Fix Coverity bug #902, uninitialized variable.
[ira/wip.git] / source3 / nmbd / nmbd_packets.c
1 /* 
2    Unix SMB/CIFS implementation.
3    NBT netbios routines and daemon - version 2
4    Copyright (C) Andrew Tridgell 1994-1998
5    Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6    Copyright (C) Jeremy Allison 1994-2003
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20    
21 */
22
23 #include "includes.h"
24
25 extern int ClientNMB;
26 extern int ClientDGRAM;
27 extern int global_nmb_port;
28
29 extern int num_response_packets;
30
31 bool rescan_listen_set = False;
32
33
34 /*******************************************************************
35   The global packet linked-list. Incoming entries are 
36   added to the end of this list. It is supposed to remain fairly 
37   short so we won't bother with an end pointer.
38 ******************************************************************/
39
40 static struct packet_struct *packet_queue = NULL;
41
42 /***************************************************************************
43 Utility function to find the specific fd to send a packet out on.
44 **************************************************************************/
45
46 static int find_subnet_fd_for_address( struct in_addr local_ip )
47 {
48         struct subnet_record *subrec;
49
50         for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
51                 if(ip_equal_v4(local_ip, subrec->myip))
52                         return subrec->nmb_sock;
53
54         return ClientNMB;
55 }
56
57 /***************************************************************************
58 Utility function to find the specific fd to send a mailslot packet out on.
59 **************************************************************************/
60
61 static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip )
62 {
63         struct subnet_record *subrec;
64
65         for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
66                 if(ip_equal_v4(local_ip, subrec->myip))
67                         return subrec->dgram_sock;
68
69         return ClientDGRAM;
70 }
71
72 /***************************************************************************
73 Get/Set problematic nb_flags as network byte order 16 bit int.
74 **************************************************************************/
75
76 uint16 get_nb_flags(char *buf)
77 {
78         return ((((uint16)*buf)&0xFFFF) & NB_FLGMSK);
79 }
80
81 void set_nb_flags(char *buf, uint16 nb_flags)
82 {
83         *buf++ = ((nb_flags & NB_FLGMSK) & 0xFF);
84         *buf = '\0';
85 }
86
87 /***************************************************************************
88 Dumps out the browse packet data.
89 **************************************************************************/
90
91 static void debug_browse_data(char *outbuf, int len)
92 {
93         int i,j;
94
95         DEBUG( 4, ( "debug_browse_data():\n" ) );
96         for (i = 0; i < len; i+= 16) {
97                 DEBUGADD( 4, ( "%3x char ", i ) );
98
99                 for (j = 0; j < 16; j++) {
100                         unsigned char x;
101                         if (i+j >= len)
102                                 break;
103
104                         x = outbuf[i+j];
105                         if (x < 32 || x > 127) 
106                                 x = '.';
107             
108                         DEBUGADD( 4, ( "%c", x ) );
109                 }
110
111                 DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
112
113                 for (j = 0; j < 16; j++) {
114                         if (i+j >= len) 
115                                 break;
116                         DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
117                 }
118
119                 DEBUGADD( 4, ("\n") );
120         }
121 }
122
123 /***************************************************************************
124   Generates the unique transaction identifier
125 **************************************************************************/
126
127 static uint16 name_trn_id=0;
128
129 static uint16 generate_name_trn_id(void)
130 {
131         if (!name_trn_id) {
132                 name_trn_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100);
133         }
134         name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
135         return name_trn_id;
136 }
137
138 /***************************************************************************
139  Either loops back or sends out a completed NetBIOS packet.
140 **************************************************************************/
141
142 static bool send_netbios_packet(struct packet_struct *p)
143 {
144         bool loopback_this_packet = False;
145
146         /* Check if we are sending to or from ourselves as a WINS server. */
147         if(ismyip_v4(p->ip) && (p->port == global_nmb_port))
148                 loopback_this_packet = True;
149
150         if(loopback_this_packet) {
151                 struct packet_struct *lo_packet = NULL;
152                 DEBUG(5,("send_netbios_packet: sending packet to ourselves.\n"));
153                 if((lo_packet = copy_packet(p)) == NULL)
154                         return False;
155                 queue_packet(lo_packet);
156         } else if (!send_packet(p)) {
157                 DEBUG(0,("send_netbios_packet: send_packet() to IP %s port %d failed\n",
158                         inet_ntoa(p->ip),p->port));
159                 return False;
160         }
161   
162         return True;
163
164
165 /***************************************************************************
166  Sets up the common elements of an outgoing NetBIOS packet.
167
168  Note: do not attempt to rationalise whether rec_des should be set or not
169  in a particular situation. Just follow rfc_1002 or look at examples from WinXX.
170  It does NOT follow the rule that requests to the wins server always have
171  rec_des true. See for example name releases and refreshes
172 **************************************************************************/
173
174 static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmbname,
175                                                             bool bcast, bool rec_des,
176                                                             struct in_addr to_ip)
177 {
178         struct packet_struct *packet = NULL;
179         struct nmb_packet *nmb = NULL;
180
181         /* Allocate the packet_struct we will return. */
182         if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL) {
183                 DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
184                 return NULL;
185         }
186     
187         memset((char *)packet,'\0',sizeof(*packet));
188
189         nmb = &packet->packet.nmb;
190
191         nmb->header.name_trn_id = generate_name_trn_id();
192         nmb->header.response = False;
193         nmb->header.nm_flags.recursion_desired = rec_des;
194         nmb->header.nm_flags.recursion_available = False;
195         nmb->header.nm_flags.trunc = False;
196         nmb->header.nm_flags.authoritative = False;
197         nmb->header.nm_flags.bcast = bcast;
198   
199         nmb->header.rcode = 0;
200         nmb->header.qdcount = 1;
201         nmb->header.ancount = 0;
202         nmb->header.nscount = 0;
203
204         nmb->question.question_name = *nmbname;
205         nmb->question.question_type = QUESTION_TYPE_NB_QUERY;
206         nmb->question.question_class = QUESTION_CLASS_IN;
207
208         packet->ip = to_ip;
209         packet->port = NMB_PORT;
210         packet->fd = ClientNMB;
211         packet->timestamp = time(NULL);
212         packet->packet_type = NMB_PACKET;
213         packet->locked = False;
214   
215         return packet; /* Caller must free. */
216 }
217
218 /***************************************************************************
219  Sets up the common elements of register, refresh or release packet.
220 **************************************************************************/
221
222 static bool create_and_init_additional_record(struct packet_struct *packet,
223                                                      uint16 nb_flags,
224                                                      const struct in_addr *register_ip)
225 {
226         struct nmb_packet *nmb = &packet->packet.nmb;
227
228         if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {
229                 DEBUG(0,("create_and_init_additional_record: malloc fail for additional record.\n"));
230                 return False;
231         }
232
233         memset((char *)nmb->additional,'\0',sizeof(struct res_rec));
234
235         nmb->additional->rr_name  = nmb->question.question_name;
236         nmb->additional->rr_type  = RR_TYPE_NB;
237         nmb->additional->rr_class = RR_CLASS_IN;
238         
239         /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
240         if (nmb->header.nm_flags.bcast)
241                 nmb->additional->ttl = PERMANENT_TTL;
242         else
243                 nmb->additional->ttl = lp_max_ttl();
244         
245         nmb->additional->rdlength = 6;
246         
247         set_nb_flags(nmb->additional->rdata,nb_flags);
248         
249         /* Set the address for the name we are registering. */
250         putip(&nmb->additional->rdata[2], register_ip);
251         
252         /* 
253            it turns out that Jeremys code was correct, we are supposed
254            to send registrations from the IP we are registering. The
255            trick is what to do on timeouts! When we send on a
256            non-routable IP then the reply will timeout, and we should
257            treat this as success, not failure. That means we go into
258            our standard refresh cycle for that name which copes nicely
259            with disconnected networks.
260         */
261         packet->fd = find_subnet_fd_for_address(*register_ip);
262
263         return True;
264 }
265
266 /***************************************************************************
267  Sends out a name query.
268 **************************************************************************/
269
270 static bool initiate_name_query_packet( struct packet_struct *packet)
271 {
272         struct nmb_packet *nmb = NULL;
273
274         nmb = &packet->packet.nmb;
275
276         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
277         nmb->header.arcount = 0;
278
279         nmb->header.nm_flags.recursion_desired = True;
280
281         DEBUG(4,("initiate_name_query_packet: sending query for name %s (bcast=%s) to IP %s\n",
282                 nmb_namestr(&nmb->question.question_name), 
283                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
284
285         return send_netbios_packet( packet );
286 }
287
288 /***************************************************************************
289  Sends out a name query - from a WINS server. 
290 **************************************************************************/
291
292 static bool initiate_name_query_packet_from_wins_server( struct packet_struct *packet)
293 {   
294         struct nmb_packet *nmb = NULL;
295   
296         nmb = &packet->packet.nmb;
297
298         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
299         nmb->header.arcount = 0;
300     
301         nmb->header.nm_flags.recursion_desired = False;
302   
303         DEBUG(4,("initiate_name_query_packet_from_wins_server: sending query for name %s (bcast=%s) to IP %s\n",
304                 nmb_namestr(&nmb->question.question_name),
305                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
306     
307         return send_netbios_packet( packet );
308
309
310 /***************************************************************************
311  Sends out a name register.
312 **************************************************************************/
313
314 static bool initiate_name_register_packet( struct packet_struct *packet,
315                                     uint16 nb_flags, const struct in_addr *register_ip)
316 {
317         struct nmb_packet *nmb = &packet->packet.nmb;
318
319         nmb->header.opcode = NMB_NAME_REG_OPCODE;
320         nmb->header.arcount = 1;
321
322         nmb->header.nm_flags.recursion_desired = True;
323
324         if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
325                 return False;
326
327         DEBUG(4,("initiate_name_register_packet: sending registration for name %s (bcast=%s) to IP %s\n",
328                 nmb_namestr(&nmb->additional->rr_name),
329                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
330
331         return send_netbios_packet( packet );
332 }
333
334 /***************************************************************************
335  Sends out a multihomed name register.
336 **************************************************************************/
337
338 static bool initiate_multihomed_name_register_packet(struct packet_struct *packet,
339                                                      uint16 nb_flags, struct in_addr *register_ip)
340 {
341         struct nmb_packet *nmb = &packet->packet.nmb;
342         fstring second_ip_buf;
343
344         fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
345
346         nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
347         nmb->header.arcount = 1;
348
349         nmb->header.nm_flags.recursion_desired = True;
350         
351         if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
352                 return False;
353         
354         DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \
355 for name %s IP %s (bcast=%s) to IP %s\n",
356                  nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip),
357                  BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf ));
358
359         return send_netbios_packet( packet );
360
361
362 /***************************************************************************
363  Sends out a name refresh.
364 **************************************************************************/
365
366 static bool initiate_name_refresh_packet( struct packet_struct *packet,
367                                    uint16 nb_flags, struct in_addr *refresh_ip)
368 {
369         struct nmb_packet *nmb = &packet->packet.nmb;
370
371         nmb->header.opcode = NMB_NAME_REFRESH_OPCODE_8;
372         nmb->header.arcount = 1;
373
374         nmb->header.nm_flags.recursion_desired = False;
375
376         if(create_and_init_additional_record(packet, nb_flags, refresh_ip) == False)
377                 return False;
378
379         DEBUG(4,("initiate_name_refresh_packet: sending refresh for name %s (bcast=%s) to IP %s\n",
380                 nmb_namestr(&nmb->additional->rr_name),
381                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
382
383         return send_netbios_packet( packet );
384
385
386 /***************************************************************************
387  Sends out a name release.
388 **************************************************************************/
389
390 static bool initiate_name_release_packet( struct packet_struct *packet,
391                                    uint16 nb_flags, struct in_addr *release_ip)
392 {
393         struct nmb_packet *nmb = &packet->packet.nmb;
394
395         nmb->header.opcode = NMB_NAME_RELEASE_OPCODE;
396         nmb->header.arcount = 1;
397
398         nmb->header.nm_flags.recursion_desired = False;
399
400         if(create_and_init_additional_record(packet, nb_flags, release_ip) == False)
401                 return False;
402
403         DEBUG(4,("initiate_name_release_packet: sending release for name %s (bcast=%s) to IP %s\n",
404                 nmb_namestr(&nmb->additional->rr_name),
405                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
406
407         return send_netbios_packet( packet );
408
409
410 /***************************************************************************
411  Sends out a node status.
412 **************************************************************************/
413
414 static bool initiate_node_status_packet( struct packet_struct *packet )
415 {
416         struct nmb_packet *nmb = &packet->packet.nmb;
417
418         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
419         nmb->header.arcount = 0;
420
421         nmb->header.nm_flags.recursion_desired = False;
422
423         nmb->question.question_type = QUESTION_TYPE_NB_STATUS;
424
425         DEBUG(4,("initiate_node_status_packet: sending node status request for name %s to IP %s\n",
426                 nmb_namestr(&nmb->question.question_name),
427                 inet_ntoa(packet->ip)));
428
429         return send_netbios_packet( packet );
430 }
431
432 /****************************************************************************
433   Simplification functions for queuing standard packets.
434   These should be the only publicly callable functions for sending
435   out packets.
436 ****************************************************************************/
437
438 /****************************************************************************
439  Assertion - we should never be sending nmbd packets on the remote
440  broadcast subnet.
441 ****************************************************************************/
442
443 static bool assert_check_subnet(struct subnet_record *subrec)
444 {
445         if( subrec == remote_broadcast_subnet) {
446                 DEBUG(0,("assert_check_subnet: Attempt to send packet on remote broadcast subnet. \
447 This is a bug.\n"));
448                 return True;
449         }
450         return False;
451 }
452
453 /****************************************************************************
454  Queue a register name packet to the broadcast address of a subnet.
455 ****************************************************************************/
456
457 struct response_record *queue_register_name( struct subnet_record *subrec,
458                           response_function resp_fn,
459                           timeout_response_function timeout_fn,
460                           register_name_success_function success_fn,
461                           register_name_fail_function fail_fn,
462                           struct userdata_struct *userdata,
463                           struct nmb_name *nmbname,
464                           uint16 nb_flags)
465 {
466         struct packet_struct *p;
467         struct response_record *rrec;
468         struct sockaddr_storage ss;
469         const struct sockaddr_storage *pss = NULL;
470         if(assert_check_subnet(subrec))
471                 return NULL;
472
473         /* note that all name registration requests have RD set (rfc1002 - section 4.2.2 */
474         if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), True,
475                                 subrec->bcast_ip)) == NULL)
476                 return NULL;
477
478         in_addr_to_sockaddr_storage(&ss, subrec->bcast_ip);
479         pss = iface_ip((struct sockaddr *)&ss);
480         if (!pss || pss->ss_family != AF_INET) {
481                 p->locked = False;
482                 free_packet(p);
483                 return NULL;
484         }
485
486         if(initiate_name_register_packet(p, nb_flags,
487                         &((const struct sockaddr_in *)pss)->sin_addr) == False) {
488                 p->locked = False;
489                 free_packet(p);
490                 return NULL;
491         }
492
493         if((rrec = make_response_record(subrec,        /* subnet record. */
494                                 p,                     /* packet we sent. */
495                                 resp_fn,               /* function to call on response. */
496                                 timeout_fn,            /* function to call on timeout. */
497                                 (success_function)success_fn,            /* function to call on operation success. */
498                                 (fail_function)fail_fn,               /* function to call on operation fail. */
499                                 userdata)) == NULL)  {
500                 p->locked = False;
501                 free_packet(p);
502                 return NULL;
503         }
504
505         return rrec;
506 }
507
508 /****************************************************************************
509  Queue a refresh name packet to the broadcast address of a subnet.
510 ****************************************************************************/
511
512 void queue_wins_refresh(struct nmb_name *nmbname,
513                         response_function resp_fn,
514                         timeout_response_function timeout_fn,
515                         uint16 nb_flags,
516                         struct in_addr refresh_ip,
517                         const char *tag)
518 {
519         struct packet_struct *p;
520         struct response_record *rrec;
521         struct in_addr wins_ip;
522         struct userdata_struct *userdata;
523         fstring ip_str;
524
525         wins_ip = wins_srv_ip_tag(tag, refresh_ip);
526
527         if ((p = create_and_init_netbios_packet(nmbname, False, False, wins_ip)) == NULL) {
528                 return;
529         }
530
531         if (!initiate_name_refresh_packet(p, nb_flags, &refresh_ip)) {
532                 p->locked = False;
533                 free_packet(p);
534                 return;
535         }
536
537         fstrcpy(ip_str, inet_ntoa(refresh_ip));
538
539         DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n",
540                  nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag));
541
542         userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1);
543         if (!userdata) {
544                 p->locked = False;
545                 free_packet(p);
546                 DEBUG(0,("Failed to allocate userdata structure!\n"));
547                 return;
548         }
549         ZERO_STRUCTP(userdata);
550         userdata->userdata_len = strlen(tag) + 1;
551         strlcpy(userdata->data, tag, userdata->userdata_len);   
552
553         if ((rrec = make_response_record(unicast_subnet,
554                                          p,
555                                          resp_fn, timeout_fn,
556                                          NULL,
557                                          NULL,
558                                          userdata)) == NULL) {
559                 p->locked = False;
560                 free_packet(p);
561                 return;
562         }
563
564         free(userdata);
565
566         /* we don't want to repeat refresh packets */
567         rrec->repeat_count = 0;
568 }
569
570
571 /****************************************************************************
572  Queue a multihomed register name packet to a given WINS server IP
573 ****************************************************************************/
574
575 struct response_record *queue_register_multihomed_name( struct subnet_record *subrec,
576                                                         response_function resp_fn,
577                                                         timeout_response_function timeout_fn,
578                                                         register_name_success_function success_fn,
579                                                         register_name_fail_function fail_fn,
580                                                         struct userdata_struct *userdata,
581                                                         struct nmb_name *nmbname,
582                                                         uint16 nb_flags,
583                                                         struct in_addr register_ip,
584                                                         struct in_addr wins_ip)
585 {
586         struct packet_struct *p;
587         struct response_record *rrec;
588         bool ret;
589         
590         /* Sanity check. */
591         if(subrec != unicast_subnet) {
592                 DEBUG(0,("queue_register_multihomed_name: should only be done on \
593 unicast subnet. subnet is %s\n.", subrec->subnet_name ));
594                 return NULL;
595         }
596
597         if(assert_check_subnet(subrec))
598                 return NULL;
599      
600         if ((p = create_and_init_netbios_packet(nmbname, False, True, wins_ip)) == NULL)
601                 return NULL;
602
603         if (nb_flags & NB_GROUP)
604                 ret = initiate_name_register_packet( p, nb_flags, &register_ip);
605         else
606                 ret = initiate_multihomed_name_register_packet(p, nb_flags, &register_ip);
607
608         if (ret == False) {  
609                 p->locked = False;
610                 free_packet(p);
611                 return NULL;
612         }  
613   
614         if ((rrec = make_response_record(subrec,    /* subnet record. */
615                                          p,                     /* packet we sent. */
616                                          resp_fn,               /* function to call on response. */
617                                          timeout_fn,            /* function to call on timeout. */
618                                          (success_function)success_fn, /* function to call on operation success. */
619                                          (fail_function)fail_fn,       /* function to call on operation fail. */
620                                          userdata)) == NULL) {  
621                 p->locked = False;
622                 free_packet(p);
623                 return NULL;
624         }  
625         
626         return rrec;
627 }
628
629 /****************************************************************************
630  Queue a release name packet to the broadcast address of a subnet.
631 ****************************************************************************/
632
633 struct response_record *queue_release_name( struct subnet_record *subrec,
634                                             response_function resp_fn,
635                                             timeout_response_function timeout_fn,
636                                             release_name_success_function success_fn,
637                                             release_name_fail_function fail_fn,
638                                             struct userdata_struct *userdata,
639                                             struct nmb_name *nmbname,
640                                             uint16 nb_flags,
641                                             struct in_addr release_ip,
642                                             struct in_addr dest_ip)
643 {
644         struct packet_struct *p;
645         struct response_record *rrec;
646
647         if(assert_check_subnet(subrec))
648                 return NULL;
649
650         if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False, dest_ip)) == NULL)
651                 return NULL;
652
653         if(initiate_name_release_packet( p, nb_flags, &release_ip) == False) {
654                 p->locked = False;
655                 free_packet(p);
656                 return NULL;
657         }
658
659         if((rrec = make_response_record(subrec,                /* subnet record. */
660                                         p,                     /* packet we sent. */
661                                         resp_fn,               /* function to call on response. */
662                                         timeout_fn,            /* function to call on timeout. */
663                                         (success_function)success_fn,            /* function to call on operation success. */
664                                         (fail_function)fail_fn,               /* function to call on operation fail. */
665                                         userdata)) == NULL)  {
666                 p->locked = False;
667                 free_packet(p);
668                 return NULL;
669         }
670
671         /*
672          * For a broadcast release packet, only send once.
673          * This will cause us to remove the name asap. JRA.
674          */
675
676         if (subrec != unicast_subnet) {
677                 rrec->repeat_count = 0;
678                 rrec->repeat_time = 0;
679         }
680
681         return rrec;
682 }
683
684 /****************************************************************************
685  Queue a query name packet to the broadcast address of a subnet.
686 ****************************************************************************/
687  
688 struct response_record *queue_query_name( struct subnet_record *subrec,
689                           response_function resp_fn,
690                           timeout_response_function timeout_fn,
691                           query_name_success_function success_fn,
692                           query_name_fail_function fail_fn,
693                           struct userdata_struct *userdata,
694                           struct nmb_name *nmbname)
695 {
696         struct packet_struct *p;
697         struct response_record *rrec;
698         struct in_addr to_ip;
699
700         if(assert_check_subnet(subrec))
701                 return NULL;
702
703         to_ip = subrec->bcast_ip;
704   
705         /* queries to the WINS server turn up here as queries to IP 0.0.0.0 
706                         These need to be handled a bit differently */
707         if (subrec->type == UNICAST_SUBNET && is_zero_ip_v4(to_ip)) {
708                 /* What we really need to do is loop over each of our wins
709                  * servers and wins server tags here, but that just doesn't
710                  * fit our architecture at the moment (userdata may already
711                  * be used when we get here). For now we just query the first
712                  * active wins server on the first tag.
713                  */ 
714                 char **tags = wins_srv_tags();
715                 if (!tags) {
716                         return NULL;
717                 }
718                 to_ip = wins_srv_ip_tag(tags[0], to_ip);
719                 wins_srv_tags_free(tags);
720         }
721
722         if(( p = create_and_init_netbios_packet(nmbname, 
723                                         (subrec != unicast_subnet), 
724                                         (subrec == unicast_subnet), 
725                                         to_ip)) == NULL)
726                 return NULL;
727
728         if(lp_bind_interfaces_only()) {
729                 int i;
730
731                 DEBUG(10,("queue_query_name: bind_interfaces_only is set, looking for suitable source IP\n"));
732                 for(i = 0; i < iface_count(); i++) {
733                         const struct in_addr *ifip = iface_n_ip_v4(i);
734
735                         if (ifip == NULL) {
736                                 DEBUG(0,("queue_query_name: interface %d has NULL IP address !\n", i));
737                                 continue;
738                         }
739
740                         if (is_loopback_ip_v4(*ifip)) {
741                                 DEBUG(5,("queue_query_name: ignoring loopback interface (%d)\n", i));
742                                 continue;
743                         }
744
745                         DEBUG(10,("queue_query_name: using source IP %s\n",inet_ntoa(*ifip)));
746                                 p->fd = find_subnet_fd_for_address( *ifip );
747                                 break;
748                 }
749         }
750
751         if(initiate_name_query_packet( p ) == False) {
752                 p->locked = False;
753                 free_packet(p);
754                 return NULL;
755         }
756
757         if((rrec = make_response_record(subrec,                /* subnet record. */
758                                         p,                     /* packet we sent. */
759                                         resp_fn,               /* function to call on response. */
760                                         timeout_fn,            /* function to call on timeout. */
761                                         (success_function)success_fn,            /* function to call on operation success. */
762                                         (fail_function)fail_fn,               /* function to call on operation fail. */
763                                         userdata)) == NULL) {
764                 p->locked = False;
765                 free_packet(p);
766                 return NULL;
767         }
768
769         return rrec;
770 }
771
772 /****************************************************************************
773  Queue a query name packet to a given address from the WINS subnet.
774 ****************************************************************************/
775
776 struct response_record *queue_query_name_from_wins_server( struct in_addr to_ip,
777                           response_function resp_fn,
778                           timeout_response_function timeout_fn,
779                           query_name_success_function success_fn,
780                           query_name_fail_function fail_fn,
781                           struct userdata_struct *userdata,
782                           struct nmb_name *nmbname)
783 {
784         struct packet_struct *p;
785         struct response_record *rrec;
786
787         if ((p = create_and_init_netbios_packet(nmbname, False, False, to_ip)) == NULL)
788                 return NULL;
789
790         if(initiate_name_query_packet_from_wins_server( p ) == False) {
791                 p->locked = False;
792                 free_packet(p);
793                 return NULL;
794         }
795
796         if((rrec = make_response_record(wins_server_subnet,            /* subnet record. */
797                                                 p,                     /* packet we sent. */
798                                                 resp_fn,               /* function to call on response. */
799                                                 timeout_fn,            /* function to call on timeout. */
800                                                 (success_function)success_fn,            /* function to call on operation success. */
801                                                 (fail_function)fail_fn,               /* function to call on operation fail. */
802                                                 userdata)) == NULL) {
803                 p->locked = False;
804                 free_packet(p);
805                 return NULL;
806         }
807
808         return rrec;
809 }
810
811 /****************************************************************************
812  Queue a node status packet to a given name and address.
813 ****************************************************************************/
814
815 struct response_record *queue_node_status( struct subnet_record *subrec,
816                           response_function resp_fn,
817                           timeout_response_function timeout_fn,
818                           node_status_success_function success_fn,
819                           node_status_fail_function fail_fn,
820                           struct userdata_struct *userdata,
821                           struct nmb_name *nmbname,
822                           struct in_addr send_ip)
823 {
824         struct packet_struct *p;
825         struct response_record *rrec;
826
827         /* Sanity check. */
828         if(subrec != unicast_subnet) {
829                 DEBUG(0,("queue_register_multihomed_name: should only be done on \
830 unicast subnet. subnet is %s\n.", subrec->subnet_name ));
831                 return NULL;
832         }
833
834         if(assert_check_subnet(subrec))
835                 return NULL;
836
837         if(( p = create_and_init_netbios_packet(nmbname, False, False, send_ip)) == NULL)
838                 return NULL;
839
840         if(initiate_node_status_packet(p) == False) {
841                 p->locked = False;
842                 free_packet(p);
843                 return NULL;
844         }
845
846         if((rrec = make_response_record(subrec,           /* subnet record. */
847                                         p,                     /* packet we sent. */
848                                         resp_fn,               /* function to call on response. */
849                                         timeout_fn,            /* function to call on timeout. */
850                                         (success_function)success_fn,            /* function to call on operation success. */
851                                         (fail_function)fail_fn,               /* function to call on operation fail. */
852                                         userdata)) == NULL) {
853                 p->locked = False;
854                 free_packet(p);
855                 return NULL;
856         }
857
858         return rrec;
859 }
860
861 /****************************************************************************
862   Reply to a netbios name packet.  see rfc1002.txt
863 ****************************************************************************/
864
865 void reply_netbios_packet(struct packet_struct *orig_packet,
866                           int rcode, enum netbios_reply_type_code rcv_code, int opcode,
867                           int ttl, char *data,int len)
868 {
869         struct packet_struct packet;
870         struct nmb_packet *nmb = NULL;
871         struct res_rec answers;
872         struct nmb_packet *orig_nmb = &orig_packet->packet.nmb;
873         bool loopback_this_packet = False;
874         int rr_type = RR_TYPE_NB;
875         const char *packet_type = "unknown";
876
877         /* Check if we are sending to or from ourselves. */
878         if(ismyip_v4(orig_packet->ip) && (orig_packet->port == global_nmb_port))
879                 loopback_this_packet = True;
880
881         nmb = &packet.packet.nmb;
882
883         /* Do a partial copy of the packet. We clear the locked flag and
884                         the resource record pointers. */
885         packet = *orig_packet;   /* Full structure copy. */
886         packet.locked = False;
887         nmb->answers = NULL;
888         nmb->nsrecs = NULL;
889         nmb->additional = NULL;
890
891         switch (rcv_code) {
892                 case NMB_STATUS:
893                         packet_type = "nmb_status";
894                         nmb->header.nm_flags.recursion_desired = False;
895                         nmb->header.nm_flags.recursion_available = False;
896                         rr_type = RR_TYPE_NBSTAT;
897                         break;
898                 case NMB_QUERY:
899                         packet_type = "nmb_query";
900                         nmb->header.nm_flags.recursion_desired = True;
901                         nmb->header.nm_flags.recursion_available = True;
902                         if (rcode) {
903                                 rr_type = RR_TYPE_NULL;
904                         }
905                         break;
906                 case NMB_REG:
907                 case NMB_REG_REFRESH:
908                         packet_type = "nmb_reg";
909                         nmb->header.nm_flags.recursion_desired = True;
910                         nmb->header.nm_flags.recursion_available = True;
911                         break;
912                 case NMB_REL:
913                         packet_type = "nmb_rel";
914                         nmb->header.nm_flags.recursion_desired = False;
915                         nmb->header.nm_flags.recursion_available = False;
916                         break;
917                 case NMB_WAIT_ACK:
918                         packet_type = "nmb_wack";
919                         nmb->header.nm_flags.recursion_desired = False;
920                         nmb->header.nm_flags.recursion_available = False;
921                         rr_type = RR_TYPE_NULL;
922                         break;
923                 case WINS_REG:
924                         packet_type = "wins_reg";
925                         nmb->header.nm_flags.recursion_desired = True;
926                         nmb->header.nm_flags.recursion_available = True;
927                         break;
928                 case WINS_QUERY:
929                         packet_type = "wins_query";
930                         nmb->header.nm_flags.recursion_desired = True;
931                         nmb->header.nm_flags.recursion_available = True;
932                         if (rcode) {
933                                 rr_type = RR_TYPE_NULL;
934                         }
935                         break;
936                 default:
937                         DEBUG(0,("reply_netbios_packet: Unknown packet type: %s %s to ip %s\n",
938                                 packet_type, nmb_namestr(&orig_nmb->question.question_name),
939                                 inet_ntoa(packet.ip)));
940                         return;
941         }
942
943         DEBUG(4,("reply_netbios_packet: sending a reply of packet type: %s %s to ip %s \
944 for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
945                         inet_ntoa(packet.ip), orig_nmb->header.name_trn_id));
946
947         nmb->header.name_trn_id = orig_nmb->header.name_trn_id;
948         nmb->header.opcode = opcode;
949         nmb->header.response = True;
950         nmb->header.nm_flags.bcast = False;
951         nmb->header.nm_flags.trunc = False;
952         nmb->header.nm_flags.authoritative = True;
953
954         nmb->header.rcode = rcode;
955         nmb->header.qdcount = 0;
956         nmb->header.ancount = 1;
957         nmb->header.nscount = 0;
958         nmb->header.arcount = 0;
959
960         memset((char*)&nmb->question,'\0',sizeof(nmb->question));
961
962         nmb->answers = &answers;
963         memset((char*)nmb->answers,'\0',sizeof(*nmb->answers));
964
965         nmb->answers->rr_name  = orig_nmb->question.question_name;
966         nmb->answers->rr_type  = rr_type;
967         nmb->answers->rr_class = RR_CLASS_IN;
968         nmb->answers->ttl      = ttl;
969
970         if (data && len) {
971                 if (len < 0 || len > sizeof(nmb->answers->rdata)) {
972                         DEBUG(5,("reply_netbios_packet: "
973                                 "invalid packet len (%d)\n",
974                                 len ));
975                         return;
976                 }
977                 nmb->answers->rdlength = len;
978                 memcpy(nmb->answers->rdata, data, len);
979         }
980
981         packet.packet_type = NMB_PACKET;
982         /* Ensure we send out on the same fd that the original
983                 packet came in on to give the correct source IP address. */
984         packet.fd = orig_packet->fd;
985         packet.timestamp = time(NULL);
986
987         debug_nmb_packet(&packet);
988
989         if(loopback_this_packet) {
990                 struct packet_struct *lo_packet;
991                 DEBUG(5,("reply_netbios_packet: sending packet to ourselves.\n"));
992                 if((lo_packet = copy_packet(&packet)) == NULL)
993                         return;
994                 queue_packet(lo_packet);
995         } else if (!send_packet(&packet)) {
996                 DEBUG(0,("reply_netbios_packet: send_packet to IP %s port %d failed\n",
997                         inet_ntoa(packet.ip),packet.port));
998         }
999 }
1000
1001 /*******************************************************************
1002   Queue a packet into a packet queue
1003 ******************************************************************/
1004
1005 void queue_packet(struct packet_struct *packet)
1006 {
1007         struct packet_struct *p;
1008
1009         if (!packet_queue) {
1010                 packet->prev = NULL;
1011                 packet->next = NULL;
1012                 packet_queue = packet;
1013                 return;
1014         }
1015
1016         /* find the bottom */
1017         for (p=packet_queue;p->next;p=p->next)
1018                 ;
1019
1020         p->next = packet;
1021         packet->next = NULL;
1022         packet->prev = p;
1023 }
1024
1025 /****************************************************************************
1026  Try and find a matching subnet record for a datagram port 138 packet.
1027 ****************************************************************************/
1028
1029 static struct subnet_record *find_subnet_for_dgram_browse_packet(struct packet_struct *p)
1030 {
1031         struct subnet_record *subrec;
1032
1033         /* Go through all the broadcast subnets and see if the mask matches. */
1034         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1035                 if(same_net_v4(p->ip, subrec->bcast_ip, subrec->mask_ip))
1036                         return subrec;
1037         }
1038
1039         /* If the subnet record is the remote announce broadcast subnet,
1040                 hack it here to be the first subnet. This is really gross and
1041                 is needed due to people turning on port 137/138 broadcast
1042                 forwarding on their routers. May fire and brimstone rain
1043                 down upon them...
1044         */
1045
1046         return FIRST_SUBNET;
1047 }
1048
1049 /****************************************************************************
1050 Dispatch a browse frame from port 138 to the correct processing function.
1051 ****************************************************************************/
1052
1053 static void process_browse_packet(struct packet_struct *p, char *buf,int len)
1054 {
1055         struct dgram_packet *dgram = &p->packet.dgram;
1056         int command = CVAL(buf,0);
1057         struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1058         char scope[64];
1059         unstring src_name;
1060
1061         /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1062         pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1063         if (!strequal(scope, global_scope())) {
1064                 DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Scope (%s) \
1065 mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1066                 return;
1067         }
1068
1069         pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1070         if (is_myname(src_name)) {
1071                 DEBUG(0,("process_browse_packet: Discarding datagram from IP %s. Source name \
1072 %s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1073                 return;
1074         }
1075
1076         switch (command) {
1077                 case ANN_HostAnnouncement:
1078                         debug_browse_data(buf, len);
1079                         process_host_announce(subrec, p, buf+1);
1080                         break;
1081                 case ANN_DomainAnnouncement:
1082                         debug_browse_data(buf, len);
1083                         process_workgroup_announce(subrec, p, buf+1);
1084                         break;
1085                 case ANN_LocalMasterAnnouncement:
1086                         debug_browse_data(buf, len);
1087                         process_local_master_announce(subrec, p, buf+1);
1088                         break;
1089                 case ANN_AnnouncementRequest:
1090                         debug_browse_data(buf, len);
1091                         process_announce_request(subrec, p, buf+1);
1092                         break;
1093                 case ANN_Election:
1094                         debug_browse_data(buf, len);
1095                         process_election(subrec, p, buf+1);
1096                         break;
1097                 case ANN_GetBackupListReq:
1098                         debug_browse_data(buf, len);
1099                         process_get_backup_list_request(subrec, p, buf+1);
1100                         break;
1101                 case ANN_GetBackupListResp:
1102                         debug_browse_data(buf, len);
1103                         /* We never send ANN_GetBackupListReq so we should never get these. */
1104                         DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
1105 packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
1106                         break;
1107                 case ANN_ResetBrowserState:
1108                         debug_browse_data(buf, len);
1109                         process_reset_browser(subrec, p, buf+1);
1110                         break;
1111                 case ANN_MasterAnnouncement:
1112                         /* Master browser datagrams must be processed on the unicast subnet. */
1113                         subrec = unicast_subnet;
1114
1115                         debug_browse_data(buf, len);
1116                         process_master_browser_announce(subrec, p, buf+1);
1117                         break;
1118                 case ANN_BecomeBackup:
1119                         /*
1120                          * We don't currently implement this. Log it just in case.
1121                          */
1122                         debug_browse_data(buf, len);
1123                         DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
1124 command ANN_BecomeBackup from %s IP %s to %s\n", subrec->subnet_name, nmb_namestr(&dgram->source_name),
1125                                         inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1126                         break;
1127                 default:
1128                         debug_browse_data(buf, len);
1129                         DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
1130 command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1131                                 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1132                         break;
1133         }
1134 }
1135
1136 /****************************************************************************
1137  Dispatch a LanMan browse frame from port 138 to the correct processing function.
1138 ****************************************************************************/
1139
1140 static void process_lanman_packet(struct packet_struct *p, char *buf,int len)
1141 {
1142         struct dgram_packet *dgram = &p->packet.dgram;
1143         int command = SVAL(buf,0);
1144         struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1145         char scope[64];
1146         unstring src_name;
1147
1148         /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1149
1150         pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1151         if (!strequal(scope, global_scope())) {
1152                 DEBUG(7,("process_lanman_packet: Discarding datagram from IP %s. Scope (%s) \
1153 mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1154                 return;
1155         }
1156
1157         pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1158         if (is_myname(src_name)) {
1159                 DEBUG(0,("process_lanman_packet: Discarding datagram from IP %s. Source name \
1160 %s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1161                 return;
1162         }
1163
1164         switch (command) {
1165                 case ANN_HostAnnouncement:
1166                         debug_browse_data(buf, len);
1167                         process_lm_host_announce(subrec, p, buf+1, len > 1 ? len-1 : 0);
1168                         break;
1169                 case ANN_AnnouncementRequest:
1170                         process_lm_announce_request(subrec, p, buf+1, len > 1 ? len-1 : 0);
1171                         break;
1172                 default:
1173                         DEBUG(0,("process_lanman_packet: On subnet %s ignoring browse packet \
1174 command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1175                                 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1176                         break;
1177         }
1178 }
1179
1180 /****************************************************************************
1181   Determine if a packet is for us on port 138. Note that to have any chance of
1182   being efficient we need to drop as many packets as possible at this
1183   stage as subsequent processing is expensive. 
1184 ****************************************************************************/
1185
1186 static bool listening(struct packet_struct *p,struct nmb_name *nbname)
1187 {
1188         struct subnet_record *subrec = NULL;
1189
1190         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1191                 if(same_net_v4(p->ip, subrec->bcast_ip, subrec->mask_ip))
1192                         break;
1193         }
1194
1195         if(subrec == NULL)
1196                 subrec = unicast_subnet;
1197
1198         return (find_name_on_subnet(subrec, nbname, FIND_SELF_NAME) != NULL);
1199 }
1200
1201 /****************************************************************************
1202   Process udp 138 datagrams
1203 ****************************************************************************/
1204
1205 static void process_dgram(struct packet_struct *p)
1206 {
1207         char *buf;
1208         char *buf2;
1209         int len;
1210         struct dgram_packet *dgram = &p->packet.dgram;
1211
1212         /* If we aren't listening to the destination name then ignore the packet */
1213         if (!listening(p,&dgram->dest_name)) {
1214                         unexpected_packet(p);
1215                         DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from %s\n",
1216                                 nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip)));
1217                         return;
1218         }
1219
1220         if (dgram->header.msg_type != 0x10 && dgram->header.msg_type != 0x11 && dgram->header.msg_type != 0x12) {
1221                 unexpected_packet(p);
1222                 /* Don't process error packets etc yet */
1223                 DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from IP %s as it is \
1224 an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), dgram->header.msg_type));
1225                 return;
1226         }
1227
1228         /* Ensure we have a large enough packet before looking inside. */
1229         if (dgram->datasize < (smb_vwv12 - 2)) {
1230                 /* That's the offset minus the 4 byte length + 2 bytes of offset. */
1231                 DEBUG(0,("process_dgram: ignoring too short dgram packet (%u) sent to name %s from IP %s\n",
1232                         (unsigned int)dgram->datasize,
1233                         nmb_namestr(&dgram->dest_name),
1234                         inet_ntoa(p->ip) ));
1235                 return;
1236         }
1237
1238         buf = &dgram->data[0];
1239         buf -= 4; /* XXXX for the pseudo tcp length - someday I need to get rid of this */
1240
1241         if (CVAL(buf,smb_com) != SMBtrans)
1242                 return;
1243
1244         len = SVAL(buf,smb_vwv11);
1245         buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
1246
1247         if (len <= 0 || len > dgram->datasize) {
1248                 DEBUG(0,("process_dgram: ignoring malformed1 (datasize = %d, len = %d) datagram \
1249 packet sent to name %s from IP %s\n",
1250                         dgram->datasize,
1251                         len,
1252                         nmb_namestr(&dgram->dest_name),
1253                         inet_ntoa(p->ip) ));
1254                 return;
1255         }
1256
1257         if (buf2 < dgram->data || (buf2 >= dgram->data + dgram->datasize)) {
1258                 DEBUG(0,("process_dgram: ignoring malformed2 (datasize = %d, len=%d, off=%d) datagram \
1259 packet sent to name %s from IP %s\n",
1260                         dgram->datasize,
1261                         len,
1262                         (int)PTR_DIFF(buf2, dgram->data),
1263                         nmb_namestr(&dgram->dest_name),
1264                         inet_ntoa(p->ip) ));
1265                 return;
1266         }
1267
1268         if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) {
1269                 DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \
1270 packet sent to name %s from IP %s\n",
1271                         dgram->datasize,
1272                         len,
1273                         (int)PTR_DIFF(buf2, dgram->data),
1274                         nmb_namestr(&dgram->dest_name),
1275                         inet_ntoa(p->ip) ));
1276                 return;
1277         }
1278
1279         DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
1280                 nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
1281                 inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
1282
1283         /* Datagram packet received for the browser mailslot */
1284         if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) {
1285                 process_browse_packet(p,buf2,len);
1286                 return;
1287         }
1288
1289         /* Datagram packet received for the LAN Manager mailslot */
1290         if (strequal(smb_buf(buf),LANMAN_MAILSLOT)) {
1291                 process_lanman_packet(p,buf2,len);
1292                 return;
1293         }
1294
1295         /* Datagram packet received for the domain logon mailslot */
1296         if (strequal(smb_buf(buf),NET_LOGON_MAILSLOT)) {
1297                 process_logon_packet(p,buf2,len,NET_LOGON_MAILSLOT);
1298                 return;
1299         }
1300
1301         /* Datagram packet received for the NT domain logon mailslot */
1302         if (strequal(smb_buf(buf),NT_LOGON_MAILSLOT)) {
1303                 process_logon_packet(p,buf2,len,NT_LOGON_MAILSLOT);
1304                 return;
1305         }
1306
1307         unexpected_packet(p);
1308 }
1309
1310 /****************************************************************************
1311   Validate a response nmb packet.
1312 ****************************************************************************/
1313
1314 static bool validate_nmb_response_packet( struct nmb_packet *nmb )
1315 {
1316         bool ignore = False;
1317
1318         switch (nmb->header.opcode) {
1319                 case NMB_NAME_REG_OPCODE:
1320                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1321                 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1322                         if (nmb->header.ancount == 0) {
1323                                 DEBUG(0,("validate_nmb_response_packet: Bad REG/REFRESH Packet. "));
1324                                 ignore = True;
1325                         }
1326                         break;
1327
1328                 case NMB_NAME_QUERY_OPCODE:
1329                         if ((nmb->header.ancount != 0) && (nmb->header.ancount != 1)) {
1330                                 DEBUG(0,("validate_nmb_response_packet: Bad QUERY Packet. "));
1331                                 ignore = True;
1332                         }
1333                         break;
1334
1335                 case NMB_NAME_RELEASE_OPCODE:
1336                         if (nmb->header.ancount == 0) {
1337                                 DEBUG(0,("validate_nmb_response_packet: Bad RELEASE Packet. "));
1338                                 ignore = True;
1339                         }
1340                         break;
1341
1342                 case NMB_WACK_OPCODE:
1343                         /* Check WACK response here. */
1344                         if (nmb->header.ancount != 1) {
1345                                 DEBUG(0,("validate_nmb_response_packet: Bad WACK Packet. "));
1346                                 ignore = True;
1347                         }
1348                         break;
1349                 default:
1350                         DEBUG(0,("validate_nmb_response_packet: Ignoring packet with unknown opcode %d.\n",
1351                                         nmb->header.opcode));
1352                         return True;
1353         }
1354
1355         if(ignore)
1356                 DEBUG(0,("Ignoring response packet with opcode %d.\n", nmb->header.opcode));
1357
1358         return ignore;
1359 }
1360
1361 /****************************************************************************
1362   Validate a request nmb packet.
1363 ****************************************************************************/
1364
1365 static bool validate_nmb_packet( struct nmb_packet *nmb )
1366 {
1367         bool ignore = False;
1368
1369         switch (nmb->header.opcode) {
1370                 case NMB_NAME_REG_OPCODE:
1371                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1372                 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1373                 case NMB_NAME_MULTIHOMED_REG_OPCODE:
1374                         if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1375                                 DEBUG(0,("validate_nmb_packet: Bad REG/REFRESH Packet. "));
1376                                 ignore = True;
1377                         }
1378                         break;
1379
1380                 case NMB_NAME_QUERY_OPCODE:
1381                         if ((nmb->header.qdcount == 0) || ((nmb->question.question_type != QUESTION_TYPE_NB_QUERY) &&
1382                                         (nmb->question.question_type != QUESTION_TYPE_NB_STATUS))) {
1383                                 DEBUG(0,("validate_nmb_packet: Bad QUERY Packet. "));
1384                                 ignore = True;
1385                         }
1386                         break;
1387
1388                 case NMB_NAME_RELEASE_OPCODE:
1389                         if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1390                                 DEBUG(0,("validate_nmb_packet: Bad RELEASE Packet. "));
1391                                 ignore = True;
1392                         }
1393                         break;
1394                 default:
1395                         DEBUG(0,("validate_nmb_packet: Ignoring packet with unknown opcode %d.\n",
1396                                 nmb->header.opcode));
1397                         return True;
1398         }
1399
1400         if(ignore)
1401                 DEBUG(0,("validate_nmb_packet: Ignoring request packet with opcode %d.\n", nmb->header.opcode));
1402
1403         return ignore;
1404 }
1405
1406 /****************************************************************************
1407   Find a subnet (and potentially a response record) for a packet.
1408 ****************************************************************************/
1409
1410 static struct subnet_record *find_subnet_for_nmb_packet( struct packet_struct *p,
1411                                                          struct response_record **pprrec)
1412 {
1413         struct nmb_packet *nmb = &p->packet.nmb;
1414         struct response_record *rrec = NULL;
1415         struct subnet_record *subrec = NULL;
1416
1417         if(pprrec != NULL)
1418                 *pprrec = NULL;
1419
1420         if(nmb->header.response) {
1421                 /* It's a response packet. Find a record for it or it's an error. */
1422
1423                 rrec = find_response_record( &subrec, nmb->header.name_trn_id);
1424                 if(rrec == NULL) {
1425                         DEBUG(3,("find_subnet_for_nmb_packet: response record not found for response id %hu\n",
1426                                 nmb->header.name_trn_id));
1427                         unexpected_packet(p);
1428                         return NULL;
1429                 }
1430
1431                 if(subrec == NULL) {
1432                         DEBUG(0,("find_subnet_for_nmb_packet: subnet record not found for response id %hu\n",
1433                                 nmb->header.name_trn_id));
1434                         return NULL;
1435                 }
1436
1437                 if(pprrec != NULL)
1438                         *pprrec = rrec;
1439                 return subrec;
1440         }
1441
1442         /* Try and see what subnet this packet belongs to. */
1443
1444         /* WINS server ? */
1445         if(packet_is_for_wins_server(p))
1446                 return wins_server_subnet;
1447
1448         /* If it wasn't a broadcast packet then send to the UNICAST subnet. */
1449         if(nmb->header.nm_flags.bcast == False)
1450                 return unicast_subnet;
1451
1452         /* Go through all the broadcast subnets and see if the mask matches. */
1453         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1454                 if(same_net_v4(p->ip, subrec->bcast_ip, subrec->mask_ip))
1455                         return subrec;
1456         }
1457
1458         /* If none match it must have been a directed broadcast - assign the remote_broadcast_subnet. */
1459         return remote_broadcast_subnet;
1460 }
1461
1462 /****************************************************************************
1463   Process a nmb request packet - validate the packet and route it.
1464 ****************************************************************************/
1465
1466 static void process_nmb_request(struct packet_struct *p)
1467 {
1468         struct nmb_packet *nmb = &p->packet.nmb;
1469         struct subnet_record *subrec = NULL;
1470
1471         debug_nmb_packet(p);
1472
1473         /* Ensure we have a good packet. */
1474         if(validate_nmb_packet(nmb))
1475                 return;
1476
1477         /* Allocate a subnet to this packet - if we cannot - fail. */
1478         if((subrec = find_subnet_for_nmb_packet(p, NULL))==NULL)
1479                 return;
1480
1481         switch (nmb->header.opcode) {
1482                 case NMB_NAME_REG_OPCODE:
1483                         if(subrec == wins_server_subnet)
1484                                 wins_process_name_registration_request(subrec, p);
1485                         else
1486                                 process_name_registration_request(subrec, p);
1487                         break;
1488
1489                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1490                 case NMB_NAME_REFRESH_OPCODE_9:
1491                         if(subrec == wins_server_subnet)
1492                                 wins_process_name_refresh_request(subrec, p);
1493                         else
1494                                 process_name_refresh_request(subrec, p);
1495                         break;
1496
1497                 case NMB_NAME_MULTIHOMED_REG_OPCODE:
1498                         if(subrec == wins_server_subnet) {
1499                                 wins_process_multihomed_name_registration_request(subrec, p);
1500                         } else {
1501                                 DEBUG(0,("process_nmb_request: Multihomed registration request must be \
1502 directed at a WINS server.\n"));
1503                         }
1504                         break;
1505
1506                 case NMB_NAME_QUERY_OPCODE:
1507                         switch (nmb->question.question_type) {
1508                                 case QUESTION_TYPE_NB_QUERY:
1509                                         if(subrec == wins_server_subnet)
1510                                                 wins_process_name_query_request(subrec, p);
1511                                         else
1512                                                 process_name_query_request(subrec, p);
1513                                         break;
1514                                 case QUESTION_TYPE_NB_STATUS:
1515                                         if(subrec == wins_server_subnet) {
1516                                                 DEBUG(0,("process_nmb_request: NB_STATUS request directed at WINS server is \
1517 not allowed.\n"));
1518                                                 break;
1519                                         } else {
1520                                                 process_node_status_request(subrec, p);
1521                                         }
1522                                         break;
1523                         }
1524                         break;
1525
1526                 case NMB_NAME_RELEASE_OPCODE:
1527                         if(subrec == wins_server_subnet)
1528                                 wins_process_name_release_request(subrec, p);
1529                         else
1530                                 process_name_release_request(subrec, p);
1531                         break;
1532         }
1533 }
1534
1535 /****************************************************************************
1536   Process a nmb response packet - validate the packet and route it.
1537   to either the WINS server or a normal response.
1538 ****************************************************************************/
1539
1540 static void process_nmb_response(struct packet_struct *p)
1541 {
1542         struct nmb_packet *nmb = &p->packet.nmb;
1543         struct subnet_record *subrec = NULL;
1544         struct response_record *rrec = NULL;
1545
1546         debug_nmb_packet(p);
1547
1548         if(validate_nmb_response_packet(nmb))
1549                 return;
1550
1551         if((subrec = find_subnet_for_nmb_packet(p, &rrec))==NULL)
1552                 return;
1553
1554         if(rrec == NULL) {
1555                 DEBUG(0,("process_nmb_response: response packet received but no response record \
1556 found for id = %hu. Ignoring packet.\n", nmb->header.name_trn_id));
1557                 return;
1558         }
1559
1560         /* Increment the number of responses received for this record. */
1561         rrec->num_msgs++;
1562         /* Ensure we don't re-send the request. */
1563         rrec->repeat_count = 0;
1564
1565         /* Call the response received function for this packet. */
1566         (*rrec->resp_fn)(subrec, rrec, p);
1567 }
1568
1569 /*******************************************************************
1570   Run elements off the packet queue till its empty
1571 ******************************************************************/
1572
1573 void run_packet_queue(void)
1574 {
1575         struct packet_struct *p;
1576
1577         while ((p = packet_queue)) {
1578                 packet_queue = p->next;
1579                 if (packet_queue)
1580                         packet_queue->prev = NULL;
1581                 p->next = p->prev = NULL;
1582
1583                 switch (p->packet_type) {
1584                         case NMB_PACKET:
1585                                 if(p->packet.nmb.header.response)
1586                                         process_nmb_response(p);
1587                                 else
1588                                         process_nmb_request(p);
1589                                 break;
1590
1591                         case DGRAM_PACKET:
1592                                 process_dgram(p);
1593                                 break;
1594                 }
1595                 free_packet(p);
1596         }
1597 }
1598
1599 /*******************************************************************
1600  Retransmit or timeout elements from all the outgoing subnet response
1601  record queues. NOTE that this code must also check the WINS server
1602  subnet for response records to timeout as the WINS server code
1603  can send requests to check if a client still owns a name.
1604  (Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>).
1605 ******************************************************************/
1606
1607 void retransmit_or_expire_response_records(time_t t)
1608 {
1609         struct subnet_record *subrec;
1610
1611         for (subrec = FIRST_SUBNET; subrec; subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec)) {
1612                 struct response_record *rrec, *nextrrec;
1613
1614   restart:
1615
1616                 for (rrec = subrec->responselist; rrec; rrec = nextrrec) {
1617                         nextrrec = rrec->next;
1618
1619                         if (rrec->repeat_time <= t) {
1620                                 if (rrec->repeat_count > 0) {
1621                                         /* Resend while we have a non-zero repeat_count. */
1622                                         if(!send_packet(rrec->packet)) {
1623                                                 DEBUG(0,("retransmit_or_expire_response_records: Failed to resend packet id %hu \
1624 to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1625                                         }
1626                                         rrec->repeat_time = t + rrec->repeat_interval;
1627                                         rrec->repeat_count--;
1628                                 } else {
1629                                         DEBUG(4,("retransmit_or_expire_response_records: timeout for packet id %hu to IP %s \
1630 on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1631
1632                                         /*
1633                                          * Check the flag in this record to prevent recursion if we end
1634                                          * up in this function again via the timeout function call.
1635                                          */
1636
1637                                         if(!rrec->in_expiration_processing) {
1638
1639                                                 /*
1640                                                  * Set the recursion protection flag in this record.
1641                                                  */
1642
1643                                                 rrec->in_expiration_processing = True;
1644
1645                                                 /* Call the timeout function. This will deal with removing the
1646                                                                 timed out packet. */
1647                                                 if(rrec->timeout_fn) {
1648                                                         (*rrec->timeout_fn)(subrec, rrec);
1649                                                 } else {
1650                                                         /* We must remove the record ourself if there is
1651                                                                         no timeout function. */
1652                                                         remove_response_record(subrec, rrec);
1653                                                 }
1654                                                 /* We have changed subrec->responselist,
1655                                                  * restart from the beginning of this list. */
1656                                                 goto restart;
1657                                         } /* !rrec->in_expitation_processing */
1658                                 } /* rrec->repeat_count > 0 */
1659                         } /* rrec->repeat_time <= t */
1660                 } /* end for rrec */
1661         } /* end for subnet */
1662 }
1663
1664 /****************************************************************************
1665   Create an fd_set containing all the sockets in the subnet structures,
1666   plus the broadcast sockets.
1667 ***************************************************************************/
1668
1669 static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_number, int *maxfd)
1670 {
1671         int *sock_array = NULL;
1672         struct subnet_record *subrec = NULL;
1673         int count = 0;
1674         int num = 0;
1675         fd_set *pset = SMB_MALLOC_P(fd_set);
1676
1677         if(pset == NULL) {
1678                 DEBUG(0,("create_listen_fdset: malloc fail !\n"));
1679                 return True;
1680         }
1681
1682         /* Check that we can add all the fd's we need. */
1683         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
1684                 count++;
1685
1686         if((count*2) + 2 > FD_SETSIZE) {
1687                 DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
1688 only use %d.\n", (count*2) + 2, FD_SETSIZE));
1689                 SAFE_FREE(pset);
1690                 return True;
1691         }
1692
1693         if((sock_array = SMB_MALLOC_ARRAY(int, (count*2) + 2)) == NULL) {
1694                 DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
1695                 SAFE_FREE(pset);
1696                 return True;
1697         }
1698
1699         FD_ZERO(pset);
1700
1701         /* Add in the broadcast socket on 137. */
1702         FD_SET(ClientNMB,pset);
1703         sock_array[num++] = ClientNMB;
1704         *maxfd = MAX( *maxfd, ClientNMB);
1705
1706         /* Add in the 137 sockets on all the interfaces. */
1707         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1708                 FD_SET(subrec->nmb_sock,pset);
1709                 sock_array[num++] = subrec->nmb_sock;
1710                 *maxfd = MAX( *maxfd, subrec->nmb_sock);
1711         }
1712
1713         /* Add in the broadcast socket on 138. */
1714         FD_SET(ClientDGRAM,pset);
1715         sock_array[num++] = ClientDGRAM;
1716         *maxfd = MAX( *maxfd, ClientDGRAM);
1717
1718         /* Add in the 138 sockets on all the interfaces. */
1719         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1720                 FD_SET(subrec->dgram_sock,pset);
1721                 sock_array[num++] = subrec->dgram_sock;
1722                 *maxfd = MAX( *maxfd, subrec->dgram_sock);
1723         }
1724
1725         *listen_number = (count*2) + 2;
1726
1727         SAFE_FREE(*ppset);
1728         SAFE_FREE(*psock_array);
1729
1730         *ppset = pset;
1731         *psock_array = sock_array;
1732
1733         return False;
1734 }
1735
1736 /****************************************************************************
1737   Listens for NMB or DGRAM packets, and queues them.
1738   return True if the socket is dead
1739 ***************************************************************************/
1740
1741 bool listen_for_packets(bool run_election)
1742 {
1743         static fd_set *listen_set = NULL;
1744         static int listen_number = 0;
1745         static int *sock_array = NULL;
1746         int i;
1747         static int maxfd = 0;
1748
1749         fd_set r_fds;
1750         fd_set w_fds;
1751         int selrtn;
1752         struct timeval timeout;
1753 #ifndef SYNC_DNS
1754         int dns_fd;
1755 #endif
1756
1757         if(listen_set == NULL || rescan_listen_set) {
1758                 if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) {
1759                         DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n"));
1760                         return True;
1761                 }
1762                 rescan_listen_set = False;
1763         }
1764
1765         memcpy((char *)&r_fds, (char *)listen_set, sizeof(fd_set));
1766         FD_ZERO(&w_fds);
1767
1768 #ifndef SYNC_DNS
1769         dns_fd = asyncdns_fd();
1770         if (dns_fd != -1) {
1771                 FD_SET(dns_fd, &r_fds);
1772                 maxfd = MAX( maxfd, dns_fd);
1773         }
1774 #endif
1775
1776         /* Process a signal and timer events now... */
1777         if (run_events(nmbd_event_context(), 0, NULL, NULL)) {
1778                 return False;
1779         }
1780
1781         /*
1782          * During elections and when expecting a netbios response packet we
1783          * need to send election packets at tighter intervals.
1784          * Ideally it needs to be the interval (in ms) between time now and
1785          * the time we are expecting the next netbios packet.
1786          */
1787
1788         timeout.tv_sec = (run_election||num_response_packets) ? 1 : NMBD_SELECT_LOOP;
1789         timeout.tv_usec = 0;
1790
1791         {
1792                 struct timeval now = timeval_current();
1793                 event_add_to_select_args(nmbd_event_context(), &now,
1794                                          &r_fds, &w_fds, &timeout, &maxfd);
1795         }
1796
1797         selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&timeout);
1798
1799         if (run_events(nmbd_event_context(), selrtn, &r_fds, &w_fds)) {
1800                 return False;
1801         }
1802
1803         if (selrtn == -1) {
1804                 return False;
1805         }
1806
1807 #ifndef SYNC_DNS
1808         if (dns_fd != -1 && FD_ISSET(dns_fd,&r_fds)) {
1809                 run_dns_queue();
1810         }
1811 #endif
1812
1813         for(i = 0; i < listen_number; i++) {
1814                 if (i < (listen_number/2)) {
1815                         /* Processing a 137 socket. */
1816                         if (FD_ISSET(sock_array[i],&r_fds)) {
1817                                 struct packet_struct *packet = read_packet(sock_array[i], NMB_PACKET);
1818                                 if (packet) {
1819                                         /*
1820                                          * If we got a packet on the broadcast socket and interfaces
1821                                          * only is set then check it came from one of our local nets. 
1822                                          */
1823                                         if(lp_bind_interfaces_only() && (sock_array[i] == ClientNMB) && 
1824                                                                 (!is_local_net_v4(packet->ip))) {
1825                                                 DEBUG(7,("discarding nmb packet sent to broadcast socket from %s:%d\n",
1826                                                         inet_ntoa(packet->ip),packet->port));     
1827                                                 free_packet(packet);
1828                                         } else if ((is_loopback_ip_v4(packet->ip) || 
1829                                                                 ismyip_v4(packet->ip)) && packet->port == global_nmb_port &&
1830                                                                 packet->packet.nmb.header.nm_flags.bcast) {
1831                                                 DEBUG(7,("discarding own bcast packet from %s:%d\n",
1832                                                         inet_ntoa(packet->ip),packet->port));     
1833                                                 free_packet(packet);
1834                                         } else {
1835                                                 /* Save the file descriptor this packet came in on. */
1836                                                 packet->fd = sock_array[i];
1837                                                 queue_packet(packet);
1838                                         }
1839                                 }
1840                         }
1841                 } else {
1842                         /* Processing a 138 socket. */
1843                                 if (FD_ISSET(sock_array[i],&r_fds)) {
1844                                 struct packet_struct *packet = read_packet(sock_array[i], DGRAM_PACKET);
1845                                 if (packet) {
1846                                         /*
1847                                          * If we got a packet on the broadcast socket and interfaces
1848                                          * only is set then check it came from one of our local nets. 
1849                                          */
1850                                         if(lp_bind_interfaces_only() && (sock_array[i] == ClientDGRAM) && 
1851                                                                 (!is_local_net_v4(packet->ip))) {
1852                                                 DEBUG(7,("discarding dgram packet sent to broadcast socket from %s:%d\n",
1853                                                 inet_ntoa(packet->ip),packet->port));     
1854                                                 free_packet(packet);
1855                                         } else if ((is_loopback_ip_v4(packet->ip) || 
1856                                                         ismyip_v4(packet->ip)) && packet->port == DGRAM_PORT) {
1857                                                 DEBUG(7,("discarding own dgram packet from %s:%d\n",
1858                                                         inet_ntoa(packet->ip),packet->port));     
1859                                                 free_packet(packet);
1860                                         } else {
1861                                                 /* Save the file descriptor this packet came in on. */
1862                                                 packet->fd = sock_array[i];
1863                                                 queue_packet(packet);
1864                                         }
1865                                 }
1866                         }
1867                 } /* end processing 138 socket. */
1868         } /* end for */
1869         return False;
1870 }
1871
1872 /****************************************************************************
1873   Construct and send a netbios DGRAM.
1874 **************************************************************************/
1875
1876 bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len,
1877                    const char *srcname, int src_type,
1878                    const char *dstname, int dest_type,
1879                    struct in_addr dest_ip,struct in_addr src_ip,
1880                    int dest_port)
1881 {
1882         bool loopback_this_packet = False;
1883         struct packet_struct p;
1884         struct dgram_packet *dgram = &p.packet.dgram;
1885         char *ptr,*p2;
1886         char tmp[4];
1887
1888         memset((char *)&p,'\0',sizeof(p));
1889
1890         if(ismyip_v4(dest_ip) && (dest_port == DGRAM_PORT)) /* Only if to DGRAM_PORT */
1891                 loopback_this_packet = True;
1892
1893         /* generate_name_trn_id(); */ /* Not used, so gone, RJS */
1894
1895         /* DIRECT GROUP or UNIQUE datagram. */
1896         dgram->header.msg_type = unique ? 0x10 : 0x11;
1897         dgram->header.flags.node_type = M_NODE;
1898         dgram->header.flags.first = True;
1899         dgram->header.flags.more = False;
1900         dgram->header.dgm_id = generate_name_trn_id();
1901         dgram->header.source_ip = src_ip;
1902         dgram->header.source_port = DGRAM_PORT;
1903         dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
1904         dgram->header.packet_offset = 0;
1905
1906         make_nmb_name(&dgram->source_name,srcname,src_type);
1907         make_nmb_name(&dgram->dest_name,dstname,dest_type);
1908
1909         ptr = &dgram->data[0];
1910
1911         /* Setup the smb part. */
1912         ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
1913         memcpy(tmp,ptr,4);
1914
1915         if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
1916                 DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
1917                 return false;
1918         }
1919
1920         cli_set_message(ptr,17,strlen(mailslot) + 1 + len,True);
1921         memcpy(ptr,tmp,4);
1922
1923         SCVAL(ptr,smb_com,SMBtrans);
1924         SSVAL(ptr,smb_vwv1,len);
1925         SSVAL(ptr,smb_vwv11,len);
1926         SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
1927         SSVAL(ptr,smb_vwv13,3);
1928         SSVAL(ptr,smb_vwv14,1);
1929         SSVAL(ptr,smb_vwv15,1);
1930         SSVAL(ptr,smb_vwv16,2);
1931         p2 = smb_buf(ptr);
1932         safe_strcpy_base(p2, mailslot, dgram->data, sizeof(dgram->data));
1933         p2 = skip_string(ptr,MAX_DGRAM_SIZE,p2);
1934
1935         if (((p2+len) > dgram->data+sizeof(dgram->data)) || ((p2+len) < p2)) {
1936                 DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
1937                 return False;
1938         } else {
1939                 if (len) {
1940                         memcpy(p2,buf,len);
1941                 }
1942                 p2 += len;
1943         }
1944
1945         dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
1946
1947         p.ip = dest_ip;
1948         p.port = dest_port;
1949         p.fd = find_subnet_mailslot_fd_for_address( src_ip );
1950         p.timestamp = time(NULL);
1951         p.packet_type = DGRAM_PACKET;
1952
1953         DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot,
1954                         nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
1955         DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
1956
1957         debug_browse_data(buf, len);
1958
1959         if(loopback_this_packet) {
1960                 struct packet_struct *lo_packet = NULL;
1961                 DEBUG(5,("send_mailslot: sending packet to ourselves.\n"));
1962                 if((lo_packet = copy_packet(&p)) == NULL)
1963                         return False;
1964                 queue_packet(lo_packet);
1965                 return True;
1966         } else {
1967                 return(send_packet(&p));
1968         }
1969 }