summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-02-14 09:15:24 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:09:50 -0500
commit352de700cadbb2c4e5b5e9ddc375e9de847e2193 (patch)
tree7e661123337c66bb78ee9490742bfd7d98f334e1 /source4
parent85fd954145ab9262d5e1930bb7a93d70663abe33 (diff)
downloadsamba-352de700cadbb2c4e5b5e9ddc375e9de847e2193.tar.gz
samba-352de700cadbb2c4e5b5e9ddc375e9de847e2193.tar.bz2
samba-352de700cadbb2c4e5b5e9ddc375e9de847e2193.zip
r5392: added "secure" WINS server processing. Send a WACK on name
registrations from anyone who isn't a current owner, then query the owner addresses to see if they still want it. (This used to be commit 8dc2a028d3ca0115d3173df435d926d7b6a4d5d5)
Diffstat (limited to 'source4')
-rw-r--r--source4/lib/util_strlist.c51
-rw-r--r--source4/libcli/nbt/namequery.c3
-rw-r--r--source4/nbt_server/config.mk3
-rw-r--r--source4/nbt_server/packet.c43
-rw-r--r--source4/nbt_server/winsdb.c2
-rw-r--r--source4/nbt_server/winsdb.h3
-rw-r--r--source4/nbt_server/winsserver.c77
-rw-r--r--source4/nbt_server/winswack.c199
8 files changed, 333 insertions, 48 deletions
diff --git a/source4/lib/util_strlist.c b/source4/lib/util_strlist.c
index 71f634f71a..0b78e9f69e 100644
--- a/source4/lib/util_strlist.c
+++ b/source4/lib/util_strlist.c
@@ -122,3 +122,54 @@ BOOL str_list_equal(const char **list1, const char **list2)
}
return True;
}
+
+
+/*
+ add an entry to a string list
+*/
+const char **str_list_add(const char **list, const char *s)
+{
+ size_t len = str_list_length(list);
+ const char **ret;
+
+ ret = talloc_realloc(NULL, list, const char *, len+2);
+ if (ret == NULL) return NULL;
+
+ ret[len] = talloc_strdup(ret, s);
+ if (ret[len] == NULL) return NULL;
+
+ ret[len+1] = NULL;
+
+ return ret;
+}
+
+/*
+ remove an entry from a string list
+*/
+void str_list_remove(const char **list, const char *s)
+{
+ int i;
+
+ for (i=0;list[i];i++) {
+ if (strcmp(list[i], s) == 0) break;
+ }
+ if (!list[i]) return;
+
+ for (;list[i];i++) {
+ list[i] = list[i+1];
+ }
+}
+
+
+/*
+ return True if a string is in a list
+*/
+BOOL str_list_check(const char **list, const char *s)
+{
+ int i;
+
+ for (i=0;list[i];i++) {
+ if (strcmp(list[i], s) == 0) return True;
+ }
+ return False;
+}
diff --git a/source4/libcli/nbt/namequery.c b/source4/libcli/nbt/namequery.c
index a9748c7bd2..f222148f4d 100644
--- a/source4/libcli/nbt/namequery.c
+++ b/source4/libcli/nbt/namequery.c
@@ -98,7 +98,7 @@ NTSTATUS nbt_name_query_recv(struct nbt_name_request *req,
io->out.name = packet->answers[0].name;
io->out.num_addrs = packet->answers[0].rdata.netbios.length / 6;
- io->out.reply_addrs = talloc_array(mem_ctx, const char *, io->out.num_addrs);
+ io->out.reply_addrs = talloc_array(mem_ctx, const char *, io->out.num_addrs+1);
if (io->out.reply_addrs == NULL) {
talloc_free(req);
return NT_STATUS_NO_MEMORY;
@@ -108,6 +108,7 @@ NTSTATUS nbt_name_query_recv(struct nbt_name_request *req,
io->out.reply_addrs[i] = talloc_steal(mem_ctx,
packet->answers[0].rdata.netbios.addresses[i].ipaddr);
}
+ io->out.reply_addrs[i] = NULL;
talloc_steal(mem_ctx, io->out.name.name);
talloc_steal(mem_ctx, io->out.name.scope);
diff --git a/source4/nbt_server/config.mk b/source4/nbt_server/config.mk
index 12d0a09b6b..144a12e9e2 100644
--- a/source4/nbt_server/config.mk
+++ b/source4/nbt_server/config.mk
@@ -14,7 +14,8 @@ ADD_OBJ_FILES = \
nbt_server/defense.o \
nbt_server/packet.o \
nbt_server/winsserver.o \
- nbt_server/winsdb.o
+ nbt_server/winsdb.o \
+ nbt_server/winswack.o
REQUIRED_SUBSYSTEMS = \
LIBCLI_NBT
# End SUBSYSTEM SMB
diff --git a/source4/nbt_server/packet.c b/source4/nbt_server/packet.c
index 6383909149..6e14fef06c 100644
--- a/source4/nbt_server/packet.c
+++ b/source4/nbt_server/packet.c
@@ -261,3 +261,46 @@ void nbtd_name_release_reply(struct nbt_name_socket *nbtsock,
failed:
talloc_free(packet);
}
+
+
+/*
+ send a WACK reply
+*/
+void nbtd_wack_reply(struct nbt_name_socket *nbtsock,
+ struct nbt_name_packet *request_packet,
+ const char *src_address, int src_port,
+ uint32_t ttl)
+{
+ struct nbt_name_packet *packet;
+ struct nbt_name *name = &request_packet->questions[0].name;
+
+ packet = talloc_zero(nbtsock, struct nbt_name_packet);
+ if (packet == NULL) return;
+
+ packet->name_trn_id = request_packet->name_trn_id;
+ packet->ancount = 1;
+ packet->operation =
+ NBT_FLAG_REPLY |
+ NBT_OPCODE_WACK |
+ NBT_FLAG_AUTHORITIVE;
+
+ packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+ if (packet->answers == NULL) goto failed;
+
+ packet->answers[0].name = *name;
+ packet->answers[0].rr_type = NBT_QTYPE_NETBIOS;
+ packet->answers[0].rr_class = NBT_QCLASS_IP;
+ packet->answers[0].ttl = ttl;
+ packet->answers[0].rdata.data.length = 2;
+ packet->answers[0].rdata.data.data = talloc_size(packet, 2);
+ if (packet->answers[0].rdata.data.data == NULL) goto failed;
+ RSSVAL(packet->answers[0].rdata.data.data, 0, request_packet->operation);
+
+ DEBUG(7,("Sending WACK reply for %s to %s:%d\n",
+ nbt_name_string(packet, name), src_address, src_port));
+
+ nbt_name_reply_send(nbtsock, src_address, src_port, packet);
+
+failed:
+ talloc_free(packet);
+}
diff --git a/source4/nbt_server/winsdb.c b/source4/nbt_server/winsdb.c
index f452e58e70..4eff12901f 100644
--- a/source4/nbt_server/winsdb.c
+++ b/source4/nbt_server/winsdb.c
@@ -78,7 +78,7 @@ struct winsdb_record *winsdb_load(struct wins_server *winssrv,
rec->expire_time <= time(NULL)) {
DEBUG(5,("WINS: expiring name %s (expired at %s)\n",
nbt_name_string(tmp_ctx, rec->name), timestring(tmp_ctx, rec->expire_time)));
- rec->state = WINS_REC_EXPIRED;
+ rec->state = WINS_REC_RELEASED;
}
talloc_steal(mem_ctx, rec);
diff --git a/source4/nbt_server/winsdb.h b/source4/nbt_server/winsdb.h
index fd0fe4af70..0774757ef9 100644
--- a/source4/nbt_server/winsdb.h
+++ b/source4/nbt_server/winsdb.h
@@ -22,8 +22,7 @@
enum wins_record_state {
WINS_REC_RELEASED =0,
- WINS_REC_ACTIVE =1,
- WINS_REC_EXPIRED =2
+ WINS_REC_ACTIVE =1
};
/*
diff --git a/source4/nbt_server/winsserver.c b/source4/nbt_server/winsserver.c
index ad5ccdc16e..38f874a196 100644
--- a/source4/nbt_server/winsserver.c
+++ b/source4/nbt_server/winsserver.c
@@ -26,6 +26,16 @@
#include "system/time.h"
/*
+ work out the ttl we will use given a client requested ttl
+*/
+uint32_t wins_server_ttl(struct wins_server *winssrv, uint32_t ttl)
+{
+ ttl = MIN(ttl, winssrv->max_ttl);
+ ttl = MAX(ttl, winssrv->min_ttl);
+ return ttl;
+}
+
+/*
register a new name with WINS
*/
static uint8_t wins_register_new(struct nbt_name_socket *nbtsock,
@@ -36,14 +46,11 @@ static uint8_t wins_register_new(struct nbt_name_socket *nbtsock,
struct nbtd_interface);
struct wins_server *winssrv = iface->nbtsrv->winssrv;
struct nbt_name *name = &packet->questions[0].name;
- uint32_t ttl = packet->additional[0].ttl;
+ uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
uint16_t nb_flags = packet->additional[0].rdata.netbios.addresses[0].nb_flags;
const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
struct winsdb_record rec;
- ttl = MIN(ttl, winssrv->max_ttl);
- ttl = MAX(ttl, winssrv->min_ttl);
-
rec.name = name;
rec.nb_flags = nb_flags;
rec.state = WINS_REC_ACTIVE;
@@ -74,13 +81,10 @@ static uint8_t wins_update_ttl(struct nbt_name_socket *nbtsock,
struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
struct nbtd_interface);
struct wins_server *winssrv = iface->nbtsrv->winssrv;
- uint32_t ttl = packet->additional[0].ttl;
+ uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
time_t now = time(NULL);
- ttl = MIN(ttl, winssrv->max_ttl);
- ttl = MAX(ttl, winssrv->min_ttl);
-
if (now + ttl > rec->expire_time) {
rec->expire_time = now + ttl;
}
@@ -92,28 +96,6 @@ static uint8_t wins_update_ttl(struct nbt_name_socket *nbtsock,
return winsdb_modify(winssrv, rec);
}
-
-/*
- send a WACK reply, then check if the current owners want to keep the name
-*/
-static uint8_t wins_register_wack(struct nbt_name_socket *nbtsock,
- struct nbt_name_packet *packet,
- struct winsdb_record *rec,
- const char *src_address, int src_port)
-{
- struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
- struct nbtd_interface);
- struct wins_server *winssrv = iface->nbtsrv->winssrv;
- uint32_t ttl = packet->additional[0].ttl;
- const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
- time_t now = time(NULL);
-
- DEBUG(0,("TODO: WACK\n"));
-
- return NBT_RCODE_SVR;
-}
-
-
/*
register a name
*/
@@ -129,7 +111,6 @@ static void nbtd_winsserver_register(struct nbt_name_socket *nbtsock,
uint8_t rcode = NBT_RCODE_OK;
uint16_t nb_flags = packet->additional[0].rdata.netbios.addresses[0].nb_flags;
const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
- int i;
rec = winsdb_load(winssrv, name, packet);
if (rec == NULL) {
@@ -165,15 +146,13 @@ static void nbtd_winsserver_register(struct nbt_name_socket *nbtsock,
/* if the registration is for an address that is currently active, then
just update the expiry time */
- for (i=0;rec->addresses[i];i++) {
- if (strcmp(address, rec->addresses[i]) == 0) {
- wins_update_ttl(nbtsock, packet, rec, src_address, src_port);
- goto done;
- }
+ if (str_list_check(rec->addresses, address)) {
+ wins_update_ttl(nbtsock, packet, rec, src_address, src_port);
+ goto done;
}
- /* we have to do a WACK to see if the current owners are willing to give
- up their claim */
+ /* we have to do a WACK to see if the current owner is willing
+ to give up its claim */
wins_register_wack(nbtsock, packet, rec, src_address, src_port);
return;
@@ -220,14 +199,26 @@ static void nbtd_winsserver_release(struct nbt_name_socket *nbtsock,
struct winsdb_record *rec;
rec = winsdb_load(winssrv, name, packet);
- if (rec != NULL &&
- rec->state == WINS_REC_ACTIVE &&
- !(rec->nb_flags & NBT_NM_GROUP)) {
- /* should we release all, or only some of the addresses? */
- rec->state = WINS_REC_RELEASED;
+ if (rec == NULL ||
+ rec->state != WINS_REC_ACTIVE ||
+ (rec->nb_flags & NBT_NM_GROUP)) {
+ goto done;
+ }
+
+ /* we only allow releases from an owner - other releases are
+ silently ignored */
+ if (str_list_check(rec->addresses, src_address)) {
+ const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+
+ DEBUG(4,("WINS: released name %s at %s\n", nbt_name_string(rec, rec->name), address));
+ str_list_remove(rec->addresses, address);
+ if (rec->addresses[0] == NULL) {
+ rec->state = WINS_REC_RELEASED;
+ }
winsdb_modify(winssrv, rec);
}
+done:
/* we match w2k3 by always giving a positive reply to name releases. */
nbtd_name_release_reply(nbtsock, packet, src_address, src_port, NBT_RCODE_OK);
}
diff --git a/source4/nbt_server/winswack.c b/source4/nbt_server/winswack.c
new file mode 100644
index 0000000000..a15f0a7d06
--- /dev/null
+++ b/source4/nbt_server/winswack.c
@@ -0,0 +1,199 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ "secure" wins server WACK processing
+
+ Copyright (C) Andrew Tridgell 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/winsdb.h"
+#include "system/time.h"
+
+struct wack_state {
+ struct wins_server *winssrv;
+ struct nbt_name_socket *nbtsock;
+ struct nbt_name_packet *request_packet;
+ struct winsdb_record *rec;
+ const char *src_address;
+ int src_port;
+ const char **owner_addresses;
+ const char *reg_address;
+ struct nbt_name_query query;
+};
+
+
+/*
+ deny a registration request
+*/
+static void wins_wack_deny(struct wack_state *state)
+{
+ nbtd_name_registration_reply(state->nbtsock, state->request_packet,
+ state->src_address, state->src_port, NBT_RCODE_ACT);
+ DEBUG(4,("WINS: denied name registration request for %s from %s\n",
+ nbt_name_string(state, state->rec->name), state->src_address));
+ talloc_free(state);
+}
+
+/*
+ allow a registration request
+*/
+static void wins_wack_allow(struct wack_state *state)
+{
+ uint32_t ttl;
+ time_t now = time(NULL);
+ struct winsdb_record *rec = state->rec;
+
+ nbtd_name_registration_reply(state->nbtsock, state->request_packet,
+ state->src_address, state->src_port, NBT_RCODE_OK);
+
+ rec->addresses = str_list_add(rec->addresses, state->reg_address);
+ if (rec->addresses == NULL) goto failed;
+
+ ttl = wins_server_ttl(state->winssrv, state->request_packet->additional[0].ttl);
+ if (now + ttl > rec->expire_time) {
+ rec->expire_time = now + ttl;
+ }
+ rec->registered_by = state->src_address;
+
+ winsdb_modify(state->winssrv, rec);
+
+ DEBUG(4,("WINS: accepted registration of %s with address %s\n",
+ nbt_name_string(state, rec->name), state->reg_address));
+
+failed:
+ talloc_free(state);
+}
+
+/*
+ called when a name query to a current owner completes
+*/
+static void wins_wack_handler(struct nbt_name_request *req)
+{
+ struct wack_state *state = talloc_get_type(req->async.private, struct wack_state);
+ NTSTATUS status;
+ int i;
+ struct winsdb_record *rec = state->rec;
+
+ status = nbt_name_query_recv(req, state, &state->query);
+
+ /* if we timed out then try the next owner address, if any */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ state->owner_addresses++;
+ if (state->owner_addresses[0] == NULL) {
+ wins_wack_allow(state);
+ return;
+ }
+ state->query.in.dest_addr = state->owner_addresses[0];
+
+ req = nbt_name_query_send(state->nbtsock, &state->query);
+ if (req == NULL) goto failed;
+
+ req->async.fn = wins_wack_handler;
+ req->async.private = state;
+ return;
+ }
+
+ /* if the owner denies it holds the name, then allow
+ the registration */
+ if (!NT_STATUS_IS_OK(status)) {
+ wins_wack_allow(state);
+ return;
+ }
+
+ /* if the owner still wants the name and doesn't reply
+ with the address trying to be registered, then deny
+ the registration */
+ if (!str_list_check(state->query.out.reply_addrs, state->reg_address)) {
+ wins_wack_deny(state);
+ return;
+ }
+
+ /* we are going to allow the registration, but first remove any addresses
+ from the record that aren't in the reply from the client */
+ for (i=0;rec->addresses[i];) {
+ if (!str_list_check(state->query.out.reply_addrs, rec->addresses[i])) {
+ str_list_remove(rec->addresses, rec->addresses[i]);
+ } else {
+ i++;
+ }
+ }
+
+ wins_wack_allow(state);
+ return;
+
+failed:
+ talloc_free(state);
+}
+
+
+/*
+ a client has asked to register a unique name that someone else owns. We
+ need to ask each of the current owners if they still want it. If they do
+ then reject the registration, otherwise allow it
+*/
+void wins_register_wack(struct nbt_name_socket *nbtsock,
+ struct nbt_name_packet *packet,
+ struct winsdb_record *rec,
+ const char *src_address, int src_port)
+{
+ struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private,
+ struct nbtd_interface);
+ struct wins_server *winssrv = iface->nbtsrv->winssrv;
+ struct wack_state *state;
+ struct nbt_name_request *req;
+ uint32_t ttl;
+
+ state = talloc(nbtsock, struct wack_state);
+ if (state == NULL) goto failed;
+
+ /* package up the state variables for this wack request */
+ state->winssrv = winssrv;
+ state->nbtsock = nbtsock;
+ state->request_packet = talloc_steal(state, packet);
+ state->rec = talloc_steal(state, rec);
+ state->src_port = src_port;
+ state->owner_addresses = rec->addresses;
+ state->reg_address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+ state->src_address = talloc_strdup(state, src_address);
+ if (state->src_address == NULL) goto failed;
+
+ /* send a WACK to the client, specifying the maximum time it could
+ take to check with the owner, plus some slack */
+ ttl = 5 + 4 * str_list_length(rec->addresses);
+ nbtd_wack_reply(nbtsock, packet, src_address, src_port, ttl);
+
+ /* setup a name query to the first address */
+ state->query.in.name = *rec->name;
+ state->query.in.dest_addr = state->owner_addresses[0];
+ state->query.in.broadcast = False;
+ state->query.in.wins_lookup = True;
+ state->query.in.timeout = 1;
+ state->query.in.retries = 2;
+
+ req = nbt_name_query_send(nbtsock, &state->query);
+ if (req == NULL) goto failed;
+
+ req->async.fn = wins_wack_handler;
+ req->async.private = state;
+ return;
+
+failed:
+ talloc_free(state);
+ nbtd_name_registration_reply(nbtsock, packet, src_address, src_port, NBT_RCODE_SVR);
+}