This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/* nmbd.c sets this to True. */
-BOOL global_in_nmbd = False;
+bool global_in_nmbd = False;
+/****************************
+ * SERVER AFFINITY ROUTINES *
+ ****************************/
+
+ /* Server affinity is the concept of preferring the last domain
+ controller with whom you had a successful conversation */
+
/****************************************************************************
-generate a random trn_id
****************************************************************************/
-static int generate_trn_id(void)
+#define SAFKEY_FMT "SAF/DOMAIN/%s"
+#define SAF_TTL 900
+
+static char *saf_key(const char *domain)
+{
+ char *keystr;
+
+ asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
+
+ return keystr;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+bool saf_store( const char *domain, const char *servername )
{
- static int trn_id;
+ char *key;
+ time_t expire;
+ bool ret = False;
+
+ if ( !domain || !servername ) {
+ DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n"));
+ return False;
+ }
+
+ if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
+ DEBUG(0,("saf_store: refusing to store 0 length domain or servername!\n"));
+ return False;
+ }
+
+ if ( !gencache_init() )
+ return False;
+
+ key = saf_key( domain );
+ expire = time( NULL ) + SAF_TTL;
+
+
+ DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
+ domain, servername, (unsigned int)expire ));
+
+ ret = gencache_set( key, servername, expire );
+
+ SAFE_FREE( key );
+
+ return ret;
+}
- if (trn_id == 0) {
- sys_srandom(sys_getpid());
+bool saf_delete( const char *domain )
+{
+ char *key;
+ bool ret = False;
+
+ if ( !domain ) {
+ DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
+ return False;
+ }
+
+ if ( !gencache_init() )
+ return False;
+
+ key = saf_key(domain);
+ ret = gencache_del(key);
+
+ if (ret) {
+ DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
}
- trn_id = sys_random();
+ SAFE_FREE( key );
+
+ return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+char *saf_fetch( const char *domain )
+{
+ char *server = NULL;
+ time_t timeout;
+ bool ret = False;
+ char *key = NULL;
- return trn_id % (unsigned)0x7FFF;
+ if ( !domain || strlen(domain) == 0) {
+ DEBUG(2,("saf_fetch: Empty domain name!\n"));
+ return NULL;
+ }
+
+ if ( !gencache_init() )
+ return False;
+
+ key = saf_key( domain );
+
+ ret = gencache_get( key, &server, &timeout );
+
+ SAFE_FREE( key );
+
+ if ( !ret ) {
+ DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain ));
+ } else {
+ DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
+ server, domain ));
+ }
+
+ return server;
}
+/****************************************************************************
+ Generate a random trn_id.
+****************************************************************************/
+
+static int generate_trn_id(void)
+{
+ uint16 id;
+
+ generate_random_buffer((uint8 *)&id, sizeof(id));
+
+ return id % (unsigned)0x7FFF;
+}
/****************************************************************************
- parse a node status response into an array of structures
+ Parse a node status response into an array of structures.
****************************************************************************/
-static struct node_status *parse_node_status(char *p, int *num_names)
+
+static NODE_STATUS_STRUCT *parse_node_status(char *p, int *num_names, struct node_status_extra *extra)
{
- struct node_status *ret;
+ NODE_STATUS_STRUCT *ret;
int i;
*num_names = CVAL(p,0);
- if (*num_names == 0) return NULL;
+ if (*num_names == 0)
+ return NULL;
- ret = (struct node_status *)malloc(sizeof(struct node_status)* (*num_names));
- if (!ret) return NULL;
+ ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
+ if (!ret)
+ return NULL;
p++;
for (i=0;i< *num_names;i++) {
StrnCpy(ret[i].name,p,15);
- trim_string(ret[i].name,NULL," ");
+ trim_char(ret[i].name,'\0',' ');
ret[i].type = CVAL(p,15);
ret[i].flags = p[16];
p += 18;
DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
ret[i].type, ret[i].flags));
}
+ /*
+ * Also, pick up the MAC address ...
+ */
+ if (extra) {
+ memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
+ }
return ret;
}
/****************************************************************************
-do a NBT node status query on an open socket and return an array of
-structures holding the returned names or NULL if the query failed
+ Do a NBT node status query on an open socket and return an array of
+ structures holding the returned names or NULL if the query failed.
**************************************************************************/
-struct node_status *node_status_query(int fd,struct nmb_name *name,
- struct in_addr to_ip, int *num_names)
+
+NODE_STATUS_STRUCT *node_status_query(int fd,struct nmb_name *name,
+ struct in_addr to_ip, int *num_names,
+ struct node_status_extra *extra)
{
- BOOL found=False;
+ bool found=False;
int retries = 2;
int retry_time = 2000;
struct timeval tval;
struct packet_struct p;
struct packet_struct *p2;
struct nmb_packet *nmb = &p.packet.nmb;
- struct node_status *ret;
+ NODE_STATUS_STRUCT *ret;
ZERO_STRUCT(p);
continue;
}
- ret = parse_node_status(&nmb2->answers->rdata[0], num_names);
+ ret = parse_node_status(&nmb2->answers->rdata[0], num_names, extra);
free_packet(p2);
return ret;
}
return NULL;
}
-
/****************************************************************************
-find the first type XX name in a node status reply - used for finding
-a servers name given its IP
-return the matched name in *name
+ Find the first type XX name in a node status reply - used for finding
+ a servers name given its IP. Return the matched name in *name.
**************************************************************************/
-BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, char *name)
+bool name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, fstring name)
{
- struct node_status *status = NULL;
+ NODE_STATUS_STRUCT *status = NULL;
struct nmb_name nname;
int count, i;
int sock;
- BOOL result = False;
+ bool result = False;
if (lp_disable_netbios()) {
DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n", q_name, q_type));
DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
q_type, inet_ntoa(to_ip)));
+ /* Check the cache first. */
+
+ if (namecache_status_fetch(q_name, q_type, type, to_ip, name))
+ return True;
+
sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True);
if (sock == -1)
goto done;
/* W2K PDC's seem not to respond to '*'#0. JRA */
make_nmb_name(&nname, q_name, q_type);
- status = node_status_query(sock, &nname, to_ip, &count);
+ status = node_status_query(sock, &nname, to_ip, &count, NULL);
close(sock);
if (!status)
goto done;
if (i == count)
goto done;
- pull_ascii(name, status[i].name, 16, 15, STR_TERMINATE);
+ pull_ascii_nstring(name, sizeof(fstring), status[i].name);
+
+ /* Store the result in the cache. */
+ /* but don't store an entry for 0x1c names here. Here we have
+ a single host and DOMAIN<0x1c> names should be a list of hosts */
+
+ if ( q_type != 0x1c )
+ namecache_status_store(q_name, q_type, type, to_ip, name);
+
result = True;
done:
DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
if (result)
- DEBUGADD(10, (", ip address is %s", inet_ntoa(to_ip)));
+ DEBUGADD(10, (", name %s ip address is %s", name, inet_ntoa(to_ip)));
DEBUG(10, ("\n"));
return result;
}
-
/*
comparison function used by sort_ip_list
*/
-int ip_compare(struct in_addr *ip1, struct in_addr *ip2)
+
+static int ip_compare(struct in_addr *ip1, struct in_addr *ip2)
{
int max_bits1=0, max_bits2=0;
int num_interfaces = iface_count();
+ struct sockaddr_storage ss;
int i;
for (i=0;i<num_interfaces;i++) {
+ const struct sockaddr_storage *pss = iface_n_bcast(i);
struct in_addr ip;
int bits1, bits2;
- ip = *iface_n_bcast(i);
+
+ if (pss->ss_family != AF_INET) {
+ continue;
+ }
+ ip = ((const struct sockaddr_in *)pss)->sin_addr;
bits1 = matching_quad_bits((uchar *)&ip1->s_addr, (uchar *)&ip.s_addr);
bits2 = matching_quad_bits((uchar *)&ip2->s_addr, (uchar *)&ip.s_addr);
max_bits1 = MAX(bits1, max_bits1);
}
/* bias towards directly reachable IPs */
- if (iface_local(*ip1)) {
+ in_addr_to_sockaddr_storage(&ss, *ip1);
+ if (iface_local(&ss)) {
max_bits1 += 32;
}
- if (iface_local(*ip2)) {
+ in_addr_to_sockaddr_storage(&ss, *ip1);
+ if (iface_local(&ss)) {
max_bits2 += 32;
}
return max_bits2 - max_bits1;
}
+/*******************************************************************
+ compare 2 ldap IPs by nearness to our interfaces - used in qsort
+*******************************************************************/
+
+int ip_service_compare(struct ip_service *ip1, struct ip_service *ip2)
+{
+ int result;
+
+ if ( (result = ip_compare(&ip1->ip, &ip2->ip)) != 0 )
+ return result;
+
+ if ( ip1->port > ip2->port )
+ return 1;
+
+ if ( ip1->port < ip2->port )
+ return -1;
+
+ return 0;
+}
+
/*
sort an IP list so that names that are close to one of our interfaces
are at the top. This prevents the problem where a WINS server returns an IP that
is not reachable from our subnet as the first match
*/
+
static void sort_ip_list(struct in_addr *iplist, int count)
{
if (count <= 1) {
qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
}
+static void sort_ip_list2(struct ip_service *iplist, int count)
+{
+ if (count <= 1) {
+ return;
+ }
+
+ qsort(iplist, count, sizeof(struct ip_service), QSORT_CAST ip_service_compare);
+}
+
+/**********************************************************************
+ Remove any duplicate address/port pairs in the list
+ *********************************************************************/
+
+static int remove_duplicate_addrs2( struct ip_service *iplist, int count )
+{
+ int i, j;
+
+ DEBUG(10,("remove_duplicate_addrs2: looking for duplicate address/port pairs\n"));
+
+ /* one loop to remove duplicates */
+ for ( i=0; i<count; i++ ) {
+ if ( is_zero_ip_v4(iplist[i].ip) )
+ continue;
+
+ for ( j=i+1; j<count; j++ ) {
+ if ( ip_service_equal(iplist[i], iplist[j]) )
+ zero_ip_v4(&iplist[j].ip);
+ }
+ }
+
+ /* one loop to clean up any holes we left */
+ /* first ip should never be a zero_ip() */
+ for (i = 0; i<count; ) {
+ if ( is_zero_ip_v4(iplist[i].ip) ) {
+ if (i != count-1 )
+ memmove(&iplist[i], &iplist[i+1], (count - i - 1)*sizeof(iplist[i]));
+ count--;
+ continue;
+ }
+ i++;
+ }
+
+ return count;
+}
/****************************************************************************
Do a netbios name query to find someones IP.
*count will be set to the number of addresses returned.
*timed_out is set if we failed by timing out
****************************************************************************/
+
struct in_addr *name_query(int fd,const char *name,int name_type,
- BOOL bcast,BOOL recurse,
+ bool bcast,bool recurse,
struct in_addr to_ip, int *count, int *flags,
- BOOL *timed_out)
+ bool *timed_out)
{
- BOOL found=False;
+ bool found=False;
int i, retries = 3;
int retry_time = bcast?250:2000;
struct timeval tval;
while (1) {
struct timeval tval2;
- struct in_addr *tmp_ip_list;
GetTimeOfDay(&tval2);
if (TvalDiff(&tval,&tval2) > retry_time) {
continue;
}
- tmp_ip_list = (struct in_addr *)Realloc( ip_list, sizeof( ip_list[0] )
- * ( (*count) + nmb2->answers->rdlength/6 ) );
+ ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
+ (*count) + nmb2->answers->rdlength/6 );
- if (!tmp_ip_list) {
+ if (!ip_list) {
DEBUG(0,("name_query: Realloc failed.\n"));
- SAFE_FREE(ip_list);
+ free_packet(p2);
+ return( NULL );
}
- ip_list = tmp_ip_list;
-
- if (ip_list) {
- DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
- for (i=0;i<nmb2->answers->rdlength/6;i++) {
- putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
- DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
- (*count)++;
- }
- DEBUGADD(2,(")\n"));
+ DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
+ for (i=0;i<nmb2->answers->rdlength/6;i++) {
+ putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
+ DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
+ (*count)++;
}
+ DEBUGADD(2,(")\n"));
found=True;
retries=0;
}
}
- if (timed_out) {
+ /* only set timed_out if we didn't fund what we where looking for*/
+
+ if ( !found && timed_out ) {
*timed_out = True;
}
Start parsing the lmhosts file.
*********************************************************/
-XFILE *startlmhosts(char *fname)
+XFILE *startlmhosts(const char *fname)
{
XFILE *fp = x_fopen(fname,O_RDONLY, 0);
if (!fp) {
Parse the next line in the lmhosts file.
*********************************************************/
-BOOL getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
+bool getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
{
- pstring line;
+ pstring line;
- while(!x_feof(fp) && !x_ferror(fp)) {
- pstring ip,flags,extra;
- const char *ptr;
- char *ptr1;
- int count = 0;
+ while(!x_feof(fp) && !x_ferror(fp)) {
+ pstring ip,flags,extra;
+ const char *ptr;
+ char *ptr1;
+ int count = 0;
- *name_type = -1;
+ *name_type = -1;
- if (!fgets_slash(line,sizeof(pstring),fp))
- continue;
-
- if (*line == '#')
- continue;
+ if (!fgets_slash(line,sizeof(pstring),fp)) {
+ continue;
+ }
- pstrcpy(ip,"");
- pstrcpy(name,"");
- pstrcpy(flags,"");
+ if (*line == '#') {
+ continue;
+ }
- ptr = line;
+ pstrcpy(ip,"");
+ pstrcpy(name,"");
+ pstrcpy(flags,"");
- if (next_token(&ptr,ip ,NULL,sizeof(ip)))
- ++count;
- if (next_token(&ptr,name ,NULL, sizeof(pstring)))
- ++count;
- if (next_token(&ptr,flags,NULL, sizeof(flags)))
- ++count;
- if (next_token(&ptr,extra,NULL, sizeof(extra)))
- ++count;
+ ptr = line;
- if (count <= 0)
- continue;
+ if (next_token(&ptr,ip ,NULL,sizeof(ip)))
+ ++count;
+ if (next_token(&ptr,name ,NULL, sizeof(pstring)))
+ ++count;
+ if (next_token(&ptr,flags,NULL, sizeof(flags)))
+ ++count;
+ if (next_token(&ptr,extra,NULL, sizeof(extra)))
+ ++count;
- if (count > 0 && count < 2)
- {
- DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
- continue;
- }
+ if (count <= 0)
+ continue;
- if (count >= 4)
- {
- DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
- continue;
- }
+ if (count > 0 && count < 2) {
+ DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
+ continue;
+ }
- DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
+ if (count >= 4) {
+ DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
+ continue;
+ }
- if (strchr_m(flags,'G') || strchr_m(flags,'S'))
- {
- DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
- continue;
- }
+ DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
- *ipaddr = *interpret_addr2(ip);
+ if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
+ DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
+ continue;
+ }
- /* Extra feature. If the name ends in '#XX', where XX is a hex number,
- then only add that name type. */
- if((ptr1 = strchr_m(name, '#')) != NULL)
- {
- char *endptr;
+ *ipaddr = *interpret_addr2(ip);
- ptr1++;
- *name_type = (int)strtol(ptr1, &endptr, 16);
+ /* Extra feature. If the name ends in '#XX', where XX is a hex number,
+ then only add that name type. */
+ if((ptr1 = strchr_m(name, '#')) != NULL) {
+ char *endptr;
+ ptr1++;
- if(!*ptr1 || (endptr == ptr1))
- {
- DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
- continue;
- }
+ *name_type = (int)strtol(ptr1, &endptr, 16);
+ if(!*ptr1 || (endptr == ptr1)) {
+ DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
+ continue;
+ }
- *(--ptr1) = '\0'; /* Truncate at the '#' */
- }
+ *(--ptr1) = '\0'; /* Truncate at the '#' */
+ }
- return True;
- }
+ return True;
+ }
- return False;
+ return False;
}
/********************************************************
x_fclose(fp);
}
+/********************************************************
+ convert an array if struct in_addrs to struct ip_service
+ return False on failure. Port is set to PORT_NONE;
+*********************************************************/
+
+static bool convert_ip2service( struct ip_service **return_iplist, struct in_addr *ip_list, int count )
+{
+ int i;
+
+ if ( count==0 || !ip_list )
+ return False;
+
+ /* copy the ip address; port will be PORT_NONE */
+ if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
+ DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
+ return False;
+ }
+
+ for ( i=0; i<count; i++ ) {
+ (*return_iplist)[i].ip = ip_list[i];
+ (*return_iplist)[i].port = PORT_NONE;
+ }
+ return True;
+}
/********************************************************
Resolve via "bcast" method.
*********************************************************/
-BOOL name_resolve_bcast(const char *name, int name_type,
- struct in_addr **return_ip_list, int *return_count)
+NTSTATUS name_resolve_bcast(const char *name, int name_type,
+ struct ip_service **return_iplist,
+ int *return_count)
{
int sock, i;
int num_interfaces = iface_count();
+ struct in_addr *ip_list;
+ NTSTATUS status;
if (lp_disable_netbios()) {
DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n", name, name_type));
- return False;
+ return NT_STATUS_INVALID_PARAMETER;
}
- *return_ip_list = NULL;
+ *return_iplist = NULL;
*return_count = 0;
/*
sock = open_socket_in( SOCK_DGRAM, 0, 3,
interpret_addr(lp_socket_address()), True );
- if (sock == -1) return False;
+ if (sock == -1) return NT_STATUS_UNSUCCESSFUL;
set_socket_options(sock,"SO_BROADCAST");
/*
*/
for( i = num_interfaces-1; i >= 0; i--) {
struct in_addr sendto_ip;
+ const struct sockaddr_storage *ss = iface_n_bcast(i);
int flags;
+
/* Done this way to fix compiler error on IRIX 5.x */
- sendto_ip = *iface_n_bcast(i);
- *return_ip_list = name_query(sock, name, name_type, True,
- True, sendto_ip, return_count, &flags, NULL);
- if(*return_ip_list != NULL) {
- close(sock);
- return True;
+ if (!ss || ss->ss_family != AF_INET) {
+ continue;
}
+ sendto_ip = ((const struct sockaddr_in *)ss)->sin_addr;
+ ip_list = name_query(sock, name, name_type, True,
+ True, sendto_ip, return_count, &flags, NULL);
+ if( ip_list )
+ goto success;
}
-
+
+ /* failed - no response */
+
close(sock);
- return False;
+ return NT_STATUS_UNSUCCESSFUL;
+
+success:
+ status = NT_STATUS_OK;
+ if ( !convert_ip2service(return_iplist, ip_list, *return_count) )
+ status = NT_STATUS_INVALID_PARAMETER;
+
+ SAFE_FREE( ip_list );
+ close(sock);
+ return status;
}
/********************************************************
Resolve via "wins" method.
*********************************************************/
-BOOL resolve_wins(const char *name, int name_type,
- struct in_addr **return_iplist, int *return_count)
+
+NTSTATUS resolve_wins(const char *name, int name_type,
+ struct ip_service **return_iplist,
+ int *return_count)
{
int sock, t, i;
char **wins_tags;
- struct in_addr src_ip;
+ struct in_addr src_ip, *ip_list = NULL;
+ NTSTATUS status;
if (lp_disable_netbios()) {
DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n", name, name_type));
- return False;
+ return NT_STATUS_INVALID_PARAMETER;
}
*return_iplist = NULL;
if (wins_srv_count() < 1) {
DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n"));
- return False;
+ return NT_STATUS_INVALID_PARAMETER;
}
/* we try a lookup on each of the WINS tags in turn */
if (!wins_tags) {
/* huh? no tags?? give up in disgust */
- return False;
+ return NT_STATUS_INVALID_PARAMETER;
}
/* the address we will be sending from */
for (i=0; i<srv_count; i++) {
struct in_addr wins_ip;
int flags;
- BOOL timed_out;
+ bool timed_out;
wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
- if (global_in_nmbd && ismyip(wins_ip)) {
+ if (global_in_nmbd && ismyip_v4(wins_ip)) {
/* yikes! we'll loop forever */
continue;
}
continue;
}
- *return_iplist = name_query(sock,name,name_type, False,
+ ip_list = name_query(sock,name,name_type, False,
True, wins_ip, return_count, &flags,
&timed_out);
- if (*return_iplist != NULL) {
+
+ /* exit loop if we got a list of addresses */
+
+ if ( ip_list )
goto success;
- }
+
close(sock);
if (timed_out) {
}
wins_srv_tags_free(wins_tags);
- return False;
+ return NT_STATUS_NO_LOGON_SERVERS;
success:
+ status = NT_STATUS_OK;
+ if ( !convert_ip2service( return_iplist, ip_list, *return_count ) )
+ status = NT_STATUS_INVALID_PARAMETER;
+
+ SAFE_FREE( ip_list );
wins_srv_tags_free(wins_tags);
close(sock);
- return True;
+
+ return status;
}
/********************************************************
Resolve via "lmhosts" method.
*********************************************************/
-static BOOL resolve_lmhosts(const char *name, int name_type,
- struct in_addr **return_iplist, int *return_count)
+static NTSTATUS resolve_lmhosts(const char *name, int name_type,
+ struct ip_service **return_iplist,
+ int *return_count)
{
/*
* "lmhosts" means parse the local lmhosts file.
pstring lmhost_name;
int name_type2;
struct in_addr return_ip;
+ NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
*return_iplist = NULL;
*return_count = 0;
DEBUG(3,("resolve_lmhosts: Attempting lmhosts lookup for name %s<0x%x>\n", name, name_type));
fp = startlmhosts(dyn_LMHOSTSFILE);
- if(fp) {
- while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip)) {
- if (strequal(name, lmhost_name) &&
- ((name_type2 == -1) || (name_type == name_type2))
- ) {
- endlmhosts(fp);
- *return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
- if(*return_iplist == NULL) {
- DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
- return False;
- }
- **return_iplist = return_ip;
- *return_count = 1;
- return True;
- }
+
+ if ( fp == NULL )
+ return NT_STATUS_NO_SUCH_FILE;
+
+ while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip))
+ {
+
+ if (!strequal(name, lmhost_name))
+ continue;
+
+ if ((name_type2 != -1) && (name_type != name_type2))
+ continue;
+
+ *return_iplist = SMB_REALLOC_ARRAY((*return_iplist), struct ip_service,
+ (*return_count)+1);
+
+ if ((*return_iplist) == NULL) {
+ endlmhosts(fp);
+ DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
+ return NT_STATUS_NO_MEMORY;
}
- endlmhosts(fp);
+
+ (*return_iplist)[*return_count].ip = return_ip;
+ (*return_iplist)[*return_count].port = PORT_NONE;
+ *return_count += 1;
+
+ /* we found something */
+ status = NT_STATUS_OK;
+
+ /* Multiple names only for DC lookup */
+ if (name_type != 0x1c)
+ break;
}
- return False;
+
+ endlmhosts(fp);
+
+ return status;
}
Resolve via "hosts" method.
*********************************************************/
-static BOOL resolve_hosts(const char *name,
- struct in_addr **return_iplist, int *return_count)
+static NTSTATUS resolve_hosts(const char *name, int name_type,
+ struct ip_service **return_iplist,
+ int *return_count)
{
/*
* "host" means do a localhost, or dns lookup.
*/
- struct hostent *hp;
+ struct addrinfo hints;
+ struct addrinfo *ailist = NULL;
+ struct addrinfo *res = NULL;
+ int ret = -1;
+ int i = 0;
+
+ if ( name_type != 0x20 && name_type != 0x0) {
+ DEBUG(5, ("resolve_hosts: not appropriate for name type <0x%x>\n", name_type));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
*return_iplist = NULL;
*return_count = 0;
- DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x20>\n", name));
-
- if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
+ DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n", name, name_type));
+
+ ZERO_STRUCT(hints);
+ /* By default make sure it supports TCP. */
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_ADDRCONFIG;
+
+ ret = getaddrinfo(name,
+ NULL,
+ &hints,
+ &ailist);
+ if (ret) {
+ DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
+ name,
+ gai_strerror(ret) ));
+ }
+
+ for (res = ailist; res; res = res->ai_next) {
struct in_addr return_ip;
- putip((char *)&return_ip,(char *)hp->h_addr);
- *return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
- if(*return_iplist == NULL) {
+
+ /* IPv4 only for now until I convert ip_service */
+ if (res->ai_family != AF_INET) {
+ continue;
+ }
+ if (!res->ai_addr) {
+ continue;
+ }
+
+ putip((char *)&return_ip,
+ &((struct sockaddr_in *)res->ai_addr)->sin_addr);
+
+ *return_count += 1;
+ i++;
+
+ *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
+ struct ip_service,
+ *return_count);
+ if (!*return_iplist) {
DEBUG(3,("resolve_hosts: malloc fail !\n"));
- return False;
+ freeaddrinfo(ailist);
+ return NT_STATUS_NO_MEMORY;
}
- **return_iplist = return_ip;
- *return_count = 1;
- return True;
+ (*return_iplist)[i].ip = return_ip;
+ (*return_iplist)[i].port = PORT_NONE;
}
- return False;
+ if (ailist) {
+ freeaddrinfo(ailist);
+ }
+ if (*return_count) {
+ return NT_STATUS_OK;
+ }
+ return NT_STATUS_UNSUCCESSFUL;
}
/********************************************************
+ Resolve via "ADS" method.
+*********************************************************/
+
+NTSTATUS resolve_ads(const char *name, int name_type,
+ const char *sitename,
+ struct ip_service **return_iplist,
+ int *return_count)
+{
+ int i, j;
+ NTSTATUS status;
+ TALLOC_CTX *ctx;
+ struct dns_rr_srv *dcs = NULL;
+ int numdcs = 0;
+ int numaddrs = 0;
+
+ if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
+ (name_type != 0x1b)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
+ DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ switch (name_type) {
+ case 0x1b:
+ DEBUG(5,("resolve_ads: Attempting to resolve "
+ "PDC for %s using DNS\n", name));
+ status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
+ break;
+
+ case 0x1c:
+ DEBUG(5,("resolve_ads: Attempting to resolve "
+ "DCs for %s using DNS\n", name));
+ status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
+ &numdcs);
+ break;
+ case KDC_NAME_TYPE:
+ DEBUG(5,("resolve_ads: Attempting to resolve "
+ "KDCs for %s using DNS\n", name));
+ status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
+ &numdcs);
+ break;
+ default:
+ status = NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ if ( !NT_STATUS_IS_OK( status ) ) {
+ talloc_destroy(ctx);
+ return status;
+ }
+
+ for (i=0;i<numdcs;i++) {
+ numaddrs += MAX(dcs[i].num_ips,1);
+ }
+
+ if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) == NULL ) {
+ DEBUG(0,("resolve_ads: malloc failed for %d entries\n", numaddrs ));
+ talloc_destroy(ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* now unroll the list of IP addresses */
+
+ *return_count = 0;
+ i = 0;
+ j = 0;
+ while ( i < numdcs && (*return_count<numaddrs) ) {
+ struct ip_service *r = &(*return_iplist)[*return_count];
+
+ r->port = dcs[i].port;
+
+ /* If we don't have an IP list for a name, lookup it up */
+
+ if ( !dcs[i].ips ) {
+ r->ip = *interpret_addr2(dcs[i].hostname);
+ i++;
+ j = 0;
+ } else {
+ /* use the IP addresses from the SRV sresponse */
+
+ if ( j >= dcs[i].num_ips ) {
+ i++;
+ j = 0;
+ continue;
+ }
+
+ r->ip = dcs[i].ips[j];
+ j++;
+ }
+
+ /* make sure it is a valid IP. I considered checking the negative
+ connection cache, but this is the wrong place for it. Maybe only
+ as a hac. After think about it, if all of the IP addresses retuend
+ from DNS are dead, what hope does a netbios name lookup have?
+ The standard reason for falling back to netbios lookups is that
+ our DNS server doesn't know anything about the DC's -- jerry */
+
+ if ( ! is_zero_ip_v4(r->ip) )
+ (*return_count)++;
+ }
+
+ talloc_destroy(ctx);
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
Internal interface to resolve a name into an IP address.
Use this function if the string is either an IP address, DNS
or host name or NetBIOS name. This uses the name switch in the
smb.conf to determine the order of name resolution.
-*********************************************************/
-
-static BOOL internal_resolve_name(const char *name, int name_type,
- struct in_addr **return_iplist, int *return_count)
+
+ Added support for ip addr/port to support ADS ldap servers.
+ the only place we currently care about the port is in the
+ resolve_hosts() when looking up DC's via SRV RR entries in DNS
+**********************************************************************/
+
+NTSTATUS internal_resolve_name(const char *name, int name_type,
+ const char *sitename,
+ struct ip_service **return_iplist,
+ int *return_count, const char *resolve_order)
{
- pstring name_resolve_list;
- fstring tok;
- const char *ptr;
- BOOL allones = (strcmp(name,"255.255.255.255") == 0);
- BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
- BOOL is_address = is_ipaddress(name);
- BOOL result = False;
- struct in_addr *nodupes_iplist;
- int i;
-
- *return_iplist = NULL;
- *return_count = 0;
-
- DEBUG(10, ("internal_resolve_name: looking up %s#%x\n", name, name_type));
-
- if (allzeros || allones || is_address) {
- *return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
- if(*return_iplist == NULL) {
- DEBUG(3,("internal_resolve_name: malloc fail !\n"));
- return False;
- }
- if(is_address) {
- /* if it's in the form of an IP address then get the lib to interpret it */
- (*return_iplist)->s_addr = inet_addr(name);
- } else {
- (*return_iplist)->s_addr = allones ? 0xFFFFFFFF : 0;
+ pstring name_resolve_list;
+ fstring tok;
+ const char *ptr;
+ bool allones = (strcmp(name,"255.255.255.255") == 0);
+ bool allzeros = (strcmp(name,"0.0.0.0") == 0);
+ bool is_address = is_ipaddress_v4(name);
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ int i;
+
+ *return_iplist = NULL;
+ *return_count = 0;
+
+ DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
+ name, name_type, sitename ? sitename : NULL));
+
+ if (allzeros || allones || is_address) {
+
+ if ( (*return_iplist = SMB_MALLOC_P(struct ip_service)) == NULL ) {
+ DEBUG(0,("internal_resolve_name: malloc fail !\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if(is_address) {
+ /* ignore the port here */
+ (*return_iplist)->port = PORT_NONE;
+
+ /* if it's in the form of an IP address then get the lib to interpret it */
+ if (((*return_iplist)->ip.s_addr = inet_addr(name)) == 0xFFFFFFFF ){
+ DEBUG(1,("internal_resolve_name: inet_addr failed on %s\n", name));
+ SAFE_FREE(*return_iplist);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else {
+ (*return_iplist)->ip.s_addr = allones ? 0xFFFFFFFF : 0;
+ }
*return_count = 1;
+ return NT_STATUS_OK;
+ }
+
+ /* Check name cache */
+
+ if (namecache_fetch(name, name_type, return_iplist, return_count)) {
+ /* This could be a negative response */
+ if (*return_count > 0) {
+ return NT_STATUS_OK;
+ } else {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ /* set the name resolution order */
+
+ if ( strcmp( resolve_order, "NULL") == 0 ) {
+ DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
+ return NT_STATUS_INVALID_PARAMETER;
}
- return True;
- }
- /* Check netbios name cache */
-
- if (namecache_fetch(name, name_type, return_iplist, return_count)) {
-
- /* This could be a negative response */
-
- return (*return_count > 0);
- }
-
- pstrcpy(name_resolve_list, lp_name_resolve_order());
- ptr = name_resolve_list;
- if (!ptr || !*ptr)
- ptr = "host";
-
- while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
- if((strequal(tok, "host") || strequal(tok, "hosts"))) {
- if (name_type == 0x20) {
- if (resolve_hosts(name, return_iplist, return_count)) {
- result = True;
- goto done;
- }
- }
- } else if(strequal( tok, "lmhosts")) {
- if (resolve_lmhosts(name, name_type, return_iplist, return_count)) {
- result = True;
- goto done;
- }
- } else if(strequal( tok, "wins")) {
- /* don't resolve 1D via WINS */
- if (name_type != 0x1D &&
- resolve_wins(name, name_type, return_iplist, return_count)) {
- result = True;
- goto done;
- }
- } else if(strequal( tok, "bcast")) {
- if (name_resolve_bcast(name, name_type, return_iplist, return_count)) {
- result = True;
- goto done;
- }
- } else {
- DEBUG(0,("resolve_name: unknown name switch type %s\n", tok));
- }
- }
-
- /* All of the resolve_* functions above have returned false. */
-
- SAFE_FREE(*return_iplist);
- *return_count = 0;
-
- return False;
+ if ( !resolve_order ) {
+ pstrcpy(name_resolve_list, lp_name_resolve_order());
+ } else {
+ pstrcpy(name_resolve_list, resolve_order);
+ }
- done:
+ if ( !name_resolve_list[0] ) {
+ ptr = "host";
+ } else {
+ ptr = name_resolve_list;
+ }
- /* Remove duplicate entries. Some queries, notably #1c (domain
- controllers) return the PDC in iplist[0] and then all domain
- controllers including the PDC in iplist[1..n]. Iterating over
- the iplist when the PDC is down will cause two sets of timeouts. */
-
- if (*return_count && (nodupes_iplist = (struct in_addr *)
- malloc(sizeof(struct in_addr) * (*return_count)))) {
- int nodupes_count = 0;
-
- /* Iterate over return_iplist looking for duplicates */
-
- for (i = 0; i < *return_count; i++) {
- BOOL is_dupe = False;
- int j;
-
- for (j = i + 1; j < *return_count; j++) {
- if (ip_equal((*return_iplist)[i],
- (*return_iplist)[j])) {
- is_dupe = True;
- break;
- }
- }
-
- if (!is_dupe) {
-
- /* This one not a duplicate */
-
- nodupes_iplist[nodupes_count] = (*return_iplist)[i];
- nodupes_count++;
- }
- }
-
- /* Switcheroo with original list */
-
- free(*return_iplist);
-
- *return_iplist = nodupes_iplist;
- *return_count = nodupes_count;
- }
-
- /* Save in name cache */
- for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
- DEBUG(100, ("Storing name %s of type %d (ip: %s)\n", name,
- name_type, inet_ntoa((*return_iplist)[i])));
-
- namecache_store(name, name_type, *return_count, *return_iplist);
+ /* iterate through the name resolution backends */
+
+ while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
+ if((strequal(tok, "host") || strequal(tok, "hosts"))) {
+ status = resolve_hosts(name, name_type, return_iplist,
+ return_count);
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ } else if(strequal( tok, "kdc")) {
+ /* deal with KDC_NAME_TYPE names here. This will result in a
+ SRV record lookup */
+ status = resolve_ads(name, KDC_NAME_TYPE, sitename,
+ return_iplist, return_count);
+ if (NT_STATUS_IS_OK(status)) {
+ /* Ensure we don't namecache this with the KDC port. */
+ name_type = KDC_NAME_TYPE;
+ goto done;
+ }
+ } else if(strequal( tok, "ads")) {
+ /* deal with 0x1c and 0x1b names here. This will result in a
+ SRV record lookup */
+ status = resolve_ads(name, name_type, sitename,
+ return_iplist, return_count);
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ } else if(strequal( tok, "lmhosts")) {
+ status = resolve_lmhosts(name, name_type,
+ return_iplist, return_count);
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ } else if(strequal( tok, "wins")) {
+ /* don't resolve 1D via WINS */
+ if (name_type != 0x1D) {
+ status = resolve_wins(name, name_type,
+ return_iplist,
+ return_count);
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ }
+ } else if(strequal( tok, "bcast")) {
+ status = name_resolve_bcast(name, name_type,
+ return_iplist,
+ return_count);
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ } else {
+ DEBUG(0,("resolve_name: unknown name switch type %s\n",
+ tok));
+ }
+ }
+
+ /* All of the resolve_* functions above have returned false. */
+
+ SAFE_FREE(*return_iplist);
+ *return_count = 0;
+
+ return NT_STATUS_UNSUCCESSFUL;
- /* Display some debugging info */
+ done:
- DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
- *return_count));
+ /* Remove duplicate entries. Some queries, notably #1c (domain
+ controllers) return the PDC in iplist[0] and then all domain
+ controllers including the PDC in iplist[1..n]. Iterating over
+ the iplist when the PDC is down will cause two sets of timeouts. */
+
+ if ( *return_count ) {
+ *return_count = remove_duplicate_addrs2( *return_iplist, *return_count );
+ }
+
+ /* Save in name cache */
+ if ( DEBUGLEVEL >= 100 ) {
+ for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
+ DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name,
+ name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
+ }
+
+ namecache_store(name, name_type, *return_count, *return_iplist);
- for (i = 0; i < *return_count; i++)
- DEBUGADD(10, ("%s ", inet_ntoa((*return_iplist)[i])));
+ /* Display some debugging info */
- DEBUG(10, ("\n"));
+ if ( DEBUGLEVEL >= 10 ) {
+ DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count));
- return result;
+ for (i = 0; i < *return_count; i++) {
+ DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
+ }
+ DEBUG(10, ("\n"));
+ }
+
+ return status;
}
/********************************************************
smb.conf to determine the order of name resolution.
*********************************************************/
-BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
+bool resolve_name(const char *name, struct in_addr *return_ip, int name_type)
{
- struct in_addr *ip_list = NULL;
+ struct ip_service *ip_list = NULL;
+ char *sitename = sitename_fetch(lp_realm()); /* wild guess */
int count = 0;
- if (is_ipaddress(name)) {
+ if (is_ipaddress_v4(name)) {
*return_ip = *interpret_addr2(name);
+ SAFE_FREE(sitename);
return True;
}
- if (internal_resolve_name(name, name_type, &ip_list, &count)) {
+ if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
+ &ip_list, &count,
+ lp_name_resolve_order()))) {
int i;
+
/* only return valid addresses for TCP connections */
for (i=0; i<count; i++) {
- char *ip_str = inet_ntoa(ip_list[i]);
+ char *ip_str = inet_ntoa(ip_list[i].ip);
if (ip_str &&
strcmp(ip_str, "255.255.255.255") != 0 &&
- strcmp(ip_str, "0.0.0.0") != 0) {
- *return_ip = ip_list[i];
+ strcmp(ip_str, "0.0.0.0") != 0)
+ {
+ *return_ip = ip_list[i].ip;
SAFE_FREE(ip_list);
+ SAFE_FREE(sitename);
return True;
}
}
}
+
SAFE_FREE(ip_list);
+ SAFE_FREE(sitename);
return False;
}
Find the IP address of the master browser or DMB for a workgroup.
*********************************************************/
-BOOL find_master_ip(const char *group, struct in_addr *master_ip)
+bool find_master_ip(const char *group, struct in_addr *master_ip)
{
- struct in_addr *ip_list = NULL;
+ struct ip_service *ip_list = NULL;
int count = 0;
+ NTSTATUS status;
if (lp_disable_netbios()) {
DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
return False;
}
- if (internal_resolve_name(group, 0x1D, &ip_list, &count)) {
- *master_ip = ip_list[0];
+ status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
+ lp_name_resolve_order());
+ if (NT_STATUS_IS_OK(status)) {
+ *master_ip = ip_list[0].ip;
SAFE_FREE(ip_list);
return True;
}
- if(internal_resolve_name(group, 0x1B, &ip_list, &count)) {
- *master_ip = ip_list[0];
+
+ status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
+ lp_name_resolve_order());
+ if (NT_STATUS_IS_OK(status)) {
+ *master_ip = ip_list[0].ip;
SAFE_FREE(ip_list);
return True;
}
}
/********************************************************
- Lookup a DC name given a Domain name and IP address.
+ Get the IP address list of the primary domain controller
+ for a domain.
*********************************************************/
-BOOL lookup_dc_name(const char *srcname, const char *domain,
- struct in_addr *dc_ip, char *ret_name)
+bool get_pdc_ip(const char *domain, struct in_addr *ip)
{
-#if !defined(I_HATE_WINDOWS_REPLY_CODE)
- fstring dc_name;
- BOOL ret;
+ struct ip_service *ip_list = NULL;
+ int count = 0;
+ NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
- if (lp_disable_netbios()) {
- DEBUG(5,("lookup_dc_name(%s): netbios is disabled\n", domain));
- return False;
+ /* Look up #1B name */
+
+ if (lp_security() == SEC_ADS) {
+ status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
+ &count, "ads");
}
-
- /*
- * Due to the fact win WinNT *sucks* we must do a node status
- * query here... JRA.
- */
-
- *dc_name = '\0';
-
- ret = name_status_find(domain, 0x1c, 0x20, *dc_ip, dc_name);
- if(ret && *dc_name) {
- fstrcpy(ret_name, dc_name);
- return True;
+ if (!NT_STATUS_IS_OK(status) || count == 0) {
+ status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
+ &count,
+ lp_name_resolve_order());
+ if (!NT_STATUS_IS_OK(status)) {
+ return False;
+ }
}
-
- return False;
-#else /* defined(I_HATE_WINDOWS_REPLY_CODE) */
+ /* if we get more than 1 IP back we have to assume it is a
+ multi-homed PDC and not a mess up */
-JRA - This code is broken with BDC rollover - we need to do a full
-NT GETDC call, UNICODE, NT domain SID and uncle tom cobbley and all...
+ if ( count > 1 ) {
+ DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
+ sort_ip_list2( ip_list, count );
+ }
- int retries = 3;
- int retry_time = 2000;
- struct timeval tval;
- struct packet_struct p;
- struct dgram_packet *dgram = &p.packet.dgram;
- char *ptr,*p2;
- char tmp[4];
- int len;
- struct sockaddr_in sock_name;
- int sock_len = sizeof(sock_name);
- const char *mailslot = NET_LOGON_MAILSLOT;
- char *mailslot_name;
- char buffer[1024];
- char *bufp;
- int dgm_id = generate_trn_id();
- int sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True );
-
- if(sock == -1)
- return False;
+ *ip = ip_list[0].ip;
- /* Find out the transient UDP port we have been allocated. */
- if(getsockname(sock, (struct sockaddr *)&sock_name, &sock_len)<0) {
- DEBUG(0,("lookup_pdc_name: Failed to get local UDP port. Error was %s\n",
- strerror(errno)));
- close(sock);
- return False;
- }
+ SAFE_FREE(ip_list);
- /*
- * Create the request data.
- */
+ return True;
+}
- memset(buffer,'\0',sizeof(buffer));
- bufp = buffer;
- SSVAL(bufp,0,QUERYFORPDC);
- bufp += 2;
- fstrcpy(bufp,srcname);
- bufp += (strlen(bufp) + 1);
- slprintf(bufp, sizeof(fstring)-1, "\\MAILSLOT\\NET\\GETDC%d", dgm_id);
- mailslot_name = bufp;
- bufp += (strlen(bufp) + 1);
- bufp = ALIGN2(bufp, buffer);
- bufp += push_ucs2(NULL, bufp, srcname, sizeof(buffer) - (bufp - buffer), STR_TERMINATE);
-
- SIVAL(bufp,0,1);
- SSVAL(bufp,4,0xFFFF);
- SSVAL(bufp,6,0xFFFF);
- bufp += 8;
- len = PTR_DIFF(bufp,buffer);
+/* Private enum type for lookups. */
- memset((char *)&p,'\0',sizeof(p));
+enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
- /* DIRECT GROUP or UNIQUE datagram. */
- dgram->header.msg_type = 0x10;
- dgram->header.flags.node_type = M_NODE;
- dgram->header.flags.first = True;
- dgram->header.flags.more = False;
- dgram->header.dgm_id = dgm_id;
- dgram->header.source_ip = *iface_ip(*pdc_ip);
- dgram->header.source_port = ntohs(sock_name.sin_port);
- dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
- dgram->header.packet_offset = 0;
-
- make_nmb_name(&dgram->source_name,srcname,0);
- make_nmb_name(&dgram->dest_name,domain,0x1C);
-
- ptr = &dgram->data[0];
-
- /* Setup the smb part. */
- ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
- memcpy(tmp,ptr,4);
- set_message(ptr,17,17 + len,True);
- memcpy(ptr,tmp,4);
-
- CVAL(ptr,smb_com) = SMBtrans;
- SSVAL(ptr,smb_vwv1,len);
- SSVAL(ptr,smb_vwv11,len);
- SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
- SSVAL(ptr,smb_vwv13,3);
- SSVAL(ptr,smb_vwv14,1);
- SSVAL(ptr,smb_vwv15,1);
- SSVAL(ptr,smb_vwv16,2);
- p2 = smb_buf(ptr);
- pstrcpy(p2,mailslot);
- p2 = skip_string(p2,1);
-
- memcpy(p2,buffer,len);
- p2 += len;
-
- dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
-
- p.ip = *pdc_ip;
- p.port = DGRAM_PORT;
- p.fd = sock;
- p.timestamp = time(NULL);
- p.packet_type = DGRAM_PACKET;
+/********************************************************
+ Get the IP address list of the domain controllers for
+ a domain.
+*********************************************************/
+
+static NTSTATUS get_dc_list(const char *domain, const char *sitename, struct ip_service **ip_list,
+ int *count, enum dc_lookup_type lookup_type, bool *ordered)
+{
+ fstring resolve_order;
+ char *saf_servername;
+ pstring pserver;
+ const char *p;
+ char *port_str;
+ int port;
+ fstring name;
+ int num_addresses = 0;
+ int local_count, i, j;
+ struct ip_service *return_iplist = NULL;
+ struct ip_service *auto_ip_list = NULL;
+ bool done_auto_lookup = False;
+ int auto_count = 0;
+ NTSTATUS status;
+
+ *ordered = False;
+
+ /* if we are restricted to solely using DNS for looking
+ up a domain controller, make sure that host lookups
+ are enabled for the 'name resolve order'. If host lookups
+ are disabled and ads_only is True, then set the string to
+ NULL. */
+
+ fstrcpy( resolve_order, lp_name_resolve_order() );
+ strlower_m( resolve_order );
+ if ( lookup_type == DC_ADS_ONLY) {
+ if ( strstr( resolve_order, "host" ) ) {
+ fstrcpy( resolve_order, "ads" );
+
+ /* DNS SRV lookups used by the ads resolver
+ are already sorted by priority and weight */
+ *ordered = True;
+ } else {
+ fstrcpy( resolve_order, "NULL" );
+ }
+ } else if (lookup_type == DC_KDC_ONLY) {
+ /* DNS SRV lookups used by the ads/kdc resolver
+ are already sorted by priority and weight */
+ *ordered = True;
+ fstrcpy( resolve_order, "kdc" );
+ }
+
+ /* fetch the server we have affinity for. Add the
+ 'password server' list to a search for our domain controllers */
- GetTimeOfDay(&tval);
+ saf_servername = saf_fetch( domain);
- if (!send_packet(&p)) {
- DEBUG(0,("lookup_pdc_name: send_packet failed.\n"));
- close(sock);
- return False;
+ if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
+ pstr_sprintf( pserver, "%s, %s",
+ saf_servername ? saf_servername : "",
+ lp_passwordserver() );
+ } else {
+ pstr_sprintf( pserver, "%s, *",
+ saf_servername ? saf_servername : "" );
}
+
+ SAFE_FREE( saf_servername );
+
+ /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
+
+ if ( !*pserver ) {
+ DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
+ return internal_resolve_name(domain, 0x1C, sitename, ip_list,
+ count, resolve_order);
+ }
+
+ DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
- retries--;
-
- while (1) {
- struct timeval tval2;
- struct packet_struct *p_ret;
-
- GetTimeOfDay(&tval2);
- if (TvalDiff(&tval,&tval2) > retry_time) {
- if (!retries)
- break;
- if (!send_packet(&p)) {
- DEBUG(0,("lookup_pdc_name: send_packet failed.\n"));
- close(sock);
- return False;
+ /*
+ * if '*' appears in the "password server" list then add
+ * an auto lookup to the list of manually configured
+ * DC's. If any DC is listed by name, then the list should be
+ * considered to be ordered
+ */
+
+ p = pserver;
+ while (next_token(&p,name,LIST_SEP,sizeof(name))) {
+ if (strequal(name, "*")) {
+ status = internal_resolve_name(domain, 0x1C, sitename,
+ &auto_ip_list,
+ &auto_count,
+ resolve_order);
+ if (NT_STATUS_IS_OK(status)) {
+ num_addresses += auto_count;
}
- GetTimeOfDay(&tval);
- retries--;
+ done_auto_lookup = True;
+ DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
+ } else {
+ num_addresses++;
+ }
+ }
+
+ /* if we have no addresses and haven't done the auto lookup, then
+ just return the list of DC's. Or maybe we just failed. */
+
+ if ( (num_addresses == 0) ) {
+ if ( done_auto_lookup ) {
+ DEBUG(4,("get_dc_list: no servers found\n"));
+ SAFE_FREE(auto_ip_list);
+ return NT_STATUS_NO_LOGON_SERVERS;
}
+ return internal_resolve_name(domain, 0x1C, sitename, ip_list,
+ count, resolve_order);
+ }
- if ((p_ret = receive_dgram_packet(sock,90,mailslot_name))) {
- struct dgram_packet *dgram2 = &p_ret->packet.dgram;
- char *buf;
- char *buf2;
+ if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
+ DEBUG(3,("get_dc_list: malloc fail !\n"));
+ SAFE_FREE(auto_ip_list);
+ return NT_STATUS_NO_MEMORY;
+ }
- buf = &dgram2->data[0];
- buf -= 4;
+ p = pserver;
+ local_count = 0;
- if (CVAL(buf,smb_com) != SMBtrans) {
- DEBUG(0,("lookup_pdc_name: datagram type %u != SMBtrans(%u)\n", (unsigned int)
- CVAL(buf,smb_com), (unsigned int)SMBtrans ));
- free_packet(p_ret);
- continue;
- }
+ /* fill in the return list now with real IP's */
+
+ while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
+ struct in_addr name_ip;
- len = SVAL(buf,smb_vwv11);
- buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
+ /* copy any addersses from the auto lookup */
- if (len <= 0) {
- DEBUG(0,("lookup_pdc_name: datagram len < 0 (%d)\n", len ));
- free_packet(p_ret);
- continue;
+ if ( strequal(name, "*") ) {
+ for ( j=0; j<auto_count; j++ ) {
+ /* Check for and don't copy any known bad DC IP's. */
+ if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
+ inet_ntoa(auto_ip_list[j].ip)))) {
+ DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
+ inet_ntoa(auto_ip_list[j].ip) ));
+ continue;
+ }
+ return_iplist[local_count].ip = auto_ip_list[j].ip;
+ return_iplist[local_count].port = auto_ip_list[j].port;
+ local_count++;
}
+ continue;
+ }
+
+
+ /* added support for address:port syntax for ads (not that I think
+ anyone will ever run the LDAP server in an AD domain on something
+ other than port 389 */
+
+ port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
+ if ( (port_str=strchr(name, ':')) != NULL ) {
+ *port_str = '\0';
+ port_str++;
+ port = atoi( port_str );
+ }
- DEBUG(4,("lookup_pdc_name: datagram reply from %s to %s IP %s for %s of type %d len=%d\n",
- nmb_namestr(&dgram2->source_name),nmb_namestr(&dgram2->dest_name),
- inet_ntoa(p_ret->ip), smb_buf(buf),SVAL(buf2,0),len));
+ /* explicit lookup; resolve_name() will handle names & IP addresses */
+ if ( resolve_name( name, &name_ip, 0x20 ) ) {
- if(SVAL(buf2,0) != QUERYFORPDC_R) {
- DEBUG(0,("lookup_pdc_name: datagram type (%u) != QUERYFORPDC_R(%u)\n",
- (unsigned int)SVAL(buf,0), (unsigned int)QUERYFORPDC_R ));
- free_packet(p_ret);
+ /* Check for and don't copy any known bad DC IP's. */
+ if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
+ DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
continue;
}
- buf2 += 2;
- /* Note this is safe as it is a bounded strcpy. */
- fstrcpy(ret_name, buf2);
- ret_name[sizeof(fstring)-1] = '\0';
- close(sock);
- free_packet(p_ret);
- return True;
+ return_iplist[local_count].ip = name_ip;
+ return_iplist[local_count].port = port;
+ local_count++;
+ *ordered = True;
}
}
-
- close(sock);
- return False;
-#endif /* defined(I_HATE_WINDOWS_REPLY_CODE) */
-}
-
-/********************************************************
- Get the IP address list of the primary domain controller
- for a domain.
-*********************************************************/
-
-BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
-{
- struct in_addr *ip_list;
- int count;
-
- /* Look up #1B name */
-
- if (!internal_resolve_name(domain, 0x1b, &ip_list, &count))
- return False;
-
- SMB_ASSERT(count == 1);
+
+ SAFE_FREE(auto_ip_list);
- *ip = ip_list[0];
- SAFE_FREE(ip_list);
+ /* need to remove duplicates in the list if we have any
+ explicit password servers */
+
+ if ( local_count ) {
+ local_count = remove_duplicate_addrs2( return_iplist, local_count );
+ }
+
+ if ( DEBUGLEVEL >= 4 ) {
+ DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
+ *ordered ? "":"un"));
+ DEBUG(4,("get_dc_list: "));
+ for ( i=0; i<local_count; i++ )
+ DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
+ DEBUGADD(4,("\n"));
+ }
+
+ *ip_list = return_iplist;
+ *count = local_count;
- return True;
+ return ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
}
-/********************************************************
- Get the IP address list of the domain controllers for
- a domain.
-*********************************************************/
+/*********************************************************************
+ Small wrapper function to get the DC list and sort it if neccessary.
+*********************************************************************/
-BOOL get_dc_list(const char *domain, struct in_addr **ip_list, int *count, int *ordered)
+NTSTATUS get_sorted_dc_list( const char *domain, const char *sitename, struct ip_service **ip_list, int *count, bool ads_only )
{
+ bool ordered;
+ NTSTATUS status;
+ enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
+
+ DEBUG(8,("get_sorted_dc_list: attempting lookup for name %s (sitename %s) "
+ "using [%s]\n",
+ domain,
+ sitename ? sitename : "NULL",
+ (ads_only ? "ads" : lp_name_resolve_order())));
+
+ if (ads_only) {
+ lookup_type = DC_ADS_ONLY;
+ }
- *ordered = False;
+ status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- /* If it's our domain then use the 'password server' parameter. */
-
- if (strequal(domain, lp_workgroup())) {
- char *p;
- char *pserver = lp_passwordserver(); /* UNIX charset. */
- fstring name;
- int num_addresses = 0;
- int local_count, i, j;
- struct in_addr *return_iplist = NULL;
- struct in_addr *auto_ip_list = NULL;
- BOOL done_auto_lookup = False;
- int auto_count = 0;
+ /* only sort if we don't already have an ordered list */
+ if ( !ordered ) {
+ sort_ip_list2( *ip_list, *count );
+ }
+ return NT_STATUS_OK;
+}
- if (!*pserver)
- return internal_resolve_name(
- domain, 0x1C, ip_list, count);
-
- p = pserver;
-
- /*
- * if '*' appears in the "password server" list then add
- * an auto lookup to the list of manually configured
- * DC's. If any DC is listed by name, then the list should be
- * considered to be ordered
- */
-
- while (next_token(&p,name,LIST_SEP,sizeof(name))) {
- if (strequal(name, "*")) {
- if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count) )
- num_addresses += auto_count;
- done_auto_lookup = True;
- DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
- }
- else
- num_addresses++;
- }
-
- /* if we have no addresses and haven't done the auto lookup, then
- just return the list of DC's */
-
- if ( (num_addresses == 0) && !done_auto_lookup )
- return internal_resolve_name(domain, 0x1C, ip_list, count);
+/*********************************************************************
+ Get the KDC list - re-use all the logic in get_dc_list.
+*********************************************************************/
- return_iplist = (struct in_addr *)malloc(num_addresses * sizeof(struct in_addr));
+NTSTATUS get_kdc_list( const char *realm, const char *sitename, struct ip_service **ip_list, int *count)
+{
+ bool ordered;
+ NTSTATUS status;
- if (return_iplist == NULL) {
- DEBUG(3,("get_dc_list: malloc fail !\n"));
- return False;
- }
+ *count = 0;
+ *ip_list = NULL;
- p = pserver;
- local_count = 0;
+ status = get_dc_list(realm, sitename, ip_list, count, DC_KDC_ONLY, &ordered);
- /* fill in the return list now with real IP's */
-
- while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
- struct in_addr name_ip;
-
- /* copy any addersses from the auto lookup */
-
- if ( strequal(name, "*") ) {
- for ( j=0; j<auto_count; j++ )
- return_iplist[local_count++] = auto_ip_list[j];
- continue;
- }
-
- /* explicit lookup */
-
- if ( resolve_name( name, &name_ip, 0x20) ) {
- return_iplist[local_count++] = name_ip;
- *ordered = True;
- }
-
- }
-
- /* need to remove duplicates in the list if we have
- any explicit password servers */
-
- if ( *ordered ) {
- /* one loop to remove duplicates */
- for ( i=0; i<local_count; i++ ) {
- if ( is_zero_ip(return_iplist[i]) )
- continue;
-
- for ( j=i+1; j<local_count; j++ ) {
- if ( ip_equal( return_iplist[i], return_iplist[j]) )
- zero_ip(&return_iplist[j]);
- }
- }
-
- /* one loop to clean up any holes we left */
- /* first ip should never be a zero_ip() */
- for (i = 0; i<local_count; ) {
- if ( is_zero_ip(return_iplist[i]) ) {
- if (i != local_count-1 )
- memmove(&return_iplist[i], &return_iplist[i+1],
- (local_count - i - 1)*sizeof(return_iplist[i]));
- local_count--;
- continue;
- }
- i++;
- }
- }
-
- *ip_list = return_iplist;
- *count = local_count;
-
- DEBUG(8,("get_dc_list: return %d ip addresses\n", *count));
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- return (*count != 0);
+ /* only sort if we don't already have an ordered list */
+ if ( !ordered ) {
+ sort_ip_list2( *ip_list, *count );
}
-
- return internal_resolve_name(domain, 0x1C, ip_list, count);
-}
+ return NT_STATUS_OK;
+}
git.samba.org / nivanova / samba-autobuild / .git / blobdiff