search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/libsmb: clang: Fix value stored to 'offset' is never read
[Samba.git] / source3 / libsmb / nmblib.c
blobb6dca800e9466167515414b561a59aaa03f5eee8
1 /*
2 Unix SMB/CIFS implementation.
3 NBT netbios library routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19
20 */
21
22 #include "includes.h"
23 #include "libsmb/nmblib.h"
24
25 static const struct opcode_names {
26 const char *nmb_opcode_name;
27 int opcode;
28 } nmb_header_opcode_names[] = {
29 {"Query", 0 },
30 {"Registration", 5 },
31 {"Release", 6 },
32 {"WACK", 7 },
33 {"Refresh", 8 },
34 {"Refresh(altcode)", 9 },
35 {"Multi-homed Registration", 15 },
36 {0, -1 }
37 };
38
39 /****************************************************************************
40 Lookup a nmb opcode name.
41 ****************************************************************************/
42
43 static const char *lookup_opcode_name( int opcode )
44 {
45 const struct opcode_names *op_namep;
46 int i;
47
48 for(i = 0; nmb_header_opcode_names[i].nmb_opcode_name != 0; i++) {
49 op_namep = &nmb_header_opcode_names[i];
50 if(opcode == op_namep->opcode)
51 return op_namep->nmb_opcode_name;
52 }
53 return "<unknown opcode>";
54 }
55
56 /****************************************************************************
57 Print out a res_rec structure.
58 ****************************************************************************/
59
60 static void debug_nmb_res_rec(struct res_rec *res, const char *hdr)
61 {
62 int i, j;
63
64 DEBUGADD( 4, ( " %s: nmb_name=%s rr_type=%d rr_class=%d ttl=%d\n",
65 hdr,
66 nmb_namestr(&res->rr_name),
67 res->rr_type,
68 res->rr_class,
69 res->ttl ) );
70
71 if (res->rdlength == 0) {
72 return;
73 }
74
75 for (i = 0; i < res->rdlength; i+= MAX_NETBIOSNAME_LEN) {
76 DEBUGADD(4, (" %s %3x char ", hdr, i));
77
78 for (j = 0; j < MAX_NETBIOSNAME_LEN; j++) {
79 unsigned char x = res->rdata[i+j];
80 if (x < 32 || x > 127)
81 x = '.';
82
83 if (i+j >= res->rdlength)
84 break;
85 DEBUGADD(4, ("%c", x));
86 }
87
88 DEBUGADD(4, (" hex "));
89
90 for (j = 0; j < MAX_NETBIOSNAME_LEN; j++) {
91 if (i+j >= res->rdlength)
92 break;
93 DEBUGADD(4, ("%02X", (unsigned char)res->rdata[i+j]));
94 }
95
96 DEBUGADD(4, ("\n"));
97 }
98 }
99
100 /****************************************************************************
101 Process a nmb packet.
102 ****************************************************************************/
103
104 void debug_nmb_packet(struct packet_struct *p)
105 {
106 struct nmb_packet *nmb = &p->packet.nmb;
107
108 if( DEBUGLVL( 4 ) ) {
109 dbgtext( "nmb packet from %s(%d) header: id=%d "
110 "opcode=%s(%d) response=%s\n",
111 inet_ntoa(p->ip), p->port,
112 nmb->header.name_trn_id,
113 lookup_opcode_name(nmb->header.opcode),
114 nmb->header.opcode,
115 BOOLSTR(nmb->header.response) );
116 dbgtext( " header: flags: bcast=%s rec_avail=%s "
117 "rec_des=%s trunc=%s auth=%s\n",
118 BOOLSTR(nmb->header.nm_flags.bcast),
119 BOOLSTR(nmb->header.nm_flags.recursion_available),
120 BOOLSTR(nmb->header.nm_flags.recursion_desired),
121 BOOLSTR(nmb->header.nm_flags.trunc),
122 BOOLSTR(nmb->header.nm_flags.authoritative) );
123 dbgtext( " header: rcode=%d qdcount=%d ancount=%d "
124 "nscount=%d arcount=%d\n",
125 nmb->header.rcode,
126 nmb->header.qdcount,
127 nmb->header.ancount,
128 nmb->header.nscount,
129 nmb->header.arcount );
130 }
131
132 if (nmb->header.qdcount) {
133 DEBUGADD( 4, ( " question: q_name=%s q_type=%d q_class=%d\n",
134 nmb_namestr(&nmb->question.question_name),
135 nmb->question.question_type,
136 nmb->question.question_class) );
137 }
138
139 if (nmb->answers && nmb->header.ancount) {
140 debug_nmb_res_rec(nmb->answers,"answers");
141 }
142 if (nmb->nsrecs && nmb->header.nscount) {
143 debug_nmb_res_rec(nmb->nsrecs,"nsrecs");
144 }
145 if (nmb->additional && nmb->header.arcount) {
146 debug_nmb_res_rec(nmb->additional,"additional");
147 }
148 }
149
150 /*******************************************************************
151 Handle "compressed" name pointers.
152 ******************************************************************/
153
154 static bool handle_name_ptrs(unsigned char *ubuf,int *offset,int length,
155 bool *got_pointer,int *ret)
156 {
157 int loop_count=0;
158
159 while ((ubuf[*offset] & 0xC0) == 0xC0) {
160 if (!*got_pointer)
161 (*ret) += 2;
162 (*got_pointer)=True;
163 (*offset) = ((ubuf[*offset] & ~0xC0)<<8) | ubuf[(*offset)+1];
164 if (loop_count++ == 10 ||
165 (*offset) < 0 || (*offset)>(length-2)) {
166 return False;
167 }
168 }
169 return True;
170 }
171
172 /*******************************************************************
173 Parse a nmb name from "compressed" format to something readable
174 return the space taken by the name, or 0 if the name is invalid
175 ******************************************************************/
176
177 static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
178 {
179 size_t m,n=0;
180 unsigned char *ubuf = (unsigned char *)inbuf;
181 int ret = 0;
182 bool got_pointer=False;
183 size_t loop_count=0;
184 int offset = ofs;
185
186 if (length - offset < 2)
187 return(0);
188
189 /* handle initial name pointers */
190 if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
191 return(0);
192
193 m = ubuf[offset];
194
195 if (!m)
196 return(0);
197 if ((m & 0xC0) || offset+m+2 > length)
198 return(0);
199
200 memset((char *)name,'\0',sizeof(*name));
201
202 /* the "compressed" part */
203 if (!got_pointer)
204 ret += m + 2;
205 offset++;
206 while (m > 0) {
207 unsigned char c1,c2;
208 c1 = ubuf[offset++]-'A';
209 c2 = ubuf[offset++]-'A';
210 if ((c1 & 0xF0) || (c2 & 0xF0)) {
211 return(0);
212 }
213 if (n >= sizeof(name->name)) {
214 return 0;
215 }
216 name->name[n++] = (c1<<4) | c2;
217 m -= 2;
218 }
219 /*
220 * RFC1002: For a valid NetBIOS name, exiting from the above,
221 * n *must* be MAX_NETBIOSNAME_LEN (16).
222 */
223 if (n != MAX_NETBIOSNAME_LEN) {
224 return 0;
225 }
226
227 /* parse out the name type, its always
228 * in the 16th byte of the name */
229 name->name_type = ((unsigned char)name->name[15]) & 0xff;
230
231 /* remove trailing spaces */
232 name->name[15] = 0;
233 n = 14;
234 while (n && name->name[n]==' ')
235 name->name[n--] = 0;
236
237 /* now the domain parts (if any) */
238 n = 0;
239 while (ubuf[offset]) {
240 /* we can have pointers within the domain part as well */
241 if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
242 return(0);
243
244 m = ubuf[offset];
245 /*
246 * Don't allow null domain parts.
247 */
248 if (!m)
249 return(0);
250 if (!got_pointer)
251 ret += m+1;
252 if (n)
253 name->scope[n++] = '.';
254 if (m+2+offset>length || n+m+1>sizeof(name->scope))
255 return(0);
256 offset++;
257 while (m--)
258 name->scope[n++] = (char)ubuf[offset++];
259
260 /*
261 * Watch for malicious loops.
262 */
263 if (loop_count++ == 10)
264 return 0;
265 }
266 name->scope[n++] = 0;
267
268 return(ret);
269 }
270
271 /****************************************************************************
272 Put a netbios name, padding(s) and a name type into a 16 character buffer.
273 name is already in DOS charset.
274 [15 bytes name + padding][1 byte name type].
275 ****************************************************************************/
276
277 void put_name(char *dest, const char *name, int pad, unsigned int name_type)
278 {
279 size_t len = strlen(name);
280
281 memcpy(dest, name, (len < MAX_NETBIOSNAME_LEN) ?
282 len : MAX_NETBIOSNAME_LEN - 1);
283 if (len < MAX_NETBIOSNAME_LEN - 1) {
284 memset(dest + len, pad, MAX_NETBIOSNAME_LEN - 1 - len);
285 }
286 dest[MAX_NETBIOSNAME_LEN - 1] = name_type;
287 }
288
289 /*******************************************************************
290 Put a compressed nmb name into a buffer. Return the length of the
291 compressed name.
292
293 Compressed names are really weird. The "compression" doubles the
294 size. The idea is that it also means that compressed names conform
295 to the doman name system. See RFC1002.
296
297 If buf == NULL this is a length calculation.
298 ******************************************************************/
299
300 static int put_nmb_name(char *buf, size_t buflen, int offset,struct nmb_name *name)
301 {
302 int ret,m;
303 nstring buf1;
304 char *p;
305
306 if (strcmp(name->name,"*") == 0) {
307 /* special case for wildcard name */
308 put_name(buf1, "*", '\0', name->name_type);
309 } else {
310 put_name(buf1, name->name, ' ', name->name_type);
311 }
312
313 if (buf) {
314 if (offset >= buflen) {
315 return 0;
316 }
317 buf[offset] = 0x20;
318 }
319
320 ret = 34;
321
322 for (m=0;m<MAX_NETBIOSNAME_LEN;m++) {
323 if (buf) {
324 if (offset+2+2*m >= buflen) {
325 return 0;
326 }
327 buf[offset+1+2*m] = 'A' + ((buf1[m]>>4)&0xF);
328 buf[offset+2+2*m] = 'A' + (buf1[m]&0xF);
329 }
330 }
331 offset += 33;
332
333 if (buf) {
334 if (offset >= buflen) {
335 return 0;
336 }
337 buf[offset] = 0;
338 }
339
340 if (name->scope[0]) {
341 /* XXXX this scope handling needs testing */
342 size_t scopenamelen = strlen(name->scope) + 1;
343 ret += scopenamelen;
344 if (buf) {
345 if (offset+1+scopenamelen >= buflen) {
346 return 0;
347 }
348 strlcpy(&buf[offset+1],name->scope,
349 buflen - (offset+1));
350
351 p = &buf[offset+1];
352 while ((p = strchr_m(p,'.'))) {
353 buf[offset] = PTR_DIFF(p,&buf[offset+1]);
354 offset += (buf[offset] + 1);
355 if (offset+1 >= buflen) {
356 return 0;
357 }
358 p = &buf[offset+1];
359 }
360 buf[offset] = strlen(&buf[offset+1]);
361 }
362 }
363
364 return ret;
365 }
366
367 /*******************************************************************
368 Useful for debugging messages.
369 ******************************************************************/
370
371 char *nmb_namestr(const struct nmb_name *n)
372 {
373 fstring name;
374 char *result;
375
376 pull_ascii_fstring(name, n->name);
377 if (!n->scope[0])
378 result = talloc_asprintf(talloc_tos(), "%s<%02x>", name,
379 n->name_type);
380 else
381 result = talloc_asprintf(talloc_tos(), "%s<%02x>.%s", name,
382 n->name_type, n->scope);
383
384 SMB_ASSERT(result != NULL);
385 return result;
386 }
387
388 /*******************************************************************
389 Allocate and parse some resource records.
390 ******************************************************************/
391
392 static bool parse_alloc_res_rec(char *inbuf,int *offset,int length,
393 struct res_rec **recs, int count)
394 {
395 int i;
396
397 *recs = SMB_MALLOC_ARRAY(struct res_rec, count);
398 if (!*recs)
399 return(False);
400
401 memset((char *)*recs,'\0',sizeof(**recs)*count);
402
403 for (i=0;i<count;i++) {
404 int l = parse_nmb_name(inbuf,*offset,length,
405 &(*recs)[i].rr_name);
406 (*offset) += l;
407 if (!l || (*offset)+10 > length) {
408 SAFE_FREE(*recs);
409 return(False);
410 }
411 (*recs)[i].rr_type = RSVAL(inbuf,(*offset));
412 (*recs)[i].rr_class = RSVAL(inbuf,(*offset)+2);
413 (*recs)[i].ttl = RIVAL(inbuf,(*offset)+4);
414 (*recs)[i].rdlength = RSVAL(inbuf,(*offset)+8);
415 (*offset) += 10;
416 if ((*recs)[i].rdlength>sizeof((*recs)[i].rdata) ||
417 (*offset)+(*recs)[i].rdlength > length) {
418 SAFE_FREE(*recs);
419 return(False);
420 }
421 memcpy((*recs)[i].rdata,inbuf+(*offset),(*recs)[i].rdlength);
422 (*offset) += (*recs)[i].rdlength;
423 }
424 return(True);
425 }
426
427 /*******************************************************************
428 Put a resource record into a packet.
429 If buf == NULL this is a length calculation.
430 ******************************************************************/
431
432 static int put_res_rec(char *buf, size_t buflen, int offset,struct res_rec *recs,int count)
433 {
434 int ret=0;
435 int i;
436
437 for (i=0;i<count;i++) {
438 int l = put_nmb_name(buf,buflen,offset,&recs[i].rr_name);
439 offset += l;
440 ret += l;
441 if (buf) {
442 RSSVAL(buf,offset,recs[i].rr_type);
443 RSSVAL(buf,offset+2,recs[i].rr_class);
444 RSIVAL(buf,offset+4,recs[i].ttl);
445 RSSVAL(buf,offset+8,recs[i].rdlength);
446 memcpy(buf+offset+10,recs[i].rdata,recs[i].rdlength);
447 }
448 offset += 10+recs[i].rdlength;
449 ret += 10+recs[i].rdlength;
450 }
451
452 return ret;
453 }
454
455 /*******************************************************************
456 Put a compressed name pointer record into a packet.
457 If buf == NULL this is a length calculation.
458 ******************************************************************/
459
460 static int put_compressed_name_ptr(unsigned char *buf,
461 int offset,
462 struct res_rec *rec,
463 int ptr_offset)
464 {
465 int ret=offset;
466 if (buf) {
467 buf[offset] = (0xC0 | ((ptr_offset >> 8) & 0xFF));
468 buf[offset+1] = (ptr_offset & 0xFF);
469 }
470 offset += 2;
471 if (buf) {
472 RSSVAL(buf,offset,rec->rr_type);
473 RSSVAL(buf,offset+2,rec->rr_class);
474 RSIVAL(buf,offset+4,rec->ttl);
475 RSSVAL(buf,offset+8,rec->rdlength);
476 memcpy(buf+offset+10,rec->rdata,rec->rdlength);
477 }
478 offset += 10+rec->rdlength;
479 ret = (offset - ret);
480
481 return ret;
482 }
483
484 /*******************************************************************
485 Parse a dgram packet. Return False if the packet can't be parsed
486 or is invalid for some reason, True otherwise.
487
488 This is documented in section 4.4.1 of RFC1002.
489 ******************************************************************/
490
491 static bool parse_dgram(char *inbuf,int length,struct dgram_packet *dgram)
492 {
493 size_t offset;
494 int flags;
495
496 memset((char *)dgram,'\0',sizeof(*dgram));
497
498 if (length < 14)
499 return(False);
500
501 dgram->header.msg_type = CVAL(inbuf,0);
502 flags = CVAL(inbuf,1);
503 dgram->header.flags.node_type = (enum node_type)((flags>>2)&3);
504 if (flags & 1)
505 dgram->header.flags.more = True;
506 if (flags & 2)
507 dgram->header.flags.first = True;
508 dgram->header.dgm_id = RSVAL(inbuf,2);
509 putip((char *)&dgram->header.source_ip,inbuf+4);
510 dgram->header.source_port = RSVAL(inbuf,8);
511 dgram->header.dgm_length = RSVAL(inbuf,10);
512 dgram->header.packet_offset = RSVAL(inbuf,12);
513
514 offset = 14;
515
516 if (dgram->header.msg_type == 0x10 ||
517 dgram->header.msg_type == 0x11 ||
518 dgram->header.msg_type == 0x12) {
519 offset += parse_nmb_name(inbuf,offset,length,
520 &dgram->source_name);
521 offset += parse_nmb_name(inbuf,offset,length,
522 &dgram->dest_name);
523 }
524
525 if (offset >= length || (length-offset > sizeof(dgram->data)))
526 return(False);
527
528 dgram->datasize = length-offset;
529 memcpy(dgram->data,inbuf+offset,dgram->datasize);
530
531 /* Paranioa. Ensure the last 2 bytes in the dgram buffer are
532 zero. This should be true anyway, just enforce it for
533 paranioa sake. JRA. */
534 SMB_ASSERT(dgram->datasize <= (sizeof(dgram->data)-2));
535 memset(&dgram->data[sizeof(dgram->data)-2], '\0', 2);
536
537 return(True);
538 }
539
540 /*******************************************************************
541 Parse a nmb packet. Return False if the packet can't be parsed
542 or is invalid for some reason, True otherwise.
543 ******************************************************************/
544
545 static bool parse_nmb(char *inbuf,int length,struct nmb_packet *nmb)
546 {
547 int nm_flags,offset;
548
549 memset((char *)nmb,'\0',sizeof(*nmb));
550
551 if (length < 12)
552 return(False);
553
554 /* parse the header */
555 nmb->header.name_trn_id = RSVAL(inbuf,0);
556
557 DEBUG(10,("parse_nmb: packet id = %d\n", nmb->header.name_trn_id));
558
559 nmb->header.opcode = (CVAL(inbuf,2) >> 3) & 0xF;
560 nmb->header.response = ((CVAL(inbuf,2)>>7)&1)?True:False;
561 nm_flags = ((CVAL(inbuf,2) & 0x7) << 4) + (CVAL(inbuf,3)>>4);
562 nmb->header.nm_flags.bcast = (nm_flags&1)?True:False;
563 nmb->header.nm_flags.recursion_available = (nm_flags&8)?True:False;
564 nmb->header.nm_flags.recursion_desired = (nm_flags&0x10)?True:False;
565 nmb->header.nm_flags.trunc = (nm_flags&0x20)?True:False;
566 nmb->header.nm_flags.authoritative = (nm_flags&0x40)?True:False;
567 nmb->header.rcode = CVAL(inbuf,3) & 0xF;
568 nmb->header.qdcount = RSVAL(inbuf,4);
569 nmb->header.ancount = RSVAL(inbuf,6);
570 nmb->header.nscount = RSVAL(inbuf,8);
571 nmb->header.arcount = RSVAL(inbuf,10);
572
573 if (nmb->header.qdcount) {
574 offset = parse_nmb_name(inbuf,12,length,
575 &nmb->question.question_name);
576 if (!offset)
577 return(False);
578
579 if (length - (12+offset) < 4)
580 return(False);
581 nmb->question.question_type = RSVAL(inbuf,12+offset);
582 nmb->question.question_class = RSVAL(inbuf,12+offset+2);
583
584 offset += 12+4;
585 } else {
586 offset = 12;
587 }
588
589 /* and any resource records */
590 if (nmb->header.ancount &&
591 !parse_alloc_res_rec(inbuf,&offset,length,&nmb->answers,
592 nmb->header.ancount))
593 return(False);
594
595 if (nmb->header.nscount &&
596 !parse_alloc_res_rec(inbuf,&offset,length,&nmb->nsrecs,
597 nmb->header.nscount))
598 return(False);
599
600 if (nmb->header.arcount &&
601 !parse_alloc_res_rec(inbuf,&offset,length,
602 &nmb->additional, nmb->header.arcount))
603 return(False);
604
605 return(True);
606 }
607
608 /*******************************************************************
609 'Copy constructor' for an nmb packet.
610 ******************************************************************/
611
612 static struct packet_struct *copy_nmb_packet(struct packet_struct *packet)
613 {
614 struct nmb_packet *nmb;
615 struct nmb_packet *copy_nmb;
616 struct packet_struct *pkt_copy;
617
618 if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
619 DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
620 return NULL;
621 }
622
623 /* Structure copy of entire thing. */
624
625 *pkt_copy = *packet;
626
627 /* Ensure this copy is not locked. */
628 pkt_copy->locked = False;
629 pkt_copy->recv_fd = -1;
630 pkt_copy->send_fd = -1;
631
632 /* Ensure this copy has no resource records. */
633 nmb = &packet->packet.nmb;
634 copy_nmb = &pkt_copy->packet.nmb;
635
636 copy_nmb->answers = NULL;
637 copy_nmb->nsrecs = NULL;
638 copy_nmb->additional = NULL;
639
640 /* Now copy any resource records. */
641
642 if (nmb->answers) {
643 if((copy_nmb->answers = SMB_MALLOC_ARRAY(
644 struct res_rec,nmb->header.ancount)) == NULL)
645 goto free_and_exit;
646 memcpy((char *)copy_nmb->answers, (char *)nmb->answers,
647 nmb->header.ancount * sizeof(struct res_rec));
648 }
649 if (nmb->nsrecs) {
650 if((copy_nmb->nsrecs = SMB_MALLOC_ARRAY(
651 struct res_rec, nmb->header.nscount)) == NULL)
652 goto free_and_exit;
653 memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs,
654 nmb->header.nscount * sizeof(struct res_rec));
655 }
656 if (nmb->additional) {
657 if((copy_nmb->additional = SMB_MALLOC_ARRAY(
658 struct res_rec, nmb->header.arcount)) == NULL)
659 goto free_and_exit;
660 memcpy((char *)copy_nmb->additional, (char *)nmb->additional,
661 nmb->header.arcount * sizeof(struct res_rec));
662 }
663
664 return pkt_copy;
665
666 free_and_exit:
667
668 SAFE_FREE(copy_nmb->answers);
669 SAFE_FREE(copy_nmb->nsrecs);
670 SAFE_FREE(copy_nmb->additional);
671 SAFE_FREE(pkt_copy);
672
673 DEBUG(0,("copy_nmb_packet: malloc fail in resource records.\n"));
674 return NULL;
675 }
676
677 /*******************************************************************
678 'Copy constructor' for a dgram packet.
679 ******************************************************************/
680
681 static struct packet_struct *copy_dgram_packet(struct packet_struct *packet)
682 {
683 struct packet_struct *pkt_copy;
684
685 if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
686 DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
687 return NULL;
688 }
689
690 /* Structure copy of entire thing. */
691
692 *pkt_copy = *packet;
693
694 /* Ensure this copy is not locked. */
695 pkt_copy->locked = False;
696 pkt_copy->recv_fd = -1;
697 pkt_copy->send_fd = -1;
698
699 /* There are no additional pointers in a dgram packet,
700 we are finished. */
701 return pkt_copy;
702 }
703
704 /*******************************************************************
705 'Copy constructor' for a generic packet.
706 ******************************************************************/
707
708 struct packet_struct *copy_packet(struct packet_struct *packet)
709 {
710 if(packet->packet_type == NMB_PACKET)
711 return copy_nmb_packet(packet);
712 else if (packet->packet_type == DGRAM_PACKET)
713 return copy_dgram_packet(packet);
714 return NULL;
715 }
716
717 /*******************************************************************
718 Free up any resources associated with an nmb packet.
719 ******************************************************************/
720
721 static void free_nmb_packet(struct nmb_packet *nmb)
722 {
723 SAFE_FREE(nmb->answers);
724 SAFE_FREE(nmb->nsrecs);
725 SAFE_FREE(nmb->additional);
726 }
727
728 /*******************************************************************
729 Free up any resources associated with a dgram packet.
730 ******************************************************************/
731
732 static void free_dgram_packet(struct dgram_packet *nmb)
733 {
734 /* We have nothing to do for a dgram packet. */
735 }
736
737 /*******************************************************************
738 Free up any resources associated with a packet.
739 ******************************************************************/
740
741 void free_packet(struct packet_struct *packet)
742 {
743 if (packet->locked)
744 return;
745 if (packet->packet_type == NMB_PACKET)
746 free_nmb_packet(&packet->packet.nmb);
747 else if (packet->packet_type == DGRAM_PACKET)
748 free_dgram_packet(&packet->packet.dgram);
749 ZERO_STRUCTPN(packet);
750 SAFE_FREE(packet);
751 }
752
753 int packet_trn_id(struct packet_struct *p)
754 {
755 int result;
756 switch (p->packet_type) {
757 case NMB_PACKET:
758 result = p->packet.nmb.header.name_trn_id;
759 break;
760 case DGRAM_PACKET:
761 result = p->packet.dgram.header.dgm_id;
762 break;
763 default:
764 result = -1;
765 }
766 return result;
767 }
768
769 /*******************************************************************
770 Parse a packet buffer into a packet structure.
771 ******************************************************************/
772
773 struct packet_struct *parse_packet(char *buf,int length,
774 enum packet_type packet_type,
775 struct in_addr ip,
776 int port)
777 {
778 struct packet_struct *p;
779 bool ok=False;
780
781 p = SMB_MALLOC_P(struct packet_struct);
782 if (!p)
783 return(NULL);
784
785 ZERO_STRUCTP(p); /* initialize for possible padding */
786
787 p->next = NULL;
788 p->prev = NULL;
789 p->ip = ip;
790 p->port = port;
791 p->locked = False;
792 p->timestamp = time(NULL);
793 p->packet_type = packet_type;
794
795 switch (packet_type) {
796 case NMB_PACKET:
797 ok = parse_nmb(buf,length,&p->packet.nmb);
798 break;
799
800 case DGRAM_PACKET:
801 ok = parse_dgram(buf,length,&p->packet.dgram);
802 break;
803 }
804
805 if (!ok) {
806 free_packet(p);
807 return NULL;
808 }
809
810 return p;
811 }
812
813 static struct packet_struct *copy_packet_talloc(
814 TALLOC_CTX *mem_ctx, const struct packet_struct *src)
815 {
816 struct packet_struct *pkt;
817
818 pkt = talloc_memdup(mem_ctx, src, sizeof(struct packet_struct));
819 if (pkt == NULL) {
820 return NULL;
821 }
822 pkt->locked = false;
823 pkt->recv_fd = -1;
824 pkt->send_fd = -1;
825
826 if (src->packet_type == NMB_PACKET) {
827 const struct nmb_packet *nsrc = &src->packet.nmb;
828 struct nmb_packet *ndst = &pkt->packet.nmb;
829
830 if (nsrc->answers != NULL) {
831 ndst->answers = talloc_memdup(
832 pkt, nsrc->answers,
833 sizeof(struct res_rec) * nsrc->header.ancount);
834 if (ndst->answers == NULL) {
835 goto fail;
836 }
837 }
838 if (nsrc->nsrecs != NULL) {
839 ndst->nsrecs = talloc_memdup(
840 pkt, nsrc->nsrecs,
841 sizeof(struct res_rec) * nsrc->header.nscount);
842 if (ndst->nsrecs == NULL) {
843 goto fail;
844 }
845 }
846 if (nsrc->additional != NULL) {
847 ndst->additional = talloc_memdup(
848 pkt, nsrc->additional,
849 sizeof(struct res_rec) * nsrc->header.arcount);
850 if (ndst->additional == NULL) {
851 goto fail;
852 }
853 }
854 }
855
856 return pkt;
857
858 /*
859 * DGRAM packets have no substructures
860 */
861
862 fail:
863 TALLOC_FREE(pkt);
864 return NULL;
865 }
866
867 struct packet_struct *parse_packet_talloc(TALLOC_CTX *mem_ctx,
868 char *buf,int length,
869 enum packet_type packet_type,
870 struct in_addr ip,
871 int port)
872 {
873 struct packet_struct *pkt, *result;
874
875 pkt = parse_packet(buf, length, packet_type, ip, port);
876 if (pkt == NULL) {
877 return NULL;
878 }
879 result = copy_packet_talloc(mem_ctx, pkt);
880 free_packet(pkt);
881 return result;
882 }
883
884 /*******************************************************************
885 Send a udp packet on a already open socket.
886 ******************************************************************/
887
888 static bool send_udp(int fd,char *buf,int len,struct in_addr ip,int port)
889 {
890 bool ret = False;
891 int i;
892 struct sockaddr_in sock_out;
893
894 /* set the address and port */
895 memset((char *)&sock_out,'\0',sizeof(sock_out));
896 putip((char *)&sock_out.sin_addr,(char *)&ip);
897 sock_out.sin_port = htons( port );
898 sock_out.sin_family = AF_INET;
899
900 DEBUG( 5, ( "Sending a packet of len %d to (%s) on port %d\n",
901 len, inet_ntoa(ip), port ) );
902
903 /*
904 * Patch to fix asynch error notifications from Linux kernel.
905 */
906
907 for (i = 0; i < 5; i++) {
908 ret = (sendto(fd,buf,len,0,(struct sockaddr *)&sock_out,
909 sizeof(sock_out)) >= 0);
910 if (ret || errno != ECONNREFUSED)
911 break;
912 }
913
914 if (!ret)
915 DEBUG(0,("Packet send failed to %s(%d) ERRNO=%s\n",
916 inet_ntoa(ip),port,strerror(errno)));
917
918 return(ret);
919 }
920
921 /*******************************************************************
922 Build a dgram packet ready for sending.
923 If buf == NULL this is a length calculation.
924 ******************************************************************/
925
926 static int build_dgram(char *buf, size_t len, struct dgram_packet *dgram)
927 {
928 unsigned char *ubuf = (unsigned char *)buf;
929 int offset=0;
930
931 /* put in the header */
932 if (buf) {
933 ubuf[0] = dgram->header.msg_type;
934 ubuf[1] = (((int)dgram->header.flags.node_type)<<2);
935 if (dgram->header.flags.more)
936 ubuf[1] |= 1;
937 if (dgram->header.flags.first)
938 ubuf[1] |= 2;
939 RSSVAL(ubuf,2,dgram->header.dgm_id);
940 putip(ubuf+4,(char *)&dgram->header.source_ip);
941 RSSVAL(ubuf,8,dgram->header.source_port);
942 RSSVAL(ubuf,12,dgram->header.packet_offset);
943 }
944
945 offset = 14;
946
947 if (dgram->header.msg_type == 0x10 ||
948 dgram->header.msg_type == 0x11 ||
949 dgram->header.msg_type == 0x12) {
950 offset += put_nmb_name((char *)ubuf,len,offset,&dgram->source_name);
951 offset += put_nmb_name((char *)ubuf,len,offset,&dgram->dest_name);
952 }
953
954 if (buf) {
955 memcpy(ubuf+offset,dgram->data,dgram->datasize);
956 }
957 offset += dgram->datasize;
958
959 /* automatically set the dgm_length
960 * NOTE: RFC1002 says the dgm_length does *not*
961 * include the fourteen-byte header. crh
962 */
963 dgram->header.dgm_length = (offset - 14);
964 if (buf) {
965 RSSVAL(ubuf,10,dgram->header.dgm_length);
966 }
967
968 return offset;
969 }
970
971 /*******************************************************************
972 Build a nmb name
973 *******************************************************************/
974
975 void make_nmb_name( struct nmb_name *n, const char *name, int type)
976 {
977 fstring unix_name;
978 memset( (char *)n, '\0', sizeof(struct nmb_name) );
979 fstrcpy(unix_name, name);
980 (void)strupper_m(unix_name);
981 push_ascii(n->name, unix_name, sizeof(n->name), STR_TERMINATE);
982 n->name_type = (unsigned int)type & 0xFF;
983 push_ascii(n->scope, lp_netbios_scope(), 64, STR_TERMINATE);
984 }
985
986 /*******************************************************************
987 Compare two nmb names
988 ******************************************************************/
989
990 bool nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2)
991 {
992 return ((n1->name_type == n2->name_type) &&
993 strequal(n1->name ,n2->name ) &&
994 strequal(n1->scope,n2->scope));
995 }
996
997 /*******************************************************************
998 Build a nmb packet ready for sending.
999 If buf == NULL this is a length calculation.
1000 ******************************************************************/
1001
1002 static int build_nmb(char *buf, size_t len, struct nmb_packet *nmb)
1003 {
1004 unsigned char *ubuf = (unsigned char *)buf;
1005 int offset=0;
1006
1007 if (len && len < 12) {
1008 return 0;
1009 }
1010
1011 /* put in the header */
1012 if (buf) {
1013 RSSVAL(ubuf,offset,nmb->header.name_trn_id);
1014 ubuf[offset+2] = (nmb->header.opcode & 0xF) << 3;
1015 if (nmb->header.response)
1016 ubuf[offset+2] |= (1<<7);
1017 if (nmb->header.nm_flags.authoritative &&
1018 nmb->header.response)
1019 ubuf[offset+2] |= 0x4;
1020 if (nmb->header.nm_flags.trunc)
1021 ubuf[offset+2] |= 0x2;
1022 if (nmb->header.nm_flags.recursion_desired)
1023 ubuf[offset+2] |= 0x1;
1024 if (nmb->header.nm_flags.recursion_available &&
1025 nmb->header.response)
1026 ubuf[offset+3] |= 0x80;
1027 if (nmb->header.nm_flags.bcast)
1028 ubuf[offset+3] |= 0x10;
1029 ubuf[offset+3] |= (nmb->header.rcode & 0xF);
1030
1031 RSSVAL(ubuf,offset+4,nmb->header.qdcount);
1032 RSSVAL(ubuf,offset+6,nmb->header.ancount);
1033 RSSVAL(ubuf,offset+8,nmb->header.nscount);
1034 RSSVAL(ubuf,offset+10,nmb->header.arcount);
1035 }
1036
1037 offset += 12;
1038 if (nmb->header.qdcount) {
1039 /* XXXX this doesn't handle a qdcount of > 1 */
1040 if (len) {
1041 /* Length check. */
1042 int extra = put_nmb_name(NULL,0,offset,
1043 &nmb->question.question_name);
1044 if (offset + extra > len) {
1045 return 0;
1046 }
1047 }
1048 offset += put_nmb_name((char *)ubuf,len,offset,
1049 &nmb->question.question_name);
1050 if (buf) {
1051 RSSVAL(ubuf,offset,nmb->question.question_type);
1052 RSSVAL(ubuf,offset+2,nmb->question.question_class);
1053 }
1054 offset += 4;
1055 }
1056
1057 if (nmb->header.ancount) {
1058 if (len) {
1059 /* Length check. */
1060 int extra = put_res_rec(NULL,0,offset,nmb->answers,
1061 nmb->header.ancount);
1062 if (offset + extra > len) {
1063 return 0;
1064 }
1065 }
1066 offset += put_res_rec((char *)ubuf,len,offset,nmb->answers,
1067 nmb->header.ancount);
1068 }
1069
1070 if (nmb->header.nscount) {
1071 if (len) {
1072 /* Length check. */
1073 int extra = put_res_rec(NULL,0,offset,nmb->nsrecs,
1074 nmb->header.nscount);
1075 if (offset + extra > len) {
1076 return 0;
1077 }
1078 }
1079 offset += put_res_rec((char *)ubuf,len,offset,nmb->nsrecs,
1080 nmb->header.nscount);
1081 }
1082
1083 /*
1084 * The spec says we must put compressed name pointers
1085 * in the following outgoing packets :
1086 * NAME_REGISTRATION_REQUEST, NAME_REFRESH_REQUEST,
1087 * NAME_RELEASE_REQUEST.
1088 */
1089
1090 if((nmb->header.response == False) &&
1091 ((nmb->header.opcode == NMB_NAME_REG_OPCODE) ||
1092 (nmb->header.opcode == NMB_NAME_RELEASE_OPCODE) ||
1093 (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_8) ||
1094 (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_9) ||
1095 (nmb->header.opcode == NMB_NAME_MULTIHOMED_REG_OPCODE)) &&
1096 (nmb->header.arcount == 1)) {
1097
1098 if (len) {
1099 /* Length check. */
1100 int extra = put_compressed_name_ptr(NULL,offset,
1101 nmb->additional,12);
1102 if (offset + extra > len) {
1103 return 0;
1104 }
1105 }
1106 offset += put_compressed_name_ptr(ubuf,offset,
1107 nmb->additional,12);
1108 } else if (nmb->header.arcount) {
1109 if (len) {
1110 /* Length check. */
1111 int extra = put_res_rec(NULL,0,offset,nmb->additional,
1112 nmb->header.arcount);
1113 if (offset + extra > len) {
1114 return 0;
1115 }
1116 }
1117 offset += put_res_rec((char *)ubuf,len,offset,nmb->additional,
1118 nmb->header.arcount);
1119 }
1120 return offset;
1121 }
1122
1123 /*******************************************************************
1124 Linearise a packet.
1125 ******************************************************************/
1126
1127 int build_packet(char *buf, size_t buflen, struct packet_struct *p)
1128 {
1129 int len = 0;
1130
1131 switch (p->packet_type) {
1132 case NMB_PACKET:
1133 len = build_nmb(buf,buflen,&p->packet.nmb);
1134 break;
1135
1136 case DGRAM_PACKET:
1137 len = build_dgram(buf,buflen,&p->packet.dgram);
1138 break;
1139 }
1140
1141 return len;
1142 }
1143
1144 /*******************************************************************
1145 Send a packet_struct.
1146 ******************************************************************/
1147
1148 bool send_packet(struct packet_struct *p)
1149 {
1150 char buf[1024];
1151 int len=0;
1152
1153 memset(buf,'\0',sizeof(buf));
1154
1155 len = build_packet(buf, sizeof(buf), p);
1156
1157 if (!len)
1158 return(False);
1159
1160 return(send_udp(p->send_fd,buf,len,p->ip,p->port));
1161 }
1162
1163 /****************************************************************************
1164 Receive a UDP/138 packet either via UDP or from the unexpected packet
1165 queue. The packet must be a reply packet and have the specified mailslot name
1166 The timeout is in milliseconds.
1167 ***************************************************************************/
1168
1169 /****************************************************************************
1170 See if a datagram has the right mailslot name.
1171 ***************************************************************************/
1172
1173 bool match_mailslot_name(struct packet_struct *p, const char *mailslot_name)
1174 {
1175 struct dgram_packet *dgram = &p->packet.dgram;
1176 char *buf;
1177
1178 buf = &dgram->data[0];
1179 buf -= 4;
1180
1181 buf = smb_buf(buf);
1182
1183 if (memcmp(buf, mailslot_name, strlen(mailslot_name)+1) == 0) {
1184 return True;
1185 }
1186
1187 return False;
1188 }
1189
1190 /****************************************************************************
1191 Return the number of bits that match between two len character buffers
1192 ***************************************************************************/
1193
1194 int matching_len_bits(const unsigned char *p1, const unsigned char *p2, size_t len)
1195 {
1196 size_t i, j;
1197 int ret = 0;
1198 for (i=0; i<len; i++) {
1199 if (p1[i] != p2[i])
1200 break;
1201 ret += 8;
1202 }
1203
1204 if (i==len)
1205 return ret;
1206
1207 for (j=0; j<8; j++) {
1208 if ((p1[i] & (1<<(7-j))) != (p2[i] & (1<<(7-j))))
1209 break;
1210 ret++;
1211 }
1212
1213 return ret;
1214 }
1215
1216 static unsigned char sort_ip[4];
1217
1218 /****************************************************************************
1219 Compare two query reply records.
1220 ***************************************************************************/
1221
1222 static int name_query_comp(unsigned char *p1, unsigned char *p2)
1223 {
1224 return matching_len_bits(p2+2, sort_ip, 4) -
1225 matching_len_bits(p1+2, sort_ip, 4);
1226 }
1227
1228 /****************************************************************************
1229 Sort a set of 6 byte name query response records so that the IPs that
1230 have the most leading bits in common with the specified address come first.
1231 ***************************************************************************/
1232
1233 void sort_query_replies(char *data, int n, struct in_addr ip)
1234 {
1235 if (n <= 1)
1236 return;
1237
1238 putip(sort_ip, (char *)&ip);
1239
1240 /* TODO:
1241 this can't use TYPESAFE_QSORT() as the types are wrong.
1242 It should be fixed to use a real type instead of char*
1243 */
1244 qsort(data, n, 6, QSORT_CAST name_query_comp);
1245 }
1246
1247 /****************************************************************************
1248 Interpret the weird netbios "name" into a unix fstring. Return the name type.
1249 Returns -1 on error.
1250 ****************************************************************************/
1251
1252 static int name_interpret(unsigned char *buf, size_t buf_len,
1253 unsigned char *in, fstring name)
1254 {
1255 unsigned char *end_ptr = buf + buf_len;
1256 int ret;
1257 unsigned int len;
1258 fstring out_string;
1259 unsigned char *out = (unsigned char *)out_string;
1260
1261 *out=0;
1262
1263 if (in >= end_ptr) {
1264 return -1;
1265 }
1266 len = (*in++) / 2;
1267
1268 if (len<1) {
1269 return -1;
1270 }
1271
1272 while (len--) {
1273 if (&in[1] >= end_ptr) {
1274 return -1;
1275 }
1276 if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
1277 *out = 0;
1278 return(0);
1279 }
1280 *out = ((in[0]-'A')<<4) + (in[1]-'A');
1281 in += 2;
1282 out++;
1283 if (PTR_DIFF(out,out_string) >= sizeof(fstring)) {
1284 return -1;
1285 }
1286 }
1287 ret = out[-1];
1288 out[-1] = 0;
1289
1290 pull_ascii_fstring(name, out_string);
1291
1292 return(ret);
1293 }
1294
1295 /****************************************************************************
1296 Mangle a name into netbios format.
1297 Note: <Out> must be (33 + strlen(scope) + 2) bytes long, at minimum.
1298 ****************************************************************************/
1299
1300 char *name_mangle(TALLOC_CTX *mem_ctx, const char *In, char name_type)
1301 {
1302 int i;
1303 int len;
1304 nstring buf;
1305 char *result;
1306 char *p;
1307
1308 result = talloc_array(mem_ctx, char, 33 + strlen(lp_netbios_scope()) + 2);
1309 if (result == NULL) {
1310 return NULL;
1311 }
1312 p = result;
1313
1314 /* Safely copy the input string, In, into buf[]. */
1315 if (strcmp(In,"*") == 0)
1316 put_name(buf, "*", '\0', 0x00);
1317 else {
1318 /* We use an fstring here as mb dos names can expend x3 when
1319 going to utf8. */
1320 fstring buf_unix;
1321 nstring buf_dos;
1322
1323 pull_ascii_fstring(buf_unix, In);
1324 if (!strupper_m(buf_unix)) {
1325 return NULL;
1326 }
1327
1328 push_ascii_nstring(buf_dos, buf_unix);
1329 put_name(buf, buf_dos, ' ', name_type);
1330 }
1331
1332 /* Place the length of the first field into the output buffer. */
1333 p[0] = 32;
1334 p++;
1335
1336 /* Now convert the name to the rfc1001/1002 format. */
1337 for( i = 0; i < MAX_NETBIOSNAME_LEN; i++ ) {
1338 p[i*2] = ( (buf[i] >> 4) & 0x000F ) + 'A';
1339 p[(i*2)+1] = (buf[i] & 0x000F) + 'A';
1340 }
1341 p += 32;
1342 p[0] = '\0';
1343
1344 /* Add the scope string. */
1345 for( i = 0, len = 0; *(lp_netbios_scope()) != '\0'; i++, len++ ) {
1346 switch( (lp_netbios_scope())[i] ) {
1347 case '\0':
1348 p[0] = len;
1349 if( len > 0 )
1350 p[len+1] = 0;
1351 return result;
1352 case '.':
1353 p[0] = len;
1354 p += (len + 1);
1355 len = -1;
1356 break;
1357 default:
1358 p[len+1] = (lp_netbios_scope())[i];
1359 break;
1360 }
1361 }
1362
1363 return result;
1364 }
1365
1366 /****************************************************************************
1367 Find a pointer to a netbios name.
1368 ****************************************************************************/
1369
1370 static unsigned char *name_ptr(unsigned char *buf, size_t buf_len, unsigned int ofs)
1371 {
1372 unsigned char c = 0;
1373
1374 if (ofs > buf_len || buf_len < 1) {
1375 return NULL;
1376 }
1377
1378 c = *(unsigned char *)(buf+ofs);
1379 if ((c & 0xC0) == 0xC0) {
1380 uint16_t l = 0;
1381
1382 if (ofs > buf_len - 1) {
1383 return NULL;
1384 }
1385 l = RSVAL(buf, ofs) & 0x3FFF;
1386 if (l > buf_len) {
1387 return NULL;
1388 }
1389 DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
1390 return(buf + l);
1391 } else {
1392 return(buf+ofs);
1393 }
1394 }
1395
1396 /****************************************************************************
1397 Extract a netbios name from a buf (into a unix string) return name type.
1398 Returns -1 on error.
1399 ****************************************************************************/
1400
1401 int name_extract(unsigned char *buf, size_t buf_len, unsigned int ofs, fstring name)
1402 {
1403 unsigned char *p = name_ptr(buf,buf_len,ofs);
1404
1405 name[0] = '\0';
1406 if (p == NULL) {
1407 return -1;
1408 }
1409 return(name_interpret(buf,buf_len,p,name));
1410 }
1411
1412 /****************************************************************************
1413 Return the total storage length of a mangled name.
1414 Returns -1 on error.
1415 ****************************************************************************/
1416
1417 int name_len(unsigned char *s1, size_t buf_len)
1418 {
1419 /* NOTE: this argument _must_ be unsigned */
1420 unsigned char *s = (unsigned char *)s1;
1421 int len = 0;
1422
1423 if (buf_len < 1) {
1424 return -1;
1425 }
1426 /* If the two high bits of the byte are set, return 2. */
1427 if (0xC0 == (*s & 0xC0)) {
1428 if (buf_len < 2) {
1429 return -1;
1430 }
1431 return(2);
1432 }
1433
1434 /* Add up the length bytes. */
1435 for (len = 1; (*s); s += (*s) + 1) {
1436 len += *s + 1;
1437 if (len > buf_len) {
1438 return -1;
1439 }
1440 }
1441
1442 return(len);
1443 }
Samba GIT mirror