search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Reserve IOCTL 0xACE for proxy<->proxy communication channel
[Samba/vfs_proxy.git] / source3 / libsmb / namequery.c
blobbcf849b795cc0aa44bfb45d3bc957ce5a034d8f6
1 /*
2 Unix SMB/CIFS implementation.
3 name query routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 /* nmbd.c sets this to True. */
24 bool global_in_nmbd = False;
25
26 /****************************
27 * SERVER AFFINITY ROUTINES *
28 ****************************/
29
30 /* Server affinity is the concept of preferring the last domain
31 controller with whom you had a successful conversation */
32
33 /****************************************************************************
34 ****************************************************************************/
35 #define SAFKEY_FMT "SAF/DOMAIN/%s"
36 #define SAF_TTL 900
37
38 static char *saf_key(const char *domain)
39 {
40 char *keystr;
41
42 asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
43
44 return keystr;
45 }
46
47 /****************************************************************************
48 ****************************************************************************/
49
50 bool saf_store( const char *domain, const char *servername )
51 {
52 char *key;
53 time_t expire;
54 bool ret = False;
55
56 if ( !domain || !servername ) {
57 DEBUG(2,("saf_store: "
58 "Refusing to store empty domain or servername!\n"));
59 return False;
60 }
61
62 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
63 DEBUG(0,("saf_store: "
64 "refusing to store 0 length domain or servername!\n"));
65 return False;
66 }
67
68 if ( !gencache_init() )
69 return False;
70
71 key = saf_key( domain );
72 expire = time( NULL ) + SAF_TTL;
73
74 DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
75 domain, servername, (unsigned int)expire ));
76
77 ret = gencache_set( key, servername, expire );
78
79 SAFE_FREE( key );
80
81 return ret;
82 }
83
84 bool saf_delete( const char *domain )
85 {
86 char *key;
87 bool ret = False;
88
89 if ( !domain ) {
90 DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
91 return False;
92 }
93
94 if ( !gencache_init() )
95 return False;
96
97 key = saf_key(domain);
98 ret = gencache_del(key);
99
100 if (ret) {
101 DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
102 }
103
104 SAFE_FREE( key );
105
106 return ret;
107 }
108
109 /****************************************************************************
110 ****************************************************************************/
111
112 char *saf_fetch( const char *domain )
113 {
114 char *server = NULL;
115 time_t timeout;
116 bool ret = False;
117 char *key = NULL;
118
119 if ( !domain || strlen(domain) == 0) {
120 DEBUG(2,("saf_fetch: Empty domain name!\n"));
121 return NULL;
122 }
123
124 if ( !gencache_init() )
125 return False;
126
127 key = saf_key( domain );
128
129 ret = gencache_get( key, &server, &timeout );
130
131 SAFE_FREE( key );
132
133 if ( !ret ) {
134 DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
135 domain ));
136 } else {
137 DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
138 server, domain ));
139 }
140
141 return server;
142 }
143
144 /****************************************************************************
145 Generate a random trn_id.
146 ****************************************************************************/
147
148 static int generate_trn_id(void)
149 {
150 uint16 id;
151
152 generate_random_buffer((uint8 *)&id, sizeof(id));
153
154 return id % (unsigned)0x7FFF;
155 }
156
157 /****************************************************************************
158 Parse a node status response into an array of structures.
159 ****************************************************************************/
160
161 static NODE_STATUS_STRUCT *parse_node_status(char *p,
162 int *num_names,
163 struct node_status_extra *extra)
164 {
165 NODE_STATUS_STRUCT *ret;
166 int i;
167
168 *num_names = CVAL(p,0);
169
170 if (*num_names == 0)
171 return NULL;
172
173 ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
174 if (!ret)
175 return NULL;
176
177 p++;
178 for (i=0;i< *num_names;i++) {
179 StrnCpy(ret[i].name,p,15);
180 trim_char(ret[i].name,'\0',' ');
181 ret[i].type = CVAL(p,15);
182 ret[i].flags = p[16];
183 p += 18;
184 DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
185 ret[i].type, ret[i].flags));
186 }
187 /*
188 * Also, pick up the MAC address ...
189 */
190 if (extra) {
191 memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
192 }
193 return ret;
194 }
195
196
197 /****************************************************************************
198 Do a NBT node status query on an open socket and return an array of
199 structures holding the returned names or NULL if the query failed.
200 **************************************************************************/
201
202 NODE_STATUS_STRUCT *node_status_query(int fd,
203 struct nmb_name *name,
204 const struct sockaddr_storage *to_ss,
205 int *num_names,
206 struct node_status_extra *extra)
207 {
208 bool found=False;
209 int retries = 2;
210 int retry_time = 2000;
211 struct timeval tval;
212 struct packet_struct p;
213 struct packet_struct *p2;
214 struct nmb_packet *nmb = &p.packet.nmb;
215 NODE_STATUS_STRUCT *ret;
216
217 ZERO_STRUCT(p);
218
219 if (to_ss->ss_family != AF_INET) {
220 /* Can't do node status to IPv6 */
221 return NULL;
222 }
223 nmb->header.name_trn_id = generate_trn_id();
224 nmb->header.opcode = 0;
225 nmb->header.response = false;
226 nmb->header.nm_flags.bcast = false;
227 nmb->header.nm_flags.recursion_available = false;
228 nmb->header.nm_flags.recursion_desired = false;
229 nmb->header.nm_flags.trunc = false;
230 nmb->header.nm_flags.authoritative = false;
231 nmb->header.rcode = 0;
232 nmb->header.qdcount = 1;
233 nmb->header.ancount = 0;
234 nmb->header.nscount = 0;
235 nmb->header.arcount = 0;
236 nmb->question.question_name = *name;
237 nmb->question.question_type = 0x21;
238 nmb->question.question_class = 0x1;
239
240 p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
241 p.port = NMB_PORT;
242 p.fd = fd;
243 p.timestamp = time(NULL);
244 p.packet_type = NMB_PACKET;
245
246 GetTimeOfDay(&tval);
247
248 if (!send_packet(&p))
249 return NULL;
250
251 retries--;
252
253 while (1) {
254 struct timeval tval2;
255 GetTimeOfDay(&tval2);
256 if (TvalDiff(&tval,&tval2) > retry_time) {
257 if (!retries)
258 break;
259 if (!found && !send_packet(&p))
260 return NULL;
261 GetTimeOfDay(&tval);
262 retries--;
263 }
264
265 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
266 struct nmb_packet *nmb2 = &p2->packet.nmb;
267 debug_nmb_packet(p2);
268
269 if (nmb2->header.opcode != 0 ||
270 nmb2->header.nm_flags.bcast ||
271 nmb2->header.rcode ||
272 !nmb2->header.ancount ||
273 nmb2->answers->rr_type != 0x21) {
274 /* XXXX what do we do with this? could be a
275 redirect, but we'll discard it for the
276 moment */
277 free_packet(p2);
278 continue;
279 }
280
281 ret = parse_node_status(&nmb2->answers->rdata[0],
282 num_names, extra);
283 free_packet(p2);
284 return ret;
285 }
286 }
287
288 return NULL;
289 }
290
291 /****************************************************************************
292 Find the first type XX name in a node status reply - used for finding
293 a servers name given its IP. Return the matched name in *name.
294 **************************************************************************/
295
296 bool name_status_find(const char *q_name,
297 int q_type,
298 int type,
299 const struct sockaddr_storage *to_ss,
300 fstring name)
301 {
302 char addr[INET6_ADDRSTRLEN];
303 struct sockaddr_storage ss;
304 NODE_STATUS_STRUCT *status = NULL;
305 struct nmb_name nname;
306 int count, i;
307 int sock;
308 bool result = false;
309
310 if (lp_disable_netbios()) {
311 DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
312 q_name, q_type));
313 return False;
314 }
315
316 print_sockaddr(addr, sizeof(addr), to_ss);
317
318 DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
319 q_type, addr));
320
321 /* Check the cache first. */
322
323 if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
324 return True;
325 }
326
327 if (to_ss->ss_family != AF_INET) {
328 /* Can't do node status to IPv6 */
329 return false;
330 }
331
332 if (!interpret_string_addr(&ss, lp_socket_address(),
333 AI_NUMERICHOST|AI_PASSIVE)) {
334 zero_sockaddr(&ss);
335 }
336
337 sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
338 if (sock == -1)
339 goto done;
340
341 /* W2K PDC's seem not to respond to '*'#0. JRA */
342 make_nmb_name(&nname, q_name, q_type);
343 status = node_status_query(sock, &nname, to_ss, &count, NULL);
344 close(sock);
345 if (!status)
346 goto done;
347
348 for (i=0;i<count;i++) {
349 if (status[i].type == type)
350 break;
351 }
352 if (i == count)
353 goto done;
354
355 pull_ascii_nstring(name, sizeof(fstring), status[i].name);
356
357 /* Store the result in the cache. */
358 /* but don't store an entry for 0x1c names here. Here we have
359 a single host and DOMAIN<0x1c> names should be a list of hosts */
360
361 if ( q_type != 0x1c ) {
362 namecache_status_store(q_name, q_type, type, to_ss, name);
363 }
364
365 result = true;
366
367 done:
368 SAFE_FREE(status);
369
370 DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
371
372 if (result)
373 DEBUGADD(10, (", name %s ip address is %s", name, addr));
374
375 DEBUG(10, ("\n"));
376
377 return result;
378 }
379
380 /*
381 comparison function used by sort_addr_list
382 */
383
384 static int addr_compare(const struct sockaddr *ss1,
385 const struct sockaddr *ss2)
386 {
387 int max_bits1=0, max_bits2=0;
388 int num_interfaces = iface_count();
389 int i;
390
391 /* Sort IPv6 addresses first. */
392 if (ss1->sa_family != ss2->sa_family) {
393 if (ss2->sa_family == AF_INET) {
394 return -1;
395 } else {
396 return 1;
397 }
398 }
399
400 /* Here we know both addresses are of the same
401 * family. */
402
403 for (i=0;i<num_interfaces;i++) {
404 const struct sockaddr_storage *pss = iface_n_bcast(i);
405 unsigned char *p_ss1 = NULL;
406 unsigned char *p_ss2 = NULL;
407 unsigned char *p_if = NULL;
408 size_t len = 0;
409 int bits1, bits2;
410
411 if (pss->ss_family != ss1->sa_family) {
412 /* Ignore interfaces of the wrong type. */
413 continue;
414 }
415 if (pss->ss_family == AF_INET) {
416 p_if = (unsigned char *)
417 &((const struct sockaddr_in *)pss)->sin_addr;
418 p_ss1 = (unsigned char *)
419 &((const struct sockaddr_in *)ss1)->sin_addr;
420 p_ss2 = (unsigned char *)
421 &((const struct sockaddr_in *)ss2)->sin_addr;
422 len = 4;
423 }
424 #if defined(HAVE_IPV6)
425 if (pss->ss_family == AF_INET6) {
426 p_if = (unsigned char *)
427 &((const struct sockaddr_in6 *)pss)->sin6_addr;
428 p_ss1 = (unsigned char *)
429 &((const struct sockaddr_in6 *)ss1)->sin6_addr;
430 p_ss2 = (unsigned char *)
431 &((const struct sockaddr_in6 *)ss2)->sin6_addr;
432 len = 16;
433 }
434 #endif
435 if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
436 continue;
437 }
438 bits1 = matching_len_bits(p_ss1, p_if, len);
439 bits2 = matching_len_bits(p_ss2, p_if, len);
440 max_bits1 = MAX(bits1, max_bits1);
441 max_bits2 = MAX(bits2, max_bits2);
442 }
443
444 /* Bias towards directly reachable IPs */
445 if (iface_local(ss1)) {
446 if (ss1->sa_family == AF_INET) {
447 max_bits1 += 32;
448 } else {
449 max_bits1 += 128;
450 }
451 }
452 if (iface_local(ss2)) {
453 if (ss2->sa_family == AF_INET) {
454 max_bits2 += 32;
455 } else {
456 max_bits2 += 128;
457 }
458 }
459 return max_bits2 - max_bits1;
460 }
461
462 /*******************************************************************
463 compare 2 ldap IPs by nearness to our interfaces - used in qsort
464 *******************************************************************/
465
466 int ip_service_compare(struct ip_service *ss1, struct ip_service *ss2)
467 {
468 int result;
469
470 if ((result = addr_compare((struct sockaddr *)&ss1->ss, (struct sockaddr *)&ss2->ss)) != 0) {
471 return result;
472 }
473
474 if (ss1->port > ss2->port) {
475 return 1;
476 }
477
478 if (ss1->port < ss2->port) {
479 return -1;
480 }
481
482 return 0;
483 }
484
485 /*
486 sort an IP list so that names that are close to one of our interfaces
487 are at the top. This prevents the problem where a WINS server returns an IP
488 that is not reachable from our subnet as the first match
489 */
490
491 static void sort_addr_list(struct sockaddr_storage *sslist, int count)
492 {
493 if (count <= 1) {
494 return;
495 }
496
497 qsort(sslist, count, sizeof(struct sockaddr_storage),
498 QSORT_CAST addr_compare);
499 }
500
501 static void sort_service_list(struct ip_service *servlist, int count)
502 {
503 if (count <= 1) {
504 return;
505 }
506
507 qsort(servlist, count, sizeof(struct ip_service),
508 QSORT_CAST ip_service_compare);
509 }
510
511 /**********************************************************************
512 Remove any duplicate address/port pairs in the list
513 *********************************************************************/
514
515 static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
516 {
517 int i, j;
518
519 DEBUG(10,("remove_duplicate_addrs2: "
520 "looking for duplicate address/port pairs\n"));
521
522 /* one loop to remove duplicates */
523 for ( i=0; i<count; i++ ) {
524 if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
525 continue;
526 }
527
528 for ( j=i+1; j<count; j++ ) {
529 if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) &&
530 iplist[i].port == iplist[j].port) {
531 zero_sockaddr(&iplist[j].ss);
532 }
533 }
534 }
535
536 /* one loop to clean up any holes we left */
537 /* first ip should never be a zero_ip() */
538 for (i = 0; i<count; ) {
539 if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
540 if (i != count-1) {
541 memmove(&iplist[i], &iplist[i+1],
542 (count - i - 1)*sizeof(iplist[i]));
543 }
544 count--;
545 continue;
546 }
547 i++;
548 }
549
550 return count;
551 }
552
553 /****************************************************************************
554 Do a netbios name query to find someones IP.
555 Returns an array of IP addresses or NULL if none.
556 *count will be set to the number of addresses returned.
557 *timed_out is set if we failed by timing out
558 ****************************************************************************/
559
560 struct sockaddr_storage *name_query(int fd,
561 const char *name,
562 int name_type,
563 bool bcast,
564 bool recurse,
565 const struct sockaddr_storage *to_ss,
566 int *count,
567 int *flags,
568 bool *timed_out)
569 {
570 bool found=false;
571 int i, retries = 3;
572 int retry_time = bcast?250:2000;
573 struct timeval tval;
574 struct packet_struct p;
575 struct packet_struct *p2;
576 struct nmb_packet *nmb = &p.packet.nmb;
577 struct sockaddr_storage *ss_list = NULL;
578
579 if (lp_disable_netbios()) {
580 DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
581 name, name_type));
582 return NULL;
583 }
584
585 if (to_ss->ss_family != AF_INET) {
586 return NULL;
587 }
588
589 if (timed_out) {
590 *timed_out = false;
591 }
592
593 memset((char *)&p,'\0',sizeof(p));
594 (*count) = 0;
595 (*flags) = 0;
596
597 nmb->header.name_trn_id = generate_trn_id();
598 nmb->header.opcode = 0;
599 nmb->header.response = false;
600 nmb->header.nm_flags.bcast = bcast;
601 nmb->header.nm_flags.recursion_available = false;
602 nmb->header.nm_flags.recursion_desired = recurse;
603 nmb->header.nm_flags.trunc = false;
604 nmb->header.nm_flags.authoritative = false;
605 nmb->header.rcode = 0;
606 nmb->header.qdcount = 1;
607 nmb->header.ancount = 0;
608 nmb->header.nscount = 0;
609 nmb->header.arcount = 0;
610
611 make_nmb_name(&nmb->question.question_name,name,name_type);
612
613 nmb->question.question_type = 0x20;
614 nmb->question.question_class = 0x1;
615
616 p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
617 p.port = NMB_PORT;
618 p.fd = fd;
619 p.timestamp = time(NULL);
620 p.packet_type = NMB_PACKET;
621
622 GetTimeOfDay(&tval);
623
624 if (!send_packet(&p))
625 return NULL;
626
627 retries--;
628
629 while (1) {
630 struct timeval tval2;
631
632 GetTimeOfDay(&tval2);
633 if (TvalDiff(&tval,&tval2) > retry_time) {
634 if (!retries)
635 break;
636 if (!found && !send_packet(&p))
637 return NULL;
638 GetTimeOfDay(&tval);
639 retries--;
640 }
641
642 if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
643 struct nmb_packet *nmb2 = &p2->packet.nmb;
644 debug_nmb_packet(p2);
645
646 /* If we get a Negative Name Query Response from a WINS
647 * server, we should report it and give up.
648 */
649 if( 0 == nmb2->header.opcode /* A query response */
650 && !(bcast) /* from a WINS server */
651 && nmb2->header.rcode /* Error returned */
652 ) {
653
654 if( DEBUGLVL( 3 ) ) {
655 /* Only executed if DEBUGLEVEL >= 3 */
656 dbgtext( "Negative name query "
657 "response, rcode 0x%02x: ",
658 nmb2->header.rcode );
659 switch( nmb2->header.rcode ) {
660 case 0x01:
661 dbgtext( "Request "
662 "was invalidly formatted.\n" );
663 break;
664 case 0x02:
665 dbgtext( "Problem with NBNS, "
666 "cannot process name.\n");
667 break;
668 case 0x03:
669 dbgtext( "The name requested "
670 "does not exist.\n" );
671 break;
672 case 0x04:
673 dbgtext( "Unsupported request "
674 "error.\n" );
675 break;
676 case 0x05:
677 dbgtext( "Query refused "
678 "error.\n" );
679 break;
680 default:
681 dbgtext( "Unrecognized error "
682 "code.\n" );
683 break;
684 }
685 }
686 free_packet(p2);
687 return( NULL );
688 }
689
690 if (nmb2->header.opcode != 0 ||
691 nmb2->header.nm_flags.bcast ||
692 nmb2->header.rcode ||
693 !nmb2->header.ancount) {
694 /*
695 * XXXX what do we do with this? Could be a
696 * redirect, but we'll discard it for the
697 * moment.
698 */
699 free_packet(p2);
700 continue;
701 }
702
703 ss_list = SMB_REALLOC_ARRAY(ss_list,
704 struct sockaddr_storage,
705 (*count) +
706 nmb2->answers->rdlength/6);
707
708 if (!ss_list) {
709 DEBUG(0,("name_query: Realloc failed.\n"));
710 free_packet(p2);
711 return NULL;
712 }
713
714 DEBUG(2,("Got a positive name query response "
715 "from %s ( ",
716 inet_ntoa(p2->ip)));
717
718 for (i=0;i<nmb2->answers->rdlength/6;i++) {
719 struct in_addr ip;
720 putip((char *)&ip,&nmb2->answers->rdata[2+i*6]);
721 in_addr_to_sockaddr_storage(&ss_list[(*count)],
722 ip);
723 DEBUGADD(2,("%s ",inet_ntoa(ip)));
724 (*count)++;
725 }
726 DEBUGADD(2,(")\n"));
727
728 found=true;
729 retries=0;
730 /* We add the flags back ... */
731 if (nmb2->header.response)
732 (*flags) |= NM_FLAGS_RS;
733 if (nmb2->header.nm_flags.authoritative)
734 (*flags) |= NM_FLAGS_AA;
735 if (nmb2->header.nm_flags.trunc)
736 (*flags) |= NM_FLAGS_TC;
737 if (nmb2->header.nm_flags.recursion_desired)
738 (*flags) |= NM_FLAGS_RD;
739 if (nmb2->header.nm_flags.recursion_available)
740 (*flags) |= NM_FLAGS_RA;
741 if (nmb2->header.nm_flags.bcast)
742 (*flags) |= NM_FLAGS_B;
743 free_packet(p2);
744 /*
745 * If we're doing a unicast lookup we only
746 * expect one reply. Don't wait the full 2
747 * seconds if we got one. JRA.
748 */
749 if(!bcast && found)
750 break;
751 }
752 }
753
754 /* only set timed_out if we didn't fund what we where looking for*/
755
756 if ( !found && timed_out ) {
757 *timed_out = true;
758 }
759
760 /* sort the ip list so we choose close servers first if possible */
761 sort_addr_list(ss_list, *count);
762
763 return ss_list;
764 }
765
766 /********************************************************
767 Start parsing the lmhosts file.
768 *********************************************************/
769
770 XFILE *startlmhosts(const char *fname)
771 {
772 XFILE *fp = x_fopen(fname,O_RDONLY, 0);
773 if (!fp) {
774 DEBUG(4,("startlmhosts: Can't open lmhosts file %s. "
775 "Error was %s\n",
776 fname, strerror(errno)));
777 return NULL;
778 }
779 return fp;
780 }
781
782 /********************************************************
783 Parse the next line in the lmhosts file.
784 *********************************************************/
785
786 bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type,
787 struct sockaddr_storage *pss)
788 {
789 char line[1024];
790
791 *pp_name = NULL;
792
793 while(!x_feof(fp) && !x_ferror(fp)) {
794 char *ip = NULL;
795 char *flags = NULL;
796 char *extra = NULL;
797 char *name = NULL;
798 const char *ptr;
799 char *ptr1 = NULL;
800 int count = 0;
801
802 *name_type = -1;
803
804 if (!fgets_slash(line,sizeof(line),fp)) {
805 continue;
806 }
807
808 if (*line == '#') {
809 continue;
810 }
811
812 ptr = line;
813
814 if (next_token_talloc(ctx, &ptr, &ip, NULL))
815 ++count;
816 if (next_token_talloc(ctx, &ptr, &name, NULL))
817 ++count;
818 if (next_token_talloc(ctx, &ptr, &flags, NULL))
819 ++count;
820 if (next_token_talloc(ctx, &ptr, &extra, NULL))
821 ++count;
822
823 if (count <= 0)
824 continue;
825
826 if (count > 0 && count < 2) {
827 DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",
828 line));
829 continue;
830 }
831
832 if (count >= 4) {
833 DEBUG(0,("getlmhostsent: too many columns "
834 "in lmhosts file (obsolete syntax)\n"));
835 continue;
836 }
837
838 if (!flags) {
839 flags = talloc_strdup(ctx, "");
840 if (!flags) {
841 continue;
842 }
843 }
844
845 DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n",
846 ip, name, flags));
847
848 if (strchr_m(flags,'G') || strchr_m(flags,'S')) {
849 DEBUG(0,("getlmhostsent: group flag "
850 "in lmhosts ignored (obsolete)\n"));
851 continue;
852 }
853
854 if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) {
855 DEBUG(0,("getlmhostsent: invalid address "
856 "%s.\n", ip));
857 }
858
859 /* Extra feature. If the name ends in '#XX',
860 * where XX is a hex number, then only add that name type. */
861 if((ptr1 = strchr_m(name, '#')) != NULL) {
862 char *endptr;
863 ptr1++;
864
865 *name_type = (int)strtol(ptr1, &endptr, 16);
866 if(!*ptr1 || (endptr == ptr1)) {
867 DEBUG(0,("getlmhostsent: invalid name "
868 "%s containing '#'.\n", name));
869 continue;
870 }
871
872 *(--ptr1) = '\0'; /* Truncate at the '#' */
873 }
874
875 *pp_name = talloc_strdup(ctx, name);
876 if (!*pp_name) {
877 return false;
878 }
879 return true;
880 }
881
882 return false;
883 }
884
885 /********************************************************
886 Finish parsing the lmhosts file.
887 *********************************************************/
888
889 void endlmhosts(XFILE *fp)
890 {
891 x_fclose(fp);
892 }
893
894 /********************************************************
895 convert an array if struct sockaddr_storage to struct ip_service
896 return false on failure. Port is set to PORT_NONE;
897 *********************************************************/
898
899 static bool convert_ss2service(struct ip_service **return_iplist,
900 const struct sockaddr_storage *ss_list,
901 int count)
902 {
903 int i;
904
905 if ( count==0 || !ss_list )
906 return False;
907
908 /* copy the ip address; port will be PORT_NONE */
909 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
910 NULL) {
911 DEBUG(0,("convert_ip2service: malloc failed "
912 "for %d enetries!\n", count ));
913 return False;
914 }
915
916 for ( i=0; i<count; i++ ) {
917 (*return_iplist)[i].ss = ss_list[i];
918 (*return_iplist)[i].port = PORT_NONE;
919 }
920
921 return true;
922 }
923
924 /********************************************************
925 Resolve via "bcast" method.
926 *********************************************************/
927
928 NTSTATUS name_resolve_bcast(const char *name,
929 int name_type,
930 struct ip_service **return_iplist,
931 int *return_count)
932 {
933 int sock, i;
934 int num_interfaces = iface_count();
935 struct sockaddr_storage *ss_list;
936 struct sockaddr_storage ss;
937 NTSTATUS status;
938
939 if (lp_disable_netbios()) {
940 DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
941 name, name_type));
942 return NT_STATUS_INVALID_PARAMETER;
943 }
944
945 *return_iplist = NULL;
946 *return_count = 0;
947
948 /*
949 * "bcast" means do a broadcast lookup on all the local interfaces.
950 */
951
952 DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
953 "for name %s<0x%x>\n", name, name_type));
954
955 if (!interpret_string_addr(&ss, lp_socket_address(),
956 AI_NUMERICHOST|AI_PASSIVE)) {
957 zero_sockaddr(&ss);
958 }
959
960 sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
961 if (sock == -1) {
962 return NT_STATUS_UNSUCCESSFUL;
963 }
964
965 set_socket_options(sock,"SO_BROADCAST");
966 /*
967 * Lookup the name on all the interfaces, return on
968 * the first successful match.
969 */
970 for( i = num_interfaces-1; i >= 0; i--) {
971 const struct sockaddr_storage *pss = iface_n_bcast(i);
972 int flags;
973
974 /* Done this way to fix compiler error on IRIX 5.x */
975 if (!pss) {
976 continue;
977 }
978 ss_list = name_query(sock, name, name_type, true,
979 true, pss, return_count, &flags, NULL);
980 if (ss_list) {
981 goto success;
982 }
983 }
984
985 /* failed - no response */
986
987 close(sock);
988 return NT_STATUS_UNSUCCESSFUL;
989
990 success:
991
992 status = NT_STATUS_OK;
993 if (!convert_ss2service(return_iplist, ss_list, *return_count) )
994 status = NT_STATUS_INVALID_PARAMETER;
995
996 SAFE_FREE(ss_list);
997 close(sock);
998 return status;
999 }
1000
1001 /********************************************************
1002 Resolve via "wins" method.
1003 *********************************************************/
1004
1005 NTSTATUS resolve_wins(const char *name,
1006 int name_type,
1007 struct ip_service **return_iplist,
1008 int *return_count)
1009 {
1010 int sock, t, i;
1011 char **wins_tags;
1012 struct sockaddr_storage src_ss, *ss_list = NULL;
1013 struct in_addr src_ip;
1014 NTSTATUS status;
1015
1016 if (lp_disable_netbios()) {
1017 DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
1018 name, name_type));
1019 return NT_STATUS_INVALID_PARAMETER;
1020 }
1021
1022 *return_iplist = NULL;
1023 *return_count = 0;
1024
1025 DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
1026 name, name_type));
1027
1028 if (wins_srv_count() < 1) {
1029 DEBUG(3,("resolve_wins: WINS server resolution selected "
1030 "and no WINS servers listed.\n"));
1031 return NT_STATUS_INVALID_PARAMETER;
1032 }
1033
1034 /* we try a lookup on each of the WINS tags in turn */
1035 wins_tags = wins_srv_tags();
1036
1037 if (!wins_tags) {
1038 /* huh? no tags?? give up in disgust */
1039 return NT_STATUS_INVALID_PARAMETER;
1040 }
1041
1042 /* the address we will be sending from */
1043 if (!interpret_string_addr(&src_ss, lp_socket_address(),
1044 AI_NUMERICHOST|AI_PASSIVE)) {
1045 zero_sockaddr(&src_ss);
1046 }
1047
1048 if (src_ss.ss_family != AF_INET) {
1049 char addr[INET6_ADDRSTRLEN];
1050 print_sockaddr(addr, sizeof(addr), &src_ss);
1051 DEBUG(3,("resolve_wins: cannot receive WINS replies "
1052 "on IPv6 address %s\n",
1053 addr));
1054 wins_srv_tags_free(wins_tags);
1055 return NT_STATUS_INVALID_PARAMETER;
1056 }
1057
1058 src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1059
1060 /* in the worst case we will try every wins server with every
1061 tag! */
1062 for (t=0; wins_tags && wins_tags[t]; t++) {
1063 int srv_count = wins_srv_count_tag(wins_tags[t]);
1064 for (i=0; i<srv_count; i++) {
1065 struct sockaddr_storage wins_ss;
1066 struct in_addr wins_ip;
1067 int flags;
1068 bool timed_out;
1069
1070 wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1071
1072 if (global_in_nmbd && ismyip_v4(wins_ip)) {
1073 /* yikes! we'll loop forever */
1074 continue;
1075 }
1076
1077 /* skip any that have been unresponsive lately */
1078 if (wins_srv_is_dead(wins_ip, src_ip)) {
1079 continue;
1080 }
1081
1082 DEBUG(3,("resolve_wins: using WINS server %s "
1083 "and tag '%s'\n",
1084 inet_ntoa(wins_ip), wins_tags[t]));
1085
1086 sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1087 if (sock == -1) {
1088 continue;
1089 }
1090
1091 in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1092 ss_list = name_query(sock,
1093 name,
1094 name_type,
1095 false,
1096 true,
1097 &wins_ss,
1098 return_count,
1099 &flags,
1100 &timed_out);
1101
1102 /* exit loop if we got a list of addresses */
1103
1104 if (ss_list)
1105 goto success;
1106
1107 close(sock);
1108
1109 if (timed_out) {
1110 /* Timed out wating for WINS server to respond.
1111 * Mark it dead. */
1112 wins_srv_died(wins_ip, src_ip);
1113 } else {
1114 /* The name definately isn't in this
1115 group of WINS servers.
1116 goto the next group */
1117 break;
1118 }
1119 }
1120 }
1121
1122 wins_srv_tags_free(wins_tags);
1123 return NT_STATUS_NO_LOGON_SERVERS;
1124
1125 success:
1126
1127 status = NT_STATUS_OK;
1128 if (!convert_ss2service(return_iplist, ss_list, *return_count))
1129 status = NT_STATUS_INVALID_PARAMETER;
1130
1131 SAFE_FREE(ss_list);
1132 wins_srv_tags_free(wins_tags);
1133 close(sock);
1134
1135 return status;
1136 }
1137
1138 /********************************************************
1139 Resolve via "lmhosts" method.
1140 *********************************************************/
1141
1142 static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1143 struct ip_service **return_iplist,
1144 int *return_count)
1145 {
1146 /*
1147 * "lmhosts" means parse the local lmhosts file.
1148 */
1149
1150 XFILE *fp;
1151 char *lmhost_name = NULL;
1152 int name_type2;
1153 struct sockaddr_storage return_ss;
1154 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1155 TALLOC_CTX *ctx = NULL;
1156
1157 *return_iplist = NULL;
1158 *return_count = 0;
1159
1160 DEBUG(3,("resolve_lmhosts: "
1161 "Attempting lmhosts lookup for name %s<0x%x>\n",
1162 name, name_type));
1163
1164 fp = startlmhosts(get_dyn_LMHOSTSFILE());
1165
1166 if ( fp == NULL )
1167 return NT_STATUS_NO_SUCH_FILE;
1168
1169 ctx = talloc_init("resolve_lmhosts");
1170 if (!ctx) {
1171 endlmhosts(fp);
1172 return NT_STATUS_NO_MEMORY;
1173 }
1174
1175 while (getlmhostsent(ctx, fp, &lmhost_name, &name_type2, &return_ss)) {
1176
1177 if (!strequal(name, lmhost_name)) {
1178 TALLOC_FREE(lmhost_name);
1179 continue;
1180 }
1181
1182 if ((name_type2 != -1) && (name_type != name_type2)) {
1183 TALLOC_FREE(lmhost_name);
1184 continue;
1185 }
1186
1187 *return_iplist = SMB_REALLOC_ARRAY((*return_iplist),
1188 struct ip_service,
1189 (*return_count)+1);
1190
1191 if ((*return_iplist) == NULL) {
1192 TALLOC_FREE(ctx);
1193 endlmhosts(fp);
1194 DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
1195 return NT_STATUS_NO_MEMORY;
1196 }
1197
1198 (*return_iplist)[*return_count].ss = return_ss;
1199 (*return_iplist)[*return_count].port = PORT_NONE;
1200 *return_count += 1;
1201
1202 /* we found something */
1203 status = NT_STATUS_OK;
1204
1205 /* Multiple names only for DC lookup */
1206 if (name_type != 0x1c)
1207 break;
1208 }
1209
1210 TALLOC_FREE(ctx);
1211 endlmhosts(fp);
1212 return status;
1213 }
1214
1215
1216 /********************************************************
1217 Resolve via "hosts" method.
1218 *********************************************************/
1219
1220 static NTSTATUS resolve_hosts(const char *name, int name_type,
1221 struct ip_service **return_iplist,
1222 int *return_count)
1223 {
1224 /*
1225 * "host" means do a localhost, or dns lookup.
1226 */
1227 struct addrinfo hints;
1228 struct addrinfo *ailist = NULL;
1229 struct addrinfo *res = NULL;
1230 int ret = -1;
1231 int i = 0;
1232
1233 if ( name_type != 0x20 && name_type != 0x0) {
1234 DEBUG(5, ("resolve_hosts: not appropriate "
1235 "for name type <0x%x>\n",
1236 name_type));
1237 return NT_STATUS_INVALID_PARAMETER;
1238 }
1239
1240 *return_iplist = NULL;
1241 *return_count = 0;
1242
1243 DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1244 name, name_type));
1245
1246 ZERO_STRUCT(hints);
1247 /* By default make sure it supports TCP. */
1248 hints.ai_socktype = SOCK_STREAM;
1249 hints.ai_flags = AI_ADDRCONFIG;
1250
1251 #if !defined(HAVE_IPV6)
1252 /* Unless we have IPv6, we really only want IPv4 addresses back. */
1253 hints.ai_family = AF_INET;
1254 #endif
1255
1256 ret = getaddrinfo(name,
1257 NULL,
1258 &hints,
1259 &ailist);
1260 if (ret) {
1261 DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1262 name,
1263 gai_strerror(ret) ));
1264 }
1265
1266 for (res = ailist; res; res = res->ai_next) {
1267 struct sockaddr_storage ss;
1268
1269 if (!res->ai_addr || res->ai_addrlen == 0) {
1270 continue;
1271 }
1272
1273 ZERO_STRUCT(ss);
1274 memcpy(&ss, res->ai_addr, res->ai_addrlen);
1275
1276 *return_count += 1;
1277
1278 *return_iplist = SMB_REALLOC_ARRAY(*return_iplist,
1279 struct ip_service,
1280 *return_count);
1281 if (!*return_iplist) {
1282 DEBUG(3,("resolve_hosts: malloc fail !\n"));
1283 freeaddrinfo(ailist);
1284 return NT_STATUS_NO_MEMORY;
1285 }
1286 (*return_iplist)[i].ss = ss;
1287 (*return_iplist)[i].port = PORT_NONE;
1288 i++;
1289 }
1290 if (ailist) {
1291 freeaddrinfo(ailist);
1292 }
1293 if (*return_count) {
1294 return NT_STATUS_OK;
1295 }
1296 return NT_STATUS_UNSUCCESSFUL;
1297 }
1298
1299 /********************************************************
1300 Resolve via "ADS" method.
1301 *********************************************************/
1302
1303 static NTSTATUS resolve_ads(const char *name,
1304 int name_type,
1305 const char *sitename,
1306 struct ip_service **return_iplist,
1307 int *return_count)
1308 {
1309 int i, j;
1310 NTSTATUS status;
1311 TALLOC_CTX *ctx;
1312 struct dns_rr_srv *dcs = NULL;
1313 int numdcs = 0;
1314 int numaddrs = 0;
1315
1316 if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1317 (name_type != 0x1b)) {
1318 return NT_STATUS_INVALID_PARAMETER;
1319 }
1320
1321 if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1322 DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1323 return NT_STATUS_NO_MEMORY;
1324 }
1325
1326 /* The DNS code needs fixing to find IPv6 addresses... JRA. */
1327
1328 switch (name_type) {
1329 case 0x1b:
1330 DEBUG(5,("resolve_ads: Attempting to resolve "
1331 "PDC for %s using DNS\n", name));
1332 status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1333 break;
1334
1335 case 0x1c:
1336 DEBUG(5,("resolve_ads: Attempting to resolve "
1337 "DCs for %s using DNS\n", name));
1338 status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1339 &numdcs);
1340 break;
1341 case KDC_NAME_TYPE:
1342 DEBUG(5,("resolve_ads: Attempting to resolve "
1343 "KDCs for %s using DNS\n", name));
1344 status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1345 &numdcs);
1346 break;
1347 default:
1348 status = NT_STATUS_INVALID_PARAMETER;
1349 break;
1350 }
1351
1352 if ( !NT_STATUS_IS_OK( status ) ) {
1353 talloc_destroy(ctx);
1354 return status;
1355 }
1356
1357 for (i=0;i<numdcs;i++) {
1358 numaddrs += MAX(dcs[i].num_ips,1);
1359 }
1360
1361 if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1362 NULL ) {
1363 DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1364 numaddrs ));
1365 talloc_destroy(ctx);
1366 return NT_STATUS_NO_MEMORY;
1367 }
1368
1369 /* now unroll the list of IP addresses */
1370
1371 *return_count = 0;
1372 i = 0;
1373 j = 0;
1374 while ( i < numdcs && (*return_count<numaddrs) ) {
1375 struct ip_service *r = &(*return_iplist)[*return_count];
1376
1377 r->port = dcs[i].port;
1378
1379 /* If we don't have an IP list for a name, lookup it up */
1380
1381 if (!dcs[i].ss_s) {
1382 interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1383 i++;
1384 j = 0;
1385 } else {
1386 /* use the IP addresses from the SRV sresponse */
1387
1388 if ( j >= dcs[i].num_ips ) {
1389 i++;
1390 j = 0;
1391 continue;
1392 }
1393
1394 r->ss = dcs[i].ss_s[j];
1395 j++;
1396 }
1397
1398 /* make sure it is a valid IP. I considered checking the
1399 * negative connection cache, but this is the wrong place
1400 * for it. Maybe only as a hack. After think about it, if
1401 * all of the IP addresses returned from DNS are dead, what
1402 * hope does a netbios name lookup have ? The standard reason
1403 * for falling back to netbios lookups is that our DNS server
1404 * doesn't know anything about the DC's -- jerry */
1405
1406 if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1407 (*return_count)++;
1408 }
1409 }
1410
1411 talloc_destroy(ctx);
1412 return NT_STATUS_OK;
1413 }
1414
1415 /*******************************************************************
1416 Internal interface to resolve a name into an IP address.
1417 Use this function if the string is either an IP address, DNS
1418 or host name or NetBIOS name. This uses the name switch in the
1419 smb.conf to determine the order of name resolution.
1420
1421 Added support for ip addr/port to support ADS ldap servers.
1422 the only place we currently care about the port is in the
1423 resolve_hosts() when looking up DC's via SRV RR entries in DNS
1424 **********************************************************************/
1425
1426 NTSTATUS internal_resolve_name(const char *name,
1427 int name_type,
1428 const char *sitename,
1429 struct ip_service **return_iplist,
1430 int *return_count,
1431 const char *resolve_order)
1432 {
1433 char *tok;
1434 const char *ptr;
1435 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1436 int i;
1437 TALLOC_CTX *frame = NULL;
1438
1439 *return_iplist = NULL;
1440 *return_count = 0;
1441
1442 DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1443 name, name_type, sitename ? sitename : NULL));
1444
1445 if (is_ipaddress(name)) {
1446 if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1447 NULL) {
1448 DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1449 return NT_STATUS_NO_MEMORY;
1450 }
1451
1452 /* ignore the port here */
1453 (*return_iplist)->port = PORT_NONE;
1454
1455 /* if it's in the form of an IP address then get the lib to interpret it */
1456 if (!interpret_string_addr(&(*return_iplist)->ss,
1457 name, AI_NUMERICHOST)) {
1458 DEBUG(1,("internal_resolve_name: interpret_string_addr "
1459 "failed on %s\n",
1460 name));
1461 SAFE_FREE(*return_iplist);
1462 return NT_STATUS_INVALID_PARAMETER;
1463 }
1464 *return_count = 1;
1465 return NT_STATUS_OK;
1466 }
1467
1468 /* Check name cache */
1469
1470 if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1471 /* This could be a negative response */
1472 if (*return_count > 0) {
1473 return NT_STATUS_OK;
1474 } else {
1475 return NT_STATUS_UNSUCCESSFUL;
1476 }
1477 }
1478
1479 /* set the name resolution order */
1480
1481 if (strcmp( resolve_order, "NULL") == 0) {
1482 DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1483 return NT_STATUS_INVALID_PARAMETER;
1484 }
1485
1486 if (!resolve_order[0]) {
1487 ptr = "host";
1488 } else {
1489 ptr = resolve_order;
1490 }
1491
1492 /* iterate through the name resolution backends */
1493
1494 frame = talloc_stackframe();
1495 while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1496 if((strequal(tok, "host") || strequal(tok, "hosts"))) {
1497 status = resolve_hosts(name, name_type, return_iplist,
1498 return_count);
1499 if (NT_STATUS_IS_OK(status)) {
1500 goto done;
1501 }
1502 } else if(strequal( tok, "kdc")) {
1503 /* deal with KDC_NAME_TYPE names here.
1504 * This will result in a SRV record lookup */
1505 status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1506 return_iplist, return_count);
1507 if (NT_STATUS_IS_OK(status)) {
1508 /* Ensure we don't namecache
1509 * this with the KDC port. */
1510 name_type = KDC_NAME_TYPE;
1511 goto done;
1512 }
1513 } else if(strequal( tok, "ads")) {
1514 /* deal with 0x1c and 0x1b names here.
1515 * This will result in a SRV record lookup */
1516 status = resolve_ads(name, name_type, sitename,
1517 return_iplist, return_count);
1518 if (NT_STATUS_IS_OK(status)) {
1519 goto done;
1520 }
1521 } else if(strequal( tok, "lmhosts")) {
1522 status = resolve_lmhosts(name, name_type,
1523 return_iplist, return_count);
1524 if (NT_STATUS_IS_OK(status)) {
1525 goto done;
1526 }
1527 } else if(strequal( tok, "wins")) {
1528 /* don't resolve 1D via WINS */
1529 if (name_type != 0x1D) {
1530 status = resolve_wins(name, name_type,
1531 return_iplist,
1532 return_count);
1533 if (NT_STATUS_IS_OK(status)) {
1534 goto done;
1535 }
1536 }
1537 } else if(strequal( tok, "bcast")) {
1538 status = name_resolve_bcast(name, name_type,
1539 return_iplist,
1540 return_count);
1541 if (NT_STATUS_IS_OK(status)) {
1542 goto done;
1543 }
1544 } else {
1545 DEBUG(0,("resolve_name: unknown name switch type %s\n",
1546 tok));
1547 }
1548 }
1549
1550 /* All of the resolve_* functions above have returned false. */
1551
1552 TALLOC_FREE(frame);
1553 SAFE_FREE(*return_iplist);
1554 *return_count = 0;
1555
1556 return NT_STATUS_UNSUCCESSFUL;
1557
1558 done:
1559
1560 /* Remove duplicate entries. Some queries, notably #1c (domain
1561 controllers) return the PDC in iplist[0] and then all domain
1562 controllers including the PDC in iplist[1..n]. Iterating over
1563 the iplist when the PDC is down will cause two sets of timeouts. */
1564
1565 if ( *return_count ) {
1566 *return_count = remove_duplicate_addrs2(*return_iplist,
1567 *return_count );
1568 }
1569
1570 /* Save in name cache */
1571 if ( DEBUGLEVEL >= 100 ) {
1572 for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1573 char addr[INET6_ADDRSTRLEN];
1574 print_sockaddr(addr, sizeof(addr),
1575 &(*return_iplist)[i].ss);
1576 DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1577 name,
1578 name_type,
1579 addr,
1580 (*return_iplist)[i].port));
1581 }
1582 }
1583
1584 namecache_store(name, name_type, *return_count, *return_iplist);
1585
1586 /* Display some debugging info */
1587
1588 if ( DEBUGLEVEL >= 10 ) {
1589 DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1590 *return_count));
1591
1592 for (i = 0; i < *return_count; i++) {
1593 char addr[INET6_ADDRSTRLEN];
1594 print_sockaddr(addr, sizeof(addr),
1595 &(*return_iplist)[i].ss);
1596 DEBUGADD(10, ("%s:%d ",
1597 addr,
1598 (*return_iplist)[i].port));
1599 }
1600 DEBUG(10, ("\n"));
1601 }
1602
1603 TALLOC_FREE(frame);
1604 return status;
1605 }
1606
1607 /********************************************************
1608 Internal interface to resolve a name into one IP address.
1609 Use this function if the string is either an IP address, DNS
1610 or host name or NetBIOS name. This uses the name switch in the
1611 smb.conf to determine the order of name resolution.
1612 *********************************************************/
1613
1614 bool resolve_name(const char *name,
1615 struct sockaddr_storage *return_ss,
1616 int name_type)
1617 {
1618 struct ip_service *ss_list = NULL;
1619 char *sitename = NULL;
1620 int count = 0;
1621
1622 if (is_ipaddress(name)) {
1623 return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1624 }
1625
1626 sitename = sitename_fetch(lp_realm()); /* wild guess */
1627
1628 if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1629 &ss_list, &count,
1630 lp_name_resolve_order()))) {
1631 int i;
1632
1633 /* only return valid addresses for TCP connections */
1634 for (i=0; i<count; i++) {
1635 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1636 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1637 *return_ss = ss_list[i].ss;
1638 SAFE_FREE(ss_list);
1639 SAFE_FREE(sitename);
1640 return True;
1641 }
1642 }
1643 }
1644
1645 SAFE_FREE(ss_list);
1646 SAFE_FREE(sitename);
1647 return False;
1648 }
1649
1650 /********************************************************
1651 Internal interface to resolve a name into a list of IP addresses.
1652 Use this function if the string is either an IP address, DNS
1653 or host name or NetBIOS name. This uses the name switch in the
1654 smb.conf to determine the order of name resolution.
1655 *********************************************************/
1656
1657 NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1658 const char *name,
1659 int name_type,
1660 struct sockaddr_storage **return_ss_arr,
1661 unsigned int *p_num_entries)
1662 {
1663 struct ip_service *ss_list = NULL;
1664 char *sitename = NULL;
1665 int count = 0;
1666 int i;
1667 unsigned int num_entries;
1668 NTSTATUS status;
1669
1670 *p_num_entries = 0;
1671 *return_ss_arr = NULL;
1672
1673 if (is_ipaddress(name)) {
1674 *return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1675 if (!*return_ss_arr) {
1676 return NT_STATUS_NO_MEMORY;
1677 }
1678 if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1679 TALLOC_FREE(*return_ss_arr);
1680 return NT_STATUS_BAD_NETWORK_NAME;
1681 }
1682 *p_num_entries = 1;
1683 return NT_STATUS_OK;
1684 }
1685
1686 sitename = sitename_fetch(lp_realm()); /* wild guess */
1687
1688 status = internal_resolve_name(name, name_type, sitename,
1689 &ss_list, &count,
1690 lp_name_resolve_order());
1691 SAFE_FREE(sitename);
1692
1693 if (!NT_STATUS_IS_OK(status)) {
1694 return status;
1695 }
1696
1697 /* only return valid addresses for TCP connections */
1698 for (i=0, num_entries = 0; i<count; i++) {
1699 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1700 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1701 num_entries++;
1702 }
1703 }
1704 if (num_entries == 0) {
1705 SAFE_FREE(ss_list);
1706 return NT_STATUS_BAD_NETWORK_NAME;
1707 }
1708
1709 *return_ss_arr = TALLOC_ARRAY(ctx,
1710 struct sockaddr_storage,
1711 num_entries);
1712 if (!(*return_ss_arr)) {
1713 SAFE_FREE(ss_list);
1714 return NT_STATUS_NO_MEMORY;
1715 }
1716
1717 for (i=0, num_entries = 0; i<count; i++) {
1718 if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1719 !is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1720 (*return_ss_arr)[num_entries++] = ss_list[i].ss;
1721 }
1722 }
1723
1724 status = NT_STATUS_OK;
1725 *p_num_entries = num_entries;
1726
1727 SAFE_FREE(ss_list);
1728 return NT_STATUS_OK;
1729 }
1730
1731 /********************************************************
1732 Find the IP address of the master browser or DMB for a workgroup.
1733 *********************************************************/
1734
1735 bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
1736 {
1737 struct ip_service *ip_list = NULL;
1738 int count = 0;
1739 NTSTATUS status;
1740
1741 if (lp_disable_netbios()) {
1742 DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1743 return false;
1744 }
1745
1746 status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1747 lp_name_resolve_order());
1748 if (NT_STATUS_IS_OK(status)) {
1749 *master_ss = ip_list[0].ss;
1750 SAFE_FREE(ip_list);
1751 return true;
1752 }
1753
1754 status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1755 lp_name_resolve_order());
1756 if (NT_STATUS_IS_OK(status)) {
1757 *master_ss = ip_list[0].ss;
1758 SAFE_FREE(ip_list);
1759 return true;
1760 }
1761
1762 SAFE_FREE(ip_list);
1763 return false;
1764 }
1765
1766 /********************************************************
1767 Get the IP address list of the primary domain controller
1768 for a domain.
1769 *********************************************************/
1770
1771 bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
1772 {
1773 struct ip_service *ip_list = NULL;
1774 int count = 0;
1775 NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1776
1777 /* Look up #1B name */
1778
1779 if (lp_security() == SEC_ADS) {
1780 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1781 &count, "ads");
1782 }
1783
1784 if (!NT_STATUS_IS_OK(status) || count == 0) {
1785 status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1786 &count,
1787 lp_name_resolve_order());
1788 if (!NT_STATUS_IS_OK(status)) {
1789 return false;
1790 }
1791 }
1792
1793 /* if we get more than 1 IP back we have to assume it is a
1794 multi-homed PDC and not a mess up */
1795
1796 if ( count > 1 ) {
1797 DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1798 sort_service_list(ip_list, count);
1799 }
1800
1801 *pss = ip_list[0].ss;
1802 SAFE_FREE(ip_list);
1803 return true;
1804 }
1805
1806 /* Private enum type for lookups. */
1807
1808 enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1809
1810 /********************************************************
1811 Get the IP address list of the domain controllers for
1812 a domain.
1813 *********************************************************/
1814
1815 static NTSTATUS get_dc_list(const char *domain,
1816 const char *sitename,
1817 struct ip_service **ip_list,
1818 int *count,
1819 enum dc_lookup_type lookup_type,
1820 bool *ordered)
1821 {
1822 char *resolve_order = NULL;
1823 char *saf_servername = NULL;
1824 char *pserver = NULL;
1825 const char *p;
1826 char *port_str = NULL;
1827 int port;
1828 char *name;
1829 int num_addresses = 0;
1830 int local_count, i, j;
1831 struct ip_service *return_iplist = NULL;
1832 struct ip_service *auto_ip_list = NULL;
1833 bool done_auto_lookup = false;
1834 int auto_count = 0;
1835 NTSTATUS status;
1836 TALLOC_CTX *ctx = talloc_init("get_dc_list");
1837
1838 *ip_list = NULL;
1839 *count = 0;
1840
1841 if (!ctx) {
1842 return NT_STATUS_NO_MEMORY;
1843 }
1844
1845 *ordered = False;
1846
1847 /* if we are restricted to solely using DNS for looking
1848 up a domain controller, make sure that host lookups
1849 are enabled for the 'name resolve order'. If host lookups
1850 are disabled and ads_only is True, then set the string to
1851 NULL. */
1852
1853 resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1854 if (!resolve_order) {
1855 status = NT_STATUS_NO_MEMORY;
1856 goto out;
1857 }
1858 strlower_m(resolve_order);
1859 if (lookup_type == DC_ADS_ONLY) {
1860 if (strstr( resolve_order, "host")) {
1861 resolve_order = talloc_strdup(ctx, "ads");
1862
1863 /* DNS SRV lookups used by the ads resolver
1864 are already sorted by priority and weight */
1865 *ordered = true;
1866 } else {
1867 resolve_order = talloc_strdup(ctx, "NULL");
1868 }
1869 } else if (lookup_type == DC_KDC_ONLY) {
1870 /* DNS SRV lookups used by the ads/kdc resolver
1871 are already sorted by priority and weight */
1872 *ordered = true;
1873 resolve_order = talloc_strdup(ctx, "kdc");
1874 }
1875 if (!resolve_order) {
1876 status = NT_STATUS_NO_MEMORY;
1877 goto out;
1878 }
1879
1880 /* fetch the server we have affinity for. Add the
1881 'password server' list to a search for our domain controllers */
1882
1883 saf_servername = saf_fetch( domain);
1884
1885 if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
1886 pserver = talloc_asprintf(NULL, "%s, %s",
1887 saf_servername ? saf_servername : "",
1888 lp_passwordserver());
1889 } else {
1890 pserver = talloc_asprintf(NULL, "%s, *",
1891 saf_servername ? saf_servername : "");
1892 }
1893
1894 SAFE_FREE(saf_servername);
1895 if (!pserver) {
1896 status = NT_STATUS_NO_MEMORY;
1897 goto out;
1898 }
1899
1900 /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1901
1902 if (!*pserver ) {
1903 DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1904 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1905 count, resolve_order);
1906 goto out;
1907 }
1908
1909 DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1910
1911 /*
1912 * if '*' appears in the "password server" list then add
1913 * an auto lookup to the list of manually configured
1914 * DC's. If any DC is listed by name, then the list should be
1915 * considered to be ordered
1916 */
1917
1918 p = pserver;
1919 while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1920 if (!done_auto_lookup && strequal(name, "*")) {
1921 status = internal_resolve_name(domain, 0x1C, sitename,
1922 &auto_ip_list,
1923 &auto_count,
1924 resolve_order);
1925 if (NT_STATUS_IS_OK(status)) {
1926 num_addresses += auto_count;
1927 }
1928 done_auto_lookup = true;
1929 DEBUG(8,("Adding %d DC's from auto lookup\n",
1930 auto_count));
1931 } else {
1932 num_addresses++;
1933 }
1934 }
1935
1936 /* if we have no addresses and haven't done the auto lookup, then
1937 just return the list of DC's. Or maybe we just failed. */
1938
1939 if ((num_addresses == 0)) {
1940 if (done_auto_lookup) {
1941 DEBUG(4,("get_dc_list: no servers found\n"));
1942 status = NT_STATUS_NO_LOGON_SERVERS;
1943 goto out;
1944 }
1945 status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1946 count, resolve_order);
1947 goto out;
1948 }
1949
1950 if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1951 num_addresses)) == NULL) {
1952 DEBUG(3,("get_dc_list: malloc fail !\n"));
1953 status = NT_STATUS_NO_MEMORY;
1954 goto out;
1955 }
1956
1957 p = pserver;
1958 local_count = 0;
1959
1960 /* fill in the return list now with real IP's */
1961
1962 while ((local_count<num_addresses) &&
1963 next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1964 struct sockaddr_storage name_ss;
1965
1966 /* copy any addersses from the auto lookup */
1967
1968 if (strequal(name, "*")) {
1969 for (j=0; j<auto_count; j++) {
1970 char addr[INET6_ADDRSTRLEN];
1971 print_sockaddr(addr,
1972 sizeof(addr),
1973 &auto_ip_list[j].ss);
1974 /* Check for and don't copy any
1975 * known bad DC IP's. */
1976 if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1977 domain,
1978 addr))) {
1979 DEBUG(5,("get_dc_list: "
1980 "negative entry %s removed "
1981 "from DC list\n",
1982 addr));
1983 continue;
1984 }
1985 return_iplist[local_count].ss =
1986 auto_ip_list[j].ss;
1987 return_iplist[local_count].port =
1988 auto_ip_list[j].port;
1989 local_count++;
1990 }
1991 continue;
1992 }
1993
1994 /* added support for address:port syntax for ads
1995 * (not that I think anyone will ever run the LDAP
1996 * server in an AD domain on something other than
1997 * port 389 */
1998
1999 port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
2000 if ((port_str=strchr(name, ':')) != NULL) {
2001 *port_str = '\0';
2002 port_str++;
2003 port = atoi(port_str);
2004 }
2005
2006 /* explicit lookup; resolve_name() will
2007 * handle names & IP addresses */
2008 if (resolve_name( name, &name_ss, 0x20 )) {
2009 char addr[INET6_ADDRSTRLEN];
2010 print_sockaddr(addr,
2011 sizeof(addr),
2012 &name_ss);
2013
2014 /* Check for and don't copy any known bad DC IP's. */
2015 if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
2016 addr)) ) {
2017 DEBUG(5,("get_dc_list: negative entry %s "
2018 "removed from DC list\n",
2019 name ));
2020 continue;
2021 }
2022
2023 return_iplist[local_count].ss = name_ss;
2024 return_iplist[local_count].port = port;
2025 local_count++;
2026 *ordered = true;
2027 }
2028 }
2029
2030 /* need to remove duplicates in the list if we have any
2031 explicit password servers */
2032
2033 if (local_count) {
2034 local_count = remove_duplicate_addrs2(return_iplist,
2035 local_count );
2036 }
2037
2038 if ( DEBUGLEVEL >= 4 ) {
2039 DEBUG(4,("get_dc_list: returning %d ip addresses "
2040 "in an %sordered list\n",
2041 local_count,
2042 *ordered ? "":"un"));
2043 DEBUG(4,("get_dc_list: "));
2044 for ( i=0; i<local_count; i++ ) {
2045 char addr[INET6_ADDRSTRLEN];
2046 print_sockaddr(addr,
2047 sizeof(addr),
2048 &return_iplist[i].ss);
2049 DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2050 }
2051 DEBUGADD(4,("\n"));
2052 }
2053
2054 *ip_list = return_iplist;
2055 *count = local_count;
2056
2057 status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2058
2059 out:
2060
2061 if (!NT_STATUS_IS_OK(status)) {
2062 SAFE_FREE(return_iplist);
2063 *ip_list = NULL;
2064 *count = 0;
2065 }
2066
2067 SAFE_FREE(auto_ip_list);
2068 TALLOC_FREE(ctx);
2069 return status;
2070 }
2071
2072 /*********************************************************************
2073 Small wrapper function to get the DC list and sort it if neccessary.
2074 *********************************************************************/
2075
2076 NTSTATUS get_sorted_dc_list( const char *domain,
2077 const char *sitename,
2078 struct ip_service **ip_list,
2079 int *count,
2080 bool ads_only )
2081 {
2082 bool ordered;
2083 NTSTATUS status;
2084 enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2085
2086 *ip_list = NULL;
2087 *count = 0;
2088
2089 DEBUG(8,("get_sorted_dc_list: attempting lookup "
2090 "for name %s (sitename %s) using [%s]\n",
2091 domain,
2092 sitename ? sitename : "NULL",
2093 (ads_only ? "ads" : lp_name_resolve_order())));
2094
2095 if (ads_only) {
2096 lookup_type = DC_ADS_ONLY;
2097 }
2098
2099 status = get_dc_list(domain, sitename, ip_list,
2100 count, lookup_type, &ordered);
2101 if (!NT_STATUS_IS_OK(status)) {
2102 SAFE_FREE(*ip_list);
2103 *count = 0;
2104 return status;
2105 }
2106
2107 /* only sort if we don't already have an ordered list */
2108 if (!ordered) {
2109 sort_service_list(*ip_list, *count);
2110 }
2111
2112 return NT_STATUS_OK;
2113 }
2114
2115 /*********************************************************************
2116 Get the KDC list - re-use all the logic in get_dc_list.
2117 *********************************************************************/
2118
2119 NTSTATUS get_kdc_list( const char *realm,
2120 const char *sitename,
2121 struct ip_service **ip_list,
2122 int *count)
2123 {
2124 bool ordered;
2125 NTSTATUS status;
2126
2127 *count = 0;
2128 *ip_list = NULL;
2129
2130 status = get_dc_list(realm, sitename, ip_list,
2131 count, DC_KDC_ONLY, &ordered);
2132
2133 if (!NT_STATUS_IS_OK(status)) {
2134 SAFE_FREE(*ip_list);
2135 *count = 0;
2136 return status;
2137 }
2138
2139 /* only sort if we don't already have an ordered list */
2140 if ( !ordered ) {
2141 sort_service_list(*ip_list, *count);
2142 }
2143
2144 return NT_STATUS_OK;
2145 }
Proof-of-concept samba4 based caching proxy