2 Unix SMB/CIFS implementation.
3 handle unexpected packets
4 Copyright (C) Andrew Tridgell 2000
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libsmb/unexpected.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "lib/util_tsock.h"
25 #include "libsmb/nmblib.h"
26 #include "lib/tsocket/tsocket.h"
27 #include "lib/util/sys_rw.h"
29 static const char *nmbd_socket_dir(void)
31 return lp_parm_const_string(-1, "nmbd", "socket dir",
32 get_dyn_NMBDSOCKETDIR());
35 struct nb_packet_query {
36 enum packet_type type;
37 size_t mailslot_namelen;
41 struct nb_packet_client;
43 struct nb_packet_server {
44 struct tevent_context *ev;
46 struct tevent_fd *listen_fde;
49 struct nb_packet_client *clients;
52 struct nb_packet_client {
53 struct nb_packet_client *prev, *next;
54 struct nb_packet_server *server;
56 enum packet_type type;
65 struct tstream_context *sock;
66 struct tevent_queue *out_queue;
69 static int nb_packet_server_destructor(struct nb_packet_server *s);
70 static void nb_packet_server_listener(struct tevent_context *ev,
71 struct tevent_fd *fde,
75 NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
76 struct tevent_context *ev,
78 struct nb_packet_server **presult)
80 struct nb_packet_server *result;
84 result = talloc_zero(mem_ctx, struct nb_packet_server);
86 status = NT_STATUS_NO_MEMORY;
90 result->max_clients = max_clients;
92 result->listen_sock = create_pipe_sock(
93 nmbd_socket_dir(), "unexpected", 0755);
94 if (result->listen_sock == -1) {
95 status = map_nt_error_from_unix(errno);
98 rc = listen(result->listen_sock, 5);
100 status = map_nt_error_from_unix(errno);
103 talloc_set_destructor(result, nb_packet_server_destructor);
105 result->listen_fde = tevent_add_fd(ev, result,
108 nb_packet_server_listener,
110 if (result->listen_fde == NULL) {
111 status = NT_STATUS_NO_MEMORY;
122 static int nb_packet_server_destructor(struct nb_packet_server *s)
124 TALLOC_FREE(s->listen_fde);
126 if (s->listen_sock != -1) {
127 close(s->listen_sock);
133 static int nb_packet_client_destructor(struct nb_packet_client *c);
134 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
136 static void nb_packet_got_query(struct tevent_req *req);
137 static void nb_packet_client_ack_done(struct tevent_req *req);
138 static void nb_packet_client_read_done(struct tevent_req *req);
140 static void nb_packet_server_listener(struct tevent_context *ev,
141 struct tevent_fd *fde,
145 struct nb_packet_server *server = talloc_get_type_abort(
146 private_data, struct nb_packet_server);
147 struct nb_packet_client *client;
148 struct tevent_req *req;
149 struct sockaddr_un sunaddr;
154 len = sizeof(sunaddr);
156 sock = accept(server->listen_sock, (struct sockaddr *)(void *)&sunaddr,
161 smb_set_close_on_exec(sock);
162 DEBUG(6,("accepted socket %d\n", sock));
164 client = talloc_zero(server, struct nb_packet_client);
165 if (client == NULL) {
166 DEBUG(10, ("talloc failed\n"));
170 ret = tstream_bsd_existing_socket(client, sock, &client->sock);
172 DEBUG(10, ("tstream_bsd_existing_socket failed\n"));
178 client->server = server;
180 client->out_queue = tevent_queue_create(
181 client, "unexpected packet output");
182 if (client->out_queue == NULL) {
183 DEBUG(10, ("tevent_queue_create failed\n"));
188 req = tstream_read_packet_send(client, ev, client->sock,
189 sizeof(struct nb_packet_query),
190 nb_packet_client_more, NULL);
192 DEBUG(10, ("tstream_read_packet_send failed\n"));
196 tevent_req_set_callback(req, nb_packet_got_query, client);
198 DLIST_ADD(server->clients, client);
199 server->num_clients += 1;
201 talloc_set_destructor(client, nb_packet_client_destructor);
203 if (server->num_clients > server->max_clients) {
204 DEBUG(10, ("Too many clients, dropping oldest\n"));
207 * no TALLOC_FREE here, don't mess with the list structs
209 talloc_free(server->clients->prev);
213 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
216 struct nb_packet_query q;
217 if (buflen > sizeof(struct nb_packet_query)) {
220 /* Take care of alignment */
221 memcpy(&q, buf, sizeof(q));
222 if (q.mailslot_namelen > 1024) {
223 DEBUG(10, ("Got invalid mailslot namelen %d\n",
224 (int)q.mailslot_namelen));
227 return q.mailslot_namelen;
230 static int nb_packet_client_destructor(struct nb_packet_client *c)
232 tevent_queue_stop(c->out_queue);
233 TALLOC_FREE(c->sock);
235 DLIST_REMOVE(c->server->clients, c);
236 c->server->num_clients -= 1;
240 static void nb_packet_got_query(struct tevent_req *req)
242 struct nb_packet_client *client = tevent_req_callback_data(
243 req, struct nb_packet_client);
244 struct nb_packet_query q;
249 nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
251 if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
252 DEBUG(10, ("read_packet_recv returned %d (%s)\n",
254 (nread == -1) ? strerror(err) : "wrong length"));
259 /* Take care of alignment */
260 memcpy(&q, buf, sizeof(q));
263 sizeof(struct nb_packet_query) + q.mailslot_namelen) {
264 DEBUG(10, ("nb_packet_got_query: Invalid mailslot namelength\n"));
269 client->trn_id = q.trn_id;
270 client->type = q.type;
271 if (q.mailslot_namelen > 0) {
272 client->mailslot_name = talloc_strndup(
273 client, (char *)buf + sizeof(q),
275 if (client->mailslot_name == NULL) {
281 client->ack.byte = 0;
282 client->ack.iov[0].iov_base = &client->ack.byte;
283 client->ack.iov[0].iov_len = 1;
284 req = tstream_writev_queue_send(client, client->server->ev,
289 DEBUG(10, ("tstream_writev_queue_send failed\n"));
293 tevent_req_set_callback(req, nb_packet_client_ack_done, client);
295 req = tstream_read_packet_send(client, client->server->ev,
296 client->sock, 1, NULL, NULL);
298 DEBUG(10, ("Could not activate reader for client exit "
303 tevent_req_set_callback(req, nb_packet_client_read_done,
307 static void nb_packet_client_ack_done(struct tevent_req *req)
309 struct nb_packet_client *client = tevent_req_callback_data(
310 req, struct nb_packet_client);
314 nwritten = tstream_writev_queue_recv(req, &err);
318 if (nwritten == -1) {
319 DEBUG(10, ("tstream_writev_queue_recv failed: %s\n",
326 static void nb_packet_client_read_done(struct tevent_req *req)
328 struct nb_packet_client *client = tevent_req_callback_data(
329 req, struct nb_packet_client);
334 nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
337 DEBUG(10, ("Protocol error, received data on write-only "
338 "unexpected socket: 0x%2.2x\n", (*buf)));
343 static void nb_packet_client_send(struct nb_packet_client *client,
344 struct packet_struct *p);
346 void nb_packet_dispatch(struct nb_packet_server *server,
347 struct packet_struct *p)
349 struct nb_packet_client *c;
352 switch (p->packet_type) {
354 trn_id = p->packet.nmb.header.name_trn_id;
357 trn_id = p->packet.dgram.header.dgm_id;
360 DEBUG(10, ("Got invalid packet type %d\n",
361 (int)p->packet_type));
364 for (c = server->clients; c != NULL; c = c->next) {
366 if (c->type != p->packet_type) {
367 DEBUG(10, ("client expects packet %d, got %d\n",
368 c->type, p->packet_type));
372 if (p->packet_type == NMB_PACKET) {
374 * See if the client specified transaction
375 * ID. Filter if it did.
377 if ((c->trn_id != -1) &&
378 (c->trn_id != trn_id)) {
379 DEBUG(10, ("client expects trn %d, got %d\n",
385 * See if the client specified a mailslot
386 * name. Filter if it did.
388 if ((c->mailslot_name != NULL) &&
389 !match_mailslot_name(p, c->mailslot_name)) {
393 nb_packet_client_send(c, p);
397 struct nb_packet_client_header {
399 enum packet_type type;
405 struct nb_packet_client_state {
406 struct nb_packet_client *client;
408 struct nb_packet_client_header hdr;
412 static void nb_packet_client_send_done(struct tevent_req *req);
414 static void nb_packet_client_send(struct nb_packet_client *client,
415 struct packet_struct *p)
417 struct nb_packet_client_state *state;
418 struct tevent_req *req;
420 if (tevent_queue_length(client->out_queue) > 10) {
422 * Skip clients that don't listen anyway, some form of DoS
428 state = talloc_zero(client, struct nb_packet_client_state);
430 DEBUG(10, ("talloc failed\n"));
434 state->client = client;
436 state->hdr.ip = p->ip;
437 state->hdr.port = p->port;
438 state->hdr.timestamp = p->timestamp;
439 state->hdr.type = p->packet_type;
440 state->hdr.len = build_packet(state->buf, sizeof(state->buf), p);
442 state->iov[0].iov_base = (char *)&state->hdr;
443 state->iov[0].iov_len = sizeof(state->hdr);
444 state->iov[1].iov_base = state->buf;
445 state->iov[1].iov_len = state->hdr.len;
447 req = tstream_writev_queue_send(state, client->server->ev,
452 DEBUG(10, ("tstream_writev_queue_send failed\n"));
455 tevent_req_set_callback(req, nb_packet_client_send_done, state);
458 static void nb_packet_client_send_done(struct tevent_req *req)
460 struct nb_packet_client_state *state = tevent_req_callback_data(
461 req, struct nb_packet_client_state);
462 struct nb_packet_client *client = state->client;
466 nwritten = tstream_writev_queue_recv(req, &err);
471 if (nwritten == -1) {
472 DEBUG(10, ("tstream_writev_queue failed: %s\n", strerror(err)));
478 struct nb_packet_reader {
479 struct tstream_context *sock;
482 struct nb_packet_reader_state {
483 struct tevent_context *ev;
484 struct nb_packet_query query;
485 const char *mailslot_name;
487 struct nb_packet_reader *reader;
490 static void nb_packet_reader_connected(struct tevent_req *subreq);
491 static void nb_packet_reader_sent_query(struct tevent_req *subreq);
492 static void nb_packet_reader_got_ack(struct tevent_req *subreq);
494 struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
495 struct tevent_context *ev,
496 enum packet_type type,
498 const char *mailslot_name)
500 struct tevent_req *req, *subreq;
501 struct nb_packet_reader_state *state;
502 struct tsocket_address *laddr;
504 struct tsocket_address *raddr;
507 req = tevent_req_create(mem_ctx, &state,
508 struct nb_packet_reader_state);
513 state->query.trn_id = trn_id;
514 state->query.type = type;
515 state->mailslot_name = mailslot_name;
517 if (mailslot_name != NULL) {
518 state->query.mailslot_namelen = strlen(mailslot_name);
521 state->reader = talloc_zero(state, struct nb_packet_reader);
522 if (tevent_req_nomem(state->reader, req)) {
523 return tevent_req_post(req, ev);
526 ret = tsocket_address_unix_from_path(state, NULL, &laddr);
528 tevent_req_nterror(req, map_nt_error_from_unix(errno));
529 return tevent_req_post(req, ev);
531 rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir(),
533 if (tevent_req_nomem(rpath, req)) {
534 return tevent_req_post(req, ev);
536 ret = tsocket_address_unix_from_path(state, rpath, &raddr);
538 tevent_req_nterror(req, map_nt_error_from_unix(errno));
539 return tevent_req_post(req, ev);
542 subreq = tstream_unix_connect_send(state, ev, laddr, raddr);
543 if (tevent_req_nomem(subreq, req)) {
544 return tevent_req_post(req, ev);
546 tevent_req_set_callback(subreq, nb_packet_reader_connected, req);
550 static void nb_packet_reader_connected(struct tevent_req *subreq)
552 struct tevent_req *req = tevent_req_callback_data(
553 subreq, struct tevent_req);
554 struct nb_packet_reader_state *state = tevent_req_data(
555 req, struct nb_packet_reader_state);
559 res = tstream_unix_connect_recv(subreq, &err, state->reader,
560 &state->reader->sock);
563 DEBUG(10, ("tstream_unix_connect failed: %s\n", strerror(err)));
564 tevent_req_nterror(req, map_nt_error_from_unix(err));
568 state->iov[0].iov_base = (char *)&state->query;
569 state->iov[0].iov_len = sizeof(state->query);
571 if (state->mailslot_name != NULL) {
573 state->iov[1].iov_base = discard_const_p(
574 char, state->mailslot_name);
575 state->iov[1].iov_len = state->query.mailslot_namelen;
578 subreq = tstream_writev_send(state, state->ev, state->reader->sock,
579 state->iov, num_iovecs);
580 if (tevent_req_nomem(subreq, req)) {
583 tevent_req_set_callback(subreq, nb_packet_reader_sent_query, req);
586 static void nb_packet_reader_sent_query(struct tevent_req *subreq)
588 struct tevent_req *req = tevent_req_callback_data(
589 subreq, struct tevent_req);
590 struct nb_packet_reader_state *state = tevent_req_data(
591 req, struct nb_packet_reader_state);
595 written = tstream_writev_recv(subreq, &err);
598 tevent_req_nterror(req, map_nt_error_from_unix(err));
601 if ((size_t)written !=
602 sizeof(state->query) + state->query.mailslot_namelen) {
603 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
606 subreq = tstream_read_packet_send(state, state->ev,
609 if (tevent_req_nomem(subreq, req)) {
612 tevent_req_set_callback(subreq, nb_packet_reader_got_ack, req);
615 static void nb_packet_reader_got_ack(struct tevent_req *subreq)
617 struct tevent_req *req = tevent_req_callback_data(
618 subreq, struct tevent_req);
619 struct nb_packet_reader_state *state = tevent_req_data(
620 req, struct nb_packet_reader_state);
625 nread = tstream_read_packet_recv(subreq, state, &buf, &err);
628 DEBUG(10, ("read_packet_recv returned %s\n",
630 tevent_req_nterror(req, map_nt_error_from_unix(err));
634 DBG_DEBUG("read = %zd, expected 1\n", nread);
635 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
638 tevent_req_done(req);
641 NTSTATUS nb_packet_reader_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
642 struct nb_packet_reader **preader)
644 struct nb_packet_reader_state *state = tevent_req_data(
645 req, struct nb_packet_reader_state);
648 if (tevent_req_is_nterror(req, &status)) {
649 tevent_req_received(req);
652 *preader = talloc_move(mem_ctx, &state->reader);
653 tevent_req_received(req);
657 struct nb_packet_read_state {
658 struct nb_packet_client_header hdr;
663 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p);
664 static void nb_packet_read_done(struct tevent_req *subreq);
666 struct tevent_req *nb_packet_read_send(TALLOC_CTX *mem_ctx,
667 struct tevent_context *ev,
668 struct nb_packet_reader *reader)
670 struct tevent_req *req, *subreq;
671 struct nb_packet_read_state *state;
673 req = tevent_req_create(mem_ctx, &state, struct nb_packet_read_state);
677 subreq = tstream_read_packet_send(state, ev, reader->sock,
678 sizeof(struct nb_packet_client_header),
679 nb_packet_read_more, state);
680 if (tevent_req_nomem(subreq, req)) {
681 return tevent_req_post(req, ev);
683 tevent_req_set_callback(subreq, nb_packet_read_done, req);
687 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p)
689 struct nb_packet_read_state *state = talloc_get_type_abort(
690 p, struct nb_packet_read_state);
692 if (buflen > sizeof(struct nb_packet_client_header)) {
698 memcpy(&state->hdr, buf, sizeof(struct nb_packet_client_header));
699 return state->hdr.len;
702 static void nb_packet_read_done(struct tevent_req *subreq)
704 struct tevent_req *req = tevent_req_callback_data(
705 subreq, struct tevent_req);
706 struct nb_packet_read_state *state = tevent_req_data(
707 req, struct nb_packet_read_state);
711 nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
713 tevent_req_nterror(req, map_nt_error_from_unix(err));
716 state->buflen = nread;
717 tevent_req_done(req);
720 NTSTATUS nb_packet_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
721 struct packet_struct **ppacket)
723 struct nb_packet_read_state *state = tevent_req_data(
724 req, struct nb_packet_read_state);
725 struct nb_packet_client_header hdr;
726 struct packet_struct *packet;
729 if (tevent_req_is_nterror(req, &status)) {
730 tevent_req_received(req);
734 memcpy(&hdr, state->buf, sizeof(hdr));
736 packet = parse_packet_talloc(
738 (char *)state->buf + sizeof(struct nb_packet_client_header),
739 state->buflen - sizeof(struct nb_packet_client_header),
740 state->hdr.type, state->hdr.ip, state->hdr.port);
741 if (packet == NULL) {
742 tevent_req_received(req);
743 return NT_STATUS_INVALID_NETWORK_RESPONSE;
747 tevent_req_received(req);