2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* nmbd.c sets this to True. */
24 bool global_in_nmbd = False;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
38 static char *saf_key(const char *domain)
42 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
47 /****************************************************************************
48 ****************************************************************************/
50 bool saf_store( const char *domain, const char *servername )
56 if ( !domain || !servername ) {
57 DEBUG(2,("saf_store: "
58 "Refusing to store empty domain or servername!\n"));
62 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
63 DEBUG(0,("saf_store: "
64 "refusing to store 0 length domain or servername!\n"));
68 if ( !gencache_init() )
71 key = saf_key( domain );
72 expire = time( NULL ) + SAF_TTL;
74 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
75 domain, servername, (unsigned int)expire ));
77 ret = gencache_set( key, servername, expire );
84 bool saf_delete( const char *domain )
90 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
94 if ( !gencache_init() )
97 key = saf_key(domain);
98 ret = gencache_del(key);
101 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
109 /****************************************************************************
110 ****************************************************************************/
112 char *saf_fetch( const char *domain )
119 if ( !domain || strlen(domain) == 0) {
120 DEBUG(2,("saf_fetch: Empty domain name!\n"));
124 if ( !gencache_init() )
127 key = saf_key( domain );
129 ret = gencache_get( key, &server, &timeout );
134 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
137 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
144 /****************************************************************************
145 Generate a random trn_id.
146 ****************************************************************************/
148 static int generate_trn_id(void)
152 generate_random_buffer((uint8 *)&id, sizeof(id));
154 return id % (unsigned)0x7FFF;
157 /****************************************************************************
158 Parse a node status response into an array of structures.
159 ****************************************************************************/
161 static NODE_STATUS_STRUCT *parse_node_status(char *p,
163 struct node_status_extra *extra)
165 NODE_STATUS_STRUCT *ret;
168 *num_names = CVAL(p,0);
173 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
178 for (i=0;i< *num_names;i++) {
179 StrnCpy(ret[i].name,p,15);
180 trim_char(ret[i].name,'\0',' ');
181 ret[i].type = CVAL(p,15);
182 ret[i].flags = p[16];
184 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
185 ret[i].type, ret[i].flags));
188 * Also, pick up the MAC address ...
191 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
197 /****************************************************************************
198 Do a NBT node status query on an open socket and return an array of
199 structures holding the returned names or NULL if the query failed.
200 **************************************************************************/
202 NODE_STATUS_STRUCT *node_status_query(int fd,
203 struct nmb_name *name,
204 const struct sockaddr_storage *to_ss,
206 struct node_status_extra *extra)
210 int retry_time = 2000;
212 struct packet_struct p;
213 struct packet_struct *p2;
214 struct nmb_packet *nmb = &p.packet.nmb;
215 NODE_STATUS_STRUCT *ret;
219 if (to_ss->ss_family != AF_INET) {
220 /* Can't do node status to IPv6 */
223 nmb->header.name_trn_id = generate_trn_id();
224 nmb->header.opcode = 0;
225 nmb->header.response = false;
226 nmb->header.nm_flags.bcast = false;
227 nmb->header.nm_flags.recursion_available = false;
228 nmb->header.nm_flags.recursion_desired = false;
229 nmb->header.nm_flags.trunc = false;
230 nmb->header.nm_flags.authoritative = false;
231 nmb->header.rcode = 0;
232 nmb->header.qdcount = 1;
233 nmb->header.ancount = 0;
234 nmb->header.nscount = 0;
235 nmb->header.arcount = 0;
236 nmb->question.question_name = *name;
237 nmb->question.question_type = 0x21;
238 nmb->question.question_class = 0x1;
240 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
243 p.timestamp = time(NULL);
244 p.packet_type = NMB_PACKET;
248 if (!send_packet(&p))
254 struct timeval tval2;
255 GetTimeOfDay(&tval2);
256 if (TvalDiff(&tval,&tval2) > retry_time) {
259 if (!found && !send_packet(&p))
265 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
266 struct nmb_packet *nmb2 = &p2->packet.nmb;
267 debug_nmb_packet(p2);
269 if (nmb2->header.opcode != 0 ||
270 nmb2->header.nm_flags.bcast ||
271 nmb2->header.rcode ||
272 !nmb2->header.ancount ||
273 nmb2->answers->rr_type != 0x21) {
274 /* XXXX what do we do with this? could be a
275 redirect, but we'll discard it for the
281 ret = parse_node_status(&nmb2->answers->rdata[0],
291 /****************************************************************************
292 Find the first type XX name in a node status reply - used for finding
293 a servers name given its IP. Return the matched name in *name.
294 **************************************************************************/
296 bool name_status_find(const char *q_name,
299 const struct sockaddr_storage *to_ss,
302 char addr[INET6_ADDRSTRLEN];
303 struct sockaddr_storage ss;
304 NODE_STATUS_STRUCT *status = NULL;
305 struct nmb_name nname;
310 if (lp_disable_netbios()) {
311 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
316 print_sockaddr(addr, sizeof(addr), to_ss);
318 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
321 /* Check the cache first. */
323 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
327 if (to_ss->ss_family != AF_INET) {
328 /* Can't do node status to IPv6 */
332 if (!interpret_string_addr(&ss, lp_socket_address(),
333 AI_NUMERICHOST|AI_PASSIVE)) {
334 zero_addr(&ss, AF_INET);
337 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
341 /* W2K PDC's seem not to respond to '*'#0. JRA */
342 make_nmb_name(&nname, q_name, q_type);
343 status = node_status_query(sock, &nname, to_ss, &count, NULL);
348 for (i=0;i<count;i++) {
349 if (status[i].type == type)
355 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
357 /* Store the result in the cache. */
358 /* but don't store an entry for 0x1c names here. Here we have
359 a single host and DOMAIN<0x1c> names should be a list of hosts */
361 if ( q_type != 0x1c ) {
362 namecache_status_store(q_name, q_type, type, to_ss, name);
370 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
373 DEBUGADD(10, (", name %s ip address is %s", name, addr));
381 comparison function used by sort_addr_list
384 static int addr_compare(const struct sockaddr_storage *ss1,
385 const struct sockaddr_storage *ss2)
387 int max_bits1=0, max_bits2=0;
388 int num_interfaces = iface_count();
391 /* Sort IPv6 addresses first. */
392 if (ss1->ss_family != ss2->ss_family) {
393 if (ss2->ss_family == AF_INET) {
400 /* Here we know both addresses are of the same
403 for (i=0;i<num_interfaces;i++) {
404 const struct sockaddr_storage *pss = iface_n_bcast(i);
405 unsigned char *p_ss1 = NULL;
406 unsigned char *p_ss2 = NULL;
407 unsigned char *p_if = NULL;
411 if (pss->ss_family != ss1->ss_family) {
412 /* Ignore interfaces of the wrong type. */
415 if (pss->ss_family == AF_INET) {
416 p_if = (unsigned char *)
417 &((const struct sockaddr_in *)pss)->sin_addr;
418 p_ss1 = (unsigned char *)
419 &((const struct sockaddr_in *)ss1)->sin_addr;
420 p_ss2 = (unsigned char *)
421 &((const struct sockaddr_in *)ss2)->sin_addr;
424 #if defined(HAVE_IPV6)
425 if (pss->ss_family == AF_INET6) {
426 p_if = (unsigned char *)
427 &((const struct sockaddr_in6 *)pss)->sin6_addr;
428 p_ss1 = (unsigned char *)
429 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
430 p_ss2 = (unsigned char *)
431 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
435 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
438 bits1 = matching_len_bits(p_ss1, p_if, len);
439 bits2 = matching_len_bits(p_ss2, p_if, len);
440 max_bits1 = MAX(bits1, max_bits1);
441 max_bits2 = MAX(bits2, max_bits2);
444 /* Bias towards directly reachable IPs */
445 if (iface_local(ss1)) {
446 if (ss1->ss_family == AF_INET) {
452 if (iface_local(ss2)) {
453 if (ss2->ss_family == AF_INET) {
459 return max_bits2 - max_bits1;
462 /*******************************************************************
463 compare 2 ldap IPs by nearness to our interfaces - used in qsort
464 *******************************************************************/
466 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
470 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
474 if (ss1->port > ss2->port) {
478 if (ss1->port < ss2->port) {
486 sort an IP list so that names that are close to one of our interfaces
487 are at the top. This prevents the problem where a WINS server returns an IP
488 that is not reachable from our subnet as the first match
491 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
497 qsort(sslist, count, sizeof(struct sockaddr_storage),
498 QSORT_CAST addr_compare);
501 static void sort_service_list(struct ip_service *servlist, int count)
507 qsort(servlist, count, sizeof(struct ip_service),
508 QSORT_CAST ip_service_compare);
511 /**********************************************************************
512 Remove any duplicate address/port pairs in the list
513 *********************************************************************/
515 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
519 DEBUG(10,("remove_duplicate_addrs2: "
520 "looking for duplicate address/port pairs\n"));
522 /* one loop to remove duplicates */
523 for ( i=0; i<count; i++ ) {
524 if ( is_zero_addr(&iplist[i].ss)) {
528 for ( j=i+1; j<count; j++ ) {
529 if (addr_equal(&iplist[i].ss, &iplist[j].ss) &&
530 iplist[i].port == iplist[j].port) {
531 zero_addr(&iplist[j].ss, AF_INET);
536 /* one loop to clean up any holes we left */
537 /* first ip should never be a zero_ip() */
538 for (i = 0; i<count; ) {
539 if (is_zero_addr(&iplist[i].ss) ) {
541 memmove(&iplist[i], &iplist[i+1],
542 (count - i - 1)*sizeof(iplist[i]));
553 /****************************************************************************
554 Do a netbios name query to find someones IP.
555 Returns an array of IP addresses or NULL if none.
556 *count will be set to the number of addresses returned.
557 *timed_out is set if we failed by timing out
558 ****************************************************************************/
560 struct sockaddr_storage *name_query(int fd,
565 const struct sockaddr_storage *to_ss,
572 int retry_time = bcast?250:2000;
574 struct packet_struct p;
575 struct packet_struct *p2;
576 struct nmb_packet *nmb = &p.packet.nmb;
577 struct sockaddr_storage *ss_list = NULL;
579 if (lp_disable_netbios()) {
580 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
585 if (to_ss->ss_family != AF_INET) {
593 memset((char *)&p,'\0',sizeof(p));
597 nmb->header.name_trn_id = generate_trn_id();
598 nmb->header.opcode = 0;
599 nmb->header.response = false;
600 nmb->header.nm_flags.bcast = bcast;
601 nmb->header.nm_flags.recursion_available = false;
602 nmb->header.nm_flags.recursion_desired = recurse;
603 nmb->header.nm_flags.trunc = false;
604 nmb->header.nm_flags.authoritative = false;
605 nmb->header.rcode = 0;
606 nmb->header.qdcount = 1;
607 nmb->header.ancount = 0;
608 nmb->header.nscount = 0;
609 nmb->header.arcount = 0;
611 make_nmb_name(&nmb->question.question_name,name,name_type);
613 nmb->question.question_type = 0x20;
614 nmb->question.question_class = 0x1;
616 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
619 p.timestamp = time(NULL);
620 p.packet_type = NMB_PACKET;
624 if (!send_packet(&p))
630 struct timeval tval2;
632 GetTimeOfDay(&tval2);
633 if (TvalDiff(&tval,&tval2) > retry_time) {
636 if (!found && !send_packet(&p))
642 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
643 struct nmb_packet *nmb2 = &p2->packet.nmb;
644 debug_nmb_packet(p2);
646 /* If we get a Negative Name Query Response from a WINS
647 * server, we should report it and give up.
649 if( 0 == nmb2->header.opcode /* A query response */
650 && !(bcast) /* from a WINS server */
651 && nmb2->header.rcode /* Error returned */
654 if( DEBUGLVL( 3 ) ) {
655 /* Only executed if DEBUGLEVEL >= 3 */
656 dbgtext( "Negative name query "
657 "response, rcode 0x%02x: ",
658 nmb2->header.rcode );
659 switch( nmb2->header.rcode ) {
662 "was invalidly formatted.\n" );
665 dbgtext( "Problem with NBNS, "
666 "cannot process name.\n");
669 dbgtext( "The name requested "
670 "does not exist.\n" );
673 dbgtext( "Unsupported request "
677 dbgtext( "Query refused "
681 dbgtext( "Unrecognized error "
690 if (nmb2->header.opcode != 0 ||
691 nmb2->header.nm_flags.bcast ||
692 nmb2->header.rcode ||
693 !nmb2->header.ancount) {
695 * XXXX what do we do with this? Could be a
696 * redirect, but we'll discard it for the
703 ss_list = SMB_REALLOC_ARRAY(ss_list,
704 struct sockaddr_storage,
706 nmb2->answers->rdlength/6);
709 DEBUG(0,("name_query: Realloc failed.\n"));
714 DEBUG(2,("Got a positive name query response "
718 for (i=0;i<nmb2->answers->rdlength/6;i++) {
720 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
721 in_addr_to_sockaddr_storage(&ss_list[(*count)],
723 DEBUGADD(2,("%s ",inet_ntoa(ip)));
730 /* We add the flags back ... */
731 if (nmb2->header.response)
732 (*flags) |= NM_FLAGS_RS;
733 if (nmb2->header.nm_flags.authoritative)
734 (*flags) |= NM_FLAGS_AA;
735 if (nmb2->header.nm_flags.trunc)
736 (*flags) |= NM_FLAGS_TC;
737 if (nmb2->header.nm_flags.recursion_desired)
738 (*flags) |= NM_FLAGS_RD;
739 if (nmb2->header.nm_flags.recursion_available)
740 (*flags) |= NM_FLAGS_RA;
741 if (nmb2->header.nm_flags.bcast)
742 (*flags) |= NM_FLAGS_B;
745 * If we're doing a unicast lookup we only
746 * expect one reply. Don't wait the full 2
747 * seconds if we got one. JRA.
754 /* only set timed_out if we didn't fund what we where looking for*/
756 if ( !found && timed_out ) {
760 /* sort the ip list so we choose close servers first if possible */
761 sort_addr_list(ss_list, *count);
766 /********************************************************
767 Start parsing the lmhosts file.
768 *********************************************************/
770 XFILE *startlmhosts(const char *fname)
772 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
774 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. "
776 fname, strerror(errno)));
782 /********************************************************
783 Parse the next line in the lmhosts file.
784 *********************************************************/
786 bool getlmhostsent(XFILE *fp, pstring name, int *name_type,
787 struct sockaddr_storage *pss)
791 while(!x_feof(fp) && !x_ferror(fp)) {
792 pstring ip,flags,extra;
799 if (!fgets_slash(line,sizeof(pstring),fp)) {
813 if (next_token(&ptr,ip ,NULL,sizeof(ip)))
815 if (next_token(&ptr,name ,NULL, sizeof(pstring)))
817 if (next_token(&ptr,flags,NULL, sizeof(flags)))
819 if (next_token(&ptr,extra,NULL, sizeof(extra)))
825 if (count > 0 && count < 2) {
826 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",
832 DEBUG(0,("getlmhostsent: too many columns "
833 "in lmhosts file (obsolete syntax)\n"));
837 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n",
840 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
841 DEBUG(0,("getlmhostsent: group flag "
842 "in lmhosts ignored (obsolete)\n"));
846 if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) {
847 DEBUG(0,("getlmhostsent: invalid address "
851 /* Extra feature. If the name ends in '#XX',
852 * where XX is a hex number, then only add that name type. */
853 if((ptr1 = strchr_m(name, '#')) != NULL) {
857 *name_type = (int)strtol(ptr1, &endptr, 16);
858 if(!*ptr1 || (endptr == ptr1)) {
859 DEBUG(0,("getlmhostsent: invalid name "
860 "%s containing '#'.\n", name));
864 *(--ptr1) = '\0'; /* Truncate at the '#' */
873 /********************************************************
874 Finish parsing the lmhosts file.
875 *********************************************************/
877 void endlmhosts(XFILE *fp)
882 /********************************************************
883 convert an array if struct sockaddr_storage to struct ip_service
884 return false on failure. Port is set to PORT_NONE;
885 *********************************************************/
887 static bool convert_ss2service(struct ip_service **return_iplist,
888 const struct sockaddr_storage *ss_list,
893 if ( count==0 || !ss_list )
896 /* copy the ip address; port will be PORT_NONE */
897 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
899 DEBUG(0,("convert_ip2service: malloc failed "
900 "for %d enetries!\n", count ));
904 for ( i=0; i<count; i++ ) {
905 (*return_iplist)[i].ss = ss_list[i];
906 (*return_iplist)[i].port = PORT_NONE;
912 /********************************************************
913 Resolve via "bcast" method.
914 *********************************************************/
916 NTSTATUS name_resolve_bcast(const char *name,
918 struct ip_service **return_iplist,
922 int num_interfaces = iface_count();
923 struct sockaddr_storage *ss_list;
924 struct sockaddr_storage ss;
927 if (lp_disable_netbios()) {
928 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
930 return NT_STATUS_INVALID_PARAMETER;
933 *return_iplist = NULL;
937 * "bcast" means do a broadcast lookup on all the local interfaces.
940 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
941 "for name %s<0x%x>\n", name, name_type));
943 if (!interpret_string_addr(&ss, lp_socket_address(),
944 AI_NUMERICHOST|AI_PASSIVE)) {
945 zero_addr(&ss, AF_INET);
948 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
950 return NT_STATUS_UNSUCCESSFUL;
953 set_socket_options(sock,"SO_BROADCAST");
955 * Lookup the name on all the interfaces, return on
956 * the first successful match.
958 for( i = num_interfaces-1; i >= 0; i--) {
959 const struct sockaddr_storage *pss = iface_n_bcast(i);
962 /* Done this way to fix compiler error on IRIX 5.x */
966 ss_list = name_query(sock, name, name_type, true,
967 true, pss, return_count, &flags, NULL);
973 /* failed - no response */
976 return NT_STATUS_UNSUCCESSFUL;
980 status = NT_STATUS_OK;
981 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
982 status = NT_STATUS_INVALID_PARAMETER;
989 /********************************************************
990 Resolve via "wins" method.
991 *********************************************************/
993 NTSTATUS resolve_wins(const char *name,
995 struct ip_service **return_iplist,
1000 struct sockaddr_storage src_ss, *ss_list = NULL;
1001 struct in_addr src_ip;
1004 if (lp_disable_netbios()) {
1005 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1007 return NT_STATUS_INVALID_PARAMETER;
1010 *return_iplist = NULL;
1013 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1016 if (wins_srv_count() < 1) {
1017 DEBUG(3,("resolve_wins: WINS server resolution selected "
1018 "and no WINS servers listed.\n"));
1019 return NT_STATUS_INVALID_PARAMETER;
1022 /* we try a lookup on each of the WINS tags in turn */
1023 wins_tags = wins_srv_tags();
1026 /* huh? no tags?? give up in disgust */
1027 return NT_STATUS_INVALID_PARAMETER;
1030 /* the address we will be sending from */
1031 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1032 AI_NUMERICHOST|AI_PASSIVE)) {
1033 zero_addr(&src_ss, AF_INET);
1036 if (src_ss.ss_family != AF_INET) {
1037 char addr[INET6_ADDRSTRLEN];
1038 print_sockaddr(addr, sizeof(addr), &src_ss);
1039 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1040 "on IPv6 address %s\n",
1042 return NT_STATUS_INVALID_PARAMETER;
1045 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1047 /* in the worst case we will try every wins server with every
1049 for (t=0; wins_tags && wins_tags[t]; t++) {
1050 int srv_count = wins_srv_count_tag(wins_tags[t]);
1051 for (i=0; i<srv_count; i++) {
1052 struct sockaddr_storage wins_ss;
1053 struct in_addr wins_ip;
1057 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1059 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1060 /* yikes! we'll loop forever */
1064 /* skip any that have been unresponsive lately */
1065 if (wins_srv_is_dead(wins_ip, src_ip)) {
1069 DEBUG(3,("resolve_wins: using WINS server %s "
1071 inet_ntoa(wins_ip), wins_tags[t]));
1073 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1078 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1079 ss_list = name_query(sock,
1089 /* exit loop if we got a list of addresses */
1097 /* Timed out wating for WINS server to respond.
1099 wins_srv_died(wins_ip, src_ip);
1101 /* The name definately isn't in this
1102 group of WINS servers.
1103 goto the next group */
1109 wins_srv_tags_free(wins_tags);
1110 return NT_STATUS_NO_LOGON_SERVERS;
1114 status = NT_STATUS_OK;
1115 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1116 status = NT_STATUS_INVALID_PARAMETER;
1119 wins_srv_tags_free(wins_tags);
1125 /********************************************************
1126 Resolve via "lmhosts" method.
1127 *********************************************************/
1129 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1130 struct ip_service **return_iplist,
1134 * "lmhosts" means parse the local lmhosts file.
1138 pstring lmhost_name;
1140 struct sockaddr_storage return_ss;
1141 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1143 *return_iplist = NULL;
1146 DEBUG(3,("resolve_lmhosts: "
1147 "Attempting lmhosts lookup for name %s<0x%x>\n",
1150 fp = startlmhosts(dyn_LMHOSTSFILE);
1153 return NT_STATUS_NO_SUCH_FILE;
1155 while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ss)) {
1157 if (!strequal(name, lmhost_name))
1160 if ((name_type2 != -1) && (name_type != name_type2))
1163 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist),
1167 if ((*return_iplist) == NULL) {
1169 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
1170 return NT_STATUS_NO_MEMORY;
1173 (*return_iplist)[*return_count].ss = return_ss;
1174 (*return_iplist)[*return_count].port = PORT_NONE;
1177 /* we found something */
1178 status = NT_STATUS_OK;
1180 /* Multiple names only for DC lookup */
1181 if (name_type != 0x1c)
1190 /********************************************************
1191 Resolve via "hosts" method.
1192 *********************************************************/
1194 static NTSTATUS resolve_hosts(const char *name, int name_type,
1195 struct ip_service **return_iplist,
1199 * "host" means do a localhost, or dns lookup.
1201 struct addrinfo hints;
1202 struct addrinfo *ailist = NULL;
1203 struct addrinfo *res = NULL;
1207 if ( name_type != 0x20 && name_type != 0x0) {
1208 DEBUG(5, ("resolve_hosts: not appropriate "
1209 "for name type <0x%x>\n",
1211 return NT_STATUS_INVALID_PARAMETER;
1214 *return_iplist = NULL;
1217 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1221 /* By default make sure it supports TCP. */
1222 hints.ai_socktype = SOCK_STREAM;
1223 hints.ai_flags = AI_ADDRCONFIG;
1225 ret = getaddrinfo(name,
1230 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1232 gai_strerror(ret) ));
1235 for (res = ailist; res; res = res->ai_next) {
1236 struct sockaddr_storage ss;
1238 if (!res->ai_addr || res->ai_addrlen == 0) {
1242 memset(&ss, '\0', sizeof(ss));
1243 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1247 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1250 if (!*return_iplist) {
1251 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1252 freeaddrinfo(ailist);
1253 return NT_STATUS_NO_MEMORY;
1255 (*return_iplist)[i].ss = ss;
1256 (*return_iplist)[i].port = PORT_NONE;
1260 freeaddrinfo(ailist);
1262 if (*return_count) {
1263 return NT_STATUS_OK;
1265 return NT_STATUS_UNSUCCESSFUL;
1268 /********************************************************
1269 Resolve via "ADS" method.
1270 *********************************************************/
1272 NTSTATUS resolve_ads(const char *name,
1274 const char *sitename,
1275 struct ip_service **return_iplist,
1281 struct dns_rr_srv *dcs = NULL;
1285 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1286 (name_type != 0x1b)) {
1287 return NT_STATUS_INVALID_PARAMETER;
1290 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1291 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1292 return NT_STATUS_NO_MEMORY;
1295 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1297 switch (name_type) {
1299 DEBUG(5,("resolve_ads: Attempting to resolve "
1300 "PDC for %s using DNS\n", name));
1301 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1305 DEBUG(5,("resolve_ads: Attempting to resolve "
1306 "DCs for %s using DNS\n", name));
1307 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1311 DEBUG(5,("resolve_ads: Attempting to resolve "
1312 "KDCs for %s using DNS\n", name));
1313 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1317 status = NT_STATUS_INVALID_PARAMETER;
1321 if ( !NT_STATUS_IS_OK( status ) ) {
1322 talloc_destroy(ctx);
1326 for (i=0;i<numdcs;i++) {
1327 numaddrs += MAX(dcs[i].num_ips,1);
1330 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1332 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1334 talloc_destroy(ctx);
1335 return NT_STATUS_NO_MEMORY;
1338 /* now unroll the list of IP addresses */
1343 while ( i < numdcs && (*return_count<numaddrs) ) {
1345 struct ip_service *r = &(*return_iplist)[*return_count];
1347 r->port = dcs[i].port;
1349 /* If we don't have an IP list for a name, lookup it up */
1352 ip = *interpret_addr2(dcs[i].hostname);
1356 /* use the IP addresses from the SRV sresponse */
1358 if ( j >= dcs[i].num_ips ) {
1368 in_addr_to_sockaddr_storage(&r->ss, ip);
1370 /* make sure it is a valid IP. I considered checking the
1371 * negative connection cache, but this is the wrong place
1372 * for it. Maybe only as a hack. After think about it, if
1373 * all of the IP addresses returned from DNS are dead, what
1374 * hope does a netbios name lookup have ? The standard reason
1375 * for falling back to netbios lookups is that our DNS server
1376 * doesn't know anything about the DC's -- jerry */
1378 if (!is_zero_addr(&r->ss)) {
1383 talloc_destroy(ctx);
1384 return NT_STATUS_OK;
1387 /*******************************************************************
1388 Internal interface to resolve a name into an IP address.
1389 Use this function if the string is either an IP address, DNS
1390 or host name or NetBIOS name. This uses the name switch in the
1391 smb.conf to determine the order of name resolution.
1393 Added support for ip addr/port to support ADS ldap servers.
1394 the only place we currently care about the port is in the
1395 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1396 **********************************************************************/
1398 NTSTATUS internal_resolve_name(const char *name,
1400 const char *sitename,
1401 struct ip_service **return_iplist,
1403 const char *resolve_order)
1405 pstring name_resolve_list;
1408 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1411 *return_iplist = NULL;
1414 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1415 name, name_type, sitename ? sitename : NULL));
1417 if (is_ipaddress(name)) {
1418 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1420 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1421 return NT_STATUS_NO_MEMORY;
1424 /* ignore the port here */
1425 (*return_iplist)->port = PORT_NONE;
1427 /* if it's in the form of an IP address then get the lib to interpret it */
1428 if (!interpret_string_addr(&(*return_iplist)->ss,
1429 name, AI_NUMERICHOST)) {
1430 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1433 SAFE_FREE(*return_iplist);
1434 return NT_STATUS_INVALID_PARAMETER;
1437 return NT_STATUS_OK;
1440 /* Check name cache */
1442 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1443 /* This could be a negative response */
1444 if (*return_count > 0) {
1445 return NT_STATUS_OK;
1447 return NT_STATUS_UNSUCCESSFUL;
1451 /* set the name resolution order */
1453 if (strcmp( resolve_order, "NULL") == 0) {
1454 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1455 return NT_STATUS_INVALID_PARAMETER;
1458 if (!resolve_order) {
1459 pstrcpy(name_resolve_list, lp_name_resolve_order());
1461 pstrcpy(name_resolve_list, resolve_order);
1464 if (!name_resolve_list[0]) {
1467 ptr = name_resolve_list;
1470 /* iterate through the name resolution backends */
1472 while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
1473 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1474 status = resolve_hosts(name, name_type, return_iplist,
1476 if (NT_STATUS_IS_OK(status)) {
1479 } else if(strequal( tok, "kdc")) {
1480 /* deal with KDC_NAME_TYPE names here.
1481 * This will result in a SRV record lookup */
1482 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1483 return_iplist, return_count);
1484 if (NT_STATUS_IS_OK(status)) {
1485 /* Ensure we don't namecache
1486 * this with the KDC port. */
1487 name_type = KDC_NAME_TYPE;
1490 } else if(strequal( tok, "ads")) {
1491 /* deal with 0x1c and 0x1b names here.
1492 * This will result in a SRV record lookup */
1493 status = resolve_ads(name, name_type, sitename,
1494 return_iplist, return_count);
1495 if (NT_STATUS_IS_OK(status)) {
1498 } else if(strequal( tok, "lmhosts")) {
1499 status = resolve_lmhosts(name, name_type,
1500 return_iplist, return_count);
1501 if (NT_STATUS_IS_OK(status)) {
1504 } else if(strequal( tok, "wins")) {
1505 /* don't resolve 1D via WINS */
1506 if (name_type != 0x1D) {
1507 status = resolve_wins(name, name_type,
1510 if (NT_STATUS_IS_OK(status)) {
1514 } else if(strequal( tok, "bcast")) {
1515 status = name_resolve_bcast(name, name_type,
1518 if (NT_STATUS_IS_OK(status)) {
1522 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1527 /* All of the resolve_* functions above have returned false. */
1529 SAFE_FREE(*return_iplist);
1532 return NT_STATUS_UNSUCCESSFUL;
1536 /* Remove duplicate entries. Some queries, notably #1c (domain
1537 controllers) return the PDC in iplist[0] and then all domain
1538 controllers including the PDC in iplist[1..n]. Iterating over
1539 the iplist when the PDC is down will cause two sets of timeouts. */
1541 if ( *return_count ) {
1542 *return_count = remove_duplicate_addrs2(*return_iplist,
1546 /* Save in name cache */
1547 if ( DEBUGLEVEL >= 100 ) {
1548 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1549 char addr[INET6_ADDRSTRLEN];
1550 print_sockaddr(addr, sizeof(addr),
1551 &(*return_iplist)[i].ss);
1552 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1556 (*return_iplist)[i].port));
1560 namecache_store(name, name_type, *return_count, *return_iplist);
1562 /* Display some debugging info */
1564 if ( DEBUGLEVEL >= 10 ) {
1565 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1568 for (i = 0; i < *return_count; i++) {
1569 char addr[INET6_ADDRSTRLEN];
1570 print_sockaddr(addr, sizeof(addr),
1571 &(*return_iplist)[i].ss);
1572 DEBUGADD(10, ("%s:%d ",
1574 (*return_iplist)[i].port));
1582 /********************************************************
1583 Internal interface to resolve a name into one IP address.
1584 Use this function if the string is either an IP address, DNS
1585 or host name or NetBIOS name. This uses the name switch in the
1586 smb.conf to determine the order of name resolution.
1587 *********************************************************/
1589 bool resolve_name(const char *name,
1590 struct sockaddr_storage *return_ss,
1593 struct ip_service *ss_list = NULL;
1594 char *sitename = NULL;
1597 #if defined(HAVE_IPV6)
1598 unsigned int if_idx = 0;
1599 const char *p = strchr_m(name, '%');
1601 if (p && (if_idx = if_nametoindex(p+1)) != 0) {
1602 char *newname = SMB_STRDUP(name);
1606 newname[PTR_DIFF(p,name)] = '\0';
1607 if (is_ipaddress(newname) &&
1608 interpret_string_addr(return_ss,
1609 newname, AI_NUMERICHOST)) {
1610 struct sockaddr_in6 *psa6 =
1611 (struct sockaddr_in6 *)&return_ss;
1612 if (psa6->sin6_scope_id == 0 &&
1613 IN6_IS_ADDR_LINKLOCAL(&psa6->sin6_addr)) {
1614 psa6->sin6_scope_id = if_idx;
1623 if (is_ipaddress(name)) {
1624 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1627 sitename = sitename_fetch(lp_realm()); /* wild guess */
1629 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1631 lp_name_resolve_order()))) {
1634 /* only return valid addresses for TCP connections */
1635 for (i=0; i<count; i++) {
1636 if (!is_zero_addr(&ss_list[i].ss) &&
1637 !is_broadcast_addr(&ss_list[i].ss)) {
1638 *return_ss = ss_list[i].ss;
1640 SAFE_FREE(sitename);
1647 SAFE_FREE(sitename);
1651 /********************************************************
1652 Find the IP address of the master browser or DMB for a workgroup.
1653 *********************************************************/
1655 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1657 struct ip_service *ip_list = NULL;
1661 if (lp_disable_netbios()) {
1662 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1666 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1667 lp_name_resolve_order());
1668 if (NT_STATUS_IS_OK(status)) {
1669 *master_ss = ip_list[0].ss;
1674 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1675 lp_name_resolve_order());
1676 if (NT_STATUS_IS_OK(status)) {
1677 *master_ss = ip_list[0].ss;
1686 /********************************************************
1687 Get the IP address list of the primary domain controller
1689 *********************************************************/
1691 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1693 struct ip_service *ip_list = NULL;
1695 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1697 /* Look up #1B name */
1699 if (lp_security() == SEC_ADS) {
1700 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1704 if (!NT_STATUS_IS_OK(status) || count == 0) {
1705 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1707 lp_name_resolve_order());
1708 if (!NT_STATUS_IS_OK(status)) {
1713 /* if we get more than 1 IP back we have to assume it is a
1714 multi-homed PDC and not a mess up */
1717 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1718 sort_service_list(ip_list, count);
1721 *pss = ip_list[0].ss;
1726 /* Private enum type for lookups. */
1728 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1730 /********************************************************
1731 Get the IP address list of the domain controllers for
1733 *********************************************************/
1735 static NTSTATUS get_dc_list(const char *domain,
1736 const char *sitename,
1737 struct ip_service **ip_list,
1739 enum dc_lookup_type lookup_type,
1742 fstring resolve_order;
1743 char *saf_servername;
1749 int num_addresses = 0;
1750 int local_count, i, j;
1751 struct ip_service *return_iplist = NULL;
1752 struct ip_service *auto_ip_list = NULL;
1753 bool done_auto_lookup = False;
1759 /* if we are restricted to solely using DNS for looking
1760 up a domain controller, make sure that host lookups
1761 are enabled for the 'name resolve order'. If host lookups
1762 are disabled and ads_only is True, then set the string to
1765 fstrcpy(resolve_order, lp_name_resolve_order());
1766 strlower_m(resolve_order);
1767 if (lookup_type == DC_ADS_ONLY) {
1768 if (strstr( resolve_order, "host")) {
1769 fstrcpy( resolve_order, "ads");
1771 /* DNS SRV lookups used by the ads resolver
1772 are already sorted by priority and weight */
1775 fstrcpy(resolve_order, "NULL");
1777 } else if (lookup_type == DC_KDC_ONLY) {
1778 /* DNS SRV lookups used by the ads/kdc resolver
1779 are already sorted by priority and weight */
1781 fstrcpy(resolve_order, "kdc");
1784 /* fetch the server we have affinity for. Add the
1785 'password server' list to a search for our domain controllers */
1787 saf_servername = saf_fetch( domain);
1789 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1790 pstr_sprintf(pserver, "%s, %s",
1791 saf_servername ? saf_servername : "",
1792 lp_passwordserver());
1794 pstr_sprintf(pserver, "%s, *",
1795 saf_servername ? saf_servername : "");
1798 SAFE_FREE( saf_servername );
1800 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1803 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1804 return internal_resolve_name(domain, 0x1C, sitename, ip_list,
1805 count, resolve_order);
1808 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1811 * if '*' appears in the "password server" list then add
1812 * an auto lookup to the list of manually configured
1813 * DC's. If any DC is listed by name, then the list should be
1814 * considered to be ordered
1818 while (next_token(&p,name,LIST_SEP,sizeof(name))) {
1819 if (strequal(name, "*")) {
1820 status = internal_resolve_name(domain, 0x1C, sitename,
1824 if (NT_STATUS_IS_OK(status)) {
1825 num_addresses += auto_count;
1827 done_auto_lookup = true;
1828 DEBUG(8,("Adding %d DC's from auto lookup\n",
1835 /* if we have no addresses and haven't done the auto lookup, then
1836 just return the list of DC's. Or maybe we just failed. */
1838 if ((num_addresses == 0)) {
1839 if (done_auto_lookup) {
1840 DEBUG(4,("get_dc_list: no servers found\n"));
1841 SAFE_FREE(auto_ip_list);
1842 return NT_STATUS_NO_LOGON_SERVERS;
1844 return internal_resolve_name(domain, 0x1C, sitename, ip_list,
1845 count, resolve_order);
1848 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1849 num_addresses)) == NULL) {
1850 DEBUG(3,("get_dc_list: malloc fail !\n"));
1851 SAFE_FREE(auto_ip_list);
1852 return NT_STATUS_NO_MEMORY;
1858 /* fill in the return list now with real IP's */
1860 while ((local_count<num_addresses) &&
1861 next_token(&p,name,LIST_SEP,sizeof(name))) {
1862 struct sockaddr_storage name_ss;
1864 /* copy any addersses from the auto lookup */
1866 if (strequal(name, "*")) {
1867 for (j=0; j<auto_count; j++) {
1868 char addr[INET6_ADDRSTRLEN];
1869 print_sockaddr(addr,
1871 &auto_ip_list[j].ss);
1872 /* Check for and don't copy any
1873 * known bad DC IP's. */
1874 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1877 DEBUG(5,("get_dc_list: "
1878 "negative entry %s removed "
1883 return_iplist[local_count].ss =
1885 return_iplist[local_count].port =
1886 auto_ip_list[j].port;
1892 /* added support for address:port syntax for ads
1893 * (not that I think anyone will ever run the LDAP
1894 * server in an AD domain on something other than
1897 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1898 if ((port_str=strchr(name, ':')) != NULL) {
1901 port = atoi(port_str);
1904 /* explicit lookup; resolve_name() will
1905 * handle names & IP addresses */
1906 if (resolve_name( name, &name_ss, 0x20 )) {
1907 char addr[INET6_ADDRSTRLEN];
1908 print_sockaddr(addr,
1912 /* Check for and don't copy any known bad DC IP's. */
1913 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1915 DEBUG(5,("get_dc_list: negative entry %s "
1916 "removed from DC list\n",
1921 return_iplist[local_count].ss = name_ss;
1922 return_iplist[local_count].port = port;
1928 SAFE_FREE(auto_ip_list);
1930 /* need to remove duplicates in the list if we have any
1931 explicit password servers */
1934 local_count = remove_duplicate_addrs2(return_iplist,
1938 if ( DEBUGLEVEL >= 4 ) {
1939 DEBUG(4,("get_dc_list: returning %d ip addresses "
1940 "in an %sordered list\n",
1942 *ordered ? "":"un"));
1943 DEBUG(4,("get_dc_list: "));
1944 for ( i=0; i<local_count; i++ ) {
1945 char addr[INET6_ADDRSTRLEN];
1946 print_sockaddr(addr,
1948 &return_iplist[i].ss);
1949 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
1954 *ip_list = return_iplist;
1955 *count = local_count;
1957 return ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
1960 /*********************************************************************
1961 Small wrapper function to get the DC list and sort it if neccessary.
1962 *********************************************************************/
1964 NTSTATUS get_sorted_dc_list( const char *domain,
1965 const char *sitename,
1966 struct ip_service **ip_list,
1972 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
1974 DEBUG(8,("get_sorted_dc_list: attempting lookup "
1975 "for name %s (sitename %s) using [%s]\n",
1977 sitename ? sitename : "NULL",
1978 (ads_only ? "ads" : lp_name_resolve_order())));
1981 lookup_type = DC_ADS_ONLY;
1984 status = get_dc_list(domain, sitename, ip_list,
1985 count, lookup_type, &ordered);
1986 if (!NT_STATUS_IS_OK(status)) {
1990 /* only sort if we don't already have an ordered list */
1992 sort_service_list(*ip_list, *count);
1995 return NT_STATUS_OK;
1998 /*********************************************************************
1999 Get the KDC list - re-use all the logic in get_dc_list.
2000 *********************************************************************/
2002 NTSTATUS get_kdc_list( const char *realm,
2003 const char *sitename,
2004 struct ip_service **ip_list,
2013 status = get_dc_list(realm, sitename, ip_list,
2014 count, DC_KDC_ONLY, &ordered);
2016 if (!NT_STATUS_IS_OK(status)) {
2020 /* only sort if we don't already have an ordered list */
2022 sort_service_list(*ip_list, *count);
2025 return NT_STATUS_OK;
git.samba.org / kai / samba.git / blob