PageRenderTime 45ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/samba-3.5.6/source3/libsmb/namequery_dc.c

https://github.com/theuni/XBMC-deps
C | 249 lines | 148 code | 46 blank | 55 comment | 29 complexity | e6bbca505d8f48448a6828c2e18ef1f9 MD5 | raw file
    

  1. /* 
    2. 

  2.    Unix SMB/CIFS implementation.
    3. 

    4. 

  4.    Winbind daemon connection manager
    5. 

    6. 

  6.    Copyright (C) Tim Potter 2001
    7. 

  7.    Copyright (C) Andrew Bartlett 2002
    8. 

  8.    Copyright (C) Gerald Carter 2003
    9. 

  9.    
    10. 

  10.    This program is free software; you can redistribute it and/or modify
    11. 

  11.    it under the terms of the GNU General Public License as published by
    12. 

  12.    the Free Software Foundation; either version 3 of the License, or
    13. 

  13.    (at your option) any later version.
    14. 

  14.    
    15. 

  15.    This program is distributed in the hope that it will be useful,
    16. 

  16.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
    18. 

  18.    GNU General Public License for more details.
    19. 

  19.    
    20. 

  20.    You should have received a copy of the GNU General Public License
    21. 

  21.    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    22. 

  22. */
    23. 

  23. 

  24. 

  25. #include "includes.h"
    26. 

  26. 

  27. /**********************************************************************
    28. 

  28.  Is this our primary domain ?
    29. 

  29. **********************************************************************/
    30. 

  30. 

  31. #ifdef HAVE_KRB5
    32. 

  32. static bool is_our_primary_domain(const char *domain)
    33. 

  33. {
    34. 

  34. 	int role = lp_server_role();
    35. 

  35. 

  36. 	if ((role == ROLE_DOMAIN_MEMBER) && strequal(lp_workgroup(), domain)) {
    37. 

  37. 		return True;
    38. 

  38. 	} else if (strequal(get_global_sam_name(), domain)) {
    39. 

  39. 		return True;
    40. 

  40. 	}
    41. 

  41. 	return False;
    42. 

  42. }
    43. 

  43. #endif
    44. 

  44. 

  45. /**************************************************************************
    46. 

  46.  Find the name and IP address for a server in the realm/domain
    47. 

  47.  *************************************************************************/
    48. 

  48.  
    49. 

  49. static bool ads_dc_name(const char *domain,
    50. 

  50. 			const char *realm,
    51. 

  51. 			struct sockaddr_storage *dc_ss,
    52. 

  52. 			fstring srv_name)
    53. 

  53. {
    54. 

  54. 	ADS_STRUCT *ads;
    55. 

  55. 	char *sitename;
    56. 

  56. 	int i;
    57. 

  57. 	char addr[INET6_ADDRSTRLEN];
    58. 

  58. 

  59. 	if (!realm && strequal(domain, lp_workgroup())) {
    60. 

  60. 		realm = lp_realm();
    61. 

  61. 	}
    62. 

  62. 

  63. 	sitename = sitename_fetch(realm);
    64. 

  64. 

  65. 	/* Try this 3 times then give up. */
    66. 

  66. 	for( i =0 ; i < 3; i++) {
    67. 

  67. 		ads = ads_init(realm, domain, NULL);
    68. 

  68. 		if (!ads) {
    69. 

  69. 			SAFE_FREE(sitename);
    70. 

  70. 			return False;
    71. 

  71. 		}
    72. 

  72. 

  73. 		DEBUG(4,("ads_dc_name: domain=%s\n", domain));
    74. 

  74. 

  75. #ifdef HAVE_ADS
    76. 

  76. 		/* we don't need to bind, just connect */
    77. 

  77. 		ads->auth.flags |= ADS_AUTH_NO_BIND;
    78. 

  78. 		ads_connect(ads);
    79. 

  79. #endif
    80. 

  80. 

  81. 		if (!ads->config.realm) {
    82. 

  82. 			SAFE_FREE(sitename);
    83. 

  83. 			ads_destroy(&ads);
    84. 

  84. 			return False;
    85. 

  85. 		}
    86. 

  86. 

  87. 		/* Now we've found a server, see if our sitename
    88. 

  88. 		   has changed. If so, we need to re-do the DNS query
    89. 

  89. 		   to ensure we only find servers in our site. */
    90. 

  90. 

  91. 		if (stored_sitename_changed(realm, sitename)) {
    92. 

  92. 			SAFE_FREE(sitename);
    93. 

  93. 			sitename = sitename_fetch(realm);
    94. 

  94. 			ads_destroy(&ads);
    95. 

  95. 			/* Ensure we don't cache the DC we just connected to. */
    96. 

  96. 			namecache_delete(realm, 0x1C);
    97. 

  97. 			namecache_delete(domain, 0x1C);
    98. 

  98. 			continue;
    99. 

  99. 		}
    100. 

  100. 

  101. #ifdef HAVE_KRB5
    102. 

  102. 		if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) {
    103. 

  103. 			if (ads_closest_dc(ads)) {
    104. 

  104. 				/* We're going to use this KDC for this realm/domain.
    105. 

  105. 				   If we are using sites, then force the krb5 libs
    106. 

  106. 				   to use this KDC. */
    107. 

  107. 

  108. 				create_local_private_krb5_conf_for_domain(realm,
    109. 

  109. 									domain,
    110. 

  110. 									sitename,
    111. 

  111. 									&ads->ldap.ss,
    112. 

  112. 									ads->config.ldap_server_name);
    113. 

  113. 			} else {
    114. 

  114. 				create_local_private_krb5_conf_for_domain(realm,
    115. 

  115. 									domain,
    116. 

  116. 									NULL,
    117. 

  117. 									&ads->ldap.ss,
    118. 

  118. 									ads->config.ldap_server_name);
    119. 

  119. 			}
    120. 

  120. 		}
    121. 

  121. #endif
    122. 

  122. 		break;
    123. 

  123. 	}
    124. 

  124. 

  125. 	if (i == 3) {
    126. 

  126. 		DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n",
    127. 

  127. 			sitename ? sitename : ""));
    128. 

  128. 		SAFE_FREE(sitename);
    129. 

  129. 		return False;
    130. 

  130. 	}
    131. 

  131. 

  132. 	SAFE_FREE(sitename);
    133. 

  133. 

  134. 	fstrcpy(srv_name, ads->config.ldap_server_name);
    135. 

  135. 	strupper_m(srv_name);
    136. 

  136. #ifdef HAVE_ADS
    137. 

  137. 	*dc_ss = ads->ldap.ss;
    138. 

  138. #else
    139. 

  139. 	zero_sockaddr(dc_ss);
    140. 

  140. #endif
    141. 

  141. 	ads_destroy(&ads);
    142. 

  142. 

  143. 	print_sockaddr(addr, sizeof(addr), dc_ss);
    144. 

  144. 	DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
    145. 

  145. 		 srv_name, addr));
    146. 

  146. 

  147. 	return True;
    148. 

  148. }
    149. 

  149. 

  150. /****************************************************************************
    151. 

  151.  Utility function to return the name of a DC. The name is guaranteed to be
    152. 

  152.  valid since we have already done a name_status_find on it
    153. 

  153.  ***************************************************************************/
    154. 

  154. 

  155. static bool rpc_dc_name(const char *domain,
    156. 

  156. 			fstring srv_name,
    157. 

  157. 			struct sockaddr_storage *ss_out)
    158. 

  158. {
    159. 

  159. 	struct ip_service *ip_list = NULL;
    160. 

  160. 	struct sockaddr_storage dc_ss;
    161. 

  161. 	int count, i;
    162. 

  162. 	NTSTATUS result;
    163. 

  163. 	char addr[INET6_ADDRSTRLEN];
    164. 

  164. 

  165. 	/* get a list of all domain controllers */
    166. 

  166. 

  167. 	if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, NULL, &ip_list, &count,
    168. 

  168. 						False))) {
    169. 

  169. 		DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
    170. 

  170. 		return False;
    171. 

  171. 	}
    172. 

  172. 

  173. 	/* Remove the entry we've already failed with (should be the PDC). */
    174. 

  174. 

  175. 	for (i = 0; i < count; i++) {
    176. 

  176. 		if (is_zero_addr((struct sockaddr *)&ip_list[i].ss))
    177. 

  177. 			continue;
    178. 

  178. 

  179. 		if (name_status_find(domain, 0x1c, 0x20, &ip_list[i].ss, srv_name)) {
    180. 

  180. 			result = check_negative_conn_cache( domain, srv_name );
    181. 

  181. 			if ( NT_STATUS_IS_OK(result) ) {
    182. 

  182. 				dc_ss = ip_list[i].ss;
    183. 

  183. 				goto done;
    184. 

  184. 			}
    185. 

  185. 		}
    186. 

  186. 	}
    187. 

  187. 

  188. 	SAFE_FREE(ip_list);
    189. 

  189. 

  190. 	/* No-one to talk to )-: */
    191. 

  191. 	return False;		/* Boo-hoo */
    192. 

  192. 

  193.  done:
    194. 

  194. 	/* We have the netbios name and IP address of a domain controller.
    195. 

  195. 	   Ideally we should sent a SAMLOGON request to determine whether
    196. 

  196. 	   the DC is alive and kicking.  If we can catch a dead DC before
    197. 

  197. 	   performing a cli_connect() we can avoid a 30-second timeout. */
    198. 

  198. 

  199. 	print_sockaddr(addr, sizeof(addr), &dc_ss);
    200. 

  200. 	DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
    201. 

  201. 		  addr, domain));
    202. 

  202. 

  203. 	*ss_out = dc_ss;
    204. 

  204. 	SAFE_FREE(ip_list);
    205. 

  205. 

  206. 	return True;
    207. 

  207. }
    208. 

  208. 

  209. /**********************************************************************
    210. 

  210.  wrapper around ads and rpc methods of finds DC's
    211. 

  211. **********************************************************************/
    212. 

  212. 

  213. bool get_dc_name(const char *domain,
    214. 

  214. 		const char *realm,
    215. 

  215. 		fstring srv_name,
    216. 

  216. 		struct sockaddr_storage *ss_out)
    217. 

  217. {
    218. 

  218. 	struct sockaddr_storage dc_ss;
    219. 

  219. 	bool ret;
    220. 

  220. 	bool our_domain = False;
    221. 

  221. 

  222. 	zero_sockaddr(&dc_ss);
    223. 

  223. 

  224. 	ret = False;
    225. 

  225. 

  226. 	if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) )
    227. 

  227. 		our_domain = True;
    228. 

  228. 

  229. 	/* always try to obey what the admin specified in smb.conf
    230. 

  230. 	   (for the local domain) */
    231. 

  231. 

  232. 	if ( (our_domain && lp_security()==SEC_ADS) || realm ) {
    233. 

  233. 		ret = ads_dc_name(domain, realm, &dc_ss, srv_name);
    234. 

  234. 	}
    235. 

  235. 

  236. 	if (!domain) {
    237. 

  237. 		/* if we have only the realm we can't do anything else */
    238. 

  238. 		return False;
    239. 

  239. 	}
    240. 

  240. 

  241. 	if (!ret) {
    242. 

  242. 		/* fall back on rpc methods if the ADS methods fail */
    243. 

  243. 		ret = rpc_dc_name(domain, srv_name, &dc_ss);
    244. 

  244. 	}
    245. 

  245. 

  246. 	*ss_out = dc_ss;
    247. 

  247. 

  248. 	return ret;
    249. 

  249. }
    250. 

  250.