2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../lib/util/tevent_ntstatus.h"
23 #include "libads/sitename_cache.h"
24 #include "libads/dns.h"
25 #include "../libcli/netlogon/netlogon.h"
26 #include "lib/async_req/async_sock.h"
27 #include "libsmb/nmblib.h"
29 /* nmbd.c sets this to True. */
30 bool global_in_nmbd = False;
32 /****************************
33 * SERVER AFFINITY ROUTINES *
34 ****************************/
36 /* Server affinity is the concept of preferring the last domain
37 controller with whom you had a successful conversation */
39 /****************************************************************************
40 ****************************************************************************/
41 #define SAFKEY_FMT "SAF/DOMAIN/%s"
43 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
44 #define SAFJOIN_TTL 3600
46 static char *saf_key(const char *domain)
50 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
55 static char *saf_join_key(const char *domain)
59 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
64 /****************************************************************************
65 ****************************************************************************/
67 bool saf_store( const char *domain, const char *servername )
73 if ( !domain || !servername ) {
74 DEBUG(2,("saf_store: "
75 "Refusing to store empty domain or servername!\n"));
79 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
80 DEBUG(0,("saf_store: "
81 "refusing to store 0 length domain or servername!\n"));
85 key = saf_key( domain );
86 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
88 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
89 domain, servername, (unsigned int)expire ));
91 ret = gencache_set( key, servername, expire );
98 bool saf_join_store( const char *domain, const char *servername )
104 if ( !domain || !servername ) {
105 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
109 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
110 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
114 key = saf_join_key( domain );
115 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
117 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
118 domain, servername, (unsigned int)expire ));
120 ret = gencache_set( key, servername, expire );
127 bool saf_delete( const char *domain )
133 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
137 key = saf_join_key(domain);
138 ret = gencache_del(key);
142 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
145 key = saf_key(domain);
146 ret = gencache_del(key);
150 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
156 /****************************************************************************
157 ****************************************************************************/
159 char *saf_fetch( const char *domain )
166 if ( !domain || strlen(domain) == 0) {
167 DEBUG(2,("saf_fetch: Empty domain name!\n"));
171 key = saf_join_key( domain );
173 ret = gencache_get( key, &server, &timeout );
178 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
183 key = saf_key( domain );
185 ret = gencache_get( key, &server, &timeout );
190 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
193 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
200 /****************************************************************************
201 Generate a random trn_id.
202 ****************************************************************************/
204 static int generate_trn_id(void)
208 generate_random_buffer((uint8 *)&id, sizeof(id));
210 return id % (unsigned)0x7FFF;
213 /****************************************************************************
214 Parse a node status response into an array of structures.
215 ****************************************************************************/
217 static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
219 struct node_status_extra *extra)
221 struct node_status *ret;
224 *num_names = CVAL(p,0);
229 ret = TALLOC_ARRAY(mem_ctx, struct node_status,*num_names);
234 for (i=0;i< *num_names;i++) {
235 StrnCpy(ret[i].name,p,15);
236 trim_char(ret[i].name,'\0',' ');
237 ret[i].type = CVAL(p,15);
238 ret[i].flags = p[16];
240 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
241 ret[i].type, ret[i].flags));
244 * Also, pick up the MAC address ...
247 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
252 struct sock_packet_read_state {
253 struct tevent_context *ev;
254 enum packet_type type;
257 struct nb_packet_reader *reader;
258 struct tevent_req *reader_req;
261 struct tevent_req *socket_req;
263 struct sockaddr_storage addr;
266 bool (*validator)(struct packet_struct *p,
270 struct packet_struct *packet;
273 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s);
274 static void sock_packet_read_got_packet(struct tevent_req *subreq);
275 static void sock_packet_read_got_socket(struct tevent_req *subreq);
277 static struct tevent_req *sock_packet_read_send(
279 struct tevent_context *ev,
280 int sock, /* dgram socket */
281 struct nb_packet_reader *reader,
282 enum packet_type type,
284 bool (*validator)(struct packet_struct *p, void *private_data),
287 struct tevent_req *req;
288 struct sock_packet_read_state *state;
290 req = tevent_req_create(mem_ctx, &state,
291 struct sock_packet_read_state);
295 talloc_set_destructor(state, sock_packet_read_state_destructor);
297 state->reader = reader;
300 state->trn_id = trn_id;
301 state->validator = validator;
302 state->private_data = private_data;
304 if (reader != NULL) {
305 state->reader_req = nb_packet_read_send(state, ev, reader);
306 if (tevent_req_nomem(state->reader_req, req)) {
307 return tevent_req_post(req, ev);
309 tevent_req_set_callback(
310 state->reader_req, sock_packet_read_got_packet, req);
313 state->addr_len = sizeof(state->addr);
314 state->socket_req = recvfrom_send(state, ev, sock,
315 state->buf, sizeof(state->buf), 0,
316 &state->addr, &state->addr_len);
317 if (tevent_req_nomem(state->socket_req, req)) {
318 return tevent_req_post(req, ev);
320 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
326 static int sock_packet_read_state_destructor(struct sock_packet_read_state *s)
328 if (s->packet != NULL) {
329 free_packet(s->packet);
335 static void sock_packet_read_got_packet(struct tevent_req *subreq)
337 struct tevent_req *req = tevent_req_callback_data(
338 subreq, struct tevent_req);
339 struct sock_packet_read_state *state = tevent_req_data(
340 req, struct sock_packet_read_state);
343 status = nb_packet_read_recv(subreq, &state->packet);
345 TALLOC_FREE(state->reader_req);
347 if (!NT_STATUS_IS_OK(status)) {
348 if (state->socket_req != NULL) {
350 * Still waiting for socket
355 * Both socket and packet reader failed
357 tevent_req_nterror(req, status);
361 if ((state->validator != NULL) &&
362 !state->validator(state->packet, state->private_data)) {
363 DEBUG(10, ("validator failed\n"));
365 free_packet(state->packet);
366 state->packet = NULL;
368 state->reader_req = nb_packet_read_send(state, state->ev,
370 if (tevent_req_nomem(state->reader_req, req)) {
373 tevent_req_set_callback(
374 state->reader_req, sock_packet_read_got_packet, req);
378 TALLOC_FREE(state->socket_req);
379 tevent_req_done(req);
382 static void sock_packet_read_got_socket(struct tevent_req *subreq)
384 struct tevent_req *req = tevent_req_callback_data(
385 subreq, struct tevent_req);
386 struct sock_packet_read_state *state = tevent_req_data(
387 req, struct sock_packet_read_state);
388 struct sockaddr_in *in_addr;
392 received = recvfrom_recv(subreq, &err);
394 TALLOC_FREE(state->socket_req);
396 if (received == -1) {
397 if (state->reader_req != NULL) {
399 * Still waiting for reader
404 * Both socket and reader failed
406 tevent_req_nterror(req, map_nt_error_from_unix(err));
409 if (state->addr.ss_family != AF_INET) {
412 in_addr = (struct sockaddr_in *)(void *)&state->addr;
414 state->packet = parse_packet((char *)state->buf, received, state->type,
415 in_addr->sin_addr, in_addr->sin_port);
416 if (state->packet == NULL) {
417 DEBUG(10, ("parse_packet failed\n"));
420 if ((state->trn_id != -1) &&
421 (state->trn_id != packet_trn_id(state->packet))) {
422 DEBUG(10, ("Expected transaction id %d, got %d\n",
423 state->trn_id, packet_trn_id(state->packet)));
427 if ((state->validator != NULL) &&
428 !state->validator(state->packet, state->private_data)) {
429 DEBUG(10, ("validator failed\n"));
433 tevent_req_done(req);
437 if (state->packet != NULL) {
438 free_packet(state->packet);
439 state->packet = NULL;
441 state->socket_req = recvfrom_send(state, state->ev, state->sock,
442 state->buf, sizeof(state->buf), 0,
443 &state->addr, &state->addr_len);
444 if (tevent_req_nomem(state->socket_req, req)) {
447 tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
451 static NTSTATUS sock_packet_read_recv(struct tevent_req *req,
452 struct packet_struct **ppacket)
454 struct sock_packet_read_state *state = tevent_req_data(
455 req, struct sock_packet_read_state);
458 if (tevent_req_is_nterror(req, &status)) {
461 *ppacket = state->packet;
462 state->packet = NULL;
466 struct nb_trans_state {
467 struct tevent_context *ev;
469 struct nb_packet_reader *reader;
471 const struct sockaddr_storage *dst_addr;
474 enum packet_type type;
477 bool (*validator)(struct packet_struct *p,
481 struct packet_struct *packet;
484 static int nb_trans_state_destructor(struct nb_trans_state *s);
485 static void nb_trans_got_reader(struct tevent_req *subreq);
486 static void nb_trans_done(struct tevent_req *subreq);
487 static void nb_trans_sent(struct tevent_req *subreq);
488 static void nb_trans_send_next(struct tevent_req *subreq);
490 static struct tevent_req *nb_trans_send(
492 struct tevent_context *ev,
493 const struct sockaddr_storage *my_addr,
494 const struct sockaddr_storage *dst_addr,
496 uint8_t *buf, size_t buflen,
497 enum packet_type type, int trn_id,
498 bool (*validator)(struct packet_struct *p,
502 struct tevent_req *req, *subreq;
503 struct nb_trans_state *state;
505 req = tevent_req_create(mem_ctx, &state, struct nb_trans_state);
509 talloc_set_destructor(state, nb_trans_state_destructor);
511 state->dst_addr = dst_addr;
513 state->buflen = buflen;
515 state->trn_id = trn_id;
516 state->validator = validator;
517 state->private_data = private_data;
519 state->sock = open_socket_in(SOCK_DGRAM, 0, 3, my_addr, True);
520 if (state->sock == -1) {
521 tevent_req_nterror(req, map_nt_error_from_unix(errno));
522 DEBUG(10, ("open_socket_in failed: %s\n", strerror(errno)));
523 return tevent_req_post(req, ev);
527 set_socket_options(state->sock,"SO_BROADCAST");
530 subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
531 if (tevent_req_nomem(subreq, req)) {
532 return tevent_req_post(req, ev);
534 tevent_req_set_callback(subreq, nb_trans_got_reader, req);
538 static int nb_trans_state_destructor(struct nb_trans_state *s)
544 if (s->packet != NULL) {
545 free_packet(s->packet);
551 static void nb_trans_got_reader(struct tevent_req *subreq)
553 struct tevent_req *req = tevent_req_callback_data(
554 subreq, struct tevent_req);
555 struct nb_trans_state *state = tevent_req_data(
556 req, struct nb_trans_state);
559 status = nb_packet_reader_recv(subreq, state, &state->reader);
562 if (!NT_STATUS_IS_OK(status)) {
563 DEBUG(10, ("nmbd not around\n"));
564 state->reader = NULL;
567 subreq = sock_packet_read_send(
568 state, state->ev, state->sock,
569 state->reader, state->type, state->trn_id,
570 state->validator, state->private_data);
571 if (tevent_req_nomem(subreq, req)) {
574 tevent_req_set_callback(subreq, nb_trans_done, req);
576 subreq = sendto_send(state, state->ev, state->sock,
577 state->buf, state->buflen, 0, state->dst_addr);
578 if (tevent_req_nomem(subreq, req)) {
581 tevent_req_set_callback(subreq, nb_trans_sent, req);
584 static void nb_trans_sent(struct tevent_req *subreq)
586 struct tevent_req *req = tevent_req_callback_data(
587 subreq, struct tevent_req);
588 struct nb_trans_state *state = tevent_req_data(
589 req, struct nb_trans_state);
593 sent = sendto_recv(subreq, &err);
596 DEBUG(10, ("sendto failed: %s\n", strerror(err)));
597 tevent_req_nterror(req, map_nt_error_from_unix(err));
600 subreq = tevent_wakeup_send(state, state->ev,
601 timeval_current_ofs(1, 0));
602 if (tevent_req_nomem(subreq, req)) {
605 tevent_req_set_callback(subreq, nb_trans_send_next, req);
608 static void nb_trans_send_next(struct tevent_req *subreq)
610 struct tevent_req *req = tevent_req_callback_data(
611 subreq, struct tevent_req);
612 struct nb_trans_state *state = tevent_req_data(
613 req, struct nb_trans_state);
616 ret = tevent_wakeup_recv(subreq);
619 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
622 subreq = sendto_send(state, state->ev, state->sock,
623 state->buf, state->buflen, 0, state->dst_addr);
624 if (tevent_req_nomem(subreq, req)) {
627 tevent_req_set_callback(subreq, nb_trans_sent, req);
630 static void nb_trans_done(struct tevent_req *subreq)
632 struct tevent_req *req = tevent_req_callback_data(
633 subreq, struct tevent_req);
634 struct nb_trans_state *state = tevent_req_data(
635 req, struct nb_trans_state);
638 status = sock_packet_read_recv(subreq, &state->packet);
640 if (tevent_req_nterror(req, status)) {
643 tevent_req_done(req);
646 static NTSTATUS nb_trans_recv(struct tevent_req *req,
647 struct packet_struct **ppacket)
649 struct nb_trans_state *state = tevent_req_data(
650 req, struct nb_trans_state);
653 if (tevent_req_is_nterror(req, &status)) {
656 *ppacket = state->packet;
657 state->packet = NULL;
661 /****************************************************************************
662 Do a NBT node status query on an open socket and return an array of
663 structures holding the returned names or NULL if the query failed.
664 **************************************************************************/
666 struct node_status_query_state {
667 struct sockaddr_storage my_addr;
668 struct sockaddr_storage addr;
671 struct packet_struct *packet;
674 static int node_status_query_state_destructor(
675 struct node_status_query_state *s);
676 static bool node_status_query_validator(struct packet_struct *p,
678 static void node_status_query_done(struct tevent_req *subreq);
680 struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
681 struct tevent_context *ev,
682 struct nmb_name *name,
683 const struct sockaddr_storage *addr)
685 struct tevent_req *req, *subreq;
686 struct node_status_query_state *state;
687 struct packet_struct p;
688 struct nmb_packet *nmb = &p.packet.nmb;
689 struct sockaddr_in *in_addr;
691 req = tevent_req_create(mem_ctx, &state,
692 struct node_status_query_state);
696 talloc_set_destructor(state, node_status_query_state_destructor);
698 if (addr->ss_family != AF_INET) {
699 /* Can't do node status to IPv6 */
700 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
701 return tevent_req_post(req, ev);
705 in_addr = (struct sockaddr_in *)(void *)&state->addr;
706 in_addr->sin_port = htons(NMB_PORT);
708 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
709 AI_NUMERICHOST|AI_PASSIVE)) {
710 zero_sockaddr(&state->my_addr);
714 nmb->header.name_trn_id = generate_trn_id();
715 nmb->header.opcode = 0;
716 nmb->header.response = false;
717 nmb->header.nm_flags.bcast = false;
718 nmb->header.nm_flags.recursion_available = false;
719 nmb->header.nm_flags.recursion_desired = false;
720 nmb->header.nm_flags.trunc = false;
721 nmb->header.nm_flags.authoritative = false;
722 nmb->header.rcode = 0;
723 nmb->header.qdcount = 1;
724 nmb->header.ancount = 0;
725 nmb->header.nscount = 0;
726 nmb->header.arcount = 0;
727 nmb->question.question_name = *name;
728 nmb->question.question_type = 0x21;
729 nmb->question.question_class = 0x1;
731 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
733 if (state->buflen == 0) {
734 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
735 DEBUG(10, ("build_packet failed\n"));
736 return tevent_req_post(req, ev);
739 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, false,
740 state->buf, state->buflen,
741 NMB_PACKET, nmb->header.name_trn_id,
742 node_status_query_validator, NULL);
743 if (tevent_req_nomem(subreq, req)) {
744 DEBUG(10, ("nb_trans_send failed\n"));
745 return tevent_req_post(req, ev);
747 if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(10, 0))) {
748 return tevent_req_post(req, ev);
750 tevent_req_set_callback(subreq, node_status_query_done, req);
754 static bool node_status_query_validator(struct packet_struct *p,
757 struct nmb_packet *nmb = &p->packet.nmb;
760 if (nmb->header.opcode != 0 ||
761 nmb->header.nm_flags.bcast ||
763 !nmb->header.ancount ||
764 nmb->answers->rr_type != 0x21) {
766 * XXXX what do we do with this? could be a redirect,
767 * but we'll discard it for the moment
774 static int node_status_query_state_destructor(
775 struct node_status_query_state *s)
777 if (s->packet != NULL) {
778 free_packet(s->packet);
784 static void node_status_query_done(struct tevent_req *subreq)
786 struct tevent_req *req = tevent_req_callback_data(
787 subreq, struct tevent_req);
788 struct node_status_query_state *state = tevent_req_data(
789 req, struct node_status_query_state);
792 status = nb_trans_recv(subreq, &state->packet);
794 if (tevent_req_nterror(req, status)) {
797 tevent_req_done(req);
800 NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
801 struct node_status **pnode_status,
803 struct node_status_extra *extra)
805 struct node_status_query_state *state = tevent_req_data(
806 req, struct node_status_query_state);
807 struct node_status *node_status;
811 if (tevent_req_is_nterror(req, &status)) {
814 node_status = parse_node_status(
815 mem_ctx, &state->packet->packet.nmb.answers->rdata[0],
817 if (node_status == NULL) {
818 return NT_STATUS_NO_MEMORY;
820 *pnode_status = node_status;
821 *pnum_names = num_names;
825 NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
826 const struct sockaddr_storage *addr,
827 struct node_status **pnode_status,
829 struct node_status_extra *extra)
831 TALLOC_CTX *frame = talloc_stackframe();
832 struct tevent_context *ev;
833 struct tevent_req *req;
834 NTSTATUS status = NT_STATUS_NO_MEMORY;
836 ev = tevent_context_init(frame);
840 req = node_status_query_send(ev, ev, name, addr);
844 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
847 status = node_status_query_recv(req, mem_ctx, pnode_status,
854 /****************************************************************************
855 Find the first type XX name in a node status reply - used for finding
856 a servers name given its IP. Return the matched name in *name.
857 **************************************************************************/
859 bool name_status_find(const char *q_name,
862 const struct sockaddr_storage *to_ss,
865 char addr[INET6_ADDRSTRLEN];
866 struct sockaddr_storage ss;
867 struct node_status *addrs = NULL;
868 struct nmb_name nname;
873 if (lp_disable_netbios()) {
874 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
879 print_sockaddr(addr, sizeof(addr), to_ss);
881 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
884 /* Check the cache first. */
886 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
890 if (to_ss->ss_family != AF_INET) {
891 /* Can't do node status to IPv6 */
895 if (!interpret_string_addr(&ss, lp_socket_address(),
896 AI_NUMERICHOST|AI_PASSIVE)) {
900 /* W2K PDC's seem not to respond to '*'#0. JRA */
901 make_nmb_name(&nname, q_name, q_type);
902 status = node_status_query(talloc_tos(), &nname, to_ss,
903 &addrs, &count, NULL);
904 if (!NT_STATUS_IS_OK(status)) {
908 for (i=0;i<count;i++) {
909 /* Find first one of the requested type that's not a GROUP. */
910 if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
916 pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
918 /* Store the result in the cache. */
919 /* but don't store an entry for 0x1c names here. Here we have
920 a single host and DOMAIN<0x1c> names should be a list of hosts */
922 if ( q_type != 0x1c ) {
923 namecache_status_store(q_name, q_type, type, to_ss, name);
931 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
934 DEBUGADD(10, (", name %s ip address is %s", name, addr));
942 comparison function used by sort_addr_list
945 static int addr_compare(const struct sockaddr_storage *ss1,
946 const struct sockaddr_storage *ss2)
948 int max_bits1=0, max_bits2=0;
949 int num_interfaces = iface_count();
952 /* Sort IPv4 addresses first. */
953 if (ss1->ss_family != ss2->ss_family) {
954 if (ss2->ss_family == AF_INET) {
961 /* Here we know both addresses are of the same
964 for (i=0;i<num_interfaces;i++) {
965 const struct sockaddr_storage *pss = iface_n_bcast(i);
966 unsigned char *p_ss1 = NULL;
967 unsigned char *p_ss2 = NULL;
968 unsigned char *p_if = NULL;
972 if (pss->ss_family != ss1->ss_family) {
973 /* Ignore interfaces of the wrong type. */
976 if (pss->ss_family == AF_INET) {
977 p_if = (unsigned char *)
978 &((const struct sockaddr_in *)pss)->sin_addr;
979 p_ss1 = (unsigned char *)
980 &((const struct sockaddr_in *)ss1)->sin_addr;
981 p_ss2 = (unsigned char *)
982 &((const struct sockaddr_in *)ss2)->sin_addr;
985 #if defined(HAVE_IPV6)
986 if (pss->ss_family == AF_INET6) {
987 p_if = (unsigned char *)
988 &((const struct sockaddr_in6 *)pss)->sin6_addr;
989 p_ss1 = (unsigned char *)
990 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
991 p_ss2 = (unsigned char *)
992 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
996 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
999 bits1 = matching_len_bits(p_ss1, p_if, len);
1000 bits2 = matching_len_bits(p_ss2, p_if, len);
1001 max_bits1 = MAX(bits1, max_bits1);
1002 max_bits2 = MAX(bits2, max_bits2);
1005 /* Bias towards directly reachable IPs */
1006 if (iface_local((struct sockaddr *)ss1)) {
1007 if (ss1->ss_family == AF_INET) {
1013 if (iface_local((struct sockaddr *)ss2)) {
1014 if (ss2->ss_family == AF_INET) {
1020 return max_bits2 - max_bits1;
1023 /*******************************************************************
1024 compare 2 ldap IPs by nearness to our interfaces - used in qsort
1025 *******************************************************************/
1027 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
1031 if ((result = addr_compare(&ss1->ss, &ss2->ss)) != 0) {
1035 if (ss1->port > ss2->port) {
1039 if (ss1->port < ss2->port) {
1047 sort an IP list so that names that are close to one of our interfaces
1048 are at the top. This prevents the problem where a WINS server returns an IP
1049 that is not reachable from our subnet as the first match
1052 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
1058 TYPESAFE_QSORT(sslist, count, addr_compare);
1061 static void sort_service_list(struct ip_service *servlist, int count)
1067 TYPESAFE_QSORT(servlist, count, ip_service_compare);
1070 /**********************************************************************
1071 Remove any duplicate address/port pairs in the list
1072 *********************************************************************/
1074 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
1078 DEBUG(10,("remove_duplicate_addrs2: "
1079 "looking for duplicate address/port pairs\n"));
1081 /* One loop to set duplicates to a zero addr. */
1082 for ( i=0; i<count; i++ ) {
1083 if ( is_zero_addr(&iplist[i].ss)) {
1087 for ( j=i+1; j<count; j++ ) {
1088 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
1089 iplist[i].port == iplist[j].port) {
1090 zero_sockaddr(&iplist[j].ss);
1095 /* Now remove any addresses set to zero above. */
1096 for (i = 0; i < count; i++) {
1098 is_zero_addr(&iplist[i].ss)) {
1102 (count-i-1)*sizeof(struct ip_service));
1111 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
1113 TALLOC_CTX *frame = talloc_stackframe();
1114 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
1117 if (iplist_new == NULL) {
1124 /* Copy IPv4 first. */
1125 for (i = 0; i < count; i++) {
1126 if (iplist[i].ss.ss_family == AF_INET) {
1127 iplist_new[j++] = iplist[i];
1132 for (i = 0; i < count; i++) {
1133 if (iplist[i].ss.ss_family != AF_INET) {
1134 iplist_new[j++] = iplist[i];
1138 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
1143 /****************************************************************************
1144 Do a netbios name query to find someones IP.
1145 Returns an array of IP addresses or NULL if none.
1146 *count will be set to the number of addresses returned.
1147 *timed_out is set if we failed by timing out
1148 ****************************************************************************/
1150 struct name_query_state {
1151 struct sockaddr_storage my_addr;
1152 struct sockaddr_storage addr;
1159 NTSTATUS validate_error;
1162 struct sockaddr_storage *addrs;
1166 static bool name_query_validator(struct packet_struct *p, void *private_data);
1167 static void name_query_done(struct tevent_req *subreq);
1169 struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx,
1170 struct tevent_context *ev,
1171 const char *name, int name_type,
1172 bool bcast, bool recurse,
1173 const struct sockaddr_storage *addr)
1175 struct tevent_req *req, *subreq;
1176 struct name_query_state *state;
1177 struct packet_struct p;
1178 struct nmb_packet *nmb = &p.packet.nmb;
1179 struct sockaddr_in *in_addr;
1181 req = tevent_req_create(mem_ctx, &state, struct name_query_state);
1185 state->bcast = bcast;
1187 if (addr->ss_family != AF_INET) {
1188 /* Can't do node status to IPv6 */
1189 tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
1190 return tevent_req_post(req, ev);
1193 if (lp_disable_netbios()) {
1194 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
1196 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
1197 return tevent_req_post(req, ev);
1200 state->addr = *addr;
1201 in_addr = (struct sockaddr_in *)(void *)&state->addr;
1202 in_addr->sin_port = htons(NMB_PORT);
1204 if (!interpret_string_addr(&state->my_addr, lp_socket_address(),
1205 AI_NUMERICHOST|AI_PASSIVE)) {
1206 zero_sockaddr(&state->my_addr);
1210 nmb->header.name_trn_id = generate_trn_id();
1211 nmb->header.opcode = 0;
1212 nmb->header.response = false;
1213 nmb->header.nm_flags.bcast = bcast;
1214 nmb->header.nm_flags.recursion_available = false;
1215 nmb->header.nm_flags.recursion_desired = recurse;
1216 nmb->header.nm_flags.trunc = false;
1217 nmb->header.nm_flags.authoritative = false;
1218 nmb->header.rcode = 0;
1219 nmb->header.qdcount = 1;
1220 nmb->header.ancount = 0;
1221 nmb->header.nscount = 0;
1222 nmb->header.arcount = 0;
1224 make_nmb_name(&nmb->question.question_name,name,name_type);
1226 nmb->question.question_type = 0x20;
1227 nmb->question.question_class = 0x1;
1229 state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
1231 if (state->buflen == 0) {
1232 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
1233 DEBUG(10, ("build_packet failed\n"));
1234 return tevent_req_post(req, ev);
1237 subreq = nb_trans_send(state, ev, &state->my_addr, &state->addr, bcast,
1238 state->buf, state->buflen,
1239 NMB_PACKET, nmb->header.name_trn_id,
1240 name_query_validator, state);
1241 if (tevent_req_nomem(subreq, req)) {
1242 DEBUG(10, ("nb_trans_send failed\n"));
1243 return tevent_req_post(req, ev);
1245 tevent_req_set_callback(subreq, name_query_done, req);
1249 static bool name_query_validator(struct packet_struct *p, void *private_data)
1251 struct name_query_state *state = talloc_get_type_abort(
1252 private_data, struct name_query_state);
1253 struct nmb_packet *nmb = &p->packet.nmb;
1254 struct sockaddr_storage *tmp_addrs;
1255 bool got_unique_netbios_name = false;
1258 debug_nmb_packet(p);
1261 * If we get a Negative Name Query Response from a WINS
1262 * server, we should report it and give up.
1264 if( 0 == nmb->header.opcode /* A query response */
1265 && !state->bcast /* from a WINS server */
1266 && nmb->header.rcode /* Error returned */
1269 if( DEBUGLVL( 3 ) ) {
1270 /* Only executed if DEBUGLEVEL >= 3 */
1271 dbgtext( "Negative name query "
1272 "response, rcode 0x%02x: ",
1273 nmb->header.rcode );
1274 switch( nmb->header.rcode ) {
1276 dbgtext("Request was invalidly formatted.\n");
1279 dbgtext("Problem with NBNS, cannot process "
1283 dbgtext("The name requested does not "
1287 dbgtext("Unsupported request error.\n");
1290 dbgtext("Query refused error.\n");
1293 dbgtext("Unrecognized error code.\n" );
1299 * We accept this packet as valid, but tell the upper
1300 * layers that it's a negative response.
1302 state->validate_error = NT_STATUS_NOT_FOUND;
1306 if (nmb->header.opcode != 0 ||
1307 nmb->header.nm_flags.bcast ||
1308 nmb->header.rcode ||
1309 !nmb->header.ancount) {
1311 * XXXX what do we do with this? Could be a redirect,
1312 * but we'll discard it for the moment.
1317 tmp_addrs = TALLOC_REALLOC_ARRAY(
1318 state, state->addrs, struct sockaddr_storage,
1319 state->num_addrs + nmb->answers->rdlength/6);
1320 if (tmp_addrs == NULL) {
1321 state->validate_error = NT_STATUS_NO_MEMORY;
1324 state->addrs = tmp_addrs;
1326 DEBUG(2,("Got a positive name query response "
1327 "from %s ( ", inet_ntoa(p->ip)));
1329 for (i=0; i<nmb->answers->rdlength/6; i++) {
1332 struct sockaddr_storage addr;
1335 flags = RSVAL(&nmb->answers->rdata[i*6], 0);
1336 got_unique_netbios_name |= ((flags & 0x8000) == 0);
1338 putip((char *)&ip,&nmb->answers->rdata[2+i*6]);
1339 in_addr_to_sockaddr_storage(&addr, ip);
1341 if (is_zero_addr(&addr)) {
1345 for (j=0; j<state->num_addrs; j++) {
1347 (struct sockaddr *)&addr,
1348 (struct sockaddr *)&state->addrs[j])) {
1352 if (j < state->num_addrs) {
1353 /* Already got it */
1357 DEBUGADD(2,("%s ",inet_ntoa(ip)));
1359 state->addrs[state->num_addrs] = addr;
1360 state->num_addrs += 1;
1362 DEBUGADD(2,(")\n"));
1364 /* We add the flags back ... */
1365 if (nmb->header.response)
1366 state->flags |= NM_FLAGS_RS;
1367 if (nmb->header.nm_flags.authoritative)
1368 state->flags |= NM_FLAGS_AA;
1369 if (nmb->header.nm_flags.trunc)
1370 state->flags |= NM_FLAGS_TC;
1371 if (nmb->header.nm_flags.recursion_desired)
1372 state->flags |= NM_FLAGS_RD;
1373 if (nmb->header.nm_flags.recursion_available)
1374 state->flags |= NM_FLAGS_RA;
1375 if (nmb->header.nm_flags.bcast)
1376 state->flags |= NM_FLAGS_B;
1380 * We have to collect all entries coming in from broadcast
1381 * queries. If we got a unique name, we're done.
1383 return got_unique_netbios_name;
1386 * WINS responses are accepted when they are received
1391 static void name_query_done(struct tevent_req *subreq)
1393 struct tevent_req *req = tevent_req_callback_data(
1394 subreq, struct tevent_req);
1395 struct name_query_state *state = tevent_req_data(
1396 req, struct name_query_state);
1398 struct packet_struct *p = NULL;
1400 status = nb_trans_recv(subreq, &p);
1401 TALLOC_FREE(subreq);
1402 if (tevent_req_nterror(req, status)) {
1405 if (!NT_STATUS_IS_OK(state->validate_error)) {
1406 tevent_req_nterror(req, state->validate_error);
1411 * Free the packet here, we've collected the response in the
1416 tevent_req_done(req);
1419 NTSTATUS name_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1420 struct sockaddr_storage **addrs, int *num_addrs,
1423 struct name_query_state *state = tevent_req_data(
1424 req, struct name_query_state);
1427 if (tevent_req_is_nterror(req, &status)
1428 && !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
1431 if (state->num_addrs == 0) {
1432 return NT_STATUS_NOT_FOUND;
1434 *addrs = talloc_move(mem_ctx, &state->addrs);
1435 sort_addr_list(*addrs, state->num_addrs);
1436 *num_addrs = state->num_addrs;
1437 if (flags != NULL) {
1438 *flags = state->flags;
1440 return NT_STATUS_OK;
1443 NTSTATUS name_query(const char *name, int name_type,
1444 bool bcast, bool recurse,
1445 const struct sockaddr_storage *to_ss,
1446 TALLOC_CTX *mem_ctx,
1447 struct sockaddr_storage **addrs,
1448 int *num_addrs, uint8_t *flags)
1450 TALLOC_CTX *frame = talloc_stackframe();
1451 struct tevent_context *ev;
1452 struct tevent_req *req;
1453 struct timeval timeout;
1454 NTSTATUS status = NT_STATUS_NO_MEMORY;
1456 ev = tevent_context_init(frame);
1460 req = name_query_send(ev, ev, name, name_type, bcast, recurse, to_ss);
1465 timeout = timeval_current_ofs(0, 250000);
1467 timeout = timeval_current_ofs(2, 0);
1469 if (!tevent_req_set_endtime(req, ev, timeout)) {
1472 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1475 status = name_query_recv(req, mem_ctx, addrs, num_addrs, flags);
1481 /********************************************************
1482 Convert an array if struct sockaddr_storage to struct ip_service
1483 return false on failure. Port is set to PORT_NONE;
1484 pcount is [in/out] - it is the length of ss_list on input,
1485 and the length of return_iplist on output as we remove any
1486 zero addresses from ss_list.
1487 *********************************************************/
1489 static bool convert_ss2service(struct ip_service **return_iplist,
1490 const struct sockaddr_storage *ss_list,
1494 int orig_count = *pcount;
1497 if (orig_count==0 || !ss_list )
1500 /* Filter out zero addrs. */
1501 for ( i=0; i<orig_count; i++ ) {
1502 if (is_zero_addr(&ss_list[i])) {
1507 if (real_count==0) {
1511 /* copy the ip address; port will be PORT_NONE */
1512 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, real_count)) ==
1514 DEBUG(0,("convert_ip2service: malloc failed "
1515 "for %d enetries!\n", real_count ));
1519 for ( i=0, real_count = 0; i<orig_count; i++ ) {
1520 if (is_zero_addr(&ss_list[i])) {
1523 (*return_iplist)[real_count].ss = ss_list[i];
1524 (*return_iplist)[real_count].port = PORT_NONE;
1528 *pcount = real_count;
1532 /********************************************************
1533 Resolve via "bcast" method.
1534 *********************************************************/
1536 NTSTATUS name_resolve_bcast(const char *name,
1538 TALLOC_CTX *mem_ctx,
1539 struct sockaddr_storage **return_iplist,
1543 int num_interfaces = iface_count();
1544 struct sockaddr_storage *ss_list;
1545 NTSTATUS status = NT_STATUS_NOT_FOUND;
1547 if (lp_disable_netbios()) {
1548 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
1550 return NT_STATUS_INVALID_PARAMETER;
1553 *return_iplist = NULL;
1557 * "bcast" means do a broadcast lookup on all the local interfaces.
1560 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
1561 "for name %s<0x%x>\n", name, name_type));
1564 * Lookup the name on all the interfaces, return on
1565 * the first successful match.
1567 for( i = num_interfaces-1; i >= 0; i--) {
1568 const struct sockaddr_storage *pss = iface_n_bcast(i);
1570 /* Done this way to fix compiler error on IRIX 5.x */
1574 status = name_query(name, name_type, true, true, pss,
1575 talloc_tos(), &ss_list, return_count,
1577 if (NT_STATUS_IS_OK(status)) {
1582 /* failed - no response */
1587 *return_iplist = ss_list;
1591 /********************************************************
1592 Resolve via "wins" method.
1593 *********************************************************/
1595 NTSTATUS resolve_wins(const char *name,
1597 struct ip_service **return_iplist,
1602 struct sockaddr_storage src_ss, *ss_list = NULL;
1603 struct in_addr src_ip;
1606 if (lp_disable_netbios()) {
1607 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1609 return NT_STATUS_INVALID_PARAMETER;
1612 *return_iplist = NULL;
1615 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1618 if (wins_srv_count() < 1) {
1619 DEBUG(3,("resolve_wins: WINS server resolution selected "
1620 "and no WINS servers listed.\n"));
1621 return NT_STATUS_INVALID_PARAMETER;
1624 /* we try a lookup on each of the WINS tags in turn */
1625 wins_tags = wins_srv_tags();
1628 /* huh? no tags?? give up in disgust */
1629 return NT_STATUS_INVALID_PARAMETER;
1632 /* the address we will be sending from */
1633 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1634 AI_NUMERICHOST|AI_PASSIVE)) {
1635 zero_sockaddr(&src_ss);
1638 if (src_ss.ss_family != AF_INET) {
1639 char addr[INET6_ADDRSTRLEN];
1640 print_sockaddr(addr, sizeof(addr), &src_ss);
1641 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1642 "on IPv6 address %s\n",
1644 wins_srv_tags_free(wins_tags);
1645 return NT_STATUS_INVALID_PARAMETER;
1648 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1650 /* in the worst case we will try every wins server with every
1652 for (t=0; wins_tags && wins_tags[t]; t++) {
1653 int srv_count = wins_srv_count_tag(wins_tags[t]);
1654 for (i=0; i<srv_count; i++) {
1655 struct sockaddr_storage wins_ss;
1656 struct in_addr wins_ip;
1658 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1660 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1661 /* yikes! we'll loop forever */
1665 /* skip any that have been unresponsive lately */
1666 if (wins_srv_is_dead(wins_ip, src_ip)) {
1670 DEBUG(3,("resolve_wins: using WINS server %s "
1672 inet_ntoa(wins_ip), wins_tags[t]));
1674 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1675 status = name_query(name,
1685 /* exit loop if we got a list of addresses */
1687 if (NT_STATUS_IS_OK(status)) {
1691 if (NT_STATUS_EQUAL(status,
1692 NT_STATUS_IO_TIMEOUT)) {
1693 /* Timed out waiting for WINS server to
1696 wins_srv_died(wins_ip, src_ip);
1698 /* The name definitely isn't in this
1699 group of WINS servers.
1700 goto the next group */
1706 wins_srv_tags_free(wins_tags);
1707 return NT_STATUS_NO_LOGON_SERVERS;
1711 status = NT_STATUS_OK;
1712 if (!convert_ss2service(return_iplist, ss_list, return_count))
1713 status = NT_STATUS_INVALID_PARAMETER;
1715 TALLOC_FREE(ss_list);
1716 wins_srv_tags_free(wins_tags);
1721 /********************************************************
1722 Resolve via "lmhosts" method.
1723 *********************************************************/
1725 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1726 struct ip_service **return_iplist,
1730 * "lmhosts" means parse the local lmhosts file.
1732 struct sockaddr_storage *ss_list;
1733 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1734 TALLOC_CTX *ctx = NULL;
1736 *return_iplist = NULL;
1739 DEBUG(3,("resolve_lmhosts: "
1740 "Attempting lmhosts lookup for name %s<0x%x>\n",
1743 ctx = talloc_init("resolve_lmhosts");
1745 return NT_STATUS_NO_MEMORY;
1748 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1753 if (NT_STATUS_IS_OK(status)) {
1754 if (convert_ss2service(return_iplist,
1758 return NT_STATUS_OK;
1761 return NT_STATUS_NO_MEMORY;
1769 /********************************************************
1770 Resolve via "hosts" method.
1771 *********************************************************/
1773 static NTSTATUS resolve_hosts(const char *name, int name_type,
1774 struct ip_service **return_iplist,
1778 * "host" means do a localhost, or dns lookup.
1780 struct addrinfo hints;
1781 struct addrinfo *ailist = NULL;
1782 struct addrinfo *res = NULL;
1786 if ( name_type != 0x20 && name_type != 0x0) {
1787 DEBUG(5, ("resolve_hosts: not appropriate "
1788 "for name type <0x%x>\n",
1790 return NT_STATUS_INVALID_PARAMETER;
1793 *return_iplist = NULL;
1796 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1800 /* By default make sure it supports TCP. */
1801 hints.ai_socktype = SOCK_STREAM;
1802 hints.ai_flags = AI_ADDRCONFIG;
1804 #if !defined(HAVE_IPV6)
1805 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1806 hints.ai_family = AF_INET;
1809 ret = getaddrinfo(name,
1814 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1816 gai_strerror(ret) ));
1819 for (res = ailist; res; res = res->ai_next) {
1820 struct sockaddr_storage ss;
1822 if (!res->ai_addr || res->ai_addrlen == 0) {
1827 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1829 if (is_zero_addr(&ss)) {
1835 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1838 if (!*return_iplist) {
1839 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1840 freeaddrinfo(ailist);
1841 return NT_STATUS_NO_MEMORY;
1843 (*return_iplist)[i].ss = ss;
1844 (*return_iplist)[i].port = PORT_NONE;
1848 freeaddrinfo(ailist);
1850 if (*return_count) {
1851 return NT_STATUS_OK;
1853 return NT_STATUS_UNSUCCESSFUL;
1856 /********************************************************
1857 Resolve via "ADS" method.
1858 *********************************************************/
1860 /* Special name type used to cause a _kerberos DNS lookup. */
1861 #define KDC_NAME_TYPE 0xDCDC
1863 static NTSTATUS resolve_ads(const char *name,
1865 const char *sitename,
1866 struct ip_service **return_iplist,
1872 struct dns_rr_srv *dcs = NULL;
1876 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1877 (name_type != 0x1b)) {
1878 return NT_STATUS_INVALID_PARAMETER;
1881 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1882 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1883 return NT_STATUS_NO_MEMORY;
1886 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1888 switch (name_type) {
1890 DEBUG(5,("resolve_ads: Attempting to resolve "
1891 "PDC for %s using DNS\n", name));
1892 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1896 DEBUG(5,("resolve_ads: Attempting to resolve "
1897 "DCs for %s using DNS\n", name));
1898 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1902 DEBUG(5,("resolve_ads: Attempting to resolve "
1903 "KDCs for %s using DNS\n", name));
1904 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1908 status = NT_STATUS_INVALID_PARAMETER;
1912 if ( !NT_STATUS_IS_OK( status ) ) {
1913 talloc_destroy(ctx);
1917 for (i=0;i<numdcs;i++) {
1918 numaddrs += MAX(dcs[i].num_ips,1);
1921 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1923 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1925 talloc_destroy(ctx);
1926 return NT_STATUS_NO_MEMORY;
1929 /* now unroll the list of IP addresses */
1934 while ( i < numdcs && (*return_count<numaddrs) ) {
1935 struct ip_service *r = &(*return_iplist)[*return_count];
1937 r->port = dcs[i].port;
1939 /* If we don't have an IP list for a name, lookup it up */
1942 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1946 /* use the IP addresses from the SRV sresponse */
1948 if ( j >= dcs[i].num_ips ) {
1954 r->ss = dcs[i].ss_s[j];
1958 /* make sure it is a valid IP. I considered checking the
1959 * negative connection cache, but this is the wrong place
1960 * for it. Maybe only as a hack. After think about it, if
1961 * all of the IP addresses returned from DNS are dead, what
1962 * hope does a netbios name lookup have ? The standard reason
1963 * for falling back to netbios lookups is that our DNS server
1964 * doesn't know anything about the DC's -- jerry */
1966 if (!is_zero_addr(&r->ss)) {
1971 talloc_destroy(ctx);
1972 return NT_STATUS_OK;
1975 /*******************************************************************
1976 Internal interface to resolve a name into an IP address.
1977 Use this function if the string is either an IP address, DNS
1978 or host name or NetBIOS name. This uses the name switch in the
1979 smb.conf to determine the order of name resolution.
1981 Added support for ip addr/port to support ADS ldap servers.
1982 the only place we currently care about the port is in the
1983 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1984 **********************************************************************/
1986 NTSTATUS internal_resolve_name(const char *name,
1988 const char *sitename,
1989 struct ip_service **return_iplist,
1991 const char *resolve_order)
1995 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1997 TALLOC_CTX *frame = NULL;
1999 *return_iplist = NULL;
2002 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
2003 name, name_type, sitename ? sitename : "(null)"));
2005 if (is_ipaddress(name)) {
2006 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
2008 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
2009 return NT_STATUS_NO_MEMORY;
2012 /* ignore the port here */
2013 (*return_iplist)->port = PORT_NONE;
2015 /* if it's in the form of an IP address then get the lib to interpret it */
2016 if (!interpret_string_addr(&(*return_iplist)->ss,
2017 name, AI_NUMERICHOST)) {
2018 DEBUG(1,("internal_resolve_name: interpret_string_addr "
2021 SAFE_FREE(*return_iplist);
2022 return NT_STATUS_INVALID_PARAMETER;
2024 if (is_zero_addr(&(*return_iplist)->ss)) {
2025 SAFE_FREE(*return_iplist);
2026 return NT_STATUS_UNSUCCESSFUL;
2029 return NT_STATUS_OK;
2032 /* Check name cache */
2034 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
2035 *return_count = remove_duplicate_addrs2(*return_iplist,
2037 /* This could be a negative response */
2038 if (*return_count > 0) {
2039 return NT_STATUS_OK;
2041 return NT_STATUS_UNSUCCESSFUL;
2045 /* set the name resolution order */
2047 if (strcmp( resolve_order, "NULL") == 0) {
2048 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
2049 return NT_STATUS_INVALID_PARAMETER;
2052 if (!resolve_order[0]) {
2055 ptr = resolve_order;
2058 /* iterate through the name resolution backends */
2060 frame = talloc_stackframe();
2061 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
2062 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
2063 status = resolve_hosts(name, name_type, return_iplist,
2065 if (NT_STATUS_IS_OK(status)) {
2068 } else if(strequal( tok, "kdc")) {
2069 /* deal with KDC_NAME_TYPE names here.
2070 * This will result in a SRV record lookup */
2071 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
2072 return_iplist, return_count);
2073 if (NT_STATUS_IS_OK(status)) {
2074 /* Ensure we don't namecache
2075 * this with the KDC port. */
2076 name_type = KDC_NAME_TYPE;
2079 } else if(strequal( tok, "ads")) {
2080 /* deal with 0x1c and 0x1b names here.
2081 * This will result in a SRV record lookup */
2082 status = resolve_ads(name, name_type, sitename,
2083 return_iplist, return_count);
2084 if (NT_STATUS_IS_OK(status)) {
2087 } else if(strequal( tok, "lmhosts")) {
2088 status = resolve_lmhosts(name, name_type,
2089 return_iplist, return_count);
2090 if (NT_STATUS_IS_OK(status)) {
2093 } else if(strequal( tok, "wins")) {
2094 /* don't resolve 1D via WINS */
2095 if (name_type != 0x1D) {
2096 status = resolve_wins(name, name_type,
2099 if (NT_STATUS_IS_OK(status)) {
2103 } else if(strequal( tok, "bcast")) {
2104 struct sockaddr_storage *ss_list;
2105 status = name_resolve_bcast(
2106 name, name_type, talloc_tos(),
2107 &ss_list, return_count);
2108 if (NT_STATUS_IS_OK(status)) {
2109 if (!convert_ss2service(return_iplist,
2112 status = NT_STATUS_NO_MEMORY;
2117 DEBUG(0,("resolve_name: unknown name switch type %s\n",
2122 /* All of the resolve_* functions above have returned false. */
2125 SAFE_FREE(*return_iplist);
2128 return NT_STATUS_UNSUCCESSFUL;
2132 /* Remove duplicate entries. Some queries, notably #1c (domain
2133 controllers) return the PDC in iplist[0] and then all domain
2134 controllers including the PDC in iplist[1..n]. Iterating over
2135 the iplist when the PDC is down will cause two sets of timeouts. */
2137 *return_count = remove_duplicate_addrs2(*return_iplist, *return_count );
2139 /* Save in name cache */
2140 if ( DEBUGLEVEL >= 100 ) {
2141 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
2142 char addr[INET6_ADDRSTRLEN];
2143 print_sockaddr(addr, sizeof(addr),
2144 &(*return_iplist)[i].ss);
2145 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
2149 (*return_iplist)[i].port));
2153 if (*return_count) {
2154 namecache_store(name, name_type, *return_count, *return_iplist);
2157 /* Display some debugging info */
2159 if ( DEBUGLEVEL >= 10 ) {
2160 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
2163 for (i = 0; i < *return_count; i++) {
2164 char addr[INET6_ADDRSTRLEN];
2165 print_sockaddr(addr, sizeof(addr),
2166 &(*return_iplist)[i].ss);
2167 DEBUGADD(10, ("%s:%d ",
2169 (*return_iplist)[i].port));
2178 /********************************************************
2179 Internal interface to resolve a name into one IP address.
2180 Use this function if the string is either an IP address, DNS
2181 or host name or NetBIOS name. This uses the name switch in the
2182 smb.conf to determine the order of name resolution.
2183 *********************************************************/
2185 bool resolve_name(const char *name,
2186 struct sockaddr_storage *return_ss,
2190 struct ip_service *ss_list = NULL;
2191 char *sitename = NULL;
2194 if (is_ipaddress(name)) {
2195 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
2198 sitename = sitename_fetch(lp_realm()); /* wild guess */
2200 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
2202 lp_name_resolve_order()))) {
2206 for (i=0; i<count; i++) {
2207 if (!is_zero_addr(&ss_list[i].ss) &&
2208 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
2209 (ss_list[i].ss.ss_family == AF_INET)) {
2210 *return_ss = ss_list[i].ss;
2212 SAFE_FREE(sitename);
2218 /* only return valid addresses for TCP connections */
2219 for (i=0; i<count; i++) {
2220 if (!is_zero_addr(&ss_list[i].ss) &&
2221 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2222 *return_ss = ss_list[i].ss;
2224 SAFE_FREE(sitename);
2231 SAFE_FREE(sitename);
2235 /********************************************************
2236 Internal interface to resolve a name into a list of IP addresses.
2237 Use this function if the string is either an IP address, DNS
2238 or host name or NetBIOS name. This uses the name switch in the
2239 smb.conf to determine the order of name resolution.
2240 *********************************************************/
2242 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
2245 struct sockaddr_storage **return_ss_arr,
2246 unsigned int *p_num_entries)
2248 struct ip_service *ss_list = NULL;
2249 char *sitename = NULL;
2252 unsigned int num_entries;
2256 *return_ss_arr = NULL;
2258 if (is_ipaddress(name)) {
2259 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
2260 if (!*return_ss_arr) {
2261 return NT_STATUS_NO_MEMORY;
2263 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
2264 TALLOC_FREE(*return_ss_arr);
2265 return NT_STATUS_BAD_NETWORK_NAME;
2268 return NT_STATUS_OK;
2271 sitename = sitename_fetch(lp_realm()); /* wild guess */
2273 status = internal_resolve_name(name, name_type, sitename,
2275 lp_name_resolve_order());
2276 SAFE_FREE(sitename);
2278 if (!NT_STATUS_IS_OK(status)) {
2282 /* only return valid addresses for TCP connections */
2283 for (i=0, num_entries = 0; i<count; i++) {
2284 if (!is_zero_addr(&ss_list[i].ss) &&
2285 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2289 if (num_entries == 0) {
2291 return NT_STATUS_BAD_NETWORK_NAME;
2294 *return_ss_arr = TALLOC_ARRAY(ctx,
2295 struct sockaddr_storage,
2297 if (!(*return_ss_arr)) {
2299 return NT_STATUS_NO_MEMORY;
2302 for (i=0, num_entries = 0; i<count; i++) {
2303 if (!is_zero_addr(&ss_list[i].ss) &&
2304 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
2305 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
2309 status = NT_STATUS_OK;
2310 *p_num_entries = num_entries;
2313 return NT_STATUS_OK;
2316 /********************************************************
2317 Find the IP address of the master browser or DMB for a workgroup.
2318 *********************************************************/
2320 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
2322 struct ip_service *ip_list = NULL;
2326 if (lp_disable_netbios()) {
2327 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
2331 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
2332 lp_name_resolve_order());
2333 if (NT_STATUS_IS_OK(status)) {
2334 *master_ss = ip_list[0].ss;
2339 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
2340 lp_name_resolve_order());
2341 if (NT_STATUS_IS_OK(status)) {
2342 *master_ss = ip_list[0].ss;
2351 /********************************************************
2352 Get the IP address list of the primary domain controller
2354 *********************************************************/
2356 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
2358 struct ip_service *ip_list = NULL;
2360 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
2362 /* Look up #1B name */
2364 if (lp_security() == SEC_ADS) {
2365 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2369 if (!NT_STATUS_IS_OK(status) || count == 0) {
2370 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
2372 lp_name_resolve_order());
2373 if (!NT_STATUS_IS_OK(status)) {
2378 /* if we get more than 1 IP back we have to assume it is a
2379 multi-homed PDC and not a mess up */
2382 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
2383 sort_service_list(ip_list, count);
2386 *pss = ip_list[0].ss;
2391 /* Private enum type for lookups. */
2393 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
2395 /********************************************************
2396 Get the IP address list of the domain controllers for
2398 *********************************************************/
2400 static NTSTATUS get_dc_list(const char *domain,
2401 const char *sitename,
2402 struct ip_service **ip_list,
2404 enum dc_lookup_type lookup_type,
2407 char *resolve_order = NULL;
2408 char *saf_servername = NULL;
2409 char *pserver = NULL;
2411 char *port_str = NULL;
2414 int num_addresses = 0;
2415 int local_count, i, j;
2416 struct ip_service *return_iplist = NULL;
2417 struct ip_service *auto_ip_list = NULL;
2418 bool done_auto_lookup = false;
2421 TALLOC_CTX *ctx = talloc_init("get_dc_list");
2427 return NT_STATUS_NO_MEMORY;
2432 /* if we are restricted to solely using DNS for looking
2433 up a domain controller, make sure that host lookups
2434 are enabled for the 'name resolve order'. If host lookups
2435 are disabled and ads_only is True, then set the string to
2438 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
2439 if (!resolve_order) {
2440 status = NT_STATUS_NO_MEMORY;
2443 strlower_m(resolve_order);
2444 if (lookup_type == DC_ADS_ONLY) {
2445 if (strstr( resolve_order, "host")) {
2446 resolve_order = talloc_strdup(ctx, "ads");
2448 /* DNS SRV lookups used by the ads resolver
2449 are already sorted by priority and weight */
2452 resolve_order = talloc_strdup(ctx, "NULL");
2454 } else if (lookup_type == DC_KDC_ONLY) {
2455 /* DNS SRV lookups used by the ads/kdc resolver
2456 are already sorted by priority and weight */
2458 resolve_order = talloc_strdup(ctx, "kdc");
2460 if (!resolve_order) {
2461 status = NT_STATUS_NO_MEMORY;
2465 /* fetch the server we have affinity for. Add the
2466 'password server' list to a search for our domain controllers */
2468 saf_servername = saf_fetch( domain);
2470 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
2471 pserver = talloc_asprintf(ctx, "%s, %s",
2472 saf_servername ? saf_servername : "",
2473 lp_passwordserver());
2475 pserver = talloc_asprintf(ctx, "%s, *",
2476 saf_servername ? saf_servername : "");
2479 SAFE_FREE(saf_servername);
2481 status = NT_STATUS_NO_MEMORY;
2485 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
2488 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
2489 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2490 count, resolve_order);
2494 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
2497 * if '*' appears in the "password server" list then add
2498 * an auto lookup to the list of manually configured
2499 * DC's. If any DC is listed by name, then the list should be
2500 * considered to be ordered
2504 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2505 if (!done_auto_lookup && strequal(name, "*")) {
2506 status = internal_resolve_name(domain, 0x1C, sitename,
2510 if (NT_STATUS_IS_OK(status)) {
2511 num_addresses += auto_count;
2513 done_auto_lookup = true;
2514 DEBUG(8,("Adding %d DC's from auto lookup\n",
2521 /* if we have no addresses and haven't done the auto lookup, then
2522 just return the list of DC's. Or maybe we just failed. */
2524 if ((num_addresses == 0)) {
2525 if (done_auto_lookup) {
2526 DEBUG(4,("get_dc_list: no servers found\n"));
2527 status = NT_STATUS_NO_LOGON_SERVERS;
2530 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
2531 count, resolve_order);
2535 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
2536 num_addresses)) == NULL) {
2537 DEBUG(3,("get_dc_list: malloc fail !\n"));
2538 status = NT_STATUS_NO_MEMORY;
2545 /* fill in the return list now with real IP's */
2547 while ((local_count<num_addresses) &&
2548 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
2549 struct sockaddr_storage name_ss;
2551 /* copy any addersses from the auto lookup */
2553 if (strequal(name, "*")) {
2554 for (j=0; j<auto_count; j++) {
2555 char addr[INET6_ADDRSTRLEN];
2556 print_sockaddr(addr,
2558 &auto_ip_list[j].ss);
2559 /* Check for and don't copy any
2560 * known bad DC IP's. */
2561 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
2564 DEBUG(5,("get_dc_list: "
2565 "negative entry %s removed "
2570 return_iplist[local_count].ss =
2572 return_iplist[local_count].port =
2573 auto_ip_list[j].port;
2579 /* added support for address:port syntax for ads
2580 * (not that I think anyone will ever run the LDAP
2581 * server in an AD domain on something other than
2584 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2585 if ((port_str=strchr(name, ':')) != NULL) {
2588 port = atoi(port_str);
2591 /* explicit lookup; resolve_name() will
2592 * handle names & IP addresses */
2593 if (resolve_name( name, &name_ss, 0x20, true )) {
2594 char addr[INET6_ADDRSTRLEN];
2595 print_sockaddr(addr,
2599 /* Check for and don't copy any known bad DC IP's. */
2600 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2602 DEBUG(5,("get_dc_list: negative entry %s "
2603 "removed from DC list\n",
2608 return_iplist[local_count].ss = name_ss;
2609 return_iplist[local_count].port = port;
2615 /* need to remove duplicates in the list if we have any
2616 explicit password servers */
2618 local_count = remove_duplicate_addrs2(return_iplist, local_count );
2620 /* For DC's we always prioritize IPv4 due to W2K3 not
2621 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2623 if (local_count && return_iplist) {
2624 prioritize_ipv4_list(return_iplist, local_count);
2627 if ( DEBUGLEVEL >= 4 ) {
2628 DEBUG(4,("get_dc_list: returning %d ip addresses "
2629 "in an %sordered list\n",
2631 *ordered ? "":"un"));
2632 DEBUG(4,("get_dc_list: "));
2633 for ( i=0; i<local_count; i++ ) {
2634 char addr[INET6_ADDRSTRLEN];
2635 print_sockaddr(addr,
2637 &return_iplist[i].ss);
2638 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2643 *ip_list = return_iplist;
2644 *count = local_count;
2646 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2650 if (!NT_STATUS_IS_OK(status)) {
2651 SAFE_FREE(return_iplist);
2656 SAFE_FREE(auto_ip_list);
2661 /*********************************************************************
2662 Small wrapper function to get the DC list and sort it if neccessary.
2663 *********************************************************************/
2665 NTSTATUS get_sorted_dc_list( const char *domain,
2666 const char *sitename,
2667 struct ip_service **ip_list,
2671 bool ordered = false;
2673 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2678 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2679 "for name %s (sitename %s) using [%s]\n",
2681 sitename ? sitename : "NULL",
2682 (ads_only ? "ads" : lp_name_resolve_order())));
2685 lookup_type = DC_ADS_ONLY;
2688 status = get_dc_list(domain, sitename, ip_list,
2689 count, lookup_type, &ordered);
2690 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2692 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2693 " in site %s, fallback to all servers\n",
2695 status = get_dc_list(domain, NULL, ip_list,
2696 count, lookup_type, &ordered);
2699 if (!NT_STATUS_IS_OK(status)) {
2700 SAFE_FREE(*ip_list);
2705 /* only sort if we don't already have an ordered list */
2707 sort_service_list(*ip_list, *count);
2710 return NT_STATUS_OK;
2713 /*********************************************************************
2714 Get the KDC list - re-use all the logic in get_dc_list.
2715 *********************************************************************/
2717 NTSTATUS get_kdc_list( const char *realm,
2718 const char *sitename,
2719 struct ip_service **ip_list,
2728 status = get_dc_list(realm, sitename, ip_list,
2729 count, DC_KDC_ONLY, &ordered);
2731 if (!NT_STATUS_IS_OK(status)) {
2732 SAFE_FREE(*ip_list);
2737 /* only sort if we don't already have an ordered list */
2739 sort_service_list(*ip_list, *count);
2742 return NT_STATUS_OK;