2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libads/sitename_cache.h"
23 #include "libads/dns.h"
24 #include "../libcli/netlogon/netlogon.h"
25 #include "lib/async_req/async_sock.h"
26 #include "libsmb/nmblib.h"
28 /* nmbd.c sets this to True. */
29 bool global_in_nmbd = False;
31 /****************************
32 * SERVER AFFINITY ROUTINES *
33 ****************************/
35 /* Server affinity is the concept of preferring the last domain
36 controller with whom you had a successful conversation */
38 /****************************************************************************
39 ****************************************************************************/
40 #define SAFKEY_FMT "SAF/DOMAIN/%s"
42 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
43 #define SAFJOIN_TTL 3600
45 static char *saf_key(const char *domain)
49 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
54 static char *saf_join_key(const char *domain)
58 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
63 /****************************************************************************
64 ****************************************************************************/
66 bool saf_store( const char *domain, const char *servername )
72 if ( !domain || !servername ) {
73 DEBUG(2,("saf_store: "
74 "Refusing to store empty domain or servername!\n"));
78 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
79 DEBUG(0,("saf_store: "
80 "refusing to store 0 length domain or servername!\n"));
84 key = saf_key( domain );
85 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
87 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
88 domain, servername, (unsigned int)expire ));
90 ret = gencache_set( key, servername, expire );
97 bool saf_join_store( const char *domain, const char *servername )
103 if ( !domain || !servername ) {
104 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
108 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
109 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
113 key = saf_join_key( domain );
114 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
116 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
117 domain, servername, (unsigned int)expire ));
119 ret = gencache_set( key, servername, expire );
126 bool saf_delete( const char *domain )
132 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
136 key = saf_join_key(domain);
137 ret = gencache_del(key);
141 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
144 key = saf_key(domain);
145 ret = gencache_del(key);
149 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
155 /****************************************************************************
156 ****************************************************************************/
158 char *saf_fetch( const char *domain )
165 if ( !domain || strlen(domain) == 0) {
166 DEBUG(2,("saf_fetch: Empty domain name!\n"));
170 key = saf_join_key( domain );
172 ret = gencache_get( key, &server, &timeout );
177 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
182 key = saf_key( domain );
184 ret = gencache_get( key, &server, &timeout );
189 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
192 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
199 /****************************************************************************
200 Generate a random trn_id.
201 ****************************************************************************/
203 static int generate_trn_id(void)
207 generate_random_buffer((uint8 *)&id, sizeof(id));
209 return id % (unsigned)0x7FFF;
212 /****************************************************************************
213 Parse a node status response into an array of structures.
214 ****************************************************************************/
216 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
218 struct node_status_extra *extra)
220 struct node_status *ret;
223 *num_names = CVAL(p,0);
228 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
233 for (i=0;i< *num_names;i++) {
234 StrnCpy(ret[i].name,p,15);
235 trim_char(ret[i].name,'\0',' ');
236 ret[i].type = CVAL(p,15);
237 ret[i].flags = p[16];
239 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
240 ret[i].type, ret[i].flags));
243 * Also, pick up the MAC address ...
246 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
251 struct sock_packet_read_state {
252 struct tevent_context *ev;
253 enum packet_type type;
256 struct nb_packet_reader *reader;
257 struct tevent_req *reader_req;
260 struct tevent_req *socket_req;
262 struct sockaddr_storage addr;
265 bool (*validator)(struct packet_struct *p,
269 struct packet_struct *packet;
272 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s);
273 static void sock_packet_read_got_packet(struct tevent_req *subreq);
274 static void sock_packet_read_got_socket(struct tevent_req *subreq);
276 static struct tevent_req *sock_packet_read_send(
278 struct tevent_context *ev,
279 int sock, /* dgram socket */
280 struct nb_packet_reader *reader,
281 enum packet_type type,
283 bool (*validator)(struct packet_struct *p, void *private_data),
286 struct tevent_req *req;
287 struct sock_packet_read_state *state;
289 req = tevent_req_create(mem_ctx, &state,
290 struct sock_packet_read_state);
294 talloc_set_destructor(state, sock_packet_read_state_destructor);
296 state->reader = reader;
299 state->trn_id = trn_id;
300 state->validator = validator;
301 state->private_data = private_data;
303 if (reader != NULL) {
304 state->reader_req = nb_packet_read_send(state, ev, reader);
305 if (tevent_req_nomem(state->reader_req, req)) {
306 return tevent_req_post(req, ev);
308 tevent_req_set_callback(
309 state->reader_req, sock_packet_read_got_packet, req);
312 state->addr_len = sizeof(state->addr);
313 state->socket_req = recvfrom_send(state, ev, sock,
314 state->buf, sizeof(state->buf), 0,
315 &state->addr, &state->addr_len);
316 if (tevent_req_nomem(state->socket_req, req)) {
317 return tevent_req_post(req, ev);
319 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
325 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s)
327 if (s->packet != NULL) {
328 free_packet(s->packet);
334 static void sock_packet_read_got_packet(struct tevent_req *subreq)
336 struct tevent_req *req = tevent_req_callback_data(
337 subreq, struct tevent_req);
338 struct sock_packet_read_state *state = tevent_req_data(
339 req, struct sock_packet_read_state);
342 status = nb_packet_read_recv(subreq, &state->packet);
344 TALLOC_FREE(state->reader_req);
346 if (!NT_STATUS_IS_OK(status)) {
347 if (state->socket_req != NULL) {
349 * Still waiting for socket
354 * Both socket and packet reader failed
356 tevent_req_nterror(req, status);
360 if ((state->validator != NULL) &&
361 !state->validator(state->packet, state->private_data)) {
362 DEBUG(10, ("validator failed\n"));
364 free_packet(state->packet);
365 state->packet = NULL;
367 state->reader_req = nb_packet_read_send(state, state->ev,
369 if (tevent_req_nomem(state->reader_req, req)) {
372 tevent_req_set_callback(
373 state->reader_req, sock_packet_read_got_packet, req);
377 TALLOC_FREE(state->socket_req);
378 tevent_req_done(req);
381 static void sock_packet_read_got_socket(struct tevent_req *subreq)
383 struct tevent_req *req = tevent_req_callback_data(
384 subreq, struct tevent_req);
385 struct sock_packet_read_state *state = tevent_req_data(
386 req, struct sock_packet_read_state);
387 struct sockaddr_in *in_addr;
391 received = recvfrom_recv(subreq, &err);
393 TALLOC_FREE(state->socket_req);
395 if (received == -1) {
396 if (state->reader_req != NULL) {
398 * Still waiting for reader
403 * Both socket and reader failed
405 tevent_req_nterror(req, map_nt_error_from_unix(err));
408 if (state->addr.ss_family != AF_INET) {
411 in_addr = (struct sockaddr_in *)(void *)&state->addr;
413 state->packet = parse_packet((char *)state->buf, received, state->type,
414 in_addr->sin_addr, in_addr->sin_port);
415 if (state->packet == NULL) {
416 DEBUG(10, ("parse_packet failed\n"));
419 if ((state->trn_id != -1) &&
420 (state->trn_id != packet_trn_id(state->packet))) {
421 DEBUG(10, ("Expected transaction id %d, got %d\n",
422 state->trn_id, packet_trn_id(state->packet)));
426 if ((state->validator != NULL) &&
427 !state->validator(state->packet, state->private_data)) {
428 DEBUG(10, ("validator failed\n"));
432 tevent_req_done(req);
436 if (state->packet != NULL) {
437 free_packet(state->packet);
438 state->packet = NULL;
440 state->socket_req = recvfrom_send(state, state->ev, state->sock,
441 state->buf, sizeof(state->buf), 0,
442 &state->addr, &state->addr_len);
443 if (tevent_req_nomem(state->socket_req, req)) {
446 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
450 static NTSTATUS sock_packet_read_recv(struct tevent_req *req,
451 struct packet_struct **ppacket)
453 struct sock_packet_read_state *state = tevent_req_data(
454 req, struct sock_packet_read_state);
457 if (tevent_req_is_nterror(req, &status)) {
460 *ppacket = state->packet;
461 state->packet = NULL;
465 struct nb_trans_state {
466 struct tevent_context *ev;
468 struct nb_packet_reader *reader;
470 const struct sockaddr_storage *dst_addr;
473 enum packet_type type;
476 bool (*validator)(struct packet_struct *p,
480 struct packet_struct *packet;
483 static int nb_trans_state_destructor(struct nb_trans_state *s);
484 static void nb_trans_got_reader(struct tevent_req *subreq);
485 static void nb_trans_done(struct tevent_req *subreq);
486 static void nb_trans_sent(struct tevent_req *subreq);
487 static void nb_trans_send_next(struct tevent_req *subreq);
489 static struct tevent_req *nb_trans_send(
491 struct tevent_context *ev,
492 const struct sockaddr_storage *my_addr,
493 const struct sockaddr_storage *dst_addr,
495 uint8_t *buf, size_t buflen,
496 enum packet_type type, int trn_id,
497 bool (*validator)(struct packet_struct *p,
501 struct tevent_req *req, *subreq;
502 struct nb_trans_state *state;
504 req = tevent_req_create(mem_ctx, &state, struct nb_trans_state);
508 talloc_set_destructor(state, nb_trans_state_destructor);
510 state->dst_addr = dst_addr;
512 state->buflen = buflen;
514 state->trn_id = trn_id;
515 state->validator = validator;
516 state->private_data = private_data;
518 state->sock = open_socket_in(SOCK_DGRAM, 0, 3, my_addr, True);
519 if (state->sock == -1) {
520 tevent_req_nterror(req, map_nt_error_from_unix(errno));
521 DEBUG(10, ("open_socket_in failed: %s\n", strerror(errno)));
522 return tevent_req_post(req, ev);
526 set_socket_options(state->sock,"SO_BROADCAST");
529 subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
530 if (tevent_req_nomem(subreq, req)) {
531 return tevent_req_post(req, ev);
533 tevent_req_set_callback(subreq, nb_trans_got_reader, req);
537 static int nb_trans_state_destructor(struct nb_trans_state *s)
543 if (s->packet != NULL) {
544 free_packet(s->packet);
550 static void nb_trans_got_reader(struct tevent_req *subreq)
552 struct tevent_req *req = tevent_req_callback_data(
553 subreq, struct tevent_req);
554 struct nb_trans_state *state = tevent_req_data(
555 req, struct nb_trans_state);
558 status = nb_packet_reader_recv(subreq, state, &state->reader);
561 if (!NT_STATUS_IS_OK(status)) {
562 DEBUG(10, ("nmbd not around\n"));
563 state->reader = NULL;
566 subreq = sock_packet_read_send(
567 state, state->ev, state->sock,
568 state->reader, state->type, state->trn_id,
569 state->validator, state->private_data);
570 if (tevent_req_nomem(subreq, req)) {
573 tevent_req_set_callback(subreq, nb_trans_done, req);
575 subreq = sendto_send(state, state->ev, state->sock,
576 state->buf, state->buflen, 0, state->dst_addr);
577 if (tevent_req_nomem(subreq, req)) {
580 tevent_req_set_callback(subreq, nb_trans_sent, req);
583 static void nb_trans_sent(struct tevent_req *subreq)
585 struct tevent_req *req = tevent_req_callback_data(
586 subreq, struct tevent_req);
587 struct nb_trans_state *state = tevent_req_data(
588 req, struct nb_trans_state);
592 sent = sendto_recv(subreq, &err);
595 DEBUG(10, ("sendto failed: %s\n", strerror(err)));
596 tevent_req_nterror(req, map_nt_error_from_unix(err));
599 subreq = tevent_wakeup_send(state, state->ev,
600 timeval_current_ofs(1, 0));
601 if (tevent_req_nomem(subreq, req)) {
604 tevent_req_set_callback(subreq, nb_trans_send_next, req);
607 static void nb_trans_send_next(struct tevent_req *subreq)
609 struct tevent_req *req = tevent_req_callback_data(
610 subreq, struct tevent_req);
611 struct nb_trans_state *state = tevent_req_data(
612 req, struct nb_trans_state);
615 ret = tevent_wakeup_recv(subreq);
618 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
621 subreq = sendto_send(state, state->ev, state->sock,
622 state->buf, state->buflen, 0, state->dst_addr);
623 if (tevent_req_nomem(subreq, req)) {
626 tevent_req_set_callback(subreq, nb_trans_sent, req);
629 static void nb_trans_done(struct tevent_req *subreq)
631 struct tevent_req *req = tevent_req_callback_data(
632 subreq, struct tevent_req);
633 struct nb_trans_state *state = tevent_req_data(
634 req, struct nb_trans_state);
637 status = sock_packet_read_recv(subreq, &state->packet);
639 if (tevent_req_nterror(req, status)) {
642 tevent_req_done(req);
645 static NTSTATUS nb_trans_recv(struct tevent_req *req,
646 struct packet_struct **ppacket)
648 struct nb_trans_state *state = tevent_req_data(
649 req, struct nb_trans_state);
652 if (tevent_req_is_nterror(req, &status)) {
655 *ppacket = state->packet;
656 state->packet = NULL;
660 /****************************************************************************
661 Do a NBT node status query on an open socket and return an array of
662 structures holding the returned names or NULL if the query failed.
663 **************************************************************************/
665 struct node_status_query_state {
666 struct sockaddr_storage my_addr;
667 struct sockaddr_storage addr;
670 struct packet_struct *packet;
673 static int node_status_query_state_destructor(
674 struct node_status_query_state *s);
675 static bool node_status_query_validator(struct packet_struct *p,
677 static void node_status_query_done(struct tevent_req *subreq);
679 struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
680 struct tevent_context *ev,
681 struct nmb_name *name,
682 const struct sockaddr_storage *addr)
684 struct tevent_req *req, *subreq;
685 struct node_status_query_state *state;
686 struct packet_struct p;
687 struct nmb_packet *nmb = &p.packet.nmb;
688 struct sockaddr_in *in_addr;
690 req = tevent_req_create(mem_ctx, &state,
691 struct node_status_query_state);
695 talloc_set_destructor(state, node_status_query_state_destructor);
697 if (addr->ss_family != AF_INET) {
698 /* Can't do node status to IPv6 */
699 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
700 return tevent_req_post(req, ev);
704 in_addr = (struct sockaddr_in *)(void *)&state->addr;
705 in_addr->sin_port = htons(NMB_PORT);
707 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
708 AI_NUMERICHOST|AI_PASSIVE)) {
709 zero_sockaddr(&state->my_addr);
713 nmb->header.name_trn_id = generate_trn_id();
714 nmb->header.opcode = 0;
715 nmb->header.response = false;
716 nmb->header.nm_flags.bcast = false;
717 nmb->header.nm_flags.recursion_available = false;
718 nmb->header.nm_flags.recursion_desired = false;
719 nmb->header.nm_flags.trunc = false;
720 nmb->header.nm_flags.authoritative = false;
721 nmb->header.rcode = 0;
722 nmb->header.qdcount = 1;
723 nmb->header.ancount = 0;
724 nmb->header.nscount = 0;
725 nmb->header.arcount = 0;
726 nmb->question.question_name = *name;
727 nmb->question.question_type = 0x21;
728 nmb->question.question_class = 0x1;
730 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
732 if (state->buflen == 0) {
733 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
734 DEBUG(10, ("build_packet failed\n"));
735 return tevent_req_post(req, ev);
738 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, false,
739 state->buf, state->buflen,
740 NMB_PACKET, nmb->header.name_trn_id,
741 node_status_query_validator, NULL);
742 if (tevent_req_nomem(subreq, req)) {
743 DEBUG(10, ("nb_trans_send failed\n"));
744 return tevent_req_post(req, ev);
746 if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(10, 0))) {
747 return tevent_req_post(req, ev);
749 tevent_req_set_callback(subreq, node_status_query_done, req);
753 static bool node_status_query_validator(struct packet_struct *p,
756 struct nmb_packet *nmb = &p->packet.nmb;
759 if (nmb->header.opcode != 0 ||
760 nmb->header.nm_flags.bcast ||
762 !nmb->header.ancount ||
763 nmb->answers->rr_type != 0x21) {
765 * XXXX what do we do with this? could be a redirect,
766 * but we'll discard it for the moment
773 static int node_status_query_state_destructor(
774 struct node_status_query_state *s)
776 if (s->packet != NULL) {
777 free_packet(s->packet);
783 static void node_status_query_done(struct tevent_req *subreq)
785 struct tevent_req *req = tevent_req_callback_data(
786 subreq, struct tevent_req);
787 struct node_status_query_state *state = tevent_req_data(
788 req, struct node_status_query_state);
791 status = nb_trans_recv(subreq, &state->packet);
793 if (tevent_req_nterror(req, status)) {
796 tevent_req_done(req);
799 NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
800 struct node_status **pnode_status,
802 struct node_status_extra *extra)
804 struct node_status_query_state *state = tevent_req_data(
805 req, struct node_status_query_state);
806 struct node_status *node_status;
810 if (tevent_req_is_nterror(req, &status)) {
813 node_status = parse_node_status(
814 mem_ctx, &state->packet->packet.nmb.answers->rdata[0],
816 if (node_status == NULL) {
817 return NT_STATUS_NO_MEMORY;
819 *pnode_status = node_status;
820 *pnum_names = num_names;
824 NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
825 const struct sockaddr_storage *addr,
826 struct node_status **pnode_status,
828 struct node_status_extra *extra)
830 TALLOC_CTX *frame = talloc_stackframe();
831 struct tevent_context *ev;
832 struct tevent_req *req;
833 NTSTATUS status = NT_STATUS_NO_MEMORY;
835 ev = tevent_context_init(frame);
839 req = node_status_query_send(ev, ev, name, addr);
843 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
846 status = node_status_query_recv(req, mem_ctx, pnode_status,
853 /****************************************************************************
854 Find the first type XX name in a node status reply - used for finding
855 a servers name given its IP. Return the matched name in *name.
856 **************************************************************************/
858 bool name_status_find(const char *q_name,
861 const struct sockaddr_storage *to_ss,
864 char addr[INET6_ADDRSTRLEN];
865 struct sockaddr_storage ss;
866 struct node_status *addrs = NULL;
867 struct nmb_name nname;
872 if (lp_disable_netbios()) {
873 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
878 print_sockaddr(addr, sizeof(addr), to_ss);
880 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
883 /* Check the cache first. */
885 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
889 if (to_ss->ss_family != AF_INET) {
890 /* Can't do node status to IPv6 */
894 if (!interpret_string_addr(&ss, lp_socket_address(),
895 AI_NUMERICHOST|AI_PASSIVE)) {
899 /* W2K PDC's seem not to respond to '*'#0. JRA */
900 make_nmb_name(&nname, q_name, q_type);
901 status = node_status_query(talloc_tos(), &nname, to_ss,
902 &addrs, &count, NULL);
903 if (!NT_STATUS_IS_OK(status)) {
907 for (i=0;i<count;i++) {
908 /* Find first one of the requested type that's not a GROUP. */
909 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
915 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
917 /* Store the result in the cache. */
918 /* but don't store an entry for 0x1c names here. Here we have
919 a single host and DOMAIN<0x1c> names should be a list of hosts */
921 if ( q_type != 0x1c ) {
922 namecache_status_store(q_name, q_type, type, to_ss, name);
930 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
933 DEBUGADD(10, (", name %s ip address is %s", name, addr));
941 comparison function used by sort_addr_list
944 static int addr_compare(const struct sockaddr_storage *ss1,
945 const struct sockaddr_storage *ss2)
947 int max_bits1=0, max_bits2=0;
948 int num_interfaces = iface_count();
951 /* Sort IPv4 addresses first. */
952 if (ss1->ss_family != ss2->ss_family) {
953 if (ss2->ss_family == AF_INET) {
960 /* Here we know both addresses are of the same
963 for (i=0;i<num_interfaces;i++) {
964 const struct sockaddr_storage *pss = iface_n_bcast(i);
965 unsigned char *p_ss1 = NULL;
966 unsigned char *p_ss2 = NULL;
967 unsigned char *p_if = NULL;
971 if (pss->ss_family != ss1->ss_family) {
972 /* Ignore interfaces of the wrong type. */
975 if (pss->ss_family == AF_INET) {
976 p_if = (unsigned char *)
977 &((const struct sockaddr_in *)pss)->sin_addr;
978 p_ss1 = (unsigned char *)
979 &((const struct sockaddr_in *)ss1)->sin_addr;
980 p_ss2 = (unsigned char *)
981 &((const struct sockaddr_in *)ss2)->sin_addr;
984 #if defined(HAVE_IPV6)
985 if (pss->ss_family == AF_INET6) {
986 p_if = (unsigned char *)
987 &((const struct sockaddr_in6 *)pss)->sin6_addr;
988 p_ss1 = (unsigned char *)
989 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
990 p_ss2 = (unsigned char *)
991 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
995 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
998 bits1 = matching_len_bits(p_ss1, p_if, len);
999 bits2 = matching_len_bits(p_ss2, p_if, len);
1000 max_bits1 = MAX(bits1, max_bits1);
1001 max_bits2 = MAX(bits2, max_bits2);
1004 /* Bias towards directly reachable IPs */
1005 if (iface_local((struct sockaddr *)ss1)) {
1006 if (ss1->ss_family == AF_INET) {
1012 if (iface_local((struct sockaddr *)ss2)) {
1013 if (ss2->ss_family == AF_INET) {
1019 return max_bits2 - max_bits1;
1022 /*******************************************************************
1023 compare 2 ldap IPs by nearness to our interfaces - used in qsort
1024 *******************************************************************/
1026 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
1030 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
1034 if (ss1->port > ss2->port) {
1038 if (ss1->port < ss2->port) {
1046 sort an IP list so that names that are close to one of our interfaces
1047 are at the top. This prevents the problem where a WINS server returns an IP
1048 that is not reachable from our subnet as the first match
1051 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
1057 TYPESAFE_QSORT(sslist, count, addr_compare);
1060 static void sort_service_list(struct ip_service *servlist, int count)
1066 TYPESAFE_QSORT(servlist, count, ip_service_compare);
1069 /**********************************************************************
1070 Remove any duplicate address/port pairs in the list
1071 *********************************************************************/
1073 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
1077 DEBUG(10,("remove_duplicate_addrs2: "
1078 "looking for duplicate address/port pairs\n"));
1080 /* one loop to remove duplicates */
1081 for ( i=0; i<count; i++ ) {
1082 if ( is_zero_addr(&iplist[i].ss)) {
1086 for ( j=i+1; j<count; j++ ) {
1087 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
1088 iplist[i].port == iplist[j].port) {
1089 zero_sockaddr(&iplist[j].ss);
1094 /* one loop to clean up any holes we left */
1095 /* first ip should never be a zero_ip() */
1096 for (i = 0; i<count; ) {
1097 if (is_zero_addr(&iplist[i].ss) ) {
1099 memmove(&iplist[i], &iplist[i+1],
1100 (count - i - 1)*sizeof(iplist[i]));
1111 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
1113 TALLOC_CTX *frame = talloc_stackframe();
1114 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
1117 if (iplist_new == NULL) {
1124 /* Copy IPv4 first. */
1125 for (i = 0; i < count; i++) {
1126 if (iplist[i].ss.ss_family == AF_INET) {
1127 iplist_new[j++] = iplist[i];
1132 for (i = 0; i < count; i++) {
1133 if (iplist[i].ss.ss_family != AF_INET) {
1134 iplist_new[j++] = iplist[i];
1138 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
1143 /****************************************************************************
1144 Do a netbios name query to find someones IP.
1145 Returns an array of IP addresses or NULL if none.
1146 *count will be set to the number of addresses returned.
1147 *timed_out is set if we failed by timing out
1148 ****************************************************************************/
1150 struct name_query_state {
1151 struct sockaddr_storage my_addr;
1152 struct sockaddr_storage addr;
1159 NTSTATUS validate_error;
1162 struct sockaddr_storage *addrs;
1166 static bool name_query_validator(struct packet_struct *p, void *private_data);
1167 static void name_query_done(struct tevent_req *subreq);
1169 struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx,
1170 struct tevent_context *ev,
1171 const char *name, int name_type,
1172 bool bcast, bool recurse,
1173 const struct sockaddr_storage *addr)
1175 struct tevent_req *req, *subreq;
1176 struct name_query_state *state;
1177 struct packet_struct p;
1178 struct nmb_packet *nmb = &p.packet.nmb;
1179 struct sockaddr_in *in_addr;
1181 req = tevent_req_create(mem_ctx, &state, struct name_query_state);
1185 state->bcast = bcast;
1187 if (addr->ss_family != AF_INET) {
1188 /* Can't do node status to IPv6 */
1189 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
1190 return tevent_req_post(req, ev);
1193 if (lp_disable_netbios()) {
1194 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
1196 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
1197 return tevent_req_post(req, ev);
1200 state->addr = *addr;
1201 in_addr = (struct sockaddr_in *)(void *)&state->addr;
1202 in_addr->sin_port = htons(NMB_PORT);
1204 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
1205 AI_NUMERICHOST|AI_PASSIVE)) {
1206 zero_sockaddr(&state->my_addr);
1210 nmb->header.name_trn_id = generate_trn_id();
1211 nmb->header.opcode = 0;
1212 nmb->header.response = false;
1213 nmb->header.nm_flags.bcast = bcast;
1214 nmb->header.nm_flags.recursion_available = false;
1215 nmb->header.nm_flags.recursion_desired = recurse;
1216 nmb->header.nm_flags.trunc = false;
1217 nmb->header.nm_flags.authoritative = false;
1218 nmb->header.rcode = 0;
1219 nmb->header.qdcount = 1;
1220 nmb->header.ancount = 0;
1221 nmb->header.nscount = 0;
1222 nmb->header.arcount = 0;
1224 make_nmb_name(&nmb->question.question_name,name,name_type);
1226 nmb->question.question_type = 0x20;
1227 nmb->question.question_class = 0x1;
1229 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
1231 if (state->buflen == 0) {
1232 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
1233 DEBUG(10, ("build_packet failed\n"));
1234 return tevent_req_post(req, ev);
1237 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, bcast,
1238 state->buf, state->buflen,
1239 NMB_PACKET, nmb->header.name_trn_id,
1240 name_query_validator, state);
1241 if (tevent_req_nomem(subreq, req)) {
1242 DEBUG(10, ("nb_trans_send failed\n"));
1243 return tevent_req_post(req, ev);
1245 tevent_req_set_callback(subreq, name_query_done, req);
1249 static bool name_query_validator(struct packet_struct *p, void *private_data)
1251 struct name_query_state *state = talloc_get_type_abort(
1252 private_data, struct name_query_state);
1253 struct nmb_packet *nmb = &p->packet.nmb;
1254 struct sockaddr_storage *tmp_addrs;
1257 debug_nmb_packet(p);
1260 * If we get a Negative Name Query Response from a WINS
1261 * server, we should report it and give up.
1263 if( 0 == nmb->header.opcode /* A query response */
1264 && !state->bcast /* from a WINS server */
1265 && nmb->header.rcode /* Error returned */
1268 if( DEBUGLVL( 3 ) ) {
1269 /* Only executed if DEBUGLEVEL >= 3 */
1270 dbgtext( "Negative name query "
1271 "response, rcode 0x%02x: ",
1272 nmb->header.rcode );
1273 switch( nmb->header.rcode ) {
1275 dbgtext("Request was invalidly formatted.\n");
1278 dbgtext("Problem with NBNS, cannot process "
1282 dbgtext("The name requested does not "
1286 dbgtext("Unsupported request error.\n");
1289 dbgtext("Query refused error.\n");
1292 dbgtext("Unrecognized error code.\n" );
1298 * We accept this packet as valid, but tell the upper
1299 * layers that it's a negative response.
1301 state->validate_error = NT_STATUS_NOT_FOUND;
1305 if (nmb->header.opcode != 0 ||
1306 nmb->header.nm_flags.bcast ||
1307 nmb->header.rcode ||
1308 !nmb->header.ancount) {
1310 * XXXX what do we do with this? Could be a redirect,
1311 * but we'll discard it for the moment.
1316 tmp_addrs = TALLOC_REALLOC_ARRAY(
1317 state, state->addrs, struct sockaddr_storage,
1318 state->num_addrs + nmb->answers->rdlength/6);
1319 if (tmp_addrs == NULL) {
1320 state->validate_error = NT_STATUS_NO_MEMORY;
1323 state->addrs = tmp_addrs;
1325 DEBUG(2,("Got a positive name query response "
1326 "from %s ( ", inet_ntoa(p->ip)));
1328 for (i=0; i<nmb->answers->rdlength/6; i++) {
1330 putip((char *)&ip,&nmb->answers->rdata[2+i*6]);
1331 in_addr_to_sockaddr_storage(
1332 &state->addrs[state->num_addrs], ip);
1333 DEBUGADD(2,("%s ",inet_ntoa(ip)));
1334 state->num_addrs += 1;
1336 DEBUGADD(2,(")\n"));
1338 /* We add the flags back ... */
1339 if (nmb->header.response)
1340 state->flags |= NM_FLAGS_RS;
1341 if (nmb->header.nm_flags.authoritative)
1342 state->flags |= NM_FLAGS_AA;
1343 if (nmb->header.nm_flags.trunc)
1344 state->flags |= NM_FLAGS_TC;
1345 if (nmb->header.nm_flags.recursion_desired)
1346 state->flags |= NM_FLAGS_RD;
1347 if (nmb->header.nm_flags.recursion_available)
1348 state->flags |= NM_FLAGS_RA;
1349 if (nmb->header.nm_flags.bcast)
1350 state->flags |= NM_FLAGS_B;
1354 * We have to collect all entries coming in from
1360 * WINS responses are accepted when they are received
1365 static void name_query_done(struct tevent_req *subreq)
1367 struct tevent_req *req = tevent_req_callback_data(
1368 subreq, struct tevent_req);
1369 struct name_query_state *state = tevent_req_data(
1370 req, struct name_query_state);
1372 struct packet_struct *p = NULL;
1374 status = nb_trans_recv(subreq, &p);
1375 TALLOC_FREE(subreq);
1376 if (tevent_req_nterror(req, status)) {
1379 if (!NT_STATUS_IS_OK(state->validate_error)) {
1380 tevent_req_nterror(req, state->validate_error);
1385 * Free the packet here, we've collected the response in the
1390 tevent_req_done(req);
1393 NTSTATUS name_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1394 struct sockaddr_storage **addrs, int *num_addrs,
1397 struct name_query_state *state = tevent_req_data(
1398 req, struct name_query_state);
1401 if (tevent_req_is_nterror(req, &status)
1402 && !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
1405 if (state->num_addrs == 0) {
1406 return NT_STATUS_NOT_FOUND;
1408 *addrs = talloc_move(mem_ctx, &state->addrs);
1409 sort_addr_list(*addrs, state->num_addrs);
1410 *num_addrs = state->num_addrs;
1411 if (flags != NULL) {
1412 *flags = state->flags;
1414 return NT_STATUS_OK;
1417 NTSTATUS name_query(const char *name, int name_type,
1418 bool bcast, bool recurse,
1419 const struct sockaddr_storage *to_ss,
1420 TALLOC_CTX *mem_ctx,
1421 struct sockaddr_storage **addrs,
1422 int *num_addrs, uint8_t *flags)
1424 TALLOC_CTX *frame = talloc_stackframe();
1425 struct tevent_context *ev;
1426 struct tevent_req *req;
1427 struct timeval timeout;
1428 NTSTATUS status = NT_STATUS_NO_MEMORY;
1430 ev = tevent_context_init(frame);
1434 req = name_query_send(ev, ev, name, name_type, bcast, recurse, to_ss);
1439 timeout = timeval_current_ofs(0, 250000);
1441 timeout = timeval_current_ofs(2, 0);
1443 if (!tevent_req_set_endtime(req, ev, timeout)) {
1446 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1449 status = name_query_recv(req, mem_ctx, addrs, num_addrs, flags);
1455 /********************************************************
1456 convert an array if struct sockaddr_storage to struct ip_service
1457 return false on failure. Port is set to PORT_NONE;
1458 *********************************************************/
1460 static bool convert_ss2service(struct ip_service **return_iplist,
1461 const struct sockaddr_storage *ss_list,
1466 if ( count==0 || !ss_list )
1469 /* copy the ip address; port will be PORT_NONE */
1470 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
1472 DEBUG(0,("convert_ip2service: malloc failed "
1473 "for %d enetries!\n", count ));
1477 for ( i=0; i<count; i++ ) {
1478 (*return_iplist)[i].ss = ss_list[i];
1479 (*return_iplist)[i].port = PORT_NONE;
1485 /********************************************************
1486 Resolve via "bcast" method.
1487 *********************************************************/
1489 NTSTATUS name_resolve_bcast(const char *name,
1491 struct ip_service **return_iplist,
1495 int num_interfaces = iface_count();
1496 struct sockaddr_storage *ss_list;
1497 NTSTATUS status = NT_STATUS_NOT_FOUND;
1499 if (lp_disable_netbios()) {
1500 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
1502 return NT_STATUS_INVALID_PARAMETER;
1505 *return_iplist = NULL;
1509 * "bcast" means do a broadcast lookup on all the local interfaces.
1512 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
1513 "for name %s<0x%x>\n", name, name_type));
1516 * Lookup the name on all the interfaces, return on
1517 * the first successful match.
1519 for( i = num_interfaces-1; i >= 0; i--) {
1520 const struct sockaddr_storage *pss = iface_n_bcast(i);
1522 /* Done this way to fix compiler error on IRIX 5.x */
1526 status = name_query(name, name_type, true, true, pss,
1527 talloc_tos(), &ss_list, return_count,
1529 if (NT_STATUS_IS_OK(status)) {
1534 /* failed - no response */
1540 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
1541 status = NT_STATUS_NO_MEMORY;
1543 TALLOC_FREE(ss_list);
1547 /********************************************************
1548 Resolve via "wins" method.
1549 *********************************************************/
1551 NTSTATUS resolve_wins(const char *name,
1553 struct ip_service **return_iplist,
1558 struct sockaddr_storage src_ss, *ss_list = NULL;
1559 struct in_addr src_ip;
1562 if (lp_disable_netbios()) {
1563 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1565 return NT_STATUS_INVALID_PARAMETER;
1568 *return_iplist = NULL;
1571 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1574 if (wins_srv_count() < 1) {
1575 DEBUG(3,("resolve_wins: WINS server resolution selected "
1576 "and no WINS servers listed.\n"));
1577 return NT_STATUS_INVALID_PARAMETER;
1580 /* we try a lookup on each of the WINS tags in turn */
1581 wins_tags = wins_srv_tags();
1584 /* huh? no tags?? give up in disgust */
1585 return NT_STATUS_INVALID_PARAMETER;
1588 /* the address we will be sending from */
1589 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1590 AI_NUMERICHOST|AI_PASSIVE)) {
1591 zero_sockaddr(&src_ss);
1594 if (src_ss.ss_family != AF_INET) {
1595 char addr[INET6_ADDRSTRLEN];
1596 print_sockaddr(addr, sizeof(addr), &src_ss);
1597 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1598 "on IPv6 address %s\n",
1600 wins_srv_tags_free(wins_tags);
1601 return NT_STATUS_INVALID_PARAMETER;
1604 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1606 /* in the worst case we will try every wins server with every
1608 for (t=0; wins_tags && wins_tags[t]; t++) {
1609 int srv_count = wins_srv_count_tag(wins_tags[t]);
1610 for (i=0; i<srv_count; i++) {
1611 struct sockaddr_storage wins_ss;
1612 struct in_addr wins_ip;
1614 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1616 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1617 /* yikes! we'll loop forever */
1621 /* skip any that have been unresponsive lately */
1622 if (wins_srv_is_dead(wins_ip, src_ip)) {
1626 DEBUG(3,("resolve_wins: using WINS server %s "
1628 inet_ntoa(wins_ip), wins_tags[t]));
1630 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1631 status = name_query(name,
1641 /* exit loop if we got a list of addresses */
1643 if (NT_STATUS_IS_OK(status)) {
1647 if (NT_STATUS_EQUAL(status,
1648 NT_STATUS_IO_TIMEOUT)) {
1649 /* Timed out waiting for WINS server to
1652 wins_srv_died(wins_ip, src_ip);
1654 /* The name definitely isn't in this
1655 group of WINS servers.
1656 goto the next group */
1662 wins_srv_tags_free(wins_tags);
1663 return NT_STATUS_NO_LOGON_SERVERS;
1667 status = NT_STATUS_OK;
1668 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1669 status = NT_STATUS_INVALID_PARAMETER;
1671 TALLOC_FREE(ss_list);
1672 wins_srv_tags_free(wins_tags);
1677 /********************************************************
1678 Resolve via "lmhosts" method.
1679 *********************************************************/
1681 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1682 struct ip_service **return_iplist,
1686 * "lmhosts" means parse the local lmhosts file.
1688 struct sockaddr_storage *ss_list;
1689 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1690 TALLOC_CTX *ctx = NULL;
1692 *return_iplist = NULL;
1695 DEBUG(3,("resolve_lmhosts: "
1696 "Attempting lmhosts lookup for name %s<0x%x>\n",
1699 ctx = talloc_init("resolve_lmhosts");
1701 return NT_STATUS_NO_MEMORY;
1704 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1709 if (NT_STATUS_IS_OK(status)) {
1710 if (convert_ss2service(return_iplist,
1714 return NT_STATUS_OK;
1717 return NT_STATUS_NO_MEMORY;
1725 /********************************************************
1726 Resolve via "hosts" method.
1727 *********************************************************/
1729 static NTSTATUS resolve_hosts(const char *name, int name_type,
1730 struct ip_service **return_iplist,
1734 * "host" means do a localhost, or dns lookup.
1736 struct addrinfo hints;
1737 struct addrinfo *ailist = NULL;
1738 struct addrinfo *res = NULL;
1741 const char *dns_hosts_file;
1743 if ( name_type != 0x20 && name_type != 0x0) {
1744 DEBUG(5, ("resolve_hosts: not appropriate "
1745 "for name type <0x%x>\n",
1747 return NT_STATUS_INVALID_PARAMETER;
1750 *return_iplist = NULL;
1753 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1757 /* By default make sure it supports TCP. */
1758 hints.ai_socktype = SOCK_STREAM;
1759 hints.ai_flags = AI_ADDRCONFIG;
1761 #if !defined(HAVE_IPV6)
1762 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1763 hints.ai_family = AF_INET;
1766 dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
1767 if (dns_hosts_file) {
1768 struct sockaddr_storage *ss_list;
1770 TALLOC_CTX *ctx = talloc_stackframe();
1772 return NT_STATUS_NO_MEMORY;
1775 status = resolve_dns_hosts_file_as_sockaddr(dns_hosts_file, name, false,
1776 ctx, &ss_list, return_count);
1777 if (NT_STATUS_IS_OK(status)) {
1778 if (convert_ss2service(return_iplist,
1782 return NT_STATUS_OK;
1785 return NT_STATUS_NO_MEMORY;
1789 return NT_STATUS_UNSUCCESSFUL;
1792 ret = getaddrinfo(name,
1797 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1799 gai_strerror(ret) ));
1802 for (res = ailist; res; res = res->ai_next) {
1803 struct sockaddr_storage ss;
1805 if (!res->ai_addr || res->ai_addrlen == 0) {
1810 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1814 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1817 if (!*return_iplist) {
1818 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1819 freeaddrinfo(ailist);
1820 return NT_STATUS_NO_MEMORY;
1822 (*return_iplist)[i].ss = ss;
1823 (*return_iplist)[i].port = PORT_NONE;
1827 freeaddrinfo(ailist);
1829 if (*return_count) {
1830 return NT_STATUS_OK;
1832 return NT_STATUS_UNSUCCESSFUL;
1835 /********************************************************
1836 Resolve via "ADS" method.
1837 *********************************************************/
1839 /* Special name type used to cause a _kerberos DNS lookup. */
1840 #define KDC_NAME_TYPE 0xDCDC
1842 static NTSTATUS resolve_ads(const char *name,
1844 const char *sitename,
1845 struct ip_service **return_iplist,
1851 struct dns_rr_srv *dcs = NULL;
1855 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1856 (name_type != 0x1b)) {
1857 return NT_STATUS_INVALID_PARAMETER;
1860 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1861 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1862 return NT_STATUS_NO_MEMORY;
1865 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1867 switch (name_type) {
1869 DEBUG(5,("resolve_ads: Attempting to resolve "
1870 "PDC for %s using DNS\n", name));
1871 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1875 DEBUG(5,("resolve_ads: Attempting to resolve "
1876 "DCs for %s using DNS\n", name));
1877 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1881 DEBUG(5,("resolve_ads: Attempting to resolve "
1882 "KDCs for %s using DNS\n", name));
1883 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1887 status = NT_STATUS_INVALID_PARAMETER;
1891 if ( !NT_STATUS_IS_OK( status ) ) {
1892 talloc_destroy(ctx);
1896 for (i=0;i<numdcs;i++) {
1897 numaddrs += MAX(dcs[i].num_ips,1);
1900 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1902 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1904 talloc_destroy(ctx);
1905 return NT_STATUS_NO_MEMORY;
1908 /* now unroll the list of IP addresses */
1913 while ( i < numdcs && (*return_count<numaddrs) ) {
1914 struct ip_service *r = &(*return_iplist)[*return_count];
1916 r->port = dcs[i].port;
1918 /* If we don't have an IP list for a name, lookup it up */
1921 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1925 /* use the IP addresses from the SRV sresponse */
1927 if ( j >= dcs[i].num_ips ) {
1933 r->ss = dcs[i].ss_s[j];
1937 /* make sure it is a valid IP. I considered checking the
1938 * negative connection cache, but this is the wrong place
1939 * for it. Maybe only as a hack. After think about it, if
1940 * all of the IP addresses returned from DNS are dead, what
1941 * hope does a netbios name lookup have ? The standard reason
1942 * for falling back to netbios lookups is that our DNS server
1943 * doesn't know anything about the DC's -- jerry */
1945 if (!is_zero_addr(&r->ss)) {
1950 talloc_destroy(ctx);
1951 return NT_STATUS_OK;
1954 /*******************************************************************
1955 Internal interface to resolve a name into an IP address.
1956 Use this function if the string is either an IP address, DNS
1957 or host name or NetBIOS name. This uses the name switch in the
1958 smb.conf to determine the order of name resolution.
1960 Added support for ip addr/port to support ADS ldap servers.
1961 the only place we currently care about the port is in the
1962 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1963 **********************************************************************/
1965 NTSTATUS internal_resolve_name(const char *name,
1967 const char *sitename,
1968 struct ip_service **return_iplist,
1970 const char *resolve_order)
1974 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1976 TALLOC_CTX *frame = NULL;
1978 *return_iplist = NULL;
1981 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1982 name, name_type, sitename ? sitename : "(null)"));
1984 if (is_ipaddress(name)) {
1985 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1987 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1988 return NT_STATUS_NO_MEMORY;
1991 /* ignore the port here */
1992 (*return_iplist)->port = PORT_NONE;
1994 /* if it's in the form of an IP address then get the lib to interpret it */
1995 if (!interpret_string_addr(&(*return_iplist)->ss,
1996 name, AI_NUMERICHOST)) {
1997 DEBUG(1,("internal_resolve_name: interpret_string_addr "
2000 SAFE_FREE(*return_iplist);
2001 return NT_STATUS_INVALID_PARAMETER;
2004 return NT_STATUS_OK;
2007 /* Check name cache */
2009 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
2010 /* This could be a negative response */
2011 if (*return_count > 0) {
2012 return NT_STATUS_OK;
2014 return NT_STATUS_UNSUCCESSFUL;
2018 /* set the name resolution order */
2020 if (strcmp( resolve_order, "NULL") == 0) {
2021 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
2022 return NT_STATUS_INVALID_PARAMETER;
2025 if (!resolve_order[0]) {
2028 ptr = resolve_order;
2031 /* iterate through the name resolution backends */
2033 frame = talloc_stackframe();
2034 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
2035 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
2036 status = resolve_hosts(name, name_type, return_iplist,
2038 if (NT_STATUS_IS_OK(status)) {
2041 } else if(strequal( tok, "kdc")) {
2042 /* deal with KDC_NAME_TYPE names here.
2043 * This will result in a SRV record lookup */
2044 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
2045 return_iplist, return_count);
2046 if (NT_STATUS_IS_OK(status)) {
2047 /* Ensure we don't namecache
2048 * this with the KDC port. */
2049 name_type = KDC_NAME_TYPE;
2052 } else if(strequal( tok, "ads")) {
2053 /* deal with 0x1c and 0x1b names here.
2054 * This will result in a SRV record lookup */
2055 status = resolve_ads(name, name_type, sitename,
2056 return_iplist, return_count);
2057 if (NT_STATUS_IS_OK(status)) {
2060 } else if(strequal( tok, "lmhosts")) {
2061 status = resolve_lmhosts(name, name_type,
2062 return_iplist, return_count);
2063 if (NT_STATUS_IS_OK(status)) {
2066 } else if(strequal( tok, "wins")) {
2067 /* don't resolve 1D via WINS */
2068 if (name_type != 0x1D) {
2069 status = resolve_wins(name, name_type,
2072 if (NT_STATUS_IS_OK(status)) {
2076 } else if(strequal( tok, "bcast")) {
2077 status = name_resolve_bcast(name, name_type,
2080 if (NT_STATUS_IS_OK(status)) {
2084 DEBUG(0,("resolve_name: unknown name switch type %s\n",
2089 /* All of the resolve_* functions above have returned false. */
2092 SAFE_FREE(*return_iplist);
2095 return NT_STATUS_UNSUCCESSFUL;
2099 /* Remove duplicate entries. Some queries, notably #1c (domain
2100 controllers) return the PDC in iplist[0] and then all domain
2101 controllers including the PDC in iplist[1..n]. Iterating over
2102 the iplist when the PDC is down will cause two sets of timeouts. */
2104 if ( *return_count ) {
2105 *return_count = remove_duplicate_addrs2(*return_iplist,
2109 /* Save in name cache */
2110 if ( DEBUGLEVEL >= 100 ) {
2111 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
2112 char addr[INET6_ADDRSTRLEN];
2113 print_sockaddr(addr, sizeof(addr),
2114 &(*return_iplist)[i].ss);
2115 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
2119 (*return_iplist)[i].port));
2123 namecache_store(name, name_type, *return_count, *return_iplist);
2125 /* Display some debugging info */
2127 if ( DEBUGLEVEL >= 10 ) {
2128 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
2131 for (i = 0; i < *return_count; i++) {
2132 char addr[INET6_ADDRSTRLEN];
2133 print_sockaddr(addr, sizeof(addr),
2134 &(*return_iplist)[i].ss);
2135 DEBUGADD(10, ("%s:%d ",
2137 (*return_iplist)[i].port));
2146 /********************************************************
2147 Internal interface to resolve a name into one IP address.
2148 Use this function if the string is either an IP address, DNS
2149 or host name or NetBIOS name. This uses the name switch in the
2150 smb.conf to determine the order of name resolution.
2151 *********************************************************/
2153 bool resolve_name(const char *name,
2154 struct sockaddr_storage *return_ss,
2158 struct ip_service *ss_list = NULL;
2159 char *sitename = NULL;
2162 if (is_ipaddress(name)) {
2163 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
2166 sitename = sitename_fetch(lp_realm()); /* wild guess */
2168 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
2170 lp_name_resolve_order()))) {
2174 for (i=0; i<count; i++) {
2175 if (!is_zero_addr(&ss_list[i].ss) &&
2176 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
2177 (ss_list[i].ss.ss_family == AF_INET)) {
2178 *return_ss = ss_list[i].ss;
2180 SAFE_FREE(sitename);
2186 /* only return valid addresses for TCP connections */
2187 for (i=0; i<count; i++) {
2188 if (!is_zero_addr(&ss_list[i].ss) &&
2189 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2190 *return_ss = ss_list[i].ss;
2192 SAFE_FREE(sitename);
2199 SAFE_FREE(sitename);
2203 /********************************************************
2204 Internal interface to resolve a name into a list of IP addresses.
2205 Use this function if the string is either an IP address, DNS
2206 or host name or NetBIOS name. This uses the name switch in the
2207 smb.conf to determine the order of name resolution.
2208 *********************************************************/
2210 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
2213 struct sockaddr_storage **return_ss_arr,
2214 unsigned int *p_num_entries)
2216 struct ip_service *ss_list = NULL;
2217 char *sitename = NULL;
2220 unsigned int num_entries;
2224 *return_ss_arr = NULL;
2226 if (is_ipaddress(name)) {
2227 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
2228 if (!*return_ss_arr) {
2229 return NT_STATUS_NO_MEMORY;
2231 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
2232 TALLOC_FREE(*return_ss_arr);
2233 return NT_STATUS_BAD_NETWORK_NAME;
2236 return NT_STATUS_OK;
2239 sitename = sitename_fetch(lp_realm()); /* wild guess */
2241 status = internal_resolve_name(name, name_type, sitename,
2243 lp_name_resolve_order());
2244 SAFE_FREE(sitename);
2246 if (!NT_STATUS_IS_OK(status)) {
2250 /* only return valid addresses for TCP connections */
2251 for (i=0, num_entries = 0; i<count; i++) {
2252 if (!is_zero_addr(&ss_list[i].ss) &&
2253 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2257 if (num_entries == 0) {
2259 return NT_STATUS_BAD_NETWORK_NAME;
2262 *return_ss_arr = TALLOC_ARRAY(ctx,
2263 struct sockaddr_storage,
2265 if (!(*return_ss_arr)) {
2267 return NT_STATUS_NO_MEMORY;
2270 for (i=0, num_entries = 0; i<count; i++) {
2271 if (!is_zero_addr(&ss_list[i].ss) &&
2272 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2273 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
2277 status = NT_STATUS_OK;
2278 *p_num_entries = num_entries;
2281 return NT_STATUS_OK;
2284 /********************************************************
2285 Find the IP address of the master browser or DMB for a workgroup.
2286 *********************************************************/
2288 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
2290 struct ip_service *ip_list = NULL;
2294 if (lp_disable_netbios()) {
2295 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
2299 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
2300 lp_name_resolve_order());
2301 if (NT_STATUS_IS_OK(status)) {
2302 *master_ss = ip_list[0].ss;
2307 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
2308 lp_name_resolve_order());
2309 if (NT_STATUS_IS_OK(status)) {
2310 *master_ss = ip_list[0].ss;
2319 /********************************************************
2320 Get the IP address list of the primary domain controller
2322 *********************************************************/
2324 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
2326 struct ip_service *ip_list = NULL;
2328 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
2330 /* Look up #1B name */
2332 if (lp_security() == SEC_ADS) {
2333 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2337 if (!NT_STATUS_IS_OK(status) || count == 0) {
2338 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2340 lp_name_resolve_order());
2341 if (!NT_STATUS_IS_OK(status)) {
2346 /* if we get more than 1 IP back we have to assume it is a
2347 multi-homed PDC and not a mess up */
2350 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
2351 sort_service_list(ip_list, count);
2354 *pss = ip_list[0].ss;
2359 /* Private enum type for lookups. */
2361 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
2363 /********************************************************
2364 Get the IP address list of the domain controllers for
2366 *********************************************************/
2368 static NTSTATUS get_dc_list(const char *domain,
2369 const char *sitename,
2370 struct ip_service **ip_list,
2372 enum dc_lookup_type lookup_type,
2375 char *resolve_order = NULL;
2376 char *saf_servername = NULL;
2377 char *pserver = NULL;
2379 char *port_str = NULL;
2382 int num_addresses = 0;
2383 int local_count, i, j;
2384 struct ip_service *return_iplist = NULL;
2385 struct ip_service *auto_ip_list = NULL;
2386 bool done_auto_lookup = false;
2389 TALLOC_CTX *ctx = talloc_init("get_dc_list");
2395 return NT_STATUS_NO_MEMORY;
2400 /* if we are restricted to solely using DNS for looking
2401 up a domain controller, make sure that host lookups
2402 are enabled for the 'name resolve order'. If host lookups
2403 are disabled and ads_only is True, then set the string to
2406 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
2407 if (!resolve_order) {
2408 status = NT_STATUS_NO_MEMORY;
2411 strlower_m(resolve_order);
2412 if (lookup_type == DC_ADS_ONLY) {
2413 if (strstr( resolve_order, "host")) {
2414 resolve_order = talloc_strdup(ctx, "ads");
2416 /* DNS SRV lookups used by the ads resolver
2417 are already sorted by priority and weight */
2420 resolve_order = talloc_strdup(ctx, "NULL");
2422 } else if (lookup_type == DC_KDC_ONLY) {
2423 /* DNS SRV lookups used by the ads/kdc resolver
2424 are already sorted by priority and weight */
2426 resolve_order = talloc_strdup(ctx, "kdc");
2428 if (!resolve_order) {
2429 status = NT_STATUS_NO_MEMORY;
2433 /* fetch the server we have affinity for. Add the
2434 'password server' list to a search for our domain controllers */
2436 saf_servername = saf_fetch( domain);
2438 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
2439 pserver = talloc_asprintf(ctx, "%s, %s",
2440 saf_servername ? saf_servername : "",
2441 lp_passwordserver());
2443 pserver = talloc_asprintf(ctx, "%s, *",
2444 saf_servername ? saf_servername : "");
2447 SAFE_FREE(saf_servername);
2449 status = NT_STATUS_NO_MEMORY;
2453 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
2456 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
2457 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2458 count, resolve_order);
2462 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
2465 * if '*' appears in the "password server" list then add
2466 * an auto lookup to the list of manually configured
2467 * DC's. If any DC is listed by name, then the list should be
2468 * considered to be ordered
2472 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2473 if (!done_auto_lookup && strequal(name, "*")) {
2474 status = internal_resolve_name(domain, 0x1C, sitename,
2478 if (NT_STATUS_IS_OK(status)) {
2479 num_addresses += auto_count;
2481 done_auto_lookup = true;
2482 DEBUG(8,("Adding %d DC's from auto lookup\n",
2489 /* if we have no addresses and haven't done the auto lookup, then
2490 just return the list of DC's. Or maybe we just failed. */
2492 if ((num_addresses == 0)) {
2493 if (done_auto_lookup) {
2494 DEBUG(4,("get_dc_list: no servers found\n"));
2495 status = NT_STATUS_NO_LOGON_SERVERS;
2498 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2499 count, resolve_order);
2503 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
2504 num_addresses)) == NULL) {
2505 DEBUG(3,("get_dc_list: malloc fail !\n"));
2506 status = NT_STATUS_NO_MEMORY;
2513 /* fill in the return list now with real IP's */
2515 while ((local_count<num_addresses) &&
2516 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2517 struct sockaddr_storage name_ss;
2519 /* copy any addersses from the auto lookup */
2521 if (strequal(name, "*")) {
2522 for (j=0; j<auto_count; j++) {
2523 char addr[INET6_ADDRSTRLEN];
2524 print_sockaddr(addr,
2526 &auto_ip_list[j].ss);
2527 /* Check for and don't copy any
2528 * known bad DC IP's. */
2529 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
2532 DEBUG(5,("get_dc_list: "
2533 "negative entry %s removed "
2538 return_iplist[local_count].ss =
2540 return_iplist[local_count].port =
2541 auto_ip_list[j].port;
2547 /* added support for address:port syntax for ads
2548 * (not that I think anyone will ever run the LDAP
2549 * server in an AD domain on something other than
2552 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2553 if ((port_str=strchr(name, ':')) != NULL) {
2556 port = atoi(port_str);
2559 /* explicit lookup; resolve_name() will
2560 * handle names & IP addresses */
2561 if (resolve_name( name, &name_ss, 0x20, true )) {
2562 char addr[INET6_ADDRSTRLEN];
2563 print_sockaddr(addr,
2567 /* Check for and don't copy any known bad DC IP's. */
2568 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2570 DEBUG(5,("get_dc_list: negative entry %s "
2571 "removed from DC list\n",
2576 return_iplist[local_count].ss = name_ss;
2577 return_iplist[local_count].port = port;
2583 /* need to remove duplicates in the list if we have any
2584 explicit password servers */
2587 local_count = remove_duplicate_addrs2(return_iplist,
2591 /* For DC's we always prioritize IPv4 due to W2K3 not
2592 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2594 if (local_count && return_iplist) {
2595 prioritize_ipv4_list(return_iplist, local_count);
2598 if ( DEBUGLEVEL >= 4 ) {
2599 DEBUG(4,("get_dc_list: returning %d ip addresses "
2600 "in an %sordered list\n",
2602 *ordered ? "":"un"));
2603 DEBUG(4,("get_dc_list: "));
2604 for ( i=0; i<local_count; i++ ) {
2605 char addr[INET6_ADDRSTRLEN];
2606 print_sockaddr(addr,
2608 &return_iplist[i].ss);
2609 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2614 *ip_list = return_iplist;
2615 *count = local_count;
2617 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2621 if (!NT_STATUS_IS_OK(status)) {
2622 SAFE_FREE(return_iplist);
2627 SAFE_FREE(auto_ip_list);
2632 /*********************************************************************
2633 Small wrapper function to get the DC list and sort it if neccessary.
2634 *********************************************************************/
2636 NTSTATUS get_sorted_dc_list( const char *domain,
2637 const char *sitename,
2638 struct ip_service **ip_list,
2642 bool ordered = false;
2644 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2649 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2650 "for name %s (sitename %s) using [%s]\n",
2652 sitename ? sitename : "NULL",
2653 (ads_only ? "ads" : lp_name_resolve_order())));
2656 lookup_type = DC_ADS_ONLY;
2659 status = get_dc_list(domain, sitename, ip_list,
2660 count, lookup_type, &ordered);
2661 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2663 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2664 " in site %s, fallback to all servers\n",
2666 status = get_dc_list(domain, NULL, ip_list,
2667 count, lookup_type, &ordered);
2670 if (!NT_STATUS_IS_OK(status)) {
2671 SAFE_FREE(*ip_list);
2676 /* only sort if we don't already have an ordered list */
2678 sort_service_list(*ip_list, *count);
2681 return NT_STATUS_OK;
2684 /*********************************************************************
2685 Get the KDC list - re-use all the logic in get_dc_list.
2686 *********************************************************************/
2688 NTSTATUS get_kdc_list( const char *realm,
2689 const char *sitename,
2690 struct ip_service **ip_list,
2699 status = get_dc_list(realm, sitename, ip_list,
2700 count, DC_KDC_ONLY, &ordered);
2702 if (!NT_STATUS_IS_OK(status)) {
2703 SAFE_FREE(*ip_list);
2708 /* only sort if we don't already have an ordered list */
2710 sort_service_list(*ip_list, *count);
2713 return NT_STATUS_OK;