From 9eb33fc21236942c4b518557be920d4208e6b168 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 4 Feb 2005 01:55:50 +0000
Subject: [PATCH] r5211: added broadcast name defense against both registration
 and refresh requests (This used to be commit
 9eafe2cacaef64384febe6bb0938294f7c1ee6bf)

---
 source4/nbt_server/config.mk    |   1 +
 source4/nbt_server/defense.c    | 110 ++++++++++++++++++++++++++++++++
 source4/nbt_server/interfaces.c |  13 ++++
 source4/nbt_server/query.c      |   7 --
 4 files changed, 124 insertions(+), 7 deletions(-)
 create mode 100644 source4/nbt_server/defense.c

diff --git a/source4/nbt_server/config.mk b/source4/nbt_server/config.mk
index 2501c014176..34ed8878e8c 100644
--- a/source4/nbt_server/config.mk
+++ b/source4/nbt_server/config.mk
@@ -11,6 +11,7 @@ ADD_OBJ_FILES = \
 		nbt_server/query.o \
 		nbt_server/nodestatus.o \
 		nbt_server/winsserver.o \
+		nbt_server/defense.o \
 		nbt_server/packet.o
 REQUIRED_SUBSYSTEMS = \
 		LIBCLI_NBT
diff --git a/source4/nbt_server/defense.c b/source4/nbt_server/defense.c
new file mode 100644
index 00000000000..2e34aca1ee3
--- /dev/null
+++ b/source4/nbt_server/defense.c
@@ -0,0 +1,110 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   defend our names against name registration requests
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "dlinklist.h"
+#include "system/network.h"
+#include "nbt_server/nbt_server.h"
+
+/*
+  send a name defense reply
+*/
+static void nbtd_name_defense_reply(struct nbt_name_socket *nbtsock, 
+				    struct nbt_name_packet *request_packet, 
+				    const char *src_address, int src_port,
+				    struct nbt_name *name, uint32_t ttl,
+				    uint16_t nb_flags, const char *address)
+{
+	struct nbt_name_packet *packet;
+
+	packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (packet == NULL) return;
+
+	packet->name_trn_id = request_packet->name_trn_id;
+	packet->ancount = 1;
+	packet->operation = 
+		NBT_FLAG_REPLY | 
+		(request_packet->operation & NBT_OPCODE) |
+		NBT_FLAG_AUTHORITIVE |
+		NBT_FLAG_RECURSION_DESIRED |
+		NBT_FLAG_RECURSION_AVAIL |
+		NBT_RCODE_ACT;
+	
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) goto failed;
+
+	packet->answers[0].name     = *name;
+	packet->answers[0].rr_type  = NBT_QTYPE_NETBIOS;
+	packet->answers[0].rr_class = NBT_QCLASS_IP;
+	packet->answers[0].ttl      = ttl;
+	packet->answers[0].rdata.netbios.length = 6;
+	packet->answers[0].rdata.netbios.addresses = 
+		talloc_array(packet->answers,
+			     struct nbt_rdata_address, 1);
+	if (packet->answers[0].rdata.netbios.addresses == NULL) goto failed;
+	packet->answers[0].rdata.netbios.addresses[0].nb_flags = nb_flags;
+	packet->answers[0].rdata.netbios.addresses[0].ipaddr = 
+		talloc_strdup(packet->answers, address);
+	if (packet->answers[0].rdata.netbios.addresses[0].ipaddr == NULL) goto failed;
+
+	DEBUG(7,("Sending name defense reply for %s<%02x> at %s to %s:%d\n", 
+		 name->name, name->type, src_address, address, src_port));
+	
+	nbt_name_reply_send(nbtsock, src_address, src_port, packet);
+
+failed:
+	talloc_free(packet);
+}
+
+
+/*
+  defend our registered names against registration or name refresh
+  requests
+*/
+void nbtd_request_defense(struct nbt_name_socket *nbtsock, 
+			  struct nbt_name_packet *packet, 
+			  const char *src_address, int src_port)
+{
+	struct nbt_iface_name *iname;
+	struct nbt_name *name;
+	struct nbt_interface *iface = talloc_get_type(nbtsock->incoming.private, 
+						      struct nbt_interface);
+
+	NBT_ASSERT_PACKET(packet, src_address, packet->qdcount == 1);
+	NBT_ASSERT_PACKET(packet, src_address, packet->arcount == 1);
+	NBT_ASSERT_PACKET(packet, src_address, 
+			  packet->questions[0].question_type == NBT_QTYPE_NETBIOS);
+	NBT_ASSERT_PACKET(packet, src_address, 
+			  packet->questions[0].question_class == NBT_QCLASS_IP);
+
+	/* see if we have the requested name on this interface */
+	name = &packet->questions[0].name;
+
+	iname = nbtd_find_iname(iface, name, NBT_NM_ACTIVE);
+	if (iname != NULL) {
+		DEBUG(2,("Defending name %s<%02x> on %s against %s\n",
+			 name->name, name->type, iface->bcast_address, src_address));
+		nbtd_name_defense_reply(nbtsock, packet, src_address, src_port,
+					&iname->name, iname->ttl, iname->nb_flags, 
+					iface->ip_address);
+	}
+}
diff --git a/source4/nbt_server/interfaces.c b/source4/nbt_server/interfaces.c
index a9041706c6d..9c26925b323 100644
--- a/source4/nbt_server/interfaces.c
+++ b/source4/nbt_server/interfaces.c
@@ -33,10 +33,23 @@ static void nbtd_request_handler(struct nbt_name_socket *nbtsock,
 				 struct nbt_name_packet *packet, 
 				 const char *src_address, int src_port)
 {
+	/* if its a WINS query then direct to our WINS server */
+	if ((packet->operation & NBT_FLAG_RECURSION_DESIRED) &&
+	    !(packet->operation & NBT_FLAG_BROADCAST)) {
+		nbtd_query_wins(nbtsock, packet, src_address, src_port);
+		return;
+	}
+
+	/* the request is to us in our role as a B node */
 	switch (packet->operation & NBT_OPCODE) {
 	case NBT_OPCODE_QUERY:
 		nbtd_request_query(nbtsock, packet, src_address, src_port);
 		break;
+
+	case NBT_OPCODE_REGISTER:
+	case NBT_OPCODE_REFRESH:
+		nbtd_request_defense(nbtsock, packet, src_address, src_port);
+		break;
 	}
 }
 
diff --git a/source4/nbt_server/query.c b/source4/nbt_server/query.c
index 911163f19e6..bf2c75f2d1b 100644
--- a/source4/nbt_server/query.c
+++ b/source4/nbt_server/query.c
@@ -93,13 +93,6 @@ void nbtd_request_query(struct nbt_name_socket *nbtsock,
 		return;
 	}
 
-	/* if its a WINS query then direct to our WINS server */
-	if ((packet->operation & NBT_FLAG_RECURSION_DESIRED) &&
-	    !(packet->operation & NBT_FLAG_BROADCAST)) {
-		nbtd_query_wins(nbtsock, packet, src_address, src_port);
-		return;
-	}
-
 	NBT_ASSERT_PACKET(packet, src_address, packet->qdcount == 1);
 	NBT_ASSERT_PACKET(packet, src_address, packet->questions[0].question_type == NBT_QTYPE_NETBIOS);
 	NBT_ASSERT_PACKET(packet, src_address, packet->questions[0].question_class == NBT_QCLASS_IP);
-- 
2.34.1