Codebase list nbtscan-unixwiz / master process_response.c
master

Tree @master (Download .tar.gz)

process_response.c @masterraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
/*
 * $Id: //devel/tools/main/nbtscan/process_response.c#1 $
 *
 * written by :	Stephen J. Friedl
 *		Software Consultant
 *		[email protected]
 *
 *	This runs through the barely-processed NMB response object built
 *	from the packet received from the other end and performs a bit of
 *	summary data on it. We try to determine the computer and domain
 *	(or workgroup) name plus whether sharing is enabled on the node
 *	or not.
 */
#include "nbtscan_common.h"
#include <string.h>
#include "nbtdefs.h"

void process_response(struct NMB_query_response *rsp)
{
int	i;

	assert(rsp != 0);

	rsp->computer[0] = '\0';
	rsp->domain  [0] = '\0';
	rsp->user    [0] = '\0';
	rsp->has_RAS     = FALSE;
	rsp->is_dc       = FALSE;
	rsp->sharing     = FALSE;
	rsp->has_unknown = FALSE;

	for (i = 0; i < rsp->nnodes; i++ )
	{
	struct nodeinfo	   *ni = &rsp->nodes[i];
	int                 isgroup = NODE_FLAGS_GROUP(ni);
	int                 t = ni->type;

		/*--------------------------------------------------------
		 * Look up the printable NETBIOS resource name and stick
		 * it into the local node buffer. This is NULL if not
		 * known, and we mark us as having some unknown ones: this
		 * might help us research the new stuff.
		 */
		if ( (ni->svcname = NETBIOS_name(ni)) == 0 ) rsp->has_unknown++;

		/*--------------------------------------------------------
		 * A GROUP node <00> is the domain name, and this is not
		 * always found if this is a workgroup environment with
		 * no domain controller.
		 */
		if ( rsp->domain[0] == '\0' )
		{
			if ( isgroup  &&  (t == 0x00) )
			{
				strcpy(rsp->domain, ni->name);
			}
		}

		/*--------------------------------------------------------
		 * Look for the computer name. This is always a UNIQUE name,
		 * and we think it's always first.
		 */
		if ( rsp->computer[0] == '\0'  &&  ! isgroup )
		{
			switch ( t )
			{
			/*------------------------------------------------
			 * Unique type <00> is either "IIS" or "Workstation
			 * Service" depending on whether we have the IS~
			 * part at the beginning.
			 */
			  case 0x00:
				if ( strncmp(ni->name, "IS~", 3) != 0 )
					strcpy(rsp->computer, ni->name);
				break;

			  case 0x06:	/* RAS Client Service		*/
			  case 0x01:	/* Messenger Service (uncommon)	*/
			  case 0x1F:	/* NetDDE service		*/
			  case 0x20:	/* File sharing service		*/
			  case 0x2B:	/* Lotus Notes Server Service	*/
				strcpy(rsp->computer, ni->name);
				break;

			  default:
				/*nothing*/
				break;
			}
		
		}

                /*--------------------------------------------------------
                 * Sharing is on if the File Server Service is published,
                 * and this is noticed with a unique type of <20>.
                 */
		if ( ! isgroup  &&  (t == 0x20) )
			rsp->sharing = TRUE;

		/*--------------------------------------------------------
		 * UNIQUE<06> seems to be RAS, which indicates modems?
		 */
		if ( ! isgroup  &&  (t == 0x06) )
		{
			rsp->has_RAS = TRUE;
		}

		/*--------------------------------------------------------
		 * It seems that being a domain controller and running IIS
		 * are pretty similar. If the token is <1C> and the name
		 * matches the domain name, it's a domain controller.
		 */
		if ( isgroup && (t == 0x1C) )
		{
			if ( strcmp(ni->name, "INet~Services") == 0 )
				rsp->has_IIS = TRUE;
			else if ( strcmp(ni->name, rsp->domain) == 0 )
				rsp->is_dc = TRUE;
		}

		/*--------------------------------------------------------
		 * We've observed that UNIQUE<87> and UNIQUE<6A> are MS
		 * Exchange, but we don't remember how we got that.
		 */
		if ( ! isgroup && (t == 0x87 || t == 0x6A) )
		{
			rsp->has_Exchange = TRUE;
		}

		if ( ! isgroup && (t == 0x2B) )
		{
			rsp->has_Notes = TRUE;
		}

		/*--------------------------------------------------------
		 * If this is messenger service for something other than
		 * the computer name, this is probably a user.
		 */
		if ( ! isgroup && (t == 0x03) )
		{
			if ( strcmp(ni->name, rsp->computer) != 0 )
				strcpy(rsp->user, ni->name);
		}
	}

	NETBIOS_fixname(rsp->domain);
	NETBIOS_fixname(rsp->computer);
}