libsmbclient and browsing NT and Win9X workgroups: Evidence of bad things

[Richard Sharpe]

Hi,

I now have evidence that Windows NT, in responding to a GetBackupList
request, ignores the source port number in both the UDP header and the the
NetBIOS datagram service header, and responds to port 138! Evidence attached.

This is regardless of whether the station sending the request has
registered its name as an M-node or a H-node. 

Windows NT (about SP1) receives the GetBackupList request, sends a request
to translate the source name, gets the response, and then sends the
response to the GetBackupList response to port 138 at the correct IP.

As I said before, I can only think of two approaches to solving this problem:

1. Insist on nmbd from Samba 2.2.x being on the system, and rummaging
through the unexpected TDB for the response ... if we timeout on the
receipt of the GetBackupList response ...

2. If the right version of nmbd is not running (which we should be able to
detect by trying to init tdb), then install our own port 138 listener that
simply throws all incoming port 138 packets into the unexpected TDB ...
Should time those entries out after a while as well.  This listener will
have to run SUID root. It would be started up by smbc_init if we can't do a
TDB init.

Comments please.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winnt-bad.cap
Type: application/octet-stream
Size: 726 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20010216/4fb12e40/winnt-bad.obj
-------------- next part --------------


Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba