search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:kdc Fill in more data fields
[Samba/ekacnet.git] / source3 / libsmb / namequery.c
bloba6fc612a0f425d77a64ef0f4b3439aa582d0c7f4
1 /*
2 Unix SMB/CIFS implementation.
3 name query routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 /* nmbd.c sets this to True. */
24 bool global_in_nmbd = False;
25
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
29
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
32
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
36 #define SAF_TTL 900
37 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
38 #define SAFJOIN_TTL 3600
39
40 static char *saf_key(const char *domain)
41 {
42 char *keystr;
43
44 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
45
46 return keystr;
47 }
48
49 static char *saf_join_key(const char *domain)
50 {
51 char *keystr;
52
53 asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
54
55 return keystr;
56 }
57
58 /****************************************************************************
59 ****************************************************************************/
60
61 bool saf_store( const char *domain, const char *servername )
62 {
63 char *key;
64 time_t expire;
65 bool ret = False;
66
67 if ( !domain || !servername ) {
68 DEBUG(2,("saf_store: "
69 "Refusing to store empty domain or servername!\n"));
70 return False;
71 }
72
73 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
74 DEBUG(0,("saf_store: "
75 "refusing to store 0 length domain or servername!\n"));
76 return False;
77 }
78
79 key = saf_key( domain );
80 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
81
82 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
83 domain, servername, (unsigned int)expire ));
84
85 ret = gencache_set( key, servername, expire );
86
87 SAFE_FREE( key );
88
89 return ret;
90 }
91
92 bool saf_join_store( const char *domain, const char *servername )
93 {
94 char *key;
95 time_t expire;
96 bool ret = False;
97
98 if ( !domain || !servername ) {
99 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
100 return False;
101 }
102
103 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
104 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
105 return False;
106 }
107
108 key = saf_join_key( domain );
109 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
110
111 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
112 domain, servername, (unsigned int)expire ));
113
114 ret = gencache_set( key, servername, expire );
115
116 SAFE_FREE( key );
117
118 return ret;
119 }
120
121 bool saf_delete( const char *domain )
122 {
123 char *key;
124 bool ret = False;
125
126 if ( !domain ) {
127 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
128 return False;
129 }
130
131 key = saf_join_key(domain);
132 ret = gencache_del(key);
133 SAFE_FREE(key);
134
135 if (ret) {
136 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
137 }
138
139 key = saf_key(domain);
140 ret = gencache_del(key);
141 SAFE_FREE(key);
142
143 if (ret) {
144 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
145 }
146
147 return ret;
148 }
149
150 /****************************************************************************
151 ****************************************************************************/
152
153 char *saf_fetch( const char *domain )
154 {
155 char *server = NULL;
156 time_t timeout;
157 bool ret = False;
158 char *key = NULL;
159
160 if ( !domain || strlen(domain) == 0) {
161 DEBUG(2,("saf_fetch: Empty domain name!\n"));
162 return NULL;
163 }
164
165 key = saf_join_key( domain );
166
167 ret = gencache_get( key, &server, &timeout );
168
169 SAFE_FREE( key );
170
171 if ( ret ) {
172 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
173 server, domain ));
174 return server;
175 }
176
177 key = saf_key( domain );
178
179 ret = gencache_get( key, &server, &timeout );
180
181 SAFE_FREE( key );
182
183 if ( !ret ) {
184 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
185 domain ));
186 } else {
187 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
188 server, domain ));
189 }
190
191 return server;
192 }
193
194 /****************************************************************************
195 Generate a random trn_id.
196 ****************************************************************************/
197
198 static int generate_trn_id(void)
199 {
200 uint16 id;
201
202 generate_random_buffer((uint8 *)&id, sizeof(id));
203
204 return id % (unsigned)0x7FFF;
205 }
206
207 /****************************************************************************
208 Parse a node status response into an array of structures.
209 ****************************************************************************/
210
211 static NODE_STATUS_STRUCT *parse_node_status(char *p,
212 int *num_names,
213 struct node_status_extra *extra)
214 {
215 NODE_STATUS_STRUCT *ret;
216 int i;
217
218 *num_names = CVAL(p,0);
219
220 if (*num_names == 0)
221 return NULL;
222
223 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
224 if (!ret)
225 return NULL;
226
227 p++;
228 for (i=0;i< *num_names;i++) {
229 StrnCpy(ret[i].name,p,15);
230 trim_char(ret[i].name,'\0',' ');
231 ret[i].type = CVAL(p,15);
232 ret[i].flags = p[16];
233 p += 18;
234 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
235 ret[i].type, ret[i].flags));
236 }
237 /*
238 * Also, pick up the MAC address ...
239 */
240 if (extra) {
241 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
242 }
243 return ret;
244 }
245
246
247 /****************************************************************************
248 Do a NBT node status query on an open socket and return an array of
249 structures holding the returned names or NULL if the query failed.
250 **************************************************************************/
251
252 NODE_STATUS_STRUCT *node_status_query(int fd,
253 struct nmb_name *name,
254 const struct sockaddr_storage *to_ss,
255 int *num_names,
256 struct node_status_extra *extra)
257 {
258 bool found=False;
259 int retries = 2;
260 int retry_time = 2000;
261 struct timeval tval;
262 struct packet_struct p;
263 struct packet_struct *p2;
264 struct nmb_packet *nmb = &p.packet.nmb;
265 NODE_STATUS_STRUCT *ret;
266
267 ZERO_STRUCT(p);
268
269 if (to_ss->ss_family != AF_INET) {
270 /* Can't do node status to IPv6 */
271 return NULL;
272 }
273 nmb->header.name_trn_id = generate_trn_id();
274 nmb->header.opcode = 0;
275 nmb->header.response = false;
276 nmb->header.nm_flags.bcast = false;
277 nmb->header.nm_flags.recursion_available = false;
278 nmb->header.nm_flags.recursion_desired = false;
279 nmb->header.nm_flags.trunc = false;
280 nmb->header.nm_flags.authoritative = false;
281 nmb->header.rcode = 0;
282 nmb->header.qdcount = 1;
283 nmb->header.ancount = 0;
284 nmb->header.nscount = 0;
285 nmb->header.arcount = 0;
286 nmb->question.question_name = *name;
287 nmb->question.question_type = 0x21;
288 nmb->question.question_class = 0x1;
289
290 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
291 p.port = NMB_PORT;
292 p.fd = fd;
293 p.timestamp = time(NULL);
294 p.packet_type = NMB_PACKET;
295
296 GetTimeOfDay(&tval);
297
298 if (!send_packet(&p))
299 return NULL;
300
301 retries--;
302
303 while (1) {
304 struct timeval tval2;
305 GetTimeOfDay(&tval2);
306 if (TvalDiff(&tval,&tval2) > retry_time) {
307 if (!retries)
308 break;
309 if (!found && !send_packet(&p))
310 return NULL;
311 GetTimeOfDay(&tval);
312 retries--;
313 }
314
315 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
316 struct nmb_packet *nmb2 = &p2->packet.nmb;
317 debug_nmb_packet(p2);
318
319 if (nmb2->header.opcode != 0 ||
320 nmb2->header.nm_flags.bcast ||
321 nmb2->header.rcode ||
322 !nmb2->header.ancount ||
323 nmb2->answers->rr_type != 0x21) {
324 /* XXXX what do we do with this? could be a
325 redirect, but we'll discard it for the
326 moment */
327 free_packet(p2);
328 continue;
329 }
330
331 ret = parse_node_status(&nmb2->answers->rdata[0],
332 num_names, extra);
333 free_packet(p2);
334 return ret;
335 }
336 }
337
338 return NULL;
339 }
340
341 /****************************************************************************
342 Find the first type XX name in a node status reply - used for finding
343 a servers name given its IP. Return the matched name in *name.
344 **************************************************************************/
345
346 bool name_status_find(const char *q_name,
347 int q_type,
348 int type,
349 const struct sockaddr_storage *to_ss,
350 fstring name)
351 {
352 char addr[INET6_ADDRSTRLEN];
353 struct sockaddr_storage ss;
354 NODE_STATUS_STRUCT *status = NULL;
355 struct nmb_name nname;
356 int count, i;
357 int sock;
358 bool result = false;
359
360 if (lp_disable_netbios()) {
361 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
362 q_name, q_type));
363 return False;
364 }
365
366 print_sockaddr(addr, sizeof(addr), to_ss);
367
368 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
369 q_type, addr));
370
371 /* Check the cache first. */
372
373 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
374 return True;
375 }
376
377 if (to_ss->ss_family != AF_INET) {
378 /* Can't do node status to IPv6 */
379 return false;
380 }
381
382 if (!interpret_string_addr(&ss, lp_socket_address(),
383 AI_NUMERICHOST|AI_PASSIVE)) {
384 zero_sockaddr(&ss);
385 }
386
387 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
388 if (sock == -1)
389 goto done;
390
391 /* W2K PDC's seem not to respond to '*'#0. JRA */
392 make_nmb_name(&nname, q_name, q_type);
393 status = node_status_query(sock, &nname, to_ss, &count, NULL);
394 close(sock);
395 if (!status)
396 goto done;
397
398 for (i=0;i<count;i++) {
399 /* Find first one of the requested type that's not a GROUP. */
400 if (status[i].type == type && ! (status[i].flags & 0x80))
401 break;
402 }
403 if (i == count)
404 goto done;
405
406 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
407
408 /* Store the result in the cache. */
409 /* but don't store an entry for 0x1c names here. Here we have
410 a single host and DOMAIN<0x1c> names should be a list of hosts */
411
412 if ( q_type != 0x1c ) {
413 namecache_status_store(q_name, q_type, type, to_ss, name);
414 }
415
416 result = true;
417
418 done:
419 SAFE_FREE(status);
420
421 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
422
423 if (result)
424 DEBUGADD(10, (", name %s ip address is %s", name, addr));
425
426 DEBUG(10, ("\n"));
427
428 return result;
429 }
430
431 /*
432 comparison function used by sort_addr_list
433 */
434
435 static int addr_compare(const struct sockaddr *ss1,
436 const struct sockaddr *ss2)
437 {
438 int max_bits1=0, max_bits2=0;
439 int num_interfaces = iface_count();
440 int i;
441
442 /* Sort IPv4 addresses first. */
443 if (ss1->sa_family != ss2->sa_family) {
444 if (ss2->sa_family == AF_INET) {
445 return 1;
446 } else {
447 return -1;
448 }
449 }
450
451 /* Here we know both addresses are of the same
452 * family. */
453
454 for (i=0;i<num_interfaces;i++) {
455 const struct sockaddr_storage *pss = iface_n_bcast(i);
456 unsigned char *p_ss1 = NULL;
457 unsigned char *p_ss2 = NULL;
458 unsigned char *p_if = NULL;
459 size_t len = 0;
460 int bits1, bits2;
461
462 if (pss->ss_family != ss1->sa_family) {
463 /* Ignore interfaces of the wrong type. */
464 continue;
465 }
466 if (pss->ss_family == AF_INET) {
467 p_if = (unsigned char *)
468 &((const struct sockaddr_in *)pss)->sin_addr;
469 p_ss1 = (unsigned char *)
470 &((const struct sockaddr_in *)ss1)->sin_addr;
471 p_ss2 = (unsigned char *)
472 &((const struct sockaddr_in *)ss2)->sin_addr;
473 len = 4;
474 }
475 #if defined(HAVE_IPV6)
476 if (pss->ss_family == AF_INET6) {
477 p_if = (unsigned char *)
478 &((const struct sockaddr_in6 *)pss)->sin6_addr;
479 p_ss1 = (unsigned char *)
480 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
481 p_ss2 = (unsigned char *)
482 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
483 len = 16;
484 }
485 #endif
486 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
487 continue;
488 }
489 bits1 = matching_len_bits(p_ss1, p_if, len);
490 bits2 = matching_len_bits(p_ss2, p_if, len);
491 max_bits1 = MAX(bits1, max_bits1);
492 max_bits2 = MAX(bits2, max_bits2);
493 }
494
495 /* Bias towards directly reachable IPs */
496 if (iface_local(ss1)) {
497 if (ss1->sa_family == AF_INET) {
498 max_bits1 += 32;
499 } else {
500 max_bits1 += 128;
501 }
502 }
503 if (iface_local(ss2)) {
504 if (ss2->sa_family == AF_INET) {
505 max_bits2 += 32;
506 } else {
507 max_bits2 += 128;
508 }
509 }
510 return max_bits2 - max_bits1;
511 }
512
513 /*******************************************************************
514 compare 2 ldap IPs by nearness to our interfaces - used in qsort
515 *******************************************************************/
516
517 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
518 {
519 int result;
520
521 if ((result = addr_compare((struct sockaddr *)&ss1->ss, (struct sockaddr *)&ss2->ss)) != 0) {
522 return result;
523 }
524
525 if (ss1->port > ss2->port) {
526 return 1;
527 }
528
529 if (ss1->port < ss2->port) {
530 return -1;
531 }
532
533 return 0;
534 }
535
536 /*
537 sort an IP list so that names that are close to one of our interfaces
538 are at the top. This prevents the problem where a WINS server returns an IP
539 that is not reachable from our subnet as the first match
540 */
541
542 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
543 {
544 if (count <= 1) {
545 return;
546 }
547
548 qsort(sslist, count, sizeof(struct sockaddr_storage),
549 QSORT_CAST addr_compare);
550 }
551
552 static void sort_service_list(struct ip_service *servlist, int count)
553 {
554 if (count <= 1) {
555 return;
556 }
557
558 qsort(servlist, count, sizeof(struct ip_service),
559 QSORT_CAST ip_service_compare);
560 }
561
562 /**********************************************************************
563 Remove any duplicate address/port pairs in the list
564 *********************************************************************/
565
566 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
567 {
568 int i, j;
569
570 DEBUG(10,("remove_duplicate_addrs2: "
571 "looking for duplicate address/port pairs\n"));
572
573 /* one loop to remove duplicates */
574 for ( i=0; i<count; i++ ) {
575 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
576 continue;
577 }
578
579 for ( j=i+1; j<count; j++ ) {
580 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
581 iplist[i].port == iplist[j].port) {
582 zero_sockaddr(&iplist[j].ss);
583 }
584 }
585 }
586
587 /* one loop to clean up any holes we left */
588 /* first ip should never be a zero_ip() */
589 for (i = 0; i<count; ) {
590 if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
591 if (i != count-1) {
592 memmove(&iplist[i], &iplist[i+1],
593 (count - i - 1)*sizeof(iplist[i]));
594 }
595 count--;
596 continue;
597 }
598 i++;
599 }
600
601 return count;
602 }
603
604 static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
605 {
606 TALLOC_CTX *frame = talloc_stackframe();
607 struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
608 int i, j;
609
610 if (iplist_new == NULL) {
611 TALLOC_FREE(frame);
612 return false;
613 }
614
615 j = 0;
616
617 /* Copy IPv4 first. */
618 for (i = 0; i < count; i++) {
619 if (iplist[i].ss.ss_family == AF_INET) {
620 iplist_new[j++] = iplist[i];
621 }
622 }
623
624 /* Copy IPv6. */
625 for (i = 0; i < count; i++) {
626 if (iplist[i].ss.ss_family != AF_INET) {
627 iplist_new[j++] = iplist[i];
628 }
629 }
630
631 memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
632 TALLOC_FREE(frame);
633 return true;
634 }
635
636 /****************************************************************************
637 Do a netbios name query to find someones IP.
638 Returns an array of IP addresses or NULL if none.
639 *count will be set to the number of addresses returned.
640 *timed_out is set if we failed by timing out
641 ****************************************************************************/
642
643 struct sockaddr_storage *name_query(int fd,
644 const char *name,
645 int name_type,
646 bool bcast,
647 bool recurse,
648 const struct sockaddr_storage *to_ss,
649 int *count,
650 int *flags,
651 bool *timed_out)
652 {
653 bool found=false;
654 int i, retries = 3;
655 int retry_time = bcast?250:2000;
656 struct timeval tval;
657 struct packet_struct p;
658 struct packet_struct *p2;
659 struct nmb_packet *nmb = &p.packet.nmb;
660 struct sockaddr_storage *ss_list = NULL;
661
662 if (lp_disable_netbios()) {
663 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
664 name, name_type));
665 return NULL;
666 }
667
668 if (to_ss->ss_family != AF_INET) {
669 return NULL;
670 }
671
672 if (timed_out) {
673 *timed_out = false;
674 }
675
676 memset((char *)&p,'\0',sizeof(p));
677 (*count) = 0;
678 (*flags) = 0;
679
680 nmb->header.name_trn_id = generate_trn_id();
681 nmb->header.opcode = 0;
682 nmb->header.response = false;
683 nmb->header.nm_flags.bcast = bcast;
684 nmb->header.nm_flags.recursion_available = false;
685 nmb->header.nm_flags.recursion_desired = recurse;
686 nmb->header.nm_flags.trunc = false;
687 nmb->header.nm_flags.authoritative = false;
688 nmb->header.rcode = 0;
689 nmb->header.qdcount = 1;
690 nmb->header.ancount = 0;
691 nmb->header.nscount = 0;
692 nmb->header.arcount = 0;
693
694 make_nmb_name(&nmb->question.question_name,name,name_type);
695
696 nmb->question.question_type = 0x20;
697 nmb->question.question_class = 0x1;
698
699 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
700 p.port = NMB_PORT;
701 p.fd = fd;
702 p.timestamp = time(NULL);
703 p.packet_type = NMB_PACKET;
704
705 GetTimeOfDay(&tval);
706
707 if (!send_packet(&p))
708 return NULL;
709
710 retries--;
711
712 while (1) {
713 struct timeval tval2;
714
715 GetTimeOfDay(&tval2);
716 if (TvalDiff(&tval,&tval2) > retry_time) {
717 if (!retries)
718 break;
719 if (!found && !send_packet(&p))
720 return NULL;
721 GetTimeOfDay(&tval);
722 retries--;
723 }
724
725 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
726 struct nmb_packet *nmb2 = &p2->packet.nmb;
727 debug_nmb_packet(p2);
728
729 /* If we get a Negative Name Query Response from a WINS
730 * server, we should report it and give up.
731 */
732 if( 0 == nmb2->header.opcode /* A query response */
733 && !(bcast) /* from a WINS server */
734 && nmb2->header.rcode /* Error returned */
735 ) {
736
737 if( DEBUGLVL( 3 ) ) {
738 /* Only executed if DEBUGLEVEL >= 3 */
739 dbgtext( "Negative name query "
740 "response, rcode 0x%02x: ",
741 nmb2->header.rcode );
742 switch( nmb2->header.rcode ) {
743 case 0x01:
744 dbgtext( "Request "
745 "was invalidly formatted.\n" );
746 break;
747 case 0x02:
748 dbgtext( "Problem with NBNS, "
749 "cannot process name.\n");
750 break;
751 case 0x03:
752 dbgtext( "The name requested "
753 "does not exist.\n" );
754 break;
755 case 0x04:
756 dbgtext( "Unsupported request "
757 "error.\n" );
758 break;
759 case 0x05:
760 dbgtext( "Query refused "
761 "error.\n" );
762 break;
763 default:
764 dbgtext( "Unrecognized error "
765 "code.\n" );
766 break;
767 }
768 }
769 free_packet(p2);
770 return( NULL );
771 }
772
773 if (nmb2->header.opcode != 0 ||
774 nmb2->header.nm_flags.bcast ||
775 nmb2->header.rcode ||
776 !nmb2->header.ancount) {
777 /*
778 * XXXX what do we do with this? Could be a
779 * redirect, but we'll discard it for the
780 * moment.
781 */
782 free_packet(p2);
783 continue;
784 }
785
786 ss_list = SMB_REALLOC_ARRAY(ss_list,
787 struct sockaddr_storage,
788 (*count) +
789 nmb2->answers->rdlength/6);
790
791 if (!ss_list) {
792 DEBUG(0,("name_query: Realloc failed.\n"));
793 free_packet(p2);
794 return NULL;
795 }
796
797 DEBUG(2,("Got a positive name query response "
798 "from %s ( ",
799 inet_ntoa(p2->ip)));
800
801 for (i=0;i<nmb2->answers->rdlength/6;i++) {
802 struct in_addr ip;
803 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
804 in_addr_to_sockaddr_storage(&ss_list[(*count)],
805 ip);
806 DEBUGADD(2,("%s ",inet_ntoa(ip)));
807 (*count)++;
808 }
809 DEBUGADD(2,(")\n"));
810
811 found=true;
812 retries=0;
813 /* We add the flags back ... */
814 if (nmb2->header.response)
815 (*flags) |= NM_FLAGS_RS;
816 if (nmb2->header.nm_flags.authoritative)
817 (*flags) |= NM_FLAGS_AA;
818 if (nmb2->header.nm_flags.trunc)
819 (*flags) |= NM_FLAGS_TC;
820 if (nmb2->header.nm_flags.recursion_desired)
821 (*flags) |= NM_FLAGS_RD;
822 if (nmb2->header.nm_flags.recursion_available)
823 (*flags) |= NM_FLAGS_RA;
824 if (nmb2->header.nm_flags.bcast)
825 (*flags) |= NM_FLAGS_B;
826 free_packet(p2);
827 /*
828 * If we're doing a unicast lookup we only
829 * expect one reply. Don't wait the full 2
830 * seconds if we got one. JRA.
831 */
832 if(!bcast && found)
833 break;
834 }
835 }
836
837 /* only set timed_out if we didn't fund what we where looking for*/
838
839 if ( !found && timed_out ) {
840 *timed_out = true;
841 }
842
843 /* sort the ip list so we choose close servers first if possible */
844 sort_addr_list(ss_list, *count);
845
846 return ss_list;
847 }
848
849 /********************************************************
850 convert an array if struct sockaddr_storage to struct ip_service
851 return false on failure. Port is set to PORT_NONE;
852 *********************************************************/
853
854 static bool convert_ss2service(struct ip_service **return_iplist,
855 const struct sockaddr_storage *ss_list,
856 int count)
857 {
858 int i;
859
860 if ( count==0 || !ss_list )
861 return False;
862
863 /* copy the ip address; port will be PORT_NONE */
864 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
865 NULL) {
866 DEBUG(0,("convert_ip2service: malloc failed "
867 "for %d enetries!\n", count ));
868 return False;
869 }
870
871 for ( i=0; i<count; i++ ) {
872 (*return_iplist)[i].ss = ss_list[i];
873 (*return_iplist)[i].port = PORT_NONE;
874 }
875
876 return true;
877 }
878
879 /********************************************************
880 Resolve via "bcast" method.
881 *********************************************************/
882
883 NTSTATUS name_resolve_bcast(const char *name,
884 int name_type,
885 struct ip_service **return_iplist,
886 int *return_count)
887 {
888 int sock, i;
889 int num_interfaces = iface_count();
890 struct sockaddr_storage *ss_list;
891 struct sockaddr_storage ss;
892 NTSTATUS status;
893
894 if (lp_disable_netbios()) {
895 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
896 name, name_type));
897 return NT_STATUS_INVALID_PARAMETER;
898 }
899
900 *return_iplist = NULL;
901 *return_count = 0;
902
903 /*
904 * "bcast" means do a broadcast lookup on all the local interfaces.
905 */
906
907 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
908 "for name %s<0x%x>\n", name, name_type));
909
910 if (!interpret_string_addr(&ss, lp_socket_address(),
911 AI_NUMERICHOST|AI_PASSIVE)) {
912 zero_sockaddr(&ss);
913 }
914
915 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
916 if (sock == -1) {
917 return NT_STATUS_UNSUCCESSFUL;
918 }
919
920 set_socket_options(sock,"SO_BROADCAST");
921 /*
922 * Lookup the name on all the interfaces, return on
923 * the first successful match.
924 */
925 for( i = num_interfaces-1; i >= 0; i--) {
926 const struct sockaddr_storage *pss = iface_n_bcast(i);
927 int flags;
928
929 /* Done this way to fix compiler error on IRIX 5.x */
930 if (!pss) {
931 continue;
932 }
933 ss_list = name_query(sock, name, name_type, true,
934 true, pss, return_count, &flags, NULL);
935 if (ss_list) {
936 goto success;
937 }
938 }
939
940 /* failed - no response */
941
942 close(sock);
943 return NT_STATUS_UNSUCCESSFUL;
944
945 success:
946
947 status = NT_STATUS_OK;
948 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
949 status = NT_STATUS_INVALID_PARAMETER;
950
951 SAFE_FREE(ss_list);
952 close(sock);
953 return status;
954 }
955
956 /********************************************************
957 Resolve via "wins" method.
958 *********************************************************/
959
960 NTSTATUS resolve_wins(const char *name,
961 int name_type,
962 struct ip_service **return_iplist,
963 int *return_count)
964 {
965 int sock, t, i;
966 char **wins_tags;
967 struct sockaddr_storage src_ss, *ss_list = NULL;
968 struct in_addr src_ip;
969 NTSTATUS status;
970
971 if (lp_disable_netbios()) {
972 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
973 name, name_type));
974 return NT_STATUS_INVALID_PARAMETER;
975 }
976
977 *return_iplist = NULL;
978 *return_count = 0;
979
980 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
981 name, name_type));
982
983 if (wins_srv_count() < 1) {
984 DEBUG(3,("resolve_wins: WINS server resolution selected "
985 "and no WINS servers listed.\n"));
986 return NT_STATUS_INVALID_PARAMETER;
987 }
988
989 /* we try a lookup on each of the WINS tags in turn */
990 wins_tags = wins_srv_tags();
991
992 if (!wins_tags) {
993 /* huh? no tags?? give up in disgust */
994 return NT_STATUS_INVALID_PARAMETER;
995 }
996
997 /* the address we will be sending from */
998 if (!interpret_string_addr(&src_ss, lp_socket_address(),
999 AI_NUMERICHOST|AI_PASSIVE)) {
1000 zero_sockaddr(&src_ss);
1001 }
1002
1003 if (src_ss.ss_family != AF_INET) {
1004 char addr[INET6_ADDRSTRLEN];
1005 print_sockaddr(addr, sizeof(addr), &src_ss);
1006 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1007 "on IPv6 address %s\n",
1008 addr));
1009 wins_srv_tags_free(wins_tags);
1010 return NT_STATUS_INVALID_PARAMETER;
1011 }
1012
1013 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1014
1015 /* in the worst case we will try every wins server with every
1016 tag! */
1017 for (t=0; wins_tags && wins_tags[t]; t++) {
1018 int srv_count = wins_srv_count_tag(wins_tags[t]);
1019 for (i=0; i<srv_count; i++) {
1020 struct sockaddr_storage wins_ss;
1021 struct in_addr wins_ip;
1022 int flags;
1023 bool timed_out;
1024
1025 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1026
1027 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1028 /* yikes! we'll loop forever */
1029 continue;
1030 }
1031
1032 /* skip any that have been unresponsive lately */
1033 if (wins_srv_is_dead(wins_ip, src_ip)) {
1034 continue;
1035 }
1036
1037 DEBUG(3,("resolve_wins: using WINS server %s "
1038 "and tag '%s'\n",
1039 inet_ntoa(wins_ip), wins_tags[t]));
1040
1041 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1042 if (sock == -1) {
1043 continue;
1044 }
1045
1046 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1047 ss_list = name_query(sock,
1048 name,
1049 name_type,
1050 false,
1051 true,
1052 &wins_ss,
1053 return_count,
1054 &flags,
1055 &timed_out);
1056
1057 /* exit loop if we got a list of addresses */
1058
1059 if (ss_list)
1060 goto success;
1061
1062 close(sock);
1063
1064 if (timed_out) {
1065 /* Timed out wating for WINS server to respond.
1066 * Mark it dead. */
1067 wins_srv_died(wins_ip, src_ip);
1068 } else {
1069 /* The name definately isn't in this
1070 group of WINS servers.
1071 goto the next group */
1072 break;
1073 }
1074 }
1075 }
1076
1077 wins_srv_tags_free(wins_tags);
1078 return NT_STATUS_NO_LOGON_SERVERS;
1079
1080 success:
1081
1082 status = NT_STATUS_OK;
1083 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1084 status = NT_STATUS_INVALID_PARAMETER;
1085
1086 SAFE_FREE(ss_list);
1087 wins_srv_tags_free(wins_tags);
1088 close(sock);
1089
1090 return status;
1091 }
1092
1093 /********************************************************
1094 Resolve via "lmhosts" method.
1095 *********************************************************/
1096
1097 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1098 struct ip_service **return_iplist,
1099 int *return_count)
1100 {
1101 /*
1102 * "lmhosts" means parse the local lmhosts file.
1103 */
1104 struct sockaddr_storage *ss_list;
1105 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1106 TALLOC_CTX *ctx = NULL;
1107
1108 *return_iplist = NULL;
1109 *return_count = 0;
1110
1111 DEBUG(3,("resolve_lmhosts: "
1112 "Attempting lmhosts lookup for name %s<0x%x>\n",
1113 name, name_type));
1114
1115 ctx = talloc_init("resolve_lmhosts");
1116 if (!ctx) {
1117 return NT_STATUS_NO_MEMORY;
1118 }
1119
1120 status = resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1121 name, name_type,
1122 ctx,
1123 &ss_list,
1124 return_count);
1125 if (NT_STATUS_IS_OK(status)) {
1126 if (convert_ss2service(return_iplist,
1127 ss_list,
1128 *return_count)) {
1129 talloc_free(ctx);
1130 return NT_STATUS_OK;
1131 } else {
1132 talloc_free(ctx);
1133 return NT_STATUS_NO_MEMORY;
1134 }
1135 }
1136 talloc_free(ctx);
1137 return status;
1138 }
1139
1140
1141 /********************************************************
1142 Resolve via "hosts" method.
1143 *********************************************************/
1144
1145 static NTSTATUS resolve_hosts(const char *name, int name_type,
1146 struct ip_service **return_iplist,
1147 int *return_count)
1148 {
1149 /*
1150 * "host" means do a localhost, or dns lookup.
1151 */
1152 struct addrinfo hints;
1153 struct addrinfo *ailist = NULL;
1154 struct addrinfo *res = NULL;
1155 int ret = -1;
1156 int i = 0;
1157
1158 if ( name_type != 0x20 && name_type != 0x0) {
1159 DEBUG(5, ("resolve_hosts: not appropriate "
1160 "for name type <0x%x>\n",
1161 name_type));
1162 return NT_STATUS_INVALID_PARAMETER;
1163 }
1164
1165 *return_iplist = NULL;
1166 *return_count = 0;
1167
1168 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1169 name, name_type));
1170
1171 ZERO_STRUCT(hints);
1172 /* By default make sure it supports TCP. */
1173 hints.ai_socktype = SOCK_STREAM;
1174 hints.ai_flags = AI_ADDRCONFIG;
1175
1176 #if !defined(HAVE_IPV6)
1177 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1178 hints.ai_family = AF_INET;
1179 #endif
1180
1181 ret = getaddrinfo(name,
1182 NULL,
1183 &hints,
1184 &ailist);
1185 if (ret) {
1186 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1187 name,
1188 gai_strerror(ret) ));
1189 }
1190
1191 for (res = ailist; res; res = res->ai_next) {
1192 struct sockaddr_storage ss;
1193
1194 if (!res->ai_addr || res->ai_addrlen == 0) {
1195 continue;
1196 }
1197
1198 ZERO_STRUCT(ss);
1199 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1200
1201 *return_count += 1;
1202
1203 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1204 struct ip_service,
1205 *return_count);
1206 if (!*return_iplist) {
1207 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1208 freeaddrinfo(ailist);
1209 return NT_STATUS_NO_MEMORY;
1210 }
1211 (*return_iplist)[i].ss = ss;
1212 (*return_iplist)[i].port = PORT_NONE;
1213 i++;
1214 }
1215 if (ailist) {
1216 freeaddrinfo(ailist);
1217 }
1218 if (*return_count) {
1219 return NT_STATUS_OK;
1220 }
1221 return NT_STATUS_UNSUCCESSFUL;
1222 }
1223
1224 /********************************************************
1225 Resolve via "ADS" method.
1226 *********************************************************/
1227
1228 static NTSTATUS resolve_ads(const char *name,
1229 int name_type,
1230 const char *sitename,
1231 struct ip_service **return_iplist,
1232 int *return_count)
1233 {
1234 int i, j;
1235 NTSTATUS status;
1236 TALLOC_CTX *ctx;
1237 struct dns_rr_srv *dcs = NULL;
1238 int numdcs = 0;
1239 int numaddrs = 0;
1240
1241 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1242 (name_type != 0x1b)) {
1243 return NT_STATUS_INVALID_PARAMETER;
1244 }
1245
1246 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1247 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1248 return NT_STATUS_NO_MEMORY;
1249 }
1250
1251 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1252
1253 switch (name_type) {
1254 case 0x1b:
1255 DEBUG(5,("resolve_ads: Attempting to resolve "
1256 "PDC for %s using DNS\n", name));
1257 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1258 break;
1259
1260 case 0x1c:
1261 DEBUG(5,("resolve_ads: Attempting to resolve "
1262 "DCs for %s using DNS\n", name));
1263 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1264 &numdcs);
1265 break;
1266 case KDC_NAME_TYPE:
1267 DEBUG(5,("resolve_ads: Attempting to resolve "
1268 "KDCs for %s using DNS\n", name));
1269 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1270 &numdcs);
1271 break;
1272 default:
1273 status = NT_STATUS_INVALID_PARAMETER;
1274 break;
1275 }
1276
1277 if ( !NT_STATUS_IS_OK( status ) ) {
1278 talloc_destroy(ctx);
1279 return status;
1280 }
1281
1282 for (i=0;i<numdcs;i++) {
1283 numaddrs += MAX(dcs[i].num_ips,1);
1284 }
1285
1286 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1287 NULL ) {
1288 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1289 numaddrs ));
1290 talloc_destroy(ctx);
1291 return NT_STATUS_NO_MEMORY;
1292 }
1293
1294 /* now unroll the list of IP addresses */
1295
1296 *return_count = 0;
1297 i = 0;
1298 j = 0;
1299 while ( i < numdcs && (*return_count<numaddrs) ) {
1300 struct ip_service *r = &(*return_iplist)[*return_count];
1301
1302 r->port = dcs[i].port;
1303
1304 /* If we don't have an IP list for a name, lookup it up */
1305
1306 if (!dcs[i].ss_s) {
1307 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1308 i++;
1309 j = 0;
1310 } else {
1311 /* use the IP addresses from the SRV sresponse */
1312
1313 if ( j >= dcs[i].num_ips ) {
1314 i++;
1315 j = 0;
1316 continue;
1317 }
1318
1319 r->ss = dcs[i].ss_s[j];
1320 j++;
1321 }
1322
1323 /* make sure it is a valid IP. I considered checking the
1324 * negative connection cache, but this is the wrong place
1325 * for it. Maybe only as a hack. After think about it, if
1326 * all of the IP addresses returned from DNS are dead, what
1327 * hope does a netbios name lookup have ? The standard reason
1328 * for falling back to netbios lookups is that our DNS server
1329 * doesn't know anything about the DC's -- jerry */
1330
1331 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1332 (*return_count)++;
1333 }
1334 }
1335
1336 talloc_destroy(ctx);
1337 return NT_STATUS_OK;
1338 }
1339
1340 /*******************************************************************
1341 Internal interface to resolve a name into an IP address.
1342 Use this function if the string is either an IP address, DNS
1343 or host name or NetBIOS name. This uses the name switch in the
1344 smb.conf to determine the order of name resolution.
1345
1346 Added support for ip addr/port to support ADS ldap servers.
1347 the only place we currently care about the port is in the
1348 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1349 **********************************************************************/
1350
1351 NTSTATUS internal_resolve_name(const char *name,
1352 int name_type,
1353 const char *sitename,
1354 struct ip_service **return_iplist,
1355 int *return_count,
1356 const char *resolve_order)
1357 {
1358 char *tok;
1359 const char *ptr;
1360 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1361 int i;
1362 TALLOC_CTX *frame = NULL;
1363
1364 *return_iplist = NULL;
1365 *return_count = 0;
1366
1367 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1368 name, name_type, sitename ? sitename : "(null)"));
1369
1370 if (is_ipaddress(name)) {
1371 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1372 NULL) {
1373 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1374 return NT_STATUS_NO_MEMORY;
1375 }
1376
1377 /* ignore the port here */
1378 (*return_iplist)->port = PORT_NONE;
1379
1380 /* if it's in the form of an IP address then get the lib to interpret it */
1381 if (!interpret_string_addr(&(*return_iplist)->ss,
1382 name, AI_NUMERICHOST)) {
1383 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1384 "failed on %s\n",
1385 name));
1386 SAFE_FREE(*return_iplist);
1387 return NT_STATUS_INVALID_PARAMETER;
1388 }
1389 *return_count = 1;
1390 return NT_STATUS_OK;
1391 }
1392
1393 /* Check name cache */
1394
1395 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1396 /* This could be a negative response */
1397 if (*return_count > 0) {
1398 return NT_STATUS_OK;
1399 } else {
1400 return NT_STATUS_UNSUCCESSFUL;
1401 }
1402 }
1403
1404 /* set the name resolution order */
1405
1406 if (strcmp( resolve_order, "NULL") == 0) {
1407 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1408 return NT_STATUS_INVALID_PARAMETER;
1409 }
1410
1411 if (!resolve_order[0]) {
1412 ptr = "host";
1413 } else {
1414 ptr = resolve_order;
1415 }
1416
1417 /* iterate through the name resolution backends */
1418
1419 frame = talloc_stackframe();
1420 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1421 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1422 status = resolve_hosts(name, name_type, return_iplist,
1423 return_count);
1424 if (NT_STATUS_IS_OK(status)) {
1425 goto done;
1426 }
1427 } else if(strequal( tok, "kdc")) {
1428 /* deal with KDC_NAME_TYPE names here.
1429 * This will result in a SRV record lookup */
1430 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1431 return_iplist, return_count);
1432 if (NT_STATUS_IS_OK(status)) {
1433 /* Ensure we don't namecache
1434 * this with the KDC port. */
1435 name_type = KDC_NAME_TYPE;
1436 goto done;
1437 }
1438 } else if(strequal( tok, "ads")) {
1439 /* deal with 0x1c and 0x1b names here.
1440 * This will result in a SRV record lookup */
1441 status = resolve_ads(name, name_type, sitename,
1442 return_iplist, return_count);
1443 if (NT_STATUS_IS_OK(status)) {
1444 goto done;
1445 }
1446 } else if(strequal( tok, "lmhosts")) {
1447 status = resolve_lmhosts(name, name_type,
1448 return_iplist, return_count);
1449 if (NT_STATUS_IS_OK(status)) {
1450 goto done;
1451 }
1452 } else if(strequal( tok, "wins")) {
1453 /* don't resolve 1D via WINS */
1454 if (name_type != 0x1D) {
1455 status = resolve_wins(name, name_type,
1456 return_iplist,
1457 return_count);
1458 if (NT_STATUS_IS_OK(status)) {
1459 goto done;
1460 }
1461 }
1462 } else if(strequal( tok, "bcast")) {
1463 status = name_resolve_bcast(name, name_type,
1464 return_iplist,
1465 return_count);
1466 if (NT_STATUS_IS_OK(status)) {
1467 goto done;
1468 }
1469 } else {
1470 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1471 tok));
1472 }
1473 }
1474
1475 /* All of the resolve_* functions above have returned false. */
1476
1477 TALLOC_FREE(frame);
1478 SAFE_FREE(*return_iplist);
1479 *return_count = 0;
1480
1481 return NT_STATUS_UNSUCCESSFUL;
1482
1483 done:
1484
1485 /* Remove duplicate entries. Some queries, notably #1c (domain
1486 controllers) return the PDC in iplist[0] and then all domain
1487 controllers including the PDC in iplist[1..n]. Iterating over
1488 the iplist when the PDC is down will cause two sets of timeouts. */
1489
1490 if ( *return_count ) {
1491 *return_count = remove_duplicate_addrs2(*return_iplist,
1492 *return_count );
1493 }
1494
1495 /* Save in name cache */
1496 if ( DEBUGLEVEL >= 100 ) {
1497 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1498 char addr[INET6_ADDRSTRLEN];
1499 print_sockaddr(addr, sizeof(addr),
1500 &(*return_iplist)[i].ss);
1501 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1502 name,
1503 name_type,
1504 addr,
1505 (*return_iplist)[i].port));
1506 }
1507 }
1508
1509 namecache_store(name, name_type, *return_count, *return_iplist);
1510
1511 /* Display some debugging info */
1512
1513 if ( DEBUGLEVEL >= 10 ) {
1514 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1515 *return_count));
1516
1517 for (i = 0; i < *return_count; i++) {
1518 char addr[INET6_ADDRSTRLEN];
1519 print_sockaddr(addr, sizeof(addr),
1520 &(*return_iplist)[i].ss);
1521 DEBUGADD(10, ("%s:%d ",
1522 addr,
1523 (*return_iplist)[i].port));
1524 }
1525 DEBUG(10, ("\n"));
1526 }
1527
1528 TALLOC_FREE(frame);
1529 return status;
1530 }
1531
1532 /********************************************************
1533 Internal interface to resolve a name into one IP address.
1534 Use this function if the string is either an IP address, DNS
1535 or host name or NetBIOS name. This uses the name switch in the
1536 smb.conf to determine the order of name resolution.
1537 *********************************************************/
1538
1539 bool resolve_name(const char *name,
1540 struct sockaddr_storage *return_ss,
1541 int name_type,
1542 bool prefer_ipv4)
1543 {
1544 struct ip_service *ss_list = NULL;
1545 char *sitename = NULL;
1546 int count = 0;
1547
1548 if (is_ipaddress(name)) {
1549 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1550 }
1551
1552 sitename = sitename_fetch(lp_realm()); /* wild guess */
1553
1554 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1555 &ss_list, &count,
1556 lp_name_resolve_order()))) {
1557 int i;
1558
1559 if (prefer_ipv4) {
1560 for (i=0; i<count; i++) {
1561 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1562 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
1563 (ss_list[i].ss.ss_family == AF_INET)) {
1564 *return_ss = ss_list[i].ss;
1565 SAFE_FREE(ss_list);
1566 SAFE_FREE(sitename);
1567 return True;
1568 }
1569 }
1570 }
1571
1572 /* only return valid addresses for TCP connections */
1573 for (i=0; i<count; i++) {
1574 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1575 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1576 *return_ss = ss_list[i].ss;
1577 SAFE_FREE(ss_list);
1578 SAFE_FREE(sitename);
1579 return True;
1580 }
1581 }
1582 }
1583
1584 SAFE_FREE(ss_list);
1585 SAFE_FREE(sitename);
1586 return False;
1587 }
1588
1589 /********************************************************
1590 Internal interface to resolve a name into a list of IP addresses.
1591 Use this function if the string is either an IP address, DNS
1592 or host name or NetBIOS name. This uses the name switch in the
1593 smb.conf to determine the order of name resolution.
1594 *********************************************************/
1595
1596 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1597 const char *name,
1598 int name_type,
1599 struct sockaddr_storage **return_ss_arr,
1600 unsigned int *p_num_entries)
1601 {
1602 struct ip_service *ss_list = NULL;
1603 char *sitename = NULL;
1604 int count = 0;
1605 int i;
1606 unsigned int num_entries;
1607 NTSTATUS status;
1608
1609 *p_num_entries = 0;
1610 *return_ss_arr = NULL;
1611
1612 if (is_ipaddress(name)) {
1613 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1614 if (!*return_ss_arr) {
1615 return NT_STATUS_NO_MEMORY;
1616 }
1617 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1618 TALLOC_FREE(*return_ss_arr);
1619 return NT_STATUS_BAD_NETWORK_NAME;
1620 }
1621 *p_num_entries = 1;
1622 return NT_STATUS_OK;
1623 }
1624
1625 sitename = sitename_fetch(lp_realm()); /* wild guess */
1626
1627 status = internal_resolve_name(name, name_type, sitename,
1628 &ss_list, &count,
1629 lp_name_resolve_order());
1630 SAFE_FREE(sitename);
1631
1632 if (!NT_STATUS_IS_OK(status)) {
1633 return status;
1634 }
1635
1636 /* only return valid addresses for TCP connections */
1637 for (i=0, num_entries = 0; i<count; i++) {
1638 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1639 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1640 num_entries++;
1641 }
1642 }
1643 if (num_entries == 0) {
1644 SAFE_FREE(ss_list);
1645 return NT_STATUS_BAD_NETWORK_NAME;
1646 }
1647
1648 *return_ss_arr = TALLOC_ARRAY(ctx,
1649 struct sockaddr_storage,
1650 num_entries);
1651 if (!(*return_ss_arr)) {
1652 SAFE_FREE(ss_list);
1653 return NT_STATUS_NO_MEMORY;
1654 }
1655
1656 for (i=0, num_entries = 0; i<count; i++) {
1657 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1658 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1659 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
1660 }
1661 }
1662
1663 status = NT_STATUS_OK;
1664 *p_num_entries = num_entries;
1665
1666 SAFE_FREE(ss_list);
1667 return NT_STATUS_OK;
1668 }
1669
1670 /********************************************************
1671 Find the IP address of the master browser or DMB for a workgroup.
1672 *********************************************************/
1673
1674 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1675 {
1676 struct ip_service *ip_list = NULL;
1677 int count = 0;
1678 NTSTATUS status;
1679
1680 if (lp_disable_netbios()) {
1681 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1682 return false;
1683 }
1684
1685 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1686 lp_name_resolve_order());
1687 if (NT_STATUS_IS_OK(status)) {
1688 *master_ss = ip_list[0].ss;
1689 SAFE_FREE(ip_list);
1690 return true;
1691 }
1692
1693 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1694 lp_name_resolve_order());
1695 if (NT_STATUS_IS_OK(status)) {
1696 *master_ss = ip_list[0].ss;
1697 SAFE_FREE(ip_list);
1698 return true;
1699 }
1700
1701 SAFE_FREE(ip_list);
1702 return false;
1703 }
1704
1705 /********************************************************
1706 Get the IP address list of the primary domain controller
1707 for a domain.
1708 *********************************************************/
1709
1710 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1711 {
1712 struct ip_service *ip_list = NULL;
1713 int count = 0;
1714 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1715
1716 /* Look up #1B name */
1717
1718 if (lp_security() == SEC_ADS) {
1719 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1720 &count, "ads");
1721 }
1722
1723 if (!NT_STATUS_IS_OK(status) || count == 0) {
1724 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1725 &count,
1726 lp_name_resolve_order());
1727 if (!NT_STATUS_IS_OK(status)) {
1728 return false;
1729 }
1730 }
1731
1732 /* if we get more than 1 IP back we have to assume it is a
1733 multi-homed PDC and not a mess up */
1734
1735 if ( count > 1 ) {
1736 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1737 sort_service_list(ip_list, count);
1738 }
1739
1740 *pss = ip_list[0].ss;
1741 SAFE_FREE(ip_list);
1742 return true;
1743 }
1744
1745 /* Private enum type for lookups. */
1746
1747 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1748
1749 /********************************************************
1750 Get the IP address list of the domain controllers for
1751 a domain.
1752 *********************************************************/
1753
1754 static NTSTATUS get_dc_list(const char *domain,
1755 const char *sitename,
1756 struct ip_service **ip_list,
1757 int *count,
1758 enum dc_lookup_type lookup_type,
1759 bool *ordered)
1760 {
1761 char *resolve_order = NULL;
1762 char *saf_servername = NULL;
1763 char *pserver = NULL;
1764 const char *p;
1765 char *port_str = NULL;
1766 int port;
1767 char *name;
1768 int num_addresses = 0;
1769 int local_count, i, j;
1770 struct ip_service *return_iplist = NULL;
1771 struct ip_service *auto_ip_list = NULL;
1772 bool done_auto_lookup = false;
1773 int auto_count = 0;
1774 NTSTATUS status;
1775 TALLOC_CTX *ctx = talloc_init("get_dc_list");
1776
1777 *ip_list = NULL;
1778 *count = 0;
1779
1780 if (!ctx) {
1781 return NT_STATUS_NO_MEMORY;
1782 }
1783
1784 *ordered = False;
1785
1786 /* if we are restricted to solely using DNS for looking
1787 up a domain controller, make sure that host lookups
1788 are enabled for the 'name resolve order'. If host lookups
1789 are disabled and ads_only is True, then set the string to
1790 NULL. */
1791
1792 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1793 if (!resolve_order) {
1794 status = NT_STATUS_NO_MEMORY;
1795 goto out;
1796 }
1797 strlower_m(resolve_order);
1798 if (lookup_type == DC_ADS_ONLY) {
1799 if (strstr( resolve_order, "host")) {
1800 resolve_order = talloc_strdup(ctx, "ads");
1801
1802 /* DNS SRV lookups used by the ads resolver
1803 are already sorted by priority and weight */
1804 *ordered = true;
1805 } else {
1806 resolve_order = talloc_strdup(ctx, "NULL");
1807 }
1808 } else if (lookup_type == DC_KDC_ONLY) {
1809 /* DNS SRV lookups used by the ads/kdc resolver
1810 are already sorted by priority and weight */
1811 *ordered = true;
1812 resolve_order = talloc_strdup(ctx, "kdc");
1813 }
1814 if (!resolve_order) {
1815 status = NT_STATUS_NO_MEMORY;
1816 goto out;
1817 }
1818
1819 /* fetch the server we have affinity for. Add the
1820 'password server' list to a search for our domain controllers */
1821
1822 saf_servername = saf_fetch( domain);
1823
1824 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1825 pserver = talloc_asprintf(NULL, "%s, %s",
1826 saf_servername ? saf_servername : "",
1827 lp_passwordserver());
1828 } else {
1829 pserver = talloc_asprintf(NULL, "%s, *",
1830 saf_servername ? saf_servername : "");
1831 }
1832
1833 SAFE_FREE(saf_servername);
1834 if (!pserver) {
1835 status = NT_STATUS_NO_MEMORY;
1836 goto out;
1837 }
1838
1839 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1840
1841 if (!*pserver ) {
1842 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1843 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1844 count, resolve_order);
1845 goto out;
1846 }
1847
1848 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1849
1850 /*
1851 * if '*' appears in the "password server" list then add
1852 * an auto lookup to the list of manually configured
1853 * DC's. If any DC is listed by name, then the list should be
1854 * considered to be ordered
1855 */
1856
1857 p = pserver;
1858 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1859 if (!done_auto_lookup && strequal(name, "*")) {
1860 status = internal_resolve_name(domain, 0x1C, sitename,
1861 &auto_ip_list,
1862 &auto_count,
1863 resolve_order);
1864 if (NT_STATUS_IS_OK(status)) {
1865 num_addresses += auto_count;
1866 }
1867 done_auto_lookup = true;
1868 DEBUG(8,("Adding %d DC's from auto lookup\n",
1869 auto_count));
1870 } else {
1871 num_addresses++;
1872 }
1873 }
1874
1875 /* if we have no addresses and haven't done the auto lookup, then
1876 just return the list of DC's. Or maybe we just failed. */
1877
1878 if ((num_addresses == 0)) {
1879 if (done_auto_lookup) {
1880 DEBUG(4,("get_dc_list: no servers found\n"));
1881 status = NT_STATUS_NO_LOGON_SERVERS;
1882 goto out;
1883 }
1884 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1885 count, resolve_order);
1886 goto out;
1887 }
1888
1889 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1890 num_addresses)) == NULL) {
1891 DEBUG(3,("get_dc_list: malloc fail !\n"));
1892 status = NT_STATUS_NO_MEMORY;
1893 goto out;
1894 }
1895
1896 p = pserver;
1897 local_count = 0;
1898
1899 /* fill in the return list now with real IP's */
1900
1901 while ((local_count<num_addresses) &&
1902 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1903 struct sockaddr_storage name_ss;
1904
1905 /* copy any addersses from the auto lookup */
1906
1907 if (strequal(name, "*")) {
1908 for (j=0; j<auto_count; j++) {
1909 char addr[INET6_ADDRSTRLEN];
1910 print_sockaddr(addr,
1911 sizeof(addr),
1912 &auto_ip_list[j].ss);
1913 /* Check for and don't copy any
1914 * known bad DC IP's. */
1915 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1916 domain,
1917 addr))) {
1918 DEBUG(5,("get_dc_list: "
1919 "negative entry %s removed "
1920 "from DC list\n",
1921 addr));
1922 continue;
1923 }
1924 return_iplist[local_count].ss =
1925 auto_ip_list[j].ss;
1926 return_iplist[local_count].port =
1927 auto_ip_list[j].port;
1928 local_count++;
1929 }
1930 continue;
1931 }
1932
1933 /* added support for address:port syntax for ads
1934 * (not that I think anyone will ever run the LDAP
1935 * server in an AD domain on something other than
1936 * port 389 */
1937
1938 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1939 if ((port_str=strchr(name, ':')) != NULL) {
1940 *port_str = '\0';
1941 port_str++;
1942 port = atoi(port_str);
1943 }
1944
1945 /* explicit lookup; resolve_name() will
1946 * handle names & IP addresses */
1947 if (resolve_name( name, &name_ss, 0x20, true )) {
1948 char addr[INET6_ADDRSTRLEN];
1949 print_sockaddr(addr,
1950 sizeof(addr),
1951 &name_ss);
1952
1953 /* Check for and don't copy any known bad DC IP's. */
1954 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1955 addr)) ) {
1956 DEBUG(5,("get_dc_list: negative entry %s "
1957 "removed from DC list\n",
1958 name ));
1959 continue;
1960 }
1961
1962 return_iplist[local_count].ss = name_ss;
1963 return_iplist[local_count].port = port;
1964 local_count++;
1965 *ordered = true;
1966 }
1967 }
1968
1969 /* need to remove duplicates in the list if we have any
1970 explicit password servers */
1971
1972 if (local_count) {
1973 local_count = remove_duplicate_addrs2(return_iplist,
1974 local_count );
1975 }
1976
1977 /* For DC's we always prioritize IPv4 due to W2K3 not
1978 * supporting LDAP, KRB5 or CLDAP over IPv6. */
1979
1980 if (local_count && return_iplist) {
1981 prioritize_ipv4_list(return_iplist, local_count);
1982 }
1983
1984 if ( DEBUGLEVEL >= 4 ) {
1985 DEBUG(4,("get_dc_list: returning %d ip addresses "
1986 "in an %sordered list\n",
1987 local_count,
1988 *ordered ? "":"un"));
1989 DEBUG(4,("get_dc_list: "));
1990 for ( i=0; i<local_count; i++ ) {
1991 char addr[INET6_ADDRSTRLEN];
1992 print_sockaddr(addr,
1993 sizeof(addr),
1994 &return_iplist[i].ss);
1995 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
1996 }
1997 DEBUGADD(4,("\n"));
1998 }
1999
2000 *ip_list = return_iplist;
2001 *count = local_count;
2002
2003 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2004
2005 out:
2006
2007 if (!NT_STATUS_IS_OK(status)) {
2008 SAFE_FREE(return_iplist);
2009 *ip_list = NULL;
2010 *count = 0;
2011 }
2012
2013 SAFE_FREE(auto_ip_list);
2014 TALLOC_FREE(ctx);
2015 return status;
2016 }
2017
2018 /*********************************************************************
2019 Small wrapper function to get the DC list and sort it if neccessary.
2020 *********************************************************************/
2021
2022 NTSTATUS get_sorted_dc_list( const char *domain,
2023 const char *sitename,
2024 struct ip_service **ip_list,
2025 int *count,
2026 bool ads_only )
2027 {
2028 bool ordered = false;
2029 NTSTATUS status;
2030 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2031
2032 *ip_list = NULL;
2033 *count = 0;
2034
2035 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2036 "for name %s (sitename %s) using [%s]\n",
2037 domain,
2038 sitename ? sitename : "NULL",
2039 (ads_only ? "ads" : lp_name_resolve_order())));
2040
2041 if (ads_only) {
2042 lookup_type = DC_ADS_ONLY;
2043 }
2044
2045 status = get_dc_list(domain, sitename, ip_list,
2046 count, lookup_type, &ordered);
2047 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2048 && sitename) {
2049 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2050 " in site %s, fallback to all servers\n",
2051 domain, sitename));
2052 status = get_dc_list(domain, NULL, ip_list,
2053 count, lookup_type, &ordered);
2054 }
2055
2056 if (!NT_STATUS_IS_OK(status)) {
2057 SAFE_FREE(*ip_list);
2058 *count = 0;
2059 return status;
2060 }
2061
2062 /* only sort if we don't already have an ordered list */
2063 if (!ordered) {
2064 sort_service_list(*ip_list, *count);
2065 }
2066
2067 return NT_STATUS_OK;
2068 }
2069
2070 /*********************************************************************
2071 Get the KDC list - re-use all the logic in get_dc_list.
2072 *********************************************************************/
2073
2074 NTSTATUS get_kdc_list( const char *realm,
2075 const char *sitename,
2076 struct ip_service **ip_list,
2077 int *count)
2078 {
2079 bool ordered;
2080 NTSTATUS status;
2081
2082 *count = 0;
2083 *ip_list = NULL;
2084
2085 status = get_dc_list(realm, sitename, ip_list,
2086 count, DC_KDC_ONLY, &ordered);
2087
2088 if (!NT_STATUS_IS_OK(status)) {
2089 SAFE_FREE(*ip_list);
2090 *count = 0;
2091 return status;
2092 }
2093
2094 /* only sort if we don't already have an ordered list */
2095 if ( !ordered ) {
2096 sort_service_list(*ip_list, *count);
2097 }
2098
2099 return NT_STATUS_OK;
2100 }