2 Unix SMB/CIFS implementation.
4 low level socket handling for nbt requests
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "lib/events/events.h"
24 #include "../lib/util/dlinklist.h"
25 #include "../libcli/nbt/libnbt.h"
26 #include "../libcli/nbt/nbt_proto.h"
27 #include "lib/socket/socket.h"
28 #include "librpc/gen_ndr/ndr_nbt.h"
29 #include "param/param.h"
30 #include "lib/util/idtree_random.h"
32 #define NBT_MAX_REPLIES 1000
35 destroy a pending request
37 static int nbt_name_request_destructor(struct nbt_name_request
*req
)
39 if (req
->state
== NBT_REQUEST_SEND
) {
40 DLIST_REMOVE(req
->nbtsock
->send_queue
, req
);
42 if (req
->state
== NBT_REQUEST_WAIT
) {
43 req
->nbtsock
->num_pending
--;
45 if (req
->name_trn_id
!= 0 && !req
->is_reply
) {
46 idr_remove(req
->nbtsock
->idr
, req
->name_trn_id
);
50 if (req
->nbtsock
->send_queue
== NULL
) {
51 TEVENT_FD_NOT_WRITEABLE(req
->nbtsock
->fde
);
53 if (req
->nbtsock
->num_pending
== 0 &&
54 req
->nbtsock
->incoming
.handler
== NULL
) {
55 TEVENT_FD_NOT_READABLE(req
->nbtsock
->fde
);
62 handle send events on a nbt name socket
64 static void nbt_name_socket_send(struct nbt_name_socket
*nbtsock
)
66 struct nbt_name_request
*req
;
67 TALLOC_CTX
*tmp_ctx
= talloc_new(nbtsock
);
70 while ((req
= nbtsock
->send_queue
)) {
73 len
= req
->encoded
.length
;
74 status
= socket_sendto(nbtsock
->sock
, &req
->encoded
, &len
,
76 if (NT_STATUS_IS_ERR(status
)) goto failed
;
78 if (!NT_STATUS_IS_OK(status
)) {
83 DLIST_REMOVE(nbtsock
->send_queue
, req
);
84 req
->state
= NBT_REQUEST_WAIT
;
88 TEVENT_FD_READABLE(nbtsock
->fde
);
89 nbtsock
->num_pending
++;
93 TEVENT_FD_NOT_WRITEABLE(nbtsock
->fde
);
98 DLIST_REMOVE(nbtsock
->send_queue
, req
);
99 nbt_name_request_destructor(req
);
100 req
->status
= status
;
101 req
->state
= NBT_REQUEST_ERROR
;
102 talloc_free(tmp_ctx
);
105 } else if (req
->is_reply
) {
113 handle a request timeout
115 static void nbt_name_socket_timeout(struct tevent_context
*ev
, struct tevent_timer
*te
,
116 struct timeval t
, void *private_data
)
118 struct nbt_name_request
*req
= talloc_get_type(private_data
,
119 struct nbt_name_request
);
121 if (req
->num_retries
!= 0) {
123 req
->te
= tevent_add_timer(req
->nbtsock
->event_ctx
, req
,
124 timeval_add(&t
, req
->timeout
, 0),
125 nbt_name_socket_timeout
, req
);
126 if (req
->state
!= NBT_REQUEST_SEND
) {
127 req
->state
= NBT_REQUEST_SEND
;
128 DLIST_ADD_END(req
->nbtsock
->send_queue
, req
);
130 TEVENT_FD_WRITEABLE(req
->nbtsock
->fde
);
134 nbt_name_request_destructor(req
);
135 if (req
->num_replies
== 0) {
136 req
->state
= NBT_REQUEST_TIMEOUT
;
137 req
->status
= NT_STATUS_IO_TIMEOUT
;
139 req
->state
= NBT_REQUEST_DONE
;
140 req
->status
= NT_STATUS_OK
;
144 } else if (req
->is_reply
) {
152 handle recv events on a nbt name socket
154 static void nbt_name_socket_recv(struct nbt_name_socket
*nbtsock
)
156 TALLOC_CTX
*tmp_ctx
= talloc_new(nbtsock
);
158 enum ndr_err_code ndr_err
;
159 struct socket_address
*src
;
162 struct nbt_name_packet
*packet
;
163 struct nbt_name_request
*req
;
165 status
= socket_pending(nbtsock
->sock
, &dsize
);
166 if (!NT_STATUS_IS_OK(status
)) {
167 talloc_free(tmp_ctx
);
172 * Given a zero length, data_blob_talloc() returns the
173 * NULL blob {NULL, 0}.
175 * We only want to error return here on a real out of memory condition
176 * (i.e. dsize != 0, so the UDP packet has data, but the return of the
177 * allocation failed, so blob.data==NULL).
179 * Given an actual zero length UDP packet having blob.data == NULL
180 * isn't an out of memory error condition, that's the defined semantics
181 * of data_blob_talloc() when asked for zero bytes.
183 * We still need to continue to do the zero-length socket_recvfrom()
184 * read in order to clear the "read pending" condition on the socket.
186 blob
= data_blob_talloc(tmp_ctx
, NULL
, dsize
);
187 if (blob
.data
== NULL
&& dsize
!= 0) {
188 talloc_free(tmp_ctx
);
192 status
= socket_recvfrom(nbtsock
->sock
, blob
.data
, blob
.length
, &nread
,
194 if (!NT_STATUS_IS_OK(status
)) {
195 talloc_free(tmp_ctx
);
199 packet
= talloc(tmp_ctx
, struct nbt_name_packet
);
200 if (packet
== NULL
) {
201 talloc_free(tmp_ctx
);
205 /* parse the request */
206 ndr_err
= ndr_pull_struct_blob(&blob
, packet
, packet
,
207 (ndr_pull_flags_fn_t
)ndr_pull_nbt_name_packet
);
208 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
209 status
= ndr_map_error2ntstatus(ndr_err
);
210 DEBUG(2,("Failed to parse incoming NBT name packet - %s\n",
212 talloc_free(tmp_ctx
);
217 DEBUG(10,("Received nbt packet of length %d from %s:%d\n",
218 (int)blob
.length
, src
->addr
, src
->port
));
219 NDR_PRINT_DEBUG(nbt_name_packet
, packet
);
222 /* if its not a reply then pass it off to the incoming request
224 if (!(packet
->operation
& NBT_FLAG_REPLY
)) {
225 if (nbtsock
->incoming
.handler
) {
226 nbtsock
->incoming
.handler(nbtsock
, packet
, src
);
228 talloc_free(tmp_ctx
);
232 /* find the matching request */
233 req
= (struct nbt_name_request
*)idr_find(nbtsock
->idr
,
234 packet
->name_trn_id
);
236 if (nbtsock
->unexpected
.handler
) {
237 nbtsock
->unexpected
.handler(nbtsock
, packet
, src
);
239 DEBUG(10,("Failed to match request for incoming name packet id 0x%04x on %p\n",
240 packet
->name_trn_id
, nbtsock
));
242 talloc_free(tmp_ctx
);
246 talloc_steal(req
, packet
);
247 talloc_steal(req
, src
);
248 talloc_free(tmp_ctx
);
249 nbt_name_socket_handle_response_packet(req
, packet
, src
);
252 void nbt_name_socket_handle_response_packet(struct nbt_name_request
*req
,
253 struct nbt_name_packet
*packet
,
254 struct socket_address
*src
)
256 /* if this is a WACK response, this we need to go back to waiting,
257 but perhaps increase the timeout */
258 if ((packet
->operation
& NBT_OPCODE
) == NBT_OPCODE_WACK
) {
260 if (req
->received_wack
|| packet
->ancount
< 1) {
261 nbt_name_request_destructor(req
);
262 req
->status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
263 req
->state
= NBT_REQUEST_ERROR
;
266 talloc_free(req
->te
);
267 /* we know we won't need any more retries - the server
268 has received our request */
269 req
->num_retries
= 0;
270 req
->received_wack
= true;
272 * there is a timeout in the packet,
273 * it is 5 + 4 * num_old_addresses
275 * although w2k3 screws it up
276 * and uses num_old_addresses = 0
278 * so we better fallback to the maximum
279 * of num_old_addresses = 25 if we got
280 * a timeout of less than 9s (5 + 4*1)
281 * or more than 105s (5 + 4*25).
283 ttl
= packet
->answers
[0].ttl
;
284 if ((ttl
< (5 + 4*1)) || (ttl
> (5 + 4*25))) {
288 req
->te
= tevent_add_timer(req
->nbtsock
->event_ctx
, req
,
289 timeval_current_ofs(req
->timeout
, 0),
290 nbt_name_socket_timeout
, req
);
295 req
->replies
= talloc_realloc(req
, req
->replies
, struct nbt_name_reply
, req
->num_replies
+1);
296 if (req
->replies
== NULL
) {
297 nbt_name_request_destructor(req
);
298 req
->state
= NBT_REQUEST_ERROR
;
299 req
->status
= NT_STATUS_NO_MEMORY
;
303 talloc_steal(req
, src
);
304 req
->replies
[req
->num_replies
].dest
= src
;
305 talloc_steal(req
, packet
);
306 req
->replies
[req
->num_replies
].packet
= packet
;
309 /* if we don't want multiple replies then we are done */
310 if (req
->allow_multiple_replies
&&
311 req
->num_replies
< NBT_MAX_REPLIES
) {
315 nbt_name_request_destructor(req
);
316 req
->state
= NBT_REQUEST_DONE
;
317 req
->status
= NT_STATUS_OK
;
326 handle fd events on a nbt_name_socket
328 static void nbt_name_socket_handler(struct tevent_context
*ev
, struct tevent_fd
*fde
,
329 uint16_t flags
, void *private_data
)
331 struct nbt_name_socket
*nbtsock
= talloc_get_type(private_data
,
332 struct nbt_name_socket
);
333 if (flags
& TEVENT_FD_WRITE
) {
334 nbt_name_socket_send(nbtsock
);
336 if (flags
& TEVENT_FD_READ
) {
337 nbt_name_socket_recv(nbtsock
);
343 initialise a nbt_name_socket. The event_ctx is optional, if provided
344 then operations will use that event context
346 _PUBLIC_
struct nbt_name_socket
*nbt_name_socket_init(TALLOC_CTX
*mem_ctx
,
347 struct tevent_context
*event_ctx
)
349 struct nbt_name_socket
*nbtsock
;
352 nbtsock
= talloc(mem_ctx
, struct nbt_name_socket
);
353 if (nbtsock
== NULL
) goto failed
;
355 nbtsock
->event_ctx
= event_ctx
;
356 if (nbtsock
->event_ctx
== NULL
) goto failed
;
358 status
= socket_create(nbtsock
, "ip", SOCKET_TYPE_DGRAM
,
360 if (!NT_STATUS_IS_OK(status
)) goto failed
;
362 socket_set_option(nbtsock
->sock
, "SO_BROADCAST", "1");
364 nbtsock
->idr
= idr_init(nbtsock
);
365 if (nbtsock
->idr
== NULL
) goto failed
;
367 nbtsock
->send_queue
= NULL
;
368 nbtsock
->num_pending
= 0;
369 nbtsock
->incoming
.handler
= NULL
;
370 nbtsock
->unexpected
.handler
= NULL
;
372 nbtsock
->fde
= tevent_add_fd(nbtsock
->event_ctx
, nbtsock
,
373 socket_get_fd(nbtsock
->sock
), 0,
374 nbt_name_socket_handler
, nbtsock
);
379 talloc_free(nbtsock
);
384 send off a nbt name request
386 struct nbt_name_request
*nbt_name_request_send(TALLOC_CTX
*mem_ctx
,
387 struct nbt_name_socket
*nbtsock
,
388 struct socket_address
*dest
,
389 struct nbt_name_packet
*request
,
390 int timeout
, int retries
,
391 bool allow_multiple_replies
)
393 struct nbt_name_request
*req
;
395 enum ndr_err_code ndr_err
;
397 req
= talloc_zero(mem_ctx
, struct nbt_name_request
);
398 if (req
== NULL
) goto failed
;
400 req
->nbtsock
= nbtsock
;
401 req
->allow_multiple_replies
= allow_multiple_replies
;
402 req
->state
= NBT_REQUEST_SEND
;
403 req
->is_reply
= false;
404 req
->timeout
= timeout
;
405 req
->num_retries
= retries
;
406 req
->dest
= socket_address_copy(req
, dest
);
407 if (req
->dest
== NULL
) goto failed
;
409 /* we select a random transaction id unless the user supplied one */
410 if (request
->name_trn_id
== 0) {
411 id
= idr_get_new_random(
412 req
->nbtsock
->idr
, req
, 1, UINT16_MAX
);
414 if (idr_find(req
->nbtsock
->idr
, request
->name_trn_id
)) goto failed
;
415 id
= idr_get_new_above(req
->nbtsock
->idr
, req
, request
->name_trn_id
,
418 if (id
== -1) goto failed
;
420 request
->name_trn_id
= id
;
421 req
->name_trn_id
= id
;
423 req
->te
= tevent_add_timer(nbtsock
->event_ctx
, req
,
424 timeval_current_ofs(req
->timeout
, 0),
425 nbt_name_socket_timeout
, req
);
427 talloc_set_destructor(req
, nbt_name_request_destructor
);
429 ndr_err
= ndr_push_struct_blob(&req
->encoded
, req
,
431 (ndr_push_flags_fn_t
)ndr_push_nbt_name_packet
);
432 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) goto failed
;
434 DLIST_ADD_END(nbtsock
->send_queue
, req
);
437 DEBUG(10,("Queueing nbt packet to %s:%d\n",
438 req
->dest
->addr
, req
->dest
->port
));
439 NDR_PRINT_DEBUG(nbt_name_packet
, request
);
442 TEVENT_FD_WRITEABLE(nbtsock
->fde
);
452 send off a nbt name packet
454 _PUBLIC_ NTSTATUS
nbt_name_send_raw(struct nbt_name_socket
*nbtsock
,
455 struct socket_address
*dest
,
456 const DATA_BLOB pkt_blob
)
458 struct nbt_name_request
*req
;
460 req
= talloc_zero(nbtsock
, struct nbt_name_request
);
461 NT_STATUS_HAVE_NO_MEMORY(req
);
463 req
->nbtsock
= nbtsock
;
464 req
->dest
= socket_address_copy(req
, dest
);
465 if (req
->dest
== NULL
) {
468 req
->state
= NBT_REQUEST_SEND
;
470 * We don't expect a response so
471 * just pretent it is a request,
472 * but we really don't care about the
475 req
->is_reply
= true;
477 req
->encoded
= data_blob_dup_talloc(req
, pkt_blob
);
478 if (req
->encoded
.length
!= pkt_blob
.length
) {
482 talloc_set_destructor(req
, nbt_name_request_destructor
);
484 DLIST_ADD_END(nbtsock
->send_queue
, req
);
486 TEVENT_FD_WRITEABLE(nbtsock
->fde
);
492 return NT_STATUS_NO_MEMORY
;
497 send off a nbt name reply
499 _PUBLIC_ NTSTATUS
nbt_name_reply_send(struct nbt_name_socket
*nbtsock
,
500 struct socket_address
*dest
,
501 struct nbt_name_packet
*request
)
503 struct nbt_name_request
*req
;
504 enum ndr_err_code ndr_err
;
506 req
= talloc_zero(nbtsock
, struct nbt_name_request
);
507 NT_STATUS_HAVE_NO_MEMORY(req
);
509 req
->nbtsock
= nbtsock
;
510 req
->dest
= socket_address_copy(req
, dest
);
511 if (req
->dest
== NULL
) goto failed
;
512 req
->state
= NBT_REQUEST_SEND
;
513 req
->is_reply
= true;
515 talloc_set_destructor(req
, nbt_name_request_destructor
);
518 NDR_PRINT_DEBUG(nbt_name_packet
, request
);
521 ndr_err
= ndr_push_struct_blob(&req
->encoded
, req
,
523 (ndr_push_flags_fn_t
)ndr_push_nbt_name_packet
);
524 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
526 return ndr_map_error2ntstatus(ndr_err
);
529 DLIST_ADD_END(nbtsock
->send_queue
, req
);
531 TEVENT_FD_WRITEABLE(nbtsock
->fde
);
537 return NT_STATUS_NO_MEMORY
;
541 wait for a nbt request to complete
543 NTSTATUS
nbt_name_request_recv(struct nbt_name_request
*req
)
545 if (!req
) return NT_STATUS_NO_MEMORY
;
547 while (req
->state
< NBT_REQUEST_DONE
) {
548 if (tevent_loop_once(req
->nbtsock
->event_ctx
) != 0) {
549 req
->state
= NBT_REQUEST_ERROR
;
550 req
->status
= NT_STATUS_UNEXPECTED_NETWORK_ERROR
;
559 setup a handler for incoming requests
561 _PUBLIC_ NTSTATUS
nbt_set_incoming_handler(struct nbt_name_socket
*nbtsock
,
562 void (*handler
)(struct nbt_name_socket
*, struct nbt_name_packet
*,
563 struct socket_address
*),
566 nbtsock
->incoming
.handler
= handler
;
567 nbtsock
->incoming
.private_data
= private_data
;
568 TEVENT_FD_READABLE(nbtsock
->fde
);
573 setup a handler for unexpected requests
575 NTSTATUS
nbt_set_unexpected_handler(struct nbt_name_socket
*nbtsock
,
576 void (*handler
)(struct nbt_name_socket
*, struct nbt_name_packet
*,
577 struct socket_address
*),
580 nbtsock
->unexpected
.handler
= handler
;
581 nbtsock
->unexpected
.private_data
= private_data
;
582 TEVENT_FD_READABLE(nbtsock
->fde
);
587 turn a NBT rcode into a NTSTATUS
589 _PUBLIC_ NTSTATUS
nbt_rcode_to_ntstatus(uint8_t rcode
)
593 enum nbt_rcode rcode
;
596 { NBT_RCODE_FMT
, NT_STATUS_INVALID_PARAMETER
},
597 { NBT_RCODE_SVR
, NT_STATUS_SERVER_DISABLED
},
598 { NBT_RCODE_NAM
, NT_STATUS_OBJECT_NAME_NOT_FOUND
},
599 { NBT_RCODE_IMP
, NT_STATUS_NOT_SUPPORTED
},
600 { NBT_RCODE_RFS
, NT_STATUS_ACCESS_DENIED
},
601 { NBT_RCODE_ACT
, NT_STATUS_ADDRESS_ALREADY_EXISTS
},
602 { NBT_RCODE_CFT
, NT_STATUS_CONFLICTING_ADDRESSES
}
604 for (i
=0;i
<ARRAY_SIZE(map
);i
++) {
605 if (map
[i
].rcode
== rcode
) {
606 return map
[i
].status
;
609 return NT_STATUS_UNSUCCESSFUL
;