2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libads/sitename_cache.h"
23 #include "libads/dns.h"
24 #include "../libcli/netlogon/netlogon.h"
25 #include "librpc/gen_ndr/messaging.h"
26 #include "lib/async_req/async_sock.h"
27 #include "libsmb/nmblib.h"
29 /* nmbd.c sets this to True. */
30 bool global_in_nmbd = False;
32 /****************************
33 * SERVER AFFINITY ROUTINES *
34 ****************************/
36 /* Server affinity is the concept of preferring the last domain
37 controller with whom you had a successful conversation */
39 /****************************************************************************
40 ****************************************************************************/
41 #define SAFKEY_FMT "SAF/DOMAIN/%s"
43 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
44 #define SAFJOIN_TTL 3600
46 static char *saf_key(const char *domain)
50 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
55 static char *saf_join_key(const char *domain)
59 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
64 /****************************************************************************
65 ****************************************************************************/
67 bool saf_store( const char *domain, const char *servername )
73 if ( !domain || !servername ) {
74 DEBUG(2,("saf_store: "
75 "Refusing to store empty domain or servername!\n"));
79 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
80 DEBUG(0,("saf_store: "
81 "refusing to store 0 length domain or servername!\n"));
85 key = saf_key( domain );
86 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
88 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
89 domain, servername, (unsigned int)expire ));
91 ret = gencache_set( key, servername, expire );
98 bool saf_join_store( const char *domain, const char *servername )
104 if ( !domain || !servername ) {
105 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
109 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
110 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
114 key = saf_join_key( domain );
115 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
117 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
118 domain, servername, (unsigned int)expire ));
120 ret = gencache_set( key, servername, expire );
127 bool saf_delete( const char *domain )
133 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
137 key = saf_join_key(domain);
138 ret = gencache_del(key);
142 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
145 key = saf_key(domain);
146 ret = gencache_del(key);
150 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
156 /****************************************************************************
157 ****************************************************************************/
159 char *saf_fetch( const char *domain )
166 if ( !domain || strlen(domain) == 0) {
167 DEBUG(2,("saf_fetch: Empty domain name!\n"));
171 key = saf_join_key( domain );
173 ret = gencache_get( key, &server, &timeout );
178 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
183 key = saf_key( domain );
185 ret = gencache_get( key, &server, &timeout );
190 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
193 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
200 /****************************************************************************
201 Generate a random trn_id.
202 ****************************************************************************/
204 static int generate_trn_id(void)
208 generate_random_buffer((uint8 *)&id, sizeof(id));
210 return id % (unsigned)0x7FFF;
213 /****************************************************************************
214 Parse a node status response into an array of structures.
215 ****************************************************************************/
217 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
219 struct node_status_extra *extra)
221 struct node_status *ret;
224 *num_names = CVAL(p,0);
229 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
234 for (i=0;i< *num_names;i++) {
235 StrnCpy(ret[i].name,p,15);
236 trim_char(ret[i].name,'\0',' ');
237 ret[i].type = CVAL(p,15);
238 ret[i].flags = p[16];
240 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
241 ret[i].type, ret[i].flags));
244 * Also, pick up the MAC address ...
247 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
252 struct sock_packet_read_state {
253 struct tevent_context *ev;
254 enum packet_type type;
257 struct nb_packet_reader *reader;
258 struct tevent_req *reader_req;
261 struct tevent_req *socket_req;
263 struct sockaddr_storage addr;
266 bool (*validator)(struct packet_struct *p,
270 struct packet_struct *packet;
273 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s);
274 static void sock_packet_read_got_packet(struct tevent_req *subreq);
275 static void sock_packet_read_got_socket(struct tevent_req *subreq);
277 static struct tevent_req *sock_packet_read_send(
279 struct tevent_context *ev,
280 int sock, /* dgram socket */
281 struct nb_packet_reader *reader,
282 enum packet_type type,
284 bool (*validator)(struct packet_struct *p, void *private_data),
287 struct tevent_req *req;
288 struct sock_packet_read_state *state;
290 req = tevent_req_create(mem_ctx, &state,
291 struct sock_packet_read_state);
295 talloc_set_destructor(state, sock_packet_read_state_destructor);
297 state->reader = reader;
300 state->trn_id = trn_id;
301 state->validator = validator;
302 state->private_data = private_data;
304 if (reader != NULL) {
305 state->reader_req = nb_packet_read_send(state, ev, reader);
306 if (tevent_req_nomem(state->reader_req, req)) {
307 return tevent_req_post(req, ev);
309 tevent_req_set_callback(
310 state->reader_req, sock_packet_read_got_packet, req);
313 state->addr_len = sizeof(state->addr);
314 state->socket_req = recvfrom_send(state, ev, sock,
315 state->buf, sizeof(state->buf), 0,
316 &state->addr, &state->addr_len);
317 if (tevent_req_nomem(state->socket_req, req)) {
318 return tevent_req_post(req, ev);
320 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
326 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s)
328 if (s->packet != NULL) {
329 free_packet(s->packet);
335 static void sock_packet_read_got_packet(struct tevent_req *subreq)
337 struct tevent_req *req = tevent_req_callback_data(
338 subreq, struct tevent_req);
339 struct sock_packet_read_state *state = tevent_req_data(
340 req, struct sock_packet_read_state);
343 status = nb_packet_read_recv(subreq, &state->packet);
345 TALLOC_FREE(state->reader_req);
347 if (!NT_STATUS_IS_OK(status)) {
348 if (state->socket_req != NULL) {
350 * Still waiting for socket
355 * Both socket and packet reader failed
357 tevent_req_nterror(req, status);
361 if ((state->validator != NULL) &&
362 !state->validator(state->packet, state->private_data)) {
363 DEBUG(10, ("validator failed\n"));
365 free_packet(state->packet);
366 state->packet = NULL;
368 state->reader_req = nb_packet_read_send(state, state->ev,
370 if (tevent_req_nomem(state->reader_req, req)) {
373 tevent_req_set_callback(
374 state->reader_req, sock_packet_read_got_packet, req);
378 TALLOC_FREE(state->socket_req);
379 tevent_req_done(req);
382 static void sock_packet_read_got_socket(struct tevent_req *subreq)
384 struct tevent_req *req = tevent_req_callback_data(
385 subreq, struct tevent_req);
386 struct sock_packet_read_state *state = tevent_req_data(
387 req, struct sock_packet_read_state);
388 struct sockaddr_in *in_addr;
392 received = recvfrom_recv(subreq, &err);
394 TALLOC_FREE(state->socket_req);
396 if (received == -1) {
397 if (state->reader_req != NULL) {
399 * Still waiting for reader
404 * Both socket and reader failed
406 tevent_req_nterror(req, map_nt_error_from_unix(err));
409 if (state->addr.ss_family != AF_INET) {
412 in_addr = (struct sockaddr_in *)(void *)&state->addr;
414 state->packet = parse_packet((char *)state->buf, received, state->type,
415 in_addr->sin_addr, in_addr->sin_port);
416 if (state->packet == NULL) {
417 DEBUG(10, ("parse_packet failed\n"));
420 if ((state->trn_id != -1) &&
421 (state->trn_id != packet_trn_id(state->packet))) {
422 DEBUG(10, ("Expected transaction id %d, got %d\n",
423 state->trn_id, packet_trn_id(state->packet)));
427 if ((state->validator != NULL) &&
428 !state->validator(state->packet, state->private_data)) {
429 DEBUG(10, ("validator failed\n"));
433 tevent_req_done(req);
437 if (state->packet != NULL) {
438 free_packet(state->packet);
439 state->packet = NULL;
441 state->socket_req = recvfrom_send(state, state->ev, state->sock,
442 state->buf, sizeof(state->buf), 0,
443 &state->addr, &state->addr_len);
444 if (tevent_req_nomem(state->socket_req, req)) {
447 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
451 static NTSTATUS sock_packet_read_recv(struct tevent_req *req,
452 struct packet_struct **ppacket)
454 struct sock_packet_read_state *state = tevent_req_data(
455 req, struct sock_packet_read_state);
458 if (tevent_req_is_nterror(req, &status)) {
461 *ppacket = state->packet;
462 state->packet = NULL;
466 struct nb_trans_state {
467 struct tevent_context *ev;
469 struct nb_packet_reader *reader;
471 const struct sockaddr_storage *dst_addr;
474 enum packet_type type;
477 bool (*validator)(struct packet_struct *p,
481 struct packet_struct *packet;
484 static int nb_trans_state_destructor(struct nb_trans_state *s);
485 static void nb_trans_got_reader(struct tevent_req *subreq);
486 static void nb_trans_done(struct tevent_req *subreq);
487 static void nb_trans_sent(struct tevent_req *subreq);
488 static void nb_trans_send_next(struct tevent_req *subreq);
490 static struct tevent_req *nb_trans_send(
492 struct tevent_context *ev,
493 const struct sockaddr_storage *my_addr,
494 const struct sockaddr_storage *dst_addr,
496 uint8_t *buf, size_t buflen,
497 enum packet_type type, int trn_id,
498 bool (*validator)(struct packet_struct *p,
502 struct tevent_req *req, *subreq;
503 struct nb_trans_state *state;
505 req = tevent_req_create(mem_ctx, &state, struct nb_trans_state);
509 talloc_set_destructor(state, nb_trans_state_destructor);
511 state->dst_addr = dst_addr;
513 state->buflen = buflen;
515 state->trn_id = trn_id;
516 state->validator = validator;
517 state->private_data = private_data;
519 state->sock = open_socket_in(SOCK_DGRAM, 0, 3, my_addr, True);
520 if (state->sock == -1) {
521 tevent_req_nterror(req, map_nt_error_from_unix(errno));
522 DEBUG(10, ("open_socket_in failed: %s\n", strerror(errno)));
523 return tevent_req_post(req, ev);
527 set_socket_options(state->sock,"SO_BROADCAST");
530 subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
531 if (tevent_req_nomem(subreq, req)) {
532 return tevent_req_post(req, ev);
534 tevent_req_set_callback(subreq, nb_trans_got_reader, req);
538 static int nb_trans_state_destructor(struct nb_trans_state *s)
544 if (s->packet != NULL) {
545 free_packet(s->packet);
551 static void nb_trans_got_reader(struct tevent_req *subreq)
553 struct tevent_req *req = tevent_req_callback_data(
554 subreq, struct tevent_req);
555 struct nb_trans_state *state = tevent_req_data(
556 req, struct nb_trans_state);
559 status = nb_packet_reader_recv(subreq, state, &state->reader);
562 if (!NT_STATUS_IS_OK(status)) {
563 DEBUG(10, ("nmbd not around\n"));
564 state->reader = NULL;
567 subreq = sock_packet_read_send(
568 state, state->ev, state->sock,
569 state->reader, state->type, state->trn_id,
570 state->validator, state->private_data);
571 if (tevent_req_nomem(subreq, req)) {
574 tevent_req_set_callback(subreq, nb_trans_done, req);
576 subreq = sendto_send(state, state->ev, state->sock,
577 state->buf, state->buflen, 0, state->dst_addr);
578 if (tevent_req_nomem(subreq, req)) {
581 tevent_req_set_callback(subreq, nb_trans_sent, req);
584 static void nb_trans_sent(struct tevent_req *subreq)
586 struct tevent_req *req = tevent_req_callback_data(
587 subreq, struct tevent_req);
588 struct nb_trans_state *state = tevent_req_data(
589 req, struct nb_trans_state);
593 sent = sendto_recv(subreq, &err);
596 DEBUG(10, ("sendto failed: %s\n", strerror(err)));
597 tevent_req_nterror(req, map_nt_error_from_unix(err));
600 subreq = tevent_wakeup_send(state, state->ev,
601 timeval_current_ofs(1, 0));
602 if (tevent_req_nomem(subreq, req)) {
605 tevent_req_set_callback(subreq, nb_trans_send_next, req);
608 static void nb_trans_send_next(struct tevent_req *subreq)
610 struct tevent_req *req = tevent_req_callback_data(
611 subreq, struct tevent_req);
612 struct nb_trans_state *state = tevent_req_data(
613 req, struct nb_trans_state);
616 ret = tevent_wakeup_recv(subreq);
619 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
622 subreq = sendto_send(state, state->ev, state->sock,
623 state->buf, state->buflen, 0, state->dst_addr);
624 if (tevent_req_nomem(subreq, req)) {
627 tevent_req_set_callback(subreq, nb_trans_sent, req);
630 static void nb_trans_done(struct tevent_req *subreq)
632 struct tevent_req *req = tevent_req_callback_data(
633 subreq, struct tevent_req);
634 struct nb_trans_state *state = tevent_req_data(
635 req, struct nb_trans_state);
638 status = sock_packet_read_recv(subreq, &state->packet);
640 if (tevent_req_nterror(req, status)) {
643 tevent_req_done(req);
646 static NTSTATUS nb_trans_recv(struct tevent_req *req,
647 struct packet_struct **ppacket)
649 struct nb_trans_state *state = tevent_req_data(
650 req, struct nb_trans_state);
653 if (tevent_req_is_nterror(req, &status)) {
656 *ppacket = state->packet;
657 state->packet = NULL;
661 /****************************************************************************
662 Do a NBT node status query on an open socket and return an array of
663 structures holding the returned names or NULL if the query failed.
664 **************************************************************************/
666 struct node_status_query_state {
667 struct sockaddr_storage my_addr;
668 struct sockaddr_storage addr;
671 struct packet_struct *packet;
674 static int node_status_query_state_destructor(
675 struct node_status_query_state *s);
676 static bool node_status_query_validator(struct packet_struct *p,
678 static void node_status_query_done(struct tevent_req *subreq);
680 struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
681 struct tevent_context *ev,
682 struct nmb_name *name,
683 const struct sockaddr_storage *addr)
685 struct tevent_req *req, *subreq;
686 struct node_status_query_state *state;
687 struct packet_struct p;
688 struct nmb_packet *nmb = &p.packet.nmb;
689 struct sockaddr_in *in_addr;
691 req = tevent_req_create(mem_ctx, &state,
692 struct node_status_query_state);
696 talloc_set_destructor(state, node_status_query_state_destructor);
698 if (addr->ss_family != AF_INET) {
699 /* Can't do node status to IPv6 */
700 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
701 return tevent_req_post(req, ev);
705 in_addr = (struct sockaddr_in *)(void *)&state->addr;
706 in_addr->sin_port = htons(NMB_PORT);
708 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
709 AI_NUMERICHOST|AI_PASSIVE)) {
710 zero_sockaddr(&state->my_addr);
714 nmb->header.name_trn_id = generate_trn_id();
715 nmb->header.opcode = 0;
716 nmb->header.response = false;
717 nmb->header.nm_flags.bcast = false;
718 nmb->header.nm_flags.recursion_available = false;
719 nmb->header.nm_flags.recursion_desired = false;
720 nmb->header.nm_flags.trunc = false;
721 nmb->header.nm_flags.authoritative = false;
722 nmb->header.rcode = 0;
723 nmb->header.qdcount = 1;
724 nmb->header.ancount = 0;
725 nmb->header.nscount = 0;
726 nmb->header.arcount = 0;
727 nmb->question.question_name = *name;
728 nmb->question.question_type = 0x21;
729 nmb->question.question_class = 0x1;
731 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
733 if (state->buflen == 0) {
734 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
735 DEBUG(10, ("build_packet failed\n"));
736 return tevent_req_post(req, ev);
739 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, false,
740 state->buf, state->buflen,
741 NMB_PACKET, nmb->header.name_trn_id,
742 node_status_query_validator, NULL);
743 if (tevent_req_nomem(subreq, req)) {
744 DEBUG(10, ("nb_trans_send failed\n"));
745 return tevent_req_post(req, ev);
747 if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(10, 0))) {
748 return tevent_req_post(req, ev);
750 tevent_req_set_callback(subreq, node_status_query_done, req);
754 static bool node_status_query_validator(struct packet_struct *p,
757 struct nmb_packet *nmb = &p->packet.nmb;
760 if (nmb->header.opcode != 0 ||
761 nmb->header.nm_flags.bcast ||
763 !nmb->header.ancount ||
764 nmb->answers->rr_type != 0x21) {
766 * XXXX what do we do with this? could be a redirect,
767 * but we'll discard it for the moment
774 static int node_status_query_state_destructor(
775 struct node_status_query_state *s)
777 if (s->packet != NULL) {
778 free_packet(s->packet);
784 static void node_status_query_done(struct tevent_req *subreq)
786 struct tevent_req *req = tevent_req_callback_data(
787 subreq, struct tevent_req);
788 struct node_status_query_state *state = tevent_req_data(
789 req, struct node_status_query_state);
792 status = nb_trans_recv(subreq, &state->packet);
794 if (tevent_req_nterror(req, status)) {
797 tevent_req_done(req);
800 NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
801 struct node_status **pnode_status,
803 struct node_status_extra *extra)
805 struct node_status_query_state *state = tevent_req_data(
806 req, struct node_status_query_state);
807 struct node_status *node_status;
811 if (tevent_req_is_nterror(req, &status)) {
814 node_status = parse_node_status(
815 mem_ctx, &state->packet->packet.nmb.answers->rdata[0],
817 if (node_status == NULL) {
818 return NT_STATUS_NO_MEMORY;
820 *pnode_status = node_status;
821 *pnum_names = num_names;
825 NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
826 const struct sockaddr_storage *addr,
827 struct node_status **pnode_status,
829 struct node_status_extra *extra)
831 TALLOC_CTX *frame = talloc_stackframe();
832 struct tevent_context *ev;
833 struct tevent_req *req;
834 NTSTATUS status = NT_STATUS_NO_MEMORY;
836 ev = tevent_context_init(frame);
840 req = node_status_query_send(ev, ev, name, addr);
844 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
847 status = node_status_query_recv(req, mem_ctx, pnode_status,
854 /****************************************************************************
855 Find the first type XX name in a node status reply - used for finding
856 a servers name given its IP. Return the matched name in *name.
857 **************************************************************************/
859 bool name_status_find(const char *q_name,
862 const struct sockaddr_storage *to_ss,
865 char addr[INET6_ADDRSTRLEN];
866 struct sockaddr_storage ss;
867 struct node_status *addrs = NULL;
868 struct nmb_name nname;
873 if (lp_disable_netbios()) {
874 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
879 print_sockaddr(addr, sizeof(addr), to_ss);
881 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
884 /* Check the cache first. */
886 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
890 if (to_ss->ss_family != AF_INET) {
891 /* Can't do node status to IPv6 */
895 if (!interpret_string_addr(&ss, lp_socket_address(),
896 AI_NUMERICHOST|AI_PASSIVE)) {
900 /* W2K PDC's seem not to respond to '*'#0. JRA */
901 make_nmb_name(&nname, q_name, q_type);
902 status = node_status_query(talloc_tos(), &nname, to_ss,
903 &addrs, &count, NULL);
904 if (!NT_STATUS_IS_OK(status)) {
908 for (i=0;i<count;i++) {
909 /* Find first one of the requested type that's not a GROUP. */
910 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
916 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
918 /* Store the result in the cache. */
919 /* but don't store an entry for 0x1c names here. Here we have
920 a single host and DOMAIN<0x1c> names should be a list of hosts */
922 if ( q_type != 0x1c ) {
923 namecache_status_store(q_name, q_type, type, to_ss, name);
931 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
934 DEBUGADD(10, (", name %s ip address is %s", name, addr));
942 comparison function used by sort_addr_list
945 static int addr_compare(const struct sockaddr_storage *ss1,
946 const struct sockaddr_storage *ss2)
948 int max_bits1=0, max_bits2=0;
949 int num_interfaces = iface_count();
952 /* Sort IPv4 addresses first. */
953 if (ss1->ss_family != ss2->ss_family) {
954 if (ss2->ss_family == AF_INET) {
961 /* Here we know both addresses are of the same
964 for (i=0;i<num_interfaces;i++) {
965 const struct sockaddr_storage *pss = iface_n_bcast(i);
966 unsigned char *p_ss1 = NULL;
967 unsigned char *p_ss2 = NULL;
968 unsigned char *p_if = NULL;
972 if (pss->ss_family != ss1->ss_family) {
973 /* Ignore interfaces of the wrong type. */
976 if (pss->ss_family == AF_INET) {
977 p_if = (unsigned char *)
978 &((const struct sockaddr_in *)pss)->sin_addr;
979 p_ss1 = (unsigned char *)
980 &((const struct sockaddr_in *)ss1)->sin_addr;
981 p_ss2 = (unsigned char *)
982 &((const struct sockaddr_in *)ss2)->sin_addr;
985 #if defined(HAVE_IPV6)
986 if (pss->ss_family == AF_INET6) {
987 p_if = (unsigned char *)
988 &((const struct sockaddr_in6 *)pss)->sin6_addr;
989 p_ss1 = (unsigned char *)
990 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
991 p_ss2 = (unsigned char *)
992 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
996 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
999 bits1 = matching_len_bits(p_ss1, p_if, len);
1000 bits2 = matching_len_bits(p_ss2, p_if, len);
1001 max_bits1 = MAX(bits1, max_bits1);
1002 max_bits2 = MAX(bits2, max_bits2);
1005 /* Bias towards directly reachable IPs */
1006 if (iface_local((struct sockaddr *)ss1)) {
1007 if (ss1->ss_family == AF_INET) {
1013 if (iface_local((struct sockaddr *)ss2)) {
1014 if (ss2->ss_family == AF_INET) {
1020 return max_bits2 - max_bits1;
1023 /*******************************************************************
1024 compare 2 ldap IPs by nearness to our interfaces - used in qsort
1025 *******************************************************************/
1027 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
1031 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
1035 if (ss1->port > ss2->port) {
1039 if (ss1->port < ss2->port) {
1047 sort an IP list so that names that are close to one of our interfaces
1048 are at the top. This prevents the problem where a WINS server returns an IP
1049 that is not reachable from our subnet as the first match
1052 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
1058 TYPESAFE_QSORT(sslist, count, addr_compare);
1061 static void sort_service_list(struct ip_service *servlist, int count)
1067 TYPESAFE_QSORT(servlist, count, ip_service_compare);
1070 /**********************************************************************
1071 Remove any duplicate address/port pairs in the list
1072 *********************************************************************/
1074 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
1078 DEBUG(10,("remove_duplicate_addrs2: "
1079 "looking for duplicate address/port pairs\n"));
1081 /* one loop to remove duplicates */
1082 for ( i=0; i<count; i++ ) {
1083 if ( is_zero_addr(&iplist[i].ss)) {
1087 for ( j=i+1; j<count; j++ ) {
1088 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
1089 iplist[i].port == iplist[j].port) {
1090 zero_sockaddr(&iplist[j].ss);
1095 /* one loop to clean up any holes we left */
1096 /* first ip should never be a zero_ip() */
1097 for (i = 0; i<count; ) {
1098 if (is_zero_addr(&iplist[i].ss) ) {
1100 memmove(&iplist[i], &iplist[i+1],
1101 (count - i - 1)*sizeof(iplist[i]));
1112 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
1114 TALLOC_CTX *frame = talloc_stackframe();
1115 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
1118 if (iplist_new == NULL) {
1125 /* Copy IPv4 first. */
1126 for (i = 0; i < count; i++) {
1127 if (iplist[i].ss.ss_family == AF_INET) {
1128 iplist_new[j++] = iplist[i];
1133 for (i = 0; i < count; i++) {
1134 if (iplist[i].ss.ss_family != AF_INET) {
1135 iplist_new[j++] = iplist[i];
1139 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
1144 /****************************************************************************
1145 Do a netbios name query to find someones IP.
1146 Returns an array of IP addresses or NULL if none.
1147 *count will be set to the number of addresses returned.
1148 *timed_out is set if we failed by timing out
1149 ****************************************************************************/
1151 struct name_query_state {
1152 struct sockaddr_storage my_addr;
1153 struct sockaddr_storage addr;
1160 NTSTATUS validate_error;
1163 struct sockaddr_storage *addrs;
1167 static bool name_query_validator(struct packet_struct *p, void *private_data);
1168 static void name_query_done(struct tevent_req *subreq);
1170 struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx,
1171 struct tevent_context *ev,
1172 const char *name, int name_type,
1173 bool bcast, bool recurse,
1174 const struct sockaddr_storage *addr)
1176 struct tevent_req *req, *subreq;
1177 struct name_query_state *state;
1178 struct packet_struct p;
1179 struct nmb_packet *nmb = &p.packet.nmb;
1180 struct sockaddr_in *in_addr;
1181 struct timeval timeout;
1183 req = tevent_req_create(mem_ctx, &state, struct name_query_state);
1187 state->bcast = bcast;
1189 if (addr->ss_family != AF_INET) {
1190 /* Can't do node status to IPv6 */
1191 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
1192 return tevent_req_post(req, ev);
1195 if (lp_disable_netbios()) {
1196 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
1198 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
1199 return tevent_req_post(req, ev);
1202 state->addr = *addr;
1203 in_addr = (struct sockaddr_in *)(void *)&state->addr;
1204 in_addr->sin_port = htons(NMB_PORT);
1206 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
1207 AI_NUMERICHOST|AI_PASSIVE)) {
1208 zero_sockaddr(&state->my_addr);
1212 nmb->header.name_trn_id = generate_trn_id();
1213 nmb->header.opcode = 0;
1214 nmb->header.response = false;
1215 nmb->header.nm_flags.bcast = bcast;
1216 nmb->header.nm_flags.recursion_available = false;
1217 nmb->header.nm_flags.recursion_desired = recurse;
1218 nmb->header.nm_flags.trunc = false;
1219 nmb->header.nm_flags.authoritative = false;
1220 nmb->header.rcode = 0;
1221 nmb->header.qdcount = 1;
1222 nmb->header.ancount = 0;
1223 nmb->header.nscount = 0;
1224 nmb->header.arcount = 0;
1226 make_nmb_name(&nmb->question.question_name,name,name_type);
1228 nmb->question.question_type = 0x20;
1229 nmb->question.question_class = 0x1;
1231 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
1233 if (state->buflen == 0) {
1234 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
1235 DEBUG(10, ("build_packet failed\n"));
1236 return tevent_req_post(req, ev);
1239 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, bcast,
1240 state->buf, state->buflen,
1241 NMB_PACKET, nmb->header.name_trn_id,
1242 name_query_validator, state);
1243 if (tevent_req_nomem(subreq, req)) {
1244 DEBUG(10, ("nb_trans_send failed\n"));
1245 return tevent_req_post(req, ev);
1248 timeout = timeval_current_ofs(0, 250000);
1250 timeout = timeval_current_ofs(2, 0);
1252 if (!tevent_req_set_endtime(req, ev, timeout)) {
1253 return tevent_req_post(req, ev);
1255 tevent_req_set_callback(subreq, name_query_done, req);
1259 static bool name_query_validator(struct packet_struct *p, void *private_data)
1261 struct name_query_state *state = talloc_get_type_abort(
1262 private_data, struct name_query_state);
1263 struct nmb_packet *nmb = &p->packet.nmb;
1264 struct sockaddr_storage *tmp_addrs;
1267 debug_nmb_packet(p);
1270 * If we get a Negative Name Query Response from a WINS
1271 * server, we should report it and give up.
1273 if( 0 == nmb->header.opcode /* A query response */
1274 && !state->bcast /* from a WINS server */
1275 && nmb->header.rcode /* Error returned */
1278 if( DEBUGLVL( 3 ) ) {
1279 /* Only executed if DEBUGLEVEL >= 3 */
1280 dbgtext( "Negative name query "
1281 "response, rcode 0x%02x: ",
1282 nmb->header.rcode );
1283 switch( nmb->header.rcode ) {
1285 dbgtext("Request was invalidly formatted.\n");
1288 dbgtext("Problem with NBNS, cannot process "
1292 dbgtext("The name requested does not "
1296 dbgtext("Unsupported request error.\n");
1299 dbgtext("Query refused error.\n");
1302 dbgtext("Unrecognized error code.\n" );
1308 * We accept this packet as valid, but tell the upper
1309 * layers that it's a negative response.
1311 state->validate_error = NT_STATUS_NOT_FOUND;
1315 if (nmb->header.opcode != 0 ||
1316 nmb->header.nm_flags.bcast ||
1317 nmb->header.rcode ||
1318 !nmb->header.ancount) {
1320 * XXXX what do we do with this? Could be a redirect,
1321 * but we'll discard it for the moment.
1326 tmp_addrs = TALLOC_REALLOC_ARRAY(
1327 state, state->addrs, struct sockaddr_storage,
1328 state->num_addrs + nmb->answers->rdlength/6);
1329 if (tmp_addrs == NULL) {
1330 state->validate_error = NT_STATUS_NO_MEMORY;
1333 state->addrs = tmp_addrs;
1335 DEBUG(2,("Got a positive name query response "
1336 "from %s ( ", inet_ntoa(p->ip)));
1338 for (i=0; i<nmb->answers->rdlength/6; i++) {
1340 putip((char *)&ip,&nmb->answers->rdata[2+i*6]);
1341 in_addr_to_sockaddr_storage(
1342 &state->addrs[state->num_addrs], ip);
1343 DEBUGADD(2,("%s ",inet_ntoa(ip)));
1344 state->num_addrs += 1;
1346 DEBUGADD(2,(")\n"));
1348 /* We add the flags back ... */
1349 if (nmb->header.response)
1350 state->flags |= NM_FLAGS_RS;
1351 if (nmb->header.nm_flags.authoritative)
1352 state->flags |= NM_FLAGS_AA;
1353 if (nmb->header.nm_flags.trunc)
1354 state->flags |= NM_FLAGS_TC;
1355 if (nmb->header.nm_flags.recursion_desired)
1356 state->flags |= NM_FLAGS_RD;
1357 if (nmb->header.nm_flags.recursion_available)
1358 state->flags |= NM_FLAGS_RA;
1359 if (nmb->header.nm_flags.bcast)
1360 state->flags |= NM_FLAGS_B;
1364 * We have to collect all entries coming in from
1370 * WINS responses are accepted when they are received
1375 static void name_query_done(struct tevent_req *subreq)
1377 struct tevent_req *req = tevent_req_callback_data(
1378 subreq, struct tevent_req);
1379 struct name_query_state *state = tevent_req_data(
1380 req, struct name_query_state);
1382 struct packet_struct *p = NULL;
1384 status = nb_trans_recv(subreq, &p);
1385 TALLOC_FREE(subreq);
1386 if (tevent_req_nterror(req, status)) {
1389 if (!NT_STATUS_IS_OK(state->validate_error)) {
1390 tevent_req_nterror(req, state->validate_error);
1395 * Free the packet here, we've collected the response in the
1400 tevent_req_done(req);
1403 NTSTATUS name_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1404 struct sockaddr_storage **addrs, int *num_addrs,
1407 struct name_query_state *state = tevent_req_data(
1408 req, struct name_query_state);
1411 if (tevent_req_is_nterror(req, &status)
1412 && !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
1415 if (state->num_addrs == 0) {
1416 return NT_STATUS_NOT_FOUND;
1418 *addrs = talloc_move(mem_ctx, &state->addrs);
1419 sort_addr_list(*addrs, state->num_addrs);
1420 *num_addrs = state->num_addrs;
1421 if (flags != NULL) {
1422 *flags = state->flags;
1424 return NT_STATUS_OK;
1427 NTSTATUS name_query(const char *name, int name_type,
1428 bool bcast, bool recurse,
1429 const struct sockaddr_storage *to_ss,
1430 TALLOC_CTX *mem_ctx,
1431 struct sockaddr_storage **addrs,
1432 int *num_addrs, uint8_t *flags)
1434 TALLOC_CTX *frame = talloc_stackframe();
1435 struct tevent_context *ev;
1436 struct tevent_req *req;
1437 NTSTATUS status = NT_STATUS_NO_MEMORY;
1439 ev = tevent_context_init(frame);
1443 req = name_query_send(ev, ev, name, name_type, bcast, recurse, to_ss);
1447 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1450 status = name_query_recv(req, mem_ctx, addrs, num_addrs, flags);
1456 /********************************************************
1457 convert an array if struct sockaddr_storage to struct ip_service
1458 return false on failure. Port is set to PORT_NONE;
1459 *********************************************************/
1461 static bool convert_ss2service(struct ip_service **return_iplist,
1462 const struct sockaddr_storage *ss_list,
1467 if ( count==0 || !ss_list )
1470 /* copy the ip address; port will be PORT_NONE */
1471 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
1473 DEBUG(0,("convert_ip2service: malloc failed "
1474 "for %d enetries!\n", count ));
1478 for ( i=0; i<count; i++ ) {
1479 (*return_iplist)[i].ss = ss_list[i];
1480 (*return_iplist)[i].port = PORT_NONE;
1486 /********************************************************
1487 Resolve via "bcast" method.
1488 *********************************************************/
1490 NTSTATUS name_resolve_bcast(const char *name,
1492 struct ip_service **return_iplist,
1496 int num_interfaces = iface_count();
1497 struct sockaddr_storage *ss_list;
1498 struct sockaddr_storage ss;
1499 NTSTATUS status = NT_STATUS_NOT_FOUND;
1501 if (lp_disable_netbios()) {
1502 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
1504 return NT_STATUS_INVALID_PARAMETER;
1507 *return_iplist = NULL;
1511 * "bcast" means do a broadcast lookup on all the local interfaces.
1514 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
1515 "for name %s<0x%x>\n", name, name_type));
1517 if (!interpret_string_addr(&ss, lp_socket_address(),
1518 AI_NUMERICHOST|AI_PASSIVE)) {
1523 * Lookup the name on all the interfaces, return on
1524 * the first successful match.
1526 for( i = num_interfaces-1; i >= 0; i--) {
1527 const struct sockaddr_storage *pss = iface_n_bcast(i);
1529 /* Done this way to fix compiler error on IRIX 5.x */
1533 status = name_query(name, name_type, true, true, pss,
1534 talloc_tos(), &ss_list, return_count,
1536 if (NT_STATUS_IS_OK(status)) {
1541 /* failed - no response */
1547 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
1548 status = NT_STATUS_NO_MEMORY;
1550 TALLOC_FREE(ss_list);
1554 /********************************************************
1555 Resolve via "wins" method.
1556 *********************************************************/
1558 NTSTATUS resolve_wins(const char *name,
1560 struct ip_service **return_iplist,
1565 struct sockaddr_storage src_ss, *ss_list = NULL;
1566 struct in_addr src_ip;
1569 if (lp_disable_netbios()) {
1570 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1572 return NT_STATUS_INVALID_PARAMETER;
1575 *return_iplist = NULL;
1578 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1581 if (wins_srv_count() < 1) {
1582 DEBUG(3,("resolve_wins: WINS server resolution selected "
1583 "and no WINS servers listed.\n"));
1584 return NT_STATUS_INVALID_PARAMETER;
1587 /* we try a lookup on each of the WINS tags in turn */
1588 wins_tags = wins_srv_tags();
1591 /* huh? no tags?? give up in disgust */
1592 return NT_STATUS_INVALID_PARAMETER;
1595 /* the address we will be sending from */
1596 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1597 AI_NUMERICHOST|AI_PASSIVE)) {
1598 zero_sockaddr(&src_ss);
1601 if (src_ss.ss_family != AF_INET) {
1602 char addr[INET6_ADDRSTRLEN];
1603 print_sockaddr(addr, sizeof(addr), &src_ss);
1604 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1605 "on IPv6 address %s\n",
1607 wins_srv_tags_free(wins_tags);
1608 return NT_STATUS_INVALID_PARAMETER;
1611 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1613 /* in the worst case we will try every wins server with every
1615 for (t=0; wins_tags && wins_tags[t]; t++) {
1616 int srv_count = wins_srv_count_tag(wins_tags[t]);
1617 for (i=0; i<srv_count; i++) {
1618 struct sockaddr_storage wins_ss;
1619 struct in_addr wins_ip;
1621 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1623 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1624 /* yikes! we'll loop forever */
1628 /* skip any that have been unresponsive lately */
1629 if (wins_srv_is_dead(wins_ip, src_ip)) {
1633 DEBUG(3,("resolve_wins: using WINS server %s "
1635 inet_ntoa(wins_ip), wins_tags[t]));
1637 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1638 status = name_query(name,
1648 /* exit loop if we got a list of addresses */
1650 if (NT_STATUS_IS_OK(status)) {
1654 if (NT_STATUS_EQUAL(status,
1655 NT_STATUS_IO_TIMEOUT)) {
1656 /* Timed out waiting for WINS server to
1659 wins_srv_died(wins_ip, src_ip);
1661 /* The name definitely isn't in this
1662 group of WINS servers.
1663 goto the next group */
1669 wins_srv_tags_free(wins_tags);
1670 return NT_STATUS_NO_LOGON_SERVERS;
1674 status = NT_STATUS_OK;
1675 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1676 status = NT_STATUS_INVALID_PARAMETER;
1678 TALLOC_FREE(ss_list);
1679 wins_srv_tags_free(wins_tags);
1684 /********************************************************
1685 Resolve via "lmhosts" method.
1686 *********************************************************/
1688 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1689 struct ip_service **return_iplist,
1693 * "lmhosts" means parse the local lmhosts file.
1695 struct sockaddr_storage *ss_list;
1696 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1697 TALLOC_CTX *ctx = NULL;
1699 *return_iplist = NULL;
1702 DEBUG(3,("resolve_lmhosts: "
1703 "Attempting lmhosts lookup for name %s<0x%x>\n",
1706 ctx = talloc_init("resolve_lmhosts");
1708 return NT_STATUS_NO_MEMORY;
1711 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1716 if (NT_STATUS_IS_OK(status)) {
1717 if (convert_ss2service(return_iplist,
1721 return NT_STATUS_OK;
1724 return NT_STATUS_NO_MEMORY;
1732 /********************************************************
1733 Resolve via "hosts" method.
1734 *********************************************************/
1736 static NTSTATUS resolve_hosts(const char *name, int name_type,
1737 struct ip_service **return_iplist,
1741 * "host" means do a localhost, or dns lookup.
1743 struct addrinfo hints;
1744 struct addrinfo *ailist = NULL;
1745 struct addrinfo *res = NULL;
1749 if ( name_type != 0x20 && name_type != 0x0) {
1750 DEBUG(5, ("resolve_hosts: not appropriate "
1751 "for name type <0x%x>\n",
1753 return NT_STATUS_INVALID_PARAMETER;
1756 *return_iplist = NULL;
1759 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1763 /* By default make sure it supports TCP. */
1764 hints.ai_socktype = SOCK_STREAM;
1765 hints.ai_flags = AI_ADDRCONFIG;
1767 #if !defined(HAVE_IPV6)
1768 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1769 hints.ai_family = AF_INET;
1772 ret = getaddrinfo(name,
1777 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1779 gai_strerror(ret) ));
1782 for (res = ailist; res; res = res->ai_next) {
1783 struct sockaddr_storage ss;
1785 if (!res->ai_addr || res->ai_addrlen == 0) {
1790 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1794 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1797 if (!*return_iplist) {
1798 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1799 freeaddrinfo(ailist);
1800 return NT_STATUS_NO_MEMORY;
1802 (*return_iplist)[i].ss = ss;
1803 (*return_iplist)[i].port = PORT_NONE;
1807 freeaddrinfo(ailist);
1809 if (*return_count) {
1810 return NT_STATUS_OK;
1812 return NT_STATUS_UNSUCCESSFUL;
1815 /********************************************************
1816 Resolve via "ADS" method.
1817 *********************************************************/
1819 /* Special name type used to cause a _kerberos DNS lookup. */
1820 #define KDC_NAME_TYPE 0xDCDC
1822 static NTSTATUS resolve_ads(const char *name,
1824 const char *sitename,
1825 struct ip_service **return_iplist,
1831 struct dns_rr_srv *dcs = NULL;
1835 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1836 (name_type != 0x1b)) {
1837 return NT_STATUS_INVALID_PARAMETER;
1840 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1841 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1842 return NT_STATUS_NO_MEMORY;
1845 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1847 switch (name_type) {
1849 DEBUG(5,("resolve_ads: Attempting to resolve "
1850 "PDC for %s using DNS\n", name));
1851 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1855 DEBUG(5,("resolve_ads: Attempting to resolve "
1856 "DCs for %s using DNS\n", name));
1857 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1861 DEBUG(5,("resolve_ads: Attempting to resolve "
1862 "KDCs for %s using DNS\n", name));
1863 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1867 status = NT_STATUS_INVALID_PARAMETER;
1871 if ( !NT_STATUS_IS_OK( status ) ) {
1872 talloc_destroy(ctx);
1876 for (i=0;i<numdcs;i++) {
1877 numaddrs += MAX(dcs[i].num_ips,1);
1880 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1882 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1884 talloc_destroy(ctx);
1885 return NT_STATUS_NO_MEMORY;
1888 /* now unroll the list of IP addresses */
1893 while ( i < numdcs && (*return_count<numaddrs) ) {
1894 struct ip_service *r = &(*return_iplist)[*return_count];
1896 r->port = dcs[i].port;
1898 /* If we don't have an IP list for a name, lookup it up */
1901 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1905 /* use the IP addresses from the SRV sresponse */
1907 if ( j >= dcs[i].num_ips ) {
1913 r->ss = dcs[i].ss_s[j];
1917 /* make sure it is a valid IP. I considered checking the
1918 * negative connection cache, but this is the wrong place
1919 * for it. Maybe only as a hack. After think about it, if
1920 * all of the IP addresses returned from DNS are dead, what
1921 * hope does a netbios name lookup have ? The standard reason
1922 * for falling back to netbios lookups is that our DNS server
1923 * doesn't know anything about the DC's -- jerry */
1925 if (!is_zero_addr(&r->ss)) {
1930 talloc_destroy(ctx);
1931 return NT_STATUS_OK;
1934 /*******************************************************************
1935 Internal interface to resolve a name into an IP address.
1936 Use this function if the string is either an IP address, DNS
1937 or host name or NetBIOS name. This uses the name switch in the
1938 smb.conf to determine the order of name resolution.
1940 Added support for ip addr/port to support ADS ldap servers.
1941 the only place we currently care about the port is in the
1942 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1943 **********************************************************************/
1945 NTSTATUS internal_resolve_name(const char *name,
1947 const char *sitename,
1948 struct ip_service **return_iplist,
1950 const char *resolve_order)
1954 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1956 TALLOC_CTX *frame = NULL;
1958 *return_iplist = NULL;
1961 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1962 name, name_type, sitename ? sitename : "(null)"));
1964 if (is_ipaddress(name)) {
1965 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1967 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1968 return NT_STATUS_NO_MEMORY;
1971 /* ignore the port here */
1972 (*return_iplist)->port = PORT_NONE;
1974 /* if it's in the form of an IP address then get the lib to interpret it */
1975 if (!interpret_string_addr(&(*return_iplist)->ss,
1976 name, AI_NUMERICHOST)) {
1977 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1980 SAFE_FREE(*return_iplist);
1981 return NT_STATUS_INVALID_PARAMETER;
1984 return NT_STATUS_OK;
1987 /* Check name cache */
1989 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1990 /* This could be a negative response */
1991 if (*return_count > 0) {
1992 return NT_STATUS_OK;
1994 return NT_STATUS_UNSUCCESSFUL;
1998 /* set the name resolution order */
2000 if (strcmp( resolve_order, "NULL") == 0) {
2001 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
2002 return NT_STATUS_INVALID_PARAMETER;
2005 if (!resolve_order[0]) {
2008 ptr = resolve_order;
2011 /* iterate through the name resolution backends */
2013 frame = talloc_stackframe();
2014 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
2015 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
2016 status = resolve_hosts(name, name_type, return_iplist,
2018 if (NT_STATUS_IS_OK(status)) {
2021 } else if(strequal( tok, "kdc")) {
2022 /* deal with KDC_NAME_TYPE names here.
2023 * This will result in a SRV record lookup */
2024 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
2025 return_iplist, return_count);
2026 if (NT_STATUS_IS_OK(status)) {
2027 /* Ensure we don't namecache
2028 * this with the KDC port. */
2029 name_type = KDC_NAME_TYPE;
2032 } else if(strequal( tok, "ads")) {
2033 /* deal with 0x1c and 0x1b names here.
2034 * This will result in a SRV record lookup */
2035 status = resolve_ads(name, name_type, sitename,
2036 return_iplist, return_count);
2037 if (NT_STATUS_IS_OK(status)) {
2040 } else if(strequal( tok, "lmhosts")) {
2041 status = resolve_lmhosts(name, name_type,
2042 return_iplist, return_count);
2043 if (NT_STATUS_IS_OK(status)) {
2046 } else if(strequal( tok, "wins")) {
2047 /* don't resolve 1D via WINS */
2048 if (name_type != 0x1D) {
2049 status = resolve_wins(name, name_type,
2052 if (NT_STATUS_IS_OK(status)) {
2056 } else if(strequal( tok, "bcast")) {
2057 status = name_resolve_bcast(name, name_type,
2060 if (NT_STATUS_IS_OK(status)) {
2064 DEBUG(0,("resolve_name: unknown name switch type %s\n",
2069 /* All of the resolve_* functions above have returned false. */
2072 SAFE_FREE(*return_iplist);
2075 return NT_STATUS_UNSUCCESSFUL;
2079 /* Remove duplicate entries. Some queries, notably #1c (domain
2080 controllers) return the PDC in iplist[0] and then all domain
2081 controllers including the PDC in iplist[1..n]. Iterating over
2082 the iplist when the PDC is down will cause two sets of timeouts. */
2084 if ( *return_count ) {
2085 *return_count = remove_duplicate_addrs2(*return_iplist,
2089 /* Save in name cache */
2090 if ( DEBUGLEVEL >= 100 ) {
2091 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
2092 char addr[INET6_ADDRSTRLEN];
2093 print_sockaddr(addr, sizeof(addr),
2094 &(*return_iplist)[i].ss);
2095 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
2099 (*return_iplist)[i].port));
2103 namecache_store(name, name_type, *return_count, *return_iplist);
2105 /* Display some debugging info */
2107 if ( DEBUGLEVEL >= 10 ) {
2108 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
2111 for (i = 0; i < *return_count; i++) {
2112 char addr[INET6_ADDRSTRLEN];
2113 print_sockaddr(addr, sizeof(addr),
2114 &(*return_iplist)[i].ss);
2115 DEBUGADD(10, ("%s:%d ",
2117 (*return_iplist)[i].port));
2126 /********************************************************
2127 Internal interface to resolve a name into one IP address.
2128 Use this function if the string is either an IP address, DNS
2129 or host name or NetBIOS name. This uses the name switch in the
2130 smb.conf to determine the order of name resolution.
2131 *********************************************************/
2133 bool resolve_name(const char *name,
2134 struct sockaddr_storage *return_ss,
2138 struct ip_service *ss_list = NULL;
2139 char *sitename = NULL;
2142 if (is_ipaddress(name)) {
2143 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
2146 sitename = sitename_fetch(lp_realm()); /* wild guess */
2148 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
2150 lp_name_resolve_order()))) {
2154 for (i=0; i<count; i++) {
2155 if (!is_zero_addr(&ss_list[i].ss) &&
2156 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
2157 (ss_list[i].ss.ss_family == AF_INET)) {
2158 *return_ss = ss_list[i].ss;
2160 SAFE_FREE(sitename);
2166 /* only return valid addresses for TCP connections */
2167 for (i=0; i<count; i++) {
2168 if (!is_zero_addr(&ss_list[i].ss) &&
2169 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2170 *return_ss = ss_list[i].ss;
2172 SAFE_FREE(sitename);
2179 SAFE_FREE(sitename);
2183 /********************************************************
2184 Internal interface to resolve a name into a list of IP addresses.
2185 Use this function if the string is either an IP address, DNS
2186 or host name or NetBIOS name. This uses the name switch in the
2187 smb.conf to determine the order of name resolution.
2188 *********************************************************/
2190 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
2193 struct sockaddr_storage **return_ss_arr,
2194 unsigned int *p_num_entries)
2196 struct ip_service *ss_list = NULL;
2197 char *sitename = NULL;
2200 unsigned int num_entries;
2204 *return_ss_arr = NULL;
2206 if (is_ipaddress(name)) {
2207 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
2208 if (!*return_ss_arr) {
2209 return NT_STATUS_NO_MEMORY;
2211 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
2212 TALLOC_FREE(*return_ss_arr);
2213 return NT_STATUS_BAD_NETWORK_NAME;
2216 return NT_STATUS_OK;
2219 sitename = sitename_fetch(lp_realm()); /* wild guess */
2221 status = internal_resolve_name(name, name_type, sitename,
2223 lp_name_resolve_order());
2224 SAFE_FREE(sitename);
2226 if (!NT_STATUS_IS_OK(status)) {
2230 /* only return valid addresses for TCP connections */
2231 for (i=0, num_entries = 0; i<count; i++) {
2232 if (!is_zero_addr(&ss_list[i].ss) &&
2233 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2237 if (num_entries == 0) {
2239 return NT_STATUS_BAD_NETWORK_NAME;
2242 *return_ss_arr = TALLOC_ARRAY(ctx,
2243 struct sockaddr_storage,
2245 if (!(*return_ss_arr)) {
2247 return NT_STATUS_NO_MEMORY;
2250 for (i=0, num_entries = 0; i<count; i++) {
2251 if (!is_zero_addr(&ss_list[i].ss) &&
2252 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2253 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
2257 status = NT_STATUS_OK;
2258 *p_num_entries = num_entries;
2261 return NT_STATUS_OK;
2264 /********************************************************
2265 Find the IP address of the master browser or DMB for a workgroup.
2266 *********************************************************/
2268 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
2270 struct ip_service *ip_list = NULL;
2274 if (lp_disable_netbios()) {
2275 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
2279 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
2280 lp_name_resolve_order());
2281 if (NT_STATUS_IS_OK(status)) {
2282 *master_ss = ip_list[0].ss;
2287 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
2288 lp_name_resolve_order());
2289 if (NT_STATUS_IS_OK(status)) {
2290 *master_ss = ip_list[0].ss;
2299 /********************************************************
2300 Get the IP address list of the primary domain controller
2302 *********************************************************/
2304 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
2306 struct ip_service *ip_list = NULL;
2308 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
2310 /* Look up #1B name */
2312 if (lp_security() == SEC_ADS) {
2313 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2317 if (!NT_STATUS_IS_OK(status) || count == 0) {
2318 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2320 lp_name_resolve_order());
2321 if (!NT_STATUS_IS_OK(status)) {
2326 /* if we get more than 1 IP back we have to assume it is a
2327 multi-homed PDC and not a mess up */
2330 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
2331 sort_service_list(ip_list, count);
2334 *pss = ip_list[0].ss;
2339 /* Private enum type for lookups. */
2341 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
2343 /********************************************************
2344 Get the IP address list of the domain controllers for
2346 *********************************************************/
2348 static NTSTATUS get_dc_list(const char *domain,
2349 const char *sitename,
2350 struct ip_service **ip_list,
2352 enum dc_lookup_type lookup_type,
2355 char *resolve_order = NULL;
2356 char *saf_servername = NULL;
2357 char *pserver = NULL;
2359 char *port_str = NULL;
2362 int num_addresses = 0;
2363 int local_count, i, j;
2364 struct ip_service *return_iplist = NULL;
2365 struct ip_service *auto_ip_list = NULL;
2366 bool done_auto_lookup = false;
2369 TALLOC_CTX *ctx = talloc_init("get_dc_list");
2375 return NT_STATUS_NO_MEMORY;
2380 /* if we are restricted to solely using DNS for looking
2381 up a domain controller, make sure that host lookups
2382 are enabled for the 'name resolve order'. If host lookups
2383 are disabled and ads_only is True, then set the string to
2386 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
2387 if (!resolve_order) {
2388 status = NT_STATUS_NO_MEMORY;
2391 strlower_m(resolve_order);
2392 if (lookup_type == DC_ADS_ONLY) {
2393 if (strstr( resolve_order, "host")) {
2394 resolve_order = talloc_strdup(ctx, "ads");
2396 /* DNS SRV lookups used by the ads resolver
2397 are already sorted by priority and weight */
2400 resolve_order = talloc_strdup(ctx, "NULL");
2402 } else if (lookup_type == DC_KDC_ONLY) {
2403 /* DNS SRV lookups used by the ads/kdc resolver
2404 are already sorted by priority and weight */
2406 resolve_order = talloc_strdup(ctx, "kdc");
2408 if (!resolve_order) {
2409 status = NT_STATUS_NO_MEMORY;
2413 /* fetch the server we have affinity for. Add the
2414 'password server' list to a search for our domain controllers */
2416 saf_servername = saf_fetch( domain);
2418 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
2419 pserver = talloc_asprintf(ctx, "%s, %s",
2420 saf_servername ? saf_servername : "",
2421 lp_passwordserver());
2423 pserver = talloc_asprintf(ctx, "%s, *",
2424 saf_servername ? saf_servername : "");
2427 SAFE_FREE(saf_servername);
2429 status = NT_STATUS_NO_MEMORY;
2433 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
2436 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
2437 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2438 count, resolve_order);
2442 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
2445 * if '*' appears in the "password server" list then add
2446 * an auto lookup to the list of manually configured
2447 * DC's. If any DC is listed by name, then the list should be
2448 * considered to be ordered
2452 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2453 if (!done_auto_lookup && strequal(name, "*")) {
2454 status = internal_resolve_name(domain, 0x1C, sitename,
2458 if (NT_STATUS_IS_OK(status)) {
2459 num_addresses += auto_count;
2461 done_auto_lookup = true;
2462 DEBUG(8,("Adding %d DC's from auto lookup\n",
2469 /* if we have no addresses and haven't done the auto lookup, then
2470 just return the list of DC's. Or maybe we just failed. */
2472 if ((num_addresses == 0)) {
2473 if (done_auto_lookup) {
2474 DEBUG(4,("get_dc_list: no servers found\n"));
2475 status = NT_STATUS_NO_LOGON_SERVERS;
2478 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2479 count, resolve_order);
2483 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
2484 num_addresses)) == NULL) {
2485 DEBUG(3,("get_dc_list: malloc fail !\n"));
2486 status = NT_STATUS_NO_MEMORY;
2493 /* fill in the return list now with real IP's */
2495 while ((local_count<num_addresses) &&
2496 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2497 struct sockaddr_storage name_ss;
2499 /* copy any addersses from the auto lookup */
2501 if (strequal(name, "*")) {
2502 for (j=0; j<auto_count; j++) {
2503 char addr[INET6_ADDRSTRLEN];
2504 print_sockaddr(addr,
2506 &auto_ip_list[j].ss);
2507 /* Check for and don't copy any
2508 * known bad DC IP's. */
2509 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
2512 DEBUG(5,("get_dc_list: "
2513 "negative entry %s removed "
2518 return_iplist[local_count].ss =
2520 return_iplist[local_count].port =
2521 auto_ip_list[j].port;
2527 /* added support for address:port syntax for ads
2528 * (not that I think anyone will ever run the LDAP
2529 * server in an AD domain on something other than
2532 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2533 if ((port_str=strchr(name, ':')) != NULL) {
2536 port = atoi(port_str);
2539 /* explicit lookup; resolve_name() will
2540 * handle names & IP addresses */
2541 if (resolve_name( name, &name_ss, 0x20, true )) {
2542 char addr[INET6_ADDRSTRLEN];
2543 print_sockaddr(addr,
2547 /* Check for and don't copy any known bad DC IP's. */
2548 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2550 DEBUG(5,("get_dc_list: negative entry %s "
2551 "removed from DC list\n",
2556 return_iplist[local_count].ss = name_ss;
2557 return_iplist[local_count].port = port;
2563 /* need to remove duplicates in the list if we have any
2564 explicit password servers */
2567 local_count = remove_duplicate_addrs2(return_iplist,
2571 /* For DC's we always prioritize IPv4 due to W2K3 not
2572 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2574 if (local_count && return_iplist) {
2575 prioritize_ipv4_list(return_iplist, local_count);
2578 if ( DEBUGLEVEL >= 4 ) {
2579 DEBUG(4,("get_dc_list: returning %d ip addresses "
2580 "in an %sordered list\n",
2582 *ordered ? "":"un"));
2583 DEBUG(4,("get_dc_list: "));
2584 for ( i=0; i<local_count; i++ ) {
2585 char addr[INET6_ADDRSTRLEN];
2586 print_sockaddr(addr,
2588 &return_iplist[i].ss);
2589 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2594 *ip_list = return_iplist;
2595 *count = local_count;
2597 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2601 if (!NT_STATUS_IS_OK(status)) {
2602 SAFE_FREE(return_iplist);
2607 SAFE_FREE(auto_ip_list);
2612 /*********************************************************************
2613 Small wrapper function to get the DC list and sort it if neccessary.
2614 *********************************************************************/
2616 NTSTATUS get_sorted_dc_list( const char *domain,
2617 const char *sitename,
2618 struct ip_service **ip_list,
2622 bool ordered = false;
2624 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2629 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2630 "for name %s (sitename %s) using [%s]\n",
2632 sitename ? sitename : "NULL",
2633 (ads_only ? "ads" : lp_name_resolve_order())));
2636 lookup_type = DC_ADS_ONLY;
2639 status = get_dc_list(domain, sitename, ip_list,
2640 count, lookup_type, &ordered);
2641 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2643 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2644 " in site %s, fallback to all servers\n",
2646 status = get_dc_list(domain, NULL, ip_list,
2647 count, lookup_type, &ordered);
2650 if (!NT_STATUS_IS_OK(status)) {
2651 SAFE_FREE(*ip_list);
2656 /* only sort if we don't already have an ordered list */
2658 sort_service_list(*ip_list, *count);
2661 return NT_STATUS_OK;
2664 /*********************************************************************
2665 Get the KDC list - re-use all the logic in get_dc_list.
2666 *********************************************************************/
2668 NTSTATUS get_kdc_list( const char *realm,
2669 const char *sitename,
2670 struct ip_service **ip_list,
2679 status = get_dc_list(realm, sitename, ip_list,
2680 count, DC_KDC_ONLY, &ordered);
2682 if (!NT_STATUS_IS_OK(status)) {
2683 SAFE_FREE(*ip_list);
2688 /* only sort if we don't already have an ordered list */
2690 sort_service_list(*ip_list, *count);
2693 return NT_STATUS_OK;