2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* nmbd.c sets this to True. */
24 BOOL global_in_nmbd = False;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
38 static char *saf_key(const char *domain)
42 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
47 /****************************************************************************
48 ****************************************************************************/
50 BOOL saf_store( const char *domain, const char *servername )
56 if ( !domain || !servername ) {
57 DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n"));
61 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
62 DEBUG(0,("saf_store: refusing to store 0 length domain or servername!\n"));
66 if ( !gencache_init() )
69 key = saf_key( domain );
70 expire = time( NULL ) + SAF_TTL;
73 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
74 domain, servername, (unsigned int)expire ));
76 ret = gencache_set( key, servername, expire );
83 BOOL saf_delete( const char *domain )
89 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
93 if ( !gencache_init() )
96 key = saf_key(domain);
97 ret = gencache_del(key);
100 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
108 /****************************************************************************
109 ****************************************************************************/
111 char *saf_fetch( const char *domain )
118 if ( !domain || strlen(domain) == 0) {
119 DEBUG(2,("saf_fetch: Empty domain name!\n"));
123 if ( !gencache_init() )
126 key = saf_key( domain );
128 ret = gencache_get( key, &server, &timeout );
133 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain ));
135 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
142 /****************************************************************************
143 Generate a random trn_id.
144 ****************************************************************************/
146 static int generate_trn_id(void)
151 sys_srandom(sys_getpid());
154 trn_id = sys_random();
156 return trn_id % (unsigned)0x7FFF;
159 /****************************************************************************
160 Parse a node status response into an array of structures.
161 ****************************************************************************/
163 static NODE_STATUS_STRUCT *parse_node_status(char *p, int *num_names, struct node_status_extra *extra)
165 NODE_STATUS_STRUCT *ret;
168 *num_names = CVAL(p,0);
173 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
178 for (i=0;i< *num_names;i++) {
179 StrnCpy(ret[i].name,p,15);
180 trim_char(ret[i].name,'\0',' ');
181 ret[i].type = CVAL(p,15);
182 ret[i].flags = p[16];
184 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
185 ret[i].type, ret[i].flags));
188 * Also, pick up the MAC address ...
191 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
197 /****************************************************************************
198 Do a NBT node status query on an open socket and return an array of
199 structures holding the returned names or NULL if the query failed.
200 **************************************************************************/
202 NODE_STATUS_STRUCT *node_status_query(int fd,struct nmb_name *name,
203 struct in_addr to_ip, int *num_names,
204 struct node_status_extra *extra)
208 int retry_time = 2000;
210 struct packet_struct p;
211 struct packet_struct *p2;
212 struct nmb_packet *nmb = &p.packet.nmb;
213 NODE_STATUS_STRUCT *ret;
217 nmb->header.name_trn_id = generate_trn_id();
218 nmb->header.opcode = 0;
219 nmb->header.response = False;
220 nmb->header.nm_flags.bcast = False;
221 nmb->header.nm_flags.recursion_available = False;
222 nmb->header.nm_flags.recursion_desired = False;
223 nmb->header.nm_flags.trunc = False;
224 nmb->header.nm_flags.authoritative = False;
225 nmb->header.rcode = 0;
226 nmb->header.qdcount = 1;
227 nmb->header.ancount = 0;
228 nmb->header.nscount = 0;
229 nmb->header.arcount = 0;
230 nmb->question.question_name = *name;
231 nmb->question.question_type = 0x21;
232 nmb->question.question_class = 0x1;
237 p.timestamp = time(NULL);
238 p.packet_type = NMB_PACKET;
242 if (!send_packet(&p))
248 struct timeval tval2;
249 GetTimeOfDay(&tval2);
250 if (TvalDiff(&tval,&tval2) > retry_time) {
253 if (!found && !send_packet(&p))
259 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
260 struct nmb_packet *nmb2 = &p2->packet.nmb;
261 debug_nmb_packet(p2);
263 if (nmb2->header.opcode != 0 ||
264 nmb2->header.nm_flags.bcast ||
265 nmb2->header.rcode ||
266 !nmb2->header.ancount ||
267 nmb2->answers->rr_type != 0x21) {
268 /* XXXX what do we do with this? could be a
269 redirect, but we'll discard it for the
275 ret = parse_node_status(&nmb2->answers->rdata[0], num_names, extra);
284 /****************************************************************************
285 Find the first type XX name in a node status reply - used for finding
286 a servers name given its IP. Return the matched name in *name.
287 **************************************************************************/
289 BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, fstring name)
291 NODE_STATUS_STRUCT *status = NULL;
292 struct nmb_name nname;
297 if (lp_disable_netbios()) {
298 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n", q_name, q_type));
302 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
303 q_type, inet_ntoa(to_ip)));
305 /* Check the cache first. */
307 if (namecache_status_fetch(q_name, q_type, type, to_ip, name))
310 sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True);
314 /* W2K PDC's seem not to respond to '*'#0. JRA */
315 make_nmb_name(&nname, q_name, q_type);
316 status = node_status_query(sock, &nname, to_ip, &count, NULL);
321 for (i=0;i<count;i++) {
322 if (status[i].type == type)
328 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
330 /* Store the result in the cache. */
331 /* but don't store an entry for 0x1c names here. Here we have
332 a single host and DOMAIN<0x1c> names should be a list of hosts */
334 if ( q_type != 0x1c )
335 namecache_status_store(q_name, q_type, type, to_ip, name);
342 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
345 DEBUGADD(10, (", name %s ip address is %s", name, inet_ntoa(to_ip)));
353 comparison function used by sort_ip_list
356 static int ip_compare(struct in_addr *ip1, struct in_addr *ip2)
358 int max_bits1=0, max_bits2=0;
359 int num_interfaces = iface_count();
362 for (i=0;i<num_interfaces;i++) {
365 ip = *iface_n_bcast(i);
366 bits1 = matching_quad_bits((uchar *)&ip1->s_addr, (uchar *)&ip.s_addr);
367 bits2 = matching_quad_bits((uchar *)&ip2->s_addr, (uchar *)&ip.s_addr);
368 max_bits1 = MAX(bits1, max_bits1);
369 max_bits2 = MAX(bits2, max_bits2);
372 /* bias towards directly reachable IPs */
373 if (iface_local(*ip1)) {
376 if (iface_local(*ip2)) {
380 return max_bits2 - max_bits1;
383 /*******************************************************************
384 compare 2 ldap IPs by nearness to our interfaces - used in qsort
385 *******************************************************************/
387 int ip_service_compare(struct ip_service *ip1, struct ip_service *ip2)
391 if ( (result = ip_compare(&ip1->ip, &ip2->ip)) != 0 )
394 if ( ip1->port > ip2->port )
397 if ( ip1->port < ip2->port )
404 sort an IP list so that names that are close to one of our interfaces
405 are at the top. This prevents the problem where a WINS server returns an IP that
406 is not reachable from our subnet as the first match
409 static void sort_ip_list(struct in_addr *iplist, int count)
415 qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
418 static void sort_ip_list2(struct ip_service *iplist, int count)
424 qsort(iplist, count, sizeof(struct ip_service), QSORT_CAST ip_service_compare);
427 /**********************************************************************
428 Remove any duplicate address/port pairs in the list
429 *********************************************************************/
431 static int remove_duplicate_addrs2( struct ip_service *iplist, int count )
435 DEBUG(10,("remove_duplicate_addrs2: looking for duplicate address/port pairs\n"));
437 /* one loop to remove duplicates */
438 for ( i=0; i<count; i++ ) {
439 if ( is_zero_ip(iplist[i].ip) )
442 for ( j=i+1; j<count; j++ ) {
443 if ( ip_service_equal(iplist[i], iplist[j]) )
444 zero_ip(&iplist[j].ip);
448 /* one loop to clean up any holes we left */
449 /* first ip should never be a zero_ip() */
450 for (i = 0; i<count; ) {
451 if ( is_zero_ip(iplist[i].ip) ) {
453 memmove(&iplist[i], &iplist[i+1], (count - i - 1)*sizeof(iplist[i]));
463 /****************************************************************************
464 Do a netbios name query to find someones IP.
465 Returns an array of IP addresses or NULL if none.
466 *count will be set to the number of addresses returned.
467 *timed_out is set if we failed by timing out
468 ****************************************************************************/
470 struct in_addr *name_query(int fd,const char *name,int name_type,
471 BOOL bcast,BOOL recurse,
472 struct in_addr to_ip, int *count, int *flags,
477 int retry_time = bcast?250:2000;
479 struct packet_struct p;
480 struct packet_struct *p2;
481 struct nmb_packet *nmb = &p.packet.nmb;
482 struct in_addr *ip_list = NULL;
484 if (lp_disable_netbios()) {
485 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n", name, name_type));
493 memset((char *)&p,'\0',sizeof(p));
497 nmb->header.name_trn_id = generate_trn_id();
498 nmb->header.opcode = 0;
499 nmb->header.response = False;
500 nmb->header.nm_flags.bcast = bcast;
501 nmb->header.nm_flags.recursion_available = False;
502 nmb->header.nm_flags.recursion_desired = recurse;
503 nmb->header.nm_flags.trunc = False;
504 nmb->header.nm_flags.authoritative = False;
505 nmb->header.rcode = 0;
506 nmb->header.qdcount = 1;
507 nmb->header.ancount = 0;
508 nmb->header.nscount = 0;
509 nmb->header.arcount = 0;
511 make_nmb_name(&nmb->question.question_name,name,name_type);
513 nmb->question.question_type = 0x20;
514 nmb->question.question_class = 0x1;
519 p.timestamp = time(NULL);
520 p.packet_type = NMB_PACKET;
524 if (!send_packet(&p))
530 struct timeval tval2;
532 GetTimeOfDay(&tval2);
533 if (TvalDiff(&tval,&tval2) > retry_time) {
536 if (!found && !send_packet(&p))
542 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
543 struct nmb_packet *nmb2 = &p2->packet.nmb;
544 debug_nmb_packet(p2);
546 /* If we get a Negative Name Query Response from a WINS
547 * server, we should report it and give up.
549 if( 0 == nmb2->header.opcode /* A query response */
550 && !(bcast) /* from a WINS server */
551 && nmb2->header.rcode /* Error returned */
554 if( DEBUGLVL( 3 ) ) {
555 /* Only executed if DEBUGLEVEL >= 3 */
556 dbgtext( "Negative name query response, rcode 0x%02x: ", nmb2->header.rcode );
557 switch( nmb2->header.rcode ) {
559 dbgtext( "Request was invalidly formatted.\n" );
562 dbgtext( "Problem with NBNS, cannot process name.\n");
565 dbgtext( "The name requested does not exist.\n" );
568 dbgtext( "Unsupported request error.\n" );
571 dbgtext( "Query refused error.\n" );
574 dbgtext( "Unrecognized error code.\n" );
582 if (nmb2->header.opcode != 0 ||
583 nmb2->header.nm_flags.bcast ||
584 nmb2->header.rcode ||
585 !nmb2->header.ancount) {
587 * XXXX what do we do with this? Could be a
588 * redirect, but we'll discard it for the
595 ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
596 (*count) + nmb2->answers->rdlength/6 );
599 DEBUG(0,("name_query: Realloc failed.\n"));
604 DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
605 for (i=0;i<nmb2->answers->rdlength/6;i++) {
606 putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
607 DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
614 /* We add the flags back ... */
615 if (nmb2->header.response)
616 (*flags) |= NM_FLAGS_RS;
617 if (nmb2->header.nm_flags.authoritative)
618 (*flags) |= NM_FLAGS_AA;
619 if (nmb2->header.nm_flags.trunc)
620 (*flags) |= NM_FLAGS_TC;
621 if (nmb2->header.nm_flags.recursion_desired)
622 (*flags) |= NM_FLAGS_RD;
623 if (nmb2->header.nm_flags.recursion_available)
624 (*flags) |= NM_FLAGS_RA;
625 if (nmb2->header.nm_flags.bcast)
626 (*flags) |= NM_FLAGS_B;
629 * If we're doing a unicast lookup we only
630 * expect one reply. Don't wait the full 2
631 * seconds if we got one. JRA.
638 /* only set timed_out if we didn't fund what we where looking for*/
640 if ( !found && timed_out ) {
644 /* sort the ip list so we choose close servers first if possible */
645 sort_ip_list(ip_list, *count);
650 /********************************************************
651 Start parsing the lmhosts file.
652 *********************************************************/
654 XFILE *startlmhosts(char *fname)
656 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
658 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. Error was %s\n",
659 fname, strerror(errno)));
665 /********************************************************
666 Parse the next line in the lmhosts file.
667 *********************************************************/
669 BOOL getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
673 while(!x_feof(fp) && !x_ferror(fp)) {
674 pstring ip,flags,extra;
681 if (!fgets_slash(line,sizeof(pstring),fp)) {
695 if (next_token(&ptr,ip ,NULL,sizeof(ip)))
697 if (next_token(&ptr,name ,NULL, sizeof(pstring)))
699 if (next_token(&ptr,flags,NULL, sizeof(flags)))
701 if (next_token(&ptr,extra,NULL, sizeof(extra)))
707 if (count > 0 && count < 2) {
708 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
713 DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
717 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
719 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
720 DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
724 *ipaddr = *interpret_addr2(ip);
726 /* Extra feature. If the name ends in '#XX', where XX is a hex number,
727 then only add that name type. */
728 if((ptr1 = strchr_m(name, '#')) != NULL) {
732 *name_type = (int)strtol(ptr1, &endptr, 16);
733 if(!*ptr1 || (endptr == ptr1)) {
734 DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
738 *(--ptr1) = '\0'; /* Truncate at the '#' */
747 /********************************************************
748 Finish parsing the lmhosts file.
749 *********************************************************/
751 void endlmhosts(XFILE *fp)
756 /********************************************************
757 convert an array if struct in_addrs to struct ip_service
758 return False on failure. Port is set to PORT_NONE;
759 *********************************************************/
761 static BOOL convert_ip2service( struct ip_service **return_iplist, struct in_addr *ip_list, int count )
765 if ( count==0 || !ip_list )
768 /* copy the ip address; port will be PORT_NONE */
769 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
770 DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
774 for ( i=0; i<count; i++ ) {
775 (*return_iplist)[i].ip = ip_list[i];
776 (*return_iplist)[i].port = PORT_NONE;
781 /********************************************************
782 Resolve via "bcast" method.
783 *********************************************************/
785 BOOL name_resolve_bcast(const char *name, int name_type,
786 struct ip_service **return_iplist, int *return_count)
789 int num_interfaces = iface_count();
790 struct in_addr *ip_list;
793 if (lp_disable_netbios()) {
794 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n", name, name_type));
798 *return_iplist = NULL;
802 * "bcast" means do a broadcast lookup on all the local interfaces.
805 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup for name %s<0x%x>\n", name, name_type));
807 sock = open_socket_in( SOCK_DGRAM, 0, 3,
808 interpret_addr(lp_socket_address()), True );
810 if (sock == -1) return False;
812 set_socket_options(sock,"SO_BROADCAST");
814 * Lookup the name on all the interfaces, return on
815 * the first successful match.
817 for( i = num_interfaces-1; i >= 0; i--) {
818 struct in_addr sendto_ip;
820 /* Done this way to fix compiler error on IRIX 5.x */
821 sendto_ip = *iface_n_bcast(i);
822 ip_list = name_query(sock, name, name_type, True,
823 True, sendto_ip, return_count, &flags, NULL);
828 /* failed - no response */
835 if ( !convert_ip2service(return_iplist, ip_list, *return_count) )
838 SAFE_FREE( ip_list );
843 /********************************************************
844 Resolve via "wins" method.
845 *********************************************************/
847 BOOL resolve_wins(const char *name, int name_type,
848 struct ip_service **return_iplist, int *return_count)
852 struct in_addr src_ip, *ip_list = NULL;
855 if (lp_disable_netbios()) {
856 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n", name, name_type));
860 *return_iplist = NULL;
863 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n", name, name_type));
865 if (wins_srv_count() < 1) {
866 DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n"));
870 /* we try a lookup on each of the WINS tags in turn */
871 wins_tags = wins_srv_tags();
874 /* huh? no tags?? give up in disgust */
878 /* the address we will be sending from */
879 src_ip = *interpret_addr2(lp_socket_address());
881 /* in the worst case we will try every wins server with every
883 for (t=0; wins_tags && wins_tags[t]; t++) {
884 int srv_count = wins_srv_count_tag(wins_tags[t]);
885 for (i=0; i<srv_count; i++) {
886 struct in_addr wins_ip;
890 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
892 if (global_in_nmbd && ismyip(wins_ip)) {
893 /* yikes! we'll loop forever */
897 /* skip any that have been unresponsive lately */
898 if (wins_srv_is_dead(wins_ip, src_ip)) {
902 DEBUG(3,("resolve_wins: using WINS server %s and tag '%s'\n", inet_ntoa(wins_ip), wins_tags[t]));
904 sock = open_socket_in(SOCK_DGRAM, 0, 3, src_ip.s_addr, True);
909 ip_list = name_query(sock,name,name_type, False,
910 True, wins_ip, return_count, &flags,
913 /* exit loop if we got a list of addresses */
921 /* Timed out wating for WINS server to respond. Mark it dead. */
922 wins_srv_died(wins_ip, src_ip);
924 /* The name definately isn't in this
925 group of WINS servers. goto the next group */
931 wins_srv_tags_free(wins_tags);
936 if ( !convert_ip2service( return_iplist, ip_list, *return_count ) )
939 SAFE_FREE( ip_list );
940 wins_srv_tags_free(wins_tags);
946 /********************************************************
947 Resolve via "lmhosts" method.
948 *********************************************************/
950 static BOOL resolve_lmhosts(const char *name, int name_type,
951 struct ip_service **return_iplist, int *return_count)
954 * "lmhosts" means parse the local lmhosts file.
960 struct in_addr return_ip;
963 *return_iplist = NULL;
966 DEBUG(3,("resolve_lmhosts: Attempting lmhosts lookup for name %s<0x%x>\n", name, name_type));
968 fp = startlmhosts(dyn_LMHOSTSFILE);
973 while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip))
976 if (!strequal(name, lmhost_name))
979 if ((name_type2 != -1) && (name_type != name_type2))
982 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist), struct ip_service,
985 if ((*return_iplist) == NULL) {
987 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
991 (*return_iplist)[*return_count].ip = return_ip;
992 (*return_iplist)[*return_count].port = PORT_NONE;
995 /* we found something */
998 /* Multiple names only for DC lookup */
999 if (name_type != 0x1c)
1009 /********************************************************
1010 Resolve via "hosts" method.
1011 *********************************************************/
1013 static BOOL resolve_hosts(const char *name, int name_type,
1014 struct ip_service **return_iplist, int *return_count)
1017 * "host" means do a localhost, or dns lookup.
1021 if ( name_type != 0x20 && name_type != 0x0) {
1022 DEBUG(5, ("resolve_hosts: not appropriate for name type <0x%x>\n", name_type));
1026 *return_iplist = NULL;
1029 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n", name, name_type));
1031 if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
1032 struct in_addr return_ip;
1033 putip((char *)&return_ip,(char *)hp->h_addr);
1034 *return_iplist = SMB_MALLOC_P(struct ip_service);
1035 if(*return_iplist == NULL) {
1036 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1039 (*return_iplist)->ip = return_ip;
1040 (*return_iplist)->port = PORT_NONE;
1047 /********************************************************
1048 Resolve via "ADS" method.
1049 *********************************************************/
1051 static BOOL resolve_ads(const char *name, int name_type,
1052 const char *sitename,
1053 struct ip_service **return_iplist, int *return_count)
1058 struct dns_rr_srv *dcs = NULL;
1062 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE))
1065 DEBUG(5,("resolve_ads: Attempting to resolve DC's for %s using DNS\n",
1068 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1069 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1073 if (name_type == KDC_NAME_TYPE) {
1074 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs, &numdcs);
1076 status = ads_dns_query_dcs(ctx, name, sitename, &dcs, &numdcs);
1078 if ( !NT_STATUS_IS_OK( status ) ) {
1079 talloc_destroy(ctx);
1083 for (i=0;i<numdcs;i++) {
1084 numaddrs += MAX(dcs[i].num_ips,1);
1087 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) == NULL ) {
1088 DEBUG(0,("resolve_ads: malloc failed for %d entries\n", numaddrs ));
1089 talloc_destroy(ctx);
1093 /* now unroll the list of IP addresses */
1098 while ( i < numdcs && (*return_count<numaddrs) ) {
1099 struct ip_service *r = &(*return_iplist)[*return_count];
1101 r->port = dcs[i].port;
1103 /* If we don't have an IP list for a name, lookup it up */
1105 if ( !dcs[i].ips ) {
1106 r->ip = *interpret_addr2(dcs[i].hostname);
1110 /* use the IP addresses from the SRV sresponse */
1112 if ( j >= dcs[i].num_ips ) {
1118 r->ip = dcs[i].ips[j];
1122 /* make sure it is a valid IP. I considered checking the negative
1123 connection cache, but this is the wrong place for it. Maybe only
1124 as a hac. After think about it, if all of the IP addresses retuend
1125 from DNS are dead, what hope does a netbios name lookup have?
1126 The standard reason for falling back to netbios lookups is that
1127 our DNS server doesn't know anything about the DC's -- jerry */
1129 if ( ! is_zero_ip(r->ip) )
1133 talloc_destroy(ctx);
1137 /*******************************************************************
1138 Internal interface to resolve a name into an IP address.
1139 Use this function if the string is either an IP address, DNS
1140 or host name or NetBIOS name. This uses the name switch in the
1141 smb.conf to determine the order of name resolution.
1143 Added support for ip addr/port to support ADS ldap servers.
1144 the only place we currently care about the port is in the
1145 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1146 **********************************************************************/
1148 BOOL internal_resolve_name(const char *name, int name_type,
1149 const char *sitename,
1150 struct ip_service **return_iplist,
1151 int *return_count, const char *resolve_order)
1153 pstring name_resolve_list;
1156 BOOL allones = (strcmp(name,"255.255.255.255") == 0);
1157 BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
1158 BOOL is_address = is_ipaddress(name);
1159 BOOL result = False;
1162 *return_iplist = NULL;
1165 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1166 name, name_type, sitename ? sitename : NULL));
1168 if (allzeros || allones || is_address) {
1170 if ( (*return_iplist = SMB_MALLOC_P(struct ip_service)) == NULL ) {
1171 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1176 /* ignore the port here */
1177 (*return_iplist)->port = PORT_NONE;
1179 /* if it's in the form of an IP address then get the lib to interpret it */
1180 if (((*return_iplist)->ip.s_addr = inet_addr(name)) == 0xFFFFFFFF ){
1181 DEBUG(1,("internal_resolve_name: inet_addr failed on %s\n", name));
1182 SAFE_FREE(*return_iplist);
1186 (*return_iplist)->ip.s_addr = allones ? 0xFFFFFFFF : 0;
1192 /* Check name cache */
1194 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1195 /* This could be a negative response */
1196 return (*return_count > 0);
1199 /* set the name resolution order */
1201 if ( strcmp( resolve_order, "NULL") == 0 ) {
1202 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1206 if ( !resolve_order ) {
1207 pstrcpy(name_resolve_list, lp_name_resolve_order());
1209 pstrcpy(name_resolve_list, resolve_order);
1212 if ( !name_resolve_list[0] ) {
1215 ptr = name_resolve_list;
1218 /* iterate through the name resolution backends */
1220 while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
1221 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1222 if (resolve_hosts(name, name_type, return_iplist, return_count)) {
1226 } else if(strequal( tok, "kdc")) {
1227 /* deal with KDC_NAME_TYPE names here. This will result in a
1228 SRV record lookup */
1229 if (resolve_ads(name, KDC_NAME_TYPE, sitename, return_iplist, return_count)) {
1231 /* Ensure we don't namecache this with the KDC port. */
1232 name_type = KDC_NAME_TYPE;
1235 } else if(strequal( tok, "ads")) {
1236 /* deal with 0x1c names here. This will result in a
1237 SRV record lookup */
1238 if (resolve_ads(name, name_type, sitename, return_iplist, return_count)) {
1242 } else if(strequal( tok, "lmhosts")) {
1243 if (resolve_lmhosts(name, name_type, return_iplist, return_count)) {
1247 } else if(strequal( tok, "wins")) {
1248 /* don't resolve 1D via WINS */
1249 if (name_type != 0x1D && resolve_wins(name, name_type, return_iplist, return_count)) {
1253 } else if(strequal( tok, "bcast")) {
1254 if (name_resolve_bcast(name, name_type, return_iplist, return_count)) {
1259 DEBUG(0,("resolve_name: unknown name switch type %s\n", tok));
1263 /* All of the resolve_* functions above have returned false. */
1265 SAFE_FREE(*return_iplist);
1272 /* Remove duplicate entries. Some queries, notably #1c (domain
1273 controllers) return the PDC in iplist[0] and then all domain
1274 controllers including the PDC in iplist[1..n]. Iterating over
1275 the iplist when the PDC is down will cause two sets of timeouts. */
1277 if ( *return_count ) {
1278 *return_count = remove_duplicate_addrs2( *return_iplist, *return_count );
1281 /* Save in name cache */
1282 if ( DEBUGLEVEL >= 100 ) {
1283 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
1284 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name,
1285 name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1288 namecache_store(name, name_type, *return_count, *return_iplist);
1290 /* Display some debugging info */
1292 if ( DEBUGLEVEL >= 10 ) {
1293 DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count));
1295 for (i = 0; i < *return_count; i++) {
1296 DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1304 /********************************************************
1305 Internal interface to resolve a name into one IP address.
1306 Use this function if the string is either an IP address, DNS
1307 or host name or NetBIOS name. This uses the name switch in the
1308 smb.conf to determine the order of name resolution.
1309 *********************************************************/
1311 BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
1313 struct ip_service *ip_list = NULL;
1314 char *sitename = sitename_fetch();
1317 if (is_ipaddress(name)) {
1318 *return_ip = *interpret_addr2(name);
1319 SAFE_FREE(sitename);
1323 if (internal_resolve_name(name, name_type, sitename, &ip_list, &count, lp_name_resolve_order())) {
1326 /* only return valid addresses for TCP connections */
1327 for (i=0; i<count; i++) {
1328 char *ip_str = inet_ntoa(ip_list[i].ip);
1330 strcmp(ip_str, "255.255.255.255") != 0 &&
1331 strcmp(ip_str, "0.0.0.0") != 0)
1333 *return_ip = ip_list[i].ip;
1335 SAFE_FREE(sitename);
1342 SAFE_FREE(sitename);
1346 /********************************************************
1347 Find the IP address of the master browser or DMB for a workgroup.
1348 *********************************************************/
1350 BOOL find_master_ip(const char *group, struct in_addr *master_ip)
1352 struct ip_service *ip_list = NULL;
1355 if (lp_disable_netbios()) {
1356 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1360 if (internal_resolve_name(group, 0x1D, NULL, &ip_list, &count, lp_name_resolve_order())) {
1361 *master_ip = ip_list[0].ip;
1365 if(internal_resolve_name(group, 0x1B, NULL, &ip_list, &count, lp_name_resolve_order())) {
1366 *master_ip = ip_list[0].ip;
1375 /********************************************************
1376 Get the IP address list of the primary domain controller
1378 *********************************************************/
1380 BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
1382 char *sitename = sitename_fetch();
1383 struct ip_service *ip_list = NULL;
1386 /* Look up #1B name */
1388 if (!internal_resolve_name(domain, 0x1b, sitename, &ip_list, &count, lp_name_resolve_order())) {
1389 SAFE_FREE(sitename);
1393 SAFE_FREE(sitename);
1395 /* if we get more than 1 IP back we have to assume it is a
1396 multi-homed PDC and not a mess up */
1399 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1400 sort_ip_list2( ip_list, count );
1403 *ip = ip_list[0].ip;
1410 /* Private enum type for lookups. */
1412 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1414 /********************************************************
1415 Get the IP address list of the domain controllers for
1417 *********************************************************/
1419 static NTSTATUS get_dc_list(const char *domain, const char *sitename, struct ip_service **ip_list,
1420 int *count, enum dc_lookup_type lookup_type, int *ordered)
1422 fstring resolve_order;
1423 char *saf_servername;
1429 int num_addresses = 0;
1430 int local_count, i, j;
1431 struct ip_service *return_iplist = NULL;
1432 struct ip_service *auto_ip_list = NULL;
1433 BOOL done_auto_lookup = False;
1438 /* if we are restricted to solely using DNS for looking
1439 up a domain controller, make sure that host lookups
1440 are enabled for the 'name resolve order'. If host lookups
1441 are disabled and ads_only is True, then set the string to
1444 fstrcpy( resolve_order, lp_name_resolve_order() );
1445 strlower_m( resolve_order );
1446 if ( lookup_type == DC_ADS_ONLY) {
1447 if ( strstr( resolve_order, "host" ) ) {
1448 fstrcpy( resolve_order, "ads" );
1450 /* DNS SRV lookups used by the ads resolver
1451 are already sorted by priority and weight */
1454 fstrcpy( resolve_order, "NULL" );
1456 } else if (lookup_type == DC_KDC_ONLY) {
1457 /* DNS SRV lookups used by the ads/kdc resolver
1458 are already sorted by priority and weight */
1460 fstrcpy( resolve_order, "kdc" );
1463 /* fetch the server we have affinity for. Add the
1464 'password server' list to a search for our domain controllers */
1466 saf_servername = saf_fetch( domain);
1468 if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
1469 pstr_sprintf( pserver, "%s, %s",
1470 saf_servername ? saf_servername : "",
1471 lp_passwordserver() );
1473 pstr_sprintf( pserver, "%s, *",
1474 saf_servername ? saf_servername : "" );
1477 SAFE_FREE( saf_servername );
1479 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1482 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1483 /* TODO: change return type of internal_resolve_name to
1485 if (internal_resolve_name(domain, 0x1C, sitename, ip_list, count,
1487 return NT_STATUS_OK;
1489 return NT_STATUS_NO_LOGON_SERVERS;
1493 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1496 * if '*' appears in the "password server" list then add
1497 * an auto lookup to the list of manually configured
1498 * DC's. If any DC is listed by name, then the list should be
1499 * considered to be ordered
1503 while (next_token(&p,name,LIST_SEP,sizeof(name))) {
1504 if (strequal(name, "*")) {
1505 if (internal_resolve_name(domain, 0x1C, sitename, &auto_ip_list,
1506 &auto_count, resolve_order))
1507 num_addresses += auto_count;
1508 done_auto_lookup = True;
1509 DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
1515 /* if we have no addresses and haven't done the auto lookup, then
1516 just return the list of DC's. Or maybe we just failed. */
1518 if ( (num_addresses == 0) ) {
1519 if ( done_auto_lookup ) {
1520 DEBUG(4,("get_dc_list: no servers found\n"));
1521 SAFE_FREE(auto_ip_list);
1522 return NT_STATUS_NO_LOGON_SERVERS;
1524 if (internal_resolve_name(domain, 0x1C, sitename, ip_list, count,
1526 return NT_STATUS_OK;
1528 return NT_STATUS_NO_LOGON_SERVERS;
1532 if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
1533 DEBUG(3,("get_dc_list: malloc fail !\n"));
1534 SAFE_FREE(auto_ip_list);
1535 return NT_STATUS_NO_MEMORY;
1541 /* fill in the return list now with real IP's */
1543 while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
1544 struct in_addr name_ip;
1546 /* copy any addersses from the auto lookup */
1548 if ( strequal(name, "*") ) {
1549 for ( j=0; j<auto_count; j++ ) {
1550 /* Check for and don't copy any known bad DC IP's. */
1551 if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1552 inet_ntoa(auto_ip_list[j].ip)))) {
1553 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
1554 inet_ntoa(auto_ip_list[j].ip) ));
1557 return_iplist[local_count].ip = auto_ip_list[j].ip;
1558 return_iplist[local_count].port = auto_ip_list[j].port;
1565 /* added support for address:port syntax for ads (not that I think
1566 anyone will ever run the LDAP server in an AD domain on something
1567 other than port 389 */
1569 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1570 if ( (port_str=strchr(name, ':')) != NULL ) {
1573 port = atoi( port_str );
1576 /* explicit lookup; resolve_name() will handle names & IP addresses */
1577 if ( resolve_name( name, &name_ip, 0x20 ) ) {
1579 /* Check for and don't copy any known bad DC IP's. */
1580 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
1581 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
1585 return_iplist[local_count].ip = name_ip;
1586 return_iplist[local_count].port = port;
1592 SAFE_FREE(auto_ip_list);
1594 /* need to remove duplicates in the list if we have any
1595 explicit password servers */
1597 if ( local_count ) {
1598 local_count = remove_duplicate_addrs2( return_iplist, local_count );
1601 if ( DEBUGLEVEL >= 4 ) {
1602 DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
1603 *ordered ? "":"un"));
1604 DEBUG(4,("get_dc_list: "));
1605 for ( i=0; i<local_count; i++ )
1606 DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
1610 *ip_list = return_iplist;
1611 *count = local_count;
1613 return ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
1616 /*********************************************************************
1617 Small wrapper function to get the DC list and sort it if neccessary.
1618 *********************************************************************/
1620 NTSTATUS get_sorted_dc_list( const char *domain, const char *sitename, struct ip_service **ip_list, int *count, BOOL ads_only )
1624 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
1626 DEBUG(8,("get_sorted_dc_list: attempting lookup for name %s (sitename %s) "
1629 sitename ? sitename : "NULL",
1630 (ads_only ? "ads" : lp_name_resolve_order())));
1633 lookup_type = DC_ADS_ONLY;
1636 status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered);
1637 if (!NT_STATUS_IS_OK(status)) {
1641 /* only sort if we don't already have an ordered list */
1643 sort_ip_list2( *ip_list, *count );
1646 return NT_STATUS_OK;
1649 /*********************************************************************
1650 Get the KDC list - re-use all the logic in get_dc_list.
1651 *********************************************************************/
1653 NTSTATUS get_kdc_list( const char *realm, const char *sitename, struct ip_service **ip_list, int *count)
1661 status = get_dc_list(realm, sitename, ip_list, count, DC_KDC_ONLY, &ordered);
1663 if (!NT_STATUS_IS_OK(status)) {
1667 /* only sort if we don't already have an ordered list */
1669 sort_ip_list2( *ip_list, *count );
1672 return NT_STATUS_OK;
git.samba.org / jra / samba / .git / blob