Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.5.x/source3/libsmb/namequery.c@ 734

Visit:

Last change on this file since 734 was 414, checked in by Herwig Bauernfeind, 15 years ago
Samba 3.5.0: Initial import
File size: 51.4 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	name query routines
4	Copyright (C) Andrew Tridgell 1994-1998
5	Copyright (C) Jeremy Allison 2007.
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22
23	/* nmbd.c sets this to True. */
24	bool global_in_nmbd = False;
25
26	/****************************
27	* SERVER AFFINITY ROUTINES *
28	****************************/
29
30	/* Server affinity is the concept of preferring the last domain
31	controller with whom you had a successful conversation */
32
33	/****************************************************************************
34	****************************************************************************/
35	#define SAFKEY_FMT "SAF/DOMAIN/%s"
36	#define SAF_TTL 900
37	#define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
38	#define SAFJOIN_TTL 3600
39
40	static char saf_key(const char domain)
41	{
42	char *keystr;
43
44	asprintf_strupper_m(&keystr, SAFKEY_FMT, domain);
45
46	return keystr;
47	}
48
49	static char saf_join_key(const char domain)
50	{
51	char *keystr;
52
53	asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
54
55	return keystr;
56	}
57
58	/****************************************************************************
59	****************************************************************************/
60
61	bool saf_store( const char domain, const char servername )
62	{
63	char *key;
64	time_t expire;
65	bool ret = False;
66
67	if ( !domain \|\| !servername ) {
68	DEBUG(2,("saf_store: "
69	"Refusing to store empty domain or servername!\n"));
70	return False;
71	}
72
73	if ( (strlen(domain) == 0) \|\| (strlen(servername) == 0) ) {
74	DEBUG(0,("saf_store: "
75	"refusing to store 0 length domain or servername!\n"));
76	return False;
77	}
78
79	key = saf_key( domain );
80	expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
81
82	DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
83	domain, servername, (unsigned int)expire ));
84
85	ret = gencache_set( key, servername, expire );
86
87	SAFE_FREE( key );
88
89	return ret;
90	}
91
92	bool saf_join_store( const char domain, const char servername )
93	{
94	char *key;
95	time_t expire;
96	bool ret = False;
97
98	if ( !domain \|\| !servername ) {
99	DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
100	return False;
101	}
102
103	if ( (strlen(domain) == 0) \|\| (strlen(servername) == 0) ) {
104	DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
105	return False;
106	}
107
108	key = saf_join_key( domain );
109	expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
110
111	DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
112	domain, servername, (unsigned int)expire ));
113
114	ret = gencache_set( key, servername, expire );
115
116	SAFE_FREE( key );
117
118	return ret;
119	}
120
121	bool saf_delete( const char *domain )
122	{
123	char *key;
124	bool ret = False;
125
126	if ( !domain ) {
127	DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
128	return False;
129	}
130
131	key = saf_join_key(domain);
132	ret = gencache_del(key);
133	SAFE_FREE(key);
134
135	if (ret) {
136	DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
137	}
138
139	key = saf_key(domain);
140	ret = gencache_del(key);
141	SAFE_FREE(key);
142
143	if (ret) {
144	DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
145	}
146
147	return ret;
148	}
149
150	/****************************************************************************
151	****************************************************************************/
152
153	char saf_fetch( const char domain )
154	{
155	char *server = NULL;
156	time_t timeout;
157	bool ret = False;
158	char *key = NULL;
159
160	if ( !domain \|\| strlen(domain) == 0) {
161	DEBUG(2,("saf_fetch: Empty domain name!\n"));
162	return NULL;
163	}
164
165	key = saf_join_key( domain );
166
167	ret = gencache_get( key, &server, &timeout );
168
169	SAFE_FREE( key );
170
171	if ( ret ) {
172	DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
173	server, domain ));
174	return server;
175	}
176
177	key = saf_key( domain );
178
179	ret = gencache_get( key, &server, &timeout );
180
181	SAFE_FREE( key );
182
183	if ( !ret ) {
184	DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
185	domain ));
186	} else {
187	DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
188	server, domain ));
189	}
190
191	return server;
192	}
193
194	/****************************************************************************
195	Generate a random trn_id.
196	****************************************************************************/
197
198	static int generate_trn_id(void)
199	{
200	uint16 id;
201
202	generate_random_buffer((uint8 *)&id, sizeof(id));
203
204	return id % (unsigned)0x7FFF;
205	}
206
207	/****************************************************************************
208	Parse a node status response into an array of structures.
209	****************************************************************************/
210
211	static NODE_STATUS_STRUCT parse_node_status(char p,
212	int *num_names,
213	struct node_status_extra *extra)
214	{
215	NODE_STATUS_STRUCT *ret;
216	int i;
217
218	*num_names = CVAL(p,0);
219
220	if (*num_names == 0)
221	return NULL;
222
223	ret = SMB_MALLOC_ARRAY(NODE_STATUS_STRUCT,*num_names);
224	if (!ret)
225	return NULL;
226
227	p++;
228	for (i=0;i< *num_names;i++) {
229	StrnCpy(ret[i].name,p,15);
230	trim_char(ret[i].name,'\0',' ');
231	ret[i].type = CVAL(p,15);
232	ret[i].flags = p[16];
233	p += 18;
234	DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
235	ret[i].type, ret[i].flags));
236	}
237	/*
238	* Also, pick up the MAC address ...
239	*/
240	if (extra) {
241	memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
242	}
243	return ret;
244	}
245
246
247	/****************************************************************************
248	Do a NBT node status query on an open socket and return an array of
249	structures holding the returned names or NULL if the query failed.
250	**************************************************************************/
251
252	NODE_STATUS_STRUCT *node_status_query(int fd,
253	struct nmb_name *name,
254	const struct sockaddr_storage *to_ss,
255	int *num_names,
256	struct node_status_extra *extra)
257	{
258	bool found=False;
259	int retries = 2;
260	int retry_time = 2000;
261	struct timeval tval;
262	struct packet_struct p;
263	struct packet_struct *p2;
264	struct nmb_packet *nmb = &p.packet.nmb;
265	NODE_STATUS_STRUCT *ret;
266
267	ZERO_STRUCT(p);
268
269	if (to_ss->ss_family != AF_INET) {
270	/* Can't do node status to IPv6 */
271	return NULL;
272	}
273	nmb->header.name_trn_id = generate_trn_id();
274	nmb->header.opcode = 0;
275	nmb->header.response = false;
276	nmb->header.nm_flags.bcast = false;
277	nmb->header.nm_flags.recursion_available = false;
278	nmb->header.nm_flags.recursion_desired = false;
279	nmb->header.nm_flags.trunc = false;
280	nmb->header.nm_flags.authoritative = false;
281	nmb->header.rcode = 0;
282	nmb->header.qdcount = 1;
283	nmb->header.ancount = 0;
284	nmb->header.nscount = 0;
285	nmb->header.arcount = 0;
286	nmb->question.question_name = *name;
287	nmb->question.question_type = 0x21;
288	nmb->question.question_class = 0x1;
289
290	p.ip = ((const struct sockaddr_in *)to_ss)->sin_addr;
291	p.port = NMB_PORT;
292	p.recv_fd = -1;
293	p.send_fd = fd;
294	p.timestamp = time(NULL);
295	p.packet_type = NMB_PACKET;
296
297	GetTimeOfDay(&tval);
298
299	if (!send_packet(&p))
300	return NULL;
301
302	retries--;
303
304	while (1) {
305	struct timeval tval2;
306	GetTimeOfDay(&tval2);
307	if (TvalDiff(&tval,&tval2) > retry_time) {
308	if (!retries)
309	break;
310	if (!found && !send_packet(&p))
311	return NULL;
312	GetTimeOfDay(&tval);
313	retries--;
314	}
315
316	if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
317	struct nmb_packet *nmb2 = &p2->packet.nmb;
318	debug_nmb_packet(p2);
319
320	if (nmb2->header.opcode != 0 \|\|
321	nmb2->header.nm_flags.bcast \|\|
322	nmb2->header.rcode \|\|
323	!nmb2->header.ancount \|\|
324	nmb2->answers->rr_type != 0x21) {
325	/* XXXX what do we do with this? could be a
326	redirect, but we'll discard it for the
327	moment */
328	free_packet(p2);
329	continue;
330	}
331
332	ret = parse_node_status(&nmb2->answers->rdata[0],
333	num_names, extra);
334	free_packet(p2);
335	return ret;
336	}
337	}
338
339	return NULL;
340	}
341
342	/****************************************************************************
343	Find the first type XX name in a node status reply - used for finding
344	a servers name given its IP. Return the matched name in *name.
345	**************************************************************************/
346
347	bool name_status_find(const char *q_name,
348	int q_type,
349	int type,
350	const struct sockaddr_storage *to_ss,
351	fstring name)
352	{
353	char addr[INET6_ADDRSTRLEN];
354	struct sockaddr_storage ss;
355	NODE_STATUS_STRUCT *status = NULL;
356	struct nmb_name nname;
357	int count, i;
358	int sock;
359	bool result = false;
360
361	if (lp_disable_netbios()) {
362	DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
363	q_name, q_type));
364	return False;
365	}
366
367	print_sockaddr(addr, sizeof(addr), to_ss);
368
369	DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
370	q_type, addr));
371
372	/* Check the cache first. */
373
374	if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
375	return True;
376	}
377
378	if (to_ss->ss_family != AF_INET) {
379	/* Can't do node status to IPv6 */
380	return false;
381	}
382
383	if (!interpret_string_addr(&ss, lp_socket_address(),
384	AI_NUMERICHOST\|AI_PASSIVE)) {
385	zero_sockaddr(&ss);
386	}
387
388	sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True);
389	if (sock == -1)
390	goto done;
391
392	/* W2K PDC's seem not to respond to ''#0. JRA /
393	make_nmb_name(&nname, q_name, q_type);
394	status = node_status_query(sock, &nname, to_ss, &count, NULL);
395	close(sock);
396	if (!status)
397	goto done;
398
399	for (i=0;i<count;i++) {
400	/* Find first one of the requested type that's not a GROUP. */
401	if (status[i].type == type && ! (status[i].flags & 0x80))
402	break;
403	}
404	if (i == count)
405	goto done;
406
407	pull_ascii_nstring(name, sizeof(fstring), status[i].name);
408
409	/* Store the result in the cache. */
410	/* but don't store an entry for 0x1c names here. Here we have
411	a single host and DOMAIN<0x1c> names should be a list of hosts */
412
413	if ( q_type != 0x1c ) {
414	namecache_status_store(q_name, q_type, type, to_ss, name);
415	}
416
417	result = true;
418
419	done:
420	SAFE_FREE(status);
421
422	DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
423
424	if (result)
425	DEBUGADD(10, (", name %s ip address is %s", name, addr));
426
427	DEBUG(10, ("\n"));
428
429	return result;
430	}
431
432	/*
433	comparison function used by sort_addr_list
434	*/
435
436	static int addr_compare(const struct sockaddr *ss1,
437	const struct sockaddr *ss2)
438	{
439	int max_bits1=0, max_bits2=0;
440	int num_interfaces = iface_count();
441	int i;
442
443	/* Sort IPv4 addresses first. */
444	if (ss1->sa_family != ss2->sa_family) {
445	if (ss2->sa_family == AF_INET) {
446	return 1;
447	} else {
448	return -1;
449	}
450	}
451
452	/* Here we know both addresses are of the same
453	* family. */
454
455	for (i=0;i<num_interfaces;i++) {
456	const struct sockaddr_storage *pss = iface_n_bcast(i);
457	unsigned char *p_ss1 = NULL;
458	unsigned char *p_ss2 = NULL;
459	unsigned char *p_if = NULL;
460	size_t len = 0;
461	int bits1, bits2;
462
463	if (pss->ss_family != ss1->sa_family) {
464	/* Ignore interfaces of the wrong type. */
465	continue;
466	}
467	if (pss->ss_family == AF_INET) {
468	p_if = (unsigned char *)
469	&((const struct sockaddr_in *)pss)->sin_addr;
470	p_ss1 = (unsigned char *)
471	&((const struct sockaddr_in *)ss1)->sin_addr;
472	p_ss2 = (unsigned char *)
473	&((const struct sockaddr_in *)ss2)->sin_addr;
474	len = 4;
475	}
476	#if defined(HAVE_IPV6)
477	if (pss->ss_family == AF_INET6) {
478	p_if = (unsigned char *)
479	&((const struct sockaddr_in6 *)pss)->sin6_addr;
480	p_ss1 = (unsigned char *)
481	&((const struct sockaddr_in6 *)ss1)->sin6_addr;
482	p_ss2 = (unsigned char *)
483	&((const struct sockaddr_in6 *)ss2)->sin6_addr;
484	len = 16;
485	}
486	#endif
487	if (!p_ss1 \|\| !p_ss2 \|\| !p_if \|\| len == 0) {
488	continue;
489	}
490	bits1 = matching_len_bits(p_ss1, p_if, len);
491	bits2 = matching_len_bits(p_ss2, p_if, len);
492	max_bits1 = MAX(bits1, max_bits1);
493	max_bits2 = MAX(bits2, max_bits2);
494	}
495
496	/* Bias towards directly reachable IPs */
497	if (iface_local(ss1)) {
498	if (ss1->sa_family == AF_INET) {
499	max_bits1 += 32;
500	} else {
501	max_bits1 += 128;
502	}
503	}
504	if (iface_local(ss2)) {
505	if (ss2->sa_family == AF_INET) {
506	max_bits2 += 32;
507	} else {
508	max_bits2 += 128;
509	}
510	}
511	return max_bits2 - max_bits1;
512	}
513
514	/*******************************************************************
515	compare 2 ldap IPs by nearness to our interfaces - used in qsort
516	*******************************************************************/
517
518	int ip_service_compare(struct ip_service ss1, struct ip_service ss2)
519	{
520	int result;
521
522	if ((result = addr_compare((struct sockaddr )&ss1->ss, (struct sockaddr )&ss2->ss)) != 0) {
523	return result;
524	}
525
526	if (ss1->port > ss2->port) {
527	return 1;
528	}
529
530	if (ss1->port < ss2->port) {
531	return -1;
532	}
533
534	return 0;
535	}
536
537	/*
538	sort an IP list so that names that are close to one of our interfaces
539	are at the top. This prevents the problem where a WINS server returns an IP
540	that is not reachable from our subnet as the first match
541	*/
542
543	static void sort_addr_list(struct sockaddr_storage *sslist, int count)
544	{
545	if (count <= 1) {
546	return;
547	}
548
549	qsort(sslist, count, sizeof(struct sockaddr_storage),
550	QSORT_CAST addr_compare);
551	}
552
553	static void sort_service_list(struct ip_service *servlist, int count)
554	{
555	if (count <= 1) {
556	return;
557	}
558
559	qsort(servlist, count, sizeof(struct ip_service),
560	QSORT_CAST ip_service_compare);
561	}
562
563	/**********************************************************************
564	Remove any duplicate address/port pairs in the list
565	*********************************************************************/
566
567	static int remove_duplicate_addrs2(struct ip_service *iplist, int count )
568	{
569	int i, j;
570
571	DEBUG(10,("remove_duplicate_addrs2: "
572	"looking for duplicate address/port pairs\n"));
573
574	/* one loop to remove duplicates */
575	for ( i=0; i<count; i++ ) {
576	if ( is_zero_addr((struct sockaddr *)&iplist[i].ss)) {
577	continue;
578	}
579
580	for ( j=i+1; j<count; j++ ) {
581	if (sockaddr_equal((struct sockaddr )&iplist[i].ss, (struct sockaddr )&iplist[j].ss) &&
582	iplist[i].port == iplist[j].port) {
583	zero_sockaddr(&iplist[j].ss);
584	}
585	}
586	}
587
588	/* one loop to clean up any holes we left */
589	/* first ip should never be a zero_ip() */
590	for (i = 0; i<count; ) {
591	if (is_zero_addr((struct sockaddr *)&iplist[i].ss) ) {
592	if (i != count-1) {
593	memmove(&iplist[i], &iplist[i+1],
594	(count - i - 1)*sizeof(iplist[i]));
595	}
596	count--;
597	continue;
598	}
599	i++;
600	}
601
602	return count;
603	}
604
605	static bool prioritize_ipv4_list(struct ip_service *iplist, int count)
606	{
607	TALLOC_CTX *frame = talloc_stackframe();
608	struct ip_service *iplist_new = TALLOC_ARRAY(frame, struct ip_service, count);
609	int i, j;
610
611	if (iplist_new == NULL) {
612	TALLOC_FREE(frame);
613	return false;
614	}
615
616	j = 0;
617
618	/* Copy IPv4 first. */
619	for (i = 0; i < count; i++) {
620	if (iplist[i].ss.ss_family == AF_INET) {
621	iplist_new[j++] = iplist[i];
622	}
623	}
624
625	/* Copy IPv6. */
626	for (i = 0; i < count; i++) {
627	if (iplist[i].ss.ss_family != AF_INET) {
628	iplist_new[j++] = iplist[i];
629	}
630	}
631
632	memcpy(iplist, iplist_new, sizeof(struct ip_service)*count);
633	TALLOC_FREE(frame);
634	return true;
635	}
636
637	/****************************************************************************
638	Do a netbios name query to find someones IP.
639	Returns an array of IP addresses or NULL if none.
640	*count will be set to the number of addresses returned.
641	*timed_out is set if we failed by timing out
642	****************************************************************************/
643
644	struct sockaddr_storage *name_query(int fd,
645	const char *name,
646	int name_type,
647	bool bcast,
648	bool recurse,
649	const struct sockaddr_storage *to_ss,
650	int *count,
651	int *flags,
652	bool *timed_out)
653	{
654	bool found=false;
655	int i, retries = 3;
656	int retry_time = bcast?250:2000;
657	struct timeval tval;
658	struct packet_struct p;
659	struct packet_struct *p2;
660	struct nmb_packet *nmb = &p.packet.nmb;
661	struct sockaddr_storage *ss_list = NULL;
662
663	if (lp_disable_netbios()) {
664	DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
665	name, name_type));
666	return NULL;
667	}
668
669	if (to_ss->ss_family != AF_INET) {
670	return NULL;
671	}
672
673	if (timed_out) {
674	*timed_out = false;
675	}
676
677	memset((char *)&p,'\0',sizeof(p));
678	(*count) = 0;
679	(*flags) = 0;
680
681	nmb->header.name_trn_id = generate_trn_id();
682	nmb->header.opcode = 0;
683	nmb->header.response = false;
684	nmb->header.nm_flags.bcast = bcast;
685	nmb->header.nm_flags.recursion_available = false;
686	nmb->header.nm_flags.recursion_desired = recurse;
687	nmb->header.nm_flags.trunc = false;
688	nmb->header.nm_flags.authoritative = false;
689	nmb->header.rcode = 0;
690	nmb->header.qdcount = 1;
691	nmb->header.ancount = 0;
692	nmb->header.nscount = 0;
693	nmb->header.arcount = 0;
694
695	make_nmb_name(&nmb->question.question_name,name,name_type);
696
697	nmb->question.question_type = 0x20;
698	nmb->question.question_class = 0x1;
699
700	p.ip = ((struct sockaddr_in *)to_ss)->sin_addr;
701	p.port = NMB_PORT;
702	p.recv_fd = -1;
703	p.send_fd = fd;
704	p.timestamp = time(NULL);
705	p.packet_type = NMB_PACKET;
706
707	GetTimeOfDay(&tval);
708
709	if (!send_packet(&p))
710	return NULL;
711
712	retries--;
713
714	while (1) {
715	struct timeval tval2;
716
717	GetTimeOfDay(&tval2);
718	if (TvalDiff(&tval,&tval2) > retry_time) {
719	if (!retries)
720	break;
721	if (!found && !send_packet(&p))
722	return NULL;
723	GetTimeOfDay(&tval);
724	retries--;
725	}
726
727	if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {
728	struct nmb_packet *nmb2 = &p2->packet.nmb;
729	debug_nmb_packet(p2);
730
731	/* If we get a Negative Name Query Response from a WINS
732	* server, we should report it and give up.
733	*/
734	if( 0 == nmb2->header.opcode /* A query response */
735	&& !(bcast) /* from a WINS server */
736	&& nmb2->header.rcode /* Error returned */
737	) {
738
739	if( DEBUGLVL( 3 ) ) {
740	/* Only executed if DEBUGLEVEL >= 3 */
741	dbgtext( "Negative name query "
742	"response, rcode 0x%02x: ",
743	nmb2->header.rcode );
744	switch( nmb2->header.rcode ) {
745	case 0x01:
746	dbgtext( "Request "
747	"was invalidly formatted.\n" );
748	break;
749	case 0x02:
750	dbgtext( "Problem with NBNS, "
751	"cannot process name.\n");
752	break;
753	case 0x03:
754	dbgtext( "The name requested "
755	"does not exist.\n" );
756	break;
757	case 0x04:
758	dbgtext( "Unsupported request "
759	"error.\n" );
760	break;
761	case 0x05:
762	dbgtext( "Query refused "
763	"error.\n" );
764	break;
765	default:
766	dbgtext( "Unrecognized error "
767	"code.\n" );
768	break;
769	}
770	}
771	free_packet(p2);
772	return( NULL );
773	}
774
775	if (nmb2->header.opcode != 0 \|\|
776	nmb2->header.nm_flags.bcast \|\|
777	nmb2->header.rcode \|\|
778	!nmb2->header.ancount) {
779	/*
780	* XXXX what do we do with this? Could be a
781	* redirect, but we'll discard it for the
782	* moment.
783	*/
784	free_packet(p2);
785	continue;
786	}
787
788	ss_list = SMB_REALLOC_ARRAY(ss_list,
789	struct sockaddr_storage,
790	(*count) +
791	nmb2->answers->rdlength/6);
792
793	if (!ss_list) {
794	DEBUG(0,("name_query: Realloc failed.\n"));
795	free_packet(p2);
796	return NULL;
797	}
798
799	DEBUG(2,("Got a positive name query response "
800	"from %s ( ",
801	inet_ntoa(p2->ip)));
802
803	for (i=0;i<nmb2->answers->rdlength/6;i++) {
804	struct in_addr ip;
805	putip((char )&ip,&nmb2->answers->rdata[2+i6]);
806	in_addr_to_sockaddr_storage(&ss_list[(*count)],
807	ip);
808	DEBUGADD(2,("%s ",inet_ntoa(ip)));
809	(*count)++;
810	}
811	DEBUGADD(2,(")\n"));
812
813	found=true;
814	retries=0;
815	/* We add the flags back ... */
816	if (nmb2->header.response)
817	(*flags) \|= NM_FLAGS_RS;
818	if (nmb2->header.nm_flags.authoritative)
819	(*flags) \|= NM_FLAGS_AA;
820	if (nmb2->header.nm_flags.trunc)
821	(*flags) \|= NM_FLAGS_TC;
822	if (nmb2->header.nm_flags.recursion_desired)
823	(*flags) \|= NM_FLAGS_RD;
824	if (nmb2->header.nm_flags.recursion_available)
825	(*flags) \|= NM_FLAGS_RA;
826	if (nmb2->header.nm_flags.bcast)
827	(*flags) \|= NM_FLAGS_B;
828	free_packet(p2);
829	/*
830	* If we're doing a unicast lookup we only
831	* expect one reply. Don't wait the full 2
832	* seconds if we got one. JRA.
833	*/
834	if(!bcast && found)
835	break;
836	}
837	}
838
839	/* only set timed_out if we didn't fund what we where looking for*/
840
841	if ( !found && timed_out ) {
842	*timed_out = true;
843	}
844
845	/* sort the ip list so we choose close servers first if possible */
846	sort_addr_list(ss_list, *count);
847
848	return ss_list;
849	}
850
851	/********************************************************
852	convert an array if struct sockaddr_storage to struct ip_service
853	return false on failure. Port is set to PORT_NONE;
854	*********************************************************/
855
856	static bool convert_ss2service(struct ip_service **return_iplist,
857	const struct sockaddr_storage *ss_list,
858	int count)
859	{
860	int i;
861
862	if ( count==0 \|\| !ss_list )
863	return False;
864
865	/* copy the ip address; port will be PORT_NONE */
866	if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) ==
867	NULL) {
868	DEBUG(0,("convert_ip2service: malloc failed "
869	"for %d enetries!\n", count ));
870	return False;
871	}
872
873	for ( i=0; i<count; i++ ) {
874	(*return_iplist)[i].ss = ss_list[i];
875	(*return_iplist)[i].port = PORT_NONE;
876	}
877
878	return true;
879	}
880
881	/********************************************************
882	Resolve via "bcast" method.
883	*********************************************************/
884
885	NTSTATUS name_resolve_bcast(const char *name,
886	int name_type,
887	struct ip_service **return_iplist,
888	int *return_count)
889	{
890	int sock, i;
891	int num_interfaces = iface_count();
892	struct sockaddr_storage *ss_list;
893	struct sockaddr_storage ss;
894	NTSTATUS status;
895
896	if (lp_disable_netbios()) {
897	DEBUG(5,("name_resolve_bcast(%s#%02x): netbios is disabled\n",
898	name, name_type));
899	return NT_STATUS_INVALID_PARAMETER;
900	}
901
902	*return_iplist = NULL;
903	*return_count = 0;
904
905	/*
906	* "bcast" means do a broadcast lookup on all the local interfaces.
907	*/
908
909	DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup "
910	"for name %s<0x%x>\n", name, name_type));
911
912	if (!interpret_string_addr(&ss, lp_socket_address(),
913	AI_NUMERICHOST\|AI_PASSIVE)) {
914	zero_sockaddr(&ss);
915	}
916
917	sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true );
918	if (sock == -1) {
919	return NT_STATUS_UNSUCCESSFUL;
920	}
921
922	set_socket_options(sock,"SO_BROADCAST");
923	/*
924	* Lookup the name on all the interfaces, return on
925	* the first successful match.
926	*/
927	for( i = num_interfaces-1; i >= 0; i--) {
928	const struct sockaddr_storage *pss = iface_n_bcast(i);
929	int flags;
930
931	/* Done this way to fix compiler error on IRIX 5.x */
932	if (!pss) {
933	continue;
934	}
935	ss_list = name_query(sock, name, name_type, true,
936	true, pss, return_count, &flags, NULL);
937	if (ss_list) {
938	goto success;
939	}
940	}
941
942	/* failed - no response */
943
944	close(sock);
945	return NT_STATUS_UNSUCCESSFUL;
946
947	success:
948
949	status = NT_STATUS_OK;
950	if (!convert_ss2service(return_iplist, ss_list, *return_count) )
951	status = NT_STATUS_INVALID_PARAMETER;
952
953	SAFE_FREE(ss_list);
954	close(sock);
955	return status;
956	}
957
958	/********************************************************
959	Resolve via "wins" method.
960	*********************************************************/
961
962	NTSTATUS resolve_wins(const char *name,
963	int name_type,
964	struct ip_service **return_iplist,
965	int *return_count)
966	{
967	int sock, t, i;
968	char **wins_tags;
969	struct sockaddr_storage src_ss, *ss_list = NULL;
970	struct in_addr src_ip;
971	NTSTATUS status;
972
973	if (lp_disable_netbios()) {
974	DEBUG(5,("resolve_wins(%s#%02x): netbios is disabled\n",
975	name, name_type));
976	return NT_STATUS_INVALID_PARAMETER;
977	}
978
979	*return_iplist = NULL;
980	*return_count = 0;
981
982	DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n",
983	name, name_type));
984
985	if (wins_srv_count() < 1) {
986	DEBUG(3,("resolve_wins: WINS server resolution selected "
987	"and no WINS servers listed.\n"));
988	return NT_STATUS_INVALID_PARAMETER;
989	}
990
991	/* we try a lookup on each of the WINS tags in turn */
992	wins_tags = wins_srv_tags();
993
994	if (!wins_tags) {
995	/* huh? no tags?? give up in disgust */
996	return NT_STATUS_INVALID_PARAMETER;
997	}
998
999	/* the address we will be sending from */
1000	if (!interpret_string_addr(&src_ss, lp_socket_address(),
1001	AI_NUMERICHOST\|AI_PASSIVE)) {
1002	zero_sockaddr(&src_ss);
1003	}
1004
1005	if (src_ss.ss_family != AF_INET) {
1006	char addr[INET6_ADDRSTRLEN];
1007	print_sockaddr(addr, sizeof(addr), &src_ss);
1008	DEBUG(3,("resolve_wins: cannot receive WINS replies "
1009	"on IPv6 address %s\n",
1010	addr));
1011	wins_srv_tags_free(wins_tags);
1012	return NT_STATUS_INVALID_PARAMETER;
1013	}
1014
1015	src_ip = ((struct sockaddr_in *)&src_ss)->sin_addr;
1016
1017	/* in the worst case we will try every wins server with every
1018	tag! */
1019	for (t=0; wins_tags && wins_tags[t]; t++) {
1020	int srv_count = wins_srv_count_tag(wins_tags[t]);
1021	for (i=0; i<srv_count; i++) {
1022	struct sockaddr_storage wins_ss;
1023	struct in_addr wins_ip;
1024	int flags;
1025	bool timed_out;
1026
1027	wins_ip = wins_srv_ip_tag(wins_tags[t], src_ip);
1028
1029	if (global_in_nmbd && ismyip_v4(wins_ip)) {
1030	/* yikes! we'll loop forever */
1031	continue;
1032	}
1033
1034	/* skip any that have been unresponsive lately */
1035	if (wins_srv_is_dead(wins_ip, src_ip)) {
1036	continue;
1037	}
1038
1039	DEBUG(3,("resolve_wins: using WINS server %s "
1040	"and tag '%s'\n",
1041	inet_ntoa(wins_ip), wins_tags[t]));
1042
1043	sock = open_socket_in(SOCK_DGRAM, 0, 3, &src_ss, true);
1044	if (sock == -1) {
1045	continue;
1046	}
1047
1048	in_addr_to_sockaddr_storage(&wins_ss, wins_ip);
1049	ss_list = name_query(sock,
1050	name,
1051	name_type,
1052	false,
1053	true,
1054	&wins_ss,
1055	return_count,
1056	&flags,
1057	&timed_out);
1058
1059	/* exit loop if we got a list of addresses */
1060
1061	if (ss_list)
1062	goto success;
1063
1064	close(sock);
1065
1066	if (timed_out) {
1067	/* Timed out wating for WINS server to respond.
1068	* Mark it dead. */
1069	wins_srv_died(wins_ip, src_ip);
1070	} else {
1071	/* The name definately isn't in this
1072	group of WINS servers.
1073	goto the next group */
1074	break;
1075	}
1076	}
1077	}
1078
1079	wins_srv_tags_free(wins_tags);
1080	return NT_STATUS_NO_LOGON_SERVERS;
1081
1082	success:
1083
1084	status = NT_STATUS_OK;
1085	if (!convert_ss2service(return_iplist, ss_list, *return_count))
1086	status = NT_STATUS_INVALID_PARAMETER;
1087
1088	SAFE_FREE(ss_list);
1089	wins_srv_tags_free(wins_tags);
1090	close(sock);
1091
1092	return status;
1093	}
1094
1095	/********************************************************
1096	Resolve via "lmhosts" method.
1097	*********************************************************/
1098
1099	static NTSTATUS resolve_lmhosts(const char *name, int name_type,
1100	struct ip_service **return_iplist,
1101	int *return_count)
1102	{
1103	/*
1104	* "lmhosts" means parse the local lmhosts file.
1105	*/
1106
1107	XFILE *fp;
1108	char *lmhost_name = NULL;
1109	int name_type2;
1110	struct sockaddr_storage return_ss;
1111	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1112	TALLOC_CTX *ctx = NULL;
1113
1114	*return_iplist = NULL;
1115	*return_count = 0;
1116
1117	DEBUG(3,("resolve_lmhosts: "
1118	"Attempting lmhosts lookup for name %s<0x%x>\n",
1119	name, name_type));
1120
1121	fp = startlmhosts(get_dyn_LMHOSTSFILE());
1122
1123	if ( fp == NULL )
1124	return NT_STATUS_NO_SUCH_FILE;
1125
1126	ctx = talloc_init("resolve_lmhosts");
1127	if (!ctx) {
1128	endlmhosts(fp);
1129	return NT_STATUS_NO_MEMORY;
1130	}
1131
1132	while (getlmhostsent(ctx, fp, &lmhost_name, &name_type2, &return_ss)) {
1133
1134	if (!strequal(name, lmhost_name)) {
1135	TALLOC_FREE(lmhost_name);
1136	continue;
1137	}
1138
1139	if ((name_type2 != -1) && (name_type != name_type2)) {
1140	TALLOC_FREE(lmhost_name);
1141	continue;
1142	}
1143
1144	return_iplist = SMB_REALLOC_ARRAY((return_iplist),
1145	struct ip_service,
1146	(*return_count)+1);
1147
1148	if ((*return_iplist) == NULL) {
1149	TALLOC_FREE(ctx);
1150	endlmhosts(fp);
1151	DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
1152	return NT_STATUS_NO_MEMORY;
1153	}
1154
1155	(return_iplist)[return_count].ss = return_ss;
1156	(return_iplist)[return_count].port = PORT_NONE;
1157	*return_count += 1;
1158
1159	/* we found something */
1160	status = NT_STATUS_OK;
1161
1162	/* Multiple names only for DC lookup */
1163	if (name_type != 0x1c)
1164	break;
1165	}
1166
1167	TALLOC_FREE(ctx);
1168	endlmhosts(fp);
1169	return status;
1170	}
1171
1172
1173	/********************************************************
1174	Resolve via "hosts" method.
1175	*********************************************************/
1176
1177	static NTSTATUS resolve_hosts(const char *name, int name_type,
1178	struct ip_service **return_iplist,
1179	int *return_count)
1180	{
1181	/*
1182	* "host" means do a localhost, or dns lookup.
1183	*/
1184	struct addrinfo hints;
1185	struct addrinfo *ailist = NULL;
1186	struct addrinfo *res = NULL;
1187	int ret = -1;
1188	int i = 0;
1189
1190	if ( name_type != 0x20 && name_type != 0x0) {
1191	DEBUG(5, ("resolve_hosts: not appropriate "
1192	"for name type <0x%x>\n",
1193	name_type));
1194	return NT_STATUS_INVALID_PARAMETER;
1195	}
1196
1197	*return_iplist = NULL;
1198	*return_count = 0;
1199
1200	DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
1201	name, name_type));
1202
1203	ZERO_STRUCT(hints);
1204	/* By default make sure it supports TCP. */
1205	hints.ai_socktype = SOCK_STREAM;
1206	hints.ai_flags = AI_ADDRCONFIG;
1207
1208	#if !defined(HAVE_IPV6)
1209	/* Unless we have IPv6, we really only want IPv4 addresses back. */
1210	hints.ai_family = AF_INET;
1211	#endif
1212
1213	ret = getaddrinfo(name,
1214	NULL,
1215	&hints,
1216	&ailist);
1217	if (ret) {
1218	DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
1219	name,
1220	gai_strerror(ret) ));
1221	}
1222
1223	for (res = ailist; res; res = res->ai_next) {
1224	struct sockaddr_storage ss;
1225
1226	if (!res->ai_addr \|\| res->ai_addrlen == 0) {
1227	continue;
1228	}
1229
1230	ZERO_STRUCT(ss);
1231	memcpy(&ss, res->ai_addr, res->ai_addrlen);
1232
1233	*return_count += 1;
1234
1235	return_iplist = SMB_REALLOC_ARRAY(return_iplist,
1236	struct ip_service,
1237	*return_count);
1238	if (!*return_iplist) {
1239	DEBUG(3,("resolve_hosts: malloc fail !\n"));
1240	freeaddrinfo(ailist);
1241	return NT_STATUS_NO_MEMORY;
1242	}
1243	(*return_iplist)[i].ss = ss;
1244	(*return_iplist)[i].port = PORT_NONE;
1245	i++;
1246	}
1247	if (ailist) {
1248	freeaddrinfo(ailist);
1249	}
1250	if (*return_count) {
1251	return NT_STATUS_OK;
1252	}
1253	return NT_STATUS_UNSUCCESSFUL;
1254	}
1255
1256	/********************************************************
1257	Resolve via "ADS" method.
1258	*********************************************************/
1259
1260	static NTSTATUS resolve_ads(const char *name,
1261	int name_type,
1262	const char *sitename,
1263	struct ip_service **return_iplist,
1264	int *return_count)
1265	{
1266	int i, j;
1267	NTSTATUS status;
1268	TALLOC_CTX *ctx;
1269	struct dns_rr_srv *dcs = NULL;
1270	int numdcs = 0;
1271	int numaddrs = 0;
1272
1273	if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
1274	(name_type != 0x1b)) {
1275	return NT_STATUS_INVALID_PARAMETER;
1276	}
1277
1278	if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
1279	DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
1280	return NT_STATUS_NO_MEMORY;
1281	}
1282
1283	/* The DNS code needs fixing to find IPv6 addresses... JRA. */
1284
1285	switch (name_type) {
1286	case 0x1b:
1287	DEBUG(5,("resolve_ads: Attempting to resolve "
1288	"PDC for %s using DNS\n", name));
1289	status = ads_dns_query_pdc(ctx, name, &dcs, &numdcs);
1290	break;
1291
1292	case 0x1c:
1293	DEBUG(5,("resolve_ads: Attempting to resolve "
1294	"DCs for %s using DNS\n", name));
1295	status = ads_dns_query_dcs(ctx, name, sitename, &dcs,
1296	&numdcs);
1297	break;
1298	case KDC_NAME_TYPE:
1299	DEBUG(5,("resolve_ads: Attempting to resolve "
1300	"KDCs for %s using DNS\n", name));
1301	status = ads_dns_query_kdcs(ctx, name, sitename, &dcs,
1302	&numdcs);
1303	break;
1304	default:
1305	status = NT_STATUS_INVALID_PARAMETER;
1306	break;
1307	}
1308
1309	if ( !NT_STATUS_IS_OK( status ) ) {
1310	talloc_destroy(ctx);
1311	return status;
1312	}
1313
1314	for (i=0;i<numdcs;i++) {
1315	numaddrs += MAX(dcs[i].num_ips,1);
1316	}
1317
1318	if ((*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numaddrs)) ==
1319	NULL ) {
1320	DEBUG(0,("resolve_ads: malloc failed for %d entries\n",
1321	numaddrs ));
1322	talloc_destroy(ctx);
1323	return NT_STATUS_NO_MEMORY;
1324	}
1325
1326	/* now unroll the list of IP addresses */
1327
1328	*return_count = 0;
1329	i = 0;
1330	j = 0;
1331	while ( i < numdcs && (*return_count<numaddrs) ) {
1332	struct ip_service r = &(return_iplist)[*return_count];
1333
1334	r->port = dcs[i].port;
1335
1336	/* If we don't have an IP list for a name, lookup it up */
1337
1338	if (!dcs[i].ss_s) {
1339	interpret_string_addr(&r->ss, dcs[i].hostname, 0);
1340	i++;
1341	j = 0;
1342	} else {
1343	/* use the IP addresses from the SRV sresponse */
1344
1345	if ( j >= dcs[i].num_ips ) {
1346	i++;
1347	j = 0;
1348	continue;
1349	}
1350
1351	r->ss = dcs[i].ss_s[j];
1352	j++;
1353	}
1354
1355	/* make sure it is a valid IP. I considered checking the
1356	* negative connection cache, but this is the wrong place
1357	* for it. Maybe only as a hack. After think about it, if
1358	* all of the IP addresses returned from DNS are dead, what
1359	* hope does a netbios name lookup have ? The standard reason
1360	* for falling back to netbios lookups is that our DNS server
1361	* doesn't know anything about the DC's -- jerry */
1362
1363	if (!is_zero_addr((struct sockaddr *)&r->ss)) {
1364	(*return_count)++;
1365	}
1366	}
1367
1368	talloc_destroy(ctx);
1369	return NT_STATUS_OK;
1370	}
1371
1372	/*******************************************************************
1373	Internal interface to resolve a name into an IP address.
1374	Use this function if the string is either an IP address, DNS
1375	or host name or NetBIOS name. This uses the name switch in the
1376	smb.conf to determine the order of name resolution.
1377
1378	Added support for ip addr/port to support ADS ldap servers.
1379	the only place we currently care about the port is in the
1380	resolve_hosts() when looking up DC's via SRV RR entries in DNS
1381	**********************************************************************/
1382
1383	NTSTATUS internal_resolve_name(const char *name,
1384	int name_type,
1385	const char *sitename,
1386	struct ip_service **return_iplist,
1387	int *return_count,
1388	const char *resolve_order)
1389	{
1390	char *tok;
1391	const char *ptr;
1392	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1393	int i;
1394	TALLOC_CTX *frame = NULL;
1395
1396	*return_iplist = NULL;
1397	*return_count = 0;
1398
1399	DEBUG(10, ("internal_resolve_name: looking up %s#%x (sitename %s)\n",
1400	name, name_type, sitename ? sitename : "(null)"));
1401
1402	if (is_ipaddress(name)) {
1403	if ((*return_iplist = SMB_MALLOC_P(struct ip_service)) ==
1404	NULL) {
1405	DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1406	return NT_STATUS_NO_MEMORY;
1407	}
1408
1409	/* ignore the port here */
1410	(*return_iplist)->port = PORT_NONE;
1411
1412	/* if it's in the form of an IP address then get the lib to interpret it */
1413	if (!interpret_string_addr(&(*return_iplist)->ss,
1414	name, AI_NUMERICHOST)) {
1415	DEBUG(1,("internal_resolve_name: interpret_string_addr "
1416	"failed on %s\n",
1417	name));
1418	SAFE_FREE(*return_iplist);
1419	return NT_STATUS_INVALID_PARAMETER;
1420	}
1421	*return_count = 1;
1422	return NT_STATUS_OK;
1423	}
1424
1425	/* Check name cache */
1426
1427	if (namecache_fetch(name, name_type, return_iplist, return_count)) {
1428	/* This could be a negative response */
1429	if (*return_count > 0) {
1430	return NT_STATUS_OK;
1431	} else {
1432	return NT_STATUS_UNSUCCESSFUL;
1433	}
1434	}
1435
1436	/* set the name resolution order */
1437
1438	if (strcmp( resolve_order, "NULL") == 0) {
1439	DEBUG(8,("internal_resolve_name: all lookups disabled\n"));
1440	return NT_STATUS_INVALID_PARAMETER;
1441	}
1442
1443	if (!resolve_order[0]) {
1444	ptr = "host";
1445	} else {
1446	ptr = resolve_order;
1447	}
1448
1449	/* iterate through the name resolution backends */
1450
1451	frame = talloc_stackframe();
1452	while (next_token_talloc(frame, &ptr, &tok, LIST_SEP)) {
1453	if((strequal(tok, "host") \|\| strequal(tok, "hosts"))) {
1454	status = resolve_hosts(name, name_type, return_iplist,
1455	return_count);
1456	if (NT_STATUS_IS_OK(status)) {
1457	goto done;
1458	}
1459	} else if(strequal( tok, "kdc")) {
1460	/* deal with KDC_NAME_TYPE names here.
1461	* This will result in a SRV record lookup */
1462	status = resolve_ads(name, KDC_NAME_TYPE, sitename,
1463	return_iplist, return_count);
1464	if (NT_STATUS_IS_OK(status)) {
1465	/* Ensure we don't namecache
1466	* this with the KDC port. */
1467	name_type = KDC_NAME_TYPE;
1468	goto done;
1469	}
1470	} else if(strequal( tok, "ads")) {
1471	/* deal with 0x1c and 0x1b names here.
1472	* This will result in a SRV record lookup */
1473	status = resolve_ads(name, name_type, sitename,
1474	return_iplist, return_count);
1475	if (NT_STATUS_IS_OK(status)) {
1476	goto done;
1477	}
1478	} else if(strequal( tok, "lmhosts")) {
1479	status = resolve_lmhosts(name, name_type,
1480	return_iplist, return_count);
1481	if (NT_STATUS_IS_OK(status)) {
1482	goto done;
1483	}
1484	} else if(strequal( tok, "wins")) {
1485	/* don't resolve 1D via WINS */
1486	if (name_type != 0x1D) {
1487	status = resolve_wins(name, name_type,
1488	return_iplist,
1489	return_count);
1490	if (NT_STATUS_IS_OK(status)) {
1491	goto done;
1492	}
1493	}
1494	} else if(strequal( tok, "bcast")) {
1495	status = name_resolve_bcast(name, name_type,
1496	return_iplist,
1497	return_count);
1498	if (NT_STATUS_IS_OK(status)) {
1499	goto done;
1500	}
1501	} else {
1502	DEBUG(0,("resolve_name: unknown name switch type %s\n",
1503	tok));
1504	}
1505	}
1506
1507	/* All of the resolve_* functions above have returned false. */
1508
1509	TALLOC_FREE(frame);
1510	SAFE_FREE(*return_iplist);
1511	*return_count = 0;
1512
1513	return NT_STATUS_UNSUCCESSFUL;
1514
1515	done:
1516
1517	/* Remove duplicate entries. Some queries, notably #1c (domain
1518	controllers) return the PDC in iplist[0] and then all domain
1519	controllers including the PDC in iplist[1..n]. Iterating over
1520	the iplist when the PDC is down will cause two sets of timeouts. */
1521
1522	if ( *return_count ) {
1523	return_count = remove_duplicate_addrs2(return_iplist,
1524	*return_count );
1525	}
1526
1527	/* Save in name cache */
1528	if ( DEBUGLEVEL >= 100 ) {
1529	for (i = 0; i < *return_count && DEBUGLEVEL == 100; i++) {
1530	char addr[INET6_ADDRSTRLEN];
1531	print_sockaddr(addr, sizeof(addr),
1532	&(*return_iplist)[i].ss);
1533	DEBUG(100, ("Storing name %s of type %d (%s:%d)\n",
1534	name,
1535	name_type,
1536	addr,
1537	(*return_iplist)[i].port));
1538	}
1539	}
1540
1541	namecache_store(name, name_type, return_count, return_iplist);
1542
1543	/* Display some debugging info */
1544
1545	if ( DEBUGLEVEL >= 10 ) {
1546	DEBUG(10, ("internal_resolve_name: returning %d addresses: ",
1547	*return_count));
1548
1549	for (i = 0; i < *return_count; i++) {
1550	char addr[INET6_ADDRSTRLEN];
1551	print_sockaddr(addr, sizeof(addr),
1552	&(*return_iplist)[i].ss);
1553	DEBUGADD(10, ("%s:%d ",
1554	addr,
1555	(*return_iplist)[i].port));
1556	}
1557	DEBUG(10, ("\n"));
1558	}
1559
1560	TALLOC_FREE(frame);
1561	return status;
1562	}
1563
1564	/********************************************************
1565	Internal interface to resolve a name into one IP address.
1566	Use this function if the string is either an IP address, DNS
1567	or host name or NetBIOS name. This uses the name switch in the
1568	smb.conf to determine the order of name resolution.
1569	*********************************************************/
1570
1571	bool resolve_name(const char *name,
1572	struct sockaddr_storage *return_ss,
1573	int name_type,
1574	bool prefer_ipv4)
1575	{
1576	struct ip_service *ss_list = NULL;
1577	char *sitename = NULL;
1578	int count = 0;
1579
1580	if (is_ipaddress(name)) {
1581	return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
1582	}
1583
1584	sitename = sitename_fetch(lp_realm()); /* wild guess */
1585
1586	if (NT_STATUS_IS_OK(internal_resolve_name(name, name_type, sitename,
1587	&ss_list, &count,
1588	lp_name_resolve_order()))) {
1589	int i;
1590
1591	if (prefer_ipv4) {
1592	for (i=0; i<count; i++) {
1593	if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1594	!is_broadcast_addr((struct sockaddr *)&ss_list[i].ss) &&
1595	(ss_list[i].ss.ss_family == AF_INET)) {
1596	*return_ss = ss_list[i].ss;
1597	SAFE_FREE(ss_list);
1598	SAFE_FREE(sitename);
1599	return True;
1600	}
1601	}
1602	}
1603
1604	/* only return valid addresses for TCP connections */
1605	for (i=0; i<count; i++) {
1606	if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1607	!is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1608	*return_ss = ss_list[i].ss;
1609	SAFE_FREE(ss_list);
1610	SAFE_FREE(sitename);
1611	return True;
1612	}
1613	}
1614	}
1615
1616	SAFE_FREE(ss_list);
1617	SAFE_FREE(sitename);
1618	return False;
1619	}
1620
1621	/********************************************************
1622	Internal interface to resolve a name into a list of IP addresses.
1623	Use this function if the string is either an IP address, DNS
1624	or host name or NetBIOS name. This uses the name switch in the
1625	smb.conf to determine the order of name resolution.
1626	*********************************************************/
1627
1628	NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
1629	const char *name,
1630	int name_type,
1631	struct sockaddr_storage **return_ss_arr,
1632	unsigned int *p_num_entries)
1633	{
1634	struct ip_service *ss_list = NULL;
1635	char *sitename = NULL;
1636	int count = 0;
1637	int i;
1638	unsigned int num_entries;
1639	NTSTATUS status;
1640
1641	*p_num_entries = 0;
1642	*return_ss_arr = NULL;
1643
1644	if (is_ipaddress(name)) {
1645	*return_ss_arr = TALLOC_P(ctx, struct sockaddr_storage);
1646	if (!*return_ss_arr) {
1647	return NT_STATUS_NO_MEMORY;
1648	}
1649	if (!interpret_string_addr(*return_ss_arr, name, AI_NUMERICHOST)) {
1650	TALLOC_FREE(*return_ss_arr);
1651	return NT_STATUS_BAD_NETWORK_NAME;
1652	}
1653	*p_num_entries = 1;
1654	return NT_STATUS_OK;
1655	}
1656
1657	sitename = sitename_fetch(lp_realm()); /* wild guess */
1658
1659	status = internal_resolve_name(name, name_type, sitename,
1660	&ss_list, &count,
1661	lp_name_resolve_order());
1662	SAFE_FREE(sitename);
1663
1664	if (!NT_STATUS_IS_OK(status)) {
1665	return status;
1666	}
1667
1668	/* only return valid addresses for TCP connections */
1669	for (i=0, num_entries = 0; i<count; i++) {
1670	if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1671	!is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1672	num_entries++;
1673	}
1674	}
1675	if (num_entries == 0) {
1676	SAFE_FREE(ss_list);
1677	return NT_STATUS_BAD_NETWORK_NAME;
1678	}
1679
1680	*return_ss_arr = TALLOC_ARRAY(ctx,
1681	struct sockaddr_storage,
1682	num_entries);
1683	if (!(*return_ss_arr)) {
1684	SAFE_FREE(ss_list);
1685	return NT_STATUS_NO_MEMORY;
1686	}
1687
1688	for (i=0, num_entries = 0; i<count; i++) {
1689	if (!is_zero_addr((struct sockaddr *)&ss_list[i].ss) &&
1690	!is_broadcast_addr((struct sockaddr *)&ss_list[i].ss)) {
1691	(*return_ss_arr)[num_entries++] = ss_list[i].ss;
1692	}
1693	}
1694
1695	status = NT_STATUS_OK;
1696	*p_num_entries = num_entries;
1697
1698	SAFE_FREE(ss_list);
1699	return NT_STATUS_OK;
1700	}
1701
1702	/********************************************************
1703	Find the IP address of the master browser or DMB for a workgroup.
1704	*********************************************************/
1705
1706	bool find_master_ip(const char group, struct sockaddr_storage master_ss)
1707	{
1708	struct ip_service *ip_list = NULL;
1709	int count = 0;
1710	NTSTATUS status;
1711
1712	if (lp_disable_netbios()) {
1713	DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
1714	return false;
1715	}
1716
1717	status = internal_resolve_name(group, 0x1D, NULL, &ip_list, &count,
1718	lp_name_resolve_order());
1719	if (NT_STATUS_IS_OK(status)) {
1720	*master_ss = ip_list[0].ss;
1721	SAFE_FREE(ip_list);
1722	return true;
1723	}
1724
1725	status = internal_resolve_name(group, 0x1B, NULL, &ip_list, &count,
1726	lp_name_resolve_order());
1727	if (NT_STATUS_IS_OK(status)) {
1728	*master_ss = ip_list[0].ss;
1729	SAFE_FREE(ip_list);
1730	return true;
1731	}
1732
1733	SAFE_FREE(ip_list);
1734	return false;
1735	}
1736
1737	/********************************************************
1738	Get the IP address list of the primary domain controller
1739	for a domain.
1740	*********************************************************/
1741
1742	bool get_pdc_ip(const char domain, struct sockaddr_storage pss)
1743	{
1744	struct ip_service *ip_list = NULL;
1745	int count = 0;
1746	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
1747
1748	/* Look up #1B name */
1749
1750	if (lp_security() == SEC_ADS) {
1751	status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1752	&count, "ads");
1753	}
1754
1755	if (!NT_STATUS_IS_OK(status) \|\| count == 0) {
1756	status = internal_resolve_name(domain, 0x1b, NULL, &ip_list,
1757	&count,
1758	lp_name_resolve_order());
1759	if (!NT_STATUS_IS_OK(status)) {
1760	return false;
1761	}
1762	}
1763
1764	/* if we get more than 1 IP back we have to assume it is a
1765	multi-homed PDC and not a mess up */
1766
1767	if ( count > 1 ) {
1768	DEBUG(6,("get_pdc_ip: PDC has %d IP addresses!\n", count));
1769	sort_service_list(ip_list, count);
1770	}
1771
1772	*pss = ip_list[0].ss;
1773	SAFE_FREE(ip_list);
1774	return true;
1775	}
1776
1777	/* Private enum type for lookups. */
1778
1779	enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
1780
1781	/********************************************************
1782	Get the IP address list of the domain controllers for
1783	a domain.
1784	*********************************************************/
1785
1786	static NTSTATUS get_dc_list(const char *domain,
1787	const char *sitename,
1788	struct ip_service **ip_list,
1789	int *count,
1790	enum dc_lookup_type lookup_type,
1791	bool *ordered)
1792	{
1793	char *resolve_order = NULL;
1794	char *saf_servername = NULL;
1795	char *pserver = NULL;
1796	const char *p;
1797	char *port_str = NULL;
1798	int port;
1799	char *name;
1800	int num_addresses = 0;
1801	int local_count, i, j;
1802	struct ip_service *return_iplist = NULL;
1803	struct ip_service *auto_ip_list = NULL;
1804	bool done_auto_lookup = false;
1805	int auto_count = 0;
1806	NTSTATUS status;
1807	TALLOC_CTX *ctx = talloc_init("get_dc_list");
1808
1809	*ip_list = NULL;
1810	*count = 0;
1811
1812	if (!ctx) {
1813	return NT_STATUS_NO_MEMORY;
1814	}
1815
1816	*ordered = False;
1817
1818	/* if we are restricted to solely using DNS for looking
1819	up a domain controller, make sure that host lookups
1820	are enabled for the 'name resolve order'. If host lookups
1821	are disabled and ads_only is True, then set the string to
1822	NULL. */
1823
1824	resolve_order = talloc_strdup(ctx, lp_name_resolve_order());
1825	if (!resolve_order) {
1826	status = NT_STATUS_NO_MEMORY;
1827	goto out;
1828	}
1829	strlower_m(resolve_order);
1830	if (lookup_type == DC_ADS_ONLY) {
1831	if (strstr( resolve_order, "host")) {
1832	resolve_order = talloc_strdup(ctx, "ads");
1833
1834	/* DNS SRV lookups used by the ads resolver
1835	are already sorted by priority and weight */
1836	*ordered = true;
1837	} else {
1838	resolve_order = talloc_strdup(ctx, "NULL");
1839	}
1840	} else if (lookup_type == DC_KDC_ONLY) {
1841	/* DNS SRV lookups used by the ads/kdc resolver
1842	are already sorted by priority and weight */
1843	*ordered = true;
1844	resolve_order = talloc_strdup(ctx, "kdc");
1845	}
1846	if (!resolve_order) {
1847	status = NT_STATUS_NO_MEMORY;
1848	goto out;
1849	}
1850
1851	/* fetch the server we have affinity for. Add the
1852	'password server' list to a search for our domain controllers */
1853
1854	saf_servername = saf_fetch( domain);
1855
1856	if (strequal(domain, lp_workgroup()) \|\| strequal(domain, lp_realm())) {
1857	pserver = talloc_asprintf(NULL, "%s, %s",
1858	saf_servername ? saf_servername : "",
1859	lp_passwordserver());
1860	} else {
1861	pserver = talloc_asprintf(NULL, "%s, *",
1862	saf_servername ? saf_servername : "");
1863	}
1864
1865	SAFE_FREE(saf_servername);
1866	if (!pserver) {
1867	status = NT_STATUS_NO_MEMORY;
1868	goto out;
1869	}
1870
1871	/* if we are starting from scratch, just lookup DOMAIN<0x1c> */
1872
1873	if (!*pserver ) {
1874	DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
1875	status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1876	count, resolve_order);
1877	goto out;
1878	}
1879
1880	DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
1881
1882	/*
1883	* if '*' appears in the "password server" list then add
1884	* an auto lookup to the list of manually configured
1885	* DC's. If any DC is listed by name, then the list should be
1886	* considered to be ordered
1887	*/
1888
1889	p = pserver;
1890	while (next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1891	if (!done_auto_lookup && strequal(name, "*")) {
1892	status = internal_resolve_name(domain, 0x1C, sitename,
1893	&auto_ip_list,
1894	&auto_count,
1895	resolve_order);
1896	if (NT_STATUS_IS_OK(status)) {
1897	num_addresses += auto_count;
1898	}
1899	done_auto_lookup = true;
1900	DEBUG(8,("Adding %d DC's from auto lookup\n",
1901	auto_count));
1902	} else {
1903	num_addresses++;
1904	}
1905	}
1906
1907	/* if we have no addresses and haven't done the auto lookup, then
1908	just return the list of DC's. Or maybe we just failed. */
1909
1910	if ((num_addresses == 0)) {
1911	if (done_auto_lookup) {
1912	DEBUG(4,("get_dc_list: no servers found\n"));
1913	status = NT_STATUS_NO_LOGON_SERVERS;
1914	goto out;
1915	}
1916	status = internal_resolve_name(domain, 0x1C, sitename, ip_list,
1917	count, resolve_order);
1918	goto out;
1919	}
1920
1921	if ((return_iplist = SMB_MALLOC_ARRAY(struct ip_service,
1922	num_addresses)) == NULL) {
1923	DEBUG(3,("get_dc_list: malloc fail !\n"));
1924	status = NT_STATUS_NO_MEMORY;
1925	goto out;
1926	}
1927
1928	p = pserver;
1929	local_count = 0;
1930
1931	/* fill in the return list now with real IP's */
1932
1933	while ((local_count<num_addresses) &&
1934	next_token_talloc(ctx, &p, &name, LIST_SEP)) {
1935	struct sockaddr_storage name_ss;
1936
1937	/* copy any addersses from the auto lookup */
1938
1939	if (strequal(name, "*")) {
1940	for (j=0; j<auto_count; j++) {
1941	char addr[INET6_ADDRSTRLEN];
1942	print_sockaddr(addr,
1943	sizeof(addr),
1944	&auto_ip_list[j].ss);
1945	/* Check for and don't copy any
1946	* known bad DC IP's. */
1947	if(!NT_STATUS_IS_OK(check_negative_conn_cache(
1948	domain,
1949	addr))) {
1950	DEBUG(5,("get_dc_list: "
1951	"negative entry %s removed "
1952	"from DC list\n",
1953	addr));
1954	continue;
1955	}
1956	return_iplist[local_count].ss =
1957	auto_ip_list[j].ss;
1958	return_iplist[local_count].port =
1959	auto_ip_list[j].port;
1960	local_count++;
1961	}
1962	continue;
1963	}
1964
1965	/* added support for address:port syntax for ads
1966	* (not that I think anyone will ever run the LDAP
1967	* server in an AD domain on something other than
1968	* port 389 */
1969
1970	port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
1971	if ((port_str=strchr(name, ':')) != NULL) {
1972	*port_str = '\0';
1973	port_str++;
1974	port = atoi(port_str);
1975	}
1976
1977	/* explicit lookup; resolve_name() will
1978	* handle names & IP addresses */
1979	if (resolve_name( name, &name_ss, 0x20, true )) {
1980	char addr[INET6_ADDRSTRLEN];
1981	print_sockaddr(addr,
1982	sizeof(addr),
1983	&name_ss);
1984
1985	/* Check for and don't copy any known bad DC IP's. */
1986	if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
1987	addr)) ) {
1988	DEBUG(5,("get_dc_list: negative entry %s "
1989	"removed from DC list\n",
1990	name ));
1991	continue;
1992	}
1993
1994	return_iplist[local_count].ss = name_ss;
1995	return_iplist[local_count].port = port;
1996	local_count++;
1997	*ordered = true;
1998	}
1999	}
2000
2001	/* need to remove duplicates in the list if we have any
2002	explicit password servers */
2003
2004	if (local_count) {
2005	local_count = remove_duplicate_addrs2(return_iplist,
2006	local_count );
2007	}
2008
2009	/* For DC's we always prioritize IPv4 due to W2K3 not
2010	* supporting LDAP, KRB5 or CLDAP over IPv6. */
2011
2012	if (local_count && return_iplist) {
2013	prioritize_ipv4_list(return_iplist, local_count);
2014	}
2015
2016	if ( DEBUGLEVEL >= 4 ) {
2017	DEBUG(4,("get_dc_list: returning %d ip addresses "
2018	"in an %sordered list\n",
2019	local_count,
2020	*ordered ? "":"un"));
2021	DEBUG(4,("get_dc_list: "));
2022	for ( i=0; i<local_count; i++ ) {
2023	char addr[INET6_ADDRSTRLEN];
2024	print_sockaddr(addr,
2025	sizeof(addr),
2026	&return_iplist[i].ss);
2027	DEBUGADD(4,("%s:%d ", addr, return_iplist[i].port ));
2028	}
2029	DEBUGADD(4,("\n"));
2030	}
2031
2032	*ip_list = return_iplist;
2033	*count = local_count;
2034
2035	status = ( *count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS );
2036
2037	out:
2038
2039	if (!NT_STATUS_IS_OK(status)) {
2040	SAFE_FREE(return_iplist);
2041	*ip_list = NULL;
2042	*count = 0;
2043	}
2044
2045	SAFE_FREE(auto_ip_list);
2046	TALLOC_FREE(ctx);
2047	return status;
2048	}
2049
2050	/*********************************************************************
2051	Small wrapper function to get the DC list and sort it if neccessary.
2052	*********************************************************************/
2053
2054	NTSTATUS get_sorted_dc_list( const char *domain,
2055	const char *sitename,
2056	struct ip_service **ip_list,
2057	int *count,
2058	bool ads_only )
2059	{
2060	bool ordered = false;
2061	NTSTATUS status;
2062	enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
2063
2064	*ip_list = NULL;
2065	*count = 0;
2066
2067	DEBUG(8,("get_sorted_dc_list: attempting lookup "
2068	"for name %s (sitename %s) using [%s]\n",
2069	domain,
2070	sitename ? sitename : "NULL",
2071	(ads_only ? "ads" : lp_name_resolve_order())));
2072
2073	if (ads_only) {
2074	lookup_type = DC_ADS_ONLY;
2075	}
2076
2077	status = get_dc_list(domain, sitename, ip_list,
2078	count, lookup_type, &ordered);
2079	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
2080	&& sitename) {
2081	DEBUG(3,("get_sorted_dc_list: no server for name %s available"
2082	" in site %s, fallback to all servers\n",
2083	domain, sitename));
2084	status = get_dc_list(domain, NULL, ip_list,
2085	count, lookup_type, &ordered);
2086	}
2087
2088	if (!NT_STATUS_IS_OK(status)) {
2089	SAFE_FREE(*ip_list);
2090	*count = 0;
2091	return status;
2092	}
2093
2094	/* only sort if we don't already have an ordered list */
2095	if (!ordered) {
2096	sort_service_list(ip_list, count);
2097	}
2098
2099	return NT_STATUS_OK;
2100	}
2101
2102	/*********************************************************************
2103	Get the KDC list - re-use all the logic in get_dc_list.
2104	*********************************************************************/
2105
2106	NTSTATUS get_kdc_list( const char *realm,
2107	const char *sitename,
2108	struct ip_service **ip_list,
2109	int *count)
2110	{
2111	bool ordered;
2112	NTSTATUS status;
2113
2114	*count = 0;
2115	*ip_list = NULL;
2116
2117	status = get_dc_list(realm, sitename, ip_list,
2118	count, DC_KDC_ONLY, &ordered);
2119
2120	if (!NT_STATUS_IS_OK(status)) {
2121	SAFE_FREE(*ip_list);
2122	*count = 0;
2123	return status;
2124	}
2125
2126	/* only sort if we don't already have an ordered list */
2127	if ( !ordered ) {
2128	sort_service_list(ip_list, count);
2129	}
2130
2131	return NT_STATUS_OK;
2132	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: