2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libads/sitename_cache.h"
23 #include "libads/dns.h"
24 #include "../libcli/netlogon.h"
25 #include "librpc/gen_ndr/messaging.h"
27 /* nmbd.c sets this to True. */
28 bool global_in_nmbd = False;
30 /****************************
31 * SERVER AFFINITY ROUTINES *
32 ****************************/
34 /* Server affinity is the concept of preferring the last domain
35 controller with whom you had a successful conversation */
37 /****************************************************************************
38 ****************************************************************************/
39 #define SAFKEY_FMT "SAF/DOMAIN/%s"
41 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
42 #define SAFJOIN_TTL 3600
44 static char *saf_key(const char *domain)
48 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
53 static char *saf_join_key(const char *domain)
57 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
62 /****************************************************************************
63 ****************************************************************************/
65 bool saf_store( const char *domain, const char *servername )
71 if ( !domain || !servername ) {
72 DEBUG(2,("saf_store: "
73 "Refusing to store empty domain or servername!\n"));
77 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
78 DEBUG(0,("saf_store: "
79 "refusing to store 0 length domain or servername!\n"));
83 key = saf_key( domain );
84 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
86 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
87 domain, servername, (unsigned int)expire ));
89 ret = gencache_set( key, servername, expire );
96 bool saf_join_store( const char *domain, const char *servername )
102 if ( !domain || !servername ) {
103 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
107 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
108 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
112 key = saf_join_key( domain );
113 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
115 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
116 domain, servername, (unsigned int)expire ));
118 ret = gencache_set( key, servername, expire );
125 bool saf_delete( const char *domain )
131 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
135 key = saf_join_key(domain);
136 ret = gencache_del(key);
140 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
143 key = saf_key(domain);
144 ret = gencache_del(key);
148 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
154 /****************************************************************************
155 ****************************************************************************/
157 char *saf_fetch( const char *domain )
164 if ( !domain || strlen(domain) == 0) {
165 DEBUG(2,("saf_fetch: Empty domain name!\n"));
169 key = saf_join_key( domain );
171 ret = gencache_get( key, &server, &timeout );
176 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
181 key = saf_key( domain );
183 ret = gencache_get( key, &server, &timeout );
188 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
191 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
198 /****************************************************************************
199 Generate a random trn_id.
200 ****************************************************************************/
202 static int generate_trn_id(void)
206 generate_random_buffer((uint8 *)&id, sizeof(id));
208 return id % (unsigned)0x7FFF;
211 /****************************************************************************
212 Parse a node status response into an array of structures.
213 ****************************************************************************/
215 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
217 struct node_status_extra *extra)
219 struct node_status *ret;
222 *num_names = CVAL(p,0);
227 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
232 for (i=0;i< *num_names;i++) {
233 StrnCpy(ret[i].name,p,15);
234 trim_char(ret[i].name,'\0',' ');
235 ret[i].type = CVAL(p,15);
236 ret[i].flags = p[16];
238 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
239 ret[i].type, ret[i].flags));
242 * Also, pick up the MAC address ...
245 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
250 /****************************************************************************
251 Try and send a request to nmbd to send a packet_struct packet first.
252 If this fails, use send_packet().
253 **************************************************************************/
255 static bool send_packet_request(struct packet_struct *p)
257 struct messaging_context *msg_ctx = server_messaging_context();
259 pid_t nmbd_pid = pidfile_pid("nmbd");
263 if (NT_STATUS_IS_OK(messaging_send_buf(msg_ctx,
264 pid_to_procid(nmbd_pid),
267 sizeof(struct packet_struct)))) {
273 return send_packet(p);
276 /****************************************************************************
277 Do a NBT node status query on an open socket and return an array of
278 structures holding the returned names or NULL if the query failed.
279 **************************************************************************/
281 NTSTATUS node_status_query(int fd,
282 struct nmb_name *name,
283 const struct sockaddr_storage *to_ss,
285 struct node_status **names,
287 struct node_status_extra *extra)
291 int retry_time = 2000;
293 struct packet_struct p;
294 struct packet_struct *p2;
295 struct nmb_packet *nmb = &p.packet.nmb;
296 struct node_status *ret;
300 if (to_ss->ss_family != AF_INET) {
301 /* Can't do node status to IPv6 */
302 return NT_STATUS_INVALID_ADDRESS;
304 nmb->header.name_trn_id = generate_trn_id();
305 nmb->header.opcode = 0;
306 nmb->header.response = false;
307 nmb->header.nm_flags.bcast = false;
308 nmb->header.nm_flags.recursion_available = false;
309 nmb->header.nm_flags.recursion_desired = false;
310 nmb->header.nm_flags.trunc = false;
311 nmb->header.nm_flags.authoritative = false;
312 nmb->header.rcode = 0;
313 nmb->header.qdcount = 1;
314 nmb->header.ancount = 0;
315 nmb->header.nscount = 0;
316 nmb->header.arcount = 0;
317 nmb->question.question_name = *name;
318 nmb->question.question_type = 0x21;
319 nmb->question.question_class = 0x1;
321 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
325 p.timestamp = time(NULL);
326 p.packet_type = NMB_PACKET;
328 clock_gettime_mono(&tp);
330 if (!send_packet_request(&p))
331 return NT_STATUS_NOT_FOUND;
337 clock_gettime_mono(&tp2);
338 if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) {
341 if (!found && !send_packet_request(&p))
342 return NT_STATUS_NOT_FOUND;
343 clock_gettime_mono(&tp);
347 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
348 struct nmb_packet *nmb2 = &p2->packet.nmb;
349 debug_nmb_packet(p2);
351 if (nmb2->header.opcode != 0 ||
352 nmb2->header.nm_flags.bcast ||
353 nmb2->header.rcode ||
354 !nmb2->header.ancount ||
355 nmb2->answers->rr_type != 0x21) {
356 /* XXXX what do we do with this? could be a
357 redirect, but we'll discard it for the
363 ret = parse_node_status(
364 mem_ctx, &nmb2->answers->rdata[0], num_names,
369 return NT_STATUS_NO_MEMORY;
376 return NT_STATUS_IO_TIMEOUT;
379 /****************************************************************************
380 Find the first type XX name in a node status reply - used for finding
381 a servers name given its IP. Return the matched name in *name.
382 **************************************************************************/
384 bool name_status_find(const char *q_name,
387 const struct sockaddr_storage *to_ss,
390 char addr[INET6_ADDRSTRLEN];
391 struct sockaddr_storage ss;
392 struct node_status *addrs = NULL;
393 struct nmb_name nname;
399 if (lp_disable_netbios()) {
400 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
405 print_sockaddr(addr, sizeof(addr), to_ss);
407 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
410 /* Check the cache first. */
412 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
416 if (to_ss->ss_family != AF_INET) {
417 /* Can't do node status to IPv6 */
421 if (!interpret_string_addr(&ss, lp_socket_address(),
422 AI_NUMERICHOST|AI_PASSIVE)) {
426 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
430 /* W2K PDC's seem not to respond to '*'#0. JRA */
431 make_nmb_name(&nname, q_name, q_type);
432 status = node_status_query(sock, &nname, to_ss, talloc_tos(),
433 &addrs, &count, NULL);
435 if (!NT_STATUS_IS_OK(status)) {
439 for (i=0;i<count;i++) {
440 /* Find first one of the requested type that's not a GROUP. */
441 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
447 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
449 /* Store the result in the cache. */
450 /* but don't store an entry for 0x1c names here. Here we have
451 a single host and DOMAIN<0x1c> names should be a list of hosts */
453 if ( q_type != 0x1c ) {
454 namecache_status_store(q_name, q_type, type, to_ss, name);
462 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
465 DEBUGADD(10, (", name %s ip address is %s", name, addr));
473 comparison function used by sort_addr_list
476 static int addr_compare(const struct sockaddr_storage *ss1,
477 const struct sockaddr_storage *ss2)
479 int max_bits1=0, max_bits2=0;
480 int num_interfaces = iface_count();
483 /* Sort IPv4 addresses first. */
484 if (ss1->ss_family != ss2->ss_family) {
485 if (ss2->ss_family == AF_INET) {
492 /* Here we know both addresses are of the same
495 for (i=0;i<num_interfaces;i++) {
496 const struct sockaddr_storage *pss = iface_n_bcast(i);
497 unsigned char *p_ss1 = NULL;
498 unsigned char *p_ss2 = NULL;
499 unsigned char *p_if = NULL;
503 if (pss->ss_family != ss1->ss_family) {
504 /* Ignore interfaces of the wrong type. */
507 if (pss->ss_family == AF_INET) {
508 p_if = (unsigned char *)
509 &((const struct sockaddr_in *)pss)->sin_addr;
510 p_ss1 = (unsigned char *)
511 &((const struct sockaddr_in *)ss1)->sin_addr;
512 p_ss2 = (unsigned char *)
513 &((const struct sockaddr_in *)ss2)->sin_addr;
516 #if defined(HAVE_IPV6)
517 if (pss->ss_family == AF_INET6) {
518 p_if = (unsigned char *)
519 &((const struct sockaddr_in6 *)pss)->sin6_addr;
520 p_ss1 = (unsigned char *)
521 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
522 p_ss2 = (unsigned char *)
523 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
527 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
530 bits1 = matching_len_bits(p_ss1, p_if, len);
531 bits2 = matching_len_bits(p_ss2, p_if, len);
532 max_bits1 = MAX(bits1, max_bits1);
533 max_bits2 = MAX(bits2, max_bits2);
536 /* Bias towards directly reachable IPs */
537 if (iface_local((struct sockaddr *)ss1)) {
538 if (ss1->ss_family == AF_INET) {
544 if (iface_local((struct sockaddr *)ss2)) {
545 if (ss2->ss_family == AF_INET) {
551 return max_bits2 - max_bits1;
554 /*******************************************************************
555 compare 2 ldap IPs by nearness to our interfaces - used in qsort
556 *******************************************************************/
558 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
562 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
566 if (ss1->port > ss2->port) {
570 if (ss1->port < ss2->port) {
578 sort an IP list so that names that are close to one of our interfaces
579 are at the top. This prevents the problem where a WINS server returns an IP
580 that is not reachable from our subnet as the first match
583 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
589 TYPESAFE_QSORT(sslist, count, addr_compare);
592 static void sort_service_list(struct ip_service *servlist, int count)
598 TYPESAFE_QSORT(servlist, count, ip_service_compare);
601 /**********************************************************************
602 Remove any duplicate address/port pairs in the list
603 *********************************************************************/
605 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
609 DEBUG(10,("remove_duplicate_addrs2: "
610 "looking for duplicate address/port pairs\n"));
612 /* one loop to remove duplicates */
613 for ( i=0; i<count; i++ ) {
614 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
618 for ( j=i+1; j<count; j++ ) {
619 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
620 iplist[i].port == iplist[j].port) {
621 zero_sockaddr(&iplist[j].ss);
626 /* one loop to clean up any holes we left */
627 /* first ip should never be a zero_ip() */
628 for (i = 0; i<count; ) {
629 if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
631 memmove(&iplist[i], &iplist[i+1],
632 (count - i - 1)*sizeof(iplist[i]));
643 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
645 TALLOC_CTX *frame = talloc_stackframe();
646 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
649 if (iplist_new == NULL) {
656 /* Copy IPv4 first. */
657 for (i = 0; i < count; i++) {
658 if (iplist[i].ss.ss_family == AF_INET) {
659 iplist_new[j++] = iplist[i];
664 for (i = 0; i < count; i++) {
665 if (iplist[i].ss.ss_family != AF_INET) {
666 iplist_new[j++] = iplist[i];
670 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
675 /****************************************************************************
676 Do a netbios name query to find someones IP.
677 Returns an array of IP addresses or NULL if none.
678 *count will be set to the number of addresses returned.
679 *timed_out is set if we failed by timing out
680 ****************************************************************************/
682 NTSTATUS name_query(int fd,
687 const struct sockaddr_storage *to_ss,
689 struct sockaddr_storage **addrs,
696 int retry_time = bcast?250:2000;
698 struct packet_struct p;
699 struct packet_struct *p2;
700 struct nmb_packet *nmb = &p.packet.nmb;
701 struct sockaddr_storage *ss_list = NULL;
703 if (lp_disable_netbios()) {
704 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
706 return NT_STATUS_NOT_FOUND;
709 if (to_ss->ss_family != AF_INET) {
710 return NT_STATUS_INVALID_ADDRESS;
717 memset((char *)&p,'\0',sizeof(p));
721 nmb->header.name_trn_id = generate_trn_id();
722 nmb->header.opcode = 0;
723 nmb->header.response = false;
724 nmb->header.nm_flags.bcast = bcast;
725 nmb->header.nm_flags.recursion_available = false;
726 nmb->header.nm_flags.recursion_desired = recurse;
727 nmb->header.nm_flags.trunc = false;
728 nmb->header.nm_flags.authoritative = false;
729 nmb->header.rcode = 0;
730 nmb->header.qdcount = 1;
731 nmb->header.ancount = 0;
732 nmb->header.nscount = 0;
733 nmb->header.arcount = 0;
735 make_nmb_name(&nmb->question.question_name,name,name_type);
737 nmb->question.question_type = 0x20;
738 nmb->question.question_class = 0x1;
740 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
744 p.timestamp = time(NULL);
745 p.packet_type = NMB_PACKET;
747 clock_gettime_mono(&tp);
749 if (!send_packet_request(&p))
750 return NT_STATUS_NOT_FOUND;
757 clock_gettime_mono(&tp2);
758 if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) {
761 if (!found && !send_packet_request(&p))
762 return NT_STATUS_NOT_FOUND;
763 clock_gettime_mono(&tp);
766 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
767 struct nmb_packet *nmb2 = &p2->packet.nmb;
768 debug_nmb_packet(p2);
770 /* If we get a Negative Name Query Response from a WINS
771 * server, we should report it and give up.
773 if( 0 == nmb2->header.opcode /* A query response */
774 && !(bcast) /* from a WINS server */
775 && nmb2->header.rcode /* Error returned */
778 if( DEBUGLVL( 3 ) ) {
779 /* Only executed if DEBUGLEVEL >= 3 */
780 dbgtext( "Negative name query "
781 "response, rcode 0x%02x: ",
782 nmb2->header.rcode );
783 switch( nmb2->header.rcode ) {
786 "was invalidly formatted.\n" );
789 dbgtext( "Problem with NBNS, "
790 "cannot process name.\n");
793 dbgtext( "The name requested "
794 "does not exist.\n" );
797 dbgtext( "Unsupported request "
801 dbgtext( "Query refused "
805 dbgtext( "Unrecognized error "
811 return NT_STATUS_NOT_FOUND;
814 if (nmb2->header.opcode != 0 ||
815 nmb2->header.nm_flags.bcast ||
816 nmb2->header.rcode ||
817 !nmb2->header.ancount) {
819 * XXXX what do we do with this? Could be a
820 * redirect, but we'll discard it for the
827 ss_list = TALLOC_REALLOC_ARRAY(mem_ctx, ss_list,
828 struct sockaddr_storage,
830 nmb2->answers->rdlength/6);
833 DEBUG(0,("name_query: Realloc failed.\n"));
835 return NT_STATUS_NO_MEMORY;
838 DEBUG(2,("Got a positive name query response "
842 for (i=0;i<nmb2->answers->rdlength/6;i++) {
844 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
845 in_addr_to_sockaddr_storage(&ss_list[(*count)],
847 DEBUGADD(2,("%s ",inet_ntoa(ip)));
854 /* We add the flags back ... */
855 if (nmb2->header.response)
856 (*flags) |= NM_FLAGS_RS;
857 if (nmb2->header.nm_flags.authoritative)
858 (*flags) |= NM_FLAGS_AA;
859 if (nmb2->header.nm_flags.trunc)
860 (*flags) |= NM_FLAGS_TC;
861 if (nmb2->header.nm_flags.recursion_desired)
862 (*flags) |= NM_FLAGS_RD;
863 if (nmb2->header.nm_flags.recursion_available)
864 (*flags) |= NM_FLAGS_RA;
865 if (nmb2->header.nm_flags.bcast)
866 (*flags) |= NM_FLAGS_B;
869 * If we're doing a unicast lookup we only
870 * expect one reply. Don't wait the full 2
871 * seconds if we got one. JRA.
878 /* only set timed_out if we didn't fund what we where looking for*/
880 if ( !found && timed_out ) {
884 /* sort the ip list so we choose close servers first if possible */
885 sort_addr_list(ss_list, *count);
891 /********************************************************
892 convert an array if struct sockaddr_storage to struct ip_service
893 return false on failure. Port is set to PORT_NONE;
894 *********************************************************/
896 static bool convert_ss2service(struct ip_service **return_iplist,
897 const struct sockaddr_storage *ss_list,
902 if ( count==0 || !ss_list )
905 /* copy the ip address; port will be PORT_NONE */
906 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
908 DEBUG(0,("convert_ip2service: malloc failed "
909 "for %d enetries!\n", count ));
913 for ( i=0; i<count; i++ ) {
914 (*return_iplist)[i].ss = ss_list[i];
915 (*return_iplist)[i].port = PORT_NONE;
921 /********************************************************
922 Resolve via "bcast" method.
923 *********************************************************/
925 NTSTATUS name_resolve_bcast(const char *name,
927 struct ip_service **return_iplist,
931 int num_interfaces = iface_count();
932 struct sockaddr_storage *ss_list;
933 struct sockaddr_storage ss;
936 if (lp_disable_netbios()) {
937 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
939 return NT_STATUS_INVALID_PARAMETER;
942 *return_iplist = NULL;
946 * "bcast" means do a broadcast lookup on all the local interfaces.
949 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
950 "for name %s<0x%x>\n", name, name_type));
952 if (!interpret_string_addr(&ss, lp_socket_address(),
953 AI_NUMERICHOST|AI_PASSIVE)) {
957 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
959 return map_nt_error_from_unix(errno);
962 set_socket_options(sock,"SO_BROADCAST");
964 * Lookup the name on all the interfaces, return on
965 * the first successful match.
967 for( i = num_interfaces-1; i >= 0; i--) {
968 const struct sockaddr_storage *pss = iface_n_bcast(i);
971 /* Done this way to fix compiler error on IRIX 5.x */
975 status = name_query(sock, name, name_type, true, true, pss,
976 talloc_tos(), &ss_list, return_count,
978 if (NT_STATUS_IS_OK(status)) {
983 /* failed - no response */
990 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
991 status = NT_STATUS_NO_MEMORY;
993 TALLOC_FREE(ss_list);
998 /********************************************************
999 Resolve via "wins" method.
1000 *********************************************************/
1002 NTSTATUS resolve_wins(const char *name,
1004 struct ip_service **return_iplist,
1009 struct sockaddr_storage src_ss, *ss_list = NULL;
1010 struct in_addr src_ip;
1013 if (lp_disable_netbios()) {
1014 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1016 return NT_STATUS_INVALID_PARAMETER;
1019 *return_iplist = NULL;
1022 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1025 if (wins_srv_count() < 1) {
1026 DEBUG(3,("resolve_wins: WINS server resolution selected "
1027 "and no WINS servers listed.\n"));
1028 return NT_STATUS_INVALID_PARAMETER;
1031 /* we try a lookup on each of the WINS tags in turn */
1032 wins_tags = wins_srv_tags();
1035 /* huh? no tags?? give up in disgust */
1036 return NT_STATUS_INVALID_PARAMETER;
1039 /* the address we will be sending from */
1040 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1041 AI_NUMERICHOST|AI_PASSIVE)) {
1042 zero_sockaddr(&src_ss);
1045 if (src_ss.ss_family != AF_INET) {
1046 char addr[INET6_ADDRSTRLEN];
1047 print_sockaddr(addr, sizeof(addr), &src_ss);
1048 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1049 "on IPv6 address %s\n",
1051 wins_srv_tags_free(wins_tags);
1052 return NT_STATUS_INVALID_PARAMETER;
1055 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1057 /* in the worst case we will try every wins server with every
1059 for (t=0; wins_tags && wins_tags[t]; t++) {
1060 int srv_count = wins_srv_count_tag(wins_tags[t]);
1061 for (i=0; i<srv_count; i++) {
1062 struct sockaddr_storage wins_ss;
1063 struct in_addr wins_ip;
1067 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1069 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1070 /* yikes! we'll loop forever */
1074 /* skip any that have been unresponsive lately */
1075 if (wins_srv_is_dead(wins_ip, src_ip)) {
1079 DEBUG(3,("resolve_wins: using WINS server %s "
1081 inet_ntoa(wins_ip), wins_tags[t]));
1083 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1088 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1089 status = name_query(sock,
1101 /* exit loop if we got a list of addresses */
1103 if (NT_STATUS_IS_OK(status)) {
1110 /* Timed out waiting for WINS server to
1113 wins_srv_died(wins_ip, src_ip);
1115 /* The name definitely isn't in this
1116 group of WINS servers.
1117 goto the next group */
1123 wins_srv_tags_free(wins_tags);
1124 return NT_STATUS_NO_LOGON_SERVERS;
1128 status = NT_STATUS_OK;
1129 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1130 status = NT_STATUS_INVALID_PARAMETER;
1132 TALLOC_FREE(ss_list);
1133 wins_srv_tags_free(wins_tags);
1139 /********************************************************
1140 Resolve via "lmhosts" method.
1141 *********************************************************/
1143 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1144 struct ip_service **return_iplist,
1148 * "lmhosts" means parse the local lmhosts file.
1150 struct sockaddr_storage *ss_list;
1151 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1152 TALLOC_CTX *ctx = NULL;
1154 *return_iplist = NULL;
1157 DEBUG(3,("resolve_lmhosts: "
1158 "Attempting lmhosts lookup for name %s<0x%x>\n",
1161 ctx = talloc_init("resolve_lmhosts");
1163 return NT_STATUS_NO_MEMORY;
1166 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1171 if (NT_STATUS_IS_OK(status)) {
1172 if (convert_ss2service(return_iplist,
1176 return NT_STATUS_OK;
1179 return NT_STATUS_NO_MEMORY;
1187 /********************************************************
1188 Resolve via "hosts" method.
1189 *********************************************************/
1191 static NTSTATUS resolve_hosts(const char *name, int name_type,
1192 struct ip_service **return_iplist,
1196 * "host" means do a localhost, or dns lookup.
1198 struct addrinfo hints;
1199 struct addrinfo *ailist = NULL;
1200 struct addrinfo *res = NULL;
1204 if ( name_type != 0x20 && name_type != 0x0) {
1205 DEBUG(5, ("resolve_hosts: not appropriate "
1206 "for name type <0x%x>\n",
1208 return NT_STATUS_INVALID_PARAMETER;
1211 *return_iplist = NULL;
1214 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1218 /* By default make sure it supports TCP. */
1219 hints.ai_socktype = SOCK_STREAM;
1220 hints.ai_flags = AI_ADDRCONFIG;
1222 #if !defined(HAVE_IPV6)
1223 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1224 hints.ai_family = AF_INET;
1227 ret = getaddrinfo(name,
1232 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1234 gai_strerror(ret) ));
1237 for (res = ailist; res; res = res->ai_next) {
1238 struct sockaddr_storage ss;
1240 if (!res->ai_addr || res->ai_addrlen == 0) {
1245 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1249 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1252 if (!*return_iplist) {
1253 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1254 freeaddrinfo(ailist);
1255 return NT_STATUS_NO_MEMORY;
1257 (*return_iplist)[i].ss = ss;
1258 (*return_iplist)[i].port = PORT_NONE;
1262 freeaddrinfo(ailist);
1264 if (*return_count) {
1265 return NT_STATUS_OK;
1267 return NT_STATUS_UNSUCCESSFUL;
1270 /********************************************************
1271 Resolve via "ADS" method.
1272 *********************************************************/
1274 static NTSTATUS resolve_ads(const char *name,
1276 const char *sitename,
1277 struct ip_service **return_iplist,
1283 struct dns_rr_srv *dcs = NULL;
1287 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1288 (name_type != 0x1b)) {
1289 return NT_STATUS_INVALID_PARAMETER;
1292 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1293 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1294 return NT_STATUS_NO_MEMORY;
1297 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1299 switch (name_type) {
1301 DEBUG(5,("resolve_ads: Attempting to resolve "
1302 "PDC for %s using DNS\n", name));
1303 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1307 DEBUG(5,("resolve_ads: Attempting to resolve "
1308 "DCs for %s using DNS\n", name));
1309 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1313 DEBUG(5,("resolve_ads: Attempting to resolve "
1314 "KDCs for %s using DNS\n", name));
1315 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1319 status = NT_STATUS_INVALID_PARAMETER;
1323 if ( !NT_STATUS_IS_OK( status ) ) {
1324 talloc_destroy(ctx);
1328 for (i=0;i<numdcs;i++) {
1329 numaddrs += MAX(dcs[i].num_ips,1);
1332 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1334 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1336 talloc_destroy(ctx);
1337 return NT_STATUS_NO_MEMORY;
1340 /* now unroll the list of IP addresses */
1345 while ( i < numdcs && (*return_count<numaddrs) ) {
1346 struct ip_service *r = &(*return_iplist)[*return_count];
1348 r->port = dcs[i].port;
1350 /* If we don't have an IP list for a name, lookup it up */
1353 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1357 /* use the IP addresses from the SRV sresponse */
1359 if ( j >= dcs[i].num_ips ) {
1365 r->ss = dcs[i].ss_s[j];
1369 /* make sure it is a valid IP. I considered checking the
1370 * negative connection cache, but this is the wrong place
1371 * for it. Maybe only as a hack. After think about it, if
1372 * all of the IP addresses returned from DNS are dead, what
1373 * hope does a netbios name lookup have ? The standard reason
1374 * for falling back to netbios lookups is that our DNS server
1375 * doesn't know anything about the DC's -- jerry */
1377 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1382 talloc_destroy(ctx);
1383 return NT_STATUS_OK;
1386 /*******************************************************************
1387 Internal interface to resolve a name into an IP address.
1388 Use this function if the string is either an IP address, DNS
1389 or host name or NetBIOS name. This uses the name switch in the
1390 smb.conf to determine the order of name resolution.
1392 Added support for ip addr/port to support ADS ldap servers.
1393 the only place we currently care about the port is in the
1394 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1395 **********************************************************************/
1397 NTSTATUS internal_resolve_name(const char *name,
1399 const char *sitename,
1400 struct ip_service **return_iplist,
1402 const char *resolve_order)
1406 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1408 TALLOC_CTX *frame = NULL;
1410 *return_iplist = NULL;
1413 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1414 name, name_type, sitename ? sitename : "(null)"));
1416 if (is_ipaddress(name)) {
1417 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1419 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1420 return NT_STATUS_NO_MEMORY;
1423 /* ignore the port here */
1424 (*return_iplist)->port = PORT_NONE;
1426 /* if it's in the form of an IP address then get the lib to interpret it */
1427 if (!interpret_string_addr(&(*return_iplist)->ss,
1428 name, AI_NUMERICHOST)) {
1429 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1432 SAFE_FREE(*return_iplist);
1433 return NT_STATUS_INVALID_PARAMETER;
1436 return NT_STATUS_OK;
1439 /* Check name cache */
1441 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1442 /* This could be a negative response */
1443 if (*return_count > 0) {
1444 return NT_STATUS_OK;
1446 return NT_STATUS_UNSUCCESSFUL;
1450 /* set the name resolution order */
1452 if (strcmp( resolve_order, "NULL") == 0) {
1453 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1454 return NT_STATUS_INVALID_PARAMETER;
1457 if (!resolve_order[0]) {
1460 ptr = resolve_order;
1463 /* iterate through the name resolution backends */
1465 frame = talloc_stackframe();
1466 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1467 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1468 status = resolve_hosts(name, name_type, return_iplist,
1470 if (NT_STATUS_IS_OK(status)) {
1473 } else if(strequal( tok, "kdc")) {
1474 /* deal with KDC_NAME_TYPE names here.
1475 * This will result in a SRV record lookup */
1476 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1477 return_iplist, return_count);
1478 if (NT_STATUS_IS_OK(status)) {
1479 /* Ensure we don't namecache
1480 * this with the KDC port. */
1481 name_type = KDC_NAME_TYPE;
1484 } else if(strequal( tok, "ads")) {
1485 /* deal with 0x1c and 0x1b names here.
1486 * This will result in a SRV record lookup */
1487 status = resolve_ads(name, name_type, sitename,
1488 return_iplist, return_count);
1489 if (NT_STATUS_IS_OK(status)) {
1492 } else if(strequal( tok, "lmhosts")) {
1493 status = resolve_lmhosts(name, name_type,
1494 return_iplist, return_count);
1495 if (NT_STATUS_IS_OK(status)) {
1498 } else if(strequal( tok, "wins")) {
1499 /* don't resolve 1D via WINS */
1500 if (name_type != 0x1D) {
1501 status = resolve_wins(name, name_type,
1504 if (NT_STATUS_IS_OK(status)) {
1508 } else if(strequal( tok, "bcast")) {
1509 status = name_resolve_bcast(name, name_type,
1512 if (NT_STATUS_IS_OK(status)) {
1516 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1521 /* All of the resolve_* functions above have returned false. */
1524 SAFE_FREE(*return_iplist);
1527 return NT_STATUS_UNSUCCESSFUL;
1531 /* Remove duplicate entries. Some queries, notably #1c (domain
1532 controllers) return the PDC in iplist[0] and then all domain
1533 controllers including the PDC in iplist[1..n]. Iterating over
1534 the iplist when the PDC is down will cause two sets of timeouts. */
1536 if ( *return_count ) {
1537 *return_count = remove_duplicate_addrs2(*return_iplist,
1541 /* Save in name cache */
1542 if ( DEBUGLEVEL >= 100 ) {
1543 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1544 char addr[INET6_ADDRSTRLEN];
1545 print_sockaddr(addr, sizeof(addr),
1546 &(*return_iplist)[i].ss);
1547 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1551 (*return_iplist)[i].port));
1555 namecache_store(name, name_type, *return_count, *return_iplist);
1557 /* Display some debugging info */
1559 if ( DEBUGLEVEL >= 10 ) {
1560 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1563 for (i = 0; i < *return_count; i++) {
1564 char addr[INET6_ADDRSTRLEN];
1565 print_sockaddr(addr, sizeof(addr),
1566 &(*return_iplist)[i].ss);
1567 DEBUGADD(10, ("%s:%d ",
1569 (*return_iplist)[i].port));
1578 /********************************************************
1579 Internal interface to resolve a name into one IP address.
1580 Use this function if the string is either an IP address, DNS
1581 or host name or NetBIOS name. This uses the name switch in the
1582 smb.conf to determine the order of name resolution.
1583 *********************************************************/
1585 bool resolve_name(const char *name,
1586 struct sockaddr_storage *return_ss,
1590 struct ip_service *ss_list = NULL;
1591 char *sitename = NULL;
1594 if (is_ipaddress(name)) {
1595 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1598 sitename = sitename_fetch(lp_realm()); /* wild guess */
1600 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1602 lp_name_resolve_order()))) {
1606 for (i=0; i<count; i++) {
1607 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1608 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
1609 (ss_list[i].ss.ss_family == AF_INET)) {
1610 *return_ss = ss_list[i].ss;
1612 SAFE_FREE(sitename);
1618 /* only return valid addresses for TCP connections */
1619 for (i=0; i<count; i++) {
1620 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1621 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1622 *return_ss = ss_list[i].ss;
1624 SAFE_FREE(sitename);
1631 SAFE_FREE(sitename);
1635 /********************************************************
1636 Internal interface to resolve a name into a list of IP addresses.
1637 Use this function if the string is either an IP address, DNS
1638 or host name or NetBIOS name. This uses the name switch in the
1639 smb.conf to determine the order of name resolution.
1640 *********************************************************/
1642 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1645 struct sockaddr_storage **return_ss_arr,
1646 unsigned int *p_num_entries)
1648 struct ip_service *ss_list = NULL;
1649 char *sitename = NULL;
1652 unsigned int num_entries;
1656 *return_ss_arr = NULL;
1658 if (is_ipaddress(name)) {
1659 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1660 if (!*return_ss_arr) {
1661 return NT_STATUS_NO_MEMORY;
1663 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1664 TALLOC_FREE(*return_ss_arr);
1665 return NT_STATUS_BAD_NETWORK_NAME;
1668 return NT_STATUS_OK;
1671 sitename = sitename_fetch(lp_realm()); /* wild guess */
1673 status = internal_resolve_name(name, name_type, sitename,
1675 lp_name_resolve_order());
1676 SAFE_FREE(sitename);
1678 if (!NT_STATUS_IS_OK(status)) {
1682 /* only return valid addresses for TCP connections */
1683 for (i=0, num_entries = 0; i<count; i++) {
1684 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1685 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1689 if (num_entries == 0) {
1691 return NT_STATUS_BAD_NETWORK_NAME;
1694 *return_ss_arr = TALLOC_ARRAY(ctx,
1695 struct sockaddr_storage,
1697 if (!(*return_ss_arr)) {
1699 return NT_STATUS_NO_MEMORY;
1702 for (i=0, num_entries = 0; i<count; i++) {
1703 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1704 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1705 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
1709 status = NT_STATUS_OK;
1710 *p_num_entries = num_entries;
1713 return NT_STATUS_OK;
1716 /********************************************************
1717 Find the IP address of the master browser or DMB for a workgroup.
1718 *********************************************************/
1720 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1722 struct ip_service *ip_list = NULL;
1726 if (lp_disable_netbios()) {
1727 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1731 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1732 lp_name_resolve_order());
1733 if (NT_STATUS_IS_OK(status)) {
1734 *master_ss = ip_list[0].ss;
1739 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1740 lp_name_resolve_order());
1741 if (NT_STATUS_IS_OK(status)) {
1742 *master_ss = ip_list[0].ss;
1751 /********************************************************
1752 Get the IP address list of the primary domain controller
1754 *********************************************************/
1756 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1758 struct ip_service *ip_list = NULL;
1760 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1762 /* Look up #1B name */
1764 if (lp_security() == SEC_ADS) {
1765 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1769 if (!NT_STATUS_IS_OK(status) || count == 0) {
1770 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1772 lp_name_resolve_order());
1773 if (!NT_STATUS_IS_OK(status)) {
1778 /* if we get more than 1 IP back we have to assume it is a
1779 multi-homed PDC and not a mess up */
1782 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1783 sort_service_list(ip_list, count);
1786 *pss = ip_list[0].ss;
1791 /* Private enum type for lookups. */
1793 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1795 /********************************************************
1796 Get the IP address list of the domain controllers for
1798 *********************************************************/
1800 static NTSTATUS get_dc_list(const char *domain,
1801 const char *sitename,
1802 struct ip_service **ip_list,
1804 enum dc_lookup_type lookup_type,
1807 char *resolve_order = NULL;
1808 char *saf_servername = NULL;
1809 char *pserver = NULL;
1811 char *port_str = NULL;
1814 int num_addresses = 0;
1815 int local_count, i, j;
1816 struct ip_service *return_iplist = NULL;
1817 struct ip_service *auto_ip_list = NULL;
1818 bool done_auto_lookup = false;
1821 TALLOC_CTX *ctx = talloc_init("get_dc_list");
1827 return NT_STATUS_NO_MEMORY;
1832 /* if we are restricted to solely using DNS for looking
1833 up a domain controller, make sure that host lookups
1834 are enabled for the 'name resolve order'. If host lookups
1835 are disabled and ads_only is True, then set the string to
1838 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1839 if (!resolve_order) {
1840 status = NT_STATUS_NO_MEMORY;
1843 strlower_m(resolve_order);
1844 if (lookup_type == DC_ADS_ONLY) {
1845 if (strstr( resolve_order, "host")) {
1846 resolve_order = talloc_strdup(ctx, "ads");
1848 /* DNS SRV lookups used by the ads resolver
1849 are already sorted by priority and weight */
1852 resolve_order = talloc_strdup(ctx, "NULL");
1854 } else if (lookup_type == DC_KDC_ONLY) {
1855 /* DNS SRV lookups used by the ads/kdc resolver
1856 are already sorted by priority and weight */
1858 resolve_order = talloc_strdup(ctx, "kdc");
1860 if (!resolve_order) {
1861 status = NT_STATUS_NO_MEMORY;
1865 /* fetch the server we have affinity for. Add the
1866 'password server' list to a search for our domain controllers */
1868 saf_servername = saf_fetch( domain);
1870 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1871 pserver = talloc_asprintf(ctx, "%s, %s",
1872 saf_servername ? saf_servername : "",
1873 lp_passwordserver());
1875 pserver = talloc_asprintf(ctx, "%s, *",
1876 saf_servername ? saf_servername : "");
1879 SAFE_FREE(saf_servername);
1881 status = NT_STATUS_NO_MEMORY;
1885 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1888 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1889 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1890 count, resolve_order);
1894 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1897 * if '*' appears in the "password server" list then add
1898 * an auto lookup to the list of manually configured
1899 * DC's. If any DC is listed by name, then the list should be
1900 * considered to be ordered
1904 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1905 if (!done_auto_lookup && strequal(name, "*")) {
1906 status = internal_resolve_name(domain, 0x1C, sitename,
1910 if (NT_STATUS_IS_OK(status)) {
1911 num_addresses += auto_count;
1913 done_auto_lookup = true;
1914 DEBUG(8,("Adding %d DC's from auto lookup\n",
1921 /* if we have no addresses and haven't done the auto lookup, then
1922 just return the list of DC's. Or maybe we just failed. */
1924 if ((num_addresses == 0)) {
1925 if (done_auto_lookup) {
1926 DEBUG(4,("get_dc_list: no servers found\n"));
1927 status = NT_STATUS_NO_LOGON_SERVERS;
1930 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1931 count, resolve_order);
1935 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1936 num_addresses)) == NULL) {
1937 DEBUG(3,("get_dc_list: malloc fail !\n"));
1938 status = NT_STATUS_NO_MEMORY;
1945 /* fill in the return list now with real IP's */
1947 while ((local_count<num_addresses) &&
1948 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1949 struct sockaddr_storage name_ss;
1951 /* copy any addersses from the auto lookup */
1953 if (strequal(name, "*")) {
1954 for (j=0; j<auto_count; j++) {
1955 char addr[INET6_ADDRSTRLEN];
1956 print_sockaddr(addr,
1958 &auto_ip_list[j].ss);
1959 /* Check for and don't copy any
1960 * known bad DC IP's. */
1961 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1964 DEBUG(5,("get_dc_list: "
1965 "negative entry %s removed "
1970 return_iplist[local_count].ss =
1972 return_iplist[local_count].port =
1973 auto_ip_list[j].port;
1979 /* added support for address:port syntax for ads
1980 * (not that I think anyone will ever run the LDAP
1981 * server in an AD domain on something other than
1984 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1985 if ((port_str=strchr(name, ':')) != NULL) {
1988 port = atoi(port_str);
1991 /* explicit lookup; resolve_name() will
1992 * handle names & IP addresses */
1993 if (resolve_name( name, &name_ss, 0x20, true )) {
1994 char addr[INET6_ADDRSTRLEN];
1995 print_sockaddr(addr,
1999 /* Check for and don't copy any known bad DC IP's. */
2000 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2002 DEBUG(5,("get_dc_list: negative entry %s "
2003 "removed from DC list\n",
2008 return_iplist[local_count].ss = name_ss;
2009 return_iplist[local_count].port = port;
2015 /* need to remove duplicates in the list if we have any
2016 explicit password servers */
2019 local_count = remove_duplicate_addrs2(return_iplist,
2023 /* For DC's we always prioritize IPv4 due to W2K3 not
2024 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2026 if (local_count && return_iplist) {
2027 prioritize_ipv4_list(return_iplist, local_count);
2030 if ( DEBUGLEVEL >= 4 ) {
2031 DEBUG(4,("get_dc_list: returning %d ip addresses "
2032 "in an %sordered list\n",
2034 *ordered ? "":"un"));
2035 DEBUG(4,("get_dc_list: "));
2036 for ( i=0; i<local_count; i++ ) {
2037 char addr[INET6_ADDRSTRLEN];
2038 print_sockaddr(addr,
2040 &return_iplist[i].ss);
2041 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2046 *ip_list = return_iplist;
2047 *count = local_count;
2049 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2053 if (!NT_STATUS_IS_OK(status)) {
2054 SAFE_FREE(return_iplist);
2059 SAFE_FREE(auto_ip_list);
2064 /*********************************************************************
2065 Small wrapper function to get the DC list and sort it if neccessary.
2066 *********************************************************************/
2068 NTSTATUS get_sorted_dc_list( const char *domain,
2069 const char *sitename,
2070 struct ip_service **ip_list,
2074 bool ordered = false;
2076 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2081 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2082 "for name %s (sitename %s) using [%s]\n",
2084 sitename ? sitename : "NULL",
2085 (ads_only ? "ads" : lp_name_resolve_order())));
2088 lookup_type = DC_ADS_ONLY;
2091 status = get_dc_list(domain, sitename, ip_list,
2092 count, lookup_type, &ordered);
2093 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2095 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2096 " in site %s, fallback to all servers\n",
2098 status = get_dc_list(domain, NULL, ip_list,
2099 count, lookup_type, &ordered);
2102 if (!NT_STATUS_IS_OK(status)) {
2103 SAFE_FREE(*ip_list);
2108 /* only sort if we don't already have an ordered list */
2110 sort_service_list(*ip_list, *count);
2113 return NT_STATUS_OK;
2116 /*********************************************************************
2117 Get the KDC list - re-use all the logic in get_dc_list.
2118 *********************************************************************/
2120 NTSTATUS get_kdc_list( const char *realm,
2121 const char *sitename,
2122 struct ip_service **ip_list,
2131 status = get_dc_list(realm, sitename, ip_list,
2132 count, DC_KDC_ONLY, &ordered);
2134 if (!NT_STATUS_IS_OK(status)) {
2135 SAFE_FREE(*ip_list);
2140 /* only sort if we don't already have an ordered list */
2142 sort_service_list(*ip_list, *count);
2145 return NT_STATUS_OK;