1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * NetBIOS name resolution node types. 28 * 29 * A B-node (broadcast node) uses broadcasts for name registration 30 * and resolution. Routers typically do not forward broadcasts and 31 * only computers on the local subnet will respond. 32 * 33 * A P-node (peer-to-peer node) uses a NetBIOS name server (WINS) 34 * to resolve NetBIOS names, which allows it to work across routers. 35 * In order to function in a P-node environment, all computers must 36 * be configured to use the NetBIOS name server because P-nodes do 37 * not broadcast on the network. 38 * 39 * A mixed node (M-node) behaves as a B-node by default. If it cannot 40 * resolve the name via broadcast then it tries a NetBIOS name server 41 * lookup (P-node). 42 * 43 * A hybrid node (H-node) behaves as a P-node by default. If it cannot 44 * resolve the name using a NetBIOS name server then it resorts to 45 * broadcasts (B-node). 46 * 47 * NetBIOS Name Service Protocols 48 * 49 * A REQUEST packet is always sent to the well known UDP port 137. 50 * The destination address is normally either the IP broadcast address or 51 * the address of the NAME - the address of the NAME server it set up at 52 * initialization time. In rare cases, a request packet will be sent to 53 * an end node, e.g. a NAME QUERY REQUEST sent to "challenge" a node. 54 * 55 * A RESPONSE packet is always sent to the source UDP port and source IP 56 * address of the request packet. 57 * 58 * A DEMAND packet must always be sent to the well known UDP port 137. 59 * There is no restriction on the target IP address. 60 * 61 * A transaction ID is a value composed from the requestor's IP address and 62 * a unique 16 bit value generated by the originator of the transaction. 63 */ 64 65 #include <unistd.h> 66 #include <syslog.h> 67 #include <stdlib.h> 68 #include <synch.h> 69 #include <errno.h> 70 #include <netdb.h> 71 #include <sys/socket.h> 72 #include <sys/sockio.h> 73 #include <arpa/inet.h> 74 #include <net/if_arp.h> 75 76 #include <smbsrv/libsmbns.h> 77 #include <smbns_netbios.h> 78 79 /* 80 * RFC 1002 4.2.1.1. HEADER 81 */ 82 #define QUESTION_TYPE_NETBIOS_GENERAL 0x20 83 #define QUESTION_TYPE_NETBIOS_STATUS 0x21 84 85 #define QUESTION_CLASS_INTERNET 0x0001 86 87 /* 88 * RFC 1002 4.2.1.3. RESOURCE RECORD 89 */ 90 #define RR_TYPE_IP_ADDRESS_RESOURCE 0x0001 91 #define RR_TYPE_NAME_SERVER_RESOURCE 0x0002 92 #define RR_TYPE_NULL_RESOURCE 0x000A 93 #define RR_TYPE_NETBIOS_RESOURCE 0x0020 94 #define RR_TYPE_NETBIOS_STATUS 0x0021 95 96 /* 97 * 98 * RESOURCE RECORD RR_CLASS field definitions 99 */ 100 #define RR_CLASS_INTERNET_CLASS 0x0001 101 102 /* 103 * NB_FLAGS field of the RESOURCE RECORD RDATA field for RR_TYPE of NB. 104 */ 105 #define RR_FLAGS_NB_ONT_MASK 0x6000 106 #define RR_FLAGS_NB_ONT_B_NODE 0x0000 107 #define RR_FLAGS_NB_ONT_P_NODE 0x2000 108 #define RR_FLAGS_NB_ONT_M_NODE 0x4000 109 #define RR_FLAGS_NB_ONT_RESERVED 0x6000 110 #define RR_FLAGS_NB_GROUP_NAME 0x8000 111 112 #define NAME_FLAGS_PERMANENT_NAME 0x0200 113 #define NAME_FLAGS_ACTIVE_NAME 0x0400 114 #define NAME_FLAGS_CONFLICT 0x0800 115 #define NAME_FLAGS_DEREGISTER 0x1000 116 #define NAME_FLAGS_ONT_MASK 0x6000 117 #define NAME_FLAGS_ONT_B_NODE 0x0000 118 #define NAME_FLAGS_ONT_P_NODE 0x2000 119 #define NAME_FLAGS_ONT_M_NODE 0x4000 120 #define NAME_FLAGS_ONT_RESERVED 0x6000 121 #define NAME_FLAGS_GROUP_NAME 0x8000 122 123 #define MAX_NETBIOS_REPLY_DATA_SIZE 500 124 125 #define NAME_HEADER_SIZE 12 126 127 typedef struct nbt_name_reply { 128 struct nbt_name_reply *forw; 129 struct nbt_name_reply *back; 130 struct name_packet *packet; 131 addr_entry_t *addr; 132 uint16_t name_trn_id; 133 boolean_t reply_ready; 134 } nbt_name_reply_t; 135 136 static nbt_name_reply_t reply_queue; 137 static mutex_t rq_mtx; 138 static cond_t rq_cv; 139 140 static mutex_t nbt_name_config_mtx; 141 142 static name_queue_t delete_queue; 143 static name_queue_t refresh_queue; 144 145 static int name_sock = 0; 146 147 static int bcast_num = 0; 148 static int nbns_num = 0; 149 static addr_entry_t smb_bcast_list[SMB_PI_MAX_NETWORKS]; 150 static addr_entry_t smb_nbns[SMB_PI_MAX_WINS]; 151 152 static int smb_netbios_process_response(uint16_t, addr_entry_t *, 153 struct name_packet *, uint32_t); 154 155 static int smb_send_name_service_packet(addr_entry_t *addr, 156 struct name_packet *packet); 157 158 /* 159 * Allocate a transaction id. 160 */ 161 static uint16_t 162 smb_netbios_name_trn_id(void) 163 { 164 static uint16_t trn_id; 165 static mutex_t trn_id_mtx; 166 167 (void) mutex_lock(&trn_id_mtx); 168 169 do { 170 ++trn_id; 171 } while (trn_id == 0 || trn_id == (uint16_t)-1); 172 173 (void) mutex_unlock(&trn_id_mtx); 174 return (trn_id); 175 } 176 177 static int 178 smb_end_node_challenge(nbt_name_reply_t *reply_info) 179 { 180 int rc; 181 uint32_t retry; 182 uint16_t tid; 183 struct resource_record *answer; 184 struct name_question question; 185 addr_entry_t *addr; 186 struct name_entry *destination; 187 struct name_packet packet; 188 struct timespec st; 189 190 /* 191 * The response packet has in it the address of the presumed owner 192 * of the name. Challenge that owner. If owner either does not 193 * respond or indicates that he no longer owns the name, claim the 194 * name. Otherwise, the name cannot be claimed. 195 */ 196 197 if ((answer = reply_info->packet->answer) == 0) 198 return (-1); 199 200 destination = answer->name; 201 question.name = answer->name; 202 203 packet.info = NAME_QUERY_REQUEST | NM_FLAGS_UNICAST; 204 packet.qdcount = 1; /* question entries */ 205 packet.question = &question; 206 packet.ancount = 0; /* answer recs */ 207 packet.answer = NULL; 208 packet.nscount = 0; /* authority recs */ 209 packet.authority = NULL; 210 packet.arcount = 0; /* additional recs */ 211 packet.additional = NULL; 212 213 addr = &destination->addr_list; 214 for (retry = 0; retry < UCAST_REQ_RETRY_COUNT; retry++) { 215 tid = smb_netbios_name_trn_id(); 216 packet.name_trn_id = tid; 217 if (smb_send_name_service_packet(addr, &packet) >= 0) { 218 if ((rc = smb_netbios_process_response(tid, addr, 219 &packet, UCAST_REQ_RETRY_TIMEOUT)) != 0) 220 return (rc); 221 } 222 st.tv_sec = 0; 223 st.tv_nsec = (UCAST_REQ_RETRY_TIMEOUT * 1000000); 224 (void) nanosleep(&st, 0); 225 } 226 /* No reply */ 227 return (0); 228 } 229 230 static nbt_name_reply_t * 231 smb_name_get_reply(uint16_t tid, uint32_t timeout) 232 { 233 uint16_t info; 234 struct resource_record *answer; 235 nbt_name_reply_t *reply; 236 uint32_t wait_time, to_save; /* in millisecond */ 237 struct timeval wt; 238 timestruc_t to; 239 240 to_save = timeout; 241 reply = malloc(sizeof (nbt_name_reply_t)); 242 if (reply != NULL) { 243 reply->reply_ready = B_FALSE; 244 reply->name_trn_id = tid; 245 (void) mutex_lock(&rq_mtx); 246 QUEUE_INSERT_TAIL(&reply_queue, reply); 247 (void) mutex_unlock(&rq_mtx); 248 249 for (;;) { 250 (void) gettimeofday(&wt, 0); 251 wait_time = wt.tv_usec / 1000; 252 253 to.tv_sec = 0; 254 to.tv_nsec = timeout * 1000000; 255 (void) mutex_lock(&rq_mtx); 256 (void) cond_reltimedwait(&rq_cv, &rq_mtx, &to); 257 (void) mutex_unlock(&rq_mtx); 258 259 if (reply->reply_ready) { 260 info = reply->packet->info; 261 if (PACKET_TYPE(info) == WACK_RESPONSE) { 262 answer = reply->packet->answer; 263 wait_time = (answer) ? 264 TO_MILLISECONDS(answer->ttl) : 265 DEFAULT_TTL; 266 free(reply->addr); 267 free(reply->packet); 268 timeout = to_save + wait_time; 269 reply->reply_ready = B_FALSE; 270 reply->name_trn_id = tid; 271 (void) mutex_lock(&rq_mtx); 272 QUEUE_INSERT_TAIL(&reply_queue, reply); 273 (void) mutex_unlock(&rq_mtx); 274 continue; 275 } 276 return (reply); 277 } 278 (void) gettimeofday(&wt, 0); 279 wait_time = (wt.tv_usec / 1000) - wait_time; 280 if (wait_time >= timeout) { 281 (void) mutex_lock(&rq_mtx); 282 QUEUE_CLIP(reply); 283 (void) mutex_unlock(&rq_mtx); 284 free(reply); 285 break; 286 } 287 timeout -= wait_time; 288 } 289 } 290 291 return (0); 292 } 293 294 static void 295 smb_reply_ready(struct name_packet *packet, addr_entry_t *addr) 296 { 297 nbt_name_reply_t *reply; 298 struct resource_record *answer; 299 300 (void) mutex_lock(&rq_mtx); 301 for (reply = reply_queue.forw; reply != &reply_queue; 302 reply = reply->forw) { 303 if (reply->name_trn_id == packet->name_trn_id) { 304 QUEUE_CLIP(reply); 305 306 reply->addr = addr; 307 reply->packet = packet; 308 reply->reply_ready = B_TRUE; 309 (void) cond_signal(&rq_cv); 310 (void) mutex_unlock(&rq_mtx); 311 return; 312 } 313 } 314 (void) mutex_unlock(&rq_mtx); 315 316 /* Presumably nobody is waiting any more... */ 317 free(addr); 318 319 answer = packet->answer; 320 if (answer) 321 smb_netbios_name_freeaddrs(answer->name); 322 free(packet); 323 } 324 325 static int 326 smb_netbios_process_response(uint16_t tid, addr_entry_t *addr, 327 struct name_packet *packet, uint32_t timeout) 328 { 329 int rc = 0; 330 uint16_t info; 331 nbt_name_reply_t *reply; 332 struct resource_record *answer; 333 struct name_entry *name; 334 struct name_entry *entry; 335 struct name_question *question; 336 uint32_t ttl; 337 338 if ((reply = smb_name_get_reply(tid, timeout)) == 0) { 339 return (0); /* No reply: retry */ 340 } 341 info = reply->packet->info; 342 answer = reply->packet->answer; 343 344 /* response */ 345 switch (PACKET_TYPE(info)) { 346 case NAME_QUERY_RESPONSE: 347 if (POSITIVE_RESPONSE(info)) { 348 addr = &answer->name->addr_list; 349 do { 350 /* 351 * Make sure that remote name is not 352 * flagged local 353 */ 354 addr->attributes &= ~NAME_ATTR_LOCAL; 355 356 if (answer->ttl) 357 addr->ttl = answer->ttl; 358 else 359 addr->ttl = DEFAULT_TTL; 360 addr->refresh_ttl = TO_SECONDS(addr->ttl); 361 addr->ttl = addr->refresh_ttl; 362 363 addr = addr->forw; 364 } while (addr != &answer->name->addr_list); 365 smb_netbios_name_logf(answer->name); 366 (void) smb_netbios_cache_insert_list(answer->name); 367 rc = 1; 368 } else { 369 rc = -1; 370 } 371 break; 372 373 case NAME_REGISTRATION_RESPONSE: 374 if (NEGATIVE_RESPONSE(info)) { 375 if (RCODE(info) == RCODE_CFT_ERR) { 376 if (answer == 0) { 377 rc = -RCODE(info); 378 break; 379 } 380 381 name = answer->name; 382 entry = smb_netbios_cache_lookup(name); 383 if (entry) { 384 /* 385 * a name in the state "conflict 386 * detected" does not "logically" exist 387 * on that node. No further session 388 * will be accepted on that name. 389 * No datagrams can be sent against 390 * that name. 391 * Such an entry will not be used for 392 * purposes of processing incoming 393 * request packets. 394 * The only valid user NetBIOS operation 395 * against such a name is DELETE NAME. 396 */ 397 entry->attributes |= NAME_ATTR_CONFLICT; 398 syslog(LOG_DEBUG, 399 "nbns: name conflict: %15.15s", 400 entry->name); 401 smb_netbios_cache_unlock_entry(entry); 402 } 403 } 404 rc = -RCODE(info); 405 break; 406 } 407 408 /* 409 * name can be added: 410 * adjust refresh timeout value, 411 * TTL, for this name 412 */ 413 question = packet->question; 414 ttl = (answer && answer->ttl) ? answer->ttl : DEFAULT_TTL; 415 ttl = TO_SECONDS(ttl); 416 if ((entry = smb_netbios_cache_lookup(question->name)) != 0) { 417 addr = &entry->addr_list; 418 do { 419 if ((addr->refresh_ttl == 0) || 420 (ttl < addr->refresh_ttl)) 421 addr->refresh_ttl = addr->ttl = ttl; 422 addr = addr->forw; 423 } while (addr != &entry->addr_list); 424 smb_netbios_cache_unlock_entry(entry); 425 } 426 427 rc = 1; 428 break; 429 430 case NAME_RELEASE_RESPONSE: 431 rc = 1; 432 break; 433 434 case END_NODE_CHALLENGE_REGISTRATION_REQUEST: 435 /* 436 * The response packet has in it the 437 * address of the presumed owner of the 438 * name. Challenge that owner. If 439 * owner either does not respond or 440 * indicates that he no longer owns the 441 * name, claim the name. Otherwise, 442 * the name cannot be claimed. 443 */ 444 rc = smb_end_node_challenge(reply); 445 break; 446 447 default: 448 rc = 0; 449 break; 450 } 451 452 if (answer) 453 smb_netbios_name_freeaddrs(answer->name); 454 free(reply->addr); 455 free(reply->packet); 456 free(reply); 457 return (rc); /* retry */ 458 } 459 460 /* 461 * smb_name_buf_from_packet 462 * 463 * Description: 464 * Convert a NetBIOS Name Server Packet Block (npb) 465 * into the bits and bytes destined for the wire. 466 * The "buf" is used as a heap. 467 * 468 * Inputs: 469 * char * buf -> Buffer, from the wire 470 * unsigned n_buf -> Length of 'buf' 471 * name_packet *npb -> Packet block, decode into 472 * unsigned n_npb -> Max bytes in 'npb' 473 * 474 * Returns: 475 * >0 -> Encode successful, value is length of packet in "buf" 476 * -1 -> Hard error, can not possibly encode 477 * -2 -> Need more memory in buf -- it's too small 478 */ 479 static int 480 smb_name_buf_from_packet(unsigned char *buf, int n_buf, 481 struct name_packet *npb) 482 { 483 addr_entry_t *raddr; 484 unsigned char *heap = buf; 485 unsigned char *end_heap = heap + n_buf; 486 unsigned char *dnptrs[32]; 487 unsigned char comp_name_buf[MAX_NAME_LENGTH]; 488 unsigned int tmp; 489 int i, step; 490 491 if (n_buf < NAME_HEADER_SIZE) 492 return (-1); /* no header, impossible */ 493 494 dnptrs[0] = heap; 495 dnptrs[1] = 0; 496 497 BE_OUT16(heap, npb->name_trn_id); 498 heap += 2; 499 500 BE_OUT16(heap, npb->info); 501 heap += 2; 502 503 BE_OUT16(heap, npb->qdcount); 504 heap += 2; 505 506 BE_OUT16(heap, npb->ancount); 507 heap += 2; 508 509 BE_OUT16(heap, npb->nscount); 510 heap += 2; 511 512 BE_OUT16(heap, npb->arcount); 513 heap += 2; 514 515 for (i = 0; i < npb->qdcount; i++) { 516 if ((heap + 34 + 4) > end_heap) 517 return (-2); 518 519 (void) smb_first_level_name_encode(npb->question[i].name, 520 comp_name_buf, sizeof (comp_name_buf)); 521 (void) strcpy((char *)heap, (char *)comp_name_buf); 522 heap += strlen((char *)comp_name_buf) + 1; 523 524 BE_OUT16(heap, npb->question[i].question_type); 525 heap += 2; 526 527 BE_OUT16(heap, npb->question[i].question_class); 528 heap += 2; 529 } 530 531 for (step = 1; step <= 3; step++) { 532 struct resource_record *nrr; 533 int n; 534 535 /* truly ugly, but saves code copying */ 536 if (step == 1) { 537 n = npb->ancount; 538 nrr = npb->answer; 539 } else if (step == 2) { 540 n = npb->nscount; 541 nrr = npb->authority; 542 } else { /* step == 3 */ 543 n = npb->arcount; 544 nrr = npb->additional; 545 } 546 547 for (i = 0; i < n; i++) { 548 if ((heap + 34 + 10) > end_heap) 549 return (-2); 550 551 (void) smb_first_level_name_encode(nrr->name, 552 comp_name_buf, sizeof (comp_name_buf)); 553 (void) strcpy((char *)heap, (char *)comp_name_buf); 554 heap += strlen((char *)comp_name_buf) + 1; 555 556 BE_OUT16(heap, nrr[i].rr_type); 557 heap += 2; 558 559 BE_OUT16(heap, nrr[i].rr_class); 560 heap += 2; 561 562 BE_OUT32(heap, nrr[i].ttl); 563 heap += 4; 564 565 BE_OUT16(heap, nrr[i].rdlength); 566 heap += 2; 567 568 if ((tmp = nrr[i].rdlength) > 0) { 569 if ((heap + tmp) > end_heap) 570 return (-2); 571 572 if (nrr[i].rr_type == NAME_RR_TYPE_NB && 573 nrr[i].rr_class == NAME_RR_CLASS_IN && 574 tmp >= 6 && nrr[i].rdata == 0) { 575 tmp = nrr[i].name->attributes & 576 (NAME_ATTR_GROUP | 577 NAME_ATTR_OWNER_NODE_TYPE); 578 BE_OUT16(heap, tmp); 579 heap += 2; 580 581 raddr = &nrr[i].name->addr_list; 582 (void) memcpy(heap, 583 &raddr->sin.sin_addr.s_addr, 584 sizeof (uint32_t)); 585 heap += 4; 586 } else { 587 bcopy(nrr[i].rdata, heap, tmp); 588 heap += tmp; 589 } 590 } 591 } 592 } 593 return (heap - buf); 594 } 595 596 /* 597 * strnchr 598 * 599 * Lookup for character 'c' in first 'n' chars of string 's'. 600 * Returns pointer to the found char, otherwise returns 0. 601 */ 602 static char * 603 strnchr(const char *s, char c, int n) 604 { 605 char *ps = (char *)s; 606 char *es = (char *)s + n; 607 608 while (ps < es && *ps) { 609 if (*ps == c) 610 return (ps); 611 612 ++ps; 613 } 614 615 if (*ps == '\0' && c == '\0') 616 return (ps); 617 618 return (0); 619 } 620 621 static boolean_t 622 is_multihome(char *name) 623 { 624 return (smb_nic_getnum(name) > 1); 625 } 626 627 /* 628 * smb_netbios_getname 629 * 630 * Get the Netbios name part of the given record. 631 * Does some boundary checks. 632 * 633 * Returns the name length on success, otherwise 634 * returns 0. 635 */ 636 static int 637 smb_netbios_getname(char *name, char *buf, char *buf_end) 638 { 639 char *name_end; 640 int name_len; 641 642 if (buf >= buf_end) { 643 /* no room for a NB name */ 644 return (0); 645 } 646 647 name_end = strnchr(buf, '\0', buf_end - buf + 1); 648 if (name_end == 0) { 649 /* not a valid NB name */ 650 return (0); 651 } 652 653 name_len = name_end - buf + 1; 654 655 (void) strlcpy(name, buf, name_len); 656 return (name_len); 657 } 658 659 /* 660 * smb_name_buf_to_packet 661 * 662 * Convert the bits and bytes that came from the wire into a NetBIOS 663 * Name Server Packet Block (npb). The "block" is used as a heap. 664 * 665 * Returns a pointer to a name packet on success. Otherwise, returns 666 * a NULL pointer. 667 */ 668 static struct name_packet * 669 smb_name_buf_to_packet(char *buf, int n_buf) 670 { 671 struct name_packet *npb; 672 unsigned char *heap; 673 unsigned char *scan = (unsigned char *)buf; 674 unsigned char *scan_end = scan + n_buf; 675 char name_buf[MAX_NAME_LENGTH]; 676 struct resource_record *nrr = 0; 677 int rc, i, n, nn, ns; 678 uint16_t name_trn_id, info; 679 uint16_t qdcount, ancount, nscount, arcount; 680 addr_entry_t *next; 681 int name_len; 682 683 if (n_buf < NAME_HEADER_SIZE) { 684 /* truncated header */ 685 syslog(LOG_DEBUG, "nbns: short packet (%d bytes)", n_buf); 686 return (NULL); 687 } 688 689 name_trn_id = BE_IN16(scan); scan += 2; 690 info = BE_IN16(scan); scan += 2; 691 qdcount = BE_IN16(scan); scan += 2; 692 ancount = BE_IN16(scan); scan += 2; 693 nscount = BE_IN16(scan); scan += 2; 694 arcount = BE_IN16(scan); scan += 2; 695 696 ns = sizeof (struct name_entry); 697 n = n_buf + sizeof (struct name_packet) + 698 ((unsigned)qdcount * (sizeof (struct name_question) + ns)) + 699 ((unsigned)ancount * (sizeof (struct resource_record) + ns)) + 700 ((unsigned)nscount * (sizeof (struct resource_record) + ns)) + 701 ((unsigned)arcount * (sizeof (struct resource_record) + ns)); 702 703 if ((npb = malloc(n)) == NULL) 704 return (NULL); 705 706 bzero(npb, n); 707 heap = npb->block_data; 708 npb->name_trn_id = name_trn_id; 709 npb->info = info; 710 npb->qdcount = qdcount; 711 npb->ancount = ancount; 712 npb->nscount = nscount; 713 npb->arcount = arcount; 714 715 /* scan is in position for question entries */ 716 717 /* 718 * Measure the space needed for the tables 719 */ 720 if (qdcount > 0) { 721 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 722 npb->question = (struct name_question *)heap; 723 heap += qdcount * sizeof (struct name_question); 724 for (i = 0; i < qdcount; i++) { 725 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 726 npb->question[i].name = (struct name_entry *)heap; 727 heap += sizeof (struct name_entry); 728 } 729 } 730 731 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 732 nrr = (struct resource_record *)heap; 733 734 if (ancount > 0) { 735 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 736 npb->answer = (struct resource_record *)heap; 737 heap += ancount * sizeof (struct resource_record); 738 } 739 740 if (nscount > 0) { 741 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 742 npb->authority = (struct resource_record *)heap; 743 heap += nscount * sizeof (struct resource_record); 744 } 745 746 if (arcount > 0) { 747 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 748 npb->additional = (struct resource_record *)heap; 749 heap += arcount * sizeof (struct resource_record); 750 } 751 752 /* 753 * Populate each resource_record's .name field. 754 * Done as a second pass so that all resource records 755 * (answer, authority, additional) are consecutive via nrr[i]. 756 */ 757 for (i = 0; i < (ancount + nscount + arcount); i++) { 758 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 759 nrr[i].name = (struct name_entry *)heap; 760 heap += sizeof (struct name_entry); 761 } 762 763 764 for (i = 0; i < npb->qdcount; i++) { 765 name_len = smb_netbios_getname(name_buf, (char *)scan, 766 (char *)scan_end); 767 if (name_len <= 0) { 768 free(npb); 769 return (NULL); 770 } 771 772 smb_init_name_struct(NETBIOS_EMPTY_NAME, 0, 0, 0, 0, 0, 0, 773 npb->question[i].name); 774 rc = smb_first_level_name_decode((unsigned char *)name_buf, 775 npb->question[i].name); 776 if (rc < 0) { 777 /* Couldn't decode the question name */ 778 free(npb); 779 return (NULL); 780 } 781 782 scan += name_len; 783 if (scan + 4 > scan_end) { 784 /* no room for Question Type(2) and Class(2) fields */ 785 free(npb); 786 return (NULL); 787 } 788 789 npb->question[i].question_type = BE_IN16(scan); scan += 2; 790 npb->question[i].question_class = BE_IN16(scan); scan += 2; 791 } 792 793 /* 794 * Cheat. Remaining sections are of the same resource_record 795 * format. Table space is consecutive. 796 */ 797 798 for (i = 0; i < (ancount + nscount + arcount); i++) { 799 if (scan[0] == 0xc0) { 800 /* Namebuf is reused... */ 801 rc = 2; 802 } else { 803 name_len = smb_netbios_getname(name_buf, (char *)scan, 804 (char *)scan_end); 805 if (name_len <= 0) { 806 free(npb); 807 return (NULL); 808 } 809 rc = name_len; 810 } 811 scan += rc; 812 813 if (scan + 10 > scan_end) { 814 /* 815 * no room for RR_TYPE (2), RR_CLASS (2), TTL (4) and 816 * RDLENGTH (2) fields. 817 */ 818 free(npb); 819 return (NULL); 820 } 821 822 smb_init_name_struct(NETBIOS_EMPTY_NAME, 0, 0, 0, 0, 0, 0, 823 nrr[i].name); 824 if ((rc = smb_first_level_name_decode((unsigned char *)name_buf, 825 nrr[i].name)) < 0) { 826 free(npb); 827 return (NULL); 828 } 829 830 nrr[i].rr_type = BE_IN16(scan); scan += 2; 831 nrr[i].rr_class = BE_IN16(scan); scan += 2; 832 nrr[i].ttl = BE_IN32(scan); scan += 4; 833 nrr[i].rdlength = BE_IN16(scan); scan += 2; 834 835 if ((n = nrr[i].rdlength) > 0) { 836 if ((scan + n) > scan_end) { 837 /* no room for RDATA */ 838 free(npb); 839 return (NULL); 840 } 841 bcopy(scan, heap, n); 842 843 nn = n; 844 if (nrr[i].rr_type == 0x0020 && 845 nrr[i].rr_class == 0x01 && n >= 6) { 846 while (nn) { 847 if (nn == 6) 848 next = &nrr[i].name->addr_list; 849 else { 850 next = malloc( 851 sizeof (addr_entry_t)); 852 if (next == 0) { 853 /* not enough memory */ 854 free(npb); 855 return (NULL); 856 } 857 QUEUE_INSERT_TAIL( 858 &nrr[i].name->addr_list, 859 next); 860 } 861 nrr[i].name->attributes = 862 BE_IN16(scan); 863 next->sin.sin_family = AF_INET; 864 next->sinlen = sizeof (next->sin); 865 (void) memcpy( 866 &next->sin.sin_addr.s_addr, 867 scan + 2, sizeof (uint32_t)); 868 next->sin.sin_port = 869 htons(IPPORT_NETBIOS_DGM); 870 nn -= 6; 871 scan += 6; 872 } 873 } else { 874 nrr[i].rdata = heap; 875 scan += n; 876 } 877 heap += n; 878 } 879 } 880 return (npb); 881 } 882 883 /* 884 * smb_send_name_service_packet 885 * 886 * Description: 887 * 888 * Send out a name service packet to proper destination. 889 * 890 * Inputs: 891 * struct netbios_name *dest -> NETBIOS name of destination 892 * struct name_packet *packet -> Packet to send 893 * 894 * Returns: 895 * success -> >0 896 * failure -> <=0 897 */ 898 static int 899 smb_send_name_service_packet(addr_entry_t *addr, struct name_packet *packet) 900 { 901 unsigned char buf[MAX_DATAGRAM_LENGTH]; 902 int len; 903 904 if ((len = smb_name_buf_from_packet(buf, sizeof (buf), packet)) < 0) { 905 errno = EINVAL; 906 return (-1); 907 } 908 909 return (sendto(name_sock, buf, len, MSG_EOR, 910 (struct sockaddr *)&addr->sin, addr->sinlen)); 911 } 912 913 /* 914 * smb_netbios_send_rcv 915 * 916 * This function sends the given NetBIOS packet to the given 917 * address and get back the response. If send operation is not 918 * successful, it's repeated 'retries' times. 919 * 920 * Returns: 921 * 0 Unsuccessful send operation; no reply 922 * 1 Got reply 923 */ 924 static int 925 smb_netbios_send_rcv(int bcast, addr_entry_t *destination, 926 struct name_packet *packet, uint32_t retries, uint32_t timeout) 927 { 928 uint32_t retry; 929 uint16_t tid; 930 struct timespec st; 931 int rc; 932 933 for (retry = 0; retry < retries; retry++) { 934 if ((destination->flags & ADDR_FLAG_VALID) == 0) 935 return (0); 936 937 tid = smb_netbios_name_trn_id(); 938 packet->name_trn_id = tid; 939 if (smb_send_name_service_packet(destination, packet) >= 0) { 940 rc = smb_netbios_process_response(tid, destination, 941 packet, timeout); 942 943 if ((rc > 0) || (bcast == BROADCAST)) 944 return (1); 945 946 if (rc != 0) 947 return (0); 948 } 949 950 st.tv_sec = 0; 951 st.tv_nsec = (timeout * 1000000); 952 (void) nanosleep(&st, 0); 953 } 954 955 return (0); 956 } 957 958 /* 959 * RFC 1002 4.2.2. NAME REGISTRATION REQUEST 960 */ 961 static int 962 smb_send_name_registration_request(int bcast, struct name_question *question, 963 struct resource_record *additional) 964 { 965 int gotreply = 0; 966 uint32_t retries; 967 uint32_t timeout; 968 addr_entry_t *destination; 969 struct name_packet packet; 970 unsigned char type; 971 int i, addr_num, rc; 972 973 type = question->name->name[15]; 974 if ((type != NBT_WKSTA) && (type != NBT_SERVER)) { 975 syslog(LOG_DEBUG, "nbns: name registration bad type (0x%02x)", 976 type); 977 smb_netbios_name_logf(question->name); 978 question->name->attributes &= ~NAME_ATTR_LOCAL; 979 return (-1); 980 } 981 982 if (bcast == BROADCAST) { 983 if (bcast_num == 0) 984 return (0); 985 destination = smb_bcast_list; 986 addr_num = bcast_num; 987 retries = BCAST_REQ_RETRY_COUNT; 988 timeout = BCAST_REQ_RETRY_TIMEOUT; 989 packet.info = NAME_REGISTRATION_REQUEST | NM_FLAGS_BROADCAST; 990 } else { 991 if (nbns_num == 0) 992 return (0); 993 destination = smb_nbns; 994 addr_num = nbns_num; 995 retries = UCAST_REQ_RETRY_COUNT; 996 timeout = UCAST_REQ_RETRY_TIMEOUT; 997 packet.info = NAME_REGISTRATION_REQUEST | NM_FLAGS_UNICAST; 998 } 999 1000 packet.qdcount = 1; /* question entries */ 1001 packet.question = question; 1002 packet.ancount = 0; /* answer recs */ 1003 packet.answer = NULL; 1004 packet.nscount = 0; /* authority recs */ 1005 packet.authority = NULL; 1006 packet.arcount = 1; /* additional recs */ 1007 packet.additional = additional; 1008 1009 if (IS_UNIQUE(question->name->attributes) && 1010 (is_multihome((char *)(question->name->name)))) 1011 packet.info |= NAME_MULTIHOME_REGISTRATION_REQUEST; 1012 1013 for (i = 0; i < addr_num; i++) { 1014 /* 1015 * Only register with the Primary WINS server, 1016 * unless we got no reply. 1017 */ 1018 if ((bcast == UNICAST) && gotreply) 1019 break; 1020 1021 rc = smb_netbios_send_rcv(bcast, &destination[i], &packet, 1022 retries, timeout); 1023 if (rc == 1) 1024 gotreply = 1; 1025 } 1026 1027 return (gotreply); 1028 } 1029 1030 /* 1031 * RFC 1002 4.2.4. NAME REFRESH REQUEST 1032 */ 1033 /*ARGSUSED*/ 1034 static int 1035 smb_send_name_refresh_request(int bcast, struct name_question *question, 1036 struct resource_record *additional, int force) 1037 { 1038 int rc = 0; 1039 int gotreply = 0; 1040 uint32_t retries; 1041 uint32_t timeout; 1042 addr_entry_t *addr; 1043 addr_entry_t *destination; 1044 struct name_packet packet; 1045 unsigned char type; 1046 int i, addr_num, q_addrs = 0; 1047 1048 type = question->name->name[15]; 1049 if ((type != NBT_WKSTA) && (type != NBT_SERVER)) { 1050 syslog(LOG_DEBUG, "nbns: name refresh bad type (0x%02x)", type); 1051 smb_netbios_name_logf(question->name); 1052 question->name->attributes &= ~NAME_ATTR_LOCAL; 1053 return (-1); 1054 } 1055 switch (bcast) { 1056 case BROADCAST : 1057 if (bcast_num == 0) 1058 return (-1); 1059 destination = smb_bcast_list; 1060 addr_num = bcast_num; 1061 retries = BCAST_REQ_RETRY_COUNT; 1062 timeout = BCAST_REQ_RETRY_TIMEOUT; 1063 packet.info = NAME_REFRESH_REQUEST | NM_FLAGS_BROADCAST; 1064 break; 1065 1066 case UNICAST : 1067 if (nbns_num == 0) 1068 return (-1); 1069 destination = smb_nbns; 1070 addr_num = nbns_num; 1071 retries = UCAST_REQ_RETRY_COUNT; 1072 timeout = UCAST_REQ_RETRY_TIMEOUT; 1073 packet.info = NAME_REFRESH_REQUEST | NM_FLAGS_UNICAST; 1074 break; 1075 1076 default: 1077 destination = &question->name->addr_list; 1078 /* 1079 * the value of addr_num is irrelvant here, because 1080 * the code is going to do special_process so it doesn't 1081 * need the addr_num. We set a value here just to avoid 1082 * compiler warning. 1083 */ 1084 addr_num = 0; 1085 retries = UCAST_REQ_RETRY_COUNT; 1086 timeout = UCAST_REQ_RETRY_TIMEOUT; 1087 packet.info = NAME_REFRESH_REQUEST | NM_FLAGS_UNICAST; 1088 q_addrs = 1; 1089 break; 1090 } 1091 1092 if (IS_UNIQUE(question->name->attributes) && 1093 (is_multihome((char *)(question->name->name)))) 1094 packet.info |= NAME_MULTIHOME_REGISTRATION_REQUEST; 1095 1096 packet.qdcount = 1; /* question entries */ 1097 packet.question = question; 1098 packet.ancount = 0; /* answer recs */ 1099 packet.answer = NULL; 1100 packet.nscount = 0; /* authority recs */ 1101 packet.authority = NULL; 1102 packet.arcount = 1; /* additional recs */ 1103 packet.additional = additional; 1104 1105 if (q_addrs) 1106 goto special_process; 1107 1108 for (i = 0; i < addr_num; i++) { 1109 rc = smb_netbios_send_rcv(bcast, &destination[i], &packet, 1110 retries, timeout); 1111 if (rc == 1) 1112 gotreply = 1; 1113 } 1114 1115 return (gotreply); 1116 1117 special_process: 1118 addr = destination; 1119 do { 1120 rc = smb_netbios_send_rcv(bcast, addr, &packet, 1121 retries, timeout); 1122 if (rc == 1) 1123 gotreply = 1; 1124 addr = addr->forw; 1125 } while (addr != destination); 1126 1127 return (gotreply); 1128 } 1129 1130 /* 1131 * RFC 1002 4.2.5. POSITIVE NAME REGISTRATION RESPONSE 1132 * RFC 1002 4.2.6. NEGATIVE NAME REGISTRATION RESPONSE 1133 */ 1134 static int 1135 smb_send_name_registration_response(addr_entry_t *addr, 1136 struct name_packet *original_packet, uint16_t rcode) 1137 { 1138 struct name_packet packet; 1139 struct resource_record answer; 1140 1141 bzero(&packet, sizeof (struct name_packet)); 1142 bzero(&answer, sizeof (struct resource_record)); 1143 1144 packet.name_trn_id = original_packet->name_trn_id; 1145 packet.info = NAME_REGISTRATION_RESPONSE | NAME_NM_FLAGS_RA | 1146 (rcode & NAME_RCODE_MASK); 1147 packet.qdcount = 0; /* question entries */ 1148 packet.question = NULL; 1149 packet.ancount = 1; /* answer recs */ 1150 packet.answer = &answer; 1151 packet.nscount = 0; /* authority recs */ 1152 packet.authority = NULL; 1153 packet.arcount = 0; /* additional recs */ 1154 packet.additional = NULL; 1155 1156 answer.name = original_packet->question->name; 1157 answer.rr_type = NAME_QUESTION_TYPE_NB; 1158 answer.rr_class = NAME_QUESTION_CLASS_IN; 1159 answer.ttl = original_packet->additional->ttl; 1160 answer.rdlength = original_packet->additional->rdlength; 1161 answer.rdata = original_packet->additional->rdata; 1162 1163 return (smb_send_name_service_packet(addr, &packet)); 1164 } 1165 1166 /* 1167 * RFC 1002 4.2.9. NAME RELEASE REQUEST & DEMAND 1168 */ 1169 static int 1170 smb_send_name_release_request_and_demand(int bcast, 1171 struct name_question *question, struct resource_record *additional) 1172 { 1173 int gotreply = 0; 1174 int i, rc; 1175 int addr_num; 1176 uint32_t retries; 1177 uint32_t timeout; 1178 addr_entry_t *destination; 1179 struct name_packet packet; 1180 1181 if (bcast == BROADCAST) { 1182 if (bcast_num == 0) 1183 return (-1); 1184 destination = smb_bcast_list; 1185 addr_num = bcast_num; 1186 retries = 1; /* BCAST_REQ_RETRY_COUNT */ 1187 timeout = 100; /* BCAST_REQ_RETRY_TIMEOUT */ 1188 packet.info = NAME_RELEASE_REQUEST | NM_FLAGS_BROADCAST; 1189 } else { 1190 if (nbns_num == 0) 1191 return (-1); 1192 destination = smb_nbns; 1193 addr_num = nbns_num; 1194 retries = 1; /* UCAST_REQ_RETRY_COUNT */ 1195 timeout = 100; /* UCAST_REQ_RETRY_TIMEOUT */ 1196 packet.info = NAME_RELEASE_REQUEST | NM_FLAGS_UNICAST; 1197 } 1198 1199 packet.qdcount = 1; /* question entries */ 1200 packet.question = question; 1201 packet.ancount = 0; /* answer recs */ 1202 packet.answer = NULL; 1203 packet.nscount = 0; /* authority recs */ 1204 packet.authority = NULL; 1205 packet.arcount = 1; /* additional recs */ 1206 packet.additional = additional; 1207 1208 for (i = 0; i < addr_num; i++) { 1209 rc = smb_netbios_send_rcv(bcast, &destination[i], &packet, 1210 retries, timeout); 1211 if (rc == 1) 1212 gotreply = 1; 1213 } 1214 1215 return (gotreply); 1216 } 1217 1218 /* 1219 * RFC 1002 4.2.10. POSITIVE NAME RELEASE RESPONSE 1220 * RFC 1002 4.2.11. NEGATIVE NAME RELEASE RESPONSE 1221 */ 1222 static int 1223 /* LINTED - E_STATIC_UNUSED */ 1224 smb_send_name_release_response(addr_entry_t *addr, 1225 struct name_packet *original_packet, uint16_t rcode) 1226 { 1227 struct name_packet packet; 1228 struct resource_record answer; 1229 1230 bzero(&packet, sizeof (struct name_packet)); 1231 bzero(&answer, sizeof (struct resource_record)); 1232 1233 packet.name_trn_id = original_packet->name_trn_id; 1234 packet.info = NAME_RELEASE_RESPONSE | (rcode & NAME_RCODE_MASK); 1235 packet.qdcount = 0; /* question entries */ 1236 packet.question = NULL; 1237 packet.ancount = 1; /* answer recs */ 1238 packet.answer = &answer; 1239 packet.nscount = 0; /* authority recs */ 1240 packet.authority = NULL; 1241 packet.arcount = 0; /* additional recs */ 1242 packet.additional = NULL; 1243 1244 answer.name = original_packet->question->name; 1245 answer.rr_type = NAME_QUESTION_TYPE_NB; 1246 answer.rr_class = NAME_QUESTION_CLASS_IN; 1247 answer.ttl = original_packet->additional->ttl; 1248 answer.rdlength = original_packet->additional->rdlength; 1249 answer.rdata = original_packet->additional->rdata; 1250 1251 return (smb_send_name_service_packet(addr, &packet)); 1252 } 1253 1254 /* 1255 * RFC 1002 4.2.12. NAME QUERY REQUEST 1256 */ 1257 static int 1258 smb_send_name_query_request(int bcast, struct name_question *question) 1259 { 1260 int rc = 0; 1261 uint32_t retry, retries; 1262 uint32_t timeout; 1263 uint16_t tid; 1264 addr_entry_t *destination; 1265 struct name_packet packet; 1266 int i, addr_num; 1267 struct timespec st; 1268 1269 if (bcast == BROADCAST) { 1270 if (bcast_num == 0) 1271 return (-1); 1272 destination = smb_bcast_list; 1273 addr_num = bcast_num; 1274 retries = BCAST_REQ_RETRY_COUNT; 1275 timeout = BCAST_REQ_RETRY_TIMEOUT; 1276 packet.info = NAME_QUERY_REQUEST | NM_FLAGS_BROADCAST; 1277 } else { 1278 if (nbns_num == 0) 1279 return (-1); 1280 destination = smb_nbns; 1281 addr_num = nbns_num; 1282 retries = UCAST_REQ_RETRY_COUNT; 1283 timeout = UCAST_REQ_RETRY_TIMEOUT; 1284 packet.info = NAME_QUERY_REQUEST | NM_FLAGS_UNICAST; 1285 } 1286 packet.qdcount = 1; /* question entries */ 1287 packet.question = question; 1288 packet.ancount = 0; /* answer recs */ 1289 packet.answer = NULL; 1290 packet.nscount = 0; /* authority recs */ 1291 packet.authority = NULL; 1292 packet.arcount = 0; /* additional recs */ 1293 packet.additional = NULL; 1294 1295 for (i = 0; i < addr_num; i++) { 1296 for (retry = 0; retry < retries; retry++) { 1297 if ((destination[i].flags & ADDR_FLAG_VALID) == 0) 1298 break; 1299 tid = smb_netbios_name_trn_id(); 1300 packet.name_trn_id = tid; 1301 1302 if (smb_send_name_service_packet(&destination[i], 1303 &packet) >= 0) { 1304 if ((rc = smb_netbios_process_response(tid, 1305 &destination[i], 1306 &packet, timeout)) != 0) 1307 break; 1308 } 1309 st.tv_sec = 0; 1310 st.tv_nsec = (timeout * 1000000); 1311 (void) nanosleep(&st, 0); 1312 } 1313 } 1314 1315 return (rc); 1316 } 1317 1318 /* 1319 * RFC 1002 4.2.13. POSITIVE NAME QUERY RESPONSE 1320 * RFC 1002 4.2.14. NEGATIVE NAME QUERY RESPONSE 1321 */ 1322 static int 1323 smb_send_name_query_response(addr_entry_t *addr, 1324 struct name_packet *original_packet, struct name_entry *entry, 1325 uint16_t rcode) 1326 { 1327 addr_entry_t *raddr; 1328 struct name_packet packet; 1329 struct resource_record answer; 1330 uint16_t attr; 1331 unsigned char data[MAX_DATAGRAM_LENGTH]; 1332 unsigned char *scan = data; 1333 uint32_t ret_addr; 1334 1335 packet.name_trn_id = original_packet->name_trn_id; 1336 packet.info = NAME_QUERY_RESPONSE | (rcode & NAME_RCODE_MASK); 1337 packet.qdcount = 0; /* question entries */ 1338 packet.question = NULL; 1339 packet.ancount = 1; /* answer recs */ 1340 packet.answer = &answer; 1341 packet.nscount = 0; /* authority recs */ 1342 packet.authority = NULL; 1343 packet.arcount = 0; /* additional recs */ 1344 packet.additional = NULL; 1345 1346 answer.name = entry; 1347 answer.rr_class = NAME_QUESTION_CLASS_IN; 1348 answer.ttl = entry->addr_list.ttl; 1349 answer.rdata = data; 1350 if (rcode) { 1351 answer.rr_type = NAME_RR_TYPE_NULL; 1352 answer.rdlength = 0; 1353 bzero(data, 6); 1354 } else { 1355 answer.rdlength = 0; 1356 answer.rr_type = NAME_QUESTION_TYPE_NB; 1357 raddr = &entry->addr_list; 1358 scan = data; 1359 do { 1360 attr = entry->attributes & (NAME_ATTR_GROUP | 1361 NAME_ATTR_OWNER_NODE_TYPE); 1362 1363 BE_OUT16(scan, attr); scan += 2; 1364 ret_addr = LE_32(raddr->sin.sin_addr.s_addr); 1365 *scan++ = ret_addr; 1366 *scan++ = ret_addr >> 8; 1367 *scan++ = ret_addr >> 16; 1368 *scan++ = ret_addr >> 24; 1369 1370 answer.rdlength += 6; 1371 raddr = raddr->forw; 1372 } while (raddr != &entry->addr_list); 1373 } 1374 1375 return (smb_send_name_service_packet(addr, &packet)); 1376 } 1377 1378 /* 1379 * RFC 1002 4.2.18. NODE STATUS RESPONSE 1380 */ 1381 static int 1382 smb_send_node_status_response(addr_entry_t *addr, 1383 struct name_packet *original_packet) 1384 { 1385 uint32_t net_ipaddr; 1386 int64_t max_connections; 1387 struct arpreq arpreq; 1388 struct name_packet packet; 1389 struct resource_record answer; 1390 unsigned char *scan; 1391 unsigned char *scan_end; 1392 unsigned char data[MAX_NETBIOS_REPLY_DATA_SIZE]; 1393 boolean_t scan_done = B_FALSE; 1394 smb_inaddr_t ipaddr; 1395 1396 bzero(&packet, sizeof (struct name_packet)); 1397 bzero(&answer, sizeof (struct resource_record)); 1398 1399 packet.name_trn_id = original_packet->name_trn_id; 1400 packet.info = NODE_STATUS_RESPONSE; 1401 packet.qdcount = 0; /* question entries */ 1402 packet.question = NULL; 1403 packet.ancount = 1; /* answer recs */ 1404 packet.answer = &answer; 1405 packet.nscount = 0; /* authority recs */ 1406 packet.authority = NULL; 1407 packet.arcount = 0; /* additional recs */ 1408 packet.additional = NULL; 1409 1410 answer.name = original_packet->question->name; 1411 answer.rr_type = NAME_RR_TYPE_NBSTAT; 1412 answer.rr_class = NAME_QUESTION_CLASS_IN; 1413 answer.ttl = 0; 1414 answer.rdata = data; 1415 1416 scan = smb_netbios_cache_status(data, MAX_NETBIOS_REPLY_DATA_SIZE, 1417 original_packet->question->name->scope); 1418 1419 scan_end = data + MAX_NETBIOS_REPLY_DATA_SIZE; 1420 1421 ipaddr.a_ipv4 = addr->sin.sin_addr.s_addr; 1422 ipaddr.a_family = AF_INET; 1423 if (smb_nic_is_same_subnet(&ipaddr)) 1424 net_ipaddr = addr->sin.sin_addr.s_addr; 1425 else 1426 net_ipaddr = 0; 1427 1428 (void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &max_connections); 1429 1430 while (!scan_done) { 1431 if ((scan + 6) >= scan_end) { 1432 packet.info |= NAME_NM_FLAGS_TC; 1433 break; 1434 } 1435 1436 if (net_ipaddr != 0) { 1437 struct sockaddr_in *s_in; 1438 int s; 1439 1440 s = socket(AF_INET, SOCK_DGRAM, 0); 1441 /* LINTED - E_BAD_PTR_CAST_ALIGN */ 1442 s_in = (struct sockaddr_in *)&arpreq.arp_pa; 1443 s_in->sin_family = AF_INET; 1444 s_in->sin_addr.s_addr = net_ipaddr; 1445 if (ioctl(s, SIOCGARP, (caddr_t)&arpreq) < 0) { 1446 bzero(scan, 6); 1447 } else { 1448 bcopy(&arpreq.arp_ha.sa_data, scan, 6); 1449 } 1450 (void) close(s); 1451 } else { 1452 bzero(scan, 6); 1453 } 1454 scan += 6; 1455 1456 if ((scan + 26) >= scan_end) { 1457 packet.info |= NAME_NM_FLAGS_TC; 1458 break; 1459 } 1460 bzero(scan, 26); 1461 scan += 26; 1462 1463 if ((scan + 2) >= scan_end) { 1464 packet.info |= NAME_NM_FLAGS_TC; 1465 break; 1466 } 1467 BE_OUT16(scan, 0); scan += 2; 1468 1469 if ((scan + 2) >= scan_end) { 1470 packet.info |= NAME_NM_FLAGS_TC; 1471 break; 1472 } 1473 BE_OUT16(scan, 0); scan += 2; 1474 1475 if ((scan + 2) >= scan_end) { 1476 packet.info |= NAME_NM_FLAGS_TC; 1477 break; 1478 } 1479 BE_OUT16(scan, 0); scan += 2; 1480 1481 if ((scan + 2) >= scan_end) { 1482 packet.info |= NAME_NM_FLAGS_TC; 1483 break; 1484 } 1485 BE_OUT16(scan, 0); scan += 2; 1486 1487 if ((scan + 2) >= scan_end) { 1488 packet.info |= NAME_NM_FLAGS_TC; 1489 break; 1490 } 1491 BE_OUT16(scan, 0); scan += 2; 1492 1493 if ((scan + 2) >= scan_end) { 1494 packet.info |= NAME_NM_FLAGS_TC; 1495 break; 1496 } 1497 BE_OUT16(scan, 0); scan += 2; 1498 1499 if ((scan + 2) >= scan_end) { 1500 packet.info |= NAME_NM_FLAGS_TC; 1501 break; 1502 } 1503 BE_OUT16(scan, 0); scan += 2; 1504 1505 if ((scan + 2) >= scan_end) { 1506 packet.info |= NAME_NM_FLAGS_TC; 1507 break; 1508 } 1509 BE_OUT16(scan, max_connections); scan += 2; 1510 1511 if ((scan + 2) >= scan_end) { 1512 packet.info |= NAME_NM_FLAGS_TC; 1513 break; 1514 } 1515 1516 BE_OUT16(scan, 0); scan += 2; 1517 1518 scan_done = B_TRUE; 1519 } 1520 answer.rdlength = scan - data; 1521 return (smb_send_name_service_packet(addr, &packet)); 1522 } 1523 1524 static int 1525 smb_name_Bnode_add_name(struct name_entry *name) 1526 { 1527 struct name_question question; 1528 struct resource_record additional; 1529 unsigned char data[8]; 1530 uint16_t attr; 1531 addr_entry_t *addr; 1532 int rc = 0; 1533 1534 addr = &name->addr_list; 1535 1536 do { 1537 /* build name service packet */ 1538 question.name = name; 1539 /* 1540 * question.name->attributes |= NAME_NB_FLAGS_ONT_B; 1541 * This is commented because NAME_NB_FLAGS_ONT_B is 0 1542 */ 1543 question.question_type = NAME_QUESTION_TYPE_NB; 1544 question.question_class = NAME_QUESTION_CLASS_IN; 1545 1546 additional.name = name; 1547 additional.rr_class = NAME_QUESTION_CLASS_IN; 1548 additional.ttl = 0; 1549 additional.rdata = data; 1550 additional.rdlength = 6; 1551 additional.rr_type = NAME_QUESTION_TYPE_NB; 1552 attr = name->attributes & (NAME_ATTR_GROUP | 1553 NAME_ATTR_OWNER_NODE_TYPE); 1554 1555 BE_OUT16(&data[0], attr); 1556 (void) memcpy(&data[2], &addr->sin.sin_addr.s_addr, 1557 sizeof (uint32_t)); 1558 1559 rc |= smb_send_name_registration_request(BROADCAST, &question, 1560 &additional); 1561 addr = addr->forw; 1562 1563 } while (addr != &name->addr_list); 1564 1565 return (rc); 1566 } 1567 1568 static int 1569 smb_name_Bnode_find_name(struct name_entry *name) 1570 { 1571 struct name_question question; 1572 1573 question.name = name; 1574 question.question_type = NAME_QUESTION_TYPE_NB; 1575 question.question_class = NAME_QUESTION_CLASS_IN; 1576 1577 return (smb_send_name_query_request(BROADCAST, &question)); 1578 } 1579 1580 static int 1581 smb_name_Bnode_delete_name(struct name_entry *name) 1582 { 1583 struct name_question question; 1584 struct resource_record additional; 1585 addr_entry_t *raddr; 1586 unsigned char data[MAX_DATAGRAM_LENGTH]; 1587 unsigned char *scan = data; 1588 uint32_t attr; 1589 uint32_t ret_addr; 1590 1591 /* build packet */ 1592 question.name = name; 1593 question.question_type = NAME_QUESTION_TYPE_NB; 1594 question.question_class = NAME_QUESTION_CLASS_IN; 1595 1596 additional.name = name; 1597 additional.rr_class = NAME_QUESTION_CLASS_IN; 1598 additional.ttl = 0; 1599 additional.rdata = data; 1600 additional.rdlength = 0; 1601 additional.rr_type = NAME_QUESTION_TYPE_NB; 1602 raddr = &name->addr_list; 1603 scan = data; 1604 do { 1605 attr = name->attributes & (NAME_ATTR_GROUP | 1606 NAME_ATTR_OWNER_NODE_TYPE); 1607 1608 BE_OUT16(scan, attr); scan += 2; 1609 ret_addr = LE_32(raddr->sin.sin_addr.s_addr); 1610 *scan++ = ret_addr; 1611 *scan++ = ret_addr >> 8; 1612 *scan++ = ret_addr >> 16; 1613 *scan++ = ret_addr >> 24; 1614 1615 additional.rdlength += 6; 1616 } while (raddr != &name->addr_list); 1617 1618 return (smb_send_name_release_request_and_demand(BROADCAST, 1619 &question, &additional)); 1620 } 1621 1622 static int 1623 smb_name_Pnode_add_name(struct name_entry *name) 1624 { 1625 struct name_question question; 1626 struct resource_record additional; 1627 unsigned char data[8]; 1628 uint16_t attr; 1629 addr_entry_t *addr; 1630 int rc = 0; 1631 1632 /* build packet */ 1633 addr = &name->addr_list; 1634 do { 1635 question.name = name; 1636 question.question_type = NAME_QUESTION_TYPE_NB; 1637 question.question_class = NAME_QUESTION_CLASS_IN; 1638 1639 additional.name = name; 1640 additional.rr_class = NAME_QUESTION_CLASS_IN; 1641 additional.ttl = 0; 1642 additional.rdata = data; 1643 additional.rdlength = 6; 1644 additional.rr_type = NAME_QUESTION_TYPE_NB; 1645 attr = name->attributes & 1646 (NAME_ATTR_GROUP | NAME_ATTR_OWNER_NODE_TYPE); 1647 1648 BE_OUT16(&data[0], attr); 1649 (void) memcpy(&data[2], &addr->sin.sin_addr.s_addr, 1650 sizeof (uint32_t)); 1651 1652 rc |= smb_send_name_registration_request(UNICAST, &question, 1653 &additional); 1654 1655 addr = addr->forw; 1656 1657 } while (addr != &name->addr_list); 1658 1659 return (rc); 1660 } 1661 1662 static int 1663 smb_name_Pnode_refresh_name(struct name_entry *name) 1664 { 1665 struct name_question question; 1666 struct resource_record additional; 1667 unsigned char data[8]; 1668 uint16_t attr; 1669 addr_entry_t *addr; 1670 int rc = 0; 1671 1672 /* build packet */ 1673 addr = &name->addr_list; 1674 do { 1675 question.name = name; 1676 question.question_type = NAME_QUESTION_TYPE_NB; 1677 question.question_class = NAME_QUESTION_CLASS_IN; 1678 1679 additional.name = name; 1680 additional.rr_class = NAME_QUESTION_CLASS_IN; 1681 additional.ttl = 0; 1682 additional.rdata = data; 1683 additional.rdlength = 6; 1684 additional.rr_type = NAME_QUESTION_TYPE_NB; 1685 attr = name->attributes & 1686 (NAME_ATTR_GROUP | NAME_ATTR_OWNER_NODE_TYPE); 1687 1688 BE_OUT16(&data[0], attr); 1689 (void) memcpy(&data[2], &addr->sin.sin_addr.s_addr, 1690 sizeof (uint32_t)); 1691 1692 rc |= smb_send_name_refresh_request(UNICAST, &question, 1693 &additional, 1); 1694 1695 addr = addr->forw; 1696 } while (addr != &name->addr_list); 1697 1698 return (rc); 1699 } 1700 1701 static int 1702 smb_name_Pnode_find_name(struct name_entry *name) 1703 { 1704 struct name_question question; 1705 1706 /* 1707 * Host initiated processing for a P node 1708 */ 1709 question.name = name; 1710 question.name->attributes |= NAME_NB_FLAGS_ONT_P; 1711 question.question_type = NAME_QUESTION_TYPE_NB; 1712 question.question_class = NAME_QUESTION_CLASS_IN; 1713 1714 return (smb_send_name_query_request(UNICAST, &question)); 1715 } 1716 1717 static int 1718 smb_name_Pnode_delete_name(struct name_entry *name) 1719 { 1720 struct name_question question; 1721 struct resource_record additional; 1722 addr_entry_t *raddr; 1723 unsigned char data[MAX_DATAGRAM_LENGTH]; 1724 unsigned char *scan = data; 1725 uint32_t attr; 1726 uint32_t ret_addr; 1727 1728 /* build packet */ 1729 question.name = name; 1730 question.name->attributes |= NAME_NB_FLAGS_ONT_P; 1731 question.question_type = NAME_QUESTION_TYPE_NB; 1732 question.question_class = NAME_QUESTION_CLASS_IN; 1733 1734 additional.name = name; 1735 additional.rr_class = NAME_QUESTION_CLASS_IN; 1736 additional.ttl = 0; 1737 additional.rdata = data; 1738 additional.rdlength = 0; 1739 additional.rr_type = NAME_QUESTION_TYPE_NB; 1740 raddr = &name->addr_list; 1741 do { 1742 scan = data; 1743 attr = name->attributes & (NAME_ATTR_GROUP | 1744 NAME_ATTR_OWNER_NODE_TYPE); 1745 1746 BE_OUT16(scan, attr); scan += 2; 1747 ret_addr = LE_32(raddr->sin.sin_addr.s_addr); 1748 *scan++ = ret_addr; 1749 *scan++ = ret_addr >> 8; 1750 *scan++ = ret_addr >> 16; 1751 *scan++ = ret_addr >> 24; 1752 1753 additional.rdlength = 6; 1754 raddr = raddr->forw; 1755 (void) smb_send_name_release_request_and_demand(UNICAST, 1756 &question, &additional); 1757 } while (raddr != &name->addr_list); 1758 1759 return (1); 1760 } 1761 1762 static int 1763 smb_name_Mnode_add_name(struct name_entry *name) 1764 { 1765 if (smb_name_Bnode_add_name(name) > 0) { 1766 if (nbns_num == 0) 1767 return (1); /* No name server configured */ 1768 1769 return (smb_name_Pnode_add_name(name)); 1770 } 1771 return (-1); 1772 } 1773 1774 static int 1775 smb_name_Hnode_add_name(struct name_entry *name) 1776 { 1777 if (nbns_num > 0) { 1778 if (smb_name_Pnode_add_name(name) == 1) 1779 return (1); 1780 } 1781 1782 return (smb_name_Bnode_add_name(name)); 1783 } 1784 1785 static int 1786 smb_name_Mnode_find_name(struct name_entry *name) 1787 { 1788 if (smb_name_Bnode_find_name(name) == 1) 1789 return (1); 1790 1791 if (nbns_num == 0) 1792 return (1); /* No name server configured */ 1793 1794 return (smb_name_Pnode_find_name(name)); 1795 } 1796 1797 static int 1798 smb_name_Hnode_find_name(struct name_entry *name) 1799 { 1800 if (nbns_num > 0) 1801 if (smb_name_Pnode_find_name(name) == 1) 1802 return (1); 1803 1804 return (smb_name_Bnode_find_name(name)); 1805 } 1806 1807 static int 1808 smb_name_Mnode_delete_name(struct name_entry *name) 1809 { 1810 (void) smb_name_Bnode_delete_name(name); 1811 1812 if (nbns_num == 0) 1813 return (-1); /* No name server configured */ 1814 1815 if (smb_name_Pnode_delete_name(name) > 0) 1816 return (1); 1817 1818 return (-1); 1819 } 1820 1821 static int 1822 smb_name_Hnode_delete_name(struct name_entry *name) 1823 { 1824 if (nbns_num > 0) 1825 if (smb_name_Pnode_delete_name(name) > 0) 1826 return (1); 1827 1828 return (smb_name_Bnode_delete_name(name)); 1829 } 1830 1831 static void 1832 smb_name_process_Bnode_packet(struct name_packet *packet, addr_entry_t *addr) 1833 { 1834 struct name_entry *name; 1835 struct name_entry *entry; 1836 struct name_question *question; 1837 struct resource_record *additional; 1838 1839 question = packet->question; 1840 additional = packet->additional; 1841 1842 switch (packet->info & NAME_OPCODE_OPCODE_MASK) { 1843 case NAME_OPCODE_REFRESH: 1844 /* Guard against malformed packets */ 1845 if ((question == 0) || (additional == 0)) 1846 break; 1847 if (additional->name->addr_list.sin.sin_addr.s_addr == 0) 1848 break; 1849 1850 name = question->name; 1851 name->addr_list.ttl = additional->ttl; 1852 name->attributes = additional->name->attributes; 1853 name->addr_list.sin = additional->name->addr_list.sin; 1854 name->addr_list.forw = name->addr_list.back = &name->addr_list; 1855 1856 if ((entry = smb_netbios_cache_lookup_addr(name)) != 0) { 1857 smb_netbios_cache_update_entry(entry, question->name); 1858 smb_netbios_cache_unlock_entry(entry); 1859 } 1860 else 1861 (void) smb_netbios_cache_insert(question->name); 1862 break; 1863 1864 case NAME_OPCODE_QUERY: 1865 /* 1866 * This opcode covers both NAME_QUERY_REQUEST and 1867 * NODE_STATUS_REQUEST. They can be distinguished 1868 * based on the type of question entry. 1869 */ 1870 1871 /* All query requests have to have question entry */ 1872 if (question == 0) 1873 break; 1874 1875 if (question->question_type == NAME_QUESTION_TYPE_NB) { 1876 name = question->name; 1877 if ((entry = smb_netbios_cache_lookup(name)) != 0) { 1878 (void) smb_send_name_query_response(addr, 1879 packet, entry, 0); 1880 smb_netbios_cache_unlock_entry(entry); 1881 } 1882 } 1883 else 1884 if (question->question_type == NAME_QUESTION_TYPE_NBSTAT) { 1885 /* 1886 * Name of "*" may be used to force node to 1887 * divulge status for administrative purposes 1888 */ 1889 name = question->name; 1890 entry = 0; 1891 if (NETBIOS_NAME_IS_STAR(name->name) || 1892 ((entry = smb_netbios_cache_lookup(name)) != 0)) { 1893 if (entry) 1894 smb_netbios_cache_unlock_entry(entry); 1895 /* 1896 * send only those names that are 1897 * in the same scope as the scope 1898 * field in the request packet 1899 */ 1900 (void) smb_send_node_status_response(addr, 1901 packet); 1902 } 1903 } 1904 break; 1905 1906 default: 1907 break; 1908 } 1909 } 1910 1911 static void 1912 smb_name_process_Pnode_packet(struct name_packet *packet, addr_entry_t *addr) 1913 { 1914 struct name_entry *name; 1915 struct name_entry *entry; 1916 struct name_question *question; 1917 struct resource_record *additional; 1918 1919 question = packet->question; 1920 additional = packet->additional; 1921 1922 if (packet->info & NAME_NM_FLAGS_B) { 1923 /* 1924 * always ignore UDP broadcast packets 1925 */ 1926 return; 1927 } 1928 1929 switch (packet->info & NAME_OPCODE_OPCODE_MASK) { 1930 case NAME_OPCODE_REFRESH: 1931 /* Guard against malformed packets */ 1932 if ((question == 0) || (additional == 0)) 1933 break; 1934 if (additional->name->addr_list.sin.sin_addr.s_addr == 0) 1935 break; 1936 1937 name = question->name; 1938 name->addr_list.ttl = additional->ttl; 1939 name->attributes = additional->name->attributes; 1940 name->addr_list.sin = additional->name->addr_list.sin; 1941 name->addr_list.forw = name->addr_list.back = &name->addr_list; 1942 1943 if ((entry = smb_netbios_cache_lookup(name)) != 0) { 1944 smb_netbios_cache_update_entry(entry, name); 1945 smb_netbios_cache_unlock_entry(entry); 1946 } 1947 else 1948 (void) smb_netbios_cache_insert(name); 1949 1950 (void) smb_send_name_registration_response(addr, packet, 0); 1951 break; 1952 1953 case NAME_OPCODE_QUERY: 1954 /* 1955 * This opcode covers both NAME_QUERY_REQUEST and 1956 * NODE_STATUS_REQUEST. They can be distinguished 1957 * based on the type of question entry. 1958 */ 1959 1960 /* All query requests have to have question entry */ 1961 if (question == 0) 1962 break; 1963 1964 if (question->question_type == NAME_QUESTION_TYPE_NB) { 1965 name = question->name; 1966 if ((entry = smb_netbios_cache_lookup(name)) != 0) { 1967 /* 1968 * send response to the IP address and port 1969 * number from which the request was received. 1970 */ 1971 (void) smb_send_name_query_response(addr, 1972 packet, entry, 0); 1973 smb_netbios_cache_unlock_entry(entry); 1974 } else { 1975 /* 1976 * send response to the requestor 1977 */ 1978 (void) smb_send_name_query_response(addr, 1979 packet, name, RCODE_NAM_ERR); 1980 } 1981 } 1982 else 1983 if (question->question_type == NAME_QUESTION_TYPE_NBSTAT) { 1984 /* 1985 * Name of "*" may be used to force node to 1986 * divulge status for administrative purposes 1987 */ 1988 name = question->name; 1989 entry = 0; 1990 if (NETBIOS_NAME_IS_STAR(name->name) || 1991 ((entry = smb_netbios_cache_lookup(name)) != 0)) { 1992 /* 1993 * send only those names that are 1994 * in the same scope as the scope 1995 * field in the request packet 1996 */ 1997 if (entry) 1998 smb_netbios_cache_unlock_entry(entry); 1999 (void) smb_send_node_status_response(addr, 2000 packet); 2001 } 2002 } 2003 break; 2004 2005 default: 2006 break; 2007 } 2008 } 2009 2010 static void 2011 smb_name_process_Mnode_packet(struct name_packet *packet, addr_entry_t *addr) 2012 { 2013 if (packet->info & NAME_NM_FLAGS_B) 2014 smb_name_process_Bnode_packet(packet, addr); 2015 else 2016 smb_name_process_Pnode_packet(packet, addr); 2017 } 2018 2019 static void 2020 smb_name_process_Hnode_packet(struct name_packet *packet, addr_entry_t *addr) 2021 { 2022 if (packet->info & NAME_NM_FLAGS_B) 2023 smb_name_process_Bnode_packet(packet, addr); 2024 else 2025 smb_name_process_Pnode_packet(packet, addr); 2026 } 2027 2028 2029 /* 2030 * smb_netbios_name_tick 2031 * 2032 * Called once a second to handle name server timeouts. 2033 */ 2034 void 2035 smb_netbios_name_tick(void) 2036 { 2037 struct name_entry *name; 2038 struct name_entry *entry; 2039 2040 (void) mutex_lock(&refresh_queue.mtx); 2041 smb_netbios_cache_refresh(&refresh_queue); 2042 2043 while ((name = refresh_queue.head.forw) != &refresh_queue.head) { 2044 QUEUE_CLIP(name); 2045 if (IS_LOCAL(name->attributes)) { 2046 if (IS_UNIQUE(name->attributes)) { 2047 (void) smb_name_Pnode_refresh_name(name); 2048 } 2049 } else { 2050 entry = smb_name_find_name(name); 2051 smb_name_unlock_name(entry); 2052 } 2053 free(name); 2054 } 2055 (void) mutex_unlock(&refresh_queue.mtx); 2056 2057 smb_netbios_cache_reset_ttl(); 2058 } 2059 2060 /* 2061 * smb_name_find_name 2062 * 2063 * Lookup name cache for the given name. 2064 * If it's not in the cache it'll send a 2065 * name query request and then lookup the 2066 * cache again. Note that if a name is 2067 * returned it's locked and called MUST 2068 * unlock it by calling smb_name_unlock_name() 2069 */ 2070 struct name_entry * 2071 smb_name_find_name(struct name_entry *name) 2072 { 2073 struct name_entry *result; 2074 2075 if ((result = smb_netbios_cache_lookup(name)) == 0) { 2076 switch (smb_node_type) { 2077 case 'B': 2078 (void) smb_name_Bnode_find_name(name); 2079 break; 2080 case 'P': 2081 (void) smb_name_Pnode_find_name(name); 2082 break; 2083 case 'M': 2084 (void) smb_name_Mnode_find_name(name); 2085 break; 2086 case 'H': 2087 default: 2088 (void) smb_name_Hnode_find_name(name); 2089 break; 2090 } 2091 return (smb_netbios_cache_lookup(name)); 2092 } 2093 2094 return (result); 2095 } 2096 2097 void 2098 smb_name_unlock_name(struct name_entry *name) 2099 { 2100 smb_netbios_cache_unlock_entry(name); 2101 } 2102 2103 int 2104 smb_name_add_name(struct name_entry *name) 2105 { 2106 int rc = 1; 2107 2108 smb_netbios_name_logf(name); 2109 2110 switch (smb_node_type) { 2111 case 'B': 2112 rc = smb_name_Bnode_add_name(name); 2113 break; 2114 case 'P': 2115 rc = smb_name_Pnode_add_name(name); 2116 break; 2117 case 'M': 2118 rc = smb_name_Mnode_add_name(name); 2119 break; 2120 case 'H': 2121 default: 2122 rc = smb_name_Hnode_add_name(name); 2123 break; 2124 } 2125 2126 if (rc >= 0) 2127 (void) smb_netbios_cache_insert(name); 2128 2129 return (rc); 2130 } 2131 2132 int 2133 smb_name_delete_name(struct name_entry *name) 2134 { 2135 int rc; 2136 unsigned char type; 2137 2138 type = name->name[15]; 2139 if ((type != NBT_WKSTA) && (type != NBT_SERVER)) { 2140 syslog(LOG_DEBUG, "nbns: name delete bad type (0x%02x)", type); 2141 smb_netbios_name_logf(name); 2142 name->attributes &= ~NAME_ATTR_LOCAL; 2143 return (-1); 2144 } 2145 2146 smb_netbios_cache_delete(name); 2147 2148 switch (smb_node_type) { 2149 case 'B': 2150 rc = smb_name_Bnode_delete_name(name); 2151 break; 2152 case 'P': 2153 rc = smb_name_Pnode_delete_name(name); 2154 break; 2155 case 'M': 2156 rc = smb_name_Mnode_delete_name(name); 2157 break; 2158 case 'H': 2159 default: 2160 rc = smb_name_Hnode_delete_name(name); 2161 break; 2162 } 2163 2164 if (rc > 0) 2165 return (0); 2166 2167 return (-1); 2168 } 2169 2170 typedef struct { 2171 addr_entry_t *addr; 2172 char *buf; 2173 int length; 2174 } worker_param_t; 2175 2176 /* 2177 * smb_netbios_worker 2178 * 2179 * Process incoming request/response packets for Netbios 2180 * name service (on port 138). 2181 */ 2182 void * 2183 smb_netbios_worker(void *arg) 2184 { 2185 worker_param_t *p = (worker_param_t *)arg; 2186 addr_entry_t *addr = p->addr; 2187 struct name_packet *packet; 2188 2189 if ((packet = smb_name_buf_to_packet(p->buf, p->length)) != NULL) { 2190 if (packet->info & NAME_OPCODE_R) { 2191 /* Reply packet */ 2192 smb_reply_ready(packet, addr); 2193 free(p->buf); 2194 free(p); 2195 return (NULL); 2196 } 2197 2198 /* Request packet */ 2199 switch (smb_node_type) { 2200 case 'B': 2201 smb_name_process_Bnode_packet(packet, addr); 2202 break; 2203 case 'P': 2204 smb_name_process_Pnode_packet(packet, addr); 2205 break; 2206 case 'M': 2207 smb_name_process_Mnode_packet(packet, addr); 2208 break; 2209 case 'H': 2210 default: 2211 smb_name_process_Hnode_packet(packet, addr); 2212 break; 2213 } 2214 2215 if (packet->answer) 2216 smb_netbios_name_freeaddrs(packet->answer->name); 2217 free(packet); 2218 } else { 2219 syslog(LOG_ERR, "nbns: packet decode failed"); 2220 } 2221 2222 free(addr); 2223 free(p->buf); 2224 free(p); 2225 return (NULL); 2226 } 2227 2228 /* 2229 * Configure the node type. If a WINS server has been specified, 2230 * act like an H-node. Otherwise, behave like a B-node. 2231 */ 2232 static void 2233 smb_netbios_node_config(void) 2234 { 2235 static smb_cfg_id_t wins[SMB_PI_MAX_WINS] = { 2236 SMB_CI_WINS_SRV1, 2237 SMB_CI_WINS_SRV2 2238 }; 2239 char ipstr[16]; 2240 uint32_t ipaddr; 2241 int i; 2242 2243 smb_node_type = SMB_NODETYPE_B; 2244 nbns_num = 0; 2245 bzero(smb_nbns, sizeof (addr_entry_t) * SMB_PI_MAX_WINS); 2246 2247 for (i = 0; i < SMB_PI_MAX_WINS; ++i) { 2248 ipstr[0] = '\0'; 2249 (void) smb_config_getstr(wins[i], ipstr, sizeof (ipstr)); 2250 2251 if ((ipaddr = inet_addr(ipstr)) == INADDR_NONE) 2252 continue; 2253 2254 smb_node_type = SMB_NODETYPE_H; 2255 smb_nbns[nbns_num].flags = ADDR_FLAG_VALID; 2256 smb_nbns[nbns_num].sinlen = sizeof (struct sockaddr_in); 2257 smb_nbns[nbns_num].sin.sin_family = AF_INET; 2258 smb_nbns[nbns_num].sin.sin_addr.s_addr = ipaddr; 2259 smb_nbns[nbns_num].sin.sin_port = htons(IPPORT_NETBIOS_NS); 2260 nbns_num++; 2261 } 2262 } 2263 2264 static void 2265 smb_netbios_name_registration(void) 2266 { 2267 nbcache_iter_t nbc_iter; 2268 struct name_entry *name; 2269 int rc; 2270 2271 rc = smb_netbios_cache_getfirst(&nbc_iter); 2272 while (rc == 0) { 2273 name = nbc_iter.nbc_entry; 2274 (void) smb_netbios_name_logf(name); 2275 if (IS_UNIQUE(name->attributes) && IS_LOCAL(name->attributes)) { 2276 switch (smb_node_type) { 2277 case SMB_NODETYPE_B: 2278 (void) smb_name_Bnode_add_name(name); 2279 break; 2280 case SMB_NODETYPE_P: 2281 (void) smb_name_Pnode_add_name(name); 2282 break; 2283 case SMB_NODETYPE_M: 2284 (void) smb_name_Mnode_add_name(name); 2285 break; 2286 case SMB_NODETYPE_H: 2287 default: 2288 (void) smb_name_Hnode_add_name(name); 2289 break; 2290 } 2291 } 2292 free(name); 2293 rc = smb_netbios_cache_getnext(&nbc_iter); 2294 } 2295 } 2296 2297 /* 2298 * Note that the node configuration must be setup before calling 2299 * smb_init_name_struct(). 2300 */ 2301 void 2302 smb_netbios_name_config(void) 2303 { 2304 addr_entry_t *bcast_entry; 2305 struct name_entry name; 2306 smb_niciter_t ni; 2307 int rc; 2308 2309 (void) mutex_lock(&nbt_name_config_mtx); 2310 smb_netbios_node_config(); 2311 2312 bcast_num = 0; 2313 bzero(smb_bcast_list, sizeof (addr_entry_t) * SMB_PI_MAX_NETWORKS); 2314 2315 rc = smb_nic_getfirst(&ni); 2316 while (rc == 0) { 2317 if ((ni.ni_nic.nic_smbflags & SMB_NICF_NBEXCL) || 2318 (ni.ni_nic.nic_smbflags & SMB_NICF_ALIAS)) { 2319 rc = smb_nic_getnext(&ni); 2320 continue; 2321 } 2322 2323 bcast_entry = &smb_bcast_list[bcast_num]; 2324 bcast_entry->flags = ADDR_FLAG_VALID; 2325 bcast_entry->attributes = NAME_ATTR_LOCAL; 2326 bcast_entry->sinlen = sizeof (struct sockaddr_in); 2327 bcast_entry->sin.sin_family = AF_INET; 2328 bcast_entry->sin.sin_port = htons(IPPORT_NETBIOS_NS); 2329 bcast_entry->sin.sin_addr.s_addr = ni.ni_nic.nic_bcast; 2330 bcast_num++; 2331 2332 smb_init_name_struct((unsigned char *)ni.ni_nic.nic_host, 2333 NBT_WKSTA, 0, ni.ni_nic.nic_ip.a_ipv4, 2334 htons(IPPORT_NETBIOS_DGM), 2335 NAME_ATTR_UNIQUE, NAME_ATTR_LOCAL, &name); 2336 (void) smb_netbios_cache_insert(&name); 2337 2338 smb_init_name_struct((unsigned char *)ni.ni_nic.nic_host, 2339 NBT_SERVER, 0, ni.ni_nic.nic_ip.a_ipv4, 2340 htons(IPPORT_NETBIOS_DGM), 2341 NAME_ATTR_UNIQUE, NAME_ATTR_LOCAL, &name); 2342 (void) smb_netbios_cache_insert(&name); 2343 2344 rc = smb_nic_getnext(&ni); 2345 } 2346 2347 smb_netbios_name_registration(); 2348 (void) mutex_unlock(&nbt_name_config_mtx); 2349 } 2350 2351 void 2352 smb_netbios_name_unconfig(void) 2353 { 2354 struct name_entry *name; 2355 2356 (void) mutex_lock(&nbt_name_config_mtx); 2357 (void) mutex_lock(&delete_queue.mtx); 2358 smb_netbios_cache_delete_locals(&delete_queue); 2359 2360 while ((name = delete_queue.head.forw) != &delete_queue.head) { 2361 QUEUE_CLIP(name); 2362 (void) smb_name_delete_name(name); 2363 free(name); 2364 } 2365 (void) mutex_unlock(&delete_queue.mtx); 2366 (void) mutex_unlock(&nbt_name_config_mtx); 2367 } 2368 2369 void 2370 smb_netbios_name_reconfig(void) 2371 { 2372 smb_netbios_name_unconfig(); 2373 smb_netbios_name_config(); 2374 } 2375 2376 /* 2377 * NetBIOS Name Service (port 137) 2378 */ 2379 /*ARGSUSED*/ 2380 void * 2381 smb_netbios_name_service(void *arg) 2382 { 2383 struct sockaddr_in sin; 2384 addr_entry_t *addr; 2385 int len; 2386 int flag = 1; 2387 char *buf; 2388 worker_param_t *worker_param; 2389 smb_inaddr_t ipaddr; 2390 2391 /* 2392 * Initialize reply_queue 2393 */ 2394 bzero(&reply_queue, sizeof (reply_queue)); 2395 reply_queue.forw = reply_queue.back = &reply_queue; 2396 2397 if ((name_sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { 2398 syslog(LOG_ERR, "nbns: socket failed: %m"); 2399 smb_netbios_event(NETBIOS_EVENT_ERROR); 2400 return (NULL); 2401 } 2402 2403 flag = 1; 2404 (void) setsockopt(name_sock, SOL_SOCKET, SO_REUSEADDR, &flag, 2405 sizeof (flag)); 2406 flag = 1; 2407 (void) setsockopt(name_sock, SOL_SOCKET, SO_BROADCAST, &flag, 2408 sizeof (flag)); 2409 2410 bzero(&sin, sizeof (struct sockaddr_in)); 2411 sin.sin_family = AF_INET; 2412 sin.sin_port = htons(IPPORT_NETBIOS_NS); 2413 if (bind(name_sock, (struct sockaddr *)&sin, sizeof (sin)) != 0) { 2414 syslog(LOG_ERR, "nbns: bind(%d) failed: %m", 2415 IPPORT_NETBIOS_NS); 2416 (void) close(name_sock); 2417 smb_netbios_event(NETBIOS_EVENT_ERROR); 2418 return (NULL); 2419 } 2420 2421 smb_netbios_event(NETBIOS_EVENT_NS_START); 2422 2423 while (smb_netbios_running()) { 2424 buf = malloc(MAX_DATAGRAM_LENGTH); 2425 addr = malloc(sizeof (addr_entry_t)); 2426 if ((buf == NULL) || (addr == NULL)) { 2427 /* Sleep for 10 seconds and try again */ 2428 free(addr); 2429 free(buf); 2430 smb_netbios_sleep(10); 2431 continue; 2432 } 2433 ignore: bzero(addr, sizeof (addr_entry_t)); 2434 addr->sinlen = sizeof (addr->sin); 2435 addr->forw = addr->back = addr; 2436 2437 if ((len = recvfrom(name_sock, buf, MAX_DATAGRAM_LENGTH, 2438 0, (struct sockaddr *)&addr->sin, &addr->sinlen)) < 0) { 2439 if (errno == ENOMEM || errno == ENFILE || 2440 errno == EMFILE) { 2441 /* Sleep for 10 seconds and try again */ 2442 free(buf); 2443 free(addr); 2444 smb_netbios_sleep(10); 2445 continue; 2446 } 2447 syslog(LOG_ERR, "nbns: recvfrom failed: %m"); 2448 free(buf); 2449 free(addr); 2450 smb_netbios_event(NETBIOS_EVENT_ERROR); 2451 goto shutdown; 2452 } 2453 2454 /* Ignore any incoming packets from myself... */ 2455 2456 ipaddr.a_ipv4 = addr->sin.sin_addr.s_addr; 2457 ipaddr.a_family = AF_INET; 2458 if (smb_nic_is_local(&ipaddr)) 2459 goto ignore; 2460 2461 /* 2462 * Launch a netbios worker to process the received packet. 2463 */ 2464 worker_param = malloc(sizeof (worker_param_t)); 2465 if (worker_param) { 2466 pthread_t worker; 2467 pthread_attr_t tattr; 2468 2469 worker_param->addr = addr; 2470 worker_param->buf = buf; 2471 worker_param->length = len; 2472 2473 (void) pthread_attr_init(&tattr); 2474 (void) pthread_attr_setdetachstate(&tattr, 2475 PTHREAD_CREATE_DETACHED); 2476 (void) pthread_create(&worker, &tattr, 2477 smb_netbios_worker, worker_param); 2478 (void) pthread_attr_destroy(&tattr); 2479 } 2480 } 2481 2482 shutdown: 2483 smb_netbios_event(NETBIOS_EVENT_NS_STOP); 2484 smb_netbios_wait(NETBIOS_EVENT_BROWSER_STOP); 2485 2486 if (!smb_netbios_error()) 2487 smb_netbios_name_unconfig(); 2488 2489 (void) close(name_sock); 2490 return (NULL); 2491 } 2492