2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libads/sitename_cache.h"
23 #include "libads/dns.h"
24 #include "../libcli/netlogon.h"
25 #include "librpc/gen_ndr/messaging.h"
27 /* nmbd.c sets this to True. */
28 bool global_in_nmbd = False;
30 /****************************
31 * SERVER AFFINITY ROUTINES *
32 ****************************/
34 /* Server affinity is the concept of preferring the last domain
35 controller with whom you had a successful conversation */
37 /****************************************************************************
38 ****************************************************************************/
39 #define SAFKEY_FMT "SAF/DOMAIN/%s"
41 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
42 #define SAFJOIN_TTL 3600
44 static char *saf_key(const char *domain)
48 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
53 static char *saf_join_key(const char *domain)
57 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
62 /****************************************************************************
63 ****************************************************************************/
65 bool saf_store( const char *domain, const char *servername )
71 if ( !domain || !servername ) {
72 DEBUG(2,("saf_store: "
73 "Refusing to store empty domain or servername!\n"));
77 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
78 DEBUG(0,("saf_store: "
79 "refusing to store 0 length domain or servername!\n"));
83 key = saf_key( domain );
84 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
86 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
87 domain, servername, (unsigned int)expire ));
89 ret = gencache_set( key, servername, expire );
96 bool saf_join_store( const char *domain, const char *servername )
102 if ( !domain || !servername ) {
103 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
107 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
108 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
112 key = saf_join_key( domain );
113 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
115 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
116 domain, servername, (unsigned int)expire ));
118 ret = gencache_set( key, servername, expire );
125 bool saf_delete( const char *domain )
131 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
135 key = saf_join_key(domain);
136 ret = gencache_del(key);
140 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
143 key = saf_key(domain);
144 ret = gencache_del(key);
148 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
154 /****************************************************************************
155 ****************************************************************************/
157 char *saf_fetch( const char *domain )
164 if ( !domain || strlen(domain) == 0) {
165 DEBUG(2,("saf_fetch: Empty domain name!\n"));
169 key = saf_join_key( domain );
171 ret = gencache_get( key, &server, &timeout );
176 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
181 key = saf_key( domain );
183 ret = gencache_get( key, &server, &timeout );
188 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
191 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
198 /****************************************************************************
199 Generate a random trn_id.
200 ****************************************************************************/
202 static int generate_trn_id(void)
206 generate_random_buffer((uint8 *)&id, sizeof(id));
208 return id % (unsigned)0x7FFF;
211 /****************************************************************************
212 Parse a node status response into an array of structures.
213 ****************************************************************************/
215 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
217 struct node_status_extra *extra)
219 struct node_status *ret;
222 *num_names = CVAL(p,0);
227 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
232 for (i=0;i< *num_names;i++) {
233 StrnCpy(ret[i].name,p,15);
234 trim_char(ret[i].name,'\0',' ');
235 ret[i].type = CVAL(p,15);
236 ret[i].flags = p[16];
238 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
239 ret[i].type, ret[i].flags));
242 * Also, pick up the MAC address ...
245 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
250 /****************************************************************************
251 Try and send a request to nmbd to send a packet_struct packet first.
252 If this fails, use send_packet().
253 **************************************************************************/
255 static bool send_packet_request(struct packet_struct *p)
257 struct messaging_context *msg_ctx = server_messaging_context();
259 pid_t nmbd_pid = pidfile_pid("nmbd");
263 if (NT_STATUS_IS_OK(messaging_send_buf(msg_ctx,
264 pid_to_procid(nmbd_pid),
267 sizeof(struct packet_struct)))) {
273 return send_packet(p);
276 /****************************************************************************
277 Do a NBT node status query on an open socket and return an array of
278 structures holding the returned names or NULL if the query failed.
279 **************************************************************************/
281 NTSTATUS node_status_query(int fd,
282 struct nmb_name *name,
283 const struct sockaddr_storage *to_ss,
285 struct node_status **names,
287 struct node_status_extra *extra)
291 int retry_time = 2000;
293 struct packet_struct p;
294 struct packet_struct *p2;
295 struct nmb_packet *nmb = &p.packet.nmb;
296 struct node_status *ret;
300 if (to_ss->ss_family != AF_INET) {
301 /* Can't do node status to IPv6 */
302 return NT_STATUS_INVALID_ADDRESS;
304 nmb->header.name_trn_id = generate_trn_id();
305 nmb->header.opcode = 0;
306 nmb->header.response = false;
307 nmb->header.nm_flags.bcast = false;
308 nmb->header.nm_flags.recursion_available = false;
309 nmb->header.nm_flags.recursion_desired = false;
310 nmb->header.nm_flags.trunc = false;
311 nmb->header.nm_flags.authoritative = false;
312 nmb->header.rcode = 0;
313 nmb->header.qdcount = 1;
314 nmb->header.ancount = 0;
315 nmb->header.nscount = 0;
316 nmb->header.arcount = 0;
317 nmb->question.question_name = *name;
318 nmb->question.question_type = 0x21;
319 nmb->question.question_class = 0x1;
321 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
325 p.timestamp = time(NULL);
326 p.packet_type = NMB_PACKET;
328 clock_gettime_mono(&tp);
330 if (!send_packet_request(&p))
331 return NT_STATUS_NOT_FOUND;
337 clock_gettime_mono(&tp2);
338 if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) {
341 if (!found && !send_packet_request(&p))
342 return NT_STATUS_NOT_FOUND;
343 clock_gettime_mono(&tp);
347 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
348 struct nmb_packet *nmb2 = &p2->packet.nmb;
349 debug_nmb_packet(p2);
351 if (nmb2->header.opcode != 0 ||
352 nmb2->header.nm_flags.bcast ||
353 nmb2->header.rcode ||
354 !nmb2->header.ancount ||
355 nmb2->answers->rr_type != 0x21) {
356 /* XXXX what do we do with this? could be a
357 redirect, but we'll discard it for the
363 ret = parse_node_status(
364 mem_ctx, &nmb2->answers->rdata[0], num_names,
369 return NT_STATUS_NO_MEMORY;
376 return NT_STATUS_IO_TIMEOUT;
379 /****************************************************************************
380 Find the first type XX name in a node status reply - used for finding
381 a servers name given its IP. Return the matched name in *name.
382 **************************************************************************/
384 bool name_status_find(const char *q_name,
387 const struct sockaddr_storage *to_ss,
390 char addr[INET6_ADDRSTRLEN];
391 struct sockaddr_storage ss;
392 struct node_status *addrs = NULL;
393 struct nmb_name nname;
399 if (lp_disable_netbios()) {
400 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
405 print_sockaddr(addr, sizeof(addr), to_ss);
407 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
410 /* Check the cache first. */
412 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
416 if (to_ss->ss_family != AF_INET) {
417 /* Can't do node status to IPv6 */
421 if (!interpret_string_addr(&ss, lp_socket_address(),
422 AI_NUMERICHOST|AI_PASSIVE)) {
426 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
430 /* W2K PDC's seem not to respond to '*'#0. JRA */
431 make_nmb_name(&nname, q_name, q_type);
432 status = node_status_query(sock, &nname, to_ss, talloc_tos(),
433 &addrs, &count, NULL);
435 if (!NT_STATUS_IS_OK(status)) {
439 for (i=0;i<count;i++) {
440 /* Find first one of the requested type that's not a GROUP. */
441 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
447 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
449 /* Store the result in the cache. */
450 /* but don't store an entry for 0x1c names here. Here we have
451 a single host and DOMAIN<0x1c> names should be a list of hosts */
453 if ( q_type != 0x1c ) {
454 namecache_status_store(q_name, q_type, type, to_ss, name);
462 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
465 DEBUGADD(10, (", name %s ip address is %s", name, addr));
473 comparison function used by sort_addr_list
476 static int addr_compare(const struct sockaddr_storage *ss1,
477 const struct sockaddr_storage *ss2)
479 int max_bits1=0, max_bits2=0;
480 int num_interfaces = iface_count();
483 /* Sort IPv4 addresses first. */
484 if (ss1->ss_family != ss2->ss_family) {
485 if (ss2->ss_family == AF_INET) {
492 /* Here we know both addresses are of the same
495 for (i=0;i<num_interfaces;i++) {
496 const struct sockaddr_storage *pss = iface_n_bcast(i);
497 unsigned char *p_ss1 = NULL;
498 unsigned char *p_ss2 = NULL;
499 unsigned char *p_if = NULL;
503 if (pss->ss_family != ss1->ss_family) {
504 /* Ignore interfaces of the wrong type. */
507 if (pss->ss_family == AF_INET) {
508 p_if = (unsigned char *)
509 &((const struct sockaddr_in *)pss)->sin_addr;
510 p_ss1 = (unsigned char *)
511 &((const struct sockaddr_in *)ss1)->sin_addr;
512 p_ss2 = (unsigned char *)
513 &((const struct sockaddr_in *)ss2)->sin_addr;
516 #if defined(HAVE_IPV6)
517 if (pss->ss_family == AF_INET6) {
518 p_if = (unsigned char *)
519 &((const struct sockaddr_in6 *)pss)->sin6_addr;
520 p_ss1 = (unsigned char *)
521 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
522 p_ss2 = (unsigned char *)
523 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
527 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
530 bits1 = matching_len_bits(p_ss1, p_if, len);
531 bits2 = matching_len_bits(p_ss2, p_if, len);
532 max_bits1 = MAX(bits1, max_bits1);
533 max_bits2 = MAX(bits2, max_bits2);
536 /* Bias towards directly reachable IPs */
537 if (iface_local((struct sockaddr *)ss1)) {
538 if (ss1->ss_family == AF_INET) {
544 if (iface_local((struct sockaddr *)ss2)) {
545 if (ss2->ss_family == AF_INET) {
551 return max_bits2 - max_bits1;
554 /*******************************************************************
555 compare 2 ldap IPs by nearness to our interfaces - used in qsort
556 *******************************************************************/
558 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
562 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
566 if (ss1->port > ss2->port) {
570 if (ss1->port < ss2->port) {
578 sort an IP list so that names that are close to one of our interfaces
579 are at the top. This prevents the problem where a WINS server returns an IP
580 that is not reachable from our subnet as the first match
583 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
589 TYPESAFE_QSORT(sslist, count, addr_compare);
592 static void sort_service_list(struct ip_service *servlist, int count)
598 TYPESAFE_QSORT(servlist, count, ip_service_compare);
601 /**********************************************************************
602 Remove any duplicate address/port pairs in the list
603 *********************************************************************/
605 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
609 DEBUG(10,("remove_duplicate_addrs2: "
610 "looking for duplicate address/port pairs\n"));
612 /* one loop to remove duplicates */
613 for ( i=0; i<count; i++ ) {
614 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
618 for ( j=i+1; j<count; j++ ) {
619 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
620 iplist[i].port == iplist[j].port) {
621 zero_sockaddr(&iplist[j].ss);
626 /* one loop to clean up any holes we left */
627 /* first ip should never be a zero_ip() */
628 for (i = 0; i<count; ) {
629 if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
631 memmove(&iplist[i], &iplist[i+1],
632 (count - i - 1)*sizeof(iplist[i]));
643 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
645 TALLOC_CTX *frame = talloc_stackframe();
646 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
649 if (iplist_new == NULL) {
656 /* Copy IPv4 first. */
657 for (i = 0; i < count; i++) {
658 if (iplist[i].ss.ss_family == AF_INET) {
659 iplist_new[j++] = iplist[i];
664 for (i = 0; i < count; i++) {
665 if (iplist[i].ss.ss_family != AF_INET) {
666 iplist_new[j++] = iplist[i];
670 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
675 /****************************************************************************
676 Do a netbios name query to find someones IP.
677 Returns an array of IP addresses or NULL if none.
678 *count will be set to the number of addresses returned.
679 *timed_out is set if we failed by timing out
680 ****************************************************************************/
682 struct sockaddr_storage *name_query(int fd,
687 const struct sockaddr_storage *to_ss,
694 int retry_time = bcast?250:2000;
696 struct packet_struct p;
697 struct packet_struct *p2;
698 struct nmb_packet *nmb = &p.packet.nmb;
699 struct sockaddr_storage *ss_list = NULL;
701 if (lp_disable_netbios()) {
702 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
707 if (to_ss->ss_family != AF_INET) {
715 memset((char *)&p,'\0',sizeof(p));
719 nmb->header.name_trn_id = generate_trn_id();
720 nmb->header.opcode = 0;
721 nmb->header.response = false;
722 nmb->header.nm_flags.bcast = bcast;
723 nmb->header.nm_flags.recursion_available = false;
724 nmb->header.nm_flags.recursion_desired = recurse;
725 nmb->header.nm_flags.trunc = false;
726 nmb->header.nm_flags.authoritative = false;
727 nmb->header.rcode = 0;
728 nmb->header.qdcount = 1;
729 nmb->header.ancount = 0;
730 nmb->header.nscount = 0;
731 nmb->header.arcount = 0;
733 make_nmb_name(&nmb->question.question_name,name,name_type);
735 nmb->question.question_type = 0x20;
736 nmb->question.question_class = 0x1;
738 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
742 p.timestamp = time(NULL);
743 p.packet_type = NMB_PACKET;
745 clock_gettime_mono(&tp);
747 if (!send_packet_request(&p))
755 clock_gettime_mono(&tp2);
756 if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) {
759 if (!found && !send_packet_request(&p))
761 clock_gettime_mono(&tp);
764 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
765 struct nmb_packet *nmb2 = &p2->packet.nmb;
766 debug_nmb_packet(p2);
768 /* If we get a Negative Name Query Response from a WINS
769 * server, we should report it and give up.
771 if( 0 == nmb2->header.opcode /* A query response */
772 && !(bcast) /* from a WINS server */
773 && nmb2->header.rcode /* Error returned */
776 if( DEBUGLVL( 3 ) ) {
777 /* Only executed if DEBUGLEVEL >= 3 */
778 dbgtext( "Negative name query "
779 "response, rcode 0x%02x: ",
780 nmb2->header.rcode );
781 switch( nmb2->header.rcode ) {
784 "was invalidly formatted.\n" );
787 dbgtext( "Problem with NBNS, "
788 "cannot process name.\n");
791 dbgtext( "The name requested "
792 "does not exist.\n" );
795 dbgtext( "Unsupported request "
799 dbgtext( "Query refused "
803 dbgtext( "Unrecognized error "
812 if (nmb2->header.opcode != 0 ||
813 nmb2->header.nm_flags.bcast ||
814 nmb2->header.rcode ||
815 !nmb2->header.ancount) {
817 * XXXX what do we do with this? Could be a
818 * redirect, but we'll discard it for the
825 ss_list = SMB_REALLOC_ARRAY(ss_list,
826 struct sockaddr_storage,
828 nmb2->answers->rdlength/6);
831 DEBUG(0,("name_query: Realloc failed.\n"));
836 DEBUG(2,("Got a positive name query response "
840 for (i=0;i<nmb2->answers->rdlength/6;i++) {
842 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
843 in_addr_to_sockaddr_storage(&ss_list[(*count)],
845 DEBUGADD(2,("%s ",inet_ntoa(ip)));
852 /* We add the flags back ... */
853 if (nmb2->header.response)
854 (*flags) |= NM_FLAGS_RS;
855 if (nmb2->header.nm_flags.authoritative)
856 (*flags) |= NM_FLAGS_AA;
857 if (nmb2->header.nm_flags.trunc)
858 (*flags) |= NM_FLAGS_TC;
859 if (nmb2->header.nm_flags.recursion_desired)
860 (*flags) |= NM_FLAGS_RD;
861 if (nmb2->header.nm_flags.recursion_available)
862 (*flags) |= NM_FLAGS_RA;
863 if (nmb2->header.nm_flags.bcast)
864 (*flags) |= NM_FLAGS_B;
867 * If we're doing a unicast lookup we only
868 * expect one reply. Don't wait the full 2
869 * seconds if we got one. JRA.
876 /* only set timed_out if we didn't fund what we where looking for*/
878 if ( !found && timed_out ) {
882 /* sort the ip list so we choose close servers first if possible */
883 sort_addr_list(ss_list, *count);
888 /********************************************************
889 convert an array if struct sockaddr_storage to struct ip_service
890 return false on failure. Port is set to PORT_NONE;
891 *********************************************************/
893 static bool convert_ss2service(struct ip_service **return_iplist,
894 const struct sockaddr_storage *ss_list,
899 if ( count==0 || !ss_list )
902 /* copy the ip address; port will be PORT_NONE */
903 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
905 DEBUG(0,("convert_ip2service: malloc failed "
906 "for %d enetries!\n", count ));
910 for ( i=0; i<count; i++ ) {
911 (*return_iplist)[i].ss = ss_list[i];
912 (*return_iplist)[i].port = PORT_NONE;
918 /********************************************************
919 Resolve via "bcast" method.
920 *********************************************************/
922 NTSTATUS name_resolve_bcast(const char *name,
924 struct ip_service **return_iplist,
928 int num_interfaces = iface_count();
929 struct sockaddr_storage *ss_list;
930 struct sockaddr_storage ss;
933 if (lp_disable_netbios()) {
934 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
936 return NT_STATUS_INVALID_PARAMETER;
939 *return_iplist = NULL;
943 * "bcast" means do a broadcast lookup on all the local interfaces.
946 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
947 "for name %s<0x%x>\n", name, name_type));
949 if (!interpret_string_addr(&ss, lp_socket_address(),
950 AI_NUMERICHOST|AI_PASSIVE)) {
954 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
956 return NT_STATUS_UNSUCCESSFUL;
959 set_socket_options(sock,"SO_BROADCAST");
961 * Lookup the name on all the interfaces, return on
962 * the first successful match.
964 for( i = num_interfaces-1; i >= 0; i--) {
965 const struct sockaddr_storage *pss = iface_n_bcast(i);
968 /* Done this way to fix compiler error on IRIX 5.x */
972 ss_list = name_query(sock, name, name_type, true,
973 true, pss, return_count, &flags, NULL);
979 /* failed - no response */
982 return NT_STATUS_UNSUCCESSFUL;
986 status = NT_STATUS_OK;
987 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
988 status = NT_STATUS_INVALID_PARAMETER;
995 /********************************************************
996 Resolve via "wins" method.
997 *********************************************************/
999 NTSTATUS resolve_wins(const char *name,
1001 struct ip_service **return_iplist,
1006 struct sockaddr_storage src_ss, *ss_list = NULL;
1007 struct in_addr src_ip;
1010 if (lp_disable_netbios()) {
1011 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1013 return NT_STATUS_INVALID_PARAMETER;
1016 *return_iplist = NULL;
1019 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1022 if (wins_srv_count() < 1) {
1023 DEBUG(3,("resolve_wins: WINS server resolution selected "
1024 "and no WINS servers listed.\n"));
1025 return NT_STATUS_INVALID_PARAMETER;
1028 /* we try a lookup on each of the WINS tags in turn */
1029 wins_tags = wins_srv_tags();
1032 /* huh? no tags?? give up in disgust */
1033 return NT_STATUS_INVALID_PARAMETER;
1036 /* the address we will be sending from */
1037 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1038 AI_NUMERICHOST|AI_PASSIVE)) {
1039 zero_sockaddr(&src_ss);
1042 if (src_ss.ss_family != AF_INET) {
1043 char addr[INET6_ADDRSTRLEN];
1044 print_sockaddr(addr, sizeof(addr), &src_ss);
1045 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1046 "on IPv6 address %s\n",
1048 wins_srv_tags_free(wins_tags);
1049 return NT_STATUS_INVALID_PARAMETER;
1052 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1054 /* in the worst case we will try every wins server with every
1056 for (t=0; wins_tags && wins_tags[t]; t++) {
1057 int srv_count = wins_srv_count_tag(wins_tags[t]);
1058 for (i=0; i<srv_count; i++) {
1059 struct sockaddr_storage wins_ss;
1060 struct in_addr wins_ip;
1064 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1066 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1067 /* yikes! we'll loop forever */
1071 /* skip any that have been unresponsive lately */
1072 if (wins_srv_is_dead(wins_ip, src_ip)) {
1076 DEBUG(3,("resolve_wins: using WINS server %s "
1078 inet_ntoa(wins_ip), wins_tags[t]));
1080 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1085 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1086 ss_list = name_query(sock,
1096 /* exit loop if we got a list of addresses */
1104 /* Timed out waiting for WINS server to
1107 wins_srv_died(wins_ip, src_ip);
1109 /* The name definitely isn't in this
1110 group of WINS servers.
1111 goto the next group */
1117 wins_srv_tags_free(wins_tags);
1118 return NT_STATUS_NO_LOGON_SERVERS;
1122 status = NT_STATUS_OK;
1123 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1124 status = NT_STATUS_INVALID_PARAMETER;
1127 wins_srv_tags_free(wins_tags);
1133 /********************************************************
1134 Resolve via "lmhosts" method.
1135 *********************************************************/
1137 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1138 struct ip_service **return_iplist,
1142 * "lmhosts" means parse the local lmhosts file.
1144 struct sockaddr_storage *ss_list;
1145 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1146 TALLOC_CTX *ctx = NULL;
1148 *return_iplist = NULL;
1151 DEBUG(3,("resolve_lmhosts: "
1152 "Attempting lmhosts lookup for name %s<0x%x>\n",
1155 ctx = talloc_init("resolve_lmhosts");
1157 return NT_STATUS_NO_MEMORY;
1160 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1165 if (NT_STATUS_IS_OK(status)) {
1166 if (convert_ss2service(return_iplist,
1170 return NT_STATUS_OK;
1173 return NT_STATUS_NO_MEMORY;
1181 /********************************************************
1182 Resolve via "hosts" method.
1183 *********************************************************/
1185 static NTSTATUS resolve_hosts(const char *name, int name_type,
1186 struct ip_service **return_iplist,
1190 * "host" means do a localhost, or dns lookup.
1192 struct addrinfo hints;
1193 struct addrinfo *ailist = NULL;
1194 struct addrinfo *res = NULL;
1198 if ( name_type != 0x20 && name_type != 0x0) {
1199 DEBUG(5, ("resolve_hosts: not appropriate "
1200 "for name type <0x%x>\n",
1202 return NT_STATUS_INVALID_PARAMETER;
1205 *return_iplist = NULL;
1208 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1212 /* By default make sure it supports TCP. */
1213 hints.ai_socktype = SOCK_STREAM;
1214 hints.ai_flags = AI_ADDRCONFIG;
1216 #if !defined(HAVE_IPV6)
1217 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1218 hints.ai_family = AF_INET;
1221 ret = getaddrinfo(name,
1226 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1228 gai_strerror(ret) ));
1231 for (res = ailist; res; res = res->ai_next) {
1232 struct sockaddr_storage ss;
1234 if (!res->ai_addr || res->ai_addrlen == 0) {
1239 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1243 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1246 if (!*return_iplist) {
1247 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1248 freeaddrinfo(ailist);
1249 return NT_STATUS_NO_MEMORY;
1251 (*return_iplist)[i].ss = ss;
1252 (*return_iplist)[i].port = PORT_NONE;
1256 freeaddrinfo(ailist);
1258 if (*return_count) {
1259 return NT_STATUS_OK;
1261 return NT_STATUS_UNSUCCESSFUL;
1264 /********************************************************
1265 Resolve via "ADS" method.
1266 *********************************************************/
1268 static NTSTATUS resolve_ads(const char *name,
1270 const char *sitename,
1271 struct ip_service **return_iplist,
1277 struct dns_rr_srv *dcs = NULL;
1281 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1282 (name_type != 0x1b)) {
1283 return NT_STATUS_INVALID_PARAMETER;
1286 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1287 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1288 return NT_STATUS_NO_MEMORY;
1291 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1293 switch (name_type) {
1295 DEBUG(5,("resolve_ads: Attempting to resolve "
1296 "PDC for %s using DNS\n", name));
1297 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1301 DEBUG(5,("resolve_ads: Attempting to resolve "
1302 "DCs for %s using DNS\n", name));
1303 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1307 DEBUG(5,("resolve_ads: Attempting to resolve "
1308 "KDCs for %s using DNS\n", name));
1309 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1313 status = NT_STATUS_INVALID_PARAMETER;
1317 if ( !NT_STATUS_IS_OK( status ) ) {
1318 talloc_destroy(ctx);
1322 for (i=0;i<numdcs;i++) {
1323 numaddrs += MAX(dcs[i].num_ips,1);
1326 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1328 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1330 talloc_destroy(ctx);
1331 return NT_STATUS_NO_MEMORY;
1334 /* now unroll the list of IP addresses */
1339 while ( i < numdcs && (*return_count<numaddrs) ) {
1340 struct ip_service *r = &(*return_iplist)[*return_count];
1342 r->port = dcs[i].port;
1344 /* If we don't have an IP list for a name, lookup it up */
1347 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1351 /* use the IP addresses from the SRV sresponse */
1353 if ( j >= dcs[i].num_ips ) {
1359 r->ss = dcs[i].ss_s[j];
1363 /* make sure it is a valid IP. I considered checking the
1364 * negative connection cache, but this is the wrong place
1365 * for it. Maybe only as a hack. After think about it, if
1366 * all of the IP addresses returned from DNS are dead, what
1367 * hope does a netbios name lookup have ? The standard reason
1368 * for falling back to netbios lookups is that our DNS server
1369 * doesn't know anything about the DC's -- jerry */
1371 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1376 talloc_destroy(ctx);
1377 return NT_STATUS_OK;
1380 /*******************************************************************
1381 Internal interface to resolve a name into an IP address.
1382 Use this function if the string is either an IP address, DNS
1383 or host name or NetBIOS name. This uses the name switch in the
1384 smb.conf to determine the order of name resolution.
1386 Added support for ip addr/port to support ADS ldap servers.
1387 the only place we currently care about the port is in the
1388 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1389 **********************************************************************/
1391 NTSTATUS internal_resolve_name(const char *name,
1393 const char *sitename,
1394 struct ip_service **return_iplist,
1396 const char *resolve_order)
1400 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1402 TALLOC_CTX *frame = NULL;
1404 *return_iplist = NULL;
1407 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1408 name, name_type, sitename ? sitename : "(null)"));
1410 if (is_ipaddress(name)) {
1411 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1413 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1414 return NT_STATUS_NO_MEMORY;
1417 /* ignore the port here */
1418 (*return_iplist)->port = PORT_NONE;
1420 /* if it's in the form of an IP address then get the lib to interpret it */
1421 if (!interpret_string_addr(&(*return_iplist)->ss,
1422 name, AI_NUMERICHOST)) {
1423 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1426 SAFE_FREE(*return_iplist);
1427 return NT_STATUS_INVALID_PARAMETER;
1430 return NT_STATUS_OK;
1433 /* Check name cache */
1435 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1436 /* This could be a negative response */
1437 if (*return_count > 0) {
1438 return NT_STATUS_OK;
1440 return NT_STATUS_UNSUCCESSFUL;
1444 /* set the name resolution order */
1446 if (strcmp( resolve_order, "NULL") == 0) {
1447 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1448 return NT_STATUS_INVALID_PARAMETER;
1451 if (!resolve_order[0]) {
1454 ptr = resolve_order;
1457 /* iterate through the name resolution backends */
1459 frame = talloc_stackframe();
1460 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1461 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1462 status = resolve_hosts(name, name_type, return_iplist,
1464 if (NT_STATUS_IS_OK(status)) {
1467 } else if(strequal( tok, "kdc")) {
1468 /* deal with KDC_NAME_TYPE names here.
1469 * This will result in a SRV record lookup */
1470 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1471 return_iplist, return_count);
1472 if (NT_STATUS_IS_OK(status)) {
1473 /* Ensure we don't namecache
1474 * this with the KDC port. */
1475 name_type = KDC_NAME_TYPE;
1478 } else if(strequal( tok, "ads")) {
1479 /* deal with 0x1c and 0x1b names here.
1480 * This will result in a SRV record lookup */
1481 status = resolve_ads(name, name_type, sitename,
1482 return_iplist, return_count);
1483 if (NT_STATUS_IS_OK(status)) {
1486 } else if(strequal( tok, "lmhosts")) {
1487 status = resolve_lmhosts(name, name_type,
1488 return_iplist, return_count);
1489 if (NT_STATUS_IS_OK(status)) {
1492 } else if(strequal( tok, "wins")) {
1493 /* don't resolve 1D via WINS */
1494 if (name_type != 0x1D) {
1495 status = resolve_wins(name, name_type,
1498 if (NT_STATUS_IS_OK(status)) {
1502 } else if(strequal( tok, "bcast")) {
1503 status = name_resolve_bcast(name, name_type,
1506 if (NT_STATUS_IS_OK(status)) {
1510 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1515 /* All of the resolve_* functions above have returned false. */
1518 SAFE_FREE(*return_iplist);
1521 return NT_STATUS_UNSUCCESSFUL;
1525 /* Remove duplicate entries. Some queries, notably #1c (domain
1526 controllers) return the PDC in iplist[0] and then all domain
1527 controllers including the PDC in iplist[1..n]. Iterating over
1528 the iplist when the PDC is down will cause two sets of timeouts. */
1530 if ( *return_count ) {
1531 *return_count = remove_duplicate_addrs2(*return_iplist,
1535 /* Save in name cache */
1536 if ( DEBUGLEVEL >= 100 ) {
1537 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1538 char addr[INET6_ADDRSTRLEN];
1539 print_sockaddr(addr, sizeof(addr),
1540 &(*return_iplist)[i].ss);
1541 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1545 (*return_iplist)[i].port));
1549 namecache_store(name, name_type, *return_count, *return_iplist);
1551 /* Display some debugging info */
1553 if ( DEBUGLEVEL >= 10 ) {
1554 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1557 for (i = 0; i < *return_count; i++) {
1558 char addr[INET6_ADDRSTRLEN];
1559 print_sockaddr(addr, sizeof(addr),
1560 &(*return_iplist)[i].ss);
1561 DEBUGADD(10, ("%s:%d ",
1563 (*return_iplist)[i].port));
1572 /********************************************************
1573 Internal interface to resolve a name into one IP address.
1574 Use this function if the string is either an IP address, DNS
1575 or host name or NetBIOS name. This uses the name switch in the
1576 smb.conf to determine the order of name resolution.
1577 *********************************************************/
1579 bool resolve_name(const char *name,
1580 struct sockaddr_storage *return_ss,
1584 struct ip_service *ss_list = NULL;
1585 char *sitename = NULL;
1588 if (is_ipaddress(name)) {
1589 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1592 sitename = sitename_fetch(lp_realm()); /* wild guess */
1594 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1596 lp_name_resolve_order()))) {
1600 for (i=0; i<count; i++) {
1601 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1602 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
1603 (ss_list[i].ss.ss_family == AF_INET)) {
1604 *return_ss = ss_list[i].ss;
1606 SAFE_FREE(sitename);
1612 /* only return valid addresses for TCP connections */
1613 for (i=0; i<count; i++) {
1614 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1615 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1616 *return_ss = ss_list[i].ss;
1618 SAFE_FREE(sitename);
1625 SAFE_FREE(sitename);
1629 /********************************************************
1630 Internal interface to resolve a name into a list of IP addresses.
1631 Use this function if the string is either an IP address, DNS
1632 or host name or NetBIOS name. This uses the name switch in the
1633 smb.conf to determine the order of name resolution.
1634 *********************************************************/
1636 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1639 struct sockaddr_storage **return_ss_arr,
1640 unsigned int *p_num_entries)
1642 struct ip_service *ss_list = NULL;
1643 char *sitename = NULL;
1646 unsigned int num_entries;
1650 *return_ss_arr = NULL;
1652 if (is_ipaddress(name)) {
1653 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1654 if (!*return_ss_arr) {
1655 return NT_STATUS_NO_MEMORY;
1657 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1658 TALLOC_FREE(*return_ss_arr);
1659 return NT_STATUS_BAD_NETWORK_NAME;
1662 return NT_STATUS_OK;
1665 sitename = sitename_fetch(lp_realm()); /* wild guess */
1667 status = internal_resolve_name(name, name_type, sitename,
1669 lp_name_resolve_order());
1670 SAFE_FREE(sitename);
1672 if (!NT_STATUS_IS_OK(status)) {
1676 /* only return valid addresses for TCP connections */
1677 for (i=0, num_entries = 0; i<count; i++) {
1678 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1679 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1683 if (num_entries == 0) {
1685 return NT_STATUS_BAD_NETWORK_NAME;
1688 *return_ss_arr = TALLOC_ARRAY(ctx,
1689 struct sockaddr_storage,
1691 if (!(*return_ss_arr)) {
1693 return NT_STATUS_NO_MEMORY;
1696 for (i=0, num_entries = 0; i<count; i++) {
1697 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1698 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1699 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
1703 status = NT_STATUS_OK;
1704 *p_num_entries = num_entries;
1707 return NT_STATUS_OK;
1710 /********************************************************
1711 Find the IP address of the master browser or DMB for a workgroup.
1712 *********************************************************/
1714 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1716 struct ip_service *ip_list = NULL;
1720 if (lp_disable_netbios()) {
1721 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1725 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1726 lp_name_resolve_order());
1727 if (NT_STATUS_IS_OK(status)) {
1728 *master_ss = ip_list[0].ss;
1733 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1734 lp_name_resolve_order());
1735 if (NT_STATUS_IS_OK(status)) {
1736 *master_ss = ip_list[0].ss;
1745 /********************************************************
1746 Get the IP address list of the primary domain controller
1748 *********************************************************/
1750 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1752 struct ip_service *ip_list = NULL;
1754 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1756 /* Look up #1B name */
1758 if (lp_security() == SEC_ADS) {
1759 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1763 if (!NT_STATUS_IS_OK(status) || count == 0) {
1764 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1766 lp_name_resolve_order());
1767 if (!NT_STATUS_IS_OK(status)) {
1772 /* if we get more than 1 IP back we have to assume it is a
1773 multi-homed PDC and not a mess up */
1776 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1777 sort_service_list(ip_list, count);
1780 *pss = ip_list[0].ss;
1785 /* Private enum type for lookups. */
1787 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1789 /********************************************************
1790 Get the IP address list of the domain controllers for
1792 *********************************************************/
1794 static NTSTATUS get_dc_list(const char *domain,
1795 const char *sitename,
1796 struct ip_service **ip_list,
1798 enum dc_lookup_type lookup_type,
1801 char *resolve_order = NULL;
1802 char *saf_servername = NULL;
1803 char *pserver = NULL;
1805 char *port_str = NULL;
1808 int num_addresses = 0;
1809 int local_count, i, j;
1810 struct ip_service *return_iplist = NULL;
1811 struct ip_service *auto_ip_list = NULL;
1812 bool done_auto_lookup = false;
1815 TALLOC_CTX *ctx = talloc_init("get_dc_list");
1821 return NT_STATUS_NO_MEMORY;
1826 /* if we are restricted to solely using DNS for looking
1827 up a domain controller, make sure that host lookups
1828 are enabled for the 'name resolve order'. If host lookups
1829 are disabled and ads_only is True, then set the string to
1832 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1833 if (!resolve_order) {
1834 status = NT_STATUS_NO_MEMORY;
1837 strlower_m(resolve_order);
1838 if (lookup_type == DC_ADS_ONLY) {
1839 if (strstr( resolve_order, "host")) {
1840 resolve_order = talloc_strdup(ctx, "ads");
1842 /* DNS SRV lookups used by the ads resolver
1843 are already sorted by priority and weight */
1846 resolve_order = talloc_strdup(ctx, "NULL");
1848 } else if (lookup_type == DC_KDC_ONLY) {
1849 /* DNS SRV lookups used by the ads/kdc resolver
1850 are already sorted by priority and weight */
1852 resolve_order = talloc_strdup(ctx, "kdc");
1854 if (!resolve_order) {
1855 status = NT_STATUS_NO_MEMORY;
1859 /* fetch the server we have affinity for. Add the
1860 'password server' list to a search for our domain controllers */
1862 saf_servername = saf_fetch( domain);
1864 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1865 pserver = talloc_asprintf(ctx, "%s, %s",
1866 saf_servername ? saf_servername : "",
1867 lp_passwordserver());
1869 pserver = talloc_asprintf(ctx, "%s, *",
1870 saf_servername ? saf_servername : "");
1873 SAFE_FREE(saf_servername);
1875 status = NT_STATUS_NO_MEMORY;
1879 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1882 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1883 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1884 count, resolve_order);
1888 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1891 * if '*' appears in the "password server" list then add
1892 * an auto lookup to the list of manually configured
1893 * DC's. If any DC is listed by name, then the list should be
1894 * considered to be ordered
1898 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1899 if (!done_auto_lookup && strequal(name, "*")) {
1900 status = internal_resolve_name(domain, 0x1C, sitename,
1904 if (NT_STATUS_IS_OK(status)) {
1905 num_addresses += auto_count;
1907 done_auto_lookup = true;
1908 DEBUG(8,("Adding %d DC's from auto lookup\n",
1915 /* if we have no addresses and haven't done the auto lookup, then
1916 just return the list of DC's. Or maybe we just failed. */
1918 if ((num_addresses == 0)) {
1919 if (done_auto_lookup) {
1920 DEBUG(4,("get_dc_list: no servers found\n"));
1921 status = NT_STATUS_NO_LOGON_SERVERS;
1924 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1925 count, resolve_order);
1929 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1930 num_addresses)) == NULL) {
1931 DEBUG(3,("get_dc_list: malloc fail !\n"));
1932 status = NT_STATUS_NO_MEMORY;
1939 /* fill in the return list now with real IP's */
1941 while ((local_count<num_addresses) &&
1942 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1943 struct sockaddr_storage name_ss;
1945 /* copy any addersses from the auto lookup */
1947 if (strequal(name, "*")) {
1948 for (j=0; j<auto_count; j++) {
1949 char addr[INET6_ADDRSTRLEN];
1950 print_sockaddr(addr,
1952 &auto_ip_list[j].ss);
1953 /* Check for and don't copy any
1954 * known bad DC IP's. */
1955 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1958 DEBUG(5,("get_dc_list: "
1959 "negative entry %s removed "
1964 return_iplist[local_count].ss =
1966 return_iplist[local_count].port =
1967 auto_ip_list[j].port;
1973 /* added support for address:port syntax for ads
1974 * (not that I think anyone will ever run the LDAP
1975 * server in an AD domain on something other than
1978 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1979 if ((port_str=strchr(name, ':')) != NULL) {
1982 port = atoi(port_str);
1985 /* explicit lookup; resolve_name() will
1986 * handle names & IP addresses */
1987 if (resolve_name( name, &name_ss, 0x20, true )) {
1988 char addr[INET6_ADDRSTRLEN];
1989 print_sockaddr(addr,
1993 /* Check for and don't copy any known bad DC IP's. */
1994 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1996 DEBUG(5,("get_dc_list: negative entry %s "
1997 "removed from DC list\n",
2002 return_iplist[local_count].ss = name_ss;
2003 return_iplist[local_count].port = port;
2009 /* need to remove duplicates in the list if we have any
2010 explicit password servers */
2013 local_count = remove_duplicate_addrs2(return_iplist,
2017 /* For DC's we always prioritize IPv4 due to W2K3 not
2018 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2020 if (local_count && return_iplist) {
2021 prioritize_ipv4_list(return_iplist, local_count);
2024 if ( DEBUGLEVEL >= 4 ) {
2025 DEBUG(4,("get_dc_list: returning %d ip addresses "
2026 "in an %sordered list\n",
2028 *ordered ? "":"un"));
2029 DEBUG(4,("get_dc_list: "));
2030 for ( i=0; i<local_count; i++ ) {
2031 char addr[INET6_ADDRSTRLEN];
2032 print_sockaddr(addr,
2034 &return_iplist[i].ss);
2035 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2040 *ip_list = return_iplist;
2041 *count = local_count;
2043 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2047 if (!NT_STATUS_IS_OK(status)) {
2048 SAFE_FREE(return_iplist);
2053 SAFE_FREE(auto_ip_list);
2058 /*********************************************************************
2059 Small wrapper function to get the DC list and sort it if neccessary.
2060 *********************************************************************/
2062 NTSTATUS get_sorted_dc_list( const char *domain,
2063 const char *sitename,
2064 struct ip_service **ip_list,
2068 bool ordered = false;
2070 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2075 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2076 "for name %s (sitename %s) using [%s]\n",
2078 sitename ? sitename : "NULL",
2079 (ads_only ? "ads" : lp_name_resolve_order())));
2082 lookup_type = DC_ADS_ONLY;
2085 status = get_dc_list(domain, sitename, ip_list,
2086 count, lookup_type, &ordered);
2087 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2089 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2090 " in site %s, fallback to all servers\n",
2092 status = get_dc_list(domain, NULL, ip_list,
2093 count, lookup_type, &ordered);
2096 if (!NT_STATUS_IS_OK(status)) {
2097 SAFE_FREE(*ip_list);
2102 /* only sort if we don't already have an ordered list */
2104 sort_service_list(*ip_list, *count);
2107 return NT_STATUS_OK;
2110 /*********************************************************************
2111 Get the KDC list - re-use all the logic in get_dc_list.
2112 *********************************************************************/
2114 NTSTATUS get_kdc_list( const char *realm,
2115 const char *sitename,
2116 struct ip_service **ip_list,
2125 status = get_dc_list(realm, sitename, ip_list,
2126 count, DC_KDC_ONLY, &ordered);
2128 if (!NT_STATUS_IS_OK(status)) {
2129 SAFE_FREE(*ip_list);
2134 /* only sort if we don't already have an ordered list */
2136 sort_service_list(*ip_list, *count);
2139 return NT_STATUS_OK;