source: vendor/3.5.7/source3/libsmb/namequery_dc.c

Last change on this file was 478, checked in by Silvan Scherrer, 15 years ago

Samba 3.5: vendor update to 3.5.4
File size: 6.6 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3
4 Winbind daemon connection manager
5
6 Copyright (C) Tim Potter 2001
7 Copyright (C) Andrew Bartlett 2002
8 Copyright (C) Gerald Carter 2003
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22*/
23
24
25#include "includes.h"
26
27/**********************************************************************
28 Is this our primary domain ?
29**********************************************************************/
30
31#ifdef HAVE_KRB5
32static bool is_our_primary_domain(const char *domain)
33{
34 int role = lp_server_role();
35
36 if ((role == ROLE_DOMAIN_MEMBER) && strequal(lp_workgroup(), domain)) {
37 return True;
38 } else if (strequal(get_global_sam_name(), domain)) {
39 return True;
40 }
41 return False;
42}
43#endif
44
45/**************************************************************************
46 Find the name and IP address for a server in the realm/domain
47 *************************************************************************/
48
49static bool ads_dc_name(const char *domain,
50 const char *realm,
51 struct sockaddr_storage *dc_ss,
52 fstring srv_name)
53{
54 ADS_STRUCT *ads;
55 char *sitename;
56 int i;
57 char addr[INET6_ADDRSTRLEN];
58
59 if (!realm && strequal(domain, lp_workgroup())) {
60 realm = lp_realm();
61 }
62
63 sitename = sitename_fetch(realm);
64
65 /* Try this 3 times then give up. */
66 for( i =0 ; i < 3; i++) {
67 ads = ads_init(realm, domain, NULL);
68 if (!ads) {
69 SAFE_FREE(sitename);
70 return False;
71 }
72
73 DEBUG(4,("ads_dc_name: domain=%s\n", domain));
74
75#ifdef HAVE_ADS
76 /* we don't need to bind, just connect */
77 ads->auth.flags |= ADS_AUTH_NO_BIND;
78 ads_connect(ads);
79#endif
80
81 if (!ads->config.realm) {
82 SAFE_FREE(sitename);
83 ads_destroy(&ads);
84 return False;
85 }
86
87 /* Now we've found a server, see if our sitename
88 has changed. If so, we need to re-do the DNS query
89 to ensure we only find servers in our site. */
90
91 if (stored_sitename_changed(realm, sitename)) {
92 SAFE_FREE(sitename);
93 sitename = sitename_fetch(realm);
94 ads_destroy(&ads);
95 /* Ensure we don't cache the DC we just connected to. */
96 namecache_delete(realm, 0x1C);
97 namecache_delete(domain, 0x1C);
98 continue;
99 }
100
101#ifdef HAVE_KRB5
102 if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) {
103 if (ads_closest_dc(ads)) {
104 /* We're going to use this KDC for this realm/domain.
105 If we are using sites, then force the krb5 libs
106 to use this KDC. */
107
108 create_local_private_krb5_conf_for_domain(realm,
109 domain,
110 sitename,
111 &ads->ldap.ss,
112 ads->config.ldap_server_name);
113 } else {
114 create_local_private_krb5_conf_for_domain(realm,
115 domain,
116 NULL,
117 &ads->ldap.ss,
118 ads->config.ldap_server_name);
119 }
120 }
121#endif
122 break;
123 }
124
125 if (i == 3) {
126 DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n",
127 sitename ? sitename : ""));
128 SAFE_FREE(sitename);
129 return False;
130 }
131
132 SAFE_FREE(sitename);
133
134 fstrcpy(srv_name, ads->config.ldap_server_name);
135 strupper_m(srv_name);
136#ifdef HAVE_ADS
137 *dc_ss = ads->ldap.ss;
138#else
139 zero_sockaddr(dc_ss);
140#endif
141 ads_destroy(&ads);
142
143 print_sockaddr(addr, sizeof(addr), dc_ss);
144 DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
145 srv_name, addr));
146
147 return True;
148}
149
150/****************************************************************************
151 Utility function to return the name of a DC. The name is guaranteed to be
152 valid since we have already done a name_status_find on it
153 ***************************************************************************/
154
155static bool rpc_dc_name(const char *domain,
156 fstring srv_name,
157 struct sockaddr_storage *ss_out)
158{
159 struct ip_service *ip_list = NULL;
160 struct sockaddr_storage dc_ss;
161 int count, i;
162 NTSTATUS result;
163 char addr[INET6_ADDRSTRLEN];
164
165 /* get a list of all domain controllers */
166
167 if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, NULL, &ip_list, &count,
168 False))) {
169 DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
170 return False;
171 }
172
173 /* Remove the entry we've already failed with (should be the PDC). */
174
175 for (i = 0; i < count; i++) {
176 if (is_zero_addr((struct sockaddr *)&ip_list[i].ss))
177 continue;
178
179 if (name_status_find(domain, 0x1c, 0x20, &ip_list[i].ss, srv_name)) {
180 result = check_negative_conn_cache( domain, srv_name );
181 if ( NT_STATUS_IS_OK(result) ) {
182 dc_ss = ip_list[i].ss;
183 goto done;
184 }
185 }
186 }
187
188 SAFE_FREE(ip_list);
189
190 /* No-one to talk to )-: */
191 return False; /* Boo-hoo */
192
193 done:
194 /* We have the netbios name and IP address of a domain controller.
195 Ideally we should sent a SAMLOGON request to determine whether
196 the DC is alive and kicking. If we can catch a dead DC before
197 performing a cli_connect() we can avoid a 30-second timeout. */
198
199 print_sockaddr(addr, sizeof(addr), &dc_ss);
200 DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
201 addr, domain));
202
203 *ss_out = dc_ss;
204 SAFE_FREE(ip_list);
205
206 return True;
207}
208
209/**********************************************************************
210 wrapper around ads and rpc methods of finds DC's
211**********************************************************************/
212
213bool get_dc_name(const char *domain,
214 const char *realm,
215 fstring srv_name,
216 struct sockaddr_storage *ss_out)
217{
218 struct sockaddr_storage dc_ss;
219 bool ret;
220 bool our_domain = False;
221
222 zero_sockaddr(&dc_ss);
223
224 ret = False;
225
226 if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) )
227 our_domain = True;
228
229 /* always try to obey what the admin specified in smb.conf
230 (for the local domain) */
231
232 if ( (our_domain && lp_security()==SEC_ADS) || realm ) {
233 ret = ads_dc_name(domain, realm, &dc_ss, srv_name);
234 }
235
236 if (!domain) {
237 /* if we have only the realm we can't do anything else */
238 return False;
239 }
240
241 if (!ret) {
242 /* fall back on rpc methods if the ADS methods fail */
243 ret = rpc_dc_name(domain, srv_name, &dc_ss);
244 }
245
246 *ss_out = dc_ss;
247
248 return ret;
249}
Note: See TracBrowser for help on using the repository browser.