}
return True;
}
+
+
+/*
+ add an entry to a string list
+*/
+const char **str_list_add(const char **list, const char *s)
+{
+ size_t len = str_list_length(list);
+ const char **ret;
+
+ ret = talloc_realloc(NULL, list, const char *, len+2);
+ if (ret == NULL) return NULL;
+
+ ret[len] = talloc_strdup(ret, s);
+ if (ret[len] == NULL) return NULL;
+
+ ret[len+1] = NULL;
+
+ return ret;
+}
+
+/*
+ remove an entry from a string list
+*/
+void str_list_remove(const char **list, const char *s)
+{
+ int i;
+
+ for (i=0;list[i];i++) {
+ if (strcmp(list[i], s) == 0) break;
+ }
+ if (!list[i]) return;
+
+ for (;list[i];i++) {
+ list[i] = list[i+1];
+ }
+}
+
+
+/*
+ return True if a string is in a list
+*/
+BOOL str_list_check(const char **list, const char *s)
+{
+ int i;
+
+ for (i=0;list[i];i++) {
+ if (strcmp(list[i], s) == 0) return True;
+ }
+ return False;
+}
io->out.name = packet->answers[0].name;
io->out.num_addrs = packet->answers[0].rdata.netbios.length / 6;
- io->out.reply_addrs = talloc_array(mem_ctx, const char *, io->out.num_addrs);
+ io->out.reply_addrs = talloc_array(mem_ctx, const char *, io->out.num_addrs+1);
if (io->out.reply_addrs == NULL) {
talloc_free(req);
return NT_STATUS_NO_MEMORY;
io->out.reply_addrs[i] = talloc_steal(mem_ctx,
packet->answers[0].rdata.netbios.addresses[i].ipaddr);
}
+ io->out.reply_addrs[i] = NULL;
talloc_steal(mem_ctx, io->out.name.name);
talloc_steal(mem_ctx, io->out.name.scope);
nbt_server/defense.o \
nbt_server/packet.o \
nbt_server/winsserver.o \
- nbt_server/winsdb.o
+ nbt_server/winsdb.o \
+ nbt_server/winswack.o
REQUIRED_SUBSYSTEMS = \
LIBCLI_NBT
# End SUBSYSTEM SMB
failed:
talloc_free(packet);
}
+
+
+/*
+ send a WACK reply
+*/
+void nbtd_wack_reply(struct nbt_name_socket *nbtsock,
+ struct nbt_name_packet *request_packet,
+ const char *src_address, int src_port,
+ uint32_t ttl)
+{
+ struct nbt_name_packet *packet;
+ struct nbt_name *name = &request_packet->questions[0].name;
+
+ packet = talloc_zero(nbtsock, struct nbt_name_packet);
+ if (packet == NULL) return;
+
+ packet->name_trn_id = request_packet->name_trn_id;
+ packet->ancount = 1;
+ packet->operation =
+ NBT_FLAG_REPLY |
+ NBT_OPCODE_WACK |
+ NBT_FLAG_AUTHORITIVE;
+
+ packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+ if (packet->answers == NULL) goto failed;
+
+ packet->answers[0].name = *name;
+ packet->answers[0].rr_type = NBT_QTYPE_NETBIOS;
+ packet->answers[0].rr_class = NBT_QCLASS_IP;
+ packet->answers[0].ttl = ttl;
+ packet->answers[0].rdata.data.length = 2;
+ packet->answers[0].rdata.data.data = talloc_size(packet, 2);
+ if (packet->answers[0].rdata.data.data == NULL) goto failed;
+ RSSVAL(packet->answers[0].rdata.data.data, 0, request_packet->operation);
+
+ DEBUG(7,("Sending WACK reply for %s to %s:%d\n",
+ nbt_name_string(packet, name), src_address, src_port));
+
+ nbt_name_reply_send(nbtsock, src_address, src_port, packet);
+
+failed:
+ talloc_free(packet);
+}
rec->expire_time <= time(NULL)) {
DEBUG(5,("WINS: expiring name %s (expired at %s)\n",
nbt_name_string(tmp_ctx, rec->name), timestring(tmp_ctx, rec->expire_time)));
- rec->state = WINS_REC_EXPIRED;
+ rec->state = WINS_REC_RELEASED;
}
talloc_steal(mem_ctx, rec);
enum wins_record_state {
WINS_REC_RELEASED =0,
- WINS_REC_ACTIVE =1,
- WINS_REC_EXPIRED =2
+ WINS_REC_ACTIVE =1
};
/*
#include "nbt_server/winsdb.h"
#include "system/time.h"
+/*
+ work out the ttl we will use given a client requested ttl
+*/
+uint32_t wins_server_ttl(struct wins_server *winssrv, uint32_t ttl)
+{
+ ttl = MIN(ttl, winssrv->max_ttl);
+ ttl = MAX(ttl, winssrv->min_ttl);
+ return ttl;
+}
+
/*
register a new name with WINS
*/
struct nbtd_interface);
struct wins_server *winssrv = iface->nbtsrv->winssrv;
struct nbt_name *name = &packet->questions[0].name;
- uint32_t ttl = packet->additional[0].ttl;
+ uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
uint16_t nb_flags = packet->additional[0].rdata.netbios.addresses[0].nb_flags;
const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
struct winsdb_record rec;
- ttl = MIN(ttl, winssrv->max_ttl);
- ttl = MAX(ttl, winssrv->min_ttl);
-
rec.name = name;
rec.nb_flags = nb_flags;
rec.state = WINS_REC_ACTIVE;
struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
struct nbtd_interface);
struct wins_server *winssrv = iface->nbtsrv->winssrv;
- uint32_t ttl = packet->additional[0].ttl;
+ uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
time_t now = time(NULL);
- ttl = MIN(ttl, winssrv->max_ttl);
- ttl = MAX(ttl, winssrv->min_ttl);
-
if (now + ttl > rec->expire_time) {
rec->expire_time = now + ttl;
}
return winsdb_modify(winssrv, rec);
}
-
-/*
- send a WACK reply, then check if the current owners want to keep the name
-*/
-static uint8_t wins_register_wack(struct nbt_name_socket *nbtsock,
- struct nbt_name_packet *packet,
- struct winsdb_record *rec,
- const char *src_address, int src_port)
-{
- struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
- struct nbtd_interface);
- struct wins_server *winssrv = iface->nbtsrv->winssrv;
- uint32_t ttl = packet->additional[0].ttl;
- const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
- time_t now = time(NULL);
-
- DEBUG(0,("TODO: WACK\n"));
-
- return NBT_RCODE_SVR;
-}
-
-
/*
register a name
*/
uint8_t rcode = NBT_RCODE_OK;
uint16_t nb_flags = packet->additional[0].rdata.netbios.addresses[0].nb_flags;
const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
- int i;
rec = winsdb_load(winssrv, name, packet);
if (rec == NULL) {
/* if the registration is for an address that is currently active, then
just update the expiry time */
- for (i=0;rec->addresses[i];i++) {
- if (strcmp(address, rec->addresses[i]) == 0) {
- wins_update_ttl(nbtsock, packet, rec, src_address, src_port);
- goto done;
- }
+ if (str_list_check(rec->addresses, address)) {
+ wins_update_ttl(nbtsock, packet, rec, src_address, src_port);
+ goto done;
}
- /* we have to do a WACK to see if the current owners are willing to give
- up their claim */
+ /* we have to do a WACK to see if the current owner is willing
+ to give up its claim */
wins_register_wack(nbtsock, packet, rec, src_address, src_port);
return;
struct winsdb_record *rec;
rec = winsdb_load(winssrv, name, packet);
- if (rec != NULL &&
- rec->state == WINS_REC_ACTIVE &&
- !(rec->nb_flags & NBT_NM_GROUP)) {
- /* should we release all, or only some of the addresses? */
- rec->state = WINS_REC_RELEASED;
+ if (rec == NULL ||
+ rec->state != WINS_REC_ACTIVE ||
+ (rec->nb_flags & NBT_NM_GROUP)) {
+ goto done;
+ }
+
+ /* we only allow releases from an owner - other releases are
+ silently ignored */
+ if (str_list_check(rec->addresses, src_address)) {
+ const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+
+ DEBUG(4,("WINS: released name %s at %s\n", nbt_name_string(rec, rec->name), address));
+ str_list_remove(rec->addresses, address);
+ if (rec->addresses[0] == NULL) {
+ rec->state = WINS_REC_RELEASED;
+ }
winsdb_modify(winssrv, rec);
}
+done:
/* we match w2k3 by always giving a positive reply to name releases. */
nbtd_name_release_reply(nbtsock, packet, src_address, src_port, NBT_RCODE_OK);
}
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+
+ "secure" wins server WACK processing
+
+ Copyright (C) Andrew Tridgell 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/winsdb.h"
+#include "system/time.h"
+
+struct wack_state {
+ struct wins_server *winssrv;
+ struct nbt_name_socket *nbtsock;
+ struct nbt_name_packet *request_packet;
+ struct winsdb_record *rec;
+ const char *src_address;
+ int src_port;
+ const char **owner_addresses;
+ const char *reg_address;
+ struct nbt_name_query query;
+};
+
+
+/*
+ deny a registration request
+*/
+static void wins_wack_deny(struct wack_state *state)
+{
+ nbtd_name_registration_reply(state->nbtsock, state->request_packet,
+ state->src_address, state->src_port, NBT_RCODE_ACT);
+ DEBUG(4,("WINS: denied name registration request for %s from %s\n",
+ nbt_name_string(state, state->rec->name), state->src_address));
+ talloc_free(state);
+}
+
+/*
+ allow a registration request
+*/
+static void wins_wack_allow(struct wack_state *state)
+{
+ uint32_t ttl;
+ time_t now = time(NULL);
+ struct winsdb_record *rec = state->rec;
+
+ nbtd_name_registration_reply(state->nbtsock, state->request_packet,
+ state->src_address, state->src_port, NBT_RCODE_OK);
+
+ rec->addresses = str_list_add(rec->addresses, state->reg_address);
+ if (rec->addresses == NULL) goto failed;
+
+ ttl = wins_server_ttl(state->winssrv, state->request_packet->additional[0].ttl);
+ if (now + ttl > rec->expire_time) {
+ rec->expire_time = now + ttl;
+ }
+ rec->registered_by = state->src_address;
+
+ winsdb_modify(state->winssrv, rec);
+
+ DEBUG(4,("WINS: accepted registration of %s with address %s\n",
+ nbt_name_string(state, rec->name), state->reg_address));
+
+failed:
+ talloc_free(state);
+}
+
+/*
+ called when a name query to a current owner completes
+*/
+static void wins_wack_handler(struct nbt_name_request *req)
+{
+ struct wack_state *state = talloc_get_type(req->async.private, struct wack_state);
+ NTSTATUS status;
+ int i;
+ struct winsdb_record *rec = state->rec;
+
+ status = nbt_name_query_recv(req, state, &state->query);
+
+ /* if we timed out then try the next owner address, if any */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ state->owner_addresses++;
+ if (state->owner_addresses[0] == NULL) {
+ wins_wack_allow(state);
+ return;
+ }
+ state->query.in.dest_addr = state->owner_addresses[0];
+
+ req = nbt_name_query_send(state->nbtsock, &state->query);
+ if (req == NULL) goto failed;
+
+ req->async.fn = wins_wack_handler;
+ req->async.private = state;
+ return;
+ }
+
+ /* if the owner denies it holds the name, then allow
+ the registration */
+ if (!NT_STATUS_IS_OK(status)) {
+ wins_wack_allow(state);
+ return;
+ }
+
+ /* if the owner still wants the name and doesn't reply
+ with the address trying to be registered, then deny
+ the registration */
+ if (!str_list_check(state->query.out.reply_addrs, state->reg_address)) {
+ wins_wack_deny(state);
+ return;
+ }
+
+ /* we are going to allow the registration, but first remove any addresses
+ from the record that aren't in the reply from the client */
+ for (i=0;rec->addresses[i];) {
+ if (!str_list_check(state->query.out.reply_addrs, rec->addresses[i])) {
+ str_list_remove(rec->addresses, rec->addresses[i]);
+ } else {
+ i++;
+ }
+ }
+
+ wins_wack_allow(state);
+ return;
+
+failed:
+ talloc_free(state);
+}
+
+
+/*
+ a client has asked to register a unique name that someone else owns. We
+ need to ask each of the current owners if they still want it. If they do
+ then reject the registration, otherwise allow it
+*/
+void wins_register_wack(struct nbt_name_socket *nbtsock,
+ struct nbt_name_packet *packet,
+ struct winsdb_record *rec,
+ const char *src_address, int src_port)
+{
+ struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
+ struct nbtd_interface);
+ struct wins_server *winssrv = iface->nbtsrv->winssrv;
+ struct wack_state *state;
+ struct nbt_name_request *req;
+ uint32_t ttl;
+
+ state = talloc(nbtsock, struct wack_state);
+ if (state == NULL) goto failed;
+
+ /* package up the state variables for this wack request */
+ state->winssrv = winssrv;
+ state->nbtsock = nbtsock;
+ state->request_packet = talloc_steal(state, packet);
+ state->rec = talloc_steal(state, rec);
+ state->src_port = src_port;
+ state->owner_addresses = rec->addresses;
+ state->reg_address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+ state->src_address = talloc_strdup(state, src_address);
+ if (state->src_address == NULL) goto failed;
+
+ /* send a WACK to the client, specifying the maximum time it could
+ take to check with the owner, plus some slack */
+ ttl = 5 + 4 * str_list_length(rec->addresses);
+ nbtd_wack_reply(nbtsock, packet, src_address, src_port, ttl);
+
+ /* setup a name query to the first address */
+ state->query.in.name = *rec->name;
+ state->query.in.dest_addr = state->owner_addresses[0];
+ state->query.in.broadcast = False;
+ state->query.in.wins_lookup = True;
+ state->query.in.timeout = 1;
+ state->query.in.retries = 2;
+
+ req = nbt_name_query_send(nbtsock, &state->query);
+ if (req == NULL) goto failed;
+
+ req->async.fn = wins_wack_handler;
+ req->async.private = state;
+ return;
+
+failed:
+ talloc_free(state);
+ nbtd_name_registration_reply(nbtsock, packet, src_address, src_port, NBT_RCODE_SVR);
+}
git.samba.org / kai / samba.git / commitdiff