2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* nmbd.c sets this to True. */
24 bool global_in_nmbd
= False
;
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
37 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
38 #define SAFJOIN_TTL 3600
40 static char *saf_key(const char *domain
)
44 asprintf_strupper_m(&keystr
, SAFKEY_FMT
, domain
);
49 static char *saf_join_key(const char *domain
)
53 asprintf_strupper_m(&keystr
, SAFJOINKEY_FMT
, domain
);
58 /****************************************************************************
59 ****************************************************************************/
61 bool saf_store( const char *domain
, const char *servername
)
67 if ( !domain
|| !servername
) {
68 DEBUG(2,("saf_store: "
69 "Refusing to store empty domain or servername!\n"));
73 if ( (strlen(domain
) == 0) || (strlen(servername
) == 0) ) {
74 DEBUG(0,("saf_store: "
75 "refusing to store 0 length domain or servername!\n"));
79 key
= saf_key( domain
);
80 expire
= time( NULL
) + lp_parm_int(-1, "saf","ttl", SAF_TTL
);
82 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
83 domain
, servername
, (unsigned int)expire
));
85 ret
= gencache_set( key
, servername
, expire
);
92 bool saf_join_store( const char *domain
, const char *servername
)
98 if ( !domain
|| !servername
) {
99 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
103 if ( (strlen(domain
) == 0) || (strlen(servername
) == 0) ) {
104 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
108 key
= saf_join_key( domain
);
109 expire
= time( NULL
) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL
);
111 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
112 domain
, servername
, (unsigned int)expire
));
114 ret
= gencache_set( key
, servername
, expire
);
121 bool saf_delete( const char *domain
)
127 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
131 key
= saf_join_key(domain
);
132 ret
= gencache_del(key
);
136 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain
));
139 key
= saf_key(domain
);
140 ret
= gencache_del(key
);
144 DEBUG(10,("saf_delete: domain = [%s]\n", domain
));
150 /****************************************************************************
151 ****************************************************************************/
153 char *saf_fetch( const char *domain
)
160 if ( !domain
|| strlen(domain
) == 0) {
161 DEBUG(2,("saf_fetch: Empty domain name!\n"));
165 key
= saf_join_key( domain
);
167 ret
= gencache_get( key
, &server
, &timeout
);
172 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
177 key
= saf_key( domain
);
179 ret
= gencache_get( key
, &server
, &timeout
);
184 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
187 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
194 /****************************************************************************
195 Generate a random trn_id.
196 ****************************************************************************/
198 static int generate_trn_id(void)
202 generate_random_buffer((uint8
*)&id
, sizeof(id
));
204 return id
% (unsigned)0x7FFF;
207 /****************************************************************************
208 Parse a node status response into an array of structures.
209 ****************************************************************************/
211 static NODE_STATUS_STRUCT
*parse_node_status(char *p
,
213 struct node_status_extra
*extra
)
215 NODE_STATUS_STRUCT
*ret
;
218 *num_names
= CVAL(p
,0);
223 ret
= SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT
,*num_names
);
228 for (i
=0;i
< *num_names
;i
++) {
229 StrnCpy(ret
[i
].name
,p
,15);
230 trim_char(ret
[i
].name
,'\0',' ');
231 ret
[i
].type
= CVAL(p
,15);
232 ret
[i
].flags
= p
[16];
234 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret
[i
].name
,
235 ret
[i
].type
, ret
[i
].flags
));
238 * Also, pick up the MAC address ...
241 memcpy(&extra
->mac_addr
, p
, 6); /* Fill in the mac addr */
247 /****************************************************************************
248 Do a NBT node status query on an open socket and return an array of
249 structures holding the returned names or NULL if the query failed.
250 **************************************************************************/
252 NODE_STATUS_STRUCT
*node_status_query(int fd
,
253 struct nmb_name
*name
,
254 const struct sockaddr_storage
*to_ss
,
256 struct node_status_extra
*extra
)
260 int retry_time
= 2000;
262 struct packet_struct p
;
263 struct packet_struct
*p2
;
264 struct nmb_packet
*nmb
= &p
.packet
.nmb
;
265 NODE_STATUS_STRUCT
*ret
;
269 if (to_ss
->ss_family
!= AF_INET
) {
270 /* Can't do node status to IPv6 */
273 nmb
->header
.name_trn_id
= generate_trn_id();
274 nmb
->header
.opcode
= 0;
275 nmb
->header
.response
= false;
276 nmb
->header
.nm_flags
.bcast
= false;
277 nmb
->header
.nm_flags
.recursion_available
= false;
278 nmb
->header
.nm_flags
.recursion_desired
= false;
279 nmb
->header
.nm_flags
.trunc
= false;
280 nmb
->header
.nm_flags
.authoritative
= false;
281 nmb
->header
.rcode
= 0;
282 nmb
->header
.qdcount
= 1;
283 nmb
->header
.ancount
= 0;
284 nmb
->header
.nscount
= 0;
285 nmb
->header
.arcount
= 0;
286 nmb
->question
.question_name
= *name
;
287 nmb
->question
.question_type
= 0x21;
288 nmb
->question
.question_class
= 0x1;
290 p
.ip
= ((const struct sockaddr_in
*)to_ss
)->sin_addr
;
293 p
.timestamp
= time(NULL
);
294 p
.packet_type
= NMB_PACKET
;
298 if (!send_packet(&p
))
304 struct timeval tval2
;
305 GetTimeOfDay(&tval2
);
306 if (TvalDiff(&tval
,&tval2
) > retry_time
) {
309 if (!found
&& !send_packet(&p
))
315 if ((p2
=receive_nmb_packet(fd
,90,nmb
->header
.name_trn_id
))) {
316 struct nmb_packet
*nmb2
= &p2
->packet
.nmb
;
317 debug_nmb_packet(p2
);
319 if (nmb2
->header
.opcode
!= 0 ||
320 nmb2
->header
.nm_flags
.bcast
||
321 nmb2
->header
.rcode
||
322 !nmb2
->header
.ancount
||
323 nmb2
->answers
->rr_type
!= 0x21) {
324 /* XXXX what do we do with this? could be a
325 redirect, but we'll discard it for the
331 ret
= parse_node_status(&nmb2
->answers
->rdata
[0],
341 /****************************************************************************
342 Find the first type XX name in a node status reply - used for finding
343 a servers name given its IP. Return the matched name in *name.
344 **************************************************************************/
346 bool name_status_find(const char *q_name
,
349 const struct sockaddr_storage
*to_ss
,
352 char addr
[INET6_ADDRSTRLEN
];
353 struct sockaddr_storage ss
;
354 NODE_STATUS_STRUCT
*status
= NULL
;
355 struct nmb_name nname
;
360 if (lp_disable_netbios()) {
361 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
366 print_sockaddr(addr
, sizeof(addr
), to_ss
);
368 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name
,
371 /* Check the cache first. */
373 if (namecache_status_fetch(q_name
, q_type
, type
, to_ss
, name
)) {
377 if (to_ss
->ss_family
!= AF_INET
) {
378 /* Can't do node status to IPv6 */
382 if (!interpret_string_addr(&ss
, lp_socket_address(),
383 AI_NUMERICHOST
|AI_PASSIVE
)) {
387 sock
= open_socket_in(SOCK_DGRAM
, 0, 3, &ss
, True
);
391 /* W2K PDC's seem not to respond to '*'#0. JRA */
392 make_nmb_name(&nname
, q_name
, q_type
);
393 status
= node_status_query(sock
, &nname
, to_ss
, &count
, NULL
);
398 for (i
=0;i
<count
;i
++) {
399 /* Find first one of the requested type that's not a GROUP. */
400 if (status
[i
].type
== type
&& ! (status
[i
].flags
& 0x80))
406 pull_ascii_nstring(name
, sizeof(fstring
), status
[i
].name
);
408 /* Store the result in the cache. */
409 /* but don't store an entry for 0x1c names here. Here we have
410 a single host and DOMAIN<0x1c> names should be a list of hosts */
412 if ( q_type
!= 0x1c ) {
413 namecache_status_store(q_name
, q_type
, type
, to_ss
, name
);
421 DEBUG(10, ("name_status_find: name %sfound", result
? "" : "not "));
424 DEBUGADD(10, (", name %s ip address is %s", name
, addr
));
432 comparison function used by sort_addr_list
435 static int addr_compare(const struct sockaddr
*ss1
,
436 const struct sockaddr
*ss2
)
438 int max_bits1
=0, max_bits2
=0;
439 int num_interfaces
= iface_count();
442 /* Sort IPv4 addresses first. */
443 if (ss1
->sa_family
!= ss2
->sa_family
) {
444 if (ss2
->sa_family
== AF_INET
) {
451 /* Here we know both addresses are of the same
454 for (i
=0;i
<num_interfaces
;i
++) {
455 const struct sockaddr_storage
*pss
= iface_n_bcast(i
);
456 unsigned char *p_ss1
= NULL
;
457 unsigned char *p_ss2
= NULL
;
458 unsigned char *p_if
= NULL
;
462 if (pss
->ss_family
!= ss1
->sa_family
) {
463 /* Ignore interfaces of the wrong type. */
466 if (pss
->ss_family
== AF_INET
) {
467 p_if
= (unsigned char *)
468 &((const struct sockaddr_in
*)pss
)->sin_addr
;
469 p_ss1
= (unsigned char *)
470 &((const struct sockaddr_in
*)ss1
)->sin_addr
;
471 p_ss2
= (unsigned char *)
472 &((const struct sockaddr_in
*)ss2
)->sin_addr
;
475 #if defined(HAVE_IPV6)
476 if (pss
->ss_family
== AF_INET6
) {
477 p_if
= (unsigned char *)
478 &((const struct sockaddr_in6
*)pss
)->sin6_addr
;
479 p_ss1
= (unsigned char *)
480 &((const struct sockaddr_in6
*)ss1
)->sin6_addr
;
481 p_ss2
= (unsigned char *)
482 &((const struct sockaddr_in6
*)ss2
)->sin6_addr
;
486 if (!p_ss1
|| !p_ss2
|| !p_if
|| len
== 0) {
489 bits1
= matching_len_bits(p_ss1
, p_if
, len
);
490 bits2
= matching_len_bits(p_ss2
, p_if
, len
);
491 max_bits1
= MAX(bits1
, max_bits1
);
492 max_bits2
= MAX(bits2
, max_bits2
);
495 /* Bias towards directly reachable IPs */
496 if (iface_local(ss1
)) {
497 if (ss1
->sa_family
== AF_INET
) {
503 if (iface_local(ss2
)) {
504 if (ss2
->sa_family
== AF_INET
) {
510 return max_bits2
- max_bits1
;
513 /*******************************************************************
514 compare 2 ldap IPs by nearness to our interfaces - used in qsort
515 *******************************************************************/
517 int ip_service_compare(struct ip_service
*ss1
, struct ip_service
*ss2
)
521 if ((result
= addr_compare((struct sockaddr
*)&ss1
->ss
, (struct sockaddr
*)&ss2
->ss
)) != 0) {
525 if (ss1
->port
> ss2
->port
) {
529 if (ss1
->port
< ss2
->port
) {
537 sort an IP list so that names that are close to one of our interfaces
538 are at the top. This prevents the problem where a WINS server returns an IP
539 that is not reachable from our subnet as the first match
542 static void sort_addr_list(struct sockaddr_storage
*sslist
, int count
)
548 qsort(sslist
, count
, sizeof(struct sockaddr_storage
),
549 QSORT_CAST addr_compare
);
552 static void sort_service_list(struct ip_service
*servlist
, int count
)
558 qsort(servlist
, count
, sizeof(struct ip_service
),
559 QSORT_CAST ip_service_compare
);
562 /**********************************************************************
563 Remove any duplicate address/port pairs in the list
564 *********************************************************************/
566 static int remove_duplicate_addrs2(struct ip_service
*iplist
, int count
)
570 DEBUG(10,("remove_duplicate_addrs2: "
571 "looking for duplicate address/port pairs\n"));
573 /* one loop to remove duplicates */
574 for ( i
=0; i
<count
; i
++ ) {
575 if ( is_zero_addr((struct sockaddr
*)&iplist
[i
].ss
)) {
579 for ( j
=i
+1; j
<count
; j
++ ) {
580 if (sockaddr_equal((struct sockaddr
*)&iplist
[i
].ss
, (struct sockaddr
*)&iplist
[j
].ss
) &&
581 iplist
[i
].port
== iplist
[j
].port
) {
582 zero_sockaddr(&iplist
[j
].ss
);
587 /* one loop to clean up any holes we left */
588 /* first ip should never be a zero_ip() */
589 for (i
= 0; i
<count
; ) {
590 if (is_zero_addr((struct sockaddr
*)&iplist
[i
].ss
) ) {
592 memmove(&iplist
[i
], &iplist
[i
+1],
593 (count
- i
- 1)*sizeof(iplist
[i
]));
604 static bool prioritize_ipv4_list(struct ip_service
*iplist
, int count
)
606 TALLOC_CTX
*frame
= talloc_stackframe();
607 struct ip_service
*iplist_new
= TALLOC_ARRAY(frame
, struct ip_service
, count
);
610 if (iplist_new
== NULL
) {
617 /* Copy IPv4 first. */
618 for (i
= 0; i
< count
; i
++) {
619 if (iplist
[i
].ss
.ss_family
== AF_INET
) {
620 iplist_new
[j
++] = iplist
[i
];
625 for (i
= 0; i
< count
; i
++) {
626 if (iplist
[i
].ss
.ss_family
!= AF_INET
) {
627 iplist_new
[j
++] = iplist
[i
];
631 memcpy(iplist
, iplist_new
, sizeof(struct ip_service
)*count
);
636 /****************************************************************************
637 Do a netbios name query to find someones IP.
638 Returns an array of IP addresses or NULL if none.
639 *count will be set to the number of addresses returned.
640 *timed_out is set if we failed by timing out
641 ****************************************************************************/
643 struct sockaddr_storage
*name_query(int fd
,
648 const struct sockaddr_storage
*to_ss
,
655 int retry_time
= bcast
?250:2000;
657 struct packet_struct p
;
658 struct packet_struct
*p2
;
659 struct nmb_packet
*nmb
= &p
.packet
.nmb
;
660 struct sockaddr_storage
*ss_list
= NULL
;
662 if (lp_disable_netbios()) {
663 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
668 if (to_ss
->ss_family
!= AF_INET
) {
676 memset((char *)&p
,'\0',sizeof(p
));
680 nmb
->header
.name_trn_id
= generate_trn_id();
681 nmb
->header
.opcode
= 0;
682 nmb
->header
.response
= false;
683 nmb
->header
.nm_flags
.bcast
= bcast
;
684 nmb
->header
.nm_flags
.recursion_available
= false;
685 nmb
->header
.nm_flags
.recursion_desired
= recurse
;
686 nmb
->header
.nm_flags
.trunc
= false;
687 nmb
->header
.nm_flags
.authoritative
= false;
688 nmb
->header
.rcode
= 0;
689 nmb
->header
.qdcount
= 1;
690 nmb
->header
.ancount
= 0;
691 nmb
->header
.nscount
= 0;
692 nmb
->header
.arcount
= 0;
694 make_nmb_name(&nmb
->question
.question_name
,name
,name_type
);
696 nmb
->question
.question_type
= 0x20;
697 nmb
->question
.question_class
= 0x1;
699 p
.ip
= ((struct sockaddr_in
*)to_ss
)->sin_addr
;
702 p
.timestamp
= time(NULL
);
703 p
.packet_type
= NMB_PACKET
;
707 if (!send_packet(&p
))
713 struct timeval tval2
;
715 GetTimeOfDay(&tval2
);
716 if (TvalDiff(&tval
,&tval2
) > retry_time
) {
719 if (!found
&& !send_packet(&p
))
725 if ((p2
=receive_nmb_packet(fd
,90,nmb
->header
.name_trn_id
))) {
726 struct nmb_packet
*nmb2
= &p2
->packet
.nmb
;
727 debug_nmb_packet(p2
);
729 /* If we get a Negative Name Query Response from a WINS
730 * server, we should report it and give up.
732 if( 0 == nmb2
->header
.opcode
/* A query response */
733 && !(bcast
) /* from a WINS server */
734 && nmb2
->header
.rcode
/* Error returned */
737 if( DEBUGLVL( 3 ) ) {
738 /* Only executed if DEBUGLEVEL >= 3 */
739 dbgtext( "Negative name query "
740 "response, rcode 0x%02x: ",
741 nmb2
->header
.rcode
);
742 switch( nmb2
->header
.rcode
) {
745 "was invalidly formatted.\n" );
748 dbgtext( "Problem with NBNS, "
749 "cannot process name.\n");
752 dbgtext( "The name requested "
753 "does not exist.\n" );
756 dbgtext( "Unsupported request "
760 dbgtext( "Query refused "
764 dbgtext( "Unrecognized error "
773 if (nmb2
->header
.opcode
!= 0 ||
774 nmb2
->header
.nm_flags
.bcast
||
775 nmb2
->header
.rcode
||
776 !nmb2
->header
.ancount
) {
778 * XXXX what do we do with this? Could be a
779 * redirect, but we'll discard it for the
786 ss_list
= SMB_REALLOC_ARRAY(ss_list
,
787 struct sockaddr_storage
,
789 nmb2
->answers
->rdlength
/6);
792 DEBUG(0,("name_query: Realloc failed.\n"));
797 DEBUG(2,("Got a positive name query response "
801 for (i
=0;i
<nmb2
->answers
->rdlength
/6;i
++) {
803 putip((char *)&ip
,&nmb2
->answers
->rdata
[2+i
*6]);
804 in_addr_to_sockaddr_storage(&ss_list
[(*count
)],
806 DEBUGADD(2,("%s ",inet_ntoa(ip
)));
813 /* We add the flags back ... */
814 if (nmb2
->header
.response
)
815 (*flags
) |= NM_FLAGS_RS
;
816 if (nmb2
->header
.nm_flags
.authoritative
)
817 (*flags
) |= NM_FLAGS_AA
;
818 if (nmb2
->header
.nm_flags
.trunc
)
819 (*flags
) |= NM_FLAGS_TC
;
820 if (nmb2
->header
.nm_flags
.recursion_desired
)
821 (*flags
) |= NM_FLAGS_RD
;
822 if (nmb2
->header
.nm_flags
.recursion_available
)
823 (*flags
) |= NM_FLAGS_RA
;
824 if (nmb2
->header
.nm_flags
.bcast
)
825 (*flags
) |= NM_FLAGS_B
;
828 * If we're doing a unicast lookup we only
829 * expect one reply. Don't wait the full 2
830 * seconds if we got one. JRA.
837 /* only set timed_out if we didn't fund what we where looking for*/
839 if ( !found
&& timed_out
) {
843 /* sort the ip list so we choose close servers first if possible */
844 sort_addr_list(ss_list
, *count
);
849 /********************************************************
850 convert an array if struct sockaddr_storage to struct ip_service
851 return false on failure. Port is set to PORT_NONE;
852 *********************************************************/
854 static bool convert_ss2service(struct ip_service
**return_iplist
,
855 const struct sockaddr_storage
*ss_list
,
860 if ( count
==0 || !ss_list
)
863 /* copy the ip address; port will be PORT_NONE */
864 if ((*return_iplist
= SMB_MALLOC_ARRAY(struct ip_service
, count
)) ==
866 DEBUG(0,("convert_ip2service: malloc failed "
867 "for %d enetries!\n", count
));
871 for ( i
=0; i
<count
; i
++ ) {
872 (*return_iplist
)[i
].ss
= ss_list
[i
];
873 (*return_iplist
)[i
].port
= PORT_NONE
;
879 /********************************************************
880 Resolve via "bcast" method.
881 *********************************************************/
883 NTSTATUS
name_resolve_bcast(const char *name
,
885 struct ip_service
**return_iplist
,
889 int num_interfaces
= iface_count();
890 struct sockaddr_storage
*ss_list
;
891 struct sockaddr_storage ss
;
894 if (lp_disable_netbios()) {
895 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
897 return NT_STATUS_INVALID_PARAMETER
;
900 *return_iplist
= NULL
;
904 * "bcast" means do a broadcast lookup on all the local interfaces.
907 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
908 "for name %s<0x%x>\n", name
, name_type
));
910 if (!interpret_string_addr(&ss
, lp_socket_address(),
911 AI_NUMERICHOST
|AI_PASSIVE
)) {
915 sock
= open_socket_in( SOCK_DGRAM
, 0, 3, &ss
, true );
917 return NT_STATUS_UNSUCCESSFUL
;
920 set_socket_options(sock
,"SO_BROADCAST");
922 * Lookup the name on all the interfaces, return on
923 * the first successful match.
925 for( i
= num_interfaces
-1; i
>= 0; i
--) {
926 const struct sockaddr_storage
*pss
= iface_n_bcast(i
);
929 /* Done this way to fix compiler error on IRIX 5.x */
933 ss_list
= name_query(sock
, name
, name_type
, true,
934 true, pss
, return_count
, &flags
, NULL
);
940 /* failed - no response */
943 return NT_STATUS_UNSUCCESSFUL
;
947 status
= NT_STATUS_OK
;
948 if (!convert_ss2service(return_iplist
, ss_list
, *return_count
) )
949 status
= NT_STATUS_INVALID_PARAMETER
;
956 /********************************************************
957 Resolve via "wins" method.
958 *********************************************************/
960 NTSTATUS
resolve_wins(const char *name
,
962 struct ip_service
**return_iplist
,
967 struct sockaddr_storage src_ss
, *ss_list
= NULL
;
968 struct in_addr src_ip
;
971 if (lp_disable_netbios()) {
972 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
974 return NT_STATUS_INVALID_PARAMETER
;
977 *return_iplist
= NULL
;
980 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
983 if (wins_srv_count() < 1) {
984 DEBUG(3,("resolve_wins: WINS server resolution selected "
985 "and no WINS servers listed.\n"));
986 return NT_STATUS_INVALID_PARAMETER
;
989 /* we try a lookup on each of the WINS tags in turn */
990 wins_tags
= wins_srv_tags();
993 /* huh? no tags?? give up in disgust */
994 return NT_STATUS_INVALID_PARAMETER
;
997 /* the address we will be sending from */
998 if (!interpret_string_addr(&src_ss
, lp_socket_address(),
999 AI_NUMERICHOST
|AI_PASSIVE
)) {
1000 zero_sockaddr(&src_ss
);
1003 if (src_ss
.ss_family
!= AF_INET
) {
1004 char addr
[INET6_ADDRSTRLEN
];
1005 print_sockaddr(addr
, sizeof(addr
), &src_ss
);
1006 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1007 "on IPv6 address %s\n",
1009 wins_srv_tags_free(wins_tags
);
1010 return NT_STATUS_INVALID_PARAMETER
;
1013 src_ip
= ((struct sockaddr_in
*)&src_ss
)->sin_addr
;
1015 /* in the worst case we will try every wins server with every
1017 for (t
=0; wins_tags
&& wins_tags
[t
]; t
++) {
1018 int srv_count
= wins_srv_count_tag(wins_tags
[t
]);
1019 for (i
=0; i
<srv_count
; i
++) {
1020 struct sockaddr_storage wins_ss
;
1021 struct in_addr wins_ip
;
1025 wins_ip
= wins_srv_ip_tag(wins_tags
[t
], src_ip
);
1027 if (global_in_nmbd
&& ismyip_v4(wins_ip
)) {
1028 /* yikes! we'll loop forever */
1032 /* skip any that have been unresponsive lately */
1033 if (wins_srv_is_dead(wins_ip
, src_ip
)) {
1037 DEBUG(3,("resolve_wins: using WINS server %s "
1039 inet_ntoa(wins_ip
), wins_tags
[t
]));
1041 sock
= open_socket_in(SOCK_DGRAM
, 0, 3, &src_ss
, true);
1046 in_addr_to_sockaddr_storage(&wins_ss
, wins_ip
);
1047 ss_list
= name_query(sock
,
1057 /* exit loop if we got a list of addresses */
1065 /* Timed out wating for WINS server to respond.
1067 wins_srv_died(wins_ip
, src_ip
);
1069 /* The name definately isn't in this
1070 group of WINS servers.
1071 goto the next group */
1077 wins_srv_tags_free(wins_tags
);
1078 return NT_STATUS_NO_LOGON_SERVERS
;
1082 status
= NT_STATUS_OK
;
1083 if (!convert_ss2service(return_iplist
, ss_list
, *return_count
))
1084 status
= NT_STATUS_INVALID_PARAMETER
;
1087 wins_srv_tags_free(wins_tags
);
1093 /********************************************************
1094 Resolve via "lmhosts" method.
1095 *********************************************************/
1097 static NTSTATUS
resolve_lmhosts(const char *name
, int name_type
,
1098 struct ip_service
**return_iplist
,
1102 * "lmhosts" means parse the local lmhosts file.
1104 struct sockaddr_storage
*ss_list
;
1105 NTSTATUS status
= NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
;
1106 TALLOC_CTX
*ctx
= NULL
;
1108 *return_iplist
= NULL
;
1111 DEBUG(3,("resolve_lmhosts: "
1112 "Attempting lmhosts lookup for name %s<0x%x>\n",
1115 ctx
= talloc_init("resolve_lmhosts");
1117 return NT_STATUS_NO_MEMORY
;
1120 status
= resolve_lmhosts_file_as_sockaddr(get_dyn_LMHOSTSFILE(),
1125 if (NT_STATUS_IS_OK(status
)) {
1126 if (convert_ss2service(return_iplist
,
1130 return NT_STATUS_OK
;
1133 return NT_STATUS_NO_MEMORY
;
1141 /********************************************************
1142 Resolve via "hosts" method.
1143 *********************************************************/
1145 static NTSTATUS
resolve_hosts(const char *name
, int name_type
,
1146 struct ip_service
**return_iplist
,
1150 * "host" means do a localhost, or dns lookup.
1152 struct addrinfo hints
;
1153 struct addrinfo
*ailist
= NULL
;
1154 struct addrinfo
*res
= NULL
;
1158 if ( name_type
!= 0x20 && name_type
!= 0x0) {
1159 DEBUG(5, ("resolve_hosts: not appropriate "
1160 "for name type <0x%x>\n",
1162 return NT_STATUS_INVALID_PARAMETER
;
1165 *return_iplist
= NULL
;
1168 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1172 /* By default make sure it supports TCP. */
1173 hints
.ai_socktype
= SOCK_STREAM
;
1174 hints
.ai_flags
= AI_ADDRCONFIG
;
1176 #if !defined(HAVE_IPV6)
1177 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1178 hints
.ai_family
= AF_INET
;
1181 ret
= getaddrinfo(name
,
1186 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1188 gai_strerror(ret
) ));
1191 for (res
= ailist
; res
; res
= res
->ai_next
) {
1192 struct sockaddr_storage ss
;
1194 if (!res
->ai_addr
|| res
->ai_addrlen
== 0) {
1199 memcpy(&ss
, res
->ai_addr
, res
->ai_addrlen
);
1203 *return_iplist
= SMB_REALLOC_ARRAY(*return_iplist
,
1206 if (!*return_iplist
) {
1207 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1208 freeaddrinfo(ailist
);
1209 return NT_STATUS_NO_MEMORY
;
1211 (*return_iplist
)[i
].ss
= ss
;
1212 (*return_iplist
)[i
].port
= PORT_NONE
;
1216 freeaddrinfo(ailist
);
1218 if (*return_count
) {
1219 return NT_STATUS_OK
;
1221 return NT_STATUS_UNSUCCESSFUL
;
1224 /********************************************************
1225 Resolve via "ADS" method.
1226 *********************************************************/
1228 static NTSTATUS
resolve_ads(const char *name
,
1230 const char *sitename
,
1231 struct ip_service
**return_iplist
,
1237 struct dns_rr_srv
*dcs
= NULL
;
1241 if ((name_type
!= 0x1c) && (name_type
!= KDC_NAME_TYPE
) &&
1242 (name_type
!= 0x1b)) {
1243 return NT_STATUS_INVALID_PARAMETER
;
1246 if ( (ctx
= talloc_init("resolve_ads")) == NULL
) {
1247 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1248 return NT_STATUS_NO_MEMORY
;
1251 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1253 switch (name_type
) {
1255 DEBUG(5,("resolve_ads: Attempting to resolve "
1256 "PDC for %s using DNS\n", name
));
1257 status
= ads_dns_query_pdc(ctx
, name
, &dcs
, &numdcs
);
1261 DEBUG(5,("resolve_ads: Attempting to resolve "
1262 "DCs for %s using DNS\n", name
));
1263 status
= ads_dns_query_dcs(ctx
, name
, sitename
, &dcs
,
1267 DEBUG(5,("resolve_ads: Attempting to resolve "
1268 "KDCs for %s using DNS\n", name
));
1269 status
= ads_dns_query_kdcs(ctx
, name
, sitename
, &dcs
,
1273 status
= NT_STATUS_INVALID_PARAMETER
;
1277 if ( !NT_STATUS_IS_OK( status
) ) {
1278 talloc_destroy(ctx
);
1282 for (i
=0;i
<numdcs
;i
++) {
1283 numaddrs
+= MAX(dcs
[i
].num_ips
,1);
1286 if ((*return_iplist
= SMB_MALLOC_ARRAY(struct ip_service
, numaddrs
)) ==
1288 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1290 talloc_destroy(ctx
);
1291 return NT_STATUS_NO_MEMORY
;
1294 /* now unroll the list of IP addresses */
1299 while ( i
< numdcs
&& (*return_count
<numaddrs
) ) {
1300 struct ip_service
*r
= &(*return_iplist
)[*return_count
];
1302 r
->port
= dcs
[i
].port
;
1304 /* If we don't have an IP list for a name, lookup it up */
1307 interpret_string_addr(&r
->ss
, dcs
[i
].hostname
, 0);
1311 /* use the IP addresses from the SRV sresponse */
1313 if ( j
>= dcs
[i
].num_ips
) {
1319 r
->ss
= dcs
[i
].ss_s
[j
];
1323 /* make sure it is a valid IP. I considered checking the
1324 * negative connection cache, but this is the wrong place
1325 * for it. Maybe only as a hack. After think about it, if
1326 * all of the IP addresses returned from DNS are dead, what
1327 * hope does a netbios name lookup have ? The standard reason
1328 * for falling back to netbios lookups is that our DNS server
1329 * doesn't know anything about the DC's -- jerry */
1331 if (!is_zero_addr((struct sockaddr
*)&r
->ss
)) {
1336 talloc_destroy(ctx
);
1337 return NT_STATUS_OK
;
1340 /*******************************************************************
1341 Internal interface to resolve a name into an IP address.
1342 Use this function if the string is either an IP address, DNS
1343 or host name or NetBIOS name. This uses the name switch in the
1344 smb.conf to determine the order of name resolution.
1346 Added support for ip addr/port to support ADS ldap servers.
1347 the only place we currently care about the port is in the
1348 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1349 **********************************************************************/
1351 NTSTATUS
internal_resolve_name(const char *name
,
1353 const char *sitename
,
1354 struct ip_service
**return_iplist
,
1356 const char *resolve_order
)
1360 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
1362 TALLOC_CTX
*frame
= NULL
;
1364 *return_iplist
= NULL
;
1367 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1368 name
, name_type
, sitename
? sitename
: "(null)"));
1370 if (is_ipaddress(name
)) {
1371 if ((*return_iplist
= SMB_MALLOC_P(struct ip_service
)) ==
1373 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1374 return NT_STATUS_NO_MEMORY
;
1377 /* ignore the port here */
1378 (*return_iplist
)->port
= PORT_NONE
;
1380 /* if it's in the form of an IP address then get the lib to interpret it */
1381 if (!interpret_string_addr(&(*return_iplist
)->ss
,
1382 name
, AI_NUMERICHOST
)) {
1383 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1386 SAFE_FREE(*return_iplist
);
1387 return NT_STATUS_INVALID_PARAMETER
;
1390 return NT_STATUS_OK
;
1393 /* Check name cache */
1395 if (namecache_fetch(name
, name_type
, return_iplist
, return_count
)) {
1396 /* This could be a negative response */
1397 if (*return_count
> 0) {
1398 return NT_STATUS_OK
;
1400 return NT_STATUS_UNSUCCESSFUL
;
1404 /* set the name resolution order */
1406 if (strcmp( resolve_order
, "NULL") == 0) {
1407 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1408 return NT_STATUS_INVALID_PARAMETER
;
1411 if (!resolve_order
[0]) {
1414 ptr
= resolve_order
;
1417 /* iterate through the name resolution backends */
1419 frame
= talloc_stackframe();
1420 while (next_token_talloc(frame
, &ptr
, &tok
, LIST_SEP
)) {
1421 if((strequal(tok
, "host") || strequal(tok
, "hosts"))) {
1422 status
= resolve_hosts(name
, name_type
, return_iplist
,
1424 if (NT_STATUS_IS_OK(status
)) {
1427 } else if(strequal( tok
, "kdc")) {
1428 /* deal with KDC_NAME_TYPE names here.
1429 * This will result in a SRV record lookup */
1430 status
= resolve_ads(name
, KDC_NAME_TYPE
, sitename
,
1431 return_iplist
, return_count
);
1432 if (NT_STATUS_IS_OK(status
)) {
1433 /* Ensure we don't namecache
1434 * this with the KDC port. */
1435 name_type
= KDC_NAME_TYPE
;
1438 } else if(strequal( tok
, "ads")) {
1439 /* deal with 0x1c and 0x1b names here.
1440 * This will result in a SRV record lookup */
1441 status
= resolve_ads(name
, name_type
, sitename
,
1442 return_iplist
, return_count
);
1443 if (NT_STATUS_IS_OK(status
)) {
1446 } else if(strequal( tok
, "lmhosts")) {
1447 status
= resolve_lmhosts(name
, name_type
,
1448 return_iplist
, return_count
);
1449 if (NT_STATUS_IS_OK(status
)) {
1452 } else if(strequal( tok
, "wins")) {
1453 /* don't resolve 1D via WINS */
1454 if (name_type
!= 0x1D) {
1455 status
= resolve_wins(name
, name_type
,
1458 if (NT_STATUS_IS_OK(status
)) {
1462 } else if(strequal( tok
, "bcast")) {
1463 status
= name_resolve_bcast(name
, name_type
,
1466 if (NT_STATUS_IS_OK(status
)) {
1470 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1475 /* All of the resolve_* functions above have returned false. */
1478 SAFE_FREE(*return_iplist
);
1481 return NT_STATUS_UNSUCCESSFUL
;
1485 /* Remove duplicate entries. Some queries, notably #1c (domain
1486 controllers) return the PDC in iplist[0] and then all domain
1487 controllers including the PDC in iplist[1..n]. Iterating over
1488 the iplist when the PDC is down will cause two sets of timeouts. */
1490 if ( *return_count
) {
1491 *return_count
= remove_duplicate_addrs2(*return_iplist
,
1495 /* Save in name cache */
1496 if ( DEBUGLEVEL
>= 100 ) {
1497 for (i
= 0; i
< *return_count
&& DEBUGLEVEL
== 100; i
++) {
1498 char addr
[INET6_ADDRSTRLEN
];
1499 print_sockaddr(addr
, sizeof(addr
),
1500 &(*return_iplist
)[i
].ss
);
1501 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1505 (*return_iplist
)[i
].port
));
1509 namecache_store(name
, name_type
, *return_count
, *return_iplist
);
1511 /* Display some debugging info */
1513 if ( DEBUGLEVEL
>= 10 ) {
1514 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1517 for (i
= 0; i
< *return_count
; i
++) {
1518 char addr
[INET6_ADDRSTRLEN
];
1519 print_sockaddr(addr
, sizeof(addr
),
1520 &(*return_iplist
)[i
].ss
);
1521 DEBUGADD(10, ("%s:%d ",
1523 (*return_iplist
)[i
].port
));
1532 /********************************************************
1533 Internal interface to resolve a name into one IP address.
1534 Use this function if the string is either an IP address, DNS
1535 or host name or NetBIOS name. This uses the name switch in the
1536 smb.conf to determine the order of name resolution.
1537 *********************************************************/
1539 bool resolve_name(const char *name
,
1540 struct sockaddr_storage
*return_ss
,
1544 struct ip_service
*ss_list
= NULL
;
1545 char *sitename
= NULL
;
1548 if (is_ipaddress(name
)) {
1549 return interpret_string_addr(return_ss
, name
, AI_NUMERICHOST
);
1552 sitename
= sitename_fetch(lp_realm()); /* wild guess */
1554 if (NT_STATUS_IS_OK(internal_resolve_name(name
, name_type
, sitename
,
1556 lp_name_resolve_order()))) {
1560 for (i
=0; i
<count
; i
++) {
1561 if (!is_zero_addr((struct sockaddr
*)&ss_list
[i
].ss
) &&
1562 !is_broadcast_addr((struct sockaddr
*)&ss_list
[i
].ss
) &&
1563 (ss_list
[i
].ss
.ss_family
== AF_INET
)) {
1564 *return_ss
= ss_list
[i
].ss
;
1566 SAFE_FREE(sitename
);
1572 /* only return valid addresses for TCP connections */
1573 for (i
=0; i
<count
; i
++) {
1574 if (!is_zero_addr((struct sockaddr
*)&ss_list
[i
].ss
) &&
1575 !is_broadcast_addr((struct sockaddr
*)&ss_list
[i
].ss
)) {
1576 *return_ss
= ss_list
[i
].ss
;
1578 SAFE_FREE(sitename
);
1585 SAFE_FREE(sitename
);
1589 /********************************************************
1590 Internal interface to resolve a name into a list of IP addresses.
1591 Use this function if the string is either an IP address, DNS
1592 or host name or NetBIOS name. This uses the name switch in the
1593 smb.conf to determine the order of name resolution.
1594 *********************************************************/
1596 NTSTATUS
resolve_name_list(TALLOC_CTX
*ctx
,
1599 struct sockaddr_storage
**return_ss_arr
,
1600 unsigned int *p_num_entries
)
1602 struct ip_service
*ss_list
= NULL
;
1603 char *sitename
= NULL
;
1606 unsigned int num_entries
;
1610 *return_ss_arr
= NULL
;
1612 if (is_ipaddress(name
)) {
1613 *return_ss_arr
= TALLOC_P(ctx
, struct sockaddr_storage
);
1614 if (!*return_ss_arr
) {
1615 return NT_STATUS_NO_MEMORY
;
1617 if (!interpret_string_addr(*return_ss_arr
, name
, AI_NUMERICHOST
)) {
1618 TALLOC_FREE(*return_ss_arr
);
1619 return NT_STATUS_BAD_NETWORK_NAME
;
1622 return NT_STATUS_OK
;
1625 sitename
= sitename_fetch(lp_realm()); /* wild guess */
1627 status
= internal_resolve_name(name
, name_type
, sitename
,
1629 lp_name_resolve_order());
1630 SAFE_FREE(sitename
);
1632 if (!NT_STATUS_IS_OK(status
)) {
1636 /* only return valid addresses for TCP connections */
1637 for (i
=0, num_entries
= 0; i
<count
; i
++) {
1638 if (!is_zero_addr((struct sockaddr
*)&ss_list
[i
].ss
) &&
1639 !is_broadcast_addr((struct sockaddr
*)&ss_list
[i
].ss
)) {
1643 if (num_entries
== 0) {
1645 return NT_STATUS_BAD_NETWORK_NAME
;
1648 *return_ss_arr
= TALLOC_ARRAY(ctx
,
1649 struct sockaddr_storage
,
1651 if (!(*return_ss_arr
)) {
1653 return NT_STATUS_NO_MEMORY
;
1656 for (i
=0, num_entries
= 0; i
<count
; i
++) {
1657 if (!is_zero_addr((struct sockaddr
*)&ss_list
[i
].ss
) &&
1658 !is_broadcast_addr((struct sockaddr
*)&ss_list
[i
].ss
)) {
1659 (*return_ss_arr
)[num_entries
++] = ss_list
[i
].ss
;
1663 status
= NT_STATUS_OK
;
1664 *p_num_entries
= num_entries
;
1667 return NT_STATUS_OK
;
1670 /********************************************************
1671 Find the IP address of the master browser or DMB for a workgroup.
1672 *********************************************************/
1674 bool find_master_ip(const char *group
, struct sockaddr_storage
*master_ss
)
1676 struct ip_service
*ip_list
= NULL
;
1680 if (lp_disable_netbios()) {
1681 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group
));
1685 status
= internal_resolve_name(group
, 0x1D, NULL
, &ip_list
, &count
,
1686 lp_name_resolve_order());
1687 if (NT_STATUS_IS_OK(status
)) {
1688 *master_ss
= ip_list
[0].ss
;
1693 status
= internal_resolve_name(group
, 0x1B, NULL
, &ip_list
, &count
,
1694 lp_name_resolve_order());
1695 if (NT_STATUS_IS_OK(status
)) {
1696 *master_ss
= ip_list
[0].ss
;
1705 /********************************************************
1706 Get the IP address list of the primary domain controller
1708 *********************************************************/
1710 bool get_pdc_ip(const char *domain
, struct sockaddr_storage
*pss
)
1712 struct ip_service
*ip_list
= NULL
;
1714 NTSTATUS status
= NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
;
1716 /* Look up #1B name */
1718 if (lp_security() == SEC_ADS
) {
1719 status
= internal_resolve_name(domain
, 0x1b, NULL
, &ip_list
,
1723 if (!NT_STATUS_IS_OK(status
) || count
== 0) {
1724 status
= internal_resolve_name(domain
, 0x1b, NULL
, &ip_list
,
1726 lp_name_resolve_order());
1727 if (!NT_STATUS_IS_OK(status
)) {
1732 /* if we get more than 1 IP back we have to assume it is a
1733 multi-homed PDC and not a mess up */
1736 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count
));
1737 sort_service_list(ip_list
, count
);
1740 *pss
= ip_list
[0].ss
;
1745 /* Private enum type for lookups. */
1747 enum dc_lookup_type
{ DC_NORMAL_LOOKUP
, DC_ADS_ONLY
, DC_KDC_ONLY
};
1749 /********************************************************
1750 Get the IP address list of the domain controllers for
1752 *********************************************************/
1754 static NTSTATUS
get_dc_list(const char *domain
,
1755 const char *sitename
,
1756 struct ip_service
**ip_list
,
1758 enum dc_lookup_type lookup_type
,
1761 char *resolve_order
= NULL
;
1762 char *saf_servername
= NULL
;
1763 char *pserver
= NULL
;
1765 char *port_str
= NULL
;
1768 int num_addresses
= 0;
1769 int local_count
, i
, j
;
1770 struct ip_service
*return_iplist
= NULL
;
1771 struct ip_service
*auto_ip_list
= NULL
;
1772 bool done_auto_lookup
= false;
1775 TALLOC_CTX
*ctx
= talloc_init("get_dc_list");
1781 return NT_STATUS_NO_MEMORY
;
1786 /* if we are restricted to solely using DNS for looking
1787 up a domain controller, make sure that host lookups
1788 are enabled for the 'name resolve order'. If host lookups
1789 are disabled and ads_only is True, then set the string to
1792 resolve_order
= talloc_strdup(ctx
, lp_name_resolve_order());
1793 if (!resolve_order
) {
1794 status
= NT_STATUS_NO_MEMORY
;
1797 strlower_m(resolve_order
);
1798 if (lookup_type
== DC_ADS_ONLY
) {
1799 if (strstr( resolve_order
, "host")) {
1800 resolve_order
= talloc_strdup(ctx
, "ads");
1802 /* DNS SRV lookups used by the ads resolver
1803 are already sorted by priority and weight */
1806 resolve_order
= talloc_strdup(ctx
, "NULL");
1808 } else if (lookup_type
== DC_KDC_ONLY
) {
1809 /* DNS SRV lookups used by the ads/kdc resolver
1810 are already sorted by priority and weight */
1812 resolve_order
= talloc_strdup(ctx
, "kdc");
1814 if (!resolve_order
) {
1815 status
= NT_STATUS_NO_MEMORY
;
1819 /* fetch the server we have affinity for. Add the
1820 'password server' list to a search for our domain controllers */
1822 saf_servername
= saf_fetch( domain
);
1824 if (strequal(domain
, lp_workgroup()) || strequal(domain
, lp_realm())) {
1825 pserver
= talloc_asprintf(NULL
, "%s, %s",
1826 saf_servername
? saf_servername
: "",
1827 lp_passwordserver());
1829 pserver
= talloc_asprintf(NULL
, "%s, *",
1830 saf_servername
? saf_servername
: "");
1833 SAFE_FREE(saf_servername
);
1835 status
= NT_STATUS_NO_MEMORY
;
1839 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1842 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1843 status
= internal_resolve_name(domain
, 0x1C, sitename
, ip_list
,
1844 count
, resolve_order
);
1848 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver
));
1851 * if '*' appears in the "password server" list then add
1852 * an auto lookup to the list of manually configured
1853 * DC's. If any DC is listed by name, then the list should be
1854 * considered to be ordered
1858 while (next_token_talloc(ctx
, &p
, &name
, LIST_SEP
)) {
1859 if (!done_auto_lookup
&& strequal(name
, "*")) {
1860 status
= internal_resolve_name(domain
, 0x1C, sitename
,
1864 if (NT_STATUS_IS_OK(status
)) {
1865 num_addresses
+= auto_count
;
1867 done_auto_lookup
= true;
1868 DEBUG(8,("Adding %d DC's from auto lookup\n",
1875 /* if we have no addresses and haven't done the auto lookup, then
1876 just return the list of DC's. Or maybe we just failed. */
1878 if ((num_addresses
== 0)) {
1879 if (done_auto_lookup
) {
1880 DEBUG(4,("get_dc_list: no servers found\n"));
1881 status
= NT_STATUS_NO_LOGON_SERVERS
;
1884 status
= internal_resolve_name(domain
, 0x1C, sitename
, ip_list
,
1885 count
, resolve_order
);
1889 if ((return_iplist
= SMB_MALLOC_ARRAY(struct ip_service
,
1890 num_addresses
)) == NULL
) {
1891 DEBUG(3,("get_dc_list: malloc fail !\n"));
1892 status
= NT_STATUS_NO_MEMORY
;
1899 /* fill in the return list now with real IP's */
1901 while ((local_count
<num_addresses
) &&
1902 next_token_talloc(ctx
, &p
, &name
, LIST_SEP
)) {
1903 struct sockaddr_storage name_ss
;
1905 /* copy any addersses from the auto lookup */
1907 if (strequal(name
, "*")) {
1908 for (j
=0; j
<auto_count
; j
++) {
1909 char addr
[INET6_ADDRSTRLEN
];
1910 print_sockaddr(addr
,
1912 &auto_ip_list
[j
].ss
);
1913 /* Check for and don't copy any
1914 * known bad DC IP's. */
1915 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1918 DEBUG(5,("get_dc_list: "
1919 "negative entry %s removed "
1924 return_iplist
[local_count
].ss
=
1926 return_iplist
[local_count
].port
=
1927 auto_ip_list
[j
].port
;
1933 /* added support for address:port syntax for ads
1934 * (not that I think anyone will ever run the LDAP
1935 * server in an AD domain on something other than
1938 port
= (lp_security() == SEC_ADS
) ? LDAP_PORT
: PORT_NONE
;
1939 if ((port_str
=strchr(name
, ':')) != NULL
) {
1942 port
= atoi(port_str
);
1945 /* explicit lookup; resolve_name() will
1946 * handle names & IP addresses */
1947 if (resolve_name( name
, &name_ss
, 0x20, true )) {
1948 char addr
[INET6_ADDRSTRLEN
];
1949 print_sockaddr(addr
,
1953 /* Check for and don't copy any known bad DC IP's. */
1954 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain
,
1956 DEBUG(5,("get_dc_list: negative entry %s "
1957 "removed from DC list\n",
1962 return_iplist
[local_count
].ss
= name_ss
;
1963 return_iplist
[local_count
].port
= port
;
1969 /* need to remove duplicates in the list if we have any
1970 explicit password servers */
1973 local_count
= remove_duplicate_addrs2(return_iplist
,
1977 /* For DC's we always prioritize IPv4 due to W2K3 not
1978 * supporting LDAP, KRB5 or CLDAP over IPv6. */
1980 if (local_count
&& return_iplist
) {
1981 prioritize_ipv4_list(return_iplist
, local_count
);
1984 if ( DEBUGLEVEL
>= 4 ) {
1985 DEBUG(4,("get_dc_list: returning %d ip addresses "
1986 "in an %sordered list\n",
1988 *ordered
? "":"un"));
1989 DEBUG(4,("get_dc_list: "));
1990 for ( i
=0; i
<local_count
; i
++ ) {
1991 char addr
[INET6_ADDRSTRLEN
];
1992 print_sockaddr(addr
,
1994 &return_iplist
[i
].ss
);
1995 DEBUGADD(4,("%s:%d ", addr
, return_iplist
[i
].port
));
2000 *ip_list
= return_iplist
;
2001 *count
= local_count
;
2003 status
= ( *count
!= 0 ? NT_STATUS_OK
: NT_STATUS_NO_LOGON_SERVERS
);
2007 if (!NT_STATUS_IS_OK(status
)) {
2008 SAFE_FREE(return_iplist
);
2013 SAFE_FREE(auto_ip_list
);
2018 /*********************************************************************
2019 Small wrapper function to get the DC list and sort it if neccessary.
2020 *********************************************************************/
2022 NTSTATUS
get_sorted_dc_list( const char *domain
,
2023 const char *sitename
,
2024 struct ip_service
**ip_list
,
2028 bool ordered
= false;
2030 enum dc_lookup_type lookup_type
= DC_NORMAL_LOOKUP
;
2035 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2036 "for name %s (sitename %s) using [%s]\n",
2038 sitename
? sitename
: "NULL",
2039 (ads_only
? "ads" : lp_name_resolve_order())));
2042 lookup_type
= DC_ADS_ONLY
;
2045 status
= get_dc_list(domain
, sitename
, ip_list
,
2046 count
, lookup_type
, &ordered
);
2047 if (NT_STATUS_EQUAL(status
, NT_STATUS_NO_LOGON_SERVERS
)
2049 DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2050 " in site %s, fallback to all servers\n",
2052 status
= get_dc_list(domain
, NULL
, ip_list
,
2053 count
, lookup_type
, &ordered
);
2056 if (!NT_STATUS_IS_OK(status
)) {
2057 SAFE_FREE(*ip_list
);
2062 /* only sort if we don't already have an ordered list */
2064 sort_service_list(*ip_list
, *count
);
2067 return NT_STATUS_OK
;
2070 /*********************************************************************
2071 Get the KDC list - re-use all the logic in get_dc_list.
2072 *********************************************************************/
2074 NTSTATUS
get_kdc_list( const char *realm
,
2075 const char *sitename
,
2076 struct ip_service
**ip_list
,
2085 status
= get_dc_list(realm
, sitename
, ip_list
,
2086 count
, DC_KDC_ONLY
, &ordered
);
2088 if (!NT_STATUS_IS_OK(status
)) {
2089 SAFE_FREE(*ip_list
);
2094 /* only sort if we don't already have an ordered list */
2096 sort_service_list(*ip_list
, *count
);
2099 return NT_STATUS_OK
;