2 Unix SMB/CIFS implementation.
3 NBT netbios routines and daemon - version 2
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6 Copyright (C) Jeremy Allison 1994-2003
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 struct sam_database_info
{
31 uint32 serial_lo
, serial_hi
;
32 uint32 date_lo
, date_hi
;
35 /****************************************************************************
36 Send a message to smbd to do a sam delta sync
37 **************************************************************************/
39 static void send_repl_message(uint32 low_serial
)
43 tdb
= tdb_open_log(lock_path("connections.tdb"), 0,
44 TDB_DEFAULT
, O_RDONLY
, 0);
47 DEBUG(3, ("send_repl_message(): failed to open connections "
52 DEBUG(3, ("sending replication message, serial = 0x%04x\n",
55 message_send_all(tdb
, MSG_SMB_SAM_REPL
, &low_serial
,
56 sizeof(low_serial
), False
, NULL
);
61 /****************************************************************************
62 Process a domain logon packet
63 **************************************************************************/
65 void process_logon_packet(struct packet_struct
*p
, char *buf
,int len
,
68 struct dgram_packet
*dgram
= &p
->packet
.dgram
;
78 BOOL short_request
= False
;
80 char *uniuser
; /* Unicode user name. */
82 char *unicomp
; /* Unicode computer name. */
84 memset(outbuf
, 0, sizeof(outbuf
));
86 if (!lp_domain_logons()) {
87 DEBUG(5,("process_logon_packet: Logon packet received from IP %s and domain \
88 logons are not enabled.\n", inet_ntoa(p
->ip
) ));
92 pstrcpy(my_name
, global_myname());
94 code
= get_safe_SVAL(buf
,len
,buf
,0,-1);
95 DEBUG(4,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p
->ip
), code
));
100 fstring mach_str
, user_str
, getdc_str
;
103 char *user
= skip_string(buf
,len
,machine
);
105 if (!user
|| PTR_DIFF(user
, buf
) >= len
) {
106 DEBUG(0,("process_logon_packet: bad packet\n"));
109 getdc
= skip_string(buf
,len
,user
);
111 if (!getdc
|| PTR_DIFF(getdc
, buf
) >= len
) {
112 DEBUG(0,("process_logon_packet: bad packet\n"));
115 q
= skip_string(buf
,len
,getdc
);
117 if (!q
|| PTR_DIFF(q
+ 5, buf
) > len
) {
118 DEBUG(0,("process_logon_packet: bad packet\n"));
123 fstrcpy(reply_name
,my_name
);
125 pull_ascii_fstring(mach_str
, machine
);
126 pull_ascii_fstring(user_str
, user
);
127 pull_ascii_fstring(getdc_str
, getdc
);
129 DEBUG(5,("process_logon_packet: Domain login request from %s at IP %s user=%s token=%x\n",
130 mach_str
,inet_ntoa(p
->ip
),user_str
,token
));
136 fstrcpy(reply_name
, "\\\\");
137 fstrcat(reply_name
, my_name
);
138 push_ascii(q
,reply_name
,
139 sizeof(outbuf
)-PTR_DIFF(q
, outbuf
),
141 q
= skip_string(outbuf
,sizeof(outbuf
),q
); /* PDC name */
146 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
148 send_mailslot(True
, getdc_str
,
149 outbuf
,PTR_DIFF(q
,outbuf
),
150 global_myname(), 0x0,
152 dgram
->source_name
.name_type
,
153 p
->ip
, *iface_ip(p
->ip
), p
->port
);
159 fstring mach_str
, getdc_str
;
164 if (!lp_domain_master()) {
165 /* We're not Primary Domain Controller -- ignore this */
169 getdc
= skip_string(buf
,len
,machine
);
171 if (!getdc
|| PTR_DIFF(getdc
, buf
) >= len
) {
172 DEBUG(0,("process_logon_packet: bad packet\n"));
175 q
= skip_string(buf
,len
,getdc
);
177 if (!q
|| PTR_DIFF(q
, buf
) >= len
) {
178 DEBUG(0,("process_logon_packet: bad packet\n"));
183 /* At this point we can work out if this is a W9X or NT style
184 request. Experiments show that the difference is wether the
185 packet ends here. For a W9X request we now end with a pair of
186 bytes (usually 0xFE 0xFF) whereas with NT we have two further
187 strings - the following is a simple way of detecting this */
189 if (len
- PTR_DIFF(q
, buf
) <= 3) {
190 short_request
= True
;
194 if (PTR_DIFF(q
, buf
) >= len
) {
195 DEBUG(0,("process_logon_packet: bad packet\n"));
199 /* A full length (NT style) request */
200 q
= skip_unibuf(unicomp
, PTR_DIFF(buf
+ len
, unicomp
));
202 if (PTR_DIFF(q
, buf
) >= len
) {
203 DEBUG(0,("process_logon_packet: bad packet\n"));
207 if (len
- PTR_DIFF(q
, buf
) > 8) {
208 /* with NT5 clients we can sometimes
209 get additional data - a length specificed string
210 containing the domain name, then 16 bytes of
211 data (no idea what it is) */
212 int dom_len
= CVAL(q
, 0);
220 if (PTR_DIFF(q
+ 8, buf
) > len
) {
221 DEBUG(0,("process_logon_packet: bad packet\n"));
225 ntversion
= IVAL(q
, 0);
226 lmnttoken
= SVAL(q
, 4);
227 lm20token
= SVAL(q
, 6);
230 /* Construct reply. */
232 SSVAL(q
, 0, QUERYFORPDC_R
);
235 fstrcpy(reply_name
,my_name
);
236 push_ascii(q
, reply_name
,
237 sizeof(outbuf
)-PTR_DIFF(q
, outbuf
),
239 q
= skip_string(outbuf
,sizeof(outbuf
),q
); /* PDC name */
241 /* PDC and domain name */
242 if (!short_request
) {
243 /* Make a full reply */
244 q
= ALIGN2(q
, outbuf
);
246 q
+= dos_PutUniCode(q
, my_name
,
247 sizeof(outbuf
) - PTR_DIFF(q
, outbuf
),
248 True
); /* PDC name */
249 q
+= dos_PutUniCode(q
, lp_workgroup(),
250 sizeof(outbuf
) - PTR_DIFF(q
, outbuf
),
251 True
); /* Domain name*/
252 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 8) {
255 SIVAL(q
, 0, 1); /* our nt version */
256 SSVAL(q
, 4, 0xffff); /* our lmnttoken */
257 SSVAL(q
, 6, 0xffff); /* our lm20token */
261 /* RJS, 21-Feb-2000, we send a short reply if the request was short */
263 pull_ascii_fstring(mach_str
, machine
);
265 DEBUG(5,("process_logon_packet: GETDC request from %s at IP %s, \
266 reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
267 mach_str
,inet_ntoa(p
->ip
), reply_name
, lp_workgroup(),
268 QUERYFORPDC_R
, (uint32
)ntversion
, (uint32
)lmnttoken
,
269 (uint32
)lm20token
));
271 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
273 pull_ascii_fstring(getdc_str
, getdc
);
274 pull_ascii_nstring(source_name
, sizeof(source_name
), dgram
->source_name
.name
);
276 send_mailslot(True
, getdc_str
,
277 outbuf
,PTR_DIFF(q
,outbuf
),
278 global_myname(), 0x0,
280 dgram
->source_name
.name_type
,
281 p
->ip
, *iface_ip(p
->ip
), p
->port
);
295 if (PTR_DIFF(q
, buf
) >= len
) {
296 DEBUG(0,("process_logon_packet: bad packet\n"));
301 uniuser
= skip_unibuf(unicomp
, PTR_DIFF(buf
+len
, unicomp
));
303 if (PTR_DIFF(uniuser
, buf
) >= len
) {
304 DEBUG(0,("process_logon_packet: bad packet\n"));
308 getdc
= skip_unibuf(uniuser
,PTR_DIFF(buf
+len
, uniuser
));
310 if (PTR_DIFF(getdc
, buf
) >= len
) {
311 DEBUG(0,("process_logon_packet: bad packet\n"));
315 q
= skip_string(buf
,len
,getdc
);
317 if (!q
|| PTR_DIFF(q
+ 8, buf
) >= len
) {
318 DEBUG(0,("process_logon_packet: bad packet\n"));
322 q
+= 4; /* Account Control Bits - indicating username type */
323 domainsidsize
= IVAL(q
, 0);
326 DEBUG(5,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize
, len
));
328 if (domainsidsize
< (len
- PTR_DIFF(q
, buf
)) && (domainsidsize
!= 0)) {
333 DEBUG(5,("process_logon_packet: len = %d PTR_DIFF(q, buf) = %ld\n", len
, (unsigned long)PTR_DIFF(q
, buf
) ));
335 if (len
- PTR_DIFF(q
, buf
) > 8) {
336 /* with NT5 clients we can sometimes
337 get additional data - a length specificed string
338 containing the domain name, then 16 bytes of
339 data (no idea what it is) */
340 int dom_len
= CVAL(q
, 0);
342 if (dom_len
< (len
- PTR_DIFF(q
, buf
)) && (dom_len
!= 0)) {
348 if (PTR_DIFF(q
+ 8, buf
) > len
) {
349 DEBUG(0,("process_logon_packet: bad packet\n"));
353 ntversion
= IVAL(q
, 0);
354 lmnttoken
= SVAL(q
, 4);
355 lm20token
= SVAL(q
, 6);
358 DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize
, ntversion
));
361 * we respond regadless of whether the machine is in our password
362 * database. If it isn't then we let smbd send an appropriate error.
363 * Let's ignore the SID.
365 pull_ucs2_pstring(ascuser
, uniuser
);
366 pull_ucs2_fstring(asccomp
, unicomp
);
367 DEBUG(5,("process_logon_packet: SAMLOGON user %s\n", ascuser
));
369 fstrcpy(reply_name
, "\\\\"); /* Here it wants \\LOGONSERVER. */
370 fstrcat(reply_name
, my_name
);
372 DEBUG(5,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n",
373 asccomp
,inet_ntoa(p
->ip
), ascuser
, reply_name
, lp_workgroup(),
374 SAMLOGON_R
,lmnttoken
));
376 /* Construct reply. */
379 /* we want the simple version unless we are an ADS PDC..which means */
380 /* never, at least for now */
381 if ((ntversion
< 11) || (SEC_ADS
!= lp_security()) || (ROLE_DOMAIN_PDC
!= lp_server_role())) {
382 if (SVAL(uniuser
, 0) == 0) {
383 SSVAL(q
, 0, SAMLOGON_UNK_R
); /* user unknown */
385 SSVAL(q
, 0, SAMLOGON_R
);
390 q
+= dos_PutUniCode(q
, reply_name
,
391 sizeof(outbuf
) - PTR_DIFF(q
, outbuf
),
393 q
+= dos_PutUniCode(q
, ascuser
,
394 sizeof(outbuf
) - PTR_DIFF(q
, outbuf
),
396 q
+= dos_PutUniCode(q
, lp_workgroup(),
397 sizeof(outbuf
) - PTR_DIFF(q
, outbuf
),
402 struct GUID domain_guid
;
406 char *component
, *dc
, *q1
;
411 get_mydnsdomname(domain
);
412 get_myname(hostname
);
414 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 8) {
417 if (SVAL(uniuser
, 0) == 0) {
418 SIVAL(q
, 0, SAMLOGON_AD_UNK_R
); /* user unknown */
420 SIVAL(q
, 0, SAMLOGON_AD_R
);
424 SIVAL(q
, 0, ADS_PDC
|ADS_GC
|ADS_LDAP
|ADS_DS
|
425 ADS_KDC
|ADS_TIMESERV
|ADS_CLOSEST
|ADS_WRITABLE
);
428 /* Push Domain GUID */
429 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < UUID_FLAT_SIZE
) {
432 if (False
== secrets_fetch_domain_guid(domain
, &domain_guid
)) {
433 DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain
));
437 smb_uuid_pack(domain_guid
, &flat_guid
);
438 memcpy(q
, &flat_guid
.info
, UUID_FLAT_SIZE
);
442 str_offset
= q
- q_orig
;
445 while ((component
= strtok(dc
, "."))) {
447 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 1) {
450 size
= push_ascii(&q
[1], component
,
451 sizeof(outbuf
) - PTR_DIFF(q
+1, outbuf
),
453 if (size
== (uint8
)-1) {
461 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 4) {
468 SCVAL(q
, 0, 0xc0 | ((str_offset
>> 8) & 0x3F));
469 SCVAL(q
, 1, str_offset
& 0xFF);
473 size
= push_ascii(&q
[1], hostname
,
474 sizeof(outbuf
) - PTR_DIFF(q
+1, outbuf
),
476 if (size
== (uint8
)-1) {
482 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 3) {
486 SCVAL(q
, 0, 0xc0 | ((str_offset
>> 8) & 0x3F));
487 SCVAL(q
, 1, str_offset
& 0xFF);
490 /* NETBIOS of domain */
491 size
= push_ascii(&q
[1], lp_workgroup(),
492 sizeof(outbuf
) - PTR_DIFF(q
+1, outbuf
),
494 if (size
== (uint8
)-1) {
501 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 2) {
507 /* NETBIOS of hostname */
508 size
= push_ascii(&q
[1], my_name
,
509 sizeof(outbuf
) - PTR_DIFF(q
+1, outbuf
),
511 if (size
== (uint8
)-1) {
518 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 4) {
525 if (SVAL(uniuser
, 0) != 0) {
526 size
= push_ascii(&q
[1], ascuser
,
527 sizeof(outbuf
) - PTR_DIFF(q
+1, outbuf
),
529 if (size
== (uint8
)-1) {
538 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 1) {
541 size
= push_ascii(&q
[1], "Default-First-Site-Name",
542 sizeof(outbuf
) - PTR_DIFF(q
+1, outbuf
),
544 if (size
== (uint8
)-1) {
550 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 18) {
555 str_offset
= q
- q_orig
;
556 SCVAL(q
, 0, 0xc0 | ((str_offset
>> 8) & 0x3F));
557 SCVAL(q
, 1, str_offset
& 0xFF);
560 SCVAL(q
, 0, PTR_DIFF(q
,q1
));
561 SCVAL(q
, 1, 0x10); /* unknown */
563 SIVAL(q
, 0, 0x00000002);
564 q
+= 4; /* unknown */
565 SIVAL(q
, 0, (iface_ip(p
->ip
))->s_addr
);
567 SIVAL(q
, 0, 0x00000000);
568 q
+= 4; /* unknown */
569 SIVAL(q
, 0, 0x00000000);
570 q
+= 4; /* unknown */
574 if (sizeof(outbuf
) - PTR_DIFF(q
, outbuf
) < 8) {
578 /* tell the client what version we are */
579 SIVAL(q
, 0, ((ntversion
< 11) || (SEC_ADS
!= lp_security())) ? 1 : 13);
581 SSVAL(q
, 4, 0xffff); /* our lmnttoken */
582 SSVAL(q
, 6, 0xffff); /* our lm20token */
585 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
587 pull_ascii_fstring(getdc_str
, getdc
);
588 pull_ascii_nstring(source_name
, sizeof(source_name
), dgram
->source_name
.name
);
590 send_mailslot(True
, getdc
,
591 outbuf
,PTR_DIFF(q
,outbuf
),
592 global_myname(), 0x0,
594 dgram
->source_name
.name_type
,
595 p
->ip
, *iface_ip(p
->ip
), p
->port
);
599 /* Announce change to UAS or SAM. Send by the domain controller when a
600 replication event is required. */
604 struct sam_database_info
*db_info
;
611 if (PTR_DIFF(q
+ 16, buf
) >= len
) {
612 DEBUG(0,("process_logon_packet: bad packet\n"));
616 low_serial
= IVAL(q
, 0); q
+= 4; /* Low serial number */
618 q
+= 4; /* Date/time */
624 q
= skip_string(buf
,len
,q
); /* PDC name */
626 if (!q
|| PTR_DIFF(q
, buf
) >= len
) {
627 DEBUG(0,("process_logon_packet: bad packet\n"));
631 q
= skip_string(buf
,len
,q
); /* Domain name */
633 if (!q
|| PTR_DIFF(q
, buf
) >= len
) {
634 DEBUG(0,("process_logon_packet: bad packet\n"));
638 q
= skip_unibuf(q
, PTR_DIFF(buf
+ len
, q
)); /* Unicode PDC name */
640 if (PTR_DIFF(q
, buf
) >= len
) {
641 DEBUG(0,("process_logon_packet: bad packet\n"));
645 q
= skip_unibuf(q
, PTR_DIFF(buf
+ len
, q
)); /* Unicode domain name */
649 if (PTR_DIFF(q
+ 2, buf
) >= len
) {
650 DEBUG(0,("process_logon_packet: bad packet\n"));
654 db_count
= SVAL(q
, 0); q
+= 2;
656 if (PTR_DIFF(q
+ (db_count
*20), buf
) >= len
) {
657 DEBUG(0,("process_logon_packet: bad packet\n"));
661 db_info
= SMB_MALLOC_ARRAY(struct sam_database_info
, db_count
);
663 if (db_info
== NULL
) {
664 DEBUG(3, ("out of memory allocating info for %d databases\n", db_count
));
668 for (i
= 0; i
< db_count
; i
++) {
669 db_info
[i
].index
= IVAL(q
, 0);
670 db_info
[i
].serial_lo
= IVAL(q
, 4);
671 db_info
[i
].serial_hi
= IVAL(q
, 8);
672 db_info
[i
].date_lo
= IVAL(q
, 12);
673 db_info
[i
].date_hi
= IVAL(q
, 16);
680 /* We must range check this. */
681 q
+= IVAL(q
, 0) + 4; /* 4 byte length plus data */
683 q
+= 2; /* Alignment? */
685 /* Misc other info */
687 q
+= 4; /* NT version (0x1) */
688 q
+= 2; /* LMNT token (0xff) */
689 q
+= 2; /* LM20 token (0xff) */
692 SAFE_FREE(db_info
); /* Not sure whether we need to do anything useful with these */
694 /* Send message to smbd */
696 send_repl_message(low_serial
);
701 DEBUG(3,("process_logon_packet: Unknown domain request %d\n",code
));