2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libads/sitename_cache.h"
23 #include "libads/dns.h"
24 #include "../libcli/netlogon.h"
25 #include "librpc/gen_ndr/messaging.h"
26 #include "lib/async_req/async_sock.h"
28 /* nmbd.c sets this to True. */
29 bool global_in_nmbd = False;
31 /****************************
32 * SERVER AFFINITY ROUTINES *
33 ****************************/
35 /* Server affinity is the concept of preferring the last domain
36 controller with whom you had a successful conversation */
38 /****************************************************************************
39 ****************************************************************************/
40 #define SAFKEY_FMT "SAF/DOMAIN/%s"
42 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
43 #define SAFJOIN_TTL 3600
45 static char *saf_key(const char *domain)
49 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
54 static char *saf_join_key(const char *domain)
58 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
63 /****************************************************************************
64 ****************************************************************************/
66 bool saf_store( const char *domain, const char *servername )
72 if ( !domain || !servername ) {
73 DEBUG(2,("saf_store: "
74 "Refusing to store empty domain or servername!\n"));
78 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
79 DEBUG(0,("saf_store: "
80 "refusing to store 0 length domain or servername!\n"));
84 key = saf_key( domain );
85 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
87 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
88 domain, servername, (unsigned int)expire ));
90 ret = gencache_set( key, servername, expire );
97 bool saf_join_store( const char *domain, const char *servername )
103 if ( !domain || !servername ) {
104 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
108 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
109 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
113 key = saf_join_key( domain );
114 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
116 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
117 domain, servername, (unsigned int)expire ));
119 ret = gencache_set( key, servername, expire );
126 bool saf_delete( const char *domain )
132 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
136 key = saf_join_key(domain);
137 ret = gencache_del(key);
141 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
144 key = saf_key(domain);
145 ret = gencache_del(key);
149 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
155 /****************************************************************************
156 ****************************************************************************/
158 char *saf_fetch( const char *domain )
165 if ( !domain || strlen(domain) == 0) {
166 DEBUG(2,("saf_fetch: Empty domain name!\n"));
170 key = saf_join_key( domain );
172 ret = gencache_get( key, &server, &timeout );
177 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
182 key = saf_key( domain );
184 ret = gencache_get( key, &server, &timeout );
189 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
192 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
199 /****************************************************************************
200 Generate a random trn_id.
201 ****************************************************************************/
203 static int generate_trn_id(void)
207 generate_random_buffer((uint8 *)&id, sizeof(id));
209 return id % (unsigned)0x7FFF;
212 /****************************************************************************
213 Parse a node status response into an array of structures.
214 ****************************************************************************/
216 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
218 struct node_status_extra *extra)
220 struct node_status *ret;
223 *num_names = CVAL(p,0);
228 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
233 for (i=0;i< *num_names;i++) {
234 StrnCpy(ret[i].name,p,15);
235 trim_char(ret[i].name,'\0',' ');
236 ret[i].type = CVAL(p,15);
237 ret[i].flags = p[16];
239 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
240 ret[i].type, ret[i].flags));
243 * Also, pick up the MAC address ...
246 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
251 struct sock_packet_read_state {
252 struct tevent_context *ev;
253 enum packet_type type;
256 struct nb_packet_reader *reader;
257 struct tevent_req *reader_req;
260 struct tevent_req *socket_req;
262 struct sockaddr_storage addr;
265 bool (*validator)(struct packet_struct *p,
269 struct packet_struct *packet;
272 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s);
273 static void sock_packet_read_got_packet(struct tevent_req *subreq);
274 static void sock_packet_read_got_socket(struct tevent_req *subreq);
276 static struct tevent_req *sock_packet_read_send(
278 struct tevent_context *ev,
279 int sock, /* dgram socket */
280 struct nb_packet_reader *reader,
281 enum packet_type type,
283 bool (*validator)(struct packet_struct *p, void *private_data),
286 struct tevent_req *req;
287 struct sock_packet_read_state *state;
289 req = tevent_req_create(mem_ctx, &state,
290 struct sock_packet_read_state);
294 talloc_set_destructor(state, sock_packet_read_state_destructor);
296 state->reader = reader;
299 state->trn_id = trn_id;
300 state->validator = validator;
301 state->private_data = private_data;
303 if (reader != NULL) {
304 state->reader_req = nb_packet_read_send(state, ev, reader);
305 if (tevent_req_nomem(state->reader_req, req)) {
306 return tevent_req_post(req, ev);
308 tevent_req_set_callback(
309 state->reader_req, sock_packet_read_got_packet, req);
312 state->addr_len = sizeof(state->addr);
313 state->socket_req = recvfrom_send(state, ev, sock,
314 state->buf, sizeof(state->buf), 0,
315 &state->addr, &state->addr_len);
316 if (tevent_req_nomem(state->socket_req, req)) {
317 return tevent_req_post(req, ev);
319 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
325 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s)
327 if (s->packet != NULL) {
328 free_packet(s->packet);
334 static void sock_packet_read_got_packet(struct tevent_req *subreq)
336 struct tevent_req *req = tevent_req_callback_data(
337 subreq, struct tevent_req);
338 struct sock_packet_read_state *state = tevent_req_data(
339 req, struct sock_packet_read_state);
342 status = nb_packet_read_recv(subreq, &state->packet);
344 TALLOC_FREE(state->reader_req);
346 if (!NT_STATUS_IS_OK(status)) {
347 if (state->socket_req != NULL) {
349 * Still waiting for socket
354 * Both socket and packet reader failed
356 tevent_req_nterror(req, status);
360 if ((state->validator != NULL) &&
361 !state->validator(state->packet, state->private_data)) {
362 DEBUG(10, ("validator failed\n"));
364 free_packet(state->packet);
365 state->packet = NULL;
367 state->reader_req = nb_packet_read_send(state, state->ev,
369 if (tevent_req_nomem(state->reader_req, req)) {
372 tevent_req_set_callback(
373 state->reader_req, sock_packet_read_got_packet, req);
377 TALLOC_FREE(state->socket_req);
378 tevent_req_done(req);
381 static void sock_packet_read_got_socket(struct tevent_req *subreq)
383 struct tevent_req *req = tevent_req_callback_data(
384 subreq, struct tevent_req);
385 struct sock_packet_read_state *state = tevent_req_data(
386 req, struct sock_packet_read_state);
387 struct sockaddr_in *in_addr;
391 received = recvfrom_recv(subreq, &err);
393 TALLOC_FREE(state->socket_req);
395 if (received == -1) {
396 if (state->reader_req != NULL) {
398 * Still waiting for reader
403 * Both socket and reader failed
405 tevent_req_nterror(req, map_nt_error_from_unix(err));
408 if (state->addr.ss_family != AF_INET) {
411 in_addr = (struct sockaddr_in *)(void *)&state->addr;
413 state->packet = parse_packet((char *)state->buf, received, state->type,
414 in_addr->sin_addr, in_addr->sin_port);
415 if (state->packet == NULL) {
416 DEBUG(10, ("parse_packet failed\n"));
419 if ((state->trn_id != -1) &&
420 (state->trn_id != packet_trn_id(state->packet))) {
421 DEBUG(10, ("Expected transaction id %d, got %d\n",
422 state->trn_id, packet_trn_id(state->packet)));
426 if ((state->validator != NULL) &&
427 !state->validator(state->packet, state->private_data)) {
428 DEBUG(10, ("validator failed\n"));
432 tevent_req_done(req);
436 if (state->packet != NULL) {
437 free_packet(state->packet);
438 state->packet = NULL;
440 state->socket_req = recvfrom_send(state, state->ev, state->sock,
441 state->buf, sizeof(state->buf), 0,
442 &state->addr, &state->addr_len);
443 if (tevent_req_nomem(state->socket_req, req)) {
446 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
450 static NTSTATUS sock_packet_read_recv(struct tevent_req *req,
451 struct packet_struct **ppacket)
453 struct sock_packet_read_state *state = tevent_req_data(
454 req, struct sock_packet_read_state);
457 if (tevent_req_is_nterror(req, &status)) {
460 *ppacket = state->packet;
461 state->packet = NULL;
465 struct nb_trans_state {
466 struct tevent_context *ev;
468 struct nb_packet_reader *reader;
470 const struct sockaddr_storage *dst_addr;
473 enum packet_type type;
476 bool (*validator)(struct packet_struct *p,
480 struct packet_struct *packet;
483 static int nb_trans_state_destructor(struct nb_trans_state *s);
484 static void nb_trans_got_reader(struct tevent_req *subreq);
485 static void nb_trans_done(struct tevent_req *subreq);
486 static void nb_trans_sent(struct tevent_req *subreq);
487 static void nb_trans_send_next(struct tevent_req *subreq);
489 static struct tevent_req *nb_trans_send(
491 struct tevent_context *ev,
492 const struct sockaddr_storage *my_addr,
493 const struct sockaddr_storage *dst_addr,
495 uint8_t *buf, size_t buflen,
496 enum packet_type type, int trn_id,
497 bool (*validator)(struct packet_struct *p,
501 struct tevent_req *req, *subreq;
502 struct nb_trans_state *state;
504 req = tevent_req_create(mem_ctx, &state, struct nb_trans_state);
508 talloc_set_destructor(state, nb_trans_state_destructor);
510 state->dst_addr = dst_addr;
512 state->buflen = buflen;
514 state->trn_id = trn_id;
515 state->validator = validator;
516 state->private_data = private_data;
518 state->sock = open_socket_in(SOCK_DGRAM, 0, 3, my_addr, True);
519 if (state->sock == -1) {
520 tevent_req_nterror(req, map_nt_error_from_unix(errno));
521 DEBUG(10, ("open_socket_in failed: %s\n", strerror(errno)));
522 return tevent_req_post(req, ev);
526 set_socket_options(state->sock,"SO_BROADCAST");
529 subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
530 if (tevent_req_nomem(subreq, req)) {
531 return tevent_req_post(req, ev);
533 tevent_req_set_callback(subreq, nb_trans_got_reader, req);
537 static int nb_trans_state_destructor(struct nb_trans_state *s)
543 if (s->packet != NULL) {
544 free_packet(s->packet);
550 static void nb_trans_got_reader(struct tevent_req *subreq)
552 struct tevent_req *req = tevent_req_callback_data(
553 subreq, struct tevent_req);
554 struct nb_trans_state *state = tevent_req_data(
555 req, struct nb_trans_state);
558 status = nb_packet_reader_recv(subreq, state, &state->reader);
561 if (!NT_STATUS_IS_OK(status)) {
562 DEBUG(10, ("nmbd not around\n"));
563 state->reader = NULL;
566 subreq = sock_packet_read_send(
567 state, state->ev, state->sock,
568 state->reader, state->type, state->trn_id,
569 state->validator, state->private_data);
570 if (tevent_req_nomem(subreq, req)) {
573 tevent_req_set_callback(subreq, nb_trans_done, req);
575 #if !DEBUG_UNEXPECTED
576 subreq = sendto_send(state, state->ev, state->sock,
577 state->buf, state->buflen, 0, state->dst_addr);
578 if (tevent_req_nomem(subreq, req)) {
581 tevent_req_set_callback(subreq, nb_trans_sent, req);
585 static void nb_trans_sent(struct tevent_req *subreq)
587 struct tevent_req *req = tevent_req_callback_data(
588 subreq, struct tevent_req);
589 struct nb_trans_state *state = tevent_req_data(
590 req, struct nb_trans_state);
594 sent = sendto_recv(subreq, &err);
597 DEBUG(10, ("sendto failed: %s\n", strerror(err)));
598 tevent_req_nterror(req, map_nt_error_from_unix(err));
601 subreq = tevent_wakeup_send(state, state->ev,
602 timeval_current_ofs(1, 0));
603 if (tevent_req_nomem(subreq, req)) {
606 tevent_req_set_callback(subreq, nb_trans_send_next, req);
609 static void nb_trans_send_next(struct tevent_req *subreq)
611 struct tevent_req *req = tevent_req_callback_data(
612 subreq, struct tevent_req);
613 struct nb_trans_state *state = tevent_req_data(
614 req, struct nb_trans_state);
617 ret = tevent_wakeup_recv(subreq);
620 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
623 subreq = sendto_send(state, state->ev, state->sock,
624 state->buf, state->buflen, 0, state->dst_addr);
625 if (tevent_req_nomem(subreq, req)) {
628 tevent_req_set_callback(subreq, nb_trans_sent, req);
631 static void nb_trans_done(struct tevent_req *subreq)
633 struct tevent_req *req = tevent_req_callback_data(
634 subreq, struct tevent_req);
635 struct nb_trans_state *state = tevent_req_data(
636 req, struct nb_trans_state);
639 status = sock_packet_read_recv(subreq, &state->packet);
641 if (tevent_req_nterror(req, status)) {
644 tevent_req_done(req);
647 static NTSTATUS nb_trans_recv(struct tevent_req *req,
648 struct packet_struct **ppacket)
650 struct nb_trans_state *state = tevent_req_data(
651 req, struct nb_trans_state);
654 if (tevent_req_is_nterror(req, &status)) {
657 *ppacket = state->packet;
658 state->packet = NULL;
662 /****************************************************************************
663 Try and send a request to nmbd to send a packet_struct packet first.
664 If this fails, use send_packet().
665 **************************************************************************/
667 static bool send_packet_request(struct packet_struct *p)
669 struct messaging_context *msg_ctx = server_messaging_context();
671 pid_t nmbd_pid = pidfile_pid("nmbd");
675 if (NT_STATUS_IS_OK(messaging_send_buf(msg_ctx,
676 pid_to_procid(nmbd_pid),
679 sizeof(struct packet_struct)))) {
685 return send_packet(p);
688 /****************************************************************************
689 Do a NBT node status query on an open socket and return an array of
690 structures holding the returned names or NULL if the query failed.
691 **************************************************************************/
693 struct node_status_query_state {
694 struct sockaddr_storage my_addr;
695 struct sockaddr_storage addr;
698 struct packet_struct *packet;
701 static int node_status_query_state_destructor(
702 struct node_status_query_state *s);
703 static bool node_status_query_validator(struct packet_struct *p,
705 static void node_status_query_done(struct tevent_req *subreq);
707 struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
708 struct tevent_context *ev,
709 struct nmb_name *name,
710 const struct sockaddr_storage *addr)
712 struct tevent_req *req, *subreq;
713 struct node_status_query_state *state;
714 struct packet_struct p;
715 struct nmb_packet *nmb = &p.packet.nmb;
716 struct sockaddr_in *in_addr;
718 req = tevent_req_create(mem_ctx, &state,
719 struct node_status_query_state);
723 talloc_set_destructor(state, node_status_query_state_destructor);
725 if (addr->ss_family != AF_INET) {
726 /* Can't do node status to IPv6 */
727 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
728 return tevent_req_post(req, ev);
732 in_addr = (struct sockaddr_in *)(void *)&state->addr;
733 in_addr->sin_port = htons(NMB_PORT);
735 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
736 AI_NUMERICHOST|AI_PASSIVE)) {
737 zero_sockaddr(&state->my_addr);
741 nmb->header.name_trn_id = generate_trn_id();
742 nmb->header.opcode = 0;
743 nmb->header.response = false;
744 nmb->header.nm_flags.bcast = false;
745 nmb->header.nm_flags.recursion_available = false;
746 nmb->header.nm_flags.recursion_desired = false;
747 nmb->header.nm_flags.trunc = false;
748 nmb->header.nm_flags.authoritative = false;
749 nmb->header.rcode = 0;
750 nmb->header.qdcount = 1;
751 nmb->header.ancount = 0;
752 nmb->header.nscount = 0;
753 nmb->header.arcount = 0;
754 nmb->question.question_name = *name;
755 nmb->question.question_type = 0x21;
756 nmb->question.question_class = 0x1;
759 p.ip = in_addr->sin_addr;
763 p.timestamp = time(NULL);
764 p.packet_type = NMB_PACKET;
767 pid_t nmbd_pid = pidfile_pid("nmbd");
770 struct messaging_context *msg_ctx = messaging_init(
771 state, procid_self(), ev);
773 messaging_send_buf(msg_ctx,
774 pid_to_procid(nmbd_pid),
777 sizeof(struct packet_struct));
778 TALLOC_FREE(msg_ctx);
783 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
785 if (state->buflen == 0) {
786 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
787 DEBUG(10, ("build_packet failed\n"));
788 return tevent_req_post(req, ev);
791 subreq = nb_trans_send(state, ev, &state->my_addr, addr, false,
792 state->buf, state->buflen,
793 NMB_PACKET, nmb->header.name_trn_id,
794 node_status_query_validator, NULL);
795 if (tevent_req_nomem(subreq, req)) {
796 DEBUG(10, ("nb_trans_send failed\n"));
797 return tevent_req_post(req, ev);
799 if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(10, 0))) {
800 return tevent_req_post(req, ev);
802 tevent_req_set_callback(subreq, node_status_query_done, req);
806 static bool node_status_query_validator(struct packet_struct *p,
809 struct nmb_packet *nmb = &p->packet.nmb;
812 if (nmb->header.opcode != 0 ||
813 nmb->header.nm_flags.bcast ||
815 !nmb->header.ancount ||
816 nmb->answers->rr_type != 0x21) {
818 * XXXX what do we do with this? could be a redirect,
819 * but we'll discard it for the moment
826 static int node_status_query_state_destructor(
827 struct node_status_query_state *s)
829 if (s->packet != NULL) {
830 free_packet(s->packet);
836 static void node_status_query_done(struct tevent_req *subreq)
838 struct tevent_req *req = tevent_req_callback_data(
839 subreq, struct tevent_req);
840 struct node_status_query_state *state = tevent_req_data(
841 req, struct node_status_query_state);
844 status = nb_trans_recv(subreq, &state->packet);
846 if (tevent_req_nterror(req, status)) {
849 tevent_req_done(req);
852 NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
853 struct node_status **pnode_status,
855 struct node_status_extra *extra)
857 struct node_status_query_state *state = tevent_req_data(
858 req, struct node_status_query_state);
859 struct node_status *node_status;
863 if (tevent_req_is_nterror(req, &status)) {
866 node_status = parse_node_status(
867 mem_ctx, &state->packet->packet.nmb.answers->rdata[0],
869 if (node_status == NULL) {
870 return NT_STATUS_NO_MEMORY;
872 *pnode_status = node_status;
873 *pnum_names = num_names;
877 NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
878 const struct sockaddr_storage *addr,
879 struct node_status **pnode_status,
881 struct node_status_extra *extra)
883 TALLOC_CTX *frame = talloc_stackframe();
884 struct tevent_context *ev;
885 struct tevent_req *req;
886 NTSTATUS status = NT_STATUS_NO_MEMORY;
888 ev = tevent_context_init(frame);
892 req = node_status_query_send(ev, ev, name, addr);
896 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
899 status = node_status_query_recv(req, mem_ctx, pnode_status,
906 /****************************************************************************
907 Find the first type XX name in a node status reply - used for finding
908 a servers name given its IP. Return the matched name in *name.
909 **************************************************************************/
911 bool name_status_find(const char *q_name,
914 const struct sockaddr_storage *to_ss,
917 char addr[INET6_ADDRSTRLEN];
918 struct sockaddr_storage ss;
919 struct node_status *addrs = NULL;
920 struct nmb_name nname;
925 if (lp_disable_netbios()) {
926 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
931 print_sockaddr(addr, sizeof(addr), to_ss);
933 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
936 /* Check the cache first. */
938 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
942 if (to_ss->ss_family != AF_INET) {
943 /* Can't do node status to IPv6 */
947 if (!interpret_string_addr(&ss, lp_socket_address(),
948 AI_NUMERICHOST|AI_PASSIVE)) {
952 /* W2K PDC's seem not to respond to '*'#0. JRA */
953 make_nmb_name(&nname, q_name, q_type);
954 status = node_status_query(talloc_tos(), &nname, to_ss,
955 &addrs, &count, NULL);
956 if (!NT_STATUS_IS_OK(status)) {
960 for (i=0;i<count;i++) {
961 /* Find first one of the requested type that's not a GROUP. */
962 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
968 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
970 /* Store the result in the cache. */
971 /* but don't store an entry for 0x1c names here. Here we have
972 a single host and DOMAIN<0x1c> names should be a list of hosts */
974 if ( q_type != 0x1c ) {
975 namecache_status_store(q_name, q_type, type, to_ss, name);
983 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
986 DEBUGADD(10, (", name %s ip address is %s", name, addr));
994 comparison function used by sort_addr_list
997 static int addr_compare(const struct sockaddr_storage *ss1,
998 const struct sockaddr_storage *ss2)
1000 int max_bits1=0, max_bits2=0;
1001 int num_interfaces = iface_count();
1004 /* Sort IPv4 addresses first. */
1005 if (ss1->ss_family != ss2->ss_family) {
1006 if (ss2->ss_family == AF_INET) {
1013 /* Here we know both addresses are of the same
1016 for (i=0;i<num_interfaces;i++) {
1017 const struct sockaddr_storage *pss = iface_n_bcast(i);
1018 unsigned char *p_ss1 = NULL;
1019 unsigned char *p_ss2 = NULL;
1020 unsigned char *p_if = NULL;
1024 if (pss->ss_family != ss1->ss_family) {
1025 /* Ignore interfaces of the wrong type. */
1028 if (pss->ss_family == AF_INET) {
1029 p_if = (unsigned char *)
1030 &((const struct sockaddr_in *)pss)->sin_addr;
1031 p_ss1 = (unsigned char *)
1032 &((const struct sockaddr_in *)ss1)->sin_addr;
1033 p_ss2 = (unsigned char *)
1034 &((const struct sockaddr_in *)ss2)->sin_addr;
1037 #if defined(HAVE_IPV6)
1038 if (pss->ss_family == AF_INET6) {
1039 p_if = (unsigned char *)
1040 &((const struct sockaddr_in6 *)pss)->sin6_addr;
1041 p_ss1 = (unsigned char *)
1042 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
1043 p_ss2 = (unsigned char *)
1044 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
1048 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
1051 bits1 = matching_len_bits(p_ss1, p_if, len);
1052 bits2 = matching_len_bits(p_ss2, p_if, len);
1053 max_bits1 = MAX(bits1, max_bits1);
1054 max_bits2 = MAX(bits2, max_bits2);
1057 /* Bias towards directly reachable IPs */
1058 if (iface_local((struct sockaddr *)ss1)) {
1059 if (ss1->ss_family == AF_INET) {
1065 if (iface_local((struct sockaddr *)ss2)) {
1066 if (ss2->ss_family == AF_INET) {
1072 return max_bits2 - max_bits1;
1075 /*******************************************************************
1076 compare 2 ldap IPs by nearness to our interfaces - used in qsort
1077 *******************************************************************/
1079 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
1083 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
1087 if (ss1->port > ss2->port) {
1091 if (ss1->port < ss2->port) {
1099 sort an IP list so that names that are close to one of our interfaces
1100 are at the top. This prevents the problem where a WINS server returns an IP
1101 that is not reachable from our subnet as the first match
1104 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
1110 TYPESAFE_QSORT(sslist, count, addr_compare);
1113 static void sort_service_list(struct ip_service *servlist, int count)
1119 TYPESAFE_QSORT(servlist, count, ip_service_compare);
1122 /**********************************************************************
1123 Remove any duplicate address/port pairs in the list
1124 *********************************************************************/
1126 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
1130 DEBUG(10,("remove_duplicate_addrs2: "
1131 "looking for duplicate address/port pairs\n"));
1133 /* one loop to remove duplicates */
1134 for ( i=0; i<count; i++ ) {
1135 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
1139 for ( j=i+1; j<count; j++ ) {
1140 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
1141 iplist[i].port == iplist[j].port) {
1142 zero_sockaddr(&iplist[j].ss);
1147 /* one loop to clean up any holes we left */
1148 /* first ip should never be a zero_ip() */
1149 for (i = 0; i<count; ) {
1150 if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
1152 memmove(&iplist[i], &iplist[i+1],
1153 (count - i - 1)*sizeof(iplist[i]));
1164 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
1166 TALLOC_CTX *frame = talloc_stackframe();
1167 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
1170 if (iplist_new == NULL) {
1177 /* Copy IPv4 first. */
1178 for (i = 0; i < count; i++) {
1179 if (iplist[i].ss.ss_family == AF_INET) {
1180 iplist_new[j++] = iplist[i];
1185 for (i = 0; i < count; i++) {
1186 if (iplist[i].ss.ss_family != AF_INET) {
1187 iplist_new[j++] = iplist[i];
1191 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
1196 /****************************************************************************
1197 Do a netbios name query to find someones IP.
1198 Returns an array of IP addresses or NULL if none.
1199 *count will be set to the number of addresses returned.
1200 *timed_out is set if we failed by timing out
1201 ****************************************************************************/
1203 NTSTATUS name_query(int fd,
1208 const struct sockaddr_storage *to_ss,
1209 TALLOC_CTX *mem_ctx,
1210 struct sockaddr_storage **addrs,
1217 int retry_time = bcast?250:2000;
1219 struct packet_struct p;
1220 struct packet_struct *p2;
1221 struct nmb_packet *nmb = &p.packet.nmb;
1222 struct sockaddr_storage *ss_list = NULL;
1224 if (lp_disable_netbios()) {
1225 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
1227 return NT_STATUS_NOT_FOUND;
1230 if (to_ss->ss_family != AF_INET) {
1231 return NT_STATUS_INVALID_ADDRESS;
1238 memset((char *)&p,'\0',sizeof(p));
1242 nmb->header.name_trn_id = generate_trn_id();
1243 nmb->header.opcode = 0;
1244 nmb->header.response = false;
1245 nmb->header.nm_flags.bcast = bcast;
1246 nmb->header.nm_flags.recursion_available = false;
1247 nmb->header.nm_flags.recursion_desired = recurse;
1248 nmb->header.nm_flags.trunc = false;
1249 nmb->header.nm_flags.authoritative = false;
1250 nmb->header.rcode = 0;
1251 nmb->header.qdcount = 1;
1252 nmb->header.ancount = 0;
1253 nmb->header.nscount = 0;
1254 nmb->header.arcount = 0;
1256 make_nmb_name(&nmb->question.question_name,name,name_type);
1258 nmb->question.question_type = 0x20;
1259 nmb->question.question_class = 0x1;
1261 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
1265 p.timestamp = time(NULL);
1266 p.packet_type = NMB_PACKET;
1268 clock_gettime_mono(&tp);
1270 if (!send_packet_request(&p))
1271 return NT_STATUS_NOT_FOUND;
1276 struct timespec tp2;
1278 clock_gettime_mono(&tp2);
1279 if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) {
1282 if (!found && !send_packet_request(&p))
1283 return NT_STATUS_NOT_FOUND;
1284 clock_gettime_mono(&tp);
1287 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
1288 struct nmb_packet *nmb2 = &p2->packet.nmb;
1289 debug_nmb_packet(p2);
1291 /* If we get a Negative Name Query Response from a WINS
1292 * server, we should report it and give up.
1294 if( 0 == nmb2->header.opcode /* A query response */
1295 && !(bcast) /* from a WINS server */
1296 && nmb2->header.rcode /* Error returned */
1299 if( DEBUGLVL( 3 ) ) {
1300 /* Only executed if DEBUGLEVEL >= 3 */
1301 dbgtext( "Negative name query "
1302 "response, rcode 0x%02x: ",
1303 nmb2->header.rcode );
1304 switch( nmb2->header.rcode ) {
1307 "was invalidly formatted.\n" );
1310 dbgtext( "Problem with NBNS, "
1311 "cannot process name.\n");
1314 dbgtext( "The name requested "
1315 "does not exist.\n" );
1318 dbgtext( "Unsupported request "
1322 dbgtext( "Query refused "
1326 dbgtext( "Unrecognized error "
1332 return NT_STATUS_NOT_FOUND;
1335 if (nmb2->header.opcode != 0 ||
1336 nmb2->header.nm_flags.bcast ||
1337 nmb2->header.rcode ||
1338 !nmb2->header.ancount) {
1340 * XXXX what do we do with this? Could be a
1341 * redirect, but we'll discard it for the
1348 ss_list = TALLOC_REALLOC_ARRAY(mem_ctx, ss_list,
1349 struct sockaddr_storage,
1351 nmb2->answers->rdlength/6);
1354 DEBUG(0,("name_query: Realloc failed.\n"));
1356 return NT_STATUS_NO_MEMORY;
1359 DEBUG(2,("Got a positive name query response "
1361 inet_ntoa(p2->ip)));
1363 for (i=0;i<nmb2->answers->rdlength/6;i++) {
1365 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
1366 in_addr_to_sockaddr_storage(&ss_list[(*count)],
1368 DEBUGADD(2,("%s ",inet_ntoa(ip)));
1371 DEBUGADD(2,(")\n"));
1375 /* We add the flags back ... */
1376 if (nmb2->header.response)
1377 (*flags) |= NM_FLAGS_RS;
1378 if (nmb2->header.nm_flags.authoritative)
1379 (*flags) |= NM_FLAGS_AA;
1380 if (nmb2->header.nm_flags.trunc)
1381 (*flags) |= NM_FLAGS_TC;
1382 if (nmb2->header.nm_flags.recursion_desired)
1383 (*flags) |= NM_FLAGS_RD;
1384 if (nmb2->header.nm_flags.recursion_available)
1385 (*flags) |= NM_FLAGS_RA;
1386 if (nmb2->header.nm_flags.bcast)
1387 (*flags) |= NM_FLAGS_B;
1390 * If we're doing a unicast lookup we only
1391 * expect one reply. Don't wait the full 2
1392 * seconds if we got one. JRA.
1399 /* only set timed_out if we didn't fund what we where looking for*/
1401 if ( !found && timed_out ) {
1405 /* sort the ip list so we choose close servers first if possible */
1406 sort_addr_list(ss_list, *count);
1409 return NT_STATUS_OK;
1412 /********************************************************
1413 convert an array if struct sockaddr_storage to struct ip_service
1414 return false on failure. Port is set to PORT_NONE;
1415 *********************************************************/
1417 static bool convert_ss2service(struct ip_service **return_iplist,
1418 const struct sockaddr_storage *ss_list,
1423 if ( count==0 || !ss_list )
1426 /* copy the ip address; port will be PORT_NONE */
1427 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
1429 DEBUG(0,("convert_ip2service: malloc failed "
1430 "for %d enetries!\n", count ));
1434 for ( i=0; i<count; i++ ) {
1435 (*return_iplist)[i].ss = ss_list[i];
1436 (*return_iplist)[i].port = PORT_NONE;
1442 /********************************************************
1443 Resolve via "bcast" method.
1444 *********************************************************/
1446 NTSTATUS name_resolve_bcast(const char *name,
1448 struct ip_service **return_iplist,
1452 int num_interfaces = iface_count();
1453 struct sockaddr_storage *ss_list;
1454 struct sockaddr_storage ss;
1455 NTSTATUS status = NT_STATUS_NOT_FOUND;
1457 if (lp_disable_netbios()) {
1458 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
1460 return NT_STATUS_INVALID_PARAMETER;
1463 *return_iplist = NULL;
1467 * "bcast" means do a broadcast lookup on all the local interfaces.
1470 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
1471 "for name %s<0x%x>\n", name, name_type));
1473 if (!interpret_string_addr(&ss, lp_socket_address(),
1474 AI_NUMERICHOST|AI_PASSIVE)) {
1478 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
1480 return map_nt_error_from_unix(errno);
1483 set_socket_options(sock,"SO_BROADCAST");
1485 * Lookup the name on all the interfaces, return on
1486 * the first successful match.
1488 for( i = num_interfaces-1; i >= 0; i--) {
1489 const struct sockaddr_storage *pss = iface_n_bcast(i);
1492 /* Done this way to fix compiler error on IRIX 5.x */
1496 status = name_query(sock, name, name_type, true, true, pss,
1497 talloc_tos(), &ss_list, return_count,
1499 if (NT_STATUS_IS_OK(status)) {
1504 /* failed - no response */
1511 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
1512 status = NT_STATUS_NO_MEMORY;
1514 TALLOC_FREE(ss_list);
1519 /********************************************************
1520 Resolve via "wins" method.
1521 *********************************************************/
1523 NTSTATUS resolve_wins(const char *name,
1525 struct ip_service **return_iplist,
1530 struct sockaddr_storage src_ss, *ss_list = NULL;
1531 struct in_addr src_ip;
1534 if (lp_disable_netbios()) {
1535 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1537 return NT_STATUS_INVALID_PARAMETER;
1540 *return_iplist = NULL;
1543 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1546 if (wins_srv_count() < 1) {
1547 DEBUG(3,("resolve_wins: WINS server resolution selected "
1548 "and no WINS servers listed.\n"));
1549 return NT_STATUS_INVALID_PARAMETER;
1552 /* we try a lookup on each of the WINS tags in turn */
1553 wins_tags = wins_srv_tags();
1556 /* huh? no tags?? give up in disgust */
1557 return NT_STATUS_INVALID_PARAMETER;
1560 /* the address we will be sending from */
1561 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1562 AI_NUMERICHOST|AI_PASSIVE)) {
1563 zero_sockaddr(&src_ss);
1566 if (src_ss.ss_family != AF_INET) {
1567 char addr[INET6_ADDRSTRLEN];
1568 print_sockaddr(addr, sizeof(addr), &src_ss);
1569 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1570 "on IPv6 address %s\n",
1572 wins_srv_tags_free(wins_tags);
1573 return NT_STATUS_INVALID_PARAMETER;
1576 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1578 /* in the worst case we will try every wins server with every
1580 for (t=0; wins_tags && wins_tags[t]; t++) {
1581 int srv_count = wins_srv_count_tag(wins_tags[t]);
1582 for (i=0; i<srv_count; i++) {
1583 struct sockaddr_storage wins_ss;
1584 struct in_addr wins_ip;
1588 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1590 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1591 /* yikes! we'll loop forever */
1595 /* skip any that have been unresponsive lately */
1596 if (wins_srv_is_dead(wins_ip, src_ip)) {
1600 DEBUG(3,("resolve_wins: using WINS server %s "
1602 inet_ntoa(wins_ip), wins_tags[t]));
1604 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1609 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1610 status = name_query(sock,
1622 /* exit loop if we got a list of addresses */
1624 if (NT_STATUS_IS_OK(status)) {
1631 /* Timed out waiting for WINS server to
1634 wins_srv_died(wins_ip, src_ip);
1636 /* The name definitely isn't in this
1637 group of WINS servers.
1638 goto the next group */
1644 wins_srv_tags_free(wins_tags);
1645 return NT_STATUS_NO_LOGON_SERVERS;
1649 status = NT_STATUS_OK;
1650 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1651 status = NT_STATUS_INVALID_PARAMETER;
1653 TALLOC_FREE(ss_list);
1654 wins_srv_tags_free(wins_tags);
1660 /********************************************************
1661 Resolve via "lmhosts" method.
1662 *********************************************************/
1664 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1665 struct ip_service **return_iplist,
1669 * "lmhosts" means parse the local lmhosts file.
1671 struct sockaddr_storage *ss_list;
1672 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1673 TALLOC_CTX *ctx = NULL;
1675 *return_iplist = NULL;
1678 DEBUG(3,("resolve_lmhosts: "
1679 "Attempting lmhosts lookup for name %s<0x%x>\n",
1682 ctx = talloc_init("resolve_lmhosts");
1684 return NT_STATUS_NO_MEMORY;
1687 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1692 if (NT_STATUS_IS_OK(status)) {
1693 if (convert_ss2service(return_iplist,
1697 return NT_STATUS_OK;
1700 return NT_STATUS_NO_MEMORY;
1708 /********************************************************
1709 Resolve via "hosts" method.
1710 *********************************************************/
1712 static NTSTATUS resolve_hosts(const char *name, int name_type,
1713 struct ip_service **return_iplist,
1717 * "host" means do a localhost, or dns lookup.
1719 struct addrinfo hints;
1720 struct addrinfo *ailist = NULL;
1721 struct addrinfo *res = NULL;
1725 if ( name_type != 0x20 && name_type != 0x0) {
1726 DEBUG(5, ("resolve_hosts: not appropriate "
1727 "for name type <0x%x>\n",
1729 return NT_STATUS_INVALID_PARAMETER;
1732 *return_iplist = NULL;
1735 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1739 /* By default make sure it supports TCP. */
1740 hints.ai_socktype = SOCK_STREAM;
1741 hints.ai_flags = AI_ADDRCONFIG;
1743 #if !defined(HAVE_IPV6)
1744 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1745 hints.ai_family = AF_INET;
1748 ret = getaddrinfo(name,
1753 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1755 gai_strerror(ret) ));
1758 for (res = ailist; res; res = res->ai_next) {
1759 struct sockaddr_storage ss;
1761 if (!res->ai_addr || res->ai_addrlen == 0) {
1766 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1770 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1773 if (!*return_iplist) {
1774 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1775 freeaddrinfo(ailist);
1776 return NT_STATUS_NO_MEMORY;
1778 (*return_iplist)[i].ss = ss;
1779 (*return_iplist)[i].port = PORT_NONE;
1783 freeaddrinfo(ailist);
1785 if (*return_count) {
1786 return NT_STATUS_OK;
1788 return NT_STATUS_UNSUCCESSFUL;
1791 /********************************************************
1792 Resolve via "ADS" method.
1793 *********************************************************/
1795 static NTSTATUS resolve_ads(const char *name,
1797 const char *sitename,
1798 struct ip_service **return_iplist,
1804 struct dns_rr_srv *dcs = NULL;
1808 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1809 (name_type != 0x1b)) {
1810 return NT_STATUS_INVALID_PARAMETER;
1813 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1814 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1815 return NT_STATUS_NO_MEMORY;
1818 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1820 switch (name_type) {
1822 DEBUG(5,("resolve_ads: Attempting to resolve "
1823 "PDC for %s using DNS\n", name));
1824 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1828 DEBUG(5,("resolve_ads: Attempting to resolve "
1829 "DCs for %s using DNS\n", name));
1830 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1834 DEBUG(5,("resolve_ads: Attempting to resolve "
1835 "KDCs for %s using DNS\n", name));
1836 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1840 status = NT_STATUS_INVALID_PARAMETER;
1844 if ( !NT_STATUS_IS_OK( status ) ) {
1845 talloc_destroy(ctx);
1849 for (i=0;i<numdcs;i++) {
1850 numaddrs += MAX(dcs[i].num_ips,1);
1853 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1855 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1857 talloc_destroy(ctx);
1858 return NT_STATUS_NO_MEMORY;
1861 /* now unroll the list of IP addresses */
1866 while ( i < numdcs && (*return_count<numaddrs) ) {
1867 struct ip_service *r = &(*return_iplist)[*return_count];
1869 r->port = dcs[i].port;
1871 /* If we don't have an IP list for a name, lookup it up */
1874 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1878 /* use the IP addresses from the SRV sresponse */
1880 if ( j >= dcs[i].num_ips ) {
1886 r->ss = dcs[i].ss_s[j];
1890 /* make sure it is a valid IP. I considered checking the
1891 * negative connection cache, but this is the wrong place
1892 * for it. Maybe only as a hack. After think about it, if
1893 * all of the IP addresses returned from DNS are dead, what
1894 * hope does a netbios name lookup have ? The standard reason
1895 * for falling back to netbios lookups is that our DNS server
1896 * doesn't know anything about the DC's -- jerry */
1898 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1903 talloc_destroy(ctx);
1904 return NT_STATUS_OK;
1907 /*******************************************************************
1908 Internal interface to resolve a name into an IP address.
1909 Use this function if the string is either an IP address, DNS
1910 or host name or NetBIOS name. This uses the name switch in the
1911 smb.conf to determine the order of name resolution.
1913 Added support for ip addr/port to support ADS ldap servers.
1914 the only place we currently care about the port is in the
1915 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1916 **********************************************************************/
1918 NTSTATUS internal_resolve_name(const char *name,
1920 const char *sitename,
1921 struct ip_service **return_iplist,
1923 const char *resolve_order)
1927 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1929 TALLOC_CTX *frame = NULL;
1931 *return_iplist = NULL;
1934 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1935 name, name_type, sitename ? sitename : "(null)"));
1937 if (is_ipaddress(name)) {
1938 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1940 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1941 return NT_STATUS_NO_MEMORY;
1944 /* ignore the port here */
1945 (*return_iplist)->port = PORT_NONE;
1947 /* if it's in the form of an IP address then get the lib to interpret it */
1948 if (!interpret_string_addr(&(*return_iplist)->ss,
1949 name, AI_NUMERICHOST)) {
1950 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1953 SAFE_FREE(*return_iplist);
1954 return NT_STATUS_INVALID_PARAMETER;
1957 return NT_STATUS_OK;
1960 /* Check name cache */
1962 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1963 /* This could be a negative response */
1964 if (*return_count > 0) {
1965 return NT_STATUS_OK;
1967 return NT_STATUS_UNSUCCESSFUL;
1971 /* set the name resolution order */
1973 if (strcmp( resolve_order, "NULL") == 0) {
1974 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1975 return NT_STATUS_INVALID_PARAMETER;
1978 if (!resolve_order[0]) {
1981 ptr = resolve_order;
1984 /* iterate through the name resolution backends */
1986 frame = talloc_stackframe();
1987 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1988 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1989 status = resolve_hosts(name, name_type, return_iplist,
1991 if (NT_STATUS_IS_OK(status)) {
1994 } else if(strequal( tok, "kdc")) {
1995 /* deal with KDC_NAME_TYPE names here.
1996 * This will result in a SRV record lookup */
1997 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1998 return_iplist, return_count);
1999 if (NT_STATUS_IS_OK(status)) {
2000 /* Ensure we don't namecache
2001 * this with the KDC port. */
2002 name_type = KDC_NAME_TYPE;
2005 } else if(strequal( tok, "ads")) {
2006 /* deal with 0x1c and 0x1b names here.
2007 * This will result in a SRV record lookup */
2008 status = resolve_ads(name, name_type, sitename,
2009 return_iplist, return_count);
2010 if (NT_STATUS_IS_OK(status)) {
2013 } else if(strequal( tok, "lmhosts")) {
2014 status = resolve_lmhosts(name, name_type,
2015 return_iplist, return_count);
2016 if (NT_STATUS_IS_OK(status)) {
2019 } else if(strequal( tok, "wins")) {
2020 /* don't resolve 1D via WINS */
2021 if (name_type != 0x1D) {
2022 status = resolve_wins(name, name_type,
2025 if (NT_STATUS_IS_OK(status)) {
2029 } else if(strequal( tok, "bcast")) {
2030 status = name_resolve_bcast(name, name_type,
2033 if (NT_STATUS_IS_OK(status)) {
2037 DEBUG(0,("resolve_name: unknown name switch type %s\n",
2042 /* All of the resolve_* functions above have returned false. */
2045 SAFE_FREE(*return_iplist);
2048 return NT_STATUS_UNSUCCESSFUL;
2052 /* Remove duplicate entries. Some queries, notably #1c (domain
2053 controllers) return the PDC in iplist[0] and then all domain
2054 controllers including the PDC in iplist[1..n]. Iterating over
2055 the iplist when the PDC is down will cause two sets of timeouts. */
2057 if ( *return_count ) {
2058 *return_count = remove_duplicate_addrs2(*return_iplist,
2062 /* Save in name cache */
2063 if ( DEBUGLEVEL >= 100 ) {
2064 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
2065 char addr[INET6_ADDRSTRLEN];
2066 print_sockaddr(addr, sizeof(addr),
2067 &(*return_iplist)[i].ss);
2068 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
2072 (*return_iplist)[i].port));
2076 namecache_store(name, name_type, *return_count, *return_iplist);
2078 /* Display some debugging info */
2080 if ( DEBUGLEVEL >= 10 ) {
2081 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
2084 for (i = 0; i < *return_count; i++) {
2085 char addr[INET6_ADDRSTRLEN];
2086 print_sockaddr(addr, sizeof(addr),
2087 &(*return_iplist)[i].ss);
2088 DEBUGADD(10, ("%s:%d ",
2090 (*return_iplist)[i].port));
2099 /********************************************************
2100 Internal interface to resolve a name into one IP address.
2101 Use this function if the string is either an IP address, DNS
2102 or host name or NetBIOS name. This uses the name switch in the
2103 smb.conf to determine the order of name resolution.
2104 *********************************************************/
2106 bool resolve_name(const char *name,
2107 struct sockaddr_storage *return_ss,
2111 struct ip_service *ss_list = NULL;
2112 char *sitename = NULL;
2115 if (is_ipaddress(name)) {
2116 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
2119 sitename = sitename_fetch(lp_realm()); /* wild guess */
2121 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
2123 lp_name_resolve_order()))) {
2127 for (i=0; i<count; i++) {
2128 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
2129 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
2130 (ss_list[i].ss.ss_family == AF_INET)) {
2131 *return_ss = ss_list[i].ss;
2133 SAFE_FREE(sitename);
2139 /* only return valid addresses for TCP connections */
2140 for (i=0; i<count; i++) {
2141 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
2142 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2143 *return_ss = ss_list[i].ss;
2145 SAFE_FREE(sitename);
2152 SAFE_FREE(sitename);
2156 /********************************************************
2157 Internal interface to resolve a name into a list of IP addresses.
2158 Use this function if the string is either an IP address, DNS
2159 or host name or NetBIOS name. This uses the name switch in the
2160 smb.conf to determine the order of name resolution.
2161 *********************************************************/
2163 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
2166 struct sockaddr_storage **return_ss_arr,
2167 unsigned int *p_num_entries)
2169 struct ip_service *ss_list = NULL;
2170 char *sitename = NULL;
2173 unsigned int num_entries;
2177 *return_ss_arr = NULL;
2179 if (is_ipaddress(name)) {
2180 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
2181 if (!*return_ss_arr) {
2182 return NT_STATUS_NO_MEMORY;
2184 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
2185 TALLOC_FREE(*return_ss_arr);
2186 return NT_STATUS_BAD_NETWORK_NAME;
2189 return NT_STATUS_OK;
2192 sitename = sitename_fetch(lp_realm()); /* wild guess */
2194 status = internal_resolve_name(name, name_type, sitename,
2196 lp_name_resolve_order());
2197 SAFE_FREE(sitename);
2199 if (!NT_STATUS_IS_OK(status)) {
2203 /* only return valid addresses for TCP connections */
2204 for (i=0, num_entries = 0; i<count; i++) {
2205 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
2206 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2210 if (num_entries == 0) {
2212 return NT_STATUS_BAD_NETWORK_NAME;
2215 *return_ss_arr = TALLOC_ARRAY(ctx,
2216 struct sockaddr_storage,
2218 if (!(*return_ss_arr)) {
2220 return NT_STATUS_NO_MEMORY;
2223 for (i=0, num_entries = 0; i<count; i++) {
2224 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
2225 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2226 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
2230 status = NT_STATUS_OK;
2231 *p_num_entries = num_entries;
2234 return NT_STATUS_OK;
2237 /********************************************************
2238 Find the IP address of the master browser or DMB for a workgroup.
2239 *********************************************************/
2241 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
2243 struct ip_service *ip_list = NULL;
2247 if (lp_disable_netbios()) {
2248 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
2252 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
2253 lp_name_resolve_order());
2254 if (NT_STATUS_IS_OK(status)) {
2255 *master_ss = ip_list[0].ss;
2260 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
2261 lp_name_resolve_order());
2262 if (NT_STATUS_IS_OK(status)) {
2263 *master_ss = ip_list[0].ss;
2272 /********************************************************
2273 Get the IP address list of the primary domain controller
2275 *********************************************************/
2277 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
2279 struct ip_service *ip_list = NULL;
2281 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
2283 /* Look up #1B name */
2285 if (lp_security() == SEC_ADS) {
2286 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2290 if (!NT_STATUS_IS_OK(status) || count == 0) {
2291 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2293 lp_name_resolve_order());
2294 if (!NT_STATUS_IS_OK(status)) {
2299 /* if we get more than 1 IP back we have to assume it is a
2300 multi-homed PDC and not a mess up */
2303 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
2304 sort_service_list(ip_list, count);
2307 *pss = ip_list[0].ss;
2312 /* Private enum type for lookups. */
2314 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
2316 /********************************************************
2317 Get the IP address list of the domain controllers for
2319 *********************************************************/
2321 static NTSTATUS get_dc_list(const char *domain,
2322 const char *sitename,
2323 struct ip_service **ip_list,
2325 enum dc_lookup_type lookup_type,
2328 char *resolve_order = NULL;
2329 char *saf_servername = NULL;
2330 char *pserver = NULL;
2332 char *port_str = NULL;
2335 int num_addresses = 0;
2336 int local_count, i, j;
2337 struct ip_service *return_iplist = NULL;
2338 struct ip_service *auto_ip_list = NULL;
2339 bool done_auto_lookup = false;
2342 TALLOC_CTX *ctx = talloc_init("get_dc_list");
2348 return NT_STATUS_NO_MEMORY;
2353 /* if we are restricted to solely using DNS for looking
2354 up a domain controller, make sure that host lookups
2355 are enabled for the 'name resolve order'. If host lookups
2356 are disabled and ads_only is True, then set the string to
2359 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
2360 if (!resolve_order) {
2361 status = NT_STATUS_NO_MEMORY;
2364 strlower_m(resolve_order);
2365 if (lookup_type == DC_ADS_ONLY) {
2366 if (strstr( resolve_order, "host")) {
2367 resolve_order = talloc_strdup(ctx, "ads");
2369 /* DNS SRV lookups used by the ads resolver
2370 are already sorted by priority and weight */
2373 resolve_order = talloc_strdup(ctx, "NULL");
2375 } else if (lookup_type == DC_KDC_ONLY) {
2376 /* DNS SRV lookups used by the ads/kdc resolver
2377 are already sorted by priority and weight */
2379 resolve_order = talloc_strdup(ctx, "kdc");
2381 if (!resolve_order) {
2382 status = NT_STATUS_NO_MEMORY;
2386 /* fetch the server we have affinity for. Add the
2387 'password server' list to a search for our domain controllers */
2389 saf_servername = saf_fetch( domain);
2391 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
2392 pserver = talloc_asprintf(ctx, "%s, %s",
2393 saf_servername ? saf_servername : "",
2394 lp_passwordserver());
2396 pserver = talloc_asprintf(ctx, "%s, *",
2397 saf_servername ? saf_servername : "");
2400 SAFE_FREE(saf_servername);
2402 status = NT_STATUS_NO_MEMORY;
2406 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
2409 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
2410 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2411 count, resolve_order);
2415 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
2418 * if '*' appears in the "password server" list then add
2419 * an auto lookup to the list of manually configured
2420 * DC's. If any DC is listed by name, then the list should be
2421 * considered to be ordered
2425 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2426 if (!done_auto_lookup && strequal(name, "*")) {
2427 status = internal_resolve_name(domain, 0x1C, sitename,
2431 if (NT_STATUS_IS_OK(status)) {
2432 num_addresses += auto_count;
2434 done_auto_lookup = true;
2435 DEBUG(8,("Adding %d DC's from auto lookup\n",
2442 /* if we have no addresses and haven't done the auto lookup, then
2443 just return the list of DC's. Or maybe we just failed. */
2445 if ((num_addresses == 0)) {
2446 if (done_auto_lookup) {
2447 DEBUG(4,("get_dc_list: no servers found\n"));
2448 status = NT_STATUS_NO_LOGON_SERVERS;
2451 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2452 count, resolve_order);
2456 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
2457 num_addresses)) == NULL) {
2458 DEBUG(3,("get_dc_list: malloc fail !\n"));
2459 status = NT_STATUS_NO_MEMORY;
2466 /* fill in the return list now with real IP's */
2468 while ((local_count<num_addresses) &&
2469 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2470 struct sockaddr_storage name_ss;
2472 /* copy any addersses from the auto lookup */
2474 if (strequal(name, "*")) {
2475 for (j=0; j<auto_count; j++) {
2476 char addr[INET6_ADDRSTRLEN];
2477 print_sockaddr(addr,
2479 &auto_ip_list[j].ss);
2480 /* Check for and don't copy any
2481 * known bad DC IP's. */
2482 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
2485 DEBUG(5,("get_dc_list: "
2486 "negative entry %s removed "
2491 return_iplist[local_count].ss =
2493 return_iplist[local_count].port =
2494 auto_ip_list[j].port;
2500 /* added support for address:port syntax for ads
2501 * (not that I think anyone will ever run the LDAP
2502 * server in an AD domain on something other than
2505 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2506 if ((port_str=strchr(name, ':')) != NULL) {
2509 port = atoi(port_str);
2512 /* explicit lookup; resolve_name() will
2513 * handle names & IP addresses */
2514 if (resolve_name( name, &name_ss, 0x20, true )) {
2515 char addr[INET6_ADDRSTRLEN];
2516 print_sockaddr(addr,
2520 /* Check for and don't copy any known bad DC IP's. */
2521 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2523 DEBUG(5,("get_dc_list: negative entry %s "
2524 "removed from DC list\n",
2529 return_iplist[local_count].ss = name_ss;
2530 return_iplist[local_count].port = port;
2536 /* need to remove duplicates in the list if we have any
2537 explicit password servers */
2540 local_count = remove_duplicate_addrs2(return_iplist,
2544 /* For DC's we always prioritize IPv4 due to W2K3 not
2545 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2547 if (local_count && return_iplist) {
2548 prioritize_ipv4_list(return_iplist, local_count);
2551 if ( DEBUGLEVEL >= 4 ) {
2552 DEBUG(4,("get_dc_list: returning %d ip addresses "
2553 "in an %sordered list\n",
2555 *ordered ? "":"un"));
2556 DEBUG(4,("get_dc_list: "));
2557 for ( i=0; i<local_count; i++ ) {
2558 char addr[INET6_ADDRSTRLEN];
2559 print_sockaddr(addr,
2561 &return_iplist[i].ss);
2562 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2567 *ip_list = return_iplist;
2568 *count = local_count;
2570 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2574 if (!NT_STATUS_IS_OK(status)) {
2575 SAFE_FREE(return_iplist);
2580 SAFE_FREE(auto_ip_list);
2585 /*********************************************************************
2586 Small wrapper function to get the DC list and sort it if neccessary.
2587 *********************************************************************/
2589 NTSTATUS get_sorted_dc_list( const char *domain,
2590 const char *sitename,
2591 struct ip_service **ip_list,
2595 bool ordered = false;
2597 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2602 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2603 "for name %s (sitename %s) using [%s]\n",
2605 sitename ? sitename : "NULL",
2606 (ads_only ? "ads" : lp_name_resolve_order())));
2609 lookup_type = DC_ADS_ONLY;
2612 status = get_dc_list(domain, sitename, ip_list,
2613 count, lookup_type, &ordered);
2614 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2616 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2617 " in site %s, fallback to all servers\n",
2619 status = get_dc_list(domain, NULL, ip_list,
2620 count, lookup_type, &ordered);
2623 if (!NT_STATUS_IS_OK(status)) {
2624 SAFE_FREE(*ip_list);
2629 /* only sort if we don't already have an ordered list */
2631 sort_service_list(*ip_list, *count);
2634 return NT_STATUS_OK;
2637 /*********************************************************************
2638 Get the KDC list - re-use all the logic in get_dc_list.
2639 *********************************************************************/
2641 NTSTATUS get_kdc_list( const char *realm,
2642 const char *sitename,
2643 struct ip_service **ip_list,
2652 status = get_dc_list(realm, sitename, ip_list,
2653 count, DC_KDC_ONLY, &ordered);
2655 if (!NT_STATUS_IS_OK(status)) {
2656 SAFE_FREE(*ip_list);
2661 /* only sort if we don't already have an ordered list */
2663 sort_service_list(*ip_list, *count);
2666 return NT_STATUS_OK;