2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/util/tevent_ntstatus.h"
23 #include "libads/sitename_cache.h"
24 #include "libads/dns.h"
25 #include "../libcli/netlogon/netlogon.h"
26 #include "lib/async_req/async_sock.h"
27 #include "libsmb/nmblib.h"
29 /* nmbd.c sets this to True. */
30 bool global_in_nmbd = False;
32 /****************************
33 * SERVER AFFINITY ROUTINES *
34 ****************************/
36 /* Server affinity is the concept of preferring the last domain
37 controller with whom you had a successful conversation */
39 /****************************************************************************
40 ****************************************************************************/
41 #define SAFKEY_FMT "SAF/DOMAIN/%s"
43 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
44 #define SAFJOIN_TTL 3600
46 static char *saf_key(const char *domain)
50 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
55 static char *saf_join_key(const char *domain)
59 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
64 /****************************************************************************
65 ****************************************************************************/
67 bool saf_store( const char *domain, const char *servername )
73 if ( !domain || !servername ) {
74 DEBUG(2,("saf_store: "
75 "Refusing to store empty domain or servername!\n"));
79 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
80 DEBUG(0,("saf_store: "
81 "refusing to store 0 length domain or servername!\n"));
85 key = saf_key( domain );
86 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
88 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
89 domain, servername, (unsigned int)expire ));
91 ret = gencache_set( key, servername, expire );
98 bool saf_join_store( const char *domain, const char *servername )
104 if ( !domain || !servername ) {
105 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
109 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
110 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
114 key = saf_join_key( domain );
115 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
117 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
118 domain, servername, (unsigned int)expire ));
120 ret = gencache_set( key, servername, expire );
127 bool saf_delete( const char *domain )
133 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
137 key = saf_join_key(domain);
138 ret = gencache_del(key);
142 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
145 key = saf_key(domain);
146 ret = gencache_del(key);
150 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
156 /****************************************************************************
157 ****************************************************************************/
159 char *saf_fetch( const char *domain )
166 if ( !domain || strlen(domain) == 0) {
167 DEBUG(2,("saf_fetch: Empty domain name!\n"));
171 key = saf_join_key( domain );
173 ret = gencache_get( key, &server, &timeout );
178 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
183 key = saf_key( domain );
185 ret = gencache_get( key, &server, &timeout );
190 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
193 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
200 /****************************************************************************
201 Generate a random trn_id.
202 ****************************************************************************/
204 static int generate_trn_id(void)
208 generate_random_buffer((uint8 *)&id, sizeof(id));
210 return id % (unsigned)0x7FFF;
213 /****************************************************************************
214 Parse a node status response into an array of structures.
215 ****************************************************************************/
217 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
219 struct node_status_extra *extra)
221 struct node_status *ret;
224 *num_names = CVAL(p,0);
229 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
234 for (i=0;i< *num_names;i++) {
235 StrnCpy(ret[i].name,p,15);
236 trim_char(ret[i].name,'\0',' ');
237 ret[i].type = CVAL(p,15);
238 ret[i].flags = p[16];
240 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
241 ret[i].type, ret[i].flags));
244 * Also, pick up the MAC address ...
247 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
252 struct sock_packet_read_state {
253 struct tevent_context *ev;
254 enum packet_type type;
257 struct nb_packet_reader *reader;
258 struct tevent_req *reader_req;
261 struct tevent_req *socket_req;
263 struct sockaddr_storage addr;
266 bool (*validator)(struct packet_struct *p,
270 struct packet_struct *packet;
273 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s);
274 static void sock_packet_read_got_packet(struct tevent_req *subreq);
275 static void sock_packet_read_got_socket(struct tevent_req *subreq);
277 static struct tevent_req *sock_packet_read_send(
279 struct tevent_context *ev,
280 int sock, /* dgram socket */
281 struct nb_packet_reader *reader,
282 enum packet_type type,
284 bool (*validator)(struct packet_struct *p, void *private_data),
287 struct tevent_req *req;
288 struct sock_packet_read_state *state;
290 req = tevent_req_create(mem_ctx, &state,
291 struct sock_packet_read_state);
295 talloc_set_destructor(state, sock_packet_read_state_destructor);
297 state->reader = reader;
300 state->trn_id = trn_id;
301 state->validator = validator;
302 state->private_data = private_data;
304 if (reader != NULL) {
305 state->reader_req = nb_packet_read_send(state, ev, reader);
306 if (tevent_req_nomem(state->reader_req, req)) {
307 return tevent_req_post(req, ev);
309 tevent_req_set_callback(
310 state->reader_req, sock_packet_read_got_packet, req);
313 state->addr_len = sizeof(state->addr);
314 state->socket_req = recvfrom_send(state, ev, sock,
315 state->buf, sizeof(state->buf), 0,
316 &state->addr, &state->addr_len);
317 if (tevent_req_nomem(state->socket_req, req)) {
318 return tevent_req_post(req, ev);
320 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
326 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s)
328 if (s->packet != NULL) {
329 free_packet(s->packet);
335 static void sock_packet_read_got_packet(struct tevent_req *subreq)
337 struct tevent_req *req = tevent_req_callback_data(
338 subreq, struct tevent_req);
339 struct sock_packet_read_state *state = tevent_req_data(
340 req, struct sock_packet_read_state);
343 status = nb_packet_read_recv(subreq, &state->packet);
345 TALLOC_FREE(state->reader_req);
347 if (!NT_STATUS_IS_OK(status)) {
348 if (state->socket_req != NULL) {
350 * Still waiting for socket
355 * Both socket and packet reader failed
357 tevent_req_nterror(req, status);
361 if ((state->validator != NULL) &&
362 !state->validator(state->packet, state->private_data)) {
363 DEBUG(10, ("validator failed\n"));
365 free_packet(state->packet);
366 state->packet = NULL;
368 state->reader_req = nb_packet_read_send(state, state->ev,
370 if (tevent_req_nomem(state->reader_req, req)) {
373 tevent_req_set_callback(
374 state->reader_req, sock_packet_read_got_packet, req);
378 TALLOC_FREE(state->socket_req);
379 tevent_req_done(req);
382 static void sock_packet_read_got_socket(struct tevent_req *subreq)
384 struct tevent_req *req = tevent_req_callback_data(
385 subreq, struct tevent_req);
386 struct sock_packet_read_state *state = tevent_req_data(
387 req, struct sock_packet_read_state);
388 struct sockaddr_in *in_addr;
392 received = recvfrom_recv(subreq, &err);
394 TALLOC_FREE(state->socket_req);
396 if (received == -1) {
397 if (state->reader_req != NULL) {
399 * Still waiting for reader
404 * Both socket and reader failed
406 tevent_req_nterror(req, map_nt_error_from_unix(err));
409 if (state->addr.ss_family != AF_INET) {
412 in_addr = (struct sockaddr_in *)(void *)&state->addr;
414 state->packet = parse_packet((char *)state->buf, received, state->type,
415 in_addr->sin_addr, in_addr->sin_port);
416 if (state->packet == NULL) {
417 DEBUG(10, ("parse_packet failed\n"));
420 if ((state->trn_id != -1) &&
421 (state->trn_id != packet_trn_id(state->packet))) {
422 DEBUG(10, ("Expected transaction id %d, got %d\n",
423 state->trn_id, packet_trn_id(state->packet)));
427 if ((state->validator != NULL) &&
428 !state->validator(state->packet, state->private_data)) {
429 DEBUG(10, ("validator failed\n"));
433 tevent_req_done(req);
437 if (state->packet != NULL) {
438 free_packet(state->packet);
439 state->packet = NULL;
441 state->socket_req = recvfrom_send(state, state->ev, state->sock,
442 state->buf, sizeof(state->buf), 0,
443 &state->addr, &state->addr_len);
444 if (tevent_req_nomem(state->socket_req, req)) {
447 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
451 static NTSTATUS sock_packet_read_recv(struct tevent_req *req,
452 struct packet_struct **ppacket)
454 struct sock_packet_read_state *state = tevent_req_data(
455 req, struct sock_packet_read_state);
458 if (tevent_req_is_nterror(req, &status)) {
461 *ppacket = state->packet;
462 state->packet = NULL;
466 struct nb_trans_state {
467 struct tevent_context *ev;
469 struct nb_packet_reader *reader;
471 const struct sockaddr_storage *dst_addr;
474 enum packet_type type;
477 bool (*validator)(struct packet_struct *p,
481 struct packet_struct *packet;
484 static int nb_trans_state_destructor(struct nb_trans_state *s);
485 static void nb_trans_got_reader(struct tevent_req *subreq);
486 static void nb_trans_done(struct tevent_req *subreq);
487 static void nb_trans_sent(struct tevent_req *subreq);
488 static void nb_trans_send_next(struct tevent_req *subreq);
490 static struct tevent_req *nb_trans_send(
492 struct tevent_context *ev,
493 const struct sockaddr_storage *my_addr,
494 const struct sockaddr_storage *dst_addr,
496 uint8_t *buf, size_t buflen,
497 enum packet_type type, int trn_id,
498 bool (*validator)(struct packet_struct *p,
502 struct tevent_req *req, *subreq;
503 struct nb_trans_state *state;
505 req = tevent_req_create(mem_ctx, &state, struct nb_trans_state);
509 talloc_set_destructor(state, nb_trans_state_destructor);
511 state->dst_addr = dst_addr;
513 state->buflen = buflen;
515 state->trn_id = trn_id;
516 state->validator = validator;
517 state->private_data = private_data;
519 state->sock = open_socket_in(SOCK_DGRAM, 0, 3, my_addr, True);
520 if (state->sock == -1) {
521 tevent_req_nterror(req, map_nt_error_from_unix(errno));
522 DEBUG(10, ("open_socket_in failed: %s\n", strerror(errno)));
523 return tevent_req_post(req, ev);
527 set_socket_options(state->sock,"SO_BROADCAST");
530 subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
531 if (tevent_req_nomem(subreq, req)) {
532 return tevent_req_post(req, ev);
534 tevent_req_set_callback(subreq, nb_trans_got_reader, req);
538 static int nb_trans_state_destructor(struct nb_trans_state *s)
544 if (s->packet != NULL) {
545 free_packet(s->packet);
551 static void nb_trans_got_reader(struct tevent_req *subreq)
553 struct tevent_req *req = tevent_req_callback_data(
554 subreq, struct tevent_req);
555 struct nb_trans_state *state = tevent_req_data(
556 req, struct nb_trans_state);
559 status = nb_packet_reader_recv(subreq, state, &state->reader);
562 if (!NT_STATUS_IS_OK(status)) {
563 DEBUG(10, ("nmbd not around\n"));
564 state->reader = NULL;
567 subreq = sock_packet_read_send(
568 state, state->ev, state->sock,
569 state->reader, state->type, state->trn_id,
570 state->validator, state->private_data);
571 if (tevent_req_nomem(subreq, req)) {
574 tevent_req_set_callback(subreq, nb_trans_done, req);
576 subreq = sendto_send(state, state->ev, state->sock,
577 state->buf, state->buflen, 0, state->dst_addr);
578 if (tevent_req_nomem(subreq, req)) {
581 tevent_req_set_callback(subreq, nb_trans_sent, req);
584 static void nb_trans_sent(struct tevent_req *subreq)
586 struct tevent_req *req = tevent_req_callback_data(
587 subreq, struct tevent_req);
588 struct nb_trans_state *state = tevent_req_data(
589 req, struct nb_trans_state);
593 sent = sendto_recv(subreq, &err);
596 DEBUG(10, ("sendto failed: %s\n", strerror(err)));
597 tevent_req_nterror(req, map_nt_error_from_unix(err));
600 subreq = tevent_wakeup_send(state, state->ev,
601 timeval_current_ofs(1, 0));
602 if (tevent_req_nomem(subreq, req)) {
605 tevent_req_set_callback(subreq, nb_trans_send_next, req);
608 static void nb_trans_send_next(struct tevent_req *subreq)
610 struct tevent_req *req = tevent_req_callback_data(
611 subreq, struct tevent_req);
612 struct nb_trans_state *state = tevent_req_data(
613 req, struct nb_trans_state);
616 ret = tevent_wakeup_recv(subreq);
619 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
622 subreq = sendto_send(state, state->ev, state->sock,
623 state->buf, state->buflen, 0, state->dst_addr);
624 if (tevent_req_nomem(subreq, req)) {
627 tevent_req_set_callback(subreq, nb_trans_sent, req);
630 static void nb_trans_done(struct tevent_req *subreq)
632 struct tevent_req *req = tevent_req_callback_data(
633 subreq, struct tevent_req);
634 struct nb_trans_state *state = tevent_req_data(
635 req, struct nb_trans_state);
638 status = sock_packet_read_recv(subreq, &state->packet);
640 if (tevent_req_nterror(req, status)) {
643 tevent_req_done(req);
646 static NTSTATUS nb_trans_recv(struct tevent_req *req,
647 struct packet_struct **ppacket)
649 struct nb_trans_state *state = tevent_req_data(
650 req, struct nb_trans_state);
653 if (tevent_req_is_nterror(req, &status)) {
656 *ppacket = state->packet;
657 state->packet = NULL;
661 /****************************************************************************
662 Do a NBT node status query on an open socket and return an array of
663 structures holding the returned names or NULL if the query failed.
664 **************************************************************************/
666 struct node_status_query_state {
667 struct sockaddr_storage my_addr;
668 struct sockaddr_storage addr;
671 struct packet_struct *packet;
674 static int node_status_query_state_destructor(
675 struct node_status_query_state *s);
676 static bool node_status_query_validator(struct packet_struct *p,
678 static void node_status_query_done(struct tevent_req *subreq);
680 struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
681 struct tevent_context *ev,
682 struct nmb_name *name,
683 const struct sockaddr_storage *addr)
685 struct tevent_req *req, *subreq;
686 struct node_status_query_state *state;
687 struct packet_struct p;
688 struct nmb_packet *nmb = &p.packet.nmb;
689 struct sockaddr_in *in_addr;
691 req = tevent_req_create(mem_ctx, &state,
692 struct node_status_query_state);
696 talloc_set_destructor(state, node_status_query_state_destructor);
698 if (addr->ss_family != AF_INET) {
699 /* Can't do node status to IPv6 */
700 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
701 return tevent_req_post(req, ev);
705 in_addr = (struct sockaddr_in *)(void *)&state->addr;
706 in_addr->sin_port = htons(NMB_PORT);
708 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
709 AI_NUMERICHOST|AI_PASSIVE)) {
710 zero_sockaddr(&state->my_addr);
714 nmb->header.name_trn_id = generate_trn_id();
715 nmb->header.opcode = 0;
716 nmb->header.response = false;
717 nmb->header.nm_flags.bcast = false;
718 nmb->header.nm_flags.recursion_available = false;
719 nmb->header.nm_flags.recursion_desired = false;
720 nmb->header.nm_flags.trunc = false;
721 nmb->header.nm_flags.authoritative = false;
722 nmb->header.rcode = 0;
723 nmb->header.qdcount = 1;
724 nmb->header.ancount = 0;
725 nmb->header.nscount = 0;
726 nmb->header.arcount = 0;
727 nmb->question.question_name = *name;
728 nmb->question.question_type = 0x21;
729 nmb->question.question_class = 0x1;
731 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
733 if (state->buflen == 0) {
734 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
735 DEBUG(10, ("build_packet failed\n"));
736 return tevent_req_post(req, ev);
739 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, false,
740 state->buf, state->buflen,
741 NMB_PACKET, nmb->header.name_trn_id,
742 node_status_query_validator, NULL);
743 if (tevent_req_nomem(subreq, req)) {
744 DEBUG(10, ("nb_trans_send failed\n"));
745 return tevent_req_post(req, ev);
747 if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(10, 0))) {
748 return tevent_req_post(req, ev);
750 tevent_req_set_callback(subreq, node_status_query_done, req);
754 static bool node_status_query_validator(struct packet_struct *p,
757 struct nmb_packet *nmb = &p->packet.nmb;
760 if (nmb->header.opcode != 0 ||
761 nmb->header.nm_flags.bcast ||
763 !nmb->header.ancount ||
764 nmb->answers->rr_type != 0x21) {
766 * XXXX what do we do with this? could be a redirect,
767 * but we'll discard it for the moment
774 static int node_status_query_state_destructor(
775 struct node_status_query_state *s)
777 if (s->packet != NULL) {
778 free_packet(s->packet);
784 static void node_status_query_done(struct tevent_req *subreq)
786 struct tevent_req *req = tevent_req_callback_data(
787 subreq, struct tevent_req);
788 struct node_status_query_state *state = tevent_req_data(
789 req, struct node_status_query_state);
792 status = nb_trans_recv(subreq, &state->packet);
794 if (tevent_req_nterror(req, status)) {
797 tevent_req_done(req);
800 NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
801 struct node_status **pnode_status,
803 struct node_status_extra *extra)
805 struct node_status_query_state *state = tevent_req_data(
806 req, struct node_status_query_state);
807 struct node_status *node_status;
811 if (tevent_req_is_nterror(req, &status)) {
814 node_status = parse_node_status(
815 mem_ctx, &state->packet->packet.nmb.answers->rdata[0],
817 if (node_status == NULL) {
818 return NT_STATUS_NO_MEMORY;
820 *pnode_status = node_status;
821 *pnum_names = num_names;
825 NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
826 const struct sockaddr_storage *addr,
827 struct node_status **pnode_status,
829 struct node_status_extra *extra)
831 TALLOC_CTX *frame = talloc_stackframe();
832 struct tevent_context *ev;
833 struct tevent_req *req;
834 NTSTATUS status = NT_STATUS_NO_MEMORY;
836 ev = tevent_context_init(frame);
840 req = node_status_query_send(ev, ev, name, addr);
844 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
847 status = node_status_query_recv(req, mem_ctx, pnode_status,
854 /****************************************************************************
855 Find the first type XX name in a node status reply - used for finding
856 a servers name given its IP. Return the matched name in *name.
857 **************************************************************************/
859 bool name_status_find(const char *q_name,
862 const struct sockaddr_storage *to_ss,
865 char addr[INET6_ADDRSTRLEN];
866 struct sockaddr_storage ss;
867 struct node_status *addrs = NULL;
868 struct nmb_name nname;
873 if (lp_disable_netbios()) {
874 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
879 print_sockaddr(addr, sizeof(addr), to_ss);
881 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
884 /* Check the cache first. */
886 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
890 if (to_ss->ss_family != AF_INET) {
891 /* Can't do node status to IPv6 */
895 if (!interpret_string_addr(&ss, lp_socket_address(),
896 AI_NUMERICHOST|AI_PASSIVE)) {
900 /* W2K PDC's seem not to respond to '*'#0. JRA */
901 make_nmb_name(&nname, q_name, q_type);
902 status = node_status_query(talloc_tos(), &nname, to_ss,
903 &addrs, &count, NULL);
904 if (!NT_STATUS_IS_OK(status)) {
908 for (i=0;i<count;i++) {
909 /* Find first one of the requested type that's not a GROUP. */
910 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
916 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
918 /* Store the result in the cache. */
919 /* but don't store an entry for 0x1c names here. Here we have
920 a single host and DOMAIN<0x1c> names should be a list of hosts */
922 if ( q_type != 0x1c ) {
923 namecache_status_store(q_name, q_type, type, to_ss, name);
931 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
934 DEBUGADD(10, (", name %s ip address is %s", name, addr));
942 comparison function used by sort_addr_list
945 static int addr_compare(const struct sockaddr_storage *ss1,
946 const struct sockaddr_storage *ss2)
948 int max_bits1=0, max_bits2=0;
949 int num_interfaces = iface_count();
952 /* Sort IPv4 addresses first. */
953 if (ss1->ss_family != ss2->ss_family) {
954 if (ss2->ss_family == AF_INET) {
961 /* Here we know both addresses are of the same
964 for (i=0;i<num_interfaces;i++) {
965 const struct sockaddr_storage *pss = iface_n_bcast(i);
966 const unsigned char *p_ss1 = NULL;
967 const unsigned char *p_ss2 = NULL;
968 const unsigned char *p_if = NULL;
972 if (pss->ss_family != ss1->ss_family) {
973 /* Ignore interfaces of the wrong type. */
976 if (pss->ss_family == AF_INET) {
977 p_if = (const unsigned char *)
978 &((const struct sockaddr_in *)pss)->sin_addr;
979 p_ss1 = (const unsigned char *)
980 &((const struct sockaddr_in *)ss1)->sin_addr;
981 p_ss2 = (const unsigned char *)
982 &((const struct sockaddr_in *)ss2)->sin_addr;
985 #if defined(HAVE_IPV6)
986 if (pss->ss_family == AF_INET6) {
987 p_if = (const unsigned char *)
988 &((const struct sockaddr_in6 *)pss)->sin6_addr;
989 p_ss1 = (const unsigned char *)
990 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
991 p_ss2 = (const unsigned char *)
992 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
996 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
999 bits1 = matching_len_bits(p_ss1, p_if, len);
1000 bits2 = matching_len_bits(p_ss2, p_if, len);
1001 max_bits1 = MAX(bits1, max_bits1);
1002 max_bits2 = MAX(bits2, max_bits2);
1005 /* Bias towards directly reachable IPs */
1006 if (iface_local((const struct sockaddr *)ss1)) {
1007 if (ss1->ss_family == AF_INET) {
1013 if (iface_local((const struct sockaddr *)ss2)) {
1014 if (ss2->ss_family == AF_INET) {
1020 return max_bits2 - max_bits1;
1023 /*******************************************************************
1024 compare 2 ldap IPs by nearness to our interfaces - used in qsort
1025 *******************************************************************/
1027 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
1031 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
1035 if (ss1->port > ss2->port) {
1039 if (ss1->port < ss2->port) {
1047 sort an IP list so that names that are close to one of our interfaces
1048 are at the top. This prevents the problem where a WINS server returns an IP
1049 that is not reachable from our subnet as the first match
1052 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
1058 TYPESAFE_QSORT(sslist, count, addr_compare);
1061 static void sort_service_list(struct ip_service *servlist, int count)
1067 TYPESAFE_QSORT(servlist, count, ip_service_compare);
1070 /**********************************************************************
1071 Remove any duplicate address/port pairs in the list
1072 *********************************************************************/
1074 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
1078 DEBUG(10,("remove_duplicate_addrs2: "
1079 "looking for duplicate address/port pairs\n"));
1081 /* one loop to remove duplicates */
1082 for ( i=0; i<count; i++ ) {
1083 if ( is_zero_addr(&iplist[i].ss)) {
1087 for ( j=i+1; j<count; j++ ) {
1088 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
1089 iplist[i].port == iplist[j].port) {
1090 zero_sockaddr(&iplist[j].ss);
1095 /* one loop to clean up any holes we left */
1096 /* first ip should never be a zero_ip() */
1097 for (i = 0; i<count; ) {
1098 if (is_zero_addr(&iplist[i].ss) ) {
1100 memmove(&iplist[i], &iplist[i+1],
1101 (count - i - 1)*sizeof(iplist[i]));
1112 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
1114 TALLOC_CTX *frame = talloc_stackframe();
1115 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
1118 if (iplist_new == NULL) {
1125 /* Copy IPv4 first. */
1126 for (i = 0; i < count; i++) {
1127 if (iplist[i].ss.ss_family == AF_INET) {
1128 iplist_new[j++] = iplist[i];
1133 for (i = 0; i < count; i++) {
1134 if (iplist[i].ss.ss_family != AF_INET) {
1135 iplist_new[j++] = iplist[i];
1139 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
1144 /****************************************************************************
1145 Do a netbios name query to find someones IP.
1146 Returns an array of IP addresses or NULL if none.
1147 *count will be set to the number of addresses returned.
1148 *timed_out is set if we failed by timing out
1149 ****************************************************************************/
1151 struct name_query_state {
1152 struct sockaddr_storage my_addr;
1153 struct sockaddr_storage addr;
1160 NTSTATUS validate_error;
1163 struct sockaddr_storage *addrs;
1167 static bool name_query_validator(struct packet_struct *p, void *private_data);
1168 static void name_query_done(struct tevent_req *subreq);
1170 struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx,
1171 struct tevent_context *ev,
1172 const char *name, int name_type,
1173 bool bcast, bool recurse,
1174 const struct sockaddr_storage *addr)
1176 struct tevent_req *req, *subreq;
1177 struct name_query_state *state;
1178 struct packet_struct p;
1179 struct nmb_packet *nmb = &p.packet.nmb;
1180 struct sockaddr_in *in_addr;
1182 req = tevent_req_create(mem_ctx, &state, struct name_query_state);
1186 state->bcast = bcast;
1188 if (addr->ss_family != AF_INET) {
1189 /* Can't do node status to IPv6 */
1190 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
1191 return tevent_req_post(req, ev);
1194 if (lp_disable_netbios()) {
1195 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
1197 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
1198 return tevent_req_post(req, ev);
1201 state->addr = *addr;
1202 in_addr = (struct sockaddr_in *)(void *)&state->addr;
1203 in_addr->sin_port = htons(NMB_PORT);
1205 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
1206 AI_NUMERICHOST|AI_PASSIVE)) {
1207 zero_sockaddr(&state->my_addr);
1211 nmb->header.name_trn_id = generate_trn_id();
1212 nmb->header.opcode = 0;
1213 nmb->header.response = false;
1214 nmb->header.nm_flags.bcast = bcast;
1215 nmb->header.nm_flags.recursion_available = false;
1216 nmb->header.nm_flags.recursion_desired = recurse;
1217 nmb->header.nm_flags.trunc = false;
1218 nmb->header.nm_flags.authoritative = false;
1219 nmb->header.rcode = 0;
1220 nmb->header.qdcount = 1;
1221 nmb->header.ancount = 0;
1222 nmb->header.nscount = 0;
1223 nmb->header.arcount = 0;
1225 make_nmb_name(&nmb->question.question_name,name,name_type);
1227 nmb->question.question_type = 0x20;
1228 nmb->question.question_class = 0x1;
1230 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
1232 if (state->buflen == 0) {
1233 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
1234 DEBUG(10, ("build_packet failed\n"));
1235 return tevent_req_post(req, ev);
1238 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, bcast,
1239 state->buf, state->buflen,
1240 NMB_PACKET, nmb->header.name_trn_id,
1241 name_query_validator, state);
1242 if (tevent_req_nomem(subreq, req)) {
1243 DEBUG(10, ("nb_trans_send failed\n"));
1244 return tevent_req_post(req, ev);
1246 tevent_req_set_callback(subreq, name_query_done, req);
1250 static bool name_query_validator(struct packet_struct *p, void *private_data)
1252 struct name_query_state *state = talloc_get_type_abort(
1253 private_data, struct name_query_state);
1254 struct nmb_packet *nmb = &p->packet.nmb;
1255 struct sockaddr_storage *tmp_addrs;
1256 bool got_unique_netbios_name = false;
1259 debug_nmb_packet(p);
1262 * If we get a Negative Name Query Response from a WINS
1263 * server, we should report it and give up.
1265 if( 0 == nmb->header.opcode /* A query response */
1266 && !state->bcast /* from a WINS server */
1267 && nmb->header.rcode /* Error returned */
1270 if( DEBUGLVL( 3 ) ) {
1271 /* Only executed if DEBUGLEVEL >= 3 */
1272 dbgtext( "Negative name query "
1273 "response, rcode 0x%02x: ",
1274 nmb->header.rcode );
1275 switch( nmb->header.rcode ) {
1277 dbgtext("Request was invalidly formatted.\n");
1280 dbgtext("Problem with NBNS, cannot process "
1284 dbgtext("The name requested does not "
1288 dbgtext("Unsupported request error.\n");
1291 dbgtext("Query refused error.\n");
1294 dbgtext("Unrecognized error code.\n" );
1300 * We accept this packet as valid, but tell the upper
1301 * layers that it's a negative response.
1303 state->validate_error = NT_STATUS_NOT_FOUND;
1307 if (nmb->header.opcode != 0 ||
1308 nmb->header.nm_flags.bcast ||
1309 nmb->header.rcode ||
1310 !nmb->header.ancount) {
1312 * XXXX what do we do with this? Could be a redirect,
1313 * but we'll discard it for the moment.
1318 tmp_addrs = TALLOC_REALLOC_ARRAY(
1319 state, state->addrs, struct sockaddr_storage,
1320 state->num_addrs + nmb->answers->rdlength/6);
1321 if (tmp_addrs == NULL) {
1322 state->validate_error = NT_STATUS_NO_MEMORY;
1325 state->addrs = tmp_addrs;
1327 DEBUG(2,("Got a positive name query response "
1328 "from %s ( ", inet_ntoa(p->ip)));
1330 for (i=0; i<nmb->answers->rdlength/6; i++) {
1333 struct sockaddr_storage addr;
1336 flags = RSVAL(&nmb->answers->rdata[i*6], 0);
1337 got_unique_netbios_name |= ((flags & 0x8000) == 0);
1339 putip((char *)&ip,&nmb->answers->rdata[2+i*6]);
1340 in_addr_to_sockaddr_storage(&addr, ip);
1342 for (j=0; j<state->num_addrs; j++) {
1344 (struct sockaddr *)&addr,
1345 (struct sockaddr *)&state->addrs[j])) {
1349 if (j < state->num_addrs) {
1350 /* Already got it */
1354 DEBUGADD(2,("%s ",inet_ntoa(ip)));
1356 state->addrs[state->num_addrs] = addr;
1357 state->num_addrs += 1;
1359 DEBUGADD(2,(")\n"));
1361 /* We add the flags back ... */
1362 if (nmb->header.response)
1363 state->flags |= NM_FLAGS_RS;
1364 if (nmb->header.nm_flags.authoritative)
1365 state->flags |= NM_FLAGS_AA;
1366 if (nmb->header.nm_flags.trunc)
1367 state->flags |= NM_FLAGS_TC;
1368 if (nmb->header.nm_flags.recursion_desired)
1369 state->flags |= NM_FLAGS_RD;
1370 if (nmb->header.nm_flags.recursion_available)
1371 state->flags |= NM_FLAGS_RA;
1372 if (nmb->header.nm_flags.bcast)
1373 state->flags |= NM_FLAGS_B;
1377 * We have to collect all entries coming in from broadcast
1378 * queries. If we got a unique name, we're done.
1380 return got_unique_netbios_name;
1383 * WINS responses are accepted when they are received
1388 static void name_query_done(struct tevent_req *subreq)
1390 struct tevent_req *req = tevent_req_callback_data(
1391 subreq, struct tevent_req);
1392 struct name_query_state *state = tevent_req_data(
1393 req, struct name_query_state);
1395 struct packet_struct *p = NULL;
1397 status = nb_trans_recv(subreq, &p);
1398 TALLOC_FREE(subreq);
1399 if (tevent_req_nterror(req, status)) {
1402 if (!NT_STATUS_IS_OK(state->validate_error)) {
1403 tevent_req_nterror(req, state->validate_error);
1408 * Free the packet here, we've collected the response in the
1413 tevent_req_done(req);
1416 NTSTATUS name_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1417 struct sockaddr_storage **addrs, int *num_addrs,
1420 struct name_query_state *state = tevent_req_data(
1421 req, struct name_query_state);
1424 if (tevent_req_is_nterror(req, &status)
1425 && !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
1428 if (state->num_addrs == 0) {
1429 return NT_STATUS_NOT_FOUND;
1431 *addrs = talloc_move(mem_ctx, &state->addrs);
1432 sort_addr_list(*addrs, state->num_addrs);
1433 *num_addrs = state->num_addrs;
1434 if (flags != NULL) {
1435 *flags = state->flags;
1437 return NT_STATUS_OK;
1440 NTSTATUS name_query(const char *name, int name_type,
1441 bool bcast, bool recurse,
1442 const struct sockaddr_storage *to_ss,
1443 TALLOC_CTX *mem_ctx,
1444 struct sockaddr_storage **addrs,
1445 int *num_addrs, uint8_t *flags)
1447 TALLOC_CTX *frame = talloc_stackframe();
1448 struct tevent_context *ev;
1449 struct tevent_req *req;
1450 struct timeval timeout;
1451 NTSTATUS status = NT_STATUS_NO_MEMORY;
1453 ev = tevent_context_init(frame);
1457 req = name_query_send(ev, ev, name, name_type, bcast, recurse, to_ss);
1462 timeout = timeval_current_ofs(0, 250000);
1464 timeout = timeval_current_ofs(2, 0);
1466 if (!tevent_req_set_endtime(req, ev, timeout)) {
1469 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1472 status = name_query_recv(req, mem_ctx, addrs, num_addrs, flags);
1478 /********************************************************
1479 convert an array if struct sockaddr_storage to struct ip_service
1480 return false on failure. Port is set to PORT_NONE;
1481 *********************************************************/
1483 static bool convert_ss2service(struct ip_service **return_iplist,
1484 const struct sockaddr_storage *ss_list,
1489 if ( count==0 || !ss_list )
1492 /* copy the ip address; port will be PORT_NONE */
1493 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
1495 DEBUG(0,("convert_ip2service: malloc failed "
1496 "for %d enetries!\n", count ));
1500 for ( i=0; i<count; i++ ) {
1501 (*return_iplist)[i].ss = ss_list[i];
1502 (*return_iplist)[i].port = PORT_NONE;
1508 /********************************************************
1509 Resolve via "bcast" method.
1510 *********************************************************/
1512 NTSTATUS name_resolve_bcast(const char *name,
1514 TALLOC_CTX *mem_ctx,
1515 struct sockaddr_storage **return_iplist,
1519 int num_interfaces = iface_count();
1520 struct sockaddr_storage *ss_list;
1521 NTSTATUS status = NT_STATUS_NOT_FOUND;
1523 if (lp_disable_netbios()) {
1524 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
1526 return NT_STATUS_INVALID_PARAMETER;
1529 *return_iplist = NULL;
1533 * "bcast" means do a broadcast lookup on all the local interfaces.
1536 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
1537 "for name %s<0x%x>\n", name, name_type));
1540 * Lookup the name on all the interfaces, return on
1541 * the first successful match.
1543 for( i = num_interfaces-1; i >= 0; i--) {
1544 const struct sockaddr_storage *pss = iface_n_bcast(i);
1546 /* Done this way to fix compiler error on IRIX 5.x */
1550 status = name_query(name, name_type, true, true, pss,
1551 talloc_tos(), &ss_list, return_count,
1553 if (NT_STATUS_IS_OK(status)) {
1558 /* failed - no response */
1563 *return_iplist = ss_list;
1567 /********************************************************
1568 Resolve via "wins" method.
1569 *********************************************************/
1571 NTSTATUS resolve_wins(const char *name,
1573 struct ip_service **return_iplist,
1578 struct sockaddr_storage src_ss, *ss_list = NULL;
1579 struct in_addr src_ip;
1582 if (lp_disable_netbios()) {
1583 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1585 return NT_STATUS_INVALID_PARAMETER;
1588 *return_iplist = NULL;
1591 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1594 if (wins_srv_count() < 1) {
1595 DEBUG(3,("resolve_wins: WINS server resolution selected "
1596 "and no WINS servers listed.\n"));
1597 return NT_STATUS_INVALID_PARAMETER;
1600 /* we try a lookup on each of the WINS tags in turn */
1601 wins_tags = wins_srv_tags();
1604 /* huh? no tags?? give up in disgust */
1605 return NT_STATUS_INVALID_PARAMETER;
1608 /* the address we will be sending from */
1609 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1610 AI_NUMERICHOST|AI_PASSIVE)) {
1611 zero_sockaddr(&src_ss);
1614 if (src_ss.ss_family != AF_INET) {
1615 char addr[INET6_ADDRSTRLEN];
1616 print_sockaddr(addr, sizeof(addr), &src_ss);
1617 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1618 "on IPv6 address %s\n",
1620 wins_srv_tags_free(wins_tags);
1621 return NT_STATUS_INVALID_PARAMETER;
1624 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1626 /* in the worst case we will try every wins server with every
1628 for (t=0; wins_tags && wins_tags[t]; t++) {
1629 int srv_count = wins_srv_count_tag(wins_tags[t]);
1630 for (i=0; i<srv_count; i++) {
1631 struct sockaddr_storage wins_ss;
1632 struct in_addr wins_ip;
1634 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1636 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1637 /* yikes! we'll loop forever */
1641 /* skip any that have been unresponsive lately */
1642 if (wins_srv_is_dead(wins_ip, src_ip)) {
1646 DEBUG(3,("resolve_wins: using WINS server %s "
1648 inet_ntoa(wins_ip), wins_tags[t]));
1650 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1651 status = name_query(name,
1661 /* exit loop if we got a list of addresses */
1663 if (NT_STATUS_IS_OK(status)) {
1667 if (NT_STATUS_EQUAL(status,
1668 NT_STATUS_IO_TIMEOUT)) {
1669 /* Timed out waiting for WINS server to
1672 wins_srv_died(wins_ip, src_ip);
1674 /* The name definitely isn't in this
1675 group of WINS servers.
1676 goto the next group */
1682 wins_srv_tags_free(wins_tags);
1683 return NT_STATUS_NO_LOGON_SERVERS;
1687 status = NT_STATUS_OK;
1688 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1689 status = NT_STATUS_INVALID_PARAMETER;
1691 TALLOC_FREE(ss_list);
1692 wins_srv_tags_free(wins_tags);
1697 /********************************************************
1698 Resolve via "lmhosts" method.
1699 *********************************************************/
1701 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1702 struct ip_service **return_iplist,
1706 * "lmhosts" means parse the local lmhosts file.
1708 struct sockaddr_storage *ss_list;
1709 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1710 TALLOC_CTX *ctx = NULL;
1712 *return_iplist = NULL;
1715 DEBUG(3,("resolve_lmhosts: "
1716 "Attempting lmhosts lookup for name %s<0x%x>\n",
1719 ctx = talloc_init("resolve_lmhosts");
1721 return NT_STATUS_NO_MEMORY;
1724 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1729 if (NT_STATUS_IS_OK(status)) {
1730 if (convert_ss2service(return_iplist,
1734 return NT_STATUS_OK;
1737 return NT_STATUS_NO_MEMORY;
1745 /********************************************************
1746 Resolve via "hosts" method.
1747 *********************************************************/
1749 static NTSTATUS resolve_hosts(const char *name, int name_type,
1750 struct ip_service **return_iplist,
1754 * "host" means do a localhost, or dns lookup.
1756 struct addrinfo hints;
1757 struct addrinfo *ailist = NULL;
1758 struct addrinfo *res = NULL;
1761 const char *dns_hosts_file;
1763 if ( name_type != 0x20 && name_type != 0x0) {
1764 DEBUG(5, ("resolve_hosts: not appropriate "
1765 "for name type <0x%x>\n",
1767 return NT_STATUS_INVALID_PARAMETER;
1770 *return_iplist = NULL;
1773 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1777 /* By default make sure it supports TCP. */
1778 hints.ai_socktype = SOCK_STREAM;
1779 hints.ai_flags = AI_ADDRCONFIG;
1781 #if !defined(HAVE_IPV6)
1782 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1783 hints.ai_family = AF_INET;
1786 dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
1787 if (dns_hosts_file) {
1788 struct sockaddr_storage *ss_list;
1790 TALLOC_CTX *ctx = talloc_stackframe();
1792 return NT_STATUS_NO_MEMORY;
1795 status = resolve_dns_hosts_file_as_sockaddr(dns_hosts_file, name, false,
1796 ctx, &ss_list, return_count);
1797 if (NT_STATUS_IS_OK(status)) {
1798 if (convert_ss2service(return_iplist,
1802 return NT_STATUS_OK;
1805 return NT_STATUS_NO_MEMORY;
1809 return NT_STATUS_UNSUCCESSFUL;
1812 ret = getaddrinfo(name,
1817 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1819 gai_strerror(ret) ));
1822 for (res = ailist; res; res = res->ai_next) {
1823 struct sockaddr_storage ss;
1825 if (!res->ai_addr || res->ai_addrlen == 0) {
1830 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1834 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1837 if (!*return_iplist) {
1838 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1839 freeaddrinfo(ailist);
1840 return NT_STATUS_NO_MEMORY;
1842 (*return_iplist)[i].ss = ss;
1843 (*return_iplist)[i].port = PORT_NONE;
1847 freeaddrinfo(ailist);
1849 if (*return_count) {
1850 return NT_STATUS_OK;
1852 return NT_STATUS_UNSUCCESSFUL;
1855 /********************************************************
1856 Resolve via "ADS" method.
1857 *********************************************************/
1859 /* Special name type used to cause a _kerberos DNS lookup. */
1860 #define KDC_NAME_TYPE 0xDCDC
1862 static NTSTATUS resolve_ads(const char *name,
1864 const char *sitename,
1865 struct ip_service **return_iplist,
1871 struct dns_rr_srv *dcs = NULL;
1875 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1876 (name_type != 0x1b)) {
1877 return NT_STATUS_INVALID_PARAMETER;
1880 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1881 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1882 return NT_STATUS_NO_MEMORY;
1885 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1887 switch (name_type) {
1889 DEBUG(5,("resolve_ads: Attempting to resolve "
1890 "PDC for %s using DNS\n", name));
1891 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1895 DEBUG(5,("resolve_ads: Attempting to resolve "
1896 "DCs for %s using DNS\n", name));
1897 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1901 DEBUG(5,("resolve_ads: Attempting to resolve "
1902 "KDCs for %s using DNS\n", name));
1903 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1907 status = NT_STATUS_INVALID_PARAMETER;
1911 if ( !NT_STATUS_IS_OK( status ) ) {
1912 talloc_destroy(ctx);
1916 for (i=0;i<numdcs;i++) {
1917 numaddrs += MAX(dcs[i].num_ips,1);
1920 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1922 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1924 talloc_destroy(ctx);
1925 return NT_STATUS_NO_MEMORY;
1928 /* now unroll the list of IP addresses */
1933 while ( i < numdcs && (*return_count<numaddrs) ) {
1934 struct ip_service *r = &(*return_iplist)[*return_count];
1936 r->port = dcs[i].port;
1938 /* If we don't have an IP list for a name, lookup it up */
1941 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1945 /* use the IP addresses from the SRV sresponse */
1947 if ( j >= dcs[i].num_ips ) {
1953 r->ss = dcs[i].ss_s[j];
1957 /* make sure it is a valid IP. I considered checking the
1958 * negative connection cache, but this is the wrong place
1959 * for it. Maybe only as a hack. After think about it, if
1960 * all of the IP addresses returned from DNS are dead, what
1961 * hope does a netbios name lookup have ? The standard reason
1962 * for falling back to netbios lookups is that our DNS server
1963 * doesn't know anything about the DC's -- jerry */
1965 if (!is_zero_addr(&r->ss)) {
1970 talloc_destroy(ctx);
1971 return NT_STATUS_OK;
1974 /*******************************************************************
1975 Internal interface to resolve a name into an IP address.
1976 Use this function if the string is either an IP address, DNS
1977 or host name or NetBIOS name. This uses the name switch in the
1978 smb.conf to determine the order of name resolution.
1980 Added support for ip addr/port to support ADS ldap servers.
1981 the only place we currently care about the port is in the
1982 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1983 **********************************************************************/
1985 NTSTATUS internal_resolve_name(const char *name,
1987 const char *sitename,
1988 struct ip_service **return_iplist,
1990 const char *resolve_order)
1994 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1996 TALLOC_CTX *frame = NULL;
1998 *return_iplist = NULL;
2001 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
2002 name, name_type, sitename ? sitename : "(null)"));
2004 if (is_ipaddress(name)) {
2005 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
2007 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
2008 return NT_STATUS_NO_MEMORY;
2011 /* ignore the port here */
2012 (*return_iplist)->port = PORT_NONE;
2014 /* if it's in the form of an IP address then get the lib to interpret it */
2015 if (!interpret_string_addr(&(*return_iplist)->ss,
2016 name, AI_NUMERICHOST)) {
2017 DEBUG(1,("internal_resolve_name: interpret_string_addr "
2020 SAFE_FREE(*return_iplist);
2021 return NT_STATUS_INVALID_PARAMETER;
2024 return NT_STATUS_OK;
2027 /* Check name cache */
2029 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
2030 /* This could be a negative response */
2031 if (*return_count > 0) {
2032 return NT_STATUS_OK;
2034 return NT_STATUS_UNSUCCESSFUL;
2038 /* set the name resolution order */
2040 if (strcmp( resolve_order, "NULL") == 0) {
2041 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
2042 return NT_STATUS_INVALID_PARAMETER;
2045 if (!resolve_order[0]) {
2048 ptr = resolve_order;
2051 /* iterate through the name resolution backends */
2053 frame = talloc_stackframe();
2054 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
2055 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
2056 status = resolve_hosts(name, name_type, return_iplist,
2058 if (NT_STATUS_IS_OK(status)) {
2061 } else if(strequal( tok, "kdc")) {
2062 /* deal with KDC_NAME_TYPE names here.
2063 * This will result in a SRV record lookup */
2064 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
2065 return_iplist, return_count);
2066 if (NT_STATUS_IS_OK(status)) {
2067 /* Ensure we don't namecache
2068 * this with the KDC port. */
2069 name_type = KDC_NAME_TYPE;
2072 } else if(strequal( tok, "ads")) {
2073 /* deal with 0x1c and 0x1b names here.
2074 * This will result in a SRV record lookup */
2075 status = resolve_ads(name, name_type, sitename,
2076 return_iplist, return_count);
2077 if (NT_STATUS_IS_OK(status)) {
2080 } else if(strequal( tok, "lmhosts")) {
2081 status = resolve_lmhosts(name, name_type,
2082 return_iplist, return_count);
2083 if (NT_STATUS_IS_OK(status)) {
2086 } else if(strequal( tok, "wins")) {
2087 /* don't resolve 1D via WINS */
2088 if (name_type != 0x1D) {
2089 status = resolve_wins(name, name_type,
2092 if (NT_STATUS_IS_OK(status)) {
2096 } else if(strequal( tok, "bcast")) {
2097 struct sockaddr_storage *ss_list;
2098 status = name_resolve_bcast(
2099 name, name_type, talloc_tos(),
2100 &ss_list, return_count);
2101 if (NT_STATUS_IS_OK(status)) {
2102 if (!convert_ss2service(return_iplist,
2105 status = NT_STATUS_NO_MEMORY;
2110 DEBUG(0,("resolve_name: unknown name switch type %s\n",
2115 /* All of the resolve_* functions above have returned false. */
2118 SAFE_FREE(*return_iplist);
2121 return NT_STATUS_UNSUCCESSFUL;
2125 /* Remove duplicate entries. Some queries, notably #1c (domain
2126 controllers) return the PDC in iplist[0] and then all domain
2127 controllers including the PDC in iplist[1..n]. Iterating over
2128 the iplist when the PDC is down will cause two sets of timeouts. */
2130 if ( *return_count ) {
2131 *return_count = remove_duplicate_addrs2(*return_iplist,
2135 /* Save in name cache */
2136 if ( DEBUGLEVEL >= 100 ) {
2137 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
2138 char addr[INET6_ADDRSTRLEN];
2139 print_sockaddr(addr, sizeof(addr),
2140 &(*return_iplist)[i].ss);
2141 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
2145 (*return_iplist)[i].port));
2149 namecache_store(name, name_type, *return_count, *return_iplist);
2151 /* Display some debugging info */
2153 if ( DEBUGLEVEL >= 10 ) {
2154 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
2157 for (i = 0; i < *return_count; i++) {
2158 char addr[INET6_ADDRSTRLEN];
2159 print_sockaddr(addr, sizeof(addr),
2160 &(*return_iplist)[i].ss);
2161 DEBUGADD(10, ("%s:%d ",
2163 (*return_iplist)[i].port));
2172 /********************************************************
2173 Internal interface to resolve a name into one IP address.
2174 Use this function if the string is either an IP address, DNS
2175 or host name or NetBIOS name. This uses the name switch in the
2176 smb.conf to determine the order of name resolution.
2177 *********************************************************/
2179 bool resolve_name(const char *name,
2180 struct sockaddr_storage *return_ss,
2184 struct ip_service *ss_list = NULL;
2185 char *sitename = NULL;
2188 if (is_ipaddress(name)) {
2189 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
2192 sitename = sitename_fetch(lp_realm()); /* wild guess */
2194 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
2196 lp_name_resolve_order()))) {
2200 for (i=0; i<count; i++) {
2201 if (!is_zero_addr(&ss_list[i].ss) &&
2202 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
2203 (ss_list[i].ss.ss_family == AF_INET)) {
2204 *return_ss = ss_list[i].ss;
2206 SAFE_FREE(sitename);
2212 /* only return valid addresses for TCP connections */
2213 for (i=0; i<count; i++) {
2214 if (!is_zero_addr(&ss_list[i].ss) &&
2215 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2216 *return_ss = ss_list[i].ss;
2218 SAFE_FREE(sitename);
2225 SAFE_FREE(sitename);
2229 /********************************************************
2230 Internal interface to resolve a name into a list of IP addresses.
2231 Use this function if the string is either an IP address, DNS
2232 or host name or NetBIOS name. This uses the name switch in the
2233 smb.conf to determine the order of name resolution.
2234 *********************************************************/
2236 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
2239 struct sockaddr_storage **return_ss_arr,
2240 unsigned int *p_num_entries)
2242 struct ip_service *ss_list = NULL;
2243 char *sitename = NULL;
2246 unsigned int num_entries;
2250 *return_ss_arr = NULL;
2252 if (is_ipaddress(name)) {
2253 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
2254 if (!*return_ss_arr) {
2255 return NT_STATUS_NO_MEMORY;
2257 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
2258 TALLOC_FREE(*return_ss_arr);
2259 return NT_STATUS_BAD_NETWORK_NAME;
2262 return NT_STATUS_OK;
2265 sitename = sitename_fetch(lp_realm()); /* wild guess */
2267 status = internal_resolve_name(name, name_type, sitename,
2269 lp_name_resolve_order());
2270 SAFE_FREE(sitename);
2272 if (!NT_STATUS_IS_OK(status)) {
2276 /* only return valid addresses for TCP connections */
2277 for (i=0, num_entries = 0; i<count; i++) {
2278 if (!is_zero_addr(&ss_list[i].ss) &&
2279 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2283 if (num_entries == 0) {
2285 return NT_STATUS_BAD_NETWORK_NAME;
2288 *return_ss_arr = TALLOC_ARRAY(ctx,
2289 struct sockaddr_storage,
2291 if (!(*return_ss_arr)) {
2293 return NT_STATUS_NO_MEMORY;
2296 for (i=0, num_entries = 0; i<count; i++) {
2297 if (!is_zero_addr(&ss_list[i].ss) &&
2298 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2299 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
2303 status = NT_STATUS_OK;
2304 *p_num_entries = num_entries;
2307 return NT_STATUS_OK;
2310 /********************************************************
2311 Find the IP address of the master browser or DMB for a workgroup.
2312 *********************************************************/
2314 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
2316 struct ip_service *ip_list = NULL;
2320 if (lp_disable_netbios()) {
2321 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
2325 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
2326 lp_name_resolve_order());
2327 if (NT_STATUS_IS_OK(status)) {
2328 *master_ss = ip_list[0].ss;
2333 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
2334 lp_name_resolve_order());
2335 if (NT_STATUS_IS_OK(status)) {
2336 *master_ss = ip_list[0].ss;
2345 /********************************************************
2346 Get the IP address list of the primary domain controller
2348 *********************************************************/
2350 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
2352 struct ip_service *ip_list = NULL;
2354 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
2356 /* Look up #1B name */
2358 if (lp_security() == SEC_ADS) {
2359 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2363 if (!NT_STATUS_IS_OK(status) || count == 0) {
2364 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2366 lp_name_resolve_order());
2367 if (!NT_STATUS_IS_OK(status)) {
2372 /* if we get more than 1 IP back we have to assume it is a
2373 multi-homed PDC and not a mess up */
2376 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
2377 sort_service_list(ip_list, count);
2380 *pss = ip_list[0].ss;
2385 /* Private enum type for lookups. */
2387 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
2389 /********************************************************
2390 Get the IP address list of the domain controllers for
2392 *********************************************************/
2394 static NTSTATUS get_dc_list(const char *domain,
2395 const char *sitename,
2396 struct ip_service **ip_list,
2398 enum dc_lookup_type lookup_type,
2401 char *resolve_order = NULL;
2402 char *saf_servername = NULL;
2403 char *pserver = NULL;
2405 char *port_str = NULL;
2408 int num_addresses = 0;
2409 int local_count, i, j;
2410 struct ip_service *return_iplist = NULL;
2411 struct ip_service *auto_ip_list = NULL;
2412 bool done_auto_lookup = false;
2415 TALLOC_CTX *ctx = talloc_init("get_dc_list");
2421 return NT_STATUS_NO_MEMORY;
2426 /* if we are restricted to solely using DNS for looking
2427 up a domain controller, make sure that host lookups
2428 are enabled for the 'name resolve order'. If host lookups
2429 are disabled and ads_only is True, then set the string to
2432 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
2433 if (!resolve_order) {
2434 status = NT_STATUS_NO_MEMORY;
2437 strlower_m(resolve_order);
2438 if (lookup_type == DC_ADS_ONLY) {
2439 if (strstr( resolve_order, "host")) {
2440 resolve_order = talloc_strdup(ctx, "ads");
2442 /* DNS SRV lookups used by the ads resolver
2443 are already sorted by priority and weight */
2446 resolve_order = talloc_strdup(ctx, "NULL");
2448 } else if (lookup_type == DC_KDC_ONLY) {
2449 /* DNS SRV lookups used by the ads/kdc resolver
2450 are already sorted by priority and weight */
2452 resolve_order = talloc_strdup(ctx, "kdc");
2454 if (!resolve_order) {
2455 status = NT_STATUS_NO_MEMORY;
2459 /* fetch the server we have affinity for. Add the
2460 'password server' list to a search for our domain controllers */
2462 saf_servername = saf_fetch( domain);
2464 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
2465 pserver = talloc_asprintf(ctx, "%s, %s",
2466 saf_servername ? saf_servername : "",
2467 lp_passwordserver());
2469 pserver = talloc_asprintf(ctx, "%s, *",
2470 saf_servername ? saf_servername : "");
2473 SAFE_FREE(saf_servername);
2475 status = NT_STATUS_NO_MEMORY;
2479 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
2482 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
2483 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2484 count, resolve_order);
2488 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
2491 * if '*' appears in the "password server" list then add
2492 * an auto lookup to the list of manually configured
2493 * DC's. If any DC is listed by name, then the list should be
2494 * considered to be ordered
2498 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2499 if (!done_auto_lookup && strequal(name, "*")) {
2500 status = internal_resolve_name(domain, 0x1C, sitename,
2504 if (NT_STATUS_IS_OK(status)) {
2505 num_addresses += auto_count;
2507 done_auto_lookup = true;
2508 DEBUG(8,("Adding %d DC's from auto lookup\n",
2515 /* if we have no addresses and haven't done the auto lookup, then
2516 just return the list of DC's. Or maybe we just failed. */
2518 if ((num_addresses == 0)) {
2519 if (done_auto_lookup) {
2520 DEBUG(4,("get_dc_list: no servers found\n"));
2521 status = NT_STATUS_NO_LOGON_SERVERS;
2524 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2525 count, resolve_order);
2529 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
2530 num_addresses)) == NULL) {
2531 DEBUG(3,("get_dc_list: malloc fail !\n"));
2532 status = NT_STATUS_NO_MEMORY;
2539 /* fill in the return list now with real IP's */
2541 while ((local_count<num_addresses) &&
2542 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2543 struct sockaddr_storage name_ss;
2545 /* copy any addersses from the auto lookup */
2547 if (strequal(name, "*")) {
2548 for (j=0; j<auto_count; j++) {
2549 char addr[INET6_ADDRSTRLEN];
2550 print_sockaddr(addr,
2552 &auto_ip_list[j].ss);
2553 /* Check for and don't copy any
2554 * known bad DC IP's. */
2555 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
2558 DEBUG(5,("get_dc_list: "
2559 "negative entry %s removed "
2564 return_iplist[local_count].ss =
2566 return_iplist[local_count].port =
2567 auto_ip_list[j].port;
2573 /* added support for address:port syntax for ads
2574 * (not that I think anyone will ever run the LDAP
2575 * server in an AD domain on something other than
2578 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2579 if ((port_str=strchr(name, ':')) != NULL) {
2582 port = atoi(port_str);
2585 /* explicit lookup; resolve_name() will
2586 * handle names & IP addresses */
2587 if (resolve_name( name, &name_ss, 0x20, true )) {
2588 char addr[INET6_ADDRSTRLEN];
2589 print_sockaddr(addr,
2593 /* Check for and don't copy any known bad DC IP's. */
2594 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2596 DEBUG(5,("get_dc_list: negative entry %s "
2597 "removed from DC list\n",
2602 return_iplist[local_count].ss = name_ss;
2603 return_iplist[local_count].port = port;
2609 /* need to remove duplicates in the list if we have any
2610 explicit password servers */
2613 local_count = remove_duplicate_addrs2(return_iplist,
2617 /* For DC's we always prioritize IPv4 due to W2K3 not
2618 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2620 if (local_count && return_iplist) {
2621 prioritize_ipv4_list(return_iplist, local_count);
2624 if ( DEBUGLEVEL >= 4 ) {
2625 DEBUG(4,("get_dc_list: returning %d ip addresses "
2626 "in an %sordered list\n",
2628 *ordered ? "":"un"));
2629 DEBUG(4,("get_dc_list: "));
2630 for ( i=0; i<local_count; i++ ) {
2631 char addr[INET6_ADDRSTRLEN];
2632 print_sockaddr(addr,
2634 &return_iplist[i].ss);
2635 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2640 *ip_list = return_iplist;
2641 *count = local_count;
2643 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2647 if (!NT_STATUS_IS_OK(status)) {
2648 SAFE_FREE(return_iplist);
2653 SAFE_FREE(auto_ip_list);
2658 /*********************************************************************
2659 Small wrapper function to get the DC list and sort it if neccessary.
2660 *********************************************************************/
2662 NTSTATUS get_sorted_dc_list( const char *domain,
2663 const char *sitename,
2664 struct ip_service **ip_list,
2668 bool ordered = false;
2670 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2675 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2676 "for name %s (sitename %s) using [%s]\n",
2678 sitename ? sitename : "NULL",
2679 (ads_only ? "ads" : lp_name_resolve_order())));
2682 lookup_type = DC_ADS_ONLY;
2685 status = get_dc_list(domain, sitename, ip_list,
2686 count, lookup_type, &ordered);
2687 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2689 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2690 " in site %s, fallback to all servers\n",
2692 status = get_dc_list(domain, NULL, ip_list,
2693 count, lookup_type, &ordered);
2696 if (!NT_STATUS_IS_OK(status)) {
2697 SAFE_FREE(*ip_list);
2702 /* only sort if we don't already have an ordered list */
2704 sort_service_list(*ip_list, *count);
2707 return NT_STATUS_OK;
2710 /*********************************************************************
2711 Get the KDC list - re-use all the logic in get_dc_list.
2712 *********************************************************************/
2714 NTSTATUS get_kdc_list( const char *realm,
2715 const char *sitename,
2716 struct ip_service **ip_list,
2725 status = get_dc_list(realm, sitename, ip_list,
2726 count, DC_KDC_ONLY, &ordered);
2728 if (!NT_STATUS_IS_OK(status)) {
2729 SAFE_FREE(*ip_list);
2734 /* only sort if we don't already have an ordered list */
2736 sort_service_list(*ip_list, *count);
2739 return NT_STATUS_OK;