IDMAP_LIBS=@IDMAP_LIBS@
ADSLIBS=@ADSLIBS@
KRB5LIBS=@KRB5_LIBS@
+LDAPLIBS=@LDAP_LIBS@
LINK=$(CC) $(FLAGS) $(LDFLAGS)
SECRETS_OBJ = passdb/secrets.o
LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \
- libsmb/namequery.o
+ libsmb/namequery.o libsmb/conncache.o
LIBSAMBA_OBJ = libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o libsmb/ntlmssp.o libsmb/ntlmssp_parse.o libsmb/ntlmssp_sign.o
libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
libsmb/passchange.o libsmb/doserr.o \
libsmb/trustdom_cache.o \
- $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ)
+ $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ)
LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o \
bin/nmbd@EXEEXT@: $(NMBD_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
bin/wrepld@EXEEXT@: $(WREPL_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
bin/smbclient@EXEEXT@: $(CLIENT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
bin/net@EXEEXT@: $(NET_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
bin/smbspool@EXEEXT@: $(CUPS_OBJ) bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAPLIBS)
bin/smbmount@EXEEXT@: $(MOUNT_OBJ) bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS)
bin/smbmnt@EXEEXT@: $(MNT_OBJ) bin/.dummy
@echo Linking $@
bin/smbtree@EXEEXT@: $(SMBTREE_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy
@echo Linking $@
bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@
+ @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(LDAPLIBS)
bin/smbtorture@EXEEXT@: $(SMBTORTURE_OBJ) bin/.dummy
@echo Linking $@
bin/smbcacls@EXEEXT@: $(SMBCACLS_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
bin/smbcquotas@EXEEXT@: $(SMBCQUOTAS_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SMBCQUOTAS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(SMBCQUOTAS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
bin/locktest@EXEEXT@: $(LOCKTEST_OBJ) bin/.dummy
@echo Linking $@
bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy
@echo "Linking $@"
- @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) @LDAP_LIBS@
+ @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) $(LDAPLIBS)
@WINBIND_NSS@: $(WINBIND_NSS_PICOBJS)
@echo "Linking $@"
bin/ldapsam.@SHLIBEXT@: passdb/pdb_ldap.po
@echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) @LDAP_LIBS@ -o $@ passdb/pdb_ldap.po \
+ @$(SHLD) $(LDSHFLAGS) $(LDAPLIBS) -o $@ passdb/pdb_ldap.po \
@SONAMEFLAG@`basename $@`
bin/tdbsam.@SHLIBEXT@: passdb/pdb_tdb.po
if (is_zero_ip(*ip))
return NT_STATUS_NO_LOGON_SERVERS;
- if (!lookup_dc_name(global_myname(), domain, ip, dc_name))
+ if ( !name_status_find( domain, 0x1b, 0x20, *ip, dc_name) )
return NT_STATUS_NO_LOGON_SERVERS;
for (i = 0; (!NT_STATUS_IS_OK(ret)) && retry && (i < 3); i++)
#include "popt_common.h"
+#define PORT_NONE 0
+
+/* used by the IP comparison function */
+struct ip_service {
+ struct in_addr ip;
+ unsigned port;
+};
+
#endif /* _SMB_H */
****************************************************************************/
#define ip_equal(ip1,ip2) ((ip1).s_addr == (ip2).s_addr)
+#define ip_service_equal(ip1,ip2) ( ((ip1).ip.s_addr == (ip2).ip.s_addr) && ((ip1).port == (ip2).port) )
/*****************************************************************
splits out the last subkey of a key
return unix_do_match(p2, s2) == 0;
}
+
#ifdef __INSURE__
/*******************************************************************
BOOL next_token(const char **ptr,char *buff, const char *sep, size_t bufsize)
{
const char *s;
+ char *pbuf;
BOOL quoted;
size_t len=1;
return(False);
/* copy over the token */
+ pbuf = buff;
for (quoted = False; len < bufsize && *s && (quoted || !strchr_m(sep,*s)); s++) {
if (*s == '\"') {
quoted = !quoted;
} else {
len++;
- *buff++ = *s;
+ *pbuf++ = *s;
}
}
*ptr = (*s) ? s+1 : s;
- *buff = 0;
+ *pbuf = 0;
return(True);
}
#define IPSTR_LIST_SEP ","
+#define IPSTR_LIST_CHAR ','
/**
* Add ip string representation to ipstr list. Used also
* reallocated to new length
**/
-char* ipstr_list_add(char** ipstr_list, const struct in_addr *ip)
+char* ipstr_list_add(char** ipstr_list, const struct ip_service *service)
{
char* new_ipstr = NULL;
/* arguments checking */
- if (!ipstr_list || !ip) return NULL;
+ if (!ipstr_list || !service) return NULL;
/* attempt to convert ip to a string and append colon separator to it */
if (*ipstr_list) {
- asprintf(&new_ipstr, "%s%s%s", *ipstr_list, IPSTR_LIST_SEP,inet_ntoa(*ip));
+ asprintf(&new_ipstr, "%s%s%s:%d", *ipstr_list, IPSTR_LIST_SEP,
+ inet_ntoa(service->ip), service->port);
SAFE_FREE(*ipstr_list);
} else {
- asprintf(&new_ipstr, "%s", inet_ntoa(*ip));
+ asprintf(&new_ipstr, "%s:%d", inet_ntoa(service->ip), service->port);
}
*ipstr_list = new_ipstr;
return *ipstr_list;
* @return pointer to allocated ip string
**/
-char* ipstr_list_make(char** ipstr_list, const struct in_addr* ip_list, int ip_count)
+char* ipstr_list_make(char** ipstr_list, const struct ip_service* ip_list, int ip_count)
{
int i;
/**
* Parse given ip string list into array of ip addresses
- * (as in_addr structures)
+ * (as ip_service structures)
+ * e.g. 192.168.1.100:389,192.168.1.78, ...
*
* @param ipstr ip string list to be parsed
* @param ip_list pointer to array of ip addresses which is
* @return number of succesfully parsed addresses
**/
-int ipstr_list_parse(const char* ipstr_list, struct in_addr** ip_list)
+int ipstr_list_parse(const char* ipstr_list, struct ip_service **ip_list)
{
fstring token_str;
- int count;
+ size_t count;
+ int i;
- if (!ipstr_list || !ip_list) return 0;
+ if (!ipstr_list || !ip_list)
+ return 0;
+
+ count = count_chars(ipstr_list, IPSTR_LIST_CHAR) + 1;
+ if ( (*ip_list = (struct ip_service*)malloc(count * sizeof(struct ip_service))) == NULL ) {
+ DEBUG(0,("ipstr_list_parse: malloc failed for %d entries\n", count));
+ return 0;
+ }
- for (*ip_list = NULL, count = 0;
- next_token(&ipstr_list, token_str, IPSTR_LIST_SEP, FSTRING_LEN);
- count++) {
-
+ for ( i=0;
+ next_token(&ipstr_list, token_str, IPSTR_LIST_SEP, FSTRING_LEN) && i<count;
+ i++ )
+ {
struct in_addr addr;
+ unsigned port = 0;
+ char *p = strchr(token_str, ':');
+
+ if (p) {
+ *p = 0;
+ port = atoi(p+1);
+ }
/* convert single token to ip address */
if ( (addr.s_addr = inet_addr(token_str)) == INADDR_NONE )
break;
-
- /* prepare place for another in_addr structure */
- *ip_list = Realloc(*ip_list, (count + 1) * sizeof(struct in_addr));
- if (!*ip_list) return -1;
-
- (*ip_list)[count] = addr;
+
+ (*ip_list)[i].ip = addr;
+ (*ip_list)[i].port = port;
}
return count;
static char *wins_srv_keystr(struct in_addr wins_ip, struct in_addr src_ip)
{
- char *keystr;
+ char *keystr = NULL, *wins_ip_addr = NULL, *src_ip_addr = NULL;
- if (asprintf(&keystr, WINS_SRV_FMT, inet_ntoa(wins_ip),
- inet_ntoa(src_ip)) == -1) {
- DEBUG(0, ("wins_srv_is_dead: malloc error\n"));
- return NULL;
+ wins_ip_addr = strdup(inet_ntoa(wins_ip));
+ src_ip_addr = strdup(inet_ntoa(src_ip));
+
+ if ( !wins_ip_addr || !src_ip_addr ) {
+ DEBUG(0,("wins_srv_keystr: malloc error\n"));
+ goto done;
}
+ if (asprintf(&keystr, WINS_SRV_FMT, wins_ip_addr, src_ip_addr) == -1) {
+ DEBUG(0, (": ns_srv_keystr: malloc error for key string\n"));
+ }
+
+done:
+ SAFE_FREE(wins_ip_addr);
+ SAFE_FREE(src_ip_addr);
+
return keystr;
}
ads->server.workgroup = workgroup ? strdup(workgroup) : NULL;
ads->server.ldap_server = ldap_server? strdup(ldap_server) : NULL;
- /* we need to know if this is a foreign realm to know if we can
- use lp_ads_server() */
+ /* we need to know if this is a foreign realm */
if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
ads->server.foreign = 1;
}
return False;
}
-/* used by the IP comparison function */
-struct ldap_ip {
- struct in_addr ip;
- unsigned port;
-};
-
-/* compare 2 ldap IPs by nearness to our interfaces - used in qsort */
-static int ldap_ip_compare(struct ldap_ip *ip1, struct ldap_ip *ip2)
-{
- return ip_compare(&ip1->ip, &ip2->ip);
-}
+/**********************************************************************
+ Try to find an AD dc using our internal name resolution routines
+ Try the realm first and then then workgroup name if netbios is not
+ disabled
+**********************************************************************/
-/* try connecting to a ldap server via DNS */
-static BOOL ads_try_dns(ADS_STRUCT *ads)
+static BOOL ads_find_dc(ADS_STRUCT *ads)
{
const char *c_realm;
- const char *ptr;
- char *realm;
- char *list = NULL;
- pstring tok;
- struct ldap_ip *ip_list;
int count, i=0;
+ struct ip_service *ip_list;
+ pstring realm;
+ BOOL got_realm = False;
+ /* realm */
c_realm = ads->server.realm;
if (!c_realm || !*c_realm) {
c_realm = lp_realm();
}
- if (!c_realm || !*c_realm) {
- c_realm = ads->server.workgroup;
- }
- if (!c_realm || !*c_realm) {
- c_realm = lp_workgroup();
- }
- if (!c_realm) {
- return False;
- }
- realm = smb_xstrdup(c_realm);
+ if ( c_realm )
+ got_realm = True;
- DEBUG(6,("ads_try_dns: looking for realm '%s'\n", realm));
- if (ldap_domain2hostlist(realm, &list) != LDAP_SUCCESS) {
- SAFE_FREE(realm);
- return False;
+
+again:
+ /* we need to try once with the realm name and fallback to the
+ netbios domain name if we fail (if netbios has not been disabled */
+
+ if ( !got_realm && !lp_disable_netbios() ) {
+ c_realm = ads->server.workgroup;
+ if (!c_realm || !*c_realm)
+ c_realm = lp_workgroup();
+ if (!c_realm)
+ return False;
}
+
+ pstrcpy( realm, c_realm );
- DEBUG(6,("ads_try_dns: ldap realm '%s' host list '%s'\n", realm, list));
- SAFE_FREE(realm);
-
- count = count_chars(list, ' ') + 1;
- ip_list = malloc(count * sizeof(struct ldap_ip));
- if (!ip_list) {
- return False;
- }
+ DEBUG(6,("ads_try_dns: looking for %s realm '%s'\n",
+ (got_realm ? "realm" : "domain"), realm));
- ptr = list;
- while (next_token(&ptr, tok, " ", sizeof(tok))) {
- unsigned port = LDAP_PORT;
- char *p = strchr(tok, ':');
- if (p) {
- *p = 0;
- port = atoi(p+1);
- }
- ip_list[i].ip = *interpret_addr2(tok);
- ip_list[i].port = port;
- if (!is_zero_ip(ip_list[i].ip)) {
- i++;
+ if ( !get_sorted_dc_list(realm, &ip_list, &count, got_realm) ) {
+ /* fall back to netbios if we can */
+ if ( got_realm && !lp_disable_netbios() ) {
+ got_realm = False;
+ goto again;
}
+
+ return False;
}
- free(list);
-
- count = i;
-
- /* we sort the list of addresses by closeness to our interfaces. This
- tries to prevent us using a DC on the other side of the country */
- if (count > 1) {
- qsort(ip_list, count, sizeof(struct ldap_ip),
- QSORT_CAST ldap_ip_compare);
- }
-
- for (i=0;i<count;i++) {
- if (ads_try_connect(ads, inet_ntoa(ip_list[i].ip), ip_list[i].port)) {
- free(ip_list);
+
+ /* if we fail this loop, then giveup since all the IP addresses returned were dead */
+ for ( i=0; i<count; i++ ) {
+ /* since this is an ads conection request, default to LDAP_PORT is not set */
+ int port = (ip_list[i].port!=PORT_NONE) ? ip_list[i].port : LDAP_PORT;
+
+ if ( ads_try_connect(ads, inet_ntoa(ip_list[i].ip), port) ) {
+ SAFE_FREE(ip_list);
return True;
}
+
+ /* keep track of failures */
+ add_failed_connection_entry( realm, inet_ntoa(ip_list[i].ip), NT_STATUS_UNSUCCESSFUL );
}
SAFE_FREE(ip_list);
+
return False;
}
-/* try connecting to a ldap server via netbios */
-static BOOL ads_try_netbios(ADS_STRUCT *ads)
-{
- struct in_addr *ip_list, pdc_ip;
- int count;
- int i;
- const char *workgroup = ads->server.workgroup;
- BOOL list_ordered;
-
- if (!workgroup) {
- workgroup = lp_workgroup();
- }
-
- DEBUG(6,("ads_try_netbios: looking for workgroup '%s'\n", workgroup));
-
- /* try the PDC first */
- if (get_pdc_ip(workgroup, &pdc_ip)) {
- DEBUG(6,("ads_try_netbios: trying server '%s'\n",
- inet_ntoa(pdc_ip)));
- if (ads_try_connect(ads, inet_ntoa(pdc_ip), LDAP_PORT))
- return True;
- }
-
- /* now any DC, including backups */
- if (get_dc_list(workgroup, &ip_list, &count, &list_ordered)) {
- for (i=0;i<count;i++) {
- DEBUG(6,("ads_try_netbios: trying server '%s'\n",
- inet_ntoa(ip_list[i])));
- if (ads_try_connect(ads, inet_ntoa(ip_list[i]), LDAP_PORT)) {
- free(ip_list);
- return True;
- }
- }
- free(ip_list);
- }
-
- return False;
-}
/**
* Connect to the LDAP server
goto got_connection;
}
- /* try with a smb.conf ads server setting if we are connecting
- to the primary workgroup or realm */
- if (!ads->server.foreign &&
- ads_try_connect(ads, lp_ads_server(), LDAP_PORT)) {
- goto got_connection;
- }
-
- /* try via DNS */
- if (ads_try_dns(ads)) {
- goto got_connection;
- }
-
- /* try via netbios lookups */
- if (!lp_disable_netbios() && ads_try_netbios(ads)) {
+ if (ads_find_dc(ads)) {
goto got_connection;
}
struct cli_state *get_ipc_connect_master_ip_bcast(pstring workgroup, struct user_auth_info *user_info)
{
- struct in_addr *ip_list;
+ struct ip_service *ip_list;
struct cli_state *cli;
int i, count;
struct in_addr server_ip;
for (i = 0; i < count; i++) {
static fstring name;
- if (!name_status_find("*", 0, 0x1d, ip_list[i], name))
+ if (!name_status_find("*", 0, 0x1d, ip_list[i].ip, name))
continue;
if (!find_master_ip(name, &server_ip))
pstrcpy(workgroup, name);
DEBUG(4, ("found master browser %s, %s\n",
- name, inet_ntoa(ip_list[i])));
+ name, inet_ntoa(ip_list[i].ip)));
cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info);
**/
BOOL namecache_store(const char *name, int name_type,
- int num_names, struct in_addr *ip_list)
+ int num_names, struct ip_service *ip_list)
{
time_t expiry;
char *key, *value_string;
*/
if (!gencache_init()) return False;
- DEBUG(5, ("namecache_store: storing %d address%s for %s#%02x: ",
- num_names, num_names == 1 ? "": "es", name, name_type));
-
- for (i = 0; i < num_names; i++)
- DEBUGADD(5, ("%s%s", inet_ntoa(ip_list[i]),
- i == (num_names - 1) ? "" : ", "));
-
- DEBUGADD(5, ("\n"));
+ if ( DEBUGLEVEL >= 5 ) {
+ DEBUG(5, ("namecache_store: storing %d address%s for %s#%02x: ",
+ num_names, num_names == 1 ? "": "es", name, name_type));
+ for (i = 0; i < num_names; i++)
+ DEBUGADD(5, ("%s:%d%s", inet_ntoa(ip_list[i].ip),
+ ip_list[i].port, (i == (num_names - 1) ? "" : ",")));
+
+ DEBUGADD(5, ("\n"));
+ }
+
key = namecache_key(name, name_type);
-
- /*
- * Cache pdc location or dc lists for only a little while
- * otherwise if we lock on to a bad DC we can potentially be
- * out of action for the entire cache timeout time!
- */
-
-#if 0
- /*
- * I don't think we need to do this. We are
- * checking at a higher level for failed DC
- * connections. JRA.
- */
-
- if (name_type == 0x1b || name_type == 0x1c)
- expiry = time(NULL) + 10;
- else
- expiry = time(NULL) + lp_name_cache_timeout();
-#endif
expiry = time(NULL) + lp_name_cache_timeout();
/*
* false if name isn't found in the cache or has expired
**/
-BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
+BOOL namecache_fetch(const char *name, int name_type, struct ip_service **ip_list,
int *num_names)
{
char *key, *value;
*num_names = ipstr_list_parse(value, ip_list);
SAFE_FREE(key);
- SAFE_FREE(value);
+ SAFE_FREE(value);
+
return *num_names > 0; /* true only if some ip has been fetched */
}
pull_ascii(name, status[i].name, 16, 15, STR_TERMINATE);
/* Store the result in the cache. */
- namecache_status_store(q_name, q_type, type, to_ip, name);
+ /* but don't store an entry for 0x1c names here. Here we have
+ a single host and DOMAIN<0x1c> names should be a list of hosts */
+
+ if ( q_type != 0x1c )
+ namecache_status_store(q_name, q_type, type, to_ip, name);
result = True;
return max_bits2 - max_bits1;
}
+/*******************************************************************
+ compare 2 ldap IPs by nearness to our interfaces - used in qsort
+*******************************************************************/
+
+static int ip_service_compare(struct ip_service *ip1, struct ip_service *ip2)
+{
+ int result;
+
+ if ( (result = ip_compare(&ip1->ip, &ip2->ip)) != 0 )
+ return result;
+
+ if ( ip1->port > ip2->port )
+ return 1;
+
+ if ( ip1->port < ip2->port )
+ return -1;
+
+ return 0;
+}
+
/*
sort an IP list so that names that are close to one of our interfaces
are at the top. This prevents the problem where a WINS server returns an IP that
qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
}
+void sort_ip_list2(struct ip_service *iplist, int count)
+{
+ if (count <= 1) {
+ return;
+ }
+
+ qsort(iplist, count, sizeof(struct ip_service), QSORT_CAST ip_service_compare);
+}
+
+/**********************************************************************
+ Remove any duplicate address/port pairs in the list
+ *********************************************************************/
+
+static int remove_duplicate_addrs2( struct ip_service *iplist, int count )
+{
+ int i, j;
+
+ DEBUG(10,("remove_duplicate_addrs2: looking for duplicate address/port pairs\n"));
+
+ /* one loop to remove duplicates */
+ for ( i=0; i<count; i++ ) {
+ if ( is_zero_ip(iplist[i].ip) )
+ continue;
+
+ for ( j=i+1; j<count; j++ ) {
+ if ( ip_service_equal(iplist[i], iplist[j]) )
+ zero_ip(&iplist[j].ip);
+ }
+ }
+
+ /* one loop to clean up any holes we left */
+ /* first ip should never be a zero_ip() */
+ for (i = 0; i<count; ) {
+ if ( is_zero_ip(iplist[i].ip) ) {
+ if (i != count-1 )
+ memmove(&iplist[i], &iplist[i+1], (count - i - 1)*sizeof(iplist[i]));
+ count--;
+ continue;
+ }
+ i++;
+ }
+
+ return count;
+}
+
/****************************************************************************
Do a netbios name query to find someones IP.
Returns an array of IP addresses or NULL if none.
x_fclose(fp);
}
+/********************************************************
+ convert an array if struct in_addrs to struct ip_service
+ return False on failure. Port is set to PORT_NONE;
+*********************************************************/
+
+static BOOL convert_ip2service( struct ip_service **return_iplist, struct in_addr *ip_list, int count )
+{
+ int i;
+ if ( count==0 || !ip_list )
+ return False;
+
+ /* copy the ip address; port will be PORT_NONE */
+ if ( (*return_iplist = (struct ip_service*)malloc(count*sizeof(struct ip_service))) == NULL ) {
+ DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
+ return False;
+ }
+
+ for ( i=0; i<count; i++ ) {
+ (*return_iplist)[i].ip = ip_list[i];
+ (*return_iplist)[i].port = PORT_NONE;
+ }
+
+ return True;
+}
/********************************************************
Resolve via "bcast" method.
*********************************************************/
BOOL name_resolve_bcast(const char *name, int name_type,
- struct in_addr **return_ip_list, int *return_count)
+ struct ip_service **return_iplist, int *return_count)
{
int sock, i;
int num_interfaces = iface_count();
+ struct in_addr *ip_list;
+ BOOL ret;
if (lp_disable_netbios()) {
DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n", name, name_type));
return False;
}
- *return_ip_list = NULL;
+ *return_iplist = NULL;
*return_count = 0;
/*
int flags;
/* Done this way to fix compiler error on IRIX 5.x */
sendto_ip = *iface_n_bcast(i);
- *return_ip_list = name_query(sock, name, name_type, True,
+ ip_list = name_query(sock, name, name_type, True,
True, sendto_ip, return_count, &flags, NULL);
- if(*return_ip_list != NULL) {
- close(sock);
- return True;
- }
+ if( ip_list )
+ goto success;
}
-
+
+ /* failed - no response */
+
close(sock);
return False;
+
+success:
+ ret = True;
+ if ( !convert_ip2service(return_iplist, ip_list, *return_count) )
+ ret = False;
+
+ SAFE_FREE( ip_list );
+ close(sock);
+ return ret;
}
/********************************************************
*********************************************************/
BOOL resolve_wins(const char *name, int name_type,
- struct in_addr **return_iplist, int *return_count)
+ struct ip_service **return_iplist, int *return_count)
{
int sock, t, i;
char **wins_tags;
- struct in_addr src_ip;
+ struct in_addr src_ip, *ip_list = NULL;
+ BOOL ret;
if (lp_disable_netbios()) {
DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n", name, name_type));
continue;
}
- *return_iplist = name_query(sock,name,name_type, False,
+ ip_list = name_query(sock,name,name_type, False,
True, wins_ip, return_count, &flags,
&timed_out);
- if (*return_iplist != NULL) {
+ if ( !ip_list )
goto success;
- }
+
close(sock);
if (timed_out) {
return False;
success:
+ ret = True;
+ if ( !convert_ip2service( return_iplist, ip_list, *return_count ) )
+ ret = False;
+
+ SAFE_FREE( ip_list );
wins_srv_tags_free(wins_tags);
close(sock);
- return True;
+
+ return ret;
}
/********************************************************
*********************************************************/
static BOOL resolve_lmhosts(const char *name, int name_type,
- struct in_addr **return_iplist, int *return_count)
+ struct ip_service **return_iplist, int *return_count)
{
/*
* "lmhosts" means parse the local lmhosts file.
((name_type2 == -1) || (name_type == name_type2))
) {
endlmhosts(fp);
- *return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
- if(*return_iplist == NULL) {
+ if ( (*return_iplist = (struct ip_service *)malloc(sizeof(struct ip_service))) == NULL ) {
DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
return False;
}
- **return_iplist = return_ip;
+ (*return_iplist)[0].ip = return_ip;
+ (*return_iplist)[0].port = PORT_NONE;
*return_count = 1;
return True;
}
Resolve via "hosts" method.
*********************************************************/
-static BOOL resolve_hosts(const char *name,
- struct in_addr **return_iplist, int *return_count)
+static BOOL resolve_hosts(const char *name, int name_type,
+ struct ip_service **return_iplist, int *return_count)
{
/*
* "host" means do a localhost, or dns lookup.
*/
struct hostent *hp;
+
+#ifdef HAVE_ADS
+ if ( name_type == 0x1c ) {
+ int count, i = 0;
+ char *list = NULL;
+ const char *ptr;
+ pstring tok;
+
+ /* try to lookup the _ldap._tcp.<domain> if we are using ADS */
+ if ( lp_security() != SEC_ADS )
+ return False;
+
+ DEBUG(5,("resolve_hosts: Attempting to resolve DC's for %s using DNS\n",
+ name));
+
+ if (ldap_domain2hostlist(name, &list) != LDAP_SUCCESS)
+ return False;
+
+ count = count_chars(list, ' ') + 1;
+ if ( (*return_iplist = malloc(count * sizeof(struct ip_service))) == NULL ) {
+ DEBUG(0,("resolve_hosts: malloc failed for %d entries\n", count ));
+ return False;
+ }
+
+ ptr = list;
+ while (next_token(&ptr, tok, " ", sizeof(tok))) {
+ unsigned port = LDAP_PORT;
+ char *p = strchr(tok, ':');
+ if (p) {
+ *p = 0;
+ port = atoi(p+1);
+ }
+ (*return_iplist)[i].ip = *interpret_addr2(tok);
+ (*return_iplist)[i].port = port;
+
+ /* make sure it is a valid IP. I considered checking the negative
+ connection cache, but this is the wrong place for it. Maybe only
+ as a hac. After think about it, if all of the IP addresses retuend
+ from DNS are dead, what hope does a netbios name lookup have?
+ The standard reason for falling back to netbios lookups is that
+ our DNS server doesn't know anything about the DC's -- jerry */
+
+ if ( is_zero_ip((*return_iplist)[i].ip) )
+ continue;
+
+ i++;
+ }
+ SAFE_FREE(list);
+
+ *return_count = i;
+
+ return True;
+ }
+#endif /* HAVE_ADS */
*return_iplist = NULL;
*return_count = 0;
if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
struct in_addr return_ip;
putip((char *)&return_ip,(char *)hp->h_addr);
- *return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
+ *return_iplist = (struct ip_service *)malloc(sizeof(struct ip_service));
if(*return_iplist == NULL) {
DEBUG(3,("resolve_hosts: malloc fail !\n"));
return False;
}
- **return_iplist = return_ip;
+ (*return_iplist)->ip = return_ip;
+ (*return_iplist)->port = PORT_NONE;
*return_count = 1;
return True;
}
return False;
}
-/********************************************************
+/*******************************************************************
Internal interface to resolve a name into an IP address.
Use this function if the string is either an IP address, DNS
or host name or NetBIOS name. This uses the name switch in the
smb.conf to determine the order of name resolution.
-*********************************************************/
+
+ Added support for ip addr/port to support ADS ldap servers.
+ the only place we currently care about the port is in the
+ resolve_hosts() when looking up DC's via SRV RR entries in DNS
+**********************************************************************/
static BOOL internal_resolve_name(const char *name, int name_type,
- struct in_addr **return_iplist, int *return_count)
+ struct ip_service **return_iplist,
+ int *return_count, const char *resolve_order)
{
pstring name_resolve_list;
fstring tok;
BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
BOOL is_address = is_ipaddress(name);
BOOL result = False;
- struct in_addr *nodupes_iplist;
int i;
*return_iplist = NULL;
DEBUG(10, ("internal_resolve_name: looking up %s#%x\n", name, name_type));
if (allzeros || allones || is_address) {
- *return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
- if(*return_iplist == NULL) {
- DEBUG(3,("internal_resolve_name: malloc fail !\n"));
+
+ if ( (*return_iplist = (struct ip_service *)malloc(sizeof(struct ip_service))) == NULL ) {
+ DEBUG(0,("internal_resolve_name: malloc fail !\n"));
return False;
}
+
if(is_address) {
+ /* ignore the port here */
+ (*return_iplist)->port = PORT_NONE;
+
/* if it's in the form of an IP address then get the lib to interpret it */
- if (((*return_iplist)->s_addr = inet_addr(name)) == 0xFFFFFFFF ){
+ if (((*return_iplist)->ip.s_addr = inet_addr(name)) == 0xFFFFFFFF ){
DEBUG(1,("internal_resolve_name: inet_addr failed on %s\n", name));
return False;
}
} else {
- (*return_iplist)->s_addr = allones ? 0xFFFFFFFF : 0;
+ (*return_iplist)->ip.s_addr = allones ? 0xFFFFFFFF : 0;
*return_count = 1;
}
return True;
}
- /* Check netbios name cache */
+ /* Check name cache */
if (namecache_fetch(name, name_type, return_iplist, return_count)) {
-
- /* This could be a negative response */
-
- return (*return_count > 0);
+ /* This could be a negative response */
+ return (*return_count > 0);
}
- pstrcpy(name_resolve_list, lp_name_resolve_order());
- ptr = name_resolve_list;
- if (!ptr || !*ptr)
+ /* set the name resolution order */
+
+ if ( !resolve_order )
+ pstrcpy(name_resolve_list, lp_name_resolve_order());
+ else
+ pstrcpy(name_resolve_list, resolve_order);
+
+ if ( !name_resolve_list[0] )
ptr = "host";
+ else
+ ptr = name_resolve_list;
+ /* iterate through the name resolution backends */
+
while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
if((strequal(tok, "host") || strequal(tok, "hosts"))) {
- if (name_type == 0x20) {
- if (resolve_hosts(name, return_iplist, return_count)) {
+ /* deal with 0x20 & 0x1c names here. The latter will result
+ in a SRV record lookup for _ldap._tcp.<domain> if we are using
+ 'security = ads' */
+ if ( name_type==0x20 || name_type == 0x1c ) {
+ if (resolve_hosts(name, name_type, return_iplist, return_count)) {
result = True;
goto done;
}
controllers including the PDC in iplist[1..n]. Iterating over
the iplist when the PDC is down will cause two sets of timeouts. */
- if (*return_count && (nodupes_iplist = (struct in_addr *)
- malloc(sizeof(struct in_addr) * (*return_count)))) {
- int nodupes_count = 0;
-
- /* Iterate over return_iplist looking for duplicates */
-
- for (i = 0; i < *return_count; i++) {
- BOOL is_dupe = False;
- int j;
-
- for (j = i + 1; j < *return_count; j++) {
- if (ip_equal((*return_iplist)[i],
- (*return_iplist)[j])) {
- is_dupe = True;
- break;
- }
- }
-
- if (!is_dupe) {
-
- /* This one not a duplicate */
-
- nodupes_iplist[nodupes_count] = (*return_iplist)[i];
- nodupes_count++;
- }
- }
-
- /* Switcheroo with original list */
-
- free(*return_iplist);
-
- *return_iplist = nodupes_iplist;
- *return_count = nodupes_count;
+ if ( *return_count ) {
+ *return_count = remove_duplicate_addrs2( *return_iplist, *return_count );
}
/* Save in name cache */
- for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
- DEBUG(100, ("Storing name %s of type %d (ip: %s)\n", name,
- name_type, inet_ntoa((*return_iplist)[i])));
-
+ if ( DEBUGLEVEL >= 100 ) {
+ for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
+ DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name,
+ name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
+ }
+
namecache_store(name, name_type, *return_count, *return_iplist);
/* Display some debugging info */
- DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
- *return_count));
+ if ( DEBUGLEVEL >= 10 ) {
+ DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
+ *return_count));
- for (i = 0; i < *return_count; i++)
- DEBUGADD(10, ("%s ", inet_ntoa((*return_iplist)[i])));
-
- DEBUG(10, ("\n"));
+ for (i = 0; i < *return_count; i++)
+ DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
+ DEBUG(10, ("\n"));
+ }
+
return result;
}
BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
{
- struct in_addr *ip_list = NULL;
+ struct ip_service *ip_list = NULL;
int count = 0;
if (is_ipaddress(name)) {
return True;
}
- if (internal_resolve_name(name, name_type, &ip_list, &count)) {
+ if (internal_resolve_name(name, name_type, &ip_list, &count, lp_name_resolve_order())) {
int i;
+
/* only return valid addresses for TCP connections */
for (i=0; i<count; i++) {
- char *ip_str = inet_ntoa(ip_list[i]);
+ char *ip_str = inet_ntoa(ip_list[i].ip);
if (ip_str &&
strcmp(ip_str, "255.255.255.255") != 0 &&
- strcmp(ip_str, "0.0.0.0") != 0) {
- *return_ip = ip_list[i];
+ strcmp(ip_str, "0.0.0.0") != 0)
+ {
+ *return_ip = ip_list[i].ip;
SAFE_FREE(ip_list);
return True;
}
}
}
+
SAFE_FREE(ip_list);
return False;
}
BOOL find_master_ip(const char *group, struct in_addr *master_ip)
{
- struct in_addr *ip_list = NULL;
+ struct ip_service *ip_list = NULL;
int count = 0;
if (lp_disable_netbios()) {
return False;
}
- if (internal_resolve_name(group, 0x1D, &ip_list, &count)) {
- *master_ip = ip_list[0];
+ if (internal_resolve_name(group, 0x1D, &ip_list, &count, lp_name_resolve_order())) {
+ *master_ip = ip_list[0].ip;
SAFE_FREE(ip_list);
return True;
}
- if(internal_resolve_name(group, 0x1B, &ip_list, &count)) {
- *master_ip = ip_list[0];
+ if(internal_resolve_name(group, 0x1B, &ip_list, &count, lp_name_resolve_order())) {
+ *master_ip = ip_list[0].ip;
SAFE_FREE(ip_list);
return True;
}
return False;
}
-/********************************************************
- Lookup a DC name given a Domain name and IP address.
-*********************************************************/
-
-BOOL lookup_dc_name(const char *srcname, const char *domain,
- struct in_addr *dc_ip, char *ret_name)
-{
-#if !defined(I_HATE_WINDOWS_REPLY_CODE)
- fstring dc_name;
- BOOL ret;
-
- if (lp_disable_netbios()) {
- DEBUG(5,("lookup_dc_name(%s): netbios is disabled\n", domain));
- return False;
- }
-
- /*
- * Due to the fact win WinNT *sucks* we must do a node status
- * query here... JRA.
- */
-
- *dc_name = '\0';
-
- ret = name_status_find(domain, 0x1c, 0x20, *dc_ip, dc_name);
-
- if(ret && *dc_name) {
- fstrcpy(ret_name, dc_name);
- return True;
- }
-
- return False;
-
-#else /* defined(I_HATE_WINDOWS_REPLY_CODE) */
-
-JRA - This code is broken with BDC rollover - we need to do a full
-NT GETDC call, UNICODE, NT domain SID and uncle tom cobbley and all...
-
- int retries = 3;
- int retry_time = 2000;
- struct timeval tval;
- struct packet_struct p;
- struct dgram_packet *dgram = &p.packet.dgram;
- char *ptr,*p2;
- char tmp[4];
- int len;
- struct sockaddr_in sock_name;
- int sock_len = sizeof(sock_name);
- const char *mailslot = NET_LOGON_MAILSLOT;
- char *mailslot_name;
- char buffer[1024];
- char *bufp;
- int dgm_id = generate_trn_id();
- int sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True );
-
- if(sock == -1)
- return False;
-
- /* Find out the transient UDP port we have been allocated. */
- if(getsockname(sock, (struct sockaddr *)&sock_name, &sock_len)<0) {
- DEBUG(0,("lookup_pdc_name: Failed to get local UDP port. Error was %s\n",
- strerror(errno)));
- close(sock);
- return False;
- }
-
- /*
- * Create the request data.
- */
-
- memset(buffer,'\0',sizeof(buffer));
- bufp = buffer;
- SSVAL(bufp,0,QUERYFORPDC);
- bufp += 2;
- fstrcpy(bufp,srcname);
- bufp += (strlen(bufp) + 1);
- slprintf(bufp, sizeof(fstring)-1, "\\MAILSLOT\\NET\\GETDC%d", dgm_id);
- mailslot_name = bufp;
- bufp += (strlen(bufp) + 1);
- bufp = ALIGN2(bufp, buffer);
- bufp += push_ucs2(NULL, bufp, srcname, sizeof(buffer) - (bufp - buffer), STR_TERMINATE);
-
- SIVAL(bufp,0,1);
- SSVAL(bufp,4,0xFFFF);
- SSVAL(bufp,6,0xFFFF);
- bufp += 8;
- len = PTR_DIFF(bufp,buffer);
-
- memset((char *)&p,'\0',sizeof(p));
-
- /* DIRECT GROUP or UNIQUE datagram. */
- dgram->header.msg_type = 0x10;
- dgram->header.flags.node_type = M_NODE;
- dgram->header.flags.first = True;
- dgram->header.flags.more = False;
- dgram->header.dgm_id = dgm_id;
- dgram->header.source_ip = *iface_ip(*pdc_ip);
- dgram->header.source_port = ntohs(sock_name.sin_port);
- dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
- dgram->header.packet_offset = 0;
-
- make_nmb_name(&dgram->source_name,srcname,0);
- make_nmb_name(&dgram->dest_name,domain,0x1C);
-
- ptr = &dgram->data[0];
-
- /* Setup the smb part. */
- ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
- memcpy(tmp,ptr,4);
- set_message(ptr,17,17 + len,True);
- memcpy(ptr,tmp,4);
-
- CVAL(ptr,smb_com) = SMBtrans;
- SSVAL(ptr,smb_vwv1,len);
- SSVAL(ptr,smb_vwv11,len);
- SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
- SSVAL(ptr,smb_vwv13,3);
- SSVAL(ptr,smb_vwv14,1);
- SSVAL(ptr,smb_vwv15,1);
- SSVAL(ptr,smb_vwv16,2);
- p2 = smb_buf(ptr);
- pstrcpy(p2,mailslot);
- p2 = skip_string(p2,1);
-
- memcpy(p2,buffer,len);
- p2 += len;
-
- dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
-
- p.ip = *pdc_ip;
- p.port = DGRAM_PORT;
- p.fd = sock;
- p.timestamp = time(NULL);
- p.packet_type = DGRAM_PACKET;
-
- GetTimeOfDay(&tval);
-
- if (!send_packet(&p)) {
- DEBUG(0,("lookup_pdc_name: send_packet failed.\n"));
- close(sock);
- return False;
- }
-
- retries--;
-
- while (1) {
- struct timeval tval2;
- struct packet_struct *p_ret;
-
- GetTimeOfDay(&tval2);
- if (TvalDiff(&tval,&tval2) > retry_time) {
- if (!retries)
- break;
- if (!send_packet(&p)) {
- DEBUG(0,("lookup_pdc_name: send_packet failed.\n"));
- close(sock);
- return False;
- }
- GetTimeOfDay(&tval);
- retries--;
- }
-
- if ((p_ret = receive_dgram_packet(sock,90,mailslot_name))) {
- struct dgram_packet *dgram2 = &p_ret->packet.dgram;
- char *buf;
- char *buf2;
-
- buf = &dgram2->data[0];
- buf -= 4;
-
- if (CVAL(buf,smb_com) != SMBtrans) {
- DEBUG(0,("lookup_pdc_name: datagram type %u != SMBtrans(%u)\n", (unsigned int)
- CVAL(buf,smb_com), (unsigned int)SMBtrans ));
- free_packet(p_ret);
- continue;
- }
-
- len = SVAL(buf,smb_vwv11);
- buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
-
- if (len <= 0) {
- DEBUG(0,("lookup_pdc_name: datagram len < 0 (%d)\n", len ));
- free_packet(p_ret);
- continue;
- }
-
- DEBUG(4,("lookup_pdc_name: datagram reply from %s to %s IP %s for %s of type %d len=%d\n",
- nmb_namestr(&dgram2->source_name),nmb_namestr(&dgram2->dest_name),
- inet_ntoa(p_ret->ip), smb_buf(buf),SVAL(buf2,0),len));
-
- if(SVAL(buf2,0) != QUERYFORPDC_R) {
- DEBUG(0,("lookup_pdc_name: datagram type (%u) != QUERYFORPDC_R(%u)\n",
- (unsigned int)SVAL(buf,0), (unsigned int)QUERYFORPDC_R ));
- free_packet(p_ret);
- continue;
- }
-
- buf2 += 2;
- /* Note this is safe as it is a bounded strcpy. */
- fstrcpy(ret_name, buf2);
- ret_name[sizeof(fstring)-1] = '\0';
- close(sock);
- free_packet(p_ret);
- return True;
- }
- }
-
- close(sock);
- return False;
-#endif /* defined(I_HATE_WINDOWS_REPLY_CODE) */
-}
-
/********************************************************
Get the IP address list of the primary domain controller
for a domain.
BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
{
- struct in_addr *ip_list;
+ struct ip_service *ip_list;
int count;
- int i = 0;
/* Look up #1B name */
- if (!internal_resolve_name(domain, 0x1b, &ip_list, &count))
+ if (!internal_resolve_name(domain, 0x1b, &ip_list, &count, lp_name_resolve_order()))
return False;
/* if we get more than 1 IP back we have to assume it is a
multi-homed PDC and not a mess up */
-
+
if ( count > 1 ) {
- DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
-
- /* look for a local net */
- for ( i=0; i<count; i++ ) {
- if ( is_local_net( ip_list[i] ) )
- break;
- }
-
- /* if we hit then end then just grab the first
- one from the list */
-
- if ( i == count )
- i = 0;
+ DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
+ sort_ip_list2( ip_list, count );
}
- *ip = ip_list[i];
+ *ip = ip_list[0].ip;
SAFE_FREE(ip_list);
return True;
}
+/*********************************************************************
+ small wrapper function to get the DC list and sort it if neccessary
+*********************************************************************/
+BOOL get_sorted_dc_list( const char *domain, struct ip_service **ip_list, int *count, BOOL dns_only )
+{
+ BOOL ordered;
+
+ DEBUG(8,("get_sorted_dc_list: attempting lookup using [%s]\n",
+ (dns_only ? "hosts" : lp_name_resolve_order())));
+
+ if ( !get_dc_list(domain, ip_list, count, dns_only, &ordered) )
+ return False;
+
+ /* only sort if we don't already have an ordered list */
+ if ( !ordered )
+ sort_ip_list2( *ip_list, *count );
+
+ return True;
+}
+
/********************************************************
Get the IP address list of the domain controllers for
a domain.
*********************************************************/
-BOOL get_dc_list(const char *domain, struct in_addr **ip_list, int *count, int *ordered)
+BOOL get_dc_list(const char *domain, struct ip_service **ip_list,
+ int *count, BOOL dns_only, int *ordered)
{
-
+ /* defined the name resolve order to internal_name_resolve()
+ only used for looking up 0x1c names */
+ const char *resolve_oder = (dns_only ? "hosts" : lp_name_resolve_order());
+
*ordered = False;
/* If it's our domain then use the 'password server' parameter. */
- if (strequal(domain, lp_workgroup())) {
+ if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
const char *p;
char *pserver = lp_passwordserver(); /* UNIX charset. */
+ char *port_str;
+ int port;
fstring name;
int num_addresses = 0;
int local_count, i, j;
- struct in_addr *return_iplist = NULL;
- struct in_addr *auto_ip_list = NULL;
+ struct ip_service *return_iplist = NULL;
+ struct ip_service *auto_ip_list = NULL;
BOOL done_auto_lookup = False;
int auto_count = 0;
if (!*pserver)
- return internal_resolve_name(
- domain, 0x1C, ip_list, count);
+ return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_oder);
p = pserver;
while (next_token(&p,name,LIST_SEP,sizeof(name))) {
if (strequal(name, "*")) {
- if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count) )
+ if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count, resolve_oder) )
num_addresses += auto_count;
done_auto_lookup = True;
DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
just return the list of DC's */
if ( (num_addresses == 0) && !done_auto_lookup )
- return internal_resolve_name(domain, 0x1C, ip_list, count);
-
- return_iplist = (struct in_addr *)malloc(num_addresses * sizeof(struct in_addr));
+ return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_oder);
- if (return_iplist == NULL) {
+ if ( (return_iplist = (struct ip_service *)
+ malloc(num_addresses * sizeof(struct ip_service))) == NULL )
+ {
DEBUG(3,("get_dc_list: malloc fail !\n"));
return False;
}
/* copy any addersses from the auto lookup */
if ( strequal(name, "*") ) {
- for ( j=0; j<auto_count; j++ )
- return_iplist[local_count++] = auto_ip_list[j];
+ for ( j=0; j<auto_count; j++ ) {
+ return_iplist[local_count].ip = auto_ip_list[j].ip;
+ return_iplist[local_count].port = auto_ip_list[j].port;
+ local_count++;
+ }
continue;
}
+
+ /* added support for address:port syntax for ads (not that I think
+ anyone will ever run the LDAP server in an AD domain on something
+ other than port 389 */
+
+ port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
+ if ( (port_str=strchr(name, ':')) != NULL ) {
+ *port_str = '\0';
+ port_str++;
+ port = atoi( port_str );
+ }
+
/* explicit lookup; resolve_name() will handle names & IP addresses */
-
- if ( resolve_name( name, &name_ip, 0x20) ) {
- return_iplist[local_count++] = name_ip;
+ if ( resolve_name( name, &name_ip, 0x20 ) ) {
+ return_iplist[local_count].ip = name_ip;
+ return_iplist[local_count].port = port;
+ local_count++;
*ordered = True;
}
-
}
SAFE_FREE(auto_ip_list);
- /* need to remove duplicates in the list if we have
- any explicit password servers */
+ /* need to remove duplicates in the list if we have any
+ explicit password servers */
- if ( *ordered ) {
- /* one loop to remove duplicates */
- for ( i=0; i<local_count; i++ ) {
- if ( is_zero_ip(return_iplist[i]) )
- continue;
-
- for ( j=i+1; j<local_count; j++ ) {
- if ( ip_equal( return_iplist[i], return_iplist[j]) )
- zero_ip(&return_iplist[j]);
- }
- }
-
- /* one loop to clean up any holes we left */
- /* first ip should never be a zero_ip() */
- for (i = 0; i<local_count; ) {
- if ( is_zero_ip(return_iplist[i]) ) {
- if (i != local_count-1 )
- memmove(&return_iplist[i], &return_iplist[i+1],
- (local_count - i - 1)*sizeof(return_iplist[i]));
- local_count--;
- continue;
- }
- i++;
- }
- }
+ if ( local_count )
+ local_count = remove_duplicate_addrs2( return_iplist, local_count );
if ( DEBUGLEVEL >= 4 ) {
DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
*ordered ? "":"un"));
DEBUG(4,("get_dc_list: "));
for ( i=0; i<local_count; i++ )
- DEBUGADD(4,("%s ", inet_ntoa(return_iplist[i])));
+ DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
DEBUGADD(4,("\n"));
}
return (*count != 0);
}
- return internal_resolve_name(domain, 0x1C, ip_list, count);
+ DEBUG(10,("get_dc_list: defaulting to internal auto lookup for domain %s\n", domain));
+
+ return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_oder);
}
#include "includes.h"
-
-#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */
-
-struct failed_connection_cache {
- fstring domain_name;
- fstring controller;
- time_t lookup_time;
- NTSTATUS nt_status;
- struct failed_connection_cache *prev, *next;
-};
-
-static struct failed_connection_cache *failed_connection_cache;
-
-/**********************************************************************
- Check for a previously failed connection
-**********************************************************************/
-
-static NTSTATUS check_negative_conn_cache( const char *domain, const char *server )
-{
- struct failed_connection_cache *fcc;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- /* can't check if we don't have strings */
-
- if ( !domain || !server )
- return NT_STATUS_OK;
-
- for (fcc = failed_connection_cache; fcc; fcc = fcc->next) {
-
- /*
- * we have a match IFF the domain and server name matches
- * (a) the domain matches,
- * (b) the IP address matches (if we have one)
- * (c) the server name (if specified) matches
- */
-
- if ( !strequal(domain, fcc->domain_name) || !strequal(server, fcc->controller) )
- continue; /* no match; check the next entry */
-
- /* we have a match so see if it is still current */
-
- if ((time(NULL) - fcc->lookup_time) > FAILED_CONNECTION_CACHE_TIMEOUT)
- {
- /* Cache entry has expired, delete it */
-
- DEBUG(10, ("check_negative_conn_cache: cache entry expired for %s, %s\n",
- domain, server ));
-
- DLIST_REMOVE(failed_connection_cache, fcc);
- SAFE_FREE(fcc);
-
- return NT_STATUS_OK;
- }
-
- /* The timeout hasn't expired yet so return false */
-
- DEBUG(10, ("check_negative_conn_cache: returning negative entry for %s, %s\n",
- domain, server ));
-
- result = fcc->nt_status;
- return result;
- }
-
- /* end of function means no cache entry */
- return NT_STATUS_OK;
-}
-
-/**********************************************************************
- Add an entry to the failed conneciton cache
-**********************************************************************/
-
-void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result)
-{
- struct failed_connection_cache *fcc;
-
- SMB_ASSERT(!NT_STATUS_IS_OK(result));
-
- /* Check we already aren't in the cache. We always have to have
- a domain, but maybe not a specific DC name. */
-
- for (fcc = failed_connection_cache; fcc; fcc = fcc->next) {
- if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) )
- {
- DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n",
- domain, server ));
- return;
- }
- }
-
- /* Create negative lookup cache entry for this domain and controller */
-
- if ( !(fcc = (struct failed_connection_cache *)malloc(sizeof(struct failed_connection_cache))) )
- {
- DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
- return;
- }
-
- ZERO_STRUCTP(fcc);
-
- fstrcpy( fcc->domain_name, domain );
- fstrcpy( fcc->controller, server );
- fcc->lookup_time = time(NULL);
- fcc->nt_status = result;
-
- DEBUG(10,("add_failed_connection_entry: added domain %s (%s) to failed conn cache\n",
- domain, server ));
-
- DLIST_ADD(failed_connection_cache, fcc);
-}
-
-/****************************************************************************
-****************************************************************************/
-
-void flush_negative_conn_cache( void )
-{
- struct failed_connection_cache *fcc;
-
- fcc = failed_connection_cache;
-
- while (fcc) {
- struct failed_connection_cache *fcc_next;
-
- fcc_next = fcc->next;
- DLIST_REMOVE(failed_connection_cache, fcc);
- free(fcc);
-
- fcc = fcc_next;
- }
-
-}
-
/****************************************************************************
Utility function to return the name of a DC. The name is guaranteed to be
valid since we have already done a name_status_find on it
BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out)
{
- struct in_addr *ip_list = NULL, dc_ip, exclude_ip;
+ struct ip_service *ip_list = NULL;
+ struct in_addr dc_ip, exclude_ip;
int count, i;
- BOOL list_ordered;
BOOL use_pdc_only;
NTSTATUS result;
/* check the connection cache and perform the node status
lookup only if the IP is not found to be bad */
- if (name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name) ) {
+ if (name_status_find(domain, 0x1b, 0x20, dc_ip, srv_name) ) {
result = check_negative_conn_cache( domain, srv_name );
if ( NT_STATUS_IS_OK(result) )
goto done;
/* get a list of all domain controllers */
- if (!get_dc_list( domain, &ip_list, &count, &list_ordered) ) {
+ if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) {
DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
return False;
}
if ( use_pdc_only ) {
for (i = 0; i < count; i++) {
- if (ip_equal( exclude_ip, ip_list[i]))
- zero_ip(&ip_list[i]);
+ if (ip_equal( exclude_ip, ip_list[i].ip))
+ zero_ip(&ip_list[i].ip);
}
}
- /* Pick a nice close server, but only if the list was not ordered */
-
- if (!list_ordered && (count > 1) ) {
- qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
- }
-
for (i = 0; i < count; i++) {
- if (is_zero_ip(ip_list[i]))
+ if (is_zero_ip(ip_list[i].ip))
continue;
- if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) {
+ if (name_status_find(domain, 0x1c, 0x20, ip_list[i].ip, srv_name)) {
result = check_negative_conn_cache( domain, srv_name );
if ( NT_STATUS_IS_OK(result) ) {
- dc_ip = ip_list[i];
+ dc_ip = ip_list[i].ip;
goto done;
}
}
static struct winbindd_cm_conn *cm_conns = NULL;
-/* Get a domain controller name. Cache positive and negative lookups so we
- don't go to the network too often when something is badly broken. */
-
-#define GET_DC_NAME_CACHE_TIMEOUT 30 /* Seconds between dc lookups */
-
-struct get_dc_name_cache {
- fstring domain_name;
- fstring srv_name;
- time_t lookup_time;
- struct get_dc_name_cache *prev, *next;
-};
-
/*
find the DC for a domain using methods appropriate for a ADS domain
*/
-static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring srv_name)
+static BOOL ads_dc_name(const char *domain, struct in_addr *dc_ip, fstring srv_name)
{
ADS_STRUCT *ads;
const char *realm = domain;
*dc_ip = ads->ldap_ip;
ads_destroy(&ads);
- DEBUG(4,("cm_ads_find_dc: using server='%s' IP=%s\n",
+ DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
srv_name, inet_ntoa(*dc_ip)));
return True;
ret = False;
if (lp_security() == SEC_ADS)
- ret = cm_ads_find_dc(domain, &dc_ip, srv_name);
+ ret = ads_dc_name(domain, &dc_ip, srv_name);
if (!ret) {
/* fall back on rpc methods if the ADS methods fail */
return ldp;
}
-static int get_ldap_seq(const char *server, uint32 *seq)
+static int get_ldap_seq(const char *server, int port, uint32 *seq)
{
int ret = -1;
struct timeval to;
* doesn't seem to apply to doing an open as well. JRA.
*/
- if ((ldp = ldap_open_with_timeout(server, LDAP_PORT, 10)) == NULL)
+ if ((ldp = ldap_open_with_timeout(server, port, 10)) == NULL)
return -1;
/* Timeout if no response within 20 seconds. */
int get_ldap_sequence_number( const char* domain, uint32 *seq)
{
int ret = -1;
- int i;
- struct in_addr *ip_list = NULL;
+ int i, port = LDAP_PORT;
+ struct ip_service *ip_list = NULL;
int count;
- BOOL list_ordered;
- if ( !get_dc_list( domain, &ip_list, &count, &list_ordered ) ) {
+ if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) {
DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
return False;
}
- /* sort the list so we can pick a close server */
-
- if (!list_ordered && (count > 1) ) {
- qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
- }
-
/* Finally return first DC that we can contact */
for (i = 0; i < count; i++) {
- if (is_zero_ip(ip_list[i]))
+ fstring ipstr;
+
+ /* since the is an LDAP lookup, default to the LDAP_PORT is not set */
+ port = (ip_list[i].port!= PORT_NONE) ? ip_list[i].port : LDAP_PORT;
+
+ fstrcpy( ipstr, inet_ntoa(ip_list[i].ip) );
+
+ if (is_zero_ip(ip_list[i].ip))
continue;
- if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 )
+ if ( (ret = get_ldap_seq( ipstr, port, seq)) == 0 )
goto done;
+
+ /* add to failed connection cache */
+ add_failed_connection_entry( domain, ipstr, NT_STATUS_UNSUCCESSFUL );
}
done:
if ( ret == 0 ) {
- DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence number for Domain (%s) from DC (%s)\n",
- domain, inet_ntoa(ip_list[i])));
+ DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence number for Domain (%s) from DC (%s:%d)\n",
+ domain, inet_ntoa(ip_list[i].ip), port));
}
SAFE_FREE(ip_list);
static struct in_addr *lookup_byname_backend(const char *name, int *count)
{
int fd = -1;
- struct in_addr *ret = NULL;
+ struct ip_service *address = NULL;
+ struct in_addr *ret;
int j, flags = 0;
if (!initialised) {
*count = 0;
/* always try with wins first */
- if (resolve_wins(name,0x20,&ret,count)) {
+ if (resolve_wins(name,0x20,&address,count)) {
+ if ( (ret = (struct in_addr *)malloc(sizeof(struct in_addr))) == NULL ) {
+ free( address );
+ return NULL;
+ }
+ *ret = address[0].ip;
+ free( address );
return ret;
}
char *szPasswordServer;
char *szSocketOptions;
char *szRealm;
- char *szADSserver;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
{"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_HIDE},
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkgroup, handle_workgroup, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
- {"ADS server", P_STRING, P_GLOBAL, &Globals.szADSserver, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"netbios scope", P_USTRING, P_GLOBAL, &Globals.szNetbiosScope, handle_netbios_scope, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
-FN_GLOBAL_STRING(lp_ads_server, &Globals.szADSserver)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
}
static NTSTATUS context_getgrnam(struct pdb_context *context,
- GROUP_MAP *map, char *name)
+ GROUP_MAP *map, const char *name)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
channel);
if (plaintext) {
- /* we have an ADS password - use that */
- DEBUG(4,("Using ADS machine password\n"));
+ DEBUG(4,("Using cleartext machine password\n"));
E_md4hash(plaintext, ret_pwd);
SAFE_FREE(plaintext);
return True;
ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME,
printer->info_2->sharename);
- /* connect to the ADS server */
- ads = ads_init(NULL, NULL, lp_ads_server());
+ /* initial ads structure */
+
+ ads = ads_init(NULL, NULL, NULL);
if (!ads) {
DEBUG(3, ("ads_init() failed\n"));
return WERR_SERVER_UNAVAILABLE;
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
SAFE_FREE(ads->auth.password);
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
- NULL, NULL);
+ NULL, NULL);
+
+ /* ads_connect() will find the DC for us */
ads_rc = ads_connect(ads);
if (!ADS_ERR_OK(ads_rc)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
return win_rc;
}
- ads = ads_init(NULL, NULL, lp_ads_server());
+ ads = ads_init(NULL, NULL, NULL);
if (!ads) {
DEBUG(3, ("ads_init() failed\n"));
return WERR_SERVER_UNAVAILABLE;
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
SAFE_FREE(ads->auth.password);
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
- NULL, NULL);
+ NULL, NULL);
+
+ /* ads_connect() will find the DC for us */
ads_rc = ads_connect(ads);
if (!ADS_ERR_OK(ads_rc)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
goto failed;
}
- if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) )
+ if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) )
goto failed;
}
/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
if (is_zero_ip(pdc_ip))
return False;
- if (!lookup_dc_name(global_myname(), opt_target_workgroup, &pdc_ip, dc_name))
+ if ( !name_status_find(opt_target_workgroup, 0x1b, 0x20, pdc_ip, dc_name) )
return False;
*server_name = strdup(dc_name);
}
-BOOL net_find_dc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
+BOOL net_find_pdc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
{
if (get_pdc_ip(domain_name, server_ip)) {
- fstring dc_name;
-
if (is_zero_ip(*server_ip))
return False;
- if (!lookup_dc_name(global_myname(), domain_name, server_ip, dc_name))
+ if (!name_status_find(domain_name, 0x1b, 0x20, *server_ip, server_name))
return False;
- fstrcpy(server_name, dc_name);
- return True;
- } else
+ return True;
+ }
+ else
return False;
}
static int net_lookup_dc(int argc, const char **argv)
{
- struct in_addr *ip_list, addr;
+ struct ip_service *ip_list;
+ struct in_addr addr;
char *pdc_str = NULL;
const char *domain=opt_target_workgroup;
int count, i;
- BOOL list_ordered;
if (argc > 0)
domain=argv[0];
asprintf(&pdc_str, "%s", inet_ntoa(addr));
d_printf("%s\n", pdc_str);
- if (!get_dc_list(domain, &ip_list, &count, &list_ordered)) {
+ if (!get_sorted_dc_list(domain, &ip_list, &count, False)) {
SAFE_FREE(pdc_str);
return 0;
}
for (i=0;i<count;i++) {
- char *dc_str = inet_ntoa(ip_list[i]);
+ char *dc_str = inet_ntoa(ip_list[i].ip);
if (!strequal(pdc_str, dc_str))
d_printf("%s\n", dc_str);
}
opt_user_name = acct_name;
/* find the domain controller */
- if (!net_find_dc(&server_ip, pdc_name, domain_name)) {
+ if (!net_find_pdc(&server_ip, pdc_name, domain_name)) {
DEBUG(0, ("Coulnd find domain controller for domain %s\n", domain_name));
return -1;
}
git.samba.org / samba.git / commitdiff