diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-02-14 09:15:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:09:50 -0500 |
commit | 352de700cadbb2c4e5b5e9ddc375e9de847e2193 (patch) | |
tree | 7e661123337c66bb78ee9490742bfd7d98f334e1 /source4/nbt_server/winswack.c | |
parent | 85fd954145ab9262d5e1930bb7a93d70663abe33 (diff) | |
download | samba-352de700cadbb2c4e5b5e9ddc375e9de847e2193.tar.gz samba-352de700cadbb2c4e5b5e9ddc375e9de847e2193.tar.bz2 samba-352de700cadbb2c4e5b5e9ddc375e9de847e2193.zip |
r5392: added "secure" WINS server processing. Send a WACK on name
registrations from anyone who isn't a current owner, then query the
owner addresses to see if they still want it.
(This used to be commit 8dc2a028d3ca0115d3173df435d926d7b6a4d5d5)
Diffstat (limited to 'source4/nbt_server/winswack.c')
-rw-r--r-- | source4/nbt_server/winswack.c | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/source4/nbt_server/winswack.c b/source4/nbt_server/winswack.c new file mode 100644 index 0000000000..a15f0a7d06 --- /dev/null +++ b/source4/nbt_server/winswack.c @@ -0,0 +1,199 @@ +/* + Unix SMB/CIFS implementation. + + "secure" wins server WACK processing + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "nbt_server/nbt_server.h" +#include "nbt_server/winsdb.h" +#include "system/time.h" + +struct wack_state { + struct wins_server *winssrv; + struct nbt_name_socket *nbtsock; + struct nbt_name_packet *request_packet; + struct winsdb_record *rec; + const char *src_address; + int src_port; + const char **owner_addresses; + const char *reg_address; + struct nbt_name_query query; +}; + + +/* + deny a registration request +*/ +static void wins_wack_deny(struct wack_state *state) +{ + nbtd_name_registration_reply(state->nbtsock, state->request_packet, + state->src_address, state->src_port, NBT_RCODE_ACT); + DEBUG(4,("WINS: denied name registration request for %s from %s\n", + nbt_name_string(state, state->rec->name), state->src_address)); + talloc_free(state); +} + +/* + allow a registration request +*/ +static void wins_wack_allow(struct wack_state *state) +{ + uint32_t ttl; + time_t now = time(NULL); + struct winsdb_record *rec = state->rec; + + nbtd_name_registration_reply(state->nbtsock, state->request_packet, + state->src_address, state->src_port, NBT_RCODE_OK); + + rec->addresses = str_list_add(rec->addresses, state->reg_address); + if (rec->addresses == NULL) goto failed; + + ttl = wins_server_ttl(state->winssrv, state->request_packet->additional[0].ttl); + if (now + ttl > rec->expire_time) { + rec->expire_time = now + ttl; + } + rec->registered_by = state->src_address; + + winsdb_modify(state->winssrv, rec); + + DEBUG(4,("WINS: accepted registration of %s with address %s\n", + nbt_name_string(state, rec->name), state->reg_address)); + +failed: + talloc_free(state); +} + +/* + called when a name query to a current owner completes +*/ +static void wins_wack_handler(struct nbt_name_request *req) +{ + struct wack_state *state = talloc_get_type(req->async.private, struct wack_state); + NTSTATUS status; + int i; + struct winsdb_record *rec = state->rec; + + status = nbt_name_query_recv(req, state, &state->query); + + /* if we timed out then try the next owner address, if any */ + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { + state->owner_addresses++; + if (state->owner_addresses[0] == NULL) { + wins_wack_allow(state); + return; + } + state->query.in.dest_addr = state->owner_addresses[0]; + + req = nbt_name_query_send(state->nbtsock, &state->query); + if (req == NULL) goto failed; + + req->async.fn = wins_wack_handler; + req->async.private = state; + return; + } + + /* if the owner denies it holds the name, then allow + the registration */ + if (!NT_STATUS_IS_OK(status)) { + wins_wack_allow(state); + return; + } + + /* if the owner still wants the name and doesn't reply + with the address trying to be registered, then deny + the registration */ + if (!str_list_check(state->query.out.reply_addrs, state->reg_address)) { + wins_wack_deny(state); + return; + } + + /* we are going to allow the registration, but first remove any addresses + from the record that aren't in the reply from the client */ + for (i=0;rec->addresses[i];) { + if (!str_list_check(state->query.out.reply_addrs, rec->addresses[i])) { + str_list_remove(rec->addresses, rec->addresses[i]); + } else { + i++; + } + } + + wins_wack_allow(state); + return; + +failed: + talloc_free(state); +} + + +/* + a client has asked to register a unique name that someone else owns. We + need to ask each of the current owners if they still want it. If they do + then reject the registration, otherwise allow it +*/ +void wins_register_wack(struct nbt_name_socket *nbtsock, + struct nbt_name_packet *packet, + struct winsdb_record *rec, + const char *src_address, int src_port) +{ + struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private, + struct nbtd_interface); + struct wins_server *winssrv = iface->nbtsrv->winssrv; + struct wack_state *state; + struct nbt_name_request *req; + uint32_t ttl; + + state = talloc(nbtsock, struct wack_state); + if (state == NULL) goto failed; + + /* package up the state variables for this wack request */ + state->winssrv = winssrv; + state->nbtsock = nbtsock; + state->request_packet = talloc_steal(state, packet); + state->rec = talloc_steal(state, rec); + state->src_port = src_port; + state->owner_addresses = rec->addresses; + state->reg_address = packet->additional[0].rdata.netbios.addresses[0].ipaddr; + state->src_address = talloc_strdup(state, src_address); + if (state->src_address == NULL) goto failed; + + /* send a WACK to the client, specifying the maximum time it could + take to check with the owner, plus some slack */ + ttl = 5 + 4 * str_list_length(rec->addresses); + nbtd_wack_reply(nbtsock, packet, src_address, src_port, ttl); + + /* setup a name query to the first address */ + state->query.in.name = *rec->name; + state->query.in.dest_addr = state->owner_addresses[0]; + state->query.in.broadcast = False; + state->query.in.wins_lookup = True; + state->query.in.timeout = 1; + state->query.in.retries = 2; + + req = nbt_name_query_send(nbtsock, &state->query); + if (req == NULL) goto failed; + + req->async.fn = wins_wack_handler; + req->async.private = state; + return; + +failed: + talloc_free(state); + nbtd_name_registration_reply(nbtsock, packet, src_address, src_port, NBT_RCODE_SVR); +} |