search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mount.cifs: check access of credential files before opening
[Samba.git] / source / libsmb / nmblib.c
blob641473bea17e87d0d845b941886493fcf0fddc40
1 /*
2 Unix SMB/CIFS implementation.
3 NBT netbios library routines
4 Copyright (C) Andrew Tridgell 1994-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19
20 */
21
22 #include "includes.h"
23
24 extern struct in_addr lastip;
25 extern int lastport;
26
27 int num_good_sends = 0;
28 int num_good_receives = 0;
29
30 static const struct opcode_names {
31 const char *nmb_opcode_name;
32 int opcode;
33 } nmb_header_opcode_names[] = {
34 {"Query", 0 },
35 {"Registration", 5 },
36 {"Release", 6 },
37 {"WACK", 7 },
38 {"Refresh", 8 },
39 {"Refresh(altcode)", 9 },
40 {"Multi-homed Registration", 15 },
41 {0, -1 }
42 };
43
44 /****************************************************************************
45 Lookup a nmb opcode name.
46 ****************************************************************************/
47
48 static const char *lookup_opcode_name( int opcode )
49 {
50 const struct opcode_names *op_namep;
51 int i;
52
53 for(i = 0; nmb_header_opcode_names[i].nmb_opcode_name != 0; i++) {
54 op_namep = &nmb_header_opcode_names[i];
55 if(opcode == op_namep->opcode)
56 return op_namep->nmb_opcode_name;
57 }
58 return "<unknown opcode>";
59 }
60
61 /****************************************************************************
62 Print out a res_rec structure.
63 ****************************************************************************/
64
65 static void debug_nmb_res_rec(struct res_rec *res, const char *hdr)
66 {
67 int i, j;
68
69 DEBUGADD( 4, ( " %s: nmb_name=%s rr_type=%d rr_class=%d ttl=%d\n",
70 hdr,
71 nmb_namestr(&res->rr_name),
72 res->rr_type,
73 res->rr_class,
74 res->ttl ) );
75
76 if( res->rdlength == 0 || res->rdata == NULL )
77 return;
78
79 for (i = 0; i < res->rdlength; i+= MAX_NETBIOSNAME_LEN) {
80 DEBUGADD(4, (" %s %3x char ", hdr, i));
81
82 for (j = 0; j < MAX_NETBIOSNAME_LEN; j++) {
83 unsigned char x = res->rdata[i+j];
84 if (x < 32 || x > 127)
85 x = '.';
86
87 if (i+j >= res->rdlength)
88 break;
89 DEBUGADD(4, ("%c", x));
90 }
91
92 DEBUGADD(4, (" hex "));
93
94 for (j = 0; j < MAX_NETBIOSNAME_LEN; j++) {
95 if (i+j >= res->rdlength)
96 break;
97 DEBUGADD(4, ("%02X", (unsigned char)res->rdata[i+j]));
98 }
99
100 DEBUGADD(4, ("\n"));
101 }
102 }
103
104 /****************************************************************************
105 Process a nmb packet.
106 ****************************************************************************/
107
108 void debug_nmb_packet(struct packet_struct *p)
109 {
110 struct nmb_packet *nmb = &p->packet.nmb;
111
112 if( DEBUGLVL( 4 ) ) {
113 dbgtext( "nmb packet from %s(%d) header: id=%d opcode=%s(%d) response=%s\n",
114 inet_ntoa(p->ip), p->port,
115 nmb->header.name_trn_id,
116 lookup_opcode_name(nmb->header.opcode),
117 nmb->header.opcode,
118 BOOLSTR(nmb->header.response) );
119 dbgtext( " header: flags: bcast=%s rec_avail=%s rec_des=%s trunc=%s auth=%s\n",
120 BOOLSTR(nmb->header.nm_flags.bcast),
121 BOOLSTR(nmb->header.nm_flags.recursion_available),
122 BOOLSTR(nmb->header.nm_flags.recursion_desired),
123 BOOLSTR(nmb->header.nm_flags.trunc),
124 BOOLSTR(nmb->header.nm_flags.authoritative) );
125 dbgtext( " header: rcode=%d qdcount=%d ancount=%d nscount=%d arcount=%d\n",
126 nmb->header.rcode,
127 nmb->header.qdcount,
128 nmb->header.ancount,
129 nmb->header.nscount,
130 nmb->header.arcount );
131 }
132
133 if (nmb->header.qdcount) {
134 DEBUGADD( 4, ( " question: q_name=%s q_type=%d q_class=%d\n",
135 nmb_namestr(&nmb->question.question_name),
136 nmb->question.question_type,
137 nmb->question.question_class) );
138 }
139
140 if (nmb->answers && nmb->header.ancount) {
141 debug_nmb_res_rec(nmb->answers,"answers");
142 }
143 if (nmb->nsrecs && nmb->header.nscount) {
144 debug_nmb_res_rec(nmb->nsrecs,"nsrecs");
145 }
146 if (nmb->additional && nmb->header.arcount) {
147 debug_nmb_res_rec(nmb->additional,"additional");
148 }
149 }
150
151 /*******************************************************************
152 Handle "compressed" name pointers.
153 ******************************************************************/
154
155 static BOOL handle_name_ptrs(unsigned char *ubuf,int *offset,int length,
156 BOOL *got_pointer,int *ret)
157 {
158 int loop_count=0;
159
160 while ((ubuf[*offset] & 0xC0) == 0xC0) {
161 if (!*got_pointer)
162 (*ret) += 2;
163 (*got_pointer)=True;
164 (*offset) = ((ubuf[*offset] & ~0xC0)<<8) | ubuf[(*offset)+1];
165 if (loop_count++ == 10 || (*offset) < 0 || (*offset)>(length-2)) {
166 return(False);
167 }
168 }
169 return(True);
170 }
171
172 /*******************************************************************
173 Parse a nmb name from "compressed" format to something readable
174 return the space taken by the name, or 0 if the name is invalid
175 ******************************************************************/
176
177 static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
178 {
179 int m,n=0;
180 unsigned char *ubuf = (unsigned char *)inbuf;
181 int ret = 0;
182 BOOL got_pointer=False;
183 int loop_count=0;
184 int offset = ofs;
185
186 if (length - offset < 2)
187 return(0);
188
189 /* handle initial name pointers */
190 if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
191 return(0);
192
193 m = ubuf[offset];
194
195 if (!m)
196 return(0);
197 if ((m & 0xC0) || offset+m+2 > length)
198 return(0);
199
200 memset((char *)name,'\0',sizeof(*name));
201
202 /* the "compressed" part */
203 if (!got_pointer)
204 ret += m + 2;
205 offset++;
206 while (m > 0) {
207 unsigned char c1,c2;
208 c1 = ubuf[offset++]-'A';
209 c2 = ubuf[offset++]-'A';
210 if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(name->name)-1))
211 return(0);
212 name->name[n++] = (c1<<4) | c2;
213 m -= 2;
214 }
215 name->name[n] = 0;
216
217 if (n==MAX_NETBIOSNAME_LEN) {
218 /* parse out the name type, its always in the 16th byte of the name */
219 name->name_type = ((unsigned char)name->name[15]) & 0xff;
220
221 /* remove trailing spaces */
222 name->name[15] = 0;
223 n = 14;
224 while (n && name->name[n]==' ')
225 name->name[n--] = 0;
226 }
227
228 /* now the domain parts (if any) */
229 n = 0;
230 while (ubuf[offset]) {
231 /* we can have pointers within the domain part as well */
232 if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
233 return(0);
234
235 m = ubuf[offset];
236 /*
237 * Don't allow null domain parts.
238 */
239 if (!m)
240 return(0);
241 if (!got_pointer)
242 ret += m+1;
243 if (n)
244 name->scope[n++] = '.';
245 if (m+2+offset>length || n+m+1>sizeof(name->scope))
246 return(0);
247 offset++;
248 while (m--)
249 name->scope[n++] = (char)ubuf[offset++];
250
251 /*
252 * Watch for malicious loops.
253 */
254 if (loop_count++ == 10)
255 return 0;
256 }
257 name->scope[n++] = 0;
258
259 return(ret);
260 }
261
262 /****************************************************************************
263 Put a netbios name, padding(s) and a name type into a 16 character buffer.
264 name is already in DOS charset.
265 [15 bytes name + padding][1 byte name type].
266 ****************************************************************************/
267
268 void put_name(char *dest, const char *name, int pad, unsigned int name_type)
269 {
270 size_t len = strlen(name);
271
272 memcpy(dest, name, (len < MAX_NETBIOSNAME_LEN) ? len : MAX_NETBIOSNAME_LEN - 1);
273 if (len < MAX_NETBIOSNAME_LEN - 1) {
274 memset(dest + len, pad, MAX_NETBIOSNAME_LEN - 1 - len);
275 }
276 dest[MAX_NETBIOSNAME_LEN - 1] = name_type;
277 }
278
279 /*******************************************************************
280 Put a compressed nmb name into a buffer. Return the length of the
281 compressed name.
282
283 Compressed names are really weird. The "compression" doubles the
284 size. The idea is that it also means that compressed names conform
285 to the doman name system. See RFC1002.
286 ******************************************************************/
287
288 static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
289 {
290 int ret,m;
291 nstring buf1;
292 char *p;
293
294 if (strcmp(name->name,"*") == 0) {
295 /* special case for wildcard name */
296 put_name(buf1, "*", '\0', name->name_type);
297 } else {
298 put_name(buf1, name->name, ' ', name->name_type);
299 }
300
301 buf[offset] = 0x20;
302
303 ret = 34;
304
305 for (m=0;m<MAX_NETBIOSNAME_LEN;m++) {
306 buf[offset+1+2*m] = 'A' + ((buf1[m]>>4)&0xF);
307 buf[offset+2+2*m] = 'A' + (buf1[m]&0xF);
308 }
309 offset += 33;
310
311 buf[offset] = 0;
312
313 if (name->scope[0]) {
314 /* XXXX this scope handling needs testing */
315 ret += strlen(name->scope) + 1;
316 safe_strcpy(&buf[offset+1],name->scope,sizeof(name->scope));
317
318 p = &buf[offset+1];
319 while ((p = strchr_m(p,'.'))) {
320 buf[offset] = PTR_DIFF(p,&buf[offset+1]);
321 offset += (buf[offset] + 1);
322 p = &buf[offset+1];
323 }
324 buf[offset] = strlen(&buf[offset+1]);
325 }
326
327 return(ret);
328 }
329
330 /*******************************************************************
331 Useful for debugging messages.
332 ******************************************************************/
333
334 char *nmb_namestr(const struct nmb_name *n)
335 {
336 static int i=0;
337 static fstring ret[4];
338 fstring name;
339 char *p = ret[i];
340
341 pull_ascii_fstring(name, n->name);
342 if (!n->scope[0])
343 slprintf(p,sizeof(fstring)-1, "%s<%02x>",name,n->name_type);
344 else
345 slprintf(p,sizeof(fstring)-1, "%s<%02x>.%s",name,n->name_type,n->scope);
346
347 i = (i+1)%4;
348 return(p);
349 }
350
351 /*******************************************************************
352 Allocate and parse some resource records.
353 ******************************************************************/
354
355 static BOOL parse_alloc_res_rec(char *inbuf,int *offset,int length,
356 struct res_rec **recs, int count)
357 {
358 int i;
359
360 *recs = SMB_MALLOC_ARRAY(struct res_rec, count);
361 if (!*recs)
362 return(False);
363
364 memset((char *)*recs,'\0',sizeof(**recs)*count);
365
366 for (i=0;i<count;i++) {
367 int l = parse_nmb_name(inbuf,*offset,length,&(*recs)[i].rr_name);
368 (*offset) += l;
369 if (!l || (*offset)+10 > length) {
370 SAFE_FREE(*recs);
371 return(False);
372 }
373 (*recs)[i].rr_type = RSVAL(inbuf,(*offset));
374 (*recs)[i].rr_class = RSVAL(inbuf,(*offset)+2);
375 (*recs)[i].ttl = RIVAL(inbuf,(*offset)+4);
376 (*recs)[i].rdlength = RSVAL(inbuf,(*offset)+8);
377 (*offset) += 10;
378 if ((*recs)[i].rdlength>sizeof((*recs)[i].rdata) ||
379 (*offset)+(*recs)[i].rdlength > length) {
380 SAFE_FREE(*recs);
381 return(False);
382 }
383 memcpy((*recs)[i].rdata,inbuf+(*offset),(*recs)[i].rdlength);
384 (*offset) += (*recs)[i].rdlength;
385 }
386 return(True);
387 }
388
389 /*******************************************************************
390 Put a resource record into a packet.
391 ******************************************************************/
392
393 static int put_res_rec(char *buf,int offset,struct res_rec *recs,int count)
394 {
395 int ret=0;
396 int i;
397
398 for (i=0;i<count;i++) {
399 int l = put_nmb_name(buf,offset,&recs[i].rr_name);
400 offset += l;
401 ret += l;
402 RSSVAL(buf,offset,recs[i].rr_type);
403 RSSVAL(buf,offset+2,recs[i].rr_class);
404 RSIVAL(buf,offset+4,recs[i].ttl);
405 RSSVAL(buf,offset+8,recs[i].rdlength);
406 memcpy(buf+offset+10,recs[i].rdata,recs[i].rdlength);
407 offset += 10+recs[i].rdlength;
408 ret += 10+recs[i].rdlength;
409 }
410
411 return(ret);
412 }
413
414 /*******************************************************************
415 Put a compressed name pointer record into a packet.
416 ******************************************************************/
417
418 static int put_compressed_name_ptr(unsigned char *buf,int offset,struct res_rec *rec,int ptr_offset)
419 {
420 int ret=0;
421 buf[offset] = (0xC0 | ((ptr_offset >> 8) & 0xFF));
422 buf[offset+1] = (ptr_offset & 0xFF);
423 offset += 2;
424 ret += 2;
425 RSSVAL(buf,offset,rec->rr_type);
426 RSSVAL(buf,offset+2,rec->rr_class);
427 RSIVAL(buf,offset+4,rec->ttl);
428 RSSVAL(buf,offset+8,rec->rdlength);
429 memcpy(buf+offset+10,rec->rdata,rec->rdlength);
430 offset += 10+rec->rdlength;
431 ret += 10+rec->rdlength;
432
433 return(ret);
434 }
435
436 /*******************************************************************
437 Parse a dgram packet. Return False if the packet can't be parsed
438 or is invalid for some reason, True otherwise.
439
440 This is documented in section 4.4.1 of RFC1002.
441 ******************************************************************/
442
443 static BOOL parse_dgram(char *inbuf,int length,struct dgram_packet *dgram)
444 {
445 int offset;
446 int flags;
447
448 memset((char *)dgram,'\0',sizeof(*dgram));
449
450 if (length < 14)
451 return(False);
452
453 dgram->header.msg_type = CVAL(inbuf,0);
454 flags = CVAL(inbuf,1);
455 dgram->header.flags.node_type = (enum node_type)((flags>>2)&3);
456 if (flags & 1)
457 dgram->header.flags.more = True;
458 if (flags & 2)
459 dgram->header.flags.first = True;
460 dgram->header.dgm_id = RSVAL(inbuf,2);
461 putip((char *)&dgram->header.source_ip,inbuf+4);
462 dgram->header.source_port = RSVAL(inbuf,8);
463 dgram->header.dgm_length = RSVAL(inbuf,10);
464 dgram->header.packet_offset = RSVAL(inbuf,12);
465
466 offset = 14;
467
468 if (dgram->header.msg_type == 0x10 ||
469 dgram->header.msg_type == 0x11 ||
470 dgram->header.msg_type == 0x12) {
471 offset += parse_nmb_name(inbuf,offset,length,&dgram->source_name);
472 offset += parse_nmb_name(inbuf,offset,length,&dgram->dest_name);
473 }
474
475 if (offset >= length || (length-offset > sizeof(dgram->data)))
476 return(False);
477
478 dgram->datasize = length-offset;
479 memcpy(dgram->data,inbuf+offset,dgram->datasize);
480
481 /* Paranioa. Ensure the last 2 bytes in the dgram buffer are
482 zero. This should be true anyway, just enforce it for paranioa sake. JRA. */
483 SMB_ASSERT(dgram->datasize <= (sizeof(dgram->data)-2));
484 memset(&dgram->data[sizeof(dgram->data)-2], '\0', 2);
485
486 return(True);
487 }
488
489 /*******************************************************************
490 Parse a nmb packet. Return False if the packet can't be parsed
491 or is invalid for some reason, True otherwise.
492 ******************************************************************/
493
494 static BOOL parse_nmb(char *inbuf,int length,struct nmb_packet *nmb)
495 {
496 int nm_flags,offset;
497
498 memset((char *)nmb,'\0',sizeof(*nmb));
499
500 if (length < 12)
501 return(False);
502
503 /* parse the header */
504 nmb->header.name_trn_id = RSVAL(inbuf,0);
505
506 DEBUG(10,("parse_nmb: packet id = %d\n", nmb->header.name_trn_id));
507
508 nmb->header.opcode = (CVAL(inbuf,2) >> 3) & 0xF;
509 nmb->header.response = ((CVAL(inbuf,2)>>7)&1)?True:False;
510 nm_flags = ((CVAL(inbuf,2) & 0x7) << 4) + (CVAL(inbuf,3)>>4);
511 nmb->header.nm_flags.bcast = (nm_flags&1)?True:False;
512 nmb->header.nm_flags.recursion_available = (nm_flags&8)?True:False;
513 nmb->header.nm_flags.recursion_desired = (nm_flags&0x10)?True:False;
514 nmb->header.nm_flags.trunc = (nm_flags&0x20)?True:False;
515 nmb->header.nm_flags.authoritative = (nm_flags&0x40)?True:False;
516 nmb->header.rcode = CVAL(inbuf,3) & 0xF;
517 nmb->header.qdcount = RSVAL(inbuf,4);
518 nmb->header.ancount = RSVAL(inbuf,6);
519 nmb->header.nscount = RSVAL(inbuf,8);
520 nmb->header.arcount = RSVAL(inbuf,10);
521
522 if (nmb->header.qdcount) {
523 offset = parse_nmb_name(inbuf,12,length,&nmb->question.question_name);
524 if (!offset)
525 return(False);
526
527 if (length - (12+offset) < 4)
528 return(False);
529 nmb->question.question_type = RSVAL(inbuf,12+offset);
530 nmb->question.question_class = RSVAL(inbuf,12+offset+2);
531
532 offset += 12+4;
533 } else {
534 offset = 12;
535 }
536
537 /* and any resource records */
538 if (nmb->header.ancount && !parse_alloc_res_rec(inbuf,&offset,length,&nmb->answers,
539 nmb->header.ancount))
540 return(False);
541
542 if (nmb->header.nscount && !parse_alloc_res_rec(inbuf,&offset,length,&nmb->nsrecs,
543 nmb->header.nscount))
544 return(False);
545
546 if (nmb->header.arcount && !parse_alloc_res_rec(inbuf,&offset,length,&nmb->additional,
547 nmb->header.arcount))
548 return(False);
549
550 return(True);
551 }
552
553 /*******************************************************************
554 'Copy constructor' for an nmb packet.
555 ******************************************************************/
556
557 static struct packet_struct *copy_nmb_packet(struct packet_struct *packet)
558 {
559 struct nmb_packet *nmb;
560 struct nmb_packet *copy_nmb;
561 struct packet_struct *pkt_copy;
562
563 if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
564 DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
565 return NULL;
566 }
567
568 /* Structure copy of entire thing. */
569
570 *pkt_copy = *packet;
571
572 /* Ensure this copy is not locked. */
573 pkt_copy->locked = False;
574
575 /* Ensure this copy has no resource records. */
576 nmb = &packet->packet.nmb;
577 copy_nmb = &pkt_copy->packet.nmb;
578
579 copy_nmb->answers = NULL;
580 copy_nmb->nsrecs = NULL;
581 copy_nmb->additional = NULL;
582
583 /* Now copy any resource records. */
584
585 if (nmb->answers) {
586 if((copy_nmb->answers = SMB_MALLOC_ARRAY(struct res_rec,nmb->header.ancount)) == NULL)
587 goto free_and_exit;
588 memcpy((char *)copy_nmb->answers, (char *)nmb->answers,
589 nmb->header.ancount * sizeof(struct res_rec));
590 }
591 if (nmb->nsrecs) {
592 if((copy_nmb->nsrecs = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.nscount)) == NULL)
593 goto free_and_exit;
594 memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs,
595 nmb->header.nscount * sizeof(struct res_rec));
596 }
597 if (nmb->additional) {
598 if((copy_nmb->additional = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.arcount)) == NULL)
599 goto free_and_exit;
600 memcpy((char *)copy_nmb->additional, (char *)nmb->additional,
601 nmb->header.arcount * sizeof(struct res_rec));
602 }
603
604 return pkt_copy;
605
606 free_and_exit:
607
608 SAFE_FREE(copy_nmb->answers);
609 SAFE_FREE(copy_nmb->nsrecs);
610 SAFE_FREE(copy_nmb->additional);
611 SAFE_FREE(pkt_copy);
612
613 DEBUG(0,("copy_nmb_packet: malloc fail in resource records.\n"));
614 return NULL;
615 }
616
617 /*******************************************************************
618 'Copy constructor' for a dgram packet.
619 ******************************************************************/
620
621 static struct packet_struct *copy_dgram_packet(struct packet_struct *packet)
622 {
623 struct packet_struct *pkt_copy;
624
625 if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
626 DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
627 return NULL;
628 }
629
630 /* Structure copy of entire thing. */
631
632 *pkt_copy = *packet;
633
634 /* Ensure this copy is not locked. */
635 pkt_copy->locked = False;
636
637 /* There are no additional pointers in a dgram packet,
638 we are finished. */
639 return pkt_copy;
640 }
641
642 /*******************************************************************
643 'Copy constructor' for a generic packet.
644 ******************************************************************/
645
646 struct packet_struct *copy_packet(struct packet_struct *packet)
647 {
648 if(packet->packet_type == NMB_PACKET)
649 return copy_nmb_packet(packet);
650 else if (packet->packet_type == DGRAM_PACKET)
651 return copy_dgram_packet(packet);
652 return NULL;
653 }
654
655 /*******************************************************************
656 Free up any resources associated with an nmb packet.
657 ******************************************************************/
658
659 static void free_nmb_packet(struct nmb_packet *nmb)
660 {
661 SAFE_FREE(nmb->answers);
662 SAFE_FREE(nmb->nsrecs);
663 SAFE_FREE(nmb->additional);
664 }
665
666 /*******************************************************************
667 Free up any resources associated with a dgram packet.
668 ******************************************************************/
669
670 static void free_dgram_packet(struct dgram_packet *nmb)
671 {
672 /* We have nothing to do for a dgram packet. */
673 }
674
675 /*******************************************************************
676 Free up any resources associated with a packet.
677 ******************************************************************/
678
679 void free_packet(struct packet_struct *packet)
680 {
681 if (packet->locked)
682 return;
683 if (packet->packet_type == NMB_PACKET)
684 free_nmb_packet(&packet->packet.nmb);
685 else if (packet->packet_type == DGRAM_PACKET)
686 free_dgram_packet(&packet->packet.dgram);
687 ZERO_STRUCTPN(packet);
688 SAFE_FREE(packet);
689 }
690
691 /*******************************************************************
692 Parse a packet buffer into a packet structure.
693 ******************************************************************/
694
695 struct packet_struct *parse_packet(char *buf,int length,
696 enum packet_type packet_type)
697 {
698 struct packet_struct *p;
699 BOOL ok=False;
700
701 p = SMB_MALLOC_P(struct packet_struct);
702 if (!p)
703 return(NULL);
704
705 ZERO_STRUCTP(p); /* initialize for possible padding */
706
707 p->next = NULL;
708 p->prev = NULL;
709 p->ip = lastip;
710 p->port = lastport;
711 p->locked = False;
712 p->timestamp = time(NULL);
713 p->packet_type = packet_type;
714
715 switch (packet_type) {
716 case NMB_PACKET:
717 ok = parse_nmb(buf,length,&p->packet.nmb);
718 break;
719
720 case DGRAM_PACKET:
721 ok = parse_dgram(buf,length,&p->packet.dgram);
722 break;
723 }
724
725 if (!ok) {
726 free_packet(p);
727 return NULL;
728 }
729
730 return p;
731 }
732
733 /*******************************************************************
734 Read a packet from a socket and parse it, returning a packet ready
735 to be used or put on the queue. This assumes a UDP socket.
736 ******************************************************************/
737
738 struct packet_struct *read_packet(int fd,enum packet_type packet_type)
739 {
740 struct packet_struct *packet;
741 char buf[MAX_DGRAM_SIZE];
742 int length;
743
744 length = read_udp_socket(fd,buf,sizeof(buf));
745 if (length < MIN_DGRAM_SIZE)
746 return(NULL);
747
748 packet = parse_packet(buf, length, packet_type);
749 if (!packet)
750 return NULL;
751
752 packet->fd = fd;
753
754 num_good_receives++;
755
756 DEBUG(5,("Received a packet of len %d from (%s) port %d\n",
757 length, inet_ntoa(packet->ip), packet->port ) );
758
759 return(packet);
760 }
761
762 /*******************************************************************
763 Send a udp packet on a already open socket.
764 ******************************************************************/
765
766 static BOOL send_udp(int fd,char *buf,int len,struct in_addr ip,int port)
767 {
768 BOOL ret = False;
769 int i;
770 struct sockaddr_in sock_out;
771
772 /* set the address and port */
773 memset((char *)&sock_out,'\0',sizeof(sock_out));
774 putip((char *)&sock_out.sin_addr,(char *)&ip);
775 sock_out.sin_port = htons( port );
776 sock_out.sin_family = AF_INET;
777
778 DEBUG( 5, ( "Sending a packet of len %d to (%s) on port %d\n",
779 len, inet_ntoa(ip), port ) );
780
781 /*
782 * Patch to fix asynch error notifications from Linux kernel.
783 */
784
785 for (i = 0; i < 5; i++) {
786 ret = (sendto(fd,buf,len,0,(struct sockaddr *)&sock_out, sizeof(sock_out)) >= 0);
787 if (ret || errno != ECONNREFUSED)
788 break;
789 }
790
791 if (!ret)
792 DEBUG(0,("Packet send failed to %s(%d) ERRNO=%s\n",
793 inet_ntoa(ip),port,strerror(errno)));
794
795 if (ret)
796 num_good_sends++;
797
798 return(ret);
799 }
800
801 /*******************************************************************
802 Build a dgram packet ready for sending.
803
804 XXXX This currently doesn't handle packets too big for one
805 datagram. It should split them and use the packet_offset, more and
806 first flags to handle the fragmentation. Yuck.
807
808 [...but it isn't clear that we would ever need to send a
809 a fragmented NBT Datagram. The IP layer does its own
810 fragmentation to ensure that messages can fit into the path
811 MTU. It *is* important to be able to receive and rebuild
812 fragmented NBT datagrams, just in case someone out there
813 really has implemented this 'feature'. crh -)------ ]
814
815 ******************************************************************/
816
817 static int build_dgram(char *buf,struct packet_struct *p)
818 {
819 struct dgram_packet *dgram = &p->packet.dgram;
820 unsigned char *ubuf = (unsigned char *)buf;
821 int offset=0;
822
823 /* put in the header */
824 ubuf[0] = dgram->header.msg_type;
825 ubuf[1] = (((int)dgram->header.flags.node_type)<<2);
826 if (dgram->header.flags.more)
827 ubuf[1] |= 1;
828 if (dgram->header.flags.first)
829 ubuf[1] |= 2;
830 RSSVAL(ubuf,2,dgram->header.dgm_id);
831 putip(ubuf+4,(char *)&dgram->header.source_ip);
832 RSSVAL(ubuf,8,dgram->header.source_port);
833 RSSVAL(ubuf,12,dgram->header.packet_offset);
834
835 offset = 14;
836
837 if (dgram->header.msg_type == 0x10 ||
838 dgram->header.msg_type == 0x11 ||
839 dgram->header.msg_type == 0x12) {
840 offset += put_nmb_name((char *)ubuf,offset,&dgram->source_name);
841 offset += put_nmb_name((char *)ubuf,offset,&dgram->dest_name);
842 }
843
844 memcpy(ubuf+offset,dgram->data,dgram->datasize);
845 offset += dgram->datasize;
846
847 /* automatically set the dgm_length
848 * NOTE: RFC1002 says the dgm_length does *not*
849 * include the fourteen-byte header. crh
850 */
851 dgram->header.dgm_length = (offset - 14);
852 RSSVAL(ubuf,10,dgram->header.dgm_length);
853
854 return(offset);
855 }
856
857 /*******************************************************************
858 Build a nmb name
859 *******************************************************************/
860
861 void make_nmb_name( struct nmb_name *n, const char *name, int type)
862 {
863 fstring unix_name;
864 memset( (char *)n, '\0', sizeof(struct nmb_name) );
865 fstrcpy(unix_name, name);
866 strupper_m(unix_name);
867 push_ascii(n->name, unix_name, sizeof(n->name), STR_TERMINATE);
868 n->name_type = (unsigned int)type & 0xFF;
869 push_ascii(n->scope, global_scope(), 64, STR_TERMINATE);
870 }
871
872 /*******************************************************************
873 Compare two nmb names
874 ******************************************************************/
875
876 BOOL nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2)
877 {
878 return ((n1->name_type == n2->name_type) &&
879 strequal(n1->name ,n2->name ) &&
880 strequal(n1->scope,n2->scope));
881 }
882
883 /*******************************************************************
884 Build a nmb packet ready for sending.
885
886 XXXX this currently relies on not being passed something that expands
887 to a packet too big for the buffer. Eventually this should be
888 changed to set the trunc bit so the receiver can request the rest
889 via tcp (when that becomes supported)
890 ******************************************************************/
891
892 static int build_nmb(char *buf,struct packet_struct *p)
893 {
894 struct nmb_packet *nmb = &p->packet.nmb;
895 unsigned char *ubuf = (unsigned char *)buf;
896 int offset=0;
897
898 /* put in the header */
899 RSSVAL(ubuf,offset,nmb->header.name_trn_id);
900 ubuf[offset+2] = (nmb->header.opcode & 0xF) << 3;
901 if (nmb->header.response)
902 ubuf[offset+2] |= (1<<7);
903 if (nmb->header.nm_flags.authoritative &&
904 nmb->header.response)
905 ubuf[offset+2] |= 0x4;
906 if (nmb->header.nm_flags.trunc)
907 ubuf[offset+2] |= 0x2;
908 if (nmb->header.nm_flags.recursion_desired)
909 ubuf[offset+2] |= 0x1;
910 if (nmb->header.nm_flags.recursion_available &&
911 nmb->header.response)
912 ubuf[offset+3] |= 0x80;
913 if (nmb->header.nm_flags.bcast)
914 ubuf[offset+3] |= 0x10;
915 ubuf[offset+3] |= (nmb->header.rcode & 0xF);
916
917 RSSVAL(ubuf,offset+4,nmb->header.qdcount);
918 RSSVAL(ubuf,offset+6,nmb->header.ancount);
919 RSSVAL(ubuf,offset+8,nmb->header.nscount);
920 RSSVAL(ubuf,offset+10,nmb->header.arcount);
921
922 offset += 12;
923 if (nmb->header.qdcount) {
924 /* XXXX this doesn't handle a qdcount of > 1 */
925 offset += put_nmb_name((char *)ubuf,offset,&nmb->question.question_name);
926 RSSVAL(ubuf,offset,nmb->question.question_type);
927 RSSVAL(ubuf,offset+2,nmb->question.question_class);
928 offset += 4;
929 }
930
931 if (nmb->header.ancount)
932 offset += put_res_rec((char *)ubuf,offset,nmb->answers,
933 nmb->header.ancount);
934
935 if (nmb->header.nscount)
936 offset += put_res_rec((char *)ubuf,offset,nmb->nsrecs,
937 nmb->header.nscount);
938
939 /*
940 * The spec says we must put compressed name pointers
941 * in the following outgoing packets :
942 * NAME_REGISTRATION_REQUEST, NAME_REFRESH_REQUEST,
943 * NAME_RELEASE_REQUEST.
944 */
945
946 if((nmb->header.response == False) &&
947 ((nmb->header.opcode == NMB_NAME_REG_OPCODE) ||
948 (nmb->header.opcode == NMB_NAME_RELEASE_OPCODE) ||
949 (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_8) ||
950 (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_9) ||
951 (nmb->header.opcode == NMB_NAME_MULTIHOMED_REG_OPCODE)) &&
952 (nmb->header.arcount == 1)) {
953
954 offset += put_compressed_name_ptr(ubuf,offset,nmb->additional,12);
955
956 } else if (nmb->header.arcount) {
957 offset += put_res_rec((char *)ubuf,offset,nmb->additional,
958 nmb->header.arcount);
959 }
960 return(offset);
961 }
962
963 /*******************************************************************
964 Linearise a packet.
965 ******************************************************************/
966
967 int build_packet(char *buf, struct packet_struct *p)
968 {
969 int len = 0;
970
971 switch (p->packet_type) {
972 case NMB_PACKET:
973 len = build_nmb(buf,p);
974 break;
975
976 case DGRAM_PACKET:
977 len = build_dgram(buf,p);
978 break;
979 }
980
981 return len;
982 }
983
984 /*******************************************************************
985 Send a packet_struct.
986 ******************************************************************/
987
988 BOOL send_packet(struct packet_struct *p)
989 {
990 char buf[1024];
991 int len=0;
992
993 memset(buf,'\0',sizeof(buf));
994
995 len = build_packet(buf, p);
996
997 if (!len)
998 return(False);
999
1000 return(send_udp(p->fd,buf,len,p->ip,p->port));
1001 }
1002
1003 /****************************************************************************
1004 Receive a packet with timeout on a open UDP filedescriptor.
1005 The timeout is in milliseconds
1006 ***************************************************************************/
1007
1008 struct packet_struct *receive_packet(int fd,enum packet_type type,int t)
1009 {
1010 fd_set fds;
1011 struct timeval timeout;
1012 int ret;
1013
1014 FD_ZERO(&fds);
1015 FD_SET(fd,&fds);
1016 timeout.tv_sec = t/1000;
1017 timeout.tv_usec = 1000*(t%1000);
1018
1019 if ((ret = sys_select_intr(fd+1,&fds,NULL,NULL,&timeout)) == -1) {
1020 /* errno should be EBADF or EINVAL. */
1021 DEBUG(0,("select returned -1, errno = %s (%d)\n", strerror(errno), errno));
1022 return NULL;
1023 }
1024
1025 if (ret == 0) /* timeout */
1026 return NULL;
1027
1028 if (FD_ISSET(fd,&fds))
1029 return(read_packet(fd,type));
1030
1031 return(NULL);
1032 }
1033
1034 /****************************************************************************
1035 Receive a UDP/137 packet either via UDP or from the unexpected packet
1036 queue. The packet must be a reply packet and have the specified trn_id.
1037 The timeout is in milliseconds.
1038 ***************************************************************************/
1039
1040 struct packet_struct *receive_nmb_packet(int fd, int t, int trn_id)
1041 {
1042 struct packet_struct *p;
1043
1044 p = receive_packet(fd, NMB_PACKET, t);
1045
1046 if (p && p->packet.nmb.header.response &&
1047 p->packet.nmb.header.name_trn_id == trn_id) {
1048 return p;
1049 }
1050 if (p)
1051 free_packet(p);
1052
1053 /* try the unexpected packet queue */
1054 return receive_unexpected(NMB_PACKET, trn_id, NULL);
1055 }
1056
1057 /****************************************************************************
1058 Receive a UDP/138 packet either via UDP or from the unexpected packet
1059 queue. The packet must be a reply packet and have the specified mailslot name
1060 The timeout is in milliseconds.
1061 ***************************************************************************/
1062
1063 struct packet_struct *receive_dgram_packet(int fd, int t, const char *mailslot_name)
1064 {
1065 struct packet_struct *p;
1066
1067 p = receive_packet(fd, DGRAM_PACKET, t);
1068
1069 if (p && match_mailslot_name(p, mailslot_name)) {
1070 return p;
1071 }
1072 if (p)
1073 free_packet(p);
1074
1075 /* try the unexpected packet queue */
1076 return receive_unexpected(DGRAM_PACKET, 0, mailslot_name);
1077 }
1078
1079 /****************************************************************************
1080 See if a datagram has the right mailslot name.
1081 ***************************************************************************/
1082
1083 BOOL match_mailslot_name(struct packet_struct *p, const char *mailslot_name)
1084 {
1085 struct dgram_packet *dgram = &p->packet.dgram;
1086 char *buf;
1087
1088 buf = &dgram->data[0];
1089 buf -= 4;
1090
1091 buf = smb_buf(buf);
1092
1093 if (memcmp(buf, mailslot_name, strlen(mailslot_name)+1) == 0) {
1094 return True;
1095 }
1096
1097 return False;
1098 }
1099
1100 /****************************************************************************
1101 Return the number of bits that match between two 4 character buffers
1102 ***************************************************************************/
1103
1104 int matching_quad_bits(unsigned char *p1, unsigned char *p2)
1105 {
1106 int i, j, ret = 0;
1107 for (i=0; i<4; i++) {
1108 if (p1[i] != p2[i])
1109 break;
1110 ret += 8;
1111 }
1112
1113 if (i==4)
1114 return ret;
1115
1116 for (j=0; j<8; j++) {
1117 if ((p1[i] & (1<<(7-j))) != (p2[i] & (1<<(7-j))))
1118 break;
1119 ret++;
1120 }
1121
1122 return ret;
1123 }
1124
1125 static unsigned char sort_ip[4];
1126
1127 /****************************************************************************
1128 Compare two query reply records.
1129 ***************************************************************************/
1130
1131 static int name_query_comp(unsigned char *p1, unsigned char *p2)
1132 {
1133 return matching_quad_bits(p2+2, sort_ip) - matching_quad_bits(p1+2, sort_ip);
1134 }
1135
1136 /****************************************************************************
1137 Sort a set of 6 byte name query response records so that the IPs that
1138 have the most leading bits in common with the specified address come first.
1139 ***************************************************************************/
1140
1141 void sort_query_replies(char *data, int n, struct in_addr ip)
1142 {
1143 if (n <= 1)
1144 return;
1145
1146 putip(sort_ip, (char *)&ip);
1147
1148 qsort(data, n, 6, QSORT_CAST name_query_comp);
1149 }
1150
1151 /*******************************************************************
1152 Convert, possibly using a stupid microsoft-ism which has destroyed
1153 the transport independence of netbios (for CIFS vendors that usually
1154 use the Win95-type methods, not for NT to NT communication, which uses
1155 DCE/RPC and therefore full-length unicode strings...) a dns name into
1156 a netbios name.
1157
1158 The netbios name (NOT necessarily null-terminated) is truncated to 15
1159 characters.
1160
1161 ******************************************************************/
1162
1163 char *dns_to_netbios_name(const char *dns_name)
1164 {
1165 static nstring netbios_name;
1166 int i;
1167 StrnCpy(netbios_name, dns_name, MAX_NETBIOSNAME_LEN-1);
1168 netbios_name[15] = 0;
1169
1170 /* ok. this is because of a stupid microsoft-ism. if the called host
1171 name contains a '.', microsoft clients expect you to truncate the
1172 netbios name up to and including the '.' this even applies, by
1173 mistake, to workgroup (domain) names, which is _really_ daft.
1174 */
1175 for (i = 0; i < 15; i++) {
1176 if (netbios_name[i] == '.') {
1177 netbios_name[i] = 0;
1178 break;
1179 }
1180 }
1181
1182 return netbios_name;
1183 }
1184
1185 /****************************************************************************
1186 Interpret the weird netbios "name" into a unix fstring. Return the name type.
1187 ****************************************************************************/
1188
1189 static int name_interpret(char *in, fstring name)
1190 {
1191 int ret;
1192 int len = (*in++) / 2;
1193 fstring out_string;
1194 char *out = out_string;
1195
1196 *out=0;
1197
1198 if (len > 30 || len<1)
1199 return(0);
1200
1201 while (len--) {
1202 if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
1203 *out = 0;
1204 return(0);
1205 }
1206 *out = ((in[0]-'A')<<4) + (in[1]-'A');
1207 in += 2;
1208 out++;
1209 }
1210 ret = out[-1];
1211 out[-1] = 0;
1212
1213 #ifdef NETBIOS_SCOPE
1214 /* Handle any scope names */
1215 while(*in) {
1216 *out++ = '.'; /* Scope names are separated by periods */
1217 len = *(unsigned char *)in++;
1218 StrnCpy(out, in, len);
1219 out += len;
1220 *out=0;
1221 in += len;
1222 }
1223 #endif
1224 pull_ascii_fstring(name, out_string);
1225
1226 return(ret);
1227 }
1228
1229 /****************************************************************************
1230 Mangle a name into netbios format.
1231 Note: <Out> must be (33 + strlen(scope) + 2) bytes long, at minimum.
1232 ****************************************************************************/
1233
1234 int name_mangle( char *In, char *Out, char name_type )
1235 {
1236 int i;
1237 int len;
1238 nstring buf;
1239 char *p = Out;
1240
1241 /* Safely copy the input string, In, into buf[]. */
1242 if (strcmp(In,"*") == 0)
1243 put_name(buf, "*", '\0', 0x00);
1244 else {
1245 /* We use an fstring here as mb dos names can expend x3 when
1246 going to utf8. */
1247 fstring buf_unix;
1248 nstring buf_dos;
1249
1250 pull_ascii_fstring(buf_unix, In);
1251 strupper_m(buf_unix);
1252
1253 push_ascii_nstring(buf_dos, buf_unix);
1254 put_name(buf, buf_dos, ' ', name_type);
1255 }
1256
1257 /* Place the length of the first field into the output buffer. */
1258 p[0] = 32;
1259 p++;
1260
1261 /* Now convert the name to the rfc1001/1002 format. */
1262 for( i = 0; i < MAX_NETBIOSNAME_LEN; i++ ) {
1263 p[i*2] = ( (buf[i] >> 4) & 0x000F ) + 'A';
1264 p[(i*2)+1] = (buf[i] & 0x000F) + 'A';
1265 }
1266 p += 32;
1267 p[0] = '\0';
1268
1269 /* Add the scope string. */
1270 for( i = 0, len = 0; *(global_scope()) != '\0'; i++, len++ ) {
1271 switch( (global_scope())[i] ) {
1272 case '\0':
1273 p[0] = len;
1274 if( len > 0 )
1275 p[len+1] = 0;
1276 return( name_len(Out) );
1277 case '.':
1278 p[0] = len;
1279 p += (len + 1);
1280 len = -1;
1281 break;
1282 default:
1283 p[len+1] = (global_scope())[i];
1284 break;
1285 }
1286 }
1287
1288 return( name_len(Out) );
1289 }
1290
1291 /****************************************************************************
1292 Find a pointer to a netbios name.
1293 ****************************************************************************/
1294
1295 static char *name_ptr(char *buf,int ofs)
1296 {
1297 unsigned char c = *(unsigned char *)(buf+ofs);
1298
1299 if ((c & 0xC0) == 0xC0) {
1300 uint16 l = RSVAL(buf, ofs) & 0x3FFF;
1301 DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
1302 return(buf + l);
1303 } else {
1304 return(buf+ofs);
1305 }
1306 }
1307
1308 /****************************************************************************
1309 Extract a netbios name from a buf (into a unix string) return name type.
1310 ****************************************************************************/
1311
1312 int name_extract(char *buf,int ofs, fstring name)
1313 {
1314 char *p = name_ptr(buf,ofs);
1315 int d = PTR_DIFF(p,buf+ofs);
1316
1317 name[0] = '\0';
1318 if (d < -50 || d > 50)
1319 return(0);
1320 return(name_interpret(p,name));
1321 }
1322
1323 /****************************************************************************
1324 Return the total storage length of a mangled name.
1325 ****************************************************************************/
1326
1327 int name_len(char *s1)
1328 {
1329 /* NOTE: this argument _must_ be unsigned */
1330 unsigned char *s = (unsigned char *)s1;
1331 int len;
1332
1333 /* If the two high bits of the byte are set, return 2. */
1334 if (0xC0 == (*s & 0xC0))
1335 return(2);
1336
1337 /* Add up the length bytes. */
1338 for (len = 1; (*s); s += (*s) + 1) {
1339 len += *s + 1;
1340 SMB_ASSERT(len < 80);
1341 }
1342
1343 return(len);
1344 }
Samba GIT mirror