xref: /illumos-gate/usr/src/lib/smbsrv/libsmbns/common/smbns_browser.c (revision 47842382d52f28aa3173aa6b511781c322ccb6a2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <errno.h>
27 #include <stdlib.h>
28 #include <stdio.h>
29 #include <unistd.h>
30 #include <syslog.h>
31 #include <string.h>
32 #include <strings.h>
33 #include <time.h>
34 #include <synch.h>
35 #include <netdb.h>
36 #include <sys/socket.h>
37 #include <arpa/inet.h>
38 
39 #include <smbsrv/libsmb.h>
40 #include <smbsrv/libsmbns.h>
41 
42 #include <smbsrv/cifs.h>
43 #include <smbsrv/mailslot.h>
44 
45 #include <smbns_browser.h>
46 #include <smbns_netbios.h>
47 
48 /*
49  * ntdomain_info
50  * Temporary. It should be removed once NBTD is integrated.
51  */
52 smb_ntdomain_t ntdomain_info;
53 mutex_t ntdomain_mtx;
54 cond_t ntdomain_cv;
55 
56 #define	SMB_SERVER_SIGNATURE		0xaa550415
57 
58 typedef struct smb_hostinfo {
59 	list_node_t	hi_lnd;
60 	smb_nic_t	hi_nic;
61 	char		hi_nbname[NETBIOS_NAME_SZ];
62 	name_entry_t	hi_netname;
63 	uint32_t	hi_nextannouce;
64 	int		hi_reps;
65 	int		hi_interval;
66 	uint8_t		hi_updatecnt;
67 	uint32_t	hi_type;
68 } smb_hostinfo_t;
69 
70 typedef struct smb_browserinfo {
71 	list_t		bi_hlist;
72 	int		bi_hcnt;
73 	rwlock_t	bi_hlist_rwl;
74 	boolean_t	bi_changed;
75 	mutex_t		bi_mtx;
76 } smb_browserinfo_t;
77 
78 static smb_browserinfo_t smb_binfo;
79 
80 static int smb_browser_init(void);
81 static void smb_browser_infoinit(void);
82 static void smb_browser_infoterm(void);
83 static void smb_browser_infofree(void);
84 
85 
86 
87 
88 void
89 smb_browser_reconfig(void)
90 {
91 	(void) mutex_lock(&smb_binfo.bi_mtx);
92 	smb_binfo.bi_changed = B_TRUE;
93 	(void) mutex_unlock(&smb_binfo.bi_mtx);
94 }
95 
96 /*
97  * 3. Browser Overview
98  *
99  * Hosts involved in the browsing process can be separated into two
100  * distinct groups, browser clients and browser servers (often referred to
101  * simply as "browsers").
102  *
103  * A browser is a server which maintains information about servers -
104  * primarily the domain they are in and the services that they are running
105  * -- and about domains. Browsers may assume several different roles in
106  * their lifetimes, and dynamically switch between them.
107  *
108  *  Browser clients are of two types: workstations and (non-browser)
109  * servers. In the context of browsing, workstations query browsers for the
110  * information they contain; servers supply browsers the information by
111  * registering with them. Note that, at times, browsers may themselves
112  * behave as browser clients and query other browsers.
113  *
114  * For the purposes of this specification, a domain is simply a name with
115  * which to associate a group of resources such as computers, servers and
116  * users. Domains allow a convenient means for browser clients to restrict
117  * the scope of a search when they query browser servers. Every domain has
118  * a "master" server called the Primary Domain Controller (PDC) that
119  * manages various  activities within the domain.
120  *
121  * One browser for each domain on a subnet is designated the Local Master
122  * Browser for that domain. Servers in its domain on the subnet register
123  * with it, as do the Local Master Browsers for other domains on the
124  * subnet. It uses these registrations to maintain authoritative
125  * information about its domain on its subnet. If there are other subnets
126  * in the network, it also knows the name of the server running the
127  * domain's Domain Master Browser; it registers with it, and uses it to
128  * obtain information about the rest of the network (see below).
129  *
130  * Clients on a subnet query browsers designated as the Backup Browsers for
131  * the subnet (not the Master Browser). Backup Browsers maintain a copy of
132  * the information on the Local Master Browser; they get it by periodically
133  * querying the Local Master Browser for all of its information. Clients
134  * find the Backup Browsers by asking the Local Master Browser. Clients are
135  * expected to spread their queries evenly across Backup Browsers to
136  * balance the load.
137  *
138  * The Local Master Browser is dynamically elected automatically. Multiple
139  * Backup Browser Servers may exist per subnet; they are selected from
140  * among the potential browser servers by the Local Master Browser, which
141  * is configured to select enough to handle the expected query load.
142  *
143  * When there are multiple subnets, a Domain Master Browser is assigned
144  * the task of keeping the multiple subnets in synchronization. The Primary
145  * Domain Controller (PDC) always acts as the Domain Master Browser. The
146  * Domain Master Browser periodically acts as a client and queries all the
147  * Local Master Browsers for its domain, asking them for a list containing
148  * all the domains and all the servers in their domain known within their
149  * subnets; it merges all the replies into a single master list. This
150  * allows a Domain Master Browser server to act as a collection point for
151  * inter-subnet browsing information. Local Master Browsers periodically
152  * query the Domain Master Browser to retrieve the network-wide information
153  * it maintains.
154  *
155  * When a domain spans only a single subnet, there will not be any distinct
156  * Local Master Browser; this role will be handled by the Domain Master
157  * Browser. Similarly, the Domain Master Browser is always the Local Master
158  * Browser for the subnet it is on.
159  *
160  * When a browser client suspects that the Local Master Browser has failed,
161  * the client will instigate an election in which the browser servers
162  * participate, and some browser servers may change roles.
163  *
164  * Some characteristics of a good browsing mechanism include:
165  * . minimal network traffic
166  * . minimum server discovery time
167  * . minimum change discovery latency
168  * . immunity to machine failures
169  *
170  * Historically, Browser implementations had been very closely tied to
171  * NETBIOS and datagrams. The early implementations caused a lot of
172  * broadcast traffic. See Appendix D for an overview that presents how the
173  * Browser specification evolved.
174  *
175  * 4. Browsing Protocol Architecture
176  *
177  * This section first describes the how the browsing protocol is layered,
178  * then describes the roles of clients, servers, and browsers in the
179  * browsing subsystem.
180  *
181  * 4.1 Layering of Browsing Protocol Requests
182  *
183  * Most of the browser functionality is implemented using mailslots.
184  * Mailslots provide a mechanism for fast, unreliable unidirectional data
185  * transfer; they are named via ASCII "mailslot (path) name". Mailslots are
186  * implemented using the CIFS Transact SMB which is encapsulated in a
187  * NETBIOS datagram. Browser protocol requests are sent to browser specific
188  * mailslots using some browser-specific NETBIOS names. These datagrams can
189  * either be unicast or broadcast, depending on whether the NETBIOS name is
190  * a "unique name" or a "group name". Various data structures, which are
191  * detailed subsequently within this document, flow as the data portion of
192  * the Transact SMB.
193  *
194  * Here is an example of a generic browser SMB, showing how a browser
195  * request is encapsulated in a TRANSACT SMB request. Note that the PID,
196  * TID, MID, UID, and Flags are all 0 in mailslot requests.
197  *
198  * SMB: C transact, File = \MAILSLOT\BROWSE
199  *   SMB: SMB Status = Error Success
200  *     SMB: Error class = No Error
201  *     SMB: Error code = No Error
202  *   SMB: Header: PID = 0x0000 TID = 0x0000 MID = 0x0000 UID = 0x0000
203  *     SMB: Tree ID   (TID) = 0 (0x0)
204  *     SMB: Process ID  (PID) = 0 (0x0)
205  *     SMB: User ID   (UID) = 0 (0x0)
206  *     SMB: Multiplex ID (MID) = 0 (0x0)
207  *     SMB: Flags Summary = 0 (0x0)
208  *   SMB: Command = C transact
209  *     SMB: Word count = 17
210  *     SMB: Word parameters
211  *     SMB: Total parm bytes = 0
212  *     SMB: Total data bytes = 33
213  *     SMB: Max parm bytes = 0
214  *     SMB: Max data bytes = 0
215  *     SMB: Max setup words = 0
216  *     SMB: Transact Flags Summary = 0 (0x0)
217  *       SMB: ...............0 = Leave session intact
218  *       SMB: ..............0. = Response required
219  *     SMB: Transact timeout = 0 (0x0)
220  *     SMB: Parameter bytes = 0 (0x0)
221  *     SMB: Parameter offset = 0 (0x0)
222  *     SMB: Data bytes = 33 (0x21)
223  *     SMB: Data offset = 86 (0x56)
224  *     SMB: Setup word count = 3
225  *     SMB: Setup words
226  *     SMB: Mailslot opcode = Write mailslot
227  *     SMB: Transaction priority = 1
228  *     SMB: Mailslot class = Unreliable (broadcast)
229  *     SMB: Byte count = 50
230  *     SMB: Byte parameters
231  *     SMB: Path name = \MAILSLOT\BROWSE
232  *     SMB: Transaction data
233  *   SMB: Data: Number of data bytes remaining = 33 (0x0021)
234  *
235  * Note the SMB command is Transact, the opcode within the Transact SMB is
236  * Mailslot Write, and the browser data structure is carried as the
237  * Transact data.
238  * The Transaction data begins with an opcode, that signifies the operation
239  * and determines the size and structure of data that follows. This opcode
240  * is named as per one of the below:
241  *
242  * HostAnnouncement         1
243  * AnnouncementRequest      2
244  * RequestElection          8
245  * GetBackupListReq         9
246  * GetBackupListResp        10
247  * BecomeBackup             11
248  * DomainAnnouncment        12
249  * MasterAnnouncement       13
250  * LocalMasterAnnouncement  15
251  *
252  * Browser datagrams are often referred to as simply browser frames. The
253  * frames are in particular, referred to by the name of the opcode within
254  * the Transaction data e.g. a GetBackupListReq browser frame, a
255  * RequestElection browser frame, etc.
256  *
257  * The structures that are sent as the data portion of the Transact SMB are
258  * described in section(s) 6.2 through 6.12 in this document. These
259  * structures are tightly packed, i.e. there are no intervening pad bytes
260  * in the structure, unless they are explicitly described as being there.
261  * All quantities are sent in native Intel format and multi-byte values are
262  * transmitted least significant byte first.
263  *
264  * Besides mailslots and Transaction SMBs, the other important piece of the
265  * browser architecture is the NetServerEnum2 request. This request that
266  * allows an application to interrogate a Browser Server and obtain a
267  * complete list of resources (servers, domains, etc) known to that Browser
268  * server. Details of the NetServerEnum2 request are presented in section
269  * 6.4. Some examples of the NetServerEnum2 request being used are when a
270  * Local Master Browser sends a NetServerEnum2 request to the Domain Master
271  * Browser and vice versa. Another example is when a browser client sends a
272  * NetServerEnum2 request to a Backup Browser server.
273  *
274  * 4.3 Non-Browser Server
275  *
276  * A non-browser server is a server that has some resource(s) or service(s)
277  * it wishes to advertise as being available using the browsing protocol.
278  * Examples of non-browser servers would be an SQL server, print server,
279  * etc.
280  *
281  * A non-browser server MUST periodically send a HostAnnouncement browser
282  * frame, specifying the type of resources or services it is advertising.
283  * Details are in section 6.5.
284  *
285  * A non-browser server SHOULD announce itself relatively frequently when
286  * it first starts up in order to make its presence quickly known to the
287  * browsers and thence to potential clients. The frequency of the
288  * announcements SHOULD then be gradually stretched, so as to minimize
289  * network traffic. Typically,  non-browser servers announce themselves
290  * once every minute upon start up and then gradually adjust the frequency
291  * of the announcements to once every 12 minutes.
292  *
293  * A non-browser server SHOULD send a HostAnnouncement browser frame
294  * specifying a type of  0 just prior to shutting down, to allow it to
295  * quickly be removed from the list of available servers.
296  *
297  * A non-browser server MUST receive and process AnnouncementRequest frames
298  * from the Local Master Browser, and MUST respond with a HostAnnouncement
299  * frame, after a delay chosen randomly from the interval [0,30] seconds.
300  * AnnouncementRequests typically happen when a Local Master Browser starts
301  * up with an empty list of servers for the domain, and wants to fill it
302  * quickly. The 30 second range for responses prevents the Master Browser
303  * from becoming overloaded and losing replies, as well as preventing the
304  * network from being flooded with responses.
305  *
306  * 4.4  Browser Servers
307  *
308  * The following sections describe the roles of the various types of
309  * browser servers.
310  *
311  * 4.4.1  Potential Browser Server
312  *
313  * A Potential Browser server is a browser server that is capable of being
314  * a Backup Browser server or Master Browser server, but is not currently
315  * fulfilling either of those roles.
316  *
317  * A Potential Browser MUST set type SV_TYPE_POTENTIAL_BROWSER (see section
318  * 6.4.1) in its HostAnnouncement until it is ready to shut down. In its
319  * last HostAnnouncement frame before it shuts down, it SHOULD specify a
320  * type of  0.
321  *
322  * A Potential Browser server MUST receive and process BecomeBackup frames
323  * (see section 6.9) and become a backup browser upon their receipt.
324  *
325  * A Potential Browser MUST participate in browser elections (see section
326  * 6.8).
327  *
328  * 4.4.2  Backup Browser
329  *
330  * Backup Browser servers are a subset of the Potential Browsers that have
331  * been chosen by the Master Browser on their subnet to be the Backup
332  * Browsers for the subnet.
333  *
334  * A Backup Browser MUST set type SV_TYPE_BACKUP_BROWSER (see section
335  * 6.4.1) in its HostAnnouncement until it is ready to shut down. In its
336  * last HostAnnouncement frame before it shuts down, it SHOULD specify a
337  * type of  0.
338  *
339  * A Backup Browser MUST listen for a LocalMasterAnnouncement frame (see
340  * section 6.10) from the Local Master Browser, and use it to set the name
341  * of the Master Browser it queries for the server and domain lists.
342  *
343  * A  Backup Browsers MUST periodically make a NetServerEnum2 request of
344  * the Master Browser on its subnet for its domain to get a list of servers
345  * in that domain, as well as a list of domains. The period is a
346  * configuration option balancing currency of the information with network
347  * traffic costs - a typical value is 15 minutes.
348  *
349  * A Backup Browser SHOULD force an election by sending a RequestElection
350  * frame (see section 6.7) if it does not get a response to its periodic
351  * NetServeEnum2 request to the Master Browser.
352  *
353  * A Backup Browser MUST receive and process NetServerEnum2 requests from
354  * browser clients, for its own domain and others. If the request is for a
355  * list of servers in its domain, or for a list of domains, it can answer
356  * from its internal lists. If the request is for a list of servers in a
357  * domain different than the one it serves, it sends a NetServerEnum2
358  * request to the Domain Master Browser for that domain (which it can in
359  * find in its list of domains and their Domain Master Browsers).
360  *
361  * A Backup Browser MUST participate in browser elections (see section
362  * 6.8).
363  *
364  * 4.4.3 Master Browser
365  *
366  * Master Browsers are responsible for:
367  * . indicating it is a Master Browser
368  * . receiving server announcements and building a list of such servers
369  *   and keeping it reasonably up-to-date.
370  * . returning lists of Backup Browsers to browser clients.
371  * . ensuring an appropriate number of Backup Browsers are available.
372  * . announcing their existence to other Master Browsers on their subnet,
373  *   to the Domain Master Browser for their domain, and to all browsers in
374  *   their domain on their subnet
375  * . forwarding requests for lists of servers on other domains to the
376  *   Master Browser for that domain
377  * . keeping a list of domains in its subnet
378  * . synchronizing with the Domain Master Browser (if any) for its domain
379  * . participating in browser elections
380  * . ensuring that there is only one Master Browser on its subnet
381  *
382  * A Master Browser MUST set type SV_TYPE_MASTER_BROWSER (see section
383  * 6.4.1) in its HostAnnouncement until it is ready to shut down. In its
384  * last HostAnnouncement frame before it shuts down, it SHOULD specify a
385  * type of  0.
386  *
387  * A Master Browser MUST receive and process HostAnnouncement frames from
388  * servers, adding the server name and other information to its servers
389  * list; it must mark them as "local" entries. Periodically, it MUST check
390  * all local server entries to see if a server's HostAnnouncement has timed
391  * out (no HostAnnouncement received for three times the periodicity the
392  * server gave in the last received HostAnnouncement) and remove timed-out
393  * servers from its list.
394  *
395  * A Master Browser MUST receive and process DomainAnnouncement frames (see
396  * section 6.12) and maintain the domain names and their associated (Local)
397  * Master Browsers in its internal domain list until they time out; it must
398  * mark these as "local" entries. Periodically, it MUST check all local
399  * domain entries to see if a server's DomainAnnouncement has timed out (no
400  * DomainAnnouncement received for three times the periodicity the server
401  * gave in the last received DomainAnnouncement) and remove timed-out
402  * servers from its list.
403  *
404  * A Master Browser MUST receive and process GetBackupListRequest frames
405  * from clients, returning GetBackupListResponse frames containing a list
406  * of the Backup Servers for its domain.
407  *
408  * A Master Browser MUST eventually send BecomeBackup frames (see section
409  * 6.9) to one or more Potential Browser servers to increase the number of
410  * Backup Browsers if there are not enough Backup Browsers to handle the
411  * anticipated query load. Note: possible good times for checking for
412  * sufficient backup browsers are after being elected, when timing out
413  * server HostAnnouncements, and when receiving a server's HostAnnouncement
414  * for the first time.
415  *
416  * A Master Browser MUST periodically announce itself and the domain it
417  * serves to other (Local) Master Browsers on its subnet, by sending a
418  * DomainAnnouncement frame (see section 6.12) to its subnet.
419  *
420  * A Master Browser MUST send a MasterAnnouncement frame (see section 6.11)
421  * to the Domain Master Browser after it is first elected, and periodically
422  * thereafter. This informs the Domain Master Browser of the presence of
423  * all the Master Browsers.
424  *
425  * A Master Browser MUST periodically announce itself to all browsers for
426  * its domain on its subnet by sending a LocalMasterAnnouncement frame (see
427  * section 6.10).
428  *
429  * A Master Browser MUST receive and process NetServerEnum2 requests from
430  * browser clients, for its own domain and others. If the request is for a
431  * list of servers in its domain, or for a list of domains, it can answer
432  * from its internal lists. Entries in its list marked "local" MUST have
433  * the SV_TYPE_LOCAL_LIST_ONLY bit set in the returned results; it must be
434  * clear for all other entries. If the request is for a list of servers in
435  * a domain different than the one it serves, it sends a NetServerEnum2
436  * request to the Domain Master Browser for that domain (which it can in
437  * find in its list of domains and their Domain Master Browsers).
438  *
439  *     Note: The list of servers that the Master Browser maintains and
440  *     returns to the Backup Browsers, is limited in size to 64K of
441  *     data. This will limit the number of systems that can be in a
442  *     browse list in a single workgroup or domain to approximately two
443  *     thousand systems.
444  *
445  * A Master Browser SHOULD request all servers to register with it by
446  * sending an AnnouncementRequest frame, if, on becoming the Master Browser
447  * by winning an election, its server list is empty. Otherwise, clients
448  * might get an incomplete list of servers until the servers' periodic
449  * registrations fill the server list.
450  *
451  * If the Master Browser on a subnet is not the Primary Domain Controller
452  * (PDC), then it is a Local Master Browser.
453  *
454  * A Local Master Browser MUST periodically synchronize with the Domain
455  * Master Browser (which is the PDC). This synchronization is performed by
456  * making a NetServerEnum2 request to the Domain Master Browser and merging
457  * the results with its list of servers and domains. An entry from the
458  * Domain Master Browser should be marked "non-local", and must not
459  * overwrite an entry with the same name marked "local". The Domain Master
460  * Browser is located as specified in Appendix B.
461  *
462  * A Master Browser MUST participate in browser elections (see section
463  * 6.8).
464  *
465  * A Master Browser MUST, if it receives a HostAnnouncement,
466  * DomainAnnouncement, or LocalMasterAnnouncement frame another system that
467  * claims to be the Master Browser for its domain, demote itself from
468  * Master Browser and force an election. This ensures that there is only
469  * ever one Master Browser in each workgroup or domain.
470  *
471  * A Master Browser SHOULD, if it loses an election, become a Backup
472  * Browser (without being told to do so by the new Master Browser). Since
473  * it has more up-to-date information in its lists than a Potential
474  * Browser, it is more efficient to have it be a Backup Browser than to
475  * promote a Potential Browser.
476  *
477  * 4.4.3.1 Preferred Master Browser
478  *
479  * A Preferred Master Browser supports exactly the same protocol elements
480  * as a Potential Browser, except as follows.
481  *
482  * A Preferred Master Browser MUST always force an election when it starts
483  * up.
484  *
485  * A Preferred Master Browser MUST participate in browser elections (see
486  * section 6.8).
487  *
488  * A Preferred Master Browser MUST set the Preferred Master bit in the
489  * RequestElection frame (see section 6.7) to bias the election in its
490  * favor.
491  *
492  * A Preferred Master Browser SHOULD, if it loses an election,
493  * automatically become a Backup Browser, without being told to do so by
494  * the Master Browser.
495  *
496  * 4.4.4 Domain Master Browser
497  *
498  * Since the Domain Master Browser always runs on the PDC, it must
499  * implement all the protocols required of a PDC in addition to the
500  * browsing protocol, and that is way beyond the scope of this
501  * specification.
502  *
503  * 5. Mailslot Protocol Specification
504  *
505  * The only transaction allowed to a mailslot is a mailslot write. Mailslot
506  * writes requests are encapsulated in TRANSACT SMBs. The following table
507  * shows the interpretation of the TRANSACT SMB parameters for a mailslot
508  * transaction:
509  *
510  *  Name            Value               Description
511  *  Command         SMB_COM_TRANSACTION
512  *  Name            <name>              STRING name of mail slot to write;
513  *                                      must start with "\\MAILSLOT\\"
514  *  SetupCount      3                   Always 3 for mailslot writes
515  *  Setup[0]        1                   Command code == write mailslot
516  *  Setup[1]        Ignored
517  *  Setup[2]        Ignored
518  *  TotalDataCount  n                   Size of data in bytes to write to
519  *                                      the mailslot
520  *  Data[ n ]                           The data to write to the mailslot
521  *
522  */
523 
524 /*
525  * SMB: C transact, File = \MAILSLOT\BROWSE
526  *   SMB: SMB Status = Error Success
527  *     SMB: Error class = No Error
528  *     SMB: Error code = No Error
529  *   SMB: Header: PID = 0x0000 TID = 0x0000 MID = 0x0000 UID = 0x0000
530  *     SMB: Tree ID   (TID) = 0 (0x0)
531  *     SMB: Process ID  (PID) = 0 (0x0)
532  *     SMB: User ID   (UID) = 0 (0x0)
533  *     SMB: Multiplex ID (MID) = 0 (0x0)
534  *     SMB: Flags Summary = 0 (0x0)
535  *   SMB: Command = C transact
536  *     SMB: Word count = 17
537  *     SMB: Word parameters
538  *     SMB: Total parm bytes = 0
539  *     SMB: Total data bytes = 33
540  *     SMB: Max parm bytes = 0
541  *     SMB: Max data bytes = 0
542  *     SMB: Max setup words = 0
543  *     SMB: Transact Flags Summary = 0 (0x0)
544  *       SMB: ...............0 = Leave session intact
545  *       SMB: ..............0. = Response required
546  *     SMB: Transact timeout = 0 (0x0)
547  *     SMB: Parameter bytes = 0 (0x0)
548  *     SMB: Parameter offset = 0 (0x0)
549  *     SMB: Data bytes = 33 (0x21)
550  *     SMB: Data offset = 86 (0x56)
551  *     SMB: Setup word count = 3
552  *     SMB: Setup words
553  *     SMB: Mailslot opcode = Write mailslot
554  *     SMB: Transaction priority = 1
555  *     SMB: Mailslot class = Unreliable (broadcast)
556  *     SMB: Byte count = 50
557  *     SMB: Byte parameters
558  *     SMB: Path name = \MAILSLOT\BROWSE
559  *     SMB: Transaction data
560  *   SMB: Data: Number of data bytes remaining = 33 (0x0021)
561  *
562  * 5. Mailslot Protocol Specification
563  *
564  * The only transaction allowed to a mailslot is a mailslot write. Mailslot
565  * writes requests are encapsulated in TRANSACT SMBs. The following table
566  * shows the interpretation of the TRANSACT SMB parameters for a mailslot
567  * transaction:
568  *
569  *  Name            Value               Description
570  *  Command         SMB_COM_TRANSACTION
571  *  Name            <name>              STRING name of mail slot to write;
572  *                                      must start with "\MAILSLOT\"
573  *  SetupCount      3                   Always 3 for mailslot writes
574  *  Setup[0]        1                   Command code == write mailslot
575  *  Setup[1]        Ignored
576  *  Setup[2]        Ignored
577  *  TotalDataCount  n                   Size of data in bytes to write to
578  *                                      the mailslot
579  *  Data[ n ]                           The data to write to the mailslot
580  *
581  *	Magic		0xFF 'S' 'M' 'B'
582  *	smb_com 	a byte, the "first" command
583  *	Error		a 4-byte union, ignored in a request
584  *	smb_flg		a one byte set of eight flags
585  *	smb_flg2	a two byte set of 16 flags
586  *	.		twelve reserved bytes, have a role
587  *			in connectionless transports (IPX, UDP?)
588  *	smb_tid		a 16-bit tree ID, a mount point sorta,
589  *			0xFFFF is this command does not have
590  *			or require a tree context
591  *	smb_pid		a 16-bit process ID
592  *	smb_uid		a 16-bit user ID, specific to this "session"
593  *			and mapped to a system (bona-fide) UID
594  *	smb_mid		a 16-bit multiplex ID, used to differentiate
595  *			multiple simultaneous requests from the same
596  *			process (pid) (ref RPC "xid")
597  */
598 
599 int
600 smb_browser_load_transact_header(unsigned char *buffer, int maxcnt,
601     int data_count, int reply, char *mailbox)
602 {
603 	smb_msgbuf_t mb;
604 	int	mailboxlen;
605 	char *fmt;
606 	int result;
607 	short	class = (reply == ONE_WAY_TRANSACTION) ? 2 : 0;
608 
609 	/*
610 	 * If the mailboxlen is an even number we need to pad the
611 	 * header so that the data starts on a word boundary.
612 	 */
613 	fmt = "Mb4.bw20.bwwwwb.wl2.wwwwb.wwwws";
614 	mailboxlen = strlen(mailbox) + 1;
615 
616 	if ((mailboxlen & 0x01) == 0) {
617 		++mailboxlen;
618 		fmt = "Mb4.bw20.bwwwwb.wl2.wwwwb.wwwws.";
619 	}
620 
621 	bzero(buffer, maxcnt);
622 	smb_msgbuf_init(&mb, buffer, maxcnt, 0);
623 
624 	result = smb_msgbuf_encode(&mb, fmt,
625 	    SMB_COM_TRANSACTION,	/* Command */
626 	    0x18,
627 	    0x3,
628 	    17,				/* Count of parameter words */
629 	    0,				/* Total Parameter words sent */
630 	    data_count,			/* Total Data bytes sent */
631 	    2,				/* Max Parameters to return */
632 	    0,				/* Max data bytes to return */
633 	    0,				/* Max setup bytes to return */
634 	    reply,			/* No reply */
635 	    0xffffffff,			/* Timeout */
636 	    0,				/* Parameter bytes sent */
637 	    0,				/* Parameter offset */
638 	    data_count,			/* Data bytes sent */
639 	    69 + mailboxlen,		/* Data offset */
640 	    3,				/* Setup word count */
641 	    1,				/* Setup word[0] */
642 	    0,				/* Setup word[1] */
643 	    class,			/* Setup word[2] */
644 	    mailboxlen + data_count,	/* Total request bytes */
645 	    mailbox);			/* Mailbox address */
646 
647 	smb_msgbuf_term(&mb);
648 	return (result);
649 }
650 
651 static int
652 smb_browser_addr_of_subnet(struct name_entry *name, smb_hostinfo_t *hinfo,
653     struct name_entry *result)
654 {
655 	uint32_t ipaddr, mask, saddr;
656 	struct addr_entry *addr;
657 
658 	if (name == NULL)
659 		return (-1);
660 
661 	if (hinfo->hi_nic.nic_smbflags & SMB_NICF_ALIAS)
662 		return (-1);
663 
664 	ipaddr = hinfo->hi_nic.nic_ip.a_ipv4;
665 	mask = hinfo->hi_nic.nic_mask;
666 
667 	*result = *name;
668 	addr = &name->addr_list;
669 	do {
670 		saddr = addr->sin.sin_addr.s_addr;
671 		if ((saddr & mask) == (ipaddr & mask)) {
672 			*result = *name;
673 			result->addr_list = *addr;
674 			result->addr_list.forw = result->addr_list.back =
675 			    &result->addr_list;
676 			return (0);
677 		}
678 		addr = addr->forw;
679 	} while (addr != &name->addr_list);
680 
681 	return (-1);
682 }
683 
684 
685 static int
686 smb_browser_bcast_addr_of_subnet(struct name_entry *name, uint32_t bcast,
687     struct name_entry *result)
688 {
689 	if (name != NULL && name != result)
690 		*result = *name;
691 
692 	result->addr_list.sin.sin_family = AF_INET;
693 	result->addr_list.sinlen = sizeof (result->addr_list.sin);
694 	result->addr_list.sin.sin_addr.s_addr = bcast;
695 	result->addr_list.sin.sin_port = htons(DGM_SRVC_UDP_PORT);
696 	result->addr_list.forw = result->addr_list.back = &result->addr_list;
697 	return (0);
698 }
699 
700 /*
701  * 6.5 HostAnnouncement Browser Frame
702  *
703  * To advertise its presence, i.e. to publish itself as being available, a
704  * non-browser server sends a HostAnnouncement browser frame. If the server
705  * is a member of domain "D", this frame is sent to the NETBIOS unique name
706  * D(1d) and mailslot "\\MAILSLOT\\BROWSE". The definition of  the
707  * HostAnnouncement frame is:
708  *
709  *     struct {
710  *         unsigned short  Opcode;
711  *         unsigned char   UpdateCount;
712  *         uint32_t   Periodicity;
713  *         unsigned char   ServerName[];
714  *         unsigned char   VersionMajor;
715  *         unsigned char   VersionMinor;
716  *         uint32_t   Type;
717  *         uint32_t   Signature;
718  *         unsigned char   Comment[];
719  *     }
720  *
721  * where:
722  *      Opcode - Identifies this structure as a browser server
723  *          announcement and is defined as HostAnnouncement with a
724  *          value of decimal 1.
725  *
726  *      UpdateCount - must be sent as zero and ignored on receipt.
727  *
728  *      Periodicity - The announcement frequency of the server (in
729  *          seconds). The server will be removed from the browse list
730  *          if it has not been heard from in 3X its announcement
731  *          frequency. In no case will the server be removed from the
732  *          browse list before the period 3X has elapsed. Actual
733  *          implementations may take more than 3X to actually remove
734  *          the server from the browse list.
735  *
736  *      ServerName - Null terminated ASCII server name (up to 16 bytes
737  *          in length).
738  *
739  *      VersionMajor - The major version number of the OS the server
740  *          is running. it will be returned by NetServerEnum2.
741  *
742  *      VersionMinor - The minor version number of the OS the server
743  *          is running. This is entirely informational and does not
744  *          have any significance for the browsing protocol.
745  *
746  *      Type - Specifies the type of the server. The server type bits
747  *          are specified in the NetServerEnum2 section.
748  *
749  *      Signature -  The browser protocol minor version number in the
750  *          low 8 bits, the browser protocol major version number in
751  *          the next higher 8 bits and the signature 0xaa55 in the
752  *          high 16 bits of this field. Thus, for this version of the
753  *          browser protocol (1.15) this field has the value
754  *          0xaa55010f. This may used to isolate browser servers that
755  *          are running out of revision browser software; otherwise,
756  *          it is ignored.
757  *
758  *      Comment - Null terminated ASCII comment for the server.
759  *          Limited to 43 bytes.
760  *
761  * When a non-browser server starts up, it announces itself in the manner
762  * described once every minute. The frequency of these statements is
763  * gradually stretched to once every 12 minutes.
764  *
765  * Note: older non-browser servers in a domain "D" sent HostAnnouncement
766  * frames to the NETBIOS group name D(00). Non-Browser servers supporting
767  * version 1.15 of the browsing protocol SHOULD NOT use this NETBIOS name,
768  * but for backwards compatibility Master Browsers MAY receive and process
769  * HostAnnouncement frames on this name as described above for D(1d).
770  */
771 
772 static void
773 smb_browser_send_HostAnnouncement(smb_hostinfo_t *hinfo,
774     uint32_t next_announcement, boolean_t remove,
775     struct addr_entry *addr, char suffix)
776 {
777 	smb_msgbuf_t mb;
778 	int offset, announce_len, data_length;
779 	struct name_entry dest_name;
780 	unsigned char *buffer;
781 	uint32_t type;
782 	char resource_domain[SMB_PI_MAX_DOMAIN];
783 
784 	if (smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN) != 0)
785 		return;
786 	(void) utf8_strupr(resource_domain);
787 
788 	if (addr == NULL) {
789 		/* Local master Browser */
790 		smb_init_name_struct((unsigned char *)resource_domain, suffix,
791 		    0, 0, 0, 0, 0, &dest_name);
792 		if (smb_browser_bcast_addr_of_subnet(0, hinfo->hi_nic.nic_bcast,
793 		    &dest_name) < 0)
794 			return;
795 	} else {
796 		smb_init_name_struct((unsigned char *)resource_domain, suffix,
797 		    0, 0, 0, 0, 0, &dest_name);
798 		dest_name.addr_list = *addr;
799 		dest_name.addr_list.forw = dest_name.addr_list.back =
800 		    &dest_name.addr_list;
801 	}
802 
803 	/* give some extra room */
804 	buffer = (unsigned char *)malloc(MAX_DATAGRAM_LENGTH * 2);
805 	if (buffer == 0) {
806 		syslog(LOG_ERR, "HostAnnouncement: resource shortage");
807 		return;
808 	}
809 
810 	data_length = 1 + 1 + 4 + 16 + 1 + 1 + 4 + 4 +
811 	    strlen(hinfo->hi_nic.nic_cmnt) + 1;
812 
813 	offset = smb_browser_load_transact_header(buffer,
814 	    MAX_DATAGRAM_LENGTH, data_length, ONE_WAY_TRANSACTION,
815 	    MAILSLOT_BROWSE);
816 
817 	if (offset < 0) {
818 		free(buffer);
819 		return;
820 	}
821 
822 	/*
823 	 * A non-browser server SHOULD send a HostAnnouncement browser frame
824 	 * specifying a type of 0 just prior to shutting down, to allow it to
825 	 * quickly be removed from the list of available servers.
826 	 */
827 	if (remove || (nb_status.state & NETBIOS_SHUTTING_DOWN))
828 		type = 0;
829 	else
830 		type = hinfo->hi_type;
831 
832 	smb_msgbuf_init(&mb, buffer + offset, MAX_DATAGRAM_LENGTH - offset, 0);
833 
834 	announce_len = smb_msgbuf_encode(&mb, "bbl16cbblls",
835 	    HOST_ANNOUNCEMENT,
836 	    ++hinfo->hi_updatecnt,
837 	    next_announcement * 60000,	/* Periodicity in MilliSeconds */
838 	    hinfo->hi_nbname,
839 	    SMB_VERSION_MAJOR,
840 	    SMB_VERSION_MINOR,
841 	    type,
842 	    SMB_SERVER_SIGNATURE,
843 	    hinfo->hi_nic.nic_cmnt);
844 
845 	if (announce_len > 0)
846 		(void) smb_netbios_datagram_send(&hinfo->hi_netname, &dest_name,
847 		    buffer, offset + announce_len);
848 
849 	free(buffer);
850 	smb_msgbuf_term(&mb);
851 }
852 
853 static void
854 smb_browser_process_AnnouncementRequest(struct datagram *datagram,
855     char *mailbox)
856 {
857 	smb_hostinfo_t *hinfo;
858 	uint32_t next_announcement;
859 	uint32_t delay = random() % 29; /* in seconds */
860 	boolean_t h_found = B_FALSE;
861 
862 	if (strcmp(mailbox, MAILSLOT_LANMAN) != 0) {
863 		syslog(LOG_DEBUG, "smb_browse: Wrong Mailbox (%s)", mailbox);
864 		return;
865 	}
866 
867 	(void) sleep(delay);
868 
869 	(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
870 	hinfo = list_head(&smb_binfo.bi_hlist);
871 	while (hinfo) {
872 		if ((hinfo->hi_nic.nic_ip.a_ipv4 &
873 		    hinfo->hi_nic.nic_mask) ==
874 		    (datagram->src.addr_list.sin.sin_addr.s_addr &
875 		    hinfo->hi_nic.nic_mask)) {
876 			h_found = B_TRUE;
877 			break;
878 		}
879 		hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
880 	}
881 
882 	if (h_found) {
883 		next_announcement = hinfo->hi_nextannouce * 60 * 1000;
884 		smb_browser_send_HostAnnouncement(hinfo, next_announcement,
885 		    B_FALSE, &datagram->src.addr_list, 0x1D);
886 	}
887 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
888 }
889 
890 void *
891 smb_browser_dispatch(void *arg)
892 {
893 	struct datagram *datagram = (struct datagram *)arg;
894 	smb_msgbuf_t 	mb;
895 	int		rc;
896 	unsigned char	command;
897 	unsigned char	parameter_words;
898 	unsigned short	total_parameter_words;
899 	unsigned short	total_data_count;
900 	unsigned short	max_parameters_to_return;
901 	unsigned short	max_data_to_return;
902 	unsigned char	max_setup_bytes_to_return;
903 	unsigned short	reply;
904 	unsigned short	parameter_bytes_sent;
905 	unsigned short	parameter_offset;
906 	unsigned short	data_bytes_sent;
907 	unsigned short	data_offset;
908 	unsigned char	setup_word_count;
909 	unsigned short	setup_word_0;
910 	unsigned short	setup_word_1;
911 	unsigned short	setup_word_2;
912 	unsigned short	total_request_bytes;
913 	char 		*mailbox;
914 	unsigned char	message_type;
915 	unsigned char 	*data;
916 	int		datalen;
917 
918 	syslog(LOG_DEBUG, "smb_browse: packet_received");
919 
920 	smb_msgbuf_init(&mb, datagram->data, datagram->data_length, 0);
921 	rc = smb_msgbuf_decode(&mb, "Mb27.bwwwwb.w6.wwwwb.wwwws",
922 	    &command,			/* Command */
923 	    &parameter_words,		/* Count of parameter words */
924 	    &total_parameter_words,	/* Total Parameter words sent */
925 	    &total_data_count,		/* Total Data bytes sent */
926 	    &max_parameters_to_return,	/* Max Parameters to return */
927 	    &max_data_to_return,	/* Max data bytes to return */
928 	    &max_setup_bytes_to_return,	/* Max setup bytes to return */
929 	    &reply,			/* No reply */
930 	    &parameter_bytes_sent,	/* Parameter bytes sent */
931 	    &parameter_offset,		/* Parameter offset */
932 	    &data_bytes_sent,		/* Data bytes sent */
933 	    &data_offset,		/* Data offset */
934 	    &setup_word_count,		/* Setup word count */
935 	    &setup_word_0,		/* Setup word[0] */
936 	    &setup_word_1,		/* Setup word[1] */
937 	    &setup_word_2,		/* Setup word[2] */
938 	    &total_request_bytes,	/* Total request bytes */
939 	    &mailbox);			/* Mailbox address */
940 
941 	if (rc < 0) {
942 		syslog(LOG_ERR, "smb_browser_dispatch: decode error");
943 		smb_msgbuf_term(&mb);
944 		free(datagram);
945 		return (0);
946 	}
947 
948 	data = &datagram->data[data_offset];
949 	datalen = datagram->data_length - data_offset;
950 
951 	/*
952 	 * The PDC location protocol, i.e. anything on the \\NET
953 	 * mailslot, is handled by the smb_netlogon module.
954 	 */
955 	if (strncasecmp("\\MAILSLOT\\NET\\", mailbox, 14) == 0) {
956 		smb_netlogon_receive(datagram, mailbox, data, datalen);
957 		smb_msgbuf_term(&mb);
958 		free(datagram);
959 		return (0);
960 	}
961 
962 	/*
963 	 * If it's not a netlogon message, assume it's a browser request.
964 	 * This is not the most elegant way to extract the command byte
965 	 * but at least we no longer use it to get the netlogon opcode.
966 	 */
967 	message_type = datagram->data[data_offset];
968 
969 	switch (message_type) {
970 	case ANNOUNCEMENT_REQUEST :
971 		smb_browser_process_AnnouncementRequest(datagram, mailbox);
972 		break;
973 
974 	default:
975 		syslog(LOG_DEBUG, "smb_browse: invalid message_type(%d, %x)",
976 		    message_type, message_type);
977 		break;
978 	}
979 
980 	smb_msgbuf_term(&mb);
981 	free(datagram);
982 	return (0);
983 }
984 
985 
986 /*
987  * 11.1 Registered unique names
988  *
989  *  <COMPUTER>(00)
990  *     This name is used by all servers and clients to receive second
991  *     class mailslot messages. A system must add this name in order to
992  *     receive mailslot messages. The only browser requests that should
993  *     appear on this name are BecomeBackup, GetBackupListResp,
994  *     MasterAnnouncement, and LocalMasterAnnouncement frames. All other
995  *     datagrams (other than the expected non-browser datagrams) may be
996  *     ignored and an error logged.
997  *
998  *   <DOMAIN>(1d)
999  *     This name is used to identify a master browser server for domain
1000  *     "DOMAIN" on a subnet.  A master browser server adds this name as a
1001  *     unique NETBIOS name when it becomes master browser. If the attempt
1002  *     to add the name fails, the master browser server assumes that there
1003  *     is another master in the domain and will fail to come up. It may
1004  *     log an error if the failure occurs more than 3 times in a row (this
1005  *     either indicates some form of network misconfiguration or a
1006  *     software error). The only requests that should appear on this name
1007  *     are GetBackupListRequest and HostAnnouncement requests. All other
1008  *     datagrams on this name may be ignored (and an error logged). If
1009  *     running a NETBIOS name service (NBNS, such as WINS), this name
1010  *     should not be registered with the NBNS.
1011  *
1012  *   <DOMAIN>(1b)
1013  *     This name is used to identify the Domain Master Browser for domain
1014  *     "DOMAIN" (which is also the primary domain controller). It is a
1015  *     unique name added only by the primary domain controller. The
1016  *     primary domain controller will respond to GetBackupListRequest on
1017  *     this name just as it responds to these requests on the <DOMAIN>(1d)
1018  *     name.
1019  *
1020  * 11.2 Registered group names
1021  *
1022  *   (01)(02)__MSBROWSE__(02)(01)
1023  *     This name is used by Master Browsers to announce themselves to the
1024  *     other Master Browsers on a subnet. It is added as a group name by
1025  *     all Master Browser servers. The only broadcasts that should appear
1026  *     on this name is DomainAnnouncement requests. All other datagrams
1027  *     can be ignored.
1028  *
1029  *   <DOMAIN>(00)
1030  *     This name is used by clients and servers in domain "DOMAIN" to
1031  *     process server announcements. The only requests that should appear
1032  *     on this name that the browser is interested in are
1033  *     AnnouncementRequest and NETLOGON_QUERY (to locate the PDC) packets.
1034  *     All other unidentifiable requests may be ignored (and an error
1035  *     logged).
1036  *
1037  *   <DOMAIN>(1E)
1038  *     This name is used for announcements to browsers for domain "DOMAIN"
1039  *     on a subnet. This name is registered by all the browser servers in
1040  *     the domain. The only requests that should appear on this name are
1041  *     RequestElection and AnnouncementRequest packets. All other
1042  *     datagrams may be ignored (and an error logged).
1043  *
1044  *   <DOMAIN>(1C)
1045  *     This name is registered by Primary Domain Controllers.
1046  */
1047 
1048 static void
1049 smb_browser_config(void)
1050 {
1051 	smb_hostinfo_t *hinfo;
1052 	struct name_entry	name;
1053 	struct name_entry	master;
1054 	struct name_entry	dest;
1055 	struct name_entry	*entry;
1056 	char resource_domain[SMB_PI_MAX_DOMAIN];
1057 	int rc;
1058 
1059 	if (smb_browser_init() != 0)
1060 		return;
1061 
1062 	if (smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN) != 0)
1063 		return;
1064 	(void) utf8_strupr(resource_domain);
1065 
1066 	/* domain<00> */
1067 	smb_init_name_struct((unsigned char *)resource_domain, 0x00,
1068 	    0, 0, 0, 0, 0, &name);
1069 	entry = smb_name_find_name(&name);
1070 	smb_name_unlock_name(entry);
1071 
1072 	(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1073 	hinfo = list_head(&smb_binfo.bi_hlist);
1074 	while (hinfo) {
1075 		smb_init_name_struct((unsigned char *)resource_domain, 0x00, 0,
1076 		    hinfo->hi_nic.nic_ip.a_ipv4,
1077 		    htons(DGM_SRVC_UDP_PORT), NAME_ATTR_GROUP,
1078 		    NAME_ATTR_LOCAL, &name);
1079 		(void) smb_name_add_name(&name);
1080 
1081 		hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1082 	}
1083 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1084 
1085 	/* All our local master browsers */
1086 	smb_init_name_struct((unsigned char *)resource_domain, 0x1D,
1087 	    0, 0, 0, 0, 0, &dest);
1088 	entry = smb_name_find_name(&dest);
1089 
1090 	if (entry) {
1091 		(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1092 		hinfo = list_head(&smb_binfo.bi_hlist);
1093 		while (hinfo) {
1094 			rc = smb_browser_addr_of_subnet(entry, hinfo, &master);
1095 			if (rc == 0) {
1096 				syslog(LOG_DEBUG,
1097 				    "smbd: Master browser found at %s",
1098 				    inet_ntoa(master.addr_list.sin.sin_addr));
1099 			}
1100 			hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1101 		}
1102 		(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1103 
1104 		smb_name_unlock_name(entry);
1105 	}
1106 
1107 	/* Domain master browser */
1108 	smb_init_name_struct((unsigned char *)resource_domain,
1109 	    0x1B, 0, 0, 0, 0, 0, &dest);
1110 
1111 	if ((entry = smb_name_find_name(&dest)) != 0) {
1112 		syslog(LOG_DEBUG, "smbd: Domain Master browser for %s is %s",
1113 		    resource_domain,
1114 		    inet_ntoa(entry->addr_list.sin.sin_addr));
1115 		smb_name_unlock_name(entry);
1116 	}
1117 }
1118 
1119 static int
1120 smb_browser_init(void)
1121 {
1122 	smb_hostinfo_t *hinfo;
1123 	smb_niciter_t ni;
1124 	uint32_t type;
1125 
1126 	(void) rw_wrlock(&smb_binfo.bi_hlist_rwl);
1127 	smb_browser_infofree();
1128 
1129 	if (smb_nic_getfirst(&ni) != 0) {
1130 		(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1131 		return (-1);
1132 	}
1133 
1134 	type = MY_SERVER_TYPE;
1135 	if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN)
1136 		type |= SV_DOMAIN_MEMBER;
1137 
1138 	do {
1139 		if ((ni.ni_nic.nic_smbflags & SMB_NICF_NBEXCL) ||
1140 		    (ni.ni_nic.nic_smbflags & SMB_NICF_ALIAS))
1141 			continue;
1142 
1143 		hinfo = malloc(sizeof (smb_hostinfo_t));
1144 		if (hinfo == NULL) {
1145 			smb_browser_infofree();
1146 			(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1147 			return (-1);
1148 		}
1149 
1150 		hinfo->hi_nic = ni.ni_nic;
1151 		/* One Minute announcements for first five */
1152 		hinfo->hi_nextannouce = 1;
1153 		hinfo->hi_interval = 1;
1154 		hinfo->hi_reps = 5;
1155 		hinfo->hi_updatecnt = 0;
1156 		hinfo->hi_type = type;
1157 
1158 		/* This is the name used for HostAnnouncement */
1159 		(void) strlcpy(hinfo->hi_nbname, hinfo->hi_nic.nic_host,
1160 		    NETBIOS_NAME_SZ);
1161 		(void) utf8_strupr(hinfo->hi_nbname);
1162 		/* 0x20: file server service  */
1163 		smb_init_name_struct((unsigned char *)hinfo->hi_nbname,
1164 		    0x20, 0, hinfo->hi_nic.nic_ip.a_ipv4,
1165 		    htons(DGM_SRVC_UDP_PORT), NAME_ATTR_UNIQUE, NAME_ATTR_LOCAL,
1166 		    &hinfo->hi_netname);
1167 
1168 		list_insert_tail(&smb_binfo.bi_hlist, hinfo);
1169 		smb_binfo.bi_hcnt++;
1170 	} while (smb_nic_getnext(&ni) == 0);
1171 
1172 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1173 	return (0);
1174 }
1175 
1176 /*
1177  * smb_browser_non_master_duties
1178  *
1179  * To advertise its presence, i.e. to publish itself as being available, a
1180  * non-browser server sends a HostAnnouncement browser frame. If the server
1181  * is a member of domain "D", this frame is sent to the NETBIOS unique name
1182  * D(1d) and mailslot "\\MAILSLOT\\BROWSE".
1183  */
1184 static void
1185 smb_browser_non_master_duties(smb_hostinfo_t *hinfo, boolean_t remove)
1186 {
1187 	struct name_entry name;
1188 	struct name_entry *dest;
1189 	struct addr_entry addr;
1190 	char resource_domain[SMB_PI_MAX_DOMAIN];
1191 
1192 	smb_browser_send_HostAnnouncement(hinfo, hinfo->hi_interval,
1193 	    remove, 0, 0x1D);
1194 	if (smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN) != 0)
1195 		return;
1196 
1197 	(void) utf8_strupr(resource_domain);
1198 
1199 	smb_init_name_struct((unsigned char *)resource_domain, 0x1D,
1200 	    0, 0, 0, 0, 0, &name);
1201 
1202 	if ((dest = smb_name_find_name(&name))) {
1203 		addr = dest->addr_list;
1204 		addr.forw = addr.back = &addr;
1205 		smb_name_unlock_name(dest);
1206 		smb_browser_send_HostAnnouncement(hinfo, hinfo->hi_interval,
1207 		    remove, &addr, 0x1D);
1208 	} else {
1209 		smb_init_name_struct((unsigned char *)resource_domain, 0x1B,
1210 		    0, 0, 0, 0, 0, &name);
1211 		if ((dest = smb_name_find_name(&name))) {
1212 			addr = dest->addr_list;
1213 			addr.forw = addr.back = &addr;
1214 			smb_name_unlock_name(dest);
1215 			smb_browser_send_HostAnnouncement(hinfo,
1216 			    remove, hinfo->hi_interval, &addr, 0x1B);
1217 		}
1218 	}
1219 
1220 	/*
1221 	 * One Minute announcements for first five
1222 	 * minutes, one minute longer each round
1223 	 * until 12 minutes and every 12 minutes
1224 	 * thereafter.
1225 	 */
1226 	if (--hinfo->hi_reps == 0) {
1227 		if (hinfo->hi_interval < 12)
1228 			hinfo->hi_interval++;
1229 
1230 		hinfo->hi_reps = 1;
1231 	}
1232 
1233 	hinfo->hi_nextannouce = hinfo->hi_interval;
1234 }
1235 
1236 
1237 /*
1238  * smb_browser_sleep
1239  *
1240  * Put browser in 1 minute sleep if netbios services are not
1241  * shutting down and both name and datagram services are still
1242  * running. It'll wake up after 1 minute or if one of the above
1243  * conditions go false. It checks the conditions again and return
1244  * 1 if everything is ok or 0 if browser shouldn't continue
1245  * running.
1246  */
1247 static boolean_t
1248 smb_browser_sleep(void)
1249 {
1250 	boolean_t slept = B_FALSE;
1251 	timestruc_t to;
1252 
1253 	(void) mutex_lock(&nb_status.mtx);
1254 	while (((nb_status.state & NETBIOS_SHUTTING_DOWN) == 0) &&
1255 	    (nb_status.state & NETBIOS_NAME_SVC_RUNNING) &&
1256 	    (nb_status.state & NETBIOS_DATAGRAM_SVC_RUNNING)) {
1257 
1258 		if (slept) {
1259 			(void) mutex_unlock(&nb_status.mtx);
1260 			return (B_TRUE);
1261 		}
1262 
1263 		to.tv_sec = 60;  /* 1 minute */
1264 		to.tv_nsec = 0;
1265 		(void) cond_reltimedwait(&nb_status.cv, &nb_status.mtx, &to);
1266 		slept = B_TRUE;
1267 	}
1268 	(void) mutex_unlock(&nb_status.mtx);
1269 
1270 	return (B_FALSE);
1271 }
1272 
1273 /*
1274  * smb_browser_daemon
1275  *
1276  * Smb Netbios browser daemon.
1277  */
1278 /*ARGSUSED*/
1279 void *
1280 smb_browser_daemon(void *arg)
1281 {
1282 	smb_hostinfo_t *hinfo;
1283 
1284 	smb_browser_infoinit();
1285 	smb_browser_config();
1286 
1287 	smb_netbios_chg_status(NETBIOS_BROWSER_RUNNING, 1);
1288 
1289 restart:
1290 	do {
1291 		(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1292 		hinfo = list_head(&smb_binfo.bi_hlist);
1293 		while (hinfo) {
1294 			if (--hinfo->hi_nextannouce > 0 ||
1295 			    hinfo->hi_nic.nic_bcast == 0) {
1296 				hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1297 				continue;
1298 			}
1299 
1300 			smb_browser_non_master_duties(hinfo, B_FALSE);
1301 
1302 			/* Check to see whether reconfig is needed */
1303 			(void) mutex_lock(&smb_binfo.bi_mtx);
1304 			if (smb_binfo.bi_changed) {
1305 				smb_binfo.bi_changed = B_FALSE;
1306 				(void) mutex_unlock(&smb_binfo.bi_mtx);
1307 				(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1308 				smb_browser_config();
1309 				goto restart;
1310 			}
1311 			(void) mutex_unlock(&smb_binfo.bi_mtx);
1312 
1313 			hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1314 		}
1315 		(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1316 	} while (smb_browser_sleep());
1317 
1318 	smb_browser_infoterm();
1319 	smb_netbios_chg_status(NETBIOS_BROWSER_RUNNING, 0);
1320 	return (0);
1321 }
1322 
1323 /*
1324  * smb_browser_netlogon
1325  *
1326  * Sends SAMLOGON/NETLOGON request for all host/ips, except
1327  * aliases, to find a domain controller.
1328  *
1329  * The dc argument will be set if a DC is found.
1330  */
1331 boolean_t
1332 smb_browser_netlogon(char *domain, char *dc, uint32_t dc_len)
1333 {
1334 	smb_hostinfo_t *hinfo;
1335 	int protocol;
1336 	boolean_t found = B_FALSE;
1337 	timestruc_t to;
1338 	int err;
1339 
1340 	if (smb_config_getbool(SMB_CI_DOMAIN_MEMB))
1341 		protocol = NETLOGON_PROTO_SAMLOGON;
1342 	else
1343 		protocol = NETLOGON_PROTO_NETLOGON;
1344 
1345 	(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1346 	hinfo = list_head(&smb_binfo.bi_hlist);
1347 	while (hinfo) {
1348 		if ((hinfo->hi_nic.nic_smbflags & SMB_NICF_ALIAS) == 0)
1349 			smb_netlogon_request(&hinfo->hi_netname, protocol,
1350 			    domain);
1351 		hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1352 	}
1353 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1354 
1355 	bzero(dc, dc_len);
1356 	to.tv_sec = 30;
1357 	to.tv_nsec = 0;
1358 	(void) mutex_lock(&ntdomain_mtx);
1359 	while (ntdomain_info.n_ipaddr == 0) {
1360 		err = cond_reltimedwait(&ntdomain_cv, &ntdomain_mtx, &to);
1361 		if (err == ETIME)
1362 			break;
1363 	}
1364 
1365 	if (ntdomain_info.n_ipaddr != 0) {
1366 		(void) strlcpy(dc, ntdomain_info.n_name, dc_len);
1367 		found = B_TRUE;
1368 	}
1369 	(void) mutex_unlock(&ntdomain_mtx);
1370 
1371 	return (found);
1372 }
1373 
1374 /*
1375  * smb_browser_infoinit
1376  *
1377  * This function is called only once when browser daemon starts
1378  * to initialize global smb_binfo structure
1379  */
1380 static void
1381 smb_browser_infoinit(void)
1382 {
1383 	(void) mutex_lock(&ntdomain_mtx);
1384 	bzero(&ntdomain_info, sizeof (ntdomain_info));
1385 	(void) mutex_unlock(&ntdomain_mtx);
1386 
1387 	(void) rw_wrlock(&smb_binfo.bi_hlist_rwl);
1388 	list_create(&smb_binfo.bi_hlist, sizeof (smb_hostinfo_t),
1389 	    offsetof(smb_hostinfo_t, hi_lnd));
1390 	smb_binfo.bi_hcnt = 0;
1391 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1392 
1393 	(void) mutex_lock(&smb_binfo.bi_mtx);
1394 	smb_binfo.bi_changed = B_FALSE;
1395 	(void) mutex_unlock(&smb_binfo.bi_mtx);
1396 }
1397 
1398 /*
1399  * smb_browser_infoterm
1400  *
1401  * This function is called only once when browser daemon stops
1402  * to destruct smb_binfo structure
1403  */
1404 static void
1405 smb_browser_infoterm(void)
1406 {
1407 	(void) rw_wrlock(&smb_binfo.bi_hlist_rwl);
1408 	smb_browser_infofree();
1409 	list_destroy(&smb_binfo.bi_hlist);
1410 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1411 }
1412 
1413 /*
1414  * smb_browser_infofree
1415  *
1416  * Removes all the hostinfo structures from the browser list
1417  * and frees the allocated memory
1418  */
1419 static void
1420 smb_browser_infofree(void)
1421 {
1422 	smb_hostinfo_t *hinfo;
1423 
1424 	while ((hinfo = list_head(&smb_binfo.bi_hlist)) != NULL) {
1425 		list_remove(&smb_binfo.bi_hlist, hinfo);
1426 		free(hinfo);
1427 	}
1428 
1429 	smb_binfo.bi_hcnt = 0;
1430 }
1431