2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* nmbd.c sets this to True. */
24 bool global_in_nmbd = False;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
37 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
38 #define SAFJOIN_TTL 3600
40 static char *saf_key(const char *domain)
44 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
49 static char *saf_join_key(const char *domain)
53 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
58 /****************************************************************************
59 ****************************************************************************/
61 bool saf_store( const char *domain, const char *servername )
67 if ( !domain || !servername ) {
68 DEBUG(2,("saf_store: "
69 "Refusing to store empty domain or servername!\n"));
73 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
74 DEBUG(0,("saf_store: "
75 "refusing to store 0 length domain or servername!\n"));
79 key = saf_key( domain );
80 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
82 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
83 domain, servername, (unsigned int)expire ));
85 ret = gencache_set( key, servername, expire );
92 bool saf_join_store( const char *domain, const char *servername )
98 if ( !domain || !servername ) {
99 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
103 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
104 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
108 key = saf_join_key( domain );
109 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
111 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
112 domain, servername, (unsigned int)expire ));
114 ret = gencache_set( key, servername, expire );
121 bool saf_delete( const char *domain )
127 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
131 key = saf_join_key(domain);
132 ret = gencache_del(key);
136 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
139 key = saf_key(domain);
140 ret = gencache_del(key);
144 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
150 /****************************************************************************
151 ****************************************************************************/
153 char *saf_fetch( const char *domain )
160 if ( !domain || strlen(domain) == 0) {
161 DEBUG(2,("saf_fetch: Empty domain name!\n"));
165 key = saf_join_key( domain );
167 ret = gencache_get( key, &server, &timeout );
172 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
177 key = saf_key( domain );
179 ret = gencache_get( key, &server, &timeout );
184 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
187 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
194 /****************************************************************************
195 Generate a random trn_id.
196 ****************************************************************************/
198 static int generate_trn_id(void)
202 generate_random_buffer((uint8 *)&id, sizeof(id));
204 return id % (unsigned)0x7FFF;
207 /****************************************************************************
208 Parse a node status response into an array of structures.
209 ****************************************************************************/
211 static NODE_STATUS_STRUCT *parse_node_status(char *p,
213 struct node_status_extra *extra)
215 NODE_STATUS_STRUCT *ret;
218 *num_names = CVAL(p,0);
223 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
228 for (i=0;i< *num_names;i++) {
229 StrnCpy(ret[i].name,p,15);
230 trim_char(ret[i].name,'\0',' ');
231 ret[i].type = CVAL(p,15);
232 ret[i].flags = p[16];
234 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
235 ret[i].type, ret[i].flags));
238 * Also, pick up the MAC address ...
241 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
247 /****************************************************************************
248 Do a NBT node status query on an open socket and return an array of
249 structures holding the returned names or NULL if the query failed.
250 **************************************************************************/
252 NODE_STATUS_STRUCT *node_status_query(int fd,
253 struct nmb_name *name,
254 const struct sockaddr_storage *to_ss,
256 struct node_status_extra *extra)
260 int retry_time = 2000;
262 struct packet_struct p;
263 struct packet_struct *p2;
264 struct nmb_packet *nmb = &p.packet.nmb;
265 NODE_STATUS_STRUCT *ret;
269 if (to_ss->ss_family != AF_INET) {
270 /* Can't do node status to IPv6 */
273 nmb->header.name_trn_id = generate_trn_id();
274 nmb->header.opcode = 0;
275 nmb->header.response = false;
276 nmb->header.nm_flags.bcast = false;
277 nmb->header.nm_flags.recursion_available = false;
278 nmb->header.nm_flags.recursion_desired = false;
279 nmb->header.nm_flags.trunc = false;
280 nmb->header.nm_flags.authoritative = false;
281 nmb->header.rcode = 0;
282 nmb->header.qdcount = 1;
283 nmb->header.ancount = 0;
284 nmb->header.nscount = 0;
285 nmb->header.arcount = 0;
286 nmb->question.question_name = *name;
287 nmb->question.question_type = 0x21;
288 nmb->question.question_class = 0x1;
290 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
294 p.timestamp = time(NULL);
295 p.packet_type = NMB_PACKET;
299 if (!send_packet(&p))
305 struct timeval tval2;
306 GetTimeOfDay(&tval2);
307 if (TvalDiff(&tval,&tval2) > retry_time) {
310 if (!found && !send_packet(&p))
316 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
317 struct nmb_packet *nmb2 = &p2->packet.nmb;
318 debug_nmb_packet(p2);
320 if (nmb2->header.opcode != 0 ||
321 nmb2->header.nm_flags.bcast ||
322 nmb2->header.rcode ||
323 !nmb2->header.ancount ||
324 nmb2->answers->rr_type != 0x21) {
325 /* XXXX what do we do with this? could be a
326 redirect, but we'll discard it for the
332 ret = parse_node_status(&nmb2->answers->rdata[0],
342 /****************************************************************************
343 Find the first type XX name in a node status reply - used for finding
344 a servers name given its IP. Return the matched name in *name.
345 **************************************************************************/
347 bool name_status_find(const char *q_name,
350 const struct sockaddr_storage *to_ss,
353 char addr[INET6_ADDRSTRLEN];
354 struct sockaddr_storage ss;
355 NODE_STATUS_STRUCT *status = NULL;
356 struct nmb_name nname;
361 if (lp_disable_netbios()) {
362 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
367 print_sockaddr(addr, sizeof(addr), to_ss);
369 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
372 /* Check the cache first. */
374 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
378 if (to_ss->ss_family != AF_INET) {
379 /* Can't do node status to IPv6 */
383 if (!interpret_string_addr(&ss, lp_socket_address(),
384 AI_NUMERICHOST|AI_PASSIVE)) {
388 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
392 /* W2K PDC's seem not to respond to '*'#0. JRA */
393 make_nmb_name(&nname, q_name, q_type);
394 status = node_status_query(sock, &nname, to_ss, &count, NULL);
399 for (i=0;i<count;i++) {
400 /* Find first one of the requested type that's not a GROUP. */
401 if (status[i].type == type && ! (status[i].flags & 0x80))
407 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
409 /* Store the result in the cache. */
410 /* but don't store an entry for 0x1c names here. Here we have
411 a single host and DOMAIN<0x1c> names should be a list of hosts */
413 if ( q_type != 0x1c ) {
414 namecache_status_store(q_name, q_type, type, to_ss, name);
422 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
425 DEBUGADD(10, (", name %s ip address is %s", name, addr));
433 comparison function used by sort_addr_list
436 static int addr_compare(const struct sockaddr *ss1,
437 const struct sockaddr *ss2)
439 int max_bits1=0, max_bits2=0;
440 int num_interfaces = iface_count();
443 /* Sort IPv4 addresses first. */
444 if (ss1->sa_family != ss2->sa_family) {
445 if (ss2->sa_family == AF_INET) {
452 /* Here we know both addresses are of the same
455 for (i=0;i<num_interfaces;i++) {
456 const struct sockaddr_storage *pss = iface_n_bcast(i);
457 unsigned char *p_ss1 = NULL;
458 unsigned char *p_ss2 = NULL;
459 unsigned char *p_if = NULL;
463 if (pss->ss_family != ss1->sa_family) {
464 /* Ignore interfaces of the wrong type. */
467 if (pss->ss_family == AF_INET) {
468 p_if = (unsigned char *)
469 &((const struct sockaddr_in *)pss)->sin_addr;
470 p_ss1 = (unsigned char *)
471 &((const struct sockaddr_in *)ss1)->sin_addr;
472 p_ss2 = (unsigned char *)
473 &((const struct sockaddr_in *)ss2)->sin_addr;
476 #if defined(HAVE_IPV6)
477 if (pss->ss_family == AF_INET6) {
478 p_if = (unsigned char *)
479 &((const struct sockaddr_in6 *)pss)->sin6_addr;
480 p_ss1 = (unsigned char *)
481 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
482 p_ss2 = (unsigned char *)
483 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
487 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
490 bits1 = matching_len_bits(p_ss1, p_if, len);
491 bits2 = matching_len_bits(p_ss2, p_if, len);
492 max_bits1 = MAX(bits1, max_bits1);
493 max_bits2 = MAX(bits2, max_bits2);
496 /* Bias towards directly reachable IPs */
497 if (iface_local(ss1)) {
498 if (ss1->sa_family == AF_INET) {
504 if (iface_local(ss2)) {
505 if (ss2->sa_family == AF_INET) {
511 return max_bits2 - max_bits1;
514 /*******************************************************************
515 compare 2 ldap IPs by nearness to our interfaces - used in qsort
516 *******************************************************************/
518 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
522 if ((result = addr_compare((struct sockaddr *)&ss1->ss, (struct sockaddr *)&ss2->ss)) != 0) {
526 if (ss1->port > ss2->port) {
530 if (ss1->port < ss2->port) {
538 sort an IP list so that names that are close to one of our interfaces
539 are at the top. This prevents the problem where a WINS server returns an IP
540 that is not reachable from our subnet as the first match
543 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
549 qsort(sslist, count, sizeof(struct sockaddr_storage),
550 QSORT_CAST addr_compare);
553 static void sort_service_list(struct ip_service *servlist, int count)
559 qsort(servlist, count, sizeof(struct ip_service),
560 QSORT_CAST ip_service_compare);
563 /**********************************************************************
564 Remove any duplicate address/port pairs in the list
565 *********************************************************************/
567 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
571 DEBUG(10,("remove_duplicate_addrs2: "
572 "looking for duplicate address/port pairs\n"));
574 /* One loop to set duplicates to a zero addr. */
575 for ( i=0; i<count; i++ ) {
576 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
580 for ( j=i+1; j<count; j++ ) {
581 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
582 iplist[i].port == iplist[j].port) {
583 zero_sockaddr(&iplist[j].ss);
588 /* Now remove any addresses set to zero above. */
589 for (i = 0; i < count; i++) {
591 is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
595 (count-i-1)*sizeof(struct ip_service));
604 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
606 TALLOC_CTX *frame = talloc_stackframe();
607 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
610 if (iplist_new == NULL) {
617 /* Copy IPv4 first. */
618 for (i = 0; i < count; i++) {
619 if (iplist[i].ss.ss_family == AF_INET) {
620 iplist_new[j++] = iplist[i];
625 for (i = 0; i < count; i++) {
626 if (iplist[i].ss.ss_family != AF_INET) {
627 iplist_new[j++] = iplist[i];
631 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
636 /****************************************************************************
637 Do a netbios name query to find someones IP.
638 Returns an array of IP addresses or NULL if none.
639 *count will be set to the number of addresses returned.
640 *timed_out is set if we failed by timing out
641 ****************************************************************************/
643 struct sockaddr_storage *name_query(int fd,
648 const struct sockaddr_storage *to_ss,
655 int retry_time = bcast?250:2000;
657 struct packet_struct p;
658 struct packet_struct *p2;
659 struct nmb_packet *nmb = &p.packet.nmb;
660 struct sockaddr_storage *ss_list = NULL;
662 if (lp_disable_netbios()) {
663 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
668 if (to_ss->ss_family != AF_INET) {
676 memset((char *)&p,'\0',sizeof(p));
680 nmb->header.name_trn_id = generate_trn_id();
681 nmb->header.opcode = 0;
682 nmb->header.response = false;
683 nmb->header.nm_flags.bcast = bcast;
684 nmb->header.nm_flags.recursion_available = false;
685 nmb->header.nm_flags.recursion_desired = recurse;
686 nmb->header.nm_flags.trunc = false;
687 nmb->header.nm_flags.authoritative = false;
688 nmb->header.rcode = 0;
689 nmb->header.qdcount = 1;
690 nmb->header.ancount = 0;
691 nmb->header.nscount = 0;
692 nmb->header.arcount = 0;
694 make_nmb_name(&nmb->question.question_name,name,name_type);
696 nmb->question.question_type = 0x20;
697 nmb->question.question_class = 0x1;
699 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
703 p.timestamp = time(NULL);
704 p.packet_type = NMB_PACKET;
708 if (!send_packet(&p))
714 struct timeval tval2;
716 GetTimeOfDay(&tval2);
717 if (TvalDiff(&tval,&tval2) > retry_time) {
720 if (!found && !send_packet(&p))
726 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
727 struct nmb_packet *nmb2 = &p2->packet.nmb;
728 debug_nmb_packet(p2);
730 /* If we get a Negative Name Query Response from a WINS
731 * server, we should report it and give up.
733 if( 0 == nmb2->header.opcode /* A query response */
734 && !(bcast) /* from a WINS server */
735 && nmb2->header.rcode /* Error returned */
738 if( DEBUGLVL( 3 ) ) {
739 /* Only executed if DEBUGLEVEL >= 3 */
740 dbgtext( "Negative name query "
741 "response, rcode 0x%02x: ",
742 nmb2->header.rcode );
743 switch( nmb2->header.rcode ) {
746 "was invalidly formatted.\n" );
749 dbgtext( "Problem with NBNS, "
750 "cannot process name.\n");
753 dbgtext( "The name requested "
754 "does not exist.\n" );
757 dbgtext( "Unsupported request "
761 dbgtext( "Query refused "
765 dbgtext( "Unrecognized error "
774 if (nmb2->header.opcode != 0 ||
775 nmb2->header.nm_flags.bcast ||
776 nmb2->header.rcode ||
777 !nmb2->header.ancount) {
779 * XXXX what do we do with this? Could be a
780 * redirect, but we'll discard it for the
787 ss_list = SMB_REALLOC_ARRAY(ss_list,
788 struct sockaddr_storage,
790 nmb2->answers->rdlength/6);
793 DEBUG(0,("name_query: Realloc failed.\n"));
798 DEBUG(2,("Got a positive name query response "
802 for (i=0;i<nmb2->answers->rdlength/6;i++) {
804 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
805 in_addr_to_sockaddr_storage(&ss_list[(*count)],
807 DEBUGADD(2,("%s ",inet_ntoa(ip)));
814 /* We add the flags back ... */
815 if (nmb2->header.response)
816 (*flags) |= NM_FLAGS_RS;
817 if (nmb2->header.nm_flags.authoritative)
818 (*flags) |= NM_FLAGS_AA;
819 if (nmb2->header.nm_flags.trunc)
820 (*flags) |= NM_FLAGS_TC;
821 if (nmb2->header.nm_flags.recursion_desired)
822 (*flags) |= NM_FLAGS_RD;
823 if (nmb2->header.nm_flags.recursion_available)
824 (*flags) |= NM_FLAGS_RA;
825 if (nmb2->header.nm_flags.bcast)
826 (*flags) |= NM_FLAGS_B;
829 * If we're doing a unicast lookup we only
830 * expect one reply. Don't wait the full 2
831 * seconds if we got one. JRA.
838 /* only set timed_out if we didn't fund what we where looking for*/
840 if ( !found && timed_out ) {
844 /* sort the ip list so we choose close servers first if possible */
845 sort_addr_list(ss_list, *count);
850 /********************************************************
851 Convert an array if struct sockaddr_storage to struct ip_service
852 return false on failure. Port is set to PORT_NONE;
853 pcount is [in/out] - it is the length of ss_list on input,
854 and the length of return_iplist on output as we remove any
855 zero addresses from ss_list.
856 *********************************************************/
858 static bool convert_ss2service(struct ip_service **return_iplist,
859 const struct sockaddr_storage *ss_list,
863 int orig_count = *pcount;
866 if (orig_count==0 || !ss_list )
869 /* Filter out zero addrs. */
870 for ( i=0; i<orig_count; i++ ) {
871 if (is_zero_addr((struct sockaddr *)&ss_list[i])) {
880 /* copy the ip address; port will be PORT_NONE */
881 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, real_count)) ==
883 DEBUG(0,("convert_ip2service: malloc failed "
884 "for %d enetries!\n", real_count ));
888 for ( i=0, real_count = 0; i<orig_count; i++ ) {
889 if (is_zero_addr((struct sockaddr *)&ss_list[i])) {
892 (*return_iplist)[real_count].ss = ss_list[i];
893 (*return_iplist)[real_count].port = PORT_NONE;
897 *pcount = real_count;
901 /********************************************************
902 Resolve via "bcast" method.
903 *********************************************************/
905 NTSTATUS name_resolve_bcast(const char *name,
907 struct ip_service **return_iplist,
911 int num_interfaces = iface_count();
912 struct sockaddr_storage *ss_list;
913 struct sockaddr_storage ss;
916 if (lp_disable_netbios()) {
917 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
919 return NT_STATUS_INVALID_PARAMETER;
922 *return_iplist = NULL;
926 * "bcast" means do a broadcast lookup on all the local interfaces.
929 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
930 "for name %s<0x%x>\n", name, name_type));
932 if (!interpret_string_addr(&ss, lp_socket_address(),
933 AI_NUMERICHOST|AI_PASSIVE)) {
937 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
939 return NT_STATUS_UNSUCCESSFUL;
942 set_socket_options(sock,"SO_BROADCAST");
944 * Lookup the name on all the interfaces, return on
945 * the first successful match.
947 for( i = num_interfaces-1; i >= 0; i--) {
948 const struct sockaddr_storage *pss = iface_n_bcast(i);
951 /* Done this way to fix compiler error on IRIX 5.x */
955 ss_list = name_query(sock, name, name_type, true,
956 true, pss, return_count, &flags, NULL);
962 /* failed - no response */
965 return NT_STATUS_UNSUCCESSFUL;
969 status = NT_STATUS_OK;
970 if (!convert_ss2service(return_iplist, ss_list, return_count) )
971 status = NT_STATUS_INVALID_PARAMETER;
978 /********************************************************
979 Resolve via "wins" method.
980 *********************************************************/
982 NTSTATUS resolve_wins(const char *name,
984 struct ip_service **return_iplist,
989 struct sockaddr_storage src_ss, *ss_list = NULL;
990 struct in_addr src_ip;
993 if (lp_disable_netbios()) {
994 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
996 return NT_STATUS_INVALID_PARAMETER;
999 *return_iplist = NULL;
1002 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1005 if (wins_srv_count() < 1) {
1006 DEBUG(3,("resolve_wins: WINS server resolution selected "
1007 "and no WINS servers listed.\n"));
1008 return NT_STATUS_INVALID_PARAMETER;
1011 /* we try a lookup on each of the WINS tags in turn */
1012 wins_tags = wins_srv_tags();
1015 /* huh? no tags?? give up in disgust */
1016 return NT_STATUS_INVALID_PARAMETER;
1019 /* the address we will be sending from */
1020 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1021 AI_NUMERICHOST|AI_PASSIVE)) {
1022 zero_sockaddr(&src_ss);
1025 if (src_ss.ss_family != AF_INET) {
1026 char addr[INET6_ADDRSTRLEN];
1027 print_sockaddr(addr, sizeof(addr), &src_ss);
1028 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1029 "on IPv6 address %s\n",
1031 wins_srv_tags_free(wins_tags);
1032 return NT_STATUS_INVALID_PARAMETER;
1035 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1037 /* in the worst case we will try every wins server with every
1039 for (t=0; wins_tags && wins_tags[t]; t++) {
1040 int srv_count = wins_srv_count_tag(wins_tags[t]);
1041 for (i=0; i<srv_count; i++) {
1042 struct sockaddr_storage wins_ss;
1043 struct in_addr wins_ip;
1047 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1049 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1050 /* yikes! we'll loop forever */
1054 /* skip any that have been unresponsive lately */
1055 if (wins_srv_is_dead(wins_ip, src_ip)) {
1059 DEBUG(3,("resolve_wins: using WINS server %s "
1061 inet_ntoa(wins_ip), wins_tags[t]));
1063 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1068 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1069 ss_list = name_query(sock,
1079 /* exit loop if we got a list of addresses */
1087 /* Timed out wating for WINS server to respond.
1089 wins_srv_died(wins_ip, src_ip);
1091 /* The name definately isn't in this
1092 group of WINS servers.
1093 goto the next group */
1099 wins_srv_tags_free(wins_tags);
1100 return NT_STATUS_NO_LOGON_SERVERS;
1104 status = NT_STATUS_OK;
1105 if (!convert_ss2service(return_iplist, ss_list, return_count))
1106 status = NT_STATUS_INVALID_PARAMETER;
1109 wins_srv_tags_free(wins_tags);
1115 /********************************************************
1116 Resolve via "lmhosts" method.
1117 *********************************************************/
1119 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1120 struct ip_service **return_iplist,
1124 * "lmhosts" means parse the local lmhosts file.
1128 char *lmhost_name = NULL;
1130 struct sockaddr_storage return_ss;
1131 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1132 TALLOC_CTX *ctx = NULL;
1134 *return_iplist = NULL;
1137 DEBUG(3,("resolve_lmhosts: "
1138 "Attempting lmhosts lookup for name %s<0x%x>\n",
1141 fp = startlmhosts(get_dyn_LMHOSTSFILE());
1144 return NT_STATUS_NO_SUCH_FILE;
1146 ctx = talloc_init("resolve_lmhosts");
1149 return NT_STATUS_NO_MEMORY;
1152 while (getlmhostsent(ctx, fp, &lmhost_name, &name_type2, &return_ss)) {
1154 if (!strequal(name, lmhost_name)) {
1155 TALLOC_FREE(lmhost_name);
1159 if ((name_type2 != -1) && (name_type != name_type2)) {
1160 TALLOC_FREE(lmhost_name);
1164 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist),
1168 if ((*return_iplist) == NULL) {
1171 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
1172 return NT_STATUS_NO_MEMORY;
1175 (*return_iplist)[*return_count].ss = return_ss;
1176 (*return_iplist)[*return_count].port = PORT_NONE;
1179 /* we found something */
1180 status = NT_STATUS_OK;
1182 /* Multiple names only for DC lookup */
1183 if (name_type != 0x1c)
1193 /********************************************************
1194 Resolve via "hosts" method.
1195 *********************************************************/
1197 static NTSTATUS resolve_hosts(const char *name, int name_type,
1198 struct ip_service **return_iplist,
1202 * "host" means do a localhost, or dns lookup.
1204 struct addrinfo hints;
1205 struct addrinfo *ailist = NULL;
1206 struct addrinfo *res = NULL;
1210 if ( name_type != 0x20 && name_type != 0x0) {
1211 DEBUG(5, ("resolve_hosts: not appropriate "
1212 "for name type <0x%x>\n",
1214 return NT_STATUS_INVALID_PARAMETER;
1217 *return_iplist = NULL;
1220 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1224 /* By default make sure it supports TCP. */
1225 hints.ai_socktype = SOCK_STREAM;
1226 hints.ai_flags = AI_ADDRCONFIG;
1228 #if !defined(HAVE_IPV6)
1229 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1230 hints.ai_family = AF_INET;
1233 ret = getaddrinfo(name,
1238 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1240 gai_strerror(ret) ));
1243 for (res = ailist; res; res = res->ai_next) {
1244 struct sockaddr_storage ss;
1246 if (!res->ai_addr || res->ai_addrlen == 0) {
1251 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1253 if (is_zero_addr((struct sockaddr *)&ss)) {
1259 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1262 if (!*return_iplist) {
1263 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1264 freeaddrinfo(ailist);
1265 return NT_STATUS_NO_MEMORY;
1267 (*return_iplist)[i].ss = ss;
1268 (*return_iplist)[i].port = PORT_NONE;
1272 freeaddrinfo(ailist);
1274 if (*return_count) {
1275 return NT_STATUS_OK;
1277 return NT_STATUS_UNSUCCESSFUL;
1280 /********************************************************
1281 Resolve via "ADS" method.
1282 *********************************************************/
1284 static NTSTATUS resolve_ads(const char *name,
1286 const char *sitename,
1287 struct ip_service **return_iplist,
1293 struct dns_rr_srv *dcs = NULL;
1297 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1298 (name_type != 0x1b)) {
1299 return NT_STATUS_INVALID_PARAMETER;
1302 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1303 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1304 return NT_STATUS_NO_MEMORY;
1307 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1309 switch (name_type) {
1311 DEBUG(5,("resolve_ads: Attempting to resolve "
1312 "PDC for %s using DNS\n", name));
1313 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1317 DEBUG(5,("resolve_ads: Attempting to resolve "
1318 "DCs for %s using DNS\n", name));
1319 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1323 DEBUG(5,("resolve_ads: Attempting to resolve "
1324 "KDCs for %s using DNS\n", name));
1325 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1329 status = NT_STATUS_INVALID_PARAMETER;
1333 if ( !NT_STATUS_IS_OK( status ) ) {
1334 talloc_destroy(ctx);
1338 for (i=0;i<numdcs;i++) {
1339 numaddrs += MAX(dcs[i].num_ips,1);
1342 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1344 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1346 talloc_destroy(ctx);
1347 return NT_STATUS_NO_MEMORY;
1350 /* now unroll the list of IP addresses */
1355 while ( i < numdcs && (*return_count<numaddrs) ) {
1356 struct ip_service *r = &(*return_iplist)[*return_count];
1358 r->port = dcs[i].port;
1360 /* If we don't have an IP list for a name, lookup it up */
1363 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1367 /* use the IP addresses from the SRV sresponse */
1369 if ( j >= dcs[i].num_ips ) {
1375 r->ss = dcs[i].ss_s[j];
1379 /* make sure it is a valid IP. I considered checking the
1380 * negative connection cache, but this is the wrong place
1381 * for it. Maybe only as a hack. After think about it, if
1382 * all of the IP addresses returned from DNS are dead, what
1383 * hope does a netbios name lookup have ? The standard reason
1384 * for falling back to netbios lookups is that our DNS server
1385 * doesn't know anything about the DC's -- jerry */
1387 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1392 talloc_destroy(ctx);
1393 return NT_STATUS_OK;
1396 /*******************************************************************
1397 Internal interface to resolve a name into an IP address.
1398 Use this function if the string is either an IP address, DNS
1399 or host name or NetBIOS name. This uses the name switch in the
1400 smb.conf to determine the order of name resolution.
1402 Added support for ip addr/port to support ADS ldap servers.
1403 the only place we currently care about the port is in the
1404 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1405 **********************************************************************/
1407 NTSTATUS internal_resolve_name(const char *name,
1409 const char *sitename,
1410 struct ip_service **return_iplist,
1412 const char *resolve_order)
1416 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1418 TALLOC_CTX *frame = NULL;
1420 *return_iplist = NULL;
1423 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1424 name, name_type, sitename ? sitename : "(null)"));
1426 if (is_ipaddress(name)) {
1427 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1429 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1430 return NT_STATUS_NO_MEMORY;
1433 /* ignore the port here */
1434 (*return_iplist)->port = PORT_NONE;
1436 /* if it's in the form of an IP address then get the lib to interpret it */
1437 if (!interpret_string_addr(&(*return_iplist)->ss,
1438 name, AI_NUMERICHOST)) {
1439 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1442 SAFE_FREE(*return_iplist);
1443 return NT_STATUS_INVALID_PARAMETER;
1445 if (is_zero_addr((struct sockaddr *)&(*return_iplist)->ss)) {
1446 SAFE_FREE(*return_iplist);
1447 return NT_STATUS_UNSUCCESSFUL;
1450 return NT_STATUS_OK;
1453 /* Check name cache */
1455 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1456 *return_count = remove_duplicate_addrs2(*return_iplist,
1458 /* This could be a negative response */
1459 if (*return_count > 0) {
1460 return NT_STATUS_OK;
1462 return NT_STATUS_UNSUCCESSFUL;
1466 /* set the name resolution order */
1468 if (strcmp( resolve_order, "NULL") == 0) {
1469 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1470 return NT_STATUS_INVALID_PARAMETER;
1473 if (!resolve_order[0]) {
1476 ptr = resolve_order;
1479 /* iterate through the name resolution backends */
1481 frame = talloc_stackframe();
1482 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1483 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1484 status = resolve_hosts(name, name_type, return_iplist,
1486 if (NT_STATUS_IS_OK(status)) {
1489 } else if(strequal( tok, "kdc")) {
1490 /* deal with KDC_NAME_TYPE names here.
1491 * This will result in a SRV record lookup */
1492 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1493 return_iplist, return_count);
1494 if (NT_STATUS_IS_OK(status)) {
1495 /* Ensure we don't namecache
1496 * this with the KDC port. */
1497 name_type = KDC_NAME_TYPE;
1500 } else if(strequal( tok, "ads")) {
1501 /* deal with 0x1c and 0x1b names here.
1502 * This will result in a SRV record lookup */
1503 status = resolve_ads(name, name_type, sitename,
1504 return_iplist, return_count);
1505 if (NT_STATUS_IS_OK(status)) {
1508 } else if(strequal( tok, "lmhosts")) {
1509 status = resolve_lmhosts(name, name_type,
1510 return_iplist, return_count);
1511 if (NT_STATUS_IS_OK(status)) {
1514 } else if(strequal( tok, "wins")) {
1515 /* don't resolve 1D via WINS */
1516 if (name_type != 0x1D) {
1517 status = resolve_wins(name, name_type,
1520 if (NT_STATUS_IS_OK(status)) {
1524 } else if(strequal( tok, "bcast")) {
1525 status = name_resolve_bcast(name, name_type,
1528 if (NT_STATUS_IS_OK(status)) {
1532 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1537 /* All of the resolve_* functions above have returned false. */
1540 SAFE_FREE(*return_iplist);
1543 return NT_STATUS_UNSUCCESSFUL;
1547 /* Remove duplicate entries. Some queries, notably #1c (domain
1548 controllers) return the PDC in iplist[0] and then all domain
1549 controllers including the PDC in iplist[1..n]. Iterating over
1550 the iplist when the PDC is down will cause two sets of timeouts. */
1552 *return_count = remove_duplicate_addrs2(*return_iplist, *return_count );
1554 /* Save in name cache */
1555 if ( DEBUGLEVEL >= 100 ) {
1556 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1557 char addr[INET6_ADDRSTRLEN];
1558 print_sockaddr(addr, sizeof(addr),
1559 &(*return_iplist)[i].ss);
1560 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1564 (*return_iplist)[i].port));
1568 if (*return_count) {
1569 namecache_store(name, name_type, *return_count, *return_iplist);
1572 /* Display some debugging info */
1574 if ( DEBUGLEVEL >= 10 ) {
1575 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1578 for (i = 0; i < *return_count; i++) {
1579 char addr[INET6_ADDRSTRLEN];
1580 print_sockaddr(addr, sizeof(addr),
1581 &(*return_iplist)[i].ss);
1582 DEBUGADD(10, ("%s:%d ",
1584 (*return_iplist)[i].port));
1593 /********************************************************
1594 Internal interface to resolve a name into one IP address.
1595 Use this function if the string is either an IP address, DNS
1596 or host name or NetBIOS name. This uses the name switch in the
1597 smb.conf to determine the order of name resolution.
1598 *********************************************************/
1600 bool resolve_name(const char *name,
1601 struct sockaddr_storage *return_ss,
1605 struct ip_service *ss_list = NULL;
1606 char *sitename = NULL;
1609 if (is_ipaddress(name)) {
1610 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1613 sitename = sitename_fetch(lp_realm()); /* wild guess */
1615 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1617 lp_name_resolve_order()))) {
1621 for (i=0; i<count; i++) {
1622 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1623 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
1624 (ss_list[i].ss.ss_family == AF_INET)) {
1625 *return_ss = ss_list[i].ss;
1627 SAFE_FREE(sitename);
1633 /* only return valid addresses for TCP connections */
1634 for (i=0; i<count; i++) {
1635 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1636 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1637 *return_ss = ss_list[i].ss;
1639 SAFE_FREE(sitename);
1646 SAFE_FREE(sitename);
1650 /********************************************************
1651 Internal interface to resolve a name into a list of IP addresses.
1652 Use this function if the string is either an IP address, DNS
1653 or host name or NetBIOS name. This uses the name switch in the
1654 smb.conf to determine the order of name resolution.
1655 *********************************************************/
1657 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1660 struct sockaddr_storage **return_ss_arr,
1661 unsigned int *p_num_entries)
1663 struct ip_service *ss_list = NULL;
1664 char *sitename = NULL;
1667 unsigned int num_entries;
1671 *return_ss_arr = NULL;
1673 if (is_ipaddress(name)) {
1674 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1675 if (!*return_ss_arr) {
1676 return NT_STATUS_NO_MEMORY;
1678 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1679 TALLOC_FREE(*return_ss_arr);
1680 return NT_STATUS_BAD_NETWORK_NAME;
1683 return NT_STATUS_OK;
1686 sitename = sitename_fetch(lp_realm()); /* wild guess */
1688 status = internal_resolve_name(name, name_type, sitename,
1690 lp_name_resolve_order());
1691 SAFE_FREE(sitename);
1693 if (!NT_STATUS_IS_OK(status)) {
1697 /* only return valid addresses for TCP connections */
1698 for (i=0, num_entries = 0; i<count; i++) {
1699 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1700 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1704 if (num_entries == 0) {
1706 return NT_STATUS_BAD_NETWORK_NAME;
1709 *return_ss_arr = TALLOC_ARRAY(ctx,
1710 struct sockaddr_storage,
1712 if (!(*return_ss_arr)) {
1714 return NT_STATUS_NO_MEMORY;
1717 for (i=0, num_entries = 0; i<count; i++) {
1718 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1719 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1720 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
1724 status = NT_STATUS_OK;
1725 *p_num_entries = num_entries;
1728 return NT_STATUS_OK;
1731 /********************************************************
1732 Find the IP address of the master browser or DMB for a workgroup.
1733 *********************************************************/
1735 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1737 struct ip_service *ip_list = NULL;
1741 if (lp_disable_netbios()) {
1742 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1746 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1747 lp_name_resolve_order());
1748 if (NT_STATUS_IS_OK(status)) {
1749 *master_ss = ip_list[0].ss;
1754 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1755 lp_name_resolve_order());
1756 if (NT_STATUS_IS_OK(status)) {
1757 *master_ss = ip_list[0].ss;
1766 /********************************************************
1767 Get the IP address list of the primary domain controller
1769 *********************************************************/
1771 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1773 struct ip_service *ip_list = NULL;
1775 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1777 /* Look up #1B name */
1779 if (lp_security() == SEC_ADS) {
1780 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1784 if (!NT_STATUS_IS_OK(status) || count == 0) {
1785 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1787 lp_name_resolve_order());
1788 if (!NT_STATUS_IS_OK(status)) {
1793 /* if we get more than 1 IP back we have to assume it is a
1794 multi-homed PDC and not a mess up */
1797 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1798 sort_service_list(ip_list, count);
1801 *pss = ip_list[0].ss;
1806 /* Private enum type for lookups. */
1808 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1810 /********************************************************
1811 Get the IP address list of the domain controllers for
1813 *********************************************************/
1815 static NTSTATUS get_dc_list(const char *domain,
1816 const char *sitename,
1817 struct ip_service **ip_list,
1819 enum dc_lookup_type lookup_type,
1822 char *resolve_order = NULL;
1823 char *saf_servername = NULL;
1824 char *pserver = NULL;
1826 char *port_str = NULL;
1829 int num_addresses = 0;
1830 int local_count, i, j;
1831 struct ip_service *return_iplist = NULL;
1832 struct ip_service *auto_ip_list = NULL;
1833 bool done_auto_lookup = false;
1836 TALLOC_CTX *ctx = talloc_init("get_dc_list");
1842 return NT_STATUS_NO_MEMORY;
1847 /* if we are restricted to solely using DNS for looking
1848 up a domain controller, make sure that host lookups
1849 are enabled for the 'name resolve order'. If host lookups
1850 are disabled and ads_only is True, then set the string to
1853 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1854 if (!resolve_order) {
1855 status = NT_STATUS_NO_MEMORY;
1858 strlower_m(resolve_order);
1859 if (lookup_type == DC_ADS_ONLY) {
1860 if (strstr( resolve_order, "host")) {
1861 resolve_order = talloc_strdup(ctx, "ads");
1863 /* DNS SRV lookups used by the ads resolver
1864 are already sorted by priority and weight */
1867 resolve_order = talloc_strdup(ctx, "NULL");
1869 } else if (lookup_type == DC_KDC_ONLY) {
1870 /* DNS SRV lookups used by the ads/kdc resolver
1871 are already sorted by priority and weight */
1873 resolve_order = talloc_strdup(ctx, "kdc");
1875 if (!resolve_order) {
1876 status = NT_STATUS_NO_MEMORY;
1880 /* fetch the server we have affinity for. Add the
1881 'password server' list to a search for our domain controllers */
1883 saf_servername = saf_fetch( domain);
1885 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1886 pserver = talloc_asprintf(NULL, "%s, %s",
1887 saf_servername ? saf_servername : "",
1888 lp_passwordserver());
1890 pserver = talloc_asprintf(NULL, "%s, *",
1891 saf_servername ? saf_servername : "");
1894 SAFE_FREE(saf_servername);
1896 status = NT_STATUS_NO_MEMORY;
1900 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1903 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1904 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1905 count, resolve_order);
1909 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1912 * if '*' appears in the "password server" list then add
1913 * an auto lookup to the list of manually configured
1914 * DC's. If any DC is listed by name, then the list should be
1915 * considered to be ordered
1919 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1920 if (!done_auto_lookup && strequal(name, "*")) {
1921 status = internal_resolve_name(domain, 0x1C, sitename,
1925 if (NT_STATUS_IS_OK(status)) {
1926 num_addresses += auto_count;
1928 done_auto_lookup = true;
1929 DEBUG(8,("Adding %d DC's from auto lookup\n",
1936 /* if we have no addresses and haven't done the auto lookup, then
1937 just return the list of DC's. Or maybe we just failed. */
1939 if ((num_addresses == 0)) {
1940 if (done_auto_lookup) {
1941 DEBUG(4,("get_dc_list: no servers found\n"));
1942 status = NT_STATUS_NO_LOGON_SERVERS;
1945 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1946 count, resolve_order);
1950 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1951 num_addresses)) == NULL) {
1952 DEBUG(3,("get_dc_list: malloc fail !\n"));
1953 status = NT_STATUS_NO_MEMORY;
1960 /* fill in the return list now with real IP's */
1962 while ((local_count<num_addresses) &&
1963 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1964 struct sockaddr_storage name_ss;
1966 /* copy any addersses from the auto lookup */
1968 if (strequal(name, "*")) {
1969 for (j=0; j<auto_count; j++) {
1970 char addr[INET6_ADDRSTRLEN];
1971 print_sockaddr(addr,
1973 &auto_ip_list[j].ss);
1974 /* Check for and don't copy any
1975 * known bad DC IP's. */
1976 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1979 DEBUG(5,("get_dc_list: "
1980 "negative entry %s removed "
1985 return_iplist[local_count].ss =
1987 return_iplist[local_count].port =
1988 auto_ip_list[j].port;
1994 /* added support for address:port syntax for ads
1995 * (not that I think anyone will ever run the LDAP
1996 * server in an AD domain on something other than
1999 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2000 if ((port_str=strchr(name, ':')) != NULL) {
2003 port = atoi(port_str);
2006 /* explicit lookup; resolve_name() will
2007 * handle names & IP addresses */
2008 if (resolve_name( name, &name_ss, 0x20, true )) {
2009 char addr[INET6_ADDRSTRLEN];
2010 print_sockaddr(addr,
2014 /* Check for and don't copy any known bad DC IP's. */
2015 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2017 DEBUG(5,("get_dc_list: negative entry %s "
2018 "removed from DC list\n",
2023 return_iplist[local_count].ss = name_ss;
2024 return_iplist[local_count].port = port;
2030 /* need to remove duplicates in the list if we have any
2031 explicit password servers */
2033 local_count = remove_duplicate_addrs2(return_iplist, local_count );
2035 /* For DC's we always prioritize IPv4 due to W2K3 not
2036 * supporting LDAP, KRB5 or CLDAP over IPv6. */
2038 if (local_count && return_iplist) {
2039 prioritize_ipv4_list(return_iplist, local_count);
2042 if ( DEBUGLEVEL >= 4 ) {
2043 DEBUG(4,("get_dc_list: returning %d ip addresses "
2044 "in an %sordered list\n",
2046 *ordered ? "":"un"));
2047 DEBUG(4,("get_dc_list: "));
2048 for ( i=0; i<local_count; i++ ) {
2049 char addr[INET6_ADDRSTRLEN];
2050 print_sockaddr(addr,
2052 &return_iplist[i].ss);
2053 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2058 *ip_list = return_iplist;
2059 *count = local_count;
2061 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2065 if (!NT_STATUS_IS_OK(status)) {
2066 SAFE_FREE(return_iplist);
2071 SAFE_FREE(auto_ip_list);
2076 /*********************************************************************
2077 Small wrapper function to get the DC list and sort it if neccessary.
2078 *********************************************************************/
2080 NTSTATUS get_sorted_dc_list( const char *domain,
2081 const char *sitename,
2082 struct ip_service **ip_list,
2086 bool ordered = false;
2088 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2093 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2094 "for name %s (sitename %s) using [%s]\n",
2096 sitename ? sitename : "NULL",
2097 (ads_only ? "ads" : lp_name_resolve_order())));
2100 lookup_type = DC_ADS_ONLY;
2103 status = get_dc_list(domain, sitename, ip_list,
2104 count, lookup_type, &ordered);
2105 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2107 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2108 " in site %s, fallback to all servers\n",
2110 status = get_dc_list(domain, NULL, ip_list,
2111 count, lookup_type, &ordered);
2114 if (!NT_STATUS_IS_OK(status)) {
2115 SAFE_FREE(*ip_list);
2120 /* only sort if we don't already have an ordered list */
2122 sort_service_list(*ip_list, *count);
2125 return NT_STATUS_OK;
2128 /*********************************************************************
2129 Get the KDC list - re-use all the logic in get_dc_list.
2130 *********************************************************************/
2132 NTSTATUS get_kdc_list( const char *realm,
2133 const char *sitename,
2134 struct ip_service **ip_list,
2143 status = get_dc_list(realm, sitename, ip_list,
2144 count, DC_KDC_ONLY, &ordered);
2146 if (!NT_STATUS_IS_OK(status)) {
2147 SAFE_FREE(*ip_list);
2152 /* only sort if we don't already have an ordered list */
2154 sort_service_list(*ip_list, *count);
2157 return NT_STATUS_OK;