~ubuntu-branches/ubuntu/oneiric/samba/oneiric-security
» Revision
137
: .pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c
« back to all changes in this revision
Viewing changes to .pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c
- browse files at revision 137
- compare with another revision
- download diff
- download tarball
- view history from revision 137
- Committer: Bazaar Package Importer
- Author(s): Chuck Short
- Date: 2011-03-10 10:03:01 UTC
- mfrom: (0.39.11 sid)
- Revision ID: james.westby@ubuntu.com-20110310100301-jfjg41wv0iq05zj4
Tags: 2:3.5.8~dfsg-1ubuntu1
* Merge from debian unstable. Remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksmbpasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
- Add cuups breaks to push the package to aslo upgrade cups (LP: #639768)
+ debian/rules:
- enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
- Don't ship the /etc/network/if-up.d file.
+ debian/samba.postinst:
- Fixed bashism.
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common.postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/samba.logrotate: Make it upstart compatible
+ debian/samba-common.dhcp: Fix typo to get a proper parsing in
/etc/samba/dhcp.
+ Dropped:
- debian/patches/fix-windows7-print-connection.patch: Merged upstream.
- debian/patches/security-CVE-2011-0719.patch: Merged upstream.
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksmbpasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
- Add cuups breaks to push the package to aslo upgrade cups (LP: #639768)
+ debian/rules:
- enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
- Don't ship the /etc/network/if-up.d file.
+ debian/samba.postinst:
- Fixed bashism.
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common.postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/samba.logrotate: Make it upstart compatible
+ debian/samba-common.dhcp: Fix typo to get a proper parsing in
/etc/samba/dhcp.
+ Dropped:
- debian/patches/fix-windows7-print-connection.patch: Merged upstream.
- debian/patches/security-CVE-2011-0719.patch: Merged upstream.
- files added:
- source3/libsmb/smbsock_connect.c
- files removed:
- .pc/bug_605728_upstream_7791.patch
- .pc/bug_605728_upstream_7791.patch/source3
- .pc/bug_605728_upstream_7791.patch/source3/libsmb
- .pc/fix-windows7-print-connection.patch
- .pc/fix-windows7-print-connection.patch/librpc
- .pc/fix-windows7-print-connection.patch/librpc/gen_ndr
- .pc/fix-windows7-print-connection.patch/librpc/idl
- .pc/fix-windows7-print-connection.patch/librpc/ndr
- .pc/security-CVE-2011-0719.patch
- .pc/security-CVE-2011-0719.patch/lib
- .pc/security-CVE-2011-0719.patch/lib/tevent
- .pc/security-CVE-2011-0719.patch/nsswitch
- .pc/security-CVE-2011-0719.patch/nsswitch/libwbclient
- .pc/security-CVE-2011-0719.patch/source3
- .pc/security-CVE-2011-0719.patch/source3/client
- .pc/security-CVE-2011-0719.patch/source3/lib
- .pc/security-CVE-2011-0719.patch/source3/libaddns
- .pc/security-CVE-2011-0719.patch/source3/libsmb
- .pc/security-CVE-2011-0719.patch/source3/nmbd
- .pc/security-CVE-2011-0719.patch/source3/utils
- .pc/security-CVE-2011-0719.patch/source3/winbindd
- files modified:
- .pc/VERSION.patch/source3/VERSION
added
removed
.pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c
1
/*
2
Unix SMB/CIFS implementation.
3
NBT netbios routines and daemon - version 2
4
Copyright (C) Andrew Tridgell 1994-1998
5
Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6
Copyright (C) Jeremy Allison 1994-2003
7
8
This program is free software; you can redistribute it and/or modify
9
it under the terms of the GNU General Public License as published by
10
the Free Software Foundation; either version 3 of the License, or
11
(at your option) any later version.
12
13
This program is distributed in the hope that it will be useful,
14
but WITHOUT ANY WARRANTY; without even the implied warranty of
15
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
GNU General Public License for more details.
17
18
You should have received a copy of the GNU General Public License
19
along with this program. If not, see <http://www.gnu.org/licenses/>.
20
21
*/
22
23
#include "includes.h"
24
25
extern int ClientNMB;
26
extern int ClientDGRAM;
27
extern int global_nmb_port;
28
29
extern int num_response_packets;
30
31
bool rescan_listen_set = False;
32
33
34
/*******************************************************************
35
The global packet linked-list. Incoming entries are
36
added to the end of this list. It is supposed to remain fairly
37
short so we won't bother with an end pointer.
38
******************************************************************/
39
40
static struct packet_struct *packet_queue = NULL;
41
42
/***************************************************************************
43
Utility function to find the specific fd to send a packet out on.
44
**************************************************************************/
45
46
static int find_subnet_fd_for_address( struct in_addr local_ip )
47
{
48
struct subnet_record *subrec;
49
50
for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
51
if(ip_equal_v4(local_ip, subrec->myip))
52
return subrec->nmb_sock;
53
54
return ClientNMB;
55
}
56
57
/***************************************************************************
58
Utility function to find the specific fd to send a mailslot packet out on.
59
**************************************************************************/
60
61
static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip )
62
{
63
struct subnet_record *subrec;
64
65
for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
66
if(ip_equal_v4(local_ip, subrec->myip))
67
return subrec->dgram_sock;
68
69
return ClientDGRAM;
70
}
71
72
/***************************************************************************
73
Get/Set problematic nb_flags as network byte order 16 bit int.
74
**************************************************************************/
75
76
uint16 get_nb_flags(char *buf)
77
{
78
return ((((uint16)*buf)&0xFFFF) & NB_FLGMSK);
79
}
80
81
void set_nb_flags(char *buf, uint16 nb_flags)
82
{
83
*buf++ = ((nb_flags & NB_FLGMSK) & 0xFF);
84
*buf = '\0';
85
}
86
87
/***************************************************************************
88
Dumps out the browse packet data.
89
**************************************************************************/
90
91
static void debug_browse_data(char *outbuf, int len)
92
{
93
int i,j;
94
95
DEBUG( 4, ( "debug_browse_data():\n" ) );
96
for (i = 0; i < len; i+= 16) {
97
DEBUGADD( 4, ( "%3x char ", i ) );
98
99
for (j = 0; j < 16; j++) {
100
unsigned char x;
101
if (i+j >= len)
102
break;
103
104
x = outbuf[i+j];
105
if (x < 32 || x > 127)
106
x = '.';
107
108
DEBUGADD( 4, ( "%c", x ) );
109
}
110
111
DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
112
113
for (j = 0; j < 16; j++) {
114
if (i+j >= len)
115
break;
116
DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
117
}
118
119
DEBUGADD( 4, ("\n") );
120
}
121
}
122
123
/***************************************************************************
124
Generates the unique transaction identifier
125
**************************************************************************/
126
127
static uint16 name_trn_id=0;
128
129
static uint16 generate_name_trn_id(void)
130
{
131
if (!name_trn_id) {
132
name_trn_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100);
133
}
134
name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
135
return name_trn_id;
136
}
137
138
/***************************************************************************
139
Either loops back or sends out a completed NetBIOS packet.
140
**************************************************************************/
141
142
static bool send_netbios_packet(struct packet_struct *p)
143
{
144
bool loopback_this_packet = False;
145
146
/* Check if we are sending to or from ourselves as a WINS server. */
147
if(ismyip_v4(p->ip) && (p->port == global_nmb_port))
148
loopback_this_packet = True;
149
150
if(loopback_this_packet) {
151
struct packet_struct *lo_packet = NULL;
152
DEBUG(5,("send_netbios_packet: sending packet to ourselves.\n"));
153
if((lo_packet = copy_packet(p)) == NULL)
154
return False;
155
queue_packet(lo_packet);
156
} else if (!send_packet(p)) {
157
DEBUG(0,("send_netbios_packet: send_packet() to IP %s port %d failed\n",
158
inet_ntoa(p->ip),p->port));
159
return False;
160
}
161
162
return True;
163
}
164
165
/***************************************************************************
166
Sets up the common elements of an outgoing NetBIOS packet.
167
168
Note: do not attempt to rationalise whether rec_des should be set or not
169
in a particular situation. Just follow rfc_1002 or look at examples from WinXX.
170
It does NOT follow the rule that requests to the wins server always have
171
rec_des true. See for example name releases and refreshes
172
**************************************************************************/
173
174
static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmbname,
175
bool bcast, bool rec_des,
176
struct in_addr to_ip)
177
{
178
struct packet_struct *packet = NULL;
179
struct nmb_packet *nmb = NULL;
180
181
/* Allocate the packet_struct we will return. */
182
if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL) {
183
DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
184
return NULL;
185
}
186
187
memset((char *)packet,'\0',sizeof(*packet));
188
189
nmb = &packet->packet.nmb;
190
191
nmb->header.name_trn_id = generate_name_trn_id();
192
nmb->header.response = False;
193
nmb->header.nm_flags.recursion_desired = rec_des;
194
nmb->header.nm_flags.recursion_available = False;
195
nmb->header.nm_flags.trunc = False;
196
nmb->header.nm_flags.authoritative = False;
197
nmb->header.nm_flags.bcast = bcast;
198
199
nmb->header.rcode = 0;
200
nmb->header.qdcount = 1;
201
nmb->header.ancount = 0;
202
nmb->header.nscount = 0;
203
204
nmb->question.question_name = *nmbname;
205
nmb->question.question_type = QUESTION_TYPE_NB_QUERY;
206
nmb->question.question_class = QUESTION_CLASS_IN;
207
208
packet->ip = to_ip;
209
packet->port = NMB_PORT;
210
packet->recv_fd = -1;
211
packet->send_fd = ClientNMB;
212
packet->timestamp = time(NULL);
213
packet->packet_type = NMB_PACKET;
214
packet->locked = False;
215
216
return packet; /* Caller must free. */
217
}
218
219
/***************************************************************************
220
Sets up the common elements of register, refresh or release packet.
221
**************************************************************************/
222
223
static bool create_and_init_additional_record(struct packet_struct *packet,
224
uint16 nb_flags,
225
const struct in_addr *register_ip)
226
{
227
struct nmb_packet *nmb = &packet->packet.nmb;
228
229
if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {
230
DEBUG(0,("create_and_init_additional_record: malloc fail for additional record.\n"));
231
return False;
232
}
233
234
memset((char *)nmb->additional,'\0',sizeof(struct res_rec));
235
236
nmb->additional->rr_name = nmb->question.question_name;
237
nmb->additional->rr_type = RR_TYPE_NB;
238
nmb->additional->rr_class = RR_CLASS_IN;
239
240
/* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
241
if (nmb->header.nm_flags.bcast)
242
nmb->additional->ttl = PERMANENT_TTL;
243
else
244
nmb->additional->ttl = lp_max_ttl();
245
246
nmb->additional->rdlength = 6;
247
248
set_nb_flags(nmb->additional->rdata,nb_flags);
249
250
/* Set the address for the name we are registering. */
251
putip(&nmb->additional->rdata[2], register_ip);
252
253
/*
254
it turns out that Jeremys code was correct, we are supposed
255
to send registrations from the IP we are registering. The
256
trick is what to do on timeouts! When we send on a
257
non-routable IP then the reply will timeout, and we should
258
treat this as success, not failure. That means we go into
259
our standard refresh cycle for that name which copes nicely
260
with disconnected networks.
261
*/
262
packet->recv_fd = -1;
263
packet->send_fd = find_subnet_fd_for_address(*register_ip);
264
265
return True;
266
}
267
268
/***************************************************************************
269
Sends out a name query.
270
**************************************************************************/
271
272
static bool initiate_name_query_packet( struct packet_struct *packet)
273
{
274
struct nmb_packet *nmb = NULL;
275
276
nmb = &packet->packet.nmb;
277
278
nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
279
nmb->header.arcount = 0;
280
281
nmb->header.nm_flags.recursion_desired = True;
282
283
DEBUG(4,("initiate_name_query_packet: sending query for name %s (bcast=%s) to IP %s\n",
284
nmb_namestr(&nmb->question.question_name),
285
BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
286
287
return send_netbios_packet( packet );
288
}
289
290
/***************************************************************************
291
Sends out a name query - from a WINS server.
292
**************************************************************************/
293
294
static bool initiate_name_query_packet_from_wins_server( struct packet_struct *packet)
295
{
296
struct nmb_packet *nmb = NULL;
297
298
nmb = &packet->packet.nmb;
299
300
nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
301
nmb->header.arcount = 0;
302
303
nmb->header.nm_flags.recursion_desired = False;
304
305
DEBUG(4,("initiate_name_query_packet_from_wins_server: sending query for name %s (bcast=%s) to IP %s\n",
306
nmb_namestr(&nmb->question.question_name),
307
BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
308
309
return send_netbios_packet( packet );
310
}
311
312
/***************************************************************************
313
Sends out a name register.
314
**************************************************************************/
315
316
static bool initiate_name_register_packet( struct packet_struct *packet,
317
uint16 nb_flags, const struct in_addr *register_ip)
318
{
319
struct nmb_packet *nmb = &packet->packet.nmb;
320
321
nmb->header.opcode = NMB_NAME_REG_OPCODE;
322
nmb->header.arcount = 1;
323
324
nmb->header.nm_flags.recursion_desired = True;
325
326
if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
327
return False;
328
329
DEBUG(4,("initiate_name_register_packet: sending registration for name %s (bcast=%s) to IP %s\n",
330
nmb_namestr(&nmb->additional->rr_name),
331
BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
332
333
return send_netbios_packet( packet );
334
}
335
336
/***************************************************************************
337
Sends out a multihomed name register.
338
**************************************************************************/
339
340
static bool initiate_multihomed_name_register_packet(struct packet_struct *packet,
341
uint16 nb_flags, struct in_addr *register_ip)
342
{
343
struct nmb_packet *nmb = &packet->packet.nmb;
344
fstring second_ip_buf;
345
346
fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
347
348
nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
349
nmb->header.arcount = 1;
350
351
nmb->header.nm_flags.recursion_desired = True;
352
353
if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
354
return False;
355
356
DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \
357
for name %s IP %s (bcast=%s) to IP %s\n",
358
nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip),
359
BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf ));
360
361
return send_netbios_packet( packet );
362
}
363
364
/***************************************************************************
365
Sends out a name refresh.
366
**************************************************************************/
367
368
static bool initiate_name_refresh_packet( struct packet_struct *packet,
369
uint16 nb_flags, struct in_addr *refresh_ip)
370
{
371
struct nmb_packet *nmb = &packet->packet.nmb;
372
373
nmb->header.opcode = NMB_NAME_REFRESH_OPCODE_8;
374
nmb->header.arcount = 1;
375
376
nmb->header.nm_flags.recursion_desired = False;
377
378
if(create_and_init_additional_record(packet, nb_flags, refresh_ip) == False)
379
return False;
380
381
DEBUG(4,("initiate_name_refresh_packet: sending refresh for name %s (bcast=%s) to IP %s\n",
382
nmb_namestr(&nmb->additional->rr_name),
383
BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
384
385
return send_netbios_packet( packet );
386
}
387
388
/***************************************************************************
389
Sends out a name release.
390
**************************************************************************/
391
392
static bool initiate_name_release_packet( struct packet_struct *packet,
393
uint16 nb_flags, struct in_addr *release_ip)
394
{
395
struct nmb_packet *nmb = &packet->packet.nmb;
396
397
nmb->header.opcode = NMB_NAME_RELEASE_OPCODE;
398
nmb->header.arcount = 1;
399
400
nmb->header.nm_flags.recursion_desired = False;
401
402
if(create_and_init_additional_record(packet, nb_flags, release_ip) == False)
403
return False;
404
405
DEBUG(4,("initiate_name_release_packet: sending release for name %s (bcast=%s) to IP %s\n",
406
nmb_namestr(&nmb->additional->rr_name),
407
BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
408
409
return send_netbios_packet( packet );
410
}
411
412
/***************************************************************************
413
Sends out a node status.
414
**************************************************************************/
415
416
static bool initiate_node_status_packet( struct packet_struct *packet )
417
{
418
struct nmb_packet *nmb = &packet->packet.nmb;
419
420
nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
421
nmb->header.arcount = 0;
422
423
nmb->header.nm_flags.recursion_desired = False;
424
425
nmb->question.question_type = QUESTION_TYPE_NB_STATUS;
426
427
DEBUG(4,("initiate_node_status_packet: sending node status request for name %s to IP %s\n",
428
nmb_namestr(&nmb->question.question_name),
429
inet_ntoa(packet->ip)));
430
431
return send_netbios_packet( packet );
432
}
433
434
/****************************************************************************
435
Simplification functions for queuing standard packets.
436
These should be the only publicly callable functions for sending
437
out packets.
438
****************************************************************************/
439
440
/****************************************************************************
441
Assertion - we should never be sending nmbd packets on the remote
442
broadcast subnet.
443
****************************************************************************/
444
445
static bool assert_check_subnet(struct subnet_record *subrec)
446
{
447
if( subrec == remote_broadcast_subnet) {
448
DEBUG(0,("assert_check_subnet: Attempt to send packet on remote broadcast subnet. \
449
This is a bug.\n"));
450
return True;
451
}
452
return False;
453
}
454
455
/****************************************************************************
456
Queue a register name packet to the broadcast address of a subnet.
457
****************************************************************************/
458
459
struct response_record *queue_register_name( struct subnet_record *subrec,
460
response_function resp_fn,
461
timeout_response_function timeout_fn,
462
register_name_success_function success_fn,
463
register_name_fail_function fail_fn,
464
struct userdata_struct *userdata,
465
struct nmb_name *nmbname,
466
uint16 nb_flags)
467
{
468
struct packet_struct *p;
469
struct response_record *rrec;
470
struct sockaddr_storage ss;
471
const struct sockaddr_storage *pss = NULL;
472
if(assert_check_subnet(subrec))
473
return NULL;
474
475
/* note that all name registration requests have RD set (rfc1002 - section 4.2.2 */
476
if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), True,
477
subrec->bcast_ip)) == NULL)
478
return NULL;
479
480
in_addr_to_sockaddr_storage(&ss, subrec->bcast_ip);
481
pss = iface_ip((struct sockaddr *)&ss);
482
if (!pss || pss->ss_family != AF_INET) {
483
p->locked = False;
484
free_packet(p);
485
return NULL;
486
}
487
488
if(initiate_name_register_packet(p, nb_flags,
489
&((const struct sockaddr_in *)pss)->sin_addr) == False) {
490
p->locked = False;
491
free_packet(p);
492
return NULL;
493
}
494
495
if((rrec = make_response_record(subrec, /* subnet record. */
496
p, /* packet we sent. */
497
resp_fn, /* function to call on response. */
498
timeout_fn, /* function to call on timeout. */
499
(success_function)success_fn, /* function to call on operation success. */
500
(fail_function)fail_fn, /* function to call on operation fail. */
501
userdata)) == NULL) {
502
p->locked = False;
503
free_packet(p);
504
return NULL;
505
}
506
507
return rrec;
508
}
509
510
/****************************************************************************
511
Queue a refresh name packet to the broadcast address of a subnet.
512
****************************************************************************/
513
514
void queue_wins_refresh(struct nmb_name *nmbname,
515
response_function resp_fn,
516
timeout_response_function timeout_fn,
517
uint16 nb_flags,
518
struct in_addr refresh_ip,
519
const char *tag)
520
{
521
struct packet_struct *p;
522
struct response_record *rrec;
523
struct in_addr wins_ip;
524
struct userdata_struct *userdata;
525
fstring ip_str;
526
527
wins_ip = wins_srv_ip_tag(tag, refresh_ip);
528
529
if ((p = create_and_init_netbios_packet(nmbname, False, False, wins_ip)) == NULL) {
530
return;
531
}
532
533
if (!initiate_name_refresh_packet(p, nb_flags, &refresh_ip)) {
534
p->locked = False;
535
free_packet(p);
536
return;
537
}
538
539
fstrcpy(ip_str, inet_ntoa(refresh_ip));
540
541
DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n",
542
nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag));
543
544
userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1);
545
if (!userdata) {
546
p->locked = False;
547
free_packet(p);
548
DEBUG(0,("Failed to allocate userdata structure!\n"));
549
return;
550
}
551
ZERO_STRUCTP(userdata);
552
userdata->userdata_len = strlen(tag) + 1;
553
strlcpy(userdata->data, tag, userdata->userdata_len);
554
555
if ((rrec = make_response_record(unicast_subnet,
556
p,
557
resp_fn, timeout_fn,
558
NULL,
559
NULL,
560
userdata)) == NULL) {
561
p->locked = False;
562
free_packet(p);
563
return;
564
}
565
566
free(userdata);
567
568
/* we don't want to repeat refresh packets */
569
rrec->repeat_count = 0;
570
}
571
572
573
/****************************************************************************
574
Queue a multihomed register name packet to a given WINS server IP
575
****************************************************************************/
576
577
struct response_record *queue_register_multihomed_name( struct subnet_record *subrec,
578
response_function resp_fn,
579
timeout_response_function timeout_fn,
580
register_name_success_function success_fn,
581
register_name_fail_function fail_fn,
582
struct userdata_struct *userdata,
583
struct nmb_name *nmbname,
584
uint16 nb_flags,
585
struct in_addr register_ip,
586
struct in_addr wins_ip)
587
{
588
struct packet_struct *p;
589
struct response_record *rrec;
590
bool ret;
591
592
/* Sanity check. */
593
if(subrec != unicast_subnet) {
594
DEBUG(0,("queue_register_multihomed_name: should only be done on \
595
unicast subnet. subnet is %s\n.", subrec->subnet_name ));
596
return NULL;
597
}
598
599
if(assert_check_subnet(subrec))
600
return NULL;
601
602
if ((p = create_and_init_netbios_packet(nmbname, False, True, wins_ip)) == NULL)
603
return NULL;
604
605
if (nb_flags & NB_GROUP)
606
ret = initiate_name_register_packet( p, nb_flags, ®ister_ip);
607
else
608
ret = initiate_multihomed_name_register_packet(p, nb_flags, ®ister_ip);
609
610
if (ret == False) {
611
p->locked = False;
612
free_packet(p);
613
return NULL;
614
}
615
616
if ((rrec = make_response_record(subrec, /* subnet record. */
617
p, /* packet we sent. */
618
resp_fn, /* function to call on response. */
619
timeout_fn, /* function to call on timeout. */
620
(success_function)success_fn, /* function to call on operation success. */
621
(fail_function)fail_fn, /* function to call on operation fail. */
622
userdata)) == NULL) {
623
p->locked = False;
624
free_packet(p);
625
return NULL;
626
}
627
628
return rrec;
629
}
630
631
/****************************************************************************
632
Queue a release name packet to the broadcast address of a subnet.
633
****************************************************************************/
634
635
struct response_record *queue_release_name( struct subnet_record *subrec,
636
response_function resp_fn,
637
timeout_response_function timeout_fn,
638
release_name_success_function success_fn,
639
release_name_fail_function fail_fn,
640
struct userdata_struct *userdata,
641
struct nmb_name *nmbname,
642
uint16 nb_flags,
643
struct in_addr release_ip,
644
struct in_addr dest_ip)
645
{
646
struct packet_struct *p;
647
struct response_record *rrec;
648
649
if(assert_check_subnet(subrec))
650
return NULL;
651
652
if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False, dest_ip)) == NULL)
653
return NULL;
654
655
if(initiate_name_release_packet( p, nb_flags, &release_ip) == False) {
656
p->locked = False;
657
free_packet(p);
658
return NULL;
659
}
660
661
if((rrec = make_response_record(subrec, /* subnet record. */
662
p, /* packet we sent. */
663
resp_fn, /* function to call on response. */
664
timeout_fn, /* function to call on timeout. */
665
(success_function)success_fn, /* function to call on operation success. */
666
(fail_function)fail_fn, /* function to call on operation fail. */
667
userdata)) == NULL) {
668
p->locked = False;
669
free_packet(p);
670
return NULL;
671
}
672
673
/*
674
* For a broadcast release packet, only send once.
675
* This will cause us to remove the name asap. JRA.
676
*/
677
678
if (subrec != unicast_subnet) {
679
rrec->repeat_count = 0;
680
rrec->repeat_time = 0;
681
}
682
683
return rrec;
684
}
685
686
/****************************************************************************
687
Queue a query name packet to the broadcast address of a subnet.
688
****************************************************************************/
689
690
struct response_record *queue_query_name( struct subnet_record *subrec,
691
response_function resp_fn,
692
timeout_response_function timeout_fn,
693
query_name_success_function success_fn,
694
query_name_fail_function fail_fn,
695
struct userdata_struct *userdata,
696
struct nmb_name *nmbname)
697
{
698
struct packet_struct *p;
699
struct response_record *rrec;
700
struct in_addr to_ip;
701
702
if(assert_check_subnet(subrec))
703
return NULL;
704
705
to_ip = subrec->bcast_ip;
706
707
/* queries to the WINS server turn up here as queries to IP 0.0.0.0
708
These need to be handled a bit differently */
709
if (subrec->type == UNICAST_SUBNET && is_zero_ip_v4(to_ip)) {
710
/* What we really need to do is loop over each of our wins
711
* servers and wins server tags here, but that just doesn't
712
* fit our architecture at the moment (userdata may already
713
* be used when we get here). For now we just query the first
714
* active wins server on the first tag.
715
*/
716
char **tags = wins_srv_tags();
717
if (!tags) {
718
return NULL;
719
}
720
to_ip = wins_srv_ip_tag(tags[0], to_ip);
721
wins_srv_tags_free(tags);
722
}
723
724
if(( p = create_and_init_netbios_packet(nmbname,
725
(subrec != unicast_subnet),
726
(subrec == unicast_subnet),
727
to_ip)) == NULL)
728
return NULL;
729
730
if(lp_bind_interfaces_only()) {
731
int i;
732
733
DEBUG(10,("queue_query_name: bind_interfaces_only is set, looking for suitable source IP\n"));
734
for(i = 0; i < iface_count(); i++) {
735
const struct in_addr *ifip = iface_n_ip_v4(i);
736
737
if (ifip == NULL) {
738
DEBUG(0,("queue_query_name: interface %d has NULL IP address !\n", i));
739
continue;
740
}
741
742
if (is_loopback_ip_v4(*ifip)) {
743
DEBUG(5,("queue_query_name: ignoring loopback interface (%d)\n", i));
744
continue;
745
}
746
747
DEBUG(10,("queue_query_name: using source IP %s\n",inet_ntoa(*ifip)));
748
p->send_fd = find_subnet_fd_for_address( *ifip );
749
break;
750
}
751
}
752
753
if(initiate_name_query_packet( p ) == False) {
754
p->locked = False;
755
free_packet(p);
756
return NULL;
757
}
758
759
if((rrec = make_response_record(subrec, /* subnet record. */
760
p, /* packet we sent. */
761
resp_fn, /* function to call on response. */
762
timeout_fn, /* function to call on timeout. */
763
(success_function)success_fn, /* function to call on operation success. */
764
(fail_function)fail_fn, /* function to call on operation fail. */
765
userdata)) == NULL) {
766
p->locked = False;
767
free_packet(p);
768
return NULL;
769
}
770
771
return rrec;
772
}
773
774
/****************************************************************************
775
Queue a query name packet to a given address from the WINS subnet.
776
****************************************************************************/
777
778
struct response_record *queue_query_name_from_wins_server( struct in_addr to_ip,
779
response_function resp_fn,
780
timeout_response_function timeout_fn,
781
query_name_success_function success_fn,
782
query_name_fail_function fail_fn,
783
struct userdata_struct *userdata,
784
struct nmb_name *nmbname)
785
{
786
struct packet_struct *p;
787
struct response_record *rrec;
788
789
if ((p = create_and_init_netbios_packet(nmbname, False, False, to_ip)) == NULL)
790
return NULL;
791
792
if(initiate_name_query_packet_from_wins_server( p ) == False) {
793
p->locked = False;
794
free_packet(p);
795
return NULL;
796
}
797
798
if((rrec = make_response_record(wins_server_subnet, /* subnet record. */
799
p, /* packet we sent. */
800
resp_fn, /* function to call on response. */
801
timeout_fn, /* function to call on timeout. */
802
(success_function)success_fn, /* function to call on operation success. */
803
(fail_function)fail_fn, /* function to call on operation fail. */
804
userdata)) == NULL) {
805
p->locked = False;
806
free_packet(p);
807
return NULL;
808
}
809
810
return rrec;
811
}
812
813
/****************************************************************************
814
Queue a node status packet to a given name and address.
815
****************************************************************************/
816
817
struct response_record *queue_node_status( struct subnet_record *subrec,
818
response_function resp_fn,
819
timeout_response_function timeout_fn,
820
node_status_success_function success_fn,
821
node_status_fail_function fail_fn,
822
struct userdata_struct *userdata,
823
struct nmb_name *nmbname,
824
struct in_addr send_ip)
825
{
826
struct packet_struct *p;
827
struct response_record *rrec;
828
829
/* Sanity check. */
830
if(subrec != unicast_subnet) {
831
DEBUG(0,("queue_register_multihomed_name: should only be done on \
832
unicast subnet. subnet is %s\n.", subrec->subnet_name ));
833
return NULL;
834
}
835
836
if(assert_check_subnet(subrec))
837
return NULL;
838
839
if(( p = create_and_init_netbios_packet(nmbname, False, False, send_ip)) == NULL)
840
return NULL;
841
842
if(initiate_node_status_packet(p) == False) {
843
p->locked = False;
844
free_packet(p);
845
return NULL;
846
}
847
848
if((rrec = make_response_record(subrec, /* subnet record. */
849
p, /* packet we sent. */
850
resp_fn, /* function to call on response. */
851
timeout_fn, /* function to call on timeout. */
852
(success_function)success_fn, /* function to call on operation success. */
853
(fail_function)fail_fn, /* function to call on operation fail. */
854
userdata)) == NULL) {
855
p->locked = False;
856
free_packet(p);
857
return NULL;
858
}
859
860
return rrec;
861
}
862
863
/****************************************************************************
864
Reply to a netbios name packet. see rfc1002.txt
865
****************************************************************************/
866
867
void reply_netbios_packet(struct packet_struct *orig_packet,
868
int rcode, enum netbios_reply_type_code rcv_code, int opcode,
869
int ttl, char *data,int len)
870
{
871
struct packet_struct packet;
872
struct nmb_packet *nmb = NULL;
873
struct res_rec answers;
874
struct nmb_packet *orig_nmb = &orig_packet->packet.nmb;
875
bool loopback_this_packet = False;
876
int rr_type = RR_TYPE_NB;
877
const char *packet_type = "unknown";
878
879
/* Check if we are sending to or from ourselves. */
880
if(ismyip_v4(orig_packet->ip) && (orig_packet->port == global_nmb_port))
881
loopback_this_packet = True;
882
883
nmb = &packet.packet.nmb;
884
885
/* Do a partial copy of the packet. We clear the locked flag and
886
the resource record pointers. */
887
packet = *orig_packet; /* Full structure copy. */
888
packet.locked = False;
889
nmb->answers = NULL;
890
nmb->nsrecs = NULL;
891
nmb->additional = NULL;
892
893
switch (rcv_code) {
894
case NMB_STATUS:
895
packet_type = "nmb_status";
896
nmb->header.nm_flags.recursion_desired = False;
897
nmb->header.nm_flags.recursion_available = False;
898
rr_type = RR_TYPE_NBSTAT;
899
break;
900
case NMB_QUERY:
901
packet_type = "nmb_query";
902
nmb->header.nm_flags.recursion_desired = True;
903
nmb->header.nm_flags.recursion_available = True;
904
if (rcode) {
905
rr_type = RR_TYPE_NULL;
906
}
907
break;
908
case NMB_REG:
909
case NMB_REG_REFRESH:
910
packet_type = "nmb_reg";
911
nmb->header.nm_flags.recursion_desired = True;
912
nmb->header.nm_flags.recursion_available = True;
913
break;
914
case NMB_REL:
915
packet_type = "nmb_rel";
916
nmb->header.nm_flags.recursion_desired = False;
917
nmb->header.nm_flags.recursion_available = False;
918
break;
919
case NMB_WAIT_ACK:
920
packet_type = "nmb_wack";
921
nmb->header.nm_flags.recursion_desired = False;
922
nmb->header.nm_flags.recursion_available = False;
923
rr_type = RR_TYPE_NULL;
924
break;
925
case WINS_REG:
926
packet_type = "wins_reg";
927
nmb->header.nm_flags.recursion_desired = True;
928
nmb->header.nm_flags.recursion_available = True;
929
break;
930
case WINS_QUERY:
931
packet_type = "wins_query";
932
nmb->header.nm_flags.recursion_desired = True;
933
nmb->header.nm_flags.recursion_available = True;
934
if (rcode) {
935
rr_type = RR_TYPE_NULL;
936
}
937
break;
938
default:
939
DEBUG(0,("reply_netbios_packet: Unknown packet type: %s %s to ip %s\n",
940
packet_type, nmb_namestr(&orig_nmb->question.question_name),
941
inet_ntoa(packet.ip)));
942
return;
943
}
944
945
DEBUG(4,("reply_netbios_packet: sending a reply of packet type: %s %s to ip %s \
946
for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
947
inet_ntoa(packet.ip), orig_nmb->header.name_trn_id));
948
949
nmb->header.name_trn_id = orig_nmb->header.name_trn_id;
950
nmb->header.opcode = opcode;
951
nmb->header.response = True;
952
nmb->header.nm_flags.bcast = False;
953
nmb->header.nm_flags.trunc = False;
954
nmb->header.nm_flags.authoritative = True;
955
956
nmb->header.rcode = rcode;
957
nmb->header.qdcount = 0;
958
nmb->header.ancount = 1;
959
nmb->header.nscount = 0;
960
nmb->header.arcount = 0;
961
962
memset((char*)&nmb->question,'\0',sizeof(nmb->question));
963
964
nmb->answers = &answers;
965
memset((char*)nmb->answers,'\0',sizeof(*nmb->answers));
966
967
nmb->answers->rr_name = orig_nmb->question.question_name;
968
nmb->answers->rr_type = rr_type;
969
nmb->answers->rr_class = RR_CLASS_IN;
970
nmb->answers->ttl = ttl;
971
972
if (data && len) {
973
if (len < 0 || len > sizeof(nmb->answers->rdata)) {
974
DEBUG(5,("reply_netbios_packet: "
975
"invalid packet len (%d)\n",
976
len ));
977
return;
978
}
979
nmb->answers->rdlength = len;
980
memcpy(nmb->answers->rdata, data, len);
981
}
982
983
packet.packet_type = NMB_PACKET;
984
packet.recv_fd = -1;
985
/* Ensure we send out on the same fd that the original
986
packet came in on to give the correct source IP address. */
987
if (orig_packet->send_fd != -1) {
988
packet.send_fd = orig_packet->send_fd;
989
} else {
990
packet.send_fd = orig_packet->recv_fd;
991
}
992
packet.timestamp = time(NULL);
993
994
debug_nmb_packet(&packet);
995
996
if(loopback_this_packet) {
997
struct packet_struct *lo_packet;
998
DEBUG(5,("reply_netbios_packet: sending packet to ourselves.\n"));
999
if((lo_packet = copy_packet(&packet)) == NULL)
1000
return;
1001
queue_packet(lo_packet);
1002
} else if (!send_packet(&packet)) {
1003
DEBUG(0,("reply_netbios_packet: send_packet to IP %s port %d failed\n",
1004
inet_ntoa(packet.ip),packet.port));
1005
}
1006
}
1007
1008
/*******************************************************************
1009
Queue a packet into a packet queue
1010
******************************************************************/
1011
1012
void queue_packet(struct packet_struct *packet)
1013
{
1014
struct packet_struct *p;
1015
1016
if (!packet_queue) {
1017
packet->prev = NULL;
1018
packet->next = NULL;
1019
packet_queue = packet;
1020
return;
1021
}
1022
1023
/* find the bottom */
1024
for (p=packet_queue;p->next;p=p->next)
1025
;
1026
1027
p->next = packet;
1028
packet->next = NULL;
1029
packet->prev = p;
1030
}
1031
1032
/****************************************************************************
1033
Try and find a matching subnet record for a datagram port 138 packet.
1034
****************************************************************************/
1035
1036
static struct subnet_record *find_subnet_for_dgram_browse_packet(struct packet_struct *p)
1037
{
1038
struct subnet_record *subrec;
1039
1040
/* Go through all the broadcast subnets and see if the mask matches. */
1041
for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1042
if(same_net_v4(p->ip, subrec->bcast_ip, subrec->mask_ip))
1043
return subrec;
1044
}
1045
1046
/* If the subnet record is the remote announce broadcast subnet,
1047
hack it here to be the first subnet. This is really gross and
1048
is needed due to people turning on port 137/138 broadcast
1049
forwarding on their routers. May fire and brimstone rain
1050
down upon them...
1051
*/
1052
1053
return FIRST_SUBNET;
1054
}
1055
1056
/****************************************************************************
1057
Dispatch a browse frame from port 138 to the correct processing function.
1058
****************************************************************************/
1059
1060
static void process_browse_packet(struct packet_struct *p, char *buf,int len)
1061
{
1062
struct dgram_packet *dgram = &p->packet.dgram;
1063
int command = CVAL(buf,0);
1064
struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1065
char scope[64];
1066
unstring src_name;
1067
1068
/* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1069
pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1070
if (!strequal(scope, global_scope())) {
1071
DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Scope (%s) \
1072
mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1073
return;
1074
}
1075
1076
pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1077
if (is_myname(src_name)) {
1078
DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Source name \
1079
%s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1080
return;
1081
}
1082
1083
switch (command) {
1084
case ANN_HostAnnouncement:
1085
debug_browse_data(buf, len);
1086
process_host_announce(subrec, p, buf+1);
1087
break;
1088
case ANN_DomainAnnouncement:
1089
debug_browse_data(buf, len);
1090
process_workgroup_announce(subrec, p, buf+1);
1091
break;
1092
case ANN_LocalMasterAnnouncement:
1093
debug_browse_data(buf, len);
1094
process_local_master_announce(subrec, p, buf+1);
1095
break;
1096
case ANN_AnnouncementRequest:
1097
debug_browse_data(buf, len);
1098
process_announce_request(subrec, p, buf+1);
1099
break;
1100
case ANN_Election:
1101
debug_browse_data(buf, len);
1102
process_election(subrec, p, buf+1);
1103
break;
1104
case ANN_GetBackupListReq:
1105
debug_browse_data(buf, len);
1106
process_get_backup_list_request(subrec, p, buf+1);
1107
break;
1108
case ANN_GetBackupListResp:
1109
debug_browse_data(buf, len);
1110
/* We never send ANN_GetBackupListReq so we should never get these. */
1111
DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
1112
packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
1113
break;
1114
case ANN_ResetBrowserState:
1115
debug_browse_data(buf, len);
1116
process_reset_browser(subrec, p, buf+1);
1117
break;
1118
case ANN_MasterAnnouncement:
1119
/* Master browser datagrams must be processed on the unicast subnet. */
1120
subrec = unicast_subnet;
1121
1122
debug_browse_data(buf, len);
1123
process_master_browser_announce(subrec, p, buf+1);
1124
break;
1125
case ANN_BecomeBackup:
1126
/*
1127
* We don't currently implement this. Log it just in case.
1128
*/
1129
debug_browse_data(buf, len);
1130
DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
1131
command ANN_BecomeBackup from %s IP %s to %s\n", subrec->subnet_name, nmb_namestr(&dgram->source_name),
1132
inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1133
break;
1134
default:
1135
debug_browse_data(buf, len);
1136
DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
1137
command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1138
inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1139
break;
1140
}
1141
}
1142
1143
/****************************************************************************
1144
Dispatch a LanMan browse frame from port 138 to the correct processing function.
1145
****************************************************************************/
1146
1147
static void process_lanman_packet(struct packet_struct *p, char *buf,int len)
1148
{
1149
struct dgram_packet *dgram = &p->packet.dgram;
1150
int command = SVAL(buf,0);
1151
struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1152
char scope[64];
1153
unstring src_name;
1154
1155
/* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1156
1157
pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1158
if (!strequal(scope, global_scope())) {
1159
DEBUG(7,("process_lanman_packet: Discarding datagram from IP %s. Scope (%s) \
1160
mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1161
return;
1162
}
1163
1164
pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1165
if (is_myname(src_name)) {
1166
DEBUG(0,("process_lanman_packet: Discarding datagram from IP %s. Source name \
1167
%s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1168
return;
1169
}
1170
1171
switch (command) {
1172
case ANN_HostAnnouncement:
1173
debug_browse_data(buf, len);
1174
process_lm_host_announce(subrec, p, buf+1, len > 1 ? len-1 : 0);
1175
break;
1176
case ANN_AnnouncementRequest:
1177
process_lm_announce_request(subrec, p, buf+1, len > 1 ? len-1 : 0);
1178
break;
1179
default:
1180
DEBUG(0,("process_lanman_packet: On subnet %s ignoring browse packet \
1181
command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1182
inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1183
break;
1184
}
1185
}
1186
1187
/****************************************************************************
1188
Determine if a packet is for us on port 138. Note that to have any chance of
1189
being efficient we need to drop as many packets as possible at this
1190
stage as subsequent processing is expensive.
1191
****************************************************************************/
1192
1193
static bool listening(struct packet_struct *p,struct nmb_name *nbname)
1194
{
1195
struct subnet_record *subrec = NULL;
1196
1197
for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1198
if(same_net_v4(p->ip, subrec->bcast_ip, subrec->mask_ip))
1199
break;
1200
}
1201
1202
if(subrec == NULL)
1203
subrec = unicast_subnet;
1204
1205
return (find_name_on_subnet(subrec, nbname, FIND_SELF_NAME) != NULL);
1206
}
1207
1208
/****************************************************************************
1209
Process udp 138 datagrams
1210
****************************************************************************/
1211
1212
static void process_dgram(struct packet_struct *p)
1213
{
1214
char *buf;
1215
char *buf2;
1216
int len;
1217
struct dgram_packet *dgram = &p->packet.dgram;
1218
1219
/* If we aren't listening to the destination name then ignore the packet */
1220
if (!listening(p,&dgram->dest_name)) {
1221
unexpected_packet(p);
1222
DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from %s\n",
1223
nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip)));
1224
return;
1225
}
1226
1227
if (dgram->header.msg_type != 0x10 && dgram->header.msg_type != 0x11 && dgram->header.msg_type != 0x12) {
1228
unexpected_packet(p);
1229
/* Don't process error packets etc yet */
1230
DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from IP %s as it is \
1231
an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), dgram->header.msg_type));
1232
return;
1233
}
1234
1235
/* Ensure we have a large enough packet before looking inside. */
1236
if (dgram->datasize < (smb_vwv12 - 2)) {
1237
/* That's the offset minus the 4 byte length + 2 bytes of offset. */
1238
DEBUG(0,("process_dgram: ignoring too short dgram packet (%u) sent to name %s from IP %s\n",
1239
(unsigned int)dgram->datasize,
1240
nmb_namestr(&dgram->dest_name),
1241
inet_ntoa(p->ip) ));
1242
return;
1243
}
1244
1245
buf = &dgram->data[0];
1246
buf -= 4; /* XXXX for the pseudo tcp length - someday I need to get rid of this */
1247
1248
if (CVAL(buf,smb_com) != SMBtrans)
1249
return;
1250
1251
len = SVAL(buf,smb_vwv11);
1252
buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
1253
1254
if (len <= 0 || len > dgram->datasize) {
1255
DEBUG(0,("process_dgram: ignoring malformed1 (datasize = %d, len = %d) datagram \
1256
packet sent to name %s from IP %s\n",
1257
dgram->datasize,
1258
len,
1259
nmb_namestr(&dgram->dest_name),
1260
inet_ntoa(p->ip) ));
1261
return;
1262
}
1263
1264
if (buf2 < dgram->data || (buf2 >= dgram->data + dgram->datasize)) {
1265
DEBUG(0,("process_dgram: ignoring malformed2 (datasize = %d, len=%d, off=%d) datagram \
1266
packet sent to name %s from IP %s\n",
1267
dgram->datasize,
1268
len,
1269
(int)PTR_DIFF(buf2, dgram->data),
1270
nmb_namestr(&dgram->dest_name),
1271
inet_ntoa(p->ip) ));
1272
return;
1273
}
1274
1275
if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) {
1276
DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \
1277
packet sent to name %s from IP %s\n",
1278
dgram->datasize,
1279
len,
1280
(int)PTR_DIFF(buf2, dgram->data),
1281
nmb_namestr(&dgram->dest_name),
1282
inet_ntoa(p->ip) ));
1283
return;
1284
}
1285
1286
DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
1287
nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
1288
inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
1289
1290
/* Datagram packet received for the browser mailslot */
1291
if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) {
1292
process_browse_packet(p,buf2,len);
1293
return;
1294
}
1295
1296
/* Datagram packet received for the LAN Manager mailslot */
1297
if (strequal(smb_buf(buf),LANMAN_MAILSLOT)) {
1298
process_lanman_packet(p,buf2,len);
1299
return;
1300
}
1301
1302
/* Datagram packet received for the domain logon mailslot */
1303
if (strequal(smb_buf(buf),NET_LOGON_MAILSLOT)) {
1304
process_logon_packet(p,buf2,len,NET_LOGON_MAILSLOT);
1305
return;
1306
}
1307
1308
/* Datagram packet received for the NT domain logon mailslot */
1309
if (strequal(smb_buf(buf),NT_LOGON_MAILSLOT)) {
1310
process_logon_packet(p,buf2,len,NT_LOGON_MAILSLOT);
1311
return;
1312
}
1313
1314
unexpected_packet(p);
1315
}
1316
1317
/****************************************************************************
1318
Validate a response nmb packet.
1319
****************************************************************************/
1320
1321
static bool validate_nmb_response_packet( struct nmb_packet *nmb )
1322
{
1323
bool ignore = False;
1324
1325
switch (nmb->header.opcode) {
1326
case NMB_NAME_REG_OPCODE:
1327
case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1328
case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1329
if (nmb->header.ancount == 0) {
1330
DEBUG(0,("validate_nmb_response_packet: Bad REG/REFRESH Packet. "));
1331
ignore = True;
1332
}
1333
break;
1334
1335
case NMB_NAME_QUERY_OPCODE:
1336
if ((nmb->header.ancount != 0) && (nmb->header.ancount != 1)) {
1337
DEBUG(0,("validate_nmb_response_packet: Bad QUERY Packet. "));
1338
ignore = True;
1339
}
1340
break;
1341
1342
case NMB_NAME_RELEASE_OPCODE:
1343
if (nmb->header.ancount == 0) {
1344
DEBUG(0,("validate_nmb_response_packet: Bad RELEASE Packet. "));
1345
ignore = True;
1346
}
1347
break;
1348
1349
case NMB_WACK_OPCODE:
1350
/* Check WACK response here. */
1351
if (nmb->header.ancount != 1) {
1352
DEBUG(0,("validate_nmb_response_packet: Bad WACK Packet. "));
1353
ignore = True;
1354
}
1355
break;
1356
default:
1357
DEBUG(0,("validate_nmb_response_packet: Ignoring packet with unknown opcode %d.\n",
1358
nmb->header.opcode));
1359
return True;
1360
}
1361
1362
if(ignore)
1363
DEBUG(0,("Ignoring response packet with opcode %d.\n", nmb->header.opcode));
1364
1365
return ignore;
1366
}
1367
1368
/****************************************************************************
1369
Validate a request nmb packet.
1370
****************************************************************************/
1371
1372
static bool validate_nmb_packet( struct nmb_packet *nmb )
1373
{
1374
bool ignore = False;
1375
1376
switch (nmb->header.opcode) {
1377
case NMB_NAME_REG_OPCODE:
1378
case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1379
case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1380
case NMB_NAME_MULTIHOMED_REG_OPCODE:
1381
if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1382
DEBUG(0,("validate_nmb_packet: Bad REG/REFRESH Packet. "));
1383
ignore = True;
1384
}
1385
break;
1386
1387
case NMB_NAME_QUERY_OPCODE:
1388
if ((nmb->header.qdcount == 0) || ((nmb->question.question_type != QUESTION_TYPE_NB_QUERY) &&
1389
(nmb->question.question_type != QUESTION_TYPE_NB_STATUS))) {
1390
DEBUG(0,("validate_nmb_packet: Bad QUERY Packet. "));
1391
ignore = True;
1392
}
1393
break;
1394
1395
case NMB_NAME_RELEASE_OPCODE:
1396
if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1397
DEBUG(0,("validate_nmb_packet: Bad RELEASE Packet. "));
1398
ignore = True;
1399
}
1400
break;
1401
default:
1402
DEBUG(0,("validate_nmb_packet: Ignoring packet with unknown opcode %d.\n",
1403
nmb->header.opcode));
1404
return True;
1405
}
1406
1407
if(ignore)
1408
DEBUG(0,("validate_nmb_packet: Ignoring request packet with opcode %d.\n", nmb->header.opcode));
1409
1410
return ignore;
1411
}
1412
1413
/****************************************************************************
1414
Find a subnet (and potentially a response record) for a packet.
1415
****************************************************************************/
1416
1417
static struct subnet_record *find_subnet_for_nmb_packet( struct packet_struct *p,
1418
struct response_record **pprrec)
1419
{
1420
struct nmb_packet *nmb = &p->packet.nmb;
1421
struct response_record *rrec = NULL;
1422
struct subnet_record *subrec = NULL;
1423
1424
if(pprrec != NULL)
1425
*pprrec = NULL;
1426
1427
if(nmb->header.response) {
1428
/* It's a response packet. Find a record for it or it's an error. */
1429
1430
rrec = find_response_record( &subrec, nmb->header.name_trn_id);
1431
if(rrec == NULL) {
1432
DEBUG(3,("find_subnet_for_nmb_packet: response record not found for response id %hu\n",
1433
nmb->header.name_trn_id));
1434
unexpected_packet(p);
1435
return NULL;
1436
}
1437
1438
if(subrec == NULL) {
1439
DEBUG(0,("find_subnet_for_nmb_packet: subnet record not found for response id %hu\n",
1440
nmb->header.name_trn_id));
1441
return NULL;
1442
}
1443
1444
if(pprrec != NULL)
1445
*pprrec = rrec;
1446
return subrec;
1447
}
1448
1449
/* Try and see what subnet this packet belongs to. */
1450
1451
/* WINS server ? */
1452
if(packet_is_for_wins_server(p))
1453
return wins_server_subnet;
1454
1455
/* If it wasn't a broadcast packet then send to the UNICAST subnet. */
1456
if(nmb->header.nm_flags.bcast == False)
1457
return unicast_subnet;
1458
1459
/* Go through all the broadcast subnets and see if the mask matches. */
1460
for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1461
if(same_net_v4(p->ip, subrec->bcast_ip, subrec->mask_ip))
1462
return subrec;
1463
}
1464
1465
/* If none match it must have been a directed broadcast - assign the remote_broadcast_subnet. */
1466
return remote_broadcast_subnet;
1467
}
1468
1469
/****************************************************************************
1470
Process a nmb request packet - validate the packet and route it.
1471
****************************************************************************/
1472
1473
static void process_nmb_request(struct packet_struct *p)
1474
{
1475
struct nmb_packet *nmb = &p->packet.nmb;
1476
struct subnet_record *subrec = NULL;
1477
1478
debug_nmb_packet(p);
1479
1480
/* Ensure we have a good packet. */
1481
if(validate_nmb_packet(nmb))
1482
return;
1483
1484
/* Allocate a subnet to this packet - if we cannot - fail. */
1485
if((subrec = find_subnet_for_nmb_packet(p, NULL))==NULL)
1486
return;
1487
1488
switch (nmb->header.opcode) {
1489
case NMB_NAME_REG_OPCODE:
1490
if(subrec == wins_server_subnet)
1491
wins_process_name_registration_request(subrec, p);
1492
else
1493
process_name_registration_request(subrec, p);
1494
break;
1495
1496
case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1497
case NMB_NAME_REFRESH_OPCODE_9:
1498
if(subrec == wins_server_subnet)
1499
wins_process_name_refresh_request(subrec, p);
1500
else
1501
process_name_refresh_request(subrec, p);
1502
break;
1503
1504
case NMB_NAME_MULTIHOMED_REG_OPCODE:
1505
if(subrec == wins_server_subnet) {
1506
wins_process_multihomed_name_registration_request(subrec, p);
1507
} else {
1508
DEBUG(0,("process_nmb_request: Multihomed registration request must be \
1509
directed at a WINS server.\n"));
1510
}
1511
break;
1512
1513
case NMB_NAME_QUERY_OPCODE:
1514
switch (nmb->question.question_type) {
1515
case QUESTION_TYPE_NB_QUERY:
1516
if(subrec == wins_server_subnet)
1517
wins_process_name_query_request(subrec, p);
1518
else
1519
process_name_query_request(subrec, p);
1520
break;
1521
case QUESTION_TYPE_NB_STATUS:
1522
if(subrec == wins_server_subnet) {
1523
DEBUG(0,("process_nmb_request: NB_STATUS request directed at WINS server is \
1524
not allowed.\n"));
1525
break;
1526
} else {
1527
process_node_status_request(subrec, p);
1528
}
1529
break;
1530
}
1531
break;
1532
1533
case NMB_NAME_RELEASE_OPCODE:
1534
if(subrec == wins_server_subnet)
1535
wins_process_name_release_request(subrec, p);
1536
else
1537
process_name_release_request(subrec, p);
1538
break;
1539
}
1540
}
1541
1542
/****************************************************************************
1543
Process a nmb response packet - validate the packet and route it.
1544
to either the WINS server or a normal response.
1545
****************************************************************************/
1546
1547
static void process_nmb_response(struct packet_struct *p)
1548
{
1549
struct nmb_packet *nmb = &p->packet.nmb;
1550
struct subnet_record *subrec = NULL;
1551
struct response_record *rrec = NULL;
1552
1553
debug_nmb_packet(p);
1554
1555
if(validate_nmb_response_packet(nmb))
1556
return;
1557
1558
if((subrec = find_subnet_for_nmb_packet(p, &rrec))==NULL)
1559
return;
1560
1561
if(rrec == NULL) {
1562
DEBUG(0,("process_nmb_response: response packet received but no response record \
1563
found for id = %hu. Ignoring packet.\n", nmb->header.name_trn_id));
1564
return;
1565
}
1566
1567
/* Increment the number of responses received for this record. */
1568
rrec->num_msgs++;
1569
/* Ensure we don't re-send the request. */
1570
rrec->repeat_count = 0;
1571
1572
/* Call the response received function for this packet. */
1573
(*rrec->resp_fn)(subrec, rrec, p);
1574
}
1575
1576
/*******************************************************************
1577
Run elements off the packet queue till its empty
1578
******************************************************************/
1579
1580
void run_packet_queue(void)
1581
{
1582
struct packet_struct *p;
1583
1584
while ((p = packet_queue)) {
1585
packet_queue = p->next;
1586
if (packet_queue)
1587
packet_queue->prev = NULL;
1588
p->next = p->prev = NULL;
1589
1590
switch (p->packet_type) {
1591
case NMB_PACKET:
1592
if(p->packet.nmb.header.response)
1593
process_nmb_response(p);
1594
else
1595
process_nmb_request(p);
1596
break;
1597
1598
case DGRAM_PACKET:
1599
process_dgram(p);
1600
break;
1601
}
1602
free_packet(p);
1603
}
1604
}
1605
1606
/*******************************************************************
1607
Retransmit or timeout elements from all the outgoing subnet response
1608
record queues. NOTE that this code must also check the WINS server
1609
subnet for response records to timeout as the WINS server code
1610
can send requests to check if a client still owns a name.
1611
(Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>).
1612
******************************************************************/
1613
1614
void retransmit_or_expire_response_records(time_t t)
1615
{
1616
struct subnet_record *subrec;
1617
1618
for (subrec = FIRST_SUBNET; subrec; subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec)) {
1619
struct response_record *rrec, *nextrrec;
1620
1621
restart:
1622
1623
for (rrec = subrec->responselist; rrec; rrec = nextrrec) {
1624
nextrrec = rrec->next;
1625
1626
if (rrec->repeat_time <= t) {
1627
if (rrec->repeat_count > 0) {
1628
/* Resend while we have a non-zero repeat_count. */
1629
if(!send_packet(rrec->packet)) {
1630
DEBUG(0,("retransmit_or_expire_response_records: Failed to resend packet id %hu \
1631
to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1632
}
1633
rrec->repeat_time = t + rrec->repeat_interval;
1634
rrec->repeat_count--;
1635
} else {
1636
DEBUG(4,("retransmit_or_expire_response_records: timeout for packet id %hu to IP %s \
1637
on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1638
1639
/*
1640
* Check the flag in this record to prevent recursion if we end
1641
* up in this function again via the timeout function call.
1642
*/
1643
1644
if(!rrec->in_expiration_processing) {
1645
1646
/*
1647
* Set the recursion protection flag in this record.
1648
*/
1649
1650
rrec->in_expiration_processing = True;
1651
1652
/* Call the timeout function. This will deal with removing the
1653
timed out packet. */
1654
if(rrec->timeout_fn) {
1655
(*rrec->timeout_fn)(subrec, rrec);
1656
} else {
1657
/* We must remove the record ourself if there is
1658
no timeout function. */
1659
remove_response_record(subrec, rrec);
1660
}
1661
/* We have changed subrec->responselist,
1662
* restart from the beginning of this list. */
1663
goto restart;
1664
} /* !rrec->in_expitation_processing */
1665
} /* rrec->repeat_count > 0 */
1666
} /* rrec->repeat_time <= t */
1667
} /* end for rrec */
1668
} /* end for subnet */
1669
}
1670
1671
/****************************************************************************
1672
Create an fd_set containing all the sockets in the subnet structures,
1673
plus the broadcast sockets.
1674
***************************************************************************/
1675
1676
static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_number, int *maxfd)
1677
{
1678
int *sock_array = NULL;
1679
struct subnet_record *subrec = NULL;
1680
int count = 0;
1681
int num = 0;
1682
fd_set *pset = SMB_MALLOC_P(fd_set);
1683
1684
if(pset == NULL) {
1685
DEBUG(0,("create_listen_fdset: malloc fail !\n"));
1686
return True;
1687
}
1688
1689
/* The Client* sockets */
1690
count++;
1691
1692
/* Check that we can add all the fd's we need. */
1693
for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
1694
count++;
1695
1696
/* each interface gets 4 sockets */
1697
count *= 4;
1698
1699
if(count > FD_SETSIZE) {
1700
DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
1701
only use %d.\n", count, FD_SETSIZE));
1702
SAFE_FREE(pset);
1703
return True;
1704
}
1705
1706
if((sock_array = SMB_MALLOC_ARRAY(int, count)) == NULL) {
1707
DEBUG(0,("create_listen_fdset: malloc fail for socket array. size %d\n", count));
1708
SAFE_FREE(pset);
1709
return True;
1710
}
1711
1712
FD_ZERO(pset);
1713
1714
/* Add in the lp_socket_address() interface on 137. */
1715
FD_SET(ClientNMB,pset);
1716
sock_array[num++] = ClientNMB;
1717
*maxfd = MAX( *maxfd, ClientNMB);
1718
1719
/* the lp_socket_address() interface has only one socket */
1720
sock_array[num++] = -1;
1721
1722
/* Add in the 137 sockets on all the interfaces. */
1723
for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1724
FD_SET(subrec->nmb_sock,pset);
1725
sock_array[num++] = subrec->nmb_sock;
1726
*maxfd = MAX( *maxfd, subrec->nmb_sock);
1727
1728
sock_array[num++] = subrec->nmb_bcast;
1729
if (subrec->nmb_bcast != -1) {
1730
FD_SET(subrec->nmb_bcast,pset);
1731
*maxfd = MAX( *maxfd, subrec->nmb_bcast);
1732
}
1733
}
1734
1735
/* Add in the lp_socket_address() interface on 138. */
1736
FD_SET(ClientDGRAM,pset);
1737
sock_array[num++] = ClientDGRAM;
1738
*maxfd = MAX( *maxfd, ClientDGRAM);
1739
1740
/* the lp_socket_address() interface has only one socket */
1741
sock_array[num++] = -1;
1742
1743
/* Add in the 138 sockets on all the interfaces. */
1744
for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1745
FD_SET(subrec->dgram_sock,pset);
1746
sock_array[num++] = subrec->dgram_sock;
1747
*maxfd = MAX( *maxfd, subrec->dgram_sock);
1748
1749
sock_array[num++] = subrec->dgram_bcast;
1750
if (subrec->dgram_bcast != -1) {
1751
FD_SET(subrec->dgram_bcast,pset);
1752
*maxfd = MAX( *maxfd, subrec->dgram_bcast);
1753
}
1754
}
1755
1756
*listen_number = count;
1757
1758
SAFE_FREE(*ppset);
1759
SAFE_FREE(*psock_array);
1760
1761
*ppset = pset;
1762
*psock_array = sock_array;
1763
1764
return False;
1765
}
1766
1767
/****************************************************************************
1768
List of packets we're processing this select.
1769
***************************************************************************/
1770
1771
struct processed_packet {
1772
struct processed_packet *next;
1773
struct processed_packet *prev;
1774
enum packet_type packet_type;
1775
struct in_addr ip;
1776
int packet_id;
1777
};
1778
1779
/****************************************************************************
1780
Have we seen this before ?
1781
***************************************************************************/
1782
1783
static bool is_processed_packet(struct processed_packet *processed_packet_list,
1784
struct packet_struct *packet)
1785
{
1786
struct processed_packet *p = NULL;
1787
1788
for (p = processed_packet_list; p; p = p->next) {
1789
if (ip_equal_v4(p->ip, packet->ip) && p->packet_type == packet->packet_type) {
1790
if ((p->packet_type == NMB_PACKET) &&
1791
(p->packet_id ==
1792
packet->packet.nmb.header.name_trn_id)) {
1793
return true;
1794
} else if ((p->packet_type == DGRAM_PACKET) &&
1795
(p->packet_id ==
1796
packet->packet.dgram.header.dgm_id)) {
1797
return true;
1798
}
1799
}
1800
}
1801
return false;
1802
}
1803
1804
/****************************************************************************
1805
Keep a list of what we've seen before.
1806
***************************************************************************/
1807
1808
static bool store_processed_packet(struct processed_packet **pp_processed_packet_list,
1809
struct packet_struct *packet)
1810
{
1811
struct processed_packet *p = SMB_MALLOC_P(struct processed_packet);
1812
if (!p) {
1813
return false;
1814
}
1815
p->packet_type = packet->packet_type;
1816
p->ip = packet->ip;
1817
if (packet->packet_type == NMB_PACKET) {
1818
p->packet_id = packet->packet.nmb.header.name_trn_id;
1819
} else if (packet->packet_type == DGRAM_PACKET) {
1820
p->packet_id = packet->packet.dgram.header.dgm_id;
1821
} else {
1822
return false;
1823
}
1824
1825
DLIST_ADD(*pp_processed_packet_list, p);
1826
return true;
1827
}
1828
1829
/****************************************************************************
1830
Throw away what we've seen before.
1831
***************************************************************************/
1832
1833
static void free_processed_packet_list(struct processed_packet **pp_processed_packet_list)
1834
{
1835
struct processed_packet *p = NULL, *next = NULL;
1836
1837
for (p = *pp_processed_packet_list; p; p = next) {
1838
next = p->next;
1839
DLIST_REMOVE(*pp_processed_packet_list, p);
1840
SAFE_FREE(p);
1841
}
1842
}
1843
1844
/****************************************************************************
1845
Listens for NMB or DGRAM packets, and queues them.
1846
return True if the socket is dead
1847
***************************************************************************/
1848
1849
bool listen_for_packets(bool run_election)
1850
{
1851
static fd_set *listen_set = NULL;
1852
static int listen_number = 0;
1853
static int *sock_array = NULL;
1854
int i;
1855
static int maxfd = 0;
1856
1857
fd_set r_fds;
1858
fd_set w_fds;
1859
int selrtn;
1860
struct timeval timeout;
1861
#ifndef SYNC_DNS
1862
int dns_fd;
1863
#endif
1864
struct processed_packet *processed_packet_list = NULL;
1865
1866
if(listen_set == NULL || rescan_listen_set) {
1867
if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) {
1868
DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n"));
1869
return True;
1870
}
1871
rescan_listen_set = False;
1872
}
1873
1874
memcpy((char *)&r_fds, (char *)listen_set, sizeof(fd_set));
1875
FD_ZERO(&w_fds);
1876
1877
#ifndef SYNC_DNS
1878
dns_fd = asyncdns_fd();
1879
if (dns_fd != -1) {
1880
FD_SET(dns_fd, &r_fds);
1881
maxfd = MAX( maxfd, dns_fd);
1882
}
1883
#endif
1884
1885
/* Process a signal and timer events now... */
1886
if (run_events(nmbd_event_context(), 0, NULL, NULL)) {
1887
return False;
1888
}
1889
1890
/*
1891
* During elections and when expecting a netbios response packet we
1892
* need to send election packets at tighter intervals.
1893
* Ideally it needs to be the interval (in ms) between time now and
1894
* the time we are expecting the next netbios packet.
1895
*/
1896
1897
timeout.tv_sec = (run_election||num_response_packets) ? 1 : NMBD_SELECT_LOOP;
1898
timeout.tv_usec = 0;
1899
1900
{
1901
struct timeval now = timeval_current();
1902
event_add_to_select_args(nmbd_event_context(), &now,
1903
&r_fds, &w_fds, &timeout, &maxfd);
1904
}
1905
1906
selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&timeout);
1907
1908
if (run_events(nmbd_event_context(), selrtn, &r_fds, &w_fds)) {
1909
return False;
1910
}
1911
1912
if (selrtn == -1) {
1913
return False;
1914
}
1915
1916
#ifndef SYNC_DNS
1917
if (dns_fd != -1 && FD_ISSET(dns_fd,&r_fds)) {
1918
run_dns_queue();
1919
}
1920
#endif
1921
1922
for(i = 0; i < listen_number; i++) {
1923
enum packet_type packet_type;
1924
struct packet_struct *packet;
1925
const char *packet_name;
1926
int client_fd;
1927
int client_port;
1928
1929
if (sock_array[i] == -1) {
1930
continue;
1931
}
1932
1933
if (!FD_ISSET(sock_array[i],&r_fds)) {
1934
continue;
1935
}
1936
1937
if (i < (listen_number/2)) {
1938
/* Port 137 */
1939
packet_type = NMB_PACKET;
1940
packet_name = "nmb";
1941
client_fd = ClientNMB;
1942
client_port = global_nmb_port;
1943
} else {
1944
/* Port 138 */
1945
packet_type = DGRAM_PACKET;
1946
packet_name = "dgram";
1947
client_fd = ClientDGRAM;
1948
client_port = DGRAM_PORT;
1949
}
1950
1951
packet = read_packet(sock_array[i], packet_type);
1952
if (!packet) {
1953
continue;
1954
}
1955
1956
/*
1957
* If we got a packet on the broadcast socket and interfaces
1958
* only is set then check it came from one of our local nets.
1959
*/
1960
if (lp_bind_interfaces_only() &&
1961
(sock_array[i] == client_fd) &&
1962
(!is_local_net_v4(packet->ip))) {
1963
DEBUG(7,("discarding %s packet sent to broadcast socket from %s:%d\n",
1964
packet_name, inet_ntoa(packet->ip), packet->port));
1965
free_packet(packet);
1966
continue;
1967
}
1968
1969
if ((is_loopback_ip_v4(packet->ip) || ismyip_v4(packet->ip)) &&
1970
packet->port == client_port)
1971
{
1972
if (client_port == DGRAM_PORT) {
1973
DEBUG(7,("discarding own dgram packet from %s:%d\n",
1974
inet_ntoa(packet->ip),packet->port));
1975
free_packet(packet);
1976
continue;
1977
}
1978
1979
if (packet->packet.nmb.header.nm_flags.bcast) {
1980
DEBUG(7,("discarding own nmb bcast packet from %s:%d\n",
1981
inet_ntoa(packet->ip),packet->port));
1982
free_packet(packet);
1983
continue;
1984
}
1985
}
1986
1987
1988
if (is_processed_packet(processed_packet_list, packet)) {
1989
DEBUG(7,("discarding duplicate packet from %s:%d\n",
1990
inet_ntoa(packet->ip),packet->port));
1991
free_packet(packet);
1992
continue;
1993
}
1994
1995
store_processed_packet(&processed_packet_list, packet);
1996
1997
/*
1998
* 0,2,4,... are unicast sockets
1999
* 1,3,5,... are broadcast sockets
2000
*
2001
* on broadcast socket we only receive packets
2002
* and send replies via the unicast socket.
2003
*
2004
* 0,1 and 2,3 and ... belong together.
2005
*/
2006
if ((i % 2) != 0) {
2007
/* this is a broadcast socket */
2008
packet->send_fd = sock_array[i-1];
2009
} else {
2010
/* this is already a unicast socket */
2011
packet->send_fd = sock_array[i];
2012
}
2013
2014
queue_packet(packet);
2015
}
2016
2017
free_processed_packet_list(&processed_packet_list);
2018
return False;
2019
}
2020
2021
/****************************************************************************
2022
Construct and send a netbios DGRAM.
2023
**************************************************************************/
2024
2025
bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len,
2026
const char *srcname, int src_type,
2027
const char *dstname, int dest_type,
2028
struct in_addr dest_ip,struct in_addr src_ip,
2029
int dest_port)
2030
{
2031
bool loopback_this_packet = False;
2032
struct packet_struct p;
2033
struct dgram_packet *dgram = &p.packet.dgram;
2034
char *ptr,*p2;
2035
char tmp[4];
2036
2037
memset((char *)&p,'\0',sizeof(p));
2038
2039
if(ismyip_v4(dest_ip) && (dest_port == DGRAM_PORT)) /* Only if to DGRAM_PORT */
2040
loopback_this_packet = True;
2041
2042
/* generate_name_trn_id(); */ /* Not used, so gone, RJS */
2043
2044
/* DIRECT GROUP or UNIQUE datagram. */
2045
dgram->header.msg_type = unique ? 0x10 : 0x11;
2046
dgram->header.flags.node_type = M_NODE;
2047
dgram->header.flags.first = True;
2048
dgram->header.flags.more = False;
2049
dgram->header.dgm_id = generate_name_trn_id();
2050
dgram->header.source_ip = src_ip;
2051
dgram->header.source_port = DGRAM_PORT;
2052
dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
2053
dgram->header.packet_offset = 0;
2054
2055
make_nmb_name(&dgram->source_name,srcname,src_type);
2056
make_nmb_name(&dgram->dest_name,dstname,dest_type);
2057
2058
ptr = &dgram->data[0];
2059
2060
/* Setup the smb part. */
2061
ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
2062
memcpy(tmp,ptr,4);
2063
2064
if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
2065
DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
2066
return false;
2067
}
2068
2069
cli_set_message(ptr,17,strlen(mailslot) + 1 + len,True);
2070
memcpy(ptr,tmp,4);
2071
2072
SCVAL(ptr,smb_com,SMBtrans);
2073
SSVAL(ptr,smb_vwv1,len);
2074
SSVAL(ptr,smb_vwv11,len);
2075
SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
2076
SSVAL(ptr,smb_vwv13,3);
2077
SSVAL(ptr,smb_vwv14,1);
2078
SSVAL(ptr,smb_vwv15,1);
2079
SSVAL(ptr,smb_vwv16,2);
2080
p2 = smb_buf(ptr);
2081
safe_strcpy_base(p2, mailslot, dgram->data, sizeof(dgram->data));
2082
p2 = skip_string(ptr,MAX_DGRAM_SIZE,p2);
2083
2084
if (((p2+len) > dgram->data+sizeof(dgram->data)) || ((p2+len) < p2)) {
2085
DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
2086
return False;
2087
} else {
2088
if (len) {
2089
memcpy(p2,buf,len);
2090
}
2091
p2 += len;
2092
}
2093
2094
dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
2095
2096
p.ip = dest_ip;
2097
p.port = dest_port;
2098
p.recv_fd = -1;
2099
p.send_fd = find_subnet_mailslot_fd_for_address( src_ip );
2100
p.timestamp = time(NULL);
2101
p.packet_type = DGRAM_PACKET;
2102
2103
DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot,
2104
nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
2105
DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
2106
2107
debug_browse_data(buf, len);
2108
2109
if(loopback_this_packet) {
2110
struct packet_struct *lo_packet = NULL;
2111
DEBUG(5,("send_mailslot: sending packet to ourselves.\n"));
2112
if((lo_packet = copy_packet(&p)) == NULL)
2113
return False;
2114
queue_packet(lo_packet);
2115
return True;
2116
} else {
2117
return(send_packet(&p));
2118
}
2119
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1