static bool smbd_open_one_socket(struct smbd_parent_context *parent, struct tevent_context *ev_ctx, struct messaging_context *msg_ctx, const struct sockaddr_storage *ifss, uint16_t port) { struct smbd_open_socket *s; s = talloc(parent, struct smbd_open_socket); if (!s) { return false; } s->parent = parent; s->fd = open_socket_in(SOCK_STREAM, port, parent->sockets == NULL ? 0 : 2, ifss, true); if (s->fd == -1) { DEBUG(0,("smbd_open_once_socket: open_socket_in: " "%s\n", strerror(errno))); TALLOC_FREE(s); /* * We ignore an error here, as we've done before */ return true; } /* ready to listen */ set_socket_options(s->fd, "SO_KEEPALIVE"); set_socket_options(s->fd, lp_socket_options()); /* Set server socket to * non-blocking for the accept. */ set_blocking(s->fd, False); if (listen(s->fd, SMBD_LISTEN_BACKLOG) == -1) { DEBUG(0,("open_sockets_smbd: listen: " "%s\n", strerror(errno))); close(s->fd); TALLOC_FREE(s); return false; } s->msg_ctx = msg_ctx; s->fde = tevent_add_fd(ev_ctx, s, s->fd, TEVENT_FD_READ, smbd_accept_connection, s); if (!s->fde) { DEBUG(0,("open_sockets_smbd: " "tevent_add_fd: %s\n", strerror(errno))); close(s->fd); TALLOC_FREE(s); return false; } tevent_fd_set_close_fn(s->fde, smbd_open_socket_close_fn); DLIST_ADD_END(parent->sockets, s, struct smbd_open_socket *); return true; }
krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, void *data, krb5_krbhst_info *hi, time_t timeout, const krb5_data *send_buf, krb5_data *recv_buf) { krb5_error_code ret; NTSTATUS status; struct socket_address *remote_addr; const char *name; struct addrinfo *ai, *a; struct smb_krb5_socket *smb_krb5; struct tevent_context *ev = talloc_get_type(data, struct tevent_context); DATA_BLOB send_blob = data_blob_const(send_buf->data, send_buf->length); ret = krb5_krbhst_get_addrinfo(context, hi, &ai); if (ret) { return ret; } for (a = ai; a; a = ai->ai_next) { smb_krb5 = talloc(NULL, struct smb_krb5_socket); if (!smb_krb5) { return ENOMEM; } smb_krb5->hi = hi; switch (a->ai_family) { case PF_INET: name = "ipv4"; break; #ifdef HAVE_IPV6 case PF_INET6: name = "ipv6"; break; #endif default: talloc_free(smb_krb5); return EINVAL; } status = NT_STATUS_INVALID_PARAMETER; switch (hi->proto) { case KRB5_KRBHST_UDP: status = socket_create(name, SOCKET_TYPE_DGRAM, &smb_krb5->sock, 0); break; case KRB5_KRBHST_TCP: status = socket_create(name, SOCKET_TYPE_STREAM, &smb_krb5->sock, 0); break; case KRB5_KRBHST_HTTP: talloc_free(smb_krb5); return EINVAL; } if (!NT_STATUS_IS_OK(status)) { talloc_free(smb_krb5); continue; } talloc_steal(smb_krb5, smb_krb5->sock); remote_addr = socket_address_from_sockaddr(smb_krb5, a->ai_addr, a->ai_addrlen); if (!remote_addr) { talloc_free(smb_krb5); continue; } status = socket_connect_ev(smb_krb5->sock, NULL, remote_addr, 0, ev); if (!NT_STATUS_IS_OK(status)) { talloc_free(smb_krb5); continue; } talloc_free(remote_addr); /* Setup the FDE, start listening for read events * from the start (otherwise we may miss a socket * drop) and mark as AUTOCLOSE along with the fde */ /* Ths is equivilant to EVENT_FD_READABLE(smb_krb5->fde) */ smb_krb5->fde = tevent_add_fd(ev, smb_krb5->sock, socket_get_fd(smb_krb5->sock), TEVENT_FD_READ, smb_krb5_socket_handler, smb_krb5); /* its now the job of the event layer to close the socket */ tevent_fd_set_close_fn(smb_krb5->fde, socket_tevent_fd_close_fn); socket_set_flags(smb_krb5->sock, SOCKET_FLAG_NOCLOSE); tevent_add_timer(ev, smb_krb5, timeval_current_ofs(timeout, 0), smb_krb5_request_timeout, smb_krb5); smb_krb5->status = NT_STATUS_OK; smb_krb5->reply = data_blob(NULL, 0); switch (hi->proto) { case KRB5_KRBHST_UDP: TEVENT_FD_WRITEABLE(smb_krb5->fde); smb_krb5->request = send_blob; break; case KRB5_KRBHST_TCP: smb_krb5->packet = packet_init(smb_krb5); if (smb_krb5->packet == NULL) { talloc_free(smb_krb5); return ENOMEM; } packet_set_private(smb_krb5->packet, smb_krb5); packet_set_socket(smb_krb5->packet, smb_krb5->sock); packet_set_callback(smb_krb5->packet, smb_krb5_full_packet); packet_set_full_request(smb_krb5->packet, packet_full_request_u32); packet_set_error_handler(smb_krb5->packet, smb_krb5_error_handler); packet_set_event_context(smb_krb5->packet, ev); packet_set_fde(smb_krb5->packet, smb_krb5->fde); smb_krb5->request = data_blob_talloc(smb_krb5, NULL, send_blob.length + 4); RSIVAL(smb_krb5->request.data, 0, send_blob.length); memcpy(smb_krb5->request.data+4, send_blob.data, send_blob.length); packet_send(smb_krb5->packet, smb_krb5->request); break; case KRB5_KRBHST_HTTP: talloc_free(smb_krb5); return EINVAL; } while ((NT_STATUS_IS_OK(smb_krb5->status)) && !smb_krb5->reply.length) { if (tevent_loop_once(ev) != 0) { talloc_free(smb_krb5); return EINVAL; } } if (NT_STATUS_EQUAL(smb_krb5->status, NT_STATUS_IO_TIMEOUT)) { talloc_free(smb_krb5); continue; } if (!NT_STATUS_IS_OK(smb_krb5->status)) { DEBUG(2,("Error reading smb_krb5 reply packet: %s\n", nt_errstr(smb_krb5->status))); talloc_free(smb_krb5); continue; } ret = krb5_data_copy(recv_buf, smb_krb5->reply.data, smb_krb5->reply.length); if (ret) { talloc_free(smb_krb5); return ret; } talloc_free(smb_krb5); break; } if (a) { return 0; } return KRB5_KDC_UNREACH; }
/* setup a listen stream socket if you pass *port == 0, then a port > 1024 is used FIXME: This function is TCP/IP specific - uses an int rather than a string for the port. Should leave allocating a port nr to the socket implementation - JRV20070903 */ NTSTATUS stream_setup_socket(TALLOC_CTX *mem_ctx, struct tevent_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const struct stream_server_ops *stream_ops, const char *family, const char *sock_addr, uint16_t *port, const char *socket_options, void *private_data) { NTSTATUS status; struct stream_socket *stream_socket; struct socket_address *socket_address; struct tevent_fd *fde; int i; struct sockaddr_storage ss; stream_socket = talloc_zero(mem_ctx, struct stream_socket); NT_STATUS_HAVE_NO_MEMORY(stream_socket); if (strcmp(family, "ip") == 0) { /* we will get the real family from the address itself */ if (!interpret_string_addr(&ss, sock_addr, 0)) { talloc_free(stream_socket); return NT_STATUS_INVALID_ADDRESS; } socket_address = socket_address_from_sockaddr_storage(stream_socket, &ss, port?*port:0); NT_STATUS_HAVE_NO_MEMORY_AND_FREE(socket_address, stream_socket); status = socket_create(socket_address->family, SOCKET_TYPE_STREAM, &stream_socket->sock, 0); NT_STATUS_NOT_OK_RETURN(status); } else { status = socket_create(family, SOCKET_TYPE_STREAM, &stream_socket->sock, 0); NT_STATUS_NOT_OK_RETURN(status); /* this is for non-IP sockets, eg. unix domain sockets */ socket_address = socket_address_from_strings(stream_socket, stream_socket->sock->backend_name, sock_addr, port?*port:0); NT_STATUS_HAVE_NO_MEMORY(socket_address); } talloc_steal(stream_socket, stream_socket->sock); stream_socket->lp_ctx = talloc_reference(stream_socket, lp_ctx); /* ready to listen */ status = socket_set_option(stream_socket->sock, "SO_KEEPALIVE", NULL); NT_STATUS_NOT_OK_RETURN(status); if (socket_options != NULL) { status = socket_set_option(stream_socket->sock, socket_options, NULL); NT_STATUS_NOT_OK_RETURN(status); } /* TODO: set socket ACL's (host allow etc) here when they're * implemented */ /* Some sockets don't have a port, or are just described from * the string. We are indicating this by having port == NULL */ if (!port) { status = socket_listen(stream_socket->sock, socket_address, SERVER_LISTEN_BACKLOG, 0); } else if (*port == 0) { for (i=SERVER_TCP_LOW_PORT;i<= SERVER_TCP_HIGH_PORT;i++) { socket_address->port = i; status = socket_listen(stream_socket->sock, socket_address, SERVER_LISTEN_BACKLOG, 0); if (NT_STATUS_IS_OK(status)) { *port = i; break; } } } else { status = socket_listen(stream_socket->sock, socket_address, SERVER_LISTEN_BACKLOG, 0); } if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to listen on %s:%u - %s\n", sock_addr, port ? (unsigned int)(*port) : 0, nt_errstr(status))); talloc_free(stream_socket); return status; } /* Add the FD from the newly created socket into the event * subsystem. it will call the accept handler whenever we get * new connections */ fde = tevent_add_fd(event_context, stream_socket->sock, socket_get_fd(stream_socket->sock), TEVENT_FD_READ, stream_accept_handler, stream_socket); if (!fde) { DEBUG(0,("Failed to setup fd event\n")); talloc_free(stream_socket); return NT_STATUS_NO_MEMORY; } /* we let events system to the close on the socket. This avoids * nasty interactions with waiting for talloc to close the socket. */ tevent_fd_set_close_fn(fde, socket_tevent_fd_close_fn); socket_set_flags(stream_socket->sock, SOCKET_FLAG_NOCLOSE); stream_socket->private_data = talloc_reference(stream_socket, private_data); stream_socket->ops = stream_ops; stream_socket->event_ctx = event_context; stream_socket->model_ops = model_ops; return NT_STATUS_OK; }
krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, void *data, krb5_krbhst_info *hi, time_t timeout, const krb5_data *send_buf, krb5_data *recv_buf) { krb5_error_code ret; NTSTATUS status; const char *name; struct addrinfo *ai, *a; struct smb_krb5_socket *smb_krb5; DATA_BLOB send_blob; struct tevent_context *ev; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (!data) { /* If no event context was available, then create one for this loop */ ev = samba_tevent_context_init(tmp_ctx); if (!ev) { talloc_free(tmp_ctx); return ENOMEM; } } else { ev = talloc_get_type_abort(data, struct tevent_context); } send_blob = data_blob_const(send_buf->data, send_buf->length); ret = krb5_krbhst_get_addrinfo(context, hi, &ai); if (ret) { talloc_free(tmp_ctx); return ret; } for (a = ai; a; a = a->ai_next) { struct socket_address *remote_addr; smb_krb5 = talloc(tmp_ctx, struct smb_krb5_socket); if (!smb_krb5) { talloc_free(tmp_ctx); return ENOMEM; } smb_krb5->hi = hi; switch (a->ai_family) { case PF_INET: name = "ipv4"; break; #ifdef HAVE_IPV6 case PF_INET6: name = "ipv6"; break; #endif default: talloc_free(tmp_ctx); return EINVAL; } status = NT_STATUS_INVALID_PARAMETER; switch (hi->proto) { case KRB5_KRBHST_UDP: status = socket_create(name, SOCKET_TYPE_DGRAM, &smb_krb5->sock, 0); break; case KRB5_KRBHST_TCP: status = socket_create(name, SOCKET_TYPE_STREAM, &smb_krb5->sock, 0); break; case KRB5_KRBHST_HTTP: talloc_free(tmp_ctx); return EINVAL; } if (!NT_STATUS_IS_OK(status)) { talloc_free(smb_krb5); continue; } talloc_steal(smb_krb5, smb_krb5->sock); remote_addr = socket_address_from_sockaddr(smb_krb5, a->ai_addr, a->ai_addrlen); if (!remote_addr) { talloc_free(smb_krb5); continue; } status = socket_connect_ev(smb_krb5->sock, NULL, remote_addr, 0, ev); if (!NT_STATUS_IS_OK(status)) { talloc_free(smb_krb5); continue; } /* Setup the FDE, start listening for read events * from the start (otherwise we may miss a socket * drop) and mark as AUTOCLOSE along with the fde */ /* Ths is equivilant to EVENT_FD_READABLE(smb_krb5->fde) */ smb_krb5->fde = tevent_add_fd(ev, smb_krb5->sock, socket_get_fd(smb_krb5->sock), TEVENT_FD_READ, smb_krb5_socket_handler, smb_krb5); /* its now the job of the event layer to close the socket */ tevent_fd_set_close_fn(smb_krb5->fde, socket_tevent_fd_close_fn); socket_set_flags(smb_krb5->sock, SOCKET_FLAG_NOCLOSE); tevent_add_timer(ev, smb_krb5, timeval_current_ofs(timeout, 0), smb_krb5_request_timeout, smb_krb5); smb_krb5->status = NT_STATUS_OK; smb_krb5->reply = data_blob(NULL, 0); switch (hi->proto) { case KRB5_KRBHST_UDP: TEVENT_FD_WRITEABLE(smb_krb5->fde); smb_krb5->request = send_blob; break; case KRB5_KRBHST_TCP: smb_krb5->packet = packet_init(smb_krb5); if (smb_krb5->packet == NULL) { talloc_free(smb_krb5); return ENOMEM; } packet_set_private(smb_krb5->packet, smb_krb5); packet_set_socket(smb_krb5->packet, smb_krb5->sock); packet_set_callback(smb_krb5->packet, smb_krb5_full_packet); packet_set_full_request(smb_krb5->packet, packet_full_request_u32); packet_set_error_handler(smb_krb5->packet, smb_krb5_error_handler); packet_set_event_context(smb_krb5->packet, ev); packet_set_fde(smb_krb5->packet, smb_krb5->fde); smb_krb5->request = data_blob_talloc(smb_krb5, NULL, send_blob.length + 4); RSIVAL(smb_krb5->request.data, 0, send_blob.length); memcpy(smb_krb5->request.data+4, send_blob.data, send_blob.length); packet_send(smb_krb5->packet, smb_krb5->request); break; case KRB5_KRBHST_HTTP: talloc_free(tmp_ctx); return EINVAL; } while ((NT_STATUS_IS_OK(smb_krb5->status)) && !smb_krb5->reply.length) { if (tevent_loop_once(ev) != 0) { talloc_free(tmp_ctx); return EINVAL; } /* After each and every event loop, reset the * send_to_kdc pointers to what they were when * we entered this loop. That way, if a * nested event has invalidated them, we put * it back before we return to the heimdal * code */ ret = krb5_set_send_to_kdc_func(context, smb_krb5_send_and_recv_func, data); if (ret != 0) { talloc_free(tmp_ctx); return ret; } } if (NT_STATUS_EQUAL(smb_krb5->status, NT_STATUS_IO_TIMEOUT)) { talloc_free(smb_krb5); continue; } if (!NT_STATUS_IS_OK(smb_krb5->status)) { struct tsocket_address *addr = socket_address_to_tsocket_address(smb_krb5, remote_addr); const char *addr_string = NULL; if (addr) { addr_string = tsocket_address_inet_addr_string(addr, smb_krb5); } else { addr_string = NULL; } DEBUG(2,("Error reading smb_krb5 reply packet: %s from %s\n", nt_errstr(smb_krb5->status), addr_string)); talloc_free(smb_krb5); continue; } ret = krb5_data_copy(recv_buf, smb_krb5->reply.data, smb_krb5->reply.length); if (ret) { talloc_free(tmp_ctx); return ret; } talloc_free(smb_krb5); break; } talloc_free(tmp_ctx); if (a) { return 0; } return KRB5_KDC_UNREACH; }