2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 /* nmbd.c sets this to True. */
23 BOOL global_in_nmbd = False;
25 /****************************
26 * SERVER AFFINITY ROUTINES *
27 ****************************/
29 /* Server affinity is the concept of preferring the last domain
30 controller with whom you had a successful conversation */
32 /****************************************************************************
33 ****************************************************************************/
34 #define SAFKEY_FMT "SAF/DOMAIN/%s"
37 static char *saf_key(const char *domain)
41 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
46 /****************************************************************************
47 ****************************************************************************/
49 BOOL saf_store( const char *domain, const char *servername )
55 if ( !domain || !servername ) {
56 DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n"));
60 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
61 DEBUG(0,("saf_store: refusing to store 0 length domain or servername!\n"));
65 if ( !gencache_init() )
68 key = saf_key( domain );
69 expire = time( NULL ) + SAF_TTL;
72 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
73 domain, servername, (unsigned int)expire ));
75 ret = gencache_set( key, servername, expire );
82 BOOL saf_delete( const char *domain )
88 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
92 if ( !gencache_init() )
95 key = saf_key(domain);
96 ret = gencache_del(key);
99 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
107 /****************************************************************************
108 ****************************************************************************/
110 char *saf_fetch( const char *domain )
117 if ( !domain || strlen(domain) == 0) {
118 DEBUG(2,("saf_fetch: Empty domain name!\n"));
122 if ( !gencache_init() )
125 key = saf_key( domain );
127 ret = gencache_get( key, &server, &timeout );
132 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain ));
134 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
141 /****************************************************************************
142 Generate a random trn_id.
143 ****************************************************************************/
145 static int generate_trn_id(void)
149 generate_random_buffer((uint8 *)&id, sizeof(id));
151 return id % (unsigned)0x7FFF;
154 /****************************************************************************
155 Parse a node status response into an array of structures.
156 ****************************************************************************/
158 static NODE_STATUS_STRUCT *parse_node_status(char *p, int *num_names, struct node_status_extra *extra)
160 NODE_STATUS_STRUCT *ret;
163 *num_names = CVAL(p,0);
168 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
173 for (i=0;i< *num_names;i++) {
174 StrnCpy(ret[i].name,p,15);
175 trim_char(ret[i].name,'\0',' ');
176 ret[i].type = CVAL(p,15);
177 ret[i].flags = p[16];
179 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
180 ret[i].type, ret[i].flags));
183 * Also, pick up the MAC address ...
186 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
192 /****************************************************************************
193 Do a NBT node status query on an open socket and return an array of
194 structures holding the returned names or NULL if the query failed.
195 **************************************************************************/
197 NODE_STATUS_STRUCT *node_status_query(int fd,struct nmb_name *name,
198 struct in_addr to_ip, int *num_names,
199 struct node_status_extra *extra)
203 int retry_time = 2000;
205 struct packet_struct p;
206 struct packet_struct *p2;
207 struct nmb_packet *nmb = &p.packet.nmb;
208 NODE_STATUS_STRUCT *ret;
212 nmb->header.name_trn_id = generate_trn_id();
213 nmb->header.opcode = 0;
214 nmb->header.response = False;
215 nmb->header.nm_flags.bcast = False;
216 nmb->header.nm_flags.recursion_available = False;
217 nmb->header.nm_flags.recursion_desired = False;
218 nmb->header.nm_flags.trunc = False;
219 nmb->header.nm_flags.authoritative = False;
220 nmb->header.rcode = 0;
221 nmb->header.qdcount = 1;
222 nmb->header.ancount = 0;
223 nmb->header.nscount = 0;
224 nmb->header.arcount = 0;
225 nmb->question.question_name = *name;
226 nmb->question.question_type = 0x21;
227 nmb->question.question_class = 0x1;
232 p.timestamp = time(NULL);
233 p.packet_type = NMB_PACKET;
237 if (!send_packet(&p))
243 struct timeval tval2;
244 GetTimeOfDay(&tval2);
245 if (TvalDiff(&tval,&tval2) > retry_time) {
248 if (!found && !send_packet(&p))
254 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
255 struct nmb_packet *nmb2 = &p2->packet.nmb;
256 debug_nmb_packet(p2);
258 if (nmb2->header.opcode != 0 ||
259 nmb2->header.nm_flags.bcast ||
260 nmb2->header.rcode ||
261 !nmb2->header.ancount ||
262 nmb2->answers->rr_type != 0x21) {
263 /* XXXX what do we do with this? could be a
264 redirect, but we'll discard it for the
270 ret = parse_node_status(&nmb2->answers->rdata[0], num_names, extra);
279 /****************************************************************************
280 Find the first type XX name in a node status reply - used for finding
281 a servers name given its IP. Return the matched name in *name.
282 **************************************************************************/
284 BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, fstring name)
286 NODE_STATUS_STRUCT *status = NULL;
287 struct nmb_name nname;
292 if (lp_disable_netbios()) {
293 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n", q_name, q_type));
297 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
298 q_type, inet_ntoa(to_ip)));
300 /* Check the cache first. */
302 if (namecache_status_fetch(q_name, q_type, type, to_ip, name))
305 sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True);
309 /* W2K PDC's seem not to respond to '*'#0. JRA */
310 make_nmb_name(&nname, q_name, q_type);
311 status = node_status_query(sock, &nname, to_ip, &count, NULL);
316 for (i=0;i<count;i++) {
317 if (status[i].type == type)
323 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
325 /* Store the result in the cache. */
326 /* but don't store an entry for 0x1c names here. Here we have
327 a single host and DOMAIN<0x1c> names should be a list of hosts */
329 if ( q_type != 0x1c )
330 namecache_status_store(q_name, q_type, type, to_ip, name);
337 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
340 DEBUGADD(10, (", name %s ip address is %s", name, inet_ntoa(to_ip)));
348 comparison function used by sort_ip_list
351 static int ip_compare(struct in_addr *ip1, struct in_addr *ip2)
353 int max_bits1=0, max_bits2=0;
354 int num_interfaces = iface_count();
355 struct sockaddr_storage ss;
358 for (i=0;i<num_interfaces;i++) {
359 const struct sockaddr_storage *pss = iface_n_bcast(i);
363 if (pss->ss_family != AF_INET) {
366 ip = ((const struct sockaddr_in *)pss)->sin_addr;
367 bits1 = matching_quad_bits((uchar *)&ip1->s_addr, (uchar *)&ip.s_addr);
368 bits2 = matching_quad_bits((uchar *)&ip2->s_addr, (uchar *)&ip.s_addr);
369 max_bits1 = MAX(bits1, max_bits1);
370 max_bits2 = MAX(bits2, max_bits2);
373 /* bias towards directly reachable IPs */
374 in_addr_to_sockaddr_storage(&ss, *ip1);
375 if (iface_local(&ss)) {
378 in_addr_to_sockaddr_storage(&ss, *ip1);
379 if (iface_local(&ss)) {
383 return max_bits2 - max_bits1;
386 /*******************************************************************
387 compare 2 ldap IPs by nearness to our interfaces - used in qsort
388 *******************************************************************/
390 int ip_service_compare(struct ip_service *ip1, struct ip_service *ip2)
394 if ( (result = ip_compare(&ip1->ip, &ip2->ip)) != 0 )
397 if ( ip1->port > ip2->port )
400 if ( ip1->port < ip2->port )
407 sort an IP list so that names that are close to one of our interfaces
408 are at the top. This prevents the problem where a WINS server returns an IP that
409 is not reachable from our subnet as the first match
412 static void sort_ip_list(struct in_addr *iplist, int count)
418 qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
421 static void sort_ip_list2(struct ip_service *iplist, int count)
427 qsort(iplist, count, sizeof(struct ip_service), QSORT_CAST ip_service_compare);
430 /**********************************************************************
431 Remove any duplicate address/port pairs in the list
432 *********************************************************************/
434 static int remove_duplicate_addrs2( struct ip_service *iplist, int count )
438 DEBUG(10,("remove_duplicate_addrs2: looking for duplicate address/port pairs\n"));
440 /* one loop to remove duplicates */
441 for ( i=0; i<count; i++ ) {
442 if ( is_zero_ip_v4(iplist[i].ip) )
445 for ( j=i+1; j<count; j++ ) {
446 if ( ip_service_equal(iplist[i], iplist[j]) )
447 zero_ip_v4(&iplist[j].ip);
451 /* one loop to clean up any holes we left */
452 /* first ip should never be a zero_ip() */
453 for (i = 0; i<count; ) {
454 if ( is_zero_ip_v4(iplist[i].ip) ) {
456 memmove(&iplist[i], &iplist[i+1], (count - i - 1)*sizeof(iplist[i]));
466 /****************************************************************************
467 Do a netbios name query to find someones IP.
468 Returns an array of IP addresses or NULL if none.
469 *count will be set to the number of addresses returned.
470 *timed_out is set if we failed by timing out
471 ****************************************************************************/
473 struct in_addr *name_query(int fd,const char *name,int name_type,
474 BOOL bcast,BOOL recurse,
475 struct in_addr to_ip, int *count, int *flags,
480 int retry_time = bcast?250:2000;
482 struct packet_struct p;
483 struct packet_struct *p2;
484 struct nmb_packet *nmb = &p.packet.nmb;
485 struct in_addr *ip_list = NULL;
487 if (lp_disable_netbios()) {
488 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n", name, name_type));
496 memset((char *)&p,'\0',sizeof(p));
500 nmb->header.name_trn_id = generate_trn_id();
501 nmb->header.opcode = 0;
502 nmb->header.response = False;
503 nmb->header.nm_flags.bcast = bcast;
504 nmb->header.nm_flags.recursion_available = False;
505 nmb->header.nm_flags.recursion_desired = recurse;
506 nmb->header.nm_flags.trunc = False;
507 nmb->header.nm_flags.authoritative = False;
508 nmb->header.rcode = 0;
509 nmb->header.qdcount = 1;
510 nmb->header.ancount = 0;
511 nmb->header.nscount = 0;
512 nmb->header.arcount = 0;
514 make_nmb_name(&nmb->question.question_name,name,name_type);
516 nmb->question.question_type = 0x20;
517 nmb->question.question_class = 0x1;
522 p.timestamp = time(NULL);
523 p.packet_type = NMB_PACKET;
527 if (!send_packet(&p))
533 struct timeval tval2;
535 GetTimeOfDay(&tval2);
536 if (TvalDiff(&tval,&tval2) > retry_time) {
539 if (!found && !send_packet(&p))
545 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
546 struct nmb_packet *nmb2 = &p2->packet.nmb;
547 debug_nmb_packet(p2);
549 /* If we get a Negative Name Query Response from a WINS
550 * server, we should report it and give up.
552 if( 0 == nmb2->header.opcode /* A query response */
553 && !(bcast) /* from a WINS server */
554 && nmb2->header.rcode /* Error returned */
557 if( DEBUGLVL( 3 ) ) {
558 /* Only executed if DEBUGLEVEL >= 3 */
559 dbgtext( "Negative name query response, rcode 0x%02x: ", nmb2->header.rcode );
560 switch( nmb2->header.rcode ) {
562 dbgtext( "Request was invalidly formatted.\n" );
565 dbgtext( "Problem with NBNS, cannot process name.\n");
568 dbgtext( "The name requested does not exist.\n" );
571 dbgtext( "Unsupported request error.\n" );
574 dbgtext( "Query refused error.\n" );
577 dbgtext( "Unrecognized error code.\n" );
585 if (nmb2->header.opcode != 0 ||
586 nmb2->header.nm_flags.bcast ||
587 nmb2->header.rcode ||
588 !nmb2->header.ancount) {
590 * XXXX what do we do with this? Could be a
591 * redirect, but we'll discard it for the
598 ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
599 (*count) + nmb2->answers->rdlength/6 );
602 DEBUG(0,("name_query: Realloc failed.\n"));
607 DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
608 for (i=0;i<nmb2->answers->rdlength/6;i++) {
609 putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
610 DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
617 /* We add the flags back ... */
618 if (nmb2->header.response)
619 (*flags) |= NM_FLAGS_RS;
620 if (nmb2->header.nm_flags.authoritative)
621 (*flags) |= NM_FLAGS_AA;
622 if (nmb2->header.nm_flags.trunc)
623 (*flags) |= NM_FLAGS_TC;
624 if (nmb2->header.nm_flags.recursion_desired)
625 (*flags) |= NM_FLAGS_RD;
626 if (nmb2->header.nm_flags.recursion_available)
627 (*flags) |= NM_FLAGS_RA;
628 if (nmb2->header.nm_flags.bcast)
629 (*flags) |= NM_FLAGS_B;
632 * If we're doing a unicast lookup we only
633 * expect one reply. Don't wait the full 2
634 * seconds if we got one. JRA.
641 /* only set timed_out if we didn't fund what we where looking for*/
643 if ( !found && timed_out ) {
647 /* sort the ip list so we choose close servers first if possible */
648 sort_ip_list(ip_list, *count);
653 /********************************************************
654 Start parsing the lmhosts file.
655 *********************************************************/
657 XFILE *startlmhosts(const char *fname)
659 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
661 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. Error was %s\n",
662 fname, strerror(errno)));
668 /********************************************************
669 Parse the next line in the lmhosts file.
670 *********************************************************/
672 BOOL getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
676 while(!x_feof(fp) && !x_ferror(fp)) {
677 pstring ip,flags,extra;
684 if (!fgets_slash(line,sizeof(pstring),fp)) {
698 if (next_token(&ptr,ip ,NULL,sizeof(ip)))
700 if (next_token(&ptr,name ,NULL, sizeof(pstring)))
702 if (next_token(&ptr,flags,NULL, sizeof(flags)))
704 if (next_token(&ptr,extra,NULL, sizeof(extra)))
710 if (count > 0 && count < 2) {
711 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
716 DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
720 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
722 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
723 DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
727 *ipaddr = *interpret_addr2(ip);
729 /* Extra feature. If the name ends in '#XX', where XX is a hex number,
730 then only add that name type. */
731 if((ptr1 = strchr_m(name, '#')) != NULL) {
735 *name_type = (int)strtol(ptr1, &endptr, 16);
736 if(!*ptr1 || (endptr == ptr1)) {
737 DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
741 *(--ptr1) = '\0'; /* Truncate at the '#' */
750 /********************************************************
751 Finish parsing the lmhosts file.
752 *********************************************************/
754 void endlmhosts(XFILE *fp)
759 /********************************************************
760 convert an array if struct in_addrs to struct ip_service
761 return False on failure. Port is set to PORT_NONE;
762 *********************************************************/
764 static BOOL convert_ip2service( struct ip_service **return_iplist, struct in_addr *ip_list, int count )
768 if ( count==0 || !ip_list )
771 /* copy the ip address; port will be PORT_NONE */
772 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
773 DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
777 for ( i=0; i<count; i++ ) {
778 (*return_iplist)[i].ip = ip_list[i];
779 (*return_iplist)[i].port = PORT_NONE;
784 /********************************************************
785 Resolve via "bcast" method.
786 *********************************************************/
788 NTSTATUS name_resolve_bcast(const char *name, int name_type,
789 struct ip_service **return_iplist,
793 int num_interfaces = iface_count();
794 struct in_addr *ip_list;
797 if (lp_disable_netbios()) {
798 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n", name, name_type));
799 return NT_STATUS_INVALID_PARAMETER;
802 *return_iplist = NULL;
806 * "bcast" means do a broadcast lookup on all the local interfaces.
809 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup for name %s<0x%x>\n", name, name_type));
811 sock = open_socket_in( SOCK_DGRAM, 0, 3,
812 interpret_addr(lp_socket_address()), True );
814 if (sock == -1) return NT_STATUS_UNSUCCESSFUL;
816 set_socket_options(sock,"SO_BROADCAST");
818 * Lookup the name on all the interfaces, return on
819 * the first successful match.
821 for( i = num_interfaces-1; i >= 0; i--) {
822 struct in_addr sendto_ip;
823 const struct sockaddr_storage *ss = iface_n_bcast(i);
826 /* Done this way to fix compiler error on IRIX 5.x */
827 if (!ss || ss->ss_family != AF_INET) {
830 sendto_ip = ((const struct sockaddr_in *)ss)->sin_addr;
831 ip_list = name_query(sock, name, name_type, True,
832 True, sendto_ip, return_count, &flags, NULL);
837 /* failed - no response */
840 return NT_STATUS_UNSUCCESSFUL;
843 status = NT_STATUS_OK;
844 if ( !convert_ip2service(return_iplist, ip_list, *return_count) )
845 status = NT_STATUS_INVALID_PARAMETER;
847 SAFE_FREE( ip_list );
852 /********************************************************
853 Resolve via "wins" method.
854 *********************************************************/
856 NTSTATUS resolve_wins(const char *name, int name_type,
857 struct ip_service **return_iplist,
862 struct in_addr src_ip, *ip_list = NULL;
865 if (lp_disable_netbios()) {
866 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n", name, name_type));
867 return NT_STATUS_INVALID_PARAMETER;
870 *return_iplist = NULL;
873 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n", name, name_type));
875 if (wins_srv_count() < 1) {
876 DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n"));
877 return NT_STATUS_INVALID_PARAMETER;
880 /* we try a lookup on each of the WINS tags in turn */
881 wins_tags = wins_srv_tags();
884 /* huh? no tags?? give up in disgust */
885 return NT_STATUS_INVALID_PARAMETER;
888 /* the address we will be sending from */
889 src_ip = *interpret_addr2(lp_socket_address());
891 /* in the worst case we will try every wins server with every
893 for (t=0; wins_tags && wins_tags[t]; t++) {
894 int srv_count = wins_srv_count_tag(wins_tags[t]);
895 for (i=0; i<srv_count; i++) {
896 struct in_addr wins_ip;
900 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
902 if (global_in_nmbd && ismyip_v4(wins_ip)) {
903 /* yikes! we'll loop forever */
907 /* skip any that have been unresponsive lately */
908 if (wins_srv_is_dead(wins_ip, src_ip)) {
912 DEBUG(3,("resolve_wins: using WINS server %s and tag '%s'\n", inet_ntoa(wins_ip), wins_tags[t]));
914 sock = open_socket_in(SOCK_DGRAM, 0, 3, src_ip.s_addr, True);
919 ip_list = name_query(sock,name,name_type, False,
920 True, wins_ip, return_count, &flags,
923 /* exit loop if we got a list of addresses */
931 /* Timed out wating for WINS server to respond. Mark it dead. */
932 wins_srv_died(wins_ip, src_ip);
934 /* The name definately isn't in this
935 group of WINS servers. goto the next group */
941 wins_srv_tags_free(wins_tags);
942 return NT_STATUS_NO_LOGON_SERVERS;
945 status = NT_STATUS_OK;
946 if ( !convert_ip2service( return_iplist, ip_list, *return_count ) )
947 status = NT_STATUS_INVALID_PARAMETER;
949 SAFE_FREE( ip_list );
950 wins_srv_tags_free(wins_tags);
956 /********************************************************
957 Resolve via "lmhosts" method.
958 *********************************************************/
960 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
961 struct ip_service **return_iplist,
965 * "lmhosts" means parse the local lmhosts file.
971 struct in_addr return_ip;
972 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
974 *return_iplist = NULL;
977 DEBUG(3,("resolve_lmhosts: Attempting lmhosts lookup for name %s<0x%x>\n", name, name_type));
979 fp = startlmhosts(dyn_LMHOSTSFILE);
982 return NT_STATUS_NO_SUCH_FILE;
984 while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip))
987 if (!strequal(name, lmhost_name))
990 if ((name_type2 != -1) && (name_type != name_type2))
993 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist), struct ip_service,
996 if ((*return_iplist) == NULL) {
998 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
999 return NT_STATUS_NO_MEMORY;
1002 (*return_iplist)[*return_count].ip = return_ip;
1003 (*return_iplist)[*return_count].port = PORT_NONE;
1006 /* we found something */
1007 status = NT_STATUS_OK;
1009 /* Multiple names only for DC lookup */
1010 if (name_type != 0x1c)
1020 /********************************************************
1021 Resolve via "hosts" method.
1022 *********************************************************/
1024 static NTSTATUS resolve_hosts(const char *name, int name_type,
1025 struct ip_service **return_iplist,
1029 * "host" means do a localhost, or dns lookup.
1033 if ( name_type != 0x20 && name_type != 0x0) {
1034 DEBUG(5, ("resolve_hosts: not appropriate for name type <0x%x>\n", name_type));
1035 return NT_STATUS_INVALID_PARAMETER;
1038 *return_iplist = NULL;
1041 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n", name, name_type));
1043 if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
1044 struct in_addr return_ip;
1045 putip((char *)&return_ip,(char *)hp->h_addr);
1046 *return_iplist = SMB_MALLOC_P(struct ip_service);
1047 if(*return_iplist == NULL) {
1048 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1049 return NT_STATUS_NO_MEMORY;
1051 (*return_iplist)->ip = return_ip;
1052 (*return_iplist)->port = PORT_NONE;
1054 return NT_STATUS_OK;
1056 return NT_STATUS_UNSUCCESSFUL;
1059 /********************************************************
1060 Resolve via "ADS" method.
1061 *********************************************************/
1063 NTSTATUS resolve_ads(const char *name, int name_type,
1064 const char *sitename,
1065 struct ip_service **return_iplist,
1071 struct dns_rr_srv *dcs = NULL;
1075 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1076 (name_type != 0x1b)) {
1077 return NT_STATUS_INVALID_PARAMETER;
1080 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1081 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1082 return NT_STATUS_NO_MEMORY;
1085 switch (name_type) {
1087 DEBUG(5,("resolve_ads: Attempting to resolve "
1088 "PDC for %s using DNS\n", name));
1089 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1093 DEBUG(5,("resolve_ads: Attempting to resolve "
1094 "DCs for %s using DNS\n", name));
1095 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1099 DEBUG(5,("resolve_ads: Attempting to resolve "
1100 "KDCs for %s using DNS\n", name));
1101 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1105 status = NT_STATUS_INVALID_PARAMETER;
1109 if ( !NT_STATUS_IS_OK( status ) ) {
1110 talloc_destroy(ctx);
1114 for (i=0;i<numdcs;i++) {
1115 numaddrs += MAX(dcs[i].num_ips,1);
1118 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) == NULL ) {
1119 DEBUG(0,("resolve_ads: malloc failed for %d entries\n", numaddrs ));
1120 talloc_destroy(ctx);
1121 return NT_STATUS_NO_MEMORY;
1124 /* now unroll the list of IP addresses */
1129 while ( i < numdcs && (*return_count<numaddrs) ) {
1130 struct ip_service *r = &(*return_iplist)[*return_count];
1132 r->port = dcs[i].port;
1134 /* If we don't have an IP list for a name, lookup it up */
1136 if ( !dcs[i].ips ) {
1137 r->ip = *interpret_addr2(dcs[i].hostname);
1141 /* use the IP addresses from the SRV sresponse */
1143 if ( j >= dcs[i].num_ips ) {
1149 r->ip = dcs[i].ips[j];
1153 /* make sure it is a valid IP. I considered checking the negative
1154 connection cache, but this is the wrong place for it. Maybe only
1155 as a hac. After think about it, if all of the IP addresses retuend
1156 from DNS are dead, what hope does a netbios name lookup have?
1157 The standard reason for falling back to netbios lookups is that
1158 our DNS server doesn't know anything about the DC's -- jerry */
1160 if ( ! is_zero_ip_v4(r->ip) )
1164 talloc_destroy(ctx);
1165 return NT_STATUS_OK;
1168 /*******************************************************************
1169 Internal interface to resolve a name into an IP address.
1170 Use this function if the string is either an IP address, DNS
1171 or host name or NetBIOS name. This uses the name switch in the
1172 smb.conf to determine the order of name resolution.
1174 Added support for ip addr/port to support ADS ldap servers.
1175 the only place we currently care about the port is in the
1176 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1177 **********************************************************************/
1179 NTSTATUS internal_resolve_name(const char *name, int name_type,
1180 const char *sitename,
1181 struct ip_service **return_iplist,
1182 int *return_count, const char *resolve_order)
1184 pstring name_resolve_list;
1187 BOOL allones = (strcmp(name,"255.255.255.255") == 0);
1188 BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
1189 BOOL is_address = is_ipaddress_v4(name);
1190 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1193 *return_iplist = NULL;
1196 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1197 name, name_type, sitename ? sitename : NULL));
1199 if (allzeros || allones || is_address) {
1201 if ( (*return_iplist = SMB_MALLOC_P(struct ip_service)) == NULL ) {
1202 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1203 return NT_STATUS_NO_MEMORY;
1207 /* ignore the port here */
1208 (*return_iplist)->port = PORT_NONE;
1210 /* if it's in the form of an IP address then get the lib to interpret it */
1211 if (((*return_iplist)->ip.s_addr = inet_addr(name)) == 0xFFFFFFFF ){
1212 DEBUG(1,("internal_resolve_name: inet_addr failed on %s\n", name));
1213 SAFE_FREE(*return_iplist);
1214 return NT_STATUS_INVALID_PARAMETER;
1217 (*return_iplist)->ip.s_addr = allones ? 0xFFFFFFFF : 0;
1220 return NT_STATUS_OK;
1223 /* Check name cache */
1225 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1226 /* This could be a negative response */
1227 if (*return_count > 0) {
1228 return NT_STATUS_OK;
1230 return NT_STATUS_UNSUCCESSFUL;
1234 /* set the name resolution order */
1236 if ( strcmp( resolve_order, "NULL") == 0 ) {
1237 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1238 return NT_STATUS_INVALID_PARAMETER;
1241 if ( !resolve_order ) {
1242 pstrcpy(name_resolve_list, lp_name_resolve_order());
1244 pstrcpy(name_resolve_list, resolve_order);
1247 if ( !name_resolve_list[0] ) {
1250 ptr = name_resolve_list;
1253 /* iterate through the name resolution backends */
1255 while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
1256 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1257 status = resolve_hosts(name, name_type, return_iplist,
1259 if (NT_STATUS_IS_OK(status)) {
1262 } else if(strequal( tok, "kdc")) {
1263 /* deal with KDC_NAME_TYPE names here. This will result in a
1264 SRV record lookup */
1265 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1266 return_iplist, return_count);
1267 if (NT_STATUS_IS_OK(status)) {
1268 /* Ensure we don't namecache this with the KDC port. */
1269 name_type = KDC_NAME_TYPE;
1272 } else if(strequal( tok, "ads")) {
1273 /* deal with 0x1c and 0x1b names here. This will result in a
1274 SRV record lookup */
1275 status = resolve_ads(name, name_type, sitename,
1276 return_iplist, return_count);
1277 if (NT_STATUS_IS_OK(status)) {
1280 } else if(strequal( tok, "lmhosts")) {
1281 status = resolve_lmhosts(name, name_type,
1282 return_iplist, return_count);
1283 if (NT_STATUS_IS_OK(status)) {
1286 } else if(strequal( tok, "wins")) {
1287 /* don't resolve 1D via WINS */
1288 if (name_type != 0x1D) {
1289 status = resolve_wins(name, name_type,
1292 if (NT_STATUS_IS_OK(status)) {
1296 } else if(strequal( tok, "bcast")) {
1297 status = name_resolve_bcast(name, name_type,
1300 if (NT_STATUS_IS_OK(status)) {
1304 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1309 /* All of the resolve_* functions above have returned false. */
1311 SAFE_FREE(*return_iplist);
1314 return NT_STATUS_UNSUCCESSFUL;
1318 /* Remove duplicate entries. Some queries, notably #1c (domain
1319 controllers) return the PDC in iplist[0] and then all domain
1320 controllers including the PDC in iplist[1..n]. Iterating over
1321 the iplist when the PDC is down will cause two sets of timeouts. */
1323 if ( *return_count ) {
1324 *return_count = remove_duplicate_addrs2( *return_iplist, *return_count );
1327 /* Save in name cache */
1328 if ( DEBUGLEVEL >= 100 ) {
1329 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
1330 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name,
1331 name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1334 namecache_store(name, name_type, *return_count, *return_iplist);
1336 /* Display some debugging info */
1338 if ( DEBUGLEVEL >= 10 ) {
1339 DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count));
1341 for (i = 0; i < *return_count; i++) {
1342 DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1350 /********************************************************
1351 Internal interface to resolve a name into one IP address.
1352 Use this function if the string is either an IP address, DNS
1353 or host name or NetBIOS name. This uses the name switch in the
1354 smb.conf to determine the order of name resolution.
1355 *********************************************************/
1357 BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
1359 struct ip_service *ip_list = NULL;
1360 char *sitename = sitename_fetch(lp_realm()); /* wild guess */
1363 if (is_ipaddress_v4(name)) {
1364 *return_ip = *interpret_addr2(name);
1365 SAFE_FREE(sitename);
1369 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1371 lp_name_resolve_order()))) {
1374 /* only return valid addresses for TCP connections */
1375 for (i=0; i<count; i++) {
1376 char *ip_str = inet_ntoa(ip_list[i].ip);
1378 strcmp(ip_str, "255.255.255.255") != 0 &&
1379 strcmp(ip_str, "0.0.0.0") != 0)
1381 *return_ip = ip_list[i].ip;
1383 SAFE_FREE(sitename);
1390 SAFE_FREE(sitename);
1394 /********************************************************
1395 Find the IP address of the master browser or DMB for a workgroup.
1396 *********************************************************/
1398 BOOL find_master_ip(const char *group, struct in_addr *master_ip)
1400 struct ip_service *ip_list = NULL;
1404 if (lp_disable_netbios()) {
1405 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1409 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1410 lp_name_resolve_order());
1411 if (NT_STATUS_IS_OK(status)) {
1412 *master_ip = ip_list[0].ip;
1417 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1418 lp_name_resolve_order());
1419 if (NT_STATUS_IS_OK(status)) {
1420 *master_ip = ip_list[0].ip;
1429 /********************************************************
1430 Get the IP address list of the primary domain controller
1432 *********************************************************/
1434 BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
1436 struct ip_service *ip_list = NULL;
1438 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1440 /* Look up #1B name */
1442 if (lp_security() == SEC_ADS) {
1443 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1447 if (!NT_STATUS_IS_OK(status) || count == 0) {
1448 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1450 lp_name_resolve_order());
1451 if (!NT_STATUS_IS_OK(status)) {
1456 /* if we get more than 1 IP back we have to assume it is a
1457 multi-homed PDC and not a mess up */
1460 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1461 sort_ip_list2( ip_list, count );
1464 *ip = ip_list[0].ip;
1471 /* Private enum type for lookups. */
1473 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1475 /********************************************************
1476 Get the IP address list of the domain controllers for
1478 *********************************************************/
1480 static NTSTATUS get_dc_list(const char *domain, const char *sitename, struct ip_service **ip_list,
1481 int *count, enum dc_lookup_type lookup_type, int *ordered)
1483 fstring resolve_order;
1484 char *saf_servername;
1490 int num_addresses = 0;
1491 int local_count, i, j;
1492 struct ip_service *return_iplist = NULL;
1493 struct ip_service *auto_ip_list = NULL;
1494 BOOL done_auto_lookup = False;
1500 /* if we are restricted to solely using DNS for looking
1501 up a domain controller, make sure that host lookups
1502 are enabled for the 'name resolve order'. If host lookups
1503 are disabled and ads_only is True, then set the string to
1506 fstrcpy( resolve_order, lp_name_resolve_order() );
1507 strlower_m( resolve_order );
1508 if ( lookup_type == DC_ADS_ONLY) {
1509 if ( strstr( resolve_order, "host" ) ) {
1510 fstrcpy( resolve_order, "ads" );
1512 /* DNS SRV lookups used by the ads resolver
1513 are already sorted by priority and weight */
1516 fstrcpy( resolve_order, "NULL" );
1518 } else if (lookup_type == DC_KDC_ONLY) {
1519 /* DNS SRV lookups used by the ads/kdc resolver
1520 are already sorted by priority and weight */
1522 fstrcpy( resolve_order, "kdc" );
1525 /* fetch the server we have affinity for. Add the
1526 'password server' list to a search for our domain controllers */
1528 saf_servername = saf_fetch( domain);
1530 if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
1531 pstr_sprintf( pserver, "%s, %s",
1532 saf_servername ? saf_servername : "",
1533 lp_passwordserver() );
1535 pstr_sprintf( pserver, "%s, *",
1536 saf_servername ? saf_servername : "" );
1539 SAFE_FREE( saf_servername );
1541 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1544 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1545 return internal_resolve_name(domain, 0x1C, sitename, ip_list,
1546 count, resolve_order);
1549 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1552 * if '*' appears in the "password server" list then add
1553 * an auto lookup to the list of manually configured
1554 * DC's. If any DC is listed by name, then the list should be
1555 * considered to be ordered
1559 while (next_token(&p,name,LIST_SEP,sizeof(name))) {
1560 if (strequal(name, "*")) {
1561 status = internal_resolve_name(domain, 0x1C, sitename,
1565 if (NT_STATUS_IS_OK(status)) {
1566 num_addresses += auto_count;
1568 done_auto_lookup = True;
1569 DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
1575 /* if we have no addresses and haven't done the auto lookup, then
1576 just return the list of DC's. Or maybe we just failed. */
1578 if ( (num_addresses == 0) ) {
1579 if ( done_auto_lookup ) {
1580 DEBUG(4,("get_dc_list: no servers found\n"));
1581 SAFE_FREE(auto_ip_list);
1582 return NT_STATUS_NO_LOGON_SERVERS;
1584 return internal_resolve_name(domain, 0x1C, sitename, ip_list,
1585 count, resolve_order);
1588 if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
1589 DEBUG(3,("get_dc_list: malloc fail !\n"));
1590 SAFE_FREE(auto_ip_list);
1591 return NT_STATUS_NO_MEMORY;
1597 /* fill in the return list now with real IP's */
1599 while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
1600 struct in_addr name_ip;
1602 /* copy any addersses from the auto lookup */
1604 if ( strequal(name, "*") ) {
1605 for ( j=0; j<auto_count; j++ ) {
1606 /* Check for and don't copy any known bad DC IP's. */
1607 if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1608 inet_ntoa(auto_ip_list[j].ip)))) {
1609 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
1610 inet_ntoa(auto_ip_list[j].ip) ));
1613 return_iplist[local_count].ip = auto_ip_list[j].ip;
1614 return_iplist[local_count].port = auto_ip_list[j].port;
1621 /* added support for address:port syntax for ads (not that I think
1622 anyone will ever run the LDAP server in an AD domain on something
1623 other than port 389 */
1625 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1626 if ( (port_str=strchr(name, ':')) != NULL ) {
1629 port = atoi( port_str );
1632 /* explicit lookup; resolve_name() will handle names & IP addresses */
1633 if ( resolve_name( name, &name_ip, 0x20 ) ) {
1635 /* Check for and don't copy any known bad DC IP's. */
1636 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
1637 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
1641 return_iplist[local_count].ip = name_ip;
1642 return_iplist[local_count].port = port;
1648 SAFE_FREE(auto_ip_list);
1650 /* need to remove duplicates in the list if we have any
1651 explicit password servers */
1653 if ( local_count ) {
1654 local_count = remove_duplicate_addrs2( return_iplist, local_count );
1657 if ( DEBUGLEVEL >= 4 ) {
1658 DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
1659 *ordered ? "":"un"));
1660 DEBUG(4,("get_dc_list: "));
1661 for ( i=0; i<local_count; i++ )
1662 DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
1666 *ip_list = return_iplist;
1667 *count = local_count;
1669 return ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
1672 /*********************************************************************
1673 Small wrapper function to get the DC list and sort it if neccessary.
1674 *********************************************************************/
1676 NTSTATUS get_sorted_dc_list( const char *domain, const char *sitename, struct ip_service **ip_list, int *count, BOOL ads_only )
1680 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
1682 DEBUG(8,("get_sorted_dc_list: attempting lookup for name %s (sitename %s) "
1685 sitename ? sitename : "NULL",
1686 (ads_only ? "ads" : lp_name_resolve_order())));
1689 lookup_type = DC_ADS_ONLY;
1692 status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered);
1693 if (!NT_STATUS_IS_OK(status)) {
1697 /* only sort if we don't already have an ordered list */
1699 sort_ip_list2( *ip_list, *count );
1702 return NT_STATUS_OK;
1705 /*********************************************************************
1706 Get the KDC list - re-use all the logic in get_dc_list.
1707 *********************************************************************/
1709 NTSTATUS get_kdc_list( const char *realm, const char *sitename, struct ip_service **ip_list, int *count)
1717 status = get_dc_list(realm, sitename, ip_list, count, DC_KDC_ONLY, &ordered);
1719 if (!NT_STATUS_IS_OK(status)) {
1723 /* only sort if we don't already have an ordered list */
1725 sort_ip_list2( *ip_list, *count );
1728 return NT_STATUS_OK;