xref: /illumos-gate/usr/src/lib/smbsrv/libsmbns/common/smbns_netbios_name.c (revision 8c69cc8fbe729fa7b091e901c4b50508ccc6bb33)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright (c) 2016 by Delphix. All rights reserved.
25  */
26 
27 /*
28  * NetBIOS name resolution node types.
29  *
30  * A B-node (broadcast node) uses broadcasts for name registration
31  * and resolution.  Routers typically do not forward broadcasts and
32  * only computers on the local subnet will respond.
33  *
34  * A P-node (peer-to-peer node) uses a NetBIOS name server (WINS)
35  * to resolve NetBIOS names, which allows it to work across routers.
36  * In order to function in a P-node environment, all computers must
37  * be configured to use the NetBIOS name server because P-nodes do
38  * not broadcast on the network.
39  *
40  * A mixed node (M-node) behaves as a B-node by default.  If it cannot
41  * resolve the name via broadcast then it tries a NetBIOS name server
42  * lookup (P-node).
43  *
44  * A hybrid node (H-node) behaves as a P-node by default.  If it cannot
45  * resolve the name using a NetBIOS name server then it resorts to
46  * broadcasts (B-node).
47  *
48  * NetBIOS Name Service Protocols
49  *
50  * A REQUEST packet is always sent to the well known UDP port 137.
51  * The destination address is normally either the IP broadcast address or
52  * the address of the NAME - the address of the NAME server it set up at
53  * initialization time.  In rare cases, a request packet will be sent to
54  * an end node, e.g.  a NAME QUERY REQUEST sent to "challenge" a node.
55  *
56  * A RESPONSE packet is always sent to the source UDP port and source IP
57  * address of the request packet.
58  *
59  * A DEMAND packet must always be sent to the well known UDP port 137.
60  * There is no restriction on the target IP address.
61  *
62  * A transaction ID is a value composed from the requestor's IP address and
63  * a unique 16 bit value generated by the originator of the transaction.
64  */
65 
66 #include <unistd.h>
67 #include <syslog.h>
68 #include <stdlib.h>
69 #include <synch.h>
70 #include <errno.h>
71 #include <netdb.h>
72 #include <sys/socket.h>
73 #include <sys/sockio.h>
74 #include <arpa/inet.h>
75 #include <net/if_arp.h>
76 
77 #include <smbsrv/libsmbns.h>
78 #include <smbns_netbios.h>
79 
80 /*
81  * RFC 1002 4.2.1.1.  HEADER
82  */
83 #define	QUESTION_TYPE_NETBIOS_GENERAL	0x20
84 #define	QUESTION_TYPE_NETBIOS_STATUS	0x21
85 
86 #define	QUESTION_CLASS_INTERNET		0x0001
87 
88 /*
89  * RFC 1002 4.2.1.3.  RESOURCE RECORD
90  */
91 #define	RR_TYPE_IP_ADDRESS_RESOURCE	0x0001
92 #define	RR_TYPE_NAME_SERVER_RESOURCE	0x0002
93 #define	RR_TYPE_NULL_RESOURCE		0x000A
94 #define	RR_TYPE_NETBIOS_RESOURCE	0x0020
95 #define	RR_TYPE_NETBIOS_STATUS		0x0021
96 
97 /*
98  *
99  * RESOURCE RECORD RR_CLASS field definitions
100  */
101 #define	RR_CLASS_INTERNET_CLASS		0x0001
102 
103 /*
104  * NB_FLAGS field of the RESOURCE RECORD RDATA field for RR_TYPE of NB.
105  */
106 #define	RR_FLAGS_NB_ONT_MASK		0x6000
107 #define	RR_FLAGS_NB_ONT_B_NODE		0x0000
108 #define	RR_FLAGS_NB_ONT_P_NODE		0x2000
109 #define	RR_FLAGS_NB_ONT_M_NODE		0x4000
110 #define	RR_FLAGS_NB_ONT_RESERVED	0x6000
111 #define	RR_FLAGS_NB_GROUP_NAME		0x8000
112 
113 #define	NAME_FLAGS_PERMANENT_NAME	0x0200
114 #define	NAME_FLAGS_ACTIVE_NAME		0x0400
115 #define	NAME_FLAGS_CONFLICT		0x0800
116 #define	NAME_FLAGS_DEREGISTER		0x1000
117 #define	NAME_FLAGS_ONT_MASK		0x6000
118 #define	NAME_FLAGS_ONT_B_NODE		0x0000
119 #define	NAME_FLAGS_ONT_P_NODE		0x2000
120 #define	NAME_FLAGS_ONT_M_NODE		0x4000
121 #define	NAME_FLAGS_ONT_RESERVED		0x6000
122 #define	NAME_FLAGS_GROUP_NAME		0x8000
123 
124 #define	MAX_NETBIOS_REPLY_DATA_SIZE	500
125 
126 #define	NAME_HEADER_SIZE		12
127 
128 typedef struct nbt_name_reply {
129 	struct nbt_name_reply	*forw;
130 	struct nbt_name_reply	*back;
131 	struct name_packet	*packet;
132 	addr_entry_t		*addr;
133 	uint16_t		name_trn_id;
134 	boolean_t		reply_ready;
135 } nbt_name_reply_t;
136 
137 static nbt_name_reply_t reply_queue;
138 static mutex_t rq_mtx;
139 static cond_t rq_cv;
140 
141 static mutex_t nbt_name_config_mtx;
142 
143 static name_queue_t delete_queue;
144 static name_queue_t refresh_queue;
145 
146 static int name_sock = 0;
147 
148 static int bcast_num = 0;
149 static int nbns_num = 0;
150 static addr_entry_t smb_bcast_list[SMB_PI_MAX_NETWORKS];
151 static addr_entry_t smb_nbns[SMB_PI_MAX_WINS];
152 
153 static int smb_netbios_process_response(uint16_t, addr_entry_t *,
154     struct name_packet *, uint32_t);
155 
156 static int smb_send_name_service_packet(addr_entry_t *addr,
157     struct name_packet *packet);
158 
159 /*
160  * Allocate a transaction id.
161  */
162 static uint16_t
163 smb_netbios_name_trn_id(void)
164 {
165 	static uint16_t trn_id;
166 	static mutex_t trn_id_mtx;
167 
168 	(void) mutex_lock(&trn_id_mtx);
169 
170 	do {
171 		++trn_id;
172 	} while (trn_id == 0 || trn_id == (uint16_t)-1);
173 
174 	(void) mutex_unlock(&trn_id_mtx);
175 	return (trn_id);
176 }
177 
178 static int
179 smb_end_node_challenge(nbt_name_reply_t *reply_info)
180 {
181 	int			rc;
182 	uint32_t		retry;
183 	uint16_t		tid;
184 	struct resource_record	*answer;
185 	struct name_question	question;
186 	addr_entry_t		*addr;
187 	struct name_entry 	*destination;
188 	struct name_packet	packet;
189 	struct timespec 	st;
190 
191 	/*
192 	 * The response packet has in it the address of the presumed owner
193 	 * of the name.  Challenge that owner.  If owner either does not
194 	 * respond or indicates that they no longer own the name, claim the
195 	 * name.  Otherwise, the name cannot be claimed.
196 	 */
197 
198 	if ((answer = reply_info->packet->answer) == 0)
199 		return (-1);
200 
201 	destination = answer->name;
202 	question.name = answer->name;
203 
204 	packet.info = NAME_QUERY_REQUEST | NM_FLAGS_UNICAST;
205 	packet.qdcount = 1;	/* question entries */
206 	packet.question = &question;
207 	packet.ancount = 0;	/* answer recs */
208 	packet.answer = NULL;
209 	packet.nscount = 0;	/* authority recs */
210 	packet.authority = NULL;
211 	packet.arcount = 0;	/* additional recs */
212 	packet.additional = NULL;
213 
214 	addr = &destination->addr_list;
215 	for (retry = 0; retry < UCAST_REQ_RETRY_COUNT; retry++) {
216 		tid = smb_netbios_name_trn_id();
217 		packet.name_trn_id = tid;
218 		if (smb_send_name_service_packet(addr, &packet) >= 0) {
219 			if ((rc = smb_netbios_process_response(tid, addr,
220 			    &packet, UCAST_REQ_RETRY_TIMEOUT)) != 0)
221 				return (rc);
222 		}
223 		st.tv_sec = 0;
224 		st.tv_nsec = (UCAST_REQ_RETRY_TIMEOUT * 1000000);
225 		(void) nanosleep(&st, 0);
226 	}
227 	/* No reply */
228 	return (0);
229 }
230 
231 static nbt_name_reply_t *
232 smb_name_get_reply(uint16_t tid, uint32_t timeout)
233 {
234 	uint16_t		info;
235 	struct resource_record	*answer;
236 	nbt_name_reply_t 	*reply;
237 	uint32_t 		wait_time, to_save; /* in millisecond */
238 	struct timeval 		wt;
239 	timestruc_t 		to;
240 
241 	to_save = timeout;
242 	reply = malloc(sizeof (nbt_name_reply_t));
243 	if (reply != NULL) {
244 		reply->reply_ready = B_FALSE;
245 		reply->name_trn_id = tid;
246 		(void) mutex_lock(&rq_mtx);
247 		QUEUE_INSERT_TAIL(&reply_queue, reply);
248 		(void) mutex_unlock(&rq_mtx);
249 
250 		for (;;) {
251 			(void) gettimeofday(&wt, 0);
252 			wait_time = wt.tv_usec / 1000;
253 
254 			to.tv_sec = 0;
255 			to.tv_nsec = timeout * 1000000;
256 			(void) mutex_lock(&rq_mtx);
257 			(void) cond_reltimedwait(&rq_cv, &rq_mtx, &to);
258 			(void) mutex_unlock(&rq_mtx);
259 
260 			if (reply->reply_ready) {
261 				info = reply->packet->info;
262 				if (PACKET_TYPE(info) == WACK_RESPONSE) {
263 					answer = reply->packet->answer;
264 					wait_time = (answer) ?
265 					    TO_MILLISECONDS(answer->ttl) :
266 					    DEFAULT_TTL;
267 					free(reply->addr);
268 					free(reply->packet);
269 					timeout = to_save + wait_time;
270 					reply->reply_ready = B_FALSE;
271 					reply->name_trn_id = tid;
272 					(void) mutex_lock(&rq_mtx);
273 					QUEUE_INSERT_TAIL(&reply_queue, reply);
274 					(void) mutex_unlock(&rq_mtx);
275 					continue;
276 				}
277 				return (reply);
278 			}
279 			(void) gettimeofday(&wt, 0);
280 			wait_time = (wt.tv_usec / 1000) - wait_time;
281 			if (wait_time >= timeout) {
282 				(void) mutex_lock(&rq_mtx);
283 				QUEUE_CLIP(reply);
284 				(void) mutex_unlock(&rq_mtx);
285 				free(reply);
286 				break;
287 			}
288 			timeout -= wait_time;
289 		}
290 	}
291 
292 	return (0);
293 }
294 
295 static void
296 smb_reply_ready(struct name_packet *packet, addr_entry_t *addr)
297 {
298 	nbt_name_reply_t *reply;
299 	struct resource_record *answer;
300 
301 	(void) mutex_lock(&rq_mtx);
302 	for (reply = reply_queue.forw; reply != &reply_queue;
303 	    reply = reply->forw) {
304 		if (reply->name_trn_id == packet->name_trn_id) {
305 			QUEUE_CLIP(reply);
306 
307 			reply->addr = addr;
308 			reply->packet = packet;
309 			reply->reply_ready = B_TRUE;
310 			(void) cond_signal(&rq_cv);
311 			(void) mutex_unlock(&rq_mtx);
312 			return;
313 		}
314 	}
315 	(void) mutex_unlock(&rq_mtx);
316 
317 	/* Presumably nobody is waiting any more... */
318 	free(addr);
319 
320 	answer = packet->answer;
321 	if (answer)
322 		smb_netbios_name_freeaddrs(answer->name);
323 	free(packet);
324 }
325 
326 static int
327 smb_netbios_process_response(uint16_t tid, addr_entry_t *addr,
328     struct name_packet *packet, uint32_t timeout)
329 {
330 	int			rc = 0;
331 	uint16_t		info;
332 	nbt_name_reply_t 	*reply;
333 	struct resource_record	*answer;
334 	struct name_entry 	*name;
335 	struct name_entry 	*entry;
336 	struct name_question 	*question;
337 	uint32_t 		ttl;
338 
339 	if ((reply = smb_name_get_reply(tid, timeout)) == 0) {
340 		return (0); /* No reply: retry */
341 	}
342 	info = reply->packet->info;
343 	answer = reply->packet->answer;
344 
345 	/* response */
346 	switch (PACKET_TYPE(info)) {
347 	case NAME_QUERY_RESPONSE:
348 		if (POSITIVE_RESPONSE(info)) {
349 			addr = &answer->name->addr_list;
350 			do {
351 				/*
352 				 * Make sure that remote name is not
353 				 * flagged local
354 				 */
355 				addr->attributes &= ~NAME_ATTR_LOCAL;
356 
357 				if (answer->ttl)
358 					addr->ttl = answer->ttl;
359 				else
360 					addr->ttl = DEFAULT_TTL;
361 				addr->refresh_ttl = TO_SECONDS(addr->ttl);
362 				addr->ttl = addr->refresh_ttl;
363 
364 				addr = addr->forw;
365 			} while (addr != &answer->name->addr_list);
366 			smb_netbios_name_logf(answer->name);
367 			(void) smb_netbios_cache_insert_list(answer->name);
368 			rc = 1;
369 		} else {
370 			rc = -1;
371 		}
372 		break;
373 
374 	case NAME_REGISTRATION_RESPONSE:
375 		if (NEGATIVE_RESPONSE(info)) {
376 			if (RCODE(info) == RCODE_CFT_ERR) {
377 				if (answer == 0) {
378 					rc = -RCODE(info);
379 					break;
380 				}
381 
382 				name = answer->name;
383 				entry = smb_netbios_cache_lookup(name);
384 				if (entry) {
385 					/*
386 					 * a name in the state "conflict
387 					 * detected" does not "logically" exist
388 					 * on that node. No further session
389 					 * will be accepted on that name.
390 					 * No datagrams can be sent against
391 					 * that name.
392 					 * Such an entry will not be used for
393 					 * purposes of processing incoming
394 					 * request packets.
395 					 * The only valid user NetBIOS operation
396 					 * against such a name is DELETE NAME.
397 					 */
398 					entry->attributes |= NAME_ATTR_CONFLICT;
399 					syslog(LOG_DEBUG,
400 					    "nbns: name conflict: %15.15s",
401 					    entry->name);
402 					smb_netbios_cache_unlock_entry(entry);
403 				}
404 			}
405 			rc = -RCODE(info);
406 			break;
407 		}
408 
409 		/*
410 		 * name can be added:
411 		 *   adjust refresh timeout value,
412 		 *   TTL, for this name
413 		 */
414 		question = packet->question;
415 		ttl = (answer && answer->ttl) ? answer->ttl : DEFAULT_TTL;
416 		ttl = TO_SECONDS(ttl);
417 		if ((entry = smb_netbios_cache_lookup(question->name)) != 0) {
418 			addr = &entry->addr_list;
419 			do {
420 				if ((addr->refresh_ttl == 0) ||
421 				    (ttl < addr->refresh_ttl))
422 					addr->refresh_ttl = addr->ttl = ttl;
423 				addr = addr->forw;
424 			} while (addr != &entry->addr_list);
425 			smb_netbios_cache_unlock_entry(entry);
426 		}
427 
428 		rc = 1;
429 		break;
430 
431 	case NAME_RELEASE_RESPONSE:
432 		rc = 1;
433 		break;
434 
435 	case END_NODE_CHALLENGE_REGISTRATION_REQUEST:
436 		/*
437 		 * The response packet has in it the
438 		 * address of the presumed owner of the
439 		 * name.  Challenge that owner.  If
440 		 * owner either does not respond or
441 		 * indicates that they no longer own the
442 		 * name, claim the name.  Otherwise,
443 		 * the name cannot be claimed.
444 		 */
445 		rc = smb_end_node_challenge(reply);
446 		break;
447 
448 	default:
449 		rc = 0;
450 		break;
451 	}
452 
453 	if (answer)
454 		smb_netbios_name_freeaddrs(answer->name);
455 	free(reply->addr);
456 	free(reply->packet);
457 	free(reply);
458 	return (rc);  /* retry */
459 }
460 
461 /*
462  * smb_name_buf_from_packet
463  *
464  * Description:
465  *	Convert a NetBIOS Name Server Packet Block (npb)
466  *	into the bits and bytes destined for the wire.
467  *	The "buf" is used as a heap.
468  *
469  * Inputs:
470  *	char *		buf	-> Buffer, from the wire
471  *	unsigned	n_buf	-> Length of 'buf'
472  *	name_packet	*npb	-> Packet block, decode into
473  *	unsigned	n_npb	-> Max bytes in 'npb'
474  *
475  * Returns:
476  *	>0	-> Encode successful, value is length of packet in "buf"
477  *	-1	-> Hard error, can not possibly encode
478  *	-2	-> Need more memory in buf -- it's too small
479  */
480 static int
481 smb_name_buf_from_packet(unsigned char *buf, int n_buf,
482     struct name_packet *npb)
483 {
484 	addr_entry_t		*raddr;
485 	unsigned char 		*heap = buf;
486 	unsigned char 		*end_heap = heap + n_buf;
487 	unsigned char 		*dnptrs[32];
488 	unsigned char		comp_name_buf[MAX_NAME_LENGTH];
489 	unsigned int		tmp;
490 	int			i, step;
491 
492 	if (n_buf < NAME_HEADER_SIZE)
493 		return (-1);		/* no header, impossible */
494 
495 	dnptrs[0] = heap;
496 	dnptrs[1] = 0;
497 
498 	BE_OUT16(heap, npb->name_trn_id);
499 	heap += 2;
500 
501 	BE_OUT16(heap, npb->info);
502 	heap += 2;
503 
504 	BE_OUT16(heap, npb->qdcount);
505 	heap += 2;
506 
507 	BE_OUT16(heap, npb->ancount);
508 	heap += 2;
509 
510 	BE_OUT16(heap, npb->nscount);
511 	heap += 2;
512 
513 	BE_OUT16(heap, npb->arcount);
514 	heap += 2;
515 
516 	for (i = 0; i < npb->qdcount; i++) {
517 		if ((heap + 34 + 4) > end_heap)
518 			return (-2);
519 
520 		(void) smb_first_level_name_encode(npb->question[i].name,
521 		    comp_name_buf, sizeof (comp_name_buf));
522 		(void) strcpy((char *)heap, (char *)comp_name_buf);
523 		heap += strlen((char *)comp_name_buf) + 1;
524 
525 		BE_OUT16(heap, npb->question[i].question_type);
526 		heap += 2;
527 
528 		BE_OUT16(heap, npb->question[i].question_class);
529 		heap += 2;
530 	}
531 
532 	for (step = 1; step <= 3; step++) {
533 		struct resource_record *nrr;
534 		int n;
535 
536 		/* truly ugly, but saves code copying */
537 		if (step == 1) {
538 			n = npb->ancount;
539 			nrr = npb->answer;
540 		} else if (step == 2) {
541 			n = npb->nscount;
542 			nrr = npb->authority;
543 		} else { /* step == 3 */
544 			n = npb->arcount;
545 			nrr = npb->additional;
546 		}
547 
548 		for (i = 0; i < n; i++) {
549 			if ((heap + 34 + 10) > end_heap)
550 				return (-2);
551 
552 			(void) smb_first_level_name_encode(nrr->name,
553 			    comp_name_buf, sizeof (comp_name_buf));
554 			(void) strcpy((char *)heap, (char *)comp_name_buf);
555 			heap += strlen((char *)comp_name_buf) + 1;
556 
557 			BE_OUT16(heap, nrr[i].rr_type);
558 			heap += 2;
559 
560 			BE_OUT16(heap, nrr[i].rr_class);
561 			heap += 2;
562 
563 			BE_OUT32(heap, nrr[i].ttl);
564 			heap += 4;
565 
566 			BE_OUT16(heap, nrr[i].rdlength);
567 			heap += 2;
568 
569 			if ((tmp = nrr[i].rdlength) > 0) {
570 				if ((heap + tmp) > end_heap)
571 					return (-2);
572 
573 				if (nrr[i].rr_type == NAME_RR_TYPE_NB &&
574 				    nrr[i].rr_class == NAME_RR_CLASS_IN &&
575 				    tmp >= 6 && nrr[i].rdata == 0) {
576 					tmp = nrr[i].name->attributes &
577 					    (NAME_ATTR_GROUP |
578 					    NAME_ATTR_OWNER_NODE_TYPE);
579 					BE_OUT16(heap, tmp);
580 					heap += 2;
581 
582 					raddr = &nrr[i].name->addr_list;
583 					(void) memcpy(heap,
584 					    &raddr->sin.sin_addr.s_addr,
585 					    sizeof (uint32_t));
586 					heap += 4;
587 				} else {
588 					bcopy(nrr[i].rdata, heap, tmp);
589 					heap += tmp;
590 				}
591 			}
592 		}
593 	}
594 	return (heap - buf);
595 }
596 
597 /*
598  * strnchr
599  *
600  * Lookup for character 'c' in first 'n' chars of string 's'.
601  * Returns pointer to the found char, otherwise returns 0.
602  */
603 static char *
604 strnchr(const char *s, char c, int n)
605 {
606 	char *ps = (char *)s;
607 	char *es = (char *)s + n;
608 
609 	while (ps < es && *ps) {
610 		if (*ps == c)
611 			return (ps);
612 
613 		++ps;
614 	}
615 
616 	if (*ps == '\0' && c == '\0')
617 		return (ps);
618 
619 	return (0);
620 }
621 
622 static boolean_t
623 is_multihome(char *name)
624 {
625 	return (smb_nic_getnum(name) > 1);
626 }
627 
628 /*
629  * smb_netbios_getname
630  *
631  * Get the Netbios name part of the given record.
632  * Does some boundary checks.
633  *
634  * Returns the name length on success, otherwise
635  * returns 0.
636  */
637 static int
638 smb_netbios_getname(char *name, char *buf, char *buf_end)
639 {
640 	char *name_end;
641 	int name_len;
642 
643 	if (buf >= buf_end) {
644 		/* no room for a NB name */
645 		return (0);
646 	}
647 
648 	name_end = strnchr(buf, '\0', buf_end - buf + 1);
649 	if (name_end == 0) {
650 		/* not a valid NB name */
651 		return (0);
652 	}
653 
654 	name_len = name_end - buf + 1;
655 
656 	(void) strlcpy(name, buf, name_len);
657 	return (name_len);
658 }
659 
660 /*
661  * smb_name_buf_to_packet
662  *
663  * Convert the bits and bytes that came from the wire into a NetBIOS
664  * Name Server Packet Block (npb).  The "block" is used as a heap.
665  *
666  * Returns a pointer to a name packet on success.  Otherwise, returns
667  * a NULL pointer.
668  */
669 static struct name_packet *
670 smb_name_buf_to_packet(char *buf, int n_buf)
671 {
672 	struct name_packet *npb;
673 	unsigned char *heap;
674 	unsigned char *scan = (unsigned char *)buf;
675 	unsigned char *scan_end = scan + n_buf;
676 	char name_buf[MAX_NAME_LENGTH];
677 	struct resource_record *nrr = 0;
678 	int	rc, i, n, nn, ns;
679 	uint16_t name_trn_id, info;
680 	uint16_t qdcount, ancount, nscount, arcount;
681 	addr_entry_t *next;
682 	int name_len;
683 
684 	if (n_buf < NAME_HEADER_SIZE) {
685 		/* truncated header */
686 		syslog(LOG_DEBUG, "nbns: short packet (%d bytes)", n_buf);
687 		return (NULL);
688 	}
689 
690 	name_trn_id = BE_IN16(scan); scan += 2;
691 	info = BE_IN16(scan); scan += 2;
692 	qdcount = BE_IN16(scan); scan += 2;
693 	ancount = BE_IN16(scan); scan += 2;
694 	nscount = BE_IN16(scan); scan += 2;
695 	arcount = BE_IN16(scan); scan += 2;
696 
697 	ns = sizeof (struct name_entry);
698 	n = n_buf + sizeof (struct name_packet) +
699 	    ((unsigned)qdcount * (sizeof (struct name_question) + ns)) +
700 	    ((unsigned)ancount * (sizeof (struct resource_record) + ns)) +
701 	    ((unsigned)nscount * (sizeof (struct resource_record) + ns)) +
702 	    ((unsigned)arcount * (sizeof (struct resource_record) + ns));
703 
704 	if ((npb = malloc(n)) == NULL)
705 		return (NULL);
706 
707 	bzero(npb, n);
708 	heap = npb->block_data;
709 	npb->name_trn_id = name_trn_id;
710 	npb->info = info;
711 	npb->qdcount = qdcount;
712 	npb->ancount = ancount;
713 	npb->nscount = nscount;
714 	npb->arcount = arcount;
715 
716 	/* scan is in position for question entries */
717 
718 	/*
719 	 * Measure the space needed for the tables
720 	 */
721 	if (qdcount > 0) {
722 		/* LINTED - E_BAD_PTR_CAST_ALIGN */
723 		npb->question = (struct name_question *)heap;
724 		heap += qdcount * sizeof (struct name_question);
725 		for (i = 0; i < qdcount; i++) {
726 			/* LINTED - E_BAD_PTR_CAST_ALIGN */
727 			npb->question[i].name = (struct name_entry *)heap;
728 			heap += sizeof (struct name_entry);
729 		}
730 	}
731 
732 	/* LINTED - E_BAD_PTR_CAST_ALIGN */
733 	nrr = (struct resource_record *)heap;
734 
735 	if (ancount > 0) {
736 		/* LINTED - E_BAD_PTR_CAST_ALIGN */
737 		npb->answer = (struct resource_record *)heap;
738 		heap += ancount * sizeof (struct resource_record);
739 	}
740 
741 	if (nscount > 0) {
742 		/* LINTED - E_BAD_PTR_CAST_ALIGN */
743 		npb->authority = (struct resource_record *)heap;
744 		heap += nscount * sizeof (struct resource_record);
745 	}
746 
747 	if (arcount > 0) {
748 		/* LINTED - E_BAD_PTR_CAST_ALIGN */
749 		npb->additional = (struct resource_record *)heap;
750 		heap += arcount * sizeof (struct resource_record);
751 	}
752 
753 	/*
754 	 * Populate each resource_record's .name field.
755 	 * Done as a second pass so that all resource records
756 	 * (answer, authority, additional) are consecutive via nrr[i].
757 	 */
758 	for (i = 0; i < (ancount + nscount + arcount); i++) {
759 		/* LINTED - E_BAD_PTR_CAST_ALIGN */
760 		nrr[i].name = (struct name_entry *)heap;
761 		heap += sizeof (struct name_entry);
762 	}
763 
764 
765 	for (i = 0; i < npb->qdcount; i++) {
766 		name_len = smb_netbios_getname(name_buf, (char *)scan,
767 		    (char *)scan_end);
768 		if (name_len <= 0) {
769 			free(npb);
770 			return (NULL);
771 		}
772 
773 		smb_init_name_struct(NETBIOS_EMPTY_NAME, 0, 0, 0, 0, 0, 0,
774 		    npb->question[i].name);
775 		rc = smb_first_level_name_decode((unsigned char *)name_buf,
776 		    npb->question[i].name);
777 		if (rc < 0) {
778 			/* Couldn't decode the question name */
779 			free(npb);
780 			return (NULL);
781 		}
782 
783 		scan += name_len;
784 		if (scan + 4 > scan_end) {
785 			/* no room for Question Type(2) and Class(2) fields */
786 			free(npb);
787 			return (NULL);
788 		}
789 
790 		npb->question[i].question_type = BE_IN16(scan); scan += 2;
791 		npb->question[i].question_class = BE_IN16(scan); scan += 2;
792 	}
793 
794 	/*
795 	 * Cheat. Remaining sections are of the same resource_record
796 	 * format. Table space is consecutive.
797 	 */
798 
799 	for (i = 0; i < (ancount + nscount + arcount); i++) {
800 		if (scan[0] == 0xc0) {
801 			/* Namebuf is reused... */
802 			rc = 2;
803 		} else {
804 			name_len = smb_netbios_getname(name_buf, (char *)scan,
805 			    (char *)scan_end);
806 			if (name_len <= 0) {
807 				free(npb);
808 				return (NULL);
809 			}
810 			rc = name_len;
811 		}
812 		scan += rc;
813 
814 		if (scan + 10 > scan_end) {
815 			/*
816 			 * no room for RR_TYPE (2), RR_CLASS (2), TTL (4) and
817 			 * RDLENGTH (2) fields.
818 			 */
819 			free(npb);
820 			return (NULL);
821 		}
822 
823 		smb_init_name_struct(NETBIOS_EMPTY_NAME, 0, 0, 0, 0, 0, 0,
824 		    nrr[i].name);
825 		if ((rc = smb_first_level_name_decode((unsigned char *)name_buf,
826 		    nrr[i].name)) < 0) {
827 			free(npb);
828 			return (NULL);
829 		}
830 
831 		nrr[i].rr_type = BE_IN16(scan); scan += 2;
832 		nrr[i].rr_class = BE_IN16(scan); scan += 2;
833 		nrr[i].ttl = BE_IN32(scan); scan += 4;
834 		nrr[i].rdlength = BE_IN16(scan); scan += 2;
835 
836 		if ((n = nrr[i].rdlength) > 0) {
837 			if ((scan + n) > scan_end) {
838 				/* no room for RDATA */
839 				free(npb);
840 				return (NULL);
841 			}
842 			bcopy(scan, heap, n);
843 
844 			nn = n;
845 			if (nrr[i].rr_type == 0x0020 &&
846 			    nrr[i].rr_class == 0x01 && n >= 6) {
847 				while (nn) {
848 					if (nn == 6)
849 						next = &nrr[i].name->addr_list;
850 					else {
851 						next = malloc(
852 						    sizeof (addr_entry_t));
853 						if (next == 0) {
854 							/* not enough memory */
855 							free(npb);
856 							return (NULL);
857 						}
858 						QUEUE_INSERT_TAIL(
859 						    &nrr[i].name->addr_list,
860 						    next);
861 					}
862 					nrr[i].name->attributes =
863 					    BE_IN16(scan);
864 					next->sin.sin_family = AF_INET;
865 					next->sinlen = sizeof (next->sin);
866 					(void) memcpy(
867 					    &next->sin.sin_addr.s_addr,
868 					    scan + 2, sizeof (uint32_t));
869 					next->sin.sin_port =
870 					    htons(IPPORT_NETBIOS_DGM);
871 					nn -= 6;
872 					scan += 6;
873 				}
874 			} else {
875 				nrr[i].rdata = heap;
876 				scan += n;
877 			}
878 			heap += n;
879 		}
880 	}
881 	return (npb);
882 }
883 
884 /*
885  * smb_send_name_service_packet
886  *
887  * Description:
888  *
889  *	Send out a name service packet to proper destination.
890  *
891  * Inputs:
892  *	struct netbios_name *dest	-> NETBIOS name of destination
893  *	struct name_packet *packet	-> Packet to send
894  *
895  * Returns:
896  *	success	->  >0
897  *	failure	-> <=0
898  */
899 static int
900 smb_send_name_service_packet(addr_entry_t *addr, struct name_packet *packet)
901 {
902 	unsigned char buf[MAX_DATAGRAM_LENGTH];
903 	int len;
904 
905 	if ((len = smb_name_buf_from_packet(buf, sizeof (buf), packet)) < 0) {
906 		errno = EINVAL;
907 		return (-1);
908 	}
909 
910 	return (sendto(name_sock, buf, len, MSG_EOR,
911 	    (struct sockaddr *)&addr->sin, addr->sinlen));
912 }
913 
914 /*
915  * smb_netbios_send_rcv
916  *
917  * This function sends the given NetBIOS packet to the given
918  * address and get back the response. If send operation is not
919  * successful, it's repeated 'retries' times.
920  *
921  * Returns:
922  *		0		Unsuccessful send operation; no reply
923  *		1		Got reply
924  */
925 static int
926 smb_netbios_send_rcv(int bcast, addr_entry_t *destination,
927     struct name_packet *packet, uint32_t retries, uint32_t timeout)
928 {
929 	uint32_t retry;
930 	uint16_t	tid;
931 	struct timespec st;
932 	int	rc;
933 
934 	for (retry = 0; retry < retries; retry++) {
935 		if ((destination->flags & ADDR_FLAG_VALID) == 0)
936 			return (0);
937 
938 		tid = smb_netbios_name_trn_id();
939 		packet->name_trn_id = tid;
940 		if (smb_send_name_service_packet(destination, packet) >= 0) {
941 			rc = smb_netbios_process_response(tid, destination,
942 			    packet, timeout);
943 
944 			if ((rc > 0) || (bcast == BROADCAST))
945 				return (1);
946 
947 			if (rc != 0)
948 				return (0);
949 		}
950 
951 		st.tv_sec = 0;
952 		st.tv_nsec = (timeout * 1000000);
953 		(void) nanosleep(&st, 0);
954 	}
955 
956 	return (0);
957 }
958 
959 /*
960  * RFC 1002 4.2.2.  NAME REGISTRATION REQUEST
961  */
962 static int
963 smb_send_name_registration_request(int bcast, struct name_question *question,
964     struct resource_record *additional)
965 {
966 	int gotreply = 0;
967 	uint32_t retries;
968 	uint32_t timeout;
969 	addr_entry_t *destination;
970 	struct name_packet packet;
971 	unsigned char type;
972 	int i, addr_num, rc;
973 
974 	type = question->name->name[15];
975 	if ((type != NBT_WKSTA) && (type != NBT_SERVER)) {
976 		syslog(LOG_DEBUG, "nbns: name registration bad type (0x%02x)",
977 		    type);
978 		smb_netbios_name_logf(question->name);
979 		question->name->attributes &= ~NAME_ATTR_LOCAL;
980 		return (-1);
981 	}
982 
983 	if (bcast == BROADCAST) {
984 		if (bcast_num == 0)
985 			return (0);
986 		destination = smb_bcast_list;
987 		addr_num = bcast_num;
988 		retries = BCAST_REQ_RETRY_COUNT;
989 		timeout = BCAST_REQ_RETRY_TIMEOUT;
990 		packet.info = NAME_REGISTRATION_REQUEST | NM_FLAGS_BROADCAST;
991 	} else {
992 		if (nbns_num == 0)
993 			return (0);
994 		destination = smb_nbns;
995 		addr_num = nbns_num;
996 		retries = UCAST_REQ_RETRY_COUNT;
997 		timeout = UCAST_REQ_RETRY_TIMEOUT;
998 		packet.info = NAME_REGISTRATION_REQUEST | NM_FLAGS_UNICAST;
999 	}
1000 
1001 	packet.qdcount = 1;	/* question entries */
1002 	packet.question = question;
1003 	packet.ancount = 0;	/* answer recs */
1004 	packet.answer = NULL;
1005 	packet.nscount = 0;	/* authority recs */
1006 	packet.authority = NULL;
1007 	packet.arcount = 1;	/* additional recs */
1008 	packet.additional = additional;
1009 
1010 	if (IS_UNIQUE(question->name->attributes) &&
1011 	    (is_multihome((char *)(question->name->name))))
1012 		packet.info |= NAME_MULTIHOME_REGISTRATION_REQUEST;
1013 
1014 	for (i = 0; i < addr_num; i++) {
1015 		/*
1016 		 * Only register with the Primary WINS server,
1017 		 * unless we got no reply.
1018 		 */
1019 		if ((bcast == UNICAST) && gotreply)
1020 			break;
1021 
1022 		rc = smb_netbios_send_rcv(bcast, &destination[i], &packet,
1023 		    retries, timeout);
1024 		if (rc == 1)
1025 			gotreply = 1;
1026 	}
1027 
1028 	return (gotreply);
1029 }
1030 
1031 /*
1032  * RFC 1002 4.2.4.  NAME REFRESH REQUEST
1033  */
1034 /*ARGSUSED*/
1035 static int
1036 smb_send_name_refresh_request(int bcast, struct name_question *question,
1037     struct resource_record *additional, int force)
1038 {
1039 	int rc = 0;
1040 	int gotreply = 0;
1041 	uint32_t retries;
1042 	uint32_t timeout;
1043 	addr_entry_t *addr;
1044 	addr_entry_t *destination;
1045 	struct name_packet packet;
1046 	unsigned char type;
1047 	int i, addr_num, q_addrs = 0;
1048 
1049 	type = question->name->name[15];
1050 	if ((type != NBT_WKSTA) && (type != NBT_SERVER)) {
1051 		syslog(LOG_DEBUG, "nbns: name refresh bad type (0x%02x)", type);
1052 		smb_netbios_name_logf(question->name);
1053 		question->name->attributes &= ~NAME_ATTR_LOCAL;
1054 		return (-1);
1055 	}
1056 	switch (bcast) {
1057 	case BROADCAST :
1058 		if (bcast_num == 0)
1059 			return (-1);
1060 		destination = smb_bcast_list;
1061 		addr_num = bcast_num;
1062 		retries = BCAST_REQ_RETRY_COUNT;
1063 		timeout = BCAST_REQ_RETRY_TIMEOUT;
1064 		packet.info = NAME_REFRESH_REQUEST | NM_FLAGS_BROADCAST;
1065 		break;
1066 
1067 	case UNICAST :
1068 		if (nbns_num == 0)
1069 			return (-1);
1070 		destination = smb_nbns;
1071 		addr_num = nbns_num;
1072 		retries = UCAST_REQ_RETRY_COUNT;
1073 		timeout = UCAST_REQ_RETRY_TIMEOUT;
1074 		packet.info = NAME_REFRESH_REQUEST | NM_FLAGS_UNICAST;
1075 		break;
1076 
1077 	default:
1078 		destination = &question->name->addr_list;
1079 		/*
1080 		 * the value of addr_num is irrelvant here, because
1081 		 * the code is going to do special_process so it doesn't
1082 		 * need the addr_num. We set a value here just to avoid
1083 		 * compiler warning.
1084 		 */
1085 		addr_num = 0;
1086 		retries = UCAST_REQ_RETRY_COUNT;
1087 		timeout = UCAST_REQ_RETRY_TIMEOUT;
1088 		packet.info = NAME_REFRESH_REQUEST | NM_FLAGS_UNICAST;
1089 		q_addrs = 1;
1090 		break;
1091 	}
1092 
1093 	if (IS_UNIQUE(question->name->attributes) &&
1094 	    (is_multihome((char *)(question->name->name))))
1095 		packet.info |= NAME_MULTIHOME_REGISTRATION_REQUEST;
1096 
1097 	packet.qdcount = 1;	/* question entries */
1098 	packet.question = question;
1099 	packet.ancount = 0;	/* answer recs */
1100 	packet.answer = NULL;
1101 	packet.nscount = 0;	/* authority recs */
1102 	packet.authority = NULL;
1103 	packet.arcount = 1;	/* additional recs */
1104 	packet.additional = additional;
1105 
1106 	if (q_addrs)
1107 		goto special_process;
1108 
1109 	for (i = 0; i < addr_num; i++) {
1110 		rc = smb_netbios_send_rcv(bcast, &destination[i], &packet,
1111 		    retries, timeout);
1112 		if (rc == 1)
1113 			gotreply = 1;
1114 	}
1115 
1116 	return (gotreply);
1117 
1118 special_process:
1119 	addr = destination;
1120 	do {
1121 		rc = smb_netbios_send_rcv(bcast, addr, &packet,
1122 		    retries, timeout);
1123 		if (rc == 1)
1124 			gotreply = 1;
1125 		addr = addr->forw;
1126 	} while (addr != destination);
1127 
1128 	return (gotreply);
1129 }
1130 
1131 /*
1132  * RFC 1002 4.2.5.  POSITIVE NAME REGISTRATION RESPONSE
1133  * RFC 1002 4.2.6.  NEGATIVE NAME REGISTRATION RESPONSE
1134  */
1135 static int
1136 smb_send_name_registration_response(addr_entry_t *addr,
1137     struct name_packet *original_packet, uint16_t rcode)
1138 {
1139 	struct name_packet	packet;
1140 	struct resource_record	answer;
1141 
1142 	bzero(&packet, sizeof (struct name_packet));
1143 	bzero(&answer, sizeof (struct resource_record));
1144 
1145 	packet.name_trn_id = original_packet->name_trn_id;
1146 	packet.info = NAME_REGISTRATION_RESPONSE | NAME_NM_FLAGS_RA |
1147 	    (rcode & NAME_RCODE_MASK);
1148 	packet.qdcount = 0;	/* question entries */
1149 	packet.question = NULL;
1150 	packet.ancount = 1;	/* answer recs */
1151 	packet.answer = &answer;
1152 	packet.nscount = 0;	/* authority recs */
1153 	packet.authority = NULL;
1154 	packet.arcount = 0;	/* additional recs */
1155 	packet.additional = NULL;
1156 
1157 	answer.name = original_packet->question->name;
1158 	answer.rr_type = NAME_QUESTION_TYPE_NB;
1159 	answer.rr_class = NAME_QUESTION_CLASS_IN;
1160 	answer.ttl = original_packet->additional->ttl;
1161 	answer.rdlength = original_packet->additional->rdlength;
1162 	answer.rdata = original_packet->additional->rdata;
1163 
1164 	return (smb_send_name_service_packet(addr, &packet));
1165 }
1166 
1167 /*
1168  * RFC 1002 4.2.9.  NAME RELEASE REQUEST & DEMAND
1169  */
1170 static int
1171 smb_send_name_release_request_and_demand(int bcast,
1172     struct name_question *question, struct resource_record *additional)
1173 {
1174 	int gotreply = 0;
1175 	int i, rc;
1176 	int addr_num;
1177 	uint32_t retries;
1178 	uint32_t timeout;
1179 	addr_entry_t *destination;
1180 	struct name_packet packet;
1181 
1182 	if (bcast == BROADCAST) {
1183 		if (bcast_num == 0)
1184 			return (-1);
1185 		destination = smb_bcast_list;
1186 		addr_num = bcast_num;
1187 		retries = 1; /* BCAST_REQ_RETRY_COUNT */
1188 		timeout = 100; /* BCAST_REQ_RETRY_TIMEOUT */
1189 		packet.info = NAME_RELEASE_REQUEST | NM_FLAGS_BROADCAST;
1190 	} else {
1191 		if (nbns_num == 0)
1192 			return (-1);
1193 		destination = smb_nbns;
1194 		addr_num = nbns_num;
1195 		retries = 1; /* UCAST_REQ_RETRY_COUNT */
1196 		timeout = 100; /* UCAST_REQ_RETRY_TIMEOUT */
1197 		packet.info = NAME_RELEASE_REQUEST | NM_FLAGS_UNICAST;
1198 	}
1199 
1200 	packet.qdcount = 1;	/* question entries */
1201 	packet.question = question;
1202 	packet.ancount = 0;	/* answer recs */
1203 	packet.answer = NULL;
1204 	packet.nscount = 0;	/* authority recs */
1205 	packet.authority = NULL;
1206 	packet.arcount = 1;	/* additional recs */
1207 	packet.additional = additional;
1208 
1209 	for (i = 0; i < addr_num; i++) {
1210 		rc = smb_netbios_send_rcv(bcast, &destination[i], &packet,
1211 		    retries, timeout);
1212 		if (rc == 1)
1213 			gotreply = 1;
1214 	}
1215 
1216 	return (gotreply);
1217 }
1218 
1219 /*
1220  * RFC 1002 4.2.10.  POSITIVE NAME RELEASE RESPONSE
1221  * RFC 1002 4.2.11.  NEGATIVE NAME RELEASE RESPONSE
1222  */
1223 static int
1224 /* LINTED - E_STATIC_UNUSED */
1225 smb_send_name_release_response(addr_entry_t *addr,
1226     struct name_packet *original_packet, uint16_t rcode)
1227 {
1228 	struct name_packet	packet;
1229 	struct resource_record	answer;
1230 
1231 	bzero(&packet, sizeof (struct name_packet));
1232 	bzero(&answer, sizeof (struct resource_record));
1233 
1234 	packet.name_trn_id = original_packet->name_trn_id;
1235 	packet.info = NAME_RELEASE_RESPONSE | (rcode & NAME_RCODE_MASK);
1236 	packet.qdcount = 0;	/* question entries */
1237 	packet.question = NULL;
1238 	packet.ancount = 1;	/* answer recs */
1239 	packet.answer = &answer;
1240 	packet.nscount = 0;	/* authority recs */
1241 	packet.authority = NULL;
1242 	packet.arcount = 0;	/* additional recs */
1243 	packet.additional = NULL;
1244 
1245 	answer.name = original_packet->question->name;
1246 	answer.rr_type = NAME_QUESTION_TYPE_NB;
1247 	answer.rr_class = NAME_QUESTION_CLASS_IN;
1248 	answer.ttl = original_packet->additional->ttl;
1249 	answer.rdlength = original_packet->additional->rdlength;
1250 	answer.rdata = original_packet->additional->rdata;
1251 
1252 	return (smb_send_name_service_packet(addr, &packet));
1253 }
1254 
1255 /*
1256  * RFC 1002 4.2.12.  NAME QUERY REQUEST
1257  */
1258 static int
1259 smb_send_name_query_request(int bcast, struct name_question *question)
1260 {
1261 	int			rc = 0;
1262 	uint32_t		retry, retries;
1263 	uint32_t		timeout;
1264 	uint16_t		tid;
1265 	addr_entry_t		*destination;
1266 	struct name_packet	packet;
1267 	int 			i, addr_num;
1268 	struct timespec 	st;
1269 
1270 	if (bcast == BROADCAST) {
1271 		if (bcast_num == 0)
1272 			return (-1);
1273 		destination = smb_bcast_list;
1274 		addr_num = bcast_num;
1275 		retries = BCAST_REQ_RETRY_COUNT;
1276 		timeout = BCAST_REQ_RETRY_TIMEOUT;
1277 		packet.info = NAME_QUERY_REQUEST | NM_FLAGS_BROADCAST;
1278 	} else {
1279 		if (nbns_num == 0)
1280 			return (-1);
1281 		destination = smb_nbns;
1282 		addr_num = nbns_num;
1283 		retries = UCAST_REQ_RETRY_COUNT;
1284 		timeout = UCAST_REQ_RETRY_TIMEOUT;
1285 		packet.info = NAME_QUERY_REQUEST | NM_FLAGS_UNICAST;
1286 	}
1287 	packet.qdcount = 1;	/* question entries */
1288 	packet.question = question;
1289 	packet.ancount = 0;	/* answer recs */
1290 	packet.answer = NULL;
1291 	packet.nscount = 0;	/* authority recs */
1292 	packet.authority = NULL;
1293 	packet.arcount = 0;	/* additional recs */
1294 	packet.additional = NULL;
1295 
1296 	for (i = 0; i < addr_num; i++) {
1297 		for (retry = 0; retry < retries; retry++) {
1298 			if ((destination[i].flags & ADDR_FLAG_VALID) == 0)
1299 				break;
1300 			tid = smb_netbios_name_trn_id();
1301 			packet.name_trn_id = tid;
1302 
1303 			if (smb_send_name_service_packet(&destination[i],
1304 			    &packet) >= 0) {
1305 				if ((rc = smb_netbios_process_response(tid,
1306 				    &destination[i],
1307 				    &packet, timeout)) != 0)
1308 					break;
1309 			}
1310 			st.tv_sec = 0;
1311 			st.tv_nsec = (timeout * 1000000);
1312 			(void) nanosleep(&st, 0);
1313 		}
1314 	}
1315 
1316 	return (rc);
1317 }
1318 
1319 /*
1320  * RFC 1002 4.2.13.  POSITIVE NAME QUERY RESPONSE
1321  * RFC 1002 4.2.14.  NEGATIVE NAME QUERY RESPONSE
1322  */
1323 static int
1324 smb_send_name_query_response(addr_entry_t *addr,
1325     struct name_packet *original_packet, struct name_entry *entry,
1326     uint16_t rcode)
1327 {
1328 	addr_entry_t		*raddr;
1329 	struct name_packet	packet;
1330 	struct resource_record	answer;
1331 	uint16_t		attr;
1332 	unsigned char 		data[MAX_DATAGRAM_LENGTH];
1333 	unsigned char 		*scan = data;
1334 	uint32_t		ret_addr;
1335 
1336 	packet.name_trn_id = original_packet->name_trn_id;
1337 	packet.info = NAME_QUERY_RESPONSE | (rcode & NAME_RCODE_MASK);
1338 	packet.qdcount = 0;	/* question entries */
1339 	packet.question = NULL;
1340 	packet.ancount = 1;	/* answer recs */
1341 	packet.answer = &answer;
1342 	packet.nscount = 0;	/* authority recs */
1343 	packet.authority = NULL;
1344 	packet.arcount = 0;	/* additional recs */
1345 	packet.additional = NULL;
1346 
1347 	answer.name = entry;
1348 	answer.rr_class = NAME_QUESTION_CLASS_IN;
1349 	answer.ttl = entry->addr_list.ttl;
1350 	answer.rdata = data;
1351 	if (rcode) {
1352 		answer.rr_type = NAME_RR_TYPE_NULL;
1353 		answer.rdlength = 0;
1354 		bzero(data, 6);
1355 	} else {
1356 		answer.rdlength = 0;
1357 		answer.rr_type = NAME_QUESTION_TYPE_NB;
1358 		raddr = &entry->addr_list;
1359 		scan = data;
1360 		do {
1361 			attr = entry->attributes & (NAME_ATTR_GROUP |
1362 			    NAME_ATTR_OWNER_NODE_TYPE);
1363 
1364 			BE_OUT16(scan, attr); scan += 2;
1365 			ret_addr = LE_32(raddr->sin.sin_addr.s_addr);
1366 			*scan++ = ret_addr;
1367 			*scan++ = ret_addr >> 8;
1368 			*scan++ = ret_addr >> 16;
1369 			*scan++ = ret_addr >> 24;
1370 
1371 			answer.rdlength += 6;
1372 			raddr = raddr->forw;
1373 		} while (raddr != &entry->addr_list);
1374 	}
1375 
1376 	return (smb_send_name_service_packet(addr, &packet));
1377 }
1378 
1379 /*
1380  * RFC 1002 4.2.18.  NODE STATUS RESPONSE
1381  */
1382 static int
1383 smb_send_node_status_response(addr_entry_t *addr,
1384     struct name_packet *original_packet)
1385 {
1386 	uint32_t		net_ipaddr;
1387 	int64_t			max_connections;
1388 	struct arpreq 		arpreq;
1389 	struct name_packet	packet;
1390 	struct resource_record	answer;
1391 	unsigned char 		*scan;
1392 	unsigned char 		*scan_end;
1393 	unsigned char		data[MAX_NETBIOS_REPLY_DATA_SIZE];
1394 	boolean_t scan_done = B_FALSE;
1395 	smb_inaddr_t ipaddr;
1396 
1397 	bzero(&packet, sizeof (struct name_packet));
1398 	bzero(&answer, sizeof (struct resource_record));
1399 
1400 	packet.name_trn_id = original_packet->name_trn_id;
1401 	packet.info = NODE_STATUS_RESPONSE;
1402 	packet.qdcount = 0;	/* question entries */
1403 	packet.question = NULL;
1404 	packet.ancount = 1;	/* answer recs */
1405 	packet.answer = &answer;
1406 	packet.nscount = 0;	/* authority recs */
1407 	packet.authority = NULL;
1408 	packet.arcount = 0;	/* additional recs */
1409 	packet.additional = NULL;
1410 
1411 	answer.name = original_packet->question->name;
1412 	answer.rr_type = NAME_RR_TYPE_NBSTAT;
1413 	answer.rr_class = NAME_QUESTION_CLASS_IN;
1414 	answer.ttl = 0;
1415 	answer.rdata = data;
1416 
1417 	scan = smb_netbios_cache_status(data, MAX_NETBIOS_REPLY_DATA_SIZE,
1418 	    original_packet->question->name->scope);
1419 
1420 	scan_end = data + MAX_NETBIOS_REPLY_DATA_SIZE;
1421 
1422 	ipaddr.a_ipv4 = addr->sin.sin_addr.s_addr;
1423 	ipaddr.a_family = AF_INET;
1424 	if (smb_nic_is_same_subnet(&ipaddr))
1425 		net_ipaddr = addr->sin.sin_addr.s_addr;
1426 	else
1427 		net_ipaddr = 0;
1428 
1429 	(void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &max_connections);
1430 
1431 	while (!scan_done) {
1432 		if ((scan + 6) >= scan_end) {
1433 			packet.info |= NAME_NM_FLAGS_TC;
1434 			break;
1435 		}
1436 
1437 		if (net_ipaddr != 0) {
1438 			struct sockaddr_in *s_in;
1439 			int s;
1440 
1441 			s = socket(AF_INET, SOCK_DGRAM, 0);
1442 			/* LINTED - E_BAD_PTR_CAST_ALIGN */
1443 			s_in = (struct sockaddr_in *)&arpreq.arp_pa;
1444 			s_in->sin_family = AF_INET;
1445 			s_in->sin_addr.s_addr = net_ipaddr;
1446 			if (ioctl(s, SIOCGARP, (caddr_t)&arpreq) < 0) {
1447 				bzero(scan, 6);
1448 			} else {
1449 				bcopy(&arpreq.arp_ha.sa_data, scan, 6);
1450 			}
1451 			(void) close(s);
1452 		} else {
1453 			bzero(scan, 6);
1454 		}
1455 		scan += 6;
1456 
1457 		if ((scan + 26) >= scan_end) {
1458 			packet.info |= NAME_NM_FLAGS_TC;
1459 			break;
1460 		}
1461 		bzero(scan, 26);
1462 		scan += 26;
1463 
1464 		if ((scan + 2) >= scan_end) {
1465 			packet.info |= NAME_NM_FLAGS_TC;
1466 			break;
1467 		}
1468 		BE_OUT16(scan, 0); scan += 2;
1469 
1470 		if ((scan + 2) >= scan_end) {
1471 			packet.info |= NAME_NM_FLAGS_TC;
1472 			break;
1473 		}
1474 		BE_OUT16(scan, 0); scan += 2;
1475 
1476 		if ((scan + 2) >= scan_end) {
1477 			packet.info |= NAME_NM_FLAGS_TC;
1478 			break;
1479 		}
1480 		BE_OUT16(scan, 0); scan += 2;
1481 
1482 		if ((scan + 2) >= scan_end) {
1483 			packet.info |= NAME_NM_FLAGS_TC;
1484 			break;
1485 		}
1486 		BE_OUT16(scan, 0); scan += 2;
1487 
1488 		if ((scan + 2) >= scan_end) {
1489 			packet.info |= NAME_NM_FLAGS_TC;
1490 			break;
1491 		}
1492 		BE_OUT16(scan, 0); scan += 2;
1493 
1494 		if ((scan + 2) >= scan_end) {
1495 			packet.info |= NAME_NM_FLAGS_TC;
1496 			break;
1497 		}
1498 		BE_OUT16(scan, 0); scan += 2;
1499 
1500 		if ((scan + 2) >= scan_end) {
1501 			packet.info |= NAME_NM_FLAGS_TC;
1502 			break;
1503 		}
1504 		BE_OUT16(scan, 0); scan += 2;
1505 
1506 		if ((scan + 2) >= scan_end) {
1507 			packet.info |= NAME_NM_FLAGS_TC;
1508 			break;
1509 		}
1510 		BE_OUT16(scan, max_connections); scan += 2;
1511 
1512 		if ((scan + 2) >= scan_end) {
1513 			packet.info |= NAME_NM_FLAGS_TC;
1514 			break;
1515 		}
1516 
1517 		BE_OUT16(scan, 0); scan += 2;
1518 
1519 		scan_done = B_TRUE;
1520 	}
1521 	answer.rdlength = scan - data;
1522 	return (smb_send_name_service_packet(addr, &packet));
1523 }
1524 
1525 static int
1526 smb_name_Bnode_add_name(struct name_entry *name)
1527 {
1528 	struct name_question		question;
1529 	struct resource_record		additional;
1530 	unsigned char 			data[8];
1531 	uint16_t			attr;
1532 	addr_entry_t			*addr;
1533 	int rc = 0;
1534 
1535 	addr = &name->addr_list;
1536 
1537 	do {
1538 		/* build name service packet */
1539 		question.name = name;
1540 		/*
1541 		 * question.name->attributes |= NAME_NB_FLAGS_ONT_B;
1542 		 * This is commented because NAME_NB_FLAGS_ONT_B is 0
1543 		 */
1544 		question.question_type = NAME_QUESTION_TYPE_NB;
1545 		question.question_class = NAME_QUESTION_CLASS_IN;
1546 
1547 		additional.name = name;
1548 		additional.rr_class = NAME_QUESTION_CLASS_IN;
1549 		additional.ttl = 0;
1550 		additional.rdata = data;
1551 		additional.rdlength = 6;
1552 		additional.rr_type = NAME_QUESTION_TYPE_NB;
1553 		attr = name->attributes & (NAME_ATTR_GROUP |
1554 		    NAME_ATTR_OWNER_NODE_TYPE);
1555 
1556 		BE_OUT16(&data[0], attr);
1557 		(void) memcpy(&data[2], &addr->sin.sin_addr.s_addr,
1558 		    sizeof (uint32_t));
1559 
1560 		rc |= smb_send_name_registration_request(BROADCAST, &question,
1561 		    &additional);
1562 		addr = addr->forw;
1563 
1564 	} while (addr != &name->addr_list);
1565 
1566 	return (rc);
1567 }
1568 
1569 static int
1570 smb_name_Bnode_find_name(struct name_entry *name)
1571 {
1572 	struct name_question	question;
1573 
1574 	question.name = name;
1575 	question.question_type = NAME_QUESTION_TYPE_NB;
1576 	question.question_class = NAME_QUESTION_CLASS_IN;
1577 
1578 	return (smb_send_name_query_request(BROADCAST, &question));
1579 }
1580 
1581 static int
1582 smb_name_Bnode_delete_name(struct name_entry *name)
1583 {
1584 	struct name_question	question;
1585 	struct resource_record	additional;
1586 	addr_entry_t		*raddr;
1587 	unsigned char		data[MAX_DATAGRAM_LENGTH];
1588 	unsigned char		*scan = data;
1589 	uint32_t		attr;
1590 	uint32_t		ret_addr;
1591 
1592 	/* build packet */
1593 	question.name = name;
1594 	question.question_type = NAME_QUESTION_TYPE_NB;
1595 	question.question_class = NAME_QUESTION_CLASS_IN;
1596 
1597 	additional.name = name;
1598 	additional.rr_class = NAME_QUESTION_CLASS_IN;
1599 	additional.ttl = 0;
1600 	additional.rdata = data;
1601 	additional.rdlength = 0;
1602 	additional.rr_type = NAME_QUESTION_TYPE_NB;
1603 	raddr = &name->addr_list;
1604 	scan = data;
1605 	do {
1606 		attr = name->attributes & (NAME_ATTR_GROUP |
1607 		    NAME_ATTR_OWNER_NODE_TYPE);
1608 
1609 		BE_OUT16(scan, attr); scan += 2;
1610 		ret_addr = LE_32(raddr->sin.sin_addr.s_addr);
1611 		*scan++ = ret_addr;
1612 		*scan++ = ret_addr >> 8;
1613 		*scan++ = ret_addr >> 16;
1614 		*scan++ = ret_addr >> 24;
1615 
1616 		additional.rdlength += 6;
1617 	} while (raddr != &name->addr_list);
1618 
1619 	return (smb_send_name_release_request_and_demand(BROADCAST,
1620 	    &question, &additional));
1621 }
1622 
1623 static int
1624 smb_name_Pnode_add_name(struct name_entry *name)
1625 {
1626 	struct name_question		question;
1627 	struct resource_record		additional;
1628 	unsigned char 			data[8];
1629 	uint16_t			attr;
1630 	addr_entry_t			*addr;
1631 	int rc = 0;
1632 
1633 	/* build packet */
1634 	addr = &name->addr_list;
1635 	do {
1636 		question.name = name;
1637 		question.question_type = NAME_QUESTION_TYPE_NB;
1638 		question.question_class = NAME_QUESTION_CLASS_IN;
1639 
1640 		additional.name = name;
1641 		additional.rr_class = NAME_QUESTION_CLASS_IN;
1642 		additional.ttl = 0;
1643 		additional.rdata = data;
1644 		additional.rdlength = 6;
1645 		additional.rr_type = NAME_QUESTION_TYPE_NB;
1646 		attr = name->attributes &
1647 		    (NAME_ATTR_GROUP | NAME_ATTR_OWNER_NODE_TYPE);
1648 
1649 		BE_OUT16(&data[0], attr);
1650 		(void) memcpy(&data[2], &addr->sin.sin_addr.s_addr,
1651 		    sizeof (uint32_t));
1652 
1653 		rc |= smb_send_name_registration_request(UNICAST, &question,
1654 		    &additional);
1655 
1656 		addr = addr->forw;
1657 
1658 	} while (addr != &name->addr_list);
1659 
1660 	return (rc);
1661 }
1662 
1663 static int
1664 smb_name_Pnode_refresh_name(struct name_entry *name)
1665 {
1666 	struct name_question		question;
1667 	struct resource_record		additional;
1668 	unsigned char 			data[8];
1669 	uint16_t			attr;
1670 	addr_entry_t			*addr;
1671 	int rc = 0;
1672 
1673 	/* build packet */
1674 	addr = &name->addr_list;
1675 	do {
1676 		question.name = name;
1677 		question.question_type = NAME_QUESTION_TYPE_NB;
1678 		question.question_class = NAME_QUESTION_CLASS_IN;
1679 
1680 		additional.name = name;
1681 		additional.rr_class = NAME_QUESTION_CLASS_IN;
1682 		additional.ttl = 0;
1683 		additional.rdata = data;
1684 		additional.rdlength = 6;
1685 		additional.rr_type = NAME_QUESTION_TYPE_NB;
1686 		attr = name->attributes &
1687 		    (NAME_ATTR_GROUP | NAME_ATTR_OWNER_NODE_TYPE);
1688 
1689 		BE_OUT16(&data[0], attr);
1690 		(void) memcpy(&data[2], &addr->sin.sin_addr.s_addr,
1691 		    sizeof (uint32_t));
1692 
1693 		rc |= smb_send_name_refresh_request(UNICAST, &question,
1694 		    &additional, 1);
1695 
1696 		addr = addr->forw;
1697 	} while (addr != &name->addr_list);
1698 
1699 	return (rc);
1700 }
1701 
1702 static int
1703 smb_name_Pnode_find_name(struct name_entry *name)
1704 {
1705 	struct name_question	question;
1706 
1707 	/*
1708 	 * Host initiated processing for a P node
1709 	 */
1710 	question.name = name;
1711 	question.name->attributes |= NAME_NB_FLAGS_ONT_P;
1712 	question.question_type = NAME_QUESTION_TYPE_NB;
1713 	question.question_class = NAME_QUESTION_CLASS_IN;
1714 
1715 	return (smb_send_name_query_request(UNICAST, &question));
1716 }
1717 
1718 static int
1719 smb_name_Pnode_delete_name(struct name_entry *name)
1720 {
1721 	struct name_question	question;
1722 	struct resource_record	additional;
1723 	addr_entry_t		*raddr;
1724 	unsigned char		data[MAX_DATAGRAM_LENGTH];
1725 	unsigned char		*scan = data;
1726 	uint32_t		attr;
1727 	uint32_t		ret_addr;
1728 
1729 	/* build packet */
1730 	question.name = name;
1731 	question.name->attributes |= NAME_NB_FLAGS_ONT_P;
1732 	question.question_type = NAME_QUESTION_TYPE_NB;
1733 	question.question_class = NAME_QUESTION_CLASS_IN;
1734 
1735 	additional.name = name;
1736 	additional.rr_class = NAME_QUESTION_CLASS_IN;
1737 	additional.ttl = 0;
1738 	additional.rdata = data;
1739 	additional.rdlength = 0;
1740 	additional.rr_type = NAME_QUESTION_TYPE_NB;
1741 	raddr = &name->addr_list;
1742 	do {
1743 		scan = data;
1744 		attr = name->attributes & (NAME_ATTR_GROUP |
1745 		    NAME_ATTR_OWNER_NODE_TYPE);
1746 
1747 		BE_OUT16(scan, attr); scan += 2;
1748 		ret_addr = LE_32(raddr->sin.sin_addr.s_addr);
1749 		*scan++ = ret_addr;
1750 		*scan++ = ret_addr >> 8;
1751 		*scan++ = ret_addr >> 16;
1752 		*scan++ = ret_addr >> 24;
1753 
1754 		additional.rdlength = 6;
1755 		raddr = raddr->forw;
1756 		(void) smb_send_name_release_request_and_demand(UNICAST,
1757 		    &question, &additional);
1758 	} while (raddr != &name->addr_list);
1759 
1760 	return (1);
1761 }
1762 
1763 static int
1764 smb_name_Mnode_add_name(struct name_entry *name)
1765 {
1766 	if (smb_name_Bnode_add_name(name) > 0) {
1767 		if (nbns_num == 0)
1768 			return (1); /* No name server configured */
1769 
1770 		return (smb_name_Pnode_add_name(name));
1771 	}
1772 	return (-1);
1773 }
1774 
1775 static int
1776 smb_name_Hnode_add_name(struct name_entry *name)
1777 {
1778 	if (nbns_num > 0) {
1779 		if (smb_name_Pnode_add_name(name) == 1)
1780 			return (1);
1781 	}
1782 
1783 	return (smb_name_Bnode_add_name(name));
1784 }
1785 
1786 static int
1787 smb_name_Mnode_find_name(struct name_entry *name)
1788 {
1789 	if (smb_name_Bnode_find_name(name) == 1)
1790 		return (1);
1791 
1792 	if (nbns_num == 0)
1793 		return (1); /* No name server configured */
1794 
1795 	return (smb_name_Pnode_find_name(name));
1796 }
1797 
1798 static int
1799 smb_name_Hnode_find_name(struct name_entry *name)
1800 {
1801 	if (nbns_num > 0)
1802 		if (smb_name_Pnode_find_name(name) == 1)
1803 			return (1);
1804 
1805 	return (smb_name_Bnode_find_name(name));
1806 }
1807 
1808 static int
1809 smb_name_Mnode_delete_name(struct name_entry *name)
1810 {
1811 	(void) smb_name_Bnode_delete_name(name);
1812 
1813 	if (nbns_num == 0)
1814 		return (-1); /* No name server configured */
1815 
1816 	if (smb_name_Pnode_delete_name(name) > 0)
1817 		return (1);
1818 
1819 	return (-1);
1820 }
1821 
1822 static int
1823 smb_name_Hnode_delete_name(struct name_entry *name)
1824 {
1825 	if (nbns_num > 0)
1826 		if (smb_name_Pnode_delete_name(name) > 0)
1827 			return (1);
1828 
1829 	return (smb_name_Bnode_delete_name(name));
1830 }
1831 
1832 static void
1833 smb_name_process_Bnode_packet(struct name_packet *packet, addr_entry_t *addr)
1834 {
1835 	struct name_entry 	*name;
1836 	struct name_entry 	*entry;
1837 	struct name_question 	*question;
1838 	struct resource_record 	*additional;
1839 
1840 	question = packet->question;
1841 	additional = packet->additional;
1842 
1843 	switch (packet->info & NAME_OPCODE_OPCODE_MASK) {
1844 	case NAME_OPCODE_REFRESH:
1845 		/* Guard against malformed packets */
1846 		if ((question == 0) || (additional == 0))
1847 			break;
1848 		if (additional->name->addr_list.sin.sin_addr.s_addr == 0)
1849 			break;
1850 
1851 		name = question->name;
1852 		name->addr_list.ttl = additional->ttl;
1853 		name->attributes = additional->name->attributes;
1854 		name->addr_list.sin = additional->name->addr_list.sin;
1855 		name->addr_list.forw = name->addr_list.back = &name->addr_list;
1856 
1857 		if ((entry = smb_netbios_cache_lookup_addr(name)) != 0) {
1858 			smb_netbios_cache_update_entry(entry, question->name);
1859 			smb_netbios_cache_unlock_entry(entry);
1860 		}
1861 		else
1862 			(void) smb_netbios_cache_insert(question->name);
1863 		break;
1864 
1865 	case NAME_OPCODE_QUERY:
1866 		/*
1867 		 * This opcode covers both NAME_QUERY_REQUEST and
1868 		 * NODE_STATUS_REQUEST. They can be distinguished
1869 		 * based on the type of question entry.
1870 		 */
1871 
1872 		/* All query requests have to have question entry */
1873 		if (question == 0)
1874 			break;
1875 
1876 		if (question->question_type == NAME_QUESTION_TYPE_NB) {
1877 			name = question->name;
1878 			if ((entry = smb_netbios_cache_lookup(name)) != 0) {
1879 				(void) smb_send_name_query_response(addr,
1880 				    packet, entry, 0);
1881 				smb_netbios_cache_unlock_entry(entry);
1882 			}
1883 		}
1884 		else
1885 		if (question->question_type == NAME_QUESTION_TYPE_NBSTAT) {
1886 			/*
1887 			 * Name of "*" may be used to force node to
1888 			 * divulge status for administrative purposes
1889 			 */
1890 			name = question->name;
1891 			entry = 0;
1892 			if (NETBIOS_NAME_IS_STAR(name->name) ||
1893 			    ((entry = smb_netbios_cache_lookup(name)) != 0)) {
1894 				if (entry)
1895 					smb_netbios_cache_unlock_entry(entry);
1896 				/*
1897 				 * send only those names that are
1898 				 * in the same scope as the scope
1899 				 * field in the request packet
1900 				 */
1901 				(void) smb_send_node_status_response(addr,
1902 				    packet);
1903 			}
1904 		}
1905 		break;
1906 
1907 	default:
1908 		break;
1909 	}
1910 }
1911 
1912 static void
1913 smb_name_process_Pnode_packet(struct name_packet *packet, addr_entry_t *addr)
1914 {
1915 	struct name_entry 	*name;
1916 	struct name_entry 	*entry;
1917 	struct name_question 	*question;
1918 	struct resource_record 	*additional;
1919 
1920 	question = packet->question;
1921 	additional = packet->additional;
1922 
1923 	if (packet->info & NAME_NM_FLAGS_B) {
1924 		/*
1925 		 * always ignore UDP broadcast packets
1926 		 */
1927 		return;
1928 	}
1929 
1930 	switch (packet->info & NAME_OPCODE_OPCODE_MASK) {
1931 	case NAME_OPCODE_REFRESH:
1932 		/* Guard against malformed packets */
1933 		if ((question == 0) || (additional == 0))
1934 			break;
1935 		if (additional->name->addr_list.sin.sin_addr.s_addr == 0)
1936 			break;
1937 
1938 		name = question->name;
1939 		name->addr_list.ttl = additional->ttl;
1940 		name->attributes = additional->name->attributes;
1941 		name->addr_list.sin = additional->name->addr_list.sin;
1942 		name->addr_list.forw = name->addr_list.back = &name->addr_list;
1943 
1944 		if ((entry = smb_netbios_cache_lookup(name)) != 0) {
1945 			smb_netbios_cache_update_entry(entry, name);
1946 			smb_netbios_cache_unlock_entry(entry);
1947 		}
1948 		else
1949 			(void) smb_netbios_cache_insert(name);
1950 
1951 		(void) smb_send_name_registration_response(addr, packet, 0);
1952 		break;
1953 
1954 	case NAME_OPCODE_QUERY:
1955 		/*
1956 		 * This opcode covers both NAME_QUERY_REQUEST and
1957 		 * NODE_STATUS_REQUEST. They can be distinguished
1958 		 * based on the type of question entry.
1959 		 */
1960 
1961 		/* All query requests have to have question entry */
1962 		if (question == 0)
1963 			break;
1964 
1965 		if (question->question_type == NAME_QUESTION_TYPE_NB) {
1966 			name = question->name;
1967 			if ((entry = smb_netbios_cache_lookup(name)) != 0) {
1968 				/*
1969 				 * send response to the IP address and port
1970 				 * number from which the request was received.
1971 				 */
1972 				(void) smb_send_name_query_response(addr,
1973 				    packet, entry, 0);
1974 				smb_netbios_cache_unlock_entry(entry);
1975 			} else {
1976 				/*
1977 				 * send response to the requestor
1978 				 */
1979 				(void) smb_send_name_query_response(addr,
1980 				    packet, name, RCODE_NAM_ERR);
1981 			}
1982 		}
1983 		else
1984 		if (question->question_type == NAME_QUESTION_TYPE_NBSTAT) {
1985 			/*
1986 			 * Name of "*" may be used to force node to
1987 			 * divulge status for administrative purposes
1988 			 */
1989 			name = question->name;
1990 			entry = 0;
1991 			if (NETBIOS_NAME_IS_STAR(name->name) ||
1992 			    ((entry = smb_netbios_cache_lookup(name)) != 0)) {
1993 				/*
1994 				 * send only those names that are
1995 				 * in the same scope as the scope
1996 				 * field in the request packet
1997 				 */
1998 				if (entry)
1999 					smb_netbios_cache_unlock_entry(entry);
2000 				(void) smb_send_node_status_response(addr,
2001 				    packet);
2002 			}
2003 		}
2004 		break;
2005 
2006 	default:
2007 		break;
2008 	}
2009 }
2010 
2011 static void
2012 smb_name_process_Mnode_packet(struct name_packet *packet, addr_entry_t *addr)
2013 {
2014 	if (packet->info & NAME_NM_FLAGS_B)
2015 		smb_name_process_Bnode_packet(packet, addr);
2016 	else
2017 		smb_name_process_Pnode_packet(packet, addr);
2018 }
2019 
2020 static void
2021 smb_name_process_Hnode_packet(struct name_packet *packet, addr_entry_t *addr)
2022 {
2023 	if (packet->info & NAME_NM_FLAGS_B)
2024 		smb_name_process_Bnode_packet(packet, addr);
2025 	else
2026 		smb_name_process_Pnode_packet(packet, addr);
2027 }
2028 
2029 
2030 /*
2031  * smb_netbios_name_tick
2032  *
2033  * Called once a second to handle name server timeouts.
2034  */
2035 void
2036 smb_netbios_name_tick(void)
2037 {
2038 	struct name_entry *name;
2039 	struct name_entry *entry;
2040 
2041 	(void) mutex_lock(&refresh_queue.mtx);
2042 	smb_netbios_cache_refresh(&refresh_queue);
2043 
2044 	while ((name = refresh_queue.head.forw) != &refresh_queue.head) {
2045 		QUEUE_CLIP(name);
2046 		if (IS_LOCAL(name->attributes)) {
2047 			if (IS_UNIQUE(name->attributes)) {
2048 				(void) smb_name_Pnode_refresh_name(name);
2049 			}
2050 		} else {
2051 			entry = smb_name_find_name(name);
2052 			smb_name_unlock_name(entry);
2053 		}
2054 		free(name);
2055 	}
2056 	(void) mutex_unlock(&refresh_queue.mtx);
2057 
2058 	smb_netbios_cache_reset_ttl();
2059 }
2060 
2061 /*
2062  * smb_name_find_name
2063  *
2064  * Lookup name cache for the given name.
2065  * If it's not in the cache it'll send a
2066  * name query request and then lookup the
2067  * cache again. Note that if a name is
2068  * returned it's locked and called MUST
2069  * unlock it by calling smb_name_unlock_name()
2070  */
2071 struct name_entry *
2072 smb_name_find_name(struct name_entry *name)
2073 {
2074 	struct name_entry *result;
2075 
2076 	if ((result = smb_netbios_cache_lookup(name)) == 0) {
2077 		switch (smb_node_type) {
2078 		case 'B':
2079 			(void) smb_name_Bnode_find_name(name);
2080 			break;
2081 		case 'P':
2082 			(void) smb_name_Pnode_find_name(name);
2083 			break;
2084 		case 'M':
2085 			(void) smb_name_Mnode_find_name(name);
2086 			break;
2087 		case 'H':
2088 		default:
2089 			(void) smb_name_Hnode_find_name(name);
2090 			break;
2091 		}
2092 		return (smb_netbios_cache_lookup(name));
2093 	}
2094 
2095 	return (result);
2096 }
2097 
2098 void
2099 smb_name_unlock_name(struct name_entry *name)
2100 {
2101 	smb_netbios_cache_unlock_entry(name);
2102 }
2103 
2104 int
2105 smb_name_add_name(struct name_entry *name)
2106 {
2107 	int			rc = 1;
2108 
2109 	smb_netbios_name_logf(name);
2110 
2111 	switch (smb_node_type) {
2112 	case 'B':
2113 		rc = smb_name_Bnode_add_name(name);
2114 		break;
2115 	case 'P':
2116 		rc = smb_name_Pnode_add_name(name);
2117 		break;
2118 	case 'M':
2119 		rc = smb_name_Mnode_add_name(name);
2120 		break;
2121 	case 'H':
2122 	default:
2123 		rc = smb_name_Hnode_add_name(name);
2124 		break;
2125 	}
2126 
2127 	if (rc >= 0)
2128 		(void) smb_netbios_cache_insert(name);
2129 
2130 	return (rc);
2131 }
2132 
2133 int
2134 smb_name_delete_name(struct name_entry *name)
2135 {
2136 	int			rc;
2137 	unsigned char type;
2138 
2139 	type = name->name[15];
2140 	if ((type != NBT_WKSTA) && (type != NBT_SERVER)) {
2141 		syslog(LOG_DEBUG, "nbns: name delete bad type (0x%02x)", type);
2142 		smb_netbios_name_logf(name);
2143 		name->attributes &= ~NAME_ATTR_LOCAL;
2144 		return (-1);
2145 	}
2146 
2147 	smb_netbios_cache_delete(name);
2148 
2149 	switch (smb_node_type) {
2150 	case 'B':
2151 		rc = smb_name_Bnode_delete_name(name);
2152 		break;
2153 	case 'P':
2154 		rc = smb_name_Pnode_delete_name(name);
2155 		break;
2156 	case 'M':
2157 		rc = smb_name_Mnode_delete_name(name);
2158 		break;
2159 	case 'H':
2160 	default:
2161 		rc = smb_name_Hnode_delete_name(name);
2162 		break;
2163 	}
2164 
2165 	if (rc > 0)
2166 		return (0);
2167 
2168 	return (-1);
2169 }
2170 
2171 typedef struct {
2172 	addr_entry_t *addr;
2173 	char *buf;
2174 	int length;
2175 } worker_param_t;
2176 
2177 /*
2178  * smb_netbios_worker
2179  *
2180  * Process incoming request/response packets for Netbios
2181  * name service (on port 138).
2182  */
2183 void *
2184 smb_netbios_worker(void *arg)
2185 {
2186 	worker_param_t *p = (worker_param_t *)arg;
2187 	addr_entry_t *addr = p->addr;
2188 	struct name_packet *packet;
2189 
2190 	if ((packet = smb_name_buf_to_packet(p->buf, p->length)) != NULL) {
2191 		if (packet->info & NAME_OPCODE_R) {
2192 			/* Reply packet */
2193 			smb_reply_ready(packet, addr);
2194 			free(p->buf);
2195 			free(p);
2196 			return (NULL);
2197 		}
2198 
2199 		/* Request packet */
2200 		switch (smb_node_type) {
2201 		case 'B':
2202 			smb_name_process_Bnode_packet(packet, addr);
2203 			break;
2204 		case 'P':
2205 			smb_name_process_Pnode_packet(packet, addr);
2206 			break;
2207 		case 'M':
2208 			smb_name_process_Mnode_packet(packet, addr);
2209 			break;
2210 		case 'H':
2211 		default:
2212 			smb_name_process_Hnode_packet(packet, addr);
2213 			break;
2214 		}
2215 
2216 		if (packet->answer)
2217 			smb_netbios_name_freeaddrs(packet->answer->name);
2218 		free(packet);
2219 	} else {
2220 		syslog(LOG_ERR, "nbns: packet decode failed");
2221 	}
2222 
2223 	free(addr);
2224 	free(p->buf);
2225 	free(p);
2226 	return (NULL);
2227 }
2228 
2229 /*
2230  * Configure the node type.  If a WINS server has been specified,
2231  * act like an H-node.  Otherwise, behave like a B-node.
2232  */
2233 static void
2234 smb_netbios_node_config(void)
2235 {
2236 	static smb_cfg_id_t	wins[SMB_PI_MAX_WINS] = {
2237 		SMB_CI_WINS_SRV1,
2238 		SMB_CI_WINS_SRV2
2239 	};
2240 	char		ipstr[16];
2241 	uint32_t	ipaddr;
2242 	int		i;
2243 
2244 	smb_node_type = SMB_NODETYPE_B;
2245 	nbns_num = 0;
2246 	bzero(smb_nbns, sizeof (addr_entry_t) * SMB_PI_MAX_WINS);
2247 
2248 	for (i = 0; i < SMB_PI_MAX_WINS; ++i) {
2249 		ipstr[0] = '\0';
2250 		(void) smb_config_getstr(wins[i], ipstr, sizeof (ipstr));
2251 
2252 		if ((ipaddr = inet_addr(ipstr)) == INADDR_NONE)
2253 			continue;
2254 
2255 		smb_node_type = SMB_NODETYPE_H;
2256 		smb_nbns[nbns_num].flags = ADDR_FLAG_VALID;
2257 		smb_nbns[nbns_num].sinlen = sizeof (struct sockaddr_in);
2258 		smb_nbns[nbns_num].sin.sin_family = AF_INET;
2259 		smb_nbns[nbns_num].sin.sin_addr.s_addr = ipaddr;
2260 		smb_nbns[nbns_num].sin.sin_port = htons(IPPORT_NETBIOS_NS);
2261 		nbns_num++;
2262 	}
2263 }
2264 
2265 static void
2266 smb_netbios_name_registration(void)
2267 {
2268 	nbcache_iter_t nbc_iter;
2269 	struct name_entry *name;
2270 	int rc;
2271 
2272 	rc = smb_netbios_cache_getfirst(&nbc_iter);
2273 	while (rc == 0) {
2274 		name = nbc_iter.nbc_entry;
2275 		(void) smb_netbios_name_logf(name);
2276 		if (IS_UNIQUE(name->attributes) && IS_LOCAL(name->attributes)) {
2277 			switch (smb_node_type) {
2278 			case SMB_NODETYPE_B:
2279 				(void) smb_name_Bnode_add_name(name);
2280 				break;
2281 			case SMB_NODETYPE_P:
2282 				(void) smb_name_Pnode_add_name(name);
2283 				break;
2284 			case SMB_NODETYPE_M:
2285 				(void) smb_name_Mnode_add_name(name);
2286 				break;
2287 			case SMB_NODETYPE_H:
2288 			default:
2289 				(void) smb_name_Hnode_add_name(name);
2290 				break;
2291 			}
2292 		}
2293 		free(name);
2294 		rc = smb_netbios_cache_getnext(&nbc_iter);
2295 	}
2296 }
2297 
2298 /*
2299  * Note that the node configuration must be setup before calling
2300  * smb_init_name_struct().
2301  */
2302 void
2303 smb_netbios_name_config(void)
2304 {
2305 	addr_entry_t		*bcast_entry;
2306 	struct name_entry	name;
2307 	smb_niciter_t		ni;
2308 	int			rc;
2309 
2310 	(void) mutex_lock(&nbt_name_config_mtx);
2311 	smb_netbios_node_config();
2312 
2313 	bcast_num = 0;
2314 	bzero(smb_bcast_list, sizeof (addr_entry_t) * SMB_PI_MAX_NETWORKS);
2315 
2316 	rc = smb_nic_getfirst(&ni);
2317 	while (rc == SMB_NIC_SUCCESS) {
2318 		if ((ni.ni_nic.nic_smbflags & SMB_NICF_NBEXCL) ||
2319 		    (ni.ni_nic.nic_smbflags & SMB_NICF_ALIAS)) {
2320 			rc = smb_nic_getnext(&ni);
2321 			continue;
2322 		}
2323 
2324 		bcast_entry = &smb_bcast_list[bcast_num];
2325 		bcast_entry->flags = ADDR_FLAG_VALID;
2326 		bcast_entry->attributes = NAME_ATTR_LOCAL;
2327 		bcast_entry->sinlen = sizeof (struct sockaddr_in);
2328 		bcast_entry->sin.sin_family = AF_INET;
2329 		bcast_entry->sin.sin_port = htons(IPPORT_NETBIOS_NS);
2330 		bcast_entry->sin.sin_addr.s_addr = ni.ni_nic.nic_bcast;
2331 		bcast_num++;
2332 
2333 		smb_init_name_struct((unsigned char *)ni.ni_nic.nic_host,
2334 		    NBT_WKSTA, 0, ni.ni_nic.nic_ip.a_ipv4,
2335 		    htons(IPPORT_NETBIOS_DGM),
2336 		    NAME_ATTR_UNIQUE, NAME_ATTR_LOCAL, &name);
2337 		(void) smb_netbios_cache_insert(&name);
2338 
2339 		smb_init_name_struct((unsigned char *)ni.ni_nic.nic_host,
2340 		    NBT_SERVER, 0, ni.ni_nic.nic_ip.a_ipv4,
2341 		    htons(IPPORT_NETBIOS_DGM),
2342 		    NAME_ATTR_UNIQUE, NAME_ATTR_LOCAL, &name);
2343 		(void) smb_netbios_cache_insert(&name);
2344 
2345 		rc = smb_nic_getnext(&ni);
2346 	}
2347 
2348 	smb_netbios_name_registration();
2349 	(void) mutex_unlock(&nbt_name_config_mtx);
2350 }
2351 
2352 void
2353 smb_netbios_name_unconfig(void)
2354 {
2355 	struct name_entry *name;
2356 
2357 	(void) mutex_lock(&nbt_name_config_mtx);
2358 	(void) mutex_lock(&delete_queue.mtx);
2359 	smb_netbios_cache_delete_locals(&delete_queue);
2360 
2361 	while ((name = delete_queue.head.forw) != &delete_queue.head) {
2362 		QUEUE_CLIP(name);
2363 		(void) smb_name_delete_name(name);
2364 		free(name);
2365 	}
2366 	(void) mutex_unlock(&delete_queue.mtx);
2367 	(void) mutex_unlock(&nbt_name_config_mtx);
2368 }
2369 
2370 void
2371 smb_netbios_name_reconfig(void)
2372 {
2373 	smb_netbios_name_unconfig();
2374 	smb_netbios_name_config();
2375 }
2376 
2377 /*
2378  * NetBIOS Name Service (port 137)
2379  */
2380 /*ARGSUSED*/
2381 void *
2382 smb_netbios_name_service(void *arg)
2383 {
2384 	struct sockaddr_in	sin;
2385 	addr_entry_t		*addr;
2386 	int			len;
2387 	int			flag = 1;
2388 	char			*buf;
2389 	worker_param_t 		*worker_param;
2390 	smb_inaddr_t		ipaddr;
2391 
2392 	/*
2393 	 * Initialize reply_queue
2394 	 */
2395 	bzero(&reply_queue, sizeof (reply_queue));
2396 	reply_queue.forw = reply_queue.back = &reply_queue;
2397 
2398 	if ((name_sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
2399 		syslog(LOG_ERR, "nbns: socket failed: %m");
2400 		smb_netbios_event(NETBIOS_EVENT_ERROR);
2401 		return (NULL);
2402 	}
2403 
2404 	flag = 1;
2405 	(void) setsockopt(name_sock, SOL_SOCKET, SO_REUSEADDR, &flag,
2406 	    sizeof (flag));
2407 	flag = 1;
2408 	(void) setsockopt(name_sock, SOL_SOCKET, SO_BROADCAST, &flag,
2409 	    sizeof (flag));
2410 
2411 	bzero(&sin, sizeof (struct sockaddr_in));
2412 	sin.sin_family = AF_INET;
2413 	sin.sin_port = htons(IPPORT_NETBIOS_NS);
2414 	if (bind(name_sock, (struct sockaddr *)&sin, sizeof (sin)) != 0) {
2415 		syslog(LOG_ERR, "nbns: bind(%d) failed: %m",
2416 		    IPPORT_NETBIOS_NS);
2417 		(void) close(name_sock);
2418 		smb_netbios_event(NETBIOS_EVENT_ERROR);
2419 		return (NULL);
2420 	}
2421 
2422 	smb_netbios_event(NETBIOS_EVENT_NS_START);
2423 
2424 	while (smb_netbios_running()) {
2425 		buf = malloc(MAX_DATAGRAM_LENGTH);
2426 		addr = malloc(sizeof (addr_entry_t));
2427 		if ((buf == NULL) || (addr == NULL)) {
2428 			/* Sleep for 10 seconds and try again */
2429 			free(addr);
2430 			free(buf);
2431 			smb_netbios_sleep(10);
2432 			continue;
2433 		}
2434 ignore:		bzero(addr, sizeof (addr_entry_t));
2435 		addr->sinlen = sizeof (addr->sin);
2436 		addr->forw = addr->back = addr;
2437 
2438 		if ((len = recvfrom(name_sock, buf, MAX_DATAGRAM_LENGTH,
2439 		    0, (struct sockaddr *)&addr->sin, &addr->sinlen)) < 0) {
2440 			if (errno == ENOMEM || errno == ENFILE ||
2441 			    errno == EMFILE) {
2442 				/* Sleep for 10 seconds and try again */
2443 				free(buf);
2444 				free(addr);
2445 				smb_netbios_sleep(10);
2446 				continue;
2447 			}
2448 			syslog(LOG_ERR, "nbns: recvfrom failed: %m");
2449 			free(buf);
2450 			free(addr);
2451 			smb_netbios_event(NETBIOS_EVENT_ERROR);
2452 			goto shutdown;
2453 		}
2454 
2455 		/* Ignore any incoming packets from myself... */
2456 
2457 		ipaddr.a_ipv4 = addr->sin.sin_addr.s_addr;
2458 		ipaddr.a_family = AF_INET;
2459 		if (smb_nic_is_local(&ipaddr))
2460 			goto ignore;
2461 
2462 		/*
2463 		 * Launch a netbios worker to process the received packet.
2464 		 */
2465 		worker_param = malloc(sizeof (worker_param_t));
2466 		if (worker_param) {
2467 			pthread_t worker;
2468 			pthread_attr_t tattr;
2469 
2470 			worker_param->addr = addr;
2471 			worker_param->buf = buf;
2472 			worker_param->length = len;
2473 
2474 			(void) pthread_attr_init(&tattr);
2475 			(void) pthread_attr_setdetachstate(&tattr,
2476 			    PTHREAD_CREATE_DETACHED);
2477 			(void) pthread_create(&worker, &tattr,
2478 			    smb_netbios_worker, worker_param);
2479 			(void) pthread_attr_destroy(&tattr);
2480 		}
2481 	}
2482 
2483 shutdown:
2484 	smb_netbios_event(NETBIOS_EVENT_NS_STOP);
2485 	smb_netbios_wait(NETBIOS_EVENT_BROWSER_STOP);
2486 
2487 	if (!smb_netbios_error())
2488 		smb_netbios_name_unconfig();
2489 
2490 	(void) close(name_sock);
2491 	return (NULL);
2492 }
2493