Fix for CVE-2007-5398.
[tprouty/samba.git] / source / nmbd / nmbd_packets.c
1 /* 
2    Unix SMB/CIFS implementation.
3    NBT netbios routines and daemon - version 2
4    Copyright (C) Andrew Tridgell 1994-1998
5    Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6    Copyright (C) Jeremy Allison 1994-2003
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21    
22 */
23
24 #include "includes.h"
25
26 extern int ClientNMB;
27 extern int ClientDGRAM;
28 extern int global_nmb_port;
29
30 extern int num_response_packets;
31
32 extern struct in_addr loopback_ip;
33
34 static void queue_packet(struct packet_struct *packet);
35
36 BOOL rescan_listen_set = False;
37
38
39 /*******************************************************************
40   The global packet linked-list. Incoming entries are 
41   added to the end of this list. It is supposed to remain fairly 
42   short so we won't bother with an end pointer.
43 ******************************************************************/
44
45 static struct packet_struct *packet_queue = NULL;
46
47 /***************************************************************************
48 Utility function to find the specific fd to send a packet out on.
49 **************************************************************************/
50
51 static int find_subnet_fd_for_address( struct in_addr local_ip )
52 {
53         struct subnet_record *subrec;
54
55         for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
56                 if(ip_equal(local_ip, subrec->myip))
57                         return subrec->nmb_sock;
58
59         return ClientNMB;
60 }
61
62 /***************************************************************************
63 Utility function to find the specific fd to send a mailslot packet out on.
64 **************************************************************************/
65
66 static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip )
67 {
68         struct subnet_record *subrec;
69
70         for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
71                 if(ip_equal(local_ip, subrec->myip))
72                         return subrec->dgram_sock;
73
74         return ClientDGRAM;
75 }
76
77 /***************************************************************************
78 Get/Set problematic nb_flags as network byte order 16 bit int.
79 **************************************************************************/
80
81 uint16 get_nb_flags(char *buf)
82 {
83         return ((((uint16)*buf)&0xFFFF) & NB_FLGMSK);
84 }
85
86 void set_nb_flags(char *buf, uint16 nb_flags)
87 {
88         *buf++ = ((nb_flags & NB_FLGMSK) & 0xFF);
89         *buf = '\0';
90 }
91
92 /***************************************************************************
93 Dumps out the browse packet data.
94 **************************************************************************/
95
96 static void debug_browse_data(char *outbuf, int len)
97 {
98         int i,j;
99
100         DEBUG( 4, ( "debug_browse_data():\n" ) );
101         for (i = 0; i < len; i+= 16) {
102                 DEBUGADD( 4, ( "%3x char ", i ) );
103
104                 for (j = 0; j < 16; j++) {
105                         unsigned char x;
106                         if (i+j >= len)
107                                 break;
108
109                         x = outbuf[i+j];
110                         if (x < 32 || x > 127) 
111                                 x = '.';
112             
113                         DEBUGADD( 4, ( "%c", x ) );
114                 }
115
116                 DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
117
118                 for (j = 0; j < 16; j++) {
119                         if (i+j >= len) 
120                                 break;
121                         DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
122                 }
123
124                 DEBUGADD( 4, ("\n") );
125         }
126 }
127
128 /***************************************************************************
129   Generates the unique transaction identifier
130 **************************************************************************/
131
132 static uint16 name_trn_id=0;
133
134 static uint16 generate_name_trn_id(void)
135 {
136         if (!name_trn_id) {
137                 name_trn_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100);
138         }
139         name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
140         return name_trn_id;
141 }
142
143 /***************************************************************************
144  Either loops back or sends out a completed NetBIOS packet.
145 **************************************************************************/
146
147 static BOOL send_netbios_packet(struct packet_struct *p)
148 {
149         BOOL loopback_this_packet = False;
150
151         /* Check if we are sending to or from ourselves as a WINS server. */
152         if(ismyip(p->ip) && (p->port == global_nmb_port))
153                 loopback_this_packet = True;
154
155         if(loopback_this_packet) {
156                 struct packet_struct *lo_packet = NULL;
157                 DEBUG(5,("send_netbios_packet: sending packet to ourselves.\n"));
158                 if((lo_packet = copy_packet(p)) == NULL)
159                         return False;
160                 queue_packet(lo_packet);
161         } else if (!send_packet(p)) {
162                 DEBUG(0,("send_netbios_packet: send_packet() to IP %s port %d failed\n",
163                         inet_ntoa(p->ip),p->port));
164                 return False;
165         }
166   
167         return True;
168
169
170 /***************************************************************************
171  Sets up the common elements of an outgoing NetBIOS packet.
172
173  Note: do not attempt to rationalise whether rec_des should be set or not
174  in a particular situation. Just follow rfc_1002 or look at examples from WinXX.
175  It does NOT follow the rule that requests to the wins server always have
176  rec_des true. See for example name releases and refreshes
177 **************************************************************************/
178
179 static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmbname,
180                                                             BOOL bcast, BOOL rec_des,
181                                                             struct in_addr to_ip)
182 {
183         struct packet_struct *packet = NULL;
184         struct nmb_packet *nmb = NULL;
185
186         /* Allocate the packet_struct we will return. */
187         if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL) {
188                 DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
189                 return NULL;
190         }
191     
192         memset((char *)packet,'\0',sizeof(*packet));
193
194         nmb = &packet->packet.nmb;
195
196         nmb->header.name_trn_id = generate_name_trn_id();
197         nmb->header.response = False;
198         nmb->header.nm_flags.recursion_desired = rec_des;
199         nmb->header.nm_flags.recursion_available = False;
200         nmb->header.nm_flags.trunc = False;
201         nmb->header.nm_flags.authoritative = False;
202         nmb->header.nm_flags.bcast = bcast;
203   
204         nmb->header.rcode = 0;
205         nmb->header.qdcount = 1;
206         nmb->header.ancount = 0;
207         nmb->header.nscount = 0;
208
209         nmb->question.question_name = *nmbname;
210         nmb->question.question_type = QUESTION_TYPE_NB_QUERY;
211         nmb->question.question_class = QUESTION_CLASS_IN;
212
213         packet->ip = to_ip;
214         packet->port = NMB_PORT;
215         packet->fd = ClientNMB;
216         packet->timestamp = time(NULL);
217         packet->packet_type = NMB_PACKET;
218         packet->locked = False;
219   
220         return packet; /* Caller must free. */
221 }
222
223 /***************************************************************************
224  Sets up the common elements of register, refresh or release packet.
225 **************************************************************************/
226
227 static BOOL create_and_init_additional_record(struct packet_struct *packet,
228                                                      uint16 nb_flags,
229                                                      struct in_addr *register_ip)
230 {
231         struct nmb_packet *nmb = &packet->packet.nmb;
232
233         if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {
234                 DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
235                 return False;
236         }
237
238         memset((char *)nmb->additional,'\0',sizeof(struct res_rec));
239
240         nmb->additional->rr_name  = nmb->question.question_name;
241         nmb->additional->rr_type  = RR_TYPE_NB;
242         nmb->additional->rr_class = RR_CLASS_IN;
243         
244         /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
245         if (nmb->header.nm_flags.bcast)
246                 nmb->additional->ttl = PERMANENT_TTL;
247         else
248                 nmb->additional->ttl = lp_max_ttl();
249         
250         nmb->additional->rdlength = 6;
251         
252         set_nb_flags(nmb->additional->rdata,nb_flags);
253         
254         /* Set the address for the name we are registering. */
255         putip(&nmb->additional->rdata[2], register_ip);
256         
257         /* 
258            it turns out that Jeremys code was correct, we are supposed
259            to send registrations from the IP we are registering. The
260            trick is what to do on timeouts! When we send on a
261            non-routable IP then the reply will timeout, and we should
262            treat this as success, not failure. That means we go into
263            our standard refresh cycle for that name which copes nicely
264            with disconnected networks.
265         */
266         packet->fd = find_subnet_fd_for_address(*register_ip);
267
268         return True;
269 }
270
271 /***************************************************************************
272  Sends out a name query.
273 **************************************************************************/
274
275 static BOOL initiate_name_query_packet( struct packet_struct *packet)
276 {
277         struct nmb_packet *nmb = NULL;
278
279         nmb = &packet->packet.nmb;
280
281         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
282         nmb->header.arcount = 0;
283
284         nmb->header.nm_flags.recursion_desired = True;
285
286         DEBUG(4,("initiate_name_query_packet: sending query for name %s (bcast=%s) to IP %s\n",
287                 nmb_namestr(&nmb->question.question_name), 
288                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
289
290         return send_netbios_packet( packet );
291 }
292
293 /***************************************************************************
294  Sends out a name query - from a WINS server. 
295 **************************************************************************/
296
297 static BOOL initiate_name_query_packet_from_wins_server( struct packet_struct *packet)
298 {   
299         struct nmb_packet *nmb = NULL;
300   
301         nmb = &packet->packet.nmb;
302
303         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
304         nmb->header.arcount = 0;
305     
306         nmb->header.nm_flags.recursion_desired = False;
307   
308         DEBUG(4,("initiate_name_query_packet_from_wins_server: sending query for name %s (bcast=%s) to IP %s\n",
309                 nmb_namestr(&nmb->question.question_name),
310                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
311     
312         return send_netbios_packet( packet );
313
314
315 /***************************************************************************
316  Sends out a name register.
317 **************************************************************************/
318
319 static BOOL initiate_name_register_packet( struct packet_struct *packet,
320                                     uint16 nb_flags, struct in_addr *register_ip)
321 {
322         struct nmb_packet *nmb = &packet->packet.nmb;
323
324         nmb->header.opcode = NMB_NAME_REG_OPCODE;
325         nmb->header.arcount = 1;
326
327         nmb->header.nm_flags.recursion_desired = True;
328
329         if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
330                 return False;
331
332         DEBUG(4,("initiate_name_register_packet: sending registration for name %s (bcast=%s) to IP %s\n",
333                 nmb_namestr(&nmb->additional->rr_name),
334                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
335
336         return send_netbios_packet( packet );
337 }
338
339 /***************************************************************************
340  Sends out a multihomed name register.
341 **************************************************************************/
342
343 static BOOL initiate_multihomed_name_register_packet(struct packet_struct *packet,
344                                                      uint16 nb_flags, struct in_addr *register_ip)
345 {
346         struct nmb_packet *nmb = &packet->packet.nmb;
347         fstring second_ip_buf;
348
349         fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
350
351         nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
352         nmb->header.arcount = 1;
353
354         nmb->header.nm_flags.recursion_desired = True;
355         
356         if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
357                 return False;
358         
359         DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \
360 for name %s IP %s (bcast=%s) to IP %s\n",
361                  nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip),
362                  BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf ));
363
364         return send_netbios_packet( packet );
365
366
367 /***************************************************************************
368  Sends out a name refresh.
369 **************************************************************************/
370
371 static BOOL initiate_name_refresh_packet( struct packet_struct *packet,
372                                    uint16 nb_flags, struct in_addr *refresh_ip)
373 {
374         struct nmb_packet *nmb = &packet->packet.nmb;
375
376         nmb->header.opcode = NMB_NAME_REFRESH_OPCODE_8;
377         nmb->header.arcount = 1;
378
379         nmb->header.nm_flags.recursion_desired = False;
380
381         if(create_and_init_additional_record(packet, nb_flags, refresh_ip) == False)
382                 return False;
383
384         DEBUG(4,("initiate_name_refresh_packet: sending refresh for name %s (bcast=%s) to IP %s\n",
385                 nmb_namestr(&nmb->additional->rr_name),
386                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
387
388         return send_netbios_packet( packet );
389
390
391 /***************************************************************************
392  Sends out a name release.
393 **************************************************************************/
394
395 static BOOL initiate_name_release_packet( struct packet_struct *packet,
396                                    uint16 nb_flags, struct in_addr *release_ip)
397 {
398         struct nmb_packet *nmb = &packet->packet.nmb;
399
400         nmb->header.opcode = NMB_NAME_RELEASE_OPCODE;
401         nmb->header.arcount = 1;
402
403         nmb->header.nm_flags.recursion_desired = False;
404
405         if(create_and_init_additional_record(packet, nb_flags, release_ip) == False)
406                 return False;
407
408         DEBUG(4,("initiate_name_release_packet: sending release for name %s (bcast=%s) to IP %s\n",
409                 nmb_namestr(&nmb->additional->rr_name),
410                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
411
412         return send_netbios_packet( packet );
413
414
415 /***************************************************************************
416  Sends out a node status.
417 **************************************************************************/
418
419 static BOOL initiate_node_status_packet( struct packet_struct *packet )
420 {
421         struct nmb_packet *nmb = &packet->packet.nmb;
422
423         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
424         nmb->header.arcount = 0;
425
426         nmb->header.nm_flags.recursion_desired = False;
427
428         nmb->question.question_type = QUESTION_TYPE_NB_STATUS;
429
430         DEBUG(4,("initiate_node_status_packet: sending node status request for name %s to IP %s\n",
431                 nmb_namestr(&nmb->question.question_name),
432                 inet_ntoa(packet->ip)));
433
434         return send_netbios_packet( packet );
435 }
436
437 /****************************************************************************
438   Simplification functions for queuing standard packets.
439   These should be the only publicly callable functions for sending
440   out packets.
441 ****************************************************************************/
442
443 /****************************************************************************
444  Assertion - we should never be sending nmbd packets on the remote
445  broadcast subnet.
446 ****************************************************************************/
447
448 static BOOL assert_check_subnet(struct subnet_record *subrec)
449 {
450         if( subrec == remote_broadcast_subnet) {
451                 DEBUG(0,("assert_check_subnet: Attempt to send packet on remote broadcast subnet. \
452 This is a bug.\n"));
453                 return True;
454         }
455         return False;
456 }
457
458 /****************************************************************************
459  Queue a register name packet to the broadcast address of a subnet.
460 ****************************************************************************/
461
462 struct response_record *queue_register_name( struct subnet_record *subrec,
463                           response_function resp_fn,
464                           timeout_response_function timeout_fn,
465                           register_name_success_function success_fn,
466                           register_name_fail_function fail_fn,
467                           struct userdata_struct *userdata,
468                           struct nmb_name *nmbname,
469                           uint16 nb_flags)
470 {
471         struct packet_struct *p;
472         struct response_record *rrec;
473
474         if(assert_check_subnet(subrec))
475                 return NULL;
476
477         /* note that all name registration requests have RD set (rfc1002 - section 4.2.2 */
478         if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), True,
479                                 subrec->bcast_ip)) == NULL)
480                 return NULL;
481
482         if(initiate_name_register_packet( p, nb_flags, iface_ip(subrec->bcast_ip)) == False) {
483                 p->locked = False;
484                 free_packet(p);
485                 return NULL;
486         }
487
488         if((rrec = make_response_record(subrec,        /* subnet record. */
489                                 p,                     /* packet we sent. */
490                                 resp_fn,               /* function to call on response. */
491                                 timeout_fn,            /* function to call on timeout. */
492                                 (success_function)success_fn,            /* function to call on operation success. */
493                                 (fail_function)fail_fn,               /* function to call on operation fail. */
494                                 userdata)) == NULL)  {
495                 p->locked = False;
496                 free_packet(p);
497                 return NULL;
498         }
499
500         return rrec;
501 }
502
503 /****************************************************************************
504  Queue a refresh name packet to the broadcast address of a subnet.
505 ****************************************************************************/
506
507 void queue_wins_refresh(struct nmb_name *nmbname,
508                         response_function resp_fn,
509                         timeout_response_function timeout_fn,
510                         uint16 nb_flags,
511                         struct in_addr refresh_ip,
512                         const char *tag)
513 {
514         struct packet_struct *p;
515         struct response_record *rrec;
516         struct in_addr wins_ip;
517         struct userdata_struct *userdata;
518         fstring ip_str;
519
520         wins_ip = wins_srv_ip_tag(tag, refresh_ip);
521
522         if ((p = create_and_init_netbios_packet(nmbname, False, False, wins_ip)) == NULL) {
523                 return;
524         }
525
526         if (!initiate_name_refresh_packet(p, nb_flags, &refresh_ip)) {
527                 p->locked = False;
528                 free_packet(p);
529                 return;
530         }
531
532         fstrcpy(ip_str, inet_ntoa(refresh_ip));
533
534         DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n",
535                  nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag));
536
537         userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1);
538         if (!userdata) {
539                 p->locked = False;
540                 free_packet(p);
541                 DEBUG(0,("Failed to allocate userdata structure!\n"));
542                 return;
543         }
544         ZERO_STRUCTP(userdata);
545         userdata->userdata_len = strlen(tag) + 1;
546         strlcpy(userdata->data, tag, userdata->userdata_len);   
547
548         if ((rrec = make_response_record(unicast_subnet,
549                                          p,
550                                          resp_fn, timeout_fn,
551                                          NULL,
552                                          NULL,
553                                          userdata)) == NULL) {
554                 p->locked = False;
555                 free_packet(p);
556                 return;
557         }
558
559         free(userdata);
560
561         /* we don't want to repeat refresh packets */
562         rrec->repeat_count = 0;
563 }
564
565
566 /****************************************************************************
567  Queue a multihomed register name packet to a given WINS server IP
568 ****************************************************************************/
569
570 struct response_record *queue_register_multihomed_name( struct subnet_record *subrec,
571                                                         response_function resp_fn,
572                                                         timeout_response_function timeout_fn,
573                                                         register_name_success_function success_fn,
574                                                         register_name_fail_function fail_fn,
575                                                         struct userdata_struct *userdata,
576                                                         struct nmb_name *nmbname,
577                                                         uint16 nb_flags,
578                                                         struct in_addr register_ip,
579                                                         struct in_addr wins_ip)
580 {
581         struct packet_struct *p;
582         struct response_record *rrec;
583         BOOL ret;
584         
585         /* Sanity check. */
586         if(subrec != unicast_subnet) {
587                 DEBUG(0,("queue_register_multihomed_name: should only be done on \
588 unicast subnet. subnet is %s\n.", subrec->subnet_name ));
589                 return NULL;
590         }
591
592         if(assert_check_subnet(subrec))
593                 return NULL;
594      
595         if ((p = create_and_init_netbios_packet(nmbname, False, True, wins_ip)) == NULL)
596                 return NULL;
597
598         if (nb_flags & NB_GROUP)
599                 ret = initiate_name_register_packet( p, nb_flags, &register_ip);
600         else
601                 ret = initiate_multihomed_name_register_packet(p, nb_flags, &register_ip);
602
603         if (ret == False) {  
604                 p->locked = False;
605                 free_packet(p);
606                 return NULL;
607         }  
608   
609         if ((rrec = make_response_record(subrec,    /* subnet record. */
610                                          p,                     /* packet we sent. */
611                                          resp_fn,               /* function to call on response. */
612                                          timeout_fn,            /* function to call on timeout. */
613                                          (success_function)success_fn, /* function to call on operation success. */
614                                          (fail_function)fail_fn,       /* function to call on operation fail. */
615                                          userdata)) == NULL) {  
616                 p->locked = False;
617                 free_packet(p);
618                 return NULL;
619         }  
620         
621         return rrec;
622 }
623
624 /****************************************************************************
625  Queue a release name packet to the broadcast address of a subnet.
626 ****************************************************************************/
627
628 struct response_record *queue_release_name( struct subnet_record *subrec,
629                                             response_function resp_fn,
630                                             timeout_response_function timeout_fn,
631                                             release_name_success_function success_fn,
632                                             release_name_fail_function fail_fn,
633                                             struct userdata_struct *userdata,
634                                             struct nmb_name *nmbname,
635                                             uint16 nb_flags,
636                                             struct in_addr release_ip,
637                                             struct in_addr dest_ip)
638 {
639         struct packet_struct *p;
640         struct response_record *rrec;
641
642         if(assert_check_subnet(subrec))
643                 return NULL;
644
645         if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False, dest_ip)) == NULL)
646                 return NULL;
647
648         if(initiate_name_release_packet( p, nb_flags, &release_ip) == False) {
649                 p->locked = False;
650                 free_packet(p);
651                 return NULL;
652         }
653
654         if((rrec = make_response_record(subrec,                /* subnet record. */
655                                         p,                     /* packet we sent. */
656                                         resp_fn,               /* function to call on response. */
657                                         timeout_fn,            /* function to call on timeout. */
658                                         (success_function)success_fn,            /* function to call on operation success. */
659                                         (fail_function)fail_fn,               /* function to call on operation fail. */
660                                         userdata)) == NULL)  {
661                 p->locked = False;
662                 free_packet(p);
663                 return NULL;
664         }
665
666         /*
667          * For a broadcast release packet, only send once.
668          * This will cause us to remove the name asap. JRA.
669          */
670
671         if (subrec != unicast_subnet) {
672                 rrec->repeat_count = 0;
673                 rrec->repeat_time = 0;
674         }
675
676         return rrec;
677 }
678
679 /****************************************************************************
680  Queue a query name packet to the broadcast address of a subnet.
681 ****************************************************************************/
682  
683 struct response_record *queue_query_name( struct subnet_record *subrec,
684                           response_function resp_fn,
685                           timeout_response_function timeout_fn,
686                           query_name_success_function success_fn,
687                           query_name_fail_function fail_fn,
688                           struct userdata_struct *userdata,
689                           struct nmb_name *nmbname)
690 {
691         struct packet_struct *p;
692         struct response_record *rrec;
693         struct in_addr to_ip;
694
695         if(assert_check_subnet(subrec))
696                 return NULL;
697
698         to_ip = subrec->bcast_ip;
699   
700         /* queries to the WINS server turn up here as queries to IP 0.0.0.0 
701                         These need to be handled a bit differently */
702         if (subrec->type == UNICAST_SUBNET && is_zero_ip(to_ip)) {
703                 /* What we really need to do is loop over each of our wins
704                  * servers and wins server tags here, but that just doesn't
705                  * fit our architecture at the moment (userdata may already
706                  * be used when we get here). For now we just query the first
707                  * active wins server on the first tag.
708                  */ 
709                 char **tags = wins_srv_tags();
710                 if (!tags) {
711                         return NULL;
712                 }
713                 to_ip = wins_srv_ip_tag(tags[0], to_ip);
714                 wins_srv_tags_free(tags);
715         }
716
717         if(( p = create_and_init_netbios_packet(nmbname, 
718                                         (subrec != unicast_subnet), 
719                                         (subrec == unicast_subnet), 
720                                         to_ip)) == NULL)
721                 return NULL;
722
723         if(lp_bind_interfaces_only()) {
724                 int i;
725
726                 DEBUG(10,("queue_query_name: bind_interfaces_only is set, looking for suitable source IP\n"));
727                 for(i = 0; i < iface_count(); i++) {
728                         struct in_addr *ifip = iface_n_ip(i);
729
730                         if(ifip == NULL) {
731                                 DEBUG(0,("queue_query_name: interface %d has NULL IP address !\n", i));
732                                 continue;
733                         }
734
735                         if (ip_equal(*ifip,loopback_ip)) {
736                                 DEBUG(5,("queue_query_name: ignoring loopback interface (%d)\n", i));
737                                 continue;
738                         }
739
740                         DEBUG(10,("queue_query_name: using source IP %s\n",inet_ntoa(*ifip)));
741                                 p->fd = find_subnet_fd_for_address( *ifip );
742                                 break;
743                 }
744         }
745
746         if(initiate_name_query_packet( p ) == False) {
747                 p->locked = False;
748                 free_packet(p);
749                 return NULL;
750         }
751
752         if((rrec = make_response_record(subrec,                /* subnet record. */
753                                         p,                     /* packet we sent. */
754                                         resp_fn,               /* function to call on response. */
755                                         timeout_fn,            /* function to call on timeout. */
756                                         (success_function)success_fn,            /* function to call on operation success. */
757                                         (fail_function)fail_fn,               /* function to call on operation fail. */
758                                         userdata)) == NULL) {
759                 p->locked = False;
760                 free_packet(p);
761                 return NULL;
762         }
763
764         return rrec;
765 }
766
767 /****************************************************************************
768  Queue a query name packet to a given address from the WINS subnet.
769 ****************************************************************************/
770  
771 struct response_record *queue_query_name_from_wins_server( struct in_addr to_ip,
772                           response_function resp_fn,
773                           timeout_response_function timeout_fn,
774                           query_name_success_function success_fn,
775                           query_name_fail_function fail_fn,
776                           struct userdata_struct *userdata,
777                           struct nmb_name *nmbname)
778 {
779         struct packet_struct *p;
780         struct response_record *rrec;
781
782         if ((p = create_and_init_netbios_packet(nmbname, False, False, to_ip)) == NULL)
783                 return NULL;
784
785         if(initiate_name_query_packet_from_wins_server( p ) == False) {
786                 p->locked = False;
787                 free_packet(p);
788                 return NULL;
789         }
790
791         if((rrec = make_response_record(wins_server_subnet,            /* subnet record. */
792                                                 p,                     /* packet we sent. */
793                                                 resp_fn,               /* function to call on response. */
794                                                 timeout_fn,            /* function to call on timeout. */
795                                                 (success_function)success_fn,            /* function to call on operation success. */
796                                                 (fail_function)fail_fn,               /* function to call on operation fail. */
797                                                 userdata)) == NULL) {
798                 p->locked = False;
799                 free_packet(p);
800                 return NULL;
801         }
802
803         return rrec;
804 }
805
806 /****************************************************************************
807  Queue a node status packet to a given name and address.
808 ****************************************************************************/
809  
810 struct response_record *queue_node_status( struct subnet_record *subrec,
811                           response_function resp_fn,
812                           timeout_response_function timeout_fn,
813                           node_status_success_function success_fn,
814                           node_status_fail_function fail_fn,
815                           struct userdata_struct *userdata,
816                           struct nmb_name *nmbname,
817                           struct in_addr send_ip)
818 {
819         struct packet_struct *p;
820         struct response_record *rrec;
821
822         /* Sanity check. */
823         if(subrec != unicast_subnet) {
824                 DEBUG(0,("queue_register_multihomed_name: should only be done on \
825 unicast subnet. subnet is %s\n.", subrec->subnet_name ));
826                 return NULL;
827         }
828
829         if(assert_check_subnet(subrec))
830                 return NULL;
831
832         if(( p = create_and_init_netbios_packet(nmbname, False, False, send_ip)) == NULL)
833                 return NULL;
834
835         if(initiate_node_status_packet(p) == False) {
836                 p->locked = False;
837                 free_packet(p);
838                 return NULL;
839         } 
840
841         if((rrec = make_response_record(subrec,           /* subnet record. */
842                                         p,                     /* packet we sent. */
843                                         resp_fn,               /* function to call on response. */
844                                         timeout_fn,            /* function to call on timeout. */
845                                         (success_function)success_fn,            /* function to call on operation success. */
846                                         (fail_function)fail_fn,               /* function to call on operation fail. */
847                                         userdata)) == NULL) {
848                 p->locked = False;
849                 free_packet(p);
850                 return NULL;
851         }
852
853         return rrec;
854 }
855
856 /****************************************************************************
857   Reply to a netbios name packet.  see rfc1002.txt
858 ****************************************************************************/
859
860 void reply_netbios_packet(struct packet_struct *orig_packet,
861                           int rcode, enum netbios_reply_type_code rcv_code, int opcode,
862                           int ttl, char *data,int len)
863 {
864         struct packet_struct packet;
865         struct nmb_packet *nmb = NULL;
866         struct res_rec answers;
867         struct nmb_packet *orig_nmb = &orig_packet->packet.nmb;
868         BOOL loopback_this_packet = False;
869         int rr_type = RR_TYPE_NB;
870         const char *packet_type = "unknown";
871   
872         /* Check if we are sending to or from ourselves. */
873         if(ismyip(orig_packet->ip) && (orig_packet->port == global_nmb_port))
874                 loopback_this_packet = True;
875   
876         nmb = &packet.packet.nmb;
877
878         /* Do a partial copy of the packet. We clear the locked flag and
879                         the resource record pointers. */
880         packet = *orig_packet;   /* Full structure copy. */
881         packet.locked = False;
882         nmb->answers = NULL;
883         nmb->nsrecs = NULL;
884         nmb->additional = NULL;
885
886         switch (rcv_code) {
887                 case NMB_STATUS:
888                         packet_type = "nmb_status";
889                         nmb->header.nm_flags.recursion_desired = False;
890                         nmb->header.nm_flags.recursion_available = False;
891                         rr_type = RR_TYPE_NBSTAT;
892                         break;
893                 case NMB_QUERY:
894                         packet_type = "nmb_query";
895                         nmb->header.nm_flags.recursion_desired = True;
896                         nmb->header.nm_flags.recursion_available = True;
897                         if (rcode) {
898                                 rr_type = RR_TYPE_NULL;
899                         }
900                         break;
901                 case NMB_REG:
902                 case NMB_REG_REFRESH:
903                         packet_type = "nmb_reg";
904                         nmb->header.nm_flags.recursion_desired = True;
905                         nmb->header.nm_flags.recursion_available = True;
906                         break;
907                 case NMB_REL:
908                         packet_type = "nmb_rel";
909                         nmb->header.nm_flags.recursion_desired = False;
910                         nmb->header.nm_flags.recursion_available = False;
911                         break;
912                 case NMB_WAIT_ACK:
913                         packet_type = "nmb_wack";
914                         nmb->header.nm_flags.recursion_desired = False;
915                         nmb->header.nm_flags.recursion_available = False;
916                         rr_type = RR_TYPE_NULL;
917                         break;
918                 case WINS_REG:
919                         packet_type = "wins_reg";
920                         nmb->header.nm_flags.recursion_desired = True;
921                         nmb->header.nm_flags.recursion_available = True;
922                         break;
923                 case WINS_QUERY:
924                         packet_type = "wins_query";
925                         nmb->header.nm_flags.recursion_desired = True;
926                         nmb->header.nm_flags.recursion_available = True;
927                         if (rcode) {
928                                 rr_type = RR_TYPE_NULL;
929                         }
930                         break;
931                 default:
932                         DEBUG(0,("reply_netbios_packet: Unknown packet type: %s %s to ip %s\n",
933                                 packet_type, nmb_namestr(&orig_nmb->question.question_name),
934                                 inet_ntoa(packet.ip)));
935                         return;
936         }
937
938         DEBUG(4,("reply_netbios_packet: sending a reply of packet type: %s %s to ip %s \
939 for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
940                         inet_ntoa(packet.ip), orig_nmb->header.name_trn_id));
941
942         nmb->header.name_trn_id = orig_nmb->header.name_trn_id;
943         nmb->header.opcode = opcode;
944         nmb->header.response = True;
945         nmb->header.nm_flags.bcast = False;
946         nmb->header.nm_flags.trunc = False;
947         nmb->header.nm_flags.authoritative = True;
948   
949         nmb->header.rcode = rcode;
950         nmb->header.qdcount = 0;
951         nmb->header.ancount = 1;
952         nmb->header.nscount = 0;
953         nmb->header.arcount = 0;
954   
955         memset((char*)&nmb->question,'\0',sizeof(nmb->question));
956   
957         nmb->answers = &answers;
958         memset((char*)nmb->answers,'\0',sizeof(*nmb->answers));
959   
960         nmb->answers->rr_name  = orig_nmb->question.question_name;
961         nmb->answers->rr_type  = rr_type;
962         nmb->answers->rr_class = RR_CLASS_IN;
963         nmb->answers->ttl      = ttl;
964   
965         if (data && len) {
966                 if (len < 0 || len > sizeof(nmb->answers->rdata)) {
967                         DEBUG(5,("reply_netbios_packet: "
968                                 "invalid packet len (%d)\n",
969                                 len ));
970                         return;
971                 }
972                 nmb->answers->rdlength = len;
973                 memcpy(nmb->answers->rdata, data, len);
974         }
975   
976         packet.packet_type = NMB_PACKET;
977         /* Ensure we send out on the same fd that the original
978                 packet came in on to give the correct source IP address. */
979         packet.fd = orig_packet->fd;
980         packet.timestamp = time(NULL);
981
982         debug_nmb_packet(&packet);
983   
984         if(loopback_this_packet) {
985                 struct packet_struct *lo_packet;
986                 DEBUG(5,("reply_netbios_packet: sending packet to ourselves.\n"));
987                 if((lo_packet = copy_packet(&packet)) == NULL)
988                         return;
989                 queue_packet(lo_packet);
990         } else if (!send_packet(&packet)) {
991                 DEBUG(0,("reply_netbios_packet: send_packet to IP %s port %d failed\n",
992                         inet_ntoa(packet.ip),packet.port));
993         }
994 }
995
996 /*******************************************************************
997   Queue a packet into a packet queue
998 ******************************************************************/
999
1000 static void queue_packet(struct packet_struct *packet)
1001 {
1002         struct packet_struct *p;
1003
1004         if (!packet_queue) {
1005                 packet->prev = NULL;
1006                 packet->next = NULL;
1007                 packet_queue = packet;
1008                 return;
1009         }
1010   
1011         /* find the bottom */
1012         for (p=packet_queue;p->next;p=p->next) 
1013                 ;
1014
1015         p->next = packet;
1016         packet->next = NULL;
1017         packet->prev = p;
1018 }
1019
1020 /****************************************************************************
1021  Try and find a matching subnet record for a datagram port 138 packet.
1022 ****************************************************************************/
1023
1024 static struct subnet_record *find_subnet_for_dgram_browse_packet(struct packet_struct *p)
1025 {
1026         struct subnet_record *subrec;
1027
1028         /* Go through all the broadcast subnets and see if the mask matches. */
1029         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1030                 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
1031                         return subrec;
1032         }
1033
1034         /* If the subnet record is the remote announce broadcast subnet,
1035                 hack it here to be the first subnet. This is really gross and
1036                 is needed due to people turning on port 137/138 broadcast
1037                 forwarding on their routers. May fire and brimstone rain
1038                 down upon them...
1039         */
1040
1041         return FIRST_SUBNET;
1042 }
1043
1044 /****************************************************************************
1045 Dispatch a browse frame from port 138 to the correct processing function.
1046 ****************************************************************************/
1047
1048 static void process_browse_packet(struct packet_struct *p, char *buf,int len)
1049 {
1050         struct dgram_packet *dgram = &p->packet.dgram;
1051         int command = CVAL(buf,0);
1052         struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1053         char scope[64];
1054         unstring src_name;
1055
1056         /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1057         pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1058         if (!strequal(scope, global_scope())) {
1059                 DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Scope (%s) \
1060 mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1061                 return;
1062         }
1063
1064         pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1065         if (is_myname(src_name)) {
1066                 DEBUG(0,("process_browse_packet: Discarding datagram from IP %s. Source name \
1067 %s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1068                 return;
1069         }
1070
1071         switch (command) {
1072                 case ANN_HostAnnouncement:
1073                         debug_browse_data(buf, len);
1074                         process_host_announce(subrec, p, buf+1);
1075                         break;
1076                 case ANN_DomainAnnouncement:
1077                         debug_browse_data(buf, len);
1078                         process_workgroup_announce(subrec, p, buf+1);
1079                         break;
1080                 case ANN_LocalMasterAnnouncement:
1081                         debug_browse_data(buf, len);
1082                         process_local_master_announce(subrec, p, buf+1);
1083                         break;
1084                 case ANN_AnnouncementRequest:
1085                         debug_browse_data(buf, len);
1086                         process_announce_request(subrec, p, buf+1);
1087                         break;
1088                 case ANN_Election:
1089                         debug_browse_data(buf, len);
1090                         process_election(subrec, p, buf+1);
1091                         break;
1092                 case ANN_GetBackupListReq:
1093                         debug_browse_data(buf, len);
1094                         process_get_backup_list_request(subrec, p, buf+1);
1095                         break;
1096                 case ANN_GetBackupListResp:
1097                         debug_browse_data(buf, len);
1098                         /* We never send ANN_GetBackupListReq so we should never get these. */
1099                         DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
1100 packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
1101                         break;
1102                 case ANN_ResetBrowserState:
1103                         debug_browse_data(buf, len);
1104                         process_reset_browser(subrec, p, buf+1);
1105                         break;
1106                 case ANN_MasterAnnouncement:
1107                         /* Master browser datagrams must be processed on the unicast subnet. */
1108                         subrec = unicast_subnet;
1109
1110                         debug_browse_data(buf, len);
1111                         process_master_browser_announce(subrec, p, buf+1);
1112                         break;
1113                 case ANN_BecomeBackup:
1114                         /* 
1115                          * We don't currently implement this. Log it just in case.
1116                          */
1117                         debug_browse_data(buf, len);
1118                         DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
1119 command ANN_BecomeBackup from %s IP %s to %s\n", subrec->subnet_name, nmb_namestr(&dgram->source_name),
1120                                         inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1121                         break;
1122                 default:
1123                         debug_browse_data(buf, len);
1124                         DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
1125 command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1126                                 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1127                         break;
1128         } 
1129 }
1130
1131 /****************************************************************************
1132  Dispatch a LanMan browse frame from port 138 to the correct processing function.
1133 ****************************************************************************/
1134
1135 static void process_lanman_packet(struct packet_struct *p, char *buf,int len)
1136 {
1137         struct dgram_packet *dgram = &p->packet.dgram;
1138         int command = SVAL(buf,0);
1139         struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1140         char scope[64];
1141         unstring src_name;
1142
1143         /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1144
1145         pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1146         if (!strequal(scope, global_scope())) {
1147                 DEBUG(7,("process_lanman_packet: Discarding datagram from IP %s. Scope (%s) \
1148 mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1149                 return;
1150         }
1151
1152         pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1153         if (is_myname(src_name)) {
1154                 DEBUG(0,("process_lanman_packet: Discarding datagram from IP %s. Source name \
1155 %s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1156                 return;
1157         }
1158
1159         switch (command) {
1160                 case ANN_HostAnnouncement:
1161                         debug_browse_data(buf, len);
1162                         process_lm_host_announce(subrec, p, buf+1, len > 1 ? len-1 : 0);
1163                         break;
1164                 case ANN_AnnouncementRequest:
1165                         process_lm_announce_request(subrec, p, buf+1, len > 1 ? len-1 : 0);
1166                         break;
1167                 default:
1168                         DEBUG(0,("process_lanman_packet: On subnet %s ignoring browse packet \
1169 command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1170                                 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1171                         break;
1172         }
1173 }
1174
1175 /****************************************************************************
1176   Determine if a packet is for us on port 138. Note that to have any chance of
1177   being efficient we need to drop as many packets as possible at this
1178   stage as subsequent processing is expensive. 
1179 ****************************************************************************/
1180
1181 static BOOL listening(struct packet_struct *p,struct nmb_name *nbname)
1182 {
1183         struct subnet_record *subrec = NULL;
1184
1185         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1186                 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
1187                         break;
1188         }
1189
1190         if(subrec == NULL)
1191                 subrec = unicast_subnet;
1192
1193         return (find_name_on_subnet(subrec, nbname, FIND_SELF_NAME) != NULL);
1194 }
1195
1196 /****************************************************************************
1197   Process udp 138 datagrams
1198 ****************************************************************************/
1199
1200 static void process_dgram(struct packet_struct *p)
1201 {
1202         char *buf;
1203         char *buf2;
1204         int len;
1205         struct dgram_packet *dgram = &p->packet.dgram;
1206
1207         /* If we aren't listening to the destination name then ignore the packet */
1208         if (!listening(p,&dgram->dest_name)) {
1209                         unexpected_packet(p);
1210                         DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from %s\n",
1211                                 nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip)));
1212                         return;
1213         }
1214
1215         if (dgram->header.msg_type != 0x10 && dgram->header.msg_type != 0x11 && dgram->header.msg_type != 0x12) {
1216                 unexpected_packet(p);
1217                 /* Don't process error packets etc yet */
1218                 DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from IP %s as it is \
1219 an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), dgram->header.msg_type));
1220                 return;
1221         }
1222
1223         /* Ensure we have a large enough packet before looking inside. */
1224         if (dgram->datasize < (smb_vwv12 - 2)) {
1225                 /* That's the offset minus the 4 byte length + 2 bytes of offset. */
1226                 DEBUG(0,("process_dgram: ignoring too short dgram packet (%u) sent to name %s from IP %s\n",
1227                         (unsigned int)dgram->datasize,
1228                         nmb_namestr(&dgram->dest_name),
1229                         inet_ntoa(p->ip) ));
1230                 return;
1231         }
1232
1233         buf = &dgram->data[0];
1234         buf -= 4; /* XXXX for the pseudo tcp length - someday I need to get rid of this */
1235
1236         if (CVAL(buf,smb_com) != SMBtrans)
1237                 return;
1238
1239         len = SVAL(buf,smb_vwv11);
1240         buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
1241
1242         if (len <= 0 || len > dgram->datasize) {
1243                 DEBUG(0,("process_dgram: ignoring malformed1 (datasize = %d, len = %d) datagram \
1244 packet sent to name %s from IP %s\n",
1245                         dgram->datasize,
1246                         len,
1247                         nmb_namestr(&dgram->dest_name),
1248                         inet_ntoa(p->ip) ));
1249                 return;
1250         }
1251
1252         if (buf2 < dgram->data || (buf2 >= dgram->data + dgram->datasize)) {
1253                 DEBUG(0,("process_dgram: ignoring malformed2 (datasize = %d, len=%d, off=%d) datagram \
1254 packet sent to name %s from IP %s\n",
1255                         dgram->datasize,
1256                         len,
1257                         (int)PTR_DIFF(buf2, dgram->data),
1258                         nmb_namestr(&dgram->dest_name),
1259                         inet_ntoa(p->ip) ));
1260                 return;
1261         }
1262
1263         if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) {
1264                 DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \
1265 packet sent to name %s from IP %s\n",
1266                         dgram->datasize,
1267                         len,
1268                         (int)PTR_DIFF(buf2, dgram->data),
1269                         nmb_namestr(&dgram->dest_name),
1270                         inet_ntoa(p->ip) ));
1271                 return;
1272         }
1273
1274         DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
1275                 nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
1276                 inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
1277
1278         /* Datagram packet received for the browser mailslot */
1279         if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) {
1280                 process_browse_packet(p,buf2,len);
1281                 return;
1282         }
1283
1284         /* Datagram packet received for the LAN Manager mailslot */
1285         if (strequal(smb_buf(buf),LANMAN_MAILSLOT)) {
1286                 process_lanman_packet(p,buf2,len);
1287                 return;
1288         }
1289
1290         /* Datagram packet received for the domain logon mailslot */
1291         if (strequal(smb_buf(buf),NET_LOGON_MAILSLOT)) {
1292                 process_logon_packet(p,buf2,len,NET_LOGON_MAILSLOT);
1293                 return;
1294         }
1295
1296         /* Datagram packet received for the NT domain logon mailslot */
1297         if (strequal(smb_buf(buf),NT_LOGON_MAILSLOT)) {
1298                 process_logon_packet(p,buf2,len,NT_LOGON_MAILSLOT);
1299                 return;
1300         }
1301
1302         unexpected_packet(p);
1303 }
1304
1305 /****************************************************************************
1306   Validate a response nmb packet.
1307 ****************************************************************************/
1308
1309 static BOOL validate_nmb_response_packet( struct nmb_packet *nmb )
1310 {
1311         BOOL ignore = False;
1312
1313         switch (nmb->header.opcode) {
1314                 case NMB_NAME_REG_OPCODE:
1315                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1316                 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1317                         if (nmb->header.ancount == 0) {
1318                                 DEBUG(0,("validate_nmb_response_packet: Bad REG/REFRESH Packet. "));
1319                                 ignore = True;
1320                         }
1321                         break;
1322
1323                 case NMB_NAME_QUERY_OPCODE:
1324                         if ((nmb->header.ancount != 0) && (nmb->header.ancount != 1)) {
1325                                 DEBUG(0,("validate_nmb_response_packet: Bad QUERY Packet. "));
1326                                 ignore = True;
1327                         }
1328                         break;
1329
1330                 case NMB_NAME_RELEASE_OPCODE:
1331                         if (nmb->header.ancount == 0) {
1332                                 DEBUG(0,("validate_nmb_response_packet: Bad RELEASE Packet. "));
1333                                 ignore = True;
1334                         }
1335                         break;
1336
1337                 case NMB_WACK_OPCODE:
1338                         /* Check WACK response here. */
1339                         if (nmb->header.ancount != 1) {
1340                                 DEBUG(0,("validate_nmb_response_packet: Bad WACK Packet. "));
1341                                 ignore = True;
1342                         }
1343                         break;
1344                 default:
1345                         DEBUG(0,("validate_nmb_response_packet: Ignoring packet with unknown opcode %d.\n",
1346                                         nmb->header.opcode));
1347                         return True;
1348         }
1349
1350         if(ignore)
1351                 DEBUG(0,("Ignoring response packet with opcode %d.\n", nmb->header.opcode));
1352
1353         return ignore;
1354 }
1355  
1356 /****************************************************************************
1357   Validate a request nmb packet.
1358 ****************************************************************************/
1359
1360 static BOOL validate_nmb_packet( struct nmb_packet *nmb )
1361 {
1362         BOOL ignore = False;
1363
1364         switch (nmb->header.opcode) {
1365                 case NMB_NAME_REG_OPCODE:
1366                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1367                 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1368                 case NMB_NAME_MULTIHOMED_REG_OPCODE:
1369                         if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1370                                 DEBUG(0,("validate_nmb_packet: Bad REG/REFRESH Packet. "));
1371                                 ignore = True;
1372                         }
1373                         break;
1374
1375                 case NMB_NAME_QUERY_OPCODE:
1376                         if ((nmb->header.qdcount == 0) || ((nmb->question.question_type != QUESTION_TYPE_NB_QUERY) &&
1377                                         (nmb->question.question_type != QUESTION_TYPE_NB_STATUS))) {
1378                                 DEBUG(0,("validate_nmb_packet: Bad QUERY Packet. "));
1379                                 ignore = True;
1380                         }
1381                         break;
1382
1383                 case NMB_NAME_RELEASE_OPCODE:
1384                         if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1385                                 DEBUG(0,("validate_nmb_packet: Bad RELEASE Packet. "));
1386                                 ignore = True;
1387                         }
1388                         break;
1389                 default:
1390                         DEBUG(0,("validate_nmb_packet: Ignoring packet with unknown opcode %d.\n",
1391                                 nmb->header.opcode));
1392                         return True;
1393         }
1394
1395         if(ignore)
1396                 DEBUG(0,("validate_nmb_packet: Ignoring request packet with opcode %d.\n", nmb->header.opcode));
1397
1398         return ignore;
1399 }
1400
1401 /****************************************************************************
1402   Find a subnet (and potentially a response record) for a packet.
1403 ****************************************************************************/
1404
1405 static struct subnet_record *find_subnet_for_nmb_packet( struct packet_struct *p,
1406                                                          struct response_record **pprrec)
1407 {
1408         struct nmb_packet *nmb = &p->packet.nmb;
1409         struct response_record *rrec = NULL;
1410         struct subnet_record *subrec = NULL;
1411
1412         if(pprrec != NULL)
1413                 *pprrec = NULL;
1414
1415         if(nmb->header.response) {
1416                 /* It's a response packet. Find a record for it or it's an error. */
1417
1418                 rrec = find_response_record( &subrec, nmb->header.name_trn_id);
1419                 if(rrec == NULL) {
1420                         DEBUG(3,("find_subnet_for_nmb_packet: response record not found for response id %hu\n",
1421                                 nmb->header.name_trn_id));
1422                         unexpected_packet(p);
1423                         return NULL;
1424                 }
1425
1426                 if(subrec == NULL) {
1427                         DEBUG(0,("find_subnet_for_nmb_packet: subnet record not found for response id %hu\n",
1428                                 nmb->header.name_trn_id));
1429                         return NULL;
1430                 }
1431
1432                 if(pprrec != NULL)
1433                         *pprrec = rrec;
1434                 return subrec;
1435         }
1436
1437         /* Try and see what subnet this packet belongs to. */
1438
1439         /* WINS server ? */
1440         if(packet_is_for_wins_server(p))
1441                 return wins_server_subnet;
1442
1443         /* If it wasn't a broadcast packet then send to the UNICAST subnet. */
1444         if(nmb->header.nm_flags.bcast == False)
1445                 return unicast_subnet;
1446
1447         /* Go through all the broadcast subnets and see if the mask matches. */
1448         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1449                 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
1450                         return subrec;
1451         }
1452
1453         /* If none match it must have been a directed broadcast - assign the remote_broadcast_subnet. */
1454         return remote_broadcast_subnet;
1455 }
1456
1457 /****************************************************************************
1458   Process a nmb request packet - validate the packet and route it.
1459 ****************************************************************************/
1460
1461 static void process_nmb_request(struct packet_struct *p)
1462 {
1463         struct nmb_packet *nmb = &p->packet.nmb;
1464         struct subnet_record *subrec = NULL;
1465
1466         debug_nmb_packet(p);
1467
1468         /* Ensure we have a good packet. */
1469         if(validate_nmb_packet(nmb))
1470                 return;
1471
1472         /* Allocate a subnet to this packet - if we cannot - fail. */
1473         if((subrec = find_subnet_for_nmb_packet(p, NULL))==NULL)
1474                 return;
1475
1476         switch (nmb->header.opcode) {
1477                 case NMB_NAME_REG_OPCODE:
1478                         if(subrec == wins_server_subnet)
1479                                 wins_process_name_registration_request(subrec, p);
1480                         else
1481                                 process_name_registration_request(subrec, p);
1482                         break;
1483
1484                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1485                 case NMB_NAME_REFRESH_OPCODE_9:
1486                         if(subrec == wins_server_subnet)
1487                                 wins_process_name_refresh_request(subrec, p);
1488                         else
1489                                 process_name_refresh_request(subrec, p);
1490                         break;
1491
1492                 case NMB_NAME_MULTIHOMED_REG_OPCODE:
1493                         if(subrec == wins_server_subnet) {
1494                                 wins_process_multihomed_name_registration_request(subrec, p);
1495                         } else {
1496                                 DEBUG(0,("process_nmb_request: Multihomed registration request must be \
1497 directed at a WINS server.\n"));
1498                         }
1499                         break;
1500
1501                 case NMB_NAME_QUERY_OPCODE:
1502                         switch (nmb->question.question_type) {
1503                                 case QUESTION_TYPE_NB_QUERY:
1504                                         if(subrec == wins_server_subnet)
1505                                                 wins_process_name_query_request(subrec, p);
1506                                         else
1507                                                 process_name_query_request(subrec, p);
1508                                         break;
1509                                 case QUESTION_TYPE_NB_STATUS:
1510                                         if(subrec == wins_server_subnet) {
1511                                                 DEBUG(0,("process_nmb_request: NB_STATUS request directed at WINS server is \
1512 not allowed.\n"));
1513                                                 break;
1514                                         } else {
1515                                                 process_node_status_request(subrec, p);
1516                                         }
1517                                         break;
1518                         }
1519                         break;
1520       
1521                 case NMB_NAME_RELEASE_OPCODE:
1522                         if(subrec == wins_server_subnet)
1523                                 wins_process_name_release_request(subrec, p);
1524                         else
1525                                 process_name_release_request(subrec, p);
1526                         break;
1527         }
1528 }
1529
1530 /****************************************************************************
1531   Process a nmb response packet - validate the packet and route it.
1532   to either the WINS server or a normal response.
1533 ****************************************************************************/
1534
1535 static void process_nmb_response(struct packet_struct *p)
1536 {
1537         struct nmb_packet *nmb = &p->packet.nmb;
1538         struct subnet_record *subrec = NULL;
1539         struct response_record *rrec = NULL;
1540
1541         debug_nmb_packet(p);
1542
1543         if(validate_nmb_response_packet(nmb))
1544                 return;
1545
1546         if((subrec = find_subnet_for_nmb_packet(p, &rrec))==NULL)
1547                 return;
1548
1549         if(rrec == NULL) {
1550                 DEBUG(0,("process_nmb_response: response packet received but no response record \
1551 found for id = %hu. Ignoring packet.\n", nmb->header.name_trn_id));
1552                 return;
1553         }
1554
1555         /* Increment the number of responses received for this record. */
1556         rrec->num_msgs++;
1557         /* Ensure we don't re-send the request. */
1558         rrec->repeat_count = 0;
1559   
1560         /* Call the response received function for this packet. */
1561         (*rrec->resp_fn)(subrec, rrec, p);
1562 }
1563
1564 /*******************************************************************
1565   Run elements off the packet queue till its empty
1566 ******************************************************************/
1567
1568 void run_packet_queue(void)
1569 {
1570         struct packet_struct *p;
1571
1572         while ((p = packet_queue)) {
1573                 packet_queue = p->next;
1574                 if (packet_queue)
1575                         packet_queue->prev = NULL;
1576                 p->next = p->prev = NULL;
1577
1578                 switch (p->packet_type) {
1579                         case NMB_PACKET:
1580                                 if(p->packet.nmb.header.response)
1581                                         process_nmb_response(p);
1582                                 else
1583                                         process_nmb_request(p);
1584                                 break;
1585
1586                         case DGRAM_PACKET:
1587                                 process_dgram(p);
1588                                 break;
1589                 }
1590                 free_packet(p);
1591         }
1592
1593
1594 /*******************************************************************
1595  Retransmit or timeout elements from all the outgoing subnet response
1596  record queues. NOTE that this code must also check the WINS server
1597  subnet for response records to timeout as the WINS server code
1598  can send requests to check if a client still owns a name.
1599  (Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>).
1600 ******************************************************************/
1601
1602 void retransmit_or_expire_response_records(time_t t)
1603 {
1604         struct subnet_record *subrec;
1605
1606         for (subrec = FIRST_SUBNET; subrec; subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec)) {
1607                 struct response_record *rrec, *nextrrec;
1608
1609                 for (rrec = subrec->responselist; rrec; rrec = nextrrec) {
1610                         nextrrec = rrec->next;
1611    
1612                         if (rrec->repeat_time <= t) {
1613                                 if (rrec->repeat_count > 0) {
1614                                         /* Resend while we have a non-zero repeat_count. */
1615                                         if(!send_packet(rrec->packet)) {
1616                                                 DEBUG(0,("retransmit_or_expire_response_records: Failed to resend packet id %hu \
1617 to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1618                                         }
1619                                         rrec->repeat_time = t + rrec->repeat_interval;
1620                                         rrec->repeat_count--;
1621                                 } else {
1622                                         DEBUG(4,("retransmit_or_expire_response_records: timeout for packet id %hu to IP %s \
1623 on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1624
1625                                         /*
1626                                          * Check the flag in this record to prevent recursion if we end
1627                                          * up in this function again via the timeout function call.
1628                                          */
1629
1630                                         if(!rrec->in_expiration_processing) {
1631
1632                                                 /*
1633                                                  * Set the recursion protection flag in this record.
1634                                                  */
1635
1636                                                 rrec->in_expiration_processing = True;
1637
1638                                                 /* Call the timeout function. This will deal with removing the
1639                                                                 timed out packet. */
1640                                                 if(rrec->timeout_fn) {
1641                                                         (*rrec->timeout_fn)(subrec, rrec);
1642                                                 } else {
1643                                                         /* We must remove the record ourself if there is
1644                                                                         no timeout function. */
1645                                                         remove_response_record(subrec, rrec);
1646                                                 }
1647                                         } /* !rrec->in_expitation_processing */
1648                                 } /* rrec->repeat_count > 0 */
1649                         } /* rrec->repeat_time <= t */
1650                 } /* end for rrec */
1651         } /* end for subnet */
1652 }
1653
1654 /****************************************************************************
1655   Create an fd_set containing all the sockets in the subnet structures,
1656   plus the broadcast sockets.
1657 ***************************************************************************/
1658
1659 static BOOL create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_number, int *maxfd)
1660 {
1661         int *sock_array = NULL;
1662         struct subnet_record *subrec = NULL;
1663         int count = 0;
1664         int num = 0;
1665         fd_set *pset = SMB_MALLOC_P(fd_set);
1666
1667         if(pset == NULL) {
1668                 DEBUG(0,("create_listen_fdset: malloc fail !\n"));
1669                 return True;
1670         }
1671
1672         /* Check that we can add all the fd's we need. */
1673         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
1674                 count++;
1675
1676         if((count*2) + 2 > FD_SETSIZE) {
1677                 DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
1678 only use %d.\n", (count*2) + 2, FD_SETSIZE));
1679                 SAFE_FREE(pset);
1680                 return True;
1681         }
1682
1683         if((sock_array = SMB_MALLOC_ARRAY(int, (count*2) + 2)) == NULL) {
1684                 DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
1685                 SAFE_FREE(pset);
1686                 return True;
1687         }
1688
1689         FD_ZERO(pset);
1690
1691         /* Add in the broadcast socket on 137. */
1692         FD_SET(ClientNMB,pset);
1693         sock_array[num++] = ClientNMB;
1694         *maxfd = MAX( *maxfd, ClientNMB);
1695
1696         /* Add in the 137 sockets on all the interfaces. */
1697         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1698                 FD_SET(subrec->nmb_sock,pset);
1699                 sock_array[num++] = subrec->nmb_sock;
1700                 *maxfd = MAX( *maxfd, subrec->nmb_sock);
1701         }
1702
1703         /* Add in the broadcast socket on 138. */
1704         FD_SET(ClientDGRAM,pset);
1705         sock_array[num++] = ClientDGRAM;
1706         *maxfd = MAX( *maxfd, ClientDGRAM);
1707
1708         /* Add in the 138 sockets on all the interfaces. */
1709         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1710                 FD_SET(subrec->dgram_sock,pset);
1711                 sock_array[num++] = subrec->dgram_sock;
1712                 *maxfd = MAX( *maxfd, subrec->dgram_sock);
1713         }
1714
1715         *listen_number = (count*2) + 2;
1716
1717         SAFE_FREE(*ppset);
1718         SAFE_FREE(*psock_array);
1719
1720         *ppset = pset;
1721         *psock_array = sock_array;
1722  
1723         return False;
1724 }
1725
1726 /****************************************************************************
1727   Listens for NMB or DGRAM packets, and queues them.
1728   return True if the socket is dead
1729 ***************************************************************************/
1730
1731 BOOL listen_for_packets(BOOL run_election)
1732 {
1733         static fd_set *listen_set = NULL;
1734         static int listen_number = 0;
1735         static int *sock_array = NULL;
1736         int i;
1737         static int maxfd = 0;
1738
1739         fd_set fds;
1740         int selrtn;
1741         struct timeval timeout;
1742 #ifndef SYNC_DNS
1743         int dns_fd;
1744 #endif
1745
1746         if(listen_set == NULL || rescan_listen_set) {
1747                 if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) {
1748                         DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n"));
1749                         return True;
1750                 }
1751                 rescan_listen_set = False;
1752         }
1753
1754         memcpy((char *)&fds, (char *)listen_set, sizeof(fd_set));
1755
1756 #ifndef SYNC_DNS
1757         dns_fd = asyncdns_fd();
1758         if (dns_fd != -1) {
1759                 FD_SET(dns_fd, &fds);
1760                 maxfd = MAX( maxfd, dns_fd);
1761         }
1762 #endif
1763
1764         /* 
1765          * During elections and when expecting a netbios response packet we
1766          * need to send election packets at tighter intervals.
1767          * Ideally it needs to be the interval (in ms) between time now and
1768          * the time we are expecting the next netbios packet.
1769          */
1770
1771         timeout.tv_sec = (run_election||num_response_packets) ? 1 : NMBD_SELECT_LOOP;
1772         timeout.tv_usec = 0;
1773
1774         /* Prepare for the select - allow certain signals. */
1775
1776         BlockSignals(False, SIGTERM);
1777
1778         selrtn = sys_select(maxfd+1,&fds,NULL,NULL,&timeout);
1779
1780         /* We can only take signals when we are in the select - block them again here. */
1781
1782         BlockSignals(True, SIGTERM);
1783
1784         if(selrtn == -1) {
1785                 return False;
1786         }
1787
1788 #ifndef SYNC_DNS
1789         if (dns_fd != -1 && FD_ISSET(dns_fd,&fds)) {
1790                 run_dns_queue();
1791         }
1792 #endif
1793
1794         for(i = 0; i < listen_number; i++) {
1795                 if (i < (listen_number/2)) {
1796                         /* Processing a 137 socket. */
1797                         if (FD_ISSET(sock_array[i],&fds)) {
1798                                 struct packet_struct *packet = read_packet(sock_array[i], NMB_PACKET);
1799                                 if (packet) {
1800                                         /*
1801                                          * If we got a packet on the broadcast socket and interfaces
1802                                          * only is set then check it came from one of our local nets. 
1803                                          */
1804                                         if(lp_bind_interfaces_only() && (sock_array[i] == ClientNMB) && 
1805                                                                 (!is_local_net(packet->ip))) {
1806                                                 DEBUG(7,("discarding nmb packet sent to broadcast socket from %s:%d\n",
1807                                                         inet_ntoa(packet->ip),packet->port));     
1808                                                 free_packet(packet);
1809                                         } else if ((ip_equal(loopback_ip, packet->ip) || 
1810                                                                 ismyip(packet->ip)) && packet->port == global_nmb_port &&
1811                                                                 packet->packet.nmb.header.nm_flags.bcast) {
1812                                                 DEBUG(7,("discarding own bcast packet from %s:%d\n",
1813                                                         inet_ntoa(packet->ip),packet->port));     
1814                                                 free_packet(packet);
1815                                         } else {
1816                                                 /* Save the file descriptor this packet came in on. */
1817                                                 packet->fd = sock_array[i];
1818                                                 queue_packet(packet);
1819                                         }
1820                                 }
1821                         }
1822                 } else {
1823                         /* Processing a 138 socket. */
1824                                 if (FD_ISSET(sock_array[i],&fds)) {
1825                                 struct packet_struct *packet = read_packet(sock_array[i], DGRAM_PACKET);
1826                                 if (packet) {
1827                                         /*
1828                                          * If we got a packet on the broadcast socket and interfaces
1829                                          * only is set then check it came from one of our local nets. 
1830                                          */
1831                                         if(lp_bind_interfaces_only() && (sock_array[i] == ClientDGRAM) && 
1832                                                                 (!is_local_net(packet->ip))) {
1833                                                 DEBUG(7,("discarding dgram packet sent to broadcast socket from %s:%d\n",
1834                                                 inet_ntoa(packet->ip),packet->port));     
1835                                                 free_packet(packet);
1836                                         } else if ((ip_equal(loopback_ip, packet->ip) || 
1837                                                         ismyip(packet->ip)) && packet->port == DGRAM_PORT) {
1838                                                 DEBUG(7,("discarding own dgram packet from %s:%d\n",
1839                                                         inet_ntoa(packet->ip),packet->port));     
1840                                                 free_packet(packet);
1841                                         } else {
1842                                                 /* Save the file descriptor this packet came in on. */
1843                                                 packet->fd = sock_array[i];
1844                                                 queue_packet(packet);
1845                                         }
1846                                 }
1847                         }
1848                 } /* end processing 138 socket. */
1849         } /* end for */
1850         return False;
1851 }
1852
1853 /****************************************************************************
1854   Construct and send a netbios DGRAM.
1855 **************************************************************************/
1856
1857 BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len,
1858                    const char *srcname, int src_type,
1859                    const char *dstname, int dest_type,
1860                    struct in_addr dest_ip,struct in_addr src_ip,
1861                    int dest_port)
1862 {
1863         BOOL loopback_this_packet = False;
1864         struct packet_struct p;
1865         struct dgram_packet *dgram = &p.packet.dgram;
1866         char *ptr,*p2;
1867         char tmp[4];
1868
1869         memset((char *)&p,'\0',sizeof(p));
1870
1871         if(ismyip(dest_ip) && (dest_port == DGRAM_PORT)) /* Only if to DGRAM_PORT */
1872                 loopback_this_packet = True;
1873
1874         /* generate_name_trn_id(); */ /* Not used, so gone, RJS */
1875
1876         /* DIRECT GROUP or UNIQUE datagram. */
1877         dgram->header.msg_type = unique ? 0x10 : 0x11; 
1878         dgram->header.flags.node_type = M_NODE;
1879         dgram->header.flags.first = True;
1880         dgram->header.flags.more = False;
1881         dgram->header.dgm_id = generate_name_trn_id();
1882         dgram->header.source_ip = src_ip;
1883         dgram->header.source_port = DGRAM_PORT;
1884         dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
1885         dgram->header.packet_offset = 0;
1886   
1887         make_nmb_name(&dgram->source_name,srcname,src_type);
1888         make_nmb_name(&dgram->dest_name,dstname,dest_type);
1889
1890         ptr = &dgram->data[0];
1891
1892         /* Setup the smb part. */
1893         ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
1894         memcpy(tmp,ptr,4);
1895         set_message(ptr,17,strlen(mailslot) + 1 + len,True);
1896         memcpy(ptr,tmp,4);
1897
1898         SCVAL(ptr,smb_com,SMBtrans);
1899         SSVAL(ptr,smb_vwv1,len);
1900         SSVAL(ptr,smb_vwv11,len);
1901         SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
1902         SSVAL(ptr,smb_vwv13,3);
1903         SSVAL(ptr,smb_vwv14,1);
1904         SSVAL(ptr,smb_vwv15,1);
1905         SSVAL(ptr,smb_vwv16,2);
1906         p2 = smb_buf(ptr);
1907         safe_strcpy_base(p2, mailslot, dgram->data, sizeof(dgram->data));
1908         p2 = skip_string(ptr,MAX_DGRAM_SIZE,p2);
1909   
1910         if (((p2+len) > dgram->data+sizeof(dgram->data)) || ((p2+len) < p2)) {
1911                 DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
1912                 return False;
1913         } else {
1914                 memcpy(p2,buf,len);
1915                 p2 += len;
1916         }
1917
1918         dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
1919
1920         p.ip = dest_ip;
1921         p.port = dest_port;
1922         p.fd = find_subnet_mailslot_fd_for_address( src_ip );
1923         p.timestamp = time(NULL);
1924         p.packet_type = DGRAM_PACKET;
1925
1926         DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot,
1927                         nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
1928         DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
1929
1930         debug_browse_data(buf, len);
1931
1932         if(loopback_this_packet) {
1933                 struct packet_struct *lo_packet = NULL;
1934                 DEBUG(5,("send_mailslot: sending packet to ourselves.\n"));
1935                 if((lo_packet = copy_packet(&p)) == NULL)
1936                         return False;
1937                 queue_packet(lo_packet);
1938                 return True;
1939         } else {
1940                 return(send_packet(&p));
1941         }
1942 }