2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* nmbd.c sets this to True. */
24 BOOL global_in_nmbd = False;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
38 static char *saf_key(const char *domain)
42 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
47 /****************************************************************************
48 ****************************************************************************/
50 BOOL saf_store( const char *domain, const char *servername )
56 if ( !domain || !servername ) {
57 DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n"));
61 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
62 DEBUG(0,("saf_store: refusing to store 0 length domain or servername!\n"));
66 if ( !gencache_init() )
69 key = saf_key( domain );
70 expire = time( NULL ) + SAF_TTL;
73 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
74 domain, servername, (unsigned int)expire ));
76 ret = gencache_set( key, servername, expire );
83 BOOL saf_delete( const char *domain )
89 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
93 if ( !gencache_init() )
96 key = saf_key(domain);
97 ret = gencache_del(key);
100 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
108 /****************************************************************************
109 ****************************************************************************/
111 char *saf_fetch( const char *domain )
118 if ( !domain || strlen(domain) == 0) {
119 DEBUG(2,("saf_fetch: Empty domain name!\n"));
123 if ( !gencache_init() )
126 key = saf_key( domain );
128 ret = gencache_get( key, &server, &timeout );
133 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain ));
135 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
142 /****************************************************************************
143 Generate a random trn_id.
144 ****************************************************************************/
146 static int generate_trn_id(void)
151 sys_srandom(sys_getpid());
154 trn_id = sys_random();
156 return trn_id % (unsigned)0x7FFF;
159 /****************************************************************************
160 Parse a node status response into an array of structures.
161 ****************************************************************************/
163 static NODE_STATUS_STRUCT *parse_node_status(char *p, int *num_names, struct node_status_extra *extra)
165 NODE_STATUS_STRUCT *ret;
168 *num_names = CVAL(p,0);
173 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
178 for (i=0;i< *num_names;i++) {
179 StrnCpy(ret[i].name,p,15);
180 trim_char(ret[i].name,'\0',' ');
181 ret[i].type = CVAL(p,15);
182 ret[i].flags = p[16];
184 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
185 ret[i].type, ret[i].flags));
188 * Also, pick up the MAC address ...
191 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
197 /****************************************************************************
198 Do a NBT node status query on an open socket and return an array of
199 structures holding the returned names or NULL if the query failed.
200 **************************************************************************/
202 NODE_STATUS_STRUCT *node_status_query(int fd,struct nmb_name *name,
203 struct in_addr to_ip, int *num_names,
204 struct node_status_extra *extra)
208 int retry_time = 2000;
210 struct packet_struct p;
211 struct packet_struct *p2;
212 struct nmb_packet *nmb = &p.packet.nmb;
213 NODE_STATUS_STRUCT *ret;
217 nmb->header.name_trn_id = generate_trn_id();
218 nmb->header.opcode = 0;
219 nmb->header.response = False;
220 nmb->header.nm_flags.bcast = False;
221 nmb->header.nm_flags.recursion_available = False;
222 nmb->header.nm_flags.recursion_desired = False;
223 nmb->header.nm_flags.trunc = False;
224 nmb->header.nm_flags.authoritative = False;
225 nmb->header.rcode = 0;
226 nmb->header.qdcount = 1;
227 nmb->header.ancount = 0;
228 nmb->header.nscount = 0;
229 nmb->header.arcount = 0;
230 nmb->question.question_name = *name;
231 nmb->question.question_type = 0x21;
232 nmb->question.question_class = 0x1;
237 p.timestamp = time(NULL);
238 p.packet_type = NMB_PACKET;
242 if (!send_packet(&p))
248 struct timeval tval2;
249 GetTimeOfDay(&tval2);
250 if (TvalDiff(&tval,&tval2) > retry_time) {
253 if (!found && !send_packet(&p))
259 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
260 struct nmb_packet *nmb2 = &p2->packet.nmb;
261 debug_nmb_packet(p2);
263 if (nmb2->header.opcode != 0 ||
264 nmb2->header.nm_flags.bcast ||
265 nmb2->header.rcode ||
266 !nmb2->header.ancount ||
267 nmb2->answers->rr_type != 0x21) {
268 /* XXXX what do we do with this? could be a
269 redirect, but we'll discard it for the
275 ret = parse_node_status(&nmb2->answers->rdata[0], num_names, extra);
284 /****************************************************************************
285 Find the first type XX name in a node status reply - used for finding
286 a servers name given its IP. Return the matched name in *name.
287 **************************************************************************/
289 BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, fstring name)
291 NODE_STATUS_STRUCT *status = NULL;
292 struct nmb_name nname;
297 if (lp_disable_netbios()) {
298 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n", q_name, q_type));
302 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
303 q_type, inet_ntoa(to_ip)));
305 /* Check the cache first. */
307 if (namecache_status_fetch(q_name, q_type, type, to_ip, name))
310 sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True);
314 /* W2K PDC's seem not to respond to '*'#0. JRA */
315 make_nmb_name(&nname, q_name, q_type);
316 status = node_status_query(sock, &nname, to_ip, &count, NULL);
321 for (i=0;i<count;i++) {
322 if (status[i].type == type)
328 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
330 /* Store the result in the cache. */
331 /* but don't store an entry for 0x1c names here. Here we have
332 a single host and DOMAIN<0x1c> names should be a list of hosts */
334 if ( q_type != 0x1c )
335 namecache_status_store(q_name, q_type, type, to_ip, name);
342 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
345 DEBUGADD(10, (", name %s ip address is %s", name, inet_ntoa(to_ip)));
353 comparison function used by sort_ip_list
356 static int ip_compare(struct in_addr *ip1, struct in_addr *ip2)
358 int max_bits1=0, max_bits2=0;
359 int num_interfaces = iface_count();
362 for (i=0;i<num_interfaces;i++) {
365 ip = *iface_n_bcast(i);
366 bits1 = matching_quad_bits((uchar *)&ip1->s_addr, (uchar *)&ip.s_addr);
367 bits2 = matching_quad_bits((uchar *)&ip2->s_addr, (uchar *)&ip.s_addr);
368 max_bits1 = MAX(bits1, max_bits1);
369 max_bits2 = MAX(bits2, max_bits2);
372 /* bias towards directly reachable IPs */
373 if (iface_local(*ip1)) {
376 if (iface_local(*ip2)) {
380 return max_bits2 - max_bits1;
383 /*******************************************************************
384 compare 2 ldap IPs by nearness to our interfaces - used in qsort
385 *******************************************************************/
387 static int ip_service_compare(struct ip_service *ip1, struct ip_service *ip2)
391 if ( (result = ip_compare(&ip1->ip, &ip2->ip)) != 0 )
394 if ( ip1->port > ip2->port )
397 if ( ip1->port < ip2->port )
404 sort an IP list so that names that are close to one of our interfaces
405 are at the top. This prevents the problem where a WINS server returns an IP that
406 is not reachable from our subnet as the first match
409 static void sort_ip_list(struct in_addr *iplist, int count)
415 qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
418 static void sort_ip_list2(struct ip_service *iplist, int count)
424 qsort(iplist, count, sizeof(struct ip_service), QSORT_CAST ip_service_compare);
427 /**********************************************************************
428 Remove any duplicate address/port pairs in the list
429 *********************************************************************/
431 static int remove_duplicate_addrs2( struct ip_service *iplist, int count )
435 DEBUG(10,("remove_duplicate_addrs2: looking for duplicate address/port pairs\n"));
437 /* one loop to remove duplicates */
438 for ( i=0; i<count; i++ ) {
439 if ( is_zero_ip(iplist[i].ip) )
442 for ( j=i+1; j<count; j++ ) {
443 if ( ip_service_equal(iplist[i], iplist[j]) )
444 zero_ip(&iplist[j].ip);
448 /* one loop to clean up any holes we left */
449 /* first ip should never be a zero_ip() */
450 for (i = 0; i<count; ) {
451 if ( is_zero_ip(iplist[i].ip) ) {
453 memmove(&iplist[i], &iplist[i+1], (count - i - 1)*sizeof(iplist[i]));
463 /****************************************************************************
464 Do a netbios name query to find someones IP.
465 Returns an array of IP addresses or NULL if none.
466 *count will be set to the number of addresses returned.
467 *timed_out is set if we failed by timing out
468 ****************************************************************************/
470 struct in_addr *name_query(int fd,const char *name,int name_type,
471 BOOL bcast,BOOL recurse,
472 struct in_addr to_ip, int *count, int *flags,
477 int retry_time = bcast?250:2000;
479 struct packet_struct p;
480 struct packet_struct *p2;
481 struct nmb_packet *nmb = &p.packet.nmb;
482 struct in_addr *ip_list = NULL;
484 if (lp_disable_netbios()) {
485 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n", name, name_type));
493 memset((char *)&p,'\0',sizeof(p));
497 nmb->header.name_trn_id = generate_trn_id();
498 nmb->header.opcode = 0;
499 nmb->header.response = False;
500 nmb->header.nm_flags.bcast = bcast;
501 nmb->header.nm_flags.recursion_available = False;
502 nmb->header.nm_flags.recursion_desired = recurse;
503 nmb->header.nm_flags.trunc = False;
504 nmb->header.nm_flags.authoritative = False;
505 nmb->header.rcode = 0;
506 nmb->header.qdcount = 1;
507 nmb->header.ancount = 0;
508 nmb->header.nscount = 0;
509 nmb->header.arcount = 0;
511 make_nmb_name(&nmb->question.question_name,name,name_type);
513 nmb->question.question_type = 0x20;
514 nmb->question.question_class = 0x1;
519 p.timestamp = time(NULL);
520 p.packet_type = NMB_PACKET;
524 if (!send_packet(&p))
530 struct timeval tval2;
532 GetTimeOfDay(&tval2);
533 if (TvalDiff(&tval,&tval2) > retry_time) {
536 if (!found && !send_packet(&p))
542 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
543 struct nmb_packet *nmb2 = &p2->packet.nmb;
544 debug_nmb_packet(p2);
546 /* If we get a Negative Name Query Response from a WINS
547 * server, we should report it and give up.
549 if( 0 == nmb2->header.opcode /* A query response */
550 && !(bcast) /* from a WINS server */
551 && nmb2->header.rcode /* Error returned */
554 if( DEBUGLVL( 3 ) ) {
555 /* Only executed if DEBUGLEVEL >= 3 */
556 dbgtext( "Negative name query response, rcode 0x%02x: ", nmb2->header.rcode );
557 switch( nmb2->header.rcode ) {
559 dbgtext( "Request was invalidly formatted.\n" );
562 dbgtext( "Problem with NBNS, cannot process name.\n");
565 dbgtext( "The name requested does not exist.\n" );
568 dbgtext( "Unsupported request error.\n" );
571 dbgtext( "Query refused error.\n" );
574 dbgtext( "Unrecognized error code.\n" );
582 if (nmb2->header.opcode != 0 ||
583 nmb2->header.nm_flags.bcast ||
584 nmb2->header.rcode ||
585 !nmb2->header.ancount) {
587 * XXXX what do we do with this? Could be a
588 * redirect, but we'll discard it for the
595 ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
596 (*count) + nmb2->answers->rdlength/6 );
599 DEBUG(0,("name_query: Realloc failed.\n"));
604 DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
605 for (i=0;i<nmb2->answers->rdlength/6;i++) {
606 putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
607 DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
614 /* We add the flags back ... */
615 if (nmb2->header.response)
616 (*flags) |= NM_FLAGS_RS;
617 if (nmb2->header.nm_flags.authoritative)
618 (*flags) |= NM_FLAGS_AA;
619 if (nmb2->header.nm_flags.trunc)
620 (*flags) |= NM_FLAGS_TC;
621 if (nmb2->header.nm_flags.recursion_desired)
622 (*flags) |= NM_FLAGS_RD;
623 if (nmb2->header.nm_flags.recursion_available)
624 (*flags) |= NM_FLAGS_RA;
625 if (nmb2->header.nm_flags.bcast)
626 (*flags) |= NM_FLAGS_B;
629 * If we're doing a unicast lookup we only
630 * expect one reply. Don't wait the full 2
631 * seconds if we got one. JRA.
638 /* only set timed_out if we didn't fund what we where looking for*/
640 if ( !found && timed_out ) {
644 /* sort the ip list so we choose close servers first if possible */
645 sort_ip_list(ip_list, *count);
650 /********************************************************
651 Start parsing the lmhosts file.
652 *********************************************************/
654 XFILE *startlmhosts(char *fname)
656 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
658 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. Error was %s\n",
659 fname, strerror(errno)));
665 /********************************************************
666 Parse the next line in the lmhosts file.
667 *********************************************************/
669 BOOL getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
673 while(!x_feof(fp) && !x_ferror(fp)) {
674 pstring ip,flags,extra;
681 if (!fgets_slash(line,sizeof(pstring),fp)) {
695 if (next_token(&ptr,ip ,NULL,sizeof(ip)))
697 if (next_token(&ptr,name ,NULL, sizeof(pstring)))
699 if (next_token(&ptr,flags,NULL, sizeof(flags)))
701 if (next_token(&ptr,extra,NULL, sizeof(extra)))
707 if (count > 0 && count < 2) {
708 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
713 DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
717 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
719 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
720 DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
724 *ipaddr = *interpret_addr2(ip);
726 /* Extra feature. If the name ends in '#XX', where XX is a hex number,
727 then only add that name type. */
728 if((ptr1 = strchr_m(name, '#')) != NULL) {
732 *name_type = (int)strtol(ptr1, &endptr, 16);
733 if(!*ptr1 || (endptr == ptr1)) {
734 DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
738 *(--ptr1) = '\0'; /* Truncate at the '#' */
747 /********************************************************
748 Finish parsing the lmhosts file.
749 *********************************************************/
751 void endlmhosts(XFILE *fp)
756 /********************************************************
757 convert an array if struct in_addrs to struct ip_service
758 return False on failure. Port is set to PORT_NONE;
759 *********************************************************/
761 static BOOL convert_ip2service( struct ip_service **return_iplist, struct in_addr *ip_list, int count )
765 if ( count==0 || !ip_list )
768 /* copy the ip address; port will be PORT_NONE */
769 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
770 DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
774 for ( i=0; i<count; i++ ) {
775 (*return_iplist)[i].ip = ip_list[i];
776 (*return_iplist)[i].port = PORT_NONE;
781 /********************************************************
782 Resolve via "bcast" method.
783 *********************************************************/
785 BOOL name_resolve_bcast(const char *name, int name_type,
786 struct ip_service **return_iplist, int *return_count)
789 int num_interfaces = iface_count();
790 struct in_addr *ip_list;
793 if (lp_disable_netbios()) {
794 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n", name, name_type));
798 *return_iplist = NULL;
802 * "bcast" means do a broadcast lookup on all the local interfaces.
805 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup for name %s<0x%x>\n", name, name_type));
807 sock = open_socket_in( SOCK_DGRAM, 0, 3,
808 interpret_addr(lp_socket_address()), True );
810 if (sock == -1) return False;
812 set_socket_options(sock,"SO_BROADCAST");
814 * Lookup the name on all the interfaces, return on
815 * the first successful match.
817 for( i = num_interfaces-1; i >= 0; i--) {
818 struct in_addr sendto_ip;
820 /* Done this way to fix compiler error on IRIX 5.x */
821 sendto_ip = *iface_n_bcast(i);
822 ip_list = name_query(sock, name, name_type, True,
823 True, sendto_ip, return_count, &flags, NULL);
828 /* failed - no response */
835 if ( !convert_ip2service(return_iplist, ip_list, *return_count) )
838 SAFE_FREE( ip_list );
843 /********************************************************
844 Resolve via "wins" method.
845 *********************************************************/
847 BOOL resolve_wins(const char *name, int name_type,
848 struct ip_service **return_iplist, int *return_count)
852 struct in_addr src_ip, *ip_list = NULL;
855 if (lp_disable_netbios()) {
856 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n", name, name_type));
860 *return_iplist = NULL;
863 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n", name, name_type));
865 if (wins_srv_count() < 1) {
866 DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n"));
870 /* we try a lookup on each of the WINS tags in turn */
871 wins_tags = wins_srv_tags();
874 /* huh? no tags?? give up in disgust */
878 /* the address we will be sending from */
879 src_ip = *interpret_addr2(lp_socket_address());
881 /* in the worst case we will try every wins server with every
883 for (t=0; wins_tags && wins_tags[t]; t++) {
884 int srv_count = wins_srv_count_tag(wins_tags[t]);
885 for (i=0; i<srv_count; i++) {
886 struct in_addr wins_ip;
890 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
892 if (global_in_nmbd && ismyip(wins_ip)) {
893 /* yikes! we'll loop forever */
897 /* skip any that have been unresponsive lately */
898 if (wins_srv_is_dead(wins_ip, src_ip)) {
902 DEBUG(3,("resolve_wins: using WINS server %s and tag '%s'\n", inet_ntoa(wins_ip), wins_tags[t]));
904 sock = open_socket_in(SOCK_DGRAM, 0, 3, src_ip.s_addr, True);
909 ip_list = name_query(sock,name,name_type, False,
910 True, wins_ip, return_count, &flags,
913 /* exit loop if we got a list of addresses */
921 /* Timed out wating for WINS server to respond. Mark it dead. */
922 wins_srv_died(wins_ip, src_ip);
924 /* The name definately isn't in this
925 group of WINS servers. goto the next group */
931 wins_srv_tags_free(wins_tags);
936 if ( !convert_ip2service( return_iplist, ip_list, *return_count ) )
939 SAFE_FREE( ip_list );
940 wins_srv_tags_free(wins_tags);
946 /********************************************************
947 Resolve via "lmhosts" method.
948 *********************************************************/
950 static BOOL resolve_lmhosts(const char *name, int name_type,
951 struct ip_service **return_iplist, int *return_count)
954 * "lmhosts" means parse the local lmhosts file.
960 struct in_addr return_ip;
963 *return_iplist = NULL;
966 DEBUG(3,("resolve_lmhosts: Attempting lmhosts lookup for name %s<0x%x>\n", name, name_type));
968 fp = startlmhosts(dyn_LMHOSTSFILE);
973 while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip))
976 if (!strequal(name, lmhost_name))
979 if ((name_type2 != -1) && (name_type != name_type2))
982 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist), struct ip_service,
985 if ((*return_iplist) == NULL) {
987 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
991 (*return_iplist)[*return_count].ip = return_ip;
992 (*return_iplist)[*return_count].port = PORT_NONE;
995 /* we found something */
998 /* Multiple names only for DC lookup */
999 if (name_type != 0x1c)
1009 /********************************************************
1010 Resolve via "hosts" method.
1011 *********************************************************/
1013 static BOOL resolve_hosts(const char *name, int name_type,
1014 struct ip_service **return_iplist, int *return_count)
1017 * "host" means do a localhost, or dns lookup.
1021 if ( name_type != 0x20 && name_type != 0x0) {
1022 DEBUG(5, ("resolve_hosts: not appropriate for name type <0x%x>\n", name_type));
1026 *return_iplist = NULL;
1029 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n", name, name_type));
1031 if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
1032 struct in_addr return_ip;
1033 putip((char *)&return_ip,(char *)hp->h_addr);
1034 *return_iplist = SMB_MALLOC_P(struct ip_service);
1035 if(*return_iplist == NULL) {
1036 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1039 (*return_iplist)->ip = return_ip;
1040 (*return_iplist)->port = PORT_NONE;
1047 /********************************************************
1048 Resolve via "ADS" method.
1049 *********************************************************/
1051 static BOOL resolve_ads(const char *name, int name_type,
1052 struct ip_service **return_iplist, int *return_count)
1057 struct dns_rr_srv *dcs = NULL;
1061 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE))
1064 DEBUG(5,("resolve_ads: Attempting to resolve DC's for %s using DNS\n",
1067 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1068 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1072 if (name_type == KDC_NAME_TYPE) {
1073 status = ads_dns_query_kdcs(ctx, name, &dcs, &numdcs);
1075 status = ads_dns_query_dcs(ctx, name, &dcs, &numdcs);
1077 if ( !NT_STATUS_IS_OK( status ) ) {
1078 talloc_destroy(ctx);
1082 for (i=0;i<numdcs;i++) {
1083 numaddrs += MAX(dcs[i].num_ips,1);
1086 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) == NULL ) {
1087 DEBUG(0,("resolve_ads: malloc failed for %d entries\n", numaddrs ));
1088 talloc_destroy(ctx);
1092 /* now unroll the list of IP addresses */
1097 while ( i < numdcs && (*return_count<numaddrs) ) {
1098 struct ip_service *r = &(*return_iplist)[*return_count];
1100 r->port = dcs[i].port;
1102 /* If we don't have an IP list for a name, lookup it up */
1104 if ( !dcs[i].ips ) {
1105 r->ip = *interpret_addr2(dcs[i].hostname);
1109 /* use the IP addresses from the SRV sresponse */
1111 if ( j >= dcs[i].num_ips ) {
1117 r->ip = dcs[i].ips[j];
1121 /* make sure it is a valid IP. I considered checking the negative
1122 connection cache, but this is the wrong place for it. Maybe only
1123 as a hac. After think about it, if all of the IP addresses retuend
1124 from DNS are dead, what hope does a netbios name lookup have?
1125 The standard reason for falling back to netbios lookups is that
1126 our DNS server doesn't know anything about the DC's -- jerry */
1128 if ( ! is_zero_ip(r->ip) )
1132 talloc_destroy(ctx);
1136 /*******************************************************************
1137 Internal interface to resolve a name into an IP address.
1138 Use this function if the string is either an IP address, DNS
1139 or host name or NetBIOS name. This uses the name switch in the
1140 smb.conf to determine the order of name resolution.
1142 Added support for ip addr/port to support ADS ldap servers.
1143 the only place we currently care about the port is in the
1144 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1145 **********************************************************************/
1147 BOOL internal_resolve_name(const char *name, int name_type,
1148 struct ip_service **return_iplist,
1149 int *return_count, const char *resolve_order)
1151 pstring name_resolve_list;
1154 BOOL allones = (strcmp(name,"255.255.255.255") == 0);
1155 BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
1156 BOOL is_address = is_ipaddress(name);
1157 BOOL result = False;
1160 *return_iplist = NULL;
1163 DEBUG(10, ("internal_resolve_name: looking up %s#%x\n", name, name_type));
1165 if (allzeros || allones || is_address) {
1167 if ( (*return_iplist = SMB_MALLOC_P(struct ip_service)) == NULL ) {
1168 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1173 /* ignore the port here */
1174 (*return_iplist)->port = PORT_NONE;
1176 /* if it's in the form of an IP address then get the lib to interpret it */
1177 if (((*return_iplist)->ip.s_addr = inet_addr(name)) == 0xFFFFFFFF ){
1178 DEBUG(1,("internal_resolve_name: inet_addr failed on %s\n", name));
1179 SAFE_FREE(*return_iplist);
1183 (*return_iplist)->ip.s_addr = allones ? 0xFFFFFFFF : 0;
1189 /* Check name cache */
1191 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1192 /* This could be a negative response */
1193 return (*return_count > 0);
1196 /* set the name resolution order */
1198 if ( strcmp( resolve_order, "NULL") == 0 ) {
1199 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1203 if ( !resolve_order ) {
1204 pstrcpy(name_resolve_list, lp_name_resolve_order());
1206 pstrcpy(name_resolve_list, resolve_order);
1209 if ( !name_resolve_list[0] ) {
1212 ptr = name_resolve_list;
1215 /* iterate through the name resolution backends */
1217 while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
1218 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1219 if (resolve_hosts(name, name_type, return_iplist, return_count)) {
1223 } else if(strequal( tok, "kdc")) {
1224 /* deal with KDC_NAME_TYPE names here. This will result in a
1225 SRV record lookup */
1226 if (resolve_ads(name, KDC_NAME_TYPE, return_iplist, return_count)) {
1228 /* Ensure we don't namecache this with the KDC port. */
1229 name_type = KDC_NAME_TYPE;
1232 } else if(strequal( tok, "ads")) {
1233 /* deal with 0x1c names here. This will result in a
1234 SRV record lookup */
1235 if (resolve_ads(name, name_type, return_iplist, return_count)) {
1239 } else if(strequal( tok, "lmhosts")) {
1240 if (resolve_lmhosts(name, name_type, return_iplist, return_count)) {
1244 } else if(strequal( tok, "wins")) {
1245 /* don't resolve 1D via WINS */
1246 if (name_type != 0x1D && resolve_wins(name, name_type, return_iplist, return_count)) {
1250 } else if(strequal( tok, "bcast")) {
1251 if (name_resolve_bcast(name, name_type, return_iplist, return_count)) {
1256 DEBUG(0,("resolve_name: unknown name switch type %s\n", tok));
1260 /* All of the resolve_* functions above have returned false. */
1262 SAFE_FREE(*return_iplist);
1269 /* Remove duplicate entries. Some queries, notably #1c (domain
1270 controllers) return the PDC in iplist[0] and then all domain
1271 controllers including the PDC in iplist[1..n]. Iterating over
1272 the iplist when the PDC is down will cause two sets of timeouts. */
1274 if ( *return_count ) {
1275 *return_count = remove_duplicate_addrs2( *return_iplist, *return_count );
1278 /* Save in name cache */
1279 if ( DEBUGLEVEL >= 100 ) {
1280 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
1281 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name,
1282 name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1285 namecache_store(name, name_type, *return_count, *return_iplist);
1287 /* Display some debugging info */
1289 if ( DEBUGLEVEL >= 10 ) {
1290 DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count));
1292 for (i = 0; i < *return_count; i++) {
1293 DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1301 /********************************************************
1302 Internal interface to resolve a name into one IP address.
1303 Use this function if the string is either an IP address, DNS
1304 or host name or NetBIOS name. This uses the name switch in the
1305 smb.conf to determine the order of name resolution.
1306 *********************************************************/
1308 BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
1310 struct ip_service *ip_list = NULL;
1313 if (is_ipaddress(name)) {
1314 *return_ip = *interpret_addr2(name);
1318 if (internal_resolve_name(name, name_type, &ip_list, &count, lp_name_resolve_order())) {
1321 /* only return valid addresses for TCP connections */
1322 for (i=0; i<count; i++) {
1323 char *ip_str = inet_ntoa(ip_list[i].ip);
1325 strcmp(ip_str, "255.255.255.255") != 0 &&
1326 strcmp(ip_str, "0.0.0.0") != 0)
1328 *return_ip = ip_list[i].ip;
1339 /********************************************************
1340 Find the IP address of the master browser or DMB for a workgroup.
1341 *********************************************************/
1343 BOOL find_master_ip(const char *group, struct in_addr *master_ip)
1345 struct ip_service *ip_list = NULL;
1348 if (lp_disable_netbios()) {
1349 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1353 if (internal_resolve_name(group, 0x1D, &ip_list, &count, lp_name_resolve_order())) {
1354 *master_ip = ip_list[0].ip;
1358 if(internal_resolve_name(group, 0x1B, &ip_list, &count, lp_name_resolve_order())) {
1359 *master_ip = ip_list[0].ip;
1368 /********************************************************
1369 Get the IP address list of the primary domain controller
1371 *********************************************************/
1373 BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
1375 struct ip_service *ip_list;
1378 /* Look up #1B name */
1380 if (!internal_resolve_name(domain, 0x1b, &ip_list, &count, lp_name_resolve_order())) {
1384 /* if we get more than 1 IP back we have to assume it is a
1385 multi-homed PDC and not a mess up */
1388 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1389 sort_ip_list2( ip_list, count );
1392 *ip = ip_list[0].ip;
1399 /* Private enum type for lookups. */
1401 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1403 /********************************************************
1404 Get the IP address list of the domain controllers for
1406 *********************************************************/
1408 static NTSTATUS get_dc_list(const char *domain, struct ip_service **ip_list,
1409 int *count, enum dc_lookup_type lookup_type, int *ordered)
1411 fstring resolve_order;
1412 char *saf_servername;
1418 int num_addresses = 0;
1419 int local_count, i, j;
1420 struct ip_service *return_iplist = NULL;
1421 struct ip_service *auto_ip_list = NULL;
1422 BOOL done_auto_lookup = False;
1427 /* if we are restricted to solely using DNS for looking
1428 up a domain controller, make sure that host lookups
1429 are enabled for the 'name resolve order'. If host lookups
1430 are disabled and ads_only is True, then set the string to
1433 fstrcpy( resolve_order, lp_name_resolve_order() );
1434 strlower_m( resolve_order );
1435 if ( lookup_type == DC_ADS_ONLY) {
1436 if ( strstr( resolve_order, "host" ) ) {
1437 fstrcpy( resolve_order, "ads" );
1439 /* DNS SRV lookups used by the ads resolver
1440 are already sorted by priority and weight */
1443 fstrcpy( resolve_order, "NULL" );
1445 } else if (lookup_type == DC_KDC_ONLY) {
1446 /* DNS SRV lookups used by the ads/kdc resolver
1447 are already sorted by priority and weight */
1449 fstrcpy( resolve_order, "kdc" );
1452 /* fetch the server we have affinity for. Add the
1453 'password server' list to a search for our domain controllers */
1455 saf_servername = saf_fetch( domain );
1457 if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
1458 pstr_sprintf( pserver, "%s, %s",
1459 saf_servername ? saf_servername : "",
1460 lp_passwordserver() );
1462 pstr_sprintf( pserver, "%s, *",
1463 saf_servername ? saf_servername : "" );
1466 SAFE_FREE( saf_servername );
1468 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1471 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1472 /* TODO: change return type of internal_resolve_name to
1474 if (internal_resolve_name(domain, 0x1C, ip_list, count,
1476 return NT_STATUS_OK;
1478 return NT_STATUS_NO_LOGON_SERVERS;
1482 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1485 * if '*' appears in the "password server" list then add
1486 * an auto lookup to the list of manually configured
1487 * DC's. If any DC is listed by name, then the list should be
1488 * considered to be ordered
1492 while (next_token(&p,name,LIST_SEP,sizeof(name))) {
1493 if (strequal(name, "*")) {
1494 if (internal_resolve_name(domain, 0x1C, &auto_ip_list,
1495 &auto_count, resolve_order))
1496 num_addresses += auto_count;
1497 done_auto_lookup = True;
1498 DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
1504 /* if we have no addresses and haven't done the auto lookup, then
1505 just return the list of DC's. Or maybe we just failed. */
1507 if ( (num_addresses == 0) ) {
1508 if ( done_auto_lookup ) {
1509 DEBUG(4,("get_dc_list: no servers found\n"));
1510 SAFE_FREE(auto_ip_list);
1511 return NT_STATUS_NO_LOGON_SERVERS;
1513 if (internal_resolve_name(domain, 0x1C, ip_list, count,
1515 return NT_STATUS_OK;
1517 return NT_STATUS_NO_LOGON_SERVERS;
1521 if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
1522 DEBUG(3,("get_dc_list: malloc fail !\n"));
1523 SAFE_FREE(auto_ip_list);
1524 return NT_STATUS_NO_MEMORY;
1530 /* fill in the return list now with real IP's */
1532 while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
1533 struct in_addr name_ip;
1535 /* copy any addersses from the auto lookup */
1537 if ( strequal(name, "*") ) {
1538 for ( j=0; j<auto_count; j++ ) {
1539 /* Check for and don't copy any known bad DC IP's. */
1540 if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1541 inet_ntoa(auto_ip_list[j].ip)))) {
1542 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
1543 inet_ntoa(auto_ip_list[j].ip) ));
1546 return_iplist[local_count].ip = auto_ip_list[j].ip;
1547 return_iplist[local_count].port = auto_ip_list[j].port;
1554 /* added support for address:port syntax for ads (not that I think
1555 anyone will ever run the LDAP server in an AD domain on something
1556 other than port 389 */
1558 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1559 if ( (port_str=strchr(name, ':')) != NULL ) {
1562 port = atoi( port_str );
1565 /* explicit lookup; resolve_name() will handle names & IP addresses */
1566 if ( resolve_name( name, &name_ip, 0x20 ) ) {
1568 /* Check for and don't copy any known bad DC IP's. */
1569 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
1570 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
1574 return_iplist[local_count].ip = name_ip;
1575 return_iplist[local_count].port = port;
1581 SAFE_FREE(auto_ip_list);
1583 /* need to remove duplicates in the list if we have any
1584 explicit password servers */
1586 if ( local_count ) {
1587 local_count = remove_duplicate_addrs2( return_iplist, local_count );
1590 if ( DEBUGLEVEL >= 4 ) {
1591 DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
1592 *ordered ? "":"un"));
1593 DEBUG(4,("get_dc_list: "));
1594 for ( i=0; i<local_count; i++ )
1595 DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
1599 *ip_list = return_iplist;
1600 *count = local_count;
1602 return ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
1605 /*********************************************************************
1606 Small wrapper function to get the DC list and sort it if neccessary.
1607 *********************************************************************/
1609 NTSTATUS get_sorted_dc_list( const char *domain, struct ip_service **ip_list, int *count, BOOL ads_only )
1613 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
1615 DEBUG(8,("get_sorted_dc_list: attempting lookup using [%s]\n",
1616 (ads_only ? "ads" : lp_name_resolve_order())));
1619 lookup_type = DC_ADS_ONLY;
1622 status = get_dc_list(domain, ip_list, count, lookup_type, &ordered);
1623 if (!NT_STATUS_IS_OK(status)) {
1627 /* only sort if we don't already have an ordered list */
1629 sort_ip_list2( *ip_list, *count );
1632 return NT_STATUS_OK;
1635 /*********************************************************************
1636 Get the KDC list - re-use all the logic in get_dc_list.
1637 *********************************************************************/
1639 NTSTATUS get_kdc_list( const char *realm, struct ip_service **ip_list, int *count)
1647 status = get_dc_list(realm, ip_list, count, DC_KDC_ONLY, &ordered);
1649 if (!NT_STATUS_IS_OK(status)) {
1653 /* only sort if we don't already have an ordered list */
1655 sort_ip_list2( *ip_list, *count );
1658 return NT_STATUS_OK;