summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-09-02 19:27:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:39:47 -0500
commit0f1bc28744d8c7cae2fe2774b50fc4336408a74d (patch)
tree124fd73f24ecac3aff19bad4e55e21f5c1a7538c /source3/libsmb
parentbd5fca847a33ddef7d73ad8c6932ee2f6685054a (diff)
downloadsamba-0f1bc28744d8c7cae2fe2774b50fc4336408a74d.tar.gz
samba-0f1bc28744d8c7cae2fe2774b50fc4336408a74d.tar.bz2
samba-0f1bc28744d8c7cae2fe2774b50fc4336408a74d.zip
r18006: Actually a smaller change than it looks. Leverage
the get_dc_list code to get the _kerberos. names for site support. This way we don't depend on one KDC to do ticket refresh. Even though we know it's up when we add it, it may go down when we're trying to refresh. Jeremy. (This used to be commit 77fe2a3d7418012a8dbfb6aaeb2a8dd57c6e1a5d)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/namecache.c8
-rw-r--r--source3/libsmb/namequery.c65
2 files changed, 66 insertions, 7 deletions
diff --git a/source3/libsmb/namecache.c b/source3/libsmb/namecache.c
index ec8a1900d8..afbd807198 100644
--- a/source3/libsmb/namecache.c
+++ b/source3/libsmb/namecache.c
@@ -126,6 +126,10 @@ BOOL namecache_store(const char *name, int name_type,
*/
if (!gencache_init()) return False;
+ if (name_type > 255) {
+ return False; /* Don't store non-real name types. */
+ }
+
if ( DEBUGLEVEL >= 5 ) {
DEBUG(5, ("namecache_store: storing %d address%s for %s#%02x: ",
num_names, num_names == 1 ? "": "es", name, name_type));
@@ -184,6 +188,10 @@ BOOL namecache_fetch(const char *name, int name_type, struct ip_service **ip_lis
if (!gencache_init())
return False;
+ if (name_type > 255) {
+ return False; /* Don't fetch non-real name types. */
+ }
+
*num_names = 0;
/*
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 4c361a3716..af3ac319cc 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -1030,7 +1030,7 @@ static BOOL resolve_ads(const char *name, int name_type,
int numdcs = 0;
int numaddrs = 0;
- if ( name_type != 0x1c )
+ if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE))
return False;
DEBUG(5,("resolve_hosts: Attempting to resolve DC's for %s using DNS\n",
@@ -1040,8 +1040,12 @@ static BOOL resolve_ads(const char *name, int name_type,
DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
return False;
}
-
- status = ads_dns_query_dcs( ctx, name, &dcs, &numdcs );
+
+ if (name_type == KDC_NAME_TYPE) {
+ status = ads_dns_query_kdcs(ctx, name, &dcs, &numdcs);
+ } else {
+ status = ads_dns_query_dcs(ctx, name, &dcs, &numdcs);
+ }
if ( !NT_STATUS_IS_OK( status ) ) {
talloc_destroy(ctx);
return False;
@@ -1188,6 +1192,13 @@ BOOL internal_resolve_name(const char *name, int name_type,
result = True;
goto done;
}
+ } else if(strequal( tok, "kdc")) {
+ /* deal with KDC_NAME_TYPE names here. This will result in a
+ SRV record lookup */
+ if (resolve_ads(name, KDC_NAME_TYPE, return_iplist, return_count)) {
+ result = True;
+ goto done;
+ }
} else if(strequal( tok, "ads")) {
/* deal with 0x1c names here. This will result in a
SRV record lookup */
@@ -1355,13 +1366,17 @@ BOOL get_pdc_ip(const char *domain, struct in_addr *ip)
return True;
}
+/* Private enum type for lookups. */
+
+enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
+
/********************************************************
Get the IP address list of the domain controllers for
a domain.
*********************************************************/
static NTSTATUS get_dc_list(const char *domain, struct ip_service **ip_list,
- int *count, BOOL ads_only, int *ordered)
+ int *count, enum dc_lookup_type lookup_type, int *ordered)
{
fstring resolve_order;
char *saf_servername;
@@ -1387,7 +1402,7 @@ static NTSTATUS get_dc_list(const char *domain, struct ip_service **ip_list,
fstrcpy( resolve_order, lp_name_resolve_order() );
strlower_m( resolve_order );
- if ( ads_only ) {
+ if ( lookup_type == DC_ADS_ONLY) {
if ( strstr( resolve_order, "host" ) ) {
fstrcpy( resolve_order, "ads" );
@@ -1397,6 +1412,11 @@ static NTSTATUS get_dc_list(const char *domain, struct ip_service **ip_list,
} else {
fstrcpy( resolve_order, "NULL" );
}
+ } else if (lookup_type == DC_KDC_ONLY) {
+ /* DNS SRV lookups used by the ads/kdc resolver
+ are already sorted by priority and weight */
+ *ordered = True;
+ fstrcpy( resolve_order, "kdc" );
}
/* fetch the server we have affinity for. Add the
@@ -1558,11 +1578,16 @@ NTSTATUS get_sorted_dc_list( const char *domain, struct ip_service **ip_list, in
{
BOOL ordered;
NTSTATUS status;
-
+ enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
+
DEBUG(8,("get_sorted_dc_list: attempting lookup using [%s]\n",
(ads_only ? "ads" : lp_name_resolve_order())));
- status = get_dc_list(domain, ip_list, count, ads_only, &ordered);
+ if (ads_only) {
+ lookup_type = DC_ADS_ONLY;
+ }
+
+ status = get_dc_list(domain, ip_list, count, lookup_type, &ordered);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -1574,3 +1599,29 @@ NTSTATUS get_sorted_dc_list( const char *domain, struct ip_service **ip_list, in
return NT_STATUS_OK;
}
+
+/*********************************************************************
+ Get the KDC list - re-use all the logic in get_dc_list.
+*********************************************************************/
+
+NTSTATUS get_kdc_list( const char *realm, struct ip_service **ip_list, int *count)
+{
+ BOOL ordered;
+ NTSTATUS status;
+
+ *count = 0;
+ *ip_list = NULL;
+
+ status = get_dc_list(realm, ip_list, count, DC_KDC_ONLY, &ordered);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* only sort if we don't already have an ordered list */
+ if ( !ordered ) {
+ sort_ip_list2( *ip_list, *count );
+ }
+
+ return NT_STATUS_OK;
+}