIZE(map);i++) {
559 if (map[i].rcode == rcode) {
560 return map[i].status;
561 }
562 }
563 return NT_STATUS_UNSUCCESSFUL;
564 }
Samba GIT mirror