search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ldb: version 1.1.27
[Samba.git] / source3 / libsmb / unexpected.c
blobc645fbce7e46eb246676b6ec2db552bf7cad4ff8
1 /*
2 Unix SMB/CIFS implementation.
3 handle unexpected packets
4 Copyright (C) Andrew Tridgell 2000
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19 */
20
21 #include "includes.h"
22 #include "../lib/util/tevent_ntstatus.h"
23 #include "lib/util_tsock.h"
24 #include "lib/tsocket/tsocket.h"
25 #include "libsmb/nmblib.h"
26 #include "lib/util/sys_rw.h"
27
28 static const char *nmbd_socket_dir(void)
29 {
30 return lp_parm_const_string(-1, "nmbd", "socket dir",
31 get_dyn_NMBDSOCKETDIR());
32 }
33
34 struct nb_packet_query {
35 enum packet_type type;
36 size_t mailslot_namelen;
37 int trn_id;
38 };
39
40 struct nb_packet_client;
41
42 struct nb_packet_server {
43 struct tevent_context *ev;
44 int listen_sock;
45 struct tevent_fd *listen_fde;
46 int max_clients;
47 int num_clients;
48 struct nb_packet_client *clients;
49 };
50
51 struct nb_packet_client {
52 struct nb_packet_client *prev, *next;
53 struct nb_packet_server *server;
54
55 enum packet_type type;
56 int trn_id;
57 char *mailslot_name;
58
59 struct {
60 uint8_t byte;
61 struct iovec iov[1];
62 } ack;
63
64 struct tstream_context *sock;
65 struct tevent_queue *out_queue;
66 };
67
68 static int nb_packet_server_destructor(struct nb_packet_server *s);
69 static void nb_packet_server_listener(struct tevent_context *ev,
70 struct tevent_fd *fde,
71 uint16_t flags,
72 void *private_data);
73
74 NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
75 struct tevent_context *ev,
76 int max_clients,
77 struct nb_packet_server **presult)
78 {
79 struct nb_packet_server *result;
80 NTSTATUS status;
81 int rc;
82
83 result = talloc_zero(mem_ctx, struct nb_packet_server);
84 if (result == NULL) {
85 status = NT_STATUS_NO_MEMORY;
86 goto fail;
87 }
88 result->ev = ev;
89 result->max_clients = max_clients;
90
91 result->listen_sock = create_pipe_sock(
92 nmbd_socket_dir(), "unexpected", 0755);
93 if (result->listen_sock == -1) {
94 status = map_nt_error_from_unix(errno);
95 goto fail;
96 }
97 rc = listen(result->listen_sock, 5);
98 if (rc < 0) {
99 status = map_nt_error_from_unix(errno);
100 goto fail;
101 }
102 talloc_set_destructor(result, nb_packet_server_destructor);
103
104 result->listen_fde = tevent_add_fd(ev, result,
105 result->listen_sock,
106 TEVENT_FD_READ,
107 nb_packet_server_listener,
108 result);
109 if (result->listen_fde == NULL) {
110 status = NT_STATUS_NO_MEMORY;
111 goto fail;
112 }
113
114 *presult = result;
115 return NT_STATUS_OK;
116 fail:
117 TALLOC_FREE(result);
118 return status;
119 }
120
121 static int nb_packet_server_destructor(struct nb_packet_server *s)
122 {
123 TALLOC_FREE(s->listen_fde);
124
125 if (s->listen_sock != -1) {
126 close(s->listen_sock);
127 s->listen_sock = -1;
128 }
129 return 0;
130 }
131
132 static int nb_packet_client_destructor(struct nb_packet_client *c);
133 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
134 void *private_data);
135 static void nb_packet_got_query(struct tevent_req *req);
136 static void nb_packet_client_ack_done(struct tevent_req *req);
137 static void nb_packet_client_read_done(struct tevent_req *req);
138
139 static void nb_packet_server_listener(struct tevent_context *ev,
140 struct tevent_fd *fde,
141 uint16_t flags,
142 void *private_data)
143 {
144 struct nb_packet_server *server = talloc_get_type_abort(
145 private_data, struct nb_packet_server);
146 struct nb_packet_client *client;
147 struct tevent_req *req;
148 struct sockaddr_un sunaddr;
149 socklen_t len;
150 int sock;
151 int ret;
152
153 len = sizeof(sunaddr);
154
155 sock = accept(server->listen_sock, (struct sockaddr *)(void *)&sunaddr,
156 &len);
157 if (sock == -1) {
158 return;
159 }
160 DEBUG(6,("accepted socket %d\n", sock));
161
162 client = talloc_zero(server, struct nb_packet_client);
163 if (client == NULL) {
164 DEBUG(10, ("talloc failed\n"));
165 close(sock);
166 return;
167 }
168 ret = tstream_bsd_existing_socket(client, sock, &client->sock);
169 if (ret != 0) {
170 DEBUG(10, ("tstream_bsd_existing_socket failed\n"));
171 close(sock);
172 return;
173 }
174
175 client->server = server;
176 talloc_set_destructor(client, nb_packet_client_destructor);
177
178 client->out_queue = tevent_queue_create(
179 client, "unexpected packet output");
180 if (client->out_queue == NULL) {
181 DEBUG(10, ("tevent_queue_create failed\n"));
182 TALLOC_FREE(client);
183 return;
184 }
185
186 req = tstream_read_packet_send(client, ev, client->sock,
187 sizeof(struct nb_packet_query),
188 nb_packet_client_more, NULL);
189 if (req == NULL) {
190 DEBUG(10, ("tstream_read_packet_send failed\n"));
191 TALLOC_FREE(client);
192 return;
193 }
194 tevent_req_set_callback(req, nb_packet_got_query, client);
195
196 DLIST_ADD(server->clients, client);
197 server->num_clients += 1;
198
199 if (server->num_clients > server->max_clients) {
200 DEBUG(10, ("Too many clients, dropping oldest\n"));
201
202 /*
203 * no TALLOC_FREE here, don't mess with the list structs
204 */
205 talloc_free(server->clients->prev);
206 }
207 }
208
209 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
210 void *private_data)
211 {
212 struct nb_packet_query q;
213 if (buflen > sizeof(struct nb_packet_query)) {
214 return 0;
215 }
216 /* Take care of alignment */
217 memcpy(&q, buf, sizeof(q));
218 if (q.mailslot_namelen > 1024) {
219 DEBUG(10, ("Got invalid mailslot namelen %d\n",
220 (int)q.mailslot_namelen));
221 return -1;
222 }
223 return q.mailslot_namelen;
224 }
225
226 static int nb_packet_client_destructor(struct nb_packet_client *c)
227 {
228 tevent_queue_stop(c->out_queue);
229 TALLOC_FREE(c->sock);
230
231 DLIST_REMOVE(c->server->clients, c);
232 c->server->num_clients -= 1;
233 return 0;
234 }
235
236 static void nb_packet_got_query(struct tevent_req *req)
237 {
238 struct nb_packet_client *client = tevent_req_callback_data(
239 req, struct nb_packet_client);
240 struct nb_packet_query q;
241 uint8_t *buf;
242 ssize_t nread;
243 int err;
244
245 nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
246 TALLOC_FREE(req);
247 if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
248 DEBUG(10, ("read_packet_recv returned %d (%s)\n",
249 (int)nread,
250 (nread == -1) ? strerror(err) : "wrong length"));
251 TALLOC_FREE(client);
252 return;
253 }
254
255 /* Take care of alignment */
256 memcpy(&q, buf, sizeof(q));
257
258 if (nread != sizeof(struct nb_packet_query) + q.mailslot_namelen) {
259 DEBUG(10, ("nb_packet_got_query: Invalid mailslot namelength\n"));
260 TALLOC_FREE(client);
261 return;
262 }
263
264 client->trn_id = q.trn_id;
265 client->type = q.type;
266 if (q.mailslot_namelen > 0) {
267 client->mailslot_name = talloc_strndup(
268 client, (char *)buf + sizeof(q),
269 q.mailslot_namelen);
270 if (client->mailslot_name == NULL) {
271 TALLOC_FREE(client);
272 return;
273 }
274 }
275
276 client->ack.byte = 0;
277 client->ack.iov[0].iov_base = &client->ack.byte;
278 client->ack.iov[0].iov_len = 1;
279 req = tstream_writev_queue_send(client, client->server->ev,
280 client->sock,
281 client->out_queue,
282 client->ack.iov, 1);
283 if (req == NULL) {
284 DEBUG(10, ("tstream_writev_queue_send failed\n"));
285 TALLOC_FREE(client);
286 return;
287 }
288 tevent_req_set_callback(req, nb_packet_client_ack_done, client);
289
290 req = tstream_read_packet_send(client, client->server->ev,
291 client->sock, 1, NULL, NULL);
292 if (req == NULL) {
293 DEBUG(10, ("Could not activate reader for client exit "
294 "detection\n"));
295 TALLOC_FREE(client);
296 return;
297 }
298 tevent_req_set_callback(req, nb_packet_client_read_done,
299 client);
300 }
301
302 static void nb_packet_client_ack_done(struct tevent_req *req)
303 {
304 struct nb_packet_client *client = tevent_req_callback_data(
305 req, struct nb_packet_client);
306 ssize_t nwritten;
307 int err;
308
309 nwritten = tstream_writev_queue_recv(req, &err);
310
311 TALLOC_FREE(req);
312
313 if (nwritten == -1) {
314 DEBUG(10, ("tstream_writev_queue_recv failed: %s\n",
315 strerror(err)));
316 TALLOC_FREE(client);
317 return;
318 }
319 }
320
321 static void nb_packet_client_read_done(struct tevent_req *req)
322 {
323 struct nb_packet_client *client = tevent_req_callback_data(
324 req, struct nb_packet_client);
325 ssize_t nread;
326 uint8_t *buf;
327 int err;
328
329 nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
330 TALLOC_FREE(req);
331 if (nread == 1) {
332 DEBUG(10, ("Protocol error, received data on write-only "
333 "unexpected socket: 0x%2.2x\n", (*buf)));
334 }
335 TALLOC_FREE(client);
336 }
337
338 static void nb_packet_client_send(struct nb_packet_client *client,
339 struct packet_struct *p);
340
341 void nb_packet_dispatch(struct nb_packet_server *server,
342 struct packet_struct *p)
343 {
344 struct nb_packet_client *c;
345 uint16_t trn_id;
346
347 switch (p->packet_type) {
348 case NMB_PACKET:
349 trn_id = p->packet.nmb.header.name_trn_id;
350 break;
351 case DGRAM_PACKET:
352 trn_id = p->packet.dgram.header.dgm_id;
353 break;
354 default:
355 DEBUG(10, ("Got invalid packet type %d\n",
356 (int)p->packet_type));
357 return;
358 }
359 for (c = server->clients; c != NULL; c = c->next) {
360
361 if (c->type != p->packet_type) {
362 DEBUG(10, ("client expects packet %d, got %d\n",
363 c->type, p->packet_type));
364 continue;
365 }
366
367 if (p->packet_type == NMB_PACKET) {
368 /*
369 * See if the client specified transaction
370 * ID. Filter if it did.
371 */
372 if ((c->trn_id != -1) &&
373 (c->trn_id != trn_id)) {
374 DEBUG(10, ("client expects trn %d, got %d\n",
375 c->trn_id, trn_id));
376 continue;
377 }
378 } else {
379 /*
380 * See if the client specified a mailslot
381 * name. Filter if it did.
382 */
383 if ((c->mailslot_name != NULL) &&
384 !match_mailslot_name(p, c->mailslot_name)) {
385 continue;
386 }
387 }
388 nb_packet_client_send(c, p);
389 }
390 }
391
392 struct nb_packet_client_header {
393 size_t len;
394 enum packet_type type;
395 time_t timestamp;
396 struct in_addr ip;
397 int port;
398 };
399
400 struct nb_packet_client_state {
401 struct nb_packet_client *client;
402 struct iovec iov[2];
403 struct nb_packet_client_header hdr;
404 char buf[1024];
405 };
406
407 static void nb_packet_client_send_done(struct tevent_req *req);
408
409 static void nb_packet_client_send(struct nb_packet_client *client,
410 struct packet_struct *p)
411 {
412 struct nb_packet_client_state *state;
413 struct tevent_req *req;
414
415 if (tevent_queue_length(client->out_queue) > 10) {
416 /*
417 * Skip clients that don't listen anyway, some form of DoS
418 * protection
419 */
420 return;
421 }
422
423 state = talloc_zero(client, struct nb_packet_client_state);
424 if (state == NULL) {
425 DEBUG(10, ("talloc failed\n"));
426 return;
427 }
428
429 state->client = client;
430
431 state->hdr.ip = p->ip;
432 state->hdr.port = p->port;
433 state->hdr.timestamp = p->timestamp;
434 state->hdr.type = p->packet_type;
435 state->hdr.len = build_packet(state->buf, sizeof(state->buf), p);
436
437 state->iov[0].iov_base = (char *)&state->hdr;
438 state->iov[0].iov_len = sizeof(state->hdr);
439 state->iov[1].iov_base = state->buf;
440 state->iov[1].iov_len = state->hdr.len;
441
442 req = tstream_writev_queue_send(state, client->server->ev,
443 client->sock,
444 client->out_queue,
445 state->iov, 2);
446 if (req == NULL) {
447 DEBUG(10, ("tstream_writev_queue_send failed\n"));
448 return;
449 }
450 tevent_req_set_callback(req, nb_packet_client_send_done, state);
451 }
452
453 static void nb_packet_client_send_done(struct tevent_req *req)
454 {
455 struct nb_packet_client_state *state = tevent_req_callback_data(
456 req, struct nb_packet_client_state);
457 struct nb_packet_client *client = state->client;
458 ssize_t nwritten;
459 int err;
460
461 nwritten = tstream_writev_queue_recv(req, &err);
462
463 TALLOC_FREE(req);
464 TALLOC_FREE(state);
465
466 if (nwritten == -1) {
467 DEBUG(10, ("tstream_writev_queue failed: %s\n", strerror(err)));
468 TALLOC_FREE(client);
469 return;
470 }
471 }
472
473 struct nb_packet_reader {
474 struct tstream_context *sock;
475 };
476
477 struct nb_packet_reader_state {
478 struct tevent_context *ev;
479 struct nb_packet_query query;
480 const char *mailslot_name;
481 struct iovec iov[2];
482 char c;
483 struct nb_packet_reader *reader;
484 };
485
486 static void nb_packet_reader_connected(struct tevent_req *subreq);
487 static void nb_packet_reader_sent_query(struct tevent_req *subreq);
488 static void nb_packet_reader_got_ack(struct tevent_req *subreq);
489
490 struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
491 struct tevent_context *ev,
492 enum packet_type type,
493 int trn_id,
494 const char *mailslot_name)
495 {
496 struct tevent_req *req, *subreq;
497 struct nb_packet_reader_state *state;
498 struct tsocket_address *laddr;
499 char *rpath;
500 struct tsocket_address *raddr;
501 int ret;
502
503 req = tevent_req_create(mem_ctx, &state,
504 struct nb_packet_reader_state);
505 if (req == NULL) {
506 return NULL;
507 }
508 state->ev = ev;
509 state->query.trn_id = trn_id;
510 state->query.type = type;
511 state->mailslot_name = mailslot_name;
512
513 if (mailslot_name != NULL) {
514 state->query.mailslot_namelen = strlen(mailslot_name);
515 }
516
517 state->reader = talloc_zero(state, struct nb_packet_reader);
518 if (tevent_req_nomem(state->reader, req)) {
519 return tevent_req_post(req, ev);
520 }
521
522 ret = tsocket_address_unix_from_path(state, "", &laddr);
523 if (ret != 0) {
524 tevent_req_nterror(req, map_nt_error_from_unix(errno));
525 return tevent_req_post(req, ev);
526 }
527 rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir(),
528 "unexpected");
529 if (tevent_req_nomem(rpath, req)) {
530 return tevent_req_post(req, ev);
531 }
532 ret = tsocket_address_unix_from_path(state, rpath, &raddr);
533 if (ret != 0) {
534 tevent_req_nterror(req, map_nt_error_from_unix(errno));
535 return tevent_req_post(req, ev);
536 }
537
538 subreq = tstream_unix_connect_send(state, ev, laddr, raddr);
539 if (tevent_req_nomem(subreq, req)) {
540 return tevent_req_post(req, ev);
541 }
542 tevent_req_set_callback(subreq, nb_packet_reader_connected, req);
543 return req;
544 }
545
546 static void nb_packet_reader_connected(struct tevent_req *subreq)
547 {
548 struct tevent_req *req = tevent_req_callback_data(
549 subreq, struct tevent_req);
550 struct nb_packet_reader_state *state = tevent_req_data(
551 req, struct nb_packet_reader_state);
552 int res, err;
553 int num_iovecs = 1;
554
555 res = tstream_unix_connect_recv(subreq, &err, state->reader,
556 &state->reader->sock);
557 TALLOC_FREE(subreq);
558 if (res == -1) {
559 DEBUG(10, ("tstream_unix_connect failed: %s\n", strerror(err)));
560 tevent_req_nterror(req, map_nt_error_from_unix(err));
561 return;
562 }
563
564 state->iov[0].iov_base = (char *)&state->query;
565 state->iov[0].iov_len = sizeof(state->query);
566
567 if (state->mailslot_name != NULL) {
568 num_iovecs = 2;
569 state->iov[1].iov_base = discard_const_p(
570 char, state->mailslot_name);
571 state->iov[1].iov_len = state->query.mailslot_namelen;
572 }
573
574 subreq = tstream_writev_send(state, state->ev, state->reader->sock,
575 state->iov, num_iovecs);
576 if (tevent_req_nomem(subreq, req)) {
577 return;
578 }
579 tevent_req_set_callback(subreq, nb_packet_reader_sent_query, req);
580 }
581
582 static void nb_packet_reader_sent_query(struct tevent_req *subreq)
583 {
584 struct tevent_req *req = tevent_req_callback_data(
585 subreq, struct tevent_req);
586 struct nb_packet_reader_state *state = tevent_req_data(
587 req, struct nb_packet_reader_state);
588 ssize_t written;
589 int err;
590
591 written = tstream_writev_recv(subreq, &err);
592 TALLOC_FREE(subreq);
593 if (written == -1) {
594 tevent_req_nterror(req, map_nt_error_from_unix(err));
595 return;
596 }
597 if (written != sizeof(state->query) + state->query.mailslot_namelen) {
598 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
599 return;
600 }
601 subreq = tstream_read_packet_send(state, state->ev,
602 state->reader->sock,
603 sizeof(state->c), NULL, NULL);
604 if (tevent_req_nomem(subreq, req)) {
605 return;
606 }
607 tevent_req_set_callback(subreq, nb_packet_reader_got_ack, req);
608 }
609
610 static void nb_packet_reader_got_ack(struct tevent_req *subreq)
611 {
612 struct tevent_req *req = tevent_req_callback_data(
613 subreq, struct tevent_req);
614 struct nb_packet_reader_state *state = tevent_req_data(
615 req, struct nb_packet_reader_state);
616 ssize_t nread;
617 int err;
618 uint8_t *buf;
619
620 nread = tstream_read_packet_recv(subreq, state, &buf, &err);
621 TALLOC_FREE(subreq);
622 if (nread == -1) {
623 DEBUG(10, ("read_packet_recv returned %s\n",
624 strerror(err)));
625 tevent_req_nterror(req, map_nt_error_from_unix(err));
626 return;
627 }
628 if (nread != sizeof(state->c)) {
629 DEBUG(10, ("read = %d, expected %d\n", (int)nread,
630 (int)sizeof(state->c)));
631 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
632 return;
633 }
634 tevent_req_done(req);
635 }
636
637 NTSTATUS nb_packet_reader_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
638 struct nb_packet_reader **preader)
639 {
640 struct nb_packet_reader_state *state = tevent_req_data(
641 req, struct nb_packet_reader_state);
642 NTSTATUS status;
643
644 if (tevent_req_is_nterror(req, &status)) {
645 tevent_req_received(req);
646 return status;
647 }
648 *preader = talloc_move(mem_ctx, &state->reader);
649 tevent_req_received(req);
650 return NT_STATUS_OK;
651 }
652
653 struct nb_packet_read_state {
654 struct nb_packet_client_header hdr;
655 uint8_t *buf;
656 size_t buflen;
657 };
658
659 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p);
660 static void nb_packet_read_done(struct tevent_req *subreq);
661
662 struct tevent_req *nb_packet_read_send(TALLOC_CTX *mem_ctx,
663 struct tevent_context *ev,
664 struct nb_packet_reader *reader)
665 {
666 struct tevent_req *req, *subreq;
667 struct nb_packet_read_state *state;
668
669 req = tevent_req_create(mem_ctx, &state, struct nb_packet_read_state);
670 if (req == NULL) {
671 return NULL;
672 }
673 subreq = tstream_read_packet_send(state, ev, reader->sock,
674 sizeof(struct nb_packet_client_header),
675 nb_packet_read_more, state);
676 if (tevent_req_nomem(subreq, req)) {
677 return tevent_req_post(req, ev);
678 }
679 tevent_req_set_callback(subreq, nb_packet_read_done, req);
680 return req;
681 }
682
683 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p)
684 {
685 struct nb_packet_read_state *state = talloc_get_type_abort(
686 p, struct nb_packet_read_state);
687
688 if (buflen > sizeof(struct nb_packet_client_header)) {
689 /*
690 * Been here, done
691 */
692 return 0;
693 }
694 memcpy(&state->hdr, buf, sizeof(struct nb_packet_client_header));
695 return state->hdr.len;
696 }
697
698 static void nb_packet_read_done(struct tevent_req *subreq)
699 {
700 struct tevent_req *req = tevent_req_callback_data(
701 subreq, struct tevent_req);
702 struct nb_packet_read_state *state = tevent_req_data(
703 req, struct nb_packet_read_state);
704 ssize_t nread;
705 int err;
706
707 nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
708 if (nread == -1) {
709 tevent_req_nterror(req, map_nt_error_from_unix(err));
710 return;
711 }
712 state->buflen = nread;
713 tevent_req_done(req);
714 }
715
716 NTSTATUS nb_packet_read_recv(struct tevent_req *req,
717 struct packet_struct **ppacket)
718 {
719 struct nb_packet_read_state *state = tevent_req_data(
720 req, struct nb_packet_read_state);
721 struct nb_packet_client_header hdr;
722 struct packet_struct *packet;
723 NTSTATUS status;
724
725 if (tevent_req_is_nterror(req, &status)) {
726 tevent_req_received(req);
727 return status;
728 }
729
730 memcpy(&hdr, state->buf, sizeof(hdr));
731
732 packet = parse_packet(
733 (char *)state->buf + sizeof(struct nb_packet_client_header),
734 state->buflen - sizeof(struct nb_packet_client_header),
735 state->hdr.type, state->hdr.ip, state->hdr.port);
736 if (packet == NULL) {
737 tevent_req_received(req);
738 return NT_STATUS_INVALID_NETWORK_RESPONSE;
739 }
740 *ppacket = packet;
741 tevent_req_received(req);
742 return NT_STATUS_OK;
743 }
Samba GIT mirror