xref: /titanic_51/usr/src/lib/smbsrv/libsmbns/common/smbns_browser.c (revision 193974072f41a843678abf5f61979c748687e66b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <stdlib.h>
29 #include <stdio.h>
30 #include <unistd.h>
31 #include <syslog.h>
32 #include <string.h>
33 #include <strings.h>
34 #include <time.h>
35 #include <synch.h>
36 #include <netdb.h>
37 #include <sys/socket.h>
38 #include <arpa/inet.h>
39 
40 #include <smbsrv/libsmb.h>
41 #include <smbsrv/libsmbns.h>
42 
43 #include <smbsrv/cifs.h>
44 #include <smbsrv/mailslot.h>
45 
46 #include <smbns_browser.h>
47 #include <smbns_netbios.h>
48 
49 #define	SMB_SERVER_SIGNATURE		0xaa550415
50 
51 typedef struct smb_hostinfo {
52 	list_node_t	hi_lnd;
53 	smb_nic_t	hi_nic;
54 	char		hi_nbname[NETBIOS_NAME_SZ];
55 	name_entry_t	hi_netname;
56 	uint32_t	hi_nextannouce;
57 	int		hi_reps;
58 	int		hi_interval;
59 	uint8_t		hi_updatecnt;
60 	uint32_t	hi_type;
61 } smb_hostinfo_t;
62 
63 typedef struct smb_browserinfo {
64 	list_t		bi_hlist;
65 	int		bi_hcnt;
66 	rwlock_t	bi_hlist_rwl;
67 	boolean_t	bi_changed;
68 	mutex_t		bi_mtx;
69 } smb_browserinfo_t;
70 
71 static smb_browserinfo_t smb_binfo;
72 
73 static int smb_browser_init(void);
74 static void smb_browser_infoinit(void);
75 static void smb_browser_infoterm(void);
76 static void smb_browser_infofree(void);
77 
78 void
79 smb_browser_reconfig(void)
80 {
81 	(void) mutex_lock(&smb_binfo.bi_mtx);
82 	smb_binfo.bi_changed = B_TRUE;
83 	(void) mutex_unlock(&smb_binfo.bi_mtx);
84 }
85 
86 /*
87  * 3. Browser Overview
88  *
89  * Hosts involved in the browsing process can be separated into two
90  * distinct groups, browser clients and browser servers (often referred to
91  * simply as "browsers").
92  *
93  * A browser is a server which maintains information about servers -
94  * primarily the domain they are in and the services that they are running
95  * -- and about domains. Browsers may assume several different roles in
96  * their lifetimes, and dynamically switch between them.
97  *
98  *  Browser clients are of two types: workstations and (non-browser)
99  * servers. In the context of browsing, workstations query browsers for the
100  * information they contain; servers supply browsers the information by
101  * registering with them. Note that, at times, browsers may themselves
102  * behave as browser clients and query other browsers.
103  *
104  * For the purposes of this specification, a domain is simply a name with
105  * which to associate a group of resources such as computers, servers and
106  * users. Domains allow a convenient means for browser clients to restrict
107  * the scope of a search when they query browser servers. Every domain has
108  * a "master" server called the Primary Domain Controller (PDC) that
109  * manages various  activities within the domain.
110  *
111  * One browser for each domain on a subnet is designated the Local Master
112  * Browser for that domain. Servers in its domain on the subnet register
113  * with it, as do the Local Master Browsers for other domains on the
114  * subnet. It uses these registrations to maintain authoritative
115  * information about its domain on its subnet. If there are other subnets
116  * in the network, it also knows the name of the server running the
117  * domain's Domain Master Browser; it registers with it, and uses it to
118  * obtain information about the rest of the network (see below).
119  *
120  * Clients on a subnet query browsers designated as the Backup Browsers for
121  * the subnet (not the Master Browser). Backup Browsers maintain a copy of
122  * the information on the Local Master Browser; they get it by periodically
123  * querying the Local Master Browser for all of its information. Clients
124  * find the Backup Browsers by asking the Local Master Browser. Clients are
125  * expected to spread their queries evenly across Backup Browsers to
126  * balance the load.
127  *
128  * The Local Master Browser is dynamically elected automatically. Multiple
129  * Backup Browser Servers may exist per subnet; they are selected from
130  * among the potential browser servers by the Local Master Browser, which
131  * is configured to select enough to handle the expected query load.
132  *
133  * When there are multiple subnets, a Domain Master Browser is assigned
134  * the task of keeping the multiple subnets in synchronization. The Primary
135  * Domain Controller (PDC) always acts as the Domain Master Browser. The
136  * Domain Master Browser periodically acts as a client and queries all the
137  * Local Master Browsers for its domain, asking them for a list containing
138  * all the domains and all the servers in their domain known within their
139  * subnets; it merges all the replies into a single master list. This
140  * allows a Domain Master Browser server to act as a collection point for
141  * inter-subnet browsing information. Local Master Browsers periodically
142  * query the Domain Master Browser to retrieve the network-wide information
143  * it maintains.
144  *
145  * When a domain spans only a single subnet, there will not be any distinct
146  * Local Master Browser; this role will be handled by the Domain Master
147  * Browser. Similarly, the Domain Master Browser is always the Local Master
148  * Browser for the subnet it is on.
149  *
150  * When a browser client suspects that the Local Master Browser has failed,
151  * the client will instigate an election in which the browser servers
152  * participate, and some browser servers may change roles.
153  *
154  * Some characteristics of a good browsing mechanism include:
155  * . minimal network traffic
156  * . minimum server discovery time
157  * . minimum change discovery latency
158  * . immunity to machine failures
159  *
160  * Historically, Browser implementations had been very closely tied to
161  * NETBIOS and datagrams. The early implementations caused a lot of
162  * broadcast traffic. See Appendix D for an overview that presents how the
163  * Browser specification evolved.
164  *
165  * 4. Browsing Protocol Architecture
166  *
167  * This section first describes the how the browsing protocol is layered,
168  * then describes the roles of clients, servers, and browsers in the
169  * browsing subsystem.
170  *
171  * 4.1 Layering of Browsing Protocol Requests
172  *
173  * Most of the browser functionality is implemented using mailslots.
174  * Mailslots provide a mechanism for fast, unreliable unidirectional data
175  * transfer; they are named via ASCII "mailslot (path) name". Mailslots are
176  * implemented using the CIFS Transact SMB which is encapsulated in a
177  * NETBIOS datagram. Browser protocol requests are sent to browser specific
178  * mailslots using some browser-specific NETBIOS names. These datagrams can
179  * either be unicast or broadcast, depending on whether the NETBIOS name is
180  * a "unique name" or a "group name". Various data structures, which are
181  * detailed subsequently within this document, flow as the data portion of
182  * the Transact SMB.
183  *
184  * Here is an example of a generic browser SMB, showing how a browser
185  * request is encapsulated in a TRANSACT SMB request. Note that the PID,
186  * TID, MID, UID, and Flags are all 0 in mailslot requests.
187  *
188  * SMB: C transact, File = \MAILSLOT\BROWSE
189  *   SMB: SMB Status = Error Success
190  *     SMB: Error class = No Error
191  *     SMB: Error code = No Error
192  *   SMB: Header: PID = 0x0000 TID = 0x0000 MID = 0x0000 UID = 0x0000
193  *     SMB: Tree ID   (TID) = 0 (0x0)
194  *     SMB: Process ID  (PID) = 0 (0x0)
195  *     SMB: User ID   (UID) = 0 (0x0)
196  *     SMB: Multiplex ID (MID) = 0 (0x0)
197  *     SMB: Flags Summary = 0 (0x0)
198  *   SMB: Command = C transact
199  *     SMB: Word count = 17
200  *     SMB: Word parameters
201  *     SMB: Total parm bytes = 0
202  *     SMB: Total data bytes = 33
203  *     SMB: Max parm bytes = 0
204  *     SMB: Max data bytes = 0
205  *     SMB: Max setup words = 0
206  *     SMB: Transact Flags Summary = 0 (0x0)
207  *       SMB: ...............0 = Leave session intact
208  *       SMB: ..............0. = Response required
209  *     SMB: Transact timeout = 0 (0x0)
210  *     SMB: Parameter bytes = 0 (0x0)
211  *     SMB: Parameter offset = 0 (0x0)
212  *     SMB: Data bytes = 33 (0x21)
213  *     SMB: Data offset = 86 (0x56)
214  *     SMB: Setup word count = 3
215  *     SMB: Setup words
216  *     SMB: Mailslot opcode = Write mailslot
217  *     SMB: Transaction priority = 1
218  *     SMB: Mailslot class = Unreliable (broadcast)
219  *     SMB: Byte count = 50
220  *     SMB: Byte parameters
221  *     SMB: Path name = \MAILSLOT\BROWSE
222  *     SMB: Transaction data
223  *   SMB: Data: Number of data bytes remaining = 33 (0x0021)
224  *
225  * Note the SMB command is Transact, the opcode within the Transact SMB is
226  * Mailslot Write, and the browser data structure is carried as the
227  * Transact data.
228  * The Transaction data begins with an opcode, that signifies the operation
229  * and determines the size and structure of data that follows. This opcode
230  * is named as per one of the below:
231  *
232  * HostAnnouncement         1
233  * AnnouncementRequest      2
234  * RequestElection          8
235  * GetBackupListReq         9
236  * GetBackupListResp        10
237  * BecomeBackup             11
238  * DomainAnnouncment        12
239  * MasterAnnouncement       13
240  * LocalMasterAnnouncement  15
241  *
242  * Browser datagrams are often referred to as simply browser frames. The
243  * frames are in particular, referred to by the name of the opcode within
244  * the Transaction data e.g. a GetBackupListReq browser frame, a
245  * RequestElection browser frame, etc.
246  *
247  * The structures that are sent as the data portion of the Transact SMB are
248  * described in section(s) 6.2 through 6.12 in this document. These
249  * structures are tightly packed, i.e. there are no intervening pad bytes
250  * in the structure, unless they are explicitly described as being there.
251  * All quantities are sent in native Intel format and multi-byte values are
252  * transmitted least significant byte first.
253  *
254  * Besides mailslots and Transaction SMBs, the other important piece of the
255  * browser architecture is the NetServerEnum2 request. This request that
256  * allows an application to interrogate a Browser Server and obtain a
257  * complete list of resources (servers, domains, etc) known to that Browser
258  * server. Details of the NetServerEnum2 request are presented in section
259  * 6.4. Some examples of the NetServerEnum2 request being used are when a
260  * Local Master Browser sends a NetServerEnum2 request to the Domain Master
261  * Browser and vice versa. Another example is when a browser client sends a
262  * NetServerEnum2 request to a Backup Browser server.
263  *
264  * 4.3 Non-Browser Server
265  *
266  * A non-browser server is a server that has some resource(s) or service(s)
267  * it wishes to advertise as being available using the browsing protocol.
268  * Examples of non-browser servers would be an SQL server, print server,
269  * etc.
270  *
271  * A non-browser server MUST periodically send a HostAnnouncement browser
272  * frame, specifying the type of resources or services it is advertising.
273  * Details are in section 6.5.
274  *
275  * A non-browser server SHOULD announce itself relatively frequently when
276  * it first starts up in order to make its presence quickly known to the
277  * browsers and thence to potential clients. The frequency of the
278  * announcements SHOULD then be gradually stretched, so as to minimize
279  * network traffic. Typically,  non-browser servers announce themselves
280  * once every minute upon start up and then gradually adjust the frequency
281  * of the announcements to once every 12 minutes.
282  *
283  * A non-browser server SHOULD send a HostAnnouncement browser frame
284  * specifying a type of  0 just prior to shutting down, to allow it to
285  * quickly be removed from the list of available servers.
286  *
287  * A non-browser server MUST receive and process AnnouncementRequest frames
288  * from the Local Master Browser, and MUST respond with a HostAnnouncement
289  * frame, after a delay chosen randomly from the interval [0,30] seconds.
290  * AnnouncementRequests typically happen when a Local Master Browser starts
291  * up with an empty list of servers for the domain, and wants to fill it
292  * quickly. The 30 second range for responses prevents the Master Browser
293  * from becoming overloaded and losing replies, as well as preventing the
294  * network from being flooded with responses.
295  *
296  * 4.4  Browser Servers
297  *
298  * The following sections describe the roles of the various types of
299  * browser servers.
300  *
301  * 4.4.1  Potential Browser Server
302  *
303  * A Potential Browser server is a browser server that is capable of being
304  * a Backup Browser server or Master Browser server, but is not currently
305  * fulfilling either of those roles.
306  *
307  * A Potential Browser MUST set type SV_TYPE_POTENTIAL_BROWSER (see section
308  * 6.4.1) in its HostAnnouncement until it is ready to shut down. In its
309  * last HostAnnouncement frame before it shuts down, it SHOULD specify a
310  * type of  0.
311  *
312  * A Potential Browser server MUST receive and process BecomeBackup frames
313  * (see section 6.9) and become a backup browser upon their receipt.
314  *
315  * A Potential Browser MUST participate in browser elections (see section
316  * 6.8).
317  *
318  * 4.4.2  Backup Browser
319  *
320  * Backup Browser servers are a subset of the Potential Browsers that have
321  * been chosen by the Master Browser on their subnet to be the Backup
322  * Browsers for the subnet.
323  *
324  * A Backup Browser MUST set type SV_TYPE_BACKUP_BROWSER (see section
325  * 6.4.1) in its HostAnnouncement until it is ready to shut down. In its
326  * last HostAnnouncement frame before it shuts down, it SHOULD specify a
327  * type of  0.
328  *
329  * A Backup Browser MUST listen for a LocalMasterAnnouncement frame (see
330  * section 6.10) from the Local Master Browser, and use it to set the name
331  * of the Master Browser it queries for the server and domain lists.
332  *
333  * A  Backup Browsers MUST periodically make a NetServerEnum2 request of
334  * the Master Browser on its subnet for its domain to get a list of servers
335  * in that domain, as well as a list of domains. The period is a
336  * configuration option balancing currency of the information with network
337  * traffic costs - a typical value is 15 minutes.
338  *
339  * A Backup Browser SHOULD force an election by sending a RequestElection
340  * frame (see section 6.7) if it does not get a response to its periodic
341  * NetServeEnum2 request to the Master Browser.
342  *
343  * A Backup Browser MUST receive and process NetServerEnum2 requests from
344  * browser clients, for its own domain and others. If the request is for a
345  * list of servers in its domain, or for a list of domains, it can answer
346  * from its internal lists. If the request is for a list of servers in a
347  * domain different than the one it serves, it sends a NetServerEnum2
348  * request to the Domain Master Browser for that domain (which it can in
349  * find in its list of domains and their Domain Master Browsers).
350  *
351  * A Backup Browser MUST participate in browser elections (see section
352  * 6.8).
353  *
354  * 4.4.3 Master Browser
355  *
356  * Master Browsers are responsible for:
357  * . indicating it is a Master Browser
358  * . receiving server announcements and building a list of such servers
359  *   and keeping it reasonably up-to-date.
360  * . returning lists of Backup Browsers to browser clients.
361  * . ensuring an appropriate number of Backup Browsers are available.
362  * . announcing their existence to other Master Browsers on their subnet,
363  *   to the Domain Master Browser for their domain, and to all browsers in
364  *   their domain on their subnet
365  * . forwarding requests for lists of servers on other domains to the
366  *   Master Browser for that domain
367  * . keeping a list of domains in its subnet
368  * . synchronizing with the Domain Master Browser (if any) for its domain
369  * . participating in browser elections
370  * . ensuring that there is only one Master Browser on its subnet
371  *
372  * A Master Browser MUST set type SV_TYPE_MASTER_BROWSER (see section
373  * 6.4.1) in its HostAnnouncement until it is ready to shut down. In its
374  * last HostAnnouncement frame before it shuts down, it SHOULD specify a
375  * type of  0.
376  *
377  * A Master Browser MUST receive and process HostAnnouncement frames from
378  * servers, adding the server name and other information to its servers
379  * list; it must mark them as "local" entries. Periodically, it MUST check
380  * all local server entries to see if a server's HostAnnouncement has timed
381  * out (no HostAnnouncement received for three times the periodicity the
382  * server gave in the last received HostAnnouncement) and remove timed-out
383  * servers from its list.
384  *
385  * A Master Browser MUST receive and process DomainAnnouncement frames (see
386  * section 6.12) and maintain the domain names and their associated (Local)
387  * Master Browsers in its internal domain list until they time out; it must
388  * mark these as "local" entries. Periodically, it MUST check all local
389  * domain entries to see if a server's DomainAnnouncement has timed out (no
390  * DomainAnnouncement received for three times the periodicity the server
391  * gave in the last received DomainAnnouncement) and remove timed-out
392  * servers from its list.
393  *
394  * A Master Browser MUST receive and process GetBackupListRequest frames
395  * from clients, returning GetBackupListResponse frames containing a list
396  * of the Backup Servers for its domain.
397  *
398  * A Master Browser MUST eventually send BecomeBackup frames (see section
399  * 6.9) to one or more Potential Browser servers to increase the number of
400  * Backup Browsers if there are not enough Backup Browsers to handle the
401  * anticipated query load. Note: possible good times for checking for
402  * sufficient backup browsers are after being elected, when timing out
403  * server HostAnnouncements, and when receiving a server's HostAnnouncement
404  * for the first time.
405  *
406  * A Master Browser MUST periodically announce itself and the domain it
407  * serves to other (Local) Master Browsers on its subnet, by sending a
408  * DomainAnnouncement frame (see section 6.12) to its subnet.
409  *
410  * A Master Browser MUST send a MasterAnnouncement frame (see section 6.11)
411  * to the Domain Master Browser after it is first elected, and periodically
412  * thereafter. This informs the Domain Master Browser of the presence of
413  * all the Master Browsers.
414  *
415  * A Master Browser MUST periodically announce itself to all browsers for
416  * its domain on its subnet by sending a LocalMasterAnnouncement frame (see
417  * section 6.10).
418  *
419  * A Master Browser MUST receive and process NetServerEnum2 requests from
420  * browser clients, for its own domain and others. If the request is for a
421  * list of servers in its domain, or for a list of domains, it can answer
422  * from its internal lists. Entries in its list marked "local" MUST have
423  * the SV_TYPE_LOCAL_LIST_ONLY bit set in the returned results; it must be
424  * clear for all other entries. If the request is for a list of servers in
425  * a domain different than the one it serves, it sends a NetServerEnum2
426  * request to the Domain Master Browser for that domain (which it can in
427  * find in its list of domains and their Domain Master Browsers).
428  *
429  *     Note: The list of servers that the Master Browser maintains and
430  *     returns to the Backup Browsers, is limited in size to 64K of
431  *     data. This will limit the number of systems that can be in a
432  *     browse list in a single workgroup or domain to approximately two
433  *     thousand systems.
434  *
435  * A Master Browser SHOULD request all servers to register with it by
436  * sending an AnnouncementRequest frame, if, on becoming the Master Browser
437  * by winning an election, its server list is empty. Otherwise, clients
438  * might get an incomplete list of servers until the servers' periodic
439  * registrations fill the server list.
440  *
441  * If the Master Browser on a subnet is not the Primary Domain Controller
442  * (PDC), then it is a Local Master Browser.
443  *
444  * A Local Master Browser MUST periodically synchronize with the Domain
445  * Master Browser (which is the PDC). This synchronization is performed by
446  * making a NetServerEnum2 request to the Domain Master Browser and merging
447  * the results with its list of servers and domains. An entry from the
448  * Domain Master Browser should be marked "non-local", and must not
449  * overwrite an entry with the same name marked "local". The Domain Master
450  * Browser is located as specified in Appendix B.
451  *
452  * A Master Browser MUST participate in browser elections (see section
453  * 6.8).
454  *
455  * A Master Browser MUST, if it receives a HostAnnouncement,
456  * DomainAnnouncement, or LocalMasterAnnouncement frame another system that
457  * claims to be the Master Browser for its domain, demote itself from
458  * Master Browser and force an election. This ensures that there is only
459  * ever one Master Browser in each workgroup or domain.
460  *
461  * A Master Browser SHOULD, if it loses an election, become a Backup
462  * Browser (without being told to do so by the new Master Browser). Since
463  * it has more up-to-date information in its lists than a Potential
464  * Browser, it is more efficient to have it be a Backup Browser than to
465  * promote a Potential Browser.
466  *
467  * 4.4.3.1 Preferred Master Browser
468  *
469  * A Preferred Master Browser supports exactly the same protocol elements
470  * as a Potential Browser, except as follows.
471  *
472  * A Preferred Master Browser MUST always force an election when it starts
473  * up.
474  *
475  * A Preferred Master Browser MUST participate in browser elections (see
476  * section 6.8).
477  *
478  * A Preferred Master Browser MUST set the Preferred Master bit in the
479  * RequestElection frame (see section 6.7) to bias the election in its
480  * favor.
481  *
482  * A Preferred Master Browser SHOULD, if it loses an election,
483  * automatically become a Backup Browser, without being told to do so by
484  * the Master Browser.
485  *
486  * 4.4.4 Domain Master Browser
487  *
488  * Since the Domain Master Browser always runs on the PDC, it must
489  * implement all the protocols required of a PDC in addition to the
490  * browsing protocol, and that is way beyond the scope of this
491  * specification.
492  *
493  * 5. Mailslot Protocol Specification
494  *
495  * The only transaction allowed to a mailslot is a mailslot write. Mailslot
496  * writes requests are encapsulated in TRANSACT SMBs. The following table
497  * shows the interpretation of the TRANSACT SMB parameters for a mailslot
498  * transaction:
499  *
500  *  Name            Value               Description
501  *  Command         SMB_COM_TRANSACTION
502  *  Name            <name>              STRING name of mail slot to write;
503  *                                      must start with "\\MAILSLOT\\"
504  *  SetupCount      3                   Always 3 for mailslot writes
505  *  Setup[0]        1                   Command code == write mailslot
506  *  Setup[1]        Ignored
507  *  Setup[2]        Ignored
508  *  TotalDataCount  n                   Size of data in bytes to write to
509  *                                      the mailslot
510  *  Data[ n ]                           The data to write to the mailslot
511  *
512  */
513 
514 /*
515  * SMB: C transact, File = \MAILSLOT\BROWSE
516  *   SMB: SMB Status = Error Success
517  *     SMB: Error class = No Error
518  *     SMB: Error code = No Error
519  *   SMB: Header: PID = 0x0000 TID = 0x0000 MID = 0x0000 UID = 0x0000
520  *     SMB: Tree ID   (TID) = 0 (0x0)
521  *     SMB: Process ID  (PID) = 0 (0x0)
522  *     SMB: User ID   (UID) = 0 (0x0)
523  *     SMB: Multiplex ID (MID) = 0 (0x0)
524  *     SMB: Flags Summary = 0 (0x0)
525  *   SMB: Command = C transact
526  *     SMB: Word count = 17
527  *     SMB: Word parameters
528  *     SMB: Total parm bytes = 0
529  *     SMB: Total data bytes = 33
530  *     SMB: Max parm bytes = 0
531  *     SMB: Max data bytes = 0
532  *     SMB: Max setup words = 0
533  *     SMB: Transact Flags Summary = 0 (0x0)
534  *       SMB: ...............0 = Leave session intact
535  *       SMB: ..............0. = Response required
536  *     SMB: Transact timeout = 0 (0x0)
537  *     SMB: Parameter bytes = 0 (0x0)
538  *     SMB: Parameter offset = 0 (0x0)
539  *     SMB: Data bytes = 33 (0x21)
540  *     SMB: Data offset = 86 (0x56)
541  *     SMB: Setup word count = 3
542  *     SMB: Setup words
543  *     SMB: Mailslot opcode = Write mailslot
544  *     SMB: Transaction priority = 1
545  *     SMB: Mailslot class = Unreliable (broadcast)
546  *     SMB: Byte count = 50
547  *     SMB: Byte parameters
548  *     SMB: Path name = \MAILSLOT\BROWSE
549  *     SMB: Transaction data
550  *   SMB: Data: Number of data bytes remaining = 33 (0x0021)
551  *
552  * 5. Mailslot Protocol Specification
553  *
554  * The only transaction allowed to a mailslot is a mailslot write. Mailslot
555  * writes requests are encapsulated in TRANSACT SMBs. The following table
556  * shows the interpretation of the TRANSACT SMB parameters for a mailslot
557  * transaction:
558  *
559  *  Name            Value               Description
560  *  Command         SMB_COM_TRANSACTION
561  *  Name            <name>              STRING name of mail slot to write;
562  *                                      must start with "\MAILSLOT\"
563  *  SetupCount      3                   Always 3 for mailslot writes
564  *  Setup[0]        1                   Command code == write mailslot
565  *  Setup[1]        Ignored
566  *  Setup[2]        Ignored
567  *  TotalDataCount  n                   Size of data in bytes to write to
568  *                                      the mailslot
569  *  Data[ n ]                           The data to write to the mailslot
570  *
571  *	Magic		0xFF 'S' 'M' 'B'
572  *	smb_com 	a byte, the "first" command
573  *	Error		a 4-byte union, ignored in a request
574  *	smb_flg		a one byte set of eight flags
575  *	smb_flg2	a two byte set of 16 flags
576  *	.		twelve reserved bytes, have a role
577  *			in connectionless transports (IPX, UDP?)
578  *	smb_tid		a 16-bit tree ID, a mount point sorta,
579  *			0xFFFF is this command does not have
580  *			or require a tree context
581  *	smb_pid		a 16-bit process ID
582  *	smb_uid		a 16-bit user ID, specific to this "session"
583  *			and mapped to a system (bona-fide) UID
584  *	smb_mid		a 16-bit multiplex ID, used to differentiate
585  *			multiple simultaneous requests from the same
586  *			process (pid) (ref RPC "xid")
587  */
588 
589 int
590 smb_browser_load_transact_header(unsigned char *buffer, int maxcnt,
591     int data_count, int reply, char *mailbox)
592 {
593 	smb_msgbuf_t mb;
594 	int	mailboxlen;
595 	char *fmt;
596 	int result;
597 	short	class = (reply == ONE_WAY_TRANSACTION) ? 2 : 0;
598 
599 	/*
600 	 * If the mailboxlen is an even number we need to pad the
601 	 * header so that the data starts on a word boundary.
602 	 */
603 	fmt = "Mb4.bw20.bwwwwb.wl2.wwwwb.wwwws";
604 	mailboxlen = strlen(mailbox) + 1;
605 
606 	if ((mailboxlen & 0x01) == 0) {
607 		++mailboxlen;
608 		fmt = "Mb4.bw20.bwwwwb.wl2.wwwwb.wwwws.";
609 	}
610 
611 	bzero(buffer, maxcnt);
612 	smb_msgbuf_init(&mb, buffer, maxcnt, 0);
613 
614 	result = smb_msgbuf_encode(&mb, fmt,
615 	    SMB_COM_TRANSACTION,	/* Command */
616 	    0x18,
617 	    0x3,
618 	    17,				/* Count of parameter words */
619 	    0,				/* Total Parameter words sent */
620 	    data_count,			/* Total Data bytes sent */
621 	    2,				/* Max Parameters to return */
622 	    0,				/* Max data bytes to return */
623 	    0,				/* Max setup bytes to return */
624 	    reply,			/* No reply */
625 	    0xffffffff,			/* Timeout */
626 	    0,				/* Parameter bytes sent */
627 	    0,				/* Parameter offset */
628 	    data_count,			/* Data bytes sent */
629 	    69 + mailboxlen,		/* Data offset */
630 	    3,				/* Setup word count */
631 	    1,				/* Setup word[0] */
632 	    0,				/* Setup word[1] */
633 	    class,			/* Setup word[2] */
634 	    mailboxlen + data_count,	/* Total request bytes */
635 	    mailbox);			/* Mailbox address */
636 
637 	smb_msgbuf_term(&mb);
638 	return (result);
639 }
640 
641 static int
642 smb_browser_addr_of_subnet(struct name_entry *name, smb_hostinfo_t *hinfo,
643     struct name_entry *result)
644 {
645 	uint32_t ipaddr, mask, saddr;
646 	struct addr_entry *addr;
647 
648 	if (name == NULL)
649 		return (-1);
650 
651 	if (hinfo->hi_nic.nic_smbflags & SMB_NICF_ALIAS)
652 		return (-1);
653 
654 	ipaddr = hinfo->hi_nic.nic_ip;
655 	mask = hinfo->hi_nic.nic_mask;
656 
657 	*result = *name;
658 	addr = &name->addr_list;
659 	do {
660 		saddr = addr->sin.sin_addr.s_addr;
661 		if ((saddr & mask) == (ipaddr & mask)) {
662 			*result = *name;
663 			result->addr_list = *addr;
664 			result->addr_list.forw = result->addr_list.back =
665 			    &result->addr_list;
666 			return (0);
667 		}
668 		addr = addr->forw;
669 	} while (addr != &name->addr_list);
670 
671 	return (-1);
672 }
673 
674 
675 static int
676 smb_browser_bcast_addr_of_subnet(struct name_entry *name, uint32_t bcast,
677     struct name_entry *result)
678 {
679 	if (name != NULL && name != result)
680 		*result = *name;
681 
682 	result->addr_list.sin.sin_family = AF_INET;
683 	result->addr_list.sinlen = sizeof (result->addr_list.sin);
684 	result->addr_list.sin.sin_addr.s_addr = bcast;
685 	result->addr_list.sin.sin_port = htons(DGM_SRVC_UDP_PORT);
686 	result->addr_list.forw = result->addr_list.back = &result->addr_list;
687 	return (0);
688 }
689 
690 /*
691  * 6.5 HostAnnouncement Browser Frame
692  *
693  * To advertise its presence, i.e. to publish itself as being available, a
694  * non-browser server sends a HostAnnouncement browser frame. If the server
695  * is a member of domain "D", this frame is sent to the NETBIOS unique name
696  * D(1d) and mailslot "\\MAILSLOT\\BROWSE". The definition of  the
697  * HostAnnouncement frame is:
698  *
699  *     struct {
700  *         unsigned short  Opcode;
701  *         unsigned char   UpdateCount;
702  *         uint32_t   Periodicity;
703  *         unsigned char   ServerName[];
704  *         unsigned char   VersionMajor;
705  *         unsigned char   VersionMinor;
706  *         uint32_t   Type;
707  *         uint32_t   Signature;
708  *         unsigned char   Comment[];
709  *     }
710  *
711  * where:
712  *      Opcode - Identifies this structure as a browser server
713  *          announcement and is defined as HostAnnouncement with a
714  *          value of decimal 1.
715  *
716  *      UpdateCount - must be sent as zero and ignored on receipt.
717  *
718  *      Periodicity - The announcement frequency of the server (in
719  *          seconds). The server will be removed from the browse list
720  *          if it has not been heard from in 3X its announcement
721  *          frequency. In no case will the server be removed from the
722  *          browse list before the period 3X has elapsed. Actual
723  *          implementations may take more than 3X to actually remove
724  *          the server from the browse list.
725  *
726  *      ServerName - Null terminated ASCII server name (up to 16 bytes
727  *          in length).
728  *
729  *      VersionMajor - The major version number of the OS the server
730  *          is running. it will be returned by NetServerEnum2.
731  *
732  *      VersionMinor - The minor version number of the OS the server
733  *          is running. This is entirely informational and does not
734  *          have any significance for the browsing protocol.
735  *
736  *      Type - Specifies the type of the server. The server type bits
737  *          are specified in the NetServerEnum2 section.
738  *
739  *      Signature -  The browser protocol minor version number in the
740  *          low 8 bits, the browser protocol major version number in
741  *          the next higher 8 bits and the signature 0xaa55 in the
742  *          high 16 bits of this field. Thus, for this version of the
743  *          browser protocol (1.15) this field has the value
744  *          0xaa55010f. This may used to isolate browser servers that
745  *          are running out of revision browser software; otherwise,
746  *          it is ignored.
747  *
748  *      Comment - Null terminated ASCII comment for the server.
749  *          Limited to 43 bytes.
750  *
751  * When a non-browser server starts up, it announces itself in the manner
752  * described once every minute. The frequency of these statements is
753  * gradually stretched to once every 12 minutes.
754  *
755  * Note: older non-browser servers in a domain "D" sent HostAnnouncement
756  * frames to the NETBIOS group name D(00). Non-Browser servers supporting
757  * version 1.15 of the browsing protocol SHOULD NOT use this NETBIOS name,
758  * but for backwards compatibility Master Browsers MAY receive and process
759  * HostAnnouncement frames on this name as described above for D(1d).
760  */
761 
762 static void
763 smb_browser_send_HostAnnouncement(smb_hostinfo_t *hinfo,
764     uint32_t next_announcement, boolean_t remove,
765     struct addr_entry *addr, char suffix)
766 {
767 	smb_msgbuf_t mb;
768 	int offset, announce_len, data_length;
769 	struct name_entry dest_name;
770 	unsigned char *buffer;
771 	uint32_t type;
772 	char resource_domain[SMB_PI_MAX_DOMAIN];
773 
774 	if (smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN) != 0)
775 		return;
776 	(void) utf8_strupr(resource_domain);
777 
778 	if (addr == NULL) {
779 		/* Local master Browser */
780 		smb_init_name_struct((unsigned char *)resource_domain, suffix,
781 		    0, 0, 0, 0, 0, &dest_name);
782 		if (smb_browser_bcast_addr_of_subnet(0, hinfo->hi_nic.nic_bcast,
783 		    &dest_name) < 0)
784 			return;
785 	} else {
786 		smb_init_name_struct((unsigned char *)resource_domain, suffix,
787 		    0, 0, 0, 0, 0, &dest_name);
788 		dest_name.addr_list = *addr;
789 		dest_name.addr_list.forw = dest_name.addr_list.back =
790 		    &dest_name.addr_list;
791 	}
792 
793 	/* give some extra room */
794 	buffer = (unsigned char *)malloc(MAX_DATAGRAM_LENGTH * 2);
795 	if (buffer == 0) {
796 		syslog(LOG_ERR, "HostAnnouncement: resource shortage");
797 		return;
798 	}
799 
800 	data_length = 1 + 1 + 4 + 16 + 1 + 1 + 4 + 4 +
801 	    strlen(hinfo->hi_nic.nic_cmnt) + 1;
802 
803 	offset = smb_browser_load_transact_header(buffer,
804 	    MAX_DATAGRAM_LENGTH, data_length, ONE_WAY_TRANSACTION,
805 	    MAILSLOT_BROWSE);
806 
807 	if (offset < 0) {
808 		free(buffer);
809 		return;
810 	}
811 
812 	/*
813 	 * A non-browser server SHOULD send a HostAnnouncement browser frame
814 	 * specifying a type of 0 just prior to shutting down, to allow it to
815 	 * quickly be removed from the list of available servers.
816 	 */
817 	if (remove || (nb_status.state & NETBIOS_SHUTTING_DOWN))
818 		type = 0;
819 	else
820 		type = hinfo->hi_type;
821 
822 	smb_msgbuf_init(&mb, buffer + offset, MAX_DATAGRAM_LENGTH - offset, 0);
823 
824 	announce_len = smb_msgbuf_encode(&mb, "bbl16cbblls",
825 	    HOST_ANNOUNCEMENT,
826 	    ++hinfo->hi_updatecnt,
827 	    next_announcement * 60000,	/* Periodicity in MilliSeconds */
828 	    hinfo->hi_nbname,
829 	    SMB_VERSION_MAJOR,
830 	    SMB_VERSION_MINOR,
831 	    type,
832 	    SMB_SERVER_SIGNATURE,
833 	    hinfo->hi_nic.nic_cmnt);
834 
835 	if (announce_len > 0)
836 		(void) smb_netbios_datagram_send(&hinfo->hi_netname, &dest_name,
837 		    buffer, offset + announce_len);
838 
839 	free(buffer);
840 	smb_msgbuf_term(&mb);
841 }
842 
843 static void
844 smb_browser_process_AnnouncementRequest(struct datagram *datagram,
845     char *mailbox)
846 {
847 	smb_hostinfo_t *hinfo;
848 	uint32_t next_announcement;
849 	uint32_t delay = random() % 29; /* in seconds */
850 	boolean_t h_found = B_FALSE;
851 
852 	if (strcmp(mailbox, MAILSLOT_LANMAN) != 0) {
853 		syslog(LOG_DEBUG, "smb_browse: Wrong Mailbox (%s)", mailbox);
854 		return;
855 	}
856 
857 	(void) sleep(delay);
858 
859 	(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
860 	hinfo = list_head(&smb_binfo.bi_hlist);
861 	while (hinfo) {
862 		if ((hinfo->hi_nic.nic_ip & hinfo->hi_nic.nic_mask) ==
863 		    (datagram->src.addr_list.sin.sin_addr.s_addr &
864 		    hinfo->hi_nic.nic_mask)) {
865 			h_found = B_TRUE;
866 			break;
867 		}
868 		hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
869 	}
870 
871 	if (h_found) {
872 		next_announcement = hinfo->hi_nextannouce * 60 * 1000;
873 		smb_browser_send_HostAnnouncement(hinfo, next_announcement,
874 		    B_FALSE, &datagram->src.addr_list, 0x1D);
875 	}
876 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
877 }
878 
879 void *
880 smb_browser_dispatch(void *arg)
881 {
882 	struct datagram *datagram = (struct datagram *)arg;
883 	smb_msgbuf_t 	mb;
884 	int		rc;
885 	unsigned char	command;
886 	unsigned char	parameter_words;
887 	unsigned short	total_parameter_words;
888 	unsigned short	total_data_count;
889 	unsigned short	max_parameters_to_return;
890 	unsigned short	max_data_to_return;
891 	unsigned char	max_setup_bytes_to_return;
892 	unsigned short	reply;
893 	unsigned short	parameter_bytes_sent;
894 	unsigned short	parameter_offset;
895 	unsigned short	data_bytes_sent;
896 	unsigned short	data_offset;
897 	unsigned char	setup_word_count;
898 	unsigned short	setup_word_0;
899 	unsigned short	setup_word_1;
900 	unsigned short	setup_word_2;
901 	unsigned short	total_request_bytes;
902 	char 		*mailbox;
903 	unsigned char	message_type;
904 	unsigned char 	*data;
905 	int		datalen;
906 
907 	syslog(LOG_DEBUG, "smb_browse: packet_received");
908 
909 	smb_msgbuf_init(&mb, datagram->data, datagram->data_length, 0);
910 	rc = smb_msgbuf_decode(&mb, "Mb27.bwwwwb.w6.wwwwb.wwwws",
911 	    &command,			/* Command */
912 	    &parameter_words,		/* Count of parameter words */
913 	    &total_parameter_words,	/* Total Parameter words sent */
914 	    &total_data_count,		/* Total Data bytes sent */
915 	    &max_parameters_to_return,	/* Max Parameters to return */
916 	    &max_data_to_return,	/* Max data bytes to return */
917 	    &max_setup_bytes_to_return,	/* Max setup bytes to return */
918 	    &reply,			/* No reply */
919 	    &parameter_bytes_sent,	/* Parameter bytes sent */
920 	    &parameter_offset,		/* Parameter offset */
921 	    &data_bytes_sent,		/* Data bytes sent */
922 	    &data_offset,		/* Data offset */
923 	    &setup_word_count,		/* Setup word count */
924 	    &setup_word_0,		/* Setup word[0] */
925 	    &setup_word_1,		/* Setup word[1] */
926 	    &setup_word_2,		/* Setup word[2] */
927 	    &total_request_bytes,	/* Total request bytes */
928 	    &mailbox);			/* Mailbox address */
929 
930 	if (rc < 0) {
931 		syslog(LOG_ERR, "smb_browser_dispatch: decode error");
932 		smb_msgbuf_term(&mb);
933 		free(datagram);
934 		return (0);
935 	}
936 
937 	data = &datagram->data[data_offset];
938 	datalen = datagram->data_length - data_offset;
939 
940 	/*
941 	 * The PDC location protocol, i.e. anything on the \\NET
942 	 * mailslot, is handled by the smb_netlogon module.
943 	 */
944 	if (strncasecmp("\\MAILSLOT\\NET\\", mailbox, 14) == 0) {
945 		smb_netlogon_receive(datagram, mailbox, data, datalen);
946 		smb_msgbuf_term(&mb);
947 		free(datagram);
948 		return (0);
949 	}
950 
951 	/*
952 	 * If it's not a netlogon message, assume it's a browser request.
953 	 * This is not the most elegant way to extract the command byte
954 	 * but at least we no longer use it to get the netlogon opcode.
955 	 */
956 	message_type = datagram->data[data_offset];
957 
958 	switch (message_type) {
959 	case ANNOUNCEMENT_REQUEST :
960 		smb_browser_process_AnnouncementRequest(datagram, mailbox);
961 		break;
962 
963 	default:
964 		syslog(LOG_DEBUG, "smb_browse: invalid message_type(%d, %x)",
965 		    message_type, message_type);
966 		break;
967 	}
968 
969 	smb_msgbuf_term(&mb);
970 	free(datagram);
971 	return (0);
972 }
973 
974 
975 /*
976  * 11.1 Registered unique names
977  *
978  *  <COMPUTER>(00)
979  *     This name is used by all servers and clients to receive second
980  *     class mailslot messages. A system must add this name in order to
981  *     receive mailslot messages. The only browser requests that should
982  *     appear on this name are BecomeBackup, GetBackupListResp,
983  *     MasterAnnouncement, and LocalMasterAnnouncement frames. All other
984  *     datagrams (other than the expected non-browser datagrams) may be
985  *     ignored and an error logged.
986  *
987  *   <DOMAIN>(1d)
988  *     This name is used to identify a master browser server for domain
989  *     "DOMAIN" on a subnet.  A master browser server adds this name as a
990  *     unique NETBIOS name when it becomes master browser. If the attempt
991  *     to add the name fails, the master browser server assumes that there
992  *     is another master in the domain and will fail to come up. It may
993  *     log an error if the failure occurs more than 3 times in a row (this
994  *     either indicates some form of network misconfiguration or a
995  *     software error). The only requests that should appear on this name
996  *     are GetBackupListRequest and HostAnnouncement requests. All other
997  *     datagrams on this name may be ignored (and an error logged). If
998  *     running a NETBIOS name service (NBNS, such as WINS), this name
999  *     should not be registered with the NBNS.
1000  *
1001  *   <DOMAIN>(1b)
1002  *     This name is used to identify the Domain Master Browser for domain
1003  *     "DOMAIN" (which is also the primary domain controller). It is a
1004  *     unique name added only by the primary domain controller. The
1005  *     primary domain controller will respond to GetBackupListRequest on
1006  *     this name just as it responds to these requests on the <DOMAIN>(1d)
1007  *     name.
1008  *
1009  * 11.2 Registered group names
1010  *
1011  *   (01)(02)__MSBROWSE__(02)(01)
1012  *     This name is used by Master Browsers to announce themselves to the
1013  *     other Master Browsers on a subnet. It is added as a group name by
1014  *     all Master Browser servers. The only broadcasts that should appear
1015  *     on this name is DomainAnnouncement requests. All other datagrams
1016  *     can be ignored.
1017  *
1018  *   <DOMAIN>(00)
1019  *     This name is used by clients and servers in domain "DOMAIN" to
1020  *     process server announcements. The only requests that should appear
1021  *     on this name that the browser is interested in are
1022  *     AnnouncementRequest and NETLOGON_QUERY (to locate the PDC) packets.
1023  *     All other unidentifiable requests may be ignored (and an error
1024  *     logged).
1025  *
1026  *   <DOMAIN>(1E)
1027  *     This name is used for announcements to browsers for domain "DOMAIN"
1028  *     on a subnet. This name is registered by all the browser servers in
1029  *     the domain. The only requests that should appear on this name are
1030  *     RequestElection and AnnouncementRequest packets. All other
1031  *     datagrams may be ignored (and an error logged).
1032  *
1033  *   <DOMAIN>(1C)
1034  *     This name is registered by Primary Domain Controllers.
1035  */
1036 
1037 static void
1038 smb_browser_config(void)
1039 {
1040 	smb_hostinfo_t *hinfo;
1041 	struct name_entry	name;
1042 	struct name_entry	master;
1043 	struct name_entry	dest;
1044 	struct name_entry	*entry;
1045 	char resource_domain[SMB_PI_MAX_DOMAIN];
1046 	int rc;
1047 
1048 	if (smb_browser_init() != 0)
1049 		return;
1050 
1051 	if (smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN) != 0)
1052 		return;
1053 	(void) utf8_strupr(resource_domain);
1054 
1055 	/* domain<00> */
1056 	smb_init_name_struct((unsigned char *)resource_domain, 0x00,
1057 	    0, 0, 0, 0, 0, &name);
1058 	entry = smb_name_find_name(&name);
1059 	smb_name_unlock_name(entry);
1060 
1061 	(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1062 	hinfo = list_head(&smb_binfo.bi_hlist);
1063 	while (hinfo) {
1064 		smb_init_name_struct((unsigned char *)resource_domain, 0x00, 0,
1065 		    hinfo->hi_nic.nic_ip, htons(DGM_SRVC_UDP_PORT),
1066 		    NAME_ATTR_GROUP, NAME_ATTR_LOCAL, &name);
1067 		(void) smb_name_add_name(&name);
1068 
1069 		hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1070 	}
1071 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1072 
1073 	/* All our local master browsers */
1074 	smb_init_name_struct((unsigned char *)resource_domain, 0x1D,
1075 	    0, 0, 0, 0, 0, &dest);
1076 	entry = smb_name_find_name(&dest);
1077 
1078 	if (entry) {
1079 		(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1080 		hinfo = list_head(&smb_binfo.bi_hlist);
1081 		while (hinfo) {
1082 			rc = smb_browser_addr_of_subnet(entry, hinfo, &master);
1083 			if (rc == 0) {
1084 				syslog(LOG_DEBUG,
1085 				    "smbd: Master browser found at %s",
1086 				    inet_ntoa(master.addr_list.sin.sin_addr));
1087 			}
1088 			hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1089 		}
1090 		(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1091 
1092 		smb_name_unlock_name(entry);
1093 	}
1094 
1095 	/* Domain master browser */
1096 	smb_init_name_struct((unsigned char *)resource_domain,
1097 	    0x1B, 0, 0, 0, 0, 0, &dest);
1098 
1099 	if ((entry = smb_name_find_name(&dest)) != 0) {
1100 		syslog(LOG_DEBUG, "smbd: Domain Master browser for %s is %s",
1101 		    resource_domain,
1102 		    inet_ntoa(entry->addr_list.sin.sin_addr));
1103 		smb_name_unlock_name(entry);
1104 	}
1105 }
1106 
1107 static int
1108 smb_browser_init(void)
1109 {
1110 	smb_hostinfo_t *hinfo;
1111 	smb_niciter_t ni;
1112 	uint32_t type;
1113 
1114 	(void) rw_wrlock(&smb_binfo.bi_hlist_rwl);
1115 	smb_browser_infofree();
1116 
1117 	if (smb_nic_getfirst(&ni) != 0) {
1118 		(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1119 		return (-1);
1120 	}
1121 
1122 	type = MY_SERVER_TYPE;
1123 	if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN)
1124 		type |= SV_DOMAIN_MEMBER;
1125 
1126 	do {
1127 		if (ni.ni_nic.nic_smbflags & SMB_NICF_NBEXCL)
1128 			continue;
1129 
1130 		hinfo = malloc(sizeof (smb_hostinfo_t));
1131 		if (hinfo == NULL) {
1132 			smb_browser_infofree();
1133 			(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1134 			return (-1);
1135 		}
1136 
1137 		hinfo->hi_nic = ni.ni_nic;
1138 		/* One Minute announcements for first five */
1139 		hinfo->hi_nextannouce = 1;
1140 		hinfo->hi_interval = 1;
1141 		hinfo->hi_reps = 5;
1142 		hinfo->hi_updatecnt = 0;
1143 		hinfo->hi_type = type;
1144 
1145 		/* This is the name used for HostAnnouncement */
1146 		(void) strlcpy(hinfo->hi_nbname, hinfo->hi_nic.nic_host,
1147 		    NETBIOS_NAME_SZ);
1148 		(void) utf8_strupr(hinfo->hi_nbname);
1149 
1150 		/* 0x20: file server service  */
1151 		smb_init_name_struct((unsigned char *)hinfo->hi_nbname,
1152 		    0x20, 0, hinfo->hi_nic.nic_ip, htons(DGM_SRVC_UDP_PORT),
1153 		    NAME_ATTR_UNIQUE, NAME_ATTR_LOCAL, &hinfo->hi_netname);
1154 
1155 		list_insert_tail(&smb_binfo.bi_hlist, hinfo);
1156 		smb_binfo.bi_hcnt++;
1157 	} while (smb_nic_getnext(&ni) == 0);
1158 
1159 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1160 	return (0);
1161 }
1162 
1163 /*
1164  * smb_browser_non_master_duties
1165  *
1166  * To advertise its presence, i.e. to publish itself as being available, a
1167  * non-browser server sends a HostAnnouncement browser frame. If the server
1168  * is a member of domain "D", this frame is sent to the NETBIOS unique name
1169  * D(1d) and mailslot "\\MAILSLOT\\BROWSE".
1170  */
1171 static void
1172 smb_browser_non_master_duties(smb_hostinfo_t *hinfo, boolean_t remove)
1173 {
1174 	struct name_entry name;
1175 	struct name_entry *dest;
1176 	struct addr_entry addr;
1177 	char resource_domain[SMB_PI_MAX_DOMAIN];
1178 
1179 	smb_browser_send_HostAnnouncement(hinfo, hinfo->hi_interval,
1180 	    remove, 0, 0x1D);
1181 	if (smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN) != 0)
1182 		return;
1183 
1184 	(void) utf8_strupr(resource_domain);
1185 
1186 	smb_init_name_struct((unsigned char *)resource_domain, 0x1D,
1187 	    0, 0, 0, 0, 0, &name);
1188 
1189 	if ((dest = smb_name_find_name(&name))) {
1190 		addr = dest->addr_list;
1191 		addr.forw = addr.back = &addr;
1192 		smb_name_unlock_name(dest);
1193 		smb_browser_send_HostAnnouncement(hinfo, hinfo->hi_interval,
1194 		    remove, &addr, 0x1D);
1195 	} else {
1196 		smb_init_name_struct((unsigned char *)resource_domain, 0x1B,
1197 		    0, 0, 0, 0, 0, &name);
1198 		if ((dest = smb_name_find_name(&name))) {
1199 			addr = dest->addr_list;
1200 			addr.forw = addr.back = &addr;
1201 			smb_name_unlock_name(dest);
1202 			smb_browser_send_HostAnnouncement(hinfo,
1203 			    remove, hinfo->hi_interval, &addr, 0x1B);
1204 		}
1205 	}
1206 
1207 	/*
1208 	 * One Minute announcements for first five
1209 	 * minutes, one minute longer each round
1210 	 * until 12 minutes and every 12 minutes
1211 	 * thereafter.
1212 	 */
1213 	if (--hinfo->hi_reps == 0) {
1214 		if (hinfo->hi_interval < 12)
1215 			hinfo->hi_interval++;
1216 
1217 		hinfo->hi_reps = 1;
1218 	}
1219 
1220 	hinfo->hi_nextannouce = hinfo->hi_interval;
1221 }
1222 
1223 
1224 /*
1225  * smb_browser_sleep
1226  *
1227  * Put browser in 1 minute sleep if netbios services are not
1228  * shutting down and both name and datagram services are still
1229  * running. It'll wake up after 1 minute or if one of the above
1230  * conditions go false. It checks the conditions again and return
1231  * 1 if everything is ok or 0 if browser shouldn't continue
1232  * running.
1233  */
1234 static boolean_t
1235 smb_browser_sleep(void)
1236 {
1237 	boolean_t slept = B_FALSE;
1238 	timestruc_t to;
1239 
1240 	(void) mutex_lock(&nb_status.mtx);
1241 	while (((nb_status.state & NETBIOS_SHUTTING_DOWN) == 0) &&
1242 	    (nb_status.state & NETBIOS_NAME_SVC_RUNNING) &&
1243 	    (nb_status.state & NETBIOS_DATAGRAM_SVC_RUNNING)) {
1244 
1245 		if (slept) {
1246 			(void) mutex_unlock(&nb_status.mtx);
1247 			return (B_TRUE);
1248 		}
1249 
1250 		to.tv_sec = 60;  /* 1 minute */
1251 		to.tv_nsec = 0;
1252 		(void) cond_reltimedwait(&nb_status.cv, &nb_status.mtx, &to);
1253 		slept = B_TRUE;
1254 	}
1255 	(void) mutex_unlock(&nb_status.mtx);
1256 
1257 	return (B_FALSE);
1258 }
1259 
1260 /*
1261  * smb_browser_daemon
1262  *
1263  * Smb Netbios browser daemon.
1264  */
1265 /*ARGSUSED*/
1266 void *
1267 smb_browser_daemon(void *arg)
1268 {
1269 	smb_hostinfo_t *hinfo;
1270 
1271 	smb_browser_infoinit();
1272 	smb_browser_config();
1273 
1274 	smb_netbios_chg_status(NETBIOS_BROWSER_RUNNING, 1);
1275 
1276 restart:
1277 	do {
1278 		(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1279 		hinfo = list_head(&smb_binfo.bi_hlist);
1280 		while (hinfo) {
1281 			if (--hinfo->hi_nextannouce > 0 ||
1282 			    hinfo->hi_nic.nic_bcast == 0) {
1283 				hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1284 				continue;
1285 			}
1286 
1287 			smb_browser_non_master_duties(hinfo, B_FALSE);
1288 
1289 			/* Check to see whether reconfig is needed */
1290 			(void) mutex_lock(&smb_binfo.bi_mtx);
1291 			if (smb_binfo.bi_changed) {
1292 				smb_binfo.bi_changed = B_FALSE;
1293 				(void) mutex_unlock(&smb_binfo.bi_mtx);
1294 				(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1295 				smb_browser_config();
1296 				goto restart;
1297 			}
1298 			(void) mutex_unlock(&smb_binfo.bi_mtx);
1299 
1300 			hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1301 		}
1302 		(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1303 	} while (smb_browser_sleep());
1304 
1305 	smb_browser_infoterm();
1306 	smb_netbios_chg_status(NETBIOS_BROWSER_RUNNING, 0);
1307 	return (0);
1308 }
1309 
1310 /*
1311  * smb_browser_netlogon
1312  *
1313  * Sends SAMLOGON/NETLOGON request for all host/ips, except
1314  * aliases, to find a domain controller.
1315  */
1316 void
1317 smb_browser_netlogon(char *domain)
1318 {
1319 	smb_hostinfo_t *hinfo;
1320 	int protocol;
1321 
1322 	if (smb_config_getbool(SMB_CI_DOMAIN_MEMB))
1323 		protocol = NETLOGON_PROTO_SAMLOGON;
1324 	else
1325 		protocol = NETLOGON_PROTO_NETLOGON;
1326 
1327 	(void) rw_rdlock(&smb_binfo.bi_hlist_rwl);
1328 	hinfo = list_head(&smb_binfo.bi_hlist);
1329 	while (hinfo) {
1330 		if ((hinfo->hi_nic.nic_smbflags & SMB_NICF_ALIAS) == 0)
1331 			smb_netlogon_request(&hinfo->hi_netname, protocol,
1332 			    domain);
1333 		hinfo = list_next(&smb_binfo.bi_hlist, hinfo);
1334 	}
1335 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1336 }
1337 
1338 /*
1339  * smb_browser_infoinit
1340  *
1341  * This function is called only once when browser daemon starts
1342  * to initialize global smb_binfo structure
1343  */
1344 static void
1345 smb_browser_infoinit(void)
1346 {
1347 	(void) rw_wrlock(&smb_binfo.bi_hlist_rwl);
1348 	list_create(&smb_binfo.bi_hlist, sizeof (smb_hostinfo_t),
1349 	    offsetof(smb_hostinfo_t, hi_lnd));
1350 	smb_binfo.bi_hcnt = 0;
1351 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1352 
1353 	(void) mutex_lock(&smb_binfo.bi_mtx);
1354 	smb_binfo.bi_changed = B_FALSE;
1355 	(void) mutex_unlock(&smb_binfo.bi_mtx);
1356 }
1357 
1358 /*
1359  * smb_browser_infoterm
1360  *
1361  * This function is called only once when browser daemon stops
1362  * to destruct smb_binfo structure
1363  */
1364 static void
1365 smb_browser_infoterm(void)
1366 {
1367 	(void) rw_wrlock(&smb_binfo.bi_hlist_rwl);
1368 	smb_browser_infofree();
1369 	list_destroy(&smb_binfo.bi_hlist);
1370 	(void) rw_unlock(&smb_binfo.bi_hlist_rwl);
1371 }
1372 
1373 /*
1374  * smb_browser_infofree
1375  *
1376  * Removes all the hostinfo structures from the browser list
1377  * and frees the allocated memory
1378  */
1379 static void
1380 smb_browser_infofree(void)
1381 {
1382 	smb_hostinfo_t *hinfo;
1383 
1384 	while ((hinfo = list_head(&smb_binfo.bi_hlist)) != NULL) {
1385 		list_remove(&smb_binfo.bi_hlist, hinfo);
1386 		free(hinfo);
1387 	}
1388 
1389 	smb_binfo.bi_hcnt = 0;
1390 }
1391