mirror of
https://github.com/samba-team/samba.git
synced 2025-02-04 17:47:26 +03:00
214 lines
6.3 KiB
C
214 lines
6.3 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
"secure" wins server WACK processing
|
|
|
|
Copyright (C) Andrew Tridgell 2005
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include "nbt_server/nbt_server.h"
|
|
#include "nbt_server/wins/winsdb.h"
|
|
#include "system/time.h"
|
|
|
|
struct wack_state {
|
|
struct wins_server *winssrv;
|
|
struct nbt_name_socket *nbtsock;
|
|
struct nbt_name_packet *request_packet;
|
|
struct winsdb_record *rec;
|
|
const char *src_address;
|
|
int src_port;
|
|
const char **owner_addresses;
|
|
const char *reg_address;
|
|
struct nbt_name_query query;
|
|
};
|
|
|
|
|
|
/*
|
|
deny a registration request
|
|
*/
|
|
static void wins_wack_deny(struct wack_state *state)
|
|
{
|
|
nbtd_name_registration_reply(state->nbtsock, state->request_packet,
|
|
state->src_address, state->src_port, NBT_RCODE_ACT);
|
|
DEBUG(4,("WINS: denied name registration request for %s from %s\n",
|
|
nbt_name_string(state, state->rec->name), state->src_address));
|
|
talloc_free(state);
|
|
}
|
|
|
|
/*
|
|
allow a registration request
|
|
*/
|
|
static void wins_wack_allow(struct wack_state *state)
|
|
{
|
|
uint32_t ttl;
|
|
time_t now = time(NULL);
|
|
struct winsdb_record *rec = state->rec, *rec2;
|
|
|
|
rec2 = winsdb_load(state->winssrv, rec->name, state);
|
|
if (rec2 == NULL || rec2->version != rec->version) {
|
|
DEBUG(1,("WINS: record %s changed during WACK - failing registration\n",
|
|
nbt_name_string(state, rec->name)));
|
|
wins_wack_deny(state);
|
|
return;
|
|
}
|
|
|
|
nbtd_name_registration_reply(state->nbtsock, state->request_packet,
|
|
state->src_address, state->src_port, NBT_RCODE_OK);
|
|
|
|
rec->addresses = str_list_add(rec->addresses, state->reg_address);
|
|
if (rec->addresses == NULL) goto failed;
|
|
|
|
ttl = wins_server_ttl(state->winssrv, state->request_packet->additional[0].ttl);
|
|
if (now + ttl > rec->expire_time) {
|
|
rec->expire_time = now + ttl;
|
|
}
|
|
rec->registered_by = state->src_address;
|
|
|
|
winsdb_modify(state->winssrv, rec);
|
|
|
|
DEBUG(4,("WINS: accepted registration of %s with address %s\n",
|
|
nbt_name_string(state, rec->name), state->reg_address));
|
|
|
|
failed:
|
|
talloc_free(state);
|
|
}
|
|
|
|
/*
|
|
called when a name query to a current owner completes
|
|
*/
|
|
static void wins_wack_handler(struct nbt_name_request *req)
|
|
{
|
|
struct wack_state *state = talloc_get_type(req->async.private, struct wack_state);
|
|
NTSTATUS status;
|
|
int i;
|
|
struct winsdb_record *rec = state->rec;
|
|
|
|
status = nbt_name_query_recv(req, state, &state->query);
|
|
|
|
/* if we timed out then try the next owner address, if any */
|
|
if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
|
|
state->owner_addresses++;
|
|
if (state->owner_addresses[0] == NULL) {
|
|
wins_wack_allow(state);
|
|
return;
|
|
}
|
|
state->query.in.dest_addr = state->owner_addresses[0];
|
|
|
|
req = nbt_name_query_send(state->nbtsock, &state->query);
|
|
if (req == NULL) goto failed;
|
|
|
|
req->async.fn = wins_wack_handler;
|
|
req->async.private = state;
|
|
return;
|
|
}
|
|
|
|
/* if the owner denies it holds the name, then allow
|
|
the registration */
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
wins_wack_allow(state);
|
|
return;
|
|
}
|
|
|
|
/* if the owner still wants the name and doesn't reply
|
|
with the address trying to be registered, then deny
|
|
the registration */
|
|
if (!str_list_check(state->query.out.reply_addrs, state->reg_address)) {
|
|
wins_wack_deny(state);
|
|
return;
|
|
}
|
|
|
|
/* we are going to allow the registration, but first remove any addresses
|
|
from the record that aren't in the reply from the client */
|
|
for (i=0;rec->addresses[i];) {
|
|
if (!str_list_check(state->query.out.reply_addrs, rec->addresses[i])) {
|
|
str_list_remove(rec->addresses, rec->addresses[i]);
|
|
} else {
|
|
i++;
|
|
}
|
|
}
|
|
|
|
wins_wack_allow(state);
|
|
return;
|
|
|
|
failed:
|
|
talloc_free(state);
|
|
}
|
|
|
|
|
|
/*
|
|
a client has asked to register a unique name that someone else owns. We
|
|
need to ask each of the current owners if they still want it. If they do
|
|
then reject the registration, otherwise allow it
|
|
*/
|
|
void wins_register_wack(struct nbt_name_socket *nbtsock,
|
|
struct nbt_name_packet *packet,
|
|
struct winsdb_record *rec,
|
|
const char *src_address, int src_port)
|
|
{
|
|
struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
|
|
struct nbtd_interface);
|
|
struct wins_server *winssrv = iface->nbtsrv->winssrv;
|
|
struct wack_state *state;
|
|
struct nbt_name_request *req;
|
|
uint32_t ttl;
|
|
|
|
state = talloc(nbtsock, struct wack_state);
|
|
if (state == NULL) goto failed;
|
|
|
|
/* package up the state variables for this wack request */
|
|
state->winssrv = winssrv;
|
|
state->nbtsock = nbtsock;
|
|
state->request_packet = talloc_steal(state, packet);
|
|
state->rec = talloc_steal(state, rec);
|
|
state->src_port = src_port;
|
|
state->owner_addresses = rec->addresses;
|
|
state->reg_address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
|
|
state->src_address = talloc_strdup(state, src_address);
|
|
if (state->src_address == NULL) goto failed;
|
|
|
|
/* setup a name query to the first address */
|
|
state->query.in.name = *rec->name;
|
|
state->query.in.dest_addr = state->owner_addresses[0];
|
|
state->query.in.broadcast = False;
|
|
state->query.in.wins_lookup = True;
|
|
state->query.in.timeout = 1;
|
|
state->query.in.retries = 2;
|
|
|
|
/* the LOGON type is a nasty hack */
|
|
if (rec->name->type == NBT_NAME_LOGON) {
|
|
wins_wack_allow(state);
|
|
return;
|
|
}
|
|
|
|
/* send a WACK to the client, specifying the maximum time it could
|
|
take to check with the owner, plus some slack */
|
|
ttl = 5 + 4 * str_list_length(rec->addresses);
|
|
nbtd_wack_reply(nbtsock, packet, src_address, src_port, ttl);
|
|
|
|
req = nbt_name_query_send(nbtsock, &state->query);
|
|
if (req == NULL) goto failed;
|
|
|
|
req->async.fn = wins_wack_handler;
|
|
req->async.private = state;
|
|
return;
|
|
|
|
failed:
|
|
talloc_free(state);
|
|
nbtd_name_registration_reply(nbtsock, packet, src_address, src_port, NBT_RCODE_SVR);
|
|
}
|