2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* nmbd.c sets this to True. */
24 bool global_in_nmbd = False;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
37 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
38 #define SAFJOIN_TTL 3600
40 static char *saf_key(const char *domain)
44 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
49 static char *saf_join_key(const char *domain)
53 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
58 /****************************************************************************
59 ****************************************************************************/
61 bool saf_store( const char *domain, const char *servername )
67 if ( !domain || !servername ) {
68 DEBUG(2,("saf_store: "
69 "Refusing to store empty domain or servername!\n"));
73 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
74 DEBUG(0,("saf_store: "
75 "refusing to store 0 length domain or servername!\n"));
79 key = saf_key( domain );
80 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
82 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
83 domain, servername, (unsigned int)expire ));
85 ret = gencache_set( key, servername, expire );
92 bool saf_join_store( const char *domain, const char *servername )
98 if ( !domain || !servername ) {
99 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
103 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
104 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
108 key = saf_join_key( domain );
109 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
111 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
112 domain, servername, (unsigned int)expire ));
114 ret = gencache_set( key, servername, expire );
121 bool saf_delete( const char *domain )
127 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
131 key = saf_join_key(domain);
132 ret = gencache_del(key);
136 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
139 key = saf_key(domain);
140 ret = gencache_del(key);
144 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
150 /****************************************************************************
151 ****************************************************************************/
153 char *saf_fetch( const char *domain )
160 if ( !domain || strlen(domain) == 0) {
161 DEBUG(2,("saf_fetch: Empty domain name!\n"));
165 key = saf_join_key( domain );
167 ret = gencache_get( key, &server, &timeout );
172 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
177 key = saf_key( domain );
179 ret = gencache_get( key, &server, &timeout );
184 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
187 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
194 /****************************************************************************
195 Generate a random trn_id.
196 ****************************************************************************/
198 static int generate_trn_id(void)
202 generate_random_buffer((uint8 *)&id, sizeof(id));
204 return id % (unsigned)0x7FFF;
207 /****************************************************************************
208 Parse a node status response into an array of structures.
209 ****************************************************************************/
211 static NODE_STATUS_STRUCT *parse_node_status(char *p,
213 struct node_status_extra *extra)
215 NODE_STATUS_STRUCT *ret;
218 *num_names = CVAL(p,0);
223 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
228 for (i=0;i< *num_names;i++) {
229 StrnCpy(ret[i].name,p,15);
230 trim_char(ret[i].name,'\0',' ');
231 ret[i].type = CVAL(p,15);
232 ret[i].flags = p[16];
234 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
235 ret[i].type, ret[i].flags));
238 * Also, pick up the MAC address ...
241 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
247 /****************************************************************************
248 Do a NBT node status query on an open socket and return an array of
249 structures holding the returned names or NULL if the query failed.
250 **************************************************************************/
252 NODE_STATUS_STRUCT *node_status_query(int fd,
253 struct nmb_name *name,
254 const struct sockaddr_storage *to_ss,
256 struct node_status_extra *extra)
260 int retry_time = 2000;
262 struct packet_struct p;
263 struct packet_struct *p2;
264 struct nmb_packet *nmb = &p.packet.nmb;
265 NODE_STATUS_STRUCT *ret;
269 if (to_ss->ss_family != AF_INET) {
270 /* Can't do node status to IPv6 */
273 nmb->header.name_trn_id = generate_trn_id();
274 nmb->header.opcode = 0;
275 nmb->header.response = false;
276 nmb->header.nm_flags.bcast = false;
277 nmb->header.nm_flags.recursion_available = false;
278 nmb->header.nm_flags.recursion_desired = false;
279 nmb->header.nm_flags.trunc = false;
280 nmb->header.nm_flags.authoritative = false;
281 nmb->header.rcode = 0;
282 nmb->header.qdcount = 1;
283 nmb->header.ancount = 0;
284 nmb->header.nscount = 0;
285 nmb->header.arcount = 0;
286 nmb->question.question_name = *name;
287 nmb->question.question_type = 0x21;
288 nmb->question.question_class = 0x1;
290 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
293 p.timestamp = time(NULL);
294 p.packet_type = NMB_PACKET;
298 if (!send_packet(&p))
304 struct timeval tval2;
305 GetTimeOfDay(&tval2);
306 if (TvalDiff(&tval,&tval2) > retry_time) {
309 if (!found && !send_packet(&p))
315 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
316 struct nmb_packet *nmb2 = &p2->packet.nmb;
317 debug_nmb_packet(p2);
319 if (nmb2->header.opcode != 0 ||
320 nmb2->header.nm_flags.bcast ||
321 nmb2->header.rcode ||
322 !nmb2->header.ancount ||
323 nmb2->answers->rr_type != 0x21) {
324 /* XXXX what do we do with this? could be a
325 redirect, but we'll discard it for the
331 ret = parse_node_status(&nmb2->answers->rdata[0],
341 /****************************************************************************
342 Find the first type XX name in a node status reply - used for finding
343 a servers name given its IP. Return the matched name in *name.
344 **************************************************************************/
346 bool name_status_find(const char *q_name,
349 const struct sockaddr_storage *to_ss,
352 char addr[INET6_ADDRSTRLEN];
353 struct sockaddr_storage ss;
354 NODE_STATUS_STRUCT *status = NULL;
355 struct nmb_name nname;
360 if (lp_disable_netbios()) {
361 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
366 print_sockaddr(addr, sizeof(addr), to_ss);
368 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
371 /* Check the cache first. */
373 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
377 if (to_ss->ss_family != AF_INET) {
378 /* Can't do node status to IPv6 */
382 if (!interpret_string_addr(&ss, lp_socket_address(),
383 AI_NUMERICHOST|AI_PASSIVE)) {
387 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
391 /* W2K PDC's seem not to respond to '*'#0. JRA */
392 make_nmb_name(&nname, q_name, q_type);
393 status = node_status_query(sock, &nname, to_ss, &count, NULL);
398 for (i=0;i<count;i++) {
399 /* Find first one of the requested type that's not a GROUP. */
400 if (status[i].type == type && ! (status[i].flags & 0x80))
406 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
408 /* Store the result in the cache. */
409 /* but don't store an entry for 0x1c names here. Here we have
410 a single host and DOMAIN<0x1c> names should be a list of hosts */
412 if ( q_type != 0x1c ) {
413 namecache_status_store(q_name, q_type, type, to_ss, name);
421 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
424 DEBUGADD(10, (", name %s ip address is %s", name, addr));
432 comparison function used by sort_addr_list
435 static int addr_compare(const struct sockaddr *ss1,
436 const struct sockaddr *ss2)
438 int max_bits1=0, max_bits2=0;
439 int num_interfaces = iface_count();
442 /* Sort IPv4 addresses first. */
443 if (ss1->sa_family != ss2->sa_family) {
444 if (ss2->sa_family == AF_INET) {
451 /* Here we know both addresses are of the same
454 for (i=0;i<num_interfaces;i++) {
455 const struct sockaddr_storage *pss = iface_n_bcast(i);
456 unsigned char *p_ss1 = NULL;
457 unsigned char *p_ss2 = NULL;
458 unsigned char *p_if = NULL;
462 if (pss->ss_family != ss1->sa_family) {
463 /* Ignore interfaces of the wrong type. */
466 if (pss->ss_family == AF_INET) {
467 p_if = (unsigned char *)
468 &((const struct sockaddr_in *)pss)->sin_addr;
469 p_ss1 = (unsigned char *)
470 &((const struct sockaddr_in *)ss1)->sin_addr;
471 p_ss2 = (unsigned char *)
472 &((const struct sockaddr_in *)ss2)->sin_addr;
475 #if defined(HAVE_IPV6)
476 if (pss->ss_family == AF_INET6) {
477 p_if = (unsigned char *)
478 &((const struct sockaddr_in6 *)pss)->sin6_addr;
479 p_ss1 = (unsigned char *)
480 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
481 p_ss2 = (unsigned char *)
482 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
486 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
489 bits1 = matching_len_bits(p_ss1, p_if, len);
490 bits2 = matching_len_bits(p_ss2, p_if, len);
491 max_bits1 = MAX(bits1, max_bits1);
492 max_bits2 = MAX(bits2, max_bits2);
495 /* Bias towards directly reachable IPs */
496 if (iface_local(ss1)) {
497 if (ss1->sa_family == AF_INET) {
503 if (iface_local(ss2)) {
504 if (ss2->sa_family == AF_INET) {
510 return max_bits2 - max_bits1;
513 /*******************************************************************
514 compare 2 ldap IPs by nearness to our interfaces - used in qsort
515 *******************************************************************/
517 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
521 if ((result = addr_compare((struct sockaddr *)&ss1->ss, (struct sockaddr *)&ss2->ss)) != 0) {
525 if (ss1->port > ss2->port) {
529 if (ss1->port < ss2->port) {
537 sort an IP list so that names that are close to one of our interfaces
538 are at the top. This prevents the problem where a WINS server returns an IP
539 that is not reachable from our subnet as the first match
542 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
548 qsort(sslist, count, sizeof(struct sockaddr_storage),
549 QSORT_CAST addr_compare);
552 static void sort_service_list(struct ip_service *servlist, int count)
558 qsort(servlist, count, sizeof(struct ip_service),
559 QSORT_CAST ip_service_compare);
562 /**********************************************************************
563 Remove any duplicate address/port pairs in the list
564 *********************************************************************/
566 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
570 DEBUG(10,("remove_duplicate_addrs2: "
571 "looking for duplicate address/port pairs\n"));
573 /* one loop to remove duplicates */
574 for ( i=0; i<count; i++ ) {
575 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
579 for ( j=i+1; j<count; j++ ) {
580 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
581 iplist[i].port == iplist[j].port) {
582 zero_sockaddr(&iplist[j].ss);
587 /* one loop to clean up any holes we left */
588 /* first ip should never be a zero_ip() */
589 for (i = 0; i<count; ) {
590 if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
592 memmove(&iplist[i], &iplist[i+1],
593 (count - i - 1)*sizeof(iplist[i]));
604 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
606 TALLOC_CTX *frame = talloc_stackframe();
607 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
610 if (iplist_new == NULL) {
617 /* Copy IPv4 first. */
618 for (i = 0; i < count; i++) {
619 if (iplist[i].ss.ss_family == AF_INET) {
620 iplist_new[j++] = iplist[i];
625 for (i = 0; i < count; i++) {
626 if (iplist[i].ss.ss_family != AF_INET) {
627 iplist_new[j++] = iplist[i];
631 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
636 /****************************************************************************
637 Do a netbios name query to find someones IP.
638 Returns an array of IP addresses or NULL if none.
639 *count will be set to the number of addresses returned.
640 *timed_out is set if we failed by timing out
641 ****************************************************************************/
643 struct sockaddr_storage *name_query(int fd,
648 const struct sockaddr_storage *to_ss,
655 int retry_time = bcast?250:2000;
657 struct packet_struct p;
658 struct packet_struct *p2;
659 struct nmb_packet *nmb = &p.packet.nmb;
660 struct sockaddr_storage *ss_list = NULL;
662 if (lp_disable_netbios()) {
663 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
668 if (to_ss->ss_family != AF_INET) {
676 memset((char *)&p,'\0',sizeof(p));
680 nmb->header.name_trn_id = generate_trn_id();
681 nmb->header.opcode = 0;
682 nmb->header.response = false;
683 nmb->header.nm_flags.bcast = bcast;
684 nmb->header.nm_flags.recursion_available = false;
685 nmb->header.nm_flags.recursion_desired = recurse;
686 nmb->header.nm_flags.trunc = false;
687 nmb->header.nm_flags.authoritative = false;
688 nmb->header.rcode = 0;
689 nmb->header.qdcount = 1;
690 nmb->header.ancount = 0;
691 nmb->header.nscount = 0;
692 nmb->header.arcount = 0;
694 make_nmb_name(&nmb->question.question_name,name,name_type);
696 nmb->question.question_type = 0x20;
697 nmb->question.question_class = 0x1;
699 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
702 p.timestamp = time(NULL);
703 p.packet_type = NMB_PACKET;
707 if (!send_packet(&p))
713 struct timeval tval2;
715 GetTimeOfDay(&tval2);
716 if (TvalDiff(&tval,&tval2) > retry_time) {
719 if (!found && !send_packet(&p))
725 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
726 struct nmb_packet *nmb2 = &p2->packet.nmb;
727 debug_nmb_packet(p2);
729 /* If we get a Negative Name Query Response from a WINS
730 * server, we should report it and give up.
732 if( 0 == nmb2->header.opcode /* A query response */
733 && !(bcast) /* from a WINS server */
734 && nmb2->header.rcode /* Error returned */
737 if( DEBUGLVL( 3 ) ) {
738 /* Only executed if DEBUGLEVEL >= 3 */
739 dbgtext( "Negative name query "
740 "response, rcode 0x%02x: ",
741 nmb2->header.rcode );
742 switch( nmb2->header.rcode ) {
745 "was invalidly formatted.\n" );
748 dbgtext( "Problem with NBNS, "
749 "cannot process name.\n");
752 dbgtext( "The name requested "
753 "does not exist.\n" );
756 dbgtext( "Unsupported request "
760 dbgtext( "Query refused "
764 dbgtext( "Unrecognized error "
773 if (nmb2->header.opcode != 0 ||
774 nmb2->header.nm_flags.bcast ||
775 nmb2->header.rcode ||
776 !nmb2->header.ancount) {
778 * XXXX what do we do with this? Could be a
779 * redirect, but we'll discard it for the
786 ss_list = SMB_REALLOC_ARRAY(ss_list,
787 struct sockaddr_storage,
789 nmb2->answers->rdlength/6);
792 DEBUG(0,("name_query: Realloc failed.\n"));
797 DEBUG(2,("Got a positive name query response "
801 for (i=0;i<nmb2->answers->rdlength/6;i++) {
803 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
804 in_addr_to_sockaddr_storage(&ss_list[(*count)],
806 DEBUGADD(2,("%s ",inet_ntoa(ip)));
813 /* We add the flags back ... */
814 if (nmb2->header.response)
815 (*flags) |= NM_FLAGS_RS;
816 if (nmb2->header.nm_flags.authoritative)
817 (*flags) |= NM_FLAGS_AA;
818 if (nmb2->header.nm_flags.trunc)
819 (*flags) |= NM_FLAGS_TC;
820 if (nmb2->header.nm_flags.recursion_desired)
821 (*flags) |= NM_FLAGS_RD;
822 if (nmb2->header.nm_flags.recursion_available)
823 (*flags) |= NM_FLAGS_RA;
824 if (nmb2->header.nm_flags.bcast)
825 (*flags) |= NM_FLAGS_B;
828 * If we're doing a unicast lookup we only
829 * expect one reply. Don't wait the full 2
830 * seconds if we got one. JRA.
837 /* only set timed_out if we didn't fund what we where looking for*/
839 if ( !found && timed_out ) {
843 /* sort the ip list so we choose close servers first if possible */
844 sort_addr_list(ss_list, *count);
849 /********************************************************
850 Start parsing the lmhosts file.
851 *********************************************************/
853 XFILE *startlmhosts(const char *fname)
855 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
857 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. "
859 fname, strerror(errno)));
865 /********************************************************
866 Parse the next line in the lmhosts file.
867 *********************************************************/
869 bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type,
870 struct sockaddr_storage *pss)
876 while(!x_feof(fp) && !x_ferror(fp)) {
887 if (!fgets_slash(line,sizeof(line),fp)) {
897 if (next_token_talloc(ctx, &ptr, &ip, NULL))
899 if (next_token_talloc(ctx, &ptr, &name, NULL))
901 if (next_token_talloc(ctx, &ptr, &flags, NULL))
903 if (next_token_talloc(ctx, &ptr, &extra, NULL))
909 if (count > 0 && count < 2) {
910 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",
916 DEBUG(0,("getlmhostsent: too many columns "
917 "in lmhosts file (obsolete syntax)\n"));
922 flags = talloc_strdup(ctx, "");
928 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n",
931 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
932 DEBUG(0,("getlmhostsent: group flag "
933 "in lmhosts ignored (obsolete)\n"));
937 if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) {
938 DEBUG(0,("getlmhostsent: invalid address "
942 /* Extra feature. If the name ends in '#XX',
943 * where XX is a hex number, then only add that name type. */
944 if((ptr1 = strchr_m(name, '#')) != NULL) {
948 *name_type = (int)strtol(ptr1, &endptr, 16);
949 if(!*ptr1 || (endptr == ptr1)) {
950 DEBUG(0,("getlmhostsent: invalid name "
951 "%s containing '#'.\n", name));
955 *(--ptr1) = '\0'; /* Truncate at the '#' */
958 *pp_name = talloc_strdup(ctx, name);
968 /********************************************************
969 Finish parsing the lmhosts file.
970 *********************************************************/
972 void endlmhosts(XFILE *fp)
977 /********************************************************
978 convert an array if struct sockaddr_storage to struct ip_service
979 return false on failure. Port is set to PORT_NONE;
980 *********************************************************/
982 static bool convert_ss2service(struct ip_service **return_iplist,
983 const struct sockaddr_storage *ss_list,
988 if ( count==0 || !ss_list )
991 /* copy the ip address; port will be PORT_NONE */
992 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
994 DEBUG(0,("convert_ip2service: malloc failed "
995 "for %d enetries!\n", count ));
999 for ( i=0; i<count; i++ ) {
1000 (*return_iplist)[i].ss = ss_list[i];
1001 (*return_iplist)[i].port = PORT_NONE;
1007 /********************************************************
1008 Resolve via "bcast" method.
1009 *********************************************************/
1011 NTSTATUS name_resolve_bcast(const char *name,
1013 struct ip_service **return_iplist,
1017 int num_interfaces = iface_count();
1018 struct sockaddr_storage *ss_list;
1019 struct sockaddr_storage ss;
1022 if (lp_disable_netbios()) {
1023 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
1025 return NT_STATUS_INVALID_PARAMETER;
1028 *return_iplist = NULL;
1032 * "bcast" means do a broadcast lookup on all the local interfaces.
1035 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
1036 "for name %s<0x%x>\n", name, name_type));
1038 if (!interpret_string_addr(&ss, lp_socket_address(),
1039 AI_NUMERICHOST|AI_PASSIVE)) {
1043 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
1045 return NT_STATUS_UNSUCCESSFUL;
1048 set_socket_options(sock,"SO_BROADCAST");
1050 * Lookup the name on all the interfaces, return on
1051 * the first successful match.
1053 for( i = num_interfaces-1; i >= 0; i--) {
1054 const struct sockaddr_storage *pss = iface_n_bcast(i);
1057 /* Done this way to fix compiler error on IRIX 5.x */
1061 ss_list = name_query(sock, name, name_type, true,
1062 true, pss, return_count, &flags, NULL);
1068 /* failed - no response */
1071 return NT_STATUS_UNSUCCESSFUL;
1075 status = NT_STATUS_OK;
1076 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
1077 status = NT_STATUS_INVALID_PARAMETER;
1084 /********************************************************
1085 Resolve via "wins" method.
1086 *********************************************************/
1088 NTSTATUS resolve_wins(const char *name,
1090 struct ip_service **return_iplist,
1095 struct sockaddr_storage src_ss, *ss_list = NULL;
1096 struct in_addr src_ip;
1099 if (lp_disable_netbios()) {
1100 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1102 return NT_STATUS_INVALID_PARAMETER;
1105 *return_iplist = NULL;
1108 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1111 if (wins_srv_count() < 1) {
1112 DEBUG(3,("resolve_wins: WINS server resolution selected "
1113 "and no WINS servers listed.\n"));
1114 return NT_STATUS_INVALID_PARAMETER;
1117 /* we try a lookup on each of the WINS tags in turn */
1118 wins_tags = wins_srv_tags();
1121 /* huh? no tags?? give up in disgust */
1122 return NT_STATUS_INVALID_PARAMETER;
1125 /* the address we will be sending from */
1126 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1127 AI_NUMERICHOST|AI_PASSIVE)) {
1128 zero_sockaddr(&src_ss);
1131 if (src_ss.ss_family != AF_INET) {
1132 char addr[INET6_ADDRSTRLEN];
1133 print_sockaddr(addr, sizeof(addr), &src_ss);
1134 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1135 "on IPv6 address %s\n",
1137 wins_srv_tags_free(wins_tags);
1138 return NT_STATUS_INVALID_PARAMETER;
1141 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1143 /* in the worst case we will try every wins server with every
1145 for (t=0; wins_tags && wins_tags[t]; t++) {
1146 int srv_count = wins_srv_count_tag(wins_tags[t]);
1147 for (i=0; i<srv_count; i++) {
1148 struct sockaddr_storage wins_ss;
1149 struct in_addr wins_ip;
1153 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1155 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1156 /* yikes! we'll loop forever */
1160 /* skip any that have been unresponsive lately */
1161 if (wins_srv_is_dead(wins_ip, src_ip)) {
1165 DEBUG(3,("resolve_wins: using WINS server %s "
1167 inet_ntoa(wins_ip), wins_tags[t]));
1169 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1174 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1175 ss_list = name_query(sock,
1185 /* exit loop if we got a list of addresses */
1193 /* Timed out wating for WINS server to respond.
1195 wins_srv_died(wins_ip, src_ip);
1197 /* The name definately isn't in this
1198 group of WINS servers.
1199 goto the next group */
1205 wins_srv_tags_free(wins_tags);
1206 return NT_STATUS_NO_LOGON_SERVERS;
1210 status = NT_STATUS_OK;
1211 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1212 status = NT_STATUS_INVALID_PARAMETER;
1215 wins_srv_tags_free(wins_tags);
1221 /********************************************************
1222 Resolve via "lmhosts" method.
1223 *********************************************************/
1225 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1226 struct ip_service **return_iplist,
1230 * "lmhosts" means parse the local lmhosts file.
1234 char *lmhost_name = NULL;
1236 struct sockaddr_storage return_ss;
1237 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1238 TALLOC_CTX *ctx = NULL;
1240 *return_iplist = NULL;
1243 DEBUG(3,("resolve_lmhosts: "
1244 "Attempting lmhosts lookup for name %s<0x%x>\n",
1247 fp = startlmhosts(get_dyn_LMHOSTSFILE());
1250 return NT_STATUS_NO_SUCH_FILE;
1252 ctx = talloc_init("resolve_lmhosts");
1255 return NT_STATUS_NO_MEMORY;
1258 while (getlmhostsent(ctx, fp, &lmhost_name, &name_type2, &return_ss)) {
1260 if (!strequal(name, lmhost_name)) {
1261 TALLOC_FREE(lmhost_name);
1265 if ((name_type2 != -1) && (name_type != name_type2)) {
1266 TALLOC_FREE(lmhost_name);
1270 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist),
1274 if ((*return_iplist) == NULL) {
1277 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
1278 return NT_STATUS_NO_MEMORY;
1281 (*return_iplist)[*return_count].ss = return_ss;
1282 (*return_iplist)[*return_count].port = PORT_NONE;
1285 /* we found something */
1286 status = NT_STATUS_OK;
1288 /* Multiple names only for DC lookup */
1289 if (name_type != 0x1c)
1299 /********************************************************
1300 Resolve via "hosts" method.
1301 *********************************************************/
1303 static NTSTATUS resolve_hosts(const char *name, int name_type,
1304 struct ip_service **return_iplist,
1308 * "host" means do a localhost, or dns lookup.
1310 struct addrinfo hints;
1311 struct addrinfo *ailist = NULL;
1312 struct addrinfo *res = NULL;
1316 if ( name_type != 0x20 && name_type != 0x0) {
1317 DEBUG(5, ("resolve_hosts: not appropriate "
1318 "for name type <0x%x>\n",
1320 return NT_STATUS_INVALID_PARAMETER;
1323 *return_iplist = NULL;
1326 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1330 /* By default make sure it supports TCP. */
1331 hints.ai_socktype = SOCK_STREAM;
1332 hints.ai_flags = AI_ADDRCONFIG;
1334 #if !defined(HAVE_IPV6)
1335 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1336 hints.ai_family = AF_INET;
1339 ret = getaddrinfo(name,
1344 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1346 gai_strerror(ret) ));
1349 for (res = ailist; res; res = res->ai_next) {
1350 struct sockaddr_storage ss;
1352 if (!res->ai_addr || res->ai_addrlen == 0) {
1357 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1361 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1364 if (!*return_iplist) {
1365 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1366 freeaddrinfo(ailist);
1367 return NT_STATUS_NO_MEMORY;
1369 (*return_iplist)[i].ss = ss;
1370 (*return_iplist)[i].port = PORT_NONE;
1374 freeaddrinfo(ailist);
1376 if (*return_count) {
1377 return NT_STATUS_OK;
1379 return NT_STATUS_UNSUCCESSFUL;
1382 /********************************************************
1383 Resolve via "ADS" method.
1384 *********************************************************/
1386 static NTSTATUS resolve_ads(const char *name,
1388 const char *sitename,
1389 struct ip_service **return_iplist,
1395 struct dns_rr_srv *dcs = NULL;
1399 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1400 (name_type != 0x1b)) {
1401 return NT_STATUS_INVALID_PARAMETER;
1404 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1405 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1406 return NT_STATUS_NO_MEMORY;
1409 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1411 switch (name_type) {
1413 DEBUG(5,("resolve_ads: Attempting to resolve "
1414 "PDC for %s using DNS\n", name));
1415 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1419 DEBUG(5,("resolve_ads: Attempting to resolve "
1420 "DCs for %s using DNS\n", name));
1421 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1425 DEBUG(5,("resolve_ads: Attempting to resolve "
1426 "KDCs for %s using DNS\n", name));
1427 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1431 status = NT_STATUS_INVALID_PARAMETER;
1435 if ( !NT_STATUS_IS_OK( status ) ) {
1436 talloc_destroy(ctx);
1440 for (i=0;i<numdcs;i++) {
1441 numaddrs += MAX(dcs[i].num_ips,1);
1444 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1446 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1448 talloc_destroy(ctx);
1449 return NT_STATUS_NO_MEMORY;
1452 /* now unroll the list of IP addresses */
1457 while ( i < numdcs && (*return_count<numaddrs) ) {
1458 struct ip_service *r = &(*return_iplist)[*return_count];
1460 r->port = dcs[i].port;
1462 /* If we don't have an IP list for a name, lookup it up */
1465 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1469 /* use the IP addresses from the SRV sresponse */
1471 if ( j >= dcs[i].num_ips ) {
1477 r->ss = dcs[i].ss_s[j];
1481 /* make sure it is a valid IP. I considered checking the
1482 * negative connection cache, but this is the wrong place
1483 * for it. Maybe only as a hack. After think about it, if
1484 * all of the IP addresses returned from DNS are dead, what
1485 * hope does a netbios name lookup have ? The standard reason
1486 * for falling back to netbios lookups is that our DNS server
1487 * doesn't know anything about the DC's -- jerry */
1489 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1494 talloc_destroy(ctx);
1495 return NT_STATUS_OK;
1498 /*******************************************************************
1499 Internal interface to resolve a name into an IP address.
1500 Use this function if the string is either an IP address, DNS
1501 or host name or NetBIOS name. This uses the name switch in the
1502 smb.conf to determine the order of name resolution.
1504 Added support for ip addr/port to support ADS ldap servers.
1505 the only place we currently care about the port is in the
1506 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1507 **********************************************************************/
1509 NTSTATUS internal_resolve_name(const char *name,
1511 const char *sitename,
1512 struct ip_service **return_iplist,
1514 const char *resolve_order)
1518 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1520 TALLOC_CTX *frame = NULL;
1522 *return_iplist = NULL;
1525 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1526 name, name_type, sitename ? sitename : "(null)"));
1528 if (is_ipaddress(name)) {
1529 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1531 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1532 return NT_STATUS_NO_MEMORY;
1535 /* ignore the port here */
1536 (*return_iplist)->port = PORT_NONE;
1538 /* if it's in the form of an IP address then get the lib to interpret it */
1539 if (!interpret_string_addr(&(*return_iplist)->ss,
1540 name, AI_NUMERICHOST)) {
1541 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1544 SAFE_FREE(*return_iplist);
1545 return NT_STATUS_INVALID_PARAMETER;
1548 return NT_STATUS_OK;
1551 /* Check name cache */
1553 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1554 /* This could be a negative response */
1555 if (*return_count > 0) {
1556 return NT_STATUS_OK;
1558 return NT_STATUS_UNSUCCESSFUL;
1562 /* set the name resolution order */
1564 if (strcmp( resolve_order, "NULL") == 0) {
1565 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1566 return NT_STATUS_INVALID_PARAMETER;
1569 if (!resolve_order[0]) {
1572 ptr = resolve_order;
1575 /* iterate through the name resolution backends */
1577 frame = talloc_stackframe();
1578 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1579 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1580 status = resolve_hosts(name, name_type, return_iplist,
1582 if (NT_STATUS_IS_OK(status)) {
1585 } else if(strequal( tok, "kdc")) {
1586 /* deal with KDC_NAME_TYPE names here.
1587 * This will result in a SRV record lookup */
1588 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1589 return_iplist, return_count);
1590 if (NT_STATUS_IS_OK(status)) {
1591 /* Ensure we don't namecache
1592 * this with the KDC port. */
1593 name_type = KDC_NAME_TYPE;
1596 } else if(strequal( tok, "ads")) {
1597 /* deal with 0x1c and 0x1b names here.
1598 * This will result in a SRV record lookup */
1599 status = resolve_ads(name, name_type, sitename,
1600 return_iplist, return_count);
1601 if (NT_STATUS_IS_OK(status)) {
1604 } else if(strequal( tok, "lmhosts")) {
1605 status = resolve_lmhosts(name, name_type,
1606 return_iplist, return_count);
1607 if (NT_STATUS_IS_OK(status)) {
1610 } else if(strequal( tok, "wins")) {
1611 /* don't resolve 1D via WINS */
1612 if (name_type != 0x1D) {
1613 status = resolve_wins(name, name_type,
1616 if (NT_STATUS_IS_OK(status)) {
1620 } else if(strequal( tok, "bcast")) {
1621 status = name_resolve_bcast(name, name_type,
1624 if (NT_STATUS_IS_OK(status)) {
1628 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1633 /* All of the resolve_* functions above have returned false. */
1636 SAFE_FREE(*return_iplist);
1639 return NT_STATUS_UNSUCCESSFUL;
1643 /* Remove duplicate entries. Some queries, notably #1c (domain
1644 controllers) return the PDC in iplist[0] and then all domain
1645 controllers including the PDC in iplist[1..n]. Iterating over
1646 the iplist when the PDC is down will cause two sets of timeouts. */
1648 if ( *return_count ) {
1649 *return_count = remove_duplicate_addrs2(*return_iplist,
1653 /* Save in name cache */
1654 if ( DEBUGLEVEL >= 100 ) {
1655 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1656 char addr[INET6_ADDRSTRLEN];
1657 print_sockaddr(addr, sizeof(addr),
1658 &(*return_iplist)[i].ss);
1659 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1663 (*return_iplist)[i].port));
1667 namecache_store(name, name_type, *return_count, *return_iplist);
1669 /* Display some debugging info */
1671 if ( DEBUGLEVEL >= 10 ) {
1672 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1675 for (i = 0; i < *return_count; i++) {
1676 char addr[INET6_ADDRSTRLEN];
1677 print_sockaddr(addr, sizeof(addr),
1678 &(*return_iplist)[i].ss);
1679 DEBUGADD(10, ("%s:%d ",
1681 (*return_iplist)[i].port));
1690 /********************************************************
1691 Internal interface to resolve a name into one IP address.
1692 Use this function if the string is either an IP address, DNS
1693 or host name or NetBIOS name. This uses the name switch in the
1694 smb.conf to determine the order of name resolution.
1695 *********************************************************/
1697 bool resolve_name(const char *name,
1698 struct sockaddr_storage *return_ss,
1702 struct ip_service *ss_list = NULL;
1703 char *sitename = NULL;
1706 if (is_ipaddress(name)) {
1707 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1710 sitename = sitename_fetch(lp_realm()); /* wild guess */
1712 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1714 lp_name_resolve_order()))) {
1718 for (i=0; i<count; i++) {
1719 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1720 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
1721 (ss_list[i].ss.ss_family == AF_INET)) {
1722 *return_ss = ss_list[i].ss;
1724 SAFE_FREE(sitename);
1730 /* only return valid addresses for TCP connections */
1731 for (i=0; i<count; i++) {
1732 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1733 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1734 *return_ss = ss_list[i].ss;
1736 SAFE_FREE(sitename);
1743 SAFE_FREE(sitename);
1747 /********************************************************
1748 Internal interface to resolve a name into a list of IP addresses.
1749 Use this function if the string is either an IP address, DNS
1750 or host name or NetBIOS name. This uses the name switch in the
1751 smb.conf to determine the order of name resolution.
1752 *********************************************************/
1754 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1757 struct sockaddr_storage **return_ss_arr,
1758 unsigned int *p_num_entries)
1760 struct ip_service *ss_list = NULL;
1761 char *sitename = NULL;
1764 unsigned int num_entries;
1768 *return_ss_arr = NULL;
1770 if (is_ipaddress(name)) {
1771 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1772 if (!*return_ss_arr) {
1773 return NT_STATUS_NO_MEMORY;
1775 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1776 TALLOC_FREE(*return_ss_arr);
1777 return NT_STATUS_BAD_NETWORK_NAME;
1780 return NT_STATUS_OK;
1783 sitename = sitename_fetch(lp_realm()); /* wild guess */
1785 status = internal_resolve_name(name, name_type, sitename,
1787 lp_name_resolve_order());
1788 SAFE_FREE(sitename);
1790 if (!NT_STATUS_IS_OK(status)) {
1794 /* only return valid addresses for TCP connections */
1795 for (i=0, num_entries = 0; i<count; i++) {
1796 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1797 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1801 if (num_entries == 0) {
1803 return NT_STATUS_BAD_NETWORK_NAME;
1806 *return_ss_arr = TALLOC_ARRAY(ctx,
1807 struct sockaddr_storage,
1809 if (!(*return_ss_arr)) {
1811 return NT_STATUS_NO_MEMORY;
1814 for (i=0, num_entries = 0; i<count; i++) {
1815 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1816 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1817 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
1821 status = NT_STATUS_OK;
1822 *p_num_entries = num_entries;
1825 return NT_STATUS_OK;
1828 /********************************************************
1829 Find the IP address of the master browser or DMB for a workgroup.
1830 *********************************************************/
1832 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1834 struct ip_service *ip_list = NULL;
1838 if (lp_disable_netbios()) {
1839 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1843 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1844 lp_name_resolve_order());
1845 if (NT_STATUS_IS_OK(status)) {
1846 *master_ss = ip_list[0].ss;
1851 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1852 lp_name_resolve_order());
1853 if (NT_STATUS_IS_OK(status)) {
1854 *master_ss = ip_list[0].ss;
1863 /********************************************************
1864 Get the IP address list of the primary domain controller
1866 *********************************************************/
1868 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1870 struct ip_service *ip_list = NULL;
1872 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1874 /* Look up #1B name */
1876 if (lp_security() == SEC_ADS) {
1877 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1881 if (!NT_STATUS_IS_OK(status) || count == 0) {
1882 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1884 lp_name_resolve_order());
1885 if (!NT_STATUS_IS_OK(status)) {
1890 /* if we get more than 1 IP back we have to assume it is a
1891 multi-homed PDC and not a mess up */
1894 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1895 sort_service_list(ip_list, count);
1898 *pss = ip_list[0].ss;
1903 /* Private enum type for lookups. */
1905 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1907 /********************************************************
1908 Get the IP address list of the domain controllers for
1910 *********************************************************/
1912 static NTSTATUS get_dc_list(const char *domain,
1913 const char *sitename,
1914 struct ip_service **ip_list,
1916 enum dc_lookup_type lookup_type,
1919 char *resolve_order = NULL;
1920 char *saf_servername = NULL;
1921 char *pserver = NULL;
1923 char *port_str = NULL;
1926 int num_addresses = 0;
1927 int local_count, i, j;
1928 struct ip_service *return_iplist = NULL;
1929 struct ip_service *auto_ip_list = NULL;
1930 bool done_auto_lookup = false;
1933 TALLOC_CTX *ctx = talloc_init("get_dc_list");
1939 return NT_STATUS_NO_MEMORY;
1944 /* if we are restricted to solely using DNS for looking
1945 up a domain controller, make sure that host lookups
1946 are enabled for the 'name resolve order'. If host lookups
1947 are disabled and ads_only is True, then set the string to
1950 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1951 if (!resolve_order) {
1952 status = NT_STATUS_NO_MEMORY;
1955 strlower_m(resolve_order);
1956 if (lookup_type == DC_ADS_ONLY) {
1957 if (strstr( resolve_order, "host")) {
1958 resolve_order = talloc_strdup(ctx, "ads");
1960 /* DNS SRV lookups used by the ads resolver
1961 are already sorted by priority and weight */
1964 resolve_order = talloc_strdup(ctx, "NULL");
1966 } else if (lookup_type == DC_KDC_ONLY) {
1967 /* DNS SRV lookups used by the ads/kdc resolver
1968 are already sorted by priority and weight */
1970 resolve_order = talloc_strdup(ctx, "kdc");
1972 if (!resolve_order) {
1973 status = NT_STATUS_NO_MEMORY;
1977 /* fetch the server we have affinity for. Add the
1978 'password server' list to a search for our domain controllers */
1980 saf_servername = saf_fetch( domain);
1982 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1983 pserver = talloc_asprintf(NULL, "%s, %s",
1984 saf_servername ? saf_servername : "",
1985 lp_passwordserver());
1987 pserver = talloc_asprintf(NULL, "%s, *",
1988 saf_servername ? saf_servername : "");
1991 SAFE_FREE(saf_servername);
1993 status = NT_STATUS_NO_MEMORY;
1997 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
2000 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
2001 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2002 count, resolve_order);
2006 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
2009 * if '*' appears in the "password server" list then add
2010 * an auto lookup to the list of manually configured
2011 * DC's. If any DC is listed by name, then the list should be
2012 * considered to be ordered
2016 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2017 if (!done_auto_lookup && strequal(name, "*")) {
2018 status = internal_resolve_name(domain, 0x1C, sitename,
2022 if (NT_STATUS_IS_OK(status)) {
2023 num_addresses += auto_count;
2025 done_auto_lookup = true;
2026 DEBUG(8,("Adding %d DC's from auto lookup\n",
2033 /* if we have no addresses and haven't done the auto lookup, then
2034 just return the list of DC's. Or maybe we just failed. */
2036 if ((num_addresses == 0)) {
2037 if (done_auto_lookup) {
2038 DEBUG(4,("get_dc_list: no servers found\n"));
2039 status = NT_STATUS_NO_LOGON_SERVERS;
2042 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2043 count, resolve_order);
2047 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
2048 num_addresses)) == NULL) {
2049 DEBUG(3,("get_dc_list: malloc fail !\n"));
2050 status = NT_STATUS_NO_MEMORY;
2057 /* fill in the return list now with real IP's */
2059 while ((local_count<num_addresses) &&
2060 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2061 struct sockaddr_storage name_ss;
2063 /* copy any addersses from the auto lookup */
2065 if (strequal(name, "*")) {
2066 for (j=0; j<auto_count; j++) {
2067 char addr[INET6_ADDRSTRLEN];
2068 print_sockaddr(addr,
2070 &auto_ip_list[j].ss);
2071 /* Check for and don't copy any
2072 * known bad DC IP's. */
2073 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
2076 DEBUG(5,("get_dc_list: "
2077 "negative entry %s removed "
2082 return_iplist[local_count].ss =
2084 return_iplist[local_count].port =
2085 auto_ip_list[j].port;
2091 /* added support for address:port syntax for ads
2092 * (not that I think anyone will ever run the LDAP
2093 * server in an AD domain on something other than
2096 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2097 if ((port_str=strchr(name, ':')) != NULL) {
2100 port = atoi(port_str);
2103 /* explicit lookup; resolve_name() will
2104 * handle names & IP addresses */
2105 if (resolve_name( name, &name_ss, 0x20, true )) {
2106 char addr[INET6_ADDRSTRLEN];
2107 print_sockaddr(addr,
2111 /* Check for and don't copy any known bad DC IP's. */
2112 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2114 DEBUG(5,("get_dc_list: negative entry %s "
2115 "removed from DC list\n",
2120 return_iplist[local_count].ss = name_ss;
2121 return_iplist[local_count].port = port;
2127 /* need to remove duplicates in the list if we have any
2128 explicit password servers */
2131 local_count = remove_duplicate_addrs2(return_iplist,
2135 /* For DC's we always prioritize IPv4 due to W2K3 not
2136 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2138 if (local_count && return_iplist) {
2139 prioritize_ipv4_list(return_iplist, local_count);
2142 if ( DEBUGLEVEL >= 4 ) {
2143 DEBUG(4,("get_dc_list: returning %d ip addresses "
2144 "in an %sordered list\n",
2146 *ordered ? "":"un"));
2147 DEBUG(4,("get_dc_list: "));
2148 for ( i=0; i<local_count; i++ ) {
2149 char addr[INET6_ADDRSTRLEN];
2150 print_sockaddr(addr,
2152 &return_iplist[i].ss);
2153 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2158 *ip_list = return_iplist;
2159 *count = local_count;
2161 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2165 if (!NT_STATUS_IS_OK(status)) {
2166 SAFE_FREE(return_iplist);
2171 SAFE_FREE(auto_ip_list);
2176 /*********************************************************************
2177 Small wrapper function to get the DC list and sort it if neccessary.
2178 *********************************************************************/
2180 NTSTATUS get_sorted_dc_list( const char *domain,
2181 const char *sitename,
2182 struct ip_service **ip_list,
2186 bool ordered = false;
2188 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2193 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2194 "for name %s (sitename %s) using [%s]\n",
2196 sitename ? sitename : "NULL",
2197 (ads_only ? "ads" : lp_name_resolve_order())));
2200 lookup_type = DC_ADS_ONLY;
2203 status = get_dc_list(domain, sitename, ip_list,
2204 count, lookup_type, &ordered);
2205 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2207 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2208 " in site %s, fallback to all servers\n",
2210 status = get_dc_list(domain, NULL, ip_list,
2211 count, lookup_type, &ordered);
2214 if (!NT_STATUS_IS_OK(status)) {
2215 SAFE_FREE(*ip_list);
2220 /* only sort if we don't already have an ordered list */
2222 sort_service_list(*ip_list, *count);
2225 return NT_STATUS_OK;
2228 /*********************************************************************
2229 Get the KDC list - re-use all the logic in get_dc_list.
2230 *********************************************************************/
2232 NTSTATUS get_kdc_list( const char *realm,
2233 const char *sitename,
2234 struct ip_service **ip_list,
2243 status = get_dc_list(realm, sitename, ip_list,
2244 count, DC_KDC_ONLY, &ordered);
2246 if (!NT_STATUS_IS_OK(status)) {
2247 SAFE_FREE(*ip_list);
2252 /* only sort if we don't already have an ordered list */
2254 sort_service_list(*ip_list, *count);
2257 return NT_STATUS_OK;