1/* 2 Unix SMB/CIFS implementation. 3 NBT netbios routines and daemon - version 2 4 Copyright (C) Andrew Tridgell 1994-1998 5 Copyright (C) Luke Kenneth Casson Leighton 1994-1998 6 Copyright (C) Jeremy Allison 1994-2003 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 2 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program; if not, write to the Free Software 20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 21 22*/ 23 24#include "includes.h" 25 26extern int ClientNMB; 27extern int ClientDGRAM; 28extern int global_nmb_port; 29 30extern int num_response_packets; 31 32extern struct in_addr loopback_ip; 33 34static void queue_packet(struct packet_struct *packet); 35 36BOOL rescan_listen_set = False; 37 38 39/******************************************************************* 40 The global packet linked-list. Incoming entries are 41 added to the end of this list. It is supposed to remain fairly 42 short so we won't bother with an end pointer. 43******************************************************************/ 44 45static struct packet_struct *packet_queue = NULL; 46 47/*************************************************************************** 48Utility function to find the specific fd to send a packet out on. 49**************************************************************************/ 50 51static int find_subnet_fd_for_address( struct in_addr local_ip ) 52{ 53 struct subnet_record *subrec; 54 55 for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) 56 if(ip_equal(local_ip, subrec->myip)) 57 return subrec->nmb_sock; 58 59 return ClientNMB; 60} 61 62/*************************************************************************** 63Utility function to find the specific fd to send a mailslot packet out on. 64**************************************************************************/ 65 66static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip ) 67{ 68 struct subnet_record *subrec; 69 70 for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) 71 if(ip_equal(local_ip, subrec->myip)) 72 return subrec->dgram_sock; 73 74 return ClientDGRAM; 75} 76 77/*************************************************************************** 78Get/Set problematic nb_flags as network byte order 16 bit int. 79**************************************************************************/ 80 81uint16 get_nb_flags(char *buf) 82{ 83 return ((((uint16)*buf)&0xFFFF) & NB_FLGMSK); 84} 85 86void set_nb_flags(char *buf, uint16 nb_flags) 87{ 88 *buf++ = ((nb_flags & NB_FLGMSK) & 0xFF); 89 *buf = '\0'; 90} 91 92/*************************************************************************** 93Dumps out the browse packet data. 94**************************************************************************/ 95 96static void debug_browse_data(char *outbuf, int len) 97{ 98 int i,j; 99 100 DEBUG( 4, ( "debug_browse_data():\n" ) ); 101 for (i = 0; i < len; i+= 16) { 102 DEBUGADD( 4, ( "%3x char ", i ) ); 103 104 for (j = 0; j < 16; j++) { 105 unsigned char x; 106 if (i+j >= len) 107 break; 108 109 x = outbuf[i+j]; 110 if (x < 32 || x > 127) 111 x = '.'; 112 113 DEBUGADD( 4, ( "%c", x ) ); 114 } 115 116 DEBUGADD( 4, ( "%*s hex", 16-j, "" ) ); 117 118 for (j = 0; j < 16; j++) { 119 if (i+j >= len) 120 break; 121 DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) ); 122 } 123 124 DEBUGADD( 4, ("\n") ); 125 } 126} 127 128/*************************************************************************** 129 Generates the unique transaction identifier 130**************************************************************************/ 131 132static uint16 name_trn_id=0; 133 134static uint16 generate_name_trn_id(void) 135{ 136 if (!name_trn_id) { 137 name_trn_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100); 138 } 139 name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF; 140 return name_trn_id; 141} 142 143/*************************************************************************** 144 Either loops back or sends out a completed NetBIOS packet. 145**************************************************************************/ 146 147static BOOL send_netbios_packet(struct packet_struct *p) 148{ 149 BOOL loopback_this_packet = False; 150 151 /* Check if we are sending to or from ourselves as a WINS server. */ 152 if(ismyip(p->ip) && (p->port == global_nmb_port)) 153 loopback_this_packet = True; 154 155 if(loopback_this_packet) { 156 struct packet_struct *lo_packet = NULL; 157 DEBUG(5,("send_netbios_packet: sending packet to ourselves.\n")); 158 if((lo_packet = copy_packet(p)) == NULL) 159 return False; 160 queue_packet(lo_packet); 161 } else if (!send_packet(p)) { 162 DEBUG(0,("send_netbios_packet: send_packet() to IP %s port %d failed\n", 163 inet_ntoa(p->ip),p->port)); 164 return False; 165 } 166 167 return True; 168} 169 170/*************************************************************************** 171 Sets up the common elements of an outgoing NetBIOS packet. 172 173 Note: do not attempt to rationalise whether rec_des should be set or not 174 in a particular situation. Just follow rfc_1002 or look at examples from WinXX. 175 It does NOT follow the rule that requests to the wins server always have 176 rec_des true. See for example name releases and refreshes 177**************************************************************************/ 178 179static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmbname, 180 BOOL bcast, BOOL rec_des, 181 struct in_addr to_ip) 182{ 183 struct packet_struct *packet = NULL; 184 struct nmb_packet *nmb = NULL; 185 186 /* Allocate the packet_struct we will return. */ 187 if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL) { 188 DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n")); 189 return NULL; 190 } 191 192 memset((char *)packet,'\0',sizeof(*packet)); 193 194 nmb = &packet->packet.nmb; 195 196 nmb->header.name_trn_id = generate_name_trn_id(); 197 nmb->header.response = False; 198 nmb->header.nm_flags.recursion_desired = rec_des; 199 nmb->header.nm_flags.recursion_available = False; 200 nmb->header.nm_flags.trunc = False; 201 nmb->header.nm_flags.authoritative = False; 202 nmb->header.nm_flags.bcast = bcast; 203 204 nmb->header.rcode = 0; 205 nmb->header.qdcount = 1; 206 nmb->header.ancount = 0; 207 nmb->header.nscount = 0; 208 209 nmb->question.question_name = *nmbname; 210 nmb->question.question_type = QUESTION_TYPE_NB_QUERY; 211 nmb->question.question_class = QUESTION_CLASS_IN; 212 213 packet->ip = to_ip; 214 packet->port = NMB_PORT; 215 packet->fd = ClientNMB; 216 packet->timestamp = time(NULL); 217 packet->packet_type = NMB_PACKET; 218 packet->locked = False; 219 220 return packet; /* Caller must free. */ 221} 222 223/*************************************************************************** 224 Sets up the common elements of register, refresh or release packet. 225**************************************************************************/ 226 227static BOOL create_and_init_additional_record(struct packet_struct *packet, 228 uint16 nb_flags, 229 struct in_addr *register_ip) 230{ 231 struct nmb_packet *nmb = &packet->packet.nmb; 232 233 if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) { 234 DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n")); 235 return False; 236 } 237 238 memset((char *)nmb->additional,'\0',sizeof(struct res_rec)); 239 240 nmb->additional->rr_name = nmb->question.question_name; 241 nmb->additional->rr_type = RR_TYPE_NB; 242 nmb->additional->rr_class = RR_CLASS_IN; 243 244 /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */ 245 if (nmb->header.nm_flags.bcast) 246 nmb->additional->ttl = PERMANENT_TTL; 247 else 248 nmb->additional->ttl = lp_max_ttl(); 249 250 nmb->additional->rdlength = 6; 251 252 set_nb_flags(nmb->additional->rdata,nb_flags); 253 254 /* Set the address for the name we are registering. */ 255 putip(&nmb->additional->rdata[2], register_ip); 256 257 /* 258 it turns out that Jeremys code was correct, we are supposed 259 to send registrations from the IP we are registering. The 260 trick is what to do on timeouts! When we send on a 261 non-routable IP then the reply will timeout, and we should 262 treat this as success, not failure. That means we go into 263 our standard refresh cycle for that name which copes nicely 264 with disconnected networks. 265 */ 266 packet->fd = find_subnet_fd_for_address(*register_ip); 267 268 return True; 269} 270 271/*************************************************************************** 272 Sends out a name query. 273**************************************************************************/ 274 275static BOOL initiate_name_query_packet( struct packet_struct *packet) 276{ 277 struct nmb_packet *nmb = NULL; 278 279 nmb = &packet->packet.nmb; 280 281 nmb->header.opcode = NMB_NAME_QUERY_OPCODE; 282 nmb->header.arcount = 0; 283 284 nmb->header.nm_flags.recursion_desired = True; 285 286 DEBUG(4,("initiate_name_query_packet: sending query for name %s (bcast=%s) to IP %s\n", 287 nmb_namestr(&nmb->question.question_name), 288 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip))); 289 290 return send_netbios_packet( packet ); 291} 292 293/*************************************************************************** 294 Sends out a name query - from a WINS server. 295**************************************************************************/ 296 297static BOOL initiate_name_query_packet_from_wins_server( struct packet_struct *packet) 298{ 299 struct nmb_packet *nmb = NULL; 300 301 nmb = &packet->packet.nmb; 302 303 nmb->header.opcode = NMB_NAME_QUERY_OPCODE; 304 nmb->header.arcount = 0; 305 306 nmb->header.nm_flags.recursion_desired = False; 307 308 DEBUG(4,("initiate_name_query_packet_from_wins_server: sending query for name %s (bcast=%s) to IP %s\n", 309 nmb_namestr(&nmb->question.question_name), 310 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip))); 311 312 return send_netbios_packet( packet ); 313} 314 315/*************************************************************************** 316 Sends out a name register. 317**************************************************************************/ 318 319static BOOL initiate_name_register_packet( struct packet_struct *packet, 320 uint16 nb_flags, struct in_addr *register_ip) 321{ 322 struct nmb_packet *nmb = &packet->packet.nmb; 323 324 nmb->header.opcode = NMB_NAME_REG_OPCODE; 325 nmb->header.arcount = 1; 326 327 nmb->header.nm_flags.recursion_desired = True; 328 329 if(create_and_init_additional_record(packet, nb_flags, register_ip) == False) 330 return False; 331 332 DEBUG(4,("initiate_name_register_packet: sending registration for name %s (bcast=%s) to IP %s\n", 333 nmb_namestr(&nmb->additional->rr_name), 334 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip))); 335 336 return send_netbios_packet( packet ); 337} 338 339/*************************************************************************** 340 Sends out a multihomed name register. 341**************************************************************************/ 342 343static BOOL initiate_multihomed_name_register_packet(struct packet_struct *packet, 344 uint16 nb_flags, struct in_addr *register_ip) 345{ 346 struct nmb_packet *nmb = &packet->packet.nmb; 347 fstring second_ip_buf; 348 349 fstrcpy(second_ip_buf, inet_ntoa(packet->ip)); 350 351 nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE; 352 nmb->header.arcount = 1; 353 354 nmb->header.nm_flags.recursion_desired = True; 355 356 if(create_and_init_additional_record(packet, nb_flags, register_ip) == False) 357 return False; 358 359 DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \ 360for name %s IP %s (bcast=%s) to IP %s\n", 361 nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip), 362 BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf )); 363 364 return send_netbios_packet( packet ); 365} 366 367/*************************************************************************** 368 Sends out a name refresh. 369**************************************************************************/ 370 371static BOOL initiate_name_refresh_packet( struct packet_struct *packet, 372 uint16 nb_flags, struct in_addr *refresh_ip) 373{ 374 struct nmb_packet *nmb = &packet->packet.nmb; 375 376 nmb->header.opcode = NMB_NAME_REFRESH_OPCODE_8; 377 nmb->header.arcount = 1; 378 379 nmb->header.nm_flags.recursion_desired = False; 380 381 if(create_and_init_additional_record(packet, nb_flags, refresh_ip) == False) 382 return False; 383 384 DEBUG(4,("initiate_name_refresh_packet: sending refresh for name %s (bcast=%s) to IP %s\n", 385 nmb_namestr(&nmb->additional->rr_name), 386 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip))); 387 388 return send_netbios_packet( packet ); 389} 390 391/*************************************************************************** 392 Sends out a name release. 393**************************************************************************/ 394 395static BOOL initiate_name_release_packet( struct packet_struct *packet, 396 uint16 nb_flags, struct in_addr *release_ip) 397{ 398 struct nmb_packet *nmb = &packet->packet.nmb; 399 400 nmb->header.opcode = NMB_NAME_RELEASE_OPCODE; 401 nmb->header.arcount = 1; 402 403 nmb->header.nm_flags.recursion_desired = False; 404 405 if(create_and_init_additional_record(packet, nb_flags, release_ip) == False) 406 return False; 407 408 DEBUG(4,("initiate_name_release_packet: sending release for name %s (bcast=%s) to IP %s\n", 409 nmb_namestr(&nmb->additional->rr_name), 410 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip))); 411 412 return send_netbios_packet( packet ); 413} 414 415/*************************************************************************** 416 Sends out a node status. 417**************************************************************************/ 418 419static BOOL initiate_node_status_packet( struct packet_struct *packet ) 420{ 421 struct nmb_packet *nmb = &packet->packet.nmb; 422 423 nmb->header.opcode = NMB_NAME_QUERY_OPCODE; 424 nmb->header.arcount = 0; 425 426 nmb->header.nm_flags.recursion_desired = False; 427 428 nmb->question.question_type = QUESTION_TYPE_NB_STATUS; 429 430 DEBUG(4,("initiate_node_status_packet: sending node status request for name %s to IP %s\n", 431 nmb_namestr(&nmb->question.question_name), 432 inet_ntoa(packet->ip))); 433 434 return send_netbios_packet( packet ); 435} 436 437/**************************************************************************** 438 Simplification functions for queuing standard packets. 439 These should be the only publicly callable functions for sending 440 out packets. 441****************************************************************************/ 442 443/**************************************************************************** 444 Assertion - we should never be sending nmbd packets on the remote 445 broadcast subnet. 446****************************************************************************/ 447 448static BOOL assert_check_subnet(struct subnet_record *subrec) 449{ 450 if( subrec == remote_broadcast_subnet) { 451 DEBUG(0,("assert_check_subnet: Attempt to send packet on remote broadcast subnet. \ 452This is a bug.\n")); 453 return True; 454 } 455 return False; 456} 457 458/**************************************************************************** 459 Queue a register name packet to the broadcast address of a subnet. 460****************************************************************************/ 461 462struct response_record *queue_register_name( struct subnet_record *subrec, 463 response_function resp_fn, 464 timeout_response_function timeout_fn, 465 register_name_success_function success_fn, 466 register_name_fail_function fail_fn, 467 struct userdata_struct *userdata, 468 struct nmb_name *nmbname, 469 uint16 nb_flags) 470{ 471 struct packet_struct *p; 472 struct response_record *rrec; 473 474 if(assert_check_subnet(subrec)) 475 return NULL; 476 477 /* note that all name registration requests have RD set (rfc1002 - section 4.2.2 */ 478 if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), True, 479 subrec->bcast_ip)) == NULL) 480 return NULL; 481 482 if(initiate_name_register_packet( p, nb_flags, iface_ip(subrec->bcast_ip)) == False) { 483 p->locked = False; 484 free_packet(p); 485 return NULL; 486 } 487 488 if((rrec = make_response_record(subrec, /* subnet record. */ 489 p, /* packet we sent. */ 490 resp_fn, /* function to call on response. */ 491 timeout_fn, /* function to call on timeout. */ 492 (success_function)success_fn, /* function to call on operation success. */ 493 (fail_function)fail_fn, /* function to call on operation fail. */ 494 userdata)) == NULL) { 495 p->locked = False; 496 free_packet(p); 497 return NULL; 498 } 499 500 return rrec; 501} 502 503/**************************************************************************** 504 Queue a refresh name packet to the broadcast address of a subnet. 505****************************************************************************/ 506 507void queue_wins_refresh(struct nmb_name *nmbname, 508 response_function resp_fn, 509 timeout_response_function timeout_fn, 510 uint16 nb_flags, 511 struct in_addr refresh_ip, 512 const char *tag) 513{ 514 struct packet_struct *p; 515 struct response_record *rrec; 516 struct in_addr wins_ip; 517 struct userdata_struct *userdata; 518 fstring ip_str; 519 520 wins_ip = wins_srv_ip_tag(tag, refresh_ip); 521 522 if ((p = create_and_init_netbios_packet(nmbname, False, False, wins_ip)) == NULL) { 523 return; 524 } 525 526 if (!initiate_name_refresh_packet(p, nb_flags, &refresh_ip)) { 527 p->locked = False; 528 free_packet(p); 529 return; 530 } 531 532 fstrcpy(ip_str, inet_ntoa(refresh_ip)); 533 534 DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n", 535 nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag)); 536 537 userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1); 538 if (!userdata) { 539 DEBUG(0,("Failed to allocate userdata structure!\n")); 540 return; 541 } 542 ZERO_STRUCTP(userdata); 543 userdata->userdata_len = strlen(tag) + 1; 544 strlcpy(userdata->data, tag, userdata->userdata_len); 545 546 if ((rrec = make_response_record(unicast_subnet, 547 p, 548 resp_fn, timeout_fn, 549 NULL, 550 NULL, 551 userdata)) == NULL) { 552 p->locked = False; 553 free_packet(p); 554 return; 555 } 556 557 free(userdata); 558 559 /* we don't want to repeat refresh packets */ 560 rrec->repeat_count = 0; 561} 562 563 564/**************************************************************************** 565 Queue a multihomed register name packet to a given WINS server IP 566****************************************************************************/ 567 568struct response_record *queue_register_multihomed_name( struct subnet_record *subrec, 569 response_function resp_fn, 570 timeout_response_function timeout_fn, 571 register_name_success_function success_fn, 572 register_name_fail_function fail_fn, 573 struct userdata_struct *userdata, 574 struct nmb_name *nmbname, 575 uint16 nb_flags, 576 struct in_addr register_ip, 577 struct in_addr wins_ip) 578{ 579 struct packet_struct *p; 580 struct response_record *rrec; 581 BOOL ret; 582 583 /* Sanity check. */ 584 if(subrec != unicast_subnet) { 585 DEBUG(0,("queue_register_multihomed_name: should only be done on \ 586unicast subnet. subnet is %s\n.", subrec->subnet_name )); 587 return NULL; 588 } 589 590 if(assert_check_subnet(subrec)) 591 return NULL; 592 593 if ((p = create_and_init_netbios_packet(nmbname, False, True, wins_ip)) == NULL) 594 return NULL; 595 596 if (nb_flags & NB_GROUP) 597 ret = initiate_name_register_packet( p, nb_flags, ®ister_ip); 598 else 599 ret = initiate_multihomed_name_register_packet(p, nb_flags, ®ister_ip); 600 601 if (ret == False) { 602 p->locked = False; 603 free_packet(p); 604 return NULL; 605 } 606 607 if ((rrec = make_response_record(subrec, /* subnet record. */ 608 p, /* packet we sent. */ 609 resp_fn, /* function to call on response. */ 610 timeout_fn, /* function to call on timeout. */ 611 (success_function)success_fn, /* function to call on operation success. */ 612 (fail_function)fail_fn, /* function to call on operation fail. */ 613 userdata)) == NULL) { 614 p->locked = False; 615 free_packet(p); 616 return NULL; 617 } 618 619 return rrec; 620} 621 622/**************************************************************************** 623 Queue a release name packet to the broadcast address of a subnet. 624****************************************************************************/ 625 626struct response_record *queue_release_name( struct subnet_record *subrec, 627 response_function resp_fn, 628 timeout_response_function timeout_fn, 629 release_name_success_function success_fn, 630 release_name_fail_function fail_fn, 631 struct userdata_struct *userdata, 632 struct nmb_name *nmbname, 633 uint16 nb_flags, 634 struct in_addr release_ip, 635 struct in_addr dest_ip) 636{ 637 struct packet_struct *p; 638 struct response_record *rrec; 639 640 if(assert_check_subnet(subrec)) 641 return NULL; 642 643 if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False, dest_ip)) == NULL) 644 return NULL; 645 646 if(initiate_name_release_packet( p, nb_flags, &release_ip) == False) { 647 p->locked = False; 648 free_packet(p); 649 return NULL; 650 } 651 652 if((rrec = make_response_record(subrec, /* subnet record. */ 653 p, /* packet we sent. */ 654 resp_fn, /* function to call on response. */ 655 timeout_fn, /* function to call on timeout. */ 656 (success_function)success_fn, /* function to call on operation success. */ 657 (fail_function)fail_fn, /* function to call on operation fail. */ 658 userdata)) == NULL) { 659 p->locked = False; 660 free_packet(p); 661 return NULL; 662 } 663 664 /* 665 * For a broadcast release packet, only send once. 666 * This will cause us to remove the name asap. JRA. 667 */ 668 669 if (subrec != unicast_subnet) { 670 rrec->repeat_count = 0; 671 rrec->repeat_time = 0; 672 } 673 674 return rrec; 675} 676 677/**************************************************************************** 678 Queue a query name packet to the broadcast address of a subnet. 679****************************************************************************/ 680 681struct response_record *queue_query_name( struct subnet_record *subrec, 682 response_function resp_fn, 683 timeout_response_function timeout_fn, 684 query_name_success_function success_fn, 685 query_name_fail_function fail_fn, 686 struct userdata_struct *userdata, 687 struct nmb_name *nmbname) 688{ 689 struct packet_struct *p; 690 struct response_record *rrec; 691 struct in_addr to_ip; 692 693 if(assert_check_subnet(subrec)) 694 return NULL; 695 696 to_ip = subrec->bcast_ip; 697 698 /* queries to the WINS server turn up here as queries to IP 0.0.0.0 699 These need to be handled a bit differently */ 700 if (subrec->type == UNICAST_SUBNET && is_zero_ip(to_ip)) { 701 /* What we really need to do is loop over each of our wins 702 * servers and wins server tags here, but that just doesn't 703 * fit our architecture at the moment (userdata may already 704 * be used when we get here). For now we just query the first 705 * active wins server on the first tag. 706 */ 707 char **tags = wins_srv_tags(); 708 if (!tags) { 709 return NULL; 710 } 711 to_ip = wins_srv_ip_tag(tags[0], to_ip); 712 wins_srv_tags_free(tags); 713 } 714 715 if(( p = create_and_init_netbios_packet(nmbname, 716 (subrec != unicast_subnet), 717 (subrec == unicast_subnet), 718 to_ip)) == NULL) 719 return NULL; 720 721 if(lp_bind_interfaces_only()) { 722 int i; 723 724 DEBUG(10,("queue_query_name: bind_interfaces_only is set, looking for suitable source IP\n")); 725 for(i = 0; i < iface_count(); i++) { 726 struct in_addr *ifip = iface_n_ip(i); 727 728 if(ifip == NULL) { 729 DEBUG(0,("queue_query_name: interface %d has NULL IP address !\n", i)); 730 continue; 731 } 732 733 if (ip_equal(*ifip,loopback_ip)) { 734 DEBUG(5,("queue_query_name: ignoring loopback interface (%d)\n", i)); 735 continue; 736 } 737 738 DEBUG(10,("queue_query_name: using source IP %s\n",inet_ntoa(*ifip))); 739 p->fd = find_subnet_fd_for_address( *ifip ); 740 break; 741 } 742 } 743 744 if(initiate_name_query_packet( p ) == False) { 745 p->locked = False; 746 free_packet(p); 747 return NULL; 748 } 749 750 if((rrec = make_response_record(subrec, /* subnet record. */ 751 p, /* packet we sent. */ 752 resp_fn, /* function to call on response. */ 753 timeout_fn, /* function to call on timeout. */ 754 (success_function)success_fn, /* function to call on operation success. */ 755 (fail_function)fail_fn, /* function to call on operation fail. */ 756 userdata)) == NULL) { 757 p->locked = False; 758 free_packet(p); 759 return NULL; 760 } 761 762 return rrec; 763} 764 765/**************************************************************************** 766 Queue a query name packet to a given address from the WINS subnet. 767****************************************************************************/ 768 769struct response_record *queue_query_name_from_wins_server( struct in_addr to_ip, 770 response_function resp_fn, 771 timeout_response_function timeout_fn, 772 query_name_success_function success_fn, 773 query_name_fail_function fail_fn, 774 struct userdata_struct *userdata, 775 struct nmb_name *nmbname) 776{ 777 struct packet_struct *p; 778 struct response_record *rrec; 779 780 if ((p = create_and_init_netbios_packet(nmbname, False, False, to_ip)) == NULL) 781 return NULL; 782 783 if(initiate_name_query_packet_from_wins_server( p ) == False) { 784 p->locked = False; 785 free_packet(p); 786 return NULL; 787 } 788 789 if((rrec = make_response_record(wins_server_subnet, /* subnet record. */ 790 p, /* packet we sent. */ 791 resp_fn, /* function to call on response. */ 792 timeout_fn, /* function to call on timeout. */ 793 (success_function)success_fn, /* function to call on operation success. */ 794 (fail_function)fail_fn, /* function to call on operation fail. */ 795 userdata)) == NULL) { 796 p->locked = False; 797 free_packet(p); 798 return NULL; 799 } 800 801 return rrec; 802} 803 804/**************************************************************************** 805 Queue a node status packet to a given name and address. 806****************************************************************************/ 807 808struct response_record *queue_node_status( struct subnet_record *subrec, 809 response_function resp_fn, 810 timeout_response_function timeout_fn, 811 node_status_success_function success_fn, 812 node_status_fail_function fail_fn, 813 struct userdata_struct *userdata, 814 struct nmb_name *nmbname, 815 struct in_addr send_ip) 816{ 817 struct packet_struct *p; 818 struct response_record *rrec; 819 820 /* Sanity check. */ 821 if(subrec != unicast_subnet) { 822 DEBUG(0,("queue_register_multihomed_name: should only be done on \ 823unicast subnet. subnet is %s\n.", subrec->subnet_name )); 824 return NULL; 825 } 826 827 if(assert_check_subnet(subrec)) 828 return NULL; 829 830 if(( p = create_and_init_netbios_packet(nmbname, False, False, send_ip)) == NULL) 831 return NULL; 832 833 if(initiate_node_status_packet(p) == False) { 834 p->locked = False; 835 free_packet(p); 836 return NULL; 837 } 838 839 if((rrec = make_response_record(subrec, /* subnet record. */ 840 p, /* packet we sent. */ 841 resp_fn, /* function to call on response. */ 842 timeout_fn, /* function to call on timeout. */ 843 (success_function)success_fn, /* function to call on operation success. */ 844 (fail_function)fail_fn, /* function to call on operation fail. */ 845 userdata)) == NULL) { 846 p->locked = False; 847 free_packet(p); 848 return NULL; 849 } 850 851 return rrec; 852} 853 854/**************************************************************************** 855 Reply to a netbios name packet. see rfc1002.txt 856****************************************************************************/ 857 858void reply_netbios_packet(struct packet_struct *orig_packet, 859 int rcode, enum netbios_reply_type_code rcv_code, int opcode, 860 int ttl, char *data,int len) 861{ 862 struct packet_struct packet; 863 struct nmb_packet *nmb = NULL; 864 struct res_rec answers; 865 struct nmb_packet *orig_nmb = &orig_packet->packet.nmb; 866 BOOL loopback_this_packet = False; 867 int rr_type = RR_TYPE_NB; 868 const char *packet_type = "unknown"; 869 870 /* Check if we are sending to or from ourselves. */ 871 if(ismyip(orig_packet->ip) && (orig_packet->port == global_nmb_port)) 872 loopback_this_packet = True; 873 874 nmb = &packet.packet.nmb; 875 876 /* Do a partial copy of the packet. We clear the locked flag and 877 the resource record pointers. */ 878 packet = *orig_packet; /* Full structure copy. */ 879 packet.locked = False; 880 nmb->answers = NULL; 881 nmb->nsrecs = NULL; 882 nmb->additional = NULL; 883 884 switch (rcv_code) { 885 case NMB_STATUS: 886 packet_type = "nmb_status"; 887 nmb->header.nm_flags.recursion_desired = False; 888 nmb->header.nm_flags.recursion_available = False; 889 rr_type = RR_TYPE_NBSTAT; 890 break; 891 case NMB_QUERY: 892 packet_type = "nmb_query"; 893 nmb->header.nm_flags.recursion_desired = True; 894 nmb->header.nm_flags.recursion_available = True; 895 if (rcode) { 896 rr_type = RR_TYPE_NULL; 897 } 898 break; 899 case NMB_REG: 900 case NMB_REG_REFRESH: 901 packet_type = "nmb_reg"; 902 nmb->header.nm_flags.recursion_desired = True; 903 nmb->header.nm_flags.recursion_available = True; 904 break; 905 case NMB_REL: 906 packet_type = "nmb_rel"; 907 nmb->header.nm_flags.recursion_desired = False; 908 nmb->header.nm_flags.recursion_available = False; 909 break; 910 case NMB_WAIT_ACK: 911 packet_type = "nmb_wack"; 912 nmb->header.nm_flags.recursion_desired = False; 913 nmb->header.nm_flags.recursion_available = False; 914 rr_type = RR_TYPE_NULL; 915 break; 916 case WINS_REG: 917 packet_type = "wins_reg"; 918 nmb->header.nm_flags.recursion_desired = True; 919 nmb->header.nm_flags.recursion_available = True; 920 break; 921 case WINS_QUERY: 922 packet_type = "wins_query"; 923 nmb->header.nm_flags.recursion_desired = True; 924 nmb->header.nm_flags.recursion_available = True; 925 if (rcode) { 926 rr_type = RR_TYPE_NULL; 927 } 928 break; 929 default: 930 DEBUG(0,("reply_netbios_packet: Unknown packet type: %s %s to ip %s\n", 931 packet_type, nmb_namestr(&orig_nmb->question.question_name), 932 inet_ntoa(packet.ip))); 933 return; 934 } 935 936 DEBUG(4,("reply_netbios_packet: sending a reply of packet type: %s %s to ip %s \ 937for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name), 938 inet_ntoa(packet.ip), orig_nmb->header.name_trn_id)); 939 940 nmb->header.name_trn_id = orig_nmb->header.name_trn_id; 941 nmb->header.opcode = opcode; 942 nmb->header.response = True; 943 nmb->header.nm_flags.bcast = False; 944 nmb->header.nm_flags.trunc = False; 945 nmb->header.nm_flags.authoritative = True; 946 947 nmb->header.rcode = rcode; 948 nmb->header.qdcount = 0; 949 nmb->header.ancount = 1; 950 nmb->header.nscount = 0; 951 nmb->header.arcount = 0; 952 953 memset((char*)&nmb->question,'\0',sizeof(nmb->question)); 954 955 nmb->answers = &answers; 956 memset((char*)nmb->answers,'\0',sizeof(*nmb->answers)); 957 958 nmb->answers->rr_name = orig_nmb->question.question_name; 959 nmb->answers->rr_type = rr_type; 960 nmb->answers->rr_class = RR_CLASS_IN; 961 nmb->answers->ttl = ttl; 962 963 if (data && len) { 964 nmb->answers->rdlength = len; 965 memcpy(nmb->answers->rdata, data, len); 966 } 967 968 packet.packet_type = NMB_PACKET; 969 /* Ensure we send out on the same fd that the original 970 packet came in on to give the correct source IP address. */ 971 packet.fd = orig_packet->fd; 972 packet.timestamp = time(NULL); 973 974 debug_nmb_packet(&packet); 975 976 if(loopback_this_packet) { 977 struct packet_struct *lo_packet; 978 DEBUG(5,("reply_netbios_packet: sending packet to ourselves.\n")); 979 if((lo_packet = copy_packet(&packet)) == NULL) 980 return; 981 queue_packet(lo_packet); 982 } else if (!send_packet(&packet)) { 983 DEBUG(0,("reply_netbios_packet: send_packet to IP %s port %d failed\n", 984 inet_ntoa(packet.ip),packet.port)); 985 } 986} 987 988/******************************************************************* 989 Queue a packet into a packet queue 990******************************************************************/ 991 992static void queue_packet(struct packet_struct *packet) 993{ 994 struct packet_struct *p; 995 996 if (!packet_queue) { 997 packet->prev = NULL; 998 packet->next = NULL; 999 packet_queue = packet; 1000 return; 1001 } 1002 1003 /* find the bottom */ 1004 for (p=packet_queue;p->next;p=p->next) 1005 ; 1006 1007 p->next = packet; 1008 packet->next = NULL; 1009 packet->prev = p; 1010} 1011 1012/**************************************************************************** 1013 Try and find a matching subnet record for a datagram port 138 packet. 1014****************************************************************************/ 1015 1016static struct subnet_record *find_subnet_for_dgram_browse_packet(struct packet_struct *p) 1017{ 1018 struct subnet_record *subrec; 1019 1020 /* Go through all the broadcast subnets and see if the mask matches. */ 1021 for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { 1022 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip)) 1023 return subrec; 1024 } 1025 1026 /* If the subnet record is the remote announce broadcast subnet, 1027 hack it here to be the first subnet. This is really gross and 1028 is needed due to people turning on port 137/138 broadcast 1029 forwarding on their routers. May fire and brimstone rain 1030 down upon them... 1031 */ 1032 1033 return FIRST_SUBNET; 1034} 1035 1036/**************************************************************************** 1037Dispatch a browse frame from port 138 to the correct processing function. 1038****************************************************************************/ 1039 1040static void process_browse_packet(struct packet_struct *p, char *buf,int len) 1041{ 1042 struct dgram_packet *dgram = &p->packet.dgram; 1043 int command = CVAL(buf,0); 1044 struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p); 1045 char scope[64]; 1046 unstring src_name; 1047 1048 /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */ 1049 pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE); 1050 if (!strequal(scope, global_scope())) { 1051 DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Scope (%s) \ 1052mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope())); 1053 return; 1054 } 1055 1056 pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name); 1057 if (is_myname(src_name)) { 1058 DEBUG(0,("process_browse_packet: Discarding datagram from IP %s. Source name \ 1059%s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name))); 1060 return; 1061 } 1062 1063 switch (command) { 1064 case ANN_HostAnnouncement: 1065 debug_browse_data(buf, len); 1066 process_host_announce(subrec, p, buf+1); 1067 break; 1068 case ANN_DomainAnnouncement: 1069 debug_browse_data(buf, len); 1070 process_workgroup_announce(subrec, p, buf+1); 1071 break; 1072 case ANN_LocalMasterAnnouncement: 1073 debug_browse_data(buf, len); 1074 process_local_master_announce(subrec, p, buf+1); 1075 break; 1076 case ANN_AnnouncementRequest: 1077 debug_browse_data(buf, len); 1078 process_announce_request(subrec, p, buf+1); 1079 break; 1080 case ANN_Election: 1081 debug_browse_data(buf, len); 1082 process_election(subrec, p, buf+1); 1083 break; 1084 case ANN_GetBackupListReq: 1085 debug_browse_data(buf, len); 1086 process_get_backup_list_request(subrec, p, buf+1); 1087 break; 1088 case ANN_GetBackupListResp: 1089 debug_browse_data(buf, len); 1090 /* We never send ANN_GetBackupListReq so we should never get these. */ 1091 DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \ 1092packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip))); 1093 break; 1094 case ANN_ResetBrowserState: 1095 debug_browse_data(buf, len); 1096 process_reset_browser(subrec, p, buf+1); 1097 break; 1098 case ANN_MasterAnnouncement: 1099 /* Master browser datagrams must be processed on the unicast subnet. */ 1100 subrec = unicast_subnet; 1101 1102 debug_browse_data(buf, len); 1103 process_master_browser_announce(subrec, p, buf+1); 1104 break; 1105 case ANN_BecomeBackup: 1106 /* 1107 * We don't currently implement this. Log it just in case. 1108 */ 1109 debug_browse_data(buf, len); 1110 DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \ 1111command ANN_BecomeBackup from %s IP %s to %s\n", subrec->subnet_name, nmb_namestr(&dgram->source_name), 1112 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name))); 1113 break; 1114 default: 1115 debug_browse_data(buf, len); 1116 DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \ 1117command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name), 1118 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name))); 1119 break; 1120 } 1121} 1122 1123/**************************************************************************** 1124 Dispatch a LanMan browse frame from port 138 to the correct processing function. 1125****************************************************************************/ 1126 1127static void process_lanman_packet(struct packet_struct *p, char *buf,int len) 1128{ 1129 struct dgram_packet *dgram = &p->packet.dgram; 1130 int command = SVAL(buf,0); 1131 struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p); 1132 char scope[64]; 1133 unstring src_name; 1134 1135 /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */ 1136 1137 pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE); 1138 if (!strequal(scope, global_scope())) { 1139 DEBUG(7,("process_lanman_packet: Discarding datagram from IP %s. Scope (%s) \ 1140mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope())); 1141 return; 1142 } 1143 1144 pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name); 1145 if (is_myname(src_name)) { 1146 DEBUG(0,("process_lanman_packet: Discarding datagram from IP %s. Source name \ 1147%s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name))); 1148 return; 1149 } 1150 1151 switch (command) { 1152 case ANN_HostAnnouncement: 1153 debug_browse_data(buf, len); 1154 process_lm_host_announce(subrec, p, buf+1); 1155 break; 1156 case ANN_AnnouncementRequest: 1157 process_lm_announce_request(subrec, p, buf+1); 1158 break; 1159 default: 1160 DEBUG(0,("process_lanman_packet: On subnet %s ignoring browse packet \ 1161command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name), 1162 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name))); 1163 break; 1164 } 1165} 1166 1167/**************************************************************************** 1168 Determine if a packet is for us on port 138. Note that to have any chance of 1169 being efficient we need to drop as many packets as possible at this 1170 stage as subsequent processing is expensive. 1171****************************************************************************/ 1172 1173static BOOL listening(struct packet_struct *p,struct nmb_name *nbname) 1174{ 1175 struct subnet_record *subrec = NULL; 1176 1177 for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { 1178 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip)) 1179 break; 1180 } 1181 1182 if(subrec == NULL) 1183 subrec = unicast_subnet; 1184 1185 return (find_name_on_subnet(subrec, nbname, FIND_SELF_NAME) != NULL); 1186} 1187 1188/**************************************************************************** 1189 Process udp 138 datagrams 1190****************************************************************************/ 1191 1192static void process_dgram(struct packet_struct *p) 1193{ 1194 char *buf; 1195 char *buf2; 1196 int len; 1197 struct dgram_packet *dgram = &p->packet.dgram; 1198 1199 /* If we aren't listening to the destination name then ignore the packet */ 1200 if (!listening(p,&dgram->dest_name)) { 1201 unexpected_packet(p); 1202 DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from %s\n", 1203 nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip))); 1204 return; 1205 } 1206 1207 if (dgram->header.msg_type != 0x10 && dgram->header.msg_type != 0x11 && dgram->header.msg_type != 0x12) { 1208 unexpected_packet(p); 1209 /* Don't process error packets etc yet */ 1210 DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from IP %s as it is \ 1211an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), dgram->header.msg_type)); 1212 return; 1213 } 1214 1215 /* Ensure we have a large enough packet before looking inside. */ 1216 if (dgram->datasize < (smb_vwv12 - 2)) { 1217 /* That's the offset minus the 4 byte length + 2 bytes of offset. */ 1218 DEBUG(0,("process_dgram: ignoring too short dgram packet (%u) sent to name %s from IP %s\n", 1219 (unsigned int)dgram->datasize, 1220 nmb_namestr(&dgram->dest_name), 1221 inet_ntoa(p->ip) )); 1222 return; 1223 } 1224 1225 buf = &dgram->data[0]; 1226 buf -= 4; /* XXXX for the pseudo tcp length - someday I need to get rid of this */ 1227 1228 if (CVAL(buf,smb_com) != SMBtrans) 1229 return; 1230 1231 len = SVAL(buf,smb_vwv11); 1232 buf2 = smb_base(buf) + SVAL(buf,smb_vwv12); 1233 1234 if (len <= 0 || len > dgram->datasize) { 1235 DEBUG(0,("process_dgram: ignoring malformed1 (datasize = %d, len = %d) datagram \ 1236packet sent to name %s from IP %s\n", 1237 dgram->datasize, 1238 len, 1239 nmb_namestr(&dgram->dest_name), 1240 inet_ntoa(p->ip) )); 1241 return; 1242 } 1243 1244 if (buf2 < dgram->data || (buf2 >= dgram->data + dgram->datasize)) { 1245 DEBUG(0,("process_dgram: ignoring malformed2 (datasize = %d, len=%d, off=%d) datagram \ 1246packet sent to name %s from IP %s\n", 1247 dgram->datasize, 1248 len, 1249 PTR_DIFF(buf2, dgram->data), 1250 nmb_namestr(&dgram->dest_name), 1251 inet_ntoa(p->ip) )); 1252 return; 1253 } 1254 1255 if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) { 1256 DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \ 1257packet sent to name %s from IP %s\n", 1258 dgram->datasize, 1259 len, 1260 PTR_DIFF(buf2, dgram->data), 1261 nmb_namestr(&dgram->dest_name), 1262 inet_ntoa(p->ip) )); 1263 return; 1264 } 1265 1266 DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n", 1267 nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name), 1268 inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len)); 1269 1270 /* Datagram packet received for the browser mailslot */ 1271 if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) { 1272 process_browse_packet(p,buf2,len); 1273 return; 1274 } 1275 1276 /* Datagram packet received for the LAN Manager mailslot */ 1277 if (strequal(smb_buf(buf),LANMAN_MAILSLOT)) { 1278 process_lanman_packet(p,buf2,len); 1279 return; 1280 } 1281 1282 /* Datagram packet received for the domain logon mailslot */ 1283 if (strequal(smb_buf(buf),NET_LOGON_MAILSLOT)) { 1284 process_logon_packet(p,buf2,len,NET_LOGON_MAILSLOT); 1285 return; 1286 } 1287 1288 /* Datagram packet received for the NT domain logon mailslot */ 1289 if (strequal(smb_buf(buf),NT_LOGON_MAILSLOT)) { 1290 process_logon_packet(p,buf2,len,NT_LOGON_MAILSLOT); 1291 return; 1292 } 1293 1294 unexpected_packet(p); 1295} 1296 1297/**************************************************************************** 1298 Validate a response nmb packet. 1299****************************************************************************/ 1300 1301static BOOL validate_nmb_response_packet( struct nmb_packet *nmb ) 1302{ 1303 BOOL ignore = False; 1304 1305 switch (nmb->header.opcode) { 1306 case NMB_NAME_REG_OPCODE: 1307 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */ 1308 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */ 1309 if (nmb->header.ancount == 0) { 1310 DEBUG(0,("validate_nmb_response_packet: Bad REG/REFRESH Packet. ")); 1311 ignore = True; 1312 } 1313 break; 1314 1315 case NMB_NAME_QUERY_OPCODE: 1316 if ((nmb->header.ancount != 0) && (nmb->header.ancount != 1)) { 1317 DEBUG(0,("validate_nmb_response_packet: Bad QUERY Packet. ")); 1318 ignore = True; 1319 } 1320 break; 1321 1322 case NMB_NAME_RELEASE_OPCODE: 1323 if (nmb->header.ancount == 0) { 1324 DEBUG(0,("validate_nmb_response_packet: Bad RELEASE Packet. ")); 1325 ignore = True; 1326 } 1327 break; 1328 1329 case NMB_WACK_OPCODE: 1330 /* Check WACK response here. */ 1331 if (nmb->header.ancount != 1) { 1332 DEBUG(0,("validate_nmb_response_packet: Bad WACK Packet. ")); 1333 ignore = True; 1334 } 1335 break; 1336 default: 1337 DEBUG(0,("validate_nmb_response_packet: Ignoring packet with unknown opcode %d.\n", 1338 nmb->header.opcode)); 1339 return True; 1340 } 1341 1342 if(ignore) 1343 DEBUG(0,("Ignoring response packet with opcode %d.\n", nmb->header.opcode)); 1344 1345 return ignore; 1346} 1347 1348/**************************************************************************** 1349 Validate a request nmb packet. 1350****************************************************************************/ 1351 1352static BOOL validate_nmb_packet( struct nmb_packet *nmb ) 1353{ 1354 BOOL ignore = False; 1355 1356 switch (nmb->header.opcode) { 1357 case NMB_NAME_REG_OPCODE: 1358 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */ 1359 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */ 1360 case NMB_NAME_MULTIHOMED_REG_OPCODE: 1361 if (nmb->header.qdcount==0 || nmb->header.arcount==0) { 1362 DEBUG(0,("validate_nmb_packet: Bad REG/REFRESH Packet. ")); 1363 ignore = True; 1364 } 1365 break; 1366 1367 case NMB_NAME_QUERY_OPCODE: 1368 if ((nmb->header.qdcount == 0) || ((nmb->question.question_type != QUESTION_TYPE_NB_QUERY) && 1369 (nmb->question.question_type != QUESTION_TYPE_NB_STATUS))) { 1370 DEBUG(0,("validate_nmb_packet: Bad QUERY Packet. ")); 1371 ignore = True; 1372 } 1373 break; 1374 1375 case NMB_NAME_RELEASE_OPCODE: 1376 if (nmb->header.qdcount==0 || nmb->header.arcount==0) { 1377 DEBUG(0,("validate_nmb_packet: Bad RELEASE Packet. ")); 1378 ignore = True; 1379 } 1380 break; 1381 default: 1382 DEBUG(0,("validate_nmb_packet: Ignoring packet with unknown opcode %d.\n", 1383 nmb->header.opcode)); 1384 return True; 1385 } 1386 1387 if(ignore) 1388 DEBUG(0,("validate_nmb_packet: Ignoring request packet with opcode %d.\n", nmb->header.opcode)); 1389 1390 return ignore; 1391} 1392 1393/**************************************************************************** 1394 Find a subnet (and potentially a response record) for a packet. 1395****************************************************************************/ 1396 1397static struct subnet_record *find_subnet_for_nmb_packet( struct packet_struct *p, 1398 struct response_record **pprrec) 1399{ 1400 struct nmb_packet *nmb = &p->packet.nmb; 1401 struct response_record *rrec = NULL; 1402 struct subnet_record *subrec = NULL; 1403 1404 if(pprrec != NULL) 1405 *pprrec = NULL; 1406 1407 if(nmb->header.response) { 1408 /* It's a response packet. Find a record for it or it's an error. */ 1409 1410 rrec = find_response_record( &subrec, nmb->header.name_trn_id); 1411 if(rrec == NULL) { 1412 DEBUG(3,("find_subnet_for_nmb_packet: response record not found for response id %hu\n", 1413 nmb->header.name_trn_id)); 1414 unexpected_packet(p); 1415 return NULL; 1416 } 1417 1418 if(subrec == NULL) { 1419 DEBUG(0,("find_subnet_for_nmb_packet: subnet record not found for response id %hu\n", 1420 nmb->header.name_trn_id)); 1421 return NULL; 1422 } 1423 1424 if(pprrec != NULL) 1425 *pprrec = rrec; 1426 return subrec; 1427 } 1428 1429 /* Try and see what subnet this packet belongs to. */ 1430 1431 /* WINS server ? */ 1432 if(packet_is_for_wins_server(p)) 1433 return wins_server_subnet; 1434 1435 /* If it wasn't a broadcast packet then send to the UNICAST subnet. */ 1436 if(nmb->header.nm_flags.bcast == False) 1437 return unicast_subnet; 1438 1439 /* Go through all the broadcast subnets and see if the mask matches. */ 1440 for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { 1441 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip)) 1442 return subrec; 1443 } 1444 1445 /* If none match it must have been a directed broadcast - assign the remote_broadcast_subnet. */ 1446 return remote_broadcast_subnet; 1447} 1448 1449/**************************************************************************** 1450 Process a nmb request packet - validate the packet and route it. 1451****************************************************************************/ 1452 1453static void process_nmb_request(struct packet_struct *p) 1454{ 1455 struct nmb_packet *nmb = &p->packet.nmb; 1456 struct subnet_record *subrec = NULL; 1457 1458 debug_nmb_packet(p); 1459 1460 /* Ensure we have a good packet. */ 1461 if(validate_nmb_packet(nmb)) 1462 return; 1463 1464 /* Allocate a subnet to this packet - if we cannot - fail. */ 1465 if((subrec = find_subnet_for_nmb_packet(p, NULL))==NULL) 1466 return; 1467 1468 switch (nmb->header.opcode) { 1469 case NMB_NAME_REG_OPCODE: 1470 if(subrec == wins_server_subnet) 1471 wins_process_name_registration_request(subrec, p); 1472 else 1473 process_name_registration_request(subrec, p); 1474 break; 1475 1476 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */ 1477 case NMB_NAME_REFRESH_OPCODE_9: 1478 if(subrec == wins_server_subnet) 1479 wins_process_name_refresh_request(subrec, p); 1480 else 1481 process_name_refresh_request(subrec, p); 1482 break; 1483 1484 case NMB_NAME_MULTIHOMED_REG_OPCODE: 1485 if(subrec == wins_server_subnet) { 1486 wins_process_multihomed_name_registration_request(subrec, p); 1487 } else { 1488 DEBUG(0,("process_nmb_request: Multihomed registration request must be \ 1489directed at a WINS server.\n")); 1490 } 1491 break; 1492 1493 case NMB_NAME_QUERY_OPCODE: 1494 switch (nmb->question.question_type) { 1495 case QUESTION_TYPE_NB_QUERY: 1496 if(subrec == wins_server_subnet) 1497 wins_process_name_query_request(subrec, p); 1498 else 1499 process_name_query_request(subrec, p); 1500 break; 1501 case QUESTION_TYPE_NB_STATUS: 1502 if(subrec == wins_server_subnet) { 1503 DEBUG(0,("process_nmb_request: NB_STATUS request directed at WINS server is \ 1504not allowed.\n")); 1505 break; 1506 } else { 1507 process_node_status_request(subrec, p); 1508 } 1509 break; 1510 } 1511 break; 1512 1513 case NMB_NAME_RELEASE_OPCODE: 1514 if(subrec == wins_server_subnet) 1515 wins_process_name_release_request(subrec, p); 1516 else 1517 process_name_release_request(subrec, p); 1518 break; 1519 } 1520} 1521 1522/**************************************************************************** 1523 Process a nmb response packet - validate the packet and route it. 1524 to either the WINS server or a normal response. 1525****************************************************************************/ 1526 1527static void process_nmb_response(struct packet_struct *p) 1528{ 1529 struct nmb_packet *nmb = &p->packet.nmb; 1530 struct subnet_record *subrec = NULL; 1531 struct response_record *rrec = NULL; 1532 1533 debug_nmb_packet(p); 1534 1535 if(validate_nmb_response_packet(nmb)) 1536 return; 1537 1538 if((subrec = find_subnet_for_nmb_packet(p, &rrec))==NULL) 1539 return; 1540 1541 if(rrec == NULL) { 1542 DEBUG(0,("process_nmb_response: response packet received but no response record \ 1543found for id = %hu. Ignoring packet.\n", nmb->header.name_trn_id)); 1544 return; 1545 } 1546 1547 /* Increment the number of responses received for this record. */ 1548 rrec->num_msgs++; 1549 /* Ensure we don't re-send the request. */ 1550 rrec->repeat_count = 0; 1551 1552 /* Call the response received function for this packet. */ 1553 (*rrec->resp_fn)(subrec, rrec, p); 1554} 1555 1556/******************************************************************* 1557 Run elements off the packet queue till its empty 1558******************************************************************/ 1559 1560void run_packet_queue(void) 1561{ 1562 struct packet_struct *p; 1563 1564 while ((p = packet_queue)) { 1565 packet_queue = p->next; 1566 if (packet_queue) 1567 packet_queue->prev = NULL; 1568 p->next = p->prev = NULL; 1569 1570 switch (p->packet_type) { 1571 case NMB_PACKET: 1572 if(p->packet.nmb.header.response) 1573 process_nmb_response(p); 1574 else 1575 process_nmb_request(p); 1576 break; 1577 1578 case DGRAM_PACKET: 1579 process_dgram(p); 1580 break; 1581 } 1582 free_packet(p); 1583 } 1584} 1585 1586/******************************************************************* 1587 Retransmit or timeout elements from all the outgoing subnet response 1588 record queues. NOTE that this code must also check the WINS server 1589 subnet for response records to timeout as the WINS server code 1590 can send requests to check if a client still owns a name. 1591 (Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>). 1592******************************************************************/ 1593 1594void retransmit_or_expire_response_records(time_t t) 1595{ 1596 struct subnet_record *subrec; 1597 1598 for (subrec = FIRST_SUBNET; subrec; subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec)) { 1599 struct response_record *rrec, *nextrrec; 1600 1601 for (rrec = subrec->responselist; rrec; rrec = nextrrec) { 1602 nextrrec = rrec->next; 1603 1604 if (rrec->repeat_time <= t) { 1605 if (rrec->repeat_count > 0) { 1606 /* Resend while we have a non-zero repeat_count. */ 1607 if(!send_packet(rrec->packet)) { 1608 DEBUG(0,("retransmit_or_expire_response_records: Failed to resend packet id %hu \ 1609to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name)); 1610 } 1611 rrec->repeat_time = t + rrec->repeat_interval; 1612 rrec->repeat_count--; 1613 } else { 1614 DEBUG(4,("retransmit_or_expire_response_records: timeout for packet id %hu to IP %s \ 1615on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name)); 1616 1617 /* 1618 * Check the flag in this record to prevent recursion if we end 1619 * up in this function again via the timeout function call. 1620 */ 1621 1622 if(!rrec->in_expiration_processing) { 1623 1624 /* 1625 * Set the recursion protection flag in this record. 1626 */ 1627 1628 rrec->in_expiration_processing = True; 1629 1630 /* Call the timeout function. This will deal with removing the 1631 timed out packet. */ 1632 if(rrec->timeout_fn) { 1633 (*rrec->timeout_fn)(subrec, rrec); 1634 } else { 1635 /* We must remove the record ourself if there is 1636 no timeout function. */ 1637 remove_response_record(subrec, rrec); 1638 } 1639 } /* !rrec->in_expitation_processing */ 1640 } /* rrec->repeat_count > 0 */ 1641 } /* rrec->repeat_time <= t */ 1642 } /* end for rrec */ 1643 } /* end for subnet */ 1644} 1645 1646/**************************************************************************** 1647 Create an fd_set containing all the sockets in the subnet structures, 1648 plus the broadcast sockets. 1649***************************************************************************/ 1650 1651static BOOL create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_number, int *maxfd) 1652{ 1653 int *sock_array = NULL; 1654 struct subnet_record *subrec = NULL; 1655 int count = 0; 1656 int num = 0; 1657 fd_set *pset = SMB_MALLOC_P(fd_set); 1658 1659 if(pset == NULL) { 1660 DEBUG(0,("create_listen_fdset: malloc fail !\n")); 1661 return True; 1662 } 1663 1664 /* Check that we can add all the fd's we need. */ 1665 for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) 1666 count++; 1667 1668 if((count*2) + 2 > FD_SETSIZE) { 1669 DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \ 1670only use %d.\n", (count*2) + 2, FD_SETSIZE)); 1671 return True; 1672 } 1673 1674 if((sock_array = SMB_MALLOC_ARRAY(int, (count*2) + 2)) == NULL) { 1675 DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n")); 1676 return True; 1677 } 1678 1679 FD_ZERO(pset); 1680 1681 /* Add in the broadcast socket on 137. */ 1682 FD_SET(ClientNMB,pset); 1683 sock_array[num++] = ClientNMB; 1684 *maxfd = MAX( *maxfd, ClientNMB); 1685 1686 /* Add in the 137 sockets on all the interfaces. */ 1687 for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { 1688 FD_SET(subrec->nmb_sock,pset); 1689 sock_array[num++] = subrec->nmb_sock; 1690 *maxfd = MAX( *maxfd, subrec->nmb_sock); 1691 } 1692 1693 /* Add in the broadcast socket on 138. */ 1694 FD_SET(ClientDGRAM,pset); 1695 sock_array[num++] = ClientDGRAM; 1696 *maxfd = MAX( *maxfd, ClientDGRAM); 1697 1698 /* Add in the 138 sockets on all the interfaces. */ 1699 for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { 1700 FD_SET(subrec->dgram_sock,pset); 1701 sock_array[num++] = subrec->dgram_sock; 1702 *maxfd = MAX( *maxfd, subrec->dgram_sock); 1703 } 1704 1705 *listen_number = (count*2) + 2; 1706 1707 SAFE_FREE(*ppset); 1708 SAFE_FREE(*psock_array); 1709 1710 *ppset = pset; 1711 *psock_array = sock_array; 1712 1713 return False; 1714} 1715 1716/**************************************************************************** 1717 Listens for NMB or DGRAM packets, and queues them. 1718 return True if the socket is dead 1719***************************************************************************/ 1720 1721BOOL listen_for_packets(BOOL run_election) 1722{ 1723 static fd_set *listen_set = NULL; 1724 static int listen_number = 0; 1725 static int *sock_array = NULL; 1726 int i; 1727 static int maxfd = 0; 1728 1729 fd_set fds; 1730 int selrtn; 1731 struct timeval timeout; 1732#ifndef SYNC_DNS 1733 int dns_fd; 1734#endif 1735 1736 if(listen_set == NULL || rescan_listen_set) { 1737 if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) { 1738 DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n")); 1739 return True; 1740 } 1741 rescan_listen_set = False; 1742 } 1743 1744 memcpy((char *)&fds, (char *)listen_set, sizeof(fd_set)); 1745 1746#ifndef SYNC_DNS 1747 dns_fd = asyncdns_fd(); 1748 if (dns_fd != -1) { 1749 FD_SET(dns_fd, &fds); 1750 maxfd = MAX( maxfd, dns_fd); 1751 } 1752#endif 1753 1754 /* 1755 * During elections and when expecting a netbios response packet we 1756 * need to send election packets at tighter intervals. 1757 * Ideally it needs to be the interval (in ms) between time now and 1758 * the time we are expecting the next netbios packet. 1759 */ 1760 1761 timeout.tv_sec = (run_election||num_response_packets) ? 1 : NMBD_SELECT_LOOP; 1762 timeout.tv_usec = 0; 1763 1764 /* Prepare for the select - allow certain signals. */ 1765 1766 BlockSignals(False, SIGTERM); 1767 1768 selrtn = sys_select(maxfd+1,&fds,NULL,NULL,&timeout); 1769 1770 /* We can only take signals when we are in the select - block them again here. */ 1771 1772 BlockSignals(True, SIGTERM); 1773 1774 if(selrtn == -1) { 1775 return False; 1776 } 1777 1778#ifndef SYNC_DNS 1779 if (dns_fd != -1 && FD_ISSET(dns_fd,&fds)) { 1780 run_dns_queue(); 1781 } 1782#endif 1783 1784 for(i = 0; i < listen_number; i++) { 1785 if (i < (listen_number/2)) { 1786 /* Processing a 137 socket. */ 1787 if (FD_ISSET(sock_array[i],&fds)) { 1788 struct packet_struct *packet = read_packet(sock_array[i], NMB_PACKET); 1789 if (packet) { 1790 /* 1791 * If we got a packet on the broadcast socket and interfaces 1792 * only is set then check it came from one of our local nets. 1793 */ 1794 if(lp_bind_interfaces_only() && (sock_array[i] == ClientNMB) && 1795 (!is_local_net(packet->ip))) { 1796 DEBUG(7,("discarding nmb packet sent to broadcast socket from %s:%d\n", 1797 inet_ntoa(packet->ip),packet->port)); 1798 free_packet(packet); 1799 } else if ((ip_equal(loopback_ip, packet->ip) || 1800 ismyip(packet->ip)) && packet->port == global_nmb_port && 1801 packet->packet.nmb.header.nm_flags.bcast) { 1802 DEBUG(7,("discarding own bcast packet from %s:%d\n", 1803 inet_ntoa(packet->ip),packet->port)); 1804 free_packet(packet); 1805 } else { 1806 /* Save the file descriptor this packet came in on. */ 1807 packet->fd = sock_array[i]; 1808 queue_packet(packet); 1809 } 1810 } 1811 } 1812 } else { 1813 /* Processing a 138 socket. */ 1814 if (FD_ISSET(sock_array[i],&fds)) { 1815 struct packet_struct *packet = read_packet(sock_array[i], DGRAM_PACKET); 1816 if (packet) { 1817 /* 1818 * If we got a packet on the broadcast socket and interfaces 1819 * only is set then check it came from one of our local nets. 1820 */ 1821 if(lp_bind_interfaces_only() && (sock_array[i] == ClientDGRAM) && 1822 (!is_local_net(packet->ip))) { 1823 DEBUG(7,("discarding dgram packet sent to broadcast socket from %s:%d\n", 1824 inet_ntoa(packet->ip),packet->port)); 1825 free_packet(packet); 1826 } else if ((ip_equal(loopback_ip, packet->ip) || 1827 ismyip(packet->ip)) && packet->port == DGRAM_PORT) { 1828 DEBUG(7,("discarding own dgram packet from %s:%d\n", 1829 inet_ntoa(packet->ip),packet->port)); 1830 free_packet(packet); 1831 } else { 1832 /* Save the file descriptor this packet came in on. */ 1833 packet->fd = sock_array[i]; 1834 queue_packet(packet); 1835 } 1836 } 1837 } 1838 } /* end processing 138 socket. */ 1839 } /* end for */ 1840 return False; 1841} 1842 1843/**************************************************************************** 1844 Construct and send a netbios DGRAM. 1845**************************************************************************/ 1846 1847BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len, 1848 const char *srcname, int src_type, 1849 const char *dstname, int dest_type, 1850 struct in_addr dest_ip,struct in_addr src_ip, 1851 int dest_port) 1852{ 1853 BOOL loopback_this_packet = False; 1854 struct packet_struct p; 1855 struct dgram_packet *dgram = &p.packet.dgram; 1856 char *ptr,*p2; 1857 char tmp[4]; 1858 1859 memset((char *)&p,'\0',sizeof(p)); 1860 1861 if(ismyip(dest_ip) && (dest_port == DGRAM_PORT)) /* Only if to DGRAM_PORT */ 1862 loopback_this_packet = True; 1863 1864 /* generate_name_trn_id(); */ /* Not used, so gone, RJS */ 1865 1866 /* DIRECT GROUP or UNIQUE datagram. */ 1867 dgram->header.msg_type = unique ? 0x10 : 0x11; 1868 dgram->header.flags.node_type = M_NODE; 1869 dgram->header.flags.first = True; 1870 dgram->header.flags.more = False; 1871 dgram->header.dgm_id = generate_name_trn_id(); 1872 dgram->header.source_ip = src_ip; 1873 dgram->header.source_port = DGRAM_PORT; 1874 dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */ 1875 dgram->header.packet_offset = 0; 1876 1877 make_nmb_name(&dgram->source_name,srcname,src_type); 1878 make_nmb_name(&dgram->dest_name,dstname,dest_type); 1879 1880 ptr = &dgram->data[0]; 1881 1882 /* Setup the smb part. */ 1883 ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */ 1884 memcpy(tmp,ptr,4); 1885 set_message(ptr,17,strlen(mailslot) + 1 + len,True); 1886 memcpy(ptr,tmp,4); 1887 1888 SCVAL(ptr,smb_com,SMBtrans); 1889 SSVAL(ptr,smb_vwv1,len); 1890 SSVAL(ptr,smb_vwv11,len); 1891 SSVAL(ptr,smb_vwv12,70 + strlen(mailslot)); 1892 SSVAL(ptr,smb_vwv13,3); 1893 SSVAL(ptr,smb_vwv14,1); 1894 SSVAL(ptr,smb_vwv15,1); 1895 SSVAL(ptr,smb_vwv16,2); 1896 p2 = smb_buf(ptr); 1897 safe_strcpy_base(p2, mailslot, dgram->data, sizeof(dgram->data)); 1898 p2 = skip_string(p2,1); 1899 1900 if (((p2+len) > dgram->data+sizeof(dgram->data)) || ((p2+len) < p2)) { 1901 DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n")); 1902 return False; 1903 } else { 1904 memcpy(p2,buf,len); 1905 p2 += len; 1906 } 1907 1908 dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */ 1909 1910 p.ip = dest_ip; 1911 p.port = dest_port; 1912 p.fd = find_subnet_mailslot_fd_for_address( src_ip ); 1913 p.timestamp = time(NULL); 1914 p.packet_type = DGRAM_PACKET; 1915 1916 DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot, 1917 nmb_namestr(&dgram->source_name), inet_ntoa(src_ip))); 1918 DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip))); 1919 1920 debug_browse_data(buf, len); 1921 1922 if(loopback_this_packet) { 1923 struct packet_struct *lo_packet = NULL; 1924 DEBUG(5,("send_mailslot: sending packet to ourselves.\n")); 1925 if((lo_packet = copy_packet(&p)) == NULL) 1926 return False; 1927 queue_packet(lo_packet); 1928 return True; 1929 } else { 1930 return(send_packet(&p)); 1931 } 1932} 1933