python_dependencies/impacket/nmb.py

from __future__ import print_function
from __future__ import absolute_import
# Copyright (c) 2003-2016 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#


# -*- mode: python; tab-width: 4 -*-
#
# Copyright (C) 2001 Michael Teo <michaelteo@bigfoot.com>
# nmb.py - NetBIOS library
#
# This software is provided 'as-is', without any express or implied warranty.
# In no event will the author be held liable for any damages arising from the
# use of this software.
#
# Permission is granted to anyone to use this software for any purpose,
# including commercial applications, and to alter it and redistribute it
# freely, subject to the following restrictions:
#
# 1. The origin of this software must not be misrepresented; you must not
#    claim that you wrote the original software. If you use this software
#    in a product, an acknowledgment in the product documentation would be
#    appreciated but is not required.
#
# 2. Altered source versions must be plainly marked as such, and must not be
#    misrepresented as being the original software.
#
# 3. This notice cannot be removed or altered from any source distribution.
#
# Altered source done by Alberto Solino (@agsolino)

import socket
import string
import re
import select
import errno
from random import randint
from struct import pack, unpack
import time

from .structure import Structure

CVS_REVISION = '$Revision: 526 $'

# Taken from socket module reference
INADDR_ANY = '0.0.0.0'
BROADCAST_ADDR = '<broadcast>'

# Default port for NetBIOS name service
NETBIOS_NS_PORT = 137
# Default port for NetBIOS session service
NETBIOS_SESSION_PORT = 139

# Default port for SMB session service
SMB_SESSION_PORT = 445

# Owner Node Type Constants
NODE_B = 0x0000
NODE_P = 0x2000
NODE_M = 0x4000
NODE_RESERVED = 0x6000
NODE_GROUP = 0x8000
NODE_UNIQUE = 0x0

# Name Type Constants
TYPE_UNKNOWN = 0x01
TYPE_WORKSTATION = 0x00
TYPE_CLIENT = 0x03
TYPE_SERVER = 0x20
TYPE_DOMAIN_MASTER = 0x1B
TYPE_DOMAIN_CONTROLLER = 0x1C
TYPE_MASTER_BROWSER = 0x1D
TYPE_BROWSER = 0x1E
TYPE_NETDDE  = 0x1F
TYPE_STATUS = 0x21

# Opcodes values
OPCODE_QUERY = 0
OPCODE_REGISTRATION = 0x5
OPCODE_RELEASE = 0x6
OPCODE_WACK = 0x7
OPCODE_REFRESH = 0x8
OPCODE_REQUEST = 0
OPCODE_RESPONSE = 0x10

# NM_FLAGS
NM_FLAGS_BROADCAST = 0x1
NM_FLAGS_UNICAST = 0
NM_FLAGS_RA = 0x8
NM_FLAGS_RD = 0x10
NM_FLAGS_TC = 0x20
NM_FLAGS_AA = 0x40

# QUESTION_TYPE
QUESTION_TYPE_NB = 0x20     # NetBIOS general Name Service Resource Record
QUESTION_TYPE_NBSTAT = 0x21 # NetBIOS NODE STATUS Resource Record
# QUESTION_CLASS
QUESTION_CLASS_IN = 0x1     # Internet class

# RR_TYPE Resource Record Type code
RR_TYPE_A = 0x1               # IP address Resource Record
RR_TYPE_NS = 0x2              # Name Server Resource Record
RR_TYPE_NULL = 0xA          # NULL Resource Record
RR_TYPE_NB = 0x20           # NetBIOS general Name Service Resource Record
RR_TYPE_NBSTAT = 0x21       # NetBIOS NODE STATUS Resource Record

# Resource Record Class
RR_CLASS_IN = 1             # Internet class

# RCODE values
RCODE_FMT_ERR   = 0x1       # Format Error.  Request was invalidly formatted.
RCODE_SRV_ERR   = 0x2       # Server failure.  Problem with NBNS, cannot process name.
RCODE_IMP_ERR   = 0x4       # Unsupported request error.  Allowable only for challenging NBNS when gets an Update type
                            # registration request.
RCODE_RFS_ERR   = 0x5       # Refused error.  For policy reasons server will not register this name from this host.
RCODE_ACT_ERR   = 0x6       # Active error.  Name is owned by another node.
RCODE_CFT_ERR   = 0x7       # Name in conflict error.  A UNIQUE name is owned by more than one node.

# NAME_FLAGS
NAME_FLAGS_PRM = 0x0200       # Permanent Name Flag.  If one (1) then entry is for the permanent node name.  Flag is zero
                            # (0) for all other names.
NAME_FLAGS_ACT = 0x0400       # Active Name Flag.  All entries have this flag set to one (1).
NAME_FLAG_CNF  = 0x0800       # Conflict Flag.  If one (1) then name on this node is in conflict.
NAME_FLAG_DRG  = 0x1000       # Deregister Flag.  If one (1) then this name is in the process of being deleted.

NAME_TYPES = { TYPE_UNKNOWN: 'Unknown', TYPE_WORKSTATION: 'Workstation', TYPE_CLIENT: 'Client',
               TYPE_SERVER: 'Server', TYPE_MASTER_BROWSER: 'Master Browser', TYPE_BROWSER: 'Browser Server',
               TYPE_DOMAIN_MASTER: 'Domain Master' , TYPE_NETDDE: 'NetDDE Server'}
# NetBIOS Session Types
NETBIOS_SESSION_MESSAGE = 0x0
NETBIOS_SESSION_REQUEST = 0x81
NETBIOS_SESSION_POSITIVE_RESPONSE = 0x82
NETBIOS_SESSION_NEGATIVE_RESPONSE = 0x83
NETBIOS_SESSION_RETARGET_RESPONSE = 0x84
NETBIOS_SESSION_KEEP_ALIVE = 0x85


def strerror(errclass, errcode):
    if errclass == ERRCLASS_OS:
        return 'OS Error', str(errcode)
    elif errclass == ERRCLASS_QUERY:
        return 'Query Error', QUERY_ERRORS.get(errcode, 'Unknown error')
    elif errclass == ERRCLASS_SESSION:
        return 'Session Error', SESSION_ERRORS.get(errcode, 'Unknown error')
    else:
        return 'Unknown Error Class', 'Unknown Error'


class NetBIOSError(Exception): pass
class NetBIOSTimeout(Exception):
    def __init__(self, message = 'The NETBIOS connection with the remote host timed out.'):
        Exception.__init__(self, message)

class NBResourceRecord:
    def __init__(self, data = 0):
        self._data = data
        try:
            if self._data:
                self.rr_name = (re.split('\x00',data))[0]
                offset = len(self.rr_name)+1
                self.rr_type  = unpack('>H', self._data[offset:offset+2])[0]
                self.rr_class = unpack('>H', self._data[offset+2: offset+4])[0]
                self.ttl = unpack('>L',self._data[offset+4:offset+8])[0]
                self.rdlength = unpack('>H', self._data[offset+8:offset+10])[0]
                self.rdata = self._data[offset+10:offset+10+self.rdlength]
                offset = self.rdlength - 2
                self.unit_id = data[offset:offset+6]
            else:
                self.rr_name = ''
                self.rr_type = 0
                self.rr_class = 0
                self.ttl = 0
                self.rdlength = 0
                self.rdata = ''
                self.unit_id = ''
        except Exception:
                raise NetBIOSError( 'Wrong packet format ' )

    def set_rr_name(self, name):
        self.rr_name = name
    def set_rr_type(self, name):
        self.rr_type = name
    def set_rr_class(self,cl):
        self.rr_class = cl
    def set_ttl(self,ttl):
        self.ttl = ttl
    def set_rdata(self,rdata):
        self.rdata = rdata
        self.rdlength = len(rdata)
    def get_unit_id(self):
        return self.unit_id
    def get_rr_name(self):
        return self.rr_name
    def get_rr_class(self):
        return self.rr_class
    def get_ttl(self):
        return self.ttl
    def get_rdlength(self):
        return self.rdlength
    def get_rdata(self):
        return self.rdata
    def rawData(self):
        return self.rr_name + pack('!HHLH',self.rr_type, self.rr_class, self.ttl, self.rdlength) + self.rdata

class NBNodeStatusResponse(NBResourceRecord):
    def __init__(self, data = 0):
        NBResourceRecord.__init__(self,data)
        self.num_names = 0
        self.node_names = [ ]
        self.statstics = ''
        self.mac = '00-00-00-00-00-00'
        try:
            if data:
                self._data = self.get_rdata()
                self.num_names = unpack('>B',self._data[:1])[0]
                offset = 1
                for i in range(0, self.num_names):
                    name = self._data[offset:offset + 15]
                    type,flags = unpack('>BH', self._data[offset + 15: offset + 18])
                    offset += 18
                    self.node_names.append(NBNodeEntry(name, type ,flags))
                self.set_mac_in_hexa(self.get_unit_id())
        except Exception:
            raise NetBIOSError( 'Wrong packet format ' )

    def set_mac_in_hexa(self, data):
        data_aux = ''
        for d in data:
            if data_aux == '':
                data_aux = '%02x' % ord(d)
            else:
                data_aux += '-%02x' % ord(d)
        self.mac = string.upper(data_aux)

    def get_num_names(self):
        return self.num_names
    def get_mac(self):
        return self.mac
    def set_num_names(self, num):
        self.num_names = num
    def get_node_names(self):
        return self.node_names
    def add_node_name(self,node_names):
        self.node_names.append(node_names)
        self.num_names += 1
    def rawData(self):
        res = pack('!B', self.num_names )
        for i in range(0, self.num_names):
            res += self.node_names[i].rawData()

class NBPositiveNameQueryResponse(NBResourceRecord):
    def __init__(self, data = 0):
        NBResourceRecord.__init__(self, data)
        self.addr_entries = [ ]
        if data:
                self._data = self.get_rdata()
                _qn_length, qn_name, qn_scope = decode_name(data)
                self._netbios_name = string.rstrip(qn_name[:-1]) + qn_scope
                self._name_type = ord(qn_name[-1])
                self._nb_flags = unpack('!H', self._data[:2])
                offset = 2
                while offset<len(self._data):
                    self.addr_entries.append('%d.%d.%d.%d' % unpack('4B', (self._data[offset:offset+4])))
                    offset += 4

    def get_netbios_name(self):
        return self._netbios_name

    def get_name_type(self):
        return self._name_type

    def get_addr_entries(self):
        return self.addr_entries

class NetBIOSPacket:
    """ This is a packet as defined in RFC 1002 """
    def __init__(self, data = 0):
        self.name_trn_id = 0x0  # Transaction ID for Name Service Transaction.
                                #   Requestor places a unique value for each active
                                #   transaction.  Responder puts NAME_TRN_ID value
                                #   from request packet in response packet.
        self.opcode = 0         # Packet type code
        self.nm_flags = 0       # Flags for operation
        self.rcode = 0          # Result codes of request.
        self.qdcount = 0        # Unsigned 16 bit integer specifying the number of entries in the question section of a Name
        self.ancount = 0        # Unsigned 16 bit integer specifying the number of
                                # resource records in the answer section of a Name
                                # Service packet.
        self.nscount = 0        # Unsigned 16 bit integer specifying the number of
                                # resource records in the authority section of a
                                # Name Service packet.
        self.arcount = 0        # Unsigned 16 bit integer specifying the number of
                                # resource records in the additional records
                                # section of a Name Service packeT.
        self.questions = ''
        self.answers = ''
        if data == 0:
            self._data = ''
        else:
            try:
                self._data = data
                self.opcode = ord(data[2]) >> 3
                self.nm_flags = ((ord(data[2]) & 0x3) << 4) | ((ord(data[3]) & 0xf0) >> 4)
                self.name_trn_id = unpack('>H', self._data[:2])[0]
                self.rcode = ord(data[3]) & 0x0f
                self.qdcount = unpack('>H', self._data[4:6])[0]
                self.ancount = unpack('>H', self._data[6:8])[0]
                self.nscount = unpack('>H', self._data[8:10])[0]
                self.arcount = unpack('>H', self._data[10:12])[0]
                self.answers = self._data[12:]
            except Exception:
                raise NetBIOSError( 'Wrong packet format ' )

    def set_opcode(self, opcode):
        self.opcode = opcode
    def set_trn_id(self, trn):
        self.name_trn_id = trn
    def set_nm_flags(self, nm_flags):
        self.nm_flags = nm_flags
    def set_rcode(self, rcode):
        self.rcode = rcode
    def addQuestion(self, question, qtype, qclass):
        self.qdcount += 1
        self.questions += question + pack('!HH',qtype,qclass)
    def get_trn_id(self):
        return self.name_trn_id
    def get_rcode(self):
        return self.rcode
    def get_nm_flags(self):
        return self.nm_flags
    def get_opcode(self):
        return self.opcode
    def get_qdcount(self):
        return self.qdcount
    def get_ancount(self):
        return self.ancount
    def get_nscount(self):
        return self.nscount
    def get_arcount(self):
        return self.arcount
    def rawData(self):
        secondWord = self.opcode << 11
        secondWord |= self.nm_flags << 4
        secondWord |= self.rcode
        data = pack('!HHHHHH', self.name_trn_id, secondWord , self.qdcount, self.ancount, self.nscount, self.arcount) + self.questions + self.answers
        return data
    def get_answers(self):
        return self.answers

class NBHostEntry:

    def __init__(self, nbname, nametype, ip):
        self.__nbname = nbname
        self.__nametype = nametype
        self.__ip = ip

    def get_nbname(self):
        return self.__nbname

    def get_nametype(self):
        return self.__nametype

    def get_ip(self):
        return self.__ip

    def __repr__(self):
        return '<NBHostEntry instance: NBname="' + self.__nbname + '", IP="' + self.__ip + '">'

class NBNodeEntry:

    def __init__(self, nbname, nametype, flags):
        self.__nbname = string.ljust(nbname,17)
        self.__nametype = nametype
        self.__flags = flags
        self.__isgroup = flags & 0x8000
        self.__nodetype = flags & 0x6000
        self.__deleting = flags & 0x1000
        self.__isconflict = flags & 0x0800
        self.__isactive = flags & 0x0400
        self.__ispermanent = flags & 0x0200

    def get_nbname(self):
        return self.__nbname

    def get_nametype(self):
        return self.__nametype

    def is_group(self):
        return self.__isgroup

    def get_nodetype(self):
        return self.__nodetype

    def is_deleting(self):
        return self.__deleting

    def is_conflict(self):
        return self.__isconflict

    def is_active(self):
        return self.__isactive

    def is_permanent(self):
        return self.__ispermanent

    def set_nbname(self, name):
        self.__nbname = string.ljust(name,17)

    def set_nametype(self, type):
        self.__nametype = type

    def set_flags(self,flags):
        self.__flags = flags

    def __repr__(self):
        s = '<NBNodeEntry instance: NBname="' + self.__nbname + '" NameType="' + NAME_TYPES[self.__nametype] + '"'
        if self.__isactive:
            s += ' ACTIVE'
        if self.__isgroup:
            s += ' GROUP'
        if self.__isconflict:
            s += ' CONFLICT'
        if self.__deleting:
            s += ' DELETING'
        return s
    def rawData(self):
        return self.__nbname + pack('!BH',self.__nametype, self.__flags)


class NetBIOS:

    # Creates a NetBIOS instance without specifying any default NetBIOS domain nameserver.
    # All queries will be sent through the servport.
    def __init__(self, servport = NETBIOS_NS_PORT):
        self.__servport = NETBIOS_NS_PORT
        self.__nameserver = None
        self.__broadcastaddr = BROADCAST_ADDR
        self.mac = '00-00-00-00-00-00'

    def _setup_connection(self, dstaddr):
        port = randint(10000, 60000)
        af, socktype, proto, _canonname, _sa = socket.getaddrinfo(dstaddr, port, socket.AF_INET, socket.SOCK_DGRAM)[0]
        s = socket.socket(af, socktype, proto)
        has_bind = 1
        for _i in range(0, 10):
        # We try to bind to a port for 10 tries
            try:
                s.bind(( INADDR_ANY, randint(10000, 60000) ))
                s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
                has_bind = 1
            except socket.error:
                pass
        if not has_bind:
            raise NetBIOSError( 'Cannot bind to a good UDP port', ERRCLASS_OS, errno.EAGAIN)
        self.__sock = s

    # Set the default NetBIOS domain nameserver.
    def set_nameserver(self, nameserver):
        self.__nameserver = nameserver

    # Return the default NetBIOS domain nameserver, or None if none is specified.
    def get_nameserver(self):
        return self.__nameserver

    # Set the broadcast address to be used for query.
    def set_broadcastaddr(self, broadcastaddr):
        self.__broadcastaddr = broadcastaddr

    # Return the broadcast address to be used, or BROADCAST_ADDR if default broadcast address is used.
    def get_broadcastaddr(self):
        return self.__broadcastaddr

    # Returns a NBPositiveNameQueryResponse instance containing the host information for nbname.
    # If a NetBIOS domain nameserver has been specified, it will be used for the query.
    # Otherwise, the query is broadcasted on the broadcast address.
    def gethostbyname(self, nbname, qtype = TYPE_WORKSTATION, scope = None, timeout = 1):
        return self.__queryname(nbname, self.__nameserver, qtype, scope, timeout)

    # Returns a list of NBNodeEntry instances containing node status information for nbname.
    # If destaddr contains an IP address, then this will become an unicast query on the destaddr.
    # Raises NetBIOSTimeout if timeout (in secs) is reached.
    # Raises NetBIOSError for other errors
    def getnodestatus(self, nbname, destaddr = None, type = TYPE_WORKSTATION, scope = None, timeout = 1):
        if destaddr:
            return self.__querynodestatus(nbname, destaddr, type, scope, timeout)
        else:
            return self.__querynodestatus(nbname, self.__nameserver, type, scope, timeout)

    def getnetbiosname(self, ip):
        entries = self.getnodestatus('*',ip)
        entries = filter(lambda x:x.get_nametype() == TYPE_SERVER, entries)
        return entries[0].get_nbname().strip()

    def getmacaddress(self):
        return self.mac

    def __queryname(self, nbname, destaddr, qtype, scope, timeout, retries = 0):
        self._setup_connection(destaddr)
        trn_id = randint(1, 32000)
        p = NetBIOSPacket()
        p.set_trn_id(trn_id)
        netbios_name = nbname.upper()
        qn_label = encode_name(netbios_name, qtype, scope)
        p.addQuestion(qn_label, QUESTION_TYPE_NB, QUESTION_CLASS_IN)
        p.set_nm_flags(NM_FLAGS_RD)
        if not destaddr:
            p.set_nm_flags(p.get_nm_flags() | NM_FLAGS_BROADCAST)
            destaddr = self.__broadcastaddr
        req = p.rawData()

        tries = retries
        while 1:
            self.__sock.sendto(req, ( destaddr, self.__servport ))
            try:
                ready, _, _ = select.select([ self.__sock.fileno() ], [ ] , [ ], timeout)
                if not ready:
                    if tries:
                        # Retry again until tries == 0
                        tries -= 1
                    else:
                        raise NetBIOSTimeout
                else:
                    data, _ = self.__sock.recvfrom(65536, 0)

                    res = NetBIOSPacket(data)
                    if res.get_trn_id() == p.get_trn_id():
                        if res.get_rcode():
                            if res.get_rcode() == 0x03:
                                return None
                            else:
                                raise NetBIOSError( 'Negative name query response', ERRCLASS_QUERY, res.get_rcode())

                        if res.get_ancount() != 1:
                            raise NetBIOSError( 'Malformed response')

                        return NBPositiveNameQueryResponse(res.get_answers())
            except select.error as ex:
                if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
                    raise NetBIOSError( 'Error occurs while waiting for response', ERRCLASS_OS, ex[0])
                raise


    def __querynodestatus(self, nbname, destaddr, type, scope, timeout):
        self._setup_connection(destaddr)
        trn_id = randint(1, 32000)
        p = NetBIOSPacket()
        p.set_trn_id(trn_id)
        netbios_name = string.upper(nbname)
        qn_label = encode_name(netbios_name, type, scope)
        p.addQuestion(qn_label, QUESTION_TYPE_NBSTAT, QUESTION_CLASS_IN)

        if not destaddr:
            p.set_nm_flags(NM_FLAGS_BROADCAST)
            destaddr = self.__broadcastaddr
        req = p.rawData()
        tries = 3
        while 1:
            try:
                self.__sock.sendto(req, 0, ( destaddr, self.__servport ))
                ready, _, _ = select.select([ self.__sock.fileno() ], [ ] , [ ], timeout)
                if not ready:
                    if tries:
                        # Retry again until tries == 0
                        tries -= 1
                    else:
                        raise NetBIOSTimeout
                else:
                    try:
                        data, _ = self.__sock.recvfrom(65536, 0)
                    except Exception as e:
                        raise NetBIOSError("recvfrom error: %s" % str(e))
                    self.__sock.close()
                    res = NetBIOSPacket(data)
                    if res.get_trn_id() == p.get_trn_id():
                        if res.get_rcode():
                            if res.get_rcode() == 0x03:
                                # I'm just guessing here
                                raise NetBIOSError("Cannot get data from server")
                            else:
                                raise NetBIOSError( 'Negative name query response', ERRCLASS_QUERY, res.get_rcode())
                        answ = NBNodeStatusResponse(res.get_answers())
                        self.mac = answ.get_mac()
                        return answ.get_node_names()
            except select.error as ex:
                if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
                    raise NetBIOSError( 'Error occurs while waiting for response', ERRCLASS_OS, ex[0])
            except socket.error as ex:
                raise NetBIOSError('Connection error: %s' % str(ex))

# Perform first and second level encoding of name as specified in RFC 1001 (Section 4)
def encode_name(name, type, scope):
    if name == '*':
        name += '\0' * 15
    elif len(name) > 15:
        name = name[:15] + chr(type)
    else:
        name = string.ljust(name, 15) + chr(type)

    encoded_name = chr(len(name) * 2) + re.sub('.', _do_first_level_encoding, name)
    if scope:
        encoded_scope = ''
        for s in string.split(scope, '.'):
            encoded_scope = encoded_scope + chr(len(s)) + s
        return encoded_name + encoded_scope + '\0'
    else:
        return encoded_name + '\0'

# Internal method for use in encode_name()
def _do_first_level_encoding(m):
    s = ord(m.group(0))
    return string.uppercase[s >> 4] + string.uppercase[s & 0x0f]

def decode_name(name):
    name_length = ord(name[0])
    assert name_length == 32

    decoded_name = re.sub('..', _do_first_level_decoding, name[1:33])
    if name[33] == '\0':
        return 34, decoded_name, ''
    else:
        decoded_domain = ''
        offset = 34
        while 1:
            domain_length = ord(name[offset])
            if domain_length == 0:
                break
            decoded_domain = '.' + name[offset:offset + domain_length]
            offset += domain_length
        return offset + 1, decoded_name, decoded_domain

def _do_first_level_decoding(m):
    s = m.group(0)
    return chr(((ord(s[0]) - ord('A')) << 4) | (ord(s[1]) - ord('A')))


class NetBIOSSessionPacket:
    def __init__(self, data = 0):
        self.type = 0x0
        self.flags = 0x0
        self.length = 0x0
        if data == 0:
            self._trailer = ''
        else:
            try:
                self.type = ord(data[0])
                if self.type == NETBIOS_SESSION_MESSAGE:
                    self.length = ord(data[1]) << 16 | (unpack('!H', data[2:4])[0])
                else:
                    self.flags = ord(data[1])
                    self.length = unpack('!H', data[2:4])[0]

                self._trailer = data[4:]
            except:
                raise NetBIOSError( 'Wrong packet format ' )

    def set_type(self, type):
        self.type = type
    def get_type(self):
        return self.type
    def rawData(self):
        if self.type == NETBIOS_SESSION_MESSAGE:
            data = pack('!BBH',self.type,self.length >> 16,self.length & 0xFFFF) + self._trailer
        else:
            data = pack('!BBH',self.type,self.flags,self.length) + self._trailer
        return data
    def set_trailer(self,data):
        self._trailer = data
        self.length = len(data)
    def get_length(self):
        return self.length
    def get_trailer(self):
        return self._trailer

class NetBIOSSession:
    def __init__(self, myname, remote_name, remote_host, remote_type = TYPE_SERVER, sess_port = NETBIOS_SESSION_PORT, timeout = None, local_type = TYPE_WORKSTATION, sock = None):
        if len(myname) > 15:
            self.__myname = string.upper(myname[:15])
        else:
            self.__myname = string.upper(myname)
        self.__local_type = local_type

        assert remote_name
        # if destination port SMB_SESSION_PORT and remote name *SMBSERVER, we're changing it to its IP address
        # helping solving the client mistake ;)
        if remote_name == '*SMBSERVER' and sess_port == SMB_SESSION_PORT:
            remote_name = remote_host
        # If remote name is *SMBSERVER let's try to query its name.. if can't be guessed, continue and hope for the best
        if remote_name == '*SMBSERVER':
            nb = NetBIOS()

            try:
                res = nb.getnetbiosname(remote_host)
            except:
                res = None
                pass

            if res is not None:
                remote_name = res

        if len(remote_name) > 15:
            self.__remote_name = string.upper(remote_name[:15])
        else:
            self.__remote_name = string.upper(remote_name)
        self.__remote_type = remote_type

        self.__remote_host = remote_host

        if sock is not None:
            # We are acting as a server
            self._sock = sock
        else:
            self._sock = self._setup_connection((remote_host, sess_port))

        if sess_port == NETBIOS_SESSION_PORT:
            self._request_session(remote_type, local_type, timeout)

    def get_myname(self):
        return self.__myname

    def get_mytype(self):
        return self.__local_type

    def get_remote_host(self):
        return self.__remote_host

    def get_remote_name(self):
        return self.__remote_name

    def get_remote_type(self):
        return self.__remote_type

    def close(self):
        self._sock.close()

    def get_socket(self):
        return self._sock

class NetBIOSUDPSessionPacket(Structure):
    TYPE_DIRECT_UNIQUE = 16
    TYPE_DIRECT_GROUP  = 17

    FLAGS_MORE_FRAGMENTS = 1
    FLAGS_FIRST_FRAGMENT = 2
    FLAGS_B_NODE         = 0

    structure = (
        ('Type','B=16'),    # Direct Unique Datagram
        ('Flags','B=2'),    # FLAGS_FIRST_FRAGMENT
        ('ID','<H'),
        ('_SourceIP','>L'),
        ('SourceIP','"'),
        ('SourcePort','>H=138'),
        ('DataLegth','>H-Data'),
        ('Offset','>H=0'),
        ('SourceName','z'),
        ('DestinationName','z'),
        ('Data',':'),
    )

    def getData(self):
        addr = self['SourceIP'].split('.')
        addr = [int(x) for x in addr]
        addr = (((addr[0] << 8) + addr[1] << 8) + addr[2] << 8) + addr[3]
        self['_SourceIP'] = addr
        return Structure.getData(self)

    def get_trailer(self):
        return self['Data']

class NetBIOSUDPSession(NetBIOSSession):
    def _setup_connection(self, peer):
        af, socktype, proto, canonname, sa = socket.getaddrinfo(peer[0], peer[1], 0, socket.SOCK_DGRAM)[0]
        sock = socket.socket(af, socktype, proto)
        sock.connect(sa)

        sock = socket.socket(af, socktype, proto)
        sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        sock.bind((INADDR_ANY, 138))
        self.peer = peer
        return sock

    def _request_session(self, remote_type, local_type, timeout = None):
        pass

    def next_id(self):
        if hasattr(self, '__dgram_id'):
            answer = self.__dgram_id
        else:
            self.__dgram_id = randint(1,65535)
            answer = self.__dgram_id
        self.__dgram_id += 1
        return answer

    def send_packet(self, data):
        # Yes... I know...
        self._sock.connect(self.peer)

        p = NetBIOSUDPSessionPacket()
        p['ID'] = self.next_id()
        p['SourceIP'] = self._sock.getsockname()[0]
        p['SourceName'] = encode_name(self.get_myname(), self.get_mytype(), '')[:-1]
        p['DestinationName'] = encode_name(self.get_remote_name(), self.get_remote_type(), '')[:-1]
        p['Data'] = data

        self._sock.sendto(str(p), self.peer)
        self._sock.close()

        self._sock = self._setup_connection(self.peer)

    def recv_packet(self, timeout = None):
        # The next loop is a workaround for a bigger problem:
        # When data reaches higher layers, the lower headers are lost,
        # and with them, for example, the source IP. Hence, SMB users
        # can't know where packets are comming from... we need a better
        # solution, right now, we will filter everything except packets
        # coming from the remote_host specified in __init__()

        while 1:
            data, peer = self._sock.recvfrom(8192)
#            print "peer: %r  self.peer: %r" % (peer, self.peer)
            if peer == self.peer: break

        return NetBIOSUDPSessionPacket(data)

class NetBIOSTCPSession(NetBIOSSession):
    def __init__(self, myname, remote_name, remote_host, remote_type = TYPE_SERVER, sess_port = NETBIOS_SESSION_PORT, timeout = None, local_type = TYPE_WORKSTATION, sock = None, select_poll = False):
        self.__select_poll = select_poll
        if self.__select_poll:
            self.read_function = self.polling_read
        else:
            self.read_function = self.non_polling_read
        NetBIOSSession.__init__(self, myname, remote_name, remote_host, remote_type = remote_type, sess_port = sess_port, timeout = timeout, local_type = local_type, sock=sock)


    def _setup_connection(self, peer):
        try:
            af, socktype, proto, canonname, sa = socket.getaddrinfo(peer[0], peer[1], 0, socket.SOCK_STREAM)[0]
            sock = socket.socket(af, socktype, proto)
            sock.connect(sa)
        except socket.error as e:
            raise socket.error("Connection error (%s:%s)" % (peer[0], peer[1]), e)
        return sock

    def send_packet(self, data):
        p = NetBIOSSessionPacket()
        p.set_type(NETBIOS_SESSION_MESSAGE)
        p.set_trailer(data)
        self._sock.send(p.rawData())

    def recv_packet(self, timeout = None):
        data = self.__read(timeout)
        return NetBIOSSessionPacket(data)

    def _request_session(self, remote_type, local_type, timeout = None):
        p = NetBIOSSessionPacket()
        remote_name = encode_name(self.get_remote_name(), remote_type, '')
        myname = encode_name(self.get_myname(), local_type, '')
        p.set_type(NETBIOS_SESSION_REQUEST)
        p.set_trailer(remote_name + myname)

        self._sock.send(p.rawData())
        while 1:
            p = self.recv_packet(timeout)
            if p.get_type() == NETBIOS_SESSION_NEGATIVE_RESPONSE:
                raise NetBIOSError( 'Cannot request session', ERRCLASS_SESSION, ord(p.get_trailer()[0]))
            elif p.get_type() == NETBIOS_SESSION_POSITIVE_RESPONSE:
                break
            else:
                # Ignore all other messages, most probably keepalive messages
                pass

    def polling_read(self, read_length, timeout):
        data = ''
        if timeout is None:
            timeout = 3600

        time_left = timeout
        CHUNK_TIME = 0.025
        bytes_left = read_length

        while bytes_left > 0:
            try:
                ready, _, _ = select.select([self._sock.fileno() ], [ ], [ ], 0)

                if not ready:
                    if time_left <= 0:
                        raise NetBIOSTimeout
                    else:
                        time.sleep(CHUNK_TIME)
                        time_left -= CHUNK_TIME
                        continue

                received = self._sock.recv(bytes_left)
                if len(received) == 0:
                    raise NetBIOSError( 'Error while reading from remote', ERRCLASS_OS, None)

                data = data + received
                bytes_left = read_length - len(data)
            except select.error as ex:
                if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
                    raise NetBIOSError( 'Error occurs while reading from remote', ERRCLASS_OS, ex[0])

        return data

    def non_polling_read(self, read_length, timeout):
        data = ''
        bytes_left = read_length

        while bytes_left > 0:
            try:
                ready, _, _ = select.select([self._sock.fileno() ], [ ], [ ], timeout)

                if not ready:
                        raise NetBIOSTimeout

                received = self._sock.recv(bytes_left)
                if len(received) == 0:
                    raise NetBIOSError( 'Error while reading from remote', ERRCLASS_OS, None)

                data = data + received
                bytes_left = read_length - len(data)
            except select.error as ex:
                if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
                    raise NetBIOSError( 'Error occurs while reading from remote', ERRCLASS_OS, ex[0])

        return data

    def __read(self, timeout = None):
        data = self.read_function(4, timeout)
        type, flags, length = unpack('>ccH', data)
        if ord(type) == NETBIOS_SESSION_MESSAGE:
            length |= ord(flags) << 16
        else:
            if ord(flags) & 0x01:
                length |= 0x10000
        data2 = self.read_function(length, timeout)

        return data + data2

ERRCLASS_QUERY = 0x00
ERRCLASS_SESSION = 0xf0
ERRCLASS_OS = 0xff

QUERY_ERRORS = { 0x01: 'Request format error. Please file a bug report.',
                 0x02: 'Internal server error',
                 0x03: 'Name does not exist',
                 0x04: 'Unsupported request',
                 0x05: 'Request refused'
                 }

SESSION_ERRORS = { 0x80: 'Not listening on called name',
                   0x81: 'Not listening for calling name',
                   0x82: 'Called name not present',
                   0x83: 'Sufficient resources',
                   0x8f: 'Unspecified error'
                   }

def main():
    def get_netbios_host_by_name(name):
        n = NetBIOS()
        n.set_broadcastaddr('255.255.255.255') # To avoid use "<broadcast>" in socket
        for qtype in (TYPE_WORKSTATION, TYPE_CLIENT, TYPE_SERVER, TYPE_DOMAIN_MASTER, TYPE_DOMAIN_CONTROLLER):
            try:
                addrs = n.gethostbyname(name, qtype = qtype).get_addr_entries()
            except NetBIOSTimeout:
                continue
            else:
                return addrs
        raise Exception("Host not found")


    n = get_netbios_host_by_name("some-host")
    print(n)

if __name__ == '__main__':
    main()