2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* nmbd.c sets this to True. */
24 BOOL global_in_nmbd = False;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
38 static char *saf_key(const char *domain)
42 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
47 /****************************************************************************
48 ****************************************************************************/
50 BOOL saf_store( const char *domain, const char *servername )
56 if ( !domain || !servername ) {
57 DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n"));
61 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
62 DEBUG(0,("saf_store: refusing to store 0 length domain or servername!\n"));
66 if ( !gencache_init() )
69 key = saf_key( domain );
70 expire = time( NULL ) + SAF_TTL;
73 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
74 domain, servername, (unsigned int)expire ));
76 ret = gencache_set( key, servername, expire );
83 BOOL saf_delete( const char *domain )
89 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
93 if ( !gencache_init() )
96 key = saf_key(domain);
97 ret = gencache_del(key);
100 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
108 /****************************************************************************
109 ****************************************************************************/
111 char *saf_fetch( const char *domain )
118 if ( !domain || strlen(domain) == 0) {
119 DEBUG(2,("saf_fetch: Empty domain name!\n"));
123 if ( !gencache_init() )
126 key = saf_key( domain );
128 ret = gencache_get( key, &server, &timeout );
133 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain ));
135 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
142 /****************************************************************************
143 Generate a random trn_id.
144 ****************************************************************************/
146 static int generate_trn_id(void)
150 generate_random_buffer((uint8 *)&id, sizeof(id));
152 return id % (unsigned)0x7FFF;
155 /****************************************************************************
156 Parse a node status response into an array of structures.
157 ****************************************************************************/
159 static NODE_STATUS_STRUCT *parse_node_status(char *p, int *num_names, struct node_status_extra *extra)
161 NODE_STATUS_STRUCT *ret;
164 *num_names = CVAL(p,0);
169 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
174 for (i=0;i< *num_names;i++) {
175 StrnCpy(ret[i].name,p,15);
176 trim_char(ret[i].name,'\0',' ');
177 ret[i].type = CVAL(p,15);
178 ret[i].flags = p[16];
180 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
181 ret[i].type, ret[i].flags));
184 * Also, pick up the MAC address ...
187 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
193 /****************************************************************************
194 Do a NBT node status query on an open socket and return an array of
195 structures holding the returned names or NULL if the query failed.
196 **************************************************************************/
198 NODE_STATUS_STRUCT *node_status_query(int fd,struct nmb_name *name,
199 struct in_addr to_ip, int *num_names,
200 struct node_status_extra *extra)
204 int retry_time = 2000;
206 struct packet_struct p;
207 struct packet_struct *p2;
208 struct nmb_packet *nmb = &p.packet.nmb;
209 NODE_STATUS_STRUCT *ret;
213 nmb->header.name_trn_id = generate_trn_id();
214 nmb->header.opcode = 0;
215 nmb->header.response = False;
216 nmb->header.nm_flags.bcast = False;
217 nmb->header.nm_flags.recursion_available = False;
218 nmb->header.nm_flags.recursion_desired = False;
219 nmb->header.nm_flags.trunc = False;
220 nmb->header.nm_flags.authoritative = False;
221 nmb->header.rcode = 0;
222 nmb->header.qdcount = 1;
223 nmb->header.ancount = 0;
224 nmb->header.nscount = 0;
225 nmb->header.arcount = 0;
226 nmb->question.question_name = *name;
227 nmb->question.question_type = 0x21;
228 nmb->question.question_class = 0x1;
233 p.timestamp = time(NULL);
234 p.packet_type = NMB_PACKET;
238 if (!send_packet(&p))
244 struct timeval tval2;
245 GetTimeOfDay(&tval2);
246 if (TvalDiff(&tval,&tval2) > retry_time) {
249 if (!found && !send_packet(&p))
255 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
256 struct nmb_packet *nmb2 = &p2->packet.nmb;
257 debug_nmb_packet(p2);
259 if (nmb2->header.opcode != 0 ||
260 nmb2->header.nm_flags.bcast ||
261 nmb2->header.rcode ||
262 !nmb2->header.ancount ||
263 nmb2->answers->rr_type != 0x21) {
264 /* XXXX what do we do with this? could be a
265 redirect, but we'll discard it for the
271 ret = parse_node_status(&nmb2->answers->rdata[0], num_names, extra);
280 /****************************************************************************
281 Find the first type XX name in a node status reply - used for finding
282 a servers name given its IP. Return the matched name in *name.
283 **************************************************************************/
285 BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, fstring name)
287 NODE_STATUS_STRUCT *status = NULL;
288 struct nmb_name nname;
293 if (lp_disable_netbios()) {
294 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n", q_name, q_type));
298 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
299 q_type, inet_ntoa(to_ip)));
301 /* Check the cache first. */
303 if (namecache_status_fetch(q_name, q_type, type, to_ip, name))
306 sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True);
310 /* W2K PDC's seem not to respond to '*'#0. JRA */
311 make_nmb_name(&nname, q_name, q_type);
312 status = node_status_query(sock, &nname, to_ip, &count, NULL);
317 for (i=0;i<count;i++) {
318 if (status[i].type == type)
324 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
326 /* Store the result in the cache. */
327 /* but don't store an entry for 0x1c names here. Here we have
328 a single host and DOMAIN<0x1c> names should be a list of hosts */
330 if ( q_type != 0x1c )
331 namecache_status_store(q_name, q_type, type, to_ip, name);
338 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
341 DEBUGADD(10, (", name %s ip address is %s", name, inet_ntoa(to_ip)));
349 comparison function used by sort_ip_list
352 static int ip_compare(struct in_addr *ip1, struct in_addr *ip2)
354 int max_bits1=0, max_bits2=0;
355 int num_interfaces = iface_count();
358 for (i=0;i<num_interfaces;i++) {
361 ip = *iface_n_bcast(i);
362 bits1 = matching_quad_bits((uchar *)&ip1->s_addr, (uchar *)&ip.s_addr);
363 bits2 = matching_quad_bits((uchar *)&ip2->s_addr, (uchar *)&ip.s_addr);
364 max_bits1 = MAX(bits1, max_bits1);
365 max_bits2 = MAX(bits2, max_bits2);
368 /* bias towards directly reachable IPs */
369 if (iface_local(*ip1)) {
372 if (iface_local(*ip2)) {
376 return max_bits2 - max_bits1;
379 /*******************************************************************
380 compare 2 ldap IPs by nearness to our interfaces - used in qsort
381 *******************************************************************/
383 int ip_service_compare(struct ip_service *ip1, struct ip_service *ip2)
387 if ( (result = ip_compare(&ip1->ip, &ip2->ip)) != 0 )
390 if ( ip1->port > ip2->port )
393 if ( ip1->port < ip2->port )
400 sort an IP list so that names that are close to one of our interfaces
401 are at the top. This prevents the problem where a WINS server returns an IP that
402 is not reachable from our subnet as the first match
405 static void sort_ip_list(struct in_addr *iplist, int count)
411 qsort(iplist, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
414 static void sort_ip_list2(struct ip_service *iplist, int count)
420 qsort(iplist, count, sizeof(struct ip_service), QSORT_CAST ip_service_compare);
423 /**********************************************************************
424 Remove any duplicate address/port pairs in the list
425 *********************************************************************/
427 static int remove_duplicate_addrs2( struct ip_service *iplist, int count )
431 DEBUG(10,("remove_duplicate_addrs2: looking for duplicate address/port pairs\n"));
433 /* one loop to remove duplicates */
434 for ( i=0; i<count; i++ ) {
435 if ( is_zero_ip(iplist[i].ip) )
438 for ( j=i+1; j<count; j++ ) {
439 if ( ip_service_equal(iplist[i], iplist[j]) )
440 zero_ip(&iplist[j].ip);
444 /* one loop to clean up any holes we left */
445 /* first ip should never be a zero_ip() */
446 for (i = 0; i<count; ) {
447 if ( is_zero_ip(iplist[i].ip) ) {
449 memmove(&iplist[i], &iplist[i+1], (count - i - 1)*sizeof(iplist[i]));
459 /****************************************************************************
460 Do a netbios name query to find someones IP.
461 Returns an array of IP addresses or NULL if none.
462 *count will be set to the number of addresses returned.
463 *timed_out is set if we failed by timing out
464 ****************************************************************************/
466 struct in_addr *name_query(int fd,const char *name,int name_type,
467 BOOL bcast,BOOL recurse,
468 struct in_addr to_ip, int *count, int *flags,
473 int retry_time = bcast?250:2000;
475 struct packet_struct p;
476 struct packet_struct *p2;
477 struct nmb_packet *nmb = &p.packet.nmb;
478 struct in_addr *ip_list = NULL;
480 if (lp_disable_netbios()) {
481 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n", name, name_type));
489 memset((char *)&p,'\0',sizeof(p));
493 nmb->header.name_trn_id = generate_trn_id();
494 nmb->header.opcode = 0;
495 nmb->header.response = False;
496 nmb->header.nm_flags.bcast = bcast;
497 nmb->header.nm_flags.recursion_available = False;
498 nmb->header.nm_flags.recursion_desired = recurse;
499 nmb->header.nm_flags.trunc = False;
500 nmb->header.nm_flags.authoritative = False;
501 nmb->header.rcode = 0;
502 nmb->header.qdcount = 1;
503 nmb->header.ancount = 0;
504 nmb->header.nscount = 0;
505 nmb->header.arcount = 0;
507 make_nmb_name(&nmb->question.question_name,name,name_type);
509 nmb->question.question_type = 0x20;
510 nmb->question.question_class = 0x1;
515 p.timestamp = time(NULL);
516 p.packet_type = NMB_PACKET;
520 if (!send_packet(&p))
526 struct timeval tval2;
528 GetTimeOfDay(&tval2);
529 if (TvalDiff(&tval,&tval2) > retry_time) {
532 if (!found && !send_packet(&p))
538 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
539 struct nmb_packet *nmb2 = &p2->packet.nmb;
540 debug_nmb_packet(p2);
542 /* If we get a Negative Name Query Response from a WINS
543 * server, we should report it and give up.
545 if( 0 == nmb2->header.opcode /* A query response */
546 && !(bcast) /* from a WINS server */
547 && nmb2->header.rcode /* Error returned */
550 if( DEBUGLVL( 3 ) ) {
551 /* Only executed if DEBUGLEVEL >= 3 */
552 dbgtext( "Negative name query response, rcode 0x%02x: ", nmb2->header.rcode );
553 switch( nmb2->header.rcode ) {
555 dbgtext( "Request was invalidly formatted.\n" );
558 dbgtext( "Problem with NBNS, cannot process name.\n");
561 dbgtext( "The name requested does not exist.\n" );
564 dbgtext( "Unsupported request error.\n" );
567 dbgtext( "Query refused error.\n" );
570 dbgtext( "Unrecognized error code.\n" );
578 if (nmb2->header.opcode != 0 ||
579 nmb2->header.nm_flags.bcast ||
580 nmb2->header.rcode ||
581 !nmb2->header.ancount) {
583 * XXXX what do we do with this? Could be a
584 * redirect, but we'll discard it for the
591 ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
592 (*count) + nmb2->answers->rdlength/6 );
595 DEBUG(0,("name_query: Realloc failed.\n"));
600 DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
601 for (i=0;i<nmb2->answers->rdlength/6;i++) {
602 putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
603 DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
610 /* We add the flags back ... */
611 if (nmb2->header.response)
612 (*flags) |= NM_FLAGS_RS;
613 if (nmb2->header.nm_flags.authoritative)
614 (*flags) |= NM_FLAGS_AA;
615 if (nmb2->header.nm_flags.trunc)
616 (*flags) |= NM_FLAGS_TC;
617 if (nmb2->header.nm_flags.recursion_desired)
618 (*flags) |= NM_FLAGS_RD;
619 if (nmb2->header.nm_flags.recursion_available)
620 (*flags) |= NM_FLAGS_RA;
621 if (nmb2->header.nm_flags.bcast)
622 (*flags) |= NM_FLAGS_B;
625 * If we're doing a unicast lookup we only
626 * expect one reply. Don't wait the full 2
627 * seconds if we got one. JRA.
634 /* only set timed_out if we didn't fund what we where looking for*/
636 if ( !found && timed_out ) {
640 /* sort the ip list so we choose close servers first if possible */
641 sort_ip_list(ip_list, *count);
646 /********************************************************
647 Start parsing the lmhosts file.
648 *********************************************************/
650 XFILE *startlmhosts(const char *fname)
652 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
654 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. Error was %s\n",
655 fname, strerror(errno)));
661 /********************************************************
662 Parse the next line in the lmhosts file.
663 *********************************************************/
665 BOOL getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
669 while(!x_feof(fp) && !x_ferror(fp)) {
670 pstring ip,flags,extra;
677 if (!fgets_slash(line,sizeof(pstring),fp)) {
691 if (next_token(&ptr,ip ,NULL,sizeof(ip)))
693 if (next_token(&ptr,name ,NULL, sizeof(pstring)))
695 if (next_token(&ptr,flags,NULL, sizeof(flags)))
697 if (next_token(&ptr,extra,NULL, sizeof(extra)))
703 if (count > 0 && count < 2) {
704 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
709 DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
713 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
715 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
716 DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
720 *ipaddr = *interpret_addr2(ip);
722 /* Extra feature. If the name ends in '#XX', where XX is a hex number,
723 then only add that name type. */
724 if((ptr1 = strchr_m(name, '#')) != NULL) {
728 *name_type = (int)strtol(ptr1, &endptr, 16);
729 if(!*ptr1 || (endptr == ptr1)) {
730 DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
734 *(--ptr1) = '\0'; /* Truncate at the '#' */
743 /********************************************************
744 Finish parsing the lmhosts file.
745 *********************************************************/
747 void endlmhosts(XFILE *fp)
752 /********************************************************
753 convert an array if struct in_addrs to struct ip_service
754 return False on failure. Port is set to PORT_NONE;
755 *********************************************************/
757 static BOOL convert_ip2service( struct ip_service **return_iplist, struct in_addr *ip_list, int count )
761 if ( count==0 || !ip_list )
764 /* copy the ip address; port will be PORT_NONE */
765 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
766 DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
770 for ( i=0; i<count; i++ ) {
771 (*return_iplist)[i].ip = ip_list[i];
772 (*return_iplist)[i].port = PORT_NONE;
777 /********************************************************
778 Resolve via "bcast" method.
779 *********************************************************/
781 BOOL name_resolve_bcast(const char *name, int name_type,
782 struct ip_service **return_iplist, int *return_count)
785 int num_interfaces = iface_count();
786 struct in_addr *ip_list;
789 if (lp_disable_netbios()) {
790 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n", name, name_type));
794 *return_iplist = NULL;
798 * "bcast" means do a broadcast lookup on all the local interfaces.
801 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup for name %s<0x%x>\n", name, name_type));
803 sock = open_socket_in( SOCK_DGRAM, 0, 3,
804 interpret_addr(lp_socket_address()), True );
806 if (sock == -1) return False;
808 set_socket_options(sock,"SO_BROADCAST");
810 * Lookup the name on all the interfaces, return on
811 * the first successful match.
813 for( i = num_interfaces-1; i >= 0; i--) {
814 struct in_addr sendto_ip;
816 /* Done this way to fix compiler error on IRIX 5.x */
817 sendto_ip = *iface_n_bcast(i);
818 ip_list = name_query(sock, name, name_type, True,
819 True, sendto_ip, return_count, &flags, NULL);
824 /* failed - no response */
831 if ( !convert_ip2service(return_iplist, ip_list, *return_count) )
834 SAFE_FREE( ip_list );
839 /********************************************************
840 Resolve via "wins" method.
841 *********************************************************/
843 BOOL resolve_wins(const char *name, int name_type,
844 struct ip_service **return_iplist, int *return_count)
848 struct in_addr src_ip, *ip_list = NULL;
851 if (lp_disable_netbios()) {
852 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n", name, name_type));
856 *return_iplist = NULL;
859 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n", name, name_type));
861 if (wins_srv_count() < 1) {
862 DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n"));
866 /* we try a lookup on each of the WINS tags in turn */
867 wins_tags = wins_srv_tags();
870 /* huh? no tags?? give up in disgust */
874 /* the address we will be sending from */
875 src_ip = *interpret_addr2(lp_socket_address());
877 /* in the worst case we will try every wins server with every
879 for (t=0; wins_tags && wins_tags[t]; t++) {
880 int srv_count = wins_srv_count_tag(wins_tags[t]);
881 for (i=0; i<srv_count; i++) {
882 struct in_addr wins_ip;
886 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
888 if (global_in_nmbd && ismyip(wins_ip)) {
889 /* yikes! we'll loop forever */
893 /* skip any that have been unresponsive lately */
894 if (wins_srv_is_dead(wins_ip, src_ip)) {
898 DEBUG(3,("resolve_wins: using WINS server %s and tag '%s'\n", inet_ntoa(wins_ip), wins_tags[t]));
900 sock = open_socket_in(SOCK_DGRAM, 0, 3, src_ip.s_addr, True);
905 ip_list = name_query(sock,name,name_type, False,
906 True, wins_ip, return_count, &flags,
909 /* exit loop if we got a list of addresses */
917 /* Timed out wating for WINS server to respond. Mark it dead. */
918 wins_srv_died(wins_ip, src_ip);
920 /* The name definately isn't in this
921 group of WINS servers. goto the next group */
927 wins_srv_tags_free(wins_tags);
932 if ( !convert_ip2service( return_iplist, ip_list, *return_count ) )
935 SAFE_FREE( ip_list );
936 wins_srv_tags_free(wins_tags);
942 /********************************************************
943 Resolve via "lmhosts" method.
944 *********************************************************/
946 static BOOL resolve_lmhosts(const char *name, int name_type,
947 struct ip_service **return_iplist, int *return_count)
950 * "lmhosts" means parse the local lmhosts file.
956 struct in_addr return_ip;
959 *return_iplist = NULL;
962 DEBUG(3,("resolve_lmhosts: Attempting lmhosts lookup for name %s<0x%x>\n", name, name_type));
964 fp = startlmhosts(dyn_LMHOSTSFILE);
969 while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip))
972 if (!strequal(name, lmhost_name))
975 if ((name_type2 != -1) && (name_type != name_type2))
978 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist), struct ip_service,
981 if ((*return_iplist) == NULL) {
983 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
987 (*return_iplist)[*return_count].ip = return_ip;
988 (*return_iplist)[*return_count].port = PORT_NONE;
991 /* we found something */
994 /* Multiple names only for DC lookup */
995 if (name_type != 0x1c)
1005 /********************************************************
1006 Resolve via "hosts" method.
1007 *********************************************************/
1009 static BOOL resolve_hosts(const char *name, int name_type,
1010 struct ip_service **return_iplist, int *return_count)
1013 * "host" means do a localhost, or dns lookup.
1017 if ( name_type != 0x20 && name_type != 0x0) {
1018 DEBUG(5, ("resolve_hosts: not appropriate for name type <0x%x>\n", name_type));
1022 *return_iplist = NULL;
1025 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n", name, name_type));
1027 if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
1028 struct in_addr return_ip;
1029 putip((char *)&return_ip,(char *)hp->h_addr);
1030 *return_iplist = SMB_MALLOC_P(struct ip_service);
1031 if(*return_iplist == NULL) {
1032 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1035 (*return_iplist)->ip = return_ip;
1036 (*return_iplist)->port = PORT_NONE;
1043 /********************************************************
1044 Resolve via "ADS" method.
1045 *********************************************************/
1047 static BOOL resolve_ads(const char *name, int name_type,
1048 const char *sitename,
1049 struct ip_service **return_iplist, int *return_count)
1054 struct dns_rr_srv *dcs = NULL;
1058 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE))
1061 DEBUG(5,("resolve_ads: Attempting to resolve DC's for %s using DNS\n",
1064 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1065 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1069 if (name_type == KDC_NAME_TYPE) {
1070 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs, &numdcs);
1072 status = ads_dns_query_dcs(ctx, name, sitename, &dcs, &numdcs);
1074 if ( !NT_STATUS_IS_OK( status ) ) {
1075 talloc_destroy(ctx);
1079 for (i=0;i<numdcs;i++) {
1080 numaddrs += MAX(dcs[i].num_ips,1);
1083 if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) == NULL ) {
1084 DEBUG(0,("resolve_ads: malloc failed for %d entries\n", numaddrs ));
1085 talloc_destroy(ctx);
1089 /* now unroll the list of IP addresses */
1094 while ( i < numdcs && (*return_count<numaddrs) ) {
1095 struct ip_service *r = &(*return_iplist)[*return_count];
1097 r->port = dcs[i].port;
1099 /* If we don't have an IP list for a name, lookup it up */
1101 if ( !dcs[i].ips ) {
1102 r->ip = *interpret_addr2(dcs[i].hostname);
1106 /* use the IP addresses from the SRV sresponse */
1108 if ( j >= dcs[i].num_ips ) {
1114 r->ip = dcs[i].ips[j];
1118 /* make sure it is a valid IP. I considered checking the negative
1119 connection cache, but this is the wrong place for it. Maybe only
1120 as a hac. After think about it, if all of the IP addresses retuend
1121 from DNS are dead, what hope does a netbios name lookup have?
1122 The standard reason for falling back to netbios lookups is that
1123 our DNS server doesn't know anything about the DC's -- jerry */
1125 if ( ! is_zero_ip(r->ip) )
1129 talloc_destroy(ctx);
1133 /*******************************************************************
1134 Internal interface to resolve a name into an IP address.
1135 Use this function if the string is either an IP address, DNS
1136 or host name or NetBIOS name. This uses the name switch in the
1137 smb.conf to determine the order of name resolution.
1139 Added support for ip addr/port to support ADS ldap servers.
1140 the only place we currently care about the port is in the
1141 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1142 **********************************************************************/
1144 BOOL internal_resolve_name(const char *name, int name_type,
1145 const char *sitename,
1146 struct ip_service **return_iplist,
1147 int *return_count, const char *resolve_order)
1149 pstring name_resolve_list;
1152 BOOL allones = (strcmp(name,"255.255.255.255") == 0);
1153 BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
1154 BOOL is_address = is_ipaddress(name);
1155 BOOL result = False;
1158 *return_iplist = NULL;
1161 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1162 name, name_type, sitename ? sitename : NULL));
1164 if (allzeros || allones || is_address) {
1166 if ( (*return_iplist = SMB_MALLOC_P(struct ip_service)) == NULL ) {
1167 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1172 /* ignore the port here */
1173 (*return_iplist)->port = PORT_NONE;
1175 /* if it's in the form of an IP address then get the lib to interpret it */
1176 if (((*return_iplist)->ip.s_addr = inet_addr(name)) == 0xFFFFFFFF ){
1177 DEBUG(1,("internal_resolve_name: inet_addr failed on %s\n", name));
1178 SAFE_FREE(*return_iplist);
1182 (*return_iplist)->ip.s_addr = allones ? 0xFFFFFFFF : 0;
1188 /* Check name cache */
1190 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1191 /* This could be a negative response */
1192 return (*return_count > 0);
1195 /* set the name resolution order */
1197 if ( strcmp( resolve_order, "NULL") == 0 ) {
1198 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1202 if ( !resolve_order ) {
1203 pstrcpy(name_resolve_list, lp_name_resolve_order());
1205 pstrcpy(name_resolve_list, resolve_order);
1208 if ( !name_resolve_list[0] ) {
1211 ptr = name_resolve_list;
1214 /* iterate through the name resolution backends */
1216 while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
1217 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1218 if (resolve_hosts(name, name_type, return_iplist, return_count)) {
1222 } else if(strequal( tok, "kdc")) {
1223 /* deal with KDC_NAME_TYPE names here. This will result in a
1224 SRV record lookup */
1225 if (resolve_ads(name, KDC_NAME_TYPE, sitename, return_iplist, return_count)) {
1227 /* Ensure we don't namecache this with the KDC port. */
1228 name_type = KDC_NAME_TYPE;
1231 } else if(strequal( tok, "ads")) {
1232 /* deal with 0x1c names here. This will result in a
1233 SRV record lookup */
1234 if (resolve_ads(name, name_type, sitename, return_iplist, return_count)) {
1238 } else if(strequal( tok, "lmhosts")) {
1239 if (resolve_lmhosts(name, name_type, return_iplist, return_count)) {
1243 } else if(strequal( tok, "wins")) {
1244 /* don't resolve 1D via WINS */
1245 if (name_type != 0x1D && resolve_wins(name, name_type, return_iplist, return_count)) {
1249 } else if(strequal( tok, "bcast")) {
1250 if (name_resolve_bcast(name, name_type, return_iplist, return_count)) {
1255 DEBUG(0,("resolve_name: unknown name switch type %s\n", tok));
1259 /* All of the resolve_* functions above have returned false. */
1261 SAFE_FREE(*return_iplist);
1268 /* Remove duplicate entries. Some queries, notably #1c (domain
1269 controllers) return the PDC in iplist[0] and then all domain
1270 controllers including the PDC in iplist[1..n]. Iterating over
1271 the iplist when the PDC is down will cause two sets of timeouts. */
1273 if ( *return_count ) {
1274 *return_count = remove_duplicate_addrs2( *return_iplist, *return_count );
1277 /* Save in name cache */
1278 if ( DEBUGLEVEL >= 100 ) {
1279 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++)
1280 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n", name,
1281 name_type, inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1284 namecache_store(name, name_type, *return_count, *return_iplist);
1286 /* Display some debugging info */
1288 if ( DEBUGLEVEL >= 10 ) {
1289 DEBUG(10, ("internal_resolve_name: returning %d addresses: ", *return_count));
1291 for (i = 0; i < *return_count; i++) {
1292 DEBUGADD(10, ("%s:%d ", inet_ntoa((*return_iplist)[i].ip), (*return_iplist)[i].port));
1300 /********************************************************
1301 Internal interface to resolve a name into one IP address.
1302 Use this function if the string is either an IP address, DNS
1303 or host name or NetBIOS name. This uses the name switch in the
1304 smb.conf to determine the order of name resolution.
1305 *********************************************************/
1307 BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
1309 struct ip_service *ip_list = NULL;
1310 char *sitename = sitename_fetch(lp_realm()); /* wild guess */
1313 if (is_ipaddress(name)) {
1314 *return_ip = *interpret_addr2(name);
1315 SAFE_FREE(sitename);
1319 if (internal_resolve_name(name, name_type, sitename, &ip_list, &count, lp_name_resolve_order())) {
1322 /* only return valid addresses for TCP connections */
1323 for (i=0; i<count; i++) {
1324 char *ip_str = inet_ntoa(ip_list[i].ip);
1326 strcmp(ip_str, "255.255.255.255") != 0 &&
1327 strcmp(ip_str, "0.0.0.0") != 0)
1329 *return_ip = ip_list[i].ip;
1331 SAFE_FREE(sitename);
1338 SAFE_FREE(sitename);
1342 /********************************************************
1343 Find the IP address of the master browser or DMB for a workgroup.
1344 *********************************************************/
1346 BOOL find_master_ip(const char *group, struct in_addr *master_ip)
1348 struct ip_service *ip_list = NULL;
1351 if (lp_disable_netbios()) {
1352 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1356 if (internal_resolve_name(group, 0x1D, NULL, &ip_list, &count, lp_name_resolve_order())) {
1357 *master_ip = ip_list[0].ip;
1361 if(internal_resolve_name(group, 0x1B, NULL, &ip_list, &count, lp_name_resolve_order())) {
1362 *master_ip = ip_list[0].ip;
1371 /********************************************************
1372 Get the IP address list of the primary domain controller
1374 *********************************************************/
1376 BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
1378 struct ip_service *ip_list = NULL;
1381 /* Look up #1B name */
1383 if (!internal_resolve_name(domain, 0x1b, NULL, &ip_list, &count, lp_name_resolve_order())) {
1387 /* if we get more than 1 IP back we have to assume it is a
1388 multi-homed PDC and not a mess up */
1391 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1392 sort_ip_list2( ip_list, count );
1395 *ip = ip_list[0].ip;
1402 /* Private enum type for lookups. */
1404 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1406 /********************************************************
1407 Get the IP address list of the domain controllers for
1409 *********************************************************/
1411 static NTSTATUS get_dc_list(const char *domain, const char *sitename, struct ip_service **ip_list,
1412 int *count, enum dc_lookup_type lookup_type, int *ordered)
1414 fstring resolve_order;
1415 char *saf_servername;
1421 int num_addresses = 0;
1422 int local_count, i, j;
1423 struct ip_service *return_iplist = NULL;
1424 struct ip_service *auto_ip_list = NULL;
1425 BOOL done_auto_lookup = False;
1430 /* if we are restricted to solely using DNS for looking
1431 up a domain controller, make sure that host lookups
1432 are enabled for the 'name resolve order'. If host lookups
1433 are disabled and ads_only is True, then set the string to
1436 fstrcpy( resolve_order, lp_name_resolve_order() );
1437 strlower_m( resolve_order );
1438 if ( lookup_type == DC_ADS_ONLY) {
1439 if ( strstr( resolve_order, "host" ) ) {
1440 fstrcpy( resolve_order, "ads" );
1442 /* DNS SRV lookups used by the ads resolver
1443 are already sorted by priority and weight */
1446 fstrcpy( resolve_order, "NULL" );
1448 } else if (lookup_type == DC_KDC_ONLY) {
1449 /* DNS SRV lookups used by the ads/kdc resolver
1450 are already sorted by priority and weight */
1452 fstrcpy( resolve_order, "kdc" );
1455 /* fetch the server we have affinity for. Add the
1456 'password server' list to a search for our domain controllers */
1458 saf_servername = saf_fetch( domain);
1460 if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
1461 pstr_sprintf( pserver, "%s, %s",
1462 saf_servername ? saf_servername : "",
1463 lp_passwordserver() );
1465 pstr_sprintf( pserver, "%s, *",
1466 saf_servername ? saf_servername : "" );
1469 SAFE_FREE( saf_servername );
1471 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1474 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1475 /* TODO: change return type of internal_resolve_name to
1477 if (internal_resolve_name(domain, 0x1C, sitename, ip_list, count,
1479 return NT_STATUS_OK;
1481 return NT_STATUS_NO_LOGON_SERVERS;
1485 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1488 * if '*' appears in the "password server" list then add
1489 * an auto lookup to the list of manually configured
1490 * DC's. If any DC is listed by name, then the list should be
1491 * considered to be ordered
1495 while (next_token(&p,name,LIST_SEP,sizeof(name))) {
1496 if (strequal(name, "*")) {
1497 if (internal_resolve_name(domain, 0x1C, sitename, &auto_ip_list,
1498 &auto_count, resolve_order))
1499 num_addresses += auto_count;
1500 done_auto_lookup = True;
1501 DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
1507 /* if we have no addresses and haven't done the auto lookup, then
1508 just return the list of DC's. Or maybe we just failed. */
1510 if ( (num_addresses == 0) ) {
1511 if ( done_auto_lookup ) {
1512 DEBUG(4,("get_dc_list: no servers found\n"));
1513 SAFE_FREE(auto_ip_list);
1514 return NT_STATUS_NO_LOGON_SERVERS;
1516 if (internal_resolve_name(domain, 0x1C, sitename, ip_list, count,
1518 return NT_STATUS_OK;
1520 return NT_STATUS_NO_LOGON_SERVERS;
1524 if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
1525 DEBUG(3,("get_dc_list: malloc fail !\n"));
1526 SAFE_FREE(auto_ip_list);
1527 return NT_STATUS_NO_MEMORY;
1533 /* fill in the return list now with real IP's */
1535 while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
1536 struct in_addr name_ip;
1538 /* copy any addersses from the auto lookup */
1540 if ( strequal(name, "*") ) {
1541 for ( j=0; j<auto_count; j++ ) {
1542 /* Check for and don't copy any known bad DC IP's. */
1543 if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1544 inet_ntoa(auto_ip_list[j].ip)))) {
1545 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
1546 inet_ntoa(auto_ip_list[j].ip) ));
1549 return_iplist[local_count].ip = auto_ip_list[j].ip;
1550 return_iplist[local_count].port = auto_ip_list[j].port;
1557 /* added support for address:port syntax for ads (not that I think
1558 anyone will ever run the LDAP server in an AD domain on something
1559 other than port 389 */
1561 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1562 if ( (port_str=strchr(name, ':')) != NULL ) {
1565 port = atoi( port_str );
1568 /* explicit lookup; resolve_name() will handle names & IP addresses */
1569 if ( resolve_name( name, &name_ip, 0x20 ) ) {
1571 /* Check for and don't copy any known bad DC IP's. */
1572 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
1573 DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
1577 return_iplist[local_count].ip = name_ip;
1578 return_iplist[local_count].port = port;
1584 SAFE_FREE(auto_ip_list);
1586 /* need to remove duplicates in the list if we have any
1587 explicit password servers */
1589 if ( local_count ) {
1590 local_count = remove_duplicate_addrs2( return_iplist, local_count );
1593 if ( DEBUGLEVEL >= 4 ) {
1594 DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
1595 *ordered ? "":"un"));
1596 DEBUG(4,("get_dc_list: "));
1597 for ( i=0; i<local_count; i++ )
1598 DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
1602 *ip_list = return_iplist;
1603 *count = local_count;
1605 return ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
1608 /*********************************************************************
1609 Small wrapper function to get the DC list and sort it if neccessary.
1610 *********************************************************************/
1612 NTSTATUS get_sorted_dc_list( const char *domain, const char *sitename, struct ip_service **ip_list, int *count, BOOL ads_only )
1616 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
1618 DEBUG(8,("get_sorted_dc_list: attempting lookup for name %s (sitename %s) "
1621 sitename ? sitename : "NULL",
1622 (ads_only ? "ads" : lp_name_resolve_order())));
1625 lookup_type = DC_ADS_ONLY;
1628 status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered);
1629 if (!NT_STATUS_IS_OK(status)) {
1633 /* only sort if we don't already have an ordered list */
1635 sort_ip_list2( *ip_list, *count );
1638 return NT_STATUS_OK;
1641 /*********************************************************************
1642 Get the KDC list - re-use all the logic in get_dc_list.
1643 *********************************************************************/
1645 NTSTATUS get_kdc_list( const char *realm, const char *sitename, struct ip_service **ip_list, int *count)
1653 status = get_dc_list(realm, sitename, ip_list, count, DC_KDC_ONLY, &ordered);
1655 if (!NT_STATUS_IS_OK(status)) {
1659 /* only sort if we don't already have an ordered list */
1661 sort_ip_list2( *ip_list, *count );
1664 return NT_STATUS_OK;
git.samba.org / samba.git / blob