2 Unix SMB/CIFS implementation.
3 handle unexpected packets
4 Copyright (C) Andrew Tridgell 2000
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libsmb/unexpected.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "lib/util_tsock.h"
25 #include "libsmb/nmblib.h"
26 #include "lib/tsocket/tsocket.h"
27 #include "lib/util/sys_rw.h"
29 struct nb_packet_query {
30 enum packet_type type;
31 size_t mailslot_namelen;
35 struct nb_packet_client;
37 struct nb_packet_server {
38 struct tevent_context *ev;
40 struct tevent_fd *listen_fde;
43 struct nb_packet_client *clients;
46 struct nb_packet_client {
47 struct nb_packet_client *prev, *next;
48 struct nb_packet_server *server;
50 enum packet_type type;
59 struct tstream_context *sock;
60 struct tevent_queue *out_queue;
63 static int nb_packet_server_destructor(struct nb_packet_server *s);
64 static void nb_packet_server_listener(struct tevent_context *ev,
65 struct tevent_fd *fde,
69 NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
70 struct tevent_context *ev,
71 const char *nmbd_socket_dir,
73 struct nb_packet_server **presult)
75 struct nb_packet_server *result;
79 result = talloc_zero(mem_ctx, struct nb_packet_server);
81 status = NT_STATUS_NO_MEMORY;
85 result->max_clients = max_clients;
87 result->listen_sock = create_pipe_sock(
88 nmbd_socket_dir, "unexpected", 0755);
89 if (result->listen_sock == -1) {
90 status = map_nt_error_from_unix(errno);
93 rc = listen(result->listen_sock, 5);
95 status = map_nt_error_from_unix(errno);
98 talloc_set_destructor(result, nb_packet_server_destructor);
100 result->listen_fde = tevent_add_fd(ev, result,
103 nb_packet_server_listener,
105 if (result->listen_fde == NULL) {
106 status = NT_STATUS_NO_MEMORY;
117 static int nb_packet_server_destructor(struct nb_packet_server *s)
119 TALLOC_FREE(s->listen_fde);
121 if (s->listen_sock != -1) {
122 close(s->listen_sock);
128 static int nb_packet_client_destructor(struct nb_packet_client *c);
129 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
131 static void nb_packet_got_query(struct tevent_req *req);
132 static void nb_packet_client_ack_done(struct tevent_req *req);
133 static void nb_packet_client_read_done(struct tevent_req *req);
135 static void nb_packet_server_listener(struct tevent_context *ev,
136 struct tevent_fd *fde,
140 struct nb_packet_server *server = talloc_get_type_abort(
141 private_data, struct nb_packet_server);
142 struct nb_packet_client *client;
143 struct tevent_req *req;
144 struct sockaddr_un sunaddr;
149 len = sizeof(sunaddr);
151 sock = accept(server->listen_sock, (struct sockaddr *)(void *)&sunaddr,
156 smb_set_close_on_exec(sock);
157 DEBUG(6,("accepted socket %d\n", sock));
159 client = talloc_zero(server, struct nb_packet_client);
160 if (client == NULL) {
161 DEBUG(10, ("talloc failed\n"));
165 ret = tstream_bsd_existing_socket(client, sock, &client->sock);
167 DEBUG(10, ("tstream_bsd_existing_socket failed\n"));
172 /* as server we want to fail early */
173 tstream_bsd_fail_readv_first_error(client->sock, true);
175 client->server = server;
177 client->out_queue = tevent_queue_create(
178 client, "unexpected packet output");
179 if (client->out_queue == NULL) {
180 DEBUG(10, ("tevent_queue_create failed\n"));
185 req = tstream_read_packet_send(client, ev, client->sock,
186 sizeof(struct nb_packet_query),
187 nb_packet_client_more, NULL);
189 DEBUG(10, ("tstream_read_packet_send failed\n"));
193 tevent_req_set_callback(req, nb_packet_got_query, client);
195 DLIST_ADD(server->clients, client);
196 server->num_clients += 1;
198 talloc_set_destructor(client, nb_packet_client_destructor);
200 if (server->num_clients > server->max_clients) {
201 DEBUG(10, ("Too many clients, dropping oldest\n"));
204 * no TALLOC_FREE here, don't mess with the list structs
206 talloc_free(server->clients->prev);
210 static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
213 struct nb_packet_query q;
214 if (buflen > sizeof(struct nb_packet_query)) {
217 /* Take care of alignment */
218 memcpy(&q, buf, sizeof(q));
219 if (q.mailslot_namelen > 1024) {
220 DEBUG(10, ("Got invalid mailslot namelen %d\n",
221 (int)q.mailslot_namelen));
224 return q.mailslot_namelen;
227 static int nb_packet_client_destructor(struct nb_packet_client *c)
229 tevent_queue_stop(c->out_queue);
230 TALLOC_FREE(c->sock);
232 DLIST_REMOVE(c->server->clients, c);
233 c->server->num_clients -= 1;
237 static void nb_packet_got_query(struct tevent_req *req)
239 struct nb_packet_client *client = tevent_req_callback_data(
240 req, struct nb_packet_client);
241 struct nb_packet_query q;
246 nread = tstream_read_packet_recv(req, client, &buf, &err);
248 if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
249 DEBUG(10, ("read_packet_recv returned %d (%s)\n",
251 (nread == -1) ? strerror(err) : "wrong length"));
256 /* Take care of alignment */
257 memcpy(&q, buf, sizeof(q));
260 sizeof(struct nb_packet_query) + q.mailslot_namelen) {
261 DEBUG(10, ("nb_packet_got_query: Invalid mailslot namelength\n"));
266 client->trn_id = q.trn_id;
267 client->type = q.type;
268 if (q.mailslot_namelen > 0) {
269 client->mailslot_name = talloc_strndup(
270 client, (char *)buf + sizeof(q),
272 if (client->mailslot_name == NULL) {
280 client->ack.byte = 0;
281 client->ack.iov[0].iov_base = &client->ack.byte;
282 client->ack.iov[0].iov_len = 1;
283 req = tstream_writev_queue_send(client, client->server->ev,
288 DEBUG(10, ("tstream_writev_queue_send failed\n"));
292 tevent_req_set_callback(req, nb_packet_client_ack_done, client);
294 req = tstream_read_packet_send(client, client->server->ev,
295 client->sock, 1, NULL, NULL);
297 DEBUG(10, ("Could not activate reader for client exit "
302 tevent_req_set_callback(req, nb_packet_client_read_done,
306 static void nb_packet_client_ack_done(struct tevent_req *req)
308 struct nb_packet_client *client = tevent_req_callback_data(
309 req, struct nb_packet_client);
313 nwritten = tstream_writev_queue_recv(req, &err);
317 if (nwritten == -1) {
318 DEBUG(10, ("tstream_writev_queue_recv failed: %s\n",
325 static void nb_packet_client_read_done(struct tevent_req *req)
327 struct nb_packet_client *client = tevent_req_callback_data(
328 req, struct nb_packet_client);
333 nread = tstream_read_packet_recv(req, client, &buf, &err);
336 DEBUG(10, ("Protocol error, received data on write-only "
337 "unexpected socket: 0x%2.2x\n", (*buf)));
342 static void nb_packet_client_send(struct nb_packet_client *client,
343 struct packet_struct *p);
345 void nb_packet_dispatch(struct nb_packet_server *server,
346 struct packet_struct *p)
348 struct nb_packet_client *c;
351 switch (p->packet_type) {
353 trn_id = p->packet.nmb.header.name_trn_id;
356 trn_id = p->packet.dgram.header.dgm_id;
359 DEBUG(10, ("Got invalid packet type %d\n",
360 (int)p->packet_type));
363 for (c = server->clients; c != NULL; c = c->next) {
365 if (c->type != p->packet_type) {
366 DEBUG(10, ("client expects packet %d, got %d\n",
367 c->type, p->packet_type));
371 if (p->packet_type == NMB_PACKET) {
373 * See if the client specified transaction
374 * ID. Filter if it did.
376 if ((c->trn_id != -1) &&
377 (c->trn_id != trn_id)) {
378 DEBUG(10, ("client expects trn %d, got %d\n",
384 * See if the client specified a mailslot
385 * name. Filter if it did.
387 if ((c->mailslot_name != NULL) &&
388 !match_mailslot_name(p, c->mailslot_name)) {
392 nb_packet_client_send(c, p);
396 struct nb_packet_client_header {
398 enum packet_type type;
404 struct nb_packet_client_state {
405 struct nb_packet_client *client;
407 struct nb_packet_client_header hdr;
411 static void nb_packet_client_send_done(struct tevent_req *req);
413 static void nb_packet_client_send(struct nb_packet_client *client,
414 struct packet_struct *p)
416 struct nb_packet_client_state *state;
417 struct tevent_req *req;
419 if (tevent_queue_length(client->out_queue) > 10) {
421 * Skip clients that don't listen anyway, some form of DoS
427 state = talloc_zero(client, struct nb_packet_client_state);
429 DEBUG(10, ("talloc failed\n"));
433 state->client = client;
435 state->hdr.ip = p->ip;
436 state->hdr.port = p->port;
437 state->hdr.timestamp = p->timestamp;
438 state->hdr.type = p->packet_type;
439 state->hdr.len = build_packet(state->buf, sizeof(state->buf), p);
441 state->iov[0].iov_base = (char *)&state->hdr;
442 state->iov[0].iov_len = sizeof(state->hdr);
443 state->iov[1].iov_base = state->buf;
444 state->iov[1].iov_len = state->hdr.len;
446 req = tstream_writev_queue_send(state, client->server->ev,
451 DEBUG(10, ("tstream_writev_queue_send failed\n"));
454 tevent_req_set_callback(req, nb_packet_client_send_done, state);
457 static void nb_packet_client_send_done(struct tevent_req *req)
459 struct nb_packet_client_state *state = tevent_req_callback_data(
460 req, struct nb_packet_client_state);
461 struct nb_packet_client *client = state->client;
465 nwritten = tstream_writev_queue_recv(req, &err);
470 if (nwritten == -1) {
471 DEBUG(10, ("tstream_writev_queue failed: %s\n", strerror(err)));
477 struct nb_packet_reader {
478 struct tstream_context *sock;
481 struct nb_packet_reader_state {
482 struct tevent_context *ev;
483 struct nb_packet_query query;
484 const char *mailslot_name;
486 struct nb_packet_reader *reader;
489 static void nb_packet_reader_connected(struct tevent_req *subreq);
490 static void nb_packet_reader_sent_query(struct tevent_req *subreq);
491 static void nb_packet_reader_got_ack(struct tevent_req *subreq);
493 struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
494 struct tevent_context *ev,
495 const char *nmbd_socket_dir,
496 enum packet_type type,
498 const char *mailslot_name)
500 struct tevent_req *req, *subreq;
501 struct nb_packet_reader_state *state;
502 struct tsocket_address *laddr;
504 struct tsocket_address *raddr;
507 req = tevent_req_create(mem_ctx, &state,
508 struct nb_packet_reader_state);
513 state->query.trn_id = trn_id;
514 state->query.type = type;
515 state->mailslot_name = mailslot_name;
517 if (mailslot_name != NULL) {
518 state->query.mailslot_namelen = strlen(mailslot_name);
521 state->reader = talloc_zero(state, struct nb_packet_reader);
522 if (tevent_req_nomem(state->reader, req)) {
523 return tevent_req_post(req, ev);
526 ret = tsocket_address_unix_from_path(state, NULL, &laddr);
528 tevent_req_nterror(req, map_nt_error_from_unix(errno));
529 return tevent_req_post(req, ev);
531 rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir,
533 if (tevent_req_nomem(rpath, req)) {
534 return tevent_req_post(req, ev);
536 ret = tsocket_address_unix_from_path(state, rpath, &raddr);
538 tevent_req_nterror(req, map_nt_error_from_unix(errno));
539 return tevent_req_post(req, ev);
542 subreq = tstream_unix_connect_send(state, ev, laddr, raddr);
543 if (tevent_req_nomem(subreq, req)) {
544 return tevent_req_post(req, ev);
546 tevent_req_set_callback(subreq, nb_packet_reader_connected, req);
550 static void nb_packet_reader_connected(struct tevent_req *subreq)
552 struct tevent_req *req = tevent_req_callback_data(
553 subreq, struct tevent_req);
554 struct nb_packet_reader_state *state = tevent_req_data(
555 req, struct nb_packet_reader_state);
559 res = tstream_unix_connect_recv(subreq, &err, state->reader,
560 &state->reader->sock);
563 DEBUG(10, ("tstream_unix_connect failed: %s\n", strerror(err)));
564 tevent_req_nterror(req, map_nt_error_from_unix(err));
568 state->iov[0].iov_base = (char *)&state->query;
569 state->iov[0].iov_len = sizeof(state->query);
571 if (state->mailslot_name != NULL) {
573 state->iov[1].iov_base = discard_const_p(
574 char, state->mailslot_name);
575 state->iov[1].iov_len = state->query.mailslot_namelen;
578 subreq = tstream_writev_send(state, state->ev, state->reader->sock,
579 state->iov, num_iovecs);
580 if (tevent_req_nomem(subreq, req)) {
583 tevent_req_set_callback(subreq, nb_packet_reader_sent_query, req);
586 static void nb_packet_reader_sent_query(struct tevent_req *subreq)
588 struct tevent_req *req = tevent_req_callback_data(
589 subreq, struct tevent_req);
590 struct nb_packet_reader_state *state = tevent_req_data(
591 req, struct nb_packet_reader_state);
595 written = tstream_writev_recv(subreq, &err);
598 tevent_req_nterror(req, map_nt_error_from_unix(err));
601 if ((size_t)written !=
602 sizeof(state->query) + state->query.mailslot_namelen) {
603 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
606 subreq = tstream_read_packet_send(state, state->ev,
609 if (tevent_req_nomem(subreq, req)) {
612 tevent_req_set_callback(subreq, nb_packet_reader_got_ack, req);
615 static void nb_packet_reader_got_ack(struct tevent_req *subreq)
617 struct tevent_req *req = tevent_req_callback_data(
618 subreq, struct tevent_req);
619 struct nb_packet_reader_state *state = tevent_req_data(
620 req, struct nb_packet_reader_state);
625 nread = tstream_read_packet_recv(subreq, state, &buf, &err);
628 DEBUG(10, ("read_packet_recv returned %s\n",
630 tevent_req_nterror(req, map_nt_error_from_unix(err));
634 DBG_DEBUG("read = %zd, expected 1\n", nread);
635 tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
638 tevent_req_done(req);
641 NTSTATUS nb_packet_reader_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
642 struct nb_packet_reader **preader)
644 struct nb_packet_reader_state *state = tevent_req_data(
645 req, struct nb_packet_reader_state);
648 if (tevent_req_is_nterror(req, &status)) {
649 tevent_req_received(req);
652 *preader = talloc_move(mem_ctx, &state->reader);
653 tevent_req_received(req);
657 struct nb_packet_read_state {
658 struct nb_packet_client_header hdr;
663 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p);
664 static void nb_packet_read_done(struct tevent_req *subreq);
666 struct tevent_req *nb_packet_read_send(TALLOC_CTX *mem_ctx,
667 struct tevent_context *ev,
668 struct nb_packet_reader *reader)
670 struct tevent_req *req, *subreq;
671 struct nb_packet_read_state *state;
673 req = tevent_req_create(mem_ctx, &state, struct nb_packet_read_state);
677 subreq = tstream_read_packet_send(state, ev, reader->sock,
678 sizeof(struct nb_packet_client_header),
679 nb_packet_read_more, state);
680 if (tevent_req_nomem(subreq, req)) {
681 return tevent_req_post(req, ev);
683 tevent_req_set_callback(subreq, nb_packet_read_done, req);
687 static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p)
689 struct nb_packet_read_state *state = talloc_get_type_abort(
690 p, struct nb_packet_read_state);
692 if (buflen > sizeof(struct nb_packet_client_header)) {
698 memcpy(&state->hdr, buf, sizeof(struct nb_packet_client_header));
699 return state->hdr.len;
702 static void nb_packet_read_done(struct tevent_req *subreq)
704 struct tevent_req *req = tevent_req_callback_data(
705 subreq, struct tevent_req);
706 struct nb_packet_read_state *state = tevent_req_data(
707 req, struct nb_packet_read_state);
711 nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
713 tevent_req_nterror(req, map_nt_error_from_unix(err));
716 state->buflen = nread;
717 tevent_req_done(req);
720 NTSTATUS nb_packet_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
721 struct packet_struct **ppacket)
723 struct nb_packet_read_state *state = tevent_req_data(
724 req, struct nb_packet_read_state);
725 struct nb_packet_client_header hdr;
726 struct packet_struct *packet;
729 if (tevent_req_is_nterror(req, &status)) {
730 tevent_req_received(req);
734 memcpy(&hdr, state->buf, sizeof(hdr));
736 packet = parse_packet_talloc(
738 (char *)state->buf + sizeof(struct nb_packet_client_header),
739 state->buflen - sizeof(struct nb_packet_client_header),
740 state->hdr.type, state->hdr.ip, state->hdr.port);
741 if (packet == NULL) {
742 tevent_req_received(req);
743 return NT_STATUS_INVALID_NETWORK_RESPONSE;
747 tevent_req_received(req);