r5211: added broadcast name defense against both registration and refresh

requests
(This used to be commit 9eafe2cacaef64384febe6bb0938294f7c1ee6bf)

1 files changed, 110 insertions, 0 deletions

diff --git a/source4/nbt_server/defense.c b/source4/nbt_server/defense.c
new file mode 100644
index 0000000000..2e34aca1ee
--- /dev/null
+++ b/source4/nbt_server/defense.c
@@ -0,0 +1,110 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   defend our names against name registration requests
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "dlinklist.h"
+#include "system/network.h"
+#include "nbt_server/nbt_server.h"
+
+/*
+  send a name defense reply
+*/
+static void nbtd_name_defense_reply(struct nbt_name_socket *nbtsock, 
+				    struct nbt_name_packet *request_packet, 
+				    const char *src_address, int src_port,
+				    struct nbt_name *name, uint32_t ttl,
+				    uint16_t nb_flags, const char *address)
+{
+	struct nbt_name_packet *packet;
+
+	packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (packet == NULL) return;
+
+	packet->name_trn_id = request_packet->name_trn_id;
+	packet->ancount = 1;
+	packet->operation = 
+		NBT_FLAG_REPLY | 
+		(request_packet->operation & NBT_OPCODE) |
+		NBT_FLAG_AUTHORITIVE |
+		NBT_FLAG_RECURSION_DESIRED |
+		NBT_FLAG_RECURSION_AVAIL |
+		NBT_RCODE_ACT;
+	
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) goto failed;
+
+	packet->answers[0].name     = *name;
+	packet->answers[0].rr_type  = NBT_QTYPE_NETBIOS;
+	packet->answers[0].rr_class = NBT_QCLASS_IP;
+	packet->answers[0].ttl      = ttl;
+	packet->answers[0].rdata.netbios.length = 6;
+	packet->answers[0].rdata.netbios.addresses = 
+		talloc_array(packet->answers,
+			     struct nbt_rdata_address, 1);
+	if (packet->answers[0].rdata.netbios.addresses == NULL) goto failed;
+	packet->answers[0].rdata.netbios.addresses[0].nb_flags = nb_flags;
+	packet->answers[0].rdata.netbios.addresses[0].ipaddr = 
+		talloc_strdup(packet->answers, address);
+	if (packet->answers[0].rdata.netbios.addresses[0].ipaddr == NULL) goto failed;
+
+	DEBUG(7,("Sending name defense reply for %s<%02x> at %s to %s:%d\n", 
+		 name->name, name->type, src_address, address, src_port));
+	
+	nbt_name_reply_send(nbtsock, src_address, src_port, packet);
+
+failed:
+	talloc_free(packet);
+}
+
+
+/*
+  defend our registered names against registration or name refresh
+  requests
+*/
+void nbtd_request_defense(struct nbt_name_socket *nbtsock, 
+			  struct nbt_name_packet *packet, 
+			  const char *src_address, int src_port)
+{
+	struct nbt_iface_name *iname;
+	struct nbt_name *name;
+	struct nbt_interface *iface = talloc_get_type(nbtsock->incoming.private, 
+						      struct nbt_interface);
+
+	NBT_ASSERT_PACKET(packet, src_address, packet->qdcount == 1);
+	NBT_ASSERT_PACKET(packet, src_address, packet->arcount == 1);
+	NBT_ASSERT_PACKET(packet, src_address, 
+			  packet->questions[0].question_type == NBT_QTYPE_NETBIOS);
+	NBT_ASSERT_PACKET(packet, src_address, 
+			  packet->questions[0].question_class == NBT_QCLASS_IP);
+
+	/* see if we have the requested name on this interface */
+	name = &packet->questions[0].name;
+
+	iname = nbtd_find_iname(iface, name, NBT_NM_ACTIVE);
+	if (iname != NULL) {
+		DEBUG(2,("Defending name %s<%02x> on %s against %s\n",
+			 name->name, name->type, iface->bcast_address, src_address));
+		nbtd_name_defense_reply(nbtsock, packet, src_address, src_port,
+					&iname->name, iname->ttl, iname->nb_flags, 
+					iface->ip_address);
+	}
+}